| File name: | OCRE7viaROk.exe |
| Full analysis: | https://app.any.run/tasks/3ad1f551-83d5-4770-97cb-092c220cc8d0 |
| Verdict: | Malicious activity |
| Threats: | A backdoor is a type of cybersecurity threat that allows attackers to secretly compromise a system and conduct malicious activities, such as stealing data and modifying files. Backdoors can be difficult to detect, as they often use legitimate system applications to evade defense mechanisms. Threat actors often utilize special malware, such as PlugX, to establish backdoors on target devices. |
| Analysis date: | May 13, 2024, 09:34:52 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5: | 78F15202B590C3A80028EEF091CE5A50 |
| SHA1: | AD59FE01647A6D4BAB90E8C7FCA339A008285878 |
| SHA256: | D707B3BBD85AB47294B97931F47939C4A476984242CAEB9775321E0EB1B699B3 |
| SSDEEP: | 98304:0n2jAaVWTCHjTK1xlhhtYkjdI7zNVrw+mkYHqI8hcKJjqlgFo7qlM9DLEor+auhO:PP/MT |
MALICIOUS
Drops the executable file immediately after the start
- OCRE7viaROk.exe (PID: 6200)
- cmd.exe (PID: 3708)
- fvfxqxwnnc.exe (PID: 5860)
Lu0bot is detected
- fvfxqxwnnc.exe (PID: 5860)
LU0BOT has been detected (YARA)
- fvfxqxwnnc.exe (PID: 5860)
Create files in the Startup directory
- fvfxqxwnnc.exe (PID: 5860)
SUSPICIOUS
Process drops legitimate windows executable
- OCRE7viaROk.exe (PID: 6200)
Starts a Microsoft application from unusual location
- OCRE7viaROk.exe (PID: 6200)
Executable content was dropped or overwritten
- OCRE7viaROk.exe (PID: 6200)
- cmd.exe (PID: 3708)
- fvfxqxwnnc.exe (PID: 5860)
The executable file from the user directory is run by the CMD process
- fvfxqxwnnc.exe (PID: 5860)
Executing commands from a ".bat" file
- OCRE7viaROk.exe (PID: 6200)
Starts CMD.EXE for commands execution
- OCRE7viaROk.exe (PID: 6200)
Uses WMIC.EXE to obtain data on processes
- fvfxqxwnnc.exe (PID: 5860)
INFO
Create files in a temporary directory
- OCRE7viaROk.exe (PID: 6200)
Checks supported languages
- OCRE7viaROk.exe (PID: 6200)
- fvfxqxwnnc.exe (PID: 5860)
Reads the machine GUID from the registry
- fvfxqxwnnc.exe (PID: 5860)
Reads the computer name
- fvfxqxwnnc.exe (PID: 5860)
Creates files in the program directory
- fvfxqxwnnc.exe (PID: 5860)
Creates files or folders in the user directory
- fvfxqxwnnc.exe (PID: 5860)
Reads security settings of Internet Explorer
- WMIC.exe (PID: 1272)
Checks proxy server information
- slui.exe (PID: 5032)
Reads the software policy settings
- slui.exe (PID: 5032)
Reads CPU info
- fvfxqxwnnc.exe (PID: 5860)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Lu0Bot
(PID) Process(5860) fvfxqxwnnc.exe
С2 (2)reu.apho35.shop
sah.uim44.fun
Strings (7536)df7830b6
*.reu.apho35.shop
fe2e2b
*.sah.uim44.fun
a1b1DwuzwQVBGEo7lc7JKoLuIvjQrTy7RUN9EyokkRMtoFvvbWA24AvzIxEBEHsikWL/hdJorl+2vTvUSePqauxdAy7/DoTh6yU1DXdVBjpT5iDdiGyo6XiWa/hRAloQrNUgGDS/PWoPjBPPCXqL0D33MsyMQagRm2WD6kzuaIxT32cEbGBTQ194ZpAQOHaa8KDfUD07fni/e/Mn7cKFG+fytzkHVgtvwqJkFtGwe4x9EIlq3zMXGKQ+2y4cTR3ArWv8AyG158zWo++RY5QH+9STb0x3A/4JUEEdSwCbQr9j...
require
mainModule
require
crypto
path
sep
dgram
child_process
env
RxWrY
toLowerCase
toLowerCase
env
Quad
ignore
fSRLH
cmd.exe
OSoCc
object
stdio
gOKuT
detached
windowsHide
env
env
env
env
slice
FimOy
yRUUS
HjELn
MDhGp
unshift
unshift
unshift
unshift
Osbbp
shift
spawn
unref
cmd.exe
ttGGt
TlkKr
\.\
Nxbpj
CBPfx
undefined
uncaughtException
C:\
vExaq
ljprL
mAsJl
eVAji
lBcyF
qvGBg
YbsCR
function
GnRZh
object
error
exit
close
data
IVIDb
vRtNb
Dldbr
medXC
GnRZh
unshift
unshift
unshift
unshift
iIlpX
MhaCe
stdio
pipe
detached
windowsHide
env
env
env
env
slice
shift
spawn
timeout
ktmr
GPDnw
iXvMH
sCYZc
kill
close
timeout
once
YaFmz
FYoPQ
QgMJB
tUjqF
FIlGj
FIlGj
DRAqV
gjteY
2|0|3|4|5|1
split
XTOry
indexOf
GPVFW
split
GPVFW
join
XTOry
indexOf
split
join
substr
length
substr
eLJIs
length
JWAVw
substr
substr
kmyqe
length
wtVmJ
substr
error
once
LDDAF
WaHUh
ISGyt
ISGyt
aakQP
txlgC
code
cPvfx
txlgC
signal
once
ixVsm
lKGOC
prjNx
ZaIPa
WaHUh
ylJGm
wRedc
DXAqV
ktmr
CInpz
mAsJl
deexL
uerepl
AQRlO
removeAllListeners
log
stack
log
stack
ktmr
ktmr
error
oQgsQ
ltTAL
eVAji
eGvpS
error
readdirSync
FcpWX
error
cPvfx
txlgC
code
cPvfx
txlgC
signal
outbuf
concat
outbuf
errbuf
concat
errbuf
returnbuffer
oQgsQ
poxyI
poxyI
out
outbuf
toString
outbuf
err
errbuf
toString
errbuf
statSync
uTReE
nostr
out
stdout
IaZgD
eGvpS
eGvpS
oQgsQ
qvGBg
dGtVq
outbuf
outbuf
push
fromCharCode
WojtS
aFDum
stderr
IaZgD
yxvgy
DgDwx
wwScl
outerr
outerr
push
IVIDb
pslo
HmRqk
6|1|3|4|2|5|0
hAZuY
split
FQCmy
length
push
DuUVL
DuUVL
pid
name
ppid
ppid
6|5|1|0|2|3|4
undefined
aes-128-cbc
Node,
SxLeO
hhDYP
qbfXN
kFTzV
executablepath
ppid
processid
pid
name
yntsz
Services
sBLGH
STguT
process
get
/format:csv
release
indexOf
indexOf
6.0
odhaS
wmic
uIlsM
xzeKu
processid,parentprocessid,name,executablepath
fcLDw
leDnk
KSSNI
VsktV
dciWh
uaeRC
uaeRC
odhaS
length
odhaS
split
join
split
length
length
shift
vyhHk
indexOf
bdwzn
sdvCL
FAdZo
FAdZo
split
shift
YeCbB
length
APhBK
kBVHN
SxLeO
split
leDnk
length
length
LneXa
qnjgV
KkRjZ
zZfxT
undefined
code
zZfxT
UmoQR
signal
YeCbB
length
cMubd
kFTzV
giGgH
readFileSync
prs
createDecipheriv
vzXGa
slice
slice
concat
update
slice
final
parse
toString
toLowerCase
vgfet
path
length
parentprocessid
SiYNB
pgUoj
tubwO
name
YOtDc
pid
Node
pid
CFDbr
coGBG
pid
session
path
Console
TaGJS
writeFileSync
pf2
readFileSync
cMubd
ZytSh
TyMwd
pid
error
TvtkM
split
ppid
push
dTNJY
FcQsU
pid
name
vyhHk
length
HSMgT
ppid
HaCOV
WYrJW
KIlza
ppid
length
tree
EbDmg
XBYlo
HIsgv
HsBML
gQCjW
MhTze
mkdirSync
windir
systemroot
temp
allusersprofile
appdata
\networkservice\
WSXNY
IKlzV
network service
local service
dwm-
umfd-
gEySW
isc
GObCR
IRkuh
GObCR
kLqQJ
tmp
JCqLs
aup
ZmbLT
loVlJ
apd
ZmbLT
wjpXL
usr
VSdmd
username
tmp
isc
isc
RihGp
tmp
toLowerCase
indexOf
toLowerCase
isc
isc
tmp
toLowerCase
indexOf
fjxPc
isc
isc
aup
apd
isc
isc
usr
isc
isc
ncStW
MQSoo
fkWVI
usr
toLowerCase
SrCDn
XhQjL
YThgt
system
cXXPA
tmDew
substr
QZTpS
length
RihGp
indexOf
dTsrb
indexOf
WyLiR
RihGp
jqvno
jqvno
isc
prsi
log
prsf
sha256
createHash
bngGW
update
digest
computername
userdomain
username
u
IdeaV
PfPMd
QoTBa
BDSYF
ZJTlv
QFavn
push
PufCJ
hWLOP
hWLOP
hWLOP
hWLOP
RNuxv
concat
prototype
slice
call
floor
PHoro
Vglrs
pop
oRnfJ
fromCharCode
ZkbMI
PGgNh
3|2|0|4|1
aes-128-cbc
2|5|3|0|4|1
kUdVT
lXhXW
cpnSX
XKbFZ
Gzhuw
ltBcw
XUZPu
linux
darwin
openbsd
freebsd
unknown
win32
intel
celeron
core(tm)2
amd
amd
i3
i5
i7
xeon
ryzen
threadrip
qemu
md5
DESKTOP
fLNle
art-pc
work
amazing-av
bea-chi
shadow-
cape-pc
JTAPJCC
compalexey
dillon
gary-pc
mars-pc
host1
hex
administrator
admin
user
john
frank
lisa
george
shadow
harry johnson
joe smith
cape
goatuser
azure
stark
a.monaldo
alexeyzolotov
peter wilson
Unknown
Intel Undefined
Intel Celeron
Intel Pentium
Intel i5
Intel Core(TM)2
Intel i7
Intel Atom
Intel Xeon
AMD EPYC
AMD Threadripper
AMD Undefined
CPU KVM/QEMU
jraJB
Duo
PiPNB
Quad
hYQPd
dYcwu
Undefined
NOHID
my_pc_
DESKTOP-JTAPJCC
janusz-
CompAlexey
Host1
NOUID
STRAZNJICA.GRUBUTT
john doe
janusz
UNKNOWNUID
RLlOq
alloc
floor
vneHQ
dIiOj
writeUInt8
MOsHW
dIiOj
round
sELXq
wGdTe
okZRP
bayBe
kUdVT
YVwjE
kill
wGdTe
xVWrl
hokYJ
uudYL
uudYL
askCw
split
concat
update
slice
final
createDecipheriv
jQJAK
slice
slice
readFileSync
prs
parse
toString
xVWrl
FTwoS
cpnSX
YbAkE
att
Edcnj
XmMcR
zlKvW
5|6|1|7|8|10|0|2|3|4|9
split
createDecipheriv
jQJAK
slice
concat
update
slice
paOCp
final
xroFq
readUInt16BE
slice
toString
isfny
DWVkT
length
slice
readUInt16BE
dIiOj
paOCp
length
FTwoS
ZLQvt
cXSUJ
NLKSL
hhfnT
pslo
VNAhx
YErMi
XUZPu
log
Hhvfz
DPvJo
writeUInt8
phRxU
length
split
min
HNjse
min
Nmxzt
min
dXtep
writeUInt8
phRxU
HhLXL
writeUInt16BE
phRxU
join
round
sELXq
zvSwA
Hhvfz
writeUInt8
phRxU
ceil
sELXq
zvSwA
vkYNi
XZmeq
win32
bMadg
IqrLg
bMadg
dyzZZ
TWkgh
WSzRa
alRcc
DhHEo
IqrLg
dyzZZ
TWkgh
WSzRa
dXtep
HhLXL
writeUInt8
vkYNi
length
toLowerCase
okZRP
indexOf
XSnQH
nNzux
indexOf
tlZPj
nNzux
indexOf
pentium
indexOf
YpoGx
nNzux
indexOf
DXHpM
indexOf
IJTZY
Wfpqq
indexOf
atom
Wfpqq
indexOf
VGpfx
Fptje
indexOf
QMbCR
YHuBJ
indexOf
WBVSt
YHuBJ
indexOf
i9
YHuBJ
indexOf
LlKgY
sOOwl
indexOf
epyc
sOOwl
indexOf
HllUu
FMDln
indexOf
NYhxQ
jlBtz
indexOf
kvm
jlBtz
indexOf
CDxAC
ceil
EqWMa
TpqfB
sELXq
writeUInt8
qemgz
RSpda
fCPdc
createHash
cyaKO
update
digest
slice
toString
hex
copy
length
split
toLowerCase
BbXqk
length
gSOGa
gFFuy
gFFuy
readFileSync
toString
trim
indexOf
my_pc_
nFuRI
aCZXz
wwapR
indexOf
WClOB
wwapR
indexOf
gqViI
jzIuv
indexOf
sFMoA
zVQWE
otQNc
YSuYy
oBwXx
indexOf
azure-
oBwXx
indexOf
janusz-
otQNc
XaTwa
otQNc
sSTSD
indexOf
anna-
MXsdW
otQNc
QvPre
btgyc
writeUInt8
qemgz
createHash
md5
update
digest
slice
toString
sVZlR
copy
length
split
toLowerCase
FLBoj
otQNc
PuMIY
otQNc
JZZgj
otQNc
KKVbw
MXSvk
ERpsP
Xptpb
CVUXj
OdpNn
hzraM
tXHIs
oBwXx
indexOf
straznj
hzraM
gWfRQ
aoRma
hzraM
john doe
sbSDl
eBWDH
iNJru
eBWDH
dxjgv
uqiED
janusz
Fguhv
uqiED
GDfiU
uqiED
IXxlJ
uqiED
rGsIh
writeUInt8
qemgz
createHash
md5
update
digest
slice
toString
sVZlR
copy
OdSoL
MAkro
NiFdx
Intel i3
toFWT
qkBas
BKmBU
laPfl
byQii
Intel i9
ZZzZQ
zHlYE
AMD Ryzen
rwywT
aymgd
NQRcc
uqiED
oBwXx
WBtqt
OrbcT
env
sfxname
length
basename
toLowerCase
jyQdH
uqiED
yKGxY
jutSY
jutSY
pcWJL
RsVbO
split
push
pid
dIiOj
HNjse
ppid
ppid
session
push
path
path
length
path
name
lTTfO
OMHkG
dINha
uluca
writeFileSync
paOCp
xBXPG
glAfh
gSOGa
BxWbw
nFuRI
aCZXz
AMAZING-AVOCADO
gqViI
shadow-
zVQWE
ujakw
azure-
kAwrq
IcccF
sSTSD
anna-
MXsdW
mars-pc
SUWxe
UNKNOWNHID
FJYQZ
zWcqL
FLBoj
PuMIY
JZZgj
john
frank
Xptpb
OdpNn
tXHIs
RNDZq
harry johnson
joe smith
eGHDf
sbSDl
iNJru
dxjgv
amqWR
Fguhv
GDfiU
IXxlJ
rGsIh
Fdonx
FJYQZ
yKGxY
RLlOq
iJDCD
CPMlC
workdir
workdir
workdir
indexOf
zDqal
workdir
toString
hex
14|5|0|7|2|4|11|12|13|6|8|15|3|1|9|10
string
false
XeRTx
split
split
Mtgbb
cTrgx
length
ebGpw
length
bewgQ
UtZNi
isArray
vhIwR
length
111|146|3|149|19|97|189|187|59|154|76|172|49|170|182|77|95|98|174|48|152|122|27|86|116|12|176|107|63|181|81|65|47|45|13|22|31|157|1|11|78|23|74|188|42|166|113|132|84|72|82|6|62|124|32|38|148|102|164|167|139|105|159|28|60|171|127|57|10|71|173|20|8|54|21|39|130|88|156|175|99|87|80|24|56|150|16|93|61|1...
win32
6.3.9600
c8b63d
7b7bc2
10.0
DESKTOP
0cbc66
9a50
275dec
351468
10.0.14393
62efb9
10.0.19044
e06b
6a29b3
6.1.7601
11d4d6
administrator
a888
379a7d
john
0fdc
cc1a
88dba0
18275d
a65640
5bc06f
KVM/QEMU
033bd9
8fdf0b
10.0.10240
10.0.22621
167bfe
d6a5b0
86438b
admin
46502a
Xeon
72c1f0
1cce9e
10.0.22000
9d5196
d61484
AMD EPYC
NOHID
7e73
DESKTOP-JTAPJCC
a30c
6eb45e
4f81e3
b75705
10.0.16299
13b4
ab86a1
dc599a
10.0.18363
3e45fc
46e6f8
e717
646a8b
7bf5
2cb5a5
f3f0c6
10.0.18362
b71c
EPYC
shadow
10.0.17763
299243
d1457b
f4cb33
dillon
peter wilson
86131a
7f8794
aff8
Host1
NOUID
10.0.19041
3151
00181a
a8776a
e94c92
9ab4de
f7e0fe
10.0.17134
72e748
95deb5
10.0.15063
5a1d
a.monaldo
mars-pc
10.0.19042
5803c5
bf0760
9114
10.0.19045
26112
2988b8
e32aca
bc54f4
77bd
736b19
6f2958
16a7c1
user
CompAlexey
alexeyzolotov
1285
abcf10
10.0.
b624
3635
52c9
john doe
851c
4b9de2
591acb
2088
b445bf
lisa
a592e8
04159b
c23200
769fc7
9a8599
bf7e
d8716f
4f5cec
anna-
100
b7e24d
6d05
6cfdbc
b38e56
102
6.1.
103
104
10.0.19043
105
george
106
32b5
9f9d51
107
harry johnson
3322
bca236
723943
109
061613
111
112
8726e3
cd4ec1
113
d33e1f
9ec750
114
a739
d60869
75c891
115
116
cd4ee8
bac5dd
56aee3
2b22
4b418f
74529b
117
2293
e8c630
3f9b99
118
3a83fe
d38e35
119
d76211
120
121
32b1d5
123
990d1b
582a34
124
125
efba14
930d8a
126
7e0c8b
127
gary-pc
stark
128
c39efd
129
436f
130
7aed
131
133
747890
134
72f6c0
135
9f72
bd9ff1
136
d04f74
137
24889e
18126e
bot 115 W7 Xeon H 24889e U 18126e
a6f2
5b2e9c
139
140
141
142
143
2970
8e776c
144
6e6551
145
52acd9
146
147
48fdf5
148
149
151
9ca5a0
153
9db1e4
93a77b
azure-
155
5fd4c0
156
59a422
157
50ab44
158
f5faf7
f94649
goatuser
160
62327b
a4757d
161
12a5b6
163
471915
164
STRAZNJICA.GRUBUTT
165
c589
611a3e
166
167
168
b1a8
7db39b
169
b4a2c8
170
171
janusz-
janusz
10.0.10586
174
176
AMAZING-AVOCADO
177
4085c6
41c07c
179
181
art-pc
182
183
4ed984
2652ee
184
d864df
bb2e4c
185
b5a0
73a080
f2886f
187
frank
189
e1e853
ILpQm
split
ryIXX
Fvrza
QaTSU
RpCID
PjEYQ
EXxeU
iHEhu
fORAq
LNZBu
Fvrza
weiLK
nvJGv
indexOf
NaiGH
jbLYe
indexOf
QrCOs
LNZBu
YFCvU
YFCvU
10.0.22621
GoShn
8920
GoShn
DzyPb
Fvrza
WCHrq
HQBOx
xcQQH
SusrV
oRehk
Fvrza
weiLK
OLbRV
kIRjA
lacOV
kIRjA
kIRjA
kIRjA
qvEUv
a739
oAhme
oAhme
Fvrza
weiLK
hieVO
oAhme
6.1.7601
uRdlS
WHvZJ
WHvZJ
pWksl
#56d4#
OkAID
AtRGP
VsxAP
HilLs
Fvrza
VJxUC
MQeow
FaFPl
10.0.19041
FaFPl
2a4494
cpqZn
iEIMo
Fvrza
ZExoO
iEIMo
MBSck
otibz
ZMnDD
lMiix
FujnR
ZMnDD
Fvrza
weiLK
xdLYN
ZMnDD
cdmLP
pePpI
fFqFB
indexOf
euzWU
LlBYJ
win32
cLYnk
ippMI
LlBYJ
cdmLP
HUjGT
HUjGT
XWWpe
ExENF
hLYco
jbLYe
indexOf
euzWU
GtYfB
Fvrza
GtYfB
cdmLP
WIsdv
jbLYe
indexOf
NOHID
indexOf
hJpqx
win32
jNZYA
Iiauy
IvVTN
IvVTN
sEKpy
IvVTN
OXBaY
IvVTN
snIkm
IMiPm
oYIbK
czafF
indexOf
administrator
IMiPm
Fvrza
obAcW
xMbUw
MkswA
cdmLP
MkswA
MkswA
MkswA
zCkDd
indexOf
Xeon
MkswA
sTTxH
tNRnF
wmlWw
tNRnF
Fvrza
zCkDd
Mhbpx
rZeOg
indexOf
enyKd
tNRnF
eAChe
Fvrza
rZeOg
AIieI
iWrbj
MBSck
dKqfa
dKqfa
dKqfa
dKqfa
hAUIu
GbioX
UAkno
AfDIz
win32
lrbVq
AIieI
vtjPT
cdmLP
vtjPT
vtjPT
GlZUl
709b
kSrRQ
DDDZP
Seeua
win32
lrbVq
iTQDQ
indexOf
DESKTOP
jfTTy
gNdxL
gNdxL
gNdxL
win32
lrbVq
AiuWH
NiUoh
uXbxr
NiUoh
NiUoh
2cd67e
NiUoh
Fvrza
TOlbV
ZNJRA
uXbxr
EYPEB
XavnB
XavnB
yyerm
lYFBs
WTHIg
yyerm
Fvrza
AiuWH
yyerm
HQBOx
yyerm
xcQQH
yyerm
Fvrza
EtdZv
zotFi
gYkkK
cdmLP
Teqfl
mCrOx
mCrOx
11d4d6
indexOf
euzWU
win32
cmbta
MPWOW
aEDhz
6.1.7601
UWZQo
gWejm
czafF
indexOf
KhuKH
UWZQo
win32
cmbta
cdmLP
ZocRG
indexOf
euzWU
zyvjq
Fvrza
vNHnq
zyvjq
cdmLP
zyvjq
fGRQi
XvLav
indexOf
oWRMK
fGRQi
e379b3
oLOll
PkJBi
Fvrza
vNHnq
GsnHq
DgLNw
HeKFc
TobzJ
indexOf
KhuKH
win32
oVNeM
DgLNw
DgLNw
hriRv
ZLccR
GqeXy
Fvrza
MwXdH
ZLccR
fhIbW
d0062c
Fvrza
MwXdH
vNHnq
dAjpz
indexOf
NaiGH
ZLccR
ZLccR
fAGqH
indexOf
oWRMK
wqjPH
indexOf
XmYrc
xwXps
jfTTy
xwXps
MBSck
dAjpz
indexOf
dSgmD
XWWpe
WyFOZ
lSIdP
70b4
d580
SFCsl
indexOf
administrator
Fvrza
lSIdP
10.0.17134
AHUtS
indexOf
dFbJh
SlEqr
Fvrza
SlEqr
6.1.7601
sNzPf
sNzPf
UumJB
indexOf
oWRMK
Fvrza
TNTgA
uXbxr
TNTgA
eGglf
eGglf
LrGpR
LrGpR
pCjJA
SMevw
ohqlD
Fvrza
vNHnq
AHUtS
indexOf
6.1
SMevw
SMevw
UumJB
indexOf
oWRMK
SMevw
JaUwU
SMevw
gDgDD
SjUiG
Fvrza
SjUiG
10.0.22000
AHUtS
indexOf
DESKTOP
Owtjd
VEHvN
VEHvN
Ujrdd
f1dd
AmBxS
Fvrza
AmBxS
iHVtr
AmBxS
zaDrO
HRAVg
nvCEs
ePTcw
nvCEs
gFoGc
nvCEs
Fvrza
ChISU
VUApt
AhszW
qrOiX
tSGhW
Fvrza
AhszW
uXbxr
AhszW
AhszW
iOvBZ
HGJzR
iOvBZ
cvZSS
KyiTT
win32
HvorF
SnBWr
cdmLP
VenkC
RcXzz
RcXzz
xAiCm
YOVPV
FjcvI
LLDQX
qumZO
LLDQX
bpqTn
win32
UumJB
LLDQX
Owibv
GqwlF
Owibv
PxpQH
tmenP
tmenP
tmenP
Fvrza
bcNdH
indexOf
NaiGH
fGZgb
indexOf
JepxD
oGtbY
indexOf
oWRMK
bcNdH
indexOf
shadow-
bcNdH
indexOf
Yijgz
NbkFC
Fvrza
hoNLn
NbkFC
lacOV
NbkFC
NbkFC
bcNdH
indexOf
QrCOs
indexOf
KhuKH
NbkFC
Fvrza
lEDdL
kqOIP
kqOIP
kqOIP
kqOIP
QVrlV
kqOIP
cElbT
Fvrza
JLJbw
kqOIP
MBSck
kqOIP
vzuRM
nDgwI
win32
GyjOr
bcNdH
indexOf
oiMuJ
bcNdH
indexOf
OrWUv
obEby
Fvrza
altSU
uXbxr
DJWtW
DJWtW
DJWtW
db9a51
JBSzn
64ca98
Fvrza
GyjOr
HvorF
sxpec
cdmLP
sxpec
hjpUt
hjpUt
hjpUt
aFyfh
hjpUt
Fvrza
HvorF
GyjOr
indexOf
enyKd
KBONX
QgfwY
win32
10.0.18363
jWldy
mBtMC
jWldy
jWldy
QMTut
tPncB
Fvrza
GyjOr
HvorF
GyjOr
indexOf
enyKd
tPncB
MZUpn
QOfBK
win32
HvorF
GyjOr
indexOf
oWRMK
indexOf
zXCmd
bcNdH
indexOf
user
QOfBK
win32
QOfBK
QOfBK
rmvqT
NuvUt
indexOf
dSgmD
Dxveo
indexOf
PclWi
wKGjP
fIUEh
10.0.10586
wKGjP
EAmyG
ktVZI
KGGfu
SaANt
Hdwnq
YRsVW
BmSJG
129654
BmSJG
yiAMf
BmSJG
Fvrza
HGDhc
gAAgD
gAAgD
Fvrza
cb0013
ITxth
wmlWw
Fvrza
ITxth
RpCID
pHkke
WDgfh
zmVYN
WDgfh
WDgfh
Fvrza
MoWsA
mKgqZ
cdmLP
OhCtl
sqXFI
EmBIr
xLzBE
xLzBE
Fvrza
GyjOr
MoWsA
6.1.7601
YgOZy
YgOZy
YgOZy
gWejm
UlXBD
indexOf
admin
YgOZy
Fvrza
HDPbd
uXbxr
indexOf
DESKTOP
bsAbo
zmxFY
YRUEX
win32
GyjOr
cdmLP
WcMJK
WcMJK
HOTJd
kXgnr
EGFbX
UlXBD
indexOf
dSgmD
indexOf
admin
OECIB
709b
OECIB
Fvrza
GyjOr
MoWsA
OECIB
cdmLP
ZAiaa
BGoiy
indexOf
administrator
zBFHF
zBFHF
YUStL
zBFHF
6adf97
zBFHF
win32
zBFHF
10.0.18363
RGoNS
hXEvt
cNfil
cc9adb
Fvrza
UlXBD
indexOf
cPGQS
ZswPw
cdmLP
BwNuB
indexOf
Xeon
KzhVs
Fvrza
UlXBD
indexOf
dFbJh
KzhVs
win32
pKQTf
lEDdL
diEau
MBSck
diEau
nBmpV
indexOf
DESKTOP
diEau
Fvrza
diEau
aHKYi
QOnHz
QOnHz
fIUEh
QOnHz
2a4494
Fvrza
BwNuB
QOnHz
cdmLP
lclaU
indexOf
ziLGh
lclaU
indexOf
euzWU
WtihN
Fvrza
zcVBq
IIFUl
BrCZp
BrCZp
BrCZp
BrCZp
fb6ab4
KYUno
Fvrza
mRRre
MoWsA
zftSW
6.1.7601
zftSW
953225
indexOf
hJpqx
Fvrza
HOTJd
lLmvr
SplGB
SplGB
QEQhI
MFhcp
win32
MFhcp
10.0.19045
MFhcp
MFhcp
uoGfh
uoGfh
riXrs
wDSxr
OxwGn
Fvrza
LqgGf
jZFgM
iWCBE
iWCBE
72f6c0
iWCBE
Fvrza
krWhl
CUcZA
VUApt
iWCBE
vfqZN
uSGiV
cDeJA
win32
QHoBj
cDeJA
jZFgM
cDeJA
qMcTZ
sgDIw
AAsxK
Fvrza
indexOf
NaiGH
QHoBj
indexOf
enyKd
AAsxK
5d0c
AAsxK
AAsxK
MBSck
rJjyv
indexOf
QrCOs
AAsxK
IONio
AAsxK
Fvrza
indexOf
10.0
QPAaC
QxaNz
indexOf
QrCOs
QPAaC
difBu
SrcaK
eBpuO
Fvrza
iffkv
eBpuO
6.1.7601
uXqQg
jcAjl
jcAjl
OEMGD
UyKBP
win32
CUcZA
egnFE
indexOf
NaiGH
IploZ
wVeWq
indexOf
hJpqx
IploZ
win32
RIaep
IploZ
6.1.7601
ZJydM
2048
QhFQR
QhFQR
Temqg
mbJsq
vLmNR
mbJsq
39549c
dlaZh
Fvrza
iffkv
DUMBe
indexOf
dSgmD
egnFE
indexOf
pgzNX
fOOsY
fOOsY
GqwlF
SOdie
cdmLP
SOdie
win32
indexOf
xDEOn
egnFE
indexOf
QMYES
win32
egnFE
indexOf
NaiGH
SOdie
SOdie
SOdie
vFEbc
SOdie
TelqS
b3c775
SOdie
win32
bDBlF
tsWzJ
indexOf
sZIIt
dFGeX
nmHCD
gcDbd
tJRDf
WmitQ
03fea1
WmitQ
4b33b6
WmitQ
Fvrza
uesvt
qZcFY
cdmLP
tDIhQ
awPqW
1cce9e
fnHAW
indexOf
KhuKH
KDJBj
win32
uesvt
KDJBj
cdmLP
IqLAA
indexOf
NOHID
vKSJy
indexOf
PclWi
pKwDT
IqLAA
Fvrza
cKyVh
DUMBe
vKSJy
indexOf
bea-chi
indexOf
ZKZhu
fBhuM
win32
sVwik
fBhuM
XdJbl
BZVuO
BZVuO
NjLGU
BZVuO
BZVuO
bBoND
061613
Fvrza
zwHnL
indexOf
NaiGH
QxFMt
badfad
vKSJy
indexOf
KhuKH
wxXYP
Fvrza
wxXYP
10.0.19044
wxXYP
wxXYP
qnnAh
dAfWE
7c1a
lIUOS
GWWPz
lIUOS
vBVqJ
Fvrza
zwHnL
DUMBe
vKSJy
indexOf
DESKTOP
NVHRy
indexOf
KhuKH
lIUOS
lIUOS
lIUOS
10.0.18362
lQOwr
indexOf
oWRMK
MVRNc
Fvrza
DUMBe
MVRNc
JIGVa
JIGVa
cdmLP
RNJrc
10.0.18362
yMukW
FObpF
win32
lXruT
DUMBe
cdmLP
EknEk
jYneQ
NVHRy
indexOf
MjeWZ
nNNCU
Fvrza
bCsBh
ONQdX
6.1.7600
ONQdX
ONQdX
lWMBQ
lWMBQ
lWMBQ
BjzeV
lWMBQ
0b6631
Fvrza
DFYty
lWMBQ
RpCID
lWMBQ
lWMBQ
lWMBQ
lZbFw
vxDhq
zJSQT
win32
zJSQT
bKdap
PEKLc
eIbEs
Fvrza
bCsBh
ngMZT
10.0.19044
jNVXC
rHFUQ
rHFUQ
pQhkU
pQhkU
iZMJP
pQhkU
Fvrza
lEDdL
10.0.19044
pQhkU
pQhkU
indexOf
QrCOs
pQhkU
1e75
RbpDW
Fvrza
lZKpm
VUApt
scHBz
uqUIX
mBtMC
LMOdT
Fvrza
wBTri
MBSck
KsNIV
KtNBN
KsNIV
35ae2e
KsNIV
InPuB
KsNIV
win32
HdUlJ
DFYty
cFmeO
MBSck
cFmeO
LzfJd
eaYbk
goxqd
eaYbk
Fvrza
HdUlJ
DFYty
eaYbk
xcQQH
xqpuS
SusrV
FqIrh
win32
FqIrh
FqIrh
indexOf
MSMDw
FqIrh
97a9d3
win32
SAeWq
fXWNs
nSMxI
cImKM
HGDhc
KjgBG
GqwlF
dHBGX
yMukW
NVHRy
indexOf
QrCOs
ouNbY
indexOf
PclWi
mafyA
win32
dHBGX
jZFgM
dHBGX
dHBGX
NmGFA
QwGgF
b6f4a2
101
win32
GpRLb
DThcE
jZFgM
DvDrp
ZODRZ
iWPxM
wDVDY
liHTu
CAuFH
vBFFC
Fvrza
DlFTq
RANcu
ouNbY
indexOf
ETQio
cfQSa
indexOf
DESKTOP
cfQSa
indexOf
KhuKH
HHFgg
vBFFC
win32
MBSck
CHGld
ed6464
OCYCH
CHGld
Fvrza
DlFTq
RANcu
ovJWi
zGnZH
SSIso
10.0.19045
SSIso
SSIso
igXEc
mWIVn
PZALr
PZALr
pyrEs
Fvrza
indexOf
NaiGH
vTZRW
EtxoN
indexOf
fzaul
TJQSE
vTZRW
Fvrza
vTZRW
jZFgM
nlycs
YAzzx
YAzzx
YAzzx
miPDD
YAzzx
VIzGS
raGnu
Fvrza
DlFTq
uhlaY
zGnZH
indexOf
gKIil
108
YAzzx
Fvrza
uXbxr
ErXYg
XZPSH
LxVAv
ErXYg
ajKZc
jTipF
ErXYg
win32
DlFTq
indexOf
oWRMK
ErXYg
MBSck
JqmKV
JqmKV
nhyxc
Shabc
indexOf
dSgmD
Shabc
indexOf
KhuKH
110
nhyxc
Fvrza
DlFTq
nhyxc
GpYWU
NjLGU
GpYWU
b0f8e1
GpYWU
nxrgO
WcHez
isArray
XCVlY
length
EGNMZ
GpYWU
Fvrza
uXbxr
yoJdz
yoJdz
7c1a
iXvDJ
qXgQW
Ywccp
vaOER
jtWzF
Fvrza
DlFTq
gPTdx
cdmLP
gPTdx
hvciH
56d4
DuFfP
TkUbj
DuFfP
erxhf
lQuCn
DuFfP
Fvrza
DlFTq
uhlaY
AFpPr
cdmLP
AFpPr
jpVOf
Uiaxl
Uiaxl
vxnrE
tHjCh
udzsn
HfRFU
raZLU
QbhDB
kykFK
raZLU
win32
DlFTq
HPqWL
quXXa
6.1.7601
quXXa
quXXa
quXXa
uDNBo
XWWpe
uDNBo
2001f7
Shabc
indexOf
administrator
pJtDb
uDNBo
Fvrza
Fkbox
6.1.7601
dcSgx
cSBuy
cSBuy
gEDic
uwzFw
PxpQH
iVrqb
djFUF
kdeIZ
7fa24d
aamzL
SdBZk
LMixC
zgCvS
YRoLM
xNBPi
jLZlN
wJFId
xRePG
jLZlN
Fvrza
tgzuT
vbTJl
nUUpI
10.0.22621
xJZQm
2253
YsjGN
YsjGN
EaKKt
dJxCn
azkav
dJxCn
AJWJh
Shabc
indexOf
dSgmD
Shabc
indexOf
PclWi
lksPX
win32
hOSEF
uXbxr
hOSEF
YxdqJ
hOSEF
UMuom
AVBiF
SaDhc
win32
fIUEh
SaDhc
SaDhc
SaDhc
SaDhc
RJHSf
mQSgP
XfZlb
fSAbF
Fvrza
tgzuT
fySzK
jZFgM
fySzK
fySzK
eZeiW
eZeiW
OoAAu
dbwJt
HJfBK
Fvrza
rjNOu
10.0.22621
QPJFT
HkbwY
QPJFT
QPJFT
c350
122
TimWf
Fvrza
sxArq
TimWf
64ccb5
TimWf
2be941
TimWf
jZFgM
sxArq
indexOf
Xeon
uPzcR
TimWf
Fvrza
rIvqx
jZFgM
rIvqx
tdQvY
rIvqx
mOCfI
HcPZQ
ahUCV
win32
ZVeAY
QmToh
QmToh
uXbxr
QmToh
2a4494
oksui
wDzFV
win32
oVNeM
ShYEb
a98d
ShYEb
UTyHh
ShYEb
IaWxZ
qtAvK
nYUtx
Fvrza
yNYnI
uXbxr
yNYnI
DCrsW
yNYnI
7b7cd2
KSqHv
Fvrza
yNYnI
uCijZ
indexOf
6.1.
RBjtP
indexOf
Xmpja
RBjtP
indexOf
LQfbk
KUyoO
lorSN
win32
lorSN
jZFgM
lorSN
buUSw
aKPie
aKPie
EFAiv
pYCBY
hCSsJ
Fvrza
hCSsJ
zGnZH
hCSsJ
hCSsJ
hCSsJ
buUXk
CBvLQ
ZhqOR
CBvLQ
win32
rPnzM
cdmLP
YYfnL
YYfnL
YYfnL
pgOgp
jYneQ
RBjtP
indexOf
MjeWZ
rkcmw
Fvrza
VUApt
YYfnL
YYfnL
lUjwt
lUjwt
Umdwc
0bd650
Umdwc
8215e4
132
Fvrza
rPnzM
vbTJl
UOVbB
indexOf
NaiGH
BONSf
BONSf
fACZI
badfad
indexOf
KhuKH
OujmB
kCyEn
win32
kCyEn
jZFgM
XEYGR
XEYGR
OGprr
IcSAh
6e64
LWXdS
iAvHP
QjAPr
LWXdS
win32
jZFgM
xtygu
bzbRE
qggcn
bzbRE
BLzyZ
bzbRE
Fvrza
bzbRE
lEDdL
bzbRE
bzbRE
bzbRE
YCfSM
NTbSi
YCfSM
pCjet
Ekvoa
llqrT
Fvrza
OQUiD
vbTJl
llqrT
cdmLP
llqrT
IdQnL
IdQnL
PxpQH
TgrHf
IdQnL
2bf408
lxEVx
IdQnL
win32
yRdeK
vbTJl
IdQnL
cdmLP
IdQnL
IdQnL
SzwCW
NIiAJ
oijqx
QQeBl
NOogf
138
NIiAJ
Fvrza
WZFcL
cdmLP
HJnPr
HJnPr
AdZyI
vbTJl
cCmww
ctcbo
cCmww
xGTfq
cCmww
QwzeH
hOgAV
win32
hXraH
FyAQi
indexOf
ETQio
indexOf
work
FyAQi
indexOf
admin
ZJOoe
win32
JFvdJ
uXbxr
32b1d5
nHnIz
ktkor
Fvrza
dlRmu
HYJrS
lCLBG
jZFgM
lCLBG
IliXY
IliXY
vWuxW
vWuxW
XmYzq
vWuxW
Fvrza
SLGMM
HYJrS
AjeuT
cdmLP
sYRWb
pELNn
pELNn
pELNn
pELNn
nnEAW
win32
PggAF
HYJrS
10.0.15063
pELNn
rNgGq
pELNn
xPUga
XEVCb
WCdoC
Fvrza
sYSzp
HYJrS
cdmLP
xPUga
Iblkw
pyzWx
BNjXP
dd15
tAXkP
Olnvd
SRkAg
indexOf
administrator
Pkqhm
RGooB
win32
RGooB
jZFgM
RGooB
yoUWR
HBNSr
QXrDn
UtghS
win32
ttjGC
cdmLP
WyoBa
WyoBa
WyoBa
092f16
WyoBa
Rhsix
CrzQO
WyoBa
win32
HYJrS
SRkAg
indexOf
ETQio
SRkAg
indexOf
my_pc_
SRkAg
indexOf
administrator
AgztK
WyoBa
Fvrza
HYJrS
WyoBa
HQBOx
SusrV
150
dNHmV
win32
OXlPO
HYJrS
TwOxe
cdmLP
jRDFk
jRDFk
pZXjd
indexOf
DESKTOP
pZXjd
indexOf
KhuKH
CiRqo
Fvrza
OXlPO
EprBH
eWobi
cdmLP
NaQEo
HVFif
adsoB
fNulY
152
Fvrza
WQqXF
qvzaE
indexOf
oWRMK
pZXjd
indexOf
zXCmd
rJGZa
indexOf
user
rEiNg
EPVpS
Fvrza
EPVpS
6.1.7601
hvpZE
hvpZE
hvpZE
vZrbU
3219
TIoyB
geEOM
CmedX
XyeCx
154
Fvrza
mrQHm
mfeBP
indexOf
Pdxkh
indexOf
azure
EEOmp
cdmLP
OoKlZ
mrQHm
indexOf
oWRMK
hVjpX
OoKlZ
Fvrza
10.0.22621
OoKlZ
OoKlZ
GhCUN
GhCUN
JHvUt
mmtze
kyUnx
JHvUt
Fvrza
JHvUt
cdmLP
FAozJ
25cd40
FAozJ
TcNYP
GjSdh
VTiQa
Fvrza
WtWll
indexOf
10.0
QkyAl
MvbuP
JXSWW
Oovpc
indexOf
oWRMK
JXSWW
10.0.15063
JXSWW
KPwlh
JXSWW
9639a3
YdAGB
JXSWW
win32
cdmLP
lIXsl
lIXsl
uJSVy
dhYQn
159
lIXsl
Fvrza
nySnj
UbqJT
indexOf
ETQio
ubXfw
indexOf
GRCYT
Bnogw
IPPvu
Fvrza
10.0.17763
okCRl
fahyh
ykzDZ
EJCgX
UqXIk
wERqr
ddZRK
Fvrza
ddZRK
jZFgM
rjcqh
MwZQC
MwZQC
MwZQC
e2c5
MwZQC
iLZcI
nySnj
UbqJT
162
bSrQk
win32
aUosI
jZFgM
aUosI
aUosI
nKVFj
YUStL
nKVFj
jmRlo
win32
nySnj
hiZAD
nKVFj
jZFgM
hNXmj
hNXmj
hNXmj
sHxMn
qcmPv
wosCU
win32
gFMHF
POWfO
sLCqO
indexOf
6.1.
indexOf
KfqnJ
PBhXJ
wosCU
Fvrza
zYrlS
POWfO
indexOf
oWRMK
wosCU
cdmLP
HpQmB
HpQmB
cYFPm
OZVQe
sLCqO
indexOf
euzWU
kHFED
HpQmB
Fvrza
zYrlS
POWfO
sLCqO
indexOf
10.0
HpQmB
yeZRZ
indexOf
QrCOs
BAQaE
b71c
djFUF
avFvT
Fvrza
iMzQl
POWfO
sLCqO
indexOf
QrCOs
indexOf
joe smith
RVaoT
JuuuF
Fvrza
JuuuF
10.0.19045
JuuuF
Aablo
JuuuF
GpwZi
LSTpz
JuuuF
Fvrza
uXbxr
mXONn
mXONn
c037
pJFjB
IgKCG
jlhOK
Fvrza
gVNks
POWfO
LtHTL
tMnNB
6.1.7601
jmXka
jfTTy
vhbTu
55d8
indexOf
dSgmD
sLCqO
indexOf
PclWi
Zrfus
Fvrza
hSUuO
indexOf
XISEN
PELkQ
indexOf
EnTIW
172
Fvrza
CzXOV
hmkON
hmkON
AvYPP
mBsfg
cdmLP
mBsfg
yITto
AsKHP
3151
indexOf
dSgmD
PELkQ
indexOf
PclWi
173
EubiH
win32
lHsVx
AsVMQ
OZVQe
cdmLP
IzAUU
IzAUU
dQqed
indexOf
oWRMK
indexOf
dSgmD
indexOf
euzWU
YmnRd
IzAUU
win32
dQqed
WwuFO
KGVIe
indexOf
MSMDw
IzAUU
IzAUU
97a9d3
175
iAVsv
Fvrza
zUXEI
WwuFO
QLeki
cPSWi
jhPdR
HGDhc
jhPdR
GqwlF
JwXPt
yMukW
EMvUU
indexOf
QrCOs
ArQjP
indexOf
NOUID
GakkB
DarJG
Fvrza
ArQjP
indexOf
WGWRo
ArQjP
indexOf
gKIil
MRgXm
DarJG
Fvrza
DarJG
jZFgM
JdzkY
TfEVY
TfEVY
TfEVY
TfEVY
DANYL
178
TfEVY
Fvrza
zUXEI
bMCDE
TfEVY
6.1.7601
KjOid
TeIde
TeIde
fFNtx
pEjeD
ggTkd
DVNpA
win32
UKosN
UmPBs
RStcV
cdmLP
wxNSr
CVPDb
CVPDb
indexOf
oWRMK
indexOf
NOHID
ArQjP
indexOf
PclWi
180
CVPDb
Fvrza
CVPDb
cdmLP
CVPDb
CajRS
f6b8ae
CajRS
jDQYv
Fvrza
TbTjG
YXeNz
cdmLP
indexOf
MPHcB
indexOf
euzWU
ggFjw
Fvrza
TbTjG
LpsyK
indexOf
xDEOn
bCjUe
indexOf
QMYES
HMwNh
YXeNz
Fvrza
ZMmep
cdmLP
YXeNz
YXeNz
YXeNz
Nfomy
YXeNz
AJIbU
GDdzq
Fvrza
XGuny
LpsyK
cdmLP
YXeNz
wiAww
6bd1
wiAww
Zazih
OcxSI
AcvAt
cZDeV
Fvrza
jLBhK
LpsyK
6.1.7601
ihqVR
twOWB
PxEtR
mrtiM
PxEtR
jRDlU
PxEtR
186
PxEtR
Fvrza
jLBhK
GFqku
rsryy
cdmLP
rsryy
mObEM
wwSgM
e8b9
wwSgM
fca565
wwSgM
jJQLP
IMlkJ
wwSgM
Fvrza
iHVtr
XctBK
570a90
188
Fvrza
quQFg
mSEbl
bCjUe
indexOf
NaiGH
VUApt
rLIdH
804a
rLIdH
indexOf
QrCOs
indexOf
wajJg
GFIjj
FwMDI
Fvrza
quQFg
XeIam
CyrAi
qqvVp
cdmLP
UI32LE
UI32BE
UI16LE
UI16BE
UI8
HEX
hex
GUID
FTIME
DTSTP
STR16
undefined
ikhmR
DHvAZ
vREZD
EtEUw
fzcbF
alloc
writeUInt32LE
RMzDb
alloc
writeUInt32BE
xdfEm
alloc
writeUInt16LE
rSVhD
alloc
writeUInt16BE
AzAle
alloc
writeUInt8
LgERh
from
LdTCK
MONYq
split
WbmBY
UI32LE
PnKDP
WbmBY
xdfEm
gxNoe
xdfEm
wjpoF
gxNoe
HEX
gxNoe
HEX
concat
bcvpC
fRaZz
gPxFr
mxVeq
WJVFF
fRaZz
floor
mxVeq
floor
rKLhn
gxNoe
fzcbF
NkRFg
fzcbF
concat
PkNSj
KoSmh
WJVFF
getFullYear
mJTfJ
Slvsa
getMonth
mJTfJ
getDate
NkRFg
UI16LE
mJTfJ
wxbax
getHours
mJTfJ
wxbax
getMinutes
lwcyA
floor
rKLhn
getSeconds
NkRFg
xdfEm
concat
XbRQA
alloc
fRaZz
length
fhUai
length
writeUInt16LE
charCodeAt
fRaZz
bLvMa
poqum
HBiXh
Malvs
push
rLrKu
QJuIS
WGBPC
statSync
pf2
\.\
2|1|0|4|5|3
split
vUFts
substr
XlFwP
length
substr
XlFwP
length
BiGDM
indexOf
\.\
split
baKEF
join
indexOf
split
join
HyiWN
substr
substr
HyiWN
length
HNNFq
substr
UI16LE
STR16
gttk
5|3|4|0|2|1
aes-128-cbc
4|2|3|1|5|0
12|10|9|2|6|5|11|0|4|1|3|7|8
fVxnf
OewSj
TTpfz
nQsjZ
jwhGa
pvwir
max
min
UI32LE
GUID
00021401-0000-0000-c000-000000000046
FTIME
XLIKn
UI8
20d04fe0-3aea-1069-a2d8-08002b30309d
hQUXi
gvftt
DTSTP
olUuf
EJtgT
AxDGH
HlmhF
dpGjE
dqSmi
qSOdM
mKUId
Ntrrh
lROOB
length
duGvS
object
name
name
length
name
file
file
length
file
workdir
workdir
length
workdir
args
args
length
args
icon
icon
length
icon
now
workdir
PTVgx
pkckb
mnUhQ
args
trim
ffaVQ
length
VTxVF
fRCzG
workdir
SqHgo
workdir
workdir
indexOf
tyVZm
workdir
file
LjsGJ
fVxnf
x64
file
SqHgo
file
file
indexOf
hMANw
mbloB
KiMPX
KiMPX
rNumq
OHtVN
log
orYxY
xNPGn
Uerja
file
hMANw
BPWIh
nQsjZ
pdhJk
split
concat
update
final
writeFileSync
prs
randomBytes
createCipheriv
pGABG
slice
slice
from
stringify
file
CarGN
split
flg
flg
flg
flg
flg
ixJXf
name
flg
ixJXf
file
flg
epzLg
workdir
flg
DvzMU
args
flg
yYueF
icon
flg
yYueF
att
att
file
jLhGb
lHLCU
att
KiMPX
aumRr
aumRr
att
length
model
model
trim
speed
speed
shcm
kCsCZ
show
gjHkE
shcm
NRMCH
show
BZTOD
KiMPX
show
shcm
gyJnr
nQVDc
gyJnr
ICiYO
pDpOu
EEZZc
UI32LE
flg
EEZZc
nQVDc
att
EEZZc
FTIME
ftc
ftc
SlEUe
VQqIs
fta
fta
VQqIs
ftw
ftw
TGNqv
nQVDc
fsz
fsz
nQVDc
icidx
icidx
lTtlx
nQVDc
shcm
UI16LE
hky
hky
ffaVQ
lTtlx
UI32LE
lTtlx
nQVDc
concat
kpSZF
vMxqd
flg
qEteO
LjMOu
LjMOu
ffaVQ
ffaVQ
lTtlx
KBZII
KBZII
lTtlx
GUID
tyGJG
length
substr
JhzLd
loUnS
loUnS
0|4|2|3|1
split
mRNFj
ffaVQ
push
alloc
push
from
lmJUb
KBZII
mRNFj
KBZII
outbuf
outbuf
push
edIiR
length
huBTd
AgMOF
qyWiF
createHash
sha256
update
digest
length
from
file
length
mRNFj
UI16LE
PUqzu
length
UI8
mdpwf
KBZII
zPTem
nQVDc
lTuFM
DTSTP
ftw
ftw
UI16LE
push
xsqFL
KBZII
ROqZs
KBZII
gTTTA
UI16LE
gTTTA
ffaVQ
gTTTA
nQVDc
KtUJw
DTSTP
ftc
ftc
zgYqZ
hXrLW
fta
fta
length
pCsAS
ffaVQ
gLcgM
gLcgM
length
ffaVQ
pCsAS
fRCzG
UI16LE
pCsAS
ffaVQ
concat
writeUInt16LE
length
push
concat
writeUInt16LE
length
push
UI16LE
yTrrm
ktmr
ktmr
concat
length
writeUInt16LE
oMWKM
length
KRAYR
vMxqd
flg
WUrSz
olUuf
iaznQ
split
concat
update
final
randomBytes
createCipheriv
aes-128-cbc
slice
slice
from
stringify
writeFileSync
prs
name
KJeQy
ffaVQ
length
KJeQy
fRCzG
bijaD
flg
RbhyC
ouBts
NcawY
fill
Tbytf
CarGN
file
ffaVQ
length
KJeQy
fRCzG
dIKIl
flg
aSbgP
lkwmH
lkwmH
bbGep
workdir
bijaD
length
KJeQy
ffaVQ
length
KJeQy
fRCzG
OeKBU
icon
VTxVF
UI16LE
length
fRCzG
ADOss
dIKIl
flg
uIelL
KqybB
KqybB
env
PTVgx
toLowerCase
toLowerCase
env
args
trim
RFkhH
ffaVQ
length
TmJYI
fRCzG
ADOss
dIKIl
flg
tHFqQ
tAbzj
IAPdc
split
NdaDV
length
BGqXG
writeUInt16BE
concat
alloc
qruTZ
createCipheriv
pGABG
slice
concat
from
alloc
randomBytes
concat
update
final
dDNxa
UmzcR
icon
wkORm
UI16LE
length
wkORm
fRCzG
length
MJcbA
UI32LE
concat
concat
aSbgP
yoZLQ
dUEzx
push
writeFileSync
FEAfc
ZsdrA
dmyGK
gyJnr
ppid
length
tree
.exe
\Microsoft\Windows\Start Menu\Programs\Startup\
.lnk
PyClv
GhDFp
TLSAb
GhDFp
LWfrT
xbFez
aup
ymIlp
kUsPG
tmp
kUsPG
kUsPG
gQNSX
kUsPG
vCrcD
kUsPG
crMxY
crMxY
Poudh
apd
eFlbO
iINJR
cKNOv
YGHxv
NHcmX
floor
eJBla
pop
mkdirSync
ignore
object
cmd.exe
systemroot
temp
allusersprofile
appdata
username
\networkservice\
network service
system
local service
dwm-
umfd-
win32
6.1.7601
NOHID
john
d61484
7aed
6.1.
a6f2
7c1a
4b9de2
591acb
10.0.19045
5a1d
admin
4ed984
10.0.19044
e06b
6a29b3
10.0
Xeon
a888
7e73
70b4
d580
administrator
10.0.17134
2088
DESKTOP
6.1.7600
a592e8
0b6631
9ca5a0
b7e24d
b6f4a2
DESKTOP-JTAPJCC
6e64
747890
092f16
48fdf5
10.0.15063
10.0.19043
dd15
6e6551
2001f7
851c
badfad
3151
00181a
e94c92
9ab4de
129654
f7e0fe
86438b
8726e3
50ab44
351468
10.0.10240
CompAlexey
alexeyzolotov
a739
d60869
75c891
a98d
efba14
930d8a
10.0.22621
2293
e8c630
3f9b99
NOUID
611a3e
a65640
b71c
EPYC
shadow-
shadow
work
41c07c
10.0.18363
26112
2988b8
ed6464
d04f74
2bf408
Host1
user
3322
bca236
723943
3635
5803c5
KVM/QEMU
709b
436f
cc1a
18275d
7f8794
aff8
db9a51
64ca98
10.0.19042
bb2e4c
e8b9
f2886f
9a50
harry johnson
bf7e
35ae2e
d8716f
95deb5
b445bf
lisa
STRAZNJICA.GRUBUTT
c589
25cd40
59a422
2048
16a7c1
39549c
86131a
10.0.16299
570a90
c23200
769fc7
10.0.18362
stark
100
13b4
ab86a1
dc599a
101
102
1285
abcf10
b3c775
103
275dec
104
3219
93a77b
32b1d5
c350
64ccb5
109
10.0.22000
9d5196
110
111
b5a0
c39efd
114
anna-
97a9d3
115
116
10.0.17763
1e75
117
b0f8e1
061613
118
119
11d4d6
120
e379b3
72c1f0
121
299243
122
10.0.14393
123
167bfe
d6a5b0
124
56d4
d33e1f
125
cb0013
127
6f2958
471915
129
e2c5
12a5b6
130
131
7bf5
132
joe smith
134
dillon
peter wilson
136
a30c
6eb45e
137
10.0.10586
139
8920
140
10.0.
b624
03fea1
141
142
6cfdbc
b38e56
143
32b5
9f9d51
144
62327b
a4757d
145
9f72
147
52c9
148
mars-pc
149
f4cb33
150
d76211
151
10.0.19041
2a4494
152
5fd4c0
154
janusz-
janusz
john doe
156
cd4ee8
bac5dd
7fa24d
56aee3
2b22
74529b
157
c8b63d
158
8215e4
160
3e45fc
161
bf0760
9114
162
frank
4085c6
165
77bd
736b19
166
72f6c0
167
168
my_pc_
169
c037
b4a2c8
171
6adf97
3a83fe
173
174
175
176
7b7cd2
177
5d0c
bc54f4
179
art-pc
180
181
f1dd
183
azure
184
e32aca
185
24889e
18126e
bot 115 W7 Xeon H 24889e U 18126e
186
e717
187
6.3.9600
04159b
188
#56d4#
62efb9
prsv
LBlzk
cUsIq
guMcn
Bqdmc
hOWqZ
OweTp
GMPnF
udgno
aZLNT
aRBqA
log
CWFoL
pf1
pf2
cWhEL
aqjuf
aqjuf
file
mkdirSync
existsSync
resolve
argv
resolve
argv
uzWiH
zjycP
FxKCS
name
OODCe
UI16LE
length
STR16
statSync
pf1
uzWiH
OxNFF
OxNFF
statSync
readFileSync
HOpLx
size
size
cWhEL
SzJMI
SzJMI
4|0|1|10|3|8|7|2|6|9|5
split
stdio
yYmUn
detached
shift
env
env
env
env
ttozm
spawn
unshift
unshift
unshift
unshift
ApLRw
slice
unref
windowsHide
writeFileSync
pf1
readFileSync
gGKBR
VEXyd
FDWty
statSync
pf1
isc
windir
TSZZe
tmp
Emecs
FiGmT
aup
Emecs
yVggz
apd
gwPhP
UxFRg
usr
iqNvw
tmp
isc
isc
tmp
toLowerCase
indexOf
toLowerCase
isc
isc
zeGUz
tmp
toLowerCase
indexOf
WOqHr
isc
isc
aup
apd
isc
isc
usr
isc
isc
usr
toLowerCase
SxsoE
gqcsK
mUYki
gVbGG
PaEsu
CTQCH
substr
length
indexOf
pEBzC
indexOf
bUfHb
isc
ceTtD
size
size
uzWiH
uFJJS
uFJJS
statSync
pf2
createDecipheriv
concat
update
final
toString
yFJCl
CgVBq
s1e
s1e
statSync
ZDZBU
size
size
TDBga
HCQIP
85|22|103|75|41|34|0|90|37|183|93|138|30|87|38|96|78|114|177|167|57|108|13|50|156|44|77|180|148|179|147|11|62|97|63|20|99|33|139|67|102|120|127|162|134|132|124|111|29|165|155|151|173|130|181|47|168|104|83|133|48|164|4|174|18|154|98|171|1|178|43|159|119|126|31|122|3|82|86|94|14|95|60|9|64|55|35|116|3...
split
Nbjsz
lLQtX
HOpLx
e1e853
EEWnW
zHZLL
lLQtX
zHZLL
6.1.7601
zHZLL
AaLaT
indexOf
qAIxI
indexOf
KKTJc
lLQtX
BJGGg
vtIYI
aMejH
zHZLL
d0062c
lLQtX
hHWUe
zHZLL
EEWnW
zHZLL
zHZLL
zHZLL
tOqHF
zHZLL
b445bf
AaLaT
indexOf
lisa
zHZLL
win32
przQd
lyXoZ
indexOf
qVoTp
IxGpW
indexOf
goatuser
nkPYl
lLQtX
nkPYl
6.1.7601
nkPYl
nkPYl
rMpoe
przQd
MzFOn
TKAjx
5b2e9c
lnRKa
lnRKa
win32
lnRKa
10.0.19044
lnRKa
lnRKa
lnRKa
kxHKA
lnRKa
bfZdW
wmYDa
lnRKa
lLQtX
przQd
lnRKa
10.0.19044
lnRKa
EsaJM
EsaJM
EsaJM
wHVAp
AhHgW
9a8599
ueeFZ
lLQtX
SClGn
GKjqO
fMpzp
rEhIL
qaUvC
qaUvC
qaUvC
win32
scUJx
lyXoZ
qducM
qducM
qducM
1cce9e
IxGpW
indexOf
gJaoF
lLQtX
HzLka
aXIfm
EEWnW
iEzZI
XKytw
UYWbz
UYWbz
pbpFG
UYWbz
2652ee
UYWbz
win32
xXpmO
UYWbz
EEWnW
UYWbz
953225
IxGpW
indexOf
KKTJc
vjrJU
lLQtX
HzLka
bwkrM
zCtNX
sbiij
EVWvt
hnqta
osCeZ
ueguk
glPQM
osCeZ
win32
oPHoC
IxGpW
indexOf
zDrbv
motGu
motGu
motGu
indexOf
NlnUv
RjuYw
indexOf
AMD EPYC
10.0.10240
WOyKR
sbiij
indexOf
qAIxI
tYfMt
acHVZ
bzzdk
tYfMt
NiIYT
nauuD
STCpZ
IxGpW
indexOf
UdyfA
win32
RjuYw
oPHoC
fGtHC
uHXWh
10.0.18362
fGtHC
WqxjP
fRvHF
indexOf
mSVbr
sxvhx
indexOf
NOUID
lLQtX
FOMfC
vGDtS
vgLQq
vGDtS
pqqvq
pqqvq
pqqvq
pqqvq
novlK
pqqvq
VpEky
lLQtX
jhnRz
EEWnW
UQCqY
XjxAt
XjxAt
XjxAt
XjxAt
uAfEn
XjxAt
XjxAt
lLQtX
NjTuJ
SClGn
NjTuJ
NjTuJ
jxGdd
XWLKb
wPIPo
aMQQp
lLQtX
KvNEb
indexOf
eMbdX
lLQtX
BXdIG
SClGn
BXdIG
BXdIG
BXdIG
BXdIG
Rcufl
BXdIG
BXdIG
UDraL
win32
NIebz
EEWnW
BXdIG
46502a
KvNEb
indexOf
administrator
iWubk
lLQtX
EEWnW
UhWkk
UhWkk
UhWkk
Bwdzv
fyTzT
kixuY
nogsp
win32
iaLJs
jhnRz
FahGp
nogsp
2970
nogsp
nogsp
8e776c
lLQtX
ueUKw
jhnRz
EABRa
SkLfc
tgGZf
SClGn
bWkSI
bWkSI
bWkSI
QKceB
QKceB
zzhZQ
zzhZQ
lLQtX
ueUKw
eTlyg
EEWnW
zzhZQ
GcNXG
uwPEO
JnERn
lCoPR
indexOf
UdyfA
GcNXG
lLQtX
mlqry
IEnmj
ngEbC
EEWnW
vJoah
vJoah
vJoah
SjaRs
a888
SjaRs
OKQmT
indexOf
UdyfA
SjaRs
lLQtX
iXlYV
IEnmj
BLYhS
BLYhS
KITYi
pCsMX
liZGW
EuZzj
061613
EuZzj
lLQtX
iXlYV
oBryG
Pnxdp
indexOf
zDrbv
Frrky
fHywP
EOIwy
iLBXU
indexOf
gJaoF
LwRyj
win32
Pnxdp
indexOf
qAIxI
EoROg
indexOf
NOUID
MecDm
10.0.19041
NYjSH
10.0.10586
VzhqI
AXrhv
DpLSM
a8776a
JVqBa
NKlGi
MKIrs
RRtYC
kcsyX
RRtYC
vDRqS
win32
iXlYV
ausER
EEWnW
OrjmV
EoROg
indexOf
gJaoF
ausER
win32
KUIxC
10.0.22621
KUIxC
KUIxC
LJNLk
7c1a
tBfBv
zzLDF
cd4ec1
win32
iTADq
EoROg
indexOf
10.0
TVOAH
TVOAH
jiODC
indexOf
NlnUv
jiODC
10.0.15063
jiODC
uLjOs
NFmnc
9639a3
lLQtX
iTADq
275dec
NFmnc
rzEJO
NFmnc
lLQtX
iTADq
EoROg
indexOf
mSVbr
NFmnc
OdPIb
NFmnc
ExkeA
ExkeA
win32
QCVsr
10.0.17763
QCVsr
sbiij
QCVsr
emKuI
xzUXe
EoROg
indexOf
DESKTOP
win32
iTADq
indexOf
a.monaldo
xzUXe
6.1.7601
xzUXe
indexOf
NlnUv
xzUXe
lLQtX
iXlYV
ZXuiA
EoROg
indexOf
XpaWT
EoROg
indexOf
satJu
vtDzi
lLQtX
PjUDl
ZXuiA
EEWnW
vtDzi
vtDzi
Kjjhs
Kjjhs
xWRpJ
Kjjhs
DUXOS
Kjjhs
BjoFE
hLJwh
lLQtX
hLJwh
10.0.22000
MsDOO
eJHgI
MsDOO
MsDOO
axsqj
IXbut
SLPif
tepBy
lLQtX
PjUDl
9a50
bxeZM
275dec
rJvZD
lLQtX
PjUDl
itLPK
LVROV
itLPK
2253
DBkLa
DBkLa
tMhxL
YNbZB
dnHvg
bmboO
lZqLY
bgxVG
indexOf
NOHID
indexOf
dBEzk
lLQtX
PjUDl
HJAmC
HgwTw
vwWFC
EEWnW
HgwTw
HgwTw
ogfKF
indexOf
NlnUv
indexOf
NOHID
gzCYV
indexOf
UdyfA
ogfKF
lLQtX
PjUDl
mWkBs
aOKVL
6.1.7601
aOKVL
vwcED
indexOf
NlnUv
OnVtw
JCaeL
5bc06f
lLQtX
mWkBs
SClGn
JCaeL
JCaeL
bHJna
bHJna
bHJna
bHJna
lLQtX
PjUDl
mWkBs
YQUTa
10.0.18362
YQUTa
YQUTa
SFWHA
rdjsr
saiRi
win32
gzCYV
indexOf
zDrbv
indexOf
vDmdI
indexOf
NlnUv
oEoYZ
indexOf
OEGth
oEoYZ
indexOf
LOLsX
saiRi
lLQtX
saiRi
aYTIY
indexOf
qVoTp
aYTIY
indexOf
lzLNz
XMXVk
indexOf
admin
gidNQ
lLQtX
KmKPN
IVRHi
gidNQ
EEWnW
gidNQ
Wrkrf
Wrkrf
MfeQR
SZOkX
MfeQR
CDCmv
win32
IVRHi
XMXVk
indexOf
DESKTOP
XMXVk
indexOf
admin
CDCmv
CDCmv
10.0.18362
indexOf
NlnUv
lLQtX
KmKPN
qADEb
ZHbWT
qADEb
Ooahy
XLQlE
UcMlC
XLQlE
XLQlE
lLQtX
sbiij
XLQlE
xsraB
lLQtX
DdNKF
EEWnW
DdNKF
DdNKF
gZRGn
f5faf7
fomHv
f94649
SIHoj
win32
SIHoj
EEWnW
SIHoj
HpbST
rVRnd
ORyCg
f6b8ae
XISXJ
XISXJ
win32
KmKPN
IVRHi
ygmeP
EEWnW
ygmeP
ygmeP
ygmeP
iynCs
indexOf
mSVbr
WkTSU
indexOf
gJaoF
ygmeP
win32
KmKPN
GnHhE
EEWnW
hQHNX
llUIC
llUIC
SFWHA
IKtfd
XpeGR
IKtfd
oWJfi
fDgzQ
lLQtX
KmKPN
nzipn
indexOf
Xeon
HsBhm
indexOf
ifeqy
GZtUX
indexOf
ZSgvf
Jpbuf
lLQtX
LVROV
Jpbuf
Jpbuf
pnwdj
bLvvk
bVSqx
sBASL
bVSqx
SEpnC
UxKPh
lLQtX
UxKPh
uHXWh
UxKPh
UxKPh
UxKPh
lLQtX
JgmVy
UxKPh
EEWnW
UxKPh
rkwja
UxKPh
YVklU
1cce9e
indexOf
gJaoF
lLQtX
PrNDL
FahGp
PrNDL
YROlB
qzrDr
WLuRe
lLQtX
JgmVy
GnHhE
JgmVy
indexOf
sVTFp
qzrDr
qzrDr
ycTjz
lLQtX
JgmVy
TMqpE
indexOf
sVTFp
QjQKw
ReVXJ
lLQtX
OpGki
qoiyo
6.1.7601
JrtVg
pwnPH
FahGp
pwnPH
ZwmcD
QPcgQ
indexOf
qAIxI
indexOf
gJaoF
ZwmcD
dJAES
ZwmcD
lLQtX
SkLfc
nfXZX
nfXZX
nfXZX
vZKql
nfXZX
nfXZX
nfXZX
win32
SqdzR
SClGn
UwWtk
72f6c0
UwWtk
lLQtX
bWnwq
bWnwq
bWnwq
QgsPT
0fdc
QgsPT
HNRpt
XtxZT
88dba0
RLucx
upahX
QPcgQ
indexOf
UdyfA
oNGhQ
lLQtX
WzDso
ZHbWT
WzDso
kTtoF
uraJO
kTtoF
kTtoF
jCvCG
IGQSH
lLQtX
FomGK
LVROV
FomGK
EqwMb
qADpM
fHIEI
qADpM
BkveF
lLQtX
hmxrs
wFvQn
wFvQn
XcWua
zKTzE
fb6ab4
lLQtX
gDrrz
ZHbWT
gDrrz
cCeVm
cc9adb
TkItp
lLQtX
ZjOYY
OpGki
6.1.7601
TkItp
vcXuW
6bd1
vcXuW
d864df
nkmaZ
WyFuA
win32
jiMHG
ovQRF
AhlbD
EEWnW
AhlbD
AhlbD
Pjkgf
kEzes
lLQtX
OunXJ
ovQRF
EEWnW
kEzes
AwKlO
IWuSs
fca565
LiOHs
Clcfd
LiOHs
lLQtX
RVtGU
oEXZh
qhwtc
xWvYU
rzEJO
qhwtc
win32
qhwtc
EEWnW
twceB
dHvIp
indexOf
NlnUv
indexOf
qAIxI
CHUHf
indexOf
dBEzk
zular
lLQtX
CHUHf
indexOf
AMAZING-AVOCADO
vVmJl
indexOf
bIFhl
ShsjZ
lLQtX
nGMMj
oEXZh
ShsjZ
sbiij
ShsjZ
eCDOc
QJcxB
TfsqU
cdVSO
ozeKS
yoZHa
lLQtX
LVROV
vVmJl
indexOf
mSVbr
yoZHa
XIoqO
XSsbC
lLQtX
nGMMj
bjsrR
SClGn
Ujpcp
Ujpcp
SPQDA
SPQDA
win32
nGMMj
oEXZh
KhSxo
EEWnW
KhSxo
KhSxo
dJAES
neHTX
8fdf0b
neHTX
lLQtX
YMLVY
vFpus
EEWnW
RgHpy
RyTRC
vVmJl
indexOf
IYpGe
CvPyt
lLQtX
vVmJl
indexOf
qVoTp
RsYoP
indexOf
TPksa
CvPyt
lLQtX
YMLVY
indexOf
Xeon
TAAvC
EEWnW
TAAvC
XSJvW
XHUFz
XSJvW
vwWFC
indexOf
UdyfA
isArray
DAVzA
length
XSJvW
lLQtX
EEWnW
IJVlr
pXpJg
hUxhm
XsusT
pXpJg
lLQtX
VRkuz
aqchQ
GoyLU
GoyLU
EEWnW
TqkvL
OdPIb
55d8
indexOf
qAIxI
RsYoP
indexOf
dBEzk
lLQtX
VRkuz
puDNC
jWnyh
EEWnW
PlBFn
FCxKb
PlBFn
JvxEl
JvxEl
pefKR
JvxEl
dmSdM
mRUiV
lLQtX
CHLVK
cZgcu
EEWnW
cZgcu
RPTMn
RPTMn
RPTMn
RPTMn
gNMKl
RPTMn
lLQtX
RPTMn
KSdsg
RPTMn
XSbwc
TMeUq
lLQtX
BKAzd
gijTw
XcwZW
VSdjp
lLQtX
VRkuz
CHLVK
vAAlx
indexOf
NlnUv
VSdjp
sbiij
VSdjp
VSdjp
kbmTW
indexOf
qAIxI
kbmTW
indexOf
gJaoF
crZwl
lLQtX
vAAlx
wkPPg
UhBCl
indexOf
qAIxI
UhBCl
indexOf
ZSgvf
AeKwv
yuyzX
yuyzX
gzHhU
6.1.7601
yuyzX
lLQtX
bmdzv
jRRRY
EtJqg
uHXWh
EtJqg
gzHhU
futWd
WqxjP
UhBCl
indexOf
DESKTOP
UhBCl
indexOf
dBEzk
mfqcm
lLQtX
wkPPg
vbhXI
oDtMB
6.1.7601
ajJHs
gzHhU
ajJHs
WqxjP
ajJHs
win32
aKjqG
indexOf
XpaWT
aKjqG
indexOf
alexeyzolotov
ajJHs
win32
wkPPg
vAAlx
indexOf
sVTFp
XIwxq
XIwxq
SLgNs
win32
ycCVT
indexOf
6.1.
ycCVT
indexOf
gary-pc
ycCVT
indexOf
xDzKO
SLgNs
win32
mxqBL
wkPPg
ycCVT
indexOf
6.1
qMKxz
LLXNF
indexOf
Xeon
4f81e3
LLXNF
b75705
IwKrT
LLXNF
lLQtX
EYGIt
KSdsg
ObnJA
ObnJA
OOGCz
iEuAu
yCIEt
PZldu
yCIEt
ZuLhY
CjKMl
TziHV
lLQtX
mxqBL
wkPPg
vYACt
LVROV
vudGX
vudGX
vudGX
2cd67e
JThtR
vudGX
win32
AMNzk
indexOf
zDrbv
vudGX
vudGX
RpGFn
RpGFn
fzuxj
ovhdi
kdErZ
NtGVd
niInh
HyhqI
bBxkz
lLQtX
bBxkz
xWvYU
kwOAM
rzEJO
yXEMA
bBxkz
lLQtX
mxqBL
eGoKy
OQjIF
indexOf
qVoTp
indexOf
mSVbr
wisWo
indexOf
gJaoF
105
Zgzou
lLQtX
nTLkS
lPOHf
Zgzou
EEWnW
Zgzou
vxiwX
ViXPS
ViXPS
XzJji
ViXPS
9db1e4
pEges
cjzpC
106
pEges
lLQtX
nTLkS
lPOHf
pEges
EEWnW
pEges
jJCQO
jJCQO
a888
jJCQO
379a7d
wisWo
indexOf
administrator
107
JqNhG
lLQtX
FdqxB
LVROV
FdqxB
kYfjb
szbHd
pkzau
GfRTk
108
pkzau
lLQtX
lPOHf
PRyho
IkdOy
PRyho
2be941
PRyho
SClGn
JHquY
indexOf
Xeon
noMJb
PRyho
win32
pWimk
HJMkZ
PokIj
PokIj
TajLi
cJCPE
win32
JHquY
EVqAc
PokIj
sbiij
dxnPv
jeUMq
033bd9
yYiUe
jeUMq
lLQtX
JHquY
EVqAc
indexOf
zDrbv
jeUMq
badfad
GflFu
indexOf
gJaoF
112
lqOlr
lLQtX
FeBFF
EVqAc
eietM
6.1.7601
qnDpz
qnDpz
qnDpz
GEqof
KqBMr
73a080
Mobgv
113
Mobgv
lLQtX
Mobgv
SClGn
KFJTb
SLNHU
KvhCO
hUOKT
UMaoJ
KvhCO
lLQtX
temdH
UtCcf
indexOf
RPaCb
temdH
YrdnL
lIwkz
lLQtX
temdH
10.0.19045
temdH
b1a8
CbXnD
7db39b
kpkKA
CbXnD
lLQtX
OCliJ
CbXnD
sbiij
GspYR
GspYR
khBRE
indexOf
DESKTOP
khBRE
PtdYw
WSZzv
khBRE
win32
FeBFF
yZpda
FSToG
FsUjc
PqAeU
PqAeU
851c
PqAeU
hrNqA
PqAeU
PqAeU
lEqbU
aLzbD
lLQtX
PNMIw
qztGr
AZLmS
sbiij
AZLmS
AZLmS
AZLmS
cYGih
cYGih
4f5cec
CuNQs
tJAii
lLQtX
PNMIw
qztGr
EEWnW
UOHDm
EheSa
UtCcf
indexOf
UdyfA
ktjpD
lLQtX
PNMIw
qztGr
EEWnW
UOHDm
ZfWdY
PNMIw
indexOf
NlnUv
ZfWdY
xBDWc
lGDYW
Rwzra
wvSjm
lLQtX
lGDYW
OCliJ
neOwX
GlAff
GlAff
GlAff
GlAff
KBXHH
GlAff
d1457b
dFEsD
GlAff
lLQtX
PNMIw
qztGr
GlAff
fmGcz
QNDKX
indexOf
mSVbr
QNDKX
indexOf
gJaoF
LKgFZ
vCcAb
lLQtX
MZVWJ
10.0.22621
MZVWJ
tBTEy
tBTEy
tBTEy
kkMPU
hanaY
pgNKe
hanaY
ikWqh
uIejR
Mchpd
lLQtX
RlQHH
Mchpd
EEWnW
Mchpd
Mchpd
dQdqO
Mchpd
MEWue
Mchpd
9ec750
KXYtw
McjQE
lLQtX
XbLxT
nBvUC
xfuSv
5bc06f
126
lLQtX
RlQHH
SZvwQ
PKYIq
EEWnW
wWeRy
UqrMl
QMrtB
QMrtB
OrjmV
indexOf
gJaoF
iYukr
lLQtX
QhKeD
yIeBx
QNDKX
indexOf
zDrbv
QMrtB
xVraP
QNDKX
indexOf
john
128
QMrtB
lLQtX
jADTM
SClGn
jADTM
qkGDf
qkGDf
qkGDf
XgaVJ
CqAgY
qkGDf
lLQtX
nUOid
10.0.19045
tAbMx
iLyCV
YCBcD
HmgBn
UWwZe
HmgBn
gefLr
lXjbX
NGWKk
HmgBn
LabYH
HmgBn
lLQtX
HmgBn
SlDQB
10.0.22621
CnvED
2a4494
GmFtJ
CnvED
lLQtX
gnWLW
LLWnU
EEWnW
wGlPJ
dltAo
dltAo
KlXfl
dltAo
2cb5a5
vfJkG
f3f0c6
RQfBH
lLQtX
gnWLW
NGWKk
indexOf
10.0
UcDpj
indexOf
mSVbr
tDBPZ
SFWHA
tDBPZ
bac5dd
133
Orsos
win32
NvRvO
NGWKk
QNDKX
indexOf
DESKTOP
eRzsh
indexOf
uawPm
IurNn
Orsos
lLQtX
NvRvO
joKnW
eRzsh
indexOf
cJPTA
eRzsh
indexOf
yASHL
135
lLQtX
ThSJp
6.3.9600
oDASv
YzvFo
72e748
eQJOY
scgjW
eQJOY
lLQtX
Gfzlx
LVROV
GPBPG
GPBPG
Eydpi
GPBPG
tamGG
hsCyj
LMmET
lLQtX
LMmET
LVROV
RdYHU
UFpAm
szbHd
qzOdq
138
bbwgH
lLQtX
bbwgH
bbwgH
bbwgH
qNPFf
EEWnW
bbwgH
nYhen
hsBpi
AXrhv
eRzsh
indexOf
NOHID
pkSZQ
indexOf
dBEzk
KpIPz
lLQtX
joKnW
pkSZQ
indexOf
zDrbv
BvWtj
indexOf
mSVbr
xqTJj
xqTJj
LVROV
xqTJj
cbdBo
WkAId
0cbc66
ycYLB
eEakQ
lLQtX
joKnW
BvWtj
indexOf
UQIne
eEakQ
eEakQ
XkTnG
VTkAS
XkTnG
xHNBD
XkTnG
4b33b6
lPkGC
XkTnG
win32
fbEuA
fmGcz
AyPmI
fOoKX
fZfVi
a739
XdChK
QZjpw
XdChK
lLQtX
lqezk
XSfDp
10.0.19045
FNEsw
UVnLT
6d05
dfoLM
WEeTG
PRXyJ
UVnLT
lLQtX
Kusae
SClGn
Kusae
FEHvV
FEHvV
FEHvV
FEHvV
JUFJU
CyqUo
PbnOO
Emait
CyqUo
lLQtX
cXOBK
OCliJ
uMXXM
uMXXM
YmYKi
zKKzk
nlVuq
uMXXM
lLQtX
10.0.17763
XlKYH
XlKYH
XlKYH
gACKy
bd9ff1
146
wubNf
lLQtX
ATZju
SClGn
ATZju
kCyAE
yDPJU
52acd9
mnUTV
QDWcl
lLQtX
lqezk
boLCO
vjMJm
EEWnW
vjMJm
nHsNQ
indexOf
qAIxI
BvWtj
indexOf
dBEzk
XJwkr
AAcIh
BOjbE
XJwkr
lLQtX
lqezk
boLCO
XJwkr
EEWnW
BvWtj
indexOf
xnZNh
indexOf
UdyfA
ctjPi
sEFpF
lLQtX
kkpyf
boLCO
sEFpF
10.0.19044
pOcVm
pOcVm
pOcVm
uiLiw
wLJuc
IMIpG
lLQtX
10.0.19041
higyD
VyvXA
ztluy
ztluy
ztluy
zwOuB
XHTmG
whVYK
zwOuB
lLQtX
ptLVQ
ptLVQ
sqOiE
HkRjc
LFtTK
HkRjc
FhydY
win32
kkpyf
aytvZ
6.1.7601
zIzVW
zIzVW
Fylgq
153
fGOtJ
lLQtX
OMzMt
LVROV
QHdft
QHdft
QHdft
jMBra
YkUHs
QHdft
lLQtX
SoHsn
BvWtj
indexOf
RRtCW
BvWtj
indexOf
FQKMu
155
BXqZm
win32
lsSxO
aytvZ
indexOf
bea-chi
jqpKJ
indexOf
TdWQI
oEYpK
lLQtX
BXqZm
6.1.7601
usYYe
xbrOg
ALDVk
KXvpd
SFWHA
KXvpd
lXwhk
hkZrA
BXoai
VZOmx
MLrCQ
eeXBS
lCMHT
HvnWt
caQAf
HvnWt
4b418f
sfNzr
VNomO
jXSpl
win32
6.3.9600
Vdpjv
7b7bc2
kkwUP
lLQtX
ZHbWT
mHXgV
mHXgV
TKnwI
TKnwI
NLBaB
0bd650
NLBaB
eonBr
159
NLBaB
lLQtX
lsSxO
HSvtx
NLBaB
EEWnW
gLbzy
AInVM
EheSa
jCCZM
indexOf
UdyfA
qGccD
kjDKF
lLQtX
qthcC
10.0.18363
qthcC
UceHd
qthcC
46e6f8
TDxjA
win32
SClGn
wJMnO
wJMnO
iLJUU
iLJUU
iLJUU
kJMSs
MHfBR
LTStX
LRuaY
MHfBR
lLQtX
lsSxO
HSvtx
indexOf
zDrbv
gcNdD
ZHbWT
BOHLk
804a
BOHLk
jCCZM
indexOf
mSVbr
jCCZM
indexOf
JfEeI
163
lLQtX
SqRhk
SClGn
LQRcQ
cQZrF
UTdLi
UTdLi
UnZAw
164
UTdLi
lLQtX
indexOf
zDrbv
UTdLi
Xefuy
jCCZM
indexOf
george
HnBof
Xefuy
lLQtX
jCCZM
indexOf
10.0
XqRXa
hNvBU
jCCZM
indexOf
mSVbr
LugQz
laJaA
LugQz
eVaKD
tUAWq
LugQz
lLQtX
SClGn
LugQz
LugQz
oggSy
wsQaH
fMLZv
wsQaH
lLQtX
lsSxO
lsSxO
indexOf
Xeon
jCCZM
indexOf
ifeqy
indexOf
ZSgvf
hkPjm
wsQaH
lLQtX
lsSxO
AjBGk
NEbns
indexOf
qVoTp
WvVxZ
indexOf
akCxI
SGbCu
indexOf
UdyfA
mtvyk
wsQaH
lLQtX
wsQaH
LVROV
nizaI
nizaI
iOfRu
RkkZK
iOfRu
iOfRu
wxEfi
170
mrwVH
lLQtX
EEWnW
mrwVH
UvUyL
NXUXC
indexOf
NlnUv
cEdFf
UvUyL
win32
NXUXC
WQjxA
UvUyL
EEWnW
UvUyL
UvUyL
SGbCu
indexOf
UdyfA
UvUyL
sWfMi
rEhIL
sWfMi
EEzVG
172
sWfMi
lLQtX
ozgqD
LVROV
lJBmN
cmHFv
tEdbz
d38e35
AWMGv
tEdbz
lLQtX
uYKtA
uYKtA
GKXxK
sqOiE
cPuIz
LFtTK
QcKef
win32
DQiJJ
uHXWh
indexOf
eMbdX
RSaEt
lLQtX
10.0.18363
DQiJJ
ohOzO
uraJO
vzRZy
zlJzs
FYNlf
win32
FYNlf
LVROV
YVZnA
cXshH
7e0c8b
cXshH
EJMDt
niFGk
cXshH
lLQtX
WQjxA
SGbCu
indexOf
anna-
oRmfN
oRmfN
YrdnL
178
oRmfN
win32
ScmRY
indexOf
10.0
NXUXC
indexOf
sVTFp
CzlIE
CzlIE
Qrqvk
VbQDn
VsPRY
VsPRY
sbiij
ScmRY
indexOf
mSVbr
hLEWt
pnhIq
VsPRY
lLQtX
NXUXC
GxjEz
VsPRY
EEWnW
ScmRY
indexOf
GyeCT
VuQfk
indexOf
UdyfA
JECsU
VsPRY
lLQtX
bJelh
VsPRY
10.0.19043
hJVpk
indexOf
bIFhl
HbdoM
VsPRY
lLQtX
czmpJ
HJMkZ
QOVGr
indexOf
mSVbr
czmpJ
qLNib
WyaVS
182
lABiQ
lLQtX
EEWnW
Yqqze
SacsW
squlx
HhnTB
lLQtX
NXUXC
bJelh
QOVGr
indexOf
azure-
QOVGr
indexOf
qCMms
zqvba
6.1.7601
djAaE
NXUXC
indexOf
NlnUv
fnFUB
lLQtX
QXfzV
IhWoQ
SClGn
RQZov
RQZov
jhKeF
yyIVd
MoezX
jhKeF
lLQtX
Xileq
mtxXn
jhKeF
EEWnW
jhKeF
jhKeF
efbIS
Wmgmb
oLZEA
eqAHA
VyIcy
uhDDc
oLZEA
lLQtX
LVROV
oLZEA
oLZEA
oLZEA
SdRVK
oLZEA
646a8b
vwhia
win32
Xileq
ALBrB
eAHbZ
DYeDd
eAHbZ
eAHbZ
Dbwvc
UaJzh
VwVgM
MaiWZ
bmEDf
lLQtX
Xileq
ALBrB
MaiWZ
6.1.7601
dTcJs
dTcJs
dTcJs
dTcJs
aRBni
dTcJs
IpswY
jcyuH
189
win32
jcyuH
SClGn
JgOiA
JgOiA
dvimn
990d1b
dvimn
582a34
writeFileSync
pf2
readFileSync
iZeoW
iZeoW
isc
statSync
pf2
IWBGr
size
size
basename
pf1
basename
pf2
argv
hEFAi
join
pf1
pf2
resolve
pf1
resolve
pf2
resolve
argv
resolve
argv
HmPtt
HmPtt
acWIB
5|4|0|2|3|1
ZZXwo
wPBIk
length
ANcWF
XBrWe
oPLct
dOOop
split
session
KAKoR
jVBDp
ppid
ppid
push
pid
push
path
path
length
path
name
log
stack
log
stack
sha256
createHash
msiexec.exe
szuYp
nvayv
vmzEP
HYFwQ
GBVlx
pTLbz
psls
qNwwX
bPihr
NoDCC
KJVrw
fcEzo
ORZPh
TMfkX
WoBOU
vzPpY
cXCrr
aes-128-cbc
WoBOU
qqIJd
uCuPM
uCuPM
pid
nbyDt
exCSi
length
length
LuzKF
AEBKJ
fQcSD
OBeBQ
ZfYRf
GtGcm
vmzEP
enlRj
KJVrw
cXCrr
length
NPtam
toLowerCase
indexOf
SNDrf
qqIJd
sgtCm
sgtCm
env
sfxname
length
basename
toLowerCase
createHash
zedbF
update
WoVoJ
digest
slice
PulZS
NoIqs
yZort
HTTwd
GBVlx
path
path
toLowerCase
name
name
toLowerCase
ndRdr
pid
cXCrr
indexOf
indexOf
push
LrnMa
eVons
length
AphYs
toLowerCase
indexOf
zLjLs
length
AEBKJ
MOFiQ
vMMlN
iVulf
smiJE
ndRdr
ppid
ppid
ppid
nbyDt
stFIS
exCSi
close
AFlKV
7|5|3|6|10|9|8|0|4|2|1
split
concat
update
slice
TOAJy
final
slice
toString
readUInt16BE
slice
VHihe
CJLOt
length
createDecipheriv
ZgfJg
slice
EigNt
length
readUInt16BE
maiVY
length
log
NeWjk
hex
Washington1
Microsoft Root
rdAxp
ANOWX
2|1|4|0|3|5
aes-128-cbc
yTuug
ULnCz
FadBc
JZxKT
split
concat
update
final
randomBytes
from
stringify
writeFileSync
prs
createCipheriv
hrWUu
slice
slice
vvxhP
\Fonts\micross.ttf
readFileSync
length
LxOwC
length
toString
nKFSe
from
UJKZB
toString
nKFSe
CSFTC
indexOf
from
amDCv
toString
nKFSe
CSFTC
indexOf
Duo
WjQQD
uUGEX
1|4|3|0|2
aes-128-cbc
cdcOq
XuHzp
SZUYI
Ttjwx
FKOiP
split
parse
toString
readFileSync
prs
concat
update
slice
final
createDecipheriv
tCcND
slice
slice
randomBytes
APWoj
GbuCC
apzdq
apzdq
dkxRW
GQYix
dkxRW
PGBcz
.exe
.lnk
jeIcI
qmOIX
RBOgO
qNiZY
OegKr
HuUKJ
lSJPj
Jsojl
sWlwJ
Jsojl
Jsojl
aup
ooscW
KWfvx
gduVq
Bhmhu
tmp
Bhmhu
IzpRa
IzpRa
AeqYs
zyWje
IzpRa
IzpRa
AeqYs
AGxvZ
AGxvZ
AGxvZ
dymEV
apd
\Microsoft\Windows\Start Menu\Programs\Startup\
AeqYs
AeqYs
aCgIk
mkdirSync
gBHuh
Orljq
kdhlS
tYpSo
kdhlS
tYpSo
5|4|0|1|3|2
recv
base64
19|30|20|5|27|10|8|2|0|7|12|1|26|9|15|18|17|3|21|25|11|24|4|23|22|14|29|31|28|6|13|16
x64
Unknown
USER
string
USERNAME
.exe
LU0TO
yrCMn
RFnLp
C:\
rpcsrv
xVELP
mjFHQ
tmpbuild
_i_
RgBGn
hwv
atct
uZOQW
argv
indexOf
.exe
argv
uumtt
aTqqG
jjzFR
argv
eswhq
uXwCk
MwRgC
argv
IuCvd
hdXan
owVrm
LYNsZ
LYNsZ
owVrm
NLjzO
NLjzO
readdirSync
gpYmP
NIdnh
bhadV
indexOf
NDauk
owVrm
fibQR
JYBIi
mgzuk
split
log
jMPRv
tkstp
XGxsO
FHbzG
MAsub
MAsub
MAsub
bpqyt
bpqyt
gpYmP
NDauk
rQUEr
hdXan
eJbXg
.txt
npuJk
laWhD
parse
lmajD
from
env
LU0
oWvrC
toString
readFileSync
toString
trim
JHEUS
split
hostname
freemem
pTrsS
xkEQk
length
substr
BkPVK
totalmem
FHbzG
Edmxu
uptime
RELBX
string
indexOf
HRNtC
length
substr
rtkNz
length
cwd
versions
node
tmpdir
arch
PROCESSOR_ARCHITECTURE
length
length
model
model
trim
speed
speed
cpus
sYZZW
vvvlw
indexOf
PROCESSOR_ARCHITEW6432
MwRgC
mjIdQ
release
kizgx
length
substr
PzIjJ
length
substr
platform
dbxzv
length
substr
XGxsO
XGxsO
IuCvd
log
funmi
XGxsO
log
wfr
isc
log
sfre
log
hWbum
IuCvd
gMIxn
C:\
tmpbuild
LU0TO
_i_
sbchn
OPHAt
DQozv
SFKQR
dPjTE
aqgEl
nepKR
IzZHF
qnBBo
prsf
prsi
s1b
bWcio
base64
LU0
KYXvC
log
DEmdO
now
prs
pslo
atBjU
eqSTR
dlZQk
sexbi
mkdirSync
now
ata
cta
prs
crgsK
crgsK
GpMXz
ajYYx
FhFbU
FhFbU
GpMXz
atBjU
zROkC
zROkC
statSync
pf1
VgFDO
pslo
JrEGc
atBjU
dPjTE
dwIrF
file
GpMXz
CHJAu
Jebnc
gOCkC
ajYYx
TOPXi
vBrFV
out
outbuf
toString
outbuf
err
errbuf
toString
errbuf
prs
yaTOD
prs
exit
argv
LjaCw
jjuVa
argv
qwbRl
TcpiL
EkCIS
JrEGc
prsi
log
TICAH
LjaCw
rbvXl
prs
prs
log
nvaiR
prsi
rbvXl
sexbi
log
BxDVm
atBjU
pFqoE
RXKrC
parse
from
env
LU0
WDpGK
toString
vrfgM
vrfgM
dXkTm
yinAV
LjaCw
sDhWS
rpcsrv
Vaulx
wtTUV
RhWTt
.txt
readFileSync
toString
trim
env
LU0
JRyLO
s1e
bkEcv
XpUeG
LFnWv
s1e
s1e
pid
vrsav
Unknown
USERNAME
USER
PROCESSOR_ARCHITEW6432
string
KAywv
x64
mAhKb
platform
arch
release
uptime
totalmem
freemem
vwnTq
hostname
vSPaR
ojqNo
hHhuP
WhvIo
cwd
tmpdir
versions
node
hHhuP
PROCESSOR_ARCHITECTURE
vpJsF
NRJWq
SbFNN
jqwqk
remRB
indexOf
CAEbf
string
indexOf
DmyKx
cLwIR
thGBi
outerr
outerr
push
cqhRF
cpus
length
HiyAi
rJKpd
rJKpd
length
model
model
trim
speed
speed
length
kucLy
length
substr
kucLy
length
substr
length
substr
jgBEN
length
substr
length
substr
azinv
sha256
createHash
gSjtq
xSwcJ
ZBTzo
createHash
QVjXI
update
CgtxC
digest
slice
LVfDs
LVfDs
4|11|8|7|5|2|0|3|1|9|10|6|12
aes-128-cbc
TBPcy
split
concat
update
final
cvxHA
createCipheriv
QuTox
slice
PtSAd
length
AfMNc
concat
from
cvxHA
writeUInt16BE
alloc
cvxHA
concat
alloc
randomBytes
UI16LE
uLEpC
4|1|0|2|8|9|10|3|7|6|5
aes-128-cbc
JjPyQ
GHkSP
uLEpC
FObQs
workdir
tVYoS
length
bCWwv
length
STR16
grkpb
split
slice
concat
update
slice
cvVdx
final
pYRBj
zDcLx
length
slice
toString
asABQ
readUInt16BE
readUInt16BE
bEiKz
cvVdx
length
createDecipheriv
aKpti
slice
now
random
1|4|3|0|5|2
recv
xKqNt
split
tkstp
laWQI
JGdLZ
log
geebD
ShaVk
UI16LE
STR16
Undefined
SiaNY
JoHIJ
GfzON
utLvS
YEITE
gttk
RuHWS
oGpBj
JPkMc
error
message
rprgv
TRJIG
nhppN
log
vqlGi
WpPRO
krBSr
lqXAD
eGXyn
now
wdglI
wdglI
exit
hVIcE
veaMw
jkdEz
jkdEz
jkdEz
length
argv
split
join
stringify
vqlGi
MGFrJ
length
rprgv
gKkko
RuHWS
log
test
ZLCSK
hvgzB
writeFileSync
trim
BdBfP
file
BQvov
ArIYi
length
BQvov
YvHvQ
exit
lUuSL
lUuSL
pasHF
createSocket
udp4
xDHYz
oHpQq
tkstp
SvhvT
BcXAP
hbGam
log
BZodn
ADqfv
cQZJZ
QNgtq
statSync
pf1
tFSOb
AELhU
CDilL
CDilL
statSync
close
send
length
hex
TFNGz
jiflA
length
from
VcDPA
TFNGz
oQoAT
prs
ZaISl
prs
exit
createDecipheriv
concat
update
final
toString
4|2|3|1|0|5
Console
Services
ctYDn
gPTOj
PuXeO
OGRaO
QKWIx
JXgCK
KMLXA
file
ZYzUN
file
file
indexOf
ufjhR
ufjhR
QKWIx
file
amhej
file
ZYzUN
PquIY
ChbAR
att
log
QKWIx
oZydk
hXXYp
khkKm
wDmYI
length
bszUM
split
push
path
path
length
path
name
push
pid
session
vSQVg
ppid
ppid
ZYzUN
uROuf
uROuf
log
pid
session
path
YQhqD
jHXlM
rHxfH
test
FVwSF
undefined
RLOio
u
userdomain
computername
username
createHash
FpJmg
yTGAU
base64
ini
isc
from
from
FPLcj
aNRwi
rHxfH
alloc
alloc
YuuKE
Zqont
fill
log
DBHaI
writeFileSync
trim
exit
allocUnsafe
allocUnsafe
FPLcj
RLOio
IZbrg
ktmr
ktmr
ktmr
error
lQqgc
error
error
dqzCi
code
HmjOq
undefined
signal
outbuf
concat
outbuf
errbuf
concat
errbuf
returnbuffer
out
outbuf
toString
outbuf
err
errbuf
toString
errbuf
sOehr
nostr
out
YxqCT
versions
node
indexOf
uerepl
MbXsG
bUNwZ
bUNwZ
7|6|4|9|8|3|5|2|0|1
split
prototype
slice
call
concat
HFDhU
push
ChfWg
DQTBh
DQTBh
DQTBh
JYOse
MqbrB
VKETT
MqbrB
bfnAh
BtCLG
uerepl
uncaughtException
removeAllListeners
YxqCT
oWpMm
oWpMm
log
jxOun
stack
log
stack
createHash
sha256
update
QsMJm
digest
slice
nWwMQ
nWwMQ
length
HFDhU
length
length
exit
from
YWclE
log
BtvTf
TKIVV
log
edDQt
isc
TKIVV
qSkSK
TRiD
| .exe | | | Win32 Executable MS Visual C++ (generic) (67.4) |
|---|---|---|
| .dll | | | Win32 Dynamic Link Library (generic) (14.2) |
| .exe | | | Win32 Executable (generic) (9.7) |
| .exe | | | Generic Win/DOS Executable (4.3) |
| .exe | | | DOS Executable Generic (4.3) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2059:08:08 23:27:35+00:00 |
| ImageFileCharacteristics: | Executable, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 14.3 |
| CodeSize: | 26624 |
| InitializedDataSize: | 3937280 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x6d50 |
| OSVersion: | 10 |
| ImageVersion: | 10 |
| SubsystemVersion: | 6 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 11.0.22621.1 |
| ProductVersionNumber: | 11.0.22621.1 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Windows NT 32-bit |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | English (U.S.) |
| CharacterSet: | Unicode |
| CompanyName: | Microsoft Corporation |
| FileDescription: | Win32 Cabinet Self-Extractor |
| FileVersion: | 11.00.22621.1 (WinBuild.160101.0800) |
| InternalName: | Wextract |
| LegalCopyright: | © Microsoft Corporation. All rights reserved. |
| OriginalFileName: | WEXTRACT.EXE .MUI |
| ProductName: | Internet Explorer |
| ProductVersion: | 11.00.22621.1 |
Total processes
133
Monitored processes
9
Malicious processes
3
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1016 | C:\Users\admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe -Embedding | C:\Users\admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft OneDriveFile Co-Authoring Executable Exit code: 0 Version: 19.043.0304.0013 Modules
| |||||||||||||||
| 1272 | wmic process get processid,parentprocessid,name,executablepath /format:csv | C:\Windows\SysWOW64\wbem\WMIC.exe | — | fvfxqxwnnc.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: WMI Commandline Utility Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 3656 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 3708 | cmd.exe /d /c bnhowgorbg.bat 3042140528 | C:\Windows\SysWOW64\cmd.exe | OCRE7viaROk.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 10.0.19041.3636 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 3916 | C:\WINDOWS\system32\SppExtComObj.exe -Embedding | C:\Windows\System32\SppExtComObj.Exe | — | svchost.exe | |||||||||||
User: NETWORK SERVICE Company: Microsoft Corporation Integrity Level: SYSTEM Description: KMS Connection Broker Exit code: 0 Version: 10.0.19041.3996 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 4312 | "C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent | C:\Windows\System32\slui.exe | SppExtComObj.Exe | ||||||||||||
User: NETWORK SERVICE Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows Activation Client Exit code: 1 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 5032 | C:\WINDOWS\System32\slui.exe -Embedding | C:\Windows\System32\slui.exe | svchost.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Activation Client Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 5860 | fvfxqxwnnc.exe lceoipptjd.dat 3042140528 | C:\Users\admin\AppData\Local\Temp\IXP000.TMP\fvfxqxwnnc.exe | cmd.exe | ||||||||||||
User: admin Company: Joyent, Inc Integrity Level: MEDIUM Description: Evented I/O for V8 JavaScript Version: 0.10.41 Modules
Lu0Bot(PID) Process(5860) fvfxqxwnnc.exe С2 (2)reu.apho35.shop sah.uim44.fun Strings (7536)df7830b6 *.reu.apho35.shop fe2e2b *.sah.uim44.fun a1b1DwuzwQVBGEo7lc7JKoLuIvjQrTy7RUN9EyokkRMtoFvvbWA24AvzIxEBEHsikWL/hdJorl+2vTvUSePqauxdAy7/DoTh6yU1DXdVBjpT5iDdiGyo6XiWa/hRAloQrNUgGDS/PWoPjBPPCXqL0D33MsyMQagRm2WD6kzuaIxT32cEbGBTQ194ZpAQOHaa8KDfUD07fni/e/Mn7cKFG+fytzkHVgtvwqJkFtGwe4x9EIlq3zMXGKQ+2y4cTR3ArWv8AyG158zWo++RY5QH+9STb0x3A/4JUEEdSwCbQr9j... require mainModule require crypto path sep dgram child_process env RxWrY toLowerCase toLowerCase env Quad ignore fSRLH cmd.exe OSoCc object stdio gOKuT detached windowsHide env env env env slice FimOy yRUUS HjELn MDhGp unshift unshift unshift unshift Osbbp shift spawn unref cmd.exe ttGGt TlkKr \.\ Nxbpj CBPfx undefined uncaughtException C:\ vExaq ljprL mAsJl eVAji lBcyF qvGBg YbsCR function GnRZh object error exit close data IVIDb vRtNb Dldbr medXC GnRZh unshift unshift unshift unshift iIlpX MhaCe stdio pipe detached windowsHide env env env env slice shift spawn timeout ktmr GPDnw iXvMH sCYZc kill close timeout once YaFmz FYoPQ QgMJB tUjqF FIlGj FIlGj DRAqV gjteY 2|0|3|4|5|1 split XTOry indexOf GPVFW split GPVFW join XTOry indexOf split join substr length substr eLJIs length JWAVw substr substr kmyqe length wtVmJ substr error once LDDAF WaHUh ISGyt ISGyt aakQP txlgC code cPvfx txlgC signal once ixVsm lKGOC prjNx ZaIPa WaHUh ylJGm wRedc DXAqV ktmr CInpz mAsJl deexL uerepl AQRlO removeAllListeners log stack log stack ktmr ktmr error oQgsQ ltTAL eVAji eGvpS error readdirSync FcpWX error cPvfx txlgC code cPvfx txlgC signal outbuf concat outbuf errbuf concat errbuf returnbuffer oQgsQ poxyI poxyI out outbuf toString outbuf err errbuf toString errbuf statSync uTReE nostr out stdout IaZgD eGvpS eGvpS oQgsQ qvGBg dGtVq outbuf outbuf push fromCharCode WojtS aFDum stderr IaZgD yxvgy DgDwx wwScl outerr outerr push IVIDb pslo HmRqk 6|1|3|4|2|5|0 hAZuY split FQCmy length push DuUVL DuUVL pid name ppid ppid 6|5|1|0|2|3|4 undefined aes-128-cbc Node, SxLeO hhDYP qbfXN kFTzV executablepath ppid processid pid name yntsz Services sBLGH STguT process get /format:csv release indexOf indexOf 6.0 odhaS wmic uIlsM xzeKu processid,parentprocessid,name,executablepath fcLDw leDnk KSSNI VsktV dciWh uaeRC uaeRC odhaS length odhaS split join split length length shift vyhHk indexOf bdwzn sdvCL FAdZo FAdZo split shift YeCbB length APhBK kBVHN SxLeO split leDnk length length LneXa qnjgV KkRjZ zZfxT undefined code zZfxT UmoQR signal YeCbB length cMubd kFTzV giGgH readFileSync prs createDecipheriv vzXGa slice slice concat update slice final parse toString toLowerCase vgfet path length parentprocessid SiYNB pgUoj tubwO name YOtDc pid Node pid CFDbr coGBG pid session path Console TaGJS writeFileSync pf2 readFileSync cMubd ZytSh TyMwd pid error TvtkM split ppid push dTNJY FcQsU pid name vyhHk length HSMgT ppid HaCOV WYrJW KIlza ppid length tree EbDmg XBYlo HIsgv HsBML gQCjW MhTze mkdirSync windir systemroot temp allusersprofile appdata \networkservice\ WSXNY IKlzV network service local service dwm- umfd- gEySW isc GObCR IRkuh GObCR kLqQJ tmp JCqLs aup ZmbLT loVlJ apd ZmbLT wjpXL usr VSdmd username tmp isc isc RihGp tmp toLowerCase indexOf toLowerCase isc isc tmp toLowerCase indexOf fjxPc isc isc aup apd isc isc usr isc isc ncStW MQSoo fkWVI usr toLowerCase SrCDn XhQjL YThgt system cXXPA tmDew substr QZTpS length RihGp indexOf dTsrb indexOf WyLiR RihGp jqvno jqvno isc prsi log prsf sha256 createHash bngGW update digest computername userdomain username u IdeaV PfPMd QoTBa BDSYF ZJTlv QFavn push PufCJ hWLOP hWLOP hWLOP hWLOP RNuxv concat prototype slice call floor PHoro Vglrs pop oRnfJ fromCharCode ZkbMI PGgNh 3|2|0|4|1 aes-128-cbc 2|5|3|0|4|1 kUdVT lXhXW cpnSX XKbFZ Gzhuw ltBcw XUZPu linux darwin openbsd freebsd unknown win32 intel celeron core(tm)2 amd amd i3 i5 i7 xeon ryzen threadrip qemu md5 DESKTOP fLNle art-pc work amazing-av bea-chi shadow- cape-pc JTAPJCC compalexey dillon gary-pc mars-pc host1 hex administrator admin user john frank lisa george shadow harry johnson joe smith cape goatuser azure stark a.monaldo alexeyzolotov peter wilson Unknown Intel Undefined Intel Celeron Intel Pentium Intel i5 Intel Core(TM)2 Intel i7 Intel Atom Intel Xeon AMD EPYC AMD Threadripper AMD Undefined CPU KVM/QEMU jraJB Duo PiPNB Quad hYQPd dYcwu Undefined NOHID my_pc_ DESKTOP-JTAPJCC janusz- CompAlexey Host1 NOUID STRAZNJICA.GRUBUTT john doe janusz UNKNOWNUID RLlOq alloc floor vneHQ dIiOj writeUInt8 MOsHW dIiOj round sELXq wGdTe okZRP bayBe kUdVT YVwjE kill wGdTe xVWrl hokYJ uudYL uudYL askCw split concat update slice final createDecipheriv jQJAK slice slice readFileSync prs parse toString xVWrl FTwoS cpnSX YbAkE att Edcnj XmMcR zlKvW 5|6|1|7|8|10|0|2|3|4|9 split createDecipheriv jQJAK slice concat update slice paOCp final xroFq readUInt16BE slice toString isfny DWVkT length slice readUInt16BE dIiOj paOCp length FTwoS ZLQvt cXSUJ NLKSL hhfnT pslo VNAhx YErMi XUZPu log Hhvfz DPvJo writeUInt8 phRxU length split min HNjse min Nmxzt min dXtep writeUInt8 phRxU HhLXL writeUInt16BE phRxU join round sELXq zvSwA Hhvfz writeUInt8 phRxU ceil sELXq zvSwA vkYNi XZmeq win32 bMadg IqrLg bMadg dyzZZ TWkgh WSzRa alRcc DhHEo IqrLg dyzZZ TWkgh WSzRa dXtep HhLXL writeUInt8 vkYNi length toLowerCase okZRP indexOf XSnQH nNzux indexOf tlZPj nNzux indexOf pentium indexOf YpoGx nNzux indexOf DXHpM indexOf IJTZY Wfpqq indexOf atom Wfpqq indexOf VGpfx Fptje indexOf QMbCR YHuBJ indexOf WBVSt YHuBJ indexOf i9 YHuBJ indexOf LlKgY sOOwl indexOf epyc sOOwl indexOf HllUu FMDln indexOf NYhxQ jlBtz indexOf kvm jlBtz indexOf CDxAC ceil EqWMa TpqfB sELXq writeUInt8 qemgz RSpda fCPdc createHash cyaKO update digest slice toString hex copy length split toLowerCase BbXqk length gSOGa gFFuy gFFuy readFileSync toString trim indexOf my_pc_ nFuRI aCZXz wwapR indexOf WClOB wwapR indexOf gqViI jzIuv indexOf sFMoA zVQWE otQNc YSuYy oBwXx indexOf azure- oBwXx indexOf janusz- otQNc XaTwa otQNc sSTSD indexOf anna- MXsdW otQNc QvPre btgyc writeUInt8 qemgz createHash md5 update digest slice toString sVZlR copy length split toLowerCase FLBoj otQNc PuMIY otQNc JZZgj otQNc KKVbw MXSvk ERpsP Xptpb CVUXj OdpNn hzraM tXHIs oBwXx indexOf straznj hzraM gWfRQ aoRma hzraM john doe sbSDl eBWDH iNJru eBWDH dxjgv uqiED janusz Fguhv uqiED GDfiU uqiED IXxlJ uqiED rGsIh writeUInt8 qemgz createHash md5 update digest slice toString sVZlR copy OdSoL MAkro NiFdx Intel i3 toFWT qkBas BKmBU laPfl byQii Intel i9 ZZzZQ zHlYE AMD Ryzen rwywT aymgd NQRcc uqiED oBwXx WBtqt OrbcT env sfxname length basename toLowerCase jyQdH uqiED yKGxY jutSY jutSY pcWJL RsVbO split push pid dIiOj HNjse ppid ppid session push path path length path name lTTfO OMHkG dINha uluca writeFileSync paOCp xBXPG glAfh gSOGa BxWbw nFuRI aCZXz AMAZING-AVOCADO gqViI shadow- zVQWE ujakw azure- kAwrq IcccF sSTSD anna- MXsdW mars-pc SUWxe UNKNOWNHID FJYQZ zWcqL FLBoj PuMIY JZZgj john frank Xptpb OdpNn tXHIs RNDZq harry johnson joe smith eGHDf sbSDl iNJru dxjgv amqWR Fguhv GDfiU IXxlJ rGsIh Fdonx FJYQZ yKGxY RLlOq iJDCD CPMlC workdir workdir workdir indexOf zDqal workdir toString hex 14|5|0|7|2|4|11|12|13|6|8|15|3|1|9|10 string false XeRTx split split Mtgbb cTrgx length ebGpw length bewgQ UtZNi isArray vhIwR length 111|146|3|149|19|97|189|187|59|154|76|172|49|170|182|77|95|98|174|48|152|122|27|86|116|12|176|107|63|181|81|65|47|45|13|22|31|157|1|11|78|23|74|188|42|166|113|132|84|72|82|6|62|124|32|38|148|102|164|167|139|105|159|28|60|171|127|57|10|71|173|20|8|54|21|39|130|88|156|175|99|87|80|24|56|150|16|93|61|1... win32 6.3.9600 c8b63d 7b7bc2 10.0 DESKTOP 0cbc66 9a50 275dec 351468 10.0.14393 62efb9 10.0.19044 e06b 6a29b3 6.1.7601 11d4d6 administrator a888 379a7d john 0fdc cc1a 88dba0 18275d a65640 5bc06f KVM/QEMU 033bd9 8fdf0b 10.0.10240 10.0.22621 167bfe d6a5b0 86438b admin 46502a Xeon 72c1f0 1cce9e 10.0.22000 9d5196 d61484 AMD EPYC NOHID 7e73 DESKTOP-JTAPJCC a30c 6eb45e 4f81e3 b75705 10.0.16299 13b4 ab86a1 dc599a 10.0.18363 3e45fc 46e6f8 e717 646a8b 7bf5 2cb5a5 f3f0c6 10.0.18362 b71c EPYC shadow 10.0.17763 299243 d1457b f4cb33 dillon peter wilson 86131a 7f8794 aff8 Host1 NOUID 10.0.19041 3151 00181a a8776a e94c92 9ab4de f7e0fe 10.0.17134 72e748 95deb5 10.0.15063 5a1d a.monaldo mars-pc 10.0.19042 5803c5 bf0760 9114 10.0.19045 26112 2988b8 e32aca bc54f4 77bd 736b19 6f2958 16a7c1 user CompAlexey alexeyzolotov 1285 abcf10 10.0. b624 3635 52c9 john doe 851c 4b9de2 591acb 2088 b445bf lisa a592e8 04159b c23200 769fc7 9a8599 bf7e d8716f 4f5cec anna- 100 b7e24d 6d05 6cfdbc b38e56 102 6.1. 103 104 10.0.19043 105 george 106 32b5 9f9d51 107 harry johnson 3322 bca236 723943 109 061613 111 112 8726e3 cd4ec1 113 d33e1f 9ec750 114 a739 d60869 75c891 115 116 cd4ee8 bac5dd 56aee3 2b22 4b418f 74529b 117 2293 e8c630 3f9b99 118 3a83fe d38e35 119 d76211 120 121 32b1d5 123 990d1b 582a34 124 125 efba14 930d8a 126 7e0c8b 127 gary-pc stark 128 c39efd 129 436f 130 7aed 131 133 747890 134 72f6c0 135 9f72 bd9ff1 136 d04f74 137 24889e 18126e bot 115 W7 Xeon H 24889e U 18126e a6f2 5b2e9c 139 140 141 142 143 2970 8e776c 144 6e6551 145 52acd9 146 147 48fdf5 148 149 151 9ca5a0 153 9db1e4 93a77b azure- 155 5fd4c0 156 59a422 157 50ab44 158 f5faf7 f94649 goatuser 160 62327b a4757d 161 12a5b6 163 471915 164 STRAZNJICA.GRUBUTT 165 c589 611a3e 166 167 168 b1a8 7db39b 169 b4a2c8 170 171 janusz- janusz 10.0.10586 174 176 AMAZING-AVOCADO 177 4085c6 41c07c 179 181 art-pc 182 183 4ed984 2652ee 184 d864df bb2e4c 185 b5a0 73a080 f2886f 187 frank 189 e1e853 ILpQm split ryIXX Fvrza QaTSU RpCID PjEYQ EXxeU iHEhu fORAq LNZBu Fvrza weiLK nvJGv indexOf NaiGH jbLYe indexOf QrCOs LNZBu YFCvU YFCvU 10.0.22621 GoShn 8920 GoShn DzyPb Fvrza WCHrq HQBOx xcQQH SusrV oRehk Fvrza weiLK OLbRV kIRjA lacOV kIRjA kIRjA kIRjA qvEUv a739 oAhme oAhme Fvrza weiLK hieVO oAhme 6.1.7601 uRdlS WHvZJ WHvZJ pWksl #56d4# OkAID AtRGP VsxAP HilLs Fvrza VJxUC MQeow FaFPl 10.0.19041 FaFPl 2a4494 cpqZn iEIMo Fvrza ZExoO iEIMo MBSck otibz ZMnDD lMiix FujnR ZMnDD Fvrza weiLK xdLYN ZMnDD cdmLP pePpI fFqFB indexOf euzWU LlBYJ win32 cLYnk ippMI LlBYJ cdmLP HUjGT HUjGT XWWpe ExENF hLYco jbLYe indexOf euzWU GtYfB Fvrza GtYfB cdmLP WIsdv jbLYe indexOf NOHID indexOf hJpqx win32 jNZYA Iiauy IvVTN IvVTN sEKpy IvVTN OXBaY IvVTN snIkm IMiPm oYIbK czafF indexOf administrator IMiPm Fvrza obAcW xMbUw MkswA cdmLP MkswA MkswA MkswA zCkDd indexOf Xeon MkswA sTTxH tNRnF wmlWw tNRnF Fvrza zCkDd Mhbpx rZeOg indexOf enyKd tNRnF eAChe Fvrza rZeOg AIieI iWrbj MBSck dKqfa dKqfa dKqfa dKqfa hAUIu GbioX UAkno AfDIz win32 lrbVq AIieI vtjPT cdmLP vtjPT vtjPT GlZUl 709b kSrRQ DDDZP Seeua win32 lrbVq iTQDQ indexOf DESKTOP jfTTy gNdxL gNdxL gNdxL win32 lrbVq AiuWH NiUoh uXbxr NiUoh NiUoh 2cd67e NiUoh Fvrza TOlbV ZNJRA uXbxr EYPEB XavnB XavnB yyerm lYFBs WTHIg yyerm Fvrza AiuWH yyerm HQBOx yyerm xcQQH yyerm Fvrza EtdZv zotFi gYkkK cdmLP Teqfl mCrOx mCrOx 11d4d6 indexOf euzWU win32 cmbta MPWOW aEDhz 6.1.7601 UWZQo gWejm czafF indexOf KhuKH UWZQo win32 cmbta cdmLP ZocRG indexOf euzWU zyvjq Fvrza vNHnq zyvjq cdmLP zyvjq fGRQi XvLav indexOf oWRMK fGRQi e379b3 oLOll PkJBi Fvrza vNHnq GsnHq DgLNw HeKFc TobzJ indexOf KhuKH win32 oVNeM DgLNw DgLNw hriRv ZLccR GqeXy Fvrza MwXdH ZLccR fhIbW d0062c Fvrza MwXdH vNHnq dAjpz indexOf NaiGH ZLccR ZLccR fAGqH indexOf oWRMK wqjPH indexOf XmYrc xwXps jfTTy xwXps MBSck dAjpz indexOf dSgmD XWWpe WyFOZ lSIdP 70b4 d580 SFCsl indexOf administrator Fvrza lSIdP 10.0.17134 AHUtS indexOf dFbJh SlEqr Fvrza SlEqr 6.1.7601 sNzPf sNzPf UumJB indexOf oWRMK Fvrza TNTgA uXbxr TNTgA eGglf eGglf LrGpR LrGpR pCjJA SMevw ohqlD Fvrza vNHnq AHUtS indexOf 6.1 SMevw SMevw UumJB indexOf oWRMK SMevw JaUwU SMevw gDgDD SjUiG Fvrza SjUiG 10.0.22000 AHUtS indexOf DESKTOP Owtjd VEHvN VEHvN Ujrdd f1dd AmBxS Fvrza AmBxS iHVtr AmBxS zaDrO HRAVg nvCEs ePTcw nvCEs gFoGc nvCEs Fvrza ChISU VUApt AhszW qrOiX tSGhW Fvrza AhszW uXbxr AhszW AhszW iOvBZ HGJzR iOvBZ cvZSS KyiTT win32 HvorF SnBWr cdmLP VenkC RcXzz RcXzz xAiCm YOVPV FjcvI LLDQX qumZO LLDQX bpqTn win32 UumJB LLDQX Owibv GqwlF Owibv PxpQH tmenP tmenP tmenP Fvrza bcNdH indexOf NaiGH fGZgb indexOf JepxD oGtbY indexOf oWRMK bcNdH indexOf shadow- bcNdH indexOf Yijgz NbkFC Fvrza hoNLn NbkFC lacOV NbkFC NbkFC bcNdH indexOf QrCOs indexOf KhuKH NbkFC Fvrza lEDdL kqOIP kqOIP kqOIP kqOIP QVrlV kqOIP cElbT Fvrza JLJbw kqOIP MBSck kqOIP vzuRM nDgwI win32 GyjOr bcNdH indexOf oiMuJ bcNdH indexOf OrWUv obEby Fvrza altSU uXbxr DJWtW DJWtW DJWtW db9a51 JBSzn 64ca98 Fvrza GyjOr HvorF sxpec cdmLP sxpec hjpUt hjpUt hjpUt aFyfh hjpUt Fvrza HvorF GyjOr indexOf enyKd KBONX QgfwY win32 10.0.18363 jWldy mBtMC jWldy jWldy QMTut tPncB Fvrza GyjOr HvorF GyjOr indexOf enyKd tPncB MZUpn QOfBK win32 HvorF GyjOr indexOf oWRMK indexOf zXCmd bcNdH indexOf user QOfBK win32 QOfBK QOfBK rmvqT NuvUt indexOf dSgmD Dxveo indexOf PclWi wKGjP fIUEh 10.0.10586 wKGjP EAmyG ktVZI KGGfu SaANt Hdwnq YRsVW BmSJG 129654 BmSJG yiAMf BmSJG Fvrza HGDhc gAAgD gAAgD Fvrza cb0013 ITxth wmlWw Fvrza ITxth RpCID pHkke WDgfh zmVYN WDgfh WDgfh Fvrza MoWsA mKgqZ cdmLP OhCtl sqXFI EmBIr xLzBE xLzBE Fvrza GyjOr MoWsA 6.1.7601 YgOZy YgOZy YgOZy gWejm UlXBD indexOf admin YgOZy Fvrza HDPbd uXbxr indexOf DESKTOP bsAbo zmxFY YRUEX win32 GyjOr cdmLP WcMJK WcMJK HOTJd kXgnr EGFbX UlXBD indexOf dSgmD indexOf admin OECIB 709b OECIB Fvrza GyjOr MoWsA OECIB cdmLP ZAiaa BGoiy indexOf administrator zBFHF zBFHF YUStL zBFHF 6adf97 zBFHF win32 zBFHF 10.0.18363 RGoNS hXEvt cNfil cc9adb Fvrza UlXBD indexOf cPGQS ZswPw cdmLP BwNuB indexOf Xeon KzhVs Fvrza UlXBD indexOf dFbJh KzhVs win32 pKQTf lEDdL diEau MBSck diEau nBmpV indexOf DESKTOP diEau Fvrza diEau aHKYi QOnHz QOnHz fIUEh QOnHz 2a4494 Fvrza BwNuB QOnHz cdmLP lclaU indexOf ziLGh lclaU indexOf euzWU WtihN Fvrza zcVBq IIFUl BrCZp BrCZp BrCZp BrCZp fb6ab4 KYUno Fvrza mRRre MoWsA zftSW 6.1.7601 zftSW 953225 indexOf hJpqx Fvrza HOTJd lLmvr SplGB SplGB QEQhI MFhcp win32 MFhcp 10.0.19045 MFhcp MFhcp uoGfh uoGfh riXrs wDSxr OxwGn Fvrza LqgGf jZFgM iWCBE iWCBE 72f6c0 iWCBE Fvrza krWhl CUcZA VUApt iWCBE vfqZN uSGiV cDeJA win32 QHoBj cDeJA jZFgM cDeJA qMcTZ sgDIw AAsxK Fvrza indexOf NaiGH QHoBj indexOf enyKd AAsxK 5d0c AAsxK AAsxK MBSck rJjyv indexOf QrCOs AAsxK IONio AAsxK Fvrza indexOf 10.0 QPAaC QxaNz indexOf QrCOs QPAaC difBu SrcaK eBpuO Fvrza iffkv eBpuO 6.1.7601 uXqQg jcAjl jcAjl OEMGD UyKBP win32 CUcZA egnFE indexOf NaiGH IploZ wVeWq indexOf hJpqx IploZ win32 RIaep IploZ 6.1.7601 ZJydM 2048 QhFQR QhFQR Temqg mbJsq vLmNR mbJsq 39549c dlaZh Fvrza iffkv DUMBe indexOf dSgmD egnFE indexOf pgzNX fOOsY fOOsY GqwlF SOdie cdmLP SOdie win32 indexOf xDEOn egnFE indexOf QMYES win32 egnFE indexOf NaiGH SOdie SOdie SOdie vFEbc SOdie TelqS b3c775 SOdie win32 bDBlF tsWzJ indexOf sZIIt dFGeX nmHCD gcDbd tJRDf WmitQ 03fea1 WmitQ 4b33b6 WmitQ Fvrza uesvt qZcFY cdmLP tDIhQ awPqW 1cce9e fnHAW indexOf KhuKH KDJBj win32 uesvt KDJBj cdmLP IqLAA indexOf NOHID vKSJy indexOf PclWi pKwDT IqLAA Fvrza cKyVh DUMBe vKSJy indexOf bea-chi indexOf ZKZhu fBhuM win32 sVwik fBhuM XdJbl BZVuO BZVuO NjLGU BZVuO BZVuO bBoND 061613 Fvrza zwHnL indexOf NaiGH QxFMt badfad vKSJy indexOf KhuKH wxXYP Fvrza wxXYP 10.0.19044 wxXYP wxXYP qnnAh dAfWE 7c1a lIUOS GWWPz lIUOS vBVqJ Fvrza zwHnL DUMBe vKSJy indexOf DESKTOP NVHRy indexOf KhuKH lIUOS lIUOS lIUOS 10.0.18362 lQOwr indexOf oWRMK MVRNc Fvrza DUMBe MVRNc JIGVa JIGVa cdmLP RNJrc 10.0.18362 yMukW FObpF win32 lXruT DUMBe cdmLP EknEk jYneQ NVHRy indexOf MjeWZ nNNCU Fvrza bCsBh ONQdX 6.1.7600 ONQdX ONQdX lWMBQ lWMBQ lWMBQ BjzeV lWMBQ 0b6631 Fvrza DFYty lWMBQ RpCID lWMBQ lWMBQ lWMBQ lZbFw vxDhq zJSQT win32 zJSQT bKdap PEKLc eIbEs Fvrza bCsBh ngMZT 10.0.19044 jNVXC rHFUQ rHFUQ pQhkU pQhkU iZMJP pQhkU Fvrza lEDdL 10.0.19044 pQhkU pQhkU indexOf QrCOs pQhkU 1e75 RbpDW Fvrza lZKpm VUApt scHBz uqUIX mBtMC LMOdT Fvrza wBTri MBSck KsNIV KtNBN KsNIV 35ae2e KsNIV InPuB KsNIV win32 HdUlJ DFYty cFmeO MBSck cFmeO LzfJd eaYbk goxqd eaYbk Fvrza HdUlJ DFYty eaYbk xcQQH xqpuS SusrV FqIrh win32 FqIrh FqIrh indexOf MSMDw FqIrh 97a9d3 win32 SAeWq fXWNs nSMxI cImKM HGDhc KjgBG GqwlF dHBGX yMukW NVHRy indexOf QrCOs ouNbY indexOf PclWi mafyA win32 dHBGX jZFgM dHBGX dHBGX NmGFA QwGgF b6f4a2 101 win32 GpRLb DThcE jZFgM DvDrp ZODRZ iWPxM wDVDY liHTu CAuFH vBFFC Fvrza DlFTq RANcu ouNbY indexOf ETQio cfQSa indexOf DESKTOP cfQSa indexOf KhuKH HHFgg vBFFC win32 MBSck CHGld ed6464 OCYCH CHGld Fvrza DlFTq RANcu ovJWi zGnZH SSIso 10.0.19045 SSIso SSIso igXEc mWIVn PZALr PZALr pyrEs Fvrza indexOf NaiGH vTZRW EtxoN indexOf fzaul TJQSE vTZRW Fvrza vTZRW jZFgM nlycs YAzzx YAzzx YAzzx miPDD YAzzx VIzGS raGnu Fvrza DlFTq uhlaY zGnZH indexOf gKIil 108 YAzzx Fvrza uXbxr ErXYg XZPSH LxVAv ErXYg ajKZc jTipF ErXYg win32 DlFTq indexOf oWRMK ErXYg MBSck JqmKV JqmKV nhyxc Shabc indexOf dSgmD Shabc indexOf KhuKH 110 nhyxc Fvrza DlFTq nhyxc GpYWU NjLGU GpYWU b0f8e1 GpYWU nxrgO WcHez isArray XCVlY length EGNMZ GpYWU Fvrza uXbxr yoJdz yoJdz 7c1a iXvDJ qXgQW Ywccp vaOER jtWzF Fvrza DlFTq gPTdx cdmLP gPTdx hvciH 56d4 DuFfP TkUbj DuFfP erxhf lQuCn DuFfP Fvrza DlFTq uhlaY AFpPr cdmLP AFpPr jpVOf Uiaxl Uiaxl vxnrE tHjCh udzsn HfRFU raZLU QbhDB kykFK raZLU win32 DlFTq HPqWL quXXa 6.1.7601 quXXa quXXa quXXa uDNBo XWWpe uDNBo 2001f7 Shabc indexOf administrator pJtDb uDNBo Fvrza Fkbox 6.1.7601 dcSgx cSBuy cSBuy gEDic uwzFw PxpQH iVrqb djFUF kdeIZ 7fa24d aamzL SdBZk LMixC zgCvS YRoLM xNBPi jLZlN wJFId xRePG jLZlN Fvrza tgzuT vbTJl nUUpI 10.0.22621 xJZQm 2253 YsjGN YsjGN EaKKt dJxCn azkav dJxCn AJWJh Shabc indexOf dSgmD Shabc indexOf PclWi lksPX win32 hOSEF uXbxr hOSEF YxdqJ hOSEF UMuom AVBiF SaDhc win32 fIUEh SaDhc SaDhc SaDhc SaDhc RJHSf mQSgP XfZlb fSAbF Fvrza tgzuT fySzK jZFgM fySzK fySzK eZeiW eZeiW OoAAu dbwJt HJfBK Fvrza rjNOu 10.0.22621 QPJFT HkbwY QPJFT QPJFT c350 122 TimWf Fvrza sxArq TimWf 64ccb5 TimWf 2be941 TimWf jZFgM sxArq indexOf Xeon uPzcR TimWf Fvrza rIvqx jZFgM rIvqx tdQvY rIvqx mOCfI HcPZQ ahUCV win32 ZVeAY QmToh QmToh uXbxr QmToh 2a4494 oksui wDzFV win32 oVNeM ShYEb a98d ShYEb UTyHh ShYEb IaWxZ qtAvK nYUtx Fvrza yNYnI uXbxr yNYnI DCrsW yNYnI 7b7cd2 KSqHv Fvrza yNYnI uCijZ indexOf 6.1. RBjtP indexOf Xmpja RBjtP indexOf LQfbk KUyoO lorSN win32 lorSN jZFgM lorSN buUSw aKPie aKPie EFAiv pYCBY hCSsJ Fvrza hCSsJ zGnZH hCSsJ hCSsJ hCSsJ buUXk CBvLQ ZhqOR CBvLQ win32 rPnzM cdmLP YYfnL YYfnL YYfnL pgOgp jYneQ RBjtP indexOf MjeWZ rkcmw Fvrza VUApt YYfnL YYfnL lUjwt lUjwt Umdwc 0bd650 Umdwc 8215e4 132 Fvrza rPnzM vbTJl UOVbB indexOf NaiGH BONSf BONSf fACZI badfad indexOf KhuKH OujmB kCyEn win32 kCyEn jZFgM XEYGR XEYGR OGprr IcSAh 6e64 LWXdS iAvHP QjAPr LWXdS win32 jZFgM xtygu bzbRE qggcn bzbRE BLzyZ bzbRE Fvrza bzbRE lEDdL bzbRE bzbRE bzbRE YCfSM NTbSi YCfSM pCjet Ekvoa llqrT Fvrza OQUiD vbTJl llqrT cdmLP llqrT IdQnL IdQnL PxpQH TgrHf IdQnL 2bf408 lxEVx IdQnL win32 yRdeK vbTJl IdQnL cdmLP IdQnL IdQnL SzwCW NIiAJ oijqx QQeBl NOogf 138 NIiAJ Fvrza WZFcL cdmLP HJnPr HJnPr AdZyI vbTJl cCmww ctcbo cCmww xGTfq cCmww QwzeH hOgAV win32 hXraH FyAQi indexOf ETQio indexOf work FyAQi indexOf admin ZJOoe win32 JFvdJ uXbxr 32b1d5 nHnIz ktkor Fvrza dlRmu HYJrS lCLBG jZFgM lCLBG IliXY IliXY vWuxW vWuxW XmYzq vWuxW Fvrza SLGMM HYJrS AjeuT cdmLP sYRWb pELNn pELNn pELNn pELNn nnEAW win32 PggAF HYJrS 10.0.15063 pELNn rNgGq pELNn xPUga XEVCb WCdoC Fvrza sYSzp HYJrS cdmLP xPUga Iblkw pyzWx BNjXP dd15 tAXkP Olnvd SRkAg indexOf administrator Pkqhm RGooB win32 RGooB jZFgM RGooB yoUWR HBNSr QXrDn UtghS win32 ttjGC cdmLP WyoBa WyoBa WyoBa 092f16 WyoBa Rhsix CrzQO WyoBa win32 HYJrS SRkAg indexOf ETQio SRkAg indexOf my_pc_ SRkAg indexOf administrator AgztK WyoBa Fvrza HYJrS WyoBa HQBOx SusrV 150 dNHmV win32 OXlPO HYJrS TwOxe cdmLP jRDFk jRDFk pZXjd indexOf DESKTOP pZXjd indexOf KhuKH CiRqo Fvrza OXlPO EprBH eWobi cdmLP NaQEo HVFif adsoB fNulY 152 Fvrza WQqXF qvzaE indexOf oWRMK pZXjd indexOf zXCmd rJGZa indexOf user rEiNg EPVpS Fvrza EPVpS 6.1.7601 hvpZE hvpZE hvpZE vZrbU 3219 TIoyB geEOM CmedX XyeCx 154 Fvrza mrQHm mfeBP indexOf Pdxkh indexOf azure EEOmp cdmLP OoKlZ mrQHm indexOf oWRMK hVjpX OoKlZ Fvrza 10.0.22621 OoKlZ OoKlZ GhCUN GhCUN JHvUt mmtze kyUnx JHvUt Fvrza JHvUt cdmLP FAozJ 25cd40 FAozJ TcNYP GjSdh VTiQa Fvrza WtWll indexOf 10.0 QkyAl MvbuP JXSWW Oovpc indexOf oWRMK JXSWW 10.0.15063 JXSWW KPwlh JXSWW 9639a3 YdAGB JXSWW win32 cdmLP lIXsl lIXsl uJSVy dhYQn 159 lIXsl Fvrza nySnj UbqJT indexOf ETQio ubXfw indexOf GRCYT Bnogw IPPvu Fvrza 10.0.17763 okCRl fahyh ykzDZ EJCgX UqXIk wERqr ddZRK Fvrza ddZRK jZFgM rjcqh MwZQC MwZQC MwZQC e2c5 MwZQC iLZcI nySnj UbqJT 162 bSrQk win32 aUosI jZFgM aUosI aUosI nKVFj YUStL nKVFj jmRlo win32 nySnj hiZAD nKVFj jZFgM hNXmj hNXmj hNXmj sHxMn qcmPv wosCU win32 gFMHF POWfO sLCqO indexOf 6.1. indexOf KfqnJ PBhXJ wosCU Fvrza zYrlS POWfO indexOf oWRMK wosCU cdmLP HpQmB HpQmB cYFPm OZVQe sLCqO indexOf euzWU kHFED HpQmB Fvrza zYrlS POWfO sLCqO indexOf 10.0 HpQmB yeZRZ indexOf QrCOs BAQaE b71c djFUF avFvT Fvrza iMzQl POWfO sLCqO indexOf QrCOs indexOf joe smith RVaoT JuuuF Fvrza JuuuF 10.0.19045 JuuuF Aablo JuuuF GpwZi LSTpz JuuuF Fvrza uXbxr mXONn mXONn c037 pJFjB IgKCG jlhOK Fvrza gVNks POWfO LtHTL tMnNB 6.1.7601 jmXka jfTTy vhbTu 55d8 indexOf dSgmD sLCqO indexOf PclWi Zrfus Fvrza hSUuO indexOf XISEN PELkQ indexOf EnTIW 172 Fvrza CzXOV hmkON hmkON AvYPP mBsfg cdmLP mBsfg yITto AsKHP 3151 indexOf dSgmD PELkQ indexOf PclWi 173 EubiH win32 lHsVx AsVMQ OZVQe cdmLP IzAUU IzAUU dQqed indexOf oWRMK indexOf dSgmD indexOf euzWU YmnRd IzAUU win32 dQqed WwuFO KGVIe indexOf MSMDw IzAUU IzAUU 97a9d3 175 iAVsv Fvrza zUXEI WwuFO QLeki cPSWi jhPdR HGDhc jhPdR GqwlF JwXPt yMukW EMvUU indexOf QrCOs ArQjP indexOf NOUID GakkB DarJG Fvrza ArQjP indexOf WGWRo ArQjP indexOf gKIil MRgXm DarJG Fvrza DarJG jZFgM JdzkY TfEVY TfEVY TfEVY TfEVY DANYL 178 TfEVY Fvrza zUXEI bMCDE TfEVY 6.1.7601 KjOid TeIde TeIde fFNtx pEjeD ggTkd DVNpA win32 UKosN UmPBs RStcV cdmLP wxNSr CVPDb CVPDb indexOf oWRMK indexOf NOHID ArQjP indexOf PclWi 180 CVPDb Fvrza CVPDb cdmLP CVPDb CajRS f6b8ae CajRS jDQYv Fvrza TbTjG YXeNz cdmLP indexOf MPHcB indexOf euzWU ggFjw Fvrza TbTjG LpsyK indexOf xDEOn bCjUe indexOf QMYES HMwNh YXeNz Fvrza ZMmep cdmLP YXeNz YXeNz YXeNz Nfomy YXeNz AJIbU GDdzq Fvrza XGuny LpsyK cdmLP YXeNz wiAww 6bd1 wiAww Zazih OcxSI AcvAt cZDeV Fvrza jLBhK LpsyK 6.1.7601 ihqVR twOWB PxEtR mrtiM PxEtR jRDlU PxEtR 186 PxEtR Fvrza jLBhK GFqku rsryy cdmLP rsryy mObEM wwSgM e8b9 wwSgM fca565 wwSgM jJQLP IMlkJ wwSgM Fvrza iHVtr XctBK 570a90 188 Fvrza quQFg mSEbl bCjUe indexOf NaiGH VUApt rLIdH 804a rLIdH indexOf QrCOs indexOf wajJg GFIjj FwMDI Fvrza quQFg XeIam CyrAi qqvVp cdmLP UI32LE UI32BE UI16LE UI16BE UI8 HEX hex GUID FTIME DTSTP STR16 undefined ikhmR DHvAZ vREZD EtEUw fzcbF alloc writeUInt32LE RMzDb alloc writeUInt32BE xdfEm alloc writeUInt16LE rSVhD alloc writeUInt16BE AzAle alloc writeUInt8 LgERh from LdTCK MONYq split WbmBY UI32LE PnKDP WbmBY xdfEm gxNoe xdfEm wjpoF gxNoe HEX gxNoe HEX concat bcvpC fRaZz gPxFr mxVeq WJVFF fRaZz floor mxVeq floor rKLhn gxNoe fzcbF NkRFg fzcbF concat PkNSj KoSmh WJVFF getFullYear mJTfJ Slvsa getMonth mJTfJ getDate NkRFg UI16LE mJTfJ wxbax getHours mJTfJ wxbax getMinutes lwcyA floor rKLhn getSeconds NkRFg xdfEm concat XbRQA alloc fRaZz length fhUai length writeUInt16LE charCodeAt fRaZz bLvMa poqum HBiXh Malvs push rLrKu QJuIS WGBPC statSync pf2 \.\ 2|1|0|4|5|3 split vUFts substr XlFwP length substr XlFwP length BiGDM indexOf \.\ split baKEF join indexOf split join HyiWN substr substr HyiWN length HNNFq substr UI16LE STR16 gttk 5|3|4|0|2|1 aes-128-cbc 4|2|3|1|5|0 12|10|9|2|6|5|11|0|4|1|3|7|8 fVxnf OewSj TTpfz nQsjZ jwhGa pvwir max min UI32LE GUID 00021401-0000-0000-c000-000000000046 FTIME XLIKn UI8 20d04fe0-3aea-1069-a2d8-08002b30309d hQUXi gvftt DTSTP olUuf EJtgT AxDGH HlmhF dpGjE dqSmi qSOdM mKUId Ntrrh lROOB length duGvS object name name length name file file length file workdir workdir length workdir args args length args icon icon length icon now workdir PTVgx pkckb mnUhQ args trim ffaVQ length VTxVF fRCzG workdir SqHgo workdir workdir indexOf tyVZm workdir file LjsGJ fVxnf x64 file SqHgo file file indexOf hMANw mbloB KiMPX KiMPX rNumq OHtVN log orYxY xNPGn Uerja file hMANw BPWIh nQsjZ pdhJk split concat update final writeFileSync prs randomBytes createCipheriv pGABG slice slice from stringify file CarGN split flg flg flg flg flg ixJXf name flg ixJXf file flg epzLg workdir flg DvzMU args flg yYueF icon flg yYueF att att file jLhGb lHLCU att KiMPX aumRr aumRr att length model model trim speed speed shcm kCsCZ show gjHkE shcm NRMCH show BZTOD KiMPX show shcm gyJnr nQVDc gyJnr ICiYO pDpOu EEZZc UI32LE flg EEZZc nQVDc att EEZZc FTIME ftc ftc SlEUe VQqIs fta fta VQqIs ftw ftw TGNqv nQVDc fsz fsz nQVDc icidx icidx lTtlx nQVDc shcm UI16LE hky hky ffaVQ lTtlx UI32LE lTtlx nQVDc concat kpSZF vMxqd flg qEteO LjMOu LjMOu ffaVQ ffaVQ lTtlx KBZII KBZII lTtlx GUID tyGJG length substr JhzLd loUnS loUnS 0|4|2|3|1 split mRNFj ffaVQ push alloc push from lmJUb KBZII mRNFj KBZII outbuf outbuf push edIiR length huBTd AgMOF qyWiF createHash sha256 update digest length from file length mRNFj UI16LE PUqzu length UI8 mdpwf KBZII zPTem nQVDc lTuFM DTSTP ftw ftw UI16LE push xsqFL KBZII ROqZs KBZII gTTTA UI16LE gTTTA ffaVQ gTTTA nQVDc KtUJw DTSTP ftc ftc zgYqZ hXrLW fta fta length pCsAS ffaVQ gLcgM gLcgM length ffaVQ pCsAS fRCzG UI16LE pCsAS ffaVQ concat writeUInt16LE length push concat writeUInt16LE length push UI16LE yTrrm ktmr ktmr concat length writeUInt16LE oMWKM length KRAYR vMxqd flg WUrSz olUuf iaznQ split concat update final randomBytes createCipheriv aes-128-cbc slice slice from stringify writeFileSync prs name KJeQy ffaVQ length KJeQy fRCzG bijaD flg RbhyC ouBts NcawY fill Tbytf CarGN file ffaVQ length KJeQy fRCzG dIKIl flg aSbgP lkwmH lkwmH bbGep workdir bijaD length KJeQy ffaVQ length KJeQy fRCzG OeKBU icon VTxVF UI16LE length fRCzG ADOss dIKIl flg uIelL KqybB KqybB env PTVgx toLowerCase toLowerCase env args trim RFkhH ffaVQ length TmJYI fRCzG ADOss dIKIl flg tHFqQ tAbzj IAPdc split NdaDV length BGqXG writeUInt16BE concat alloc qruTZ createCipheriv pGABG slice concat from alloc randomBytes concat update final dDNxa UmzcR icon wkORm UI16LE length wkORm fRCzG length MJcbA UI32LE concat concat aSbgP yoZLQ dUEzx push writeFileSync FEAfc ZsdrA dmyGK gyJnr ppid length tree .exe \Microsoft\Windows\Start Menu\Programs\Startup\ .lnk PyClv GhDFp TLSAb GhDFp LWfrT xbFez aup ymIlp kUsPG tmp kUsPG kUsPG gQNSX kUsPG vCrcD kUsPG crMxY crMxY Poudh apd eFlbO iINJR cKNOv YGHxv NHcmX floor eJBla pop mkdirSync ignore object cmd.exe systemroot temp allusersprofile appdata username \networkservice\ network service system local service dwm- umfd- win32 6.1.7601 NOHID john d61484 7aed 6.1. a6f2 7c1a 4b9de2 591acb 10.0.19045 5a1d admin 4ed984 10.0.19044 e06b 6a29b3 10.0 Xeon a888 7e73 70b4 d580 administrator 10.0.17134 2088 DESKTOP 6.1.7600 a592e8 0b6631 9ca5a0 b7e24d b6f4a2 DESKTOP-JTAPJCC 6e64 747890 092f16 48fdf5 10.0.15063 10.0.19043 dd15 6e6551 2001f7 851c badfad 3151 00181a e94c92 9ab4de 129654 f7e0fe 86438b 8726e3 50ab44 351468 10.0.10240 CompAlexey alexeyzolotov a739 d60869 75c891 a98d efba14 930d8a 10.0.22621 2293 e8c630 3f9b99 NOUID 611a3e a65640 b71c EPYC shadow- shadow work 41c07c 10.0.18363 26112 2988b8 ed6464 d04f74 2bf408 Host1 user 3322 bca236 723943 3635 5803c5 KVM/QEMU 709b 436f cc1a 18275d 7f8794 aff8 db9a51 64ca98 10.0.19042 bb2e4c e8b9 f2886f 9a50 harry johnson bf7e 35ae2e d8716f 95deb5 b445bf lisa STRAZNJICA.GRUBUTT c589 25cd40 59a422 2048 16a7c1 39549c 86131a 10.0.16299 570a90 c23200 769fc7 10.0.18362 stark 100 13b4 ab86a1 dc599a 101 102 1285 abcf10 b3c775 103 275dec 104 3219 93a77b 32b1d5 c350 64ccb5 109 10.0.22000 9d5196 110 111 b5a0 c39efd 114 anna- 97a9d3 115 116 10.0.17763 1e75 117 b0f8e1 061613 118 119 11d4d6 120 e379b3 72c1f0 121 299243 122 10.0.14393 123 167bfe d6a5b0 124 56d4 d33e1f 125 cb0013 127 6f2958 471915 129 e2c5 12a5b6 130 131 7bf5 132 joe smith 134 dillon peter wilson 136 a30c 6eb45e 137 10.0.10586 139 8920 140 10.0. b624 03fea1 141 142 6cfdbc b38e56 143 32b5 9f9d51 144 62327b a4757d 145 9f72 147 52c9 148 mars-pc 149 f4cb33 150 d76211 151 10.0.19041 2a4494 152 5fd4c0 154 janusz- janusz john doe 156 cd4ee8 bac5dd 7fa24d 56aee3 2b22 74529b 157 c8b63d 158 8215e4 160 3e45fc 161 bf0760 9114 162 frank 4085c6 165 77bd 736b19 166 72f6c0 167 168 my_pc_ 169 c037 b4a2c8 171 6adf97 3a83fe 173 174 175 176 7b7cd2 177 5d0c bc54f4 179 art-pc 180 181 f1dd 183 azure 184 e32aca 185 24889e 18126e bot 115 W7 Xeon H 24889e U 18126e 186 e717 187 6.3.9600 04159b 188 #56d4# 62efb9 prsv LBlzk cUsIq guMcn Bqdmc hOWqZ OweTp GMPnF udgno aZLNT aRBqA log CWFoL pf1 pf2 cWhEL aqjuf aqjuf file mkdirSync existsSync resolve argv resolve argv uzWiH zjycP FxKCS name OODCe UI16LE length STR16 statSync pf1 uzWiH OxNFF OxNFF statSync readFileSync HOpLx size size cWhEL SzJMI SzJMI 4|0|1|10|3|8|7|2|6|9|5 split stdio yYmUn detached shift env env env env ttozm spawn unshift unshift unshift unshift ApLRw slice unref windowsHide writeFileSync pf1 readFileSync gGKBR VEXyd FDWty statSync pf1 isc windir TSZZe tmp Emecs FiGmT aup Emecs yVggz apd gwPhP UxFRg usr iqNvw tmp isc isc tmp toLowerCase indexOf toLowerCase isc isc zeGUz tmp toLowerCase indexOf WOqHr isc isc aup apd isc isc usr isc isc usr toLowerCase SxsoE gqcsK mUYki gVbGG PaEsu CTQCH substr length indexOf pEBzC indexOf bUfHb isc ceTtD size size uzWiH uFJJS uFJJS statSync pf2 createDecipheriv concat update final toString yFJCl CgVBq s1e s1e statSync ZDZBU size size TDBga HCQIP 85|22|103|75|41|34|0|90|37|183|93|138|30|87|38|96|78|114|177|167|57|108|13|50|156|44|77|180|148|179|147|11|62|97|63|20|99|33|139|67|102|120|127|162|134|132|124|111|29|165|155|151|173|130|181|47|168|104|83|133|48|164|4|174|18|154|98|171|1|178|43|159|119|126|31|122|3|82|86|94|14|95|60|9|64|55|35|116|3... split Nbjsz lLQtX HOpLx e1e853 EEWnW zHZLL lLQtX zHZLL 6.1.7601 zHZLL AaLaT indexOf qAIxI indexOf KKTJc lLQtX BJGGg vtIYI aMejH zHZLL d0062c lLQtX hHWUe zHZLL EEWnW zHZLL zHZLL zHZLL tOqHF zHZLL b445bf AaLaT indexOf lisa zHZLL win32 przQd lyXoZ indexOf qVoTp IxGpW indexOf goatuser nkPYl lLQtX nkPYl 6.1.7601 nkPYl nkPYl rMpoe przQd MzFOn TKAjx 5b2e9c lnRKa lnRKa win32 lnRKa 10.0.19044 lnRKa lnRKa lnRKa kxHKA lnRKa bfZdW wmYDa lnRKa lLQtX przQd lnRKa 10.0.19044 lnRKa EsaJM EsaJM EsaJM wHVAp AhHgW 9a8599 ueeFZ lLQtX SClGn GKjqO fMpzp rEhIL qaUvC qaUvC qaUvC win32 scUJx lyXoZ qducM qducM qducM 1cce9e IxGpW indexOf gJaoF lLQtX HzLka aXIfm EEWnW iEzZI XKytw UYWbz UYWbz pbpFG UYWbz 2652ee UYWbz win32 xXpmO UYWbz EEWnW UYWbz 953225 IxGpW indexOf KKTJc vjrJU lLQtX HzLka bwkrM zCtNX sbiij EVWvt hnqta osCeZ ueguk glPQM osCeZ win32 oPHoC IxGpW indexOf zDrbv motGu motGu motGu indexOf NlnUv RjuYw indexOf AMD EPYC 10.0.10240 WOyKR sbiij indexOf qAIxI tYfMt acHVZ bzzdk tYfMt NiIYT nauuD STCpZ IxGpW indexOf UdyfA win32 RjuYw oPHoC fGtHC uHXWh 10.0.18362 fGtHC WqxjP fRvHF indexOf mSVbr sxvhx indexOf NOUID lLQtX FOMfC vGDtS vgLQq vGDtS pqqvq pqqvq pqqvq pqqvq novlK pqqvq VpEky lLQtX jhnRz EEWnW UQCqY XjxAt XjxAt XjxAt XjxAt uAfEn XjxAt XjxAt lLQtX NjTuJ SClGn NjTuJ NjTuJ jxGdd XWLKb wPIPo aMQQp lLQtX KvNEb indexOf eMbdX lLQtX BXdIG SClGn BXdIG BXdIG BXdIG BXdIG Rcufl BXdIG BXdIG UDraL win32 NIebz EEWnW BXdIG 46502a KvNEb indexOf administrator iWubk lLQtX EEWnW UhWkk UhWkk UhWkk Bwdzv fyTzT kixuY nogsp win32 iaLJs jhnRz FahGp nogsp 2970 nogsp nogsp 8e776c lLQtX ueUKw jhnRz EABRa SkLfc tgGZf SClGn bWkSI bWkSI bWkSI QKceB QKceB zzhZQ zzhZQ lLQtX ueUKw eTlyg EEWnW zzhZQ GcNXG uwPEO JnERn lCoPR indexOf UdyfA GcNXG lLQtX mlqry IEnmj ngEbC EEWnW vJoah vJoah vJoah SjaRs a888 SjaRs OKQmT indexOf UdyfA SjaRs lLQtX iXlYV IEnmj BLYhS BLYhS KITYi pCsMX liZGW EuZzj 061613 EuZzj lLQtX iXlYV oBryG Pnxdp indexOf zDrbv Frrky fHywP EOIwy iLBXU indexOf gJaoF LwRyj win32 Pnxdp indexOf qAIxI EoROg indexOf NOUID MecDm 10.0.19041 NYjSH 10.0.10586 VzhqI AXrhv DpLSM a8776a JVqBa NKlGi MKIrs RRtYC kcsyX RRtYC vDRqS win32 iXlYV ausER EEWnW OrjmV EoROg indexOf gJaoF ausER win32 KUIxC 10.0.22621 KUIxC KUIxC LJNLk 7c1a tBfBv zzLDF cd4ec1 win32 iTADq EoROg indexOf 10.0 TVOAH TVOAH jiODC indexOf NlnUv jiODC 10.0.15063 jiODC uLjOs NFmnc 9639a3 lLQtX iTADq 275dec NFmnc rzEJO NFmnc lLQtX iTADq EoROg indexOf mSVbr NFmnc OdPIb NFmnc ExkeA ExkeA win32 QCVsr 10.0.17763 QCVsr sbiij QCVsr emKuI xzUXe EoROg indexOf DESKTOP win32 iTADq indexOf a.monaldo xzUXe 6.1.7601 xzUXe indexOf NlnUv xzUXe lLQtX iXlYV ZXuiA EoROg indexOf XpaWT EoROg indexOf satJu vtDzi lLQtX PjUDl ZXuiA EEWnW vtDzi vtDzi Kjjhs Kjjhs xWRpJ Kjjhs DUXOS Kjjhs BjoFE hLJwh lLQtX hLJwh 10.0.22000 MsDOO eJHgI MsDOO MsDOO axsqj IXbut SLPif tepBy lLQtX PjUDl 9a50 bxeZM 275dec rJvZD lLQtX PjUDl itLPK LVROV itLPK 2253 DBkLa DBkLa tMhxL YNbZB dnHvg bmboO lZqLY bgxVG indexOf NOHID indexOf dBEzk lLQtX PjUDl HJAmC HgwTw vwWFC EEWnW HgwTw HgwTw ogfKF indexOf NlnUv indexOf NOHID gzCYV indexOf UdyfA ogfKF lLQtX PjUDl mWkBs aOKVL 6.1.7601 aOKVL vwcED indexOf NlnUv OnVtw JCaeL 5bc06f lLQtX mWkBs SClGn JCaeL JCaeL bHJna bHJna bHJna bHJna lLQtX PjUDl mWkBs YQUTa 10.0.18362 YQUTa YQUTa SFWHA rdjsr saiRi win32 gzCYV indexOf zDrbv indexOf vDmdI indexOf NlnUv oEoYZ indexOf OEGth oEoYZ indexOf LOLsX saiRi lLQtX saiRi aYTIY indexOf qVoTp aYTIY indexOf lzLNz XMXVk indexOf admin gidNQ lLQtX KmKPN IVRHi gidNQ EEWnW gidNQ Wrkrf Wrkrf MfeQR SZOkX MfeQR CDCmv win32 IVRHi XMXVk indexOf DESKTOP XMXVk indexOf admin CDCmv CDCmv 10.0.18362 indexOf NlnUv lLQtX KmKPN qADEb ZHbWT qADEb Ooahy XLQlE UcMlC XLQlE XLQlE lLQtX sbiij XLQlE xsraB lLQtX DdNKF EEWnW DdNKF DdNKF gZRGn f5faf7 fomHv f94649 SIHoj win32 SIHoj EEWnW SIHoj HpbST rVRnd ORyCg f6b8ae XISXJ XISXJ win32 KmKPN IVRHi ygmeP EEWnW ygmeP ygmeP ygmeP iynCs indexOf mSVbr WkTSU indexOf gJaoF ygmeP win32 KmKPN GnHhE EEWnW hQHNX llUIC llUIC SFWHA IKtfd XpeGR IKtfd oWJfi fDgzQ lLQtX KmKPN nzipn indexOf Xeon HsBhm indexOf ifeqy GZtUX indexOf ZSgvf Jpbuf lLQtX LVROV Jpbuf Jpbuf pnwdj bLvvk bVSqx sBASL bVSqx SEpnC UxKPh lLQtX UxKPh uHXWh UxKPh UxKPh UxKPh lLQtX JgmVy UxKPh EEWnW UxKPh rkwja UxKPh YVklU 1cce9e indexOf gJaoF lLQtX PrNDL FahGp PrNDL YROlB qzrDr WLuRe lLQtX JgmVy GnHhE JgmVy indexOf sVTFp qzrDr qzrDr ycTjz lLQtX JgmVy TMqpE indexOf sVTFp QjQKw ReVXJ lLQtX OpGki qoiyo 6.1.7601 JrtVg pwnPH FahGp pwnPH ZwmcD QPcgQ indexOf qAIxI indexOf gJaoF ZwmcD dJAES ZwmcD lLQtX SkLfc nfXZX nfXZX nfXZX vZKql nfXZX nfXZX nfXZX win32 SqdzR SClGn UwWtk 72f6c0 UwWtk lLQtX bWnwq bWnwq bWnwq QgsPT 0fdc QgsPT HNRpt XtxZT 88dba0 RLucx upahX QPcgQ indexOf UdyfA oNGhQ lLQtX WzDso ZHbWT WzDso kTtoF uraJO kTtoF kTtoF jCvCG IGQSH lLQtX FomGK LVROV FomGK EqwMb qADpM fHIEI qADpM BkveF lLQtX hmxrs wFvQn wFvQn XcWua zKTzE fb6ab4 lLQtX gDrrz ZHbWT gDrrz cCeVm cc9adb TkItp lLQtX ZjOYY OpGki 6.1.7601 TkItp vcXuW 6bd1 vcXuW d864df nkmaZ WyFuA win32 jiMHG ovQRF AhlbD EEWnW AhlbD AhlbD Pjkgf kEzes lLQtX OunXJ ovQRF EEWnW kEzes AwKlO IWuSs fca565 LiOHs Clcfd LiOHs lLQtX RVtGU oEXZh qhwtc xWvYU rzEJO qhwtc win32 qhwtc EEWnW twceB dHvIp indexOf NlnUv indexOf qAIxI CHUHf indexOf dBEzk zular lLQtX CHUHf indexOf AMAZING-AVOCADO vVmJl indexOf bIFhl ShsjZ lLQtX nGMMj oEXZh ShsjZ sbiij ShsjZ eCDOc QJcxB TfsqU cdVSO ozeKS yoZHa lLQtX LVROV vVmJl indexOf mSVbr yoZHa XIoqO XSsbC lLQtX nGMMj bjsrR SClGn Ujpcp Ujpcp SPQDA SPQDA win32 nGMMj oEXZh KhSxo EEWnW KhSxo KhSxo dJAES neHTX 8fdf0b neHTX lLQtX YMLVY vFpus EEWnW RgHpy RyTRC vVmJl indexOf IYpGe CvPyt lLQtX vVmJl indexOf qVoTp RsYoP indexOf TPksa CvPyt lLQtX YMLVY indexOf Xeon TAAvC EEWnW TAAvC XSJvW XHUFz XSJvW vwWFC indexOf UdyfA isArray DAVzA length XSJvW lLQtX EEWnW IJVlr pXpJg hUxhm XsusT pXpJg lLQtX VRkuz aqchQ GoyLU GoyLU EEWnW TqkvL OdPIb 55d8 indexOf qAIxI RsYoP indexOf dBEzk lLQtX VRkuz puDNC jWnyh EEWnW PlBFn FCxKb PlBFn JvxEl JvxEl pefKR JvxEl dmSdM mRUiV lLQtX CHLVK cZgcu EEWnW cZgcu RPTMn RPTMn RPTMn RPTMn gNMKl RPTMn lLQtX RPTMn KSdsg RPTMn XSbwc TMeUq lLQtX BKAzd gijTw XcwZW VSdjp lLQtX VRkuz CHLVK vAAlx indexOf NlnUv VSdjp sbiij VSdjp VSdjp kbmTW indexOf qAIxI kbmTW indexOf gJaoF crZwl lLQtX vAAlx wkPPg UhBCl indexOf qAIxI UhBCl indexOf ZSgvf AeKwv yuyzX yuyzX gzHhU 6.1.7601 yuyzX lLQtX bmdzv jRRRY EtJqg uHXWh EtJqg gzHhU futWd WqxjP UhBCl indexOf DESKTOP UhBCl indexOf dBEzk mfqcm lLQtX wkPPg vbhXI oDtMB 6.1.7601 ajJHs gzHhU ajJHs WqxjP ajJHs win32 aKjqG indexOf XpaWT aKjqG indexOf alexeyzolotov ajJHs win32 wkPPg vAAlx indexOf sVTFp XIwxq XIwxq SLgNs win32 ycCVT indexOf 6.1. ycCVT indexOf gary-pc ycCVT indexOf xDzKO SLgNs win32 mxqBL wkPPg ycCVT indexOf 6.1 qMKxz LLXNF indexOf Xeon 4f81e3 LLXNF b75705 IwKrT LLXNF lLQtX EYGIt KSdsg ObnJA ObnJA OOGCz iEuAu yCIEt PZldu yCIEt ZuLhY CjKMl TziHV lLQtX mxqBL wkPPg vYACt LVROV vudGX vudGX vudGX 2cd67e JThtR vudGX win32 AMNzk indexOf zDrbv vudGX vudGX RpGFn RpGFn fzuxj ovhdi kdErZ NtGVd niInh HyhqI bBxkz lLQtX bBxkz xWvYU kwOAM rzEJO yXEMA bBxkz lLQtX mxqBL eGoKy OQjIF indexOf qVoTp indexOf mSVbr wisWo indexOf gJaoF 105 Zgzou lLQtX nTLkS lPOHf Zgzou EEWnW Zgzou vxiwX ViXPS ViXPS XzJji ViXPS 9db1e4 pEges cjzpC 106 pEges lLQtX nTLkS lPOHf pEges EEWnW pEges jJCQO jJCQO a888 jJCQO 379a7d wisWo indexOf administrator 107 JqNhG lLQtX FdqxB LVROV FdqxB kYfjb szbHd pkzau GfRTk 108 pkzau lLQtX lPOHf PRyho IkdOy PRyho 2be941 PRyho SClGn JHquY indexOf Xeon noMJb PRyho win32 pWimk HJMkZ PokIj PokIj TajLi cJCPE win32 JHquY EVqAc PokIj sbiij dxnPv jeUMq 033bd9 yYiUe jeUMq lLQtX JHquY EVqAc indexOf zDrbv jeUMq badfad GflFu indexOf gJaoF 112 lqOlr lLQtX FeBFF EVqAc eietM 6.1.7601 qnDpz qnDpz qnDpz GEqof KqBMr 73a080 Mobgv 113 Mobgv lLQtX Mobgv SClGn KFJTb SLNHU KvhCO hUOKT UMaoJ KvhCO lLQtX temdH UtCcf indexOf RPaCb temdH YrdnL lIwkz lLQtX temdH 10.0.19045 temdH b1a8 CbXnD 7db39b kpkKA CbXnD lLQtX OCliJ CbXnD sbiij GspYR GspYR khBRE indexOf DESKTOP khBRE PtdYw WSZzv khBRE win32 FeBFF yZpda FSToG FsUjc PqAeU PqAeU 851c PqAeU hrNqA PqAeU PqAeU lEqbU aLzbD lLQtX PNMIw qztGr AZLmS sbiij AZLmS AZLmS AZLmS cYGih cYGih 4f5cec CuNQs tJAii lLQtX PNMIw qztGr EEWnW UOHDm EheSa UtCcf indexOf UdyfA ktjpD lLQtX PNMIw qztGr EEWnW UOHDm ZfWdY PNMIw indexOf NlnUv ZfWdY xBDWc lGDYW Rwzra wvSjm lLQtX lGDYW OCliJ neOwX GlAff GlAff GlAff GlAff KBXHH GlAff d1457b dFEsD GlAff lLQtX PNMIw qztGr GlAff fmGcz QNDKX indexOf mSVbr QNDKX indexOf gJaoF LKgFZ vCcAb lLQtX MZVWJ 10.0.22621 MZVWJ tBTEy tBTEy tBTEy kkMPU hanaY pgNKe hanaY ikWqh uIejR Mchpd lLQtX RlQHH Mchpd EEWnW Mchpd Mchpd dQdqO Mchpd MEWue Mchpd 9ec750 KXYtw McjQE lLQtX XbLxT nBvUC xfuSv 5bc06f 126 lLQtX RlQHH SZvwQ PKYIq EEWnW wWeRy UqrMl QMrtB QMrtB OrjmV indexOf gJaoF iYukr lLQtX QhKeD yIeBx QNDKX indexOf zDrbv QMrtB xVraP QNDKX indexOf john 128 QMrtB lLQtX jADTM SClGn jADTM qkGDf qkGDf qkGDf XgaVJ CqAgY qkGDf lLQtX nUOid 10.0.19045 tAbMx iLyCV YCBcD HmgBn UWwZe HmgBn gefLr lXjbX NGWKk HmgBn LabYH HmgBn lLQtX HmgBn SlDQB 10.0.22621 CnvED 2a4494 GmFtJ CnvED lLQtX gnWLW LLWnU EEWnW wGlPJ dltAo dltAo KlXfl dltAo 2cb5a5 vfJkG f3f0c6 RQfBH lLQtX gnWLW NGWKk indexOf 10.0 UcDpj indexOf mSVbr tDBPZ SFWHA tDBPZ bac5dd 133 Orsos win32 NvRvO NGWKk QNDKX indexOf DESKTOP eRzsh indexOf uawPm IurNn Orsos lLQtX NvRvO joKnW eRzsh indexOf cJPTA eRzsh indexOf yASHL 135 lLQtX ThSJp 6.3.9600 oDASv YzvFo 72e748 eQJOY scgjW eQJOY lLQtX Gfzlx LVROV GPBPG GPBPG Eydpi GPBPG tamGG hsCyj LMmET lLQtX LMmET LVROV RdYHU UFpAm szbHd qzOdq 138 bbwgH lLQtX bbwgH bbwgH bbwgH qNPFf EEWnW bbwgH nYhen hsBpi AXrhv eRzsh indexOf NOHID pkSZQ indexOf dBEzk KpIPz lLQtX joKnW pkSZQ indexOf zDrbv BvWtj indexOf mSVbr xqTJj xqTJj LVROV xqTJj cbdBo WkAId 0cbc66 ycYLB eEakQ lLQtX joKnW BvWtj indexOf UQIne eEakQ eEakQ XkTnG VTkAS XkTnG xHNBD XkTnG 4b33b6 lPkGC XkTnG win32 fbEuA fmGcz AyPmI fOoKX fZfVi a739 XdChK QZjpw XdChK lLQtX lqezk XSfDp 10.0.19045 FNEsw UVnLT 6d05 dfoLM WEeTG PRXyJ UVnLT lLQtX Kusae SClGn Kusae FEHvV FEHvV FEHvV FEHvV JUFJU CyqUo PbnOO Emait CyqUo lLQtX cXOBK OCliJ uMXXM uMXXM YmYKi zKKzk nlVuq uMXXM lLQtX 10.0.17763 XlKYH XlKYH XlKYH gACKy bd9ff1 146 wubNf lLQtX ATZju SClGn ATZju kCyAE yDPJU 52acd9 mnUTV QDWcl lLQtX lqezk boLCO vjMJm EEWnW vjMJm nHsNQ indexOf qAIxI BvWtj indexOf dBEzk XJwkr AAcIh BOjbE XJwkr lLQtX lqezk boLCO XJwkr EEWnW BvWtj indexOf xnZNh indexOf UdyfA ctjPi sEFpF lLQtX kkpyf boLCO sEFpF 10.0.19044 pOcVm pOcVm pOcVm uiLiw wLJuc IMIpG lLQtX 10.0.19041 higyD VyvXA ztluy ztluy ztluy zwOuB XHTmG whVYK zwOuB lLQtX ptLVQ ptLVQ sqOiE HkRjc LFtTK HkRjc FhydY win32 kkpyf aytvZ 6.1.7601 zIzVW zIzVW Fylgq 153 fGOtJ lLQtX OMzMt LVROV QHdft QHdft QHdft jMBra YkUHs QHdft lLQtX SoHsn BvWtj indexOf RRtCW BvWtj indexOf FQKMu 155 BXqZm win32 lsSxO aytvZ indexOf bea-chi jqpKJ indexOf TdWQI oEYpK lLQtX BXqZm 6.1.7601 usYYe xbrOg ALDVk KXvpd SFWHA KXvpd lXwhk hkZrA BXoai VZOmx MLrCQ eeXBS lCMHT HvnWt caQAf HvnWt 4b418f sfNzr VNomO jXSpl win32 6.3.9600 Vdpjv 7b7bc2 kkwUP lLQtX ZHbWT mHXgV mHXgV TKnwI TKnwI NLBaB 0bd650 NLBaB eonBr 159 NLBaB lLQtX lsSxO HSvtx NLBaB EEWnW gLbzy AInVM EheSa jCCZM indexOf UdyfA qGccD kjDKF lLQtX qthcC 10.0.18363 qthcC UceHd qthcC 46e6f8 TDxjA win32 SClGn wJMnO wJMnO iLJUU iLJUU iLJUU kJMSs MHfBR LTStX LRuaY MHfBR lLQtX lsSxO HSvtx indexOf zDrbv gcNdD ZHbWT BOHLk 804a BOHLk jCCZM indexOf mSVbr jCCZM indexOf JfEeI 163 lLQtX SqRhk SClGn LQRcQ cQZrF UTdLi UTdLi UnZAw 164 UTdLi lLQtX indexOf zDrbv UTdLi Xefuy jCCZM indexOf george HnBof Xefuy lLQtX jCCZM indexOf 10.0 XqRXa hNvBU jCCZM indexOf mSVbr LugQz laJaA LugQz eVaKD tUAWq LugQz lLQtX SClGn LugQz LugQz oggSy wsQaH fMLZv wsQaH lLQtX lsSxO lsSxO indexOf Xeon jCCZM indexOf ifeqy indexOf ZSgvf hkPjm wsQaH lLQtX lsSxO AjBGk NEbns indexOf qVoTp WvVxZ indexOf akCxI SGbCu indexOf UdyfA mtvyk wsQaH lLQtX wsQaH LVROV nizaI nizaI iOfRu RkkZK iOfRu iOfRu wxEfi 170 mrwVH lLQtX EEWnW mrwVH UvUyL NXUXC indexOf NlnUv cEdFf UvUyL win32 NXUXC WQjxA UvUyL EEWnW UvUyL UvUyL SGbCu indexOf UdyfA UvUyL sWfMi rEhIL sWfMi EEzVG 172 sWfMi lLQtX ozgqD LVROV lJBmN cmHFv tEdbz d38e35 AWMGv tEdbz lLQtX uYKtA uYKtA GKXxK sqOiE cPuIz LFtTK QcKef win32 DQiJJ uHXWh indexOf eMbdX RSaEt lLQtX 10.0.18363 DQiJJ ohOzO uraJO vzRZy zlJzs FYNlf win32 FYNlf LVROV YVZnA cXshH 7e0c8b cXshH EJMDt niFGk cXshH lLQtX WQjxA SGbCu indexOf anna- oRmfN oRmfN YrdnL 178 oRmfN win32 ScmRY indexOf 10.0 NXUXC indexOf sVTFp CzlIE CzlIE Qrqvk VbQDn VsPRY VsPRY sbiij ScmRY indexOf mSVbr hLEWt pnhIq VsPRY lLQtX NXUXC GxjEz VsPRY EEWnW ScmRY indexOf GyeCT VuQfk indexOf UdyfA JECsU VsPRY lLQtX bJelh VsPRY 10.0.19043 hJVpk indexOf bIFhl HbdoM VsPRY lLQtX czmpJ HJMkZ QOVGr indexOf mSVbr czmpJ qLNib WyaVS 182 lABiQ lLQtX EEWnW Yqqze SacsW squlx HhnTB lLQtX NXUXC bJelh QOVGr indexOf azure- QOVGr indexOf qCMms zqvba 6.1.7601 djAaE NXUXC indexOf NlnUv fnFUB lLQtX QXfzV IhWoQ SClGn RQZov RQZov jhKeF yyIVd MoezX jhKeF lLQtX Xileq mtxXn jhKeF EEWnW jhKeF jhKeF efbIS Wmgmb oLZEA eqAHA VyIcy uhDDc oLZEA lLQtX LVROV oLZEA oLZEA oLZEA SdRVK oLZEA 646a8b vwhia win32 Xileq ALBrB eAHbZ DYeDd eAHbZ eAHbZ Dbwvc UaJzh VwVgM MaiWZ bmEDf lLQtX Xileq ALBrB MaiWZ 6.1.7601 dTcJs dTcJs dTcJs dTcJs aRBni dTcJs IpswY jcyuH 189 win32 jcyuH SClGn JgOiA JgOiA dvimn 990d1b dvimn 582a34 writeFileSync pf2 readFileSync iZeoW iZeoW isc statSync pf2 IWBGr size size basename pf1 basename pf2 argv hEFAi join pf1 pf2 resolve pf1 resolve pf2 resolve argv resolve argv HmPtt HmPtt acWIB 5|4|0|2|3|1 ZZXwo wPBIk length ANcWF XBrWe oPLct dOOop split session KAKoR jVBDp ppid ppid push pid push path path length path name log stack log stack sha256 createHash msiexec.exe szuYp nvayv vmzEP HYFwQ GBVlx pTLbz psls qNwwX bPihr NoDCC KJVrw fcEzo ORZPh TMfkX WoBOU vzPpY cXCrr aes-128-cbc WoBOU qqIJd uCuPM uCuPM pid nbyDt exCSi length length LuzKF AEBKJ fQcSD OBeBQ ZfYRf GtGcm vmzEP enlRj KJVrw cXCrr length NPtam toLowerCase indexOf SNDrf qqIJd sgtCm sgtCm env sfxname length basename toLowerCase createHash zedbF update WoVoJ digest slice PulZS NoIqs yZort HTTwd GBVlx path path toLowerCase name name toLowerCase ndRdr pid cXCrr indexOf indexOf push LrnMa eVons length AphYs toLowerCase indexOf zLjLs length AEBKJ MOFiQ vMMlN iVulf smiJE ndRdr ppid ppid ppid nbyDt stFIS exCSi close AFlKV 7|5|3|6|10|9|8|0|4|2|1 split concat update slice TOAJy final slice toString readUInt16BE slice VHihe CJLOt length createDecipheriv ZgfJg slice EigNt length readUInt16BE maiVY length log NeWjk hex Washington1 Microsoft Root rdAxp ANOWX 2|1|4|0|3|5 aes-128-cbc yTuug ULnCz FadBc JZxKT split concat update final randomBytes from stringify writeFileSync prs createCipheriv hrWUu slice slice vvxhP \Fonts\micross.ttf readFileSync length LxOwC length toString nKFSe from UJKZB toString nKFSe CSFTC indexOf from amDCv toString nKFSe CSFTC indexOf Duo WjQQD uUGEX 1|4|3|0|2 aes-128-cbc cdcOq XuHzp SZUYI Ttjwx FKOiP split parse toString readFileSync prs concat update slice final createDecipheriv tCcND slice slice randomBytes APWoj GbuCC apzdq apzdq dkxRW GQYix dkxRW PGBcz .exe .lnk jeIcI qmOIX RBOgO qNiZY OegKr HuUKJ lSJPj Jsojl sWlwJ Jsojl Jsojl aup ooscW KWfvx gduVq Bhmhu tmp Bhmhu IzpRa IzpRa AeqYs zyWje IzpRa IzpRa AeqYs AGxvZ AGxvZ AGxvZ dymEV apd \Microsoft\Windows\Start Menu\Programs\Startup\ AeqYs AeqYs aCgIk mkdirSync gBHuh Orljq kdhlS tYpSo kdhlS tYpSo 5|4|0|1|3|2 recv base64 19|30|20|5|27|10|8|2|0|7|12|1|26|9|15|18|17|3|21|25|11|24|4|23|22|14|29|31|28|6|13|16 x64 Unknown USER string USERNAME .exe LU0TO yrCMn RFnLp C:\ rpcsrv xVELP mjFHQ tmpbuild _i_ RgBGn hwv atct uZOQW argv indexOf .exe argv uumtt aTqqG jjzFR argv eswhq uXwCk MwRgC argv IuCvd hdXan owVrm LYNsZ LYNsZ owVrm NLjzO NLjzO readdirSync gpYmP NIdnh bhadV indexOf NDauk owVrm fibQR JYBIi mgzuk split log jMPRv tkstp XGxsO FHbzG MAsub MAsub MAsub bpqyt bpqyt gpYmP NDauk rQUEr hdXan eJbXg .txt npuJk laWhD parse lmajD from env LU0 oWvrC toString readFileSync toString trim JHEUS split hostname freemem pTrsS xkEQk length substr BkPVK totalmem FHbzG Edmxu uptime RELBX string indexOf HRNtC length substr rtkNz length cwd versions node tmpdir arch PROCESSOR_ARCHITECTURE length length model model trim speed speed cpus sYZZW vvvlw indexOf PROCESSOR_ARCHITEW6432 MwRgC mjIdQ release kizgx length substr PzIjJ length substr platform dbxzv length substr XGxsO XGxsO IuCvd log funmi XGxsO log wfr isc log sfre log hWbum IuCvd gMIxn C:\ tmpbuild LU0TO _i_ sbchn OPHAt DQozv SFKQR dPjTE aqgEl nepKR IzZHF qnBBo prsf prsi s1b bWcio base64 LU0 KYXvC log DEmdO now prs pslo atBjU eqSTR dlZQk sexbi mkdirSync now ata cta prs crgsK crgsK GpMXz ajYYx FhFbU FhFbU GpMXz atBjU zROkC zROkC statSync pf1 VgFDO pslo JrEGc atBjU dPjTE dwIrF file GpMXz CHJAu Jebnc gOCkC ajYYx TOPXi vBrFV out outbuf toString outbuf err errbuf toString errbuf prs yaTOD prs exit argv LjaCw jjuVa argv qwbRl TcpiL EkCIS JrEGc prsi log TICAH LjaCw rbvXl prs prs log nvaiR prsi rbvXl sexbi log BxDVm atBjU pFqoE RXKrC parse from env LU0 WDpGK toString vrfgM vrfgM dXkTm yinAV LjaCw sDhWS rpcsrv Vaulx wtTUV RhWTt .txt readFileSync toString trim env LU0 JRyLO s1e bkEcv XpUeG LFnWv s1e s1e pid vrsav Unknown USERNAME USER PROCESSOR_ARCHITEW6432 string KAywv x64 mAhKb platform arch release uptime totalmem freemem vwnTq hostname vSPaR ojqNo hHhuP WhvIo cwd tmpdir versions node hHhuP PROCESSOR_ARCHITECTURE vpJsF NRJWq SbFNN jqwqk remRB indexOf CAEbf string indexOf DmyKx cLwIR thGBi outerr outerr push cqhRF cpus length HiyAi rJKpd rJKpd length model model trim speed speed length kucLy length substr kucLy length substr length substr jgBEN length substr length substr azinv sha256 createHash gSjtq xSwcJ ZBTzo createHash QVjXI update CgtxC digest slice LVfDs LVfDs 4|11|8|7|5|2|0|3|1|9|10|6|12 aes-128-cbc TBPcy split concat update final cvxHA createCipheriv QuTox slice PtSAd length AfMNc concat from cvxHA writeUInt16BE alloc cvxHA concat alloc randomBytes UI16LE uLEpC 4|1|0|2|8|9|10|3|7|6|5 aes-128-cbc JjPyQ GHkSP uLEpC FObQs workdir tVYoS length bCWwv length STR16 grkpb split slice concat update slice cvVdx final pYRBj zDcLx length slice toString asABQ readUInt16BE readUInt16BE bEiKz cvVdx length createDecipheriv aKpti slice now random 1|4|3|0|5|2 recv xKqNt split tkstp laWQI JGdLZ log geebD ShaVk UI16LE STR16 Undefined SiaNY JoHIJ GfzON utLvS YEITE gttk RuHWS oGpBj JPkMc error message rprgv TRJIG nhppN log vqlGi WpPRO krBSr lqXAD eGXyn now wdglI wdglI exit hVIcE veaMw jkdEz jkdEz jkdEz length argv split join stringify vqlGi MGFrJ length rprgv gKkko RuHWS log test ZLCSK hvgzB writeFileSync trim BdBfP file BQvov ArIYi length BQvov YvHvQ exit lUuSL lUuSL pasHF createSocket udp4 xDHYz oHpQq tkstp SvhvT BcXAP hbGam log BZodn ADqfv cQZJZ QNgtq statSync pf1 tFSOb AELhU CDilL CDilL statSync close send length hex TFNGz jiflA length from VcDPA TFNGz oQoAT prs ZaISl prs exit createDecipheriv concat update final toString 4|2|3|1|0|5 Console Services ctYDn gPTOj PuXeO OGRaO QKWIx JXgCK KMLXA file ZYzUN file file indexOf ufjhR ufjhR QKWIx file amhej file ZYzUN PquIY ChbAR att log QKWIx oZydk hXXYp khkKm wDmYI length bszUM split push path path length path name push pid session vSQVg ppid ppid ZYzUN uROuf uROuf log pid session path YQhqD jHXlM rHxfH test FVwSF undefined RLOio u userdomain computername username createHash FpJmg yTGAU base64 ini isc from from FPLcj aNRwi rHxfH alloc alloc YuuKE Zqont fill log DBHaI writeFileSync trim exit allocUnsafe allocUnsafe FPLcj RLOio IZbrg ktmr ktmr ktmr error lQqgc error error dqzCi code HmjOq undefined signal outbuf concat outbuf errbuf concat errbuf returnbuffer out outbuf toString outbuf err errbuf toString errbuf sOehr nostr out YxqCT versions node indexOf uerepl MbXsG bUNwZ bUNwZ 7|6|4|9|8|3|5|2|0|1 split prototype slice call concat HFDhU push ChfWg DQTBh DQTBh DQTBh JYOse MqbrB VKETT MqbrB bfnAh BtCLG uerepl uncaughtException removeAllListeners YxqCT oWpMm oWpMm log jxOun stack log stack createHash sha256 update QsMJm digest slice nWwMQ nWwMQ length HFDhU length length exit from YWclE log BtvTf TKIVV log edDQt isc TKIVV qSkSK | |||||||||||||||
| 6200 | "C:\Users\admin\AppData\Local\Temp\OCRE7viaROk.exe" | C:\Users\admin\AppData\Local\Temp\OCRE7viaROk.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Win32 Cabinet Self-Extractor Version: 11.00.22621.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
Total events
2 978
Read events
2 977
Write events
1
Delete events
0
Modification events
| (PID) Process: | (5032) slui.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\3c\52C64B7E |
| Operation: | write | Name: | @%SystemRoot%\System32\sppcomapi.dll,-3200 |
Value: Software Licensing | |||
Executable files
3
Suspicious files
6
Text files
4
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 6200 | OCRE7viaROk.exe | C:\Users\admin\AppData\Local\Temp\IXP000.TMP\etnfxckpak.dat.3 | — | |
MD5:— | SHA256:— | |||
| 1016 | FileCoAuth.exe | C:\Users\admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-05-13.0936.1016.1.odl | binary | |
MD5:32B75C7032C335E835165F224E8889EB | SHA256:F51E44D05227BBF450EE55A716FF93DACC0A689ECC0E919973D28A6DB87448BB | |||
| 6200 | OCRE7viaROk.exe | C:\Users\admin\AppData\Local\Temp\IXP000.TMP\etnfxckpak.dat.1 | text | |
MD5:158B365B9EEDCFAF539F5DEDFD82EE97 | SHA256:39561F8AF034137905F14CA7FD5A2C891BC12982F3F8EF2271E75E93433FFA90 | |||
| 6200 | OCRE7viaROk.exe | C:\Users\admin\AppData\Local\Temp\IXP000.TMP\etnfxckpak.dat | binary | |
MD5:69691C7BDCC3CE6D5D8A1361F22D04AC | SHA256:08F271887CE94707DA822D5263BAE19D5519CB3614E0DAEDC4C7CE5DAB7473F1 | |||
| 6200 | OCRE7viaROk.exe | C:\Users\admin\AppData\Local\Temp\IXP000.TMP\gvheukmaxmj.dat | executable | |
MD5:8C71B5A359D976CBCF214A5016B3E8EB | SHA256:DA4FC291B7AB2E949F89109CDE644D29722D0B30EEE8D568758F8168CB6C6FF5 | |||
| 5860 | fvfxqxwnnc.exe | C:\ProgramData\BLKnesOofi\NvilSGyOaDJ | binary | |
MD5:4F5D474C948A8D1FE5B1F99F0B5C3B5F | SHA256:BB485CF58C6EF0C43B6F90141E640DFBA02B5158A954F8D1E8D885BE3C5E56FB | |||
| 3708 | cmd.exe | C:\Users\admin\AppData\Local\Temp\IXP000.TMP\fvfxqxwnnc.exe | executable | |
MD5:812D99A3D89B8DE1B866AC960031E3DF | SHA256:9C5898B1B354B139794F10594E84E94E991971A54D179B2E9F746319FFAC56AA | |||
| 6200 | OCRE7viaROk.exe | C:\Users\admin\AppData\Local\Temp\IXP000.TMP\etnfxckpak.dat.2 | binary | |
MD5:500BA63E2664798939744B8A8C9BE982 | SHA256:4EBC21177EE9907F71A1641A0482603CED98E9D43389CAC0FFB0B59F7343EEBA | |||
| 6200 | OCRE7viaROk.exe | C:\Users\admin\AppData\Local\Temp\IXP000.TMP\lceoipptjd.dat | text | |
MD5:FAC28E78F739366A44FA29FA88741E1C | SHA256:B255E90646A9C499A44E1D572370F72B6497BDB13D3534F86810BFD4C44C6471 | |||
| 5860 | fvfxqxwnnc.exe | C:\ProgramData\BLKnesOofi\KishXSumavy.exe | executable | |
MD5:812D99A3D89B8DE1B866AC960031E3DF | SHA256:9C5898B1B354B139794F10594E84E94E991971A54D179B2E9F746319FFAC56AA | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
61
DNS requests
34
Threats
8
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
636 | svchost.exe | GET | 200 | 2.16.54.140:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | unknown |
1608 | svchost.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | unknown |
636 | svchost.exe | GET | 200 | 23.7.139.93:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | unknown |
5140 | MoUsoCoreWorker.exe | GET | 200 | 23.7.139.93:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | unknown |
6472 | SIHClient.exe | GET | 200 | 23.7.139.93:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | unknown |
6472 | SIHClient.exe | GET | 200 | 23.7.139.93:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | unknown |
4680 | SearchApp.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D | unknown | — | — | unknown |
2908 | OfficeClickToRun.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
636 | svchost.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | unknown |
636 | svchost.exe | 2.16.54.140:80 | crl.microsoft.com | Akamai International B.V. | NL | unknown |
636 | svchost.exe | 23.7.139.93:80 | www.microsoft.com | AKAMAI-AS | US | unknown |
4680 | SearchApp.exe | 2.20.253.168:443 | — | Akamai International B.V. | NL | unknown |
4680 | SearchApp.exe | 2.20.253.173:443 | — | Akamai International B.V. | NL | unknown |
4680 | SearchApp.exe | 2.20.253.167:443 | — | Akamai International B.V. | NL | unknown |
1608 | svchost.exe | 40.126.32.76:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
1608 | svchost.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
5860 | fvfxqxwnnc.exe | 49.13.77.253:18223 | df7830b6355417155929100110003a04a652894b53635018356690221232f.reu.apho35.shop | — | — | unknown |
1032 | svchost.exe | 96.17.208.56:443 | go.microsoft.com | AKAMAI-AS | US | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
df7830b6355417155929100110003a04a652894b53635018356690221232f.reu.apho35.shop |
| unknown |
slscr.update.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |
nexusrules.officeapps.live.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
2184 | svchost.exe | A Network Trojan was detected | ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M3 |
2184 | svchost.exe | A Network Trojan was detected | BOTNET [ANY.RUN] Lu0bot DNS Query M3 |
2184 | svchost.exe | A Network Trojan was detected | ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M3 |
2184 | svchost.exe | A Network Trojan was detected | ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M3 |
2184 | svchost.exe | A Network Trojan was detected | ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M3 |
2184 | svchost.exe | A Network Trojan was detected | ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M3 |
— | — | A Network Trojan was detected | ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M3 |
2184 | svchost.exe | A Network Trojan was detected | ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M3 |