Malware analysis fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe Malicious activity

Add for printing

File name:	fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe
Full analysis:	https://app.any.run/tasks/a720cabd-a334-4b50-93a2-8b5fbdba11af
Verdict:	Malicious activity
Threats:	A backdoor is a type of cybersecurity threat that allows attackers to secretly compromise a system and conduct malicious activities, such as stealing data and modifying files. Backdoors can be difficult to detect, as they often use legitimate system applications to evade defense mechanisms. Threat actors often utilize special malware, such as PlugX, to establish backdoors on target devices. A botnet is a group of internet-connected devices that are controlled by a single individual or group, often without the knowledge or consent of the device owners. These devices can be used to launch a variety of malicious attacks, such as distributed denial-of-service (DDoS) attacks, spam campaigns, and data theft. Botnet malware is the software that is used to infect devices and turn them into part of a botnet. Lu0Bot is a Node.js malware that was first discovered in February 2021. It is a type of Trojan that primarily acts as a stealer by responding to commands from a command-and-control (C2) server and transmitting encrypted system data. It can also operate as a DDoS bot. Lu0Bot employs multiple obfuscation techniques to avoid detection and make analysis more difficult. Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns. Malware Trends Tracker >>>
Analysis date:	April 04, 2024, 08:39:06
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	lu0bot botnet backdoor stealer
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	6181206D06CE28C1BCDB887E547193FE
SHA1:	8EB65B4895A90D343F23F9228E0D53AF62DE3DAB
SHA256:	FB808BE98B583A2004B0AF7B6F4BF5E3419D8B6A385C5CE4E8FAB4DDC0B48428
SSDEEP:	49152:5qVMAWRywiN7AqzGKWPy3tsdWT69leSkFAaGjv616zzU45tZevvDnZjlE/X4HOoA:QKo5czXmidWn1FOz6cgsSvvljEouH9Ht

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - cmd.exe (PID: 2232)
  - fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe (PID: 1836)
  - fjlpexyjauf.exe (PID: 116)
- Lu0bot is detected
  - fjlpexyjauf.exe (PID: 116)
- Create files in the Startup directory
  - fjlpexyjauf.exe (PID: 116)
- LU0BOT has been detected (YARA)
  - fjlpexyjauf.exe (PID: 116)
SUSPICIOUS
- Process drops legitimate windows executable
  - fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe (PID: 1836)
- Starts a Microsoft application from unusual location
  - fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe (PID: 1836)
- Executing commands from a ".bat" file
  - fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe (PID: 1836)
- The executable file from the user directory is run by the CMD process
  - fjlpexyjauf.exe (PID: 116)
- Starts CMD.EXE for commands execution
  - fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe (PID: 1836)
- Uses WMIC.EXE to obtain data on processes
  - fjlpexyjauf.exe (PID: 116)
- Reads the Internet Settings
  - WMIC.exe (PID: 2892)
INFO
- Checks supported languages
  - fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe (PID: 1836)
  - fjlpexyjauf.exe (PID: 116)
  - wmpnscfg.exe (PID: 2148)
- Create files in a temporary directory
  - fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe (PID: 1836)
- Reads the computer name
  - fjlpexyjauf.exe (PID: 116)
  - wmpnscfg.exe (PID: 2148)
- Reads the machine GUID from the registry
  - fjlpexyjauf.exe (PID: 116)
- Creates files in the program directory
  - fjlpexyjauf.exe (PID: 116)
- Creates files or folders in the user directory
  - fjlpexyjauf.exe (PID: 116)
- Reads CPU info
  - fjlpexyjauf.exe (PID: 116)
- Manual execution by a user
  - wmpnscfg.exe (PID: 2148)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

Lu0Bot

(PID) Process(116) fjlpexyjauf.exe

С2 (2)hsh.juz09.cfd

apo.eus80.fun

Strings (7465)59c58bb5

*.hsh.juz09.cfd

331c90

*.apo.eus80.fun

v42bP2u3jPJKahqWMCYu6o40TsZ8xdryt9IzpoQuB6ECgY3fPK9NOpbFYLHolrsVHM0+P5uYY8NZhn2NWGxUvu47PpXLuRtgwsgq/jZpU7wUtz4UNNtM6hJWJt7di+2tTkvG2li9l4lUyQNpG8dbALB2G5EPJEWUfdLfZdBtIpewJDiZ3Rlv6+AmsZdSQALc0gk1wf7WJqiVbZUla4GXwqdDsf/H0Fq6Z13kKOxHuLj8IYPqwfrbhj7Nz9SnvjgB4/z7fiuXu9so74zvvsRk6baN1V5/DtIMyBGDYcDx0SBE...

require

mainModule

require

crypto

path

sep

dgram

child_process

env

STtep

toLowerCase

env

5|1|11|30|25|26|8|0|24|21|13|2|7|31|14|12|28|10|15|4|27|16|6|22|9|3|23|19|18|29|17|20

x64

PROCESSOR_ARCHITECTURE

string

USER

object

ignore

ilQBf

cmd.exe

kMKXd

OEzqR

stdio

yNWzO

detached

windowsHide

env

slice

gKgLn

qpXuK

unshift

xtWjH

IIxNA

split

freemem

platform

hostname

OnFBC

length

IJDgs

PROCESSOR_ARCHITEW6432

tJwHz

nSUhc

USERNAME

totalmem

length

model

trim

speed

arch

tmpdir

cwd

nSUhc

ERvjC

BBtgd

Navsa

NkThz

indexOf

zmnxZ

length

substr

length

substr

zmnxZ

length

substr

Unknown

cpus

zmnxZ

length

substr

release

uptime

faBSx

string

FVnpB

indexOf

versions

node

rieBy

length

substr

EkLRL

shift

spawn

unref

undefined

AFQnD

KiQPR

eRLAO

temp

appdata

system

dwm-

umfd-

username

\networkservice\

systemroot

cDNLH

HIOtY

4|2|5|1|3|0

LBymM

OZSmQ

ogGfR

sBwUd

yOLWS

jytux

function

OYQQu

pipe

error

exit

data

WTaCn

aOIqG

YTNPM

OYQQu

RpYqA

4|7|2|6|1|5|3|8|0

split

wvSYT

nostr

out

qBhZt

Sowvv

signal

error

errbuf

concat

errbuf

ktmr

VdCWs

ktmr

outbuf

concat

outbuf

Sowvv

code

error

sVMPV

error

returnbuffer

out

outbuf

toString

outbuf

err

errbuf

toString

errbuf

mjSzf

object

stdio

OBUQm

detached

windowsHide

env

slice

shift

spawn

timeout

ktmr

tZlPq

qZeSO

UJVAO

lpZnO

kill

statSync

pf2

gQosW

timeout

once

VyGni

vhdqU

Fldnd

log

error

once

mzDgX

mVGqd

xcyYV

MgbzB

11|10|9|0|4|1|7|5|3|8|12|6|2

split

tmp

sVMPV

JrpbZ

apd

sVMPV

cGqdX

isc

usr

toLowerCase

ACIoK

network service

wcYmL

ZNZPH

local service

substr

DlnQP

length

UflCJ

indexOf

YOiEb

indexOf

LfZvE

isc

mVGqd

tmp

toLowerCase

indexOf

toLowerCase

isc

aup

LhMHy

allusersprofile

tmp

isc

usr

isc

usr

SOmWp

auVrW

isc

jIteC

tmp

toLowerCase

indexOf

XrCxU

isc

bXyQW

JEXWC

windir

isc

aup

apd

isc

qBhZt

Sowvv

code

mjSzf

undefined

signal

once

QhlHi

jReHg

pCNQz

xVajz

vhdqU

aviFP

LBymM

RgoTa

ktmr

vhdqU

xkcTU

LcdmX

split

hgRmX

MODXF

ppid

push

pid

push

path

length

path

name

session

ktmr

error

DBuaE

ogGfR

RgoTa

error

undefined

code

mjSzf

Sowvv

signal

outbuf

concat

outbuf

errbuf

concat

errbuf

returnbuffer

EsWkj

out

outbuf

toString

outbuf

err

errbuf

toString

errbuf

wvSYT

nostr

out

stdout

qkCZd

TKdUs

jenMH

yOLWS

outbuf

push

writeFileSync

pf1

readFileSync

stderr

qkCZd

QzZqg

jytux

rjusE

outerr

push

0|5|3|2|6|1|4

aIAyO

split

jdZAZ

ppid

push

nkRdy

SgGOd

pid

name

length

hex

7|6|0|5|2|3|1|4

3|2|9|0|1|5|8|10|7|4|6

gLRwc

ZBHVW

Node,

xrKXK

aYabZ

Elyzs

hxeRH

VkpOb

executablepath

ppid

processid

pid

name

idlJf

Console

Services

rudXF

XdwiD

qsqCw

6.0

process

get

processid,parentprocessid,name,executablepath

/format:csv

release

ixopQ

indexOf

ixopQ

indexOf

LQcIz

iLmYv

wmic

euzUl

MYOrH

azRqQ

PbVKY

XMLjl

dVKnQ

nukMI

cVHbC

WYtws

ffPDI

aes-128-cbc

zdBkL

RgYMz

bqiaC

nucqZ

kkISP

ofVFa

CdQMR

iLmYv

length

iLmYv

split

join

split

length

shift

indexOf

Iqizr

FfTTJ

XdiAw

xfaRp

length

from

qQUYR

createDecipheriv

concat

update

final

toString

split

shift

length

FfTTJ

RVgxR

GwaDO

writeFileSync

split

UmIba

length

TFiuG

vYZbU

eLKvL

split

resolve

pf2

MaExZ

resolve

argv

MaExZ

resolve

argv

resolve

pf1

pf2

RgYMz

length

Ncfvn

XChDn

toLowerCase

lGDVe

path

length

parentprocessid

FzaHV

QNePV

VDXky

BQEqp

dSNLm

split

readUInt16BE

slice

zytau

QHdgX

length

slice

toString

cGAEM

UiNcS

length

vYHoy

readUInt16BE

createDecipheriv

dSzTK

slice

concat

update

slice

final

pid

Node

pid

Ncfvn

ZTVQL

pid

session

path

lSayG

uZBHk

Ncfvn

rudXF

FPVBS

pid

dwFaz

0|9|2|7|10|6|3|4|1|8|5

split

hsxtg

WCygp

length

vYHoy

readUInt16BE

createDecipheriv

dSzTK

slice

concat

update

slice

Wuorh

final

lHgSy

Wuorh

length

slice

toString

slice

readUInt16BE

tdhtI

IUlaQ

length

model

trim

speed

IvebY

ppid

length

tree

windir

temp

allusersprofile

appdata

username

kNTff

network service

system

local service

dwm-

umfd-

YIQdk

isc

qcrOA

NRAQb

WALRx

systemroot

tmp

LuZan

CPeuR

aup

LuZan

xDvKb

apd

LuZan

dfnMx

usr

vcQRl

zMCxA

tmp

isc

jQusn

tmp

toLowerCase

indexOf

toLowerCase

isc

ZogXI

tmp

toLowerCase

indexOf

\networkservice\

isc

aup

apd

isc

usr

isc

XpsmX

outbuf

push

usr

toLowerCase

OVThX

imHjm

ffMEX

yVmBs

lkUwd

substr

Mgjql

length

gXtPj

indexOf

AzPwF

gXtPj

indexOf

zdxiK

gXtPj

pMdTK

isc

push

sha256

createHash

hyAcA

update

digest

0|9|3|6|5|2|4|8|1|7

computername

userdomain

QTdAR

split

GCcyL

KibUZ

prototype

slice

call

push

rTgWn

hyXRd

AmPVD

SOVNj

XHpTc

YrrPy

username

concat

WsZia

Vssyk

floor

fhWvB

pop

vLCwI

fromCharCode

qSVZV

LCHzg

TMVSq

LCHzg

C:\

computername

userdomain

username

sha256

TmBEK

xXqNS

TewbO

WYZTH

lbRlI

efnmR

gRrcc

lfeEm

HdcAa

win32

darwin

openbsd

freebsd

linux

intel

pentium

core(tm)2

amd

xeon

ryzen

threadrip

kvm

qemu

hex

DESKTOP

ibhhj

work

amazing-av

bea-chi

shadow-

JTAPJCC

azure-

janusz-

compalexey

dillon

mars-pc

host1

md5

administrator

admin

user

john

frank

lisa

george

shadow

straznj

harry johnson

joe smith

john doe

cape

goatuser

azure

stark

a.monaldo

alexeyzolotov

peter wilson

Unknown

Intel Celeron

Intel Pentium

Intel i5

Intel Core(TM)2

Intel i7

Intel Atom

Intel i9

Intel Xeon

AMD EPYC

AMD Ryzen

AMD Threadripper

AMD Undefined

pzvzL

rMHgm

OeZcP

Quad

Miaxj

Undefined

NOHID

my_pc_

art-pc

AMAZING-AVOCADO

cape-pc

CompAlexey

anna-

gary-pc

UNKNOWNHID

NOUID

STRAZNJICA.GRUBUTT

UNKNOWNUID

trrhP

onJKt

alloc

floor

JyPtA

BsbId

writeUInt8

bdmDD

BsbId

round

ELppr

ABEtR

aVHii

vwRdA

nFAgN

createDecipheriv

concat

update

final

toString

ugPrB

HtSvj

cgrGl

HNyua

FXcyy

statSync

pf1

jxOds

readdirSync

GDMui

rZdth

SaLRW

kGNKp

AXlxd

kGNKp

CHfVc

kGNKp

lipsw

SvdAr

push

ccWXc

JvoGk

obHHR

cIvEH

concat

prototype

slice

call

HtSvj

YYXAJ

IolsH

mkdirSync

gmJxR

IOGgh

wZJSO

BsbId

VtESE

yyqsu

VtESE

lNsfS

HJkvB

MIFBy

writeUInt8

length

split

min

wZJSO

min

HpJNn

writeUInt8

wfeUT

writeUInt16BE

join

aSxhr

round

YGulp

wJaBN

writeUInt8

ceil

YGulp

wJaBN

oaESI

cHUto

zTVkb

linux

rBWLI

zTVkb

qvTtR

hSuBl

unknown

win32

BHzzQ

rBWLI

openbsd

hSuBl

MnqEk

Cvogq

jlSXh

iaQbN

doRvc

writeUInt8

KcdpS

length

toLowerCase

ABEtR

indexOf

kPgyX

ABEtR

indexOf

celeron

indexOf

HalWN

ABEtR

indexOf

JWpHq

ABEtR

indexOf

amd

pdQTw

indexOf

CToot

EVseT

indexOf

atom

indexOf

nkGwe

indexOf

ODJFL

EVseT

indexOf

Xccsz

zLIVw

indexOf

mcfri

zLIVw

indexOf

Bmpvt

indexOf

epyc

indexOf

YwMOe

indexOf

KAcMb

zLIVw

indexOf

XoxbD

indexOf

uUnNO

ceil

YGulp

writeUInt8

VYxUJ

LbMHu

DQdGt

createHash

md5

update

digest

slice

toString

bGSGQ

copy

length

split

toLowerCase

zTVkb

length

zTVkb

sEOdr

zypXG

WOhve

Undefined

Lpmfi

indexOf

my_pc_

zTVkb

art-pc

sCWnF

indexOf

VXORw

Lpmfi

indexOf

UDdth

Lpmfi

indexOf

SIxjT

zTVkb

cape-pc

zTVkb

DUoFm

Lpmfi

indexOf

kwCvQ

Lpmfi

indexOf

NWmVn

pJLem

PHnzQ

pJLem

XGNax

Lpmfi

indexOf

anna-

pJLem

gary-pc

pJLem

ynZgP

pJLem

fNpDY

writeUInt8

VYxUJ

createHash

zKoIn

update

digest

slice

toString

hex

copy

length

split

toLowerCase

aLvKX

pMQRN

RMarD

hjwPh

RMarD

lsPwV

RMarD

EYEpZ

wKiRn

RMarD

GiIea

ZYbzt

HCTdh

ZPuqm

XUoga

AlOVt

indexOf

pgOxM

WDpCD

AnoZp

qBAQC

ZGiUN

qBAQC

kaSGA

qBAQC

PPyot

iPHzZ

bBDMR

iPHzZ

WPAIo

iPHzZ

janusz

jLpYZ

hNmgw

jLpYZ

bVmeY

jLpYZ

OjOYV

jLpYZ

ocNyY

writeUInt8

createHash

zKoIn

update

digest

slice

toString

bGSGQ

copy

tbdMi

Intel Undefined

IPFmP

Intel i3

gjoXA

xfqnr

cuWQr

Iyslh

RBxyz

apGzw

jSNpp

MLuJQ

sueYE

SPLsx

BaKCN

CPU KVM/QEMU

AdGUZ

bHnlk

wEjcN

yOiHU

pzvzL

Duo

bHnlk

xRHMo

fvKBU

zCjou

x64

xqZKb

wEjcN

oZrtG

att

ZXiYN

obHHR

tJVGu

sEOdr

yYSbc

njIFM

sCWnF

rABmf

UDdth

shadow-

oekvW

DESKTOP-JTAPJCC

azure-

NWmVn

ifmeT

dillon

XkhHn

bAzti

ynZgP

Host1

TnPZT

obHHR

rjeJg

pMQRN

hjwPh

user

john

wKiRn

GiIea

HCTdh

XUoga

aChqi

AnoZp

ZGiUN

kaSGA

PPyot

bBDMR

azure

janusz

hNmgw

bVmeY

OjOYV

peter wilson

FASpT

ePEPh

wEjcN

FZXim

alnUO

kglSP

createHash

OkgJu

update

createHash

digest

slice

rYHWf

toString

bGSGQ

1|3|0|8|13|4|11|2|9|14|6|5|10|12|15|7

false

hMBrp

split

isArray

kbjWK

length

fraAo

string

length

ghBxR

length

jHEjx

ZitaL

9|117|111|127|173|143|157|38|124|171|88|66|102|108|172|24|16|131|55|92|18|43|23|74|154|148|58|105|3|138|14|175|106|96|61|115|29|177|153|56|83|149|10|132|79|118|28|155|113|44|0|62|86|181|100|46|76|120|34|101|97|126|41|72|60|123|103|121|145|68|150|52|27|119|147|50|166|137|112|13|156|42|12|122|36|178|1...

10.0.19041

2a4494

win32

10.0.22621

7c1a

cd4ec1

10.0.17763

299243

d1457b

administrator

10.0.19045

4085c6

6.1.7601

10.0.17134

10.0

6f2958

c39efd

1cce9e

10.0.18362

2088

NOUID

52c9

bf0760

10.0.19044

bf7e

35ae2e

d8716f

7bf5

2cb5a5

f3f0c6

Host1

user

Xeon

NOHID

e8b9

fca565

f2886f

AMD EPYC

10.0.10240

a888

70b4

d580

CompAlexey

alexeyzolotov

4b9de2

86438b

admin

56d4

d33e1f

9ec750

6.1

4f81e3

b75705

5a1d

10.0.14393

a739

32b1d5

DESKTOP

32b5

9f9d51

10.0.16299

570a90

e2c5

12a5b6

DESKTOP-JTAPJCC

3635

64ccb5

2be941

john doe

6.1.

my_pc_

10.0.18363

7f8794

7aed

lisa

dd15

6e6551

11d4d6

72e748

d04f74

2bf408

97a9d3

0fdc

88dba0

18275d

AMAZING-AVOCADO

52acd9

KVM/QEMU

ed6464

#56d4#

62efb9

9f72

bd9ff1

167bfe

d6a5b0

611a3e

6.3.9600

04159b

cc9adb

e717

646a8b

e32aca

72f6c0

c8b63d

7b7bc2

dillon

b71c

86131a

10.0.22000

a98d

930d8a

abcf10

b3c775

6bd1

d864df

10.0.19043

cb0013

5fd4c0

2652ee

3219

9db1e4

93a77b

george

10.0.19042

10.0.15063

2970

8e776c

100

EPYC

work

102

10.0.10586

3151

00181a

a8776a

e94c92

9ab4de

103

6adf97

104

6d05

6cfdbc

b38e56

105

harry johnson

106

107

108

55d8

109

c23200

110

13b4

ab86a1

111

9a50

275dec

112

113

77bd

736b19

114

e06b

6a29b3

46502a

116

851c

117

118

bac5dd

119

120

STRAZNJICA.GRUBUTT

121

122

709b

gary-pc

stark

124

a.monaldo

125

b5a0

126

goatuser

127

351468

128

26112

2988b8

129

a6f2

5b2e9c

130

131

anna-

132

804a

frank

6e64

747890

134

d0062c

135

3322

bca236

723943

136

8fdf0b

137

25cd40

138

art-pc

c037

b4a2c8

140

8215e4

142

6.1.7600

0b6631

143

145

5d0c

147

148

a65640

149

e379b3

72c1f0

150

151

152

3a83fe

153

8920

0cbc66

154

cd4ee8

56aee3

2b22

74529b

155

badfad

156

157

e1e853

95deb5

159

75c891

160

10.0.

b624

03fea1

4b33b6

b0f8e1

061613

162

18126e

bot 115 W7 Xeon H 24889e U 18126e

163

164

a30c

6eb45e

9a8599

166

b445bf

167

168

62327b

a4757d

169

f5faf7

f94649

170

2293

e8c630

3f9b99

azure-

azure

172

173

953225

john

176

db9a51

64ca98

9639a3

178

b6f4a2

180

2001f7

181

f1dd

182

183

184

1e75

185

092f16

186

7e0c8b

7b7cd2

187

c589

sCpTJ

split

ggsPe

win32

ggsPe

cXenu

mKCLI

qAGvE

mKCLI

YDhQj

iDxYb

AhfLb

rlgWM

KcnuM

gkXun

8726e3

JiONB

dAGND

IriFf

win32

PhPWm

RfiJg

CbvGF

gRYef

QcAyj

gRYef

YdYOv

JWlyo

win32

ODvzm

oCSaC

6.1.7601

nlgZp

indexOf

mars-pc

PlEON

indexOf

GJgjY

JWlyo

win32

KQvmN

rqiPn

oimiq

JzjHu

hjQRy

cwtgl

YDhQj

UmUCO

rqiPn

UmUCO

b1a8

UmUCO

7db39b

YDhQj

Rqbrz

KkRnU

UmUCO

YbcOR

9ca5a0

KkynA

YDhQj

MJRNB

oCSaC

KkynA

KkRnU

KkynA

vTgkN

HMVcK

ViDAO

41c07c

ViDAO

win32

BNhin

MCSNG

UPtOA

RQmJF

isArray

sCwbs

length

Sxsde

YDhQj

MJRNB

HrLmS

indexOf

ZimRy

NchKM

ZojCm

HrLmS

indexOf

john

sfJzD

YDhQj

jqxzy

rqiPn

jqxzy

HRAUo

gGucM

BbzHg

GqbBK

win32

MJRNB

DHphY

sjbin

kuzmZ

PWudD

indexOf

admin

sjbin

YDhQj

iGDQM

oCSaC

sjbin

ZZQqj

MCSNG

ZZQqj

SmpaM

EHBOz

ztCod

indexOf

DESKTOP

ztCod

indexOf

tdFDF

ZZQqj

win32

iGDQM

rHUaP

ZZQqj

6.1.7601

mXGWx

oIegE

indexOf

NOHID

ztCod

indexOf

tdFDF

oIegE

KIXjm

YDhQj

iGDQM

rHUaP

oIegE

rqiPn

oIegE

qjApp

zIjEE

WxCiG

9114

hllyU

win32

hllyU

IVXNc

AEUwA

vTxwI

pSQFi

PRdKs

PEmsU

kFHeO

YDhQj

AeKOz

DFxVV

KkRnU

PEmsU

veReX

xnRPu

Djtsz

PEmsU

YDhQj

AeKOz

DFxVV

EYoMx

indexOf

Xeon

ztCod

indexOf

BNnrW

hXSkO

indexOf

evoKy

PEmsU

win32

EYoMx

DFxVV

PEmsU

IVXNc

aSYpt

BJjRn

zuWUC

4f5cec

zuWUC

win32

zuWUC

cXenu

dhvxM

cyatu

nrEBG

d76211

nrEBG

YDhQj

EYoMx

DFxVV

KkRnU

foLDQ

uqDgc

GQqxP

indexOf

bUwDx

hXSkO

indexOf

DidEO

hXSkO

indexOf

NOUID

dPtdo

YDhQj

eWMjX

KkRnU

gfUPf

hkqYU

tCnxm

MQNHB

BGRoD

MQNHB

YDhQj

KHHrx

mrbhb

indexOf

ZimRy

DADMf

IAEKy

indexOf

Xeon

indexOf

zxZZr

DADMf

OIpWU

DADMf

10.0.19044

mrbhb

indexOf

DidEO

DADMf

PosOu

lHeBy

7e73

aGfcp

BzQYk

ggGnJ

EZDiZ

fRXBD

indexOf

GJgjY

YDhQj

PGSqz

indexOf

HqPRq

PGSqz

indexOf

DPmjr

WYNWj

win32

oTzNC

eWMjX

OGIzU

KkRnU

OGIzU

zFFCO

eExbv

YDhQj

eExbv

10.0.19044

uGpUS

gkXun

uZQiO

oaLbo

uZQiO

591acb

YDhQj

uvlRH

eWMjX

uZQiO

KkRnU

KfkuH

IIcLh

KWuPO

JTEBH

indexOf

dtVFe

YDhQj

uvlRH

CAibr

KkRnU

pjImT

wvDtI

cuRjz

wvDtI

qneqU

VoAiR

jmONX

VoAiR

YDhQj

XLens

CAibr

indexOf

CSorE

NdDEg

vcEvt

indexOf

bUwDx

NdDEg

PHHQi

NdDEg

rabSV

DZxCf

YDhQj

DZxCf

rqiPn

FdKWN

jJrvn

YxoDB

jJrvn

WQEmE

YDhQj

vcEvt

mnMcX

SCtHW

ZMVNl

eAion

Repvd

EHtjD

LFDOm

YDhQj

GqXSc

iDxYb

Znpku

IZPYF

zhoXl

IZPYF

c350

tHext

YDhQj

KkRnU

tHext

vcEvt

indexOf

bUwDx

wUnzB

YDhQj

gRWGq

mnMcX

indexOf

dSUQk

indexOf

joe smith

BcYfh

YDhQj

BcYfh

10.0.19045

pcsGl

kYDPl

pQNzy

DBprP

ztVKM

ONKlQ

win32

mnMcX

ONKlQ

KkRnU

ONKlQ

fpafu

Pbxyy

xGTSN

indexOf

dSUQk

indexOf

dtVFe

win32

rqiPn

NxOTo

lyUVw

990d1b

582a34

YDhQj

lyUVw

rivJc

WIamY

lyUVw

YDhQj

lyUVw

rqiPn

lyUVw

BPeoK

RKUdV

tUpql

xkSKs

gRWGq

nXHGz

mEOyi

YDhQj

gRWGq

kJIgv

NdMnB

rqiPn

NbEsN

471915

zfMIm

win32

10.0.17134

indexOf

bhYuc

YDhQj

IpANq

EXWGr

KkRnU

EXWGr

qJenU

EXWGr

1cce9e

lHJae

indexOf

admin

lKVmx

win32

XLxvV

iOuHE

THZxq

qIGlF

lDBxw

rqiPn

PyzPo

indexOf

bUwDx

vqDBV

YDhQj

OOIZb

XLxvV

lHJae

indexOf

bea-chi

lHJae

indexOf

pZuqr

kQwCc

win32

kQwCc

RfiJg

xNZhH

IVXNc

KHIOz

wgBOG

indexOf

dSUQk

PDhen

YDhQj

OOIZb

CbZMp

wgBOG

indexOf

FcUuU

wgBOG

indexOf

CNIVw

wgBOG

indexOf

administrator

YDhQj

PDhen

hHbti

AocVm

ztGdU

orsqg

aff8

orsqg

win32

KmtHy

orsqg

KkRnU

mVoFe

ZugOu

vyFfR

a888

379a7d

zMPSy

indexOf

GJgjY

win32

KmtHy

dxNOF

KkRnU

Hbpyi

aBAUc

UDshC

aDUcy

CMqFx

aDUcy

b445bf

zMPSy

indexOf

TIarq

aDUcy

YDhQj

KmtHy

KkRnU

aDUcy

LHHoB

SwdNv

tDVfe

mnQTC

zMPSy

indexOf

GJgjY

YDhQj

wFHwx

iBQUb

6.1.7601

gjvAn

OMXTA

ABZzg

indexOf

GJgjY

gjvAn

YDhQj

eavTL

6.3.9600

eavTL

wcbBy

vEELF

TNLrM

AXFpj

YDhQj

wFHwx

CbZMp

6.1.7601

AXFpj

cTBZk

b71c

kyoim

IabcC

kyoim

HrVps

kyoim

YDhQj

wFHwx

indexOf

anna-

kyoim

IKgQP

win32

hMCeF

byvDU

uCuQw

ztmiU

yzAkr

cc1a

yzAkr

ptWrz

yzAkr

lAlFX

indexOf

GJgjY

yzAkr

YDhQj

hHbti

yzAkr

3e45fc

yzAkr

46e6f8

yzAkr

win32

jJLPv

indexOf

OQOqw

indexOf

harry johnson

lZjFQ

YDhQj

10.0.19045

AHwAW

BYjyH

bgTCn

BYjyH

YDhQj

wFHwx

indexOf

janusz-

jJLPv

indexOf

janusz

MbuGZ

YDhQj

indexOf

UGCiu

MbuGZ

jAXNK

YDhQj

BdqXh

AmxdP

cXenu

AmxdP

qAGvE

YDhQj

AmxdP

IVXNc

AmxdP

XhLBY

AeAvQ

XhLBY

YDhQj

ErAOD

XhLBY

KkRnU

nfpPD

Dggbn

nfpPD

bDGma

BcrUB

YDhQj

OpfAe

RfiJg

OpfAe

LHcpJ

yKMYZ

YEWeZ

dprpo

zQBtj

iCgBy

win32

iCgBy

bkOAt

10.0.10586

yvpDv

KkRnU

vQBrK

AVCrk

JHqMc

3151

jJLPv

indexOf

DidEO

RicnQ

indexOf

NOUID

UFlWC

YDhQj

QMdhV

iDxYb

UzEAI

nozan

rogJT

rJXji

lFwrm

rogJT

YDhQj

ErAOD

rogJT

xNQTf

akcjg

6.1.7601

akcjg

iBYqq

indexOf

bUwDx

indexOf

DidEO

VZJLG

indexOf

GJgjY

gMLve

win32

iBYqq

ErAOD

wiOlW

vsdVD

NZDZE

PMTYg

yWmxI

jezgB

dUYMv

YDhQj

10.0.18363

ZGIWa

AuoIb

pUJzx

Amxts

YDhQj

Amxts

10.0.19043

YNCSv

436f

YNCSv

ZklLk

YDhQj

indexOf

DESKTOP-JTAPJCC

ZklLk

win32

iDxYb

ZklLk

JtSaX

tiyRy

qCmOK

YDhQj

pxopT

ErAOD

VZJLG

indexOf

DESKTOP

indexOf

dtVFe

vFLAL

10.0.18362

XCzqf

indexOf

bUwDx

vFLAL

YDhQj

pmSxR

IvUhA

rqiPn

vFLAL

ZjUkZ

icZXw

YDhQj

pmSxR

ubvuc

adIxe

indexOf

FcUuU

adIxe

indexOf

DESKTOP

adIxe

indexOf

admin

PGgMl

YDhQj

xtevA

rqiPn

joYNP

rsCtw

ajRop

eriNi

win32

BaBdb

vsdVD

uaaVF

VJCzj

hQOKt

uaaVF

YDhQj

aoxIw

indexOf

tonhr

adIxe

indexOf

peter wilson

UEKum

YDhQj

UEKum

SmpaM

UEKum

JCAvw

UEKum

YDhQj

veKeT

6.1.7601

nKaQc

tngIk

GVxwg

tngIk

YDhQj

tngIk

ntzGB

wxsPM

tngIk

efba14

wfQWw

gNXTC

iTqdB

YDhQj

adIxe

indexOf

ZimRy

VArpQ

1285

VArpQ

ytGDM

VArpQ

YvKKp

NRANj

YDhQj

QGmVN

NRANj

KkRnU

NRANj

VkFyP

yARtG

bb2e4c

BvfqV

win32

10.0.22621

oFPkp

32b1d5

oFPkp

win32

oFPkp

iDxYb

KPBQY

qAGvE

KPBQY

YDhQj

OBMsE

UDDaZ

PPgRF

GXOdy

PPgRF

rqiPn

sbnyS

LFnvy

JAJUP

ioZfD

ZwyTY

win32

FSGHF

isoHs

indexOf

NOHID

IVSYF

indexOf

evoKy

arTzi

SmpaM

KkRnU

tUijm

YDhQj

dklru

PwMIf

5bc06f

dklru

YDhQj

10.0.22621

dklru

xvMPO

dklru

YDhQj

dklru

ntzGB

dklru

mKxlK

9d5196

mKxlK

YDhQj

hKRwq

xccmm

indexOf

Xeon

SPZSb

indexOf

BNnrW

jnhFI

indexOf

evoKy

win32

hKRwq

xccmm

mKxlK

6.1.7601

mKxlK

BWgSp

cvRGZ

4ed984

suJYW

qUehp

suJYW

YDhQj

hKRwq

xccmm

6.1.7601

uqFJC

IzBke

zvpEJ

qjFGP

QpyNN

AaMyf

win32

hKRwq

IJKwD

QpyNN

IVXNc

QpyNN

ZdIIx

033bd9

ZdIIx

YDhQj

FDMfb

indexOf

UGCiu

ZdIIx

vgWWT

YDhQj

jnhFI

indexOf

ZimRy

vgWWT

XyscR

jnhFI

indexOf

EOGNC

XyscR

win32

XyscR

EHreh

LdTmI

ztbBB

fb6ab4

ztbBB

YDhQj

IJKwD

ztbBB

zXYLB

KYBVA

RsYvV

yNyFL

PgvwC

RsYvV

YDhQj

IEAeE

indexOf

ZimRy

indexOf

GcpmS

FDMfb

indexOf

bUwDx

indexOf

shadow-

IEAeE

indexOf

shadow

101

RsYvV

YDhQj

oTAJq

IEAeE

indexOf

6.1.

ZwsIC

indexOf

jPapJ

jxJRt

indexOf

dtVFe

bTKru

dAtbw

YDhQj

dAtbw

ZdbYD

indexOf

DidEO

ZdbYD

indexOf

NOUID

10.0.19041

BqwYE

Enfpi

BqwYE

AsaSX

BpbEO

zFoDk

dVpKi

YmQDZ

TXEpK

zFoDk

129654

f7e0fe

ywCYC

LPAbw

win32

Hfstt

IJKwD

XVaKL

KkRnU

dxaLC

vFqRE

indexOf

GJgjY

dxaLC

YxoDB

dxaLC

JkCcM

fgoPs

dxaLC

YDhQj

YOhWk

rqiPn

BdFJW

FOsfs

SoJRJ

SZbaE

SoJRJ

OFWJA

SoJRJ

oEsfL

MOfaW

YDhQj

IJKwD

SoJRJ

GXOdy

vFqRE

indexOf

JoYue

mBGNY

SoJRJ

YDhQj

Hfstt

vMInn

indexOf

KVM/QEMU

zNVGF

jBQuN

lsWTw

YDhQj

QjpYO

xpPVu

yCxMU

IVXNc

yCxMU

kJIFb

f4cb33

XiKGk

kJIFb

YDhQj

SbCfa

xpPVu

kJIFb

IOgrZ

KkRnU

fUMKs

OIpWU

MFeJH

oLKHp

indexOf

NOHID

bXKsO

indexOf

tdFDF

EusBV

YDhQj

mWOCn

eZPva

mWOCn

769fc7

cXeVs

mWOCn

YDhQj

mWOCn

10.0.16299

mWOCn

puDBe

MCbre

KTBRS

jtknz

MCbre

dc599a

ZuvMz

Apeyx

YDhQj

OFzqz

cStZH

OFzqz

oWHuV

351468

wnTUn

OFzqz

YDhQj

SbCfa

xpPVu

OFzqz

MCSNG

SmpaM

ExUhL

EHBOz

indexOf

dSUQk

indexOf

tdFDF

nidHL

YDhQj

bXKsO

indexOf

10.0

ExUhL

fnCPb

indexOf

dSUQk

GFPqt

ULVis

RSJZX

win32

EtwOw

ExUhL

IVXNc

ExUhL

FnaYr

BzEUE

LGual

PpajP

zkhwc

115

OYhwi

win32

XFbyp

KkRnU

wwdAl

mnqJv

indexOf

administrator

lJDIM

wwdAl

win32

OVdUN

wwdAl

LGtsv

wwdAl

061613

nIHVt

pHiXY

jFDLT

YDhQj

ZEMsb

fnCPb

indexOf

ZimRy

TwGAi

indexOf

dSUQk

JCAvw

cIrLr

GCYZe

Ovdjx

YDhQj

EtwOw

HcnfX

Ovdjx

KkRnU

KWuPO

DRETg

indexOf

admin

lqYSJ

cGKnO

win32

HcnfX

PtHsa

indexOf

6.1.

csdtc

indexOf

heJsi

sanra

YDhQj

qcMdl

KkRnU

csrQQ

UgWBm

csdtc

indexOf

DidEO

indexOf

john

HfoIX

UgWBm

YDhQj

OXpWL

KkRnU

OXpWL

TNOfC

10.0.15063

TNOfC

OeEvP

qzNKu

indexOf

DidEO

indexOf

dtVFe

wqHID

123

OxFwF

YDhQj

OxFwF

qzNKu

indexOf

FcUuU

UFRYH

indexOf

qUYGu

UiaXN

indexOf

FKukt

ZVcrV

YDhQj

EtwOw

RSAHO

indexOf

zPmcD

OxFwF

KkRnU

lztjH

sugPe

indexOf

Xeon

Eumea

lztjH

YDhQj

sugPe

lztjH

6.1.7601

lztjH

oxAyo

rRjcA

gJoXW

nuVAn

gJoXW

73a080

qUNAq

YDhQj

QKUut

LkAok

mCfVo

indexOf

FcUuU

jKOcj

indexOf

lHrYx

WTtfy

gJoXW

YDhQj

QKUut

LkAok

gJoXW

cStZH

BBcyg

NInIP

prfDF

tqzbh

YDhQj

AJdMR

rNRlx

10.0.18363

oaBye

QTGMU

oaBye

ORkip

JnwUN

fxoqZ

bDjMP

YDhQj

bDjMP

6.1.7601

rySvp

FwUUe

AJdMR

kggtA

FwUUe

gknjH

zOVZh

UzoTb

hBBAh

YDhQj

AJdMR

nXFzB

UzoTb

zXYLB

5803c5

dABbS

YDhQj

UzoTb

NWzKS

indexOf

DPPHG

NWzKS

IKgQP

XscHw

YDhQj

EfKOS

urfUz

indexOf

10.0

hHbti

NWzKS

QxyRl

fuJNp

urfUz

indexOf

dSUQk

urfUz

indexOf

SwVbG

133

fuJNp

YDhQj

GaeTd

rqiPn

GaeTd

XeDGt

fnyYJ

LvKsC

wNMoq

FzOlx

TUQjg

win32

fBZpQ

d61484

TPbKR

Wgzsh

YDhQj

iDxYb

fBZpQ

BuQwG

VXTnw

jCMNs

jPoZz

QdWnV

BuQwG

win32

AJdMR

ZpaQo

ukeIB

KkRnU

ukeIB

moTpy

wqHID

HWPwl

KsjDl

WRcWf

MhgCC

YDhQj

MhgCC

KkRnU

MhgCC

pZlQV

rndOc

59a422

ciPSM

YDhQj

aPJgW

CmIzz

6.1.7601

indexOf

msnfI

WVMSO

indexOf

administrator

139

CmIzz

YDhQj

CmIzz

iDxYb

FUJDy

PHosU

nLsdA

PHosU

SlROv

zJhaJ

fKqef

win32

6.1.7601

fKqef

mnyFr

vGKYa

f6b8ae

yYQgx

141

yYQgx

YDhQj

mXKvg

hHbti

YxtJT

0bd650

xltpt

IqFLx

TjXon

tPymP

YDhQj

ZpaQo

QRPWU

PNYMX

QRPWU

zOWUE

PsojF

a592e8

VyNcu

dVeDr

IVDqK

sBNbx

YDhQj

rdVSz

sBNbx

275dec

sBNbx

351468

144

sBNbx

win32

rqiPn

sBNbx

ajRop

EiCFc

HYhFa

YDhQj

VxPSA

indexOf

10.0

mIfUA

indexOf

UGCiu

EiCFc

qiLmO

tDvEx

10.0.19044

indexOf

dSUQk

bc54f4

146

VkusS

YDhQj

ZpaQo

6.1.7601

VkusS

fbPPW

qhUMl

ONwzN

khGxd

ONwzN

YDhQj

VDSQz

10.0.14393

ONwzN

QMsik

indexOf

dSUQk

VxPSA

indexOf

dtVFe

cdELI

eXDLS

YDhQj

OnuLq

6.1.7601

eXDLS

SBEpI

VDSQz

indexOf

bUwDx

ICHXb

ttMHs

5bc06f

SqoNk

FcLsg

YDhQj

EYFqa

FcLsg

KkRnU

Ekssd

WKqYn

indexOf

Xeon

Ekssd

utmgA

VdtWW

tNcpK

nrKjV

xHzyS

win32

WKqYn

iWuSJ

xHzyS

KkRnU

xHzyS

QpdDe

OMXTA

VxPSA

indexOf

GJgjY

UWDJV

QpdDe

YDhQj

qUgxw

cAJNB

kcUMc

KkRnU

kcUMc

OhbTq

kUGNr

AkjKz

akROW

AkjKz

YDhQj

AkjKz

iDxYb

bmwUT

WXNla

d38e35

tDdQm

WXNla

YDhQj

qUgxw

MGLBR

indexOf

10.0

indexOf

dSUQk

WXNla

xKRPk

iDxYb

QyaUt

FkyXb

QyaUt

ItwsU

CEXyQ

QyaUt

YDhQj

QyaUt

6.1.7601

GjdEY

JbVpb

tipRb

JCAvw

tipRb

RMZSd

cIrLr

tipRb

7fa24d

IquEM

HcMNt

nnbTK

whVmC

nnbTK

4b418f

nnbTK

gHKSf

CGDNG

nnbTK

YDhQj

QsPdB

MGLBR

VxPSA

indexOf

ZimRy

nnbTK

WrAqv

KZbeg

HNjpV

JlGnS

indexOf

dtVFe

zrHUK

KZbeg

YDhQj

EDSTS

MGLBR

IOoYf

KkRnU

10.0.18362

uFPWl

EHBOz

cPTWG

uFPWl

win32

kLtRR

MGLBR

iaMqk

jhzJL

uFPWl

KkRnU

uFPWl

158

TllWJ

win32

iDxYb

JlGnS

indexOf

dSUQk

TllWJ

sWtwF

AplEs

win32

PNYWV

TllWJ

6.1.7601

TllWJ

MtYDI

a739

MtYDI

d60869

tiGpr

ovioi

rcAMP

tiGpr

YDhQj

PNYWV

WFteb

indexOf

FHrum

LDRhC

dmAuO

zaESx

gSzfN

spsjA

fxdKt

161

AEmTS

win32

PNYWV

RXPhy

pYlxs

dArXW

LGtsv

UtbuS

UrzpS

JLczQ

amVqU

qXnJy

JLczQ

win32

PNYWV

NGkEJ

lrjMW

KkRnU

lrjMW

zRdeV

24889e

zRdeV

gbpsZ

pMZxa

IRxPe

YDhQj

PNYWV

NGkEJ

Utuca

10.0.19045

cetAl

bCEPA

TnRdu

PzOGs

YDhQj

iDxYb

PzOGs

uWugH

rlLpV

MVVMx

165

rlLpV

YDhQj

PNYWV

NGkEJ

isOdw

IVXNc

isOdw

faVNg

zLrzp

hVnwd

MVYwm

zLrzp

YDhQj

VuQQR

NGkEJ

HfFBM

6.1.7601

HfFBM

sDuEo

JlGnS

indexOf

TIarq

aaVjV

HfFBM

win32

fJMRM

NGkEJ

rqiPn

HfFBM

itRxP

RUVPI

Oveum

RUVPI

YDhQj

RfiJg

RUVPI

mhkCf

KdItS

qyMWv

bRXDV

GfKLh

KdItS

YDhQj

pYhkG

KkRnU

pYhkG

Lvulr

pYhkG

NaKaW

VUIJj

win32

fJMRM

NGkEJ

pYhkG

iDxYb

2253

QaqwL

xfSfs

SyFPV

Xomep

RZIKu

indexOf

DidEO

JlGnS

indexOf

tdFDF

171

YDhQj

vbdmx

kfTEK

indexOf

WxRxm

kfTEK

indexOf

pvdFp

KkRnU

xUThv

indexOf

bUwDx

VBkVn

win32

fJMRM

iNLDf

indexOf

HqPRq

XdvIs

indexOf

DPmjr

hTmjk

YDhQj

fJMRM

iNLDf

xUThv

cStZH

xUThv

275dec

174

YDhQj

IGSVC

iNLDf

IGSVC

indexOf

bUwDx

xUThv

IVXNc

xUThv

KiZvS

indexOf

DidEO

XEYHK

indexOf

admin

175

AZEPu

win32

IGSVC

iNLDf

Ozwwo

KkRnU

Ozwwo

gwjAb

eqHrg

indexOf

FwLhY

bYrpk

MccmF

win32

MccmF

iDxYb

vziTR

Annoa

HWvVP

wBQir

tUvzh

177

win32

iNLDf

indexOf

ZimRy

jlEps

indexOf

bUwDx

eTIoh

10.0.15063

iOfpT

50ab44

lVQpF

OSVVi

YDhQj

iNLDf

indexOf

DESKTOP

lSXUC

10.0.10240

lSXUC

179

lSXUC

YDhQj

lSXUC

rqiPn

lSXUC

ZNFqh

b7e24d

aLcUq

sXUlD

ZNFqh

YDhQj

FdUwk

iNLDf

KkRnU

ZNFqh

QQNEp

XgWdX

PosOu

fmbRi

eqHrg

indexOf

GJgjY

LNdNY

PjeLx

YDhQj

vyKmj

ntzGB

eqHrg

indexOf

dSUQk

vyKmj

NsJMp

GkHaP

Lofco

NsJMp

YDhQj

10.0.18363

LeBOl

tpBrW

ztGdU

bTGNI

gqJIt

YDhQj

FdUwk

iNLDf

Flwuz

iDxYb

Flwuz

2cd67e

WDOlk

Flwuz

YDhQj

RfiJg

10.0.19044

Flwuz

jxhJn

SppKg

indexOf

DESKTOP

jxhJn

oMJwM

pNyiv

CphNo

YDhQj

KkRnU

fPWdD

ZWTWH

pBruB

wIHTR

48fdf5

DifdD

kIyna

YDhQj

pWPXo

iDxYb

yGXPX

hzxcD

gwLuo

GykNB

cnWSu

FptWx

uDkYX

YDhQj

bKeLU

iNLDf

bKeLU

indexOf

bUwDx

cnWSu

KkRnU

zoWfj

EMlHu

zoWfj

xNQTf

SppKg

indexOf

administrator

Quad

UI16LE

UI16BE

UI8

HEX

hex

GUID

UI32LE

FTIME

DTSTP

STR16

aVBZF

MLPvC

UOTJG

UI32LE

alloc

writeUInt32LE

UI32BE

alloc

writeUInt32BE

QUFUr

alloc

writeUInt16LE

DsBXq

alloc

writeUInt16BE

mGgdE

alloc

writeUInt8

EOUrl

from

XDxFf

hGGmA

split

AWRmy

NyQFz

XGuAT

QUFUr

frWsD

isdnB

QUFUr

GpgAK

falOo

EOUrl

falOo

EOUrl

concat

fajxP

YZOsO

EIMXL

JNGCC

YZOsO

floor

EIMXL

floor

kxUST

RXJrZ

UI32LE

URhcI

NyQFz

concat

YgFHP

VjjvZ

OPKlv

JNGCC

getFullYear

NNkil

JFStW

getMonth

nkSkk

getDate

URhcI

QUFUr

nmTVO

OPKlv

getHours

jPWbx

TmXQS

getMinutes

jPWbx

floor

kxUST

getSeconds

QUFUr

concat

tcEvB

alloc

YZOsO

length

WGDOH

length

writeUInt16LE

charCodeAt

WqMGn

undefined

fXEJd

bMTRf

zJCdY

push

snWSZ

qVNUv

EEdTM

yQpGM

lqFtm

ppid

lqFtm

ppid

frWsD

\.\

3|5|4|0|1|2

split

Etefv

substr

FBHTm

length

Yuhos

substr

indexOf

split

join

Yuhos

substr

length

substr

UPztJ

length

UfolY

indexOf

xLFpi

split

xLFpi

join

1|4|3|0|2

UI8

UI16LE

cmd.exe

STR16

base64

C:\

rpcsrv

tmpbuild

_i_

undefined

0|4|2|1|5|3

object

TsWeu

QBjZS

CxEvA

nxFqp

ClJXG

SiBJY

nOHRa

max

min

UI32LE

00021401-0000-0000-c000-000000000046

FTIME

eRMxT

wagNX

GUID

20d04fe0-3aea-1069-a2d8-08002b30309d

zguDz

4|1|3|2|0

fLNnC

DTSTP

nXimr

oyUKj

dmbtp

iDANk

bExVx

alTGw

rXAhA

hbbSl

length

RyDLN

name

length

name

file

length

file

workdir

length

workdir

args

length

args

icon

length

icon

now

workdir

QQeOE

workdir

FZFLb

workdir

indexOf

workdir

readFileSync

file

gQbPi

sVmkg

ctNmU

file

FPtwT

file

indexOf

nzKIr

gQbPi

nzKIr

BNzmT

gQbPi

Bgwjy

JXGQd

split

AujxR

SLRNK

AujxR

kJcnA

push

alloc

push

from

AObId

SLRNK

file

BNzmT

aqdhb

kwXCG

aSJHK

file

workdir

FZFLb

workdir

indexOf

gQbPi

workdir

aXvJs

split

flg

name

flg

QMtbW

file

flg

UXIdg

workdir

flg

UXIdg

args

flg

aYYIx

icon

flg

tnlfm

att

file

gQbPi

kePMu

ZAVIR

file

att

Cnmtf

JQzWz

writeFileSync

pf2

readFileSync

att

shcm

Ebjke

show

yIxlT

shcm

Ebjke

show

fgWlb

Aahln

show

shcm

IEGXH

GUID

VWVcO

UI32LE

flg

IEGXH

att

bPtJH

ftc

onhDn

bPtJH

fta

zmjSh

bPtJH

ftw

zmjSh

IEGXH

fsz

Uglxn

IEGXH

icidx

Uglxn

IEGXH

shcm

kJcnA

hky

Uglxn

kJcnA

Uglxn

IEGXH

QsvkO

IEGXH

concat

flg

gQbPi

TZsBD

Eiynl

QsvkO

UI16LE

WwuDy

kJcnA

WwuDy

SLRNK

mSRip

SLRNK

winrc

ZNtwT

length

Ebjke

substr

gQbPi

qRdIQ

PgFCN

ITsGs

split

push

alloc

SLRNK

mSRip

SLRNK

push

from

FNCHC

kJcnA

unshift

MYOTF

qtbUA

length

UCpnS

ipDvl

args

trim

AujxR

kJcnA

length

onhDn

XzaYN

length

from

file

LTtwI

oguhN

length

mSRip

kJcnA

length

mSRip

SLRNK

KqLPu

SLRNK

IEGXH

KqLPu

DTSTP

ftw

oAGVk

kJcnA

push

oAGVk

SLRNK

kJcnA

rciJC

IEGXH

laZDn

OHvJZ

ftc

dwzbx

DTSTP

fta

length

xkHyE

kJcnA

FNCHC

length

kJcnA

qxKEK

STR16

qxKEK

kJcnA

qxKEK

kJcnA

concat

writeUInt16LE

length

push

concat

writeUInt16LE

length

push

jRdvz

kJcnA

parse

from

env

LU0

yTbAy

toString

concat

length

writeUInt16LE

oguhN

length

IgtZK

lXfVx

flg

TyesJ

daGuK

att

name

jRdvz

kJcnA

length

ndnJR

XzaYN

grBZB

flg

TyesJ

BOUsw

cQHOC

rqalb

aXvJs

file

vlyWr

kJcnA

length

STR16

ZAVIR

LlRkK

IXokp

YcFWg

hkyGT

YQIlf

oOnNJ

LU0TO

eJTKM

.txt

readFileSync

toString

trim

SMUKn

lXfVx

flg

VeBXb

FKNTI

DRbrc

workdir

EnSlZ

length

vlyWr

kJcnA

length

STR16

QrcMv

flg

TyesJ

CxwHs

qtbUA

fromCharCode

aSJHK

args

trim

UI16LE

length

riQGr

XzaYN

QrcMv

flg

oLMHt

ReiWS

DRbrc

icon

BPtRc

kJcnA

length

ALqnq

STR16

oKcWi

code

tBNyJ

oKcWi

signal

length

ALqnq

IEGXH

concat

TyesJ

VPGAv

UHZQK

writeFileSync

kaule

split

from

stringify

concat

update

final

createCipheriv

aes-128-cbc

slice

randomBytes

writeFileSync

prs

EMVVo

YGkFO

name

onhDn

UI16LE

length

XzaYN

.exe

\Microsoft\Windows\Start Menu\Programs\Startup\

.lnk

gqpuh

DFLjD

PMrpc

DFLjD

PMrpc

DFLjD

aup

PMrpc

delBW

ulnJX

tmp

vJsUC

AVzom

FlYeT

vJsUC

AVzom

vJsUC

Gcazo

apd

hUEhq

AVzom

kVUvw

AVzom

PVWUg

KXBHy

obbav

AUfNa

prs

PMrpc

prs

exit

mkdirSync

0|1|9|3|15|10|11|14|7|5|8|2|4|12|6|13

string

false

uncaughtException

5|1|0|4|3|2

aes-128-cbc

UI16LE

mUMqT

XdUjg

CunkH

JZGjA

uxefT

fKMiM

Bmsha

wHTLs

fAnpO

log

prsv

pf1

pf2

zaCnV

AByYO

mUMqT

statSync

pf1

mkdirSync

existsSync

resolve

argv

resolve

argv

CtsiW

RleBo

CvNcB

statSync

pf1

xYYdp

split

isArray

xcKkA

length

Evvsq

cttHy

length

ICqlI

length

AHyVu

mNMaO

split

AERqu

bOKKl

statSync

BiTCP

XfHjK

size

AERqu

JZGjA

ZQNEc

writeFileSync

pf1

readFileSync

uerepl

jPqLb

removeAllListeners

log

QXAmS

stack

log

stack

LTHoY

uxefT

ePoQl

file

statSync

pf1

XfHjK

size

SZNnh

AFpIb

hYWji

split

createCipheriv

ZYzza

slice

randomBytes

writeFileSync

prs

concat

update

final

from

stringify

statSync

pf2

GrYnr

vbudn

APJkr

log

statSync

XfHjK

size

msITt

EKjRH

workdir

CHlxz

length

qqtpM

rzbSd

length

qqtpM

STR16

writeFileSync

pf2

readFileSync

jYJwE

fAnpO

env

AERqu

toLowerCase

env

statSync

pf2

size

basename

pf1

basename

pf2

argv

Bjosj

join

pf1

pf2

resolve

pf1

resolve

pf2

resolve

argv

resolve

argv

MikPi

bmgRo

\Fonts\micross.ttf

hex

Washington1

Microsoft Root

UETpe

roUBV

OJxNg

hnDwO

outerr

push

readFileSync

length

toString

VWdwn

from

eKWHP

toString

hex

nJDnT

indexOf

from

ubrKw

toString

VWdwn

indexOf

4|0|5|2|1|7|8|6|3|9

hex

\Fonts\micross.ttf

LKdhx

HVoxc

RLPQh

length

CxgHh

YWwie

HnlFP

leWiC

split

toString

hAHUD

length

xhtOR

indexOf

ecdIo

Xclqa

readFileSync

from

Microsoft Root

toString

hex

from

Washington1

toString

hAHUD

KwozN

indexOf

5|2|0|1|3|4

split

session

push

pid

push

path

length

path

name

VqSHI

raBld

ppid

NPVwl

OWBOY

msiexec.exe

XYbeJ

VstNW

pNmWC

zUCKA

bhfOC

pid

mnvWB

length

pNmWC

OWBOY

gHhGq

OWvHe

ZFEvI

length

BZKSP

toLowerCase

indexOf

ySIBZ

pNmWC

Uxzcj

XYbeJ

ppid

length

tree

path

toLowerCase

name

toLowerCase

pid

indexOf

ySIBZ

YUMUn

indexOf

push

iCJHt

length

aquHb

IrmLt

ppid

Xgawc

ppid

RUZJl

mkdirSync

VnYCt

length

log

psls

KyfCh

vrZoJ

ktmr

JHlBU

LZjhi

4|2|0|3|5|1

aes-128-cbc

wwMHO

VBwEG

uWItC

floor

mPFnw

FSVWz

pop

bMtVy

split

createCipheriv

NazwO

slice

randomBytes

concat

update

final

from

stringify

writeFileSync

prs

85|132|55|173|164|0|129|4|113|27|72|65|54|29|126|116|177|13|142|8|59|40|79|26|141|123|102|93|137|64|105|183|71|100|70|101|104|146|77|119|136|45|61|38|15|3|149|181|99|5|92|46|86|134|67|31|75|48|186|110|11|24|147|182|60|42|179|33|114|43|138|185|163|69|135|76|90|96|66|109|18|25|139|111|145|20|9|16|73|3...

win32

275dec

10.0.19045

990d1b

582a34

2cd67e

DESKTOP

b71c

bac5dd

10.0.16299

570a90

bea-chi

john doe

6.1.7601

62efb9

a888

administrator

Xeon

Host1

user

10.0.17763

10.0

george

10.0.19044

f4cb33

anna-

10.0.15063

8e776c

dillon

peter wilson

a739

d60869

10.0.18362

2088

c23200

769fc7

10.0.10240

c39efd

6.1.

goatuser

admin

azure-

9ca5a0

55d8

NOHID

10.0.22621

95deb5

my_pc_

10.0.18363

7f8794

aff8

john

f5faf7

f94649

e32aca

804a

10.0.19042

fb6ab4

64ccb5

62327b

a4757d

gary-pc

stark

611a3e

e379b3

72c1f0

10.0.19041

2a4494

10.0.19043

STRAZNJICA.GRUBUTT

NOUID

7c1a

8726e3

cd4ec1

033bd9

4b9de2

591acb

092f16

10.0.10586

00181a

a8776a

e94c92

9a50

13b4

ab86a1

9f72

bd9ff1

b5a0

janusz

ed6464

3151

10.0.17134

EPYC

shadow-

shadow

32b1d5

c350

86438b

KVM/QEMU

6d05

b38e56

b445bf

lisa

0cbc66

6eb45e

AMD EPYC

7e73

70b4

d580

b6f4a2

3e45fc

46e6f8

2988b8

6.3.9600

04159b

bf0760

9114

e8b9

fca565

f2886f

d0062c

5803c5

72f6c0

25cd40

851c

b0f8e1

061613

77bd

736b19

100

101

46502a

102

harry johnson

103

e2c5

12a5b6

4f81e3

b75705

52c9

db9a51

64ca98

107

3219

108

109

work

111

709b

112

4f5cec

a.monaldo

114

bc54f4

115

4085c6

116

alexeyzolotov

e06b

6a29b3

6.1.7600

a592e8

0fdc

cc1a

88dba0

18275d

bot 115 W7 Xeon H 24889e U 18126e

121

122

cb0013

5bc06f

123

a65640

124

10.0.22000

9d5196

125

9a8599

126

CompAlexey

127

bca236

723943

128

129

130

10.0.14393

131

379a7d

132

c037

b4a2c8

134

135

1285

abcf10

137

mars-pc

138

139

d04f74

2bf408

141

cd4ee8

7fa24d

2b22

4b418f

74529b

142

97a9d3

d1457b

a6f2

5b2e9c

145

146

50ab44

9639a3

147

DESKTOP-JTAPJCC

3a83fe

d38e35

149

56d4

9ec750

150

2253

2293

e8c630

3f9b99

151

152

167bfe

153

646a8b

154

0bd650

8215e4

155

6bd1

d864df

bb2e4c

4b33b6

c8b63d

160

41c07c

7e0c8b

a98d

efba14

930d8a

163

164

165

6e64

747890

166

8fdf0b

4ed984

2652ee

d76211

169

32b5

9f9d51

170

86131a

171

f3f0c6

172

b1a8

173

351468

174

175

72e748

dd15

6e6551

177

bf7e

35ae2e

178

179

6adf97

180

436f

181

badfad

182

183

953225

184

185

11d4d6

186

joe smith

5fd4c0

nGTMH

0|2|1|3|4

FsAuO

VPgik

dbLsA

FXmzJ

split

vQmtZ

VsBEq

weDyF

vQmtZ

cvHJG

351468

vQmtZ

VsBEq

pcCdL

JODfy

pcCdL

QRBFL

OrUQy

YAvly

maawR

YAvly

VsBEq

WPBuJ

gNFSR

10.0.22621

jjDXW

weiwE

xFbjz

Rekxp

xFbjz

win32

nRzAy

ltqOA

indexOf

10.0

xFbjz

ltqOA

indexOf

aUynh

xFbjz

HBVuX

SiPhV

UUENr

IHbuw

VsBEq

gAJcO

wkzhR

kVRJM

VsBEq

WPBuJ

SslWt

indexOf

RUqme

SslWt

indexOf

ahFmd

LbawL

VsBEq

bbdzn

cWsLi

siXqn

SfYwS

siXqn

kpCCP

gbQPM

#56d4#

eHYdL

yPjse

VsBEq

hMrij

fRnnO

eHYdL

SfYwS

lboUo

AfvZJ

InFEC

iKMuQ

2001f7

SslWt

indexOf

OBVCO

xDDAx

VsBEq

hMrij

BmyRw

hMrij

indexOf

RsuEI

UnbtS

indexOf

IdnuW

indexOf

njAWe

VsBEq

eoAxW

lPHNa

riHkb

10.0.19044

riHkb

PWDGK

indexOf

aUynh

PWDGK

1e75

CXFkj

VsBEq

SDexD

CXFkj

SfYwS

CXFkj

PzxDo

IQcAV

VsBEq

UnbtS

indexOf

JAVWM

olndB

TmAng

indexOf

SWqmf

olndB

VsBEq

zjVbE

olndB

TjFCo

olndB

UVRBh

win32

jeXnq

indexOf

uGmSE

97a9d3

jeXnq

VsBEq

zjVbE

UoOln

srgwd

2970

UoOln

uEfvV

UoOln

win32

AKWZL

Srklt

jrjuP

indexOf

dBQLv

indexOf

DHntZ

OBckj

VsBEq

OBckj

lPHNa

pjXgh

TjFCo

pjXgh

InYAe

jrjuP

indexOf

aUynh

InYAe

VsBEq

GUwHz

SfYwS

InYAe

gOuMz

BMRXW

dTfIb

bLCAu

HLnVv

75c891

VsBEq

HLnVv

TLfDS

SfYwS

yiqVn

KQLrV

YvLdR

eflNO

VsBEq

sSkYL

yXybE

xTdgz

yXybE

win32

TvvIx

GUwHz

jrjuP

indexOf

aUynh

yXybE

eTiyF

yXybE

FuEeZ

VsBEq

euawU

JODfy

yAAZy

HNxgU

aasXj

52acd9

aasXj

VsBEq

GUwHz

JODfy

aasXj

iocgu

ZPJpg

BjfTN

win32

10.0.19045

BjfTN

vIUIS

VdFZk

fsCMc

gOzvN

fsCMc

VsBEq

jrjuP

indexOf

ofPhD

JQcSs

indexOf

xmVlZ

mTlww

VsBEq

DOfVb

YqSCf

mTlww

6.1.7601

LvdCD

3635

KUYmk

VQLBg

OZsAM

1cce9e

JQcSs

indexOf

dYPGS

NePeg

VsBEq

JQcSs

indexOf

aUynh

JQcSs

indexOf

admin

NePeg

MqvpL

10.0.18362

DOfVb

indexOf

RsuEI

AqcbG

VsBEq

DOfVb

YqSCf

gbgSJ

indexOf

tXQHh

gbgSJ

indexOf

azure

AqcbG

SfYwS

FpnJS

gZMML

indexOf

RsuEI

FpnJS

VsBEq

KElqk

PxKXZ

FpnJS

SfYwS

FpnJS

VrdfG

FgPtN

StUhP

HsbNO

win32

URpTw

OBcVS

eMjGv

6.1.7601

HKpik

eTiyF

HKpik

lItlU

gbgSJ

indexOf

INSXu

upfSU

indexOf

NOUID

VsBEq

HKpik

NOOeK

upfSU

indexOf

aUynh

HKpik

GRKlp

TPXIc

win32

xynJg

indexOf

ofPhD

upfSU

indexOf

urVVh

upfSU

indexOf

administrator

ZnriJ

VsBEq

ZnriJ

jgywo

ZnriJ

ueXjw

tTTmf

nYwla

VsBEq

nYwla

6.1.7601

nYwla

lNYhz

indexOf

INSXu

upfSU

indexOf

Khlch

bWazf

win32

bWazf

SfYwS

bWazf

nLUWk

Vwoyk

nLUWk

rHZvd

VsBEq

utVvi

JODfy

IKYam

yZFnL

IKYam

VsBEq

yHsdF

Dlpll

IKYam

SfYwS

IKYam

IrsIj

OXvip

nsWhK

VsBEq

jgywo

CbNlo

kezQP

cc9adb

cABKe

VsBEq

yHsdF

Dlpll

EVSUF

indexOf

JAVWM

10.0.18363

fmPSs

fvZjo

fmPSs

EVSUF

indexOf

aUynh

EVSUF

indexOf

frank

fmPSs

VsBEq

fmPSs

tEnEt

fmPSs

mUkTH

saKmu

nOqmh

VsBEq

Dlpll

jwsdd

Uuyjy

2be941

EZWLF

10.0.19045

ZuJWR

indexOf

Xeon

EZWLF

win32

EZWLF

lPHNa

jqbqj

RXxFb

TeaIF

EFPzV

TeaIF

VsBEq

TeaIF

EVSUF

indexOf

ofPhD

indexOf

rQxSZ

EVSUF

indexOf

ZGaXR

TeaIF

win32

PoRZg

GrnDU

SfYwS

LcLNr

YecCM

ZuJWR

indexOf

RsuEI

indexOf

NOHID

indexOf

OBVCO

YecCM

VsBEq

ZuJWR

YecCM

KQLrV

OlCYX

pQrGa

b71c

win32

BPydf

SfYwS

HAehf

indexOf

RsuEI

uruwt

elsSa

sHqmO

LiusV

win32

IzMvm

QvTCZ

RWoxZ

eKPPT

iLKKa

win32

MYoPZ

xjCei

fKjki

WmQVE

mKzgn

JODfy

mKzgn

qLlyS

eOsiW

win32

eUvbS

xjCei

EVSUF

indexOf

ofPhD

indexOf

uRVyC

eOsiW

win32

eUvbS

xjCei

wSOsl

SfYwS

kjVCB

eUvbS

indexOf

RsuEI

EVSUF

indexOf

INSXu

indexOf

BMMdU

DimtH

VsBEq

DimtH

NOOeK

DimtH

IIpZb

FTTEV

tqMVf

IIpZb

MZZwS

IIpZb

VsBEq

qdqEF

xjCei

IIpZb

10.0.19044

IIpZb

iMGFV

VTzeQ

VsBEq

10.0.19044

iMGFV

HYVqO

7c1a

HYVqO

MpFDl

aRpqu

knFbV

VsBEq

SfYwS

lbYVR

fPRWa

48fdf5

lbYVR

VsBEq

lbYVR

CKaUy

EVSUF

indexOf

INSXu

DtPZN

indexOf

BMMdU

CKaUy

QvTCZ

MDOIU

CKaUy

3151

CKaUy

ahRli

CKaUy

DWBHm

CKaUy

DymnW

9ab4de

xkVNF

129654

xkVNF

f7e0fe

fPSpR

win32

fPSpR

CHuit

cvHJG

ZLJFA

351468

ZLJFA

VsBEq

SJZtO

gAJcO

TOAKx

GjMQC

SNsqp

liBMH

dc599a

SNsqp

VsBEq

fyAam

lPHNa

QYuqE

iGwwl

PawZc

SiqlM

iGwwl

VsBEq

VdjHP

xjCei

iGwwl

SfYwS

iGwwl

xFTGr

tkpLR

imvel

pWcHp

imvel

73a080

imvel

win32

VdjHP

ixbMK

VdjHP

indexOf

RsuEI

DtPZN

indexOf

Host1

MbATW

indexOf

njAWe

VsBEq

ixbMK

YCtrj

indexOf

janusz-

YCtrj

indexOf

rtHzQ

imvel

VsBEq

ijZJY

indexOf

10.0

imvel

6f2958

Mcbkt

indexOf

Khlch

XcsyY

VsBEq

vqign

10.0.17134

TvIGy

win32

10.0.19044

BxdfB

UtyuX

ppcLa

UtyuX

VsBEq

AkVCy

Ylxbu

SfYwS

MhKlf

indexOf

art-pc

CElAB

indexOf

OBVCO

pulCc

win32

pulCc

cruDy

hCCff

MDOIU

bgHJg

SfYwS

bgHJg

bjHdm

indexOf

INSXu

ugCbA

indexOf

BMMdU

VsBEq

HPOgA

cmCkJ

bgHJg

rakEi

WuWdm

KQLrV

rakEi

eflNO

HxYKh

indexOf

DESKTOP

HxYKh

indexOf

BMMdU

rakEi

VsBEq

QNIEd

indexOf

10.0

tQZyv

indexOf

pqzvd

mUvUN

indexOf

RsuEI

sVCfI

indexOf

fxuCa

sVCfI

indexOf

RqJGZ

rakEi

VsBEq

NOOeK

ayTgg

rakEi

iZxHg

DzNNk

VsBEq

SlAjb

6.1.7601

UpwSr

kYuIK

indexOf

dYPGS

UpwSr

VsBEq

ESMdE

VtRFB

JkokJ

indexOf

bxwPf

UpwSr

VsBEq

JkokJ

VtRFB

indexOf

bxwPf

joOMD

aaTVJ

win32

JkokJ

sVCfI

indexOf

INSXu

sVCfI

indexOf

user

KQLrV

bhsDm

SfYwS

wTmXo

win32

gKObw

zZqKL

indexOf

RsuEI

gNhRP

SfYwS

gNhRP

XjxeC

c589

agKvT

PoRZg

jzZTo

indexOf

OBVCO

GjHGZ

VsBEq

rwhaU

zZqKL

mPbBy

JODfy

ZPFND

CboEA

zXRIG

CboEA

6cfdbc

CboEA

INdgr

CboEA

VsBEq

QSyrV

MhQvi

yLCXf

indexOf

ofPhD

indexOf

aUynh

yLCXf

indexOf

dYPGS

VsBEq

zjdUh

MhQvi

Kfkpx

6.1.7601

knNGs

DhKmj

7aed

rGBNw

RIVvk

oXgEG

indexOf

qiAdQ

VsBEq

lORUR

tuHxL

oXgEG

indexOf

JAVWM

oXgEG

indexOf

aUynh

flUwU

10.0.22621

BmHBM

8920

nUcfP

bgjBq

nUcfP

VsBEq

nUcfP

NOOeK

nUcfP

WqiYw

qoVrk

yQkoa

a30c

cjCJQ

YzkAo

win32

paaJk

kzhHh

indexOf

JAVWM

jasvC

paaJk

indexOf

RsuEI

paaJk

indexOf

fRoMs

eTiyF

TjFCo

EYpyc

indexOf

NOHID

InFEC

vqYJY

jasvC

yGKbg

jasvC

XmNmT

EYpyc

indexOf

administrator

YZcRs

VsBEq

XcGrI

JODfy

Gcotn

HtNtt

b7e24d

HtNtt

iogrc

HtNtt

VsBEq

BmNwK

jgywo

sOuHW

UZSLN

HhSum

sOuHW

VsBEq

kzhHh

sOuHW

10.0.18363

oNbvH

26112

uFFlp

oNbvH

win32

paaJk

kzhHh

oNbvH

PrZnq

oNbvH

YBOQJ

iXTfp

wJWmd

VsBEq

FkWLf

BFzKU

TzrVx

10.0.19045

ZJTvf

AUcpu

gMrOl

mXVBV

lzNxo

lyxdS

mcWXM

isArray

SWsrp

length

oScEp

VsBEq

oScEp

iyaEN

NOOeK

fOGaP

2a4494

VsBEq

uVGbK

jgywo

uVGbK

ueXjw

prKIV

win32

ULsew

LTjtJ

6.1.7601

LTjtJ

okAxY

LTjtJ

HJzoB

EUYgh

vnHwD

XCXxh

VsBEq

PkMdx

ULsew

XCXxh

d61484

XCXxh

HCcGo

XCXxh

win32

PkMdx

ULsew

bsQtn

SfYwS

vtanA

RIVvk

oiADc

indexOf

lisa

vtanA

win32

jEfAr

ULsew

TbalV

srgwd

eTpqj

eBCld

win32

eNpjA

10.0.19041

eNpjA

eKPPT

eNpjA

VsBEq

jEfAr

ULsew

cudWL

WmQVE

oiADc

indexOf

harry johnson

cudWL

VsBEq

JODfy

cudWL

QglRv

cudWL

VsBEq

JTDuD

cudWL

JODfy

YqFeX

471915

YqFeX

win32

zbRDq

6.1.7601

zbRDq

aoEaB

zbRDq

59a422

VsBEq

URLvA

10.0.19045

URLvA

5a1d

URLvA

DUUPm

VsBEq

EjgIc

BFeim

YKVvx

BFeim

Tygnp

zkFKZ

iyjZL

zkFKZ

win32

oiADc

indexOf

JAVWM

EHPbF

xnFtP

oiADc

indexOf

aUynh

fyTQw

jdnpr

wOxrt

HfbUR

mNBSg

VsBEq

djwZQ

IuYHT

indexOf

KVM/QEMU

wOxrt

YTpDa

wOxrt

VsBEq

IuYHT

CpvlQ

HDYtI

SfYwS

HDYtI

VkKzg

PTRyc

indexOf

OBVCO

HRTsQ

HDYtI

win32

indexOf

AMAZING-AVOCADO

PVKNZ

indexOf

NlrON

uPYXL

VsBEq

10.0.19045

HDYtI

taFZw

OzZHe

taFZw

OJMho

kVkxL

VrDaL

104

taFZw

win32

edOaN

VrDaL

YNXVU

indexOf

6.1

taFZw

rUIrw

edOaN

indexOf

RsuEI

rUIrw

KDJTV

rUIrw

zJxoS

105

rUIrw

VsBEq

atZqv

VrDaL

rUIrw

SfYwS

rUIrw

pePsi

YNXVU

indexOf

INSXu

PMnOn

indexOf

NOUID

PyFVa

TQLRx

106

VsBEq

xLCkw

NOOeK

xLCkw

SyIbd

txdQb

rcBTL

gIoYK

MYdYF

KYsKs

toemD

VsBEq

VrDaL

6.1.7601

toemD

gfhDN

toemD

9db1e4

93a77b

ASGxL

DSeIT

VsBEq

VhWna

vTLwX

10.0.19045

xAvKm

oYSUU

wkLzq

QiNKF

NoQKz

RkRsB

efqHr

VsBEq

atZqv

tiWuM

efqHr

WuWdm

OlIIX

KQLrV

2088

PMnOn

indexOf

DESKTOP

anLcA

indexOf

BMMdU

110

OlIIX

VsBEq

AUNDe

anLcA

indexOf

ofPhD

WiUUf

indexOf

EvtUC

yQqAz

indexOf

dYPGS

qEZHU

AUNDe

VsBEq

CZCaz

ukoGF

PbqHV

SfYwS

srgwd

PbqHV

iTNjF

PBecE

indexOf

INSXu

YHbTS

indexOf

dYPGS

fGDpH

Iqtwx

hJsBD

fGDpH

VsBEq

CZCaz

dIFwa

fGDpH

10.0.19044

fGDpH

aawSu

113

fGDpH

VsBEq

tJcJG

indexOf

FitUN

SfYwS

rWyJF

indexOf

Xeon

jDWRa

noPPG

VsBEq

jhBng

indexOf

JAVWM

CZCaz

indexOf

bxwPf

noPPG

5d0c

aOrlZ

FLqsQ

TjFCo

jhBng

indexOf

aUynh

eLHSo

VyZYz

LvopM

yJoHj

VsBEq

AVbYF

JODfy

AVbYF

uNwDA

VFLtL

Mewvz

SQIqP

VFLtL

VsBEq

indexOf

CompAlexey

KkCAN

indexOf

YVjRK

117

VsBEq

CZCaz

tJcJG

PuvIa

TjFCo

PuvIa

mdjDS

sQNWC

hJbND

boxzX

118

sQNWC

win32

CZCaz

tJcJG

sQNWC

BpXmR

sQNWC

nWgdf

GzUnY

NVYfL

0b6631

119

NVYfL

win32

Wjvvk

hFaoo

LKumI

klNUX

mcfKa

LKumI

kwKyB

LKumI

iMzbn

KkCAN

indexOf

OBVCO

120

uQZqQ

win32

CZCaz

BPwph

uQZqQ

SfYwS

uQZqQ

rKkMw

nzvBl

24889e

nzvBl

18126e

gwDrV

HYYGN

miDrz

dPUtX

win32

aXonn

tMoIu

PImGK

OUvWP

WSeNJ

VsBEq

CZCaz

BPwph

azzJE

SfYwS

azzJE

CZCaz

indexOf

Xeon

azzJE

IgYAR

azzJE

5bc06f

yPJcf

VsBEq

pcMPK

hWlpk

pcMPK

wZVmE

hBiyp

WXCWd

wZBgo

hBiyp

VsBEq

CZCaz

gGxkB

YSzLL

10.0.19044

YSzLL

mEvwT

RDSEr

crwLC

oxsiW

RDSEr

win32

wUYoX

KkCAN

indexOf

cuvBD

KkCAN

indexOf

alexeyzolotov

AKDGn

MINdq

VsBEq

NOOeK

ckVvU

RYBmH

3322

Hkbhu

HDSPU

Hkbhu

OUwqP

wovyY

palYv

VsBEq

CZCaz

uOtJK

CZCaz

indexOf

RsuEI

palYv

TjFCo

lHEOf

bqcvq

indexOf

INSXu

bqcvq

indexOf

dYPGS

kvNaf

lHEOf

VsBEq

bUnCW

wtiII

e1e853

rFkft

SfYwS

nmBtN

LZaVy

nmBtN

VsBEq

wtiII

VTDHK

znvAi

VTDHK

UKuwA

cZYCC

BMRXW

cZYCC

aCdYF

win32

cZYCC

SfYwS

BcaLz

HKCTa

uyIJL

InFEC

uyIJL

iYNmV

indexOf

OBVCO

QxqiO

133

pLCBb

win32

pLCBb

NOOeK

pLCBb

CnxUj

IjzGq

EMlkn

SQMyV

kkBPr

IdVXU

SQMyV

win32

SyslZ

hWlpk

HSzZL

indexOf

aUynh

SyslZ

DZfuW

f1dd

VntkP

VsBEq

wtiII

DZfuW

znvAi

vBVQq

kFjsP

HSzZL

indexOf

aUynh

HSzZL

indexOf

dYPGS

136

kFjsP

VsBEq

JyJzt

indexOf

JAVWM

QZFGO

FfflY

QZFGO

DvUon

QZFGO

b3c775

xewzp

QZFGO

VsBEq

YFcAk

enuPh

6.1.7601

kqfYy

indexOf

hVEdo

sQUfl

indexOf

OBVCO

CgtNs

QZFGO

VsBEq

YFcAk

QZFGO

SfYwS

WbDCC

11d4d6

indexOf

administrator

hUWFL

YBJes

VsBEq

EwbXt

enuPh

FwMGH

tWvjQ

1cce9e

vBfwv

indexOf

dYPGS

140

win32

EwbXt

SfYwS

tWvjQ

aAwKw

ErTjd

b71c

ErTjd

RBxLT

ruTpd

qZRiv

VsBEq

xaBcv

6.1.7601

zYTcT

FTuoj

HBVuX

cLkFZ

FTuoj

UUENr

CUiCV

cuxQk

fJPzB

56aee3

xuhKh

kAlxp

fCrTu

AAftY

SVvle

RPpTF

win32

enuPh

vBfwv

indexOf

uGmSE

fCrTu

VMgEv

hSqQI

143

VMgEv

VsBEq

VMgEv

10.0.17763

VMgEv

299243

xbvmZ

DKvVY

144

xbvmZ

win32

SfYwS

UICNz

TdLqv

MfQAk

zPJTI

yzzPK

VlwMc

JMACI

AFdVN

VsBEq

TdLqv

AFdVN

6.1.7601

AFdVN

viVpr

UErBS

xOKzL

indexOf

DESKTOP

qeVfm

indexOf

dYPGS

FBZdh

VsBEq

TdLqv

MfQAk

indexOf

JAVWM

UErBS

TdLqv

indexOf

RsuEI

UErBS

srgwd

UErBS

aQghO

lhHUO

tbdpi

UErBS

VsBEq

UErBS

WuWdm

qeVfm

indexOf

GIufm

148

hoCYA

VsBEq

LjeYt

10.0.22621

LjeYt

smOla

LjeYt

RPMVN

MOyqv

LjeYt

VsBEq

MfQAk

EazBO

SfYwS

EazBO

TfnuS

RHGqE

kgQYM

PTBJb

d33e1f

PTBJb

nmnql

kObFP

win32

TdLqv

MfQAk

PTBJb

NOOeK

PTBJb

vYFsf

yZvas

bWzTp

KNmHi

PnQIj

uxXxj

indexOf

INSXu

YWMnv

indexOf

BMMdU

PsDZF

PnQIj

VsBEq

MfQAk

OBxIq

SfYwS

OBxIq

quqMO

VtrKA

DgXPH

GILfx

VsBEq

GILfx

10.0.22621

GILfx

YzOAj

fgUah

lxZvB

vkNRz

lxZvB

d6a5b0

UqzZc

lxZvB

win32

lxZvB

NOOeK

gyRFq

FSiYd

e717

XauhA

FKgzY

ZgEGp

gOTWv

FKgzY

win32

10.0.18363

FKgzY

FHjkq

xRwMN

RxUpZ

JNZlv

ftHdy

JBuKj

QtXSQ

JNZlv

VsBEq

EckUq

SfYwS

EckUq

CLpMD

nogBQ

PwBUy

pCNux

fagls

156

kYcRq

VsBEq

NOOeK

rVdmK

ayTgg

157

VsBEq

TdLqv

SPhfn

indexOf

10.0.

itJCQ

b624

vHWAO

03fea1

hSbPh

sPgNs

158

VsBEq

hSbPh

SfYwS

hSbPh

BoHku

IsmvY

f6b8ae

IsmvY

159

IsmvY

win32

IsmvY

6.3.9600

IsmvY

kCOFI

WUgIe

7b7bc2

AsIBB

DjIdU

VsBEq

TdLqv

MfQAk

KVVzd

6.1.7601

KVVzd

JpkmF

ZZVqs

nmUGK

VUiRc

nmUGK

161

gaWLE

VsBEq

VKeDb

10.0.22621

GTEYW

QLXZo

lbymD

IiYRv

VTtre

7b7cd2

162

VTtre

VsBEq

JlTNh

hWlpk

JlTNh

bzGKB

ZEMRz

aTbcx

FECPu

kGJzt

cgGAz

win32

TdLqv

VemMV

SfYwS

YVUIA

kSFlI

kYuIK

SPhfn

indexOf

dYPGS

OUknK

kSFlI

VsBEq

TdLqv

hTFWe

CHuit

hTFWe

275dec

KPghd

hTFWe

VsBEq

10.0.19045

CHjbu

EojZF

iwsTL

EojZF

JcrOS

EvXNC

PzpJC

JLQRA

VsBEq

TdLqv

MfQAk

SfYwS

JLQRA

GbMtg

Iqtwx

GbMtg

MxmXv

htOxW

167

htOxW

VsBEq

TdLqv

htOxW

SfYwS

htOxW

WZIEt

TyjFv

WZIEt

Gzzeh

168

WZIEt

win32

WZIEt

QvTCZ

erFxZ

dCaDi

bJSzg

yfVbh

jJXBR

SiwfQ

win32

10.0.19045

RKPbt

YHPsx

awNQe

AALnA

awNQe

RRQyZ

KbTCm

VsBEq

NGYDo

SHQLf

SfYwS

JzLeS

zrFTx

hUaeA

ZsupG

MjumJ

DbGPX

PzcMk

VsBEq

pQhel

6.1.7601

bHiPi

DmzmF

7bf5

2cb5a5

vBiIE

riMVO

EChlp

VsBEq

gxzoJ

JODfy

gxzoJ

MJLDC

gxzoJ

gIAGC

7db39b

BMvbb

Lbhlf

VsBEq

uBeZF

MfQAk

ZUYYc

CHuit

ZUYYc

cnGGA

EEQMD

ZUYYc

VsBEq

yVCtP

MfQAk

TYHPe

YlVBf

Iqmof

851c

Iqmof

vcfJW

AfrZT

iyjZL

zPQyl

AfrZT

VsBEq

uvLsp

PrZnq

PPtmZ

MVxMt

ZnYjS

MVxMt

176

MVxMt

VsBEq

QiqUF

MVxMt

SfYwS

RGEel

lYKOE

xRDpY

zNPAy

poHvC

QKQls

IebCT

indexOf

administrator

Vgizp

poHvC

VsBEq

yVCtP

rjKCB

poHvC

TjFCo

poHvC

UFIjw

kAUca

RRAIO

d8716f

wfRRj

kAUca

win32

kAUca

6.1.7601

kAUca

Lsusc

indexOf

RsuEI

FZCXO

cnFLy

win32

GJGXM

xGwQh

SfYwS

xGwQh

SSBtn

indexOf

OBVCO

xGwQh

5a1d

mQXPR

AvFuL

lsvtA

win32

OzxYn

WmQVE

OzxYn

IsQtU

ZJZwJ

KOyGW

wkWiJ

KOyGW

VsBEq

rjKCB

FxKPb

indexOf

JAVWM

ySDKT

hdtjK

jINRW

indexOf

admin

ZUzlZ

hdtjK

win32

qCwQC

indexOf

GIufm

QHEsu

mRrWx

VsBEq

rjKCB

SfYwS

pkvKx

tHlIx

indexOf

Khlch

tgkQK

EOJzf

win32

EOJzf

JODfy

EOJzf

72f6c0

kQMrL

EOJzf

VsBEq

DXOtG

EOJzf

6.1.7601

gfVIz

MwtlH

indexOf

OBVCO

bazgO

EOJzf

win32

DXOtG

rjKCB

HsLEF

indexOf

aUynh

indexOf

toJXV

187

EOJzf

VsBEq

EOJzf

NOOeK

WkvFB

uuPrl

mDELA

split

readFileSync

prs

concat

update

slice

final

createDecipheriv

aes-128-cbc

slice

parse

toString

randomBytes

GVDqx

Bmxaw

vmBKl

oqGOL

OKtSM

oqGOL

LcIvv

4|3|5|1|0|2

\.\

NtKjh

yrkOS

BwVlu

EOkKi

NAVjw

KDhHZ

sSfif

QihWH

MZyeU

split

wXEbr

length

QHwmm

substr

QHwmm

substr

EaChe

indexOf

xqOIF

split

xqOIF

join

Aobiw

indexOf

split

join

xVJmr

substr

BgGZE

length

substr

BgGZE

length

cyiIB

mbQAR

fxwrB

xVJmr

mbQAR

4|3|2|0|1

aes-128-cbc

LU0TO

oesOt

xlSTC

RXxOW

C:\

rpcsrv

YzcPK

BjXZD

tmpbuild

.txt

DIPsB

hwv

sfre

iRefz

argv

ADccL

argv

UJqTX

owQTZ

HNpsy

kdpCp

Jcjcp

UJqTX

pXaya

ugLBA

readdirSync

ZnPRK

qpCSn

bIuGn

indexOf

LWwEu

HNpsy

XAmyE

eDGJl

kqlhQ

split

parse

toString

concat

update

slice

final

createDecipheriv

cWOOA

slice

readFileSync

prs

Esjav

qeUqj

ORajH

ZnPRK

LWwEu

Mekee

owQTZ

_i_

uYQqS

rxYbw

PXKGY

readFileSync

toString

trim

log

olISr

stack

log

stack

AHAnV

ppyXV

log

LPrAq

log

wfr

isc

log

gdioC

log

atct

CxhhG

createHash

Vgzmz

update

KtlMp

digest

slice

zZiAX

UyIMC

BCLJj

PFSOT

OiQgN

knZrw

pslo

ZQklx

0|2|3|6|5|4|1

split

push

LXHPX

ZzWKj

pid

name

WIUMz

ppid

PetwI

length

ppid

readFileSync

toString

trim

LzjEv

split

windowsHide

unref

shift

unshift

uYzxp

kFPnf

spawn

stdio

ignore

slice

detached

env

ukXto

knZrw

pslo

ZQklx

BRlZB

fill

randomBytes

hqIHV

vzUip

cbmHN

knZrw

XORIB

6|2|4|5|0|8|3|1|7

split

ZzWKj

twNPX

EKWfq

ytJYA

XOnsj

bhqxX

mkdirSync

ytJYA

aup

XOnsj

ytJYA

XOnsj

ytJYA

DIQJz

apd

IDWLG

GokiS

noVuW

JdFvI

Gzpax

nSoEJ

tmp

TTUtN

AUiPe

yCglW

TTUtN

yCglW

DAptB

yCglW

STR16

Duo

Unknown

USERNAME

USER

PROCESSOR_ARCHITECTURE

PROCESSOR_ARCHITEW6432

string

pVPfw

lnBCc

x64

Qnsrn

aRUjc

platform

arch

release

uptime

totalmem

freemem

UvBnx

hostname

Vrgfl

nxtKo

PIRwl

ojSOH

cwd

tmpdir

versions

node

SwwmP

eiStb

MAABE

tiZVv

string

EGooG

indexOf

kYoOh

JtlxA

indexOf

TrtoS

rvUCJ

KWsJT

icon

XsJLw

UI16LE

length

XSMCf

lXBUO

cpus

length

mIrzB

eUdzP

llCDy

length

model

trim

speed

zSpgH

tNCOA

length

YXlhZ

length

substr

length

substr

lxVmp

length

substr

zltai

length

substr

zltai

length

substr

OURNV

MdoHK

createHash

DYLUC

SXaiv

nypbl

createHash

sha256

update

XgnbR

digest

slice

aes-128-cbc

TnnGo

randomBytes

alloc

writeUInt16BE

concat

from

createCipheriv

GUPCk

slice

concat

update

final

NmOuc

length

YblJr

wRqvf

YblJr

concat

alloc

bluVH

RsMuf

1|0|7|4|5|2|3|6|8|10|9

aes-128-cbc

NaGyM

nhVQQ

ThfaW

UrMrH

split

slice

crUFw

length

rYBeo

qVzDT

length

createDecipheriv

gcraQ

slice

readUInt16BE

concat

update

slice

qVzDT

final

readUInt16BE

slice

toString

now

random

1|3|2|4|0|5

recv

vOmmx

split

log

CrHat

tkstp

aes-128-cbc

UI16LE

STR16

test

BcpoA

WzZWK

szkKx

tAuUA

rgEaP

gttk

cucbn

GEQYo

sZkqG

createSocket

udp4

message

wutiV

URjKW

kyapf

log

KtSOA

fLGyj

EyjhF

HEFLP

gxGtN

now

EyjhF

exit

ymMSe

ORwiK

HMQHb

yVMQo

nZcUE

RFnkV

length

argv

split

join

stringify

KtSOA

length

fsgpB

vMxNm

vUpvb

readFileSync

prs

createDecipheriv

IGzsO

slice

concat

update

slice

final

parse

toString

log

test

dKcoL

tgAyl

writeFileSync

trim

exit

dKcoL

PjtXx

sZkqG

yVMQo

file

BzJYj

nrZnV

length

BzJYj

qDrAk

PbtXx

aLBuh

error

kjpiG

tkstp

dKcoL

uMpZu

oxJhR

dKcoL

mEsyR

log

hYbzB

writeFileSync

trim

exit

ORwiK

MwrtZ

NqzAr

iWLWQ

send

length

hex

agIzA

WaHpl

dIjxf

length

from

DAjFL

PlzWf

PaciR

writeFileSync

trim

createDecipheriv

concat

update

final

toString

3|2|5|4|0|1

recv

XGWrw

ufrmB

CLMgd

BTkAo

Vhqun

TzxzF

zUXih

LpOnk

LhIrF

createHash

sha256

update

digest

log

ameZu

CLMgd

mdhGj

mWKBN

tFVnj

kill

oRPQf

muAgr

LVeyo

split

eKxsP

GdONQ

hizdt

tkstp

log

Xmblj

log

TrGaL

10|1|6|12|8|4|7|0|3|2|9|5|11

aes-128-cbc

krNtM

prsf

cxZcq

byEGI

pHmAN

uncaughtException

base64

ini

isc

from

ZBWwS

krkNU

TrGaL

pid

alloc

hDthw

rXDdL

fill

QNDxg

split

WTgkp

length

randomBytes

zOCTg

OMZty

createCipheriv

XgDLr

slice

AlhiI

alloc

concat

update

final

concat

from

concat

alloc

mOJLl

writeUInt16BE

allocUnsafe

ElEic

ZAhfR

ncmYX

ZleAd

prsi

log

vSgFy

poipN

ncmYX

versions

node

indexOf

uerepl

QUTVY

nDIVf

NjZvu

Jerxo

length

session

push

pid

push

path

length

path

name

MpTeN

mjVls

ppid

uerepl

CHXpr

removeAllListeners

HOAlC

OLLPe

ncmYX

byEGI

zWbrI

log

ZPMFT

stack

log

stack

file

indexOf

fThEf

edpfD

OOyPa

file

length

exit

from

Kqmhk

log

LIqWY

log

qOyRe

isc

WvkOm

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable MS Visual C++ (generic) (67.4)
.dll	\|	Win32 Dynamic Link Library (generic) (14.2)
.exe	\|	Win32 Executable (generic) (9.7)
.exe	\|	Generic Win/DOS Executable (4.3)
.exe	\|	DOS Executable Generic (4.3)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2059:08:08 23:27:35+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14.3
CodeSize:	26624
InitializedDataSize:	2625024
UninitializedDataSize:	-
EntryPoint:	0x6d50
OSVersion:	10
ImageVersion:	10
SubsystemVersion:	6
Subsystem:	Windows GUI
FileVersionNumber:	11.0.22621.1
ProductVersionNumber:	11.0.22621.1
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Windows NT 32-bit
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	Microsoft Corporation
FileDescription:	Win32 Cabinet Self-Extractor
FileVersion:	11.00.22621.1 (WinBuild.160101.0800)
InternalName:	Wextract
LegalCopyright:	© Microsoft Corporation. All rights reserved.
OriginalFileName:	WEXTRACT.EXE .MUI
ProductName:	Internet Explorer
ProductVersion:	11.00.22621.1

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

116

fjlpexyjauf.exe lknidtnqmg.dat 3991425476

C:\Users\admin\AppData\Local\Temp\IXP000.TMP\fjlpexyjauf.exe

cmd.exe

User:

admin

Company:

Joyent, Inc

Integrity Level:

MEDIUM

Description:

Evented I/O for V8 JavaScript

Version:

0.10.41

Modules

Images
c:\users\admin\appdata\local\temp\ixp000.tmp\fjlpexyjauf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

Lu0Bot

(PID) Process(116) fjlpexyjauf.exe

С2 (2)hsh.juz09.cfd

apo.eus80.fun

Strings (7465)59c58bb5

*.hsh.juz09.cfd

331c90

*.apo.eus80.fun

require

mainModule

require

crypto

path

sep

dgram

child_process

env

STtep

toLowerCase

env

5|1|11|30|25|26|8|0|24|21|13|2|7|31|14|12|28|10|15|4|27|16|6|22|9|3|23|19|18|29|17|20

x64

PROCESSOR_ARCHITECTURE

string

USER

object

ignore

ilQBf

cmd.exe

kMKXd

OEzqR

stdio

yNWzO

detached

windowsHide

env

slice

gKgLn

qpXuK

unshift

xtWjH

IIxNA

split

freemem

platform

hostname

OnFBC

length

IJDgs

PROCESSOR_ARCHITEW6432

tJwHz

nSUhc

USERNAME

totalmem

length

model

trim

speed

arch

tmpdir

cwd

nSUhc

ERvjC

BBtgd

Navsa

NkThz

indexOf

zmnxZ

length

substr

length

substr

zmnxZ

length

substr

Unknown

cpus

zmnxZ

length

substr

release

uptime

faBSx

string

FVnpB

indexOf

versions

node

rieBy

length

substr

EkLRL

shift

spawn

unref

undefined

AFQnD

KiQPR

eRLAO

temp

appdata

system

dwm-

umfd-

username

\networkservice\

systemroot

cDNLH

HIOtY

4|2|5|1|3|0

LBymM

OZSmQ

ogGfR

sBwUd

yOLWS

jytux

function

OYQQu

pipe

error

exit

data

WTaCn

aOIqG

YTNPM

OYQQu

RpYqA

4|7|2|6|1|5|3|8|0

split

wvSYT

nostr

out

qBhZt

Sowvv

signal

error

errbuf

concat

errbuf

ktmr

VdCWs

ktmr

outbuf

concat

outbuf

Sowvv

code

error

sVMPV

error

returnbuffer

out

outbuf

toString

outbuf

err

errbuf

toString

errbuf

mjSzf

object

stdio

OBUQm

detached

windowsHide

env

slice

shift

spawn

timeout

ktmr

tZlPq

qZeSO

UJVAO

lpZnO

kill

statSync

pf2

gQosW

timeout

once

VyGni

vhdqU

Fldnd

log

error

once

mzDgX

mVGqd

xcyYV

MgbzB

11|10|9|0|4|1|7|5|3|8|12|6|2

split

tmp

sVMPV

JrpbZ

apd

sVMPV

cGqdX

isc

usr

toLowerCase

ACIoK

network service

wcYmL

ZNZPH

local service

substr

DlnQP

length

UflCJ

indexOf

YOiEb

indexOf

LfZvE

isc

mVGqd

tmp

toLowerCase

indexOf

toLowerCase

isc

aup

LhMHy

allusersprofile

tmp

isc

usr

isc

usr

SOmWp

auVrW

isc

jIteC

tmp

toLowerCase

indexOf

XrCxU

isc

bXyQW

JEXWC

windir

isc

aup

apd

isc

qBhZt

Sowvv

code

mjSzf

undefined

signal

once

QhlHi

jReHg

pCNQz

xVajz

vhdqU

aviFP

LBymM

RgoTa

ktmr

vhdqU

xkcTU

LcdmX

split

hgRmX

MODXF

ppid

push

pid

push

path

length

path

name

session

ktmr

error

DBuaE

ogGfR

RgoTa

error

undefined

code

mjSzf

Sowvv

signal

outbuf

concat

outbuf

errbuf

concat

errbuf

returnbuffer

EsWkj

out

outbuf

toString

outbuf

err

errbuf

toString

errbuf

wvSYT

nostr

out

stdout

qkCZd

TKdUs

jenMH

yOLWS

outbuf

push

writeFileSync

pf1

readFileSync

stderr

qkCZd

QzZqg

jytux

rjusE

outerr

push

0|5|3|2|6|1|4

aIAyO

split

jdZAZ

ppid

push

nkRdy

SgGOd

pid

name

length

hex

7|6|0|5|2|3|1|4

3|2|9|0|1|5|8|10|7|4|6

gLRwc

ZBHVW

Node,

xrKXK

aYabZ

Elyzs

hxeRH

VkpOb

executablepath

ppid

processid

pid

name

idlJf

Console

Services

rudXF

XdwiD

qsqCw

6.0

process

get

processid,parentprocessid,name,executablepath

/format:csv

release

ixopQ

indexOf

ixopQ

indexOf

LQcIz

iLmYv

wmic

euzUl

MYOrH

azRqQ

PbVKY

XMLjl

dVKnQ

nukMI

cVHbC

WYtws

ffPDI

aes-128-cbc

zdBkL

RgYMz

bqiaC

nucqZ

kkISP

ofVFa

CdQMR

iLmYv

length

iLmYv

split

join

split

length

shift

indexOf

Iqizr

FfTTJ

XdiAw

xfaRp

length

from

qQUYR

createDecipheriv

concat

update

final

toString

split

shift

length

FfTTJ

RVgxR

GwaDO

writeFileSync

split

UmIba

length

TFiuG

vYZbU

eLKvL

split

resolve

pf2

MaExZ

resolve

argv

MaExZ

resolve

argv

resolve

pf1

pf2

RgYMz

length

Ncfvn

XChDn

toLowerCase

lGDVe

path

length

parentprocessid

FzaHV

QNePV

VDXky

BQEqp

dSNLm

split

readUInt16BE

slice

zytau

QHdgX

length

slice

toString

cGAEM

UiNcS

length

vYHoy

readUInt16BE

createDecipheriv

dSzTK

slice

concat

update

slice

final

pid

Node

pid

Ncfvn

ZTVQL

pid

session

path

lSayG

uZBHk

Ncfvn

rudXF

FPVBS

pid

dwFaz

0|9|2|7|10|6|3|4|1|8|5

split

hsxtg

WCygp

length

vYHoy

readUInt16BE

createDecipheriv

dSzTK

slice

concat

update

slice

Wuorh

final

lHgSy

Wuorh

length

slice

toString

slice

readUInt16BE

tdhtI

IUlaQ

length

model

trim

speed

IvebY

ppid

length

tree

windir

temp

allusersprofile

appdata

username

kNTff

network service

system

local service

dwm-

umfd-

YIQdk

isc

qcrOA

NRAQb

WALRx

systemroot

tmp

LuZan

CPeuR

aup

LuZan

xDvKb

apd

LuZan

dfnMx

usr

vcQRl

zMCxA

tmp

isc

jQusn

tmp

toLowerCase

indexOf

toLowerCase

isc

ZogXI

tmp

toLowerCase

indexOf

\networkservice\

isc

aup

apd

isc

usr

isc

XpsmX

outbuf

push

usr

toLowerCase

OVThX

imHjm

ffMEX

yVmBs

lkUwd

substr

Mgjql

length

gXtPj

indexOf

AzPwF

gXtPj

indexOf

zdxiK

gXtPj

pMdTK

isc

push

sha256

createHash

hyAcA

update

digest

0|9|3|6|5|2|4|8|1|7

computername

userdomain

QTdAR

split

GCcyL

KibUZ

prototype

slice

call

push

rTgWn

hyXRd

AmPVD

SOVNj

XHpTc

YrrPy

username

concat

WsZia

Vssyk

floor

fhWvB

pop

vLCwI

fromCharCode

qSVZV

LCHzg

TMVSq

LCHzg

C:\

computername

userdomain

username

sha256

TmBEK

xXqNS

TewbO

WYZTH

lbRlI

efnmR

gRrcc

lfeEm

HdcAa

win32

darwin

openbsd

freebsd

linux

intel

pentium

core(tm)2

amd

xeon

ryzen

threadrip

kvm

qemu

hex

DESKTOP

ibhhj

work

amazing-av

bea-chi

shadow-

JTAPJCC

azure-

janusz-

compalexey

dillon

mars-pc

host1

md5

administrator

admin

user

john

frank

lisa

george

shadow

straznj

harry johnson

joe smith

john doe

cape

goatuser

azure

stark

a.monaldo

alexeyzolotov

peter wilson

Unknown

Intel Celeron

Intel Pentium

Intel i5

Intel Core(TM)2

Intel i7

Intel Atom

Intel i9

Intel Xeon

AMD EPYC

AMD Ryzen

AMD Threadripper

AMD Undefined

pzvzL

rMHgm

OeZcP

Quad

Miaxj

Undefined

NOHID

my_pc_

art-pc

AMAZING-AVOCADO

cape-pc

CompAlexey

anna-

gary-pc

UNKNOWNHID

NOUID

STRAZNJICA.GRUBUTT

UNKNOWNUID

trrhP

onJKt

alloc

floor

JyPtA

BsbId

writeUInt8

bdmDD

BsbId

round

ELppr

ABEtR

aVHii

vwRdA

nFAgN

createDecipheriv

concat

update

final

toString

ugPrB

HtSvj

cgrGl

HNyua

FXcyy

statSync

pf1

jxOds

readdirSync

GDMui

rZdth

SaLRW

kGNKp

AXlxd

kGNKp

CHfVc

kGNKp

lipsw

SvdAr

push

ccWXc

JvoGk

obHHR

cIvEH

concat

prototype

slice

call

HtSvj

YYXAJ

IolsH

mkdirSync

gmJxR

IOGgh

wZJSO

BsbId

VtESE

yyqsu

VtESE

lNsfS

HJkvB

MIFBy

writeUInt8

length

split

min

wZJSO

min

HpJNn

writeUInt8

wfeUT

writeUInt16BE

join

aSxhr

round

YGulp

wJaBN

writeUInt8

ceil

YGulp

wJaBN

oaESI

cHUto

zTVkb

linux

rBWLI

zTVkb

qvTtR

hSuBl

unknown

win32

BHzzQ

rBWLI

openbsd

hSuBl

MnqEk

Cvogq

jlSXh

iaQbN

doRvc

writeUInt8

KcdpS

length

toLowerCase

ABEtR

indexOf

kPgyX

ABEtR

indexOf

celeron

indexOf

HalWN

ABEtR

indexOf

JWpHq

ABEtR

indexOf

amd

pdQTw

indexOf

CToot

EVseT

indexOf

atom

indexOf

nkGwe

indexOf

ODJFL

EVseT

indexOf

Xccsz

zLIVw

indexOf

mcfri

zLIVw

indexOf

Bmpvt

indexOf

epyc

indexOf

YwMOe

indexOf

KAcMb

zLIVw

indexOf

XoxbD

indexOf

uUnNO

ceil

YGulp

writeUInt8

VYxUJ

LbMHu

DQdGt

createHash

md5

update

digest

slice

toString

bGSGQ

copy

length

split

toLowerCase

zTVkb

length

zTVkb

sEOdr

zypXG

WOhve

Undefined

Lpmfi

indexOf

my_pc_

zTVkb

art-pc

sCWnF

indexOf

VXORw

Lpmfi

indexOf

UDdth

Lpmfi

indexOf

SIxjT

zTVkb

cape-pc

zTVkb

DUoFm

Lpmfi

indexOf

kwCvQ

Lpmfi

indexOf

NWmVn

pJLem

PHnzQ

pJLem

XGNax

Lpmfi

indexOf

anna-

pJLem

gary-pc

pJLem

ynZgP

pJLem

fNpDY

writeUInt8

VYxUJ

createHash

zKoIn

update

digest

slice

toString

hex

copy

length

split

toLowerCase

aLvKX

pMQRN

RMarD

hjwPh

RMarD

lsPwV

RMarD

EYEpZ

wKiRn

RMarD

GiIea

ZYbzt

HCTdh

ZPuqm

XUoga

AlOVt

indexOf

pgOxM

WDpCD

AnoZp

qBAQC

ZGiUN

qBAQC

kaSGA

qBAQC

PPyot

iPHzZ

bBDMR

iPHzZ

WPAIo

iPHzZ

janusz

jLpYZ

hNmgw

jLpYZ

bVmeY

jLpYZ

OjOYV

jLpYZ

ocNyY

writeUInt8

createHash

zKoIn

update

digest

slice

toString

bGSGQ

copy

tbdMi

Intel Undefined

IPFmP

Intel i3

gjoXA

xfqnr

cuWQr

Iyslh

RBxyz

apGzw

jSNpp

MLuJQ

sueYE

SPLsx

BaKCN

CPU KVM/QEMU

AdGUZ

bHnlk

wEjcN

yOiHU

pzvzL

Duo

bHnlk

xRHMo

fvKBU

zCjou

x64

xqZKb

wEjcN

oZrtG

att

ZXiYN

obHHR

tJVGu

sEOdr

yYSbc

njIFM

sCWnF

rABmf

UDdth

shadow-

oekvW

DESKTOP-JTAPJCC

azure-

NWmVn

ifmeT

dillon

XkhHn

bAzti

ynZgP

Host1

TnPZT

obHHR

rjeJg

pMQRN

hjwPh

user

john

wKiRn

GiIea

HCTdh

XUoga

aChqi

AnoZp

ZGiUN

kaSGA

PPyot

bBDMR

azure

janusz

hNmgw

bVmeY

OjOYV

peter wilson

FASpT

ePEPh

wEjcN

FZXim

alnUO

kglSP

createHash

OkgJu

update

createHash

digest

slice

rYHWf

toString

bGSGQ

1|3|0|8|13|4|11|2|9|14|6|5|10|12|15|7

false

hMBrp

split

isArray

kbjWK

length

fraAo

string

length

ghBxR

length

jHEjx

ZitaL

10.0.19041

2a4494

win32

10.0.22621

7c1a

cd4ec1

10.0.17763

299243

d1457b

administrator

10.0.19045

4085c6

6.1.7601

10.0.17134

10.0

6f2958

c39efd

1cce9e

10.0.18362

2088

NOUID

52c9

bf0760

10.0.19044

bf7e

35ae2e

d8716f

7bf5

2cb5a5

f3f0c6

Host1

user

Xeon

NOHID

e8b9

fca565

f2886f

AMD EPYC

10.0.10240

a888

70b4

d580

CompAlexey

alexeyzolotov

4b9de2

86438b

admin

56d4

d33e1f

9ec750

6.1

4f81e3

b75705

5a1d

10.0.14393

a739

32b1d5

DESKTOP

32b5

9f9d51

10.0.16299

570a90

e2c5

12a5b6

DESKTOP-JTAPJCC

3635

64ccb5

2be941

john doe

6.1.

my_pc_

10.0.18363

7f8794

7aed

lisa

dd15

6e6551

11d4d6

72e748

d04f74

2bf408

97a9d3

0fdc

88dba0

18275d

AMAZING-AVOCADO

52acd9

KVM/QEMU

ed6464

#56d4#

62efb9

9f72

bd9ff1

167bfe

d6a5b0

611a3e

6.3.9600

04159b

cc9adb

e717

646a8b

e32aca

72f6c0

c8b63d

7b7bc2

dillon

b71c

86131a

10.0.22000

a98d

930d8a

abcf10

b3c775

6bd1

d864df

10.0.19043

cb0013

5fd4c0

2652ee

3219

9db1e4

93a77b

george

10.0.19042

10.0.15063

2970

8e776c

100

EPYC

work

102

10.0.10586

3151

00181a

a8776a

e94c92

9ab4de

103

6adf97

104

6d05

6cfdbc

b38e56

105

harry johnson

106

107

108

55d8

109

c23200

110

13b4

ab86a1

111

9a50

275dec

112

113

77bd

736b19

114

e06b

6a29b3

46502a

116

851c

117

118

bac5dd

119

120

STRAZNJICA.GRUBUTT

121

122

709b

gary-pc

stark

124

a.monaldo

125

b5a0

126

goatuser

127

351468

128

26112

2988b8

129

a6f2

5b2e9c

130

131

anna-

132

804a

frank

6e64

747890

134

d0062c

135

3322

bca236

723943

136

8fdf0b

137

25cd40

138

art-pc

c037

b4a2c8

140

8215e4

142

6.1.7600

0b6631

143

145

5d0c

147

148

a65640

149

e379b3

72c1f0

150

151

152

3a83fe

153

8920

0cbc66

154

cd4ee8

56aee3

2b22

74529b

155

badfad

156

157

e1e853

95deb5

159

75c891

160

10.0.

b624

03fea1

4b33b6

b0f8e1

061613

162

18126e

bot 115 W7 Xeon H 24889e U 18126e

163

164

a30c

6eb45e

9a8599

166

b445bf

167

168

62327b

a4757d

169

f5faf7

f94649

170

2293

e8c630

3f9b99

azure-

azure

172

173

953225

john

176

db9a51

64ca98

9639a3

178

b6f4a2

180

2001f7

181

f1dd

182

183

184

1e75

185

092f16

186

7e0c8b

7b7cd2

187

c589

sCpTJ

split

ggsPe

win32

ggsPe

cXenu

mKCLI

qAGvE

mKCLI

YDhQj

iDxYb

AhfLb

rlgWM

KcnuM

gkXun

8726e3

JiONB

dAGND

IriFf

win32

PhPWm

RfiJg

CbvGF

gRYef

QcAyj

gRYef

YdYOv

JWlyo

win32

ODvzm

oCSaC

6.1.7601

nlgZp

indexOf

mars-pc

PlEON

indexOf

GJgjY

JWlyo

win32

KQvmN

rqiPn

oimiq

JzjHu

hjQRy

cwtgl

YDhQj

UmUCO

rqiPn

UmUCO

b1a8

UmUCO

7db39b

YDhQj

Rqbrz

KkRnU

UmUCO

YbcOR

9ca5a0

KkynA

YDhQj

MJRNB

oCSaC

KkynA

KkRnU

KkynA

vTgkN

HMVcK

ViDAO

41c07c

ViDAO

win32

BNhin

MCSNG

UPtOA

RQmJF

isArray

sCwbs

length

Sxsde

YDhQj

MJRNB

HrLmS

indexOf

ZimRy

NchKM

ZojCm

HrLmS

indexOf

john

sfJzD

YDhQj

jqxzy

rqiPn

jqxzy

HRAUo

gGucM

BbzHg

GqbBK

win32

MJRNB

DHphY

sjbin

kuzmZ

PWudD

indexOf

admin

sjbin

YDhQj

iGDQM

oCSaC

sjbin

ZZQqj

MCSNG

ZZQqj

SmpaM

EHBOz

ztCod

indexOf

DESKTOP

ztCod

indexOf

tdFDF

ZZQqj

win32

iGDQM

rHUaP

ZZQqj

6.1.7601

mXGWx

oIegE

indexOf

NOHID

ztCod

indexOf

tdFDF

oIegE

KIXjm

YDhQj

iGDQM

rHUaP

oIegE

rqiPn

oIegE

qjApp

zIjEE

WxCiG

9114

hllyU

win32

hllyU

IVXNc

AEUwA

vTxwI

pSQFi

PRdKs

PEmsU

kFHeO

YDhQj

AeKOz

DFxVV

KkRnU

PEmsU

veReX

xnRPu

Djtsz

PEmsU

YDhQj

AeKOz

DFxVV

EYoMx

indexOf

Xeon

ztCod

indexOf

BNnrW

hXSkO

indexOf

evoKy

PEmsU

win32

EYoMx

DFxVV

PEmsU

IVXNc

aSYpt

BJjRn

zuWUC

4f5cec

zuWUC

win32

zuWUC

cXenu

dhvxM

cyatu

nrEBG

d76211

nrEBG

YDhQj

EYoMx

DFxVV

KkRnU

foLDQ

uqDgc

GQqxP

indexOf

bUwDx

hXSkO

indexOf

DidEO

hXSkO

indexOf

NOUID

dPtdo

YDhQj

eWMjX

KkRnU

gfUPf

hkqYU

tCnxm

MQNHB

BGRoD

MQNHB

YDhQj

KHHrx

mrbhb

indexOf

ZimRy

DADMf

IAEKy

indexOf

Xeon

indexOf

zxZZr

DADMf

OIpWU

DADMf

10.0.19044

mrbhb

indexOf

DidEO

DADMf

PosOu

lHeBy

7e73

aGfcp

BzQYk

ggGnJ

EZDiZ

fRXBD

indexOf

GJgjY

YDhQj

PGSqz

indexOf

HqPRq

PGSqz

indexOf

DPmjr

WYNWj

win32

oTzNC

eWMjX

OGIzU

KkRnU

OGIzU

zFFCO

eExbv

YDhQj

eExbv

10.0.19044

uGpUS

gkXun

uZQiO

oaLbo

uZQiO

591acb

YDhQj

uvlRH

eWMjX

uZQiO

KkRnU

KfkuH

IIcLh

KWuPO

JTEBH

indexOf

dtVFe

YDhQj

uvlRH

CAibr

KkRnU

pjImT

wvDtI

cuRjz

wvDtI

qneqU

VoAiR

jmONX

VoAiR

YDhQj

XLens

CAibr

indexOf

CSorE

NdDEg

vcEvt

indexOf

bUwDx

NdDEg

PHHQi

NdDEg

rabSV

DZxCf

YDhQj

DZxCf

rqiPn

FdKWN

jJrvn

YxoDB

jJrvn

WQEmE

YDhQj

vcEvt

mnMcX

SCtHW

ZMVNl

eAion

Repvd

EHtjD

LFDOm

YDhQj

GqXSc

iDxYb

Znpku

IZPYF

zhoXl

IZPYF

c350

tHext

YDhQj

KkRnU

tHext

vcEvt

indexOf

bUwDx

wUnzB

YDhQj

gRWGq

mnMcX

indexOf

dSUQk

indexOf

joe smith

BcYfh

YDhQj

BcYfh

10.0.19045

pcsGl

kYDPl

pQNzy

DBprP

ztVKM

ONKlQ

win32

mnMcX

ONKlQ

KkRnU

ONKlQ

fpafu

Pbxyy

xGTSN

indexOf

dSUQk

indexOf

dtVFe

win32

rqiPn

NxOTo

lyUVw

990d1b

582a34

YDhQj

lyUVw

rivJc

WIamY

lyUVw

YDhQj

lyUVw

rqiPn

lyUVw

BPeoK

RKUdV

tUpql

xkSKs

gRWGq

nXHGz

mEOyi

YDhQj

gRWGq

kJIgv

NdMnB

rqiPn

NbEsN

471915

zfMIm

win32

10.0.17134

indexOf

bhYuc

YDhQj

IpANq

EXWGr

KkRnU

EXWGr

qJenU

EXWGr

1cce9e

lHJae

indexOf

admin

lKVmx

win32

XLxvV

iOuHE

THZxq

qIGlF

lDBxw

rqiPn

PyzPo

indexOf

bUwDx

vqDBV

YDhQj

OOIZb

XLxvV

lHJae

indexOf

bea-chi

lHJae

indexOf

pZuqr

kQwCc

win32

kQwCc

RfiJg

xNZhH

IVXNc

KHIOz

wgBOG

indexOf

dSUQk

PDhen

YDhQj

OOIZb

CbZMp

wgBOG

indexOf

FcUuU

wgBOG

indexOf

CNIVw

wgBOG

indexOf

administrator

YDhQj

PDhen

hHbti

AocVm

ztGdU

orsqg

aff8

orsqg

win32

KmtHy

orsqg

KkRnU

mVoFe

ZugOu

vyFfR

a888

379a7d

zMPSy

indexOf

GJgjY

win32

KmtHy

dxNOF

KkRnU

Hbpyi

aBAUc

UDshC

aDUcy

CMqFx

aDUcy

b445bf

zMPSy

indexOf

TIarq

aDUcy

YDhQj

KmtHy

KkRnU

aDUcy

LHHoB

SwdNv

tDVfe

mnQTC

zMPSy

indexOf

GJgjY

YDhQj

wFHwx

iBQUb

6.1.7601

gjvAn

OMXTA

ABZzg

indexOf

GJgjY

gjvAn

YDhQj

eavTL

6.3.9600

eavTL

wcbBy

vEELF

TNLrM

AXFpj

YDhQj

wFHwx

CbZMp

6.1.7601

AXFpj

cTBZk

b71c

kyoim

IabcC

kyoim

HrVps

kyoim

YDhQj

wFHwx

indexOf

anna-

kyoim

IKgQP

win32

hMCeF

byvDU

uCuQw

ztmiU

yzAkr

cc1a

yzAkr

ptWrz

yzAkr

lAlFX

indexOf

GJgjY

yzAkr

YDhQj

hHbti

yzAkr

3e45fc

yzAkr

46e6f8

yzAkr

win32

jJLPv

indexOf

OQOqw

indexOf

harry johnson

lZjFQ

YDhQj

10.0.19045

AHwAW

BYjyH

bgTCn

BYjyH

YDhQj

wFHwx

indexOf

janusz-

jJLPv

indexOf

janusz

MbuGZ

YDhQj

indexOf

UGCiu

MbuGZ

jAXNK

YDhQj

BdqXh

AmxdP

cXenu

AmxdP

qAGvE

YDhQj

AmxdP

IVXNc

AmxdP

XhLBY

AeAvQ

XhLBY

YDhQj

ErAOD

XhLBY

KkRnU

nfpPD

Dggbn

nfpPD

bDGma

BcrUB

YDhQj

OpfAe

RfiJg

OpfAe

LHcpJ

yKMYZ

YEWeZ

dprpo

zQBtj

iCgBy

win32

iCgBy

bkOAt

10.0.10586

yvpDv

KkRnU

vQBrK

AVCrk

JHqMc

3151

jJLPv

indexOf

DidEO

RicnQ

indexOf

NOUID

UFlWC

YDhQj

QMdhV

iDxYb

UzEAI

nozan

rogJT

rJXji

lFwrm

rogJT

YDhQj

ErAOD

rogJT

xNQTf

akcjg

6.1.7601

akcjg

iBYqq

indexOf

bUwDx

indexOf

DidEO

VZJLG

indexOf

GJgjY

gMLve

win32

iBYqq

ErAOD

wiOlW

vsdVD

NZDZE

PMTYg

yWmxI

jezgB

dUYMv

YDhQj

10.0.18363

ZGIWa

AuoIb

pUJzx

Amxts

YDhQj

Amxts

10.0.19043

YNCSv

436f

YNCSv

ZklLk

YDhQj

indexOf

DESKTOP-JTAPJCC

ZklLk

win32

iDxYb

ZklLk

JtSaX

tiyRy

qCmOK

YDhQj

pxopT

ErAOD

VZJLG

indexOf

DESKTOP

indexOf

dtVFe

vFLAL

10.0.18362

XCzqf

indexOf

bUwDx

vFLAL

YDhQj

pmSxR

IvUhA

rqiPn

vFLAL

ZjUkZ

icZXw

YDhQj

pmSxR

ubvuc

adIxe

indexOf

FcUuU

adIxe

indexOf

DESKTOP

adIxe

indexOf

admin

PGgMl

YDhQj

xtevA

rqiPn

joYNP

rsCtw

ajRop

eriNi

win32

BaBdb

vsdVD

uaaVF

VJCzj

hQOKt

uaaVF

YDhQj

aoxIw

indexOf

tonhr

adIxe

indexOf

peter wilson

UEKum

YDhQj

UEKum

SmpaM

UEKum

JCAvw

UEKum

YDhQj

veKeT

6.1.7601

nKaQc

tngIk

GVxwg

tngIk

YDhQj

tngIk

ntzGB

wxsPM

tngIk

efba14

wfQWw

gNXTC

iTqdB

YDhQj

adIxe

indexOf

ZimRy

VArpQ

1285

VArpQ

ytGDM

VArpQ

YvKKp

NRANj

YDhQj

QGmVN

NRANj

KkRnU

NRANj

VkFyP

yARtG

bb2e4c

BvfqV

win32

10.0.22621

oFPkp

32b1d5

oFPkp

win32

oFPkp

iDxYb

KPBQY

qAGvE

KPBQY

YDhQj

OBMsE

UDDaZ

PPgRF

GXOdy

PPgRF

rqiPn

sbnyS

LFnvy

JAJUP

ioZfD

ZwyTY

win32

FSGHF

isoHs

indexOf

NOHID

IVSYF

indexOf

evoKy

arTzi

SmpaM

KkRnU

tUijm

YDhQj

dklru

PwMIf

5bc06f

dklru

YDhQj

10.0.22621

dklru

xvMPO

dklru

YDhQj

dklru

ntzGB

dklru

mKxlK

9d5196

mKxlK

YDhQj

hKRwq

xccmm

indexOf

Xeon

SPZSb

indexOf

BNnrW

jnhFI

indexOf

evoKy

win32

hKRwq

xccmm

mKxlK

6.1.7601

mKxlK

BWgSp

cvRGZ

4ed984

suJYW

qUehp

suJYW

YDhQj

hKRwq

xccmm

6.1.7601

uqFJC

IzBke

zvpEJ

qjFGP

QpyNN

AaMyf

win32

hKRwq

IJKwD

QpyNN

IVXNc

QpyNN

ZdIIx

033bd9

ZdIIx

YDhQj

FDMfb

indexOf

UGCiu

ZdIIx

vgWWT

YDhQj

jnhFI

indexOf

ZimRy

vgWWT

XyscR

jnhFI

indexOf

EOGNC

XyscR

win32

XyscR

EHreh

LdTmI

ztbBB

fb6ab4

ztbBB

YDhQj

IJKwD

ztbBB

zXYLB

KYBVA

RsYvV

yNyFL

PgvwC

RsYvV

YDhQj

IEAeE

indexOf

ZimRy

indexOf

GcpmS

FDMfb

indexOf

bUwDx

indexOf

shadow-

IEAeE

indexOf

shadow

101

RsYvV

YDhQj

oTAJq

IEAeE

indexOf

6.1.

ZwsIC

indexOf

jPapJ

jxJRt

indexOf

dtVFe

bTKru

dAtbw

YDhQj

dAtbw

ZdbYD

indexOf

DidEO

ZdbYD

indexOf

NOUID

10.0.19041

BqwYE

Enfpi

BqwYE

AsaSX

BpbEO

zFoDk

dVpKi

YmQDZ

TXEpK

zFoDk

129654

f7e0fe

ywCYC

LPAbw

win32

Hfstt

IJKwD

XVaKL

KkRnU

dxaLC

vFqRE

indexOf

GJgjY

dxaLC

YxoDB

dxaLC

JkCcM

fgoPs

dxaLC

YDhQj

YOhWk

rqiPn

BdFJW

FOsfs

SoJRJ

SZbaE

SoJRJ

OFWJA

SoJRJ

oEsfL

MOfaW

YDhQj

IJKwD

SoJRJ

GXOdy

vFqRE

indexOf

JoYue

mBGNY

SoJRJ

YDhQj

Hfstt

vMInn

indexOf

KVM/QEMU

zNVGF

jBQuN

lsWTw

YDhQj

QjpYO

xpPVu

yCxMU

IVXNc

yCxMU

kJIFb

f4cb33

XiKGk

kJIFb

YDhQj

SbCfa

xpPVu

kJIFb

IOgrZ

KkRnU

fUMKs

OIpWU

MFeJH

oLKHp

indexOf

NOHID

bXKsO

indexOf

tdFDF

EusBV

YDhQj

mWOCn

eZPva

mWOCn

769fc7

cXeVs

mWOCn

YDhQj

mWOCn

10.0.16299

mWOCn

puDBe

MCbre

KTBRS

jtknz

MCbre

dc599a

ZuvMz

Apeyx

YDhQj

OFzqz

cStZH

OFzqz

oWHuV

351468

wnTUn

OFzqz

YDhQj

SbCfa

xpPVu

OFzqz

MCSNG

SmpaM

ExUhL

EHBOz

indexOf

dSUQk

indexOf

tdFDF

nidHL

YDhQj

bXKsO

indexOf

10.0

ExUhL

fnCPb

indexOf

dSUQk

GFPqt

ULVis

RSJZX

win32

EtwOw

ExUhL

IVXNc

ExUhL

FnaYr

BzEUE

LGual

PpajP

zkhwc

115

OYhwi

win32

XFbyp

KkRnU

wwdAl

mnqJv

indexOf

administrator

lJDIM

wwdAl

win32

OVdUN

wwdAl

LGtsv

wwdAl

061613

nIHVt

pHiXY

jFDLT

YDhQj

ZEMsb

fnCPb

indexOf

ZimRy

TwGAi

indexOf

dSUQk

JCAvw

cIrLr

GCYZe

Ovdjx

YDhQj

EtwOw

HcnfX

Ovdjx

KkRnU

KWuPO

DRETg

indexOf

admin

lqYSJ

cGKnO

win32

HcnfX

PtHsa

indexOf

6.1.

csdtc

indexOf

heJsi

sanra

YDhQj

qcMdl

KkRnU

csrQQ

UgWBm

csdtc

indexOf

DidEO

indexOf

john

HfoIX

UgWBm

YDhQj

OXpWL

KkRnU

OXpWL

TNOfC

10.0.15063

TNOfC

OeEvP

qzNKu

indexOf

DidEO

indexOf

dtVFe

wqHID

123

OxFwF

YDhQj

OxFwF

qzNKu

indexOf

FcUuU

UFRYH

indexOf

qUYGu

UiaXN

indexOf

FKukt

ZVcrV

YDhQj

EtwOw

RSAHO

indexOf

zPmcD

OxFwF

KkRnU

lztjH

sugPe

indexOf

Xeon

Eumea

lztjH

YDhQj

sugPe

lztjH

6.1.7601

lztjH

oxAyo

rRjcA

gJoXW

nuVAn

gJoXW

73a080

qUNAq

YDhQj

QKUut

LkAok

mCfVo

indexOf

FcUuU

jKOcj

indexOf

lHrYx

WTtfy

gJoXW

YDhQj

QKUut

LkAok

gJoXW

cStZH

BBcyg

NInIP

prfDF

tqzbh

YDhQj

AJdMR

rNRlx

10.0.18363

oaBye

QTGMU

oaBye

ORkip

JnwUN

fxoqZ

bDjMP

YDhQj

bDjMP

6.1.7601

rySvp

FwUUe

AJdMR

kggtA

FwUUe

gknjH

zOVZh

UzoTb

hBBAh

YDhQj

AJdMR

nXFzB

UzoTb

zXYLB

5803c5

dABbS

YDhQj

UzoTb

NWzKS

indexOf

DPPHG

NWzKS

IKgQP

XscHw

YDhQj

EfKOS

urfUz

indexOf

10.0

hHbti

NWzKS

QxyRl

fuJNp

urfUz

indexOf

dSUQk

urfUz

indexOf

SwVbG

133

fuJNp

YDhQj

GaeTd

rqiPn

GaeTd

XeDGt

fnyYJ

LvKsC

wNMoq

FzOlx

TUQjg

win32

fBZpQ

d61484

TPbKR

Wgzsh

YDhQj

iDxYb

fBZpQ

BuQwG

VXTnw

jCMNs

jPoZz

QdWnV

BuQwG

win32

AJdMR

ZpaQo

ukeIB

KkRnU

ukeIB

moTpy

wqHID

HWPwl

KsjDl

WRcWf

MhgCC

YDhQj

MhgCC

KkRnU

MhgCC

pZlQV

rndOc

59a422

ciPSM

YDhQj

aPJgW

CmIzz

6.1.7601

indexOf

msnfI

WVMSO

indexOf

administrator

139

CmIzz

YDhQj

CmIzz

iDxYb

FUJDy

PHosU

nLsdA

PHosU

SlROv

zJhaJ

fKqef

win32

6.1.7601

fKqef

mnyFr

vGKYa

f6b8ae

yYQgx

141

yYQgx

YDhQj

mXKvg

hHbti

YxtJT

0bd650

xltpt

IqFLx

TjXon

tPymP

YDhQj

ZpaQo

QRPWU

PNYMX

QRPWU

zOWUE

PsojF

a592e8

VyNcu

dVeDr

IVDqK

sBNbx

YDhQj

rdVSz

sBNbx

275dec

sBNbx

351468

144

sBNbx

win32

rqiPn

sBNbx

ajRop

EiCFc

HYhFa

YDhQj

VxPSA

indexOf

10.0

mIfUA

indexOf

UGCiu

EiCFc

qiLmO

tDvEx

10.0.19044

indexOf

dSUQk

bc54f4

146

VkusS

YDhQj

ZpaQo

6.1.7601

VkusS

fbPPW

qhUMl

ONwzN

khGxd

ONwzN

YDhQj

VDSQz

10.0.14393

ONwzN

QMsik

indexOf

dSUQk

VxPSA

indexOf

dtVFe

cdELI

eXDLS

YDhQj

OnuLq

6.1.7601

eXDLS

SBEpI

VDSQz

indexOf

bUwDx

ICHXb

ttMHs

5bc06f

SqoNk

FcLsg

YDhQj

EYFqa

FcLsg

KkRnU

Ekssd

WKqYn

indexOf

Xeon

Ekssd

utmgA

VdtWW

tNcpK

nrKjV

xHzyS

win32

WKqYn

iWuSJ

xHzyS

KkRnU

xHzyS

QpdDe

OMXTA

VxPSA

indexOf

GJgjY

UWDJV

QpdDe

YDhQj

qUgxw

cAJNB

kcUMc

KkRnU

kcUMc

OhbTq

kUGNr

AkjKz

akROW

AkjKz

YDhQj

AkjKz

iDxYb

bmwUT

WXNla

d38e35

tDdQm

WXNla

YDhQj

qUgxw

MGLBR

indexOf

10.0

indexOf

dSUQk

WXNla

xKRPk

iDxYb

QyaUt

FkyXb

QyaUt

ItwsU

CEXyQ

QyaUt

YDhQj

QyaUt

6.1.7601

GjdEY

JbVpb

tipRb

JCAvw

tipRb

RMZSd

cIrLr

tipRb

7fa24d

IquEM

HcMNt

nnbTK

whVmC

nnbTK

4b418f

nnbTK

gHKSf

CGDNG

nnbTK

YDhQj

QsPdB

MGLBR

VxPSA

indexOf

ZimRy

nnbTK

WrAqv

KZbeg

HNjpV

JlGnS

indexOf

dtVFe

zrHUK

KZbeg

YDhQj

EDSTS

MGLBR

IOoYf

KkRnU

10.0.18362

uFPWl

EHBOz

cPTWG

uFPWl

win32

kLtRR

MGLBR

iaMqk

jhzJL

uFPWl

KkRnU

uFPWl

158

TllWJ

win32

iDxYb

JlGnS

indexOf

dSUQk

TllWJ

sWtwF

AplEs

win32

PNYWV

TllWJ

6.1.7601

TllWJ

MtYDI

a739

MtYDI

d60869

tiGpr

ovioi

rcAMP

tiGpr

YDhQj

PNYWV

WFteb

indexOf

FHrum

LDRhC

dmAuO

zaESx

gSzfN

spsjA

fxdKt

161

AEmTS

win32

PNYWV

RXPhy

pYlxs

dArXW

LGtsv

UtbuS

UrzpS

JLczQ

amVqU

qXnJy

JLczQ

win32

PNYWV

NGkEJ

lrjMW

KkRnU

lrjMW

zRdeV

24889e

zRdeV

gbpsZ

pMZxa

IRxPe

YDhQj

PNYWV

NGkEJ

Utuca

10.0.19045

cetAl

bCEPA

TnRdu

PzOGs

YDhQj

iDxYb

PzOGs

uWugH

rlLpV

MVVMx

165

rlLpV

YDhQj

PNYWV

NGkEJ

isOdw

IVXNc

isOdw

faVNg

zLrzp

hVnwd

MVYwm

zLrzp

YDhQj

VuQQR

NGkEJ

HfFBM

6.1.7601

HfFBM

sDuEo

JlGnS

indexOf

TIarq

aaVjV

HfFBM

win32

fJMRM

NGkEJ

rqiPn

HfFBM

itRxP

RUVPI

Oveum

RUVPI

YDhQj

RfiJg

RUVPI

mhkCf

KdItS

qyMWv

bRXDV

GfKLh

KdItS

YDhQj

pYhkG

KkRnU

pYhkG

Lvulr

pYhkG

NaKaW

VUIJj

win32

fJMRM

NGkEJ

pYhkG

iDxYb

2253

QaqwL

xfSfs

SyFPV

Xomep

RZIKu

indexOf

DidEO

JlGnS

indexOf

tdFDF

171

YDhQj

vbdmx

kfTEK

indexOf

WxRxm

kfTEK

indexOf

pvdFp

KkRnU

xUThv

indexOf

bUwDx

VBkVn

win32

fJMRM

iNLDf

indexOf

HqPRq

XdvIs

indexOf

DPmjr

hTmjk

YDhQj

fJMRM

iNLDf

xUThv

cStZH

xUThv

275dec

174

YDhQj

IGSVC

iNLDf

IGSVC

indexOf

bUwDx

xUThv

IVXNc

xUThv

KiZvS

indexOf

DidEO

XEYHK

indexOf

admin

175

AZEPu

win32

IGSVC

iNLDf

Ozwwo

KkRnU

Ozwwo

gwjAb

eqHrg

indexOf

FwLhY

bYrpk

MccmF

win32

MccmF

iDxYb

vziTR

Annoa

HWvVP

wBQir

tUvzh

177

win32

iNLDf

indexOf

ZimRy

jlEps

indexOf

bUwDx

eTIoh

10.0.15063

iOfpT

50ab44

lVQpF

OSVVi

YDhQj

iNLDf

indexOf

DESKTOP

lSXUC

10.0.10240

lSXUC

179

lSXUC

YDhQj

lSXUC

rqiPn

lSXUC

ZNFqh

b7e24d

aLcUq

sXUlD

ZNFqh

YDhQj

FdUwk

iNLDf

KkRnU

ZNFqh

QQNEp

XgWdX

PosOu

fmbRi

eqHrg

indexOf

GJgjY

LNdNY

PjeLx

YDhQj

vyKmj

ntzGB

eqHrg

indexOf

dSUQk

vyKmj

NsJMp

GkHaP

Lofco

NsJMp

YDhQj

10.0.18363

LeBOl

tpBrW

ztGdU

bTGNI

gqJIt

YDhQj

FdUwk

iNLDf

Flwuz

iDxYb

Flwuz

2cd67e

WDOlk

Flwuz

YDhQj

RfiJg

10.0.19044

Flwuz

jxhJn

SppKg

indexOf

DESKTOP

jxhJn

oMJwM

pNyiv

CphNo

YDhQj

KkRnU

fPWdD

ZWTWH

pBruB

wIHTR

48fdf5

DifdD

kIyna

YDhQj

pWPXo

iDxYb

yGXPX

hzxcD

gwLuo

GykNB

cnWSu

FptWx

uDkYX

YDhQj

bKeLU

iNLDf

bKeLU

indexOf

bUwDx

cnWSu

KkRnU

zoWfj

EMlHu

zoWfj

xNQTf

SppKg

indexOf

administrator

Quad

UI16LE

UI16BE

UI8

HEX

hex

GUID

UI32LE

FTIME

DTSTP

STR16

aVBZF

MLPvC

UOTJG

UI32LE

alloc

writeUInt32LE

UI32BE

alloc

writeUInt32BE

QUFUr

alloc

writeUInt16LE

DsBXq

alloc

writeUInt16BE

mGgdE

alloc

writeUInt8

EOUrl

from

XDxFf

hGGmA

split

AWRmy

NyQFz

XGuAT

QUFUr

frWsD

isdnB

QUFUr

GpgAK

falOo

EOUrl

falOo

EOUrl

concat

fajxP

YZOsO

EIMXL

JNGCC

YZOsO

floor

EIMXL

floor

kxUST

RXJrZ

UI32LE

URhcI

NyQFz

concat

YgFHP

VjjvZ

OPKlv

JNGCC

getFullYear

NNkil

JFStW

getMonth

nkSkk

getDate

URhcI

QUFUr

nmTVO

OPKlv

getHours

jPWbx

TmXQS

getMinutes

jPWbx

floor

kxUST

getSeconds

QUFUr

concat

tcEvB

alloc

YZOsO

length

WGDOH

length

writeUInt16LE

charCodeAt

WqMGn

undefined

fXEJd

bMTRf

zJCdY

push

snWSZ

qVNUv

EEdTM

yQpGM

lqFtm

ppid

lqFtm

ppid

frWsD

\.\

3|5|4|0|1|2

split

Etefv

substr

FBHTm

length

Yuhos

substr

indexOf

split

join

Yuhos

substr

length

substr

UPztJ

length

UfolY

indexOf

xLFpi

split

xLFpi

join

1|4|3|0|2

UI8

UI16LE

cmd.exe

STR16

base64

C:\

rpcsrv

tmpbuild

_i_

undefined

0|4|2|1|5|3

object

TsWeu

QBjZS

CxEvA

nxFqp

ClJXG

SiBJY

nOHRa

max

min

UI32LE

00021401-0000-0000-c000-000000000046

FTIME

eRMxT

wagNX

GUID

20d04fe0-3aea-1069-a2d8-08002b30309d

zguDz

4|1|3|2|0

fLNnC

DTSTP

nXimr

oyUKj

dmbtp

iDANk

bExVx

alTGw

rXAhA

hbbSl

length

RyDLN

name

length

name

file

length

file

workdir

length

workdir

args

length

args

icon

length

icon

now

workdir

QQeOE

workdir

FZFLb

workdir

indexOf

workdir

readFileSync

file

gQbPi

sVmkg

ctNmU

file

FPtwT

file

indexOf

nzKIr

gQbPi

nzKIr

BNzmT

gQbPi

Bgwjy

JXGQd

split

AujxR

SLRNK

AujxR

kJcnA

push

alloc

push

from

AObId

SLRNK

file

BNzmT

aqdhb

kwXCG

aSJHK

file

workdir

FZFLb

workdir

indexOf

gQbPi

workdir

aXvJs

split

flg

name

flg

QMtbW

file

flg

UXIdg

workdir

flg

UXIdg

args

flg

aYYIx

icon

flg

tnlfm

att

file

gQbPi

kePMu

ZAVIR

file

att

Cnmtf

JQzWz

writeFileSync

pf2

readFileSync

att

shcm

Ebjke

show

yIxlT

shcm

Ebjke

show

fgWlb

Aahln

show

shcm

IEGXH

GUID

VWVcO

UI32LE

flg

IEGXH

att

bPtJH

ftc

onhDn

bPtJH

fta

zmjSh

bPtJH

ftw

zmjSh

IEGXH

fsz

Uglxn

IEGXH

icidx

Uglxn

IEGXH

shcm

kJcnA

hky

Uglxn

kJcnA

Uglxn

IEGXH

QsvkO

IEGXH

concat

flg

gQbPi

TZsBD

Eiynl

QsvkO

UI16LE

WwuDy

kJcnA

WwuDy

SLRNK

mSRip

SLRNK

winrc

ZNtwT

length

Ebjke

substr

gQbPi

qRdIQ

PgFCN

ITsGs

split

push

alloc

SLRNK

mSRip

SLRNK

push

from

FNCHC

kJcnA

unshift

MYOTF

qtbUA

length

UCpnS

ipDvl

args

trim

AujxR

kJcnA

length

onhDn

XzaYN

length

from

file

LTtwI

oguhN

length

mSRip

kJcnA

length

mSRip

SLRNK

KqLPu

SLRNK

IEGXH

KqLPu

DTSTP

ftw

oAGVk

kJcnA

push

oAGVk

SLRNK

kJcnA

rciJC

IEGXH

laZDn

OHvJZ

ftc

dwzbx

DTSTP

fta

length

xkHyE

kJcnA

FNCHC

length

kJcnA

qxKEK

STR16

qxKEK

kJcnA

qxKEK

kJcnA

concat

writeUInt16LE

length

push

concat

writeUInt16LE

length

push

jRdvz

kJcnA

parse

from

env

LU0

yTbAy

toString

concat

length

writeUInt16LE

oguhN

length

IgtZK

lXfVx

flg

TyesJ

daGuK

att

name

jRdvz

kJcnA

length

ndnJR

XzaYN

grBZB

flg

TyesJ

BOUsw

cQHOC

rqalb

aXvJs

file

vlyWr

kJcnA

length

STR16

ZAVIR

LlRkK

IXokp

YcFWg

hkyGT

YQIlf

oOnNJ

LU0TO

eJTKM

.txt

readFileSync

toString

trim

SMUKn

lXfVx

flg

VeBXb

FKNTI

DRbrc

workdir

EnSlZ

length

vlyWr

kJcnA

length

STR16

QrcMv

flg

TyesJ

CxwHs

qtbUA

fromCharCode

aSJHK

args

trim

UI16LE

length

riQGr

XzaYN

QrcMv

flg

oLMHt

ReiWS

DRbrc

icon

BPtRc

kJcnA

length

ALqnq

STR16

oKcWi

code

tBNyJ

oKcWi

signal

length

ALqnq

IEGXH

concat

TyesJ

VPGAv

UHZQK

writeFileSync

kaule

split

from

stringify

concat

update

final

createCipheriv

aes-128-cbc

slice

randomBytes

writeFileSync

prs

EMVVo

YGkFO

name

onhDn

UI16LE

length

XzaYN

.exe

\Microsoft\Windows\Start Menu\Programs\Startup\

.lnk

gqpuh

DFLjD

PMrpc

DFLjD

PMrpc

DFLjD

aup

PMrpc

delBW

ulnJX

tmp

vJsUC

AVzom

FlYeT

vJsUC

AVzom

vJsUC

Gcazo

apd

hUEhq

AVzom

kVUvw

AVzom

PVWUg

KXBHy

obbav

AUfNa

prs

PMrpc

prs

exit

mkdirSync

0|1|9|3|15|10|11|14|7|5|8|2|4|12|6|13

string

false

uncaughtException

5|1|0|4|3|2

aes-128-cbc

UI16LE

mUMqT

XdUjg

CunkH

JZGjA

uxefT

fKMiM

Bmsha

wHTLs

fAnpO

log

prsv

pf1

pf2

zaCnV

AByYO

mUMqT

statSync

pf1

mkdirSync

existsSync

resolve

argv

resolve

argv

CtsiW

RleBo

CvNcB

statSync

pf1

xYYdp

split

isArray

xcKkA

length

Evvsq

cttHy

length

ICqlI

length

AHyVu

mNMaO

split

AERqu

bOKKl

statSync

BiTCP

XfHjK

size

AERqu

JZGjA

ZQNEc

writeFileSync

pf1

readFileSync

uerepl

jPqLb

removeAllListeners

log

QXAmS

stack

log

stack

LTHoY

uxefT

ePoQl

file

statSync

pf1

XfHjK

size

SZNnh

AFpIb

hYWji

split

createCipheriv

ZYzza

slice

randomBytes

writeFileSync

prs

concat

update

final

from

stringify

statSync

pf2

GrYnr

vbudn

APJkr

log

statSync

XfHjK

size

msITt

EKjRH

workdir

CHlxz

length

qqtpM

rzbSd

length

qqtpM

STR16

writeFileSync

pf2

readFileSync

jYJwE

fAnpO

env

AERqu

toLowerCase

env

statSync

pf2

size

basename

pf1

basename

pf2

argv

Bjosj

join

pf1

pf2

resolve

pf1

resolve

pf2

resolve

argv

resolve

argv

MikPi

bmgRo

\Fonts\micross.ttf

hex

Washington1

Microsoft Root

UETpe

roUBV

OJxNg

hnDwO

outerr

push

readFileSync

length

toString

VWdwn

from

eKWHP

toString

hex

nJDnT

indexOf

from

ubrKw

toString

VWdwn

indexOf

4|0|5|2|1|7|8|6|3|9

hex

\Fonts\micross.ttf

LKdhx

HVoxc

RLPQh

length

CxgHh

YWwie

HnlFP

leWiC

split

toString

hAHUD

length

xhtOR

indexOf

ecdIo

Xclqa

readFileSync

from

Microsoft Root

toString

hex

from

Washington1

toString

hAHUD

KwozN

indexOf

5|2|0|1|3|4

split

session

push

pid

push

path

length

path

name

VqSHI

raBld

ppid

NPVwl

OWBOY

msiexec.exe

XYbeJ

VstNW

pNmWC

zUCKA

bhfOC

pid

mnvWB

length

pNmWC

OWBOY

gHhGq

OWvHe

ZFEvI

length

BZKSP

toLowerCase

indexOf

ySIBZ

pNmWC

Uxzcj

XYbeJ

ppid

length

tree

path

toLowerCase

name

toLowerCase

pid

indexOf

ySIBZ

YUMUn

indexOf

push

iCJHt

length

aquHb

IrmLt

ppid

Xgawc

ppid

RUZJl

mkdirSync

VnYCt

length

log

psls

KyfCh

vrZoJ

ktmr

JHlBU

LZjhi

4|2|0|3|5|1

aes-128-cbc

wwMHO

VBwEG

uWItC

floor

mPFnw

FSVWz

pop

bMtVy

split

createCipheriv

NazwO

slice

randomBytes

concat

update

final

from

stringify

writeFileSync

prs

win32

275dec

10.0.19045

990d1b

582a34

2cd67e

DESKTOP

b71c

bac5dd

10.0.16299

570a90

bea-chi

john doe

6.1.7601

62efb9

a888

administrator

Xeon

Host1

user

10.0.17763

10.0

george

10.0.19044

f4cb33

anna-

10.0.15063

8e776c

dillon

peter wilson

a739

d60869

10.0.18362

2088

c23200

769fc7

10.0.10240

c39efd

6.1.

goatuser

admin

azure-

9ca5a0

55d8

NOHID

10.0.22621

95deb5

my_pc_

10.0.18363

7f8794

aff8

john

f5faf7

f94649

e32aca

804a

10.0.19042

fb6ab4

64ccb5

62327b

a4757d

gary-pc

stark

611a3e

e379b3

72c1f0

10.0.19041

2a4494

10.0.19043

STRAZNJICA.GRUBUTT

NOUID

7c1a

8726e3

cd4ec1

033bd9

4b9de2

591acb

092f16

10.0.10586

00181a

a8776a

e94c92

9a50

13b4

ab86a1

9f72

bd9ff1

b5a0

janusz

ed6464

3151

10.0.17134

EPYC

shadow-

shadow

32b1d5

c350

86438b

KVM/QEMU

6d05

b38e56

b445bf

lisa

0cbc66

6eb45e

AMD EPYC

7e73

70b4

d580

b6f4a2

3e45fc

46e6f8

2988b8

6.3.9600

04159b

bf0760

9114

e8b9

fca565

f2886f

d0062c

5803c5

72f6c0

25cd40

851c

b0f8e1

061613

77bd

736b19

100

101

46502a

102

harry johnson

103

e2c5

12a5b6

4f81e3

b75705

52c9

db9a51

64ca98

107

3219

108

109

work

111

709b

112

4f5cec

a.monaldo

114

bc54f4

115

4085c6

116

alexeyzolotov

e06b

6a29b3

6.1.7600

a592e8

0fdc

cc1a

88dba0

18275d

bot 115 W7 Xeon H 24889e U 18126e

121

122

cb0013

5bc06f

123

a65640

124

10.0.22000

9d5196

125

9a8599

126

CompAlexey

127

bca236

723943

128

129

130

10.0.14393

131

379a7d

132

c037

b4a2c8

134

135

1285

abcf10

137

mars-pc

138

139

d04f74

2bf408

141

cd4ee8

7fa24d

2b22

4b418f

74529b

142

97a9d3

d1457b

a6f2

5b2e9c

145

146

50ab44

9639a3

147

DESKTOP-JTAPJCC

3a83fe

d38e35

149

56d4

9ec750

150

2253

2293

e8c630

3f9b99

151

152

167bfe

153

646a8b

154

0bd650

8215e4

155

6bd1

d864df

bb2e4c

4b33b6

c8b63d

160

41c07c

7e0c8b

a98d

efba14

930d8a

163

164

165

6e64

747890

166

8fdf0b

4ed984

2652ee

d76211

169

32b5

9f9d51

170

86131a

171

f3f0c6

172

b1a8

173

351468

174

175

72e748

dd15

6e6551

177

bf7e

35ae2e

178

179

6adf97

180

436f

181

badfad

182

183

953225

184

185

11d4d6

186

joe smith

5fd4c0

nGTMH

0|2|1|3|4

FsAuO

VPgik

dbLsA

FXmzJ

split

vQmtZ

VsBEq

weDyF

vQmtZ

cvHJG

351468

vQmtZ

VsBEq

pcCdL

JODfy

pcCdL

QRBFL

OrUQy

YAvly

maawR

YAvly

VsBEq

WPBuJ

gNFSR

10.0.22621

jjDXW

weiwE

xFbjz

Rekxp

xFbjz

win32

nRzAy

ltqOA

indexOf

10.0

xFbjz

ltqOA

indexOf

aUynh

xFbjz

HBVuX

SiPhV

UUENr

IHbuw

VsBEq

gAJcO

wkzhR

kVRJM

VsBEq

WPBuJ

SslWt

indexOf

RUqme

SslWt

indexOf

ahFmd

LbawL

VsBEq

bbdzn

cWsLi

siXqn

SfYwS

siXqn

kpCCP

gbQPM

#56d4#

eHYdL

yPjse

VsBEq

hMrij

fRnnO

eHYdL

SfYwS

lboUo

AfvZJ

InFEC

iKMuQ

2001f7

SslWt

indexOf

OBVCO

xDDAx

VsBEq

hMrij

BmyRw

hMrij

indexOf

RsuEI

UnbtS

indexOf

IdnuW

indexOf

njAWe

VsBEq

eoAxW

lPHNa

riHkb

10.0.19044

riHkb

PWDGK

indexOf

aUynh

PWDGK

1e75

CXFkj

VsBEq

SDexD

CXFkj

SfYwS

CXFkj

PzxDo

IQcAV

VsBEq

UnbtS

indexOf

JAVWM

olndB

TmAng

indexOf

SWqmf

olndB

VsBEq

zjVbE

olndB

TjFCo

olndB

UVRBh

win32

jeXnq

indexOf

uGmSE

97a9d3

jeXnq

VsBEq

zjVbE

UoOln

srgwd

2970

UoOln

uEfvV

UoOln

win32

AKWZL

Srklt

jrjuP

indexOf

dBQLv

indexOf

DHntZ

OBckj

VsBEq

OBckj

lPHNa

pjXgh

TjFCo

pjXgh

InYAe

jrjuP

indexOf

aUynh

InYAe

VsBEq

GUwHz

SfYwS

InYAe

gOuMz

BMRXW

dTfIb

bLCAu

HLnVv

75c891

VsBEq

HLnVv

TLfDS

SfYwS

yiqVn

KQLrV

YvLdR

eflNO

VsBEq

sSkYL

yXybE

xTdgz

yXybE

win32

TvvIx

GUwHz

jrjuP

indexOf

aUynh

yXybE

eTiyF

yXybE

FuEeZ

VsBEq

euawU

JODfy

yAAZy

HNxgU

aasXj

52acd9

aasXj

VsBEq

GUwHz

JODfy

aasXj

iocgu

ZPJpg

BjfTN

win32

10.0.19045

BjfTN

vIUIS

VdFZk

fsCMc

gOzvN

fsCMc

VsBEq

jrjuP

indexOf

ofPhD

JQcSs

indexOf

xmVlZ

mTlww

VsBEq

DOfVb

YqSCf

mTlww

6.1.7601

LvdCD

3635

KUYmk

VQLBg

OZsAM

1cce9e

JQcSs

indexOf

dYPGS

NePeg

VsBEq

JQcSs

indexOf

aUynh

JQcSs

indexOf

admin

NePeg

MqvpL

10.0.18362

DOfVb

indexOf

RsuEI

AqcbG

VsBEq

DOfVb

YqSCf

gbgSJ

indexOf

tXQHh

gbgSJ

indexOf

azure

AqcbG

SfYwS

FpnJS

gZMML

indexOf

RsuEI

FpnJS

VsBEq

KElqk

PxKXZ

FpnJS

SfYwS

FpnJS

VrdfG

FgPtN

StUhP

HsbNO

win32

URpTw

OBcVS

eMjGv

6.1.7601

HKpik

eTiyF

HKpik

lItlU

gbgSJ

indexOf

INSXu

upfSU

indexOf

NOUID

VsBEq

HKpik

NOOeK

upfSU

indexOf

aUynh

HKpik

GRKlp

TPXIc

win32

xynJg

indexOf

ofPhD

upfSU

indexOf

urVVh

upfSU

indexOf

administrator

ZnriJ

VsBEq

ZnriJ

jgywo

ZnriJ

ueXjw

tTTmf

nYwla

VsBEq

nYwla

6.1.7601

nYwla

lNYhz

indexOf

INSXu

upfSU

indexOf

Khlch

bWazf

win32

bWazf

SfYwS

bWazf

nLUWk

Vwoyk

nLUWk

rHZvd

VsBEq

utVvi

JODfy

IKYam

yZFnL

IKYam

VsBEq

yHsdF

Dlpll

IKYam

SfYwS

IKYam

IrsIj

OXvip

nsWhK

VsBEq

jgywo

CbNlo

kezQP

cc9adb

cABKe

VsBEq

yHsdF

Dlpll

EVSUF

indexOf

JAVWM

10.0.18363

fmPSs

fvZjo

fmPSs

EVSUF

indexOf

aUynh

EVSUF

indexOf

frank

fmPSs

VsBEq

fmPSs

tEnEt

fmPSs

mUkTH

saKmu

nOqmh

VsBEq

Dlpll

jwsdd

Uuyjy

2be941

EZWLF

10.0.19045

ZuJWR

indexOf

Xeon

EZWLF

win32

EZWLF

lPHNa

jqbqj

RXxFb

TeaIF

EFPzV

TeaIF

VsBEq

TeaIF

EVSUF

indexOf

ofPhD

indexOf

rQxSZ

EVSUF

indexOf

ZGaXR

TeaIF

win32

PoRZg

GrnDU

SfYwS

LcLNr

YecCM

ZuJWR

indexOf

RsuEI

indexOf

NOHID

indexOf

OBVCO

YecCM

VsBEq

ZuJWR

YecCM

KQLrV

OlCYX

pQrGa

b71c

win32

BPydf

SfYwS

HAehf

indexOf

RsuEI

uruwt

elsSa

sHqmO

LiusV

win32

IzMvm

QvTCZ

RWoxZ

eKPPT

iLKKa

win32

MYoPZ

xjCei

fKjki

WmQVE

mKzgn

JODfy

mKzgn

qLlyS

eOsiW

win32

eUvbS

xjCei

EVSUF

indexOf

ofPhD

indexOf

uRVyC

eOsiW

win32

eUvbS

xjCei

wSOsl

SfYwS

kjVCB

eUvbS

indexOf

RsuEI

EVSUF

indexOf

INSXu

indexOf

BMMdU

DimtH

VsBEq

DimtH

NOOeK

DimtH

IIpZb

FTTEV

tqMVf

IIpZb

MZZwS

IIpZb

VsBEq

qdqEF

xjCei

IIpZb

10.0.19044

IIpZb

iMGFV

VTzeQ

VsBEq

10.0.19044

iMGFV

HYVqO

7c1a

HYVqO

MpFDl

aRpqu

knFbV

VsBEq

SfYwS

lbYVR

fPRWa

48fdf5

lbYVR

VsBEq

lbYVR

CKaUy

EVSUF

indexOf

INSXu

DtPZN

indexOf

BMMdU

CKaUy

QvTCZ

MDOIU

CKaUy

3151

CKaUy

ahRli

CKaUy

DWBHm

CKaUy

DymnW

9ab4de

xkVNF

129654

xkVNF

f7e0fe

fPSpR

win32

fPSpR

CHuit

cvHJG

ZLJFA

351468

ZLJFA

VsBEq

SJZtO

gAJcO

TOAKx

GjMQC

SNsqp

liBMH

dc599a

SNsqp

VsBEq

fyAam

lPHNa

QYuqE

iGwwl

PawZc

SiqlM

iGwwl

VsBEq

VdjHP

xjCei

iGwwl

SfYwS

iGwwl

xFTGr

tkpLR

imvel

pWcHp

imvel

73a080

imvel

win32

VdjHP

ixbMK

VdjHP

indexOf

RsuEI

DtPZN

indexOf

Host1

MbATW

indexOf

njAWe

VsBEq

ixbMK

YCtrj

indexOf

janusz-

YCtrj

indexOf

rtHzQ

imvel

VsBEq

ijZJY

indexOf

10.0

imvel

6f2958

Mcbkt

indexOf

Khlch

XcsyY

VsBEq

vqign

10.0.17134

TvIGy

win32

10.0.19044

BxdfB

UtyuX

ppcLa

UtyuX

VsBEq

AkVCy

Ylxbu

SfYwS

MhKlf

indexOf

art-pc

CElAB

indexOf

OBVCO

pulCc

win32

pulCc

cruDy

hCCff

MDOIU

bgHJg

SfYwS

bgHJg

bjHdm

indexOf

INSXu

ugCbA

indexOf

BMMdU

VsBEq

HPOgA

cmCkJ

bgHJg

rakEi

WuWdm

KQLrV

rakEi

eflNO

HxYKh

indexOf

DESKTOP

HxYKh

indexOf

BMMdU

rakEi

VsBEq

QNIEd

indexOf

10.0

tQZyv

indexOf

pqzvd

mUvUN

indexOf

RsuEI

sVCfI

indexOf

fxuCa

sVCfI

indexOf

RqJGZ

rakEi

VsBEq

NOOeK

ayTgg

rakEi

iZxHg

DzNNk

VsBEq

SlAjb

6.1.7601

UpwSr

kYuIK

indexOf

dYPGS

UpwSr

VsBEq

ESMdE

VtRFB

JkokJ

indexOf

bxwPf

UpwSr

VsBEq

JkokJ

VtRFB

indexOf

bxwPf

joOMD

aaTVJ

win32

JkokJ

sVCfI

indexOf

INSXu

sVCfI

indexOf

user

KQLrV

bhsDm

SfYwS

wTmXo

win32

gKObw

zZqKL

indexOf

RsuEI

gNhRP

SfYwS

gNhRP

XjxeC

c589

agKvT

PoRZg

jzZTo

indexOf

OBVCO

GjHGZ

VsBEq

rwhaU

zZqKL

mPbBy

JODfy

ZPFND

CboEA

zXRIG

CboEA

6cfdbc

CboEA

INdgr

CboEA

VsBEq

QSyrV

MhQvi

yLCXf

indexOf

ofPhD

indexOf

aUynh

yLCXf

indexOf

dYPGS

VsBEq

zjdUh

MhQvi

Kfkpx

6.1.7601

knNGs

DhKmj

7aed

rGBNw

RIVvk

oXgEG

indexOf

qiAdQ

VsBEq

lORUR

tuHxL

oXgEG

indexOf

JAVWM

oXgEG

indexOf

aUynh

flUwU

10.0.22621

BmHBM

8920

nUcfP

bgjBq

nUcfP

VsBEq

nUcfP

NOOeK

nUcfP

WqiYw

qoVrk

yQkoa

a30c

cjCJQ

YzkAo

win32

paaJk

kzhHh

indexOf

JAVWM

jasvC

paaJk

indexOf

RsuEI

paaJk

indexOf

fRoMs

eTiyF

TjFCo

EYpyc

indexOf

NOHID

InFEC

vqYJY

jasvC

yGKbg

jasvC

XmNmT

EYpyc

indexOf

administrator

YZcRs

VsBEq

XcGrI

JODfy

Gcotn

HtNtt

b7e24d

HtNtt

iogrc

HtNtt

VsBEq

BmNwK

jgywo

sOuHW

UZSLN

HhSum

sOuHW

VsBEq

kzhHh

sOuHW

10.0.18363

oNbvH

26112

uFFlp

oNbvH

win32

paaJk

kzhHh

oNbvH

PrZnq

oNbvH

YBOQJ

iXTfp

wJWmd

VsBEq

FkWLf

BFzKU

TzrVx

10.0.19045

ZJTvf

AUcpu

gMrOl

mXVBV

lzNxo

lyxdS

mcWXM

isArray

SWsrp

length

oScEp

VsBEq

oScEp

iyaEN

NOOeK

fOGaP

2a4494

VsBEq

uVGbK

jgywo

uVGbK

ueXjw

prKIV

win32

ULsew

LTjtJ

6.1.7601

LTjtJ

okAxY

LTjtJ

HJzoB

EUYgh

vnHwD

XCXxh

VsBEq

PkMdx

ULsew

XCXxh

d61484

XCXxh

HCcGo

XCXxh

win32

PkMdx

ULsew

bsQtn

SfYwS

vtanA

RIVvk

oiADc

indexOf

lisa

vtanA

win32

jEfAr

ULsew

TbalV

srgwd

eTpqj

eBCld

win32

eNpjA

10.0.19041

eNpjA

eKPPT

eNpjA

VsBEq

jEfAr

ULsew

cudWL

WmQVE

oiADc

indexOf

harry johnson

cudWL

VsBEq

JODfy

cudWL

QglRv

cudWL

VsBEq

JTDuD

cudWL

JODfy

YqFeX

471915

YqFeX

win32

zbRDq

6.1.7601

zbRDq

aoEaB

zbRDq

59a422

VsBEq

URLvA

10.0.19045

URLvA

5a1d

URLvA

DUUPm

VsBEq

EjgIc

BFeim

YKVvx

BFeim

Tygnp

zkFKZ

iyjZL

zkFKZ

win32

oiADc

indexOf

JAVWM

EHPbF

xnFtP

oiADc

indexOf

aUynh

fyTQw

jdnpr

wOxrt

HfbUR

mNBSg

VsBEq

djwZQ

IuYHT

indexOf

KVM/QEMU

wOxrt

YTpDa

wOxrt

VsBEq

IuYHT

CpvlQ

HDYtI

SfYwS

HDYtI

VkKzg

PTRyc

indexOf

OBVCO

HRTsQ

HDYtI

win32

indexOf

AMAZING-AVOCADO

PVKNZ

indexOf

NlrON

uPYXL

VsBEq

10.0.19045

HDYtI

taFZw

OzZHe

taFZw

OJMho

kVkxL

VrDaL

104

taFZw

win32

edOaN

VrDaL

YNXVU

indexOf

6.1

taFZw

rUIrw

edOaN

indexOf

RsuEI

rUIrw

KDJTV

rUIrw

zJxoS

105

rUIrw

VsBEq

atZqv

VrDaL

rUIrw

SfYwS

rUIrw

pePsi

YNXVU

indexOf

INSXu

PMnOn

indexOf

NOUID

PyFVa

TQLRx

106

VsBEq

xLCkw

NOOeK

xLCkw

SyIbd

txdQb

rcBTL

gIoYK

MYdYF

KYsKs

toemD

VsBEq

VrDaL

6.1.7601

toemD

gfhDN

toemD

9db1e4

93a77b

ASGxL

DSeIT

VsBEq

VhWna

vTLwX

10.0.19045

xAvKm

oYSUU

wkLzq

QiNKF

NoQKz

RkRsB

efqHr

VsBEq

atZqv

tiWuM

efqHr

WuWdm

OlIIX

KQLrV

2088

PMnOn

indexOf

DESKTOP

anLcA

indexOf

BMMdU

110

OlIIX

VsBEq

AUNDe

anLcA

indexOf

ofPhD

WiUUf

indexOf

EvtUC

yQqAz

indexOf

dYPGS

qEZHU

AUNDe

VsBEq

CZCaz

ukoGF

PbqHV

SfYwS

srgwd

PbqHV

iTNjF

PBecE

indexOf

INSXu

YHbTS

indexOf

dYPGS

fGDpH

Iqtwx

hJsBD

fGDpH

VsBEq

CZCaz

dIFwa

fGDpH

10.0.19044

fGDpH

aawSu

113

fGDpH

VsBEq

tJcJG

indexOf

FitUN

SfYwS

rWyJF

indexOf

Xeon

jDWRa

noPPG

VsBEq

jhBng

indexOf

JAVWM

CZCaz

indexOf

bxwPf

noPPG

5d0c

aOrlZ

FLqsQ

TjFCo

jhBng

indexOf

aUynh

eLHSo

VyZYz

LvopM

yJoHj

VsBEq

AVbYF

JODfy

AVbYF

uNwDA

VFLtL

Mewvz

SQIqP

VFLtL

VsBEq

indexOf

CompAlexey

KkCAN

indexOf

YVjRK

117

VsBEq

CZCaz

tJcJG

PuvIa

TjFCo

PuvIa

mdjDS

sQNWC

hJbND

boxzX

118

sQNWC

win32

CZCaz

tJcJG

sQNWC

BpXmR

sQNWC

nWgdf

GzUnY

NVYfL

0b6631

119

NVYfL

win32

Wjvvk

hFaoo

LKumI

klNUX

mcfKa

LKumI

kwKyB

LKumI

iMzbn

KkCAN

indexOf

OBVCO

120

uQZqQ

win32

CZCaz

BPwph

uQZqQ

SfYwS

uQZqQ

rKkMw

nzvBl

24889e

nzvBl

18126e

gwDrV

HYYGN

miDrz

dPUtX

win32

aXonn

tMoIu

PImGK

OUvWP

WSeNJ

VsBEq

CZCaz

BPwph

azzJE

SfYwS

azzJE

CZCaz

indexOf

Xeon

azzJE

IgYAR

azzJE

5bc06f

yPJcf

VsBEq

pcMPK

hWlpk

pcMPK

wZVmE

hBiyp

WXCWd

wZBgo

hBiyp

VsBEq

CZCaz

gGxkB

YSzLL

10.0.19044

YSzLL

mEvwT

RDSEr

crwLC

oxsiW

RDSEr

win32

wUYoX

KkCAN

indexOf

cuvBD

KkCAN

indexOf

alexeyzolotov

AKDGn

MINdq

VsBEq

NOOeK

ckVvU

RYBmH

3322

Hkbhu

HDSPU

Hkbhu

OUwqP

wovyY

palYv

VsBEq

CZCaz

uOtJK

CZCaz

indexOf

RsuEI

palYv

TjFCo

lHEOf

bqcvq

indexOf

INSXu

bqcvq

indexOf

dYPGS

kvNaf

lHEOf

VsBEq

bUnCW

wtiII

e1e853

rFkft

SfYwS

nmBtN

LZaVy

nmBtN

VsBEq

wtiII

VTDHK

znvAi

VTDHK

UKuwA

cZYCC

BMRXW

cZYCC

aCdYF

win32

cZYCC

SfYwS

BcaLz

HKCTa

uyIJL

InFEC

uyIJL

iYNmV

indexOf

OBVCO

QxqiO

133

pLCBb

win32

pLCBb

NOOeK

pLCBb

CnxUj

IjzGq

EMlkn

SQMyV

kkBPr

IdVXU

SQMyV

win32

SyslZ

hWlpk

HSzZL

indexOf

aUynh

SyslZ

DZfuW

f1dd

VntkP

VsBEq

wtiII

DZfuW

znvAi

vBVQq

kFjsP

HSzZL

indexOf

aUynh

HSzZL

indexOf

dYPGS

136

kFjsP

VsBEq

JyJzt

indexOf

JAVWM

QZFGO

FfflY

QZFGO

DvUon

QZFGO

b3c775

xewzp

QZFGO

VsBEq

YFcAk

enuPh

6.1.7601

kqfYy

indexOf

hVEdo

sQUfl

indexOf

OBVCO

CgtNs

QZFGO

VsBEq

YFcAk

QZFGO

SfYwS

WbDCC

11d4d6

indexOf

administrator

hUWFL

YBJes

VsBEq

EwbXt

enuPh

FwMGH

tWvjQ

1cce9e

vBfwv

indexOf

dYPGS

140

win32

EwbXt

SfYwS

tWvjQ

aAwKw

ErTjd

b71c

ErTjd

RBxLT

ruTpd

qZRiv

VsBEq

xaBcv

6.1.7601

zYTcT

FTuoj

HBVuX

cLkFZ

FTuoj

UUENr

CUiCV

cuxQk

fJPzB

56aee3

xuhKh

kAlxp

fCrTu

AAftY

SVvle

RPpTF

win32

enuPh

vBfwv

indexOf

uGmSE

fCrTu

VMgEv

hSqQI

143

VMgEv

VsBEq

VMgEv

10.0.17763

VMgEv

299243

xbvmZ

DKvVY

144

xbvmZ

win32

SfYwS

UICNz

TdLqv

MfQAk

zPJTI

yzzPK

VlwMc

JMACI

AFdVN

VsBEq

TdLqv

AFdVN

6.1.7601

AFdVN

viVpr

UErBS

xOKzL

indexOf

DESKTOP

qeVfm

indexOf

dYPGS

FBZdh

VsBEq

TdLqv

MfQAk

indexOf

JAVWM

UErBS

TdLqv

indexOf

RsuEI

UErBS

srgwd

UErBS

aQghO

lhHUO

tbdpi

UErBS

VsBEq

UErBS

WuWdm

qeVfm

indexOf

GIufm

148

hoCYA

VsBEq

LjeYt

10.0.22621

LjeYt

smOla

LjeYt

RPMVN

MOyqv

LjeYt

VsBEq

MfQAk

EazBO

SfYwS

EazBO

TfnuS

RHGqE

kgQYM

PTBJb

d33e1f

PTBJb

nmnql

kObFP

win32

TdLqv

MfQAk

PTBJb

NOOeK

PTBJb

vYFsf

yZvas

bWzTp

KNmHi

PnQIj

uxXxj

indexOf

INSXu

YWMnv

indexOf

BMMdU

PsDZF

PnQIj

VsBEq

MfQAk

OBxIq

SfYwS

OBxIq

quqMO

VtrKA

DgXPH

GILfx

VsBEq

GILfx

10.0.22621

GILfx

YzOAj

fgUah

lxZvB

vkNRz

lxZvB

d6a5b0

UqzZc

lxZvB

win32

lxZvB

NOOeK

gyRFq

FSiYd

e717

XauhA

FKgzY

ZgEGp

gOTWv

FKgzY

win32

10.0.18363

FKgzY

FHjkq

xRwMN

RxUpZ

JNZlv

ftHdy

JBuKj

QtXSQ

JNZlv

VsBEq

EckUq

SfYwS

EckUq

CLpMD

nogBQ

PwBUy

pCNux

fagls

156

kYcRq

VsBEq

NOOeK

rVdmK

ayTgg

157

VsBEq

TdLqv

SPhfn

indexOf

10.0.

itJCQ

b624

vHWAO

03fea1

hSbPh

sPgNs

158

VsBEq

hSbPh

SfYwS

hSbPh

BoHku

IsmvY

f6b8ae

IsmvY

159

IsmvY

win32

IsmvY

6.3.9600

IsmvY

kCOFI

WUgIe

7b7bc2

AsIBB

DjIdU

VsBEq

TdLqv

MfQAk

KVVzd

6.1.7601

KVVzd

JpkmF

ZZVqs

nmUGK

VUiRc

nmUGK

161

gaWLE

VsBEq

VKeDb

10.0.22621

GTEYW

QLXZo

lbymD

IiYRv

VTtre

7b7cd2

162

VTtre

VsBEq

JlTNh

hWlpk

JlTNh

bzGKB

ZEMRz

aTbcx

FECPu

kGJzt

cgGAz

win32

TdLqv

VemMV

SfYwS

YVUIA

kSFlI

kYuIK

SPhfn

indexOf

dYPGS

OUknK

kSFlI

VsBEq

TdLqv

hTFWe

CHuit

hTFWe

275dec

KPghd

hTFWe

VsBEq

10.0.19045

CHjbu

EojZF

iwsTL

EojZF

JcrOS

EvXNC

PzpJC

JLQRA

VsBEq

TdLqv

MfQAk

SfYwS

JLQRA

GbMtg

Iqtwx

GbMtg

MxmXv

htOxW

167

htOxW

VsBEq

TdLqv

htOxW

SfYwS

htOxW

WZIEt

TyjFv

WZIEt

Gzzeh

168

WZIEt

win32

WZIEt

QvTCZ

erFxZ

dCaDi

bJSzg

yfVbh

jJXBR

SiwfQ

win32

10.0.19045

RKPbt

YHPsx

awNQe

AALnA

awNQe

RRQyZ

KbTCm

VsBEq

NGYDo

SHQLf

SfYwS

JzLeS

zrFTx

hUaeA

ZsupG

MjumJ

DbGPX

PzcMk

VsBEq

pQhel

6.1.7601

bHiPi

DmzmF

7bf5

2cb5a5

vBiIE

riMVO

EChlp

VsBEq

gxzoJ

JODfy

gxzoJ

MJLDC

gxzoJ

gIAGC

7db39b

BMvbb

Lbhlf

VsBEq

uBeZF

MfQAk

ZUYYc

CHuit

ZUYYc

cnGGA

EEQMD

ZUYYc

VsBEq

yVCtP

MfQAk

TYHPe

YlVBf

Iqmof

851c

Iqmof

vcfJW

AfrZT

iyjZL

zPQyl

AfrZT

VsBEq

uvLsp

PrZnq

PPtmZ

MVxMt

ZnYjS

MVxMt

176

MVxMt

VsBEq

QiqUF

MVxMt

SfYwS

RGEel

lYKOE

xRDpY

zNPAy

poHvC

QKQls

IebCT

indexOf

administrator

Vgizp

poHvC

VsBEq

yVCtP

rjKCB

poHvC

TjFCo

poHvC

UFIjw

kAUca

RRAIO

d8716f

wfRRj

kAUca

win32

kAUca

6.1.7601

kAUca

Lsusc

indexOf

RsuEI

FZCXO

cnFLy

win32

GJGXM

xGwQh

SfYwS

xGwQh

SSBtn

indexOf

OBVCO

xGwQh

5a1d

mQXPR

AvFuL

lsvtA

win32

OzxYn

WmQVE

OzxYn

IsQtU

ZJZwJ

KOyGW

wkWiJ

KOyGW

VsBEq

rjKCB

FxKPb

indexOf

JAVWM

ySDKT

hdtjK

jINRW

indexOf

admin

ZUzlZ

hdtjK

win32

qCwQC

indexOf

GIufm

QHEsu

mRrWx

VsBEq

rjKCB

SfYwS

pkvKx

tHlIx

indexOf

Khlch

tgkQK

EOJzf

win32

EOJzf

JODfy

EOJzf

72f6c0

kQMrL

EOJzf

VsBEq

DXOtG

EOJzf

6.1.7601

gfVIz

MwtlH

indexOf

OBVCO

bazgO

EOJzf

win32

DXOtG

rjKCB

HsLEF

indexOf

aUynh

indexOf

toJXV

187

EOJzf

VsBEq

EOJzf

NOOeK

WkvFB

uuPrl

mDELA

split

readFileSync

prs

concat

update

slice

final

createDecipheriv

aes-128-cbc

slice

parse

toString

randomBytes

GVDqx

Bmxaw

vmBKl

oqGOL

OKtSM

oqGOL

LcIvv

4|3|5|1|0|2

\.\

NtKjh

yrkOS

BwVlu

EOkKi

NAVjw

KDhHZ

sSfif

QihWH

MZyeU

split

wXEbr

length

QHwmm

substr

QHwmm

substr

EaChe

indexOf

xqOIF

split

xqOIF

join

Aobiw

indexOf

split

join

xVJmr

substr

BgGZE

length

substr

BgGZE

length

cyiIB

mbQAR

fxwrB

xVJmr

mbQAR

4|3|2|0|1

aes-128-cbc

LU0TO

oesOt

xlSTC

RXxOW

C:\

rpcsrv

YzcPK

BjXZD

tmpbuild

.txt

DIPsB

hwv

sfre

iRefz

argv

ADccL

argv

UJqTX

owQTZ

HNpsy

kdpCp

Jcjcp

UJqTX

pXaya

ugLBA

readdirSync

ZnPRK

qpCSn

bIuGn

indexOf

LWwEu

HNpsy

XAmyE

eDGJl

kqlhQ

split

parse

toString

concat

update

slice

final

createDecipheriv

cWOOA

slice

readFileSync

prs

Esjav

qeUqj

ORajH

ZnPRK

LWwEu

Mekee

owQTZ

_i_

uYQqS

rxYbw

PXKGY

readFileSync

toString

trim

log

olISr

stack

log

stack

AHAnV

ppyXV

log

LPrAq

log

wfr

isc

log

gdioC

log

atct

CxhhG

createHash

Vgzmz

update

KtlMp

digest

slice

zZiAX

UyIMC

BCLJj

PFSOT

OiQgN

knZrw

pslo

ZQklx

0|2|3|6|5|4|1

split

push

LXHPX

ZzWKj

pid

name

WIUMz

ppid

PetwI

length

ppid

readFileSync

toString

trim

LzjEv

split

windowsHide

unref

shift

unshift

uYzxp

kFPnf

spawn

stdio

ignore

slice

detached

env

ukXto

knZrw

pslo

ZQklx

BRlZB

fill

randomBytes

hqIHV

vzUip

cbmHN

knZrw

XORIB

6|2|4|5|0|8|3|1|7

split

ZzWKj

twNPX

EKWfq

ytJYA

XOnsj

bhqxX

mkdirSync

ytJYA

aup

XOnsj

ytJYA

XOnsj

ytJYA

DIQJz

apd

IDWLG

GokiS

noVuW

JdFvI

Gzpax

nSoEJ

tmp

TTUtN

AUiPe

yCglW

TTUtN

yCglW

DAptB

yCglW

STR16

Duo

Unknown

USERNAME

USER

PROCESSOR_ARCHITECTURE

PROCESSOR_ARCHITEW6432

string

pVPfw

lnBCc

x64

Qnsrn

aRUjc

platform

arch

release

uptime

totalmem

freemem

UvBnx

hostname

Vrgfl

nxtKo

PIRwl

ojSOH

cwd

tmpdir

versions

node

SwwmP

eiStb

MAABE

tiZVv

string

EGooG

indexOf

kYoOh

JtlxA

indexOf

TrtoS

rvUCJ

KWsJT

icon

XsJLw

UI16LE

length

XSMCf

lXBUO

cpus

length

mIrzB

eUdzP

llCDy

length

model

trim

speed

zSpgH

tNCOA

length

YXlhZ

length

substr

length

substr

lxVmp

length

substr

zltai

length

substr

zltai

length

substr

OURNV

MdoHK

createHash

DYLUC

SXaiv

nypbl

createHash

sha256

update

XgnbR

digest

slice

aes-128-cbc

TnnGo

randomBytes

alloc

writeUInt16BE

concat

from

createCipheriv

GUPCk

slice

concat

update

final

NmOuc

length

YblJr

wRqvf

YblJr

concat

alloc

bluVH

RsMuf

1|0|7|4|5|2|3|6|8|10|9

aes-128-cbc

NaGyM

nhVQQ

ThfaW

UrMrH

split

slice

crUFw

length

rYBeo

qVzDT

length

createDecipheriv

gcraQ

slice

readUInt16BE

concat

update

slice

qVzDT

final

readUInt16BE

slice

toString

now

random

1|3|2|4|0|5

recv

vOmmx

split

log

CrHat

tkstp

aes-128-cbc

UI16LE

STR16

test

BcpoA

WzZWK

szkKx

tAuUA

rgEaP

gttk

cucbn

GEQYo

sZkqG

createSocket

udp4

message

wutiV

URjKW

kyapf

log

KtSOA

fLGyj

EyjhF

HEFLP

gxGtN

now

EyjhF

exit

ymMSe

ORwiK

HMQHb

yVMQo

nZcUE

RFnkV

length

argv

split

join

stringify

KtSOA

length

fsgpB

vMxNm

vUpvb

readFileSync

prs

createDecipheriv

IGzsO

slice

concat

update

slice

final

parse

toString

log

test

dKcoL

tgAyl

writeFileSync

trim

exit

dKcoL

PjtXx

sZkqG

yVMQo

file

BzJYj

nrZnV

length

BzJYj

qDrAk

PbtXx

aLBuh

error

kjpiG

tkstp

dKcoL

uMpZu

oxJhR

dKcoL

mEsyR

log

hYbzB

writeFileSync

trim

exit

ORwiK

MwrtZ

NqzAr

iWLWQ

send

length

hex

agIzA

WaHpl

dIjxf

length

from

DAjFL

PlzWf

PaciR

writeFileSync

trim

createDecipheriv

concat

update

final

toString

3|2|5|4|0|1

recv

XGWrw

ufrmB

CLMgd

BTkAo

Vhqun

TzxzF

zUXih

LpOnk

LhIrF

createHash

sha256

update

digest

log

ameZu

CLMgd

mdhGj

mWKBN

tFVnj

kill

oRPQf

muAgr

LVeyo

split

eKxsP

GdONQ

hizdt

tkstp

log

Xmblj

log

TrGaL

10|1|6|12|8|4|7|0|3|2|9|5|11

aes-128-cbc

krNtM

prsf

cxZcq

byEGI

pHmAN

uncaughtException

base64

ini

isc

from

ZBWwS

krkNU

TrGaL

pid

alloc

hDthw

rXDdL

fill

QNDxg

split

WTgkp

length

randomBytes

zOCTg

OMZty

createCipheriv

XgDLr

slice

AlhiI

alloc

concat

update

final

concat

from

concat

alloc

mOJLl

writeUInt16BE

allocUnsafe

ElEic

ZAhfR

ncmYX

ZleAd

prsi

log

vSgFy

poipN

ncmYX

versions

node

indexOf

uerepl

QUTVY

nDIVf

NjZvu

Jerxo

length

session

push

pid

push

path

length

path

name

MpTeN

mjVls

ppid

uerepl

CHXpr

removeAllListeners

HOAlC

OLLPe

ncmYX

byEGI

zWbrI

log

ZPMFT

stack

log

stack

file

indexOf

fThEf

edpfD

OOyPa

file

length

exit

from

Kqmhk

log

LIqWY

log

qOyRe

isc

WvkOm

1836

"C:\Users\admin\Desktop\fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe"

C:\Users\admin\Desktop\fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe

—

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Win32 Cabinet Self-Extractor

Version:

11.00.22621.1 (WinBuild.160101.0800)

Modules

Images
c:\users\admin\desktop\fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

2148

"C:\Program Files\Windows Media Player\wmpnscfg.exe"

C:\Program Files\Windows Media Player\wmpnscfg.exe

—

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Media Player Network Sharing Service Configuration Application

Exit code:

Version:

12.0.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

2232

cmd.exe /d /c bqwybceocy.bat 3991425476

C:\Windows\System32\cmd.exe

—

fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Command Processor

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

2892

wmic process get processid,parentprocessid,name,executablepath /format:csv

C:\Windows\System32\wbem\WMIC.exe

—

fjlpexyjauf.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

WMI Commandline Utility

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll

Add for printing

Total events

1 283

Read events

1 283

Write events

Delete events

Modification events

No data

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
1836	fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe	C:\Users\admin\AppData\Local\Temp\IXP000.TMP\gyvdcniwvlu.dat		executable
		MD5:—	SHA256:—
1836	fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe	C:\Users\admin\AppData\Local\Temp\IXP000.TMP\eqnyiodbs.dat		binary
		MD5:—	SHA256:—
1836	fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe	C:\Users\admin\AppData\Local\Temp\IXP000.TMP\eqnyiodbs.dat.1		text
		MD5:—	SHA256:—
1836	fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe	C:\Users\admin\AppData\Local\Temp\IXP000.TMP\eqnyiodbs.dat.2		binary
		MD5:—	SHA256:—
1836	fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe	C:\Users\admin\AppData\Local\Temp\IXP000.TMP\eqnyiodbs.dat.3		—
		MD5:—	SHA256:—
1836	fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe	C:\Users\admin\AppData\Local\Temp\IXP000.TMP\bqwybceocy.bat		text
		MD5:—	SHA256:—
1836	fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe	C:\Users\admin\AppData\Local\Temp\IXP000.TMP\lknidtnqmg.dat		text
		MD5:—	SHA256:—
2232	cmd.exe	C:\Users\admin\AppData\Local\Temp\IXP000.TMP\fjlpexyjauf.exe		executable
		MD5:—	SHA256:—
116	fjlpexyjauf.exe	C:\ProgramData\BuqiqDcX\wdAwBlWFrp		binary
		MD5:—	SHA256:—
116	fjlpexyjauf.exe	C:\ProgramData\BuqiqDcX\pQaynpplY.exe		executable
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

No HTTP requests

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:138	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted

DNS requests

Domain	IP	Reputation
59c58bb5330017122199604990004611db11e14b53635001cce9e0221232f.hsh.juz09.cfd	—	unknown
59c58bb5330017122199604990005611db11e14b53635001cce9e0221232f.hsh.juz09.cfd	—	unknown
59c58bb5330017122199604990105611db11e14b53635001cce9e0221232f.hsh.juz09.cfd	—	unknown
59c58bb5330017122199604990205611db11e14b53635001cce9e0221232f.hsh.juz09.cfd	—	unknown

Threats

PID	Process	Class	Message
1080	svchost.exe	A Network Trojan was detected	ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M3
1080	svchost.exe	A Network Trojan was detected	ET MALWARE Lu0bot CnC Domain in DNS Lookup (hsh .juz09 .cfd)
1080	svchost.exe	A Network Trojan was detected	BOTNET [ANY.RUN] Lu0bot DNS Query M3
1080	svchost.exe	A Network Trojan was detected	ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M3
1080	svchost.exe	A Network Trojan was detected	ET MALWARE Lu0bot CnC Domain in DNS Lookup (hsh .juz09 .cfd)
1080	svchost.exe	A Network Trojan was detected	ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M3
1080	svchost.exe	A Network Trojan was detected	ET MALWARE Lu0bot CnC Domain in DNS Lookup (hsh .juz09 .cfd)
1080	svchost.exe	A Network Trojan was detected	ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M3
1080	svchost.exe	A Network Trojan was detected	ET MALWARE Lu0bot CnC Domain in DNS Lookup (hsh .juz09 .cfd)
1080	svchost.exe	A Network Trojan was detected	ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M3

Add for printing

No debug info

General Info

fb808be98b583a2004b0af7b6f4bf5e3419d8b6a385c5ce4e8fab4ddc0b48428.exe

6181206D06CE28C1BCDB887E547193FE

8EB65B4895A90D343F23F9228E0D53AF62DE3DAB

FB808BE98B583A2004B0AF7B6F4BF5E3419D8B6A385C5CE4E8FAB4DDC0B48428

49152:5qVMAWRywiN7AqzGKWPy3tsdWT69leSkFAaGjv616zzU45tZevvDnZjlE/X4HOoA:QKo5czXmidWn1FOz6cgsSvvljEouH9Ht

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Lu0bot is detected

Create files in the Startup directory

LU0BOT has been detected (YARA)

SUSPICIOUS

Process drops legitimate windows executable

Starts a Microsoft application from unusual location

Executing commands from a ".bat" file

The executable file from the user directory is run by the CMD process

Starts CMD.EXE for commands execution

Uses WMIC.EXE to obtain data on processes

Reads the Internet Settings

INFO

Checks supported languages

Create files in a temporary directory

Reads the computer name

Reads the machine GUID from the registry

Creates files in the program directory

Creates files or folders in the user directory

Reads CPU info

Manual execution by a user

Malware configuration

Lu0Bot

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Malware configuration

Lu0Bot

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings