Sample details: 36f3247dad5ec73ed49c83e04b120523 --

Hashes
MD5: 36f3247dad5ec73ed49c83e04b120523
SHA1: 7edaedb957f5bebf1419ed6e79d316a5f14de65b
SHA256: 76139b7070a79ed098d51deb70dfd440d927f6deb5c2bcae0f6e054f62584d8f
SSDEEP: 12288:iNwb7QiKl0qrPehmV8enhZFWGUp/mMI3Nqr0mi:iNwbc32mPeMVFnPFsdI9m0mi
Details
File Type: data
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_pe | CuckooSandbox/embedded_win_api | YRP/maldoc_find_kernel32_base_method_1 | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/DebuggerCheck__QueryInfo | YRP/DebuggerException__SetConsoleCtrl | YRP/anti_dbg | YRP/inject_thread | YRP/create_service | YRP/network_tcp_socket | YRP/escalate_priv | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/MD5_Constants | YRP/RIPEMD160_Constants | YRP/SHA1_Constants | YRP/RijnDael_AES_CHAR | YRP/RijnDael_AES_LONG | YRP/Str_Win32_Winsock2_Library |
Strings
		SPUTNIK
~ PMuy
tEVWWj
<PrS<WwO,P
VWWWWW
QSVWjP
SUWPPj
YtISUj
Yt?SUj
YtCHt;
u$Sj?W
wK9V8t
t.Ht+Hu:
uSPh<Q
WPWWWWWWWW
8NSumf
9~$YYs
;wTt&S
YYt8PV
HD;H@r
It	It	It
HD;H@r
HD;H@r
HD;H@r
HD;H@r
HD;H@r
t)It&It	
~@9N@w5S
F@;FDv
HD;H@r
HD;H@r
YY_^[]
YY_^[]
;F$u	V
9~0YY~
HD;H@r
F4f;F6v
HD;H@r
tZHtLHt>Ht,Ht
HtgHt0H
9^$t	V
ItkIIt7It
X_^][Y
ItuItjIu&
It6It+IuI
YYG;~4|
;w0YYu
YY[_^]
otbKt$Kt\Kt
tGHHt5HuF
?IItvIt[ItQ
tuHtzHtwHt`HHt
HD;H@r
tvHt_HtTHtIHt+Ht
HtIHt-Ht
~D_^[]
utiHHt?Ht
<%t-<.t$<[t
HHt_HHt	
<"t"<\t
HHtLHt
YttHtOHHt6HWVt*
YtUHt:HHt$Ht
FXj@PV
ud97t$j
	uQj	hdX
	u;j	h|X
uG97tWSVW
Wtg9L$
G8;FDu
G8;FDu
GD;FDu
GD;FDu
F,;CDulP
G8;FDu
to9nptjWUP
F\j@PV
v6j X+E
JtmJtSJt0Jt
Fhj@PV
B 02CV
t ;t$$t
qTPql1
||||````h"`
L&&jl66Z~??A
Oh44\Q
sb11S*
uB!!c 
D""fT**~;
;d22Vt::N
J%%o\..r8
gg}V++
jL&&Zl66A~??
Sb11?*
tX,,.4
RRMv;;a
MMUf33
PPDx<<
cB!!0 
~~Gz==
fD""~T**
Vd22Nt::
xxoJ%%r\..$8
ppB|>>
aa_j55
UUxP((z
&jL&6Zl6?A~?
~=Gz=d
"fD"*~T*
2Vd2:Nt:
x%oJ%.r\.
a5_j5W
=&&jL66Zl??A~
g99KrJJ
==Gzdd
""fD**~T
22Vd::Nt
$$lH\\
77Ynmm
%%oJ..r\
55_jWW
[T:$6.
[.:$6g
j_FbT~
h4,8$@_
2\tHlWB
PQAeS~
~4[C)v
ntdll.dll
RtlGetNtVersionNumbers
/bin/i386/%s
SeDebugPrivilege
/bin/i386/coredll.bin
ZwQueryInformationProcess
SPUTNIK
msvcrt.dll
/etc/sputnik.bin
SeRestorePrivilege
SeBackupPrivilege
/bin/pub.bin
/installer/services_x86.exe
/installer/ploader_x86.bin
RegisterServiceCtrlHandlerExW
ServiceMain
RtlCreateUserThread
NtCreateThreadEx
getenv
tostring
<main>
sputnik
loaded
package
cleanup
random
update
mounted
dismount
decode
Location
GetTcpStatisticsEx
iphlpapi.dll
mpsi.dll
_except_handler3
X-Digest
Connection
X-Code
!!!!!!!!!!!!!!!!ADAA@@@@@@@@@@@@
@@@@@@@@!!!!
@@@@@@
A@@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@AAAA@@@
@@@@$$$$$$$$$$$$$$$$@@@@@@@@@@@@@@@@
@A@@@@@@@@@@@@@A@@@@@@@A@AAA@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
KiUserExceptionDispatcher
no value
method
%s:%d: 
_LOADED
not enough memory
string
(null)
[string "
=(tail call)
upvalue
global
%s:%d: %s
__call
__concat
__mode
__newindex
__index
thread
function
number
userdata
boolean
reverse
gmatch
format
^$*+?.([%-
remove
insert
foreachi
foreach
concat
require
preload
loaders
?.so;/lib/?.so;
?.luac;/lualib/?.luac;
_LOADLIB
xpcall
tonumber
setmetatable
setfenv
select
rawset
rawget
rawequal
getmetatable
getfenv
assert
__metatable
=(load)
%s: %p
__tostring
newproxy
ipairs
%4d%2d%2d%2d%2d%2d
%2d%2d%2d%2d%2d%2d
key expansion
master secret
server finished
client finished
SHA256
SHA224
memcpy
memset
_snwprintf
sprintf
strlen
memcmp
_chkstk
memmove
strcmp
strcpy
_stricmp
strrchr
memchr
strtoul
_memicmp
RtlUnwind
strchr
strncat
strcspn
strcat
strncpy
tolower
toupper
strpbrk
sscanf
_allmul
_aulldiv
ntdll.dll
CloseHandle
GetLastError
ConnectNamedPipe
BindIoCompletionCallback
CreateNamedPipeW
GetCurrentProcessId
ReadFile
WriteFile
CreateTimerQueueTimer
DeleteTimerQueueTimer
ChangeTimerQueueTimer
DeleteFileW
ExpandEnvironmentStringsW
GetProcAddress
GetModuleHandleA
lstrcpyW
lstrlenW
GetCurrentProcess
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateMutexW
OpenMutexW
lstrcmpiA
GetFileSize
CreateFileW
GetTempFileNameW
GetTempPathW
lstrcatW
SetConsoleCtrlHandler
lstrcmpiW
IsBadReadPtr
IsBadCodePtr
VirtualProtect
OpenProcess
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
DuplicateHandle
LoadLibraryA
MultiByteToWideChar
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
IsBadWritePtr
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
lstrlenA
InterlockedExchange
GetLocalTime
KERNEL32.dll
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
OpenProcessToken
RevertToSelf
RegSaveKeyExW
RegSetValueExW
ImpersonateLoggedOnUser
RegCreateKeyExW
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
OpenServiceW
CreateServiceW
OpenSCManagerW
RegDeleteValueW
RegQueryValueExW
RegRestoreKeyW
SetServiceStatus
DuplicateTokenEx
QueryServiceStatusEx
AdjustTokenPrivileges
LookupPrivilegeValueA
RegQueryInfoKeyW
ADVAPI32.dll
WSAIoctl
WSASocketA
WSARecv
WSASend
WS2_32.dll
calloc
malloc
longjmp
_pctype
_isctype
__mb_cur_max
realloc
strtod
strcoll
MSVCRT.dll
;)<5<X<^<o<
=S=]=i=
>!?/?E?\?
0#0*0<0j0
0+1<1C1
445=5\5l5y5
8%8+818T8c8j8
9%929H9O9U9j9
: :5:@:I:f:w:
; ;*;<;V;c;v;
<%<+<2<7<=<D<
=)=:=O=W=i=
>0>7>@>I>R>
?"???q?z?
7&7,777E7a7o7
8"80858J8V8
?+?F?L?i?o?
0 080i0
2$2k2}2
3U3a3m3
6D6P6p6u6
6'7N7e7p7
8!8.898I8T8a8l8y8
:";a;q;
;1<`<y<
?*?G?w?
5*586o6
6,717M7V7[7{7
:!:(:-:3:
;);5;I;P;W;v;};
=#=H=p=w=|=
0]0i0o0
4X4q4{4
:4:i:|:
=h=H>O>]>
?$?0???E?P?u?
1b3f3j3n3r3v3z3~3"4+4^4
9>9K9j9
:#:C:L:w:
>'>J>q?w?~?
0Y1r1z1
=Q=l=~=
0 111>1p1
102B2I2
:N<R<V<Z<^<b<f<j<n<;>B>^>v>
7#7'7+7/73777;7?7C7G7K7O7S7W7[7_7c7g7k7o7s7w7{7
4"474G4\4l4
5*5@5S5d5x5
(0.0H0X0^0w0
1(1;1^1
9	9/9O9
: ;.;9;H;M;v;
3R3Y3k3
>+?E?K?Q?W?
5S5Y5h5o5
526D6[6g6x6
9"9;9B9O9[9w9~9
:&:4:@:Y:`:g:n:
;$;=;D;T;`;q;|;
<+<?<O<Z<n<|<
=)=5=N=U=b=n=
>">7>?>K>k>r>
?'?3?D?U?i?z?
0)0=0K0
1l2p2t2x2|2
=$=*=0=6=
0 0$0@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
2 2$2(2,20242@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3,44484<4@4D4H4L4P4T4X4\4d4l4p4t4x4|4
0 1,101D1H1L1P1T1X1\1`1d1
SOFTWARE\Microsoft\DRM
sstp://can.well-known.online:443/upd.spk
sstp://can.well-known.services:443/upd.spk
sstp://can.well-known-services.space:443/upd.spk
sstp://can.well-known-services.website:443/upd.spk
insert
weight
active
remove
sputnik
random
dismount
cleanup
sputnik
string
insert
concat
sputnik
decode
mounted
dismount
getenv
update
ipairs
insert
active
weight
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
UVWATAUAVAWH
 A_A^A]A\_^]
WATAUH
MZuSHc
0A]A\_
WATAUH
0A]A\_
@SVWAUAVH
|$Xt7H
|$XtMH
A^A]_^[
WATAUAVAWH
D$8A9}
A_A^A]A\_
|$ ATAUAVH
< t[<	tW
 A^A]A\
Hct$@H
shHcD$HH
d$ AUAVAWH
A_A^A]
|$ ATAUAVH
 A^A]A\
WATAUH
 A]A\_
|$ ATH
ATAUAVH
 A^A]A\
LcA<E3
WATAUAVAWH
@A_A^A]A\_
|$ ATH
UVWAUAVH
PA^A]_^]
VWATAUAVH
0A^A]A\_^
@SUVWATAVH
|$Hfff
f;D$@uhA
f;D$@u:A
t2HcD$DH
t2HcD$DH
A^A\_^][
VWATAUAVH
0A^A]A\_^
|$ ATH
@SUVWH
@8l$&H
ATAUAVH
0A^A]A\
l$ VWATH
|$ ATH
|$ ATH
|$ ATH
D$8t#A
L$ VWATAUH
hA]A\_^
hA]A\_^
hA]A\_^
ATAUAVH
PA^A]A\
@8t$Ht
PA^A]A\
d$ AUH
ATAUAVH
0A^A]A\
@UATAUAVAWH
e A_A^A]A\]
D$PH;5{|
L$ UATAUAVAWH
A_A^A]A\]
D$@H;5
@SWATH
D$Ht#A
u"8D$Xt
@USVWATAUAVAWH
eHA_A^A]A\_^[]
SPUTNIK
CorExitProcess
mscoree.dll
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
(null)
`h````
xpxxxx
.mixcrt
EncodePointer
KERNEL32.DLL
DecodePointer
InitializeCriticalSectionAndSpinCount
kernel32.dll
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CONOUT$
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
SetServiceStatus
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
ADVAPI32.dll
VirtualProtect
VirtualFree
VirtualAlloc
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapSetInformation
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
HeapSize
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapReAlloc
CreateFileA
CloseHandle
FlushFileBuffers
KERNEL32.dll
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
!This program cannot be run in DOS mode.
`.rdata
@.data
YYuTVWh
>=Yt/j
< tK<	tG
t#SSUP
t$$VSS
_^][YY
j8j ^V
YYu-9D$
URPQQh
0SSSSS
0SSSSS
0SSSSS
0A@@Ju
t^9(uZ
tD9(u@
v	N+D$
^SSSSS
j"^SSSSS
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
t+WWVPV
SPUTNIK
CorExitProcess
mscoree.dll
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
(null)
`h````
xpxxxx
.mixcrt
EncodePointer
KERNEL32.DLL
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
InitializeCriticalSectionAndSpinCount
kernel32.dll
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CONOUT$
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
SetServiceStatus
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
ADVAPI32.dll
VirtualProtect
VirtualFree
VirtualAlloc
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapDestroy
HeapCreate
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
RtlUnwind
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
HeapSize
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreateFileA
CloseHandle
FlushFileBuffers
KERNEL32.dll
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
>NSupf
WPWWWWWWWW
)'<N=h
D$(H9D$
UVWATAUAVAWH
pA_A^A]A\_^]
@SUVWATAUAVH
L!t$XL!t$PH
D$HL!t$@L!t$8L!t$0L!t$(L!t$ 3
A^A]A\_^][
D$@H9D$
SUVWATAUAVAWH
9D$(fC
hA_A^A]A\_^][
H\McHLt#A
D+C@H+
H9s s	
t$ WATAUAVAWD
9{@t>H
KLH9K0s
t$HA_A^A]A\_
UVWATAUAVAWH
9s`tdL;
K,H9{0D
r.9s\u	9s,
sdHc{l;
L$`s$I
 A_A^A]A\_^]
;{ht/H
x ATAUAVH
A^A]A\
t$ WATAUAVAWH
l$ uOHc
A_A^A]A\_
@SUVWATAUH
A]A\_^][
H#D$hH
k VWATH
<_\t	f
UVWATAUAVAW
A_A^A]A\_^]
D$8H!\$0H
t$ WATAUAVAWH
;MZuiHc{<E3
A_A^A]A\_
D9>tTD
E9<$tFA
HcD$8L
|$)Huh
Hc|$8H
WATAUAVAWH
A_A^A]A\_
D$tCSIR
H#L$@H
VWATAUAWH
A_A]A\_^
@SUVWATAUAVAWH
D!|$hH
L!|$(E3
L!|$ E3
	D83t	H
D$0H9D$0t/H
A_A^A]A\_^][
UVWATAUH
9!rsiD
A]A\_^]
D$ H9D$ t/H
UVWATAUH
0A]A\_^]
SUVWATAUAVH
0A^A]A\_^][
H!|$0H
UVWATAUAVAWH
`A_A^A]A\_^]
p WATAUAVAWH
0A_A^A]A\_
l$ VWAUH
UVWATAUAVAWH
|$h~N3
 A_A^A]A\_^]
UVWATAUAVAWH
f9t$dHc
A_A^A]A\_^]
UVWATAUAVAWH
`A_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
@SUVWAUH
S(H9S u
H9{ u9
PA]_^][
S H;S(uK+K
S(H9S 
{ H9iX
C8H9(w
H!|$XH!|$PH
D$HH!|$@H!|$8H!|$0H!|$(H!|$ 3
WATAUAVAWH
 A_A^A]A\_
t$ WATAUAVAWE2
t$HA_A^A]A\_
UVWATAUAVAWH
$H;|$@s#H;l$Hs
pA_A^A]A\_^]
H\McHLt#A
D+C@H+
H9s s	
t$ WATAUAVAWD
9{@t>H
KLH9K0s
t$HA_A^A]A\_
UVWATAUAVAWH
9s`tdL;
K,H9{0D
r.9s\u	9s,
sdHc{l;
L$`s$I
 A_A^A]A\_^]
;_ht)I
@SUVWATAUAVAWH
A_A^A]A\_^][
(H;Q w7L
APH9A(u
ApH9Axr
@pI9@xr
C(H;CPu
L$0L+K@
{pH9SpwOH
CxH9Cpv
@pI9@xr
@pI9@xr
C(H;CPu
WATAUH
 A]A\_
x ATAUAVH
 A^A]A\
LcAXLc
fffffff
gfffffff
[ UVWH
&H+KPH
gfffffffH
tOH+y@A
C0t5H;{
CpI9Cxr
` A8t$pH
D9I\~3L
gfffffffL+API
WATAUH
T$sH+K
[(L;[Hu
[(L;[Hu
 A]A\_
ApH9Axr
gfffffffH+KPH
APH9A(t
x ATAUAVH
 A^A]A\
CXHcG\H
\$ UVWATAUH
`A]A\_^]
WATAUH
 A]A\_
WATAUH
u;LcW8L;
 A]A\_
D9ZL~/E3
E9AH~#3
E9YX~.E3
E9Q\~)E3
(H;C(v
gfffffffH+KPH
HcCLLc[\L
XHcCHH
Lc[\HcCXK
tPIcP8H
H9sPt(
C0H90uiH
hLcC$H
CxH+CpH
u%H;Q(u
u+M;SPv.M+SPH
gfffffffI
N 9yTL
F ;xT|
UVWATAUAVAWH
 A_A^A]A\_^]
WATAUH
 A]A\_
K SVWH
WATAUAVAWH
 A_A^A]A\_
x ATAUAVH
0A^A]A\
WATAUAVAWH
0A_A^A]A\_
x ATAUAVH
 A^A]A\
SUVWATAUAVAWH
8A_A^A]A\_^][
UVWATAUAVAWH
CpI9Cxr
ApH9Axr
pA_A^A]A\_^]
"H+^ H
gfffffffH
fffffff
)t$ ;A8s
H9A tm
UVWATAUAVAWH
0Hcr8D
0A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
O H9O(v
 LcBPH
@SUVWATAUAVH
 A^A]A\_^][
p WATAUH
H;\$HH
O\$HH;
 A]A\_
H9\$ vFH
H;\$ H
H9\$ vFH
H;\$ H
VWATAUAVH
H;L$XH
GL$XH;
 A^A]A\_^
WATAUH
 A]A\_
<%t&<.t
WATAUH
 A]A\_
UVWATAUAVAWH
H;L$(s
A_A^A]A\_^]
H;\$(v
t$ WATAUAVAWH
H9|$(H
<7%t.H
A_A^A]A\_
t$ WATAUAVAWH
H9D$0r
A_A^A]A\_
WATAUH
 A]A\_
@SUVWATAUAVH
A^A]A\_^][
UVWATAUAVAWH
@A_A^A]A\_^]
@SUVWATAUAVH
A^A]A\_^][
\$ UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
D8t$Rt$H
A_A^A]A\_^]
SUVWATAUAVAWH
(A_A^A]A\_^][
D$4vT2
\$ UVWATAUH
@A]A\_^]
|$ H9;u
L9D$@H
C?L9D$@H
WATAUH
0A]A\_
T$0r"H
UVWATAUAVAWH
zH93t~L
H93t3L
L9|$0u<H
`A_A^A]A\_^]
G@L;C u
@SUVWATH
A\_^][
<3.t(H
@SUVWATAUAVAWH
A_A^A]A\_^][
@SUVWH
x ATAUAVH
uJL9c u
@A^A]A\
VWATAUAVH
H9|$pt
L$pH+CxE
L9d$pt
A^A]A\_^
UVWATAUH
A]A\_^]
@SUVWATAUAVAWH
A_A^A]A\_^][
@SUVWATAUAVAWH
A_A^A]A\_^][
SUVWATH
A\_^][
SUVWATH
A\_^][
@SUVWATH
A\_^][
\$ UVWH
\$ UVWH
VWATAVAWH
A_A^A\_^
D8 u]H
SUVWATAUAVAWH
3t$(A3
l$ D3|$
D3|$,D3t$$A
3|$(A3
3\$$A3
3\$(3t$0
3|$$A3
3l$0D3d$4
D3|$4A
D3D$(A
3T$ 3l$(3
HA_A^A]A\_^][
D$4vT2
\$ UVWATAUH
@A]A\_^]
WATAUH
UVWATAUAVAWH
A_A^A]A\_^]
yS!|$hL
UVWATAUAVAWH
L$`tfL
 A_A^A]A\_^]
WATAUAVAWH
D$ht!H
\$0tSI
A_A^A]A\_
SUVWATAUAVAWH
HA_A^A]A\_^][
@SUVWATAUAVH
PA^A]A\_^][
L$ VWATAUAVAWL
A_A^A]A\_^
UVWATAUAVAWH
@A_A^A]A\_^]
VWATAUAVH
A^A]A\_^
x ATAUAVH
 A^A]A\
SPUTNIK
msvcrt.dll
ntdll.dll
RtlGetNtVersionNumbers
RegisterServiceCtrlHandlerExW
ServiceMain
RtlCreateUserThread
NtCreateThreadEx
SeRestorePrivilege
SeBackupPrivilege
/bin/pub.bin
/installer/services_x64.exe
/installer/ploader_x64.bin
/etc/sputnik.bin
/bin/amd64/%s
SeDebugPrivilege
/bin/amd64/coredll.bin
getenv
GetTcpStatisticsEx
iphlpapi.dll
@tostring
Location
cleanup
random
update
mounted
dismount
decode
<main>
sputnik
loaded
package
mpsi.dll
X-Digest
Connection
X-Code
no value
%s:%d: 
method
_LOADED
not enough memory
string
(null)
[string "
=(tail call)
upvalue
global
%s:%d: %s
__call
__concat
__mode
__newindex
__index
thread
function
number
userdata
boolean
reverse
gmatch
format
^$*+?.([%-
remove
insert
foreachi
foreach
concat
require
preload
loaders
_LOADLIB
?.so;/lib/?.so;
?.luac;/lualib/?.luac;
xpcall
tonumber
setmetatable
setfenv
select
rawset
rawget
rawequal
getmetatable
getfenv
assert
__metatable
=(load)
%s: %p
__tostring
newproxy
ipairs
qTPql1
||||````h"`
%4d%2d%2d%2d%2d%2d
%2d%2d%2d%2d%2d%2d
server finished
client finished
key expansion
master secret
SHA256
SHA224
L&&jl66Z~??A
Oh44\Q
sb11S*
uB!!c 
D""fT**~;
;d22Vt::N
J%%o\..r8
gg}V++
jL&&Zl66A~??
Sb11?*
tX,,.4
RRMv;;a
MMUf33
PPDx<<
cB!!0 
~~Gz==
fD""~T**
Vd22Nt::
xxoJ%%r\..$8
ppB|>>
aa_j55
UUxP((z
&jL&6Zl6?A~?
~=Gz=d
"fD"*~T*
2Vd2:Nt:
x%oJ%.r\.
a5_j5W
=&&jL66Zl??A~
g99KrJJ
==Gzdd
""fD**~T
22Vd::Nt
$$lH\\
77Ynmm
%%oJ..r\
55_jWW
[T:$6.
[.:$6g
j_FbT~
h4,8$@_
2\tHlWB
PQAeS~
~4[C)v
!!!!!!!!!!!!!!!!ADAA@@@@@@@@@@@@
@@@@@@@@!!!!
@@@@@@
A@@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@AAAA@@@
@@@@$$$$$$$$$$$$$$$$@@@@@@@@@@@@@@@@
@A@@@@@@@@@@@@@A@@@@@@@A@AAA@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
memset
memcpy
_snwprintf
calloc
memcmp
malloc
strcmp
sprintf
strlen
memmove
strcpy
longjmp
_setjmp
_stricmp
strrchr
memchr
isalnum
__C_specific_handler
_time64
strtoul
_memicmp
msvcrt.dll
RtlDeleteFunctionTable
RtlAddFunctionTable
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
strchr
isspace
strncat
strcspn
strcat
strncpy
tolower
toupper
isupper
isxdigit
isalpha
iscntrl
isdigit
islower
ispunct
strpbrk
sscanf
ntdll.dll
CloseHandle
CreateTimerQueueTimer
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateMutexW
OpenMutexW
UnmapViewOfFile
GetCurrentProcessId
MapViewOfFile
CreateFileMappingW
GetProcAddress
GetModuleHandleA
lstrcmpiA
lstrcpyW
lstrlenW
DeleteFileW
ExpandEnvironmentStringsW
GetTempFileNameW
GetTempPathW
WriteFile
CreateFileW
lstrcatW
VirtualProtect
lstrcmpiW
IsBadReadPtr
IsBadCodePtr
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
DuplicateHandle
GetCurrentProcess
OpenProcess
GetLastError
ReadFile
ConnectNamedPipe
BindIoCompletionCallback
CreateNamedPipeW
GetFileSize
SetConsoleCtrlHandler
LoadLibraryA
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
IsBadWritePtr
VirtualFree
VirtualAlloc
InitializeCriticalSectionAndSpinCount
lstrlenA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLocalTime
KERNEL32.dll
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
CloseServiceHandle
DeleteService
RegQueryValueExW
ControlService
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RevertToSelf
RegSetValueExW
RegRestoreKeyW
ImpersonateLoggedOnUser
RegCreateKeyExW
SetServiceStatus
QueryServiceStatusEx
AdjustTokenPrivileges
LookupPrivilegeValueA
DuplicateTokenEx
OpenProcessToken
RegSaveKeyExW
CreateServiceW
RegQueryInfoKeyW
ADVAPI32.dll
WSAIoctl
WSASocketA
WSARecv
WSASend
WS2_32.dll
realloc
strtod
strcoll
?=goo$aG	i