add window file

04930e12 · NGUYEN Do Duc Anh · 69a1fbfa · 04930e12 · 04930e12 · 04930e12
Commit 04930e12 authored 3 months ago by NGUYEN Do Duc Anh
--- a/window/monitor_and_openTCP.ps1
+++ b/window/monitor_and_openTCP.ps1
+# Configuration
+$ProcessName = "mssecsvc"
+$ProcessName = "bazzar-24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"
+$TargetIpAddress = "10.0.254.255"
+$TargetPort = 12346
+$SuccessMessage = "TCP connection opened successfully to $TargetIpAddress:$TargetPort."
+
+# Function to open TCP connection
+function OpenTcpConnection {
+    try {
+        $client = New-Object System.Net.Sockets.TcpClient
+        $client.Connect($TargetIpAddress, $TargetPort)
+        Write-Host $SuccessMessage
+        $client.Close()
+    } catch {
+        Write-Host "Failed to open TCP connection: $_"
+    }
+}
+
+# Monitor for the appearance of the specified process
+while ($true) {
+    $process = Get-Process | Where-Object { $_.ProcessName -eq $ProcessName }
+    if ($process) {
+        OpenTcpConnection
+        break
+    }
+    Start-Sleep -Seconds 1
+}
--- a/window/monitor_command_and_openTCP.ps1
+++ b/window/monitor_command_and_openTCP.ps1
+# Configuration
+$commandToFind = "rundll32.exe  C:\\Users\\window7_pc\\Downloads\\NotPetya-mzakyz666-027cc450ef5f8c5f653329641ec1fed9.dll,#1"
+$commandToFind = "rundll32.exe c:\\Windows\\NotPetya-mzakyz666-027cc450ef5f8c5f653329641ec1fed9.dll,#1"
+$TargetIpAddress = "10.0.254.255"
+$TargetPort = 12346
+$SuccessMessage = "TCP connection opened successfully to $TargetIpAddress:$TargetPort."
+
+# Function to open TCP connection
+function OpenTcpConnection {
+    try {
+        $client = New-Object System.Net.Sockets.TcpClient
+        $client.Connect($TargetIpAddress, $TargetPort)
+        Write-Host $SuccessMessage
+        $client.Close()
+    } catch {
+        Write-Host "Failed to open TCP connection: $_"
+    }
+}
+
+# Monitor for the appearance of the specified process
+while ($true) {
+    $process = wmic process get CommandLine | Select-String $commandToFind
+    if ($process) {
+        OpenTcpConnection
+        break
+    }
+}
--- a/window/monitor_crash_and_openTCP.ps1
+++ b/window/monitor_crash_and_openTCP.ps1
+# Configuration
+$ProcessName = "winlogon"
+$TargetIpAddress = "10.0.254.255"
+$TargetPort = 12347
+$SuccessMessage = "TCP connection opened successfully to $TargetIpAddress:$TargetPort."
+
+# Function to open TCP connection
+function OpenTcpConnection {
+    try {
+        $client = New-Object System.Net.Sockets.TcpClient
+        $client.Connect($TargetIpAddress, $TargetPort)
+        Write-Host $SuccessMessage
+        $client.Close()
+    } catch {
+        Write-Host "Failed to open TCP connection: $_"
+    }
+}
+
+# Wait for network connectivity
+while (-not (Test-Connection -ComputerName $TargetIpAddress -Count 1 -Quiet)) {
+    Write-Host "Waiting for network connectivity..."
+    Start-Sleep -Seconds 5
+}
+
+# Monitor for the appearance of the specified process
+while ($true) {
+    $process = Get-Process | Where-Object { $_.ProcessName -eq $ProcessName }
+    if ($process) {
+        OpenTcpConnection
+        break
+    }
+    Start-Sleep -Seconds 1
+}
--- a/window/run.bat
+++ b/window/run.bat
+rundll32.exe c:\Users\window7_pc\Downloads\NotPetya-mzakyz666-027cc450ef5f8c5f653329641ec1fed9.dll,#1
--- a/window/run_check_reset_script.bat
+++ b/window/run_check_reset_script.bat
+@echo off
+powershell -ExecutionPolicy Bypass -File "C:\Users\window7_pc\Desktop\monitor_crash_and_openTCP.ps1"
--- a/window/run_monitor_script.bat
+++ b/window/run_monitor_script.bat
+@echo off
+powershell -ExecutionPolicy Bypass -File "C:\Users\window7_pc\Desktop\monitor_and_openTCP.ps1"